Feeds
Django Weblog: Django security releases issued: 5.1.1, 5.0.9, and 4.2.16
In accordance with our security release policy, the Django team is issuing releases for Django 5.1.1, Django 5.0.9, and Django 4.2.16. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.
CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Thanks to MProgrammer for the report.
This issue has severity "moderate" according to the Django security policy.
CVE-2024-45231: Potential user email enumeration via response status on password resetDue to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes.
To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the django.contrib.auth logger.
Thanks to Thibaut Spriet for the report.
This issue has severity "low" according to the Django security policy.
Affected supported versions- Django main branch
- Django 5.1
- Django 5.0
- Django 4.2
Patches to resolve the issue have been applied to Django's main, 5.1, 5.0, and 4.2 branches. The patches may be obtained from the following changesets.
CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()- On the main branch
- On the 5.1 branch
- On the 5.0 branch
- On the 4.2 branch
- On the main branch
- On the 5.1 branch
- On the 5.0 branch
- On the 4.2 branch
- Django 5.1.1 (download Django 5.1.1 | 5.1.1 checksums)
- Django 5.0.9 (download Django 5.0.9 | 5.0.9 checksums)
- Django 4.2.16 (download Django 4.2.16 | 4.2.16 checksums)
The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E
General notes regarding security reportingAs always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance, nor via the Django Forum, nor via the django-developers list. Please see our security policies for further information.
Calligra 4.0.1
Calligra 4.0.1 is out. This small releases mostly contains fixes for distributions issues and updated translations.
I fixed some compatibility issues for Flatpak which is since yesterday available on Flathub.
Flathub website showing Calligra
Yaakov Selkowitz fixed the installation of the Okular generators so now if Calligra is installed, you can read your office document in Okular correctly.
Antonio Rojas dropped the unused KPart dependency and reenabled the user documentations.
I removed the old space navigator plugin which didn’t build anymore and was only used to navigate an office document with some retro controllers.
Finally, I fixed a few issues in Stage, I found while dog footing it for my slides for my Akademy presentation.
The updated slides sidebar of Calligra Stage
Get ItCalligra 4.0 is now available on Flathub. It’s also now available on Arch, KDE Neon and OpenBSD and I am aware there is some work in progress for Fedora and Mageia. Thanks everyone for packaging Calligra!
Packager SectionYou can find the package on download.kde.org and it has been signed with my GPG key.
Python Bytes: #399 C will watch you in silence
The Drop Times: Getting Started with Dresktop: Managing Local Drupal Environments
Armin Ronacher: Progress
As I'm getting older a lot of my social circles are becoming ever more conservative. The focus shifts from building with ambition to fiercly protecting what one has achieved. Shifting the mind on protectionism makes one consider all that can cause damage. It puts the focus on the negative, it makes those negative thoughts feel much more significant than they are and one dwells on the past, instead of envisioning of what opportunity might lie ahead.
Yet, when we look back at history, it becomes clear that progress and fresh ideas tend to prevail over time. Not every new idea will succeed, but the overall trend is undeniable.
I believe that every day presents us with a choice: to step forward with courage and optimism or to cling to the status quo, even as it becomes increasingly untenable. Embracing new ideas carries inherent risks, but so does the refusal to explore them.
Right now we find ourselves slowly sliding down from our local maximum and some people try to pull you back up to where we were standing. On the other hand if you dare to run you will find a bigger and more impressive hill to scale. One that offers a better vantage point and when water rises undoubtedly the better place to be.
In today's political environment, the rhetoric is dominated by a yearning for the past. Some politicians will promote a return to fossil fuels and conservative social norms. They play into your fears of others and promote individualism at cost of the collective. The will uphold every bad news as a reason to fortify borders and strengthen nation-states.
But as time marches on, future generations will likely look back at these regressive inclinations and wonder how we could have been so short-sighted.
Hynek Schlawack: How to Ditch Codecov for Python Projects
Codecov’s unreliability breaking CI on my open source projects has been a constant source of frustration for me for years. I have found a way to enforce coverage over a whole GitHub Actions build matrix that doesn’t rely on third-party services.
July and August in KDE PIM
Here's our bi-monthly update from KDE's personal information management applications team. This report covers progress made in July and August 2024.
Since the last report, 32 people have contributed over 1300 changes to the KDE PIM code base. We also released a new version of the KDE PIM Suite in August with the Gear release
AkademyThe KDE PIM team will be at Akademy from the 7th to the 12th of September in Würzburg (Germany). We will host again a PIM BoF on Monday from 14h to 16h.
MilestonesWe have decided to plan and track our work in milestones. Milestones represent concrete goals with clear definitions of what we understand as done, and be achievable within a reasonable time frame. Each milestone is then split into smaller bite-sized tasks that can be worked on independently.
This helps us prioritize important work, make our progress more visible and, most importantly, make it easier for people to get excited about what we are working on. New contributors will also be able to pick a well-defined task and start contributing to PIM.
You can see the milestones on our Gitlab board. If anything there catches your eye and you would like to help, reach out to us on the #kontact:kde.org Matrix channel!
Retiring KJots and KNotesWe made some progress on this front and KNotes was not part of the 24.08 release. The repositories for KNotes and KJots are now archived and the remaining bits related to the Akonadi Note support were removed from KOrganizer, Calendar Support, KDE PIM Runtime, and Event Views.
Moving Protocol Implementations to KDE FrameworksVolker continued to cleanup and optimize KMime in preparation for moving it to the KDE Frameworks. KMime is the library used to parse and write emails.
ItineraryOur travel assistant app Itinerary got a new seat information display in the timeline, integration with the Träwelling check-in service, more use of Wikidata/Wikimedia online content and a pretty new website. See its own bi-monthly update for more details.
KleopatraOver the last two months the smart card views for the different types of supported smart cards got a facelift to make them look more unified and less crowded (T7018).
Kleopatra now supports disabling OpenPGP certificates (T7216). This is sometimes useful to prevent accidentally using a certificate for encryption.
We improved the usability in
- signing and encryption (T6485, T7183, T7236),
- the list of certifications that now only shows the relevant ones (T7231),
- the certificate group configuration (T6966),
- changing the expiration of subkeys (T7198, T7215).
Akregator is the RSS feed reader integrated into Kontact. Laurent reimplemented the filter bar to avoid multiple clicks and it is now similar to the one from Thunderbird.
Akregator now supports Plasma Activities so you can select which feeds are visible depending on the activity you are in. Similar functionalities are planned for KMail, KOrganizer and KAddressBook.
Finally, Akregator now has a What's New dialog showing the changes from the last version.
KMail
KMail now uses less memory by only loading some widgets when needed.
MimeTreeParser/MerkuroWe have unified the verification message for signed messages between Kleopatra, KMail and Merkuro by moving the implementation to LibKleo.
KAlarm
We replaced the libcanberra audio backend with VLC, since libcanberra is unmaintained and does not recognise recent audio formats. There is also the option for distributions to use MPV as audio backend.
Gunnar Wolf: Free and open source software and other market failures
Understanding the free and open-source software (FOSS) movement has, since its beginning, implied crossing many disciplinary boundaries. This article describes FOSS’s history, explaining its undeniable success throughout the 1990s, and why the movement today feels in a way as if it were on autopilot, lacking the “steam” it once had.
The author presents several examples of different industries where, as it happened with FOSS in computing, fundamental innovations happened not because the leading companies of each field are attentive to customers’ needs, but to a certain degree, despite them not even considering those needs, it is typically due to the hubris that comes from being a market leader.
Kemp exemplifies his hypothesis by presenting the messy landscape of the commercial, mutually incompatible systems of Unix in the 1980s. Different companies had set out to implement their particular flavor of “open Unix computers,” but with clear examples of vendor lock-in techniques. He speculates that, “if we had been able to buy a reasonably priced and solid Unix for our 32-bit PCs … nobody would be running FreeBSD or Linux today, except possibly as an obscure hobby.” He states that the FOSS movement was born out of the utter market failure of the different Unix vendors.
The focus of the article shifts then to the FOSS movement itself: 25 years ago, as FOSS systems slowly gained acceptance and then adoption in the “serious market” and at the center of the dot-com boom of the early 2000s, Linux user groups (LUGs) with tens of thousands of members bloomed throughout the world; knowing this history, why have all but a few of them vanished into oblivion?
Kemp suggests that the strength and vitality that LUGs had ultimately reflects the anger that prompted technical users to take the situation into their own hands and fix it; once the software industry was forced to change, the strongly cohesive FOSS movement diluted. “The frustrations and anger of [information technology, IT] in 2024,” Kamp writes, “are entirely different from those of 1991.” As an example, the author closes by citing the difficulty of maintaining–despite having the resources to do so–an aging legacy codebase that needs to continue working year after year.
Talking Drupal: Talking Drupal #465 - Greater Cleveland RTA
Today we are talking about The Greater Cleveland RTA, How they use Drupal, and how they built a Drupal team with guests Mike Cermak & Rithya Lath. We’ll also cover Geofield Directions as our module of the week.
For show notes visit: www.talkingDrupal.com/465
Topics- What does the Greater Cleveland RTA do
- Is the RTA a state agency
- What kind of Digital Service do you provide
- How does the GCRTA use Drupal
- Whay was Drupal selected
- Let's talk about the team
- How long has the team existed and how many people
- What type of skill makeup doest hte team have
- Local development and deployment
- Point and click learning, how do you keep up to speed now
- Day to day responsibilities
- Drupal con and Starshot
Rithya Lath - ral1239 Mike Cermak - riderta.com MikeCermak
HostsNic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi
MOTW CorrespondentMartin Anderson-Clutz - mandclu.com mandclu
- Brief description:
- Have you ever wanted to make it easy for visitors to your Drupal site to get directions to a location via Google Maps? There’s a module for that.
- Module name/project name:
- Brief history
- How old: created in Feb 2021 by Christopher Martin (ccjjmartin), though recent releases are by Allan Chappell (generalredneck)
- Versions available: 1.0.1, compatible with Drupal ^8.8 ^9 || ^10 ^11
- Maintainership
- Minimally maintained, Maintenance fixes only
- Security coverage
- Test coverage
- Documentation? Not even a README
- Number of open issues: 1 open issue, not a bug
- Usage stats:
- 26 sites
- Module features and usage
- The module provides a new field formatter, so you can install it and then update a view mode to use Geofield Directions. Now your content display will include a link to get directions
- You can figure the text of the link, whether the link should open in a new tab, the magnification of the destination map, and more
- The module also includes token support, so you can dynamically include things like the name of the location in the link text
- I think the only downside I can see is that because this is implemented as a formatter, you have to choose the directions link OR a map, where I could foresee sites wanting to show both
The Drop Times: Simplifying Complexity with Guidance
Dear Readers, With Drupal 11 now in full swing, users have had time to explore the new features and improvements this release brings. As the platform continues to mature, one aspect remains critically important: comprehensive and up-to-date documentation. Whether you're a newcomer or a seasoned Drupal developer, having reliable documentation is key to fully leveraging the capabilities of Drupal 11 and adapting to the changes it introduces.
A major focus of Drupal 11 has been improving user experience, such as simplifying the process for adding fields to entity types. While these changes make Drupal easier to use, they also require clear documentation to guide users through the new workflows. The Documentation and Help Initiative is vital here, ensuring that Drupal's power is accessible to everyone. Led by a dedicated team, this initiative aims to improve Drupal.org's resources and introduce a help system that provides assistance tailored to users' needs.
However, the documentation does more than explain the latest changes-it strategically makes Drupal more accessible to a broader audience. This is particularly true as we look toward the future with the upcoming "Drupal CMS," a product of the Drupal Starshot initiative. Drupal CMS aims to offer a more user-friendly, out-of-the-box experience, making it easier for those who might find Drupal Core's technical depth overwhelming. The documentation will be crucial in helping users understand the differences between Drupal CMS and Drupal Core, empowering them to choose the right tool for their needs and get started quickly.
As Drupal 11 continues to evolve, so too must its documentation. With features like Project Browser and Automatic Updates on the horizon, which promise to simplify Drupal's usability even further, the role of documentation in bridging the gap between technical advancements and user understanding becomes even more vital.
With that, let's move on to the important stories from last week.
DropTimes has put together a comprehensive FAQ to clarify the reasoning and implications behind Drupal Starshot's recent naming decision to be "Drupal CMS" instead of simply "Drupal." This guide is designed to help you understand the differences between Drupal Core and Drupal CMS.
In an interview with Kazima Abbaz, Selwyn Polit delves into the meticulous process behind creating "Drupal at Your Fingertips," offering detailed insights into how he curated and organized the content to serve as a comprehensive reference for Drupal developers. This guide aims to serve as a streamlined resource that cuts through the clutter, providing precisely what developers need when they need it.
In a world where tech startups often chase rapid growth at the expense of culture and sustainability, Iztok Smolic offers a refreshing alternative. As the CEO and Managing Director of Agiledrop, he has cultivated a unique company culture that blends traditional values with modern technological practices. In this interview, Iztok sits down with Elma John, a former sub-editor of The DropTimes, to discuss the inspirations and challenges that shaped his career and company.
Drupal GovCon 2024 recently concluded, marking a significant event for the Drupal community. Kazima Abbas has compiled key lessons from Rod Martin and Bree Benesh on Site building and leadership, from a session presented at the event. Mike Gifford, has presented the results from analyzing Drupal's dominance and accessibility in government websites which he had generously shared with The DropTimes.
Lenny Moskalyk has released a progress report on the Starshot initiative for August 2024. The initiative, announced by Dries Buytaert, is advancing through various focused tracks, each dedicated to different components of the platform.
Twin Cities Drupal Camp 2024 is just around the corner, taking place from September 12 to 13 in Minneapolis/St. Paul. With the event fast approaching, Drupal enthusiasts and web technology professionals are gearing up for two days of intensive learning and networking.
DrupalCon Singapore 2024 has announced a range of financial support options to make the event more accessible to the global Drupal community. DrupalSouth Melbourne 2025 is calling for volunteers to join its Event Committee, playing a crucial role in ensuring the successful execution of the conference.
In the news about DrupalCon Barcelona 2024, the event is set to feature keynotes by Dries Buytaert, Mónica Rikić, Theódór Ragnar Gíslason, and the Drupal Core Initiative Leads. DrupalCon also has a series of dynamic Contribution Events to bring together the global Drupal community to shape the platform's future. These events will run throughout the conference, culminating in a dedicated Contribution Day on Friday. DrupalCon Barcelona is also taking a stand against electronic waste by partnering with Trinijove, an organization dedicated to recycling and refurbishing old electronic devices.
Centarro has announced the release of Drupal Commerce 2.40 introducing a range of enhancements and new features. GitLab CI templates will soon make Drupal 11 the default version for automated testing, marking a significant transition within the Drupal ecosystem. Fran Garcia-Linares outlined this plan on Drupal.org, noting that GitLab CI currently supports simultaneous testing for both versions, which has allowed module maintainers to prepare for Drupal 11 compatibility.
We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now.
To get timely updates, follow us on LinkedIn, Twitter and Facebook. You can also, join us on Drupal Slack at #thedroptimes.
Thank you,
Sincerely
Alka Elizabeth
Sub-editor, The DropTimes.
Open Source AI Definition – Weekly update September 2nd
- @mkai added concerns about how OSI will address AI-generated content from both open and closed source models, given current legal rulings that such content cannot be copyrighted. He also suggests clarifying the difference between licenses for AI model parameters and the model itself within the Open Source AI Definition.
- @shujisado added that while media coverage of the OSAID v0.0.9 release is encouraging, he is not supportive of the idea of an enforcement mechanism to flag false open source AI. He believes this approach differs from OSI’s traditional stance and suggests it may be a misunderstanding.
- @jplorre added that while LINAGORA supports the proposed definition, they propose clarifying the term “equivalent system” to mean systems that produce the same outputs given identical inputs. They also suggest removing the specific reference to “tokenizers” in the definition, as it may not apply to all AI systems.
Draft v.0.0.9 of the Open Source AI Definition is available for comments
- @adafruit reconnects with @webmink and proposes updates to the Open Source AI Definition, including adding requirements for prompt transparency and data access during AI training. These updates aim to enhance the ability to audit, replicate, and modify AI models by providing detailed logs, documentation, and public access to prompts used during the training phase.
- @webmink appreciates the proposal but points out that it seems specific to a single approach, suggesting that it may need broader applicability.
- @thesteve0 criticizes the current definition, arguing that it does not grant true freedom to modify AI models because the weights, which are essential for using the model, cannot be reproduced without access to both the original data and code. He suggests that models sharing only their weights, especially when built on proprietary data, should be labeled as “open weights” rather than “open source.” He also expresses concern about the misuse of the “open source” label by some AI models, citing specific examples where the term is being abused.
- @pranesh added that it might be helpful to explicitly state that the governance of open-source AI is out of scope for OSAID, but also notes that neither the OSD nor the free software definition explicitly mention governance, so it may not be necessary.
- @kjetilk added that while governance issues have traditionally been unspoken, this unspoken nature is a key problem that needs addressing. He suggests that OSI should explicitly declare governance out of scope to allow others to take on this responsibility.
- @mjbommar added support for making an official statement that OSI does not intend to control governance, noting concerns that some might fear OSI is moving towards a walled governance approach. He references past regrets about not controlling the “open source” trademark as a means to combat open-washing.
- @nick added assurance that OSI has no intention of creating a walled governance garden, reaffirming the organization’s long-standing position against such control.
- @shujisado added that there seems to be a consensus within the OSAID process that governance is out of scope, and notes that related statements have already been moved to the FAQ section in recent versions.
- @pranesh mentions that, from a legal perspective, the percentage of infringement matters, citing the “de minimis” doctrine and defenses like “fair use” that consider the amount and purpose of infringement. He emphasizes that copyright laws in different jurisdictions vary, and not all recognize the same defenses as in the US.
- @mjbommar argues that the scale and nature of AI outputs make the “de minimis” defense irrelevant, especially when AI models generate significant amounts of copyrighted content. He stresses that the economic impact of AI-generated content is a key factor in determining whether it qualifies as transformative or infringes copyright.
- @shujisado highlights that in Japan, using copyrighted works for AI training is generally treated as an exception under copyright law, a stance that is also being adopted by neighboring East Asian countries. He suggests that approaches like the EU Directive are unlikely to become mainstream in Asia.
- @mjbommar acknowledges the global focus on US/EU laws but points out that many commonly used models are developed by Western organizations. He questions how Japan’s updated copyright laws align with international treaties like WCT/DMCA, expressing concern that they may allow practices that conflict with these agreements.
- @arandal emphasizes the importance of the Open Source Definition (OSD) as a unifying framework that accommodates diverse approaches within the open-source community. She argues that AI models, being a combination of source code and training data, should have their diversity in handling data explicitly recognized in the Open Source AI Definition. She proposes specific text changes to the draft to clarify that while some developers may be comfortable with proprietary data, others may not, and both approaches should be supported to ensure the long-term success of open-source AI.
- @mjbommar appreciates the spirit of Arandal’s proposal but adds that the OSI currently lacks specific licenses for data, which is why it is crucial for the OSI to collaborate with Creative Commons. Creative Commons maintains the ecosystem of “data licenses” that would be necessary under the proposed revisions to the Open Source AI Definition.
- @arandal agrees with the need for collaboration with organizations like Creative Commons, noting that this coordination is already reflected in checklist v. 0.0.9. She suggests that such collaboration is necessary even without the proposed revisions to ensure the definition accurately addresses data licensing in AI.
- @nick acknowledges the importance of working with organizations like Creative Commons and mentions that OSI is in ongoing communication with several relevant organizations, including MLCommons, the Open Future Foundation, and the Data and Trust Alliance. He highlights the recent publication of the Data Provenance Standards by the Data and Trust Alliance as an example of the kind of collaborative work that is being pursued.
- @mjbommar reiterates the need for explicit coordination with Creative Commons, arguing that the OSI cannot realistically finalize the Open Source AI Definition without such collaboration. He also suggests that the OSI should explore AI preference signaling and work with Creative Commons and SPDX/LF to establish shared standards, which should be part of the OSAID standard’s roadmap.
Join this week’s town hall to hear the latest developments, give your comments and ask questions.
Register for the townallReal Python: Generate Images With DALL·E and the OpenAI API
Describe any image, then let a computer create it for you. What sounded futuristic only a few years ago has become reality with advances in neural networks and latent diffusion models (LDM). DALL·E by OpenAI has made a splash through the amazing generative art and realistic images that people create with it.
OpenAI allows access to DALL·E through their API, which means that you can incorporate its functionality into your Python applications.
In this tutorial, you’ll:
- Get started using the OpenAI Python library
- Explore API calls related to image generation
- Create images from text prompts
- Create variations of your generated image
- Convert Base64 JSON responses to PNG image files
You’ll need some experience with Python, JSON, and file operations to breeze through this tutorial. You can also study up on these topics while you go along, as you’ll find relevant links throughout the text.
Get Your Code: Click here to download the free sample code that you’ll use to generate stunning images with DALL·E and the OpenAI API.
Take the Quiz: Test your knowledge with our interactive “Generate Images With DALL·E and the OpenAI API” quiz. You’ll receive a score upon completion to help you track your learning progress:
Interactive Quiz
Generate Images With DALL·E and the OpenAI APIIn this quiz, you'll test your understanding of generating images with DALL·E by OpenAI using Python. You'll revisit concepts such as using the OpenAI Python library, making API calls for image generation, creating images from text prompts, and converting Base64 strings to PNG image files.
Complete the Setup RequirementsIf you’ve seen what DALL·E can do and you’re eager to make its functionality part of your Python applications, then you’re in the right spot! In this first section, you’ll quickly walk through what you need to do to get started using DALL·E’s image creation capabilities in your own code.
Install the OpenAI Python LibraryConfirm that you’re running Python version 3.7.1 or higher, create and activate a virtual environment, and install the OpenAI Python library:
Windows PowerShell PS> python --version Python 3.12.5 PS> python -m venv venv PS> .\venv\Scripts\activate (venv) PS> python -m pip install openai Copied! Shell $ python --version Python 3.12.5 $ python -m venv venv $ source venv/bin/activate (venv) $ python -m pip install openai Copied!The openai package gives you access to the full OpenAI API. In this tutorial, you’ll focus on image generation, which lets you interact with DALL·E models to create and edit images from text prompts.
Get Your OpenAI API KeyYou need an API key to make successful API calls. Sign up with OpenAI and create a new project API key by clicking on the Dashboard menu and then API keys on the bottom left of the navigation menu:
On this page, you can create and manage your API keys, which allow you to access the service that OpenAI offers through their API. You can create and delete secret keys.
Click on Create new secret key to create a new API key, and copy the value shown in the pop-up window.
Note: OpenAI assigns your API usage through unique key values, so make sure to keep your API key private. The company calculates the pricing of requests to generate images on a per-image basis that depends on the model you use and the resolution of the output image.
Keep in mind that OpenAI’s API services and pricing policies may change. Be sure to check their website for up-to-date information about pricing and offers.
Always keep this key secret! Copy the value of this key so you can later use it in your project. You’ll only see the key value once.
Save Your API Key as an Environment VariableA quick way to save your API key and make it available to your Python scripts is to save it as an environment variable. Select your operating system to learn how:
Windows PowerShell (venv) PS> $ENV:OPENAI_API_KEY = "<your-key-value-here>" Copied! Shell (venv) $ export OPENAI_API_KEY="<your-key-value-here>" Copied! Read the full article at https://realpython.com/generate-images-with-dalle-openai-api/ »[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
libffcall @ Savannah: GNU libffcall 2.5 is released
libffcall version 2.5 is released.
New in this release:
- Added support for the following platforms: (Previously, a build on these platforms failed.)
- loongarch64: Linux with lp64d ABI.
- riscv64: Linux with musl libc.
- hppa: Linux.
- powerpc: FreeBSD, NetBSD.
- powerpc64: FreeBSD.
- powerpc64le: FreeBSD.
- arm: Android.
- Fixed support for the following platforms: (Previously, a build on these platforms appeared to succeed but was buggy.)
- ia64: Linux.
- arm64: OpenBSD.
- Simplified the environmental requirements (the library no longer allocates a temporary file in /tmp) on the following platforms:
- Linux.
- macOS.
- FreeBSD 13 and newer.
- NetBSD 8 and newer.
Jonathan Carter: Debian Day South Africa 2024
On Saturday, the Debian South Africa team got together in Cape Town to celebrate Debian’s 31st birthday and to perform ISO testing for the Debian 11.11 and 12.7 point releases.
We ran out of time to organise a fancy printed cake like we had last year, but our improvisation worked out just fine!
We thought that we had allotted plenty of time for all of our activities for the day, and that there would be plenty of time for everything including training, but the day zipped by really fast. We hired a venue at a brewery, which is usually really nice because they have an isolated area with lots of space and a big TV – nice for presentations, demos, etc. But on this day, there was a big rugby match between South Africa and New Zealand, and as it got closer to the game, the place just got louder and louder (especially as a band started practicing and doing sound tests for their performance for that evening) and it turned out our space was also double-booked later in the afternoon, so we had to relocate.
Even amidst all the chaos, we ended up having a very productive day and we even managed to have some fun!
Four people from our local team performed ISO testing for the very first time, and in total we covered 44 test cases locally. Most of the other testers were the usual crowd in the UK, we also did a brief video call with them, but it was dinner time for them so we had to keep it short. Next time we’ll probably have some party line open that any tester can also join.
LogoWe went through some more iterations of our local team logo that Tammy has been working on. They’re turning out very nice and have been in progress for more than a year, I guess like most things Debian, it will be ready when it’s ready!
Debian 11.11 and Debian 12.7 released, and looking ahead towards Debian 13Both point releases tested just fine and was released later in the evening. I’m very glad that we managed to be useful and reduce total testing time and that we managed to cover all the test cases in the end.
A bunch of things we really wanted to fix by the time Debian 12 launched are now finally fixed in 12.7. There’s still a few minor annoyances, but over all, Debian 13 (trixie) is looking even better than Debian 12 was around this time in the release cycle.
Freeze dates for trixie has not yet been announced, I hope that the release team announces those sooner rather than later, also KDE Plasma 6 hasn’t yet made its way into unstable, I’ve seen quite a number of people ask about this online, so hopefully that works out.
And by the way, the desktop artwork submissions for trixie ends in two weeks! More information about that is available on the Debian wiki if you’re interested in making a contribution. There are already 4 great proposals.
Debian Local GroupsOrganising local events for Debian is probably easier than you think, and Debian does make funding available for events. So, if you want to grow Debian in your area, feel free to join us at #debian-localgroups on the OFTC IRC network, also plumbed on Matrix at #debian-localgroups:matrix.debian.social – where we’ll try to answer any questions you might have and guide you through the process!
Oh and btw… South Africa won the Rugby!
Real Python: Quiz: How to Use Conditional Expressions With NumPy where()
In this quiz, you’ll test your understanding of How to Use Conditional Expressions With NumPy where().
By working through the questions, you’ll consolidate the knowledge you gained from the tutorial and take yourself beyond what you learned.
To answer some of the questions, you’ll need to do some research outside of the tutorial itself. Embrace this challenge because exploration can take you on a valuable learning journey.
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Real Python: Quiz: Generate Images With DALL·E and the OpenAI API
In this quiz, you’ll test your understanding of generating images with DALL·E by OpenAI API using Python.
By working through this quiz, you’ll revisit how to use the OpenAI Python library, make API calls related to image generation, create images from text prompts, create variations of an image, and convert Base64 strings to PNG image files.
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Golems GABB: Mobile Apps Powered by Drupal Backend (Android, iOS)
There are new CMSs coming into the market almost every year. Aggregation of ratings and other dull figures are carried out to see how they match with each other. However, there is a solo survivor – Drupal among the rest. While this CMS has competed for the Viewers' Choice Awards for the last 10 years, its ratings have not ceased to soar. It has been used to build sites for UNICEF, Teach for America (website of the US Department of Education), Le Figaro (a well-known French newspaper), and others.
Zato Blog: Airport integrations in Python
Did you know you can use Python as an integration platform for your airport systems? It's Open Source too.
From AODB, transportation, business operations and partner networks, to IoT, cloud and hybrid deployments, you can now use Python to build flexible, scalable and future-proof architectures that integrate your airport systems and support your master plan.
➤ Read here about what is possible and learn more why Python and Open Source are the right choice.
More blog posts➤qtatech.com blog: Drupal et Progressive Web Apps (PWA)
Progressive Web Apps (PWA) provide an enhanced user experience by combining the features of web and mobile applications. For Drupal developers, integrating a PWA can transform a website into a high-performance mobile application. This article offers a technical approach to achieving this integration.
Kdenlive 24.08.0 released
Kdenlive 24.08 is out, and while summer is usually a quieter time for the team, this update comes packed with nifty new features, enhancements, and quality-of-life improvements, specially for Effects and Transitions. This version boosts performance in sequence playback and timeline preview rendering, improves handling of transcoding issues when importing large amounts of clips, adds VAAPI transcode profiles, and fixes GPU transcoding for Nvidia. On the packaging front, Whisper support has been improved for both Windows and macOS while also improving theming issues on all platforms.
Effects and Transitions
This release comes with many improvements to Effects and Transitions that were made possible thanks to your contributions to our fundraiser.
User InterfaceThis version comes with a revamped user interface for all effect controls, resulting in a cleaner look and more efficient usage of space.
Easing ModesIn addition to the existing easing modes (linear, smooth, and constant), we’ve added several new options like: Cubic In/Out, Exponential In/Out, Circular In/Out, Elastic In/Out, and Bounce In/Out for transitions and effects.
Effect Groups
The new Effect Groups feature enables you to control and apply changes to all clips within a group or selection, making the effect editing process more flexible.
Transform Effect UX
This release brings several enhancements to the Transform effect, improving both usability and functionality. The handles’ visuals have been refined by adding more control points for easier adjustments. Now, you can move the frame from anywhere inside it, with the handles automatically disappearing during the move for a cleaner view. Also holding Alt+Click lets you cycle through clips without needing to select them in the timeline. We’ve also added a grid to the monitor, allowing clips to snap into place while moving.
Curve EditorThis version introduces an initial prototype of the highly anticipated curve editor for keyframes. Please note that it is in a very alpha state and is not ready for production.
Other Highlights
This release includes over 130 commits. Here are a few highlights:
- Fixed many Python related issues
- Fixed Titles background issues
- Added timestamps to undo commands
- Fixed many crashes in various operations
- Add Actions to quickly add Marker/Guides in a specific category
- Run callback server for OAuth2 only if necessary.
- Fixed issues with custom Clip Jobs
- Fixed audio recording regressions
- Fix Whisper / numpy version on Mac. Commit.
- Try to fix venv on Mac. Commit.
- Fix monitor data lost on switch from/to fullscreen on Windows. Commit. See bug #490708.
- Improve default track height calculation. Commit. See bug #490869.
- Ensure qtblend composition is always preferred to cairoblend unless specifically requested by user. Commit. See bug #491628.
- Better syntax for package check. Patch by Philippe Fremy. Commit.
- Fix effectstack view keeps scrolling when mouse leaves. Commit.
- Improve drag and drop of effects, don’t create 2 separate entries on dropping effect from list. Commit.
- Fix effect stack scroll on drag. Commit.
- Stop dragging effect stack when mouse is outside of the widget. Commit.
- Fix reuse. Commit.
- Fix some effect names not translated. Commit. Fixes bug #491438.
- Fix python venv on Windows. Commit.
- Fix possible crash on python install and enforce correct packages for Windows Whisper. Commit. See bug #490661.
- Switch openai installer to python requirements files, allowing to fix numpy error on Windows. Commit. See bug #491350.
- Fix rendering progress sometimes incorrect. Commit. See bug #490146.
- Fix NVidia transcoding of 10bit videos (convert to 8bit). Commit.
- Default to GPU transcoding if available. Commit.
- Fix incorrect param in audio thumb introduced in recent commit. Commit.
- Minor optimization for preview render. Commit.
- Fix titler incorrect background scale. Commit.
- Fix subtitle widget size on AppImage. Commit.
- Fix detection of build in MLT lumas. Commit.
- Fix subtitle widget using too much space. Commit.
- When doing an extract operation on all tracks and guides are not locked, move / delete the guides accordingly. Commit. See bug #490020.
- Fix titler background is pixelated. Commit. Fixes bug #431606.
- Fix deleting several single selection items sometimes deletes an unselected clip. Commit.
- Make audio only render faster. Commit. See bug #491109.
- Add video only vaapi transcode profile. Commit.
- Don’t start proxy/audio tasks if a clip requires transcoding. Commit.
- First round of fixes for task manager. Commit.
- Add vaapi transcoding profile. Commit.
- Fix crash in task manager. Commit.
- Separate file for audio tracks fixes: Fix muted tracks exported, don’t export audio for video render. Commit. See bug #491108.
- Fix timeline scrolling down by a few pixels when already at the bottom when using rubberband or spacer. Commit. Fixes bug #490956.
- Ensure missing timeline clips all have the “Invalid” markup text. Commit.
- Fix crash cutting missing timeline clip. Commit.
- Fix possible crash in keyframe editor. Commit.
- Scroll effect stack view when dragging an effect. Commit.
- Fix crash adding/editing keyframes on tracks/master when using group effects feature. Commit.
- Fix possible QT debug crash on paste. Commit.
- Add Actions to quickly add Marker/Guides in a specific category. Commit.
- Fix loading sequence clip broken by last commit. Commit.
- Fix single selection resize affecting other grouped items. Commit.
- Add a control uuid to each bin clip to ensure clips can not get mixed on project opening. Commit.
- Fix crash after undo spacer move with guides. Commit.
- Fix transform keyframe center seeking outside clip. Commit.
- Fix crash pasting single selected clip. Commit. Fixes bug #490370.
- Fix track effects cannot be deleted if “group effect” feature is enabled. Commit.
- Updating a bin clip (name, tag) should be applied to all timelines, not only the current one. Commit.
- Slightly better adjustment of tracks in multicam view for more than 4 tracks. Commit.
- Make multitrack tool operate on inactive tracks as well. Commit. See bug #489981.
- Fix color theme menu not showing active theme. Commit. Fixes bug #489958.
- Fix cannot restore audio after saving project with master muted. Commit. Fixes bug #489985.
- Fix crash transcoding an audio only clip. Commit.
- Generating comobox box from mlt enumeration parameters in generic effect UI. Commit.
- Add createdate to dynamic text keywords and some tooltip info. Commit. See bug #489119.
- Update SoK file copyright. Commit.
- Implement keyframe curve editor. Commit.
- Fix transcoding sometimes results in vfr clips. Commit.
- Fix avgblur minimum value for x offset. Commit.
- Add sliders to keyframe import offset (Fixes #1884). Commit.
- Update include/exclude lists with latest status. Commit.
- Allow Effects/Compositions widgets to be smaller. Commit.
- Consistently use USE_DBUS in CMake. Commit.
- Monitor qml overlay: don’t allow editing effect if timeline cursor is outside effect. Commit.
- Get rid of ugly public/private hack in tests. Commit.
- In comments, replace en_GB words “colour” and “analyse” with en_US versions. Commit.
- Rename CMake option for DBus from NODBUS to USE_DBUS. Commit.
- Nicer monitor handles for transform effect, don’t allow invalid rect on resize. Commit.
- [cmd rendering] Ensure proper kdenlive_render path for AppImage. Commit.
- [nightly flatpak] update otio. Commit.
- Explicitly mention that QT’s major version in MLT must match the one used for Kdenlive. Commit.
- Fix undo move effect up/down. On effect move, also move the active index, increase margins between effects. Commit.
- Fix removing a composition from favorites. Commit.
- Properly activate effect when added to a timeline clip. Commit.
- Transform effect: allow moving frame from anywhere inside it, hide handles on move. Commit.
- Fix spacer tool can move backwards and overlap existing clips. Commit.
- Transform effect: add top, bottom, left, right handles. Commit.
- Add easing method to video fades. Commit.
- Transform effect: fix handles move on click. Commit.
- Transform effect: when working in timeline with several clips using a transform effect, Alt+Click allows cycling through the clips. Commit.
- [nightly flatpak] Switch to llvm18. Commit.
- Add grid to monitor effects scene (it snaps). Commit.
- Run callback server for OAuth2 only if necessary. Commit.
- Fix extra dash added to custom clip job output. Commit. See bug #487115.
- Fix include list license. Commit.
- Fix usage of QUrl for LUT lists. Commit. See bug #487375.
- Rename include/exclude lists. Commit.
- For Qt5 require at least KF 5.115.0, for Qt6 KF 6.0.0. Commit.
- Allow custom whitelist files for effects / compositions (no ui yet). Commit.
- Fix startup crash on KF 6.3. Commit.
- Fix missing whitelist license. Commit.
- Implement effects whitelist (WIP). Commit.
- Fix default keyframe type referencing the old deprecated smooth type. Commit.
- Warn if custom clip job contains uneven number of quotes. Commit.
- Be more clever splitting custom ffmpeg commands around quotes. Commit. See bug #487115.
- Fix effect name focus in save effect. Commit. See bug #486310.
- Fix tests. Commit.
- Fix selection when cutting an unselected clip under mouse. Commit.
- Add timestamp to undo commands. Commit.
- Fix loading timeline clip with disabled stack should be disabled. Commit.
- Fix crash trying to save effect with slash in name. Commit. Fixes bug #487224.
- Remove quotes in custom clip jobe, fix progress display. Commit. See bug #487115.
- Replace custom style menu by new KStyleManager menu. Commit.
- Use KIconTheme::initTheme & KStyleManager::initStyle for proper styling. Commit.
- Fix setting sequence thumbnail from clip monitor. Commit.
- ClipJob: fix typo. Commit.
- ClipJob: correct and update info and whatsthis. Commit. See bug #487115.
- Fix locked track items don’t have red background on project open. Commit.
- Fix spacer tool doing fake moves with clips in locked tracks. Commit.
- Hide timeline clip status tooltip when mouse leaves. Commit.
- UI files: use notr=”true” instead of old comment=”KDE::DoNotExtract”. Commit.
- Fix wrong FFmpeg chapter export TIMEBASE. Commit. Fixes bug #487019.
- Fix tests build. Commit.
- With Qt6 the breeze-icons *.rcc files are no longer delivered. Commit.
- Code Gardening: split main() into logical pieces. Commit.
- Create sequence thumbs directly from bin clip producer. Commit.
- Play monitor on click – make configurable. Commit.
- Fix opening documentation link for shuttle on Windows. Commit.
- Fix merge error. Commit.
- Typo for build command: ninja is use in the cmake command, so sudo ninja install should be used. Commit.
- JogShuttle, add note and link for installation on Windows. Commit. Fixes bug #485602.
- Optimize playback of sequence clips (don’t default to rgba format which triggers expansive compositing checks). Commit.
- Correct typo “file exist” → “file exists”. Commit.
- Draft: Clarify that the remaining time calculation is an estimation. Commit.
- Fix tests warnings. Commit.
- Improve user feedback. Commit.
- Audio record: allow playing timeline when monitoring, clicking track rec… Commit. See bug #486198. See bug #485660.
- Feat: Implement effect groups. Commit.
- Work/audio rec fixes. Commit.
- Add multi-format rendering. Commit.
- Ensure Docks are correctly sorted in view menu. Commit.
The post Kdenlive 24.08.0 released appeared first on Kdenlive.