Feeds
Mike Driscoll: An Intro to pre-commit
You can use many great tools to help you in your software development journey. One such tool is pre-commit, a framework for managing and maintaining multi-language pre-commit hooks. You use pre-commit to run one or more tools before allowing you to commit your code locally. For example, you might run the Flake8 linter or the Ruff formatter on your Python code in GitHub Actions or some other CI. But rather than waiting for CI to run, you want to run those checks locally and automatically.
That is where pre-commit comes in. You tell pre-c0mmit what to run, and it will run right before it allows you to commit your code.If any of those checks fail, you must fix your code before committing it.
Installing pre-commitpre-commit is a Python package, so you can install it using pip. Here’s the command you’ll need to run in your terminal:
pip install pre-commitOnce pre-commit is installed, you can confirm that it works by running the following:
pre-commit --version Adding the git HooksThe next step is to navigate to one of your local GitHub code bases in your terminal. Once inside one of your repos, you will need to run this command:
pre-commit installThis command installs pre-commit in your .git\hooks folder so that pre-commit runs whenever you commit. But how does pre-commit know what to run?
You have to define what pre-commit runs using a special YAML file. You’ll learn how in the next section!
Adding a pre-commit ConfigurationYou need to add a file named .pre-commit-config.yaml (note the leading period) into the root of your repo. If you want to generate a simple config file, you can run this command:
pre-commit sample-configHere’s an example config for running Black on your code:
repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v2.3.0 hooks: - id: check-yaml - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/psf/black rev: 22.10.0 hooks: - id: blackPersonally, I like to run the Ruff formatter and linter as well as a couple of defaults, so I use this config a lot:
repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v3.2.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer - id: check-added-large-files - repo: https://github.com/astral-sh/ruff-pre-commit # Ruff version. rev: v0.1.7 hooks: # Run the linter. - id: ruff # Run the formatter. - id: ruff-formatWhen you add a new rule to pre-commit, you should run that rule against all the files in your repo so you don’t have any surprises later on. To do that, you need to run this command:
pre-commit run --all-filesOnce you have run all your new rules against all your code files, you can start working on your next feature or bug fix. Then, when you run, git commit the pre-commit hooks will run, and you’ll see if your code is good enough to pass.
Wrapping UpThere are TONs of hooks you can add to pre-commit. A lot of them are mentioned on the pre-commit website. You can add Mypy, pytest, and much, much more to your pre-commit hooks. Just don’t get too crazy, or they may take too long to run, and you’ll go nuts waiting for it.
Overall, running so many of your CI hooks locally is great because your machine is usually faster than waiting on a queue in CI. Give it a try and see what think!
The post An Intro to pre-commit appeared first on Mouse Vs Python.
Droptica: How to Build a Job Application Form in Drupal? A Detailed Guide
On-page job application forms allow you to quickly and efficiently collect information from candidates interested in job opportunities, facilitating the process of selecting resumes of future employees. In this article, I’ll show you how to build a recruitment form with the Webform module and embed it on a Drupal landing page. All this without having to spend hours on tedious configuration. I invite you to read the article or watch an episode of the “Nowoczesny Drupal” series.
Thomas Lange: Happy Birthday FAI!
On Dec 21st, 1999 version 1.0 of FAI (Fully Automatic Installation) was announced. That was 25 years ago.
Some months before, the computer science department of the University of Cologne bought a small HPC cluster with 16 nodes (each with dual CPU Pentium II 400Mhz, 256 MB RAM) and I was too lazy to install those nodes manually. That's why I started the FAI project. With FAI you can install computers in a few minutes from scratch to a machine with a custom configuration that is ready to go for their users.
At that time Debian 2.1 aka slink was using kernel 2.0.36 and it was the first release using apt. Many things have happened since then.
In the beginning we wrote the first technical report about FAI and a lot of documentation were added afterwards. I gave more than 45 talks about FAI all over the world. Over the past 25 years, there has been an average of more than one commit per day to the FAI software repository.
Several top500.org HPC clusters were built using FAI and many companies are using FAI for their IT infrastructure or deploying Linux on their products using FAI. An overview of users can be found here.
Some major milestones of FAI are listed in the blog post of the 20th anniversary.
What Happended in the Last 5 Years?- Live images can be created
- Writeable data partition on USB sticks
- FAIme web service creates custom live ISOs
- Support for Alpine Linux and Arch Linux package managers
- Automatic detect a local config space
- Live and installation images for Debian for new hardware using a backports kernel or using the Debian testing release
- The FAIme web services created more than 30.000 customized ISOs
Currently, I'm preparing for the next FAI release and I still have ideas for new features.
Thanks for all the feedback from you, which helped a lot in making FAI a successful project. About FAIFAI is a tool for unattended mass deployment of Linux. It's a system to install and configure Linux systems and software packages on computers as well as virtual machines, from small labs to large-scale infrastructures like clusters and cloud environments. You can take one or more virgin PC's, turn on the power, and after a few minutes, the systems are installed, and completely configured to your exact needs, without any interaction necessary.
LostCarPark Drupal Blog: Drupal Advent Calendar day 23 - AI Track
Welcome back for the penultimate door of this year’s Drupal Advent Calendar, and today we’ve recruited the legendary Mike Anello to bring us up to speed on a big topic, the AI track of Drupal CMS.
The stated goal of the AI track is to make it easier for non-technical users to build and extend their sites - it is really interesting to note that this is mainly geared towards admin-facing UI, not site user-facing AI. With that in mind, let’s take a look at what is included (so far!)
AI generated alternate text for imagesWith virtually no configuration (other than entering your LLM API key) the…
Python Bytes: #415 Just put the fries in the bag bro
Zato Blog: Using OAuth in API Integrations
OAuth is often employed in processes requiring permissions to be granted to frontend applications and end users. Yet, what we typically need in API systems integrations is a way to secure connections between the integration middleware and backend systems without a need for any ongoing human interactions.
OAuth can be a good choice for that scenario and this article shows how it can be achieved in Python, with backend systems using REST and HL7 FHIR.
What we would like to haveLet's say we have a typical integration scenario as in the diagram below:
-
External systems and applications invoke the interoperability layer (Zato) which is expected to further invoke a few backend systems, e.g. a REST and HL7 FHIR one so as to return a combined result of backend API invocations. It does not matter what technology the client systems use, i.e. whether they are REST ones or not.
-
The interoperability layer needs to identify itself with the backend systems before it is allowed to invoke them - they need to make sure that it really is Zato and that it accesses only the resources allowed.
-
An OAuth server issues time-based access tokens, which are simple strings, like web browser session cookies, confirming that such and such bearer of the said token is allowed to make such and such requests. Note that the tokens have an explicit expiration time, e.g. they will become invalid after one hour. Also observe that Zato stores the tokens as-is, they are genuinely opaque strings.
-
If a client system invokes the interoperability layer, the layer will obtain a token from the OAuth server and keep it in an internal cache. Next, Zato will invoke the backend systems, bearing the token among other HTTP headers. Each invoked backend system will extract the token from the incoming request and validate it.
How the validation looks like in practices is something that Zato will not be aware of because it treats the token as an opaque string but, in practice, if the token is self-contained (e.g. JWT data) the system may validate it on its own, and if it is not self-contained, the system may invoke an introspection endpoint on the OAuth server to validate the access token from Zato.
Once the validation succeeds, the backend system will reply with the business data and the interoperability layer will combine the results for the calling application's benefit.
In subsequent requests, the same access token will be reused by Zato with the same flow of messages as previously. However, if the cached token expires, Zato will request a new one from the OAuth server - this will be transparent to the calling application - and the flow will resume.
In OAuth terminology, what is described above has specific names, the overall flow of messages between Zato and the OAuth server is called a "Client Credential Flow" and Zato is then considered a "client" from the OAuth server's perspective.
Configuring OAuthFirst, we need to create an OAuth security definition that contains the OAuth server's connection details. In this case, the server is Okta. Note the scopes field - it is a list of permissions ("scopes") that Zato will be able to make use of.
What exactly the list of scopes should look like is something to be coordinated with the people who are responsible for the configuration of the OAuth server. If it is you personally, simply ensure that what is in the the OAuth server and in Zato is in sync.
Calling REST
To invoke REST services, fill out a form as below, pointing the "Security" field to the newly created OAuth definition. This suffices for Zato to understand when and how to obtain new tokens from the underlying OAuth server.
Here is sample code to invoke a backend REST system - note that we merely refer to a connection by its name, without having to think about security at all. It is Zato that knows how to get and use OAuth tokens as required.
# -*- coding: utf-8 -*- # Zato from zato.server.service import Service class GetClientBillingPlan(Service): """ Returns a billing plan for the input client. """ def handle(self): # In a real service, this would be read from input payload = {'client_id': 123} # Get a connection to the server .. conn = self.out.rest['REST Server'].conn # .. invoke it .. response = conn.get(self.cid, payload) # .. and handle the response here. ... Calling HL7 FHIRSimilarly to REST endpoints, to invoke HL7 FHIR servers, fill out a form as below and let the "Security" field point to the OAuth definition just created. This will suffice for Zato to know when and how to use tokens received from the underlying OAuth server.
Here is sample code to invoke a FHIR server system - as with REST servers above, observe that we only refer to a connection by its name and Zato takes care of OAuth.
# -*- coding: utf-8 -*- # Zato from zato.server.service import Service class GetPractitioner(Service): """ Returns a practictioner matching input data. """ def handle(self) -> 'None': # Connection to use conn_name = 'My EHR' # In a real service, this would be read from input practitioner_id = 456 # Get a connection to the server .. with self.out.hl7.fhir[conn_name].conn.client() as client: # Get a reference to a FHIR resource .. practitioners = client.resources('Practitioner') # .. look up the practitioner .. result = practitioners.search(active=True, _id=practitioner_id).get() # .. and handle the response here. ... What about the API clients?One aspect omitted above are the initial API clients - this is on purpose. How they invoke Zato, using what protocols, with what security mechanisms, and how to build responses based on their input data, this is completely independent of how Zato uses OAuth in its own communication with backend systems.
All of these aspects can and will be independent in practice, e.g. clients will use Basic Auth rather than OAuth. Or perhaps the clients will use AMQP, Odoo, SAP, or IBM MQ, without any HTTP, or maybe there will be no explicit API invocations and what we call "clients" will be actually CSV files in a shared directory that your services will be scheduled to periodically pick up. Yet, once more, regardless of what makes the input data available, the backend OAuth mechanism will work independently of it all.
➤ API programming screenshots
➤ Python API integration tutorial
➤ More API programming examples in Python
➤ Visit the support center for more articles and FAQ
➤ Open-source iPaaS in Python
The Drop Times: Hope and Progress Ahead
As 2024 comes to a close, it’s time to reflect on an inspiring year for the Drupal community. This year marked the beginning of the transformative Starshot Initiative, setting an ambitious vision for the future of Drupal. Among the highlights was the highly anticipated release of Drupal 11, a milestone that brought enhanced capabilities, improved user experience, and reinforced Drupal’s position as a leading open-source content management system.
This year wasn't only about technical achievements—it was a year of hope and collaboration too. The community has come together, embracing challenges with resilience and charting a path forward with optimism. Much like the spirit of Christmas, this year’s developments remind us of the joy in beginnings and the promise of what lies ahead.
As we step into this festive season, let’s celebrate the milestones we’ve achieved and the community that made it all possible. Let’s also look forward to an even brighter future, one filled with innovation, inclusivity, and growth for Drupal. Here’s to a new year brimming with possibilities and the collective hope that Drupal continues to shine even brighter in 2025. Happy holidays!
DrupalCon Singapore 2024- Breaking Barriers, Busting Bubbles, and Building the Future of Drupal in Singapore
- An Enriching Experience to Carry Forward: Reflections from DrupalCon Asia
- Drupal 11 Gets its First Feature Release - Drupal 11.1.0
- QED42 Debuts AI-Powered Twig-to-SDC Module
- From Data to Impact: How a Decoupled Drupal & Gatsby Transformation Empowered IDMC’s Global Advocacy
- Drupal Needs to Innovate: Neurodiversity Might be the Answer
- New Video Explores Why Drupal is the Ideal Choice for Editors, Marketing, and HR
- New Greek Payment Modules for Drupal Commerce by E-Sepia Web Innovation
- DrupalCamp Spain 2025 Set for Santiago de Compostela on September 18-20
- Shape the Future: Register and Submit Your Session for Drupal Dev Days 2025
- Drupal Costa Rica Meetup to Preview New Drupal CMS Before Official Launch
- Time is Running Out: Submit Your Session Proposal for MidCamp 2025!
- Acquia Engage Awards 2025: Submission Deadline Set for January 10
- Florida DrupalCamp 2025: Join the Dive Day Adventure
- Drupal Iberia 2025 to Take Place in Cáceres, Spain on April 4-5
- FOSDEM 2025: Session Schedule Released for Europe’s Premier Open Source Conference
- Final Call: FOSSASIA Summit 2025 Session Submission Closes on December 22
- Drupal Sapporo Meetup to Explore Integration with Open Source Applications on 26 December
- Vardot Leads the Way in Crafting Open-Source RFP Template
- 1xINTERNET Publishes Exclusive Interview with Drupal CMS Search Track Leads
- Pantheon and Sapio Research Release ‘The State of Enterprise Websites in Europe’ Report
To get timely updates, follow us on LinkedIn, Twitter and Facebook. You can also join us on Drupal Slack at #thedroptimes.
LN Webworks: LN Webworks at DrupalCon Singapore 2024
It's the Second DrupalCon for LNWebWorks, filled with incredible memories and the opportunity to forge new connections. This time, the event is hosted at the prestigious ParkRoyal Collection Marina Bay Hall. Luckily, our hotel—Carlton City Hotel —is just a stone's throw away, making it a quick 5-minute cab ride to the venue. Here's a glimpse of my hotel room view, showcasing the breathtaking skyline of the tallest buildings!
Russ Allbery: Review: The House That Walked Between Worlds
Review: The House That Walked Between Worlds, by Jenny Schwartz
Series: Uncertain Sanctuary #1 Publisher: Jenny Schwartz Copyright: 2020 Printing: September 2024 ASIN: B0DBX6GP8Z Format: Kindle Pages: 215The House That Walked Between Worlds is the first book of a self-published trilogy of... hm. Space fantasy? Pure fantasy with a bit of science fiction thrown in for flavor? Something like that. I read it as part of the Uncertain Sanctuary omnibus, which is reflected in the sidebar metadata.
Kira Aist is a doctor. She's also a witch and a direct descendant of Baba Yaga. Her Russian grandmother warned her to never use magic and never reveal who she was because people would hunt her and her family if she did. She broke the rule to try to save a child, her grandmother was right, and now multiple people are dead, including her parents. As the story opens, she's deep in the wilds of New Zealand in a valley with buried moa bones, summoning her House so that she can flee Earth.
Kira's first surprise is that her House is not the small hut that she was expecting from childhood visits to Baba Yaga. It's larger. A lot larger: an obsidian castle with nine towers and legs that resemble dragons rather than the moas whose magic she drew on. Her magic apparently had a much different idea of what she needs than she did.
Her second surprise is that her magical education is highly incomplete, and she is not the witch that she thought she was. Her ability to create a House means that she's a sorcerer, the top tier of magical power in a hierarchy about which she knows essentially nothing. Thankfully the House has a library, but Kira has a lot to learn about the universe and her place in it.
I picked this up because the premise sounded a little like the Innkeeper novels, and since another novel in that series does not appear to be immediately forthcoming, I went looking elsewhere for my cozy sentient building fix. The House That Walked Between Worlds is nowhere near as well-written (or, frankly, coherent) as the Innkeeper books, but it did deliver some of the same vibes.
You should know going in that there isn't much in the way of a plot. Schwartz invented an elaborate setting involving archetype worlds inhabited by classes of mythological creatures that in some mystical sense surround a central system called Qaysar. These archetype worlds spawn derived worlds, each of which seems to be its own dimension, although the details are a bit murky to me. The world Kira thinks of as Earth is just one of the universes branched off of an archetypal Earth, and is the only one of those branchings where the main population is human. The other Earth-derived worlds are populated by the Dinosaurians and the Neanderthals. Similarly, there is a Fae world that branches into Elves and Goblins, an Epic world that branches into Shifters, Trolls, and Kobolds, and so forth. Travel between these worlds is normally by slow World Walker Caravans, but Houses break the rules of interdimensional travel in ways that no one entirely understands.
If your eyes are already starting to glaze over, be warned there's a lot of this. The House That Walked Between Worlds is infodumping mixed with vibes, and I think you have to enjoy the setting, or at least the sheer enthusiasm of Schwartz's presentation of it, to get along with this book. The rest of the story is essentially Kira picking up strays: first a dangerous-looking elf cyborg, then a juvenile giant cat (because of course there's a pet fantasy space cat; it's that sort of book), and then a charming martial artist who I'm fairly sure is up to no good. Kira is entirely out of her depth and acting on instinct, which luckily plays into stereotypes of sorcerers as mysterious and unpredictable. It also helps that her magic is roughly "anything she wants to happen, happens."
This is, in other words, not a tightly-crafted story with coherent rules and a sense of risk and danger. It's a book that succeeds or fails almost entirely on how much you like the main characters and enjoy the world-building. Thankfully, I thought the characters were fun, if not (so far) all that deep. Kira deals with her trauma without being excessively angsty and leans into her new situation with a chaotic decisiveness that I found charming. The cyborg elf is taciturn and a bit inscrutable at first, but he grew on me, and thankfully this book does not go immediately to romance. Late in the book, Kira picks up a publicity expert, which was not at all the type of character that I was expecting and which I found delightful.
Most importantly, the House was exactly what I was looking for: impish, protective, mysterious, inhuman, and absurdly overpowered. I adore cozy sentient building stories, so I'm an easy audience for this sort of thing, but I'm already eager to read more about the House.
This is not great writing by any stretch, and you will be unsurprised that it's self-published. If you're expecting the polish and plot coherence of the Innkeeper stories, you'll be disappointed. But if you just want to spend some time with a giant sentient space-traveling mansion inhabited by unlikely misfits, and you don't mind large amounts of space fantasy infodumping, consider giving this a shot. I had fun with it and plan on reading the rest of the omnibus.
Followed by House in Hiding.
Rating: 6 out of 10
Simon Josefsson: OpenSSH and Git on a Post-Quantum SPHINCS+
Are you aware that Git commits and tags may be signed using OpenSSH? Git signatures may be used to improve integrity and authentication of our software supply-chain. Popular signature algorithms include Ed25519, ECDSA and RSA. Did you consider that these algorithms may not be safe if someone builds a post-quantum computer?
As you may recall, I have earlier blogged about the efficient post-quantum key agreement mechanism called Streamlined NTRU Prime and its use in SSH and I have attempted to promote the conservatively designed Classic McEliece in a similar way, although it remains to be adopted.
What post-quantum signature algorithms are available? There is an effort by NIST to standardize post-quantum algorithms, and they have a category for signature algorithms. According to wikipedia, after round three the selected algorithms are CRYSTALS-Dilithium, FALCON and SPHINCS+. Of these, SPHINCS+ appears to be a conservative choice suitable for long-term digital signatures. Can we get this to work?
Recall that Git uses the ssh-keygen tool from OpenSSH to perform signing and verification. To refresh your memory, let’s study the commands that Git uses under the hood for Ed25519. First generate a Ed25519 private key:
jas@kaka:~$ ssh-keygen -t ed25519 -f my_ed25519_key -P "" Generating public/private ed25519 key pair. Your identification has been saved in my_ed25519_key Your public key has been saved in my_ed25519_key.pub The key fingerprint is: SHA256:fDa5+jmC2+/aiLhWeWA3IV8Wj6yMNTSuRzqUZlIGlXQ jas@kaka The key's randomart image is: +--[ED25519 256]--+ | .+=.E .. | | oo=.ooo | | . =o=+o . | | =oO+o . | | .=+S.= | | oo.o o | | . o . | | ...o.+.. | | .o.o.=**. | +----[SHA256]-----+ jas@kaka:~$ cat my_ed25519_key -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACAWP/aZ8hzN0WNRMSpjzbgW1tJXNd2v6/dnbKaQt7iIBQAAAJCeDotOng6L TgAAAAtzc2gtZWQyNTUxOQAAACAWP/aZ8hzN0WNRMSpjzbgW1tJXNd2v6/dnbKaQt7iIBQ AAAEBFRvzgcD3YItl9AMmVK4xDKj8NTg4h2Sluj0/x7aSPlhY/9pnyHM3RY1ExKmPNuBbW 0lc13a/r92dsppC3uIgFAAAACGphc0BrYWthAQIDBAU= -----END OPENSSH PRIVATE KEY----- jas@kaka:~$ cat my_ed25519_key.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBY/9pnyHM3RY1ExKmPNuBbW0lc13a/r92dsppC3uIgF jas@kaka jas@kaka:~$Then let’s sign something with this key:
jas@kaka:~$ echo "Hello world!" > msg jas@kaka:~$ ssh-keygen -Y sign -f my_ed25519_key -n my-namespace msg Signing file msg Write signature to msg.sig jas@kaka:~$ cat msg.sig -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgFj/2mfIczdFjUTEqY824FtbSVz Xdr+v3Z2ymkLe4iAUAAAAMbXktbmFtZXNwYWNlAAAAAAAAAAZzaGE1MTIAAABTAAAAC3Nz aC1lZDI1NTE5AAAAQLmWsq05tqOOZIJqjxy5ZP/YRFoaX30lfIllmfyoeM5lpVnxJ3ZxU8 SF0KodDr8Rtukg2N3Xo80NGvZOzbG/9Aw= -----END SSH SIGNATURE----- jas@kaka:~$Now let’s create a list of trusted public-keys and associated identities:
jas@kaka:~$ echo 'my.name@example.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBY/9pnyHM3RY1ExKmPNuBbW0lc13a/r92dsppC3uIgF' > allowed-signers jas@kaka:~$Then let’s verify the message we just signed:
jas@kaka:~$ cat msg | ssh-keygen -Y verify -f allowed-signers -I my.name@example.org -n my-namespace -s msg.sig Good "my-namespace" signature for my.name@example.org with ED25519 key SHA256:fDa5+jmC2+/aiLhWeWA3IV8Wj6yMNTSuRzqUZlIGlXQ jas@kaka:~$I have implemented support for SPHINCS+ in OpenSSH. This is early work, but I wanted to announce it to get discussion of some of the details going and to make people aware of it.
What would a better way to demonstrate SPHINCS+ support in OpenSSH by validating the Git commit that implements it, using its own implementation?
Here is how to proceed, first get a suitable development environment up and running. I’m using a Debian container launched in a protected environment using podman.
jas@kaka:~$ podman run -it --rm debian:stableThen install the necessary build dependencies for OpenSSH.
# apt-get update # apt-get install git build-essential autoconf libz-dev libssl-devNow clone my OpenSSH branch with the SPHINCS+ implentation and build it. You may browse the commit on GitHub first if you are curious.
# cd # git clone https://github.com/jas4711/openssh-portable.git -b sphincsp # cd openssh-portable # autoreconf -fvi # ./configure # makeConfigure a Git allowed signers list with my SPHINCS+ public key (make sure to keep the public key on one line with the whitespace being one ASCII SPC character):
# mkdir -pv ~/.ssh # echo 'simon@josefsson.org ssh-sphincsplus@openssh.com AAAAG3NzaC1zcGhpbmNzcGx1c0BvcGVuc3NoLmNvbQAAAECI6eacTxjB36xcPtP0ZyxJNIGCN350GluLD5h0KjKDsZLNmNaPSFH2ynWyKZKOF5eRPIMMKSCIV75y+KP9d6w3' > ~/.ssh/allowed_signers # git config gpg.ssh.allowedSignersFile ~/.ssh/allowed_signersThen verify the commit using the newly built ssh-keygen binary:
# PATH=$PWD:$PATH # git log -1 --show-signature commit ce0b590071e2dc845373734655192241a4ace94b (HEAD -> sphincsp, origin/sphincsp) Good "git" signature for simon@josefsson.org with SPHINCSPLUS key SHA256:rkAa0fX0lQf/7V7QmuJHSI44L/PAPPsdWpis4nML7EQ Author: Simon Josefsson <simon@josefsson.org> Date: Tue Dec 3 18:44:25 2024 +0100 Add SPHINCS+. # git verify-commit ce0b590071e2dc845373734655192241a4ace94b Good "git" signature for simon@josefsson.org with SPHINCSPLUS key SHA256:rkAa0fX0lQf/7V7QmuJHSI44L/PAPPsdWpis4nML7EQ #Yay!
So what are some considerations?
SPHINCS+ comes in many different variants. First it comes with three security levels approximately matching 128/192/256 bit symmetric key strengths. Second choice is between the SHA2-256, SHAKE256 (SHA-3) and Haraka hash algorithms. Final choice is between a “robust” and a “simple” variant with different security and performance characteristics. To get going, I picked the “sphincss256sha256robust” SPHINCS+ implementation from SUPERCOP 20241022. There is a good size comparison table in the sphincsplus implementation, if you want to consider alternative variants.
SPHINCS+ public-keys are really small, as you can see in the allowed signers file. This is really good because they are handled by humans and often by cut’n’paste.
What about private keys? They are slightly longer than Ed25519 private keys but shorter than typical RSA private keys.
# ssh-keygen -t sphincsplus -f my_sphincsplus_key -P "" Generating public/private sphincsplus key pair. Your identification has been saved in my_sphincsplus_key Your public key has been saved in my_sphincsplus_key.pub The key fingerprint is: SHA256:4rNfXdmLo/ySQiWYzsBhZIvgLu9sQQz7upG8clKziBg root@ad600ff56253 The key's randomart image is: +[SPHINCSPLUS 256-+ | . .o | |o . oo. | | = .o.. o | |o o o o . . o | |.+ = S o o .| |Eo= . + . . .. .| |=*.+ o . . oo . | |B+= o o.o. . | |o*o ... .oo. | +----[SHA256]-----+ # cat my_sphincsplus_key.pub ssh-sphincsplus@openssh.com AAAAG3NzaC1zcGhpbmNzcGx1c0BvcGVuc3NoLmNvbQAAAEAltAX1VhZ8pdW9FgC+NdM6QfLxVXVaf1v2yW4v+tk2Oj5lxmVgZftfT37GOMOlK9iBm9SQHZZVYZddkEJ9F1D7 root@ad600ff56253 # cat my_sphincsplus_key -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAYwAAABtzc2gtc3 BoaW5jc3BsdXNAb3BlbnNzaC5jb20AAABAJbQF9VYWfKXVvRYAvjXTOkHy8VV1Wn9b9slu L/rZNjo+ZcZlYGX7X09+xjjDpSvYgZvUkB2WVWGXXZBCfRdQ+wAAAQidiIwanYiMGgAAAB tzc2gtc3BoaW5jc3BsdXNAb3BlbnNzaC5jb20AAABAJbQF9VYWfKXVvRYAvjXTOkHy8VV1 Wn9b9sluL/rZNjo+ZcZlYGX7X09+xjjDpSvYgZvUkB2WVWGXXZBCfRdQ+wAAAIAbwBxEhA NYzITN6VeCMqUyvw/59JM+WOLXBlRbu3R8qS7ljc4qFVWUtmhy8B3t9e4jrhdO6w0n5I4l mnLnBi2hJbQF9VYWfKXVvRYAvjXTOkHy8VV1Wn9b9sluL/rZNjo+ZcZlYGX7X09+xjjDpS vYgZvUkB2WVWGXXZBCfRdQ+wAAABFyb290QGFkNjAwZmY1NjI1MwECAwQ= -----END OPENSSH PRIVATE KEY----- #Signature size? Now here is the challenge, for this variant the size is around 29kb or close to 600 lines of base64 data:
# git cat-file -p ce0b590071e2dc845373734655192241a4ace94b | head -10 tree ede42093e7d5acd37fde02065a4a19ac1f418703 parent 826483d51a9fee60703298bbf839d9ce37943474 author Simon Josefsson <simon@josefsson.org> 1733247865 +0100 committer Simon Josefsson <simon@josefsson.org> 1734907869 +0100 gpgsig -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAAGMAAAAbc3NoLXNwaGluY3NwbHVzQG9wZW5zc2guY29tAAAAQIjp5p xPGMHfrFw+0/RnLEk0gYI3fnQaW4sPmHQqMoOxks2Y1o9IUfbKdbIpko4Xl5E8gwwpIIhX vnL4o/13rDcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAHSDAAAAG3NzaC1zcGhpbmNzcGx1c0 BvcGVuc3NoLmNvbQAAdGDHlobgfgkKKQBo3UHmnEnNXczCMNdzJmeYJau67QM6xZcAU+d+ 2mvhbksm5D34m75DWEngzBb3usJTqWJeeDdplHHRe3BKVCQ05LHqRYzcSdN6eoeZqoOBvR # git cat-file -p ce0b590071e2dc845373734655192241a4ace94b | tail -5 ChvXUk4jfiNp85RDZ1kljVecfdB2/6CHFRtxrKHJRDiIavYjucgHF1bjz0fqaOSGa90UYL RZjZ0OhdHOQjNP5QErlIOcZeqcnwi0+RtCJ1D1wH2psuXIQEyr1mCA== -----END SSH SIGNATURE----- Add SPHINCS+. # git cat-file -p ce0b590071e2dc845373734655192241a4ace94b | wc -l 579 #What about performance? Verification is really fast:
# time git verify-commit ce0b590071e2dc845373734655192241a4ace94b Good "git" signature for simon@josefsson.org with SPHINCSPLUS key SHA256:rkAa0fX0lQf/7V7QmuJHSI44L/PAPPsdWpis4nML7EQ real 0m0.010s user 0m0.005s sys 0m0.005s #On this machine, verifying an Ed25519 signature is a couple of times slower, and needs around 0.07 seconds.
Signing is slower, it takes a bit over 2 seconds on my laptop.
# echo "Hello world!" > msg # time ssh-keygen -Y sign -f my_sphincsplus_key -n my-namespace msg Signing file msg Write signature to msg.sig real 0m2.226s user 0m2.226s sys 0m0.000s # echo 'my.name@example.org ssh-sphincsplus@openssh.com AAAAG3NzaC1zcGhpbmNzcGx1c0BvcGVuc3NoLmNvbQAAAEAltAX1VhZ8pdW9FgC+NdM6QfLxVXVaf1v2yW4v+tk2Oj5lxmVgZftfT37GOMOlK9iBm9SQHZZVYZddkEJ9F1D7' > allowed-signers # cat msg | ssh-keygen -Y verify -f allowed-signers -I my.name@example.org -n my-namespace -s msg.sig Good "my-namespace" signature for my.name@example.org with SPHINCSPLUS key SHA256:4rNfXdmLo/ySQiWYzsBhZIvgLu9sQQz7upG8clKziBg #Welcome to our new world of Post-Quantum safe digital signatures of Git commits, and Happy Hacking!
#! code: Drupal 11: The Queues API
I've talked a lot about the Batch API in Drupal recently, and I've mentioned that it is built upon the Queue API, but I haven't gone any deeper than that. I wrote about the Queues API in Drupal 7, but thought I would bring my understanding up to date.
A queue is a data construct that uses a "first in, last out" (or FILO) flow where items are processed in the order that they were added to the queue. This system has a lot of different uses, but is most important when it comes to asynchronous data processing. Drupal and many modules make use of the queue system to process information behind the scenes.
The difference between a queue and a batch is that the batch is for time sensitive things where the user is expecting something to happen. A queue, on the other hand, is more for data processing that needs to happen behind the scenes or without any user triggering the process.
Batches also tend to be stateless, meaning that if the batch fails half way through it is sometimes difficult to re-start the batch from the same point. It is possible if you create your batches in just the right way, but this is actually a little rate. A queue manages this much better by having all of the items in the queue and then giving you options about what you can do with each item as you process it. This means that you might pop a queue item back into the queue for later processing if it failed.
In this article I will look at the Queue API in Drupal 11, how it is used and what sort of best practices are used when using the API.
Creating A QueueTo create a queue in Drupal you need to create an instance of the 'queue' service. This is a factory that can be used to create and manage your queues inside Drupal. By default, all queues in Drupal are database queues (handled via the queue.database default queue factory), although this can be changed with configuration settings.
Freelock Blog: Automatically set fields on content
One of the easiest things to do with the Events, Conditions, and Actions (ECA) module is to set values on fields. You can populate forms with names and addresses from a user's profile. You can set date values to offsets from the current time. You can perform calculations and store the result in a summary field, which can make using them in views much more straightforward.
Real Python: Strings and Character Data in Python
Python strings are a sequence of characters used for handling textual data. You can create strings in Python using quotation marks or the str() function, which converts objects into strings. Strings in Python are immutable, meaning once you define a string, you can’t change it.
To access specific elements of a string, you use indexing, where indices start at 0 for the first character. You specify an index in square brackets, such as "hello"[0], which gives you "h". For string interpolation you can use curly braces {} in a string.
By the end of this tutorial, you’ll understand that:
- A Python string is a sequence of characters used for textual data.
- The str() function converts objects to their string representation.
- You can use curly braces {} to insert values in a Python string.
- You access string elements in Python using indexing with square brackets.
- You can join all elements in a list into a single string using .join().
You’ll explore creating strings with string literals and functions, using operators and built-in functions with strings, indexing and slicing techniques, and methods for string interpolation and formatting. These skills will help you manipulate and format textual data in your Python programs effectively.
To get the most out of this tutorial, you should have a good understanding of core Python concepts, including variables, functions, and operators and expressions.
Get Your Code: Click here to download the free sample code that shows you how to work with strings and character data in Python.
Take the Quiz: Test your knowledge with our interactive “Python Strings and Character Data” quiz. You’ll receive a score upon completion to help you track your learning progress:
Interactive Quiz
Python Strings and Character DataThis quiz will test your understanding of Python's string data type and your knowledge about manipulating textual data with string objects. You'll cover the basics of creating strings using literals and the str() function, applying string methods, using operators and built-in functions, and more!
Getting to Know Strings and Characters in PythonPython provides the built-in string (str) data type to handle textual data. Other programming languages, such as Java, have a character data type for single characters. Python doesn’t have that. Single characters are strings of length one.
In practice, strings are immutable sequences of characters. This means you can’t change a string once you define it. Any operation that modifies a string will create a new string instead of modifying the original one.
A string is also a sequence, which means that the characters in a string have a consecutive order. This feature allows you to access characters using integer indices that start with 0. You’ll learn more about these concepts in the section about indexing strings. For now, you’ll learn about how to create strings in Python.
Creating Strings in PythonThere are different ways to create strings in Python. The most common practice is to use string literals. Because strings are everywhere and have many use cases, you’ll find a few different types of string literals. There are standard literals, raw literals, and formatted literals.
Additionally, you can use the built-in str() function to create new strings from other existing objects.
In the following sections, you’ll learn about the multiple ways to create strings in Python and when to use each of them.
Standard String LiteralsA standard string literal is just a piece of text or a sequence of characters that you enclose in quotes. To create single-line strings, you can use single ('') and double ("") quotes:
Python >>> 'A single-line string in single quotes' 'A single-line string in single quotes' >>> "A single-line string in double quotes" 'A single-line string in double quotes' Copied!In the first example, you use single quotes to delimit the string literal. In the second example, you use double quotes.
Note: Python’s standard REPL displays string objects using single quotes even though you create them using double quotes.
You can define empty strings using quotes without placing characters between them:
Python >>> "" '' >>> '' '' >>> len("") 0 Copied!An empty string doesn’t contain any characters, so when you use the built-in len() function with an empty string as an argument, you get 0 as a result.
To create multiline strings, you can use triple-quoted strings. In this case, you can use either single or double quotes:
Read the full article at https://realpython.com/python-strings/ »[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Real Python: Working With JSON Data in Python
Python’s json module provides you with the tools you need to effectively handle JSON data. You can convert Python data types to a JSON-formatted string with json.dumps() or write them to files using json.dump(). Similarly, you can read JSON data from files with json.load() and parse JSON strings with json.loads().
JSON, or JavaScript Object Notation, is a widely-used text-based format for data interchange. Its syntax resembles Python dictionaries but with some differences, such as using only double quotes for strings and lowercase for Boolean values. With built-in tools for validating syntax and manipulating JSON files, Python makes it straightforward to work with JSON data.
By the end of this tutorial, you’ll understand that:
- JSON in Python is handled using the standard-library json module, which allows for data interchange between JSON and Python data types.
- JSON is a good data format to use with Python as it’s human-readable and straightforward to serialize and deserialize, which makes it ideal for use in APIs and data storage.
- You write JSON with Python using json.dump() to serialize data to a file.
- You can minify and prettify JSON using Python’s json.tool module.
Since its introduction, JSON has rapidly emerged as the predominant standard for the exchange of information. Whether you want to transfer data with an API or store information in a document database, it’s likely you’ll encounter JSON. Fortunately, Python provides robust tools to facilitate this process and help you manage JSON data efficiently.
While JSON is the most common format for data distribution, it’s not the only option for such tasks. Both XML and YAML serve similar purposes. If you’re interested in how the formats differ, then you can check out the tutorial on how to serialize your data with Python.
Free Bonus: Click here to download the free sample code that shows you how to work with JSON data in Python.
Take the Quiz: Test your knowledge with our interactive “Working With JSON Data in Python” quiz. You’ll receive a score upon completion to help you track your learning progress:
Interactive Quiz
Working With JSON Data in PythonIn this quiz, you'll test your understanding of working with JSON in Python. By working through this quiz, you'll revisit key concepts related to JSON data manipulation and handling in Python.
Introducing JSONThe acronym JSON stands for JavaScript Object Notation. As the name suggests, JSON originated from JavaScript. However, JSON has transcended its origins to become language-agnostic and is now recognized as the standard for data interchange.
The popularity of JSON can be attributed to native support by the JavaScript language, resulting in excellent parsing performance in web browsers. On top of that, JSON’s straightforward syntax allows both humans and computers to read and write JSON data effortlessly.
To get a first impression of JSON, have a look at this example code:
JSON hello_world.json { "greeting": "Hello, world!" } Copied!You’ll learn more about the JSON syntax later in this tutorial. For now, recognize that the JSON format is text-based. In other words, you can create JSON files using the code editor of your choice. Once you set the file extension to .json, most code editors display your JSON data with syntax highlighting out of the box:
The screenshot above shows how VS Code displays JSON data using the Bearded color theme. You’ll have a closer look at the syntax of the JSON format next!
Examining JSON SyntaxIn the previous section, you got a first impression of how JSON data looks. And as a Python developer, the JSON structure probably reminds you of common Python data structures, like a dictionary that contains a string as a key and a value. If you understand the syntax of a dictionary in Python, you already know the general syntax of a JSON object.
Note: Later in this tutorial, you’ll learn that you’re free to use lists and other data types at the top level of a JSON document.
The similarity between Python dictionaries and JSON objects is no surprise. One idea behind establishing JSON as the go-to data interchange format was to make working with JSON as convenient as possible, independently of which programming language you use:
[A collection of key-value pairs and arrays] are universal data structures. Virtually all modern programming languages support them in one form or another. It makes sense that a data format that is interchangeable with programming languages is also based on these structures. (Source)
To explore the JSON syntax further, create a new file named hello_frieda.json and add a more complex JSON structure as the content of the file:
JSON hello_frieda.json 1{ 2 "name": "Frieda", 3 "isDog": true, 4 "hobbies": ["eating", "sleeping", "barking"], 5 "age": 8, 6 "address": { 7 "work": null, 8 "home": ["Berlin", "Germany"] 9 }, 10 "friends": [ 11 { 12 "name": "Philipp", 13 "hobbies": ["eating", "sleeping", "reading"] 14 }, 15 { 16 "name": "Mitch", 17 "hobbies": ["running", "snacking"] 18 } 19 ] 20} Copied!In the code above, you see data about a dog named Frieda, which is formatted as JSON. The top-level value is a JSON object. Just like Python dictionaries, you wrap JSON objects inside curly braces ({}).
In line 1, you start the JSON object with an opening curly brace ({), and then you close the object at the end of line 20 with a closing curly brace (}).
Read the full article at https://realpython.com/python-json/ »[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Real Python: How to Flatten a List of Lists in Python
Flattening a list in Python involves converting a nested list structure into a single, one-dimensional list. A common approach to flatten a list of lists is to use a for loop to iterate through each sublist. Then, add each item to a new list with the .extend() method or the augmented concatenation operator (+=). This will “unlist” the list, resulting in a flattened list.
Alternatively, Python’s standard library offers tools like itertools.chain() and functools.reduce() to achieve similar results. You can also use a list comprehension for a concise one-liner solution. Each method has its own performance characteristics, with for loops and list comprehensions generally being more efficient.
By the end of this tutorial, you’ll understand that:
- Flattening a list involves converting nested lists into a single list.
- You can use a for loop and .extend() to flatten lists in Python.
- List comprehensions provide a concise syntax for list transformations.
- Standard-library functions like itertools.chain() and functools.reduce() can also flatten lists.
- The .flatten() method in NumPy efficiently flattens arrays for data science tasks.
- Unlisting a list means to flatten nested lists into one list.
To better illustrate what it means to flatten a list, say that you have the following matrix of numeric values:
Python >>> matrix = [ ... [9, 3, 8, 3], ... [4, 5, 2, 8], ... [6, 4, 3, 1], ... [1, 0, 4, 5], ... ] Copied!The matrix variable holds a Python list that contains four nested lists. Each nested list represents a row in the matrix. The rows store four items or numbers each. Now say that you want to turn this matrix into the following list:
Python [9, 3, 8, 3, 4, 5, 2, 8, 6, 4, 3, 1, 1, 0, 4, 5] Copied!How do you manage to flatten your matrix and get a one-dimensional list like the one above? In this tutorial, you’ll learn how to do that in Python.
Free Bonus: Click here to download the free sample code that showcases and compares several ways to flatten a list of lists in Python.
Take the Quiz: Test your knowledge with our interactive “How to Flatten a List of Lists in Python” quiz. You’ll receive a score upon completion to help you track your learning progress:
Interactive Quiz
How to Flatten a List of Lists in PythonIn this quiz, you'll test your understanding of how to flatten a list in Python. Flattening a list involves converting a multidimensional list, such as a matrix, into a one-dimensional list. This is a common operation when working with data stored as nested lists.
How to Flatten a List of Lists With a for LoopHow can you flatten a list of lists in Python? In general, to flatten a list of lists, you can run the following steps either explicitly or implicitly:
- Create a new empty list to store the flattened data.
- Iterate over each nested list or sublist in the original list.
- Add every item from the current sublist to the list of flattened data.
- Return the resulting list with the flattened data.
You can follow several paths and use multiple tools to run these steps in Python. Arguably, the most natural and readable way to do this is to use a for loop, which allows you to explicitly iterate over the sublists.
Then you need a way to add items to the new flattened list. For that, you have a couple of valid options. First, you’ll turn to the .extend() method from the list class itself, and then you’ll give the augmented concatenation operator (+=) a go.
To continue with the matrix example, here’s how you would translate these steps into Python code using a for loop and the .extend() method:
Python >>> def flatten_extend(matrix): ... flat_list = [] ... for row in matrix: ... flat_list.extend(row) ... return flat_list ... Copied!Inside flatten_extend(), you first create a new empty list called flat_list. You’ll use this list to store the flattened data when you extract it from matrix. Then you start a loop to iterate over the inner, or nested, lists from matrix. In this example, you use the name row to represent the current nested list.
In every iteration, you use .extend() to add the content of the current sublist to flat_list. This method takes an iterable as an argument and appends its items to the end of the target list.
Now go ahead and run the following code to check that your function does the job:
Python >>> flatten_extend(matrix) [9, 3, 8, 3, 4, 5, 2, 8, 6, 4, 3, 1, 1, 0, 4, 5] Copied!That’s neat! You’ve flattened your first list of lists. As a result, you have a one-dimensional list containing all the numeric values from matrix.
With .extend(), you’ve come up with a Pythonic and readable way to flatten your lists. You can get the same result using the augmented concatenation operator (+=) on your flat_list object. However, this alternative approach may not be as readable:
Python >>> def flatten_concatenation(matrix): ... flat_list = [] ... for row in matrix: ... flat_list += row ... return flat_list ... Copied! Read the full article at https://realpython.com/python-flatten-list/ »[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
This Week in KDE Apps: Search in Merkuro Mail, Tokodon For Android, LabPlot new documentation and more
Welcome to a new issue of "This Week in KDE Apps"! Every week we cover as much as possible of what's happening in the world of KDE apps.
AudioTube YouTube Music appAudioTube now shows synchronized lyrics provided by LRCLIB. This automatically falls back to normal lyrics if synced lyrics are not available. (Kavinu Nethsara, 25.04.0. Link)
Dolphin Manage your filesQuickly renaming multiple files by switching between them with the keyboard arrow keys now correctly starts a renaming of the next file even if a sorting change moved it. (Ilia Kats, 25.04.0. Link)
Fixed a couple of regressions in the 24.12.0 release. (Akseli Lahtinen, 24.12.1. Link 1, link 2, link 3)
KDE Itinerary Digital travel assistantImproved the touch targets of the buttons in the bottom drawer which appears on mobile. (Carl Schwan, 24.05.0. Link)
Akonadi Background service for KDE PIM appsImprove the stability of changing tags. Now deleting a tag will properly remove it from all items. (Daniel Vrátil, 24.12.1. Link 1 and link 2)
KMail A feature-rich email applicationThe tooltip of your folder in KMail will now show the absolute space quota in bytes. (Fabian Vogt, 25.04.0. Link)
KMyMoney Personal finance manager based on double-entry bookkeepingAn initial port of KMyMoney for Qt6 was merged. (Ralf Habacker. Link)
Krita Digital Painting, Creative FreedomKrita has a new plugin for fast sketching. You can find more about this on their blog post.
KTorrent BitTorrent ClientAdded the support for getting IPv6 peers from peer exchange. (Jack Hill, 25.04.0. Link)
LabPlot Interactive Data Visualization and AnalysisWe now show more plot types in the "Add new plot" context menu. (Alexander Senke. Link)
LabPlot has announced a new dedicated user manual page.
Okular View and annotate documentsWe improved how we are displaying the signature and certificate details in the mobile version of Okular. (Carl Schwan, 25.04.0. Link)
When selecting a certificate to use when digitally signing a PDF with the GPG backend, the fingerprints are rendered more nicely. (Sune Vuorela, 25.04.0. Link)
It's now possible to choose a custom default zoom level in Okular. (Wladimir Leuschner, 25.04.0. Link)
Merkuro Mail Read your emails with speed and easeMerkuro Mail now lets you search across your emails with a full text search. (Carl Schwan, 25.04.0. Link)
Additionally, the Merkuro Mail sidebar will now remember which folders were collapsed or expanded as well as the last selected folder across application restarts. (Carl Schwan, 25.04.0. Link)
PowerPlant Keep your plants aliveWe started the "KDE Review" process for PowerPlant, so expect a release in the comming weeks.
We added support for Windows and Android. (Laurent Montel, 1.0.0. Link 1, link 2 and link 3)
Ruqola Rocket Chat ClientRuqola 2.4.0 is out. You can now mute/unmute other users, cleanup the room history and more. Read the full announcement.
Tokodon Browse the FediverseThis week, Joshua spent some time improving Tokodon for mobile and in particular for Android. This includes performance optimization, adding missing icons and some mobile specific user experience improvements. (Joshua Goins, 25.04.0. Link 1, link 2 and link 3). A few more improvements for Android, like proper push notifications via unified push, are in the work.
Joshua also improved the draft and scheduled post features, allowing now to discard scheduled posts and drafts and showing when a draft was created. (Joshua Goins, 25.04.0. Link)
We also added a keyboard shortcut configuration page in Tokodon settings. (Joshua Goins and Carl Schwan, 25.04.0. Link 1 and link 2)
Finally, we created a new server information page with the server rules and made the existing announcements page a subpage of it. Speaking of announcements, we added support for the announcement's emoji reactions. (Joshua Goins, 25.04.0. Link)
WashiPad Minimalist Sketchnoting ApplicationWashiPad was ported to Kirigami instead of using its own custom QtQuick components. (Carl Schwan. Link)
…And Everything ElseThis blog only covers the tip of the iceberg! If you’re hungry for more, check out Nate's blog about Plasma and be sure not to miss his This Week in Plasma series, where every Saturday he covers all the work being put into KDE's Plasma desktop environment.
For a complete overview of what's going on, visit KDE's Planet, where you can find all KDE news unfiltered directly from our contributors.
Get InvolvedThe KDE organization has become important in the world, and your time and contributions have helped us get there. As we grow, we're going to need your support for KDE to become sustainable.
You can help KDE by becoming an active community member and getting involved. Each contributor makes a huge difference in KDE — you are not a number or a cog in a machine! You don’t have to be a programmer either. There are many things you can do: you can help hunt and confirm bugs, even maybe solve them; contribute designs for wallpapers, web pages, icons and app interfaces; translate messages and menu items into your own language; promote KDE in your local community; and a ton more things.
You can also help us by donating. Any monetary contribution, however small, will help us cover operational costs, salaries, travel expenses for contributors and in general just keep KDE bringing Free Software to the world.
To get your application mentioned here, please ping us in invent or in Matrix.
LostCarPark Drupal Blog: Drupal Advent Calendar day 22 - Gin Admin Theme track
Once more, we welcome you back to the Drupal Advent Calendar, to see what’s behind door number twenty-two. Today we are welcoming back an old friend, the Gin Admin Theme which was covered all the way back in Door 1 of the 2023 Drupal Advent Calendar.
So why feature it again? Well back then, Gin was something of a rebel, for use on cutting edge Drupal sites, but perhaps a bit too “punk” for respectable production sites.
But a year later Gin is becoming respectable, and as part of that, it has been selected as the default admin theme for Drupal CMS.
Drupal CMS is focused on giving the easiest to…
TagsSteinar H. Gunderson: Kernel adventures: When two rights make a wrong
My 3D printer took me on another adventure recently. Or, well, actually someone else's 3D printer did: It turns out that building a realtime system (with high-speed motors controlling to a 300-degree metal rod) by cobbling together a bunch of Python and JavaScript on an anemic Arm SoC with zero resource isolation doesn't always meet those realtime guarantees. So in particular after installing a bunch of plugins, people would report the infamous “MCU timer too close” Klipper error, which essentially means that the microcontroller didn't get new commands in time from the Linux host and shut down as a failsafe. (Understandably, this sucks if it happens in the middle of an eight-hour print. Nobody really invented a way to reliably resume from these things yet.)
I was wondering whether it was possible to provoke this and then look at what was actually going on in the scheduler; perf sched lets you look at scheduling history on the host, so if I could reproduce the error while collecting data, I could go in afterwards and see what was the biggest CPU hog, or at least that was the theory.
However, to my surprise, perf sched record died with an error essentially saying that the kernel was compiled without ftrace support (which is needed for the scheduler hooks; it's somewhat possible to do without by just doing a regular profile, but that's a different story and much more annoying). Not very surprising, these things tend to run stone-age vendor kernels from some long-forgotten branch with zero security support and seemingly no ftrace.
Now, I did not actually run said vendor kernel; at some point, I upgraded to the latest stable kernel (6.6) from Armbian, which is still far from mainline (for one, it needs to carry out-of-tree drivers to make wireless work at all) but which I trust infinitely more to actually provide updated kernels over time. It doesn't support ftrace either, so I thought the logical step would be to upgrade to the latest “edge” kernel (aka 6.11) and then compile with the right stuff on.
After a couple of hours of compiling (almost nostalgic to have such slow kernel compiles; cross-compiling didn't work for me!), I could boot into the new kernel, and:
[ 23.775976] platform 5070400.thermal-sensor: deferred probe pending: platform: wait for supplierand then Klipper would refuse to start because it couldn't find the host thermal sensors. (I don't know exactly why it is a hard dependency, but seemingly, it is.) A bit of searching shows that this error message is doubly vexing; it should have said “wait for supplier /i2c@fdd40000/pmic@20/regulators/SWITCH_REG1” or something similar, but ends only in a space and then nothing.
So evidently this has to be something about the device tree (DT), and switching out the new DT for the old one didn't work. Bisecting was also pretty much out of the question (especially with 400+ patches that go on top of the git tree), but after a fair bit of printk debugging and some more reading, I figured out what had happened:
First, the sun8i-thermal driver, which had been carried out-of-tree in Armbian, had gone into mainline. But it was in a slightly different version; while the out-of-tree version used previously (in Armbian's 6.6 kernel) had relied on firmware (run as part of U-Boot, as I understand it) to set a special register bit, the mainline version would be stricter and take care to set it itself. I don't really know what the bit does, short of “if you don't set it, all the values you get back are really crazy”, so this is presumably a good change. So the driver would set a bit in a special memory address somewhere (sidenote: MMIO will always feel really weird to me; like, some part of the CPU has to check all memory accesses in case they're really not to RAM at all?), and for that, the thermal driver would need to take on a DT reference to the allwinner,sram (comma is evidently some sort of hierarchical separator) node so that it could get its address. Like, in case it was moved around in future SoCs or something.
Second, there was an Armbian patch that dealt with exactly these allwinner,sram nodes in another way; it would make sure that references to them would cause devlink references between the nodes. I don't know what those are either, but it seems the primary use case is for waiting: If you have a dependency from A to B, then A's initialization will wait until B is ready. The configuration bit in question is always ready, but I guess it's cleaner somehow, and you get a little symlink somewhere in /sys to explain the relationship, so perhaps it's good? But that's what the error message means; “A: deferred probe pending: wait for supplier B” means that we're not probing for A's existence yet, because it wants B to supply something and B isn't ready yet.
But why is the relationship broken? Well, for that, we need to look at how the code in the patch looks:
sram_node = of_parse_phandle(np, prop_name, 0); sram_node = of_get_parent(sram_node); sram_node = of_get_parent(sram_node); return sram_node;And how the device tree is set up in this case (lots of irrelevant stuff removed for clarity):
bus@1000000 { /* this works */ reg = <0x1000000 0x400000>; allwinner,sram = <&de3_sram 1>; }; ths: thermal-sensor@5070400 { /* this doesn't */ allwinner,sram = <&syscon>; }; syscon: syscon@3000000 { sram_c: sram@28000 { de3_sram: sram-section@0 { reg = <0x0000 0x1e000>; }; }; };So that explains it; the code expects that all DT references are to a child of a child of syscon to find the supplier, and just goes up two levels to find it. But for the thermal sensor, the reference is directly to the syscon itself, and it goes up past the root of the tree, which is, well, NULL. And then the error message doesn't have a node name to print out, and the dependency just fails forever.
So that's two presumably good changes that just interacted in a really bad way (in particular, due to too little flexibility in the second one). A small patch later, and the kernel boots with thermals again!
Oh, and those scheduling issues I wanted to debug? I never managed to reliably reproduce them; I have seen them, but they're very rare for me. I guess that upstream for the plugins in question just made things a bit less RAM-hungry in the meantime, or that having a newer kernel improves things enough in itself. Shrug. :-)
Junichi Uekawa: Looking at my private repositories for what language I wrote.
KDE @ 38C3
In less than a week from now KDE will again be present at the 38th Chaos Communication Congress (38C3) in Hamburg, Germany.
Chaos Communication CongressEven bigger than FOSDEM and much wider in scope many impactful collaborations during the past couple of years can be traced back to contacts made at Congress. Be it KDE Eco, joint projects with the Open Transport community, the weather and emergency alert aggregation server or indoor routing to just name a few.
KDE AssemblyAt last year’s edition, 37C3, we had a KDE assembly (think “stand” or “booth” at other events) for the first time. That not only helps people to find us, it’s also very useful anchor point for the growing KDE delegation.
This year we’ll further improve on that, by being there with even more people and by having the KDE assembly as part of the Bits & Bäume Habitat. That not only comes with some shared infrastructure like a workshop space but also puts us next to some of our friends, like OSM, FSFE and Wikimedia.
We’ll be in the foyer on floor level 1 next to the escalators (map).
More of our friends and partners have their own assemblies elsewhere as well, such as Matrix and Linux on Mobile.
A special thanks goes again to the nice people at CCC-P and WMDE who helped us get tickets!
Talks & WorkshopsWe’ll also have three talks by KDE people, all of them featuring collaborations beyond the classical KDE scope.
- Jonah will talk about the free and open public transport routing service Transitous on day 2 at 12:00 on stage YELL.
- Nucleus from FOSSWarn and I will present the joint work on emergency and weather alert aggregation and distribution infrastructure, on day 4 at 16:40 on stage HUFF.
- Joseph’s talk Opt Green: Coordinating a Windows 10-to-Linux upcycling campaign across Free Software communities worldwide will be on day 2 at 11:00 on stage YELL.
There will also be two workshops chaired by Jospeh on the latter subject:
- Upcycling old laptops with Linux for kids, on day 3 from 12:00 to 15:00 in Saal 5.
- A BoF on Coordinating a Windows 10-to-Linux upcycling campaign, on day 4 from 13:00 to 15:00 in the Bits & Bäume workshop area.
Make sure to monitor the schedule for last-minute changes though.
See you in Hamburg!Looking forward to many interesting discussions, if you are at 38C3 as well make sure to come by the KDE assembly!
Pages
Recent Publications
- Managing Hidden Dependencies in OO Software: a Study Based on Open Source Projects
- Open Source Communities as Liminal Ecosystems
- Investigating developers' email discussions during decision-making in Python language evolution
- Developers, Quality Control and Download Volume in Open Source Software (OSS) Projects
More...