Feeds

Dear Readers,

Have you ever felt the transformative power of a teacher's or mentor's encouragement? Anatole France, the French poet and journalist, once encapsulated this influence by saying, 

"Nine-tenths of education is encouragement."

It's astonishing how teachers can nurture love or sow seeds of positivity, potentially steering an entire future. When a child moves beyond their family circle, teachers often step into a pivotal role. Their impact isn't confined to imparting knowledge; it extends to shaping perspectives, igniting passions, and defining life paths.

Just as many attribute their accomplishments to teachers who unearthed their hidden talents guiding their paths, the Drupal community thrives on mentors who play a pivotal role. Like educators, these mentors guide newcomers, share their expertise, and foster an environment conducive to growth within the Drupal ecosystem. They serve as pillars, offering invaluable guidance and insights enriching the community with their depth of knowledge and experience.

In this context, Michael Anello shines as a beacon within the Drupal realm. His trajectory, from teaching engineering to co-founding DrupalEasy—a hub for Drupal-centric training, career development, and consultancy—mirrors the impact of a guiding force.  The DropTimes had the opportunity to interview Michael Anello. He reflects on his journey, the evolution of Drupal, navigating challenges in the learning process and steering DrupalEasy through adaptations to accommodate various skill levels. In essence, his role echoes the influence of those pivotal teachers who shape destinies within the dynamic and ever-evolving landscape of the Drupal community.

In another enlightening interview, the multifaceted expertise of Lyubomir Filipov, a Group Architect and Deputy Program Manager at FFW, takes centre stage. His journey spans various roles—from organizer to academician to mentor—an embodiment of the diverse skills of an expert Drupal developer.

Lyubomir Filipov operates as a leader by example, orchestrating the convergence of talent with opportunity. He's instrumental in shaping career trajectories for over 800 professionals at FFW, ensuring that the right individuals find their niche within the company. 

Our adept sub-editor, Alka Elizabeth, skillfully conducted these insightful conversations, shedding light on the depth and breadth of Michael Anello's and Lyubomir Filipov's contributions within the Drupal sphere. Alka also delved into a Reddit discussion about the recent changes to not just Drupal alone but the economy, AI, and growth of other CMSs like WordPress, Wix, and Shopify. 

On a side note, I've compiled a thorough overview highlighting TDT's significant milestones of the past year.

Speaking of events, The DropTimes has been announced as the official Media Partner for Drupal Mountain Camp 2024, Switzerland. To learn more about the event, visit the official website. You can also follow our tag Drupal Mountain Camp to catch every update. 

February 06 is DrupalCon Portland's registration kickoff—don't miss out! Find all the essential details right here. Stay tuned for more updates and announcements as the event draws nearer. 

The highly anticipated return of the PHP Conference Kansai 2024—a momentous occasion for PHP engineers in Japan is back after a notable six-year hiatus. Do check out the details here. 

As MidCamp 2024 draws near, it invites organizations to unite and bolster the vibrant Drupal community together. 

FLDC 2024's countdown has commenced! Seize the early bird registration before January 12 and save $25 on your attendance fees. Don't wait—the deadline is approaching fast!  

Fan tickets for DrupalCamp Poland are available until November 1, 2024—grab yours before time runs out.  A list of the Drupal events for the week is published here.

Acquia's latest release, the e-book "Achieving Success with Headless and Hybrid CMSs," provides in-depth insights into the benefits of employing CMS in various architectures—traditional, headless, or hybrid. For more information, dive into this informative resource.

Some notable news highlights include WeebPal's celebration of its 12th anniversary, dubbed the Silk or Fine Linen Jubilee, featuring an enticing offer for website owners. They're offering 12 participants an opportunity to upgrade from Drupal 9 to Drupal 10 free of cost.  

Centarro is rejoicing in its most substantial release yet: Drupal Commerce 2.37. Learn more about it here.

A groundbreaking addition to Drupal's arsenal is the newly launched Error Reporting module, poised to transform code analysis and debugging for effortless operations. Dive deeper into its capabilities here.

While more stories beckon for exploration, constraints compel us to halt further selection. To get timely updates, follow us on LinkedIn, Twitter and Facebook.

Keep enjoying your Drupal journey! 
Thank you,

With warm wishes,
Elma John
Sub-Editor, TheDropTimes

In the second episode of our three-part series on the ETL Migration process, we delve into the most involved stage of Drupal migration: Transformation. This episode features insights from Tag1 Consulting’s experts, including Mike Ryan, co-creator of Drupal Migrate, and notable contributor Benji Fisher. They analyze the Transformation phase in the ETL process, specifically examining Drupal’s unique “row-by-row” approach, and the discussion session revolves around the advantages and challenges of this method, with a strong emphasis on optimizing performance within the transformation pipeline. The episode is a treasure trove for those considering or currently working on Drupal migrations, as it steps into the technical realm while touching on the practical aspects of transforming data during a migration. Benji expresses his fascination with this particular stage, describing it as a playground for innovation and detailing the intricacies that make it the heart of the migration process. This discussion is essential for developers and IT professionals seeking to understand or undertake large-scale Drupal migrations. Part 1 | Part 2 | Part 3 - Coming soon! Please let us know if you have specific migration-related topics you'd like to see us cover. Or, reach out and let us know if we...

Read more janez Tue, 01/09/2024 - 07:33

One of the most popular web frameworks, Django, has adopted the “batteries included” philosophy. This means that you can build a production-ready application using only the vanilla Django with no extensions or other frameworks. Even the database SQLite is available out of the box. SQLite is great for learning and developing small applications, but has […]

As you learned in Python Basics: Functions and Loops, functions serve as the fundamental building blocks in almost every Python program. They’re where the real action happens!

You now know that functions are crucial for breaking down code into smaller, manageable chunks. They enable you to define actions that your program can execute repeatedly throughout your code. Instead of duplicating the same code whenever your program needs to accomplish a particular task, you can simply call the function.

However, there are instances when you need to repeat certain code multiple times in a row. This is where loops become invaluable.

In this Python Basics Exercises video course, you’ll practice:

• Creating user-defined functions
• Implementing for loops
• Getting user input
• Rounding numbers

This video course is part of the Python Basics series, which accompanies Python Basics: A Practical Introduction to Python 3. You can also check out the other Python Basics courses.

Note that you’ll be using IDLE to interact with Python throughout this course.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

The Qt for Android plugin, introduced more than a decade ago, has been a game-changing change that opened a multitude of possibilities for developers looking to harness the power and flexibility of Qt for Android application development. Since then, many Android, Qt, and plugin changes have been made to support new features. However, neither the overall architecture nor the public Java bindings have changed much. These bindings contain wrappers for the Android Activity. It is about time we did that! 

The advantages of Drupal CMS always include its friendliness to users who cannot write code. In most cases, these users are content managers. How can you give more power to the content manager of your Drupal website? Add the Layout Builder module that makes building web pages as easy as putting Lego bricks together.

<strong>Topics covered in this episode:</strong><br> <ul> <li><a href="https://tonybaloney.github.io/posts/python-gets-a-jit.html"><strong>Python 3.13 gets a JIT</strong></a></li> <li><a href="https://fosstodon.org/@basnijholt/111605262871991435">UniDep - Unified Conda and Pip Dependency Management</a></li> <li><a href="https://hynek.me/articles/pull-requests-branch/"><strong>Don’t Start Pull Requests from Your Main Branch</strong></a></li> <li><a href="https://github.com/pomponchik/instld"><strong>instld: The simplest package management</strong></a></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=PRaTs3PnJvI' style='font-weight: bold;'>Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by us! Support our work through:</p> <ul> <li>Our <a href="https://training.talkpython.fm/"><strong>courses at Talk Python Training</strong></a></li> <li><a href="https://courses.pythontest.com/p/the-complete-pytest-course"><strong>The Complete pytest Course</strong></a></li> <li><a href="https://www.patreon.com/pythonbytes"><strong>Patreon Supporters</strong></a></li> </ul> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.</p> <p><strong>Brian #1:</strong> <a href="https://tonybaloney.github.io/posts/python-gets-a-jit.html"><strong>Python 3.13 gets a JIT</strong></a></p> <ul> <li>Anthony Shaw</li> <li>Great article that walks through JIT concepts with a small example as if you were writing a parser in Python instead of C.</li> <li>Covers <ul> <li>What is a JIT?</li> <li>What is a copy-and-patch JIT? and Why?</li> <li>How does the Python JIT work?</li> <li>Is it faster?</li> <li>This is a building block to future improvements</li> </ul></li> </ul> <p><strong>Michael #2:</strong> <a href="https://fosstodon.org/@basnijholt/111605262871991435">UniDep - Unified Conda and Pip Dependency Management</a></p> <ul> <li>🔄 Single requirements.yaml for both #Conda &amp; #Pip.</li> <li>⚙️ Works with pyproject.toml &amp; setup.py.</li> <li>🏢 Perfect for monorepos.</li> <li>🔒 Create consistent conda-lock files for multiple projects.</li> <li>🌍 Platform-specific support.</li> <li>🚀 <code>unidep install</code> for easy setup.</li> <li><a href="https://github.com/basnijholt/unidep">Full source page</a>.</li> </ul> <p><strong>Brian #3:</strong> <a href="https://hynek.me/articles/pull-requests-branch/"><strong>Don’t Start Pull Requests from Your Main Branch</strong></a></p> <ul> <li>Hynek Schlawack</li> <li>When contributing to other users’ repositories, always start a new branch in your fork.</li> <li>Reasons to not use main <ul> <li>Forces you to only have one change in progress</li> <li>Merges will generate conflicts and you can’t pull from that branch anymore. Need to kill the fork and start over</li> <li>If the target repo has branch protection on, then maintainers can’t push to your branch.</li> </ul></li> <li>Hynek also provides a way to fix things if you’ve already started your changes on a main branch fork.</li> </ul> <p><strong>Michael #4:</strong> <a href="https://github.com/pomponchik/instld"><strong>instld: The simplest package management</strong></a></p> <ul> <li>Thanks to this package, it is very easy to manage the lifecycle of packages.</li> <li>⚡ Run your code without installing libraries.</li> <li>⚡ You can use 2 different versions of the same library in the same program.</li> <li>⚡ You can use incompatible libraries in the same project, as well as libraries with incompatible/conflicting dependencies.</li> <li>⚡ It's easy to share written scripts. The script file becomes self-sufficient - the user does not need to install the necessary libraries.</li> <li>⚡ The library does not leave behind "garbage". After the end of the program, no additional files remain in the system.</li> </ul> <p><strong>Extras</strong> </p> <p>Brian: </p> <ul> <li><a href="https://courses.pythontest.com/p/complete-pytest-course">The Complete pytest Course</a> is now actually complete <ul> <li>Although updates will happen when and if necessary as pytest/Python changes.</li> <li>To celebrate, <strong><em>use code 2024 in January for 10% off</em></strong> any pricing option.</li> </ul></li> <li>More episodes of <a href="https://pythonpeople.fm">Python People</a> and <a href="https://podcast.pythontest.com">Python Test</a> on the way now <ul> <li>That course took up a lot of my time in late 2023</li> <li>Just released an <a href="https://pythonpeople.fm/episodes/will-vincent-django-writing-technical-books">episode with Will Vincent</a> and Python Test will have a new episode this week and for the foreseeable future.</li> <li>Let me know if you want to be on Python People or Python Test</li> </ul></li> </ul> <p>Michael:</p> <ul> <li><em>Hatch follow up: Great coverage of Hatch v1.8.0! One small correction: only the binaries for Hatch are signed with the certificate from the PSF.</em> - <strong>Ofek</strong></li> <li><a href="https://status.python.org/incidents/0mld3fml68nd">PyPI new user registration temporarily suspended</a></li> <li>Pagefind and <a href="https://fosstodon.org/@mkennedy/111637520985150159">how I’m using it</a></li> <li><a href="https://www.youtube.com/watch?v=KeegA_uzzSo">Talk Python Live: Data Doodles event</a> coming early Feb</li> <li>New essay: <a href="https://mkennedy.codes/posts/ai-features-a-waste-of-time/">AI Features a Waste of Time?</a></li> </ul> <p><strong>Joke:</strong> <a href="https://workchronicles.com/put-it-in-the-backlog/">Put it in the backlog</a></p>

The restaurant sector has faced challenges amidst economic downturns, prompting a search for recovery through enhanced business agility. In fact, a staggering 71% of food establishments acknowledge the central role of digital transformation in achieving this objective.

In response to the growing influx of restaurants into the online domain, the demand for an efficient Restaurant CMS has become increasingly evident. A well-suited Restaurant website CMS, such as Drupal, proves instrumental in optimizing business operations.

What Makes Drupal the Right Choice for Restaurants? 

Drupal has over 20 years of experience in managing restaurant content and has become the top choice for many big companies and restaurants. 

Did you know? 

Around 89.2% of users believe that Drupal will become even more popular among different types of businesses in the next three years, not just in the restaurant industry. 

This means the demand for a Sports CMS and an Education CMS will also increase.

Looking for an assistant to handle all your routine Drupal tasks including checking for updates and clean-ups, without any manual intervention? We'd like to introduce you to Cron Jobs! Now let’s dive into the world of this behind-the-scenes helper, specifically in the context of task automation within Drupal. In this blog, we will delve into the fascinating realm of automation, explore the fundamental concept of cron jobs, provide an overview of cron jobs in Drupal, and discuss various essential aspects of crafting your first custom Drupal cron job. What is Automation Automation is the practice of utilizing technology, machinery, or software to perform tasks, processes, or operations with minimal or no human intervention. The primary objective of automation is to streamline and optimize workflows, reduce manual effort, improve efficiency, enhance accuracy, and increase productivity. In simpler terms, automation entails using technology to minimize the human effort required for task execution. As technology continues to advance, we can expect to see automated machines, technology, and software playing a more significant role in many industries and everyday tasks. Now, keeping all these things in mind and asking ourselves how we can automate something, we move to the next topic. What are Cron Jobs? The term "cron" is frequently encountered in the domain of computers, especially within operating systems like Linux. It serves as a tool for scheduling tasks based on time. In Unix systems, such as Linux, "cron" is a scheduling utility. A "cron job" is an automated task scheduled using the "cron" utility. Cron is a daemon – a background process that handles non-interactive tasks. In Unix-like operating systems, a daemon is a component, or a type of program, that silently operates in the background without requiring human interaction. It's like having a robot that wakes up and starts working when it hears a specific sound or when something specific happens. Cron jobs provide users with a powerful tool to automate system maintenance, monitor disk space, and manage backups at regular intervals. While cron job scheduling is widely favored by system administrators, it also offers significant benefits to web developers. It functions as a built-in alarm clock for your website tasks, ensuring that you can automate routine actions with ease. Cron is typically pre-installed on the system. However, in cases where it's not available, you can easily install it using the following commands: Update the package repository sudo apt updateInstall cron sudo apt install cronEnable the cron service to ensure it runs as expected sudo systemctl enable cronThe question arises: How can we activate cron or configure a customized cron to meet our specific needs? In this scenario, crontab comes to the rescue. Crontab A crontab is like a to-do list of tasks you want your computer to do at specific times, and it's also the name of the command you use to create and manage that list. Crontab stands for “cron table”. Each user in Linux has their own crontab, which may be used to schedule jobs that will be executed as that user. You can view, and update the crontab file using the crontab command. Example: To update the crontab file crontab -eTo list down or show the commands stored in the crontab file crontab -lCron Expression In simple terms, a cron expression in Linux is like setting an alarm for your computer to do specific tasks regularly. You have five fields to play with: minutes, hours, days of the month, months, and days of the week. By adjusting these fields, you can tell your computer exactly when to do things. There are also special characters like asterisks and slashes that let you be flexible with your schedule. For instance, if you set a cron expression like "0 * * * *," it means your computer will perform a task at the beginning of every hour. It's a handy tool that makes your computer do routine jobs automatically, like maintenance, backups, and running scripts. A job is represented by each line of a crontab file, which looks like this SYNTAX: # ┌────── minute (0 - 59)# │ ┌────── hour (0 - 23)# │ │ ┌────── day of the month (1 - 31)# │ │ │ ┌────── month (1 - 12)# │ │ │ │ ┌────── day of the week (0 - 6) (Sunday to Saturday;# │ │ │ │ │                7 is also Sunday on some systems)# │ │ │ │ │# │ │ │ │ │# *  *  *  *  *  command_to_execute Examples: At every 1 minute: * * * * * At every 2 minute:  * /2 *  *  *  * At every 15 minute: * /15  *  *  *  * At every 1 hour: 0  *  *  *  * At every 3 hours: 0  * /3  *  *  * At every 8 hours: 0  * /8  *  *  * Everyday (At 00:00):  0  0  *  *  * Hour range: Every hour between 11 am to 2 pm: 0  11-14  *  *  * Thanks to crontab Guru which is a simple editor for cron schedule expressions. For more examples, you can refer to this page. Drupal Cron Job Overview Drupal has a handy feature called Automated Cron. The Drupal automated cron job is an automatic task scheduler that handles regular website upkeep, including tasks like optimizing the database and clearing the cache, all at predetermined time intervals. It guarantees the website's smooth operation and data precision, minimizing the necessity for manual involvement. Some key features of automated cron: Scheduled Maintenance Tasks: In simple terms, Drupal's automated cron is like a behind-the-scenes helper that does regular chores for your website. It cleans up the website's storage, checks for important updates, and takes care of other routine jobs without bothering you. This helps keep your website running smoothly without you having to do these tasks manually. Configurable Frequency: If you're in charge of a Drupal website, you can decide how often the automated cron job should do its work. By default, it does its tasks every three hours, but you can change that to better suit your website's requirements. You can set this schedule by going into the Drupal admin settings, and it's kind of like adjusting the timing on a sprinkler system for your garden. Background Process: Think of automated cron in Drupal like a silent worker in the background. It gets things done without disturbing the part of your website that visitors see. It doesn't need outside tools to know when to do its tasks; it uses its internal clock, much like an alarm clock that wakes you up at a specific time without needing help from another device. Limitations of Drupal cron: Simultaneous Execution of hook_cron Modules and Resource Challenges: When several modules use the hook_cron function, they all run simultaneously, either in alphabetical order or based on the weight assigned to each module. This can make a webpage request more resource-intensive all at once and has the potential to exceed memory limits on a complex site. Handling Errors in Cron Tasks and Identifying Culprits for Smooth Execution: If there's an error in one cron task, it can halt the entire cron process, preventing the execution of the remaining tasks until the issue is fixed. It's also challenging to identify which task is causing the problem. Optimizing Cron Execution by Analyzing Task Durations: To improve the efficiency of cron execution and to optimize the cron run time. It's important to examine which cron tasks consumed more time during their run. Now to overcome all these limitations, Drupal provides us with modules like Ultimate Cron, Super Cron (abandoned module), Elysia Cron (Drupal 7), etc.. All these modules are one or the same with more added features. Now Super Cron is unsupported, the module is abandoned due to some security issues. The module is no longer developed by the maintainer whereas Elysia cron is for Drupal 7. How does Ultimate Cron Help? Parallel Execution of Cron Tasks: Error Isolation and Independence: Tasks are no longer executed sequentially; they now run in parallel. This means that if one cron task encounters an error, it won't affect the independent execution of other tasks. Individual Configuration for Cron Jobs with Differing Schedules: You can configure each cron job separately. For example, you can set up your cron job to run every hour and another cron job (cron job B) to run every two hours. Independent Logging for Each Cron Job: Each has separate logs. Let's install the Ultimate cron module and create our first custom cron job. So, to install the module you can visit https://www.drupal.org/project/ultimate_cron and download the module using composer. Use this command: composer require 'drupal/ultimate_cron:^2.0@alpha'This will install the Ultimate cron module, the next step is to enable it. You can enable the module via the site or by drush command. Use this drush command to enable the module: drush en ultimate_cronAfter installing Ultimate cron, we get some predefined cron jobs that the module provides, for example, cleanups (cache, temp files), removing expired log messages, and history deletion. Path: xyz.domain.name/admin/config/system/cron/jobs How to Configure Custom Ultimate Cron Job Create a config/install directory in the root of your custom module’s directory. Make a new file called ultimate_cron.job.jobname.yml (replace jobname with the name of your job). In our case we are creating a custom cron job to publish all the unpublished article contents, therefore let's name our job as publish_article_job. 3. Next step is to edit the ultimate_cron.job.publish_article_job.yml file. Inside ultimate_cron.job.publish_article_job.yml, we’ll add the details which will include a callback function, cron job ID, and rules for scheduling the task. langcode: en status: true dependencies: module: - custom_cron_example title: 'Custom job for publishing articless' id: publish_article_job module: custom_cron_example callback: custom_cron_example_publish_article_job scheduler: id: simple configuration: rules: - '* * * * *'4. Once editing the configuration file, we will now define a callback function inside the custom_cron_example.module file. <?php use Drupal\node\Entity\Node; /** * Custom ultimate cron callback function. */ function custom_cron_example_publish_article_job() { $message = "Voila ! Ultimate cron works."; \Drupal::logger("custom_cron_example")->notice($message); // Query to fetch all article unpublished nodes. $query = \Drupal::entityQuery('node'); $query->condition('status', 0); $query->condition('type', 'article'); $entity_ids = $query->accessCheck(FALSE)->execute(); foreach ($entity_ids as $entity_id) { $node = Node::load($entity_id); $node->setPublished(TRUE)->save(); } }Once all steps have been completed, it's time to activate the module in order to ensure that the new configurations we've created are applied to the website. Once the module is enabled, you will be able to view your custom cron job on the cron job dashboard.   Now this cron job will run every 1 minute since we added the cron expression as * * * * *. You can alter the rule as per your requirement. Feel free to use crontab guru for references. I believe there’s no harm in that ;) Results: Before the cron run, the article was unpublished.   Once the scheduled task (cron) is completed, the article gets published on the website. Additionally, there's a record in the database log that displays our unique message, which we included in the custom callback function we created.   Enabling Cron using External Calls By using crontab on the server. External cron job services like easycron or cronless. You can configure the time as per your requirement.  Easycron Cronless It may be beneficial to disable the automated cron system for performance reasons or to ensure that cron can only ever run from an external trigger. To disable the automated cron: Change the value of "Run cron every" to "Never."                    (OR) Add the following line to your settings.php: (so that no other user can enable it). $config['automated_cron.settings']['interval'] = 0;Final Thoughts In today's world, Drupal's cron job system remains essential for automated site maintenance. However, its design limitations and potential resource impact are better addressed with modern alternatives like scheduled tasks in server or external cron services, ensuring smoother website performance and management. Automated technology and machines are fascinating aspects of the future that hold the potential to revolutionize various aspects of our lives. However, adopting automation will also require careful consideration of its impact on the workforce and society as a whole Is your online presence ready for an upgrade? Let's discuss how Specbee can be your strategic partner in Drupal development.  

I ended 2022 with a musical retrospective and very much enjoyed writing that blog post. As such, I have decided to do the same for 2023! From now on, this will probably be an annual thing :)

Albums

In 2023, I added 73 new albums to my collection — nearly 2 albums every three weeks! I listed them below in the order in which I acquired them.

I purchased most of these albums when I could and borrowed the rest at libraries. If you want to browse though, I added links to the album covers pointing either to websites where you can buy them or to Discogs when digital copies weren't available.

Once again this year, it seems that Punk (mostly Oï!) and Metal dominate my list, mostly fueled by Angry Metal Guy and the amazing Montréal Skinhead/Punk concert scene.

Concerts

A trend I started in 2022 was to go to as many concerts of artists I like as possible. I'm happy to report I went to around 80% more concerts in 2023 than in 2022! Looking back at my list, April was quite a busy month...

Here are the concerts I went to in 2023:

• March 8th: Godspeed You! Black Emperor
• April 11th: Alexandra Stréliski
• April 12th: Bikini Kill
• April 21th: Brigada Flores Magon, Union Thugs
• April 28th: Komintern Sect, The Outcasts, Violent Way, Ultra Razzia, Over the Hill
• May 3rd: First Fragment
• May 12th: Rhapsody of Fire, Wind Rose
• May 13th: Aeternam
• June 2nd: Mortier, La Gachette
• June 17th: Ultra Razzia, Total Nada, BLEMISH
• June 30th: Avishai Cohen Trio
• July 9th: Richard Galliano
• August 18th: Gojira, Mastodon, Lorna Shore
• September 14th: Jinjer
• September 22nd: CUIR, Salvaje Punk, Hysteric Polemix, Perestroika, Ultra Razzia, Ilusion, Over the Hill, Asbestos
• October 6th: Rancoeur, Street Code, Tenaz, Mortimer, Guernica, High Anxiety

Although metalfinder continues to work as intended, I'm very glad to have discovered the Montréal underground scene has departed from Facebook/Instagram and adopted en masse Gancio, a FOSS community agenda that supports ActivityPub. Our local instance, askapunk.net is pretty much all I could ask for :)

That's it for 2023!

I took some time last week to work on these icons some more. Here are the results:

If you’re writing scientific or data science code with Python, there’s a good chance you’re using NumPy, directly or indirectly. Pandas, Scikit-Image, SciPy, Scikit-Learn, AstroPy… these and many other packages depend on NumPy.

NumPy 2 is a new major release, with a release candidate coming out February 1st 2024, and a final release a month or two later. Importantly, it’s backwards incompatible; not in a major way, but enough that some work might be required to upgrade. And that means you need to make sure your application doesn’t break when NumPy 2 comes out.

In this article we’ll cover:

• The different ways the new release might break your application.
• A quick reminder about the importance of pinning packages.
• How to ensure your application doesn’t install NumPy 2 until you’re ready.
• How to easily upgrade your code to support NumPy 2.

Read more...

Security Developer-in-Residence Weekly Report #24 About • Blog • Newsletter • Links Security Developer-in-Residence Weekly Report #24

Published 2024-01-09 by Seth Larson
Reading time: minutes

This critical role would not be possible without funding from the OpenSSF Alpha-Omega project. Massive thank-you to Alpha-Omega for investing in the security of the Python ecosystem!

Welcome to the first weekly report of 2024!

Software Bill-of-Materials for CPython

Continuing from 2023 there will be a focus on Software Bill-of-Materials (SBOMs) for CPython and incremental improvements to the CPython release process as more is automated.

I made a suggestion to release managers to backport SBOM tooling in the CPython repository to all supported release streams in an effort to treat SBOMs more like an additional artifact instead of a new feature of CPython. This would mean SBOMs would be available for previous CPython releases and we won't have to wait until the 3.13.0 stable release in October to make them available for consumption.

Trusted Publisher provenance on PyPI

Last week William Woodruff published a pre-PEP discussion for using Trusted Publisher configurations to bootstrap publish provenance on PyPI. I was involved in reviewing the initial draft, so I'm excited to see the discussion! Some things to highlight that came from the discussion:

• Don't want to start this work concretely until there are more than one Trusted Publisher provider for PyPI. Currently, PyPI only supports GitHub.
• Getting the user interface right on PyPI to not overemphasize what publish provenance implies for consumers or make projects without publish provenance feel "insecure". Having "verified" URLs to the source repository seems like a good place to start?
• Publish provenance isn't build provenance, build provenance requires more than what Trusted Publishers is able to provide on its own.
• Donald's comment on making things better for a common platform (in this case, GitHub and future Trusted Publisher providers) without requiring everyone to switch to that platform.
• Not everyone uses automated deployment workflows, we'll need to design a build integrity mechanism that supports these use-cases. I commented my thoughts on such a system using third-party observations on build reproducibility from a claimed source.
• There are many reasons why folks aren't using Trusted Publishers, even when on GitHub.

Looking forward to helping however I can with this project once it is proposed as a PEP!

Build reproducibility of macOS artifacts

Previously I worked on build reproducibility for CPython source artifacts which are both tarballs. I want to provide build reproducibility to all artifacts that CPython provides including the Windows and macOS binary installers.

Turns out that macOS's Package files (.pkg) use the eXtensible ARchive (XAR) format internally. This format isn't supported by diffoscope, the tool I've been using for verifying. I put together a quick bit of functionality in order to diff .pkg files which appears to work nicely and have submitted it upstream to the diffoscope project.

Next steps for reproducibility would be to apply diffoscope inside an automated macOS build process to shake out any sources of non-determinism and address them.

Software identifiers

Listened to the Open Source Security Podcast (which I recommend) where Josh Bressers and Kurt Seifried discussed software identifiers as they relate to vulnerabilities and Software Bill-of-Materials and more specifically CISA's RFI on software identifiers and OpenSSF's response.

CPE system could work if it was open for others to collaborate. Currently, mostly a closed system. I've also found casually that CPEs tend to work much better for returning CVE matches today compared to Package URLs even though OSV works with Package URLs natively. I suspect tooling will improve in this area as time goes on.

Package URLs (PURLs) are distributed, namespaced, and intrinsic (easily discoverable). Downside is that two completely different Package URLs may reference the same software but different methods of retrieval (which may be relevant!) Sometimes ties software identity to its source code platform which can change (see CPython moving to GitHub).

Package URLs being namespaced also means that they can carve out namespaces that are governed by different standards, for example the pkg:pypi/... namespace is governed by PEPs for names and versions where pkg:npm/ is governed by different standards. I think this ability will be critical for software identifiers to model different ecosystems, ecosystems won't converge to one set of standards so identifying software needs to be able to model them properly.

Other items

• Attended the OpenSSF Alpha-Omega monthly public meeting. Had some great discussions about "Secure by Design".
• Spent a good chunk of time planning high-level what the first new major projects for 2024 would be, there will be more to share as we approach the start of those projects.
• Triaging multiple reports to the Python Security Response Team.

That's all for this week! 👋 If you're interested in more you can read last week's report.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

GNU micron version 1.4 is available for download.

Following our 2024 DSF Board Election Results , here are quick introductions from our two new board members, Sarah Abderemane and Thibaud Colas, elected for a two-year term for 2024-2025.

Collage: Sarah on the left, smiling, in the Versailles Hall of Mirrors. Thibaud on the right, in a field, looking in the distance with a boy on his shoulders. Sarah Abderemane

Sarah Abderemane, also known as sabderemane, is a software developer in France. She currently works at Kraken Tech, part of the Octopus Energy group, contributing to solutions to climate change. She works mainly on the backend, but also likes to work on the frontend in her spare time.

She organizes the Django Paris meetup and is an active member of the Django community: she is one of the organizers of the Djangonaut Space program, a member of the Django Accessibility team and maintainer of djangoproject.com.

Outside of open source and work, she is passionate about dance, likes customizing things like mechanical keyboards, and loves to travel to discover new cultures.

Social media and blog:

• Blog: sarahabd.com
• Mastodon: @sabderemane@mastodon.social
• Twitter: @sabderemane_
• LinkedIn: @sarahabd

Thibaud Colas

Thibaud Colas (pronounced /tee-bo/) is a developer based in the UK, working for Torchbox on the Wagtail open source CMS as part of the core team. For Wagtail, Thibaud also contributes to efforts around accessibility, developer relations, as well as participation to programs like Outreachy and Google Summer of Code.

For Django, Thibaud has been involved with organizing and volunteering at events like Django Girls and DjangoCon Europe. More recently, he helped start the accessibility team, and has joined the Djangonaut Space program as a navigator.

Outside of work, Thibaud spends most of his time with two little tornadoes that are 5 and 2 years old. He also enjoys watching sumo and baking macarons. To learn more about Thibaud, check out his personal website thib.me , @thibaud_colas on Twitter/X, @thibaudcolas@fosstodon.org on Mastodon.

Both Sarah and Thibaud are active on the Django Forum, come say hi in their introduction thread!

So this blog is now celebrating its 21st birthday (or 20 if you count from zero, or 18 if you want to be pedantic), and I figured I would do this yearly thing of reviewing how that went.

Number of posts

2022 was the official 20th anniversary in any case, and that was one of my best years on record, with 46 posts, surpassed only by the noisy 2005 (62) and matching 2006 (46). 2023, in comparison, was underwhelming: a feeble 11 posts! What happened!

Well, I was busy with other things, mostly away from keyboard, that I will not bore you with here...

The other thing that happened is that the one-liner I used to collect stats was broken (it counted folders and other unrelated files) and wildly overestimated 2022! Turns out I didn't write that much then:

anarc.at$ ls blog | grep '^[0-9][0-9][0-9][0-9].*.md' | se d s/-.*// | sort | uniq -c | sort -n -k2 57 2005 43 2006 20 2007 20 2008 7 2009 13 2010 16 2011 11 2012 13 2013 5 2014 13 2015 18 2016 29 2017 27 2018 17 2019 18 2020 14 2021 28 2022 10 2023 1 2024

But even that is inaccurate because, in ikiwiki, I can tag any page as being featured on the blog. So we actually need to process the HTML itself because we don't have much better on hand without going through ikiwiki's internals:

anarcat@angela:anarc.at$ curl -sSL https://anarc.at/blog/ | grep 'href="\./' | grep -o 20[0-9][0-9] | sort | uniq -c 56 2005 42 2006 19 2007 18 2008 6 2009 12 2010 15 2011 10 2012 11 2013 3 2014 15 2015 32 2016 50 2017 37 2018 19 2019 19 2020 15 2021 28 2022 13 2023

Which puts the top 10 years at:

$ curl -sSL https://anarc.at/blog/ | grep 'href="\./' | grep -o 20[0-9][0-9] | sort | uniq -c | sort -nr | head -10 56 2005 50 2017 42 2006 37 2018 32 2016 28 2022 19 2020 19 2019 19 2007 18 2008

Anyway. 2023 is certainly not a glorious year in that regard, in any case.

Visitors

In terms of visits, however, we had quite a few hits. According to Goatcounter, I had 122 300 visits in 2023! 2022, in comparison, had 89 363, so that's quite a rise.

What you read

I seem to have hit the Hacker News front page at least twice. I say "seem" because it's actually pretty hard to tell what the HN frontpage actually is on any given day. I had 22k visits on 2023-03-13, in any case, and you can't see me on the front that day. We do see a post of mine on 2023-09-02, all the way down there, which seem to have generated another 10k visits.

In any case, here were the most popular stories for you fine visitors:

• Framework 12th gen laptop review: 24k visits, which is surprising for a 13k words article "without images", as some critics have complained. 15k referred by Hacker News. Good reference and time-consuming benchmarks, slowly bit-rotting.

  That is, by far, my most popular article ever. A popular article in 2021 or 2022 was around 6k to 9k, so that's a big one. I suspect it will keep getting traffic for a long while.

• Calibre replacement considerations: 15k visits, most of which without a referrer. Was actually an old article, but I suspect HN brought it back to light. I keep updating that wiki page regularly when I find new things, but I'm still using Calibre to import ebooks.

• Hacking my Kobo Clara HD: is not new but always gathering more and more hits, it had 1800 hits in the first year, 4600 hits last year and now brought 6400 visitors to the blog! Not directly related, but this iFixit battery replacement guide I wrote also seem to be quite popular

Everything else was published before 2023. Replacing Smokeping with Prometheus is still around and Looking at Wayland terminal emulators makes an entry in the top five.

Where you've been

People send less and less private information when they browse the web. The number of visitors without referrers was 41% in 2021, it rose to 44% in 2023. Most of the remaining traffic comes from Google, but Hacker News is now a significant chunk, almost as big as Google.

In 2021, Google represented 23% of my traffic, in 2022, it was down to 15% so 18% is actually a rise from last year, even if it seems much smaller than what I usually think of.

Ratio Referrer Visits 18% Google 22 098 13% Hacker News 16 003 2% duckduckgo.com 2 640 1% community.frame.work 1 090 1% missing.csail.mit.edu 918

Note that Facebook and Twitter do not appear at all in my referrers.

Where you are

Unsurprisingly, most visits still come from the US:

Ratio Country Visits 26% United States 32 010 14% France 17 046 10% Germany 11 650 6% Canada 7 425 5% United Kingdom 6 473 3% Netherlands 3 436

Those ratios are nearly identical to last year, but quite different from 2021, where Germany and France were more or less reversed.

Back in 2021, I mentioned there was a long tail of countries with at least one visit, with 160 countries listed. I expanded that and there's now 182 countries in that list, almost all of the 193 member states in the UN.

What you were

Chrome's dominance continues to expand, even on readers of this blog, gaining two percentage points from Firefox compared to 2021.

Ratio Browser Visits 49% Firefox 60 126 36% Chrome 44 052 14% Safari 17 463 1% Others N/A

It seems like, unfortunately, my Lynx and Haiku users have not visited in the past year. It seems like trying to read those metrics is like figuring out tea leaves...

In terms of operating systems:

Ratio OS Visits 28% Linux 34 010 23% macOS 28 728 21% Windows 26 303 17% Android 20 614 10% iOS 11 741

Again, Linux and Mac are over-represented, and Android and iOS are under-represented.

What is next

I hope to write more next year. I've been thinking about a few posts I could write for work, about how things work behind the scenes at Tor, that could be informative for many people. We run a rather old setup, but things hold up pretty well for what we throw at it, and it's worth sharing that with the world...

So anyway, thanks for coming, faithful reader, and see you in the coming 2024 year...

So this blog is now celebrating its 21st birthday (or 20 if you count from zero, or 18 if you want to be pedantic), and I figured I would do this yearly thing of reviewing how that went.

Number of posts

2022 was the official 20th anniversary in any case, and that was one of my best years on record, with 46 posts, surpassed only by the noisy 2005 (62) and matching 2006 (46). 2023, in comparison, was underwhelming: a feeble 11 posts! What happened!

Well, I was busy with other things, mostly away from keyboard, that I will not bore you with here...

The other thing that happened is that the one-liner I used to collect stats was broken (it counted folders and other unrelated files) and wildly overestimated 2022! Turns out I didn't write that much then:

anarc.at$ ls blog | grep '^[0-9][0-9][0-9][0-9].*.md' | se d s/-.*// | sort | uniq -c | sort -n -k2 57 2005 43 2006 20 2007 20 2008 7 2009 13 2010 16 2011 11 2012 13 2013 5 2014 13 2015 18 2016 29 2017 27 2018 17 2019 18 2020 14 2021 28 2022 10 2023 1 2024

But even that is inaccurate because, in ikiwiki, I can tag any page as being featured on the blog. So we actually need to process the HTML itself because we don't have much better on hand without going through ikiwiki's internals:

anarcat@angela:anarc.at$ curl -sSL https://anarc.at/blog/ | grep 'href="\./' | grep -o 20[0-9][0-9] | sort | uniq -c 56 2005 42 2006 19 2007 18 2008 6 2009 12 2010 15 2011 10 2012 11 2013 3 2014 15 2015 32 2016 50 2017 37 2018 19 2019 19 2020 15 2021 28 2022 13 2023

Which puts the top 10 years at:

$ curl -sSL https://anarc.at/blog/ | grep 'href="\./' | grep -o 20[0-9][0-9] | sort | uniq -c | sort -nr | head -10 56 2005 50 2017 42 2006 37 2018 32 2016 28 2022 19 2020 19 2019 19 2007 18 2008

Anyway. 2023 is certainly not a glorious year in that regard, in any case.

Visitors

In terms of visits, however, we had quite a few hits. According to Goatcounter, I had 122 300 visits in 2023! 2022, in comparison, had 89 363, so that's quite a rise.

What you read

I seem to have hit the Hacker News front page at least twice. I say "seem" because it's actually pretty hard to tell what the HN frontpage actually is on any given day. I had 22k visits on 2023-03-13, in any case, and you can't see me on the front that day. We do see a post of mine on 2023-09-02, all the way down there, which seem to have generated another 10k visits.

In any case, here were the most popular stories for you fine visitors:

• Framework 12th gen laptop review: 24k visits, which is surprising for a 13k words article "without images", as some critics have complained. 15k referred by Hacker News. Good reference and time-consuming benchmarks, slowly bit-rotting.

  That is, by far, my most popular article ever. A popular article in 2021 or 2022 was around 6k to 9k, so that's a big one. I suspect it will keep getting traffic for a long while.

• Calibre replacement considerations: 15k visits, most of which without a referrer. Was actually an old article, but I suspect HN brought it back to light. I keep updating that wiki page regularly when I find new things, but I'm still using Calibre to import ebooks.

• Hacking my Kobo Clara HD: is not new but always gathering more and more hits, it had 1800 hits in the first year, 4600 hits last year and now brought 6400 visitors to the blog! Not directly related, but this iFixit battery replacement guide I wrote also seem to be quite popular

Everything else was published before 2023. Replacing Smokeping with Prometheus is still around and Looking at Wayland terminal emulators makes an entry in the top five.

Where you've been

People send less and less private information when they browse the web. The number of visitors without referrers was 41% in 2021, it rose to 44% in 2023. Most of the remaining traffic comes from Google, but Hacker News is now a significant chunk, almost as big as Google.

In 2021, Google represented 23% of my traffic, in 2022, it was down to 15% so 18% is actually a rise from last year, even if it seems much smaller than what I usually think of.

Ratio Referrer Visits 18% Google 22 098 13% Hacker News 16 003 2% duckduckgo.com 2 640 1% community.frame.work 1 090 1% missing.csail.mit.edu 918

Note that Facebook and Twitter do not appear at all in my referrers.

Where you are

Unsurprisingly, most visits still come from the US:

Ratio Country Visits 26% United States 32 010 14% France 17 046 10% Germany 11 650 6% Canada 7 425 5% United Kingdom 6 473 3% Netherlands 3 436

Those ratios are nearly identical to last year, but quite different from 2021, where Germany and France were more or less reversed.

Back in 2021, I mentioned there was a long tail of countries with at least one visit, with 160 countries listed. I expanded that and there's now 182 countries in that list, almost all of the 193 member states in the UN.

What you were

Chrome's dominance continues to expand, even on readers of this blog, gaining two percentage points from Firefox compared to 2021.

Ratio Browser Visits 49% Firefox 60 126 36% Chrome 44 052 14% Safari 17 463 1% Others N/A

It seems like, unfortunately, my Lynx and Haiku users have not visited in the past year. It seems like trying to read those metrics is like figuring out tea leaves...

In terms of operating systems:

Ratio OS Visits 28% Linux 34 010 23% macOS 28 728 21% Windows 26 303 17% Android 20 614 10% iOS 11 741

Again, Linux and Mac are over-represented, and Android and iOS are under-represented.

What is next

I hope to write more next year. I've been thinking about a few posts I could write for work, about how things work behind the scenes at Tor, that could be informative for many people. We run a rather old setup, but things hold up pretty well for what we throw at it, and it's worth sharing that with the world...

So anyway, thanks for coming, faithful reader, and see you in the coming 2024 year...

Part one in a series of posts introducing Symfony Messenger, its ecosystem, and unique Drupal integrations to Drupal developers.

by daniel.phin / 9 January 2024

The SM project brings Symfony Messenger and its ecosystem together with Drupal.

Symfony Messenger is a powerful alternative to Drupal’s @QueueWorker, enabling real-time or precise execution of scheduled tasks. It’s also a viable replacement for hook_cron enabling you to schedule dispatch and processing of messages according to crontab rules, again in real-time, rather than waiting for server-invoked or request-termination cron.

Messenger can be used as a user-friendly alternative to Batch API, as the user's browser is not blocked, while integrations such as Toasty can be programmed to notify when the last of a “batch” of messages completes, communicating to the user via user-interface toasts.

The Drupal integration includes additional niceties, such as intercepting legacy QueueWorkers for processing data through the Symfony Messenger bus, and end-user UI notifying a user when tasks relevant to them have been processed.

During this and the following series of posts, we’ll be exploring the benefits of real-time processing and user-friendly features that improve the overall experience and outputs.

The workerToasty displaying notifications.Messenger

First up, we’ll cover the main features of Symfony Messenger and how it works.

As a developer working with Messenger, the most frequent task is to construct message and associated message handlers. A message holds data, while a message handler processes the associated data.

A message is inserted into the bus. The bus executes a series of middleware in order, each of which can view and modify the message.

If a transport is configured, the message may be captured and stored for processing later.

Typically the bus, middleware, and transports are configured in advance and rarely changed. Message and message handlers are introduced often without needing other configuration.

• Message — an arbitary PHP object, it must be serialisable.
• Message handler — a class that takes action based on the message it is given. Typically a message handler is designed to consume one type of message.
• Middleware — code that takes action on all message types, and has access to the containing envelope and stamps.
• Bus — a series of middleware in a particular order. There is a default bus, and a default set of middleware.
• Envelope — an envelope contains a single message, and it may have many stamps. A message always has an envelope.
• Stamp — a piece of metadata associated with an envelope. The most common use case is to track whether a middleware has already operated on the envelope. Useful when a transport re-runs a message through the bus after unserialisation. Another useful stamp is one to set the date and time for when a message should be processed.
• Transport — a transport comprises a receiver and sender. In the case of the doctrine database transport, its sender will serialise the message and store it in the database. The receiver will listen for messages ready to be sent, and then unserialise them.
• Worker — a command line application responsible for unserialising messages immediately, or at a scheduled time in the future. Messages are inserted into the bus for processing.

The stars of the show are buses. One bus is ready out of the box, which comprises a series of ordered middleware. A message is dispatched into a bus, where each middleware has the opportunity to view and modify the message (and its envelope). It's unlikely you’ll need to think about middleware, as the default set may already be the perfect combination.

When a message is dispatched to a bus, you can choose to wrap it in an envelope and apply stamps like the DelayStamp . A message will always be wrapped in an envelope if you don’t do it explicitly.

Buses have a series of default middleware. The main middleware to note are the transport and message handler middlewares. When a transport is configured for messenger, the transport middleware will capture the message, serialise it, and store it somewhere. For example, a database in the case of the doctrine transport. Any middleware after the transport middleware are not executed, for now.

When running the worker, you are opting to choose which bus and transport to run. The command will listen for messages as they are stored, and if the time is right, messages will be unserialised and inserted into the bus. The message will begin its journey yet again, iterating through all the middlewares from the beginning. When the transport middleware is hit, it will detect the message has already been in the transport to prevent recursion. This is done by checking the ReceivedStamp stamp added to the message envelope.

Transports: synchronous, asynchronous

Out of the box, when a message is dispatched into the bus in a CLI or web request, it will be processed synchronously. All middleware will operate on the message in a set order, including the message handler middleware.

The greatest advantage of using Messenger is the ability to asynchronously handle messages outside of the thread they were originally dispatched. That is: asynchronously. This can be useful for improving the web request response times and reducing the memory usage and limit of web requests (allowing for more FPM threads on a machine). Bulky business operations that would typically, or should be, constrained by the limits of the web thread have more breathing room. A CLI runner/container may be set up with a little more memory and processing capability with the explicit direction to listen for messages and handle them in real-time, either as soon as possible or as scheduled.

Upcoming posts in this series will dive into aspects of Symfony Messenger and SM:

• Symfony Messenger’ message and message handlers, and comparison with @QueueWorker
• Real-time: Symfony Messenger’ Consume command and prioritised messages
• Automatic message scheduling and replacing hook_cron
• Adding real-time processing to QueueWorker plugins
• Making Symfony Mailer asynchronous: integration with Symfony Messenger
• Displaying notifications when Symfony Messenger messages are processed
• Future of Symfony Messenger in Drupal

The next post covers the implementation of a message and message handler, and a comparison with Drupal core’s @QueueWorker plugins.

Tagged Symfony, Symfony Messenger

Join the FSF and friends on Friday, January 12, from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

Today we are talking about Portals, Community Websites, and Drupal with guest Ron Northcutt. We’ll also cover Private Message as our module of the week.

For show notes visit: www.talkingDrupal.com/432

Topics

• Why are you passionate about community sites
• Different types of portals you’ve worked on
• Common features
• Why is Drupal a great fit
• Why would you choose Drupal over a Saas or PaaS
• What is unique about each community
• How important is UX
• What common content models do you see
• Most important tip

Resources

• Lego sorting
  • https://news.lugnet.com/storage/?n=709
  • https://brickarchitect.com/guide/bricks/
• PHPBB
• discourse
• Open Social
• Monday

Guests

Ron Northcutt - community.appsmith.com rlnorthcutt

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Martin Anderson-Clutz - mandclu

MOTW Correspondent

Martin Anderson-Clutz - mandclu

• Module name/project name:
  • Private Message
• Brief description:
  • Have you ever wanted to include a full-fledged, ajaxified system for private messages between users on your Drupal site? There’s a module for that
• Brief history
  • How old: created in Apr 2017 by Jaypan, a fellow Canadian, but the most recent release is by Lucas Hedding, who hails from Nicaragua, and is a prolific contrib maintainer in his own right
  • Versions available: 8.x-2.0-beta18 and 3.0.0 versions available, the latter of which works with D9 and 10
• Maintainership
  • Actively maintained, latest release in Oct 2023
  • Number of open issues: 130, 4 of which are bugs on the 3.0.x branch
  • Test coverage
• Documentation: does have a handbook, though the pages seem to date back to 2017, so hopefully the installation and setup hasn’t changed too much since then
• Usage stats:
  • Almost 2,000 sites
  • Maintainer(s):
• Module features and usage
  • With the Private Message module installed, users on your site can have permissions-based access to send private messages to each other
  • Messages and threads are fieldable entities, and in general the module is made to be highly configurable, so you can tailor it to meet your site’s specific needs
  • That includes the frequency for asynchronous operations like loading new messages, which can be done without a full page refresh. There’s also a companion module to use Node.js for the asynchronous operations, to reduce load on both the browser and the server
  • That also allows for browser push notifications, or you can use the integration with the Message module to send notifications via email, SMS, and more, including aggregating the notifications into digests
  • Companies often have a dedicated messaging solution like Slack or Teams that they use internally, but this can be a good solution for an extranet or vendor portal, where the users may represent a variety of organizations
  • It’s also worth mentioning that both Private Message and Message are included in the Open Social distribution, so that could be a way to try out a preconfigured setup