Feeds

Reproducible Builds: Reproducible Builds in August 2024

Planet Debian - Wed, 2024-09-04 09:27

Welcome to the August 2024 report from the Reproducible Builds project!

Our reports attempt to outline what we’ve been up to over the past month, highlighting news items from elsewhere in tech where they are related. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.

Table of contents:

  1. LWN: The history, status, and plans for reproducible builds
  2. Intermediate Autotools build artifacts removed from PostgreSQL distribution tarballs
  3. Distribution news
  4. Mailing list news
  5. diffoscope
  6. Website updates
  7. Upstream patches
  8. Reproducibility testing framework
LWN: The history, status, and plans for reproducible builds

The free software newspaper of record, Linux Weekly News, published an in-depth article based on Holger Levsen’s talk, Reproducible Builds: The First Eleven Years which was presented at the recent DebConf24 conference in Busan, South Korea.

Titled The history, status, and plans for reproducible builds and written by Jake Edge, LWN’s article not only summarises Holger’s talk and clarifies its message but it links to external information as well. Holger’s original talk can also be watched on the DebConf24 webpage (direct .webm link and his HTML slides are available also). There are also a significant number of comments on LWN’s page as well.

Holger Levsen also headed a scheduled discussion session at DebConf24 on Preserving *other* build artifacts addressing a topic where a number of Debian packages are (or would like to) produce results that are neither the .deb files, the build logs nor the logs of CI tests. This is an issue for reproducible builds as this “4th type” of build artifact are typically shipped within the binary .deb packages, and are invariably non-deterministic; thus making the .deb files unreproducible. (A direct .webm link and HTML slides are available).


Intermediate Autotools build artifacts removed from PostgreSQL distribution tarballs

Peter Eisentraut wrote a detailed blog post on the subject of “The new PostgreSQL 17 make dist”. Like many projects, the PostgreSQL database has previously pre-built parts of its GNU Autotools build system: “the reason for this is a mix of convenience and traditional practice”. Peter astutely notes that this arrangement in the build system is “quite tricky” as:

You need to carefully maintain the different states of “clean source code”, “partially built source code”, and “fully built source code”, and the commands to transition between them.

However, Peter goes on to mention that:

… a lot more attention is nowadays paid to the software supply chain. There are security and legal reasons for this. When users install software, they want to know where it came from, and they want to be sure that they got the right thing, not some fake version or some version of dubious legal provenance.

And cites the XZ Utils backdoor as a reason to care about transparent and reproducible ways of distributing and communicating a source tarball and provenance. Because of this, intermediate build artifacts are now henceforth essentially disallowed from PostgreSQL distribution tarballs.

Distribution news

In Debian this month, 30 reviews of Debian packages were added, 17 were updated and 10 were removed this month adding to our knowledge about identified issues. One issue type was added by Chris Lamb, too. []

In addition, an issue was filed to update the Salsa CI pipeline (used by 1,000s of Debian packages) to no longer test for reproducibility with reprotest’s build_path variation. Holger Levsen provided a rationale for this change in the issue, which has already been made to the tests being performed by tests.reproducible-builds.org.


In Arch Linux this month, Jelle van der Waa published a short blog post on the topic of Investigating creating reproducible images with mkosi, motivated by the desire to make it possible for anyone to “re-recreate the official Arch cloud image bit-by-bit identical on their own machine as per [the] reproducible builds definition.” In addition, Jelle filed a patch for pacman, the Arch Linux package manager, to respect the SOURCE_DATE_EPOCH environment variable when installing a package.


In openSUSE news, Bernhard M. Wiedemann published another report for that distribution.


In Android news, the IzzyOnDroid project added 49 new rebuilder recipes and now features 256 total reproducible applications representing 21% of the total offerings in the repository. IzzyOnDroid is “an F-Droid style repository for Android apps[:] applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly GitHub).”


Mailing list news

From our mailing list this month:

  • Bernhard M. Wiedemann posted a brief message to the list with some helpful information regarding nondeterminism within Rust binaries, positing the use of the codegen-units = 16 default and resulting in a bug being filed in the Rust issue tracker. []

  • Bernhard also wrote to the list, following up to a thread in November 2023, on attempts to make the LibreOffice suite of office applications build reproducibly. In the thread from this month, Bernhard could announce that the four patches previously mentioned have landed in LibreOffice upstream.

  • Fay Stegerman linked the mailing list to a thread she made on the Signal issue tracker regarding whether “device-specific binaries [can] ever be considered meaningfully reproducible”. In particular: “the whole part about ‘allow[ing] multiple third parties to come to a consensus on a “correct” result’ breaks down completely when ‘correct’ is device-specific and not something everyone can agree on.” []

  • Developer kpcyrd posted an update for source code indexing project, whatsrc.org. Announcing that it now importing packages from live-bootstrap (“a usable Linux system [that is] created with only human-auditable, and wherever possible, human-written, source code”) into its database of provenance data.

  • Lastly, Mechtilde Stehmann posted an update to an earlier thread about how Java builds are not reproducible on the armhf architecture, enquiring how they might gain temporary access to such a machine in order to perform some deeper testing. []


diffoscope

diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb released versions 274, 275, 276 and 277, uploaded these to Debian, and made the following changes as well:

  • New features:

    • Strip ANSI escapes—usually colour codes—from the output of the Procyon Java decompiler. []
    • Factor out a method for stripping ANSI escapes. []
    • Append output from dumppdf(1) in more cases, avoiding situations where we fallback to a binary diff. []
    • Add support for versions of Perl’s IO::Compress::Zip version 2.212. []
  • Bug fixes:

    • Also catch RuntimeError exceptions when importing the PyPDF library so that it, or, crucially, its transitive dependencies, cannot not cause diffoscope to traceback at runtime and build time. []
    • Do not call marshal.load(…) of precompiled Python bytecode as it, alas, inherently unsafe. Replace for now with a brief summary of the code section of .pyc. [][]
    • Don’t include excessive debug output when calling dumppdf(1). []
  • Testsuite-related changes:

    • Don’t bother to check version number in test_python.py: the fixture for this test is fixed. [][]
    • Update test_zip text fixtures and definitions to support new changes to the Perl IO::Compress library. []

In addition, Mattia Rizzolo updated the available architectures for a number of test dependencies [] and Sergei Trofimovich fixed an issue to avoid diffoscope crashing when hashing directory symlinks [] and Vagrant Cascadian proposed GNU Guix updates for diffoscope versions [275 and 276 and [277.


Website updates

There were a rather substantial number of improvements made to our website this month, including:


Upstream patches

The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:


Reproducibility testing framework

The Reproducible Builds project operates a comprehensive testing framework running primarily at tests.reproducible-builds.org in order to check packages and other artifacts for reproducibility. In August, a number of changes were made by Holger Levsen, including:

  • Temporarily install the openssl-provider-legacy package for the Debian unstable environments for running diffoscope due to Debian bug #1078944. [][][][]
  • Mark Debian armhf architecture nodes as being down due to proxy down. [][]
  • Detect proxy failures. [][][]
  • Run the index-buildinfo for the builtin-pho script with the -q switch. []
  • Disable all Arch Linux reproducible jobs. []

In addition, Mattia Rizzolo updated the website configuration to install the ruby-jekyll-sitemap package as it is now used in the website [], Roland Clobus updated the script to build Debian ‘live’ images to treat openQA issues as warnings [], and Vagrant Cascadian marked the cbxi4b node as down [].


If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

Categories: FLOSS Project Planets

Real Python: Quiz: Lists vs Tuples in Python

Planet Python - Wed, 2024-09-04 08:00

Challenge yourself with this quiz to evaluate and deepen your understanding of Python lists and tuples. You’ll explore key concepts, such as how to create and manipulate these data types, while also learning best practices for using them efficiently in your code.

You can take this quiz after reading the Lists vs Tuples in Python tutorial.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Categories: FLOSS Project Planets

joshics.in: Why Drupal is the Ultimate CMS for Your Business: Flexibility, Security, and Scalability

Planet Drupal - Wed, 2024-09-04 06:14
Why Drupal is the Ultimate CMS for Your Business: Flexibility, Security, and Scalability bhavinhjoshi Wed, 09/04/2024 - 15:44

When it comes to choosing a Content Management System (CMS) or framework, the options can be overwhelming. WordPress, Joomla, Squarespace, and many others each have their own strengths. However, there's one CMS that stands out among the rest for its power, flexibility, and scalability: Drupal. Here’s why Drupal should be at the top of your list.

Unmatched Flexibility

Drupal is known for its modular architecture, which allows developers to create highly customised solutions. Unlike WordPress and Squarespace that offer limited customisation out of the box, Drupal’s framework enables you to build virtually any type of website, from simple blogs to complex enterprise-level applications. Joomla also offers flexibility, but Drupal surpasses it with its extensive range of modules and themes.

Robust Security

Security is a critical concern for any website owner. While WordPress is often targeted due to its vast user base, and Joomla has had its share of vulnerabilities, Drupal boasts one of the most secure CMS frameworks available. With a dedicated security team that actively works to identify and patch vulnerabilities, Drupal ensures that your site is well-protected against common cyber threats.

Scalability

One of the most compelling reasons to choose Drupal is its ability to scale. Whether you're running a small business website or a high-traffic enterprise portal, Drupal can handle your needs. Major websites like NASA trust Drupal to manage their vast amount of content and traffic demands. While WordPress can also scale, it may require significant customisation and optimisations, which come naturally to Drupal.

Active Community Support

Drupal has a large and active community of developers, designers, and contributors who constantly improve the platform. While WordPress boasts the largest community, Drupal’s community-driven approach means you benefit from a wide range of modules, themes, and plugins that can extend the functionality of your site. Joomla also has a strong community, but Drupal’s focus on high-quality, enterprise-level solutions sets it apart.

SEO-Friendly

Having a website that ranks well on search engines is crucial. Drupal offers extensive SEO capabilities right out of the box, comparable to those of WordPress, which is often praised for its SEO plugins. From clean URLs to meta tags and mobile optimisation, Drupal provides the tools you need to ensure your site is easily discoverable by search engines. This built-in SEO functionality means you can focus more on your content and less on technical tweaks.

Cost-Effective in the Long Run

While initial development costs for a Drupal site might be higher compared to simpler platforms like WordPress or Squarespace, the long-term benefits make it a cost-effective choice. Its robust architecture reduces the need for frequent redesigns or overhauls, ensuring you get a higher return on investment over time.

Integrated Digital Ecosystem

For businesses looking to integrate their website with other digital tools and platforms, Drupal offers seamless integration capabilities. Whether it’s CRM systems, marketing automation tools, or e-commerce platforms, Drupal can easily connect with your existing digital ecosystem, streamlining your operations and enhancing user experience.

if you're looking for a CMS that offers unparalleled flexibility, robust security, scalability, active community support, SEO-friendliness, and long-term cost-effectiveness, Drupal is an excellent choice. Make the smart move and consider Drupal for your next project.

Drupal Drupal CMS Drupal Planet Add new comment
Categories: FLOSS Project Planets

Hynek Schlawack: Production-ready Python Docker Containers with uv

Planet Python - Wed, 2024-09-04 06:00

Starting with 0.3.0, Astral’s uv brought many great features, including support for cross-platform lock files uv.lock. Together with subsequent fixes, it has become Python’s finest workflow tool for my (non-scientific) use cases. Here’s how I build production-ready containers, as fast as possible.

Categories: FLOSS Project Planets

Jonathan Dowland: loading (unintended consequences?)

Planet Debian - Wed, 2024-09-04 05:06

For their 30th anniversary (ish; the Covid pandemic pushed the date out a bit) British electronic music duo Orbital released the compilation 30 something. The track list mostly looks like a best hits list, which — given their prior compilation celebrating 20 years looks much the same — would appear superfluous. However, they’ve rearranged and re-recorded all their songs for 30, to reflect their live arrangements. The reworkings are sufficiently distinct from the original versions (in some cases I prefer them) and elevate the release. The couple of new tracks are also fun, and many of the remixes on the second disc are worth a listen too.

But what I actually sat down to write about was the cover artwork. They often have designs which riff on the notion of a circle (given their name) and the 30-something art (both for the album and single takes from it) adapts a “loading” spinner-like device from computing (I suppose it mostly closely resembles the spinner from macOS).

A possibly unintended effect of the pattern occurs when you view it on a display which is adjusting its brightness, such as if you’re listening to it on a phone, the screen is off, and you pick it up. The brightest part of the spinner is visible first, and the rest fade into visibility in sequence. The first time you see this is unexpected and very cool. (I've tried to recreate it in the picture below, but I don't think it's worked.)

Although I've suffixed the titled of this post unintended consequences?, It's quite possible this was deliberate.

I’ve got the pattern on a t-shirt and my kids love to call out “Daddy’s loading!” In my convalescence it’s taken on a special sort of resonance because at times I’ve felt I’m in a holding state: waiting for an appointment to be made; waiting a polite interval before chasing an appointment; waiting for treatment to start after attending an appointment. Thankfully I’m at the end of that now, I hope.

Categories: FLOSS Project Planets

Promet Source: DotNetNuke vs Drupal for Large Government Agencies

Planet Drupal - Wed, 2024-09-04 04:22
Takeaway: Drupal is the superior choice for large government agencies compared to DotNetNuke CMS due to its greater customization, flexibility, security, scalability, and adaptability to emerging technologies. While DNN might be easier to use and integrate with Microsoft technologies, Drupal's robust features and active community make it better suited for the complex needs and long-term digital strategies of large government entities.
Categories: FLOSS Project Planets

Talk Python to Me: #476: Unified Python packaging with uv

Planet Python - Wed, 2024-09-04 04:00
A couple of weeks ago, Charlie Marsh and the folks at Astral made another big splash with a major release of uv called "uv: Unified Python packaging" which has many far reaching features. We had to have Charlie on the show to give us the inside look into this development. Let's get to it.<br/> <br/> <strong>Episode sponsors</strong><br/> <br/> <a href='https://talkpython.fm/posit'>Posit</a><br> <a href='https://talkpython.fm/training'>Talk Python Courses</a><br/> <br/> <strong>Links from the show</strong><br/> <br/> <div><b>Charlie Marsh on Twitter</b>: <a href="https://twitter.com/charliermarsh?featured_on=talkpython" target="_blank" >@charliermarsh</a><br/> <b>Charlie Marsh on Mastodon</b>: <a href="https://hachyderm.io/@charliermarsh?featured_on=talkpython" target="_blank" >@charliermarsh</a><br/> <br/> <b>uv: Unified Python packaging</b>: <a href="https://astral.sh/blog/uv-unified-python-packaging?featured_on=talkpython" target="_blank" >astral.sh</a><br/> <b>Python executable management</b>: <a href="https://docs.astral.sh/uv/concepts/python-versions/?featured_on=talkpython" target="_blank" >astral.sh</a><br/> <b>Projects</b>: <a href="https://docs.astral.sh/uv/concepts/projects/?featured_on=talkpython" target="_blank" >astral.sh</a><br/> <b>Tools</b>: <a href="https://docs.astral.sh/uv/concepts/tools/?featured_on=talkpython" target="_blank" >astral.sh</a><br/> <b>Scripts</b>: <a href="https://docs.astral.sh/uv/guides/scripts/?featured_on=talkpython" target="_blank" >astral.sh</a><br/> <b>Rye and uv: August is Harvest Season for Python Packaging</b>: <a href="https://lucumr.pocoo.org/2024/8/21/harvest-season/?featured_on=talkpython" target="_blank" >lucumr.pocoo.org</a><br/> <b>Python Build Standalone releases</b>: <a href="https://github.com/indygreg/python-build-standalone/releases?featured_on=talkpython" target="_blank" >github.com</a><br/> <b>Rules</b>: <a href="https://docs.astral.sh/ruff/rules/?featured_on=talkpython" target="_blank" >astral.sh</a><br/> <b>Watch this episode on YouTube</b>: <a href="https://www.youtube.com/watch?v=oj8yk0Y-Ky0" target="_blank" >youtube.com</a><br/> <b>Episode transcripts</b>: <a href="https://talkpython.fm/episodes/transcript/476/unified-python-packaging-with-uv" target="_blank" >talkpython.fm</a><br/> <br/> <b>--- Stay in touch with us ---</b><br/> <b>Subscribe to us on YouTube</b>: <a href="https://talkpython.fm/youtube" target="_blank" >youtube.com</a><br/> <b>Follow Talk Python on Mastodon</b>: <a href="https://fosstodon.org/web/@talkpython" target="_blank" ><i class="fa-brands fa-mastodon"></i>talkpython</a><br/> <b>Follow Michael on Mastodon</b>: <a href="https://fosstodon.org/web/@mkennedy" target="_blank" ><i class="fa-brands fa-mastodon"></i>mkennedy</a><br/></div>
Categories: FLOSS Project Planets

Dirk Eddelbuettel: RcppCNPy 0.2.13 on CRAN: Micro Bugfix

Planet Debian - Tue, 2024-09-03 20:36

Another (again somewhat minor) maintenance release of the RcppCNPy package arrived on CRAN earlier today.

RcppCNPy provides R with read and write access to NumPy files thanks to the cnpy library by Carl Rogers along with Rcpp for the glue to R.

A change in the most recent Rcpp appears to cause void functions wrapper via Rcpp Modules to return NULL, as opposed to being silent. That tickles discrepancy between the current output and the saved (reference) output of one test file, leading CRAN to display a NOTE which we were asked to take care of. Done here in this release—and now that we know we will also look into restoring the prior Rcpp behaviour. Other small changes involved standard maintenance for continuous integration and updates to files README.md and DESCRIPTION. More details are below.

Changes in version 0.2.13 (2024-09-03)
  • A test script was updated to account for the fact that it now returns a few instances of NULL under current Rcpp.

  • Small package maintenance updates have been made to the README and DESCRIPTION files as well as to the continuous integration setup.

CRANberries also provides a diffstat report for the latest release. As always, feedback is welcome and the best place to start a discussion may be the GitHub issue tickets page.

If you like this or other open-source work I do, you can now sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Categories: FLOSS Project Planets

Brightness controls for all your displays

Planet KDE - Tue, 2024-09-03 20:00

Whoops, it's already been months since I last blogged. I've been actively involved with Plasma and especially its power management service PowerDevil for over a year now. I'm still learning about how everything fits together.

Turns out though that a little bit of involvement imbues you with just enough knowledge and confidence to review other people's changes as well, so that they can get merged into the next release without sitting in limbo forever. Your favorite weekly blogger for example, Nate Graham, is a force of nature when it comes to responding to proposed changes and finding a way to get them accepted in one form or another. But it doesn't have to take many years of KDE development experience to provide helpful feedback.

Otfen we simply need another pair of eyes trying to understand the inner workings of a proposed feature or fix. If two people think hard about an issue and agree on a solution, chances are good that things are indeed changing for the better. Three or more, even better. I do take pride in my own code, but just as much in pushing excellent improvements like these past the finish line:

In turn, responsible developers will review your own changes so we can merge them with confidence. Xaver, Natalie and Nate invested time into getting my big feature merged for Plasma 6.2, which you've already read about:

Per-display Brightness Controls

This was really just a follow-up project to the display support developments mentioned in the last blog post. I felt it had to be done, and it lined up nicely with what KWin's been up to recently.

So how hard could it be to add another slider to your applet? Turns out there are indeed a few challenges.

In KDE, we like to include new features early on and tweak them over time. As opposed to, say, the GNOME community, which tends to discuss them for a loooong time in an attempt to merge the perfect solution on the first try. Both approaches have advantages and drawbacks. Our main drawback is harder to change imperfect code, because it's easy to break functionality for users that already rely on them.

Every piece of code has a set of assumptions embedded into it. When those assumptions don't make sense for the next, improved, hopefully perfect solution (definitely perfect this time around!) then we have to find ways to change our thinking. The code is updated to reflect a more useful set of assumptions, ideally without breaking anyone's apps and desktop. This process is called "refactoring" in software development.

But let's be specific: What assumptions am I actually talking about?

There is one brightness slider for your only display

This one's obvious. You can use more than just one display at a time. However, our previous code only used to let you read one brightness value, and set one brightness value. For which screen? Well... how about the code just picks something arbitrarily. If you have a laptop with an internal screen, we use that one. If you have no internal screen, but your external monitor supports DDC/CI for brightness controls, we use that one instead.

What's that, you have multiple external monitors that all support DDC/CI? We'll set the same value for all of them! Even if the first one counts from 0 to 100 and the second one from 0 to 10.000! Surely that will work.

No it won't. We only got lucky that most monitors count from 0 to 100.

The solution here is to require all software to treat each display differently. We'll start watching for monitors being connected and disconnected. We tell all the related software about it. Instead of a single set-brightness and a single get-brightness operation, we have one of these per display. When the lower layers require this extra information, software higher up in the stack (for example, a brightness applet) is forced to make better choices about the user experience in each particular case. For example, presenting multiple brightness sliders in the UI.

A popup indicator shows the new brightness when it changes

So this raises new questions. With only one display, we can indicate any brightness change by showing you the new brightness on a percentage bar:

Now you press the "Increase Brightness" key on your keyboard, and multiple monitors are connected. This OSD popup shows up on... your active screen? But did the brightness only change for your active screen, or for all of them? Which monitor is this one popup representing?

Ideally, we'd show a different popup on each screen, with the name of the respective monitor:

That's a good idea! But Plasma's OSD component doesn't have a notion of different popups being shown at the same time on different monitors. It may even take further changes to ask KWin, Plasma's compositor component, about that. What we did for Plasma 6.2 was to provide Plasma's OSD component with all the information it needs to do this eventually. But we haven't implemented our favorite UI yet, instead we hit the 6.2 deadline and pack multiple percentages into a single popup:

That's good enough for now, not the prettiest but always clear. If you only use or adjust one screen, you'll get the original fancy percentage bar you know and love.

The applet can do its own brightness adjustment calculations

You can increase or decrease brightness by scrolling on the icon of the "Brightness and Color" applet with your mouse wheel or touchpad. Sounds easy to implement: read the brightness for each display, add or subtract a certain percentage, set the brightness again for the same display.

Nope, not that easy.

For starters, we handle brightness key presses in the background service. You'd expect the "Increase Brightness" key to behave the same as scrolling up with your mouse wheel, right? So let's not implement the same thing in two different places. The applet has to say goodbye to its own calculations, and instead we add an interface to background service that the applet can use.

Then again, the background service never had to deal with high-resolution touchpad scrolling. It's so high-resolution that each individual scroll event might be smaller than the number of brightness steps on your screen. The applet contained code to add up all of these tiny changes so that many scroll events taken together will at least make your screen change by one step.

Now the service provides this functionality instead, but it adds up the tiny changes for each screen separately. Not only that, it allows you to keep scrolling even if one of your displays has already hit maximum brightness. When you scroll back afterwards, both displays don't just count down from 100% equally, but the original brightness difference between both screens is preserved. Scroll up and down to your heart's content without messing up your preferred setup.

Dimming will turn down the brightness, then restore the original value later

Simple! Yes? No. As you may guess, we now need to store the original brightness for each display separately so we can restore it later.

But that's not enough: What if you unplug your external screen while it's dimmed? And then you move your mouse pointer again, so the dimming goes away. Your monitor, however, was not there for getting its brightness restored to the original value. Next time you plug it in, it starts out with the dimmed lower brightness as a new baseline, Plasma will gladly dim even further next time.

Full disclosure, this was already an issue in past releases of Plasma and is still an issue. Supporting multiple monitors just makes it more visible. More work is needed to make this scenario bullet-proof as well. We'll have to see if a small and safe enough fix can still be made for Plasma 6.2, or if we'll have to wait until later to address this more comprehensively.

Anyway, these kind of assumptions are what eat up a good amount of development time, as opposed to just adding new functionality. Hopefully users will find the new brightness controls worthwhile.

So let's get to the good news

Your donations allowed KDE e.V. to approve a travel cost subsidy in order to meet other KDE contributors in person and scheme the next steps toward world domination. You know what's coming, I'm going to:

Akademy is starting in just about two days from now! Thank you all for allowing events like this to happen, I'll try to make it count. And while not everyone can get to Germany in person, keep in mind that it's a hybrid conference and especially the weekend talks are always worth watching online. You can still sign up and join the live chat, or take a last-minute weekend trip to Würzburg if you're in the area, or just watch the videos shortly afterwards (I assume they'll go up on the PeerTube Akademy channel).

I'm particularly curious about the outcome of the KDE Goals vote for the upcoming two years, given that I co-drafted a goal proposal this time around. Whether or not it got elected, I haven't forgotten about my promise of working on mouse gesture support on Plasma/Wayland. Somewhat late due to the aforementioned display work taking longer. Other interesting things are starting to happen as well on my end. I'll have to be mindful not to stretch myself too thinly.

Thanks everyone for being kind. I'll be keeping an eye out for your bug reports when the Plasma 6.2 Beta gets released to adventurous testers in just over a week from today.

Discuss this post on KDE Discuss.

Categories: FLOSS Project Planets

Samuel Henrique: DebConf24 was fun!: Security, curl, wcurl, Debian's quality

Planet Debian - Tue, 2024-09-03 20:00
tl;dr

DebConf24 was fun!

A playlist of all of my talks, with subtitles (en, pt-br) and chapters is available on YouTube.

Overview

DebConf24 was held in Busan, South Korea, between Sunday July 28th to Sunday August 4th 2024.

As usual for DebConfs, I had a great time meeting my friends, but also met new people and got to learn a bit about the interesting things they're working on.

I ended up getting too excited during the talk submission stage of the conference and as a result I presented 5 different activities (3 talks, 1 BoF and 1 lightning talk).

Since I was too busy with the presentations, I did not have a lot of time to actually hang out with folks, or even to go out in the city, I guess I've learned my lesson for next time.

The main purpose of this post is to write about all of the things I presented at the conference. I did want to list some of the interesting talks I've watched, but that I would not be able to be fair as I'm sure I would miss some.

You can get the schedule and the recordings of any talks from the conference's website: https://debconf24.debconf.org/schedule/

wcurl Lightning Talk

The most fun of my presentations, during the second-to-last day of the conference, I've asked for help from Sergio Durigan Junior <sergiodj> to setup an URL containing a whitespace and redirecting that to wcurl's manpage.

I then did a little demo to showcase why me (and a lot others) struggle with downloading things with curl, and how wcurl solves that.

Fixing CVEs on Debian: Everything you probably know already

I've always felt like DebConf was missing security-related talks, so I decided to do something about it and presented a few of the things I've learned when fixing CVEs for Debian.

This is an area where we don't get a lot of new contributors, I'm trying to change that, and this talk can be used to introduce newcomers to it.

The secret sauce of Debian

Debian is not very vocal about all of the nice things it has regarding quality-assurance, testing, or CI, even though it's at the state-of-the-art for a lot of things.

This talk is an initial step towards making people aware of the cool things happening behind the scenes. Ideally we should have it well-documented somewhere.

"I use Debian BTW": fzf, tmux, zoxide and friends

One of my earliest good memories of Debian was when it started coming with a colored PS1 by default, I still remember the feeling of relief whenever I jumped into a Debian server and didn't have to deal with a black and white PS1.

There's still a lot of room for Debian to ship better defaults, and I think some of them can actually happen.

This talk is a bit of a silly one where I'm just making people aware of the existence of a few Golang/Rust CLI tools, and also some dotfiles configurations that should probably be the default.

curl

The curl project does such a great job with their security advisories that it will likely never receive the amount of praise it deserves, but I did my best at mentioning it throughout my CVEs talk.

Maybe I will write more extensively about this someday, but in case I don't:

There's no other project which always consistently mentions the exact range of commits that are affected by a given CVE.

Forget about whether the versions are EOL, curl doesn't have LTS releases, yet they do such a great job at clearly documenting their CVEs that I would take that over having LTS releases anytime (that's for curl at least, I acknowledge some types of projects have a different need for LTS releases).

Not only that, but they are also always careful about explaining alternative mitigations such as configuration changes, build flags that defuse the exploitation, or parameters that you should not use.

Just like we tend to do every time we meet, me and the other Debian curl maintainers spent the first 2 or 3 days of the conference talking about how we wanted to eventually meet up to discuss the package.

It was going to be informal, maybe during the Cheese and Wine party, but then I've realized we should make it part of the official schedule, which would also give us the recordings for later.

And so the "curl maintainers BoF" happened, where we spoke about HTTP3, GnutTLS, wcurl and other things.

wcurl

Right after that BoF, Daniel Stenberg asked if we were interested in having wcurl adopted into curl, which we definitely were, so wcurl is now part of the curl project.

Daniel was also kind enough to design a logo for the project, which makes me especially happy because I can stop with my own approach at a logo (which I had to redo every few days):

And here is the new logo:

Much better, I would say :)

curl Swag

DebConf24 was my chance at forwarding some curl swag items to the other curl maintainers, so both Sergio Durigan Junior <sergiodj> and Carlos Henrique Lima Melara <charles> got the curl-up t-shirt and the very cool curl PCB coaster, both gifted by Daniel Stenberg.

Unfortunately I didn't have any of that for DebConf attendees, but I did drop loads of curl stickers at the stickers table, they were gone very quickly.

For the future

I used to think the most humbling experience you could have as someone who presented a talk was to have to watch it yourself, you notice a lot of mistakes and you instantly think about things that should be done differently.

It turns out the most humbling thing to do is actually to write subtitles for your talks, I noticed every single mistake, often multiple times.

So after spending more than 30 hours writing the subtitles for both English and Brazilian Portuguese for my talks, I feel like it's going to be much easier to avoid committing the same mistakes again. After some time you stop feeling shame about those mistakes and you're just left with feelings of annoyance, and at that point it becomes easier to consciously avoid them.

I am collecting a list of things I wish I had done differently on all of those talks, so if I end up presenting any one of them again, it will be an improved version.

Categories: FLOSS Project Planets

PyCoder’s Weekly: Issue #645 (Sept. 3, 2024)

Planet Python - Tue, 2024-09-03 15:30

#645 – SEPTEMBER 3, 2024
View in Browser »

Using Astropy for Astronomy With Python

This course covers two problems from introductory astronomy to help you play with some Python libraries. You’ll use NumPy, Matplotlib, and pandas to find planet conjunctions, and graph the best viewing times for a star.
REAL PYTHON course

Python Language Summit 2024

Talk Python to Me interviews Seth Michael Larson and they talk about this year’s Python Language Summit. Learn all about what happened at the closed door session for core developers inside PyCon.
KENNEDY & LARSON podcast

Instant PEP 8 Compliance Checks & Fixes With Top AI Code Reviewer

With CodeRabbit, solve your indentation issues and security concerns. CodeRabbit doesn’t just point out issues; it suggests fixes and explains the reasoning behind the suggestion. Elevate code quality with AI-powered, context-aware reviews and 1-click fixes. Sign up for free today →
CODERABBIT sponsor

Layman’s Guide to Python Built-in Functions

This is a plain language guide to every built-in function in Python, paired with a simple example that shows each function in action.
MATT LAYMAN

DjangoCon Europe 2026 Call for Organizers

DJANGO SOFTWARE FOUNDATION

PyPy v7.3.17 Release

PYPY.ORG

Quiz: Python Strings and Character Data

REAL PYTHON

Quiz: Python String Formatting

REAL PYTHON

Articles & Tutorials Sorting Dictionaries in Python: Keys, Values, and More

In this video course, you’ll learn how to sort Python dictionaries. By the end, you’ll be able to sort by key, value, or even nested attributes. But you won’t stop there—you’ll also measure the performance of variations when sorting and compare different key-value data structures.
REAL PYTHON course

Understanding the Template Method Pattern in Python

The Template Method Pattern is when a base class is used to implement a series of steps, and subclasses can override one or more of those steps to customize the process. This article shows an example usage in Python and why you might want to implement it.
LANCE GOYKE

Accelerate Edge Devices With High-Performance AI Power

Experience the power of Edge AI—delivering lightning-fast, real-time processing where it matters. Optimize your applications with low latency, high efficiency, and unparalleled accuracy. Push performance beyond limits with Intel’s OpenVINO toolkit.
INTEL CORPORATION sponsor

Asyncio gather() Limit Concurrency

The asyncio.gather() function allows you to run multiple co-routines concurrently. There are times when you want to control just how much concurrency you have though and this post shows you how to use a semaphore to do just that.
JASON BROWNLEE

Adventures Building a Spreadsheet Engine in Python

Spreadsheets are a fascinating tool: you can both store and structure data, and include formulas that run computations on the contents of a sheet. James has written a spreadsheet engine, and this post talks about how it is done.
JAMES G

What’s New in pip 24.2

In version 24.2, pip learns to use system certificates by default, receives a handful of optimizations, and deprecates legacy (setup.py develop) editable installations. This article covers the changes and why they’ve been made.
RICHARD SI

CPython Compiler Hardening

Nate has been working on the CPython compiler, applying memory hardening guidelines recommended by OpenSSF’s Memory Safety Special Interest Group. This blog post talks about what was applied and how it should improve CPython.
NATE OHLSON

A Comparison of Providers for Python Serverless Functions

This is a comparison chart of the most common host providers that support Python serverless functions. It compares what features are supported, pricing, runtime limits, and more.
HAROLD MARTIN

There Can’t Be Only One

A weird historical first in baseball recently reminded James about how often as programmers we map our data assuming a one-to-one relationship, and how often that’s a bad choice.
JAMES BENNETT

Safety & Security Engineer: First Year in Review

It has been a year since Mike joined the PSF as the Safety & Security Engineer for PyPI. This blog post talks about all the things he’s been involved with.
MIKE FIELDER

Python Developers Survey 2023 Results

Official Python Developers Survey 2023 Results by Python Software Foundation and JetBrains: more than 25k responses from almost 200 countries.
JETBRAINS.COM

Lesser Known Parts of Python Standard Library

This article covers some of the lesser used parts of the Python standard library, including Deque, defaultdict, UserDict, and more.
TRICKSTER DEV

Projects & Code AlgoTree: A Package for Working With Tree Structures

PYPI.ORG • Shared by Alex Towell

anacondacode: Execute Python Directly From Excel

PYPI.ORG

pare: Deploy Python Lambdas Alongside Your Web App

GITHUB.COM/GAUGE-SH

django-admin-action-forms: Forms for Django Admin

GITHUB.COM/MICHALPOKUSA

PromptMage Simplifies Managing LLM Workflows

PROMPTMAGE.IO • Shared by Tobias Sterbak

Events EARL 2024

September 4 to September 6, 2024
DATACOVE.CO.UK

Weekly Real Python Office Hours Q&A (Virtual)

September 4, 2024
REALPYTHON.COM

PyCon Estonia 2024

September 5 to September 7, 2024
PYCON.EE

Canberra Python Meetup

September 5, 2024
MEETUP.COM

Sydney Python User Group (SyPy)

September 5, 2024
SYPY.ORG

PyDelhi User Group Meetup

September 7, 2024
MEETUP.COM

Happy Pythoning!
This was PyCoder’s Weekly Issue #645.
View in Browser »

[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]

Categories: FLOSS Project Planets

GSoC Final Update

Planet KDE - Tue, 2024-09-03 14:50

This is my last update about my GSoC project (Python bindings for KDE Frameworks).

These weeks have been quieter than usual because I’ve been on vacation, but there are still some new things to share.

I published a mini tutorial on how to generate Python bindings using the new CMake module.

People have started to test the Python bindings and some building issues have been reported (which is good, because that means people have interest in them). Unfortunately I’m going to have less time to contribute as I start university next week, but I’m sure you’ll see me!

Many thanks to Carl (my mentor) and everyone who reviewed my merge requests!

Categories: FLOSS Project Planets

FSF Events: Free Software Directory meeting on IRC: Friday, September 6, starting at 12:00 EDT (16:00 UTC)

GNU Planet! - Tue, 2024-09-03 14:47
Join the FSF and friends on Friday, September 6 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.
Categories: FLOSS Project Planets

FSF Blogs: August GNU Spotlight with Amin Bandali

GNU Planet! - Tue, 2024-09-03 12:24
Fifteen new GNU releases in the last month (as of August 31, 2024):
Categories: FLOSS Project Planets

August GNU Spotlight with Amin Bandali

FSF Blogs - Tue, 2024-09-03 12:24
Fifteen new GNU releases in the last month (as of August 31, 2024):
Categories: FLOSS Project Planets

Specbee: Why we switched from GA4 to Matomo and How to set up Matomo in Drupal

Planet Drupal - Tue, 2024-09-03 11:29
For years, digital marketers have loved Universal Analytics (UA) for its simplicity. It made tracking website performance easy. But then came Google Analytics 4 (GA4). Now, things are more complicated. With GA4’s event-based tracking, redefined metrics, and a less intuitive interface, many marketers are struggling to navigate this new, less familiar landscape. Even with GA4's advanced features, the steep learning curve and changes to key functions have left marketers searching for alternatives that offer both power and ease of use. Enter Matomo—a customizable analytics platform that prioritizes privacy and addresses many of the pain points GA4 users face. In this blog, we'll break down the complexities of GA4 and tell you why we moved, explore the challenges of moving from UA, and introduce Matomo as a powerful alternative that might solve your analytics headaches.  We can help if you're having trouble adjusting to GA4's new data model, finding it hard to work with its interface, or searching for a platform that offers you more control over your data. But hey, don’t skip—read the whole article first! Why we made the switch: Google Analytics 4 & its complexities After years of leaning on Universal Analytics (UA), its intuitive interface, familiar metrics, and straightforward reporting made it an indispensable tool for us at Specbee and for digital marketers everywhere. However, with Google’s shift to GA4, we were left grappling with a steep learning curve and several challenges, particularly in reporting.  Here are some details about the challenges faced.  Understanding the new data model Event-based tracking: Unlike Universal Analytics, which relied heavily on a session-based data model, GA4 uses an event-based approach. This means that every interaction, from page views to clicks, is treated as an event. While the event-based approach provides more granular data, it also requires a paradigm shift in how reporting is approached, by mapping the new events to the metrics & dimensions. Custom parameters: GA4 encourages using custom parameters for events, but setting these up is more complex than UA’s straightforward event tracking. The lack of pre-defined event categories, actions, and labels means investing time in defining and standardizing the parameters. Navigating the interface Learning curve: GA4’s interface is markedly different from UA. While it’s designed to be more flexible, it is less intuitive. Features easily accessible in UA, like certain reports and metrics, are now buried deeper in the UI or have been renamed, leading to frustration and additional time spent searching for information. Exploration reports: GA4 introduces Exploration Reports, which offer powerful custom reporting capabilities. However, the flexibility comes with complexity. It takes a considerable amount of time to learn how to effectively use these reports, especially in understanding how to apply filters, segments, and comparisons to get the data I needed. Changes in key metrics New definitions: Some important metrics from Universal Analytics have been redefined or replaced (e.g. engagement rate in GA4). While these changes are aimed at providing a more holistic view of user interaction, they make it difficult to compare data with historical reports from UA. Understanding these new metrics and how they align with business goals is a significant challenge. Conversion tracking: Setting up conversions in GA4 is fundamentally different from UA. The process now involves defining events and marking them as conversions, which is more flexible but also more prone to errors. Misconfigured events lead to discrepancies in conversion data, making it challenging to trust the reports. Limited pre-built reports Fewer default reports: GA4 comes with fewer pre-built reports compared to UA. This is a double-edged sword; while it forces customization to better align with business goals, it also means more time spent creating and configuring reports that were readily available in UA. Audience segmentation: The segmentation features in GA4 are more advanced but also more complex to set up. Building audience segments requires a deep understanding of user behavior and event parameters, thus making it hard to create meaningful insights. Attribution modeling Changes in attribution: GA4 offers more sophisticated attribution models, including data-driven attribution, which is a significant improvement. However, the challenge lies in understanding these models and how they differ from UA’s last-click attribution. The shift requires a reevaluation of marketing strategies and reporting to reflect the new attribution data accurately. Matomo: An Open-Source, Privacy-Centric alternative for web analytics Matomo is a potent open-source web analytics platform that prioritizes data ownership and privacy. In contrast to a lot of popular analytics tools, Matomo gives you total control over your data by letting you host it on your own servers or in the cloud. A wide range of features is available with Matomo, which is well-known for its adaptability and customization. These include advanced analytics tools like heatmaps and session recordings, real-time visitor tracking, and customizable dashboards. It offers a strong and intuitive substitute for systems such as Google Analytics, particularly for individuals who value customized insights and data privacy. Setting up Matomo in Drupal In Drupal, setting up Matomo is a simple process. Matomo’s privacy-focused analytics can be set up in two ways. You can choose to host the Matomo analytics on your server or set it up as a cloud-based analytics platform. You can find more details on the pricing here. Here is a quick guide on how we to set up Matomo on your server: Install Matomo on your server Download Matomo: Visit the official Matomo website and download the latest version of the software. Upload to your server: Use FTP or another file transfer method to upload the Matomo files to your web server. Typically, this will be in a subdirectory of your domain, like `yourdomain.com/matomo`. Run the Installer: Access the directory in your web browser to start the installation process. Follow the on-screen instructions to set up the database and complete the installation. Install the Matomo module in Drupal Download the Module: Go to the Drupal Matomo module page and download the module. You can also install it directly via Drupal’s admin interface by searching for "Matomo." Enable the Module: Once installed, navigate to `Extend` in the Drupal admin menu, find Matomo, and enable it. Configure the Matomo module Access Configuration: Go to `Configuration > Matomo` in your Drupal admin menu. Enter Matomo URL: Provide the URL where your Matomo installation is hosted. This could be something like `https://yourdomain.com/matomo/`. Site ID: In Matomo, every tracked website is assigned a unique Site ID. You can find this ID in your Matomo dashboard under `Administration > Websites`. Enter this ID in the corresponding field in the Drupal configuration. Matomo Token: You’ll also need to enter your Matomo API token, which you can find in your Matomo user profile under `API`. This token allows Drupal to communicate securely with your Matomo installation. You can also add advanced configurations like heatmaps, session recordings, and more, depending on your requirements.  Get your website to the top with our specialized Drupal SEO services. And guess what? Your first SEO audit is on us—completely FREE! Matomo's data insights features Previously known as Piwik, Matomo provides a powerful, privacy-centric alternative to mainstream analytics tools like Google Analytics. Let’s dive into the key features that make Matomo a top choice for businesses and developers.  Customizable dashboards and all websites dashboard Create dashboards tailored to your needs and manage multiple websites from a single interface. Arrange widgets, select metrics, and monitor performance across all your sites efficiently, ensuring you have quick access to the insights that matter most. Real-time data updates Track visitor activity on your website as it happens. Matomo’s real-time data updates provide immediate insights into traffic trends, user behavior, and engagement, allowing for quick decision-making and responsive action. Analytics for ecommerce and goal conversion tracking Monitor your online store’s performance and track specific goals. Matomo allows you to analyze product views, purchases, revenue, and conversion rates to optimize your e-commerce strategy and measure the success of your marketing efforts. Event tracking and Content tracking Monitor interactions with specific elements and content on your website. Track button clicks, video plays, and downloads to understand user engagement and improve content effectiveness. These features provide granular insights into how users interact with your content. Custom dimensions Create custom dimensions to track additional data specific to your business needs. Matomo’s Custom Dimensions feature allows you to customize your analytics setup to gain deeper insights into user behavior and enhance your data analysis capabilities. Geolocation Identify where your visitors are coming from with Matomo’s Geolocation feature. Use geographic data to tailor your marketing efforts and content strategy based on insights into regional user behavior and preferences. User segmentation Segment your audience based on various criteria to gain a deeper understanding of different user groups. Analyze behavior, engagement, and conversion rates for each segment, allowing for targeted marketing strategies and personalized user experiences. Pages transitions and Page overlay Visualize how users navigate through your website. Pages Transitions and Page Overlay help you identify common paths, drop-off points, and popular routes, enabling you to optimize site structure and improve user experience. Analytics campaign tracking and Track traffic from search engines Measure the performance of your marketing campaigns and analyze search engine traffic. Track conversions, understand user journeys, and optimize your marketing efforts based on insights into how visitors find and interact with your site. No data limit Enjoy unlimited data storage with Matomo. Analyze extensive datasets without worrying about data limits, ensuring comprehensive insights into your website performance and the ability to track historical data over long periods. Other powerful features Annotations allow you to add notes to your analytics data, providing context for significant events and changes, which aids in better data analysis.  Scheduled Email Reports keep you informed by delivering customized, automated reports with key metrics directly to your inbox, making it easy to share insights with stakeholders.  Site Search Analytics lets you track and analyze user search queries, helping you identify content gaps and optimize your site's search functionality.  Visits Log and Visitor Profile offers detailed insights into individual user behavior, visit history, and preferences, enabling personalized marketing and a better user experience. Matomo's premium features Matomo's premium features offer deep insights, extensive customization, and advanced tools for confident data-driven decisions. Learn how these features, from heatmaps and session recordings to A/B testing and funnel analysis, can enhance your analytics capabilities. Heatmap analytics and Session recording Gain valuable insights into user behavior with Matomo’s Heatmap Analytics and Session Recording features: Heatmaps: Visual displays of user interactions, helping identify engaging areas and usability issues. Scroll Maps: Understand how far users scroll down a page. Click Maps: See where users are clicking most often. Session Recording: Capture all visitor activities, including clicks, mouse movements, scrolls, window resizes, page changes, and form interactions. Replay these interactions in video format to see exactly how visitors engage with your site and use these insights to improve user experience and troubleshoot issues. A/B testing platform Optimize your websites, apps, and marketing campaigns by running A/B tests: Experiment with different versions of your pages. Determine which performs best to increase conversions. Make data-driven decisions to enhance performance, ensuring that your changes lead to improved user engagement and higher conversion rates. Custom reports Create custom reports tailored to your needs to gain new insights and save time: Pull out the exact information you require for success. Reduce the risk of human error. Generate new reports quickly, streamlining your data analysis process and allowing you to focus on the metrics that matter most to your business. Form analytics Improve form conversions by analyzing where and when visitors abandon your forms: Gain insights into user interactions with your forms. Identify and fix issues that prevent successful submissions. Optimize your forms to enhance user experience and increase conversion rates. Visualize conversion funnels Understand where visitors drop off in your conversion funnels to increase conversions, sales, and revenue with your existing traffic: Identify bottlenecks in the user journey. Optimize your site to improve conversion rates. Make informed decisions to enhance the user experience and drive more conversions. User flow Analyze the most popular paths users take through your website or app with User Flow: Visual representation helps you understand user behavior. Identify common exit points and optimize navigation. Gain insights into how users interact with your site to improve their experience. Multi-channel conversion attribution Understand the contribution of each marketing channel to your conversions: Clarity on how much credit each referrer deserves. Allocate marketing efforts and budgets more effectively. Optimize your marketing strategy to drive better results. Advertising conversion export Get insights into your paid ads, including Google Ads, Microsoft Bing Ads, and Yandex Ads, with better privacy and simplified implementation: Integrates with these platforms, providing comprehensive data without needing third-party tracking codes. Saves implementation time and ensures that your advertising data is accurate and privacy-compliant. Other advanced tools Media Analytics helps you track and optimize video and audio engagement by monitoring views, play duration, and interactions. SEO Web Vitals enhances your website’s performance and search ranking by identifying and addressing key SEO issues, ensuring a seamless user experience.  Roll-Up Reporting saves time by aggregating data from multiple websites and apps, offering a holistic view of your digital properties. User Cohorts allow you to analyze and compare the behavior of different user groups, enabling you to boost retention and satisfaction. Matomo VS GA4 Both Matomo and Google Analytics 4 (GA4) are prominent web analytics platforms that provide valuable insights into website performance and user behavior. However, they differ significantly in features, user experience, data control, and pricing. Here’s a detailed comparison to help you choose the right tool for your needs. Data ownership and privacy Matomo: Offers full data ownership, allowing businesses to ensure compliance with privacy regulations like GDPR. Users can choose where their data is stored, which is a significant advantage for organizations concerned about data privacy.GA4: Data is stored on Google’s servers, which can raise concerns about data privacy and sharing. While GA4 provides robust analytics capabilities, it may not offer the same level of control over data as Matomo. Historical data import Matomo: Supports importing historical data from Universal Analytics, allowing users to maintain continuity in their analytics without losing past insights.GA4: Does not allow importing historical data from Universal Analytics, which means users starting with GA4 will not have access to their previous data, potentially complicating year-over-year comparisons. User interface and usability Matomo: Known for its intuitive and user-friendly interface, Matomo is rated highly for ease of use. Users can quickly navigate the platform and access insights without extensive training.GA4: While it features a modern design, many users find the interface complex and challenging to navigate, especially those accustomed to previous versions of Google Analytics. It requires a steeper learning curve to fully leverage its capabilities. Reporting and insights Matomo: Offers customizable reports and a variety of analytics tools, including conversion tracking and A/B testing. Users can easily create dashboards that reflect their specific needs.GA4: Provides advanced reporting features, including custom reports and data visualization tools. However, its reliance on machine learning can sometimes obscure direct insights, making it less straightforward for some users. Pricing Matomo: Offers both free and paid options, with the free version requiring self-hosting, which may incur additional costs. The paid version is generally more affordable than GA4's premium offerings, making it a cost-effective choice for many businesses.GA4: The free version is powerful but comes with limitations, such as a 14-month data retention policy. The paid version can be expensive, particularly for larger organizations that require extensive data analysis capabilities. Final thoughts Choosing between Matomo and GA4 ultimately depends on your organization's specific needs and priorities. If data ownership, privacy, and ease of use are paramount, Matomo is likely the better choice. Conversely, if you require advanced machine learning features and seamless integration with Google products, GA4 may be more suitable. Both platforms have their strengths and weaknesses, and understanding these can help you make an informed decision that aligns with your analytics goals. With experience working extensively with GA4 and Matomo, we’re ready to help you improve your web analytics and SEO experience. Learn more about our Drupal SEO services and get in touch with us today!
Categories: FLOSS Project Planets

Mike Driscoll: ANN: JupyterLab 101 Kickstarter

Planet Python - Tue, 2024-09-03 10:08

My latest Python book is now available for pre-order on Kickstarter.

JupyterLab 101 mockup

JupyterLab, the latest iteration of the Jupyter Notebook, is a versatile tool for sharing code in an easily understandable format.

Hundreds of thousands of people around the world use Jupyter Notebooks or variations of the Notebook architecture for any or all of the following:

  • teaching
  • presentations
  • learning a computer language
  • numerical simulations
  • statistical modeling
  • data visualization
  • machine learning
  • and much more!

Jupyter Notebooks can be emailed, put on GitHub, or run online. You may also add HTML, images, Markdown, videos, LaTeX, and custom MIME types to your Notebooks. Finally, Jupyter Notebooks support big data integration.

JupyterLab 101 will get you up to speed on the newest user interface for Jupyter Notebooks and the other tools that JupyterLab supports. You now have a tabbed interface that you can use to edit multiple Notebooks, open terminals in your browser, create a Python REPL, and more. JupyterLab also includes a debugger utility to help you figure out your coding issues.

Rest assured, JupyterLab supports all the same programming languages as Jupyter Notebook. The main difference lies in the user interface, which this guide will help you navigate effectively and efficiently.

After reading JupyterLab 101, you will be an expert in JupyterLab and produce quality Notebooks quickly!

What You’ll Learn

In this book, you will learn how about the following:

  • Installation and setup of JupyterLab
  • The JupyterLab user interface
  • Creating a Notebook
  • Markdown in Notebooks
  • Menus in JupyterLab
  • Launching Other Applications (console, terminal, text files, etc)
  • Distributing and Exporting Notebooks
  • Debugging in JupyterLab
  • Testing your notebooks
Rewards to Choose From

As a backer of this Kickstarter, you have some choices to make. You can receive one or more of the following, depending on which level you choose when backing the project:

  • An early copy of JupyterLab 101 + all updates including the final version (ALL BACKERS)
  • A signed paperback copy (If you choose the appropriate perk)
  • Get all by Python courses hosted on Teach Me Python or another site  (If you choose the appropriate perk)
  • T-shirt with the book cover  (If you choose the appropriate perk)

Get the book on Kickstarter today!

The post ANN: JupyterLab 101 Kickstarter appeared first on Mouse Vs Python.

Categories: FLOSS Project Planets

Real Python: Using Pydantic to Simplify Python Data Validation

Planet Python - Tue, 2024-09-03 10:00

Pydantic is a powerful data validation and settings management library for Python, engineered to enhance the robustness and reliability of your codebase. From basic tasks, such as checking whether a variable is an integer, to more complex tasks, like ensuring highly-nested dictionary keys and values have the correct data types, Pydantic can handle just about any data validation scenario with minimal boilerplate code.

In this video course, you’ll learn how to:

  • Work with data schemas with Pydantic’s BaseModel
  • Write custom validators for complex use cases
  • Validate function arguments with Pydantic’s @validate_call
  • Manage settings and configure applications with pydantic-settings

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Categories: FLOSS Project Planets

Django Weblog: Django security releases issued: 5.1.1, 5.0.9, and 4.2.16

Planet Python - Tue, 2024-09-03 07:00

In accordance with our security release policy, the Django team is issuing releases for Django 5.1.1, Django 5.0.9, and Django 4.2.16. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize()

urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

Thanks to MProgrammer for the report.

This issue has severity "moderate" according to the Django security policy.

CVE-2024-45231: Potential user email enumeration via response status on password reset

Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes.

To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the django.contrib.auth logger.

Thanks to Thibaut Spriet for the report.

This issue has severity "low" according to the Django security policy.

Affected supported versions
  • Django main branch
  • Django 5.1
  • Django 5.0
  • Django 4.2
Resolution

Patches to resolve the issue have been applied to Django's main, 5.1, 5.0, and 4.2 branches. The patches may be obtained from the following changesets.

CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize() CVE-2024-45231: Potential user email enumeration via response status on password reset The following releases have been issued

The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E

General notes regarding security reporting

As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance, nor via the Django Forum, nor via the django-developers list. Please see our security policies for further information.

Categories: FLOSS Project Planets

Calligra 4.0.1

Planet KDE - Tue, 2024-09-03 05:25

Calligra 4.0.1 is out. This small releases mostly contains fixes for distributions issues and updated translations.

I fixed some compatibility issues for Flatpak which is since yesterday available on Flathub.

Flathub website showing Calligra

Yaakov Selkowitz fixed the installation of the Okular generators so now if Calligra is installed, you can read your office document in Okular correctly.

Antonio Rojas dropped the unused KPart dependency and reenabled the user documentations.

I removed the old space navigator plugin which didn’t build anymore and was only used to navigate an office document with some retro controllers.

Finally, I fixed a few issues in Stage, I found while dog footing it for my slides for my Akademy presentation.

The updated slides sidebar of Calligra Stage

Get It

Calligra 4.0 is now available on Flathub. It’s also now available on Arch, KDE Neon and OpenBSD and I am aware there is some work in progress for Fedora and Mageia. Thanks everyone for packaging Calligra!

Packager Section

You can find the package on download.kde.org and it has been signed with my GPG key.

Categories: FLOSS Project Planets

Pages