Feeds

Posted on January 20, 2024 Tags: debian, free software, life, search, decentralization

Finally there is a thing people can agree on:

• 2023-08-28, OSNews: The end of the Googleverse
• 2023-07-28, Cory Doctorow: Microincentives and Enshittification
• 2023-10-03, Cory Doctorow: Google’s enshittification memos
• 2024-01-15, Tim Bray: Mourning Google

Apparently, Google Search is not good anymore. And I’m not the only one thinking about decentralization to fix it:

Honey I federated the search engine - finding stuff online post-big tech - a lightning talk at the recent chaos communication congress

The speaker however did not mention, that there have already been many attempts at building distributed search engines. So why do I think that such an attempt could finally succeed?

• More people are searching for alternatives to Google.
• Mainstream hard discs are incredibly big.
• Mainstream internet connection is incredibly fast.
• Google is bleeding talent.
• Most of the building blocks are available as free software.
• “Success” depends on your definition…

My definition of success is:

A mildly technical computer user (able to install software) has access to a search engine that provides them with superior search results compared to Google for at least a few predefined areas of interest.

The exact algorithm used by Google Search to rank websites is a secret even to most Googlers. Still it is clear, that it relies heavily on big data: billions of queries, a comprehensive web index and user behaviour data. - All this is not available to us.

A distributed search engine however can instead rely on user input. Every admin of one node seeds the node ranking with their personal selection of trusted sites. They connect their node with nodes of people they trust. This results in a web of (transitive) trust much like pgp.

For comparison, imagine you are searching for something in a world without computers: You ask the people around you. They probably forward your question to their peers.

I already had a look at YaCy. It is active, somewhat usable and has a friendly maintainer. Unfortunately I consider the codebase to show its age. It takes a lot of time for a newcomer to find their way around and it contains a lot of cruft. Nevertheless, YaCy is a good example that a decentralized search software can be done even by a small team or just one person.

I myself started working on a software in Haskell and keep my notes here: Populus:DezInV. Since I’m learning Haskell along the way, there is nothing there to see yet. Additionally I took a yak shaving break to learn nix.

By the way: DuckDuckGo is not the alternative. And while I would encourage you to also try Yandex for a second opinion, I don’t consider this a solution.

Posted on January 16, 2024 Tags: debian, free software, nix, life

The nix package manager is available in Debian since May 2020. Why would one use it in Debian?

• learn about nix
• install software that might not be available in Debian
• install software without root access
• declare software necessary for a user’s environment inside $HOME/.config

Especially the last point nagged me every time I set up a new Debian installation. My emacs configuration and my Desktop setup expects certain software to be installed.

Please be aware that I’m a beginner with nix and that my config might not follow best practice. Additionally many nix users are already using the new flakes feature of nix that I’m still learning about.

So I’ve got this file at .config/nixpkgs/config.nix1:

with (import <nixpkgs> {}); { packageOverrides = pkgs: with pkgs; { thk-emacsWithPackages = (pkgs.emacsPackagesFor emacs-gtk).emacsWithPackages ( epkgs: (with epkgs.elpaPackages; [ ace-window company org use-package ]) ++ (with epkgs.melpaPackages; [ editorconfig flycheck haskell-mode magit nix-mode paredit rainbow-delimiters treemacs visual-fill-column yasnippet-snippets ]) ++ [ # From main packages set ] ); userPackages = buildEnv { extraOutputsToInstall = [ "doc" "info" "man" ]; name = "user-packages"; paths = [ ghc git (pkgs.haskell-language-server.override { supportedGhcVersions = [ "94" ]; }) nix stack thk-emacsWithPackages tmux vcsh virtiofsd ]; }; }; }

Every time I change the file or want to receive updates, I do:

nix-env --install --attr nixpkgs.userPackages --remove-all

You can see that I install nix with nix. This gives me a newer version than the one available in Debian stable. However, the nix-daemon still runs as the older binary from Debian. My dirty hack is to put this override in /etc/systemd/system/nix-daemon.service.d/override.conf:

[Service] ExecStart= ExecStart=@/home/thk/.local/state/nix/profile/bin/nix-daemon nix-daemon --daemon

I’m not too interested in a cleaner way since I hope to fully migrate to Nix anyways.

1. Note the nixpkgs in the path. This is not a config file for nix the package manager but for the nix package collection. See the nixpkgs manual.↩︎

Posted on January 9, 2024 Tags: debian, free software, life

I wanted to report this issue in chromiums issue tracker, but it gave me:

“Something went wrong, please try again later.”

Ok, then at least let me reply to this askubuntu question. But my attempt to signup with my launchpad account gave me:

“Launchpad Login Failed. Please try logging in again.”

I refrain from commenting on this to not violate some code of conduct.

So this is what I wanted to write:

GTK file chooser image preview size should be configurable

The file chooser that appears when uploading a file (e.g. an image to Google Fotos) learned to show a preview in issue 15500.

The preview image size is hard coded to 256x512 in kPreviewWidth and kPreviewHeight in ui/gtk/select_file_dialog_linux_gtk.cc.

Please make the size configurable.

On high DPI screens the images are too small to be of much use.

Yes, I should not use chromium anymore.

Posted on January 2, 2024 Tags: debian, free software, life

Just a little while ago (10 years) I proposed the addition of a state folder to the XDG basedir specification and expanded the article XDGBaseDirectorySpecification in the Debian wiki. Recently I learned, that version 0.8 (from May 2021) of the spec finally includes a state folder.

Granted, I wasn’t the first to have this idea (2009), nor the one who actually made it happen.

Now, please go ahead and use it! Thank you.

New Upgrade Status 4.2.0 is beautiful in Gin, improves continuous integration compatibility and more

Thanks to 13 wonderful contributors, Upgrade Status 4.2.0 is out today! The new version is beautiful in Gin (light and dark mode), but even looks better than before in core's Claro. It improves continuous integration compatibility and has more graceful parsing of Twig templates. It has an updated list of rectorable fixes and is more compatible with Nikic PHP Parser. Thanks (in alphabetical order) to andypost, bbrala, estherp, joseph.olstad, lhridley, loze, mglaman, moshe weitzman, mpaulo, Pasqualle, ressa, risforrocket and saschaeggi for their contribution! Read on to see all the new things!

Gábor Hojtsy Thu, 04/18/2024 - 14:20

Discover the pinnacle of Drupal discourse at DrupalCamp Colorado 2024, where industry leaders and enthusiasts gather against the backdrop of Colorado's warmth to share expertise, forge connections, and shape the future of Drupal innovation.

Explore the Frontend Editing module, a new release from 1xINTERNET that transforms the Drupal editor experience. Industry leaders discuss its impact and compatibility with current web technologies.

Discover insights from leading Drupal professionals on the challenges and solutions for creating a module that notifies users when new content is posted, as discussed by Jeff Geerling and other community members on LinkedIn.

Series Overview & ToC | Next Article (coming Apr 24th) ### SERIES INTRODUCTION Today, we are excited to launch a detailed blog series that serves as an in-depth guide on utilizing the Drupal 10 Migrate API. This series is designed to equip you with thorough explanations and step-by-step guidance for migrating all your data from a Drupal 7 site to Drupal 10, facilitating a smooth upgrade to the most current version of the platform. As we progress, we will introduce a DDEV-based development environment, complete with instructions to set it up. This environment is prepared with a Drupal 7 site already installed and a Drupal 10 site set as the migration target. Through the course of this series, we will walk you through the entire data migration process, covering a wide range of topics along the way, empowering you to migrate your own sites confidently. Contact Our Solutions Experts Helping you navigate the next steps on your Drupal Migration Journey Want to learn more? The Migrate API, created and co-maintained by Tag1 team members, is a flexible and powerful system that can be used to collect data from multiple sources and import it into Drupal. While migrating...

Read more mauricio Thu, 04/18/2024 - 13:23

Explore Purple A11y, an advanced open-source accessibility tool from Singapore Government Digital Services, aimed at improving web usability for individuals with disabilities. This tool facilitates comprehensive website scanning and offers a user-friendly interface for all users.

Join Bryan Gruneberg at LagoonCon on May 6 to explore the benefits of open-source hosting for the Open Website Alliance's CMS platforms. Discover how Lagoon's Kubernetes-based solutions can enhance your open-source strategy and streamline web development.

Nicole is a software engineer and writer, and recently wrote about the trade-offs we make when deciding which tests to write and how much testing is enough.

We talk about:

• Balancing schedule vs testing
• How much testing is the right about of testing
• Should code coverage be measured and tracked
• Good refactoring can reduce code coverage
• Is it worth testing error conditions?
• Are rare error codes ok to just monitor?
• API drift and autospec
• Mitigating risk
• Deciding what to test and what not to test
• Focus testing on key money-making features 
• If there's a bug in this part of the code, how much business impact is there?
• Performance testing needs to approximately match real world workloads
• Cost of a service breaking vs the cost of creating, maintaining, and running tests
• Keeping test suites quick to minimize getting distracted

Links:

• Too much of a good thing: the trade-off we make with tests 
• Load testing is hard, and the tools are... not great. But why?
• Yet Another Rust Resource (YARR!)
• Goodhart's law - "When a measure becomes a target, it ceases to be a good measure"

Sponsored by Mailtrap.io

• An Email Delivery Platform that developers love. 
• An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support. 
• Try for Free at MAILTRAP.IO

Sponsored by PyCharm Pro

• Use code PYTEST for 20% off PyCharm Professional at jetbrains.com/pycharm
• Now with Full Line Code Completion
• See how easy it is to run pytest from PyCharm at pythontest.com/pycharm

The Complete pytest Course

• For the fastest way to learn pytest, go to courses.pythontest.com
• Whether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.

<p>Nicole is a software engineer and writer, and recently wrote about the trade-offs we make when deciding which tests to write and how much testing is enough.</p><p>We talk about:</p><ul><li>Balancing schedule vs testing</li><li>How much testing is the right about of testing</li><li>Should code coverage be measured and tracked</li><li>Good refactoring can reduce code coverage</li><li>Is it worth testing error conditions?</li><li>Are rare error codes ok to just monitor?</li><li>API drift and autospec</li><li>Mitigating risk</li><li>Deciding what to test and what not to test</li><li>Focus testing on key money-making features </li><li>If there's a bug in this part of the code, how much business impact is there?</li><li>Performance testing needs to approximately match real world workloads</li><li>Cost of a service breaking vs the cost of creating, maintaining, and running tests</li><li>Keeping test suites quick to minimize getting distracted</li></ul><p><br></p><p>Links:</p><ul><li><a href="https://ntietz.com/blog/too-much-of-a-good-thing-the-cost-of-excess-testing/">Too much of a good thing: the trade-off we make with tests</a> </li><li><a href="https://ntietz.com/blog/load-testing-is-hard-but-why/">Load testing is hard, and the tools are... not great. But why?</a></li><li><a href="https://yarr.fyi">Yet Another Rust Resource (YARR!)</a></li><li><a href="https://en.wikipedia.org/wiki/Goodhart%27s_law">Goodhart's law</a> - "When a measure becomes a target, it ceases to be a good measure"</li></ul> <br><p><strong>Sponsored by Mailtrap.io</strong></p><ul><li>An Email Delivery Platform that developers love. </li><li>An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support. </li><li>Try for Free at <a href="https://l.rw.rw/pythontest">MAILTRAP.IO</a></li></ul><p><strong>Sponsored by PyCharm Pro</strong></p><ul><li>Use code PYTEST for 20% off PyCharm Professional at <a href="https://www.jetbrains.com/pycharm/">jetbrains.com/pycharm</a></li><li>Now with Full Line Code Completion</li><li>See how easy it is to run pytest from PyCharm at <a href="https://pythontest.com/pycharm/">pythontest.com/pycharm</a></li></ul><p><strong>The Complete pytest Course</strong></p><ul><li>For the fastest way to learn pytest, go to <a href="https://courses.pythontest.com/p/complete-pytest-course">courses.pythontest.com</a></li><li>Whether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.</li></ul>

Review: Unseen Academicals, by Terry Pratchett

Series: Discworld #37 Publisher: Harper Copyright: October 2009 Printing: November 2014 ISBN: 0-06-233500-6 Format: Mass market Pages: 517

Unseen Academicals is the 37th Discworld novel and includes many of the long-standing Ankh-Morpork cast, but mostly as supporting characters. The main characters are a new (and delightful) bunch with their own concerns. You arguably could start reading here if you really wanted to, although you would risk spoiling several previous books (most notably Thud!) and will miss some references that depend on familiarity with the cast.

The Unseen University is, like most institutions of its sort, funded by an endowment that allows the wizards to focus on the pure life of the mind (or the stomach). Much to their dismay, they have just discovered that an endowment that amounts to most of their food budget requires that they field a football team.

Glenda runs the night kitchen at the Unseen University. Given the deep and abiding love that wizards have for food, there is both a main kitchen and a night kitchen. The main kitchen is more prestigious, but the night kitchen is responsible for making pies, something that Glenda is quietly but exceptionally good at.

Juliet is Glenda's new employee. She is exceptionally beautiful, not very bright, and a working class girl of the Ankh-Morpork streets down to her bones. Trevor Likely is a candle dribbler, responsible for assisting the Candle Knave in refreshing the endless university candles and ensuring that their wax is properly dribbled, although he pushes most of that work off onto the infallibly polite and oddly intelligent Mr. Nutt.

Glenda, Trev, and Juliet are the sort of people who populate the great city of Ankh-Morpork. While the people everyone has heard of have political crises, adventures, and book plots, they keep institutions like the Unseen University running. They read romance novels, go to the football games, and nurse long-standing rivalries. They do not expect the high mucky-mucks to enter their world, let alone mess with their game.

I approached Unseen Academicals with trepidation because I normally don't get along as well with the Discworld wizard books. I need not have worried; Pratchett realized that the wizards would work better as supporting characters and instead turns the main plot (or at least most of it; more on that later) over to the servants. This was a brilliant decision. The setup of this book is some of the best of Discworld up to this point.

Trev is a streetwise rogue with an uncanny knack for kicking around a can that he developed after being forbidden to play football by his dear old mum. He falls for Juliet even though their families support different football teams, so you may think that a Romeo and Juliet spoof is coming. There are a few gestures of one, but Pratchett deftly avoids the pitfalls and predictability and instead makes Juliet one of the best characters in the book by playing directly against type. She is one of the characters that Pratchett is so astonishingly good at, the ones that are so thoroughly themselves that they transcend the stories they're put into.

The heart of this book, though, is Glenda.

Glenda enjoyed her job. She didn't have a career; they were for people who could not hold down jobs.

She is the kind of person who knows where she fits in the world and likes what she does and is happy to stay there until she decides something isn't right, and then she changes the world through the power of common sense morality, righteous indignation, and sheer stubborn persistence. Discworld is full of complex and subtle characters fencing with each other, but there are few things I have enjoyed more than Glenda being a determinedly good person. Vetinari of course recognizes and respects (and uses) that inner core immediately.

Unfortunately, as great as the setup and characters are, Unseen Academicals falls apart a bit at the end. I was eagerly reading the story, wondering what Pratchett was going to weave out of the stories of these individuals, and then it partly turned into yet another wizard book. Pratchett pulled another of his deus ex machina tricks for the climax in a way that I found unsatisfying and contrary to the tone of the rest of the story, and while the characters do get reasonable endings, it lacked the oomph I was hoping for. Rincewind is as determinedly one-note as ever, the wizards do all the standard wizard things, and the plot just isn't that interesting.

I liked Mr. Nutt a great deal in the first part of the book, and I wish he could have kept that edge of enigmatic competence and unflappableness. Pratchett wanted to tell a different story that involved more angst and self-doubt, and while I appreciate that story, I found it less engaging and a bit more melodramatic than I was hoping for. Mr. Nutt's reactions in the last half of the book were believable and fit his background, but that was part of the problem: he slotted back into an archetype that I thought Pratchett was going to twist and upend.

Mr. Nutt does, at least, get a fantastic closing line, and as usual there are a lot of great asides and quotes along the way, including possibly the sharpest and most biting Vetinari speech of the entire series.

The Patrician took a sip of his beer. "I have told this to few people, gentlemen, and I suspect never will again, but one day when I was a young boy on holiday in Uberwald I was walking along the bank of a stream when I saw a mother otter with her cubs. A very endearing sight, I'm sure you will agree, and even as I watched, the mother otter dived into the water and came up with a plump salmon, which she subdued and dragged on to a half-submerged log. As she ate it, while of course it was still alive, the body split and I remember to this day the sweet pinkness of its roes as they spilled out, much to the delight of the baby otters who scrambled over themselves to feed on the delicacy. One of nature's wonders, gentlemen: mother and children dining on mother and children. And that's when I first learned about evil. It is built into the very nature of the universe. Every world spins in pain. If there is any kind of supreme being, I told myself, it is up to all of us to become his moral superior."

My dissatisfaction with the ending prevents Unseen Academicals from rising to the level of Night Watch, and it's a bit more uneven than the best books of the series. Still, though, this is great stuff; recommended to anyone who is reading the series.

Followed in publication order by I Shall Wear Midnight.

Rating: 8 out of 10

Hey everyone! Here is a new video explanation of the changes we have done. This time we tackled Labplot, maps, and media icons! Can you believe it? We are now officially past the mid-way for the icons. So exciting!

In this episode, I built the import view that is needed to allow users to add their own journal entries to JourneyInbox. After completing that, I handled the pull requests from dependabot, then I worked on some quality of life to do better handling with beta user trials.

Why would someone pick Django over Flask? That’s the question that I got on stream and here is my answer.

This is my very first post, just to make sure everything is working as expected.

Made with Zola and the Abridge theme.

I will be delivering my talk, "It is easy to contribute to GNU," Saturday, May 4, 2024, 12:15--13:00 EDT (16:00 UTC), at the LibrePlanet 2024 conference, and I hope you’ll check it out!

LibrePlanet is a conference about software freedom, happening on May 4 & 5, 2024. The event is hosted by the Free Software Foundation (FSF), and brings together software developers, law and policy experts, activists, students, and computer users to learn skills, celebrate free software accomplishments, and face upcoming challenges. Newcomers are always welcome, and LibrePlanet 2024 will feature programming for all ages and experience levels.

*Please register in advance at <https://libreplanet.org/2024/>.*

wxie

Join us THURSDAY, April 18 at 1pm ET / 10am PT, for our regularly scheduled call to chat about all things Drupal and nonprofits. (Convert to your local time zone.)

This month we'll be preparing for DrupalCon Portland, which features the return of the Nonprofit Summit!

And we'll of course also have time to discuss anything else that's on our minds at the intersection of Drupal and nonprofits.  Got something specific you want to talk about? Feel free to share ahead of time in our collaborative Google doc: https://nten.org/drupal/notes!

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

This free call is sponsored by NTEN.org and open to everyone. 

• Join the call: https://us02web.zoom.us/j/81817469653

  • Meeting ID: 818 1746 9653
    Passcode: 551681

  • One tap mobile:
    +16699006833,,81817469653# US (San Jose)
    +13462487799,,81817469653# US (Houston)

  • Dial by your location:
    +1 669 900 6833 US (San Jose)
    +1 346 248 7799 US (Houston)
    +1 253 215 8782 US (Tacoma)
    +1 929 205 6099 US (New York)
    +1 301 715 8592 US (Washington DC)
    +1 312 626 6799 US (Chicago)

  • Find your local number: https://us02web.zoom.us/u/kpV1o65N

• Follow along on Google Docs: https://nten.org/drupal/notes

View notes of previous months' calls.

Cédric Krier has found that trytond accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks.

Impact

CVSS v3.0 Base Score: 5.3

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope: Unchanged
• Confidentiality: None
• Integrity: None
• Availability: Low

Workaround

A proxy can be deployed in front of the trytond server to forbid this kind of request.

Resolution

All affected users should upgrade trytond to the latest version.

Affected versions per series:

• trytond:
  • 7.0: <= 7.0.9
  • 6.8: <= 6.8.14
  • 6.0: <= 6.0.44

Non affected versions per series:

• trytond:
  • 7.0: >= 7.0.10
  • 6.8: >= 6.8.15
  • 6.0: >= 6.0.45

Reference

• Accept request with gzip content encoding may make server vulnerable to zip bomb (#13142) · Issues · Tryton / Tryton · GitLab

Concerns?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked.

1 post - 1 participant

Read full topic