Thorsten Alteholz: My Debian Activities in November 2022

Planet Debian - Wed, 2022-12-07 07:45
FTP master

This month I accepted 292 and rejected 43 packages. The overall number of packages that got accepted was 295.

Debian LTS

This was my hundred-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. 

This month my all in all workload has been 14h.

During that time I uploaded:

  • [DLA 3200-1] graphicsmagick security update for one CVE
  • [DLA 3201-1] ntfs-3g security update for one CVE
  • [inetutils]found unfixed CVE in latest DLA

I also started to work on ring, but this seems to be a pile of work. Not least because at the moment the package does not migrate to testing.

Further I started to investigate what packages are really affected by CVE-2018-17942. It looks like some upstreams and their corresponding maintainers did not care about that CVE in the embedded gnulib.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the fifty second ELTS month.

During my allocated time I uploaded:

  • [ELA-736-1] ntfs-3g security update of Jessie and Stretch for one CVE
  • [ELA-745-1] snapd security update of Jessie for two CVEs
  • [ELA-746-1] inetutils security update of Jessie for two CVEs

Last but not least I did some days of frontdesk duties.

Debian Mobcom

This month I uploaded improved packages of:

Other stuff

This month I uploaded improved packages of:

Categories: FLOSS Project Planets

PyBites: Coding with mindfulness

Planet Python - Wed, 2022-12-07 07:41

Listen here:

Welcome back to the Pybites podcast. This week we have Andrew McLeod on the show to talk about mindfulness.

We talk about:
– Mindfulness as it applies to the tech industry and why it’s important to humanise tech.
– How mindfulness humanises.
– How to be more aware of different parts of the body – as opposed to only thought.
– The trap of trying to use mindfulness to fix problems that require action (eg mindfulness will make you aware you are hungry, it won’t resolve the issue)
– How mindfulness can help with emotional intelligence (including in the context of code reviewing).
– How mindfulness and emotional intelligence can help relating with peers and improve team performance.

– The Miracle Of Mindfulness
– Chief Joy Officer
– McMindfulness

– MBSR course with certification
– MBSR course (without certification – free)
– A significantly longer course, both of these teachers are excellent

Other resources:
– The guy that ‘brought mindfulness to the west’
– Tara Brach’s work
– Mindful code reviews:  part 1 and part 2

We hope you enjoy this episode!

To reach out to Andrew, you can do so:
– On LinkedIn
– On our Slack
– On Instagram

Categories: FLOSS Project Planets

Salsa Digital Drupal-Related Articles: Celebrate the launch of Drupal 10 with Salsa

Planet Drupal - Wed, 2022-12-07 04:54
Drupal 10 Melbourne Meetup launch Join us for the Drupal 10 Melbourne launch at 4.30pm on 15 December 2022.  To celebrate the next evolution of Drupal 10 we’re hosting a D10 launch party to coincide with its global release.  As part of our regular commitment to Drupal and the Melbourne Drupal Meetup, Salsa has moved the Meetup to host the Drupal 10 launch celebration. We’ll be providing a special venue (Hub Australia Church Street) for this event, with drinks and food — you just need to bring yourself!  We’ll also be highlighting and presenting Salsa’s contribution to Drupal 10 with the Drupal 10-ready CivicTheme design system.
Categories: FLOSS Project Planets

Opensource.com: 16 reasons DDEV will be your new favorite development environment

Planet Drupal - Wed, 2022-12-07 03:00
16 reasons DDEV will be your new favorite development environment Randy Fay Wed, 12/07/2022 - 03:00

What's so different about DDEV? It's a container-based local development environment. Here are a few reasons you should give it a try.

In 2022, you have a wide variety of local development environments to choose from, whether you're a designer, developer, tester, or any kind of open source contributor…

Categories: FLOSS Project Planets

Programiz: Python List

Planet Python - Wed, 2022-12-07 02:56
In this tutorial, we will learn about Python lists (creating lists, changing list items, removing items and other list operations) with the help of examples.
Categories: FLOSS Project Planets

Matthew Garrett: Making an Orbic Speed RC400L autoboot when USB power is attached

Planet Debian - Wed, 2022-12-07 01:33
As I mentioned a couple of weeks ago, I've been trying to hack an Orbic Speed RC400L mobile hotspot so it'll automatically boot when power is attached. When plugged in it would flash a "Welcome" screen and then switch to a display showing the battery charging - it wouldn't show up on USB, and didn't turn on any networking. So, my initial assumption was that the bootloader was making a policy decision not to boot Linux. After getting root (as described in the previous post), I was able to cat /proc/mtd and see that partition 7 was titled "aboot". Aboot is a commonly used Android bootloader, based on Little Kernel - LK provides the hardware interface, aboot is simply an app that runs on top of it. I was able to find the source code for Quectel's aboot, which is intended to run on the same SoC that's in this hotspot, so it was relatively easy to line up a bunch of the Ghidra decompilation with actual source (top tip: find interesting strings in your decompilation and paste them into github search, and see whether you get a repo back).

Unfortunately looking through this showed various cases where bootloader policy decisions were made, but all of them seemed to result in Linux booting. Patching them and flashing the patched loader back to the hotspot didn't change the behaviour. So now I was confused: it seemed like Linux was loading, but there wasn't an obvious point in the boot scripts where it then decided not to do stuff. No boot logs were retained between boots, which made things even more annoying. But then I realised that, well, I have root - I can just do my own logging. I hacked in an additional init script to dump dmesg to /var, powered it down, and then plugged in a USB cable. It booted to the charging screen. I hit the power button and it booted fully, appearing on USB. I adb shelled in, checked the logs, and saw that it had booted twice. So, we were definitely entering Linux before showing the charging screen. But what was the difference?

Diffing the dmesg showed that there was a major distinction on the kernel command line. The kernel command line is data populated by the bootloader and then passed to the kernel - it's how you provide arguments that alter kernel behaviour without having to recompile it, but it's also exposed to userland by the running kernel so it also serves as a way for the bootloader to pass information to the running userland. The boot that resulted in the charging screen had a androidboot.poweronreason=USB argument, the one that booted fully had androidboot.poweronreason=PWRKEY. Searching the filesystem for androidboot.poweronreason showed that the script that configures USB did not enable USB if poweronreason was USB, and the same string also showed up in a bunch of other applications. The bootloader was always booting Linux, but it was telling Linux why it had booted, and if that reason was "USB" then Linux was choosing not to enable USB and not starting the networking stack.

One approach would be to modify every application that parsed this data and make it work even if the power on reason was "USB". That would have been tedious. It seemed easier to modify the bootloader. Looking for that string in Ghidra showed that it was reading a register from the power management controller and then interpreting that to determine the reason it had booted. In effect, it was doing something like:boot_reason = read_pmic_boot_reason(); switch(boot_reason) { case 0x10: bootparam = strdup("androidboot.poweronreason=PWRKEY"); break; case 0x20: bootparam = strdup("androidboot.poweronreason=USB"); break; default: bootparam = strdup("androidboot.poweronreason=Hard_Reset"); }Changing the 0x20 to 0xff meant that the USB case would never be detected, and it would fall through to the default. All the userland code was happy to accept "Hard_Reset" as a legitimate reason to boot, and now plugging in USB results in the modem booting to a functional state. Woo.

If you want to do this yourself, dump the aboot partition from your device, and search for the hex sequence "03 02 00 0a 20"". Change the final 0x20 to 0xff, copy it back to the device, and write it to mtdblock7. If it doesn't work, feel free to curse me, but I'm almost certainly going to be no use to you whatsoever. Also, please, do not just attempt to mechanically apply this to other hotspots. It's not going to end well.

Categories: FLOSS Project Planets

Mike Herchel's Blog: Using ECA to Send Emails When a Field’s Value Changes

Planet Drupal - Tue, 2022-12-06 22:44
Using ECA to Send Emails When a Field’s Value Changes mherchel Wed, 12/07/2022 - 08:00
Categories: FLOSS Project Planets

PreviousNext: 5 simple tips to increase your Drupal contributions without gaming the system

Planet Drupal - Tue, 2022-12-06 20:34

How and why we contribute influences our impact on the Drupal community and ecosystem. So, how can we become positive, long-term contributors?

by lee.rowlands / 7 December 2022

Ok, so joke link-bait titles aside, this is actually a pretty serious topic. There was a Talking Drupal podcast episode about it and a lot of chatter on Twitter that was nicely summarised in this Drop Times article

As someone with a long history of contributing to Drupal, I want to wade in on the topic in a constructive fashion to try and help achieve the best outcome for the project and contributors. So, here's some advice from a long-time contributor. Feel free to take it with a grain of salt.

Tip 1 - Work out why you want to contributeSource: https://drupalsouth.org/news/2022/drupalsouth-2022-videos-and-photos

Both individuals and companies need to determine their reasons for contributing. If your reason is to increase your contribution credits and improve your position in the marketplace, then stop. You're doing yourself and your employees a disservice and likely creating additional work for others.

For organisations

If you're an organisation, your motivations should be something like this:

  • To improve your reputation in the Community
  • To ensure Drupal's long-term livelihood
  • To align Drupal with you and your client's strategic goals - Drupal is a do-ocracy
  • To improve your staff members' reputations in the Community
  • To grow your staff skillsets with mentoring from the brightest Drupal minds in the world
  • To enhance your reputation as an employer of choice for members of the Community

Co-founder of PreviousNext, Kim Pepper, gave an excellent presentation on the benefits to an organisation that encourages contribution. His talk might be four years old; however, it's still relevant. 

PreviousNext has always encouraged contribution, making us an attractive employer for developers. Our average staff tenure is more than five years, which is unheard of in the tech industry. Additionally, it helps when you're pitching for new projects if you have RFQ line items asking you to demonstrate you understand a feature and someone in your team is a maintainer or significant contributor to that feature.

For individuals

If you're an individual, your motivations should be something like:

  • To improve your skillset or learn a new concept. You will be amazed by how encouraging and helpful our community is for people who are helping move issues forward. If you come to an issue without an ego and with a willingness to ask for assistance, you are more likely to leave with a new concept/skill under your belt.
  • To increase your reputation in the community. People follow Drupal.org issues and get emails of activity. They may not have time to participate in every issue they follow, but they keep abreast of what is happening and who is driving the issue forward. Your username is your individual brand. If folks see a name popping up time and again, it builds recognition of your individual brand.
  • To widen your professional network. This gives you the ability to approach community members to ask for help. If you've worked on an issue with someone who maintains a key module and you have trouble with that module, that individual is more likely to be receptive to a request for help. The shared experience of working together to improve Drupal builds that relationship. Karma is something you can spend as well as earn.
  • To make friends all over the world. One of the true joys of contribution is the ability to work with amazing people all over the world. You will hear many tales of lifelong friendships people have formed with people on the other side of the world through contribution
  • To improve your resume and employment options. This one is kind of obvious, but if your personal brand value is on the ascent, this obviously makes you a recruitment or promotion target, or perhaps it gives you some justification for a pay rise. And employers shouldn't fear this. You want your people to be their best because when their value rises, so does yours.
  • To have fun. Because if it's fun, everything else is easy.

Whether you're an individual or an employer, it helps to define your contribution goal. Use it to guide your contributions and view each contribution through the lens of your goal. If it doesn't bring you closer to your goal, is it worthwhile? Is there some other way you could contribute?

Tip 2 - Treat contribution as a long-term investmentSource: https://commons.wikimedia.org/wiki/File:Gfp-wisconsin-madison-sunset-over-the-train-tracks-by-the-lake.jpg

Some forms of contribution are like a sugar hit. Sure, you get a credit, but do you get anything else out of it? Does it bring you closer to your goal? Some examples here include:

  • Rerolling an issue that doesn't apply. Then not sticking around to help address remaining tasks, like getting tests passing.
  • Fixing coding standards violations and nothing else.
  • Adding a README to a project.
  • Fixing the capitalisation of a module name in an info file.
  • Attaching screenshots to an issue that already has them.

Now don't get me wrong. I'm not saying that all of these aren't valuable contributions. Some of them are valuable contributions and move the project forward. The reroll might breathe life into a stale issue, the coding standards violation fix might result in the issue passing tests for the first time, and a new README improves our documentation. 

These are useful contributions for a new contributor getting used to the mechanics of creating patches or merge requests. However, once you have mastered that skill are you advancing your contribution goals from above if you continue to do it? Are you learning anything new? Are you robbing other newcomers of an opportunity to get started contributing? 

So if you're beginning, these type of tasks could easily be what helps you achieve your first contribution goal–but set a limit, acknowledge that you've achieved that goal, and then set a new goal and leave this to other newcomers.

Core committer, security team member and release manager Jess (xjm) (side note, she's looking for work, you should consider hiring or sponsoring her to continue her work on core) once wrote

Even if I ... never visited Drupal.org again, and threw my laptop in Lake Monona, I would continue to get commit mentions for work I did in the past.

And she is 100% right. For the last 11 months, I've been busy on a major client project, but I've continued to receive commit mentions for investments I made in issues in the past. Contribution is a long-term investment, and so you need to wait for that investment to mature. Things can happen slowly at times. 

Drupal is a huge and complex project run mostly by volunteer effort. It has a reputation for stability, which sometimes means things take a bit longer in order to consider all the possible side-effects, which leads me into my next tip.

Tip 3 - Get into a regular habitSource: https://flic.kr/p/D2n1Nq

The best way to improve your contribution 'investment' yield is to get into a regular habit. Set yourself a target for regular contribution. But to be 100% clear, the target should be for 'acts of contributing' rather than 'contribution credits'.

Back when Drupal 8 was nearing release, I started the patch a day challenge. Little did I know it would be a further two years until Drupal 8 came out. But I kept up the challenge and uploaded at least one patch a day on average for those two years. When Drupal 8 came out, I wound up close to the top ten contributors. To further illustrate xjm's point above, some of these investments continue to result in commit mentions even now, nearly seven years later.

Now, I realise this isn't something everyone can do. At the time, I was working part-time and caring for two school-aged children, so I had some spare time every afternoon as well as an employer willing to give me sponsored contribution time of around 6 hours a week. The luxury of time is something only some have. But getting yourself into a regular habit lets you build up an investment that will mature with time. 

Former colleague Donna Benjamin (@kattekrab) once said something along the lines of, "A website is like a garden, not a house, you need to continually tend to it" (sorry if I'm paraphrasing incorrectly, Donna). Contribution is similar; a little bit each day or week, and your investment will bear fruit.

Tip 4 - Find your nicheSource: https://flic.kr/p/y89qMj

The Drupal mentoring team's website slogan was once 'We've got issues'. It's a fun play on the number of tasks in the Drupal issues queues that's still true today. There are over 60,000 open issues for Drupal core alone (9 and 10 only). And the number of open issues for contrib would easily be just as many. So, there are plenty of opportunities for contribution.

My advice would be to find your niche. You could:

  • Find something you care about.
  • Find something no-one cares about.
  • Find something to fix/change that would make your day job easier.

For me (@larowlan), my introduction to core development was to find something no-one cared about: the forum module.

For my colleague Mohit Aghera (@mohit_aghera) it was the Needs tests tag (2500 issues in core alone). Through this effort, Mohit gained a deep understanding of writing tests for Drupal core, a highly valued skill–so much so that we asked him to come and work for us.

For Stephen Mustgrave (@smustgrave), it is the Needs review queue status (2700 issues in core alone). By reviewing other people's work, Stephen achieves his contribution goal of learning the inner workings of Drupal and gives back to something he uses every day. Reviewing is an under-appreciated contribution task that allows you to learn from and teach other developers by reviewing and suggesting changes to their code, all whilst steadily increasing the areas of core you understand. Stephen is now a maintainer of the Block Content module in core and (at the time of writing) proposed as maintainer for both the Telephone and Text modules. In addition, he has built relationships with several core contributors who know him by name and recognise his value to the community.

Tip 5 - Contribute in ways that help the ecosystemSource: https://flic.kr/p/2kBZB1V

The health of Drupal relies on contributions from the community. If contributions don't benefit the long-term health of the ecosystem, does Drupal continue to be relevant and innovative? Contributions that actively move the project forward are more likely to have a greater velocity.

Think of helpful contributions like:

  • Contributing to the readiness of the next major release - (Drupal 10 readiness at the time of writing) issues in this space get a lot of focus as we're working towards a given release date with set objectives. These issues move faster. They're also where innovation occurs, which keeps your skills up to date. Helping port contrib modules to the next major version also applies here, as you keep up-to-date with new changes, help the ecosystem and get faster results.
  • Joining an initiative - groups working towards a common goal generate a much faster turnaround on issues. There's nothing worse than working on an issue and uploading a patch only to see it sit in 'needs review' for a long time. Working in a team will increase your network in the project (see goals above) but is also more likely to lead to a faster outcome. If you need help determining where or how to contribute, folks in these teams will definitely be able to point you towards places to help. There are strategic initiatives and community initiatives to choose from.
Tip 6 - Bonus tip for organisations Source: https://flic.kr/p/8pheyT

Suppose you're an organisation looking to increase your contribution but are unsure how to start. In that case, one approach could be to sponsor an existing experienced contributor to establish, grow or maintain your team's capabilities. As mentioned above, Core committer, security team member and release manager Jess (@xjm) is looking for work, as is Core Javascript Maintainer Théodore Biadala (@nod_).

Here at PreviousNext we sponsor V Spagnolo (@quietone) to work on Drupal core. When announcing this sponsorship, we described it as a new and exciting way for PreviousNext to give back to the project as well as the community

In this scenario, @quietone works solely on Drupal contribution, but there are other models where organisations can bring in an experienced Drupal contributor for a mix of contribution and client work. For example, Kristen Pol (@Kristen Pol) is employed by another Australian agency to work on client projects and to help turbo-charge company Drupal contribution efforts. With her existing network of contacts and experience contributing to Drupal, Kristen can help her colleagues navigate the issue queues and contribute. With Kristen on the team, they get the dual benefit of Kristen applying her expertise on client projects and her contribution experience to help their team maximise the impact of their contributions.

Thoughts and comments?

What do you think? Let me know in the comments, or feel free to reach out to me on the shiny new Drupal Community Mastodon Instance. And of course, if you want to get more involved with contributing to Drupal, say hi in the Drupal community slack on any of the many general or specialist channels we have dedicated to co-ordinating contribution such as #contribute, #d10readiness or #bugsmash.

Tagged Contribution
Categories: FLOSS Project Planets

FSF Blogs: Fall Bulletin: Fully shareable, fully lovable

GNU Planet! - Tue, 2022-12-06 16:23
2022 Fall "Free Software Foundation Bulletin" is here! Read about how to protect your privacy, a reflection on this year's GNU Hackers' Meeting, what's new in Trisquel 11, and more!
Categories: FLOSS Project Planets

Fall Bulletin: Fully shareable, fully lovable

FSF Blogs - Tue, 2022-12-06 16:23
2022 Fall "Free Software Foundation Bulletin" is here! Read about how to protect your privacy, a reflection on this year's GNU Hackers' Meeting, what's new in Trisquel 11, and more!
Categories: FLOSS Project Planets

Promet Source: The Next Frontier: Top 10 New Features of Drupal 10

Planet Drupal - Tue, 2022-12-06 14:45
Powering the NASA site, along with 14 percent of the top 10,000 websites worldwide, Drupal marks the next frontier in it’s 20 year history this month with the December 14 release of Drupal 10.  Among the biggest questions concerning the upcoming release: Why now?
Categories: FLOSS Project Planets

PyCoder’s Weekly: Issue #554 (Dec. 6, 2022)

Planet Python - Tue, 2022-12-06 14:30

#554 – DECEMBER 6, 2022
View in Browser »

Using Python’s pathlib Module

In this video course, you’ll learn how to effectively work with file system paths in Python 3 using the pathlib module in the standard library.

A Crash Course in Comprehensions and Generators

A great collection of code snippets that showcase the power and flexibility of list comprehensions, generators and related constructs.
PETE FISON • Shared by Pete FIson

TelemetryHub by Scout APM, A One-Step Solution for Open-Telemetry

Imagine a world where you could see all of your logs, metrics, and tracing data in one place. We’ve built TelemetryHub to be the simplest observability tool on the market. We supply peace of mind by providing an intuitive user experience that allows you to easily monitor your application →
SCOUT APM sponsor

Guido van Rossum: Python and the Future of Programming

An in-depth, 3 hour interview with Guido van Rossum by Lex Fridman.

Discussions PEP 683: Immortal Objects, Using a Fixed Refcount

Currently all CPython objects have some memory allocated to maintain state, even those that are immutable. PEP 683 proposes “Immortal Objects” and this thread discusses the proposal.

What Can Python Do That R Can’t?


Python Jobs Software Engineer - Weissman Lab (Cambridge, MA, USA)

Whitehead Institute for Biomedical Research

Senior Software Engineer (Python, Qt, Linux) (Anywhere)


More Python Jobs >>>

Articles & Tutorials Multiprocessing Race Conditions in Python

A race condition happens when parallel tasks attempt to execute code at the same time and the results are dependent on order of execution. Finding race conditions can be challenging, this article gives some hints as to how to find the different kinds of race conditions when coding with the multiprocessing module.

Preparing Data to Measure ML Model Performance

How do you prepare a dataset for machine learning (ML)? How do you go beyond cleaning the data and move toward measuring how the model performs? This week on the show, Jodie Burchell, developer advocate for data science at JetBrains, returns to talk about strategies for better ML model performance.

Connect, Integrate & Automate Your Data - From Python or Any Other Application

At CData, we simplify connectivity between the application and data sources that power business, making it easier to unlock the value of data. Our SQL-based connectors streamline data access making it easy to access real-time data from on-premise or cloud databases, SaaS, APIs, NoSQL and Big Data →

How to Get a List of All Files in a Directory With Python

In this tutorial, you’ll be examining a couple of methods to get a list of files and folders in a directory with Python. You’ll also use both methods to recursively list directory contents. Finally, you’ll examine a situation that pits one method against the other.

Python Type Hints: Case Study on parsy

This deep article talks about Luke’s journey to try to add type checking and why he often gives up. It walks through what was needed to add types to parsy, one of the libraries he maintains and how it compared to other similar libraries.

Save Using update_fields for Better Django Performance

The update_fields argument to the .save() call restricts the underlying SQL to just the named fields. For some conditions this can mean a performance boost. This article shows where it can be helpful and when it might lead to bugs.

7 Useful Python Libraries You Should Use in Your Next Project

This article introduces you to 7 useful Python libraries: PySnooper, schedule, MechanicalSoup, ftfy, rpyc, pyglet, and rope. Read on to learn how these can help you with your next project.

Python Linter Comparison 2022

There are many linter choices for Python, this article covers a lot of them: Pylint, Pyflakes, Flake8, autopep8, Bandit, Prospector, Pylama, Pyroma, Black, Mypy, Radon, and mccabe.

A Mastodon Opportunity for Developers

As the article starts: “There’s a lot of interest in Mastodon at the moment, For Reasons.” This article talks about how to play with the Mastodon API to embed content.

Time Series Data: Do You Need a Purpose-Built Database

Is time series data just any dataset with a timestamp field? How do time series workloads differ from OLTP or full text search? Get all the answers in this technical e-book from the creators of InfluxDB. Download PDF.

Python and .NET, an Ongoing Saga

Python.NET has released a new version, so Nikos has written an article that explores the history of Microsoft, .NET, and Python including the state of Iron Python.

Reddit Monitoring With Python

A step-by-step tutorial on creating a Reddit keyword monitoring tool with Python and praw. Learn how to run a Python script to watch keywords on a subreddit.

Projects & Code jupyterlite: Wasm Powered Jupyter Running in the Browser


torchscale: Transformers at Any Scale


python-easter-eggs: Easter Eggs and Hidden Jokes in Python


lumi: Nano Framework to Convert Functions Into a REST API


django-relativity: More Expressive ORM Relationships


Events STL Python

December 7, 2022

NZPUG-Auckland Coding Evening

December 7, 2022

Weekly Real Python Office Hours Q&A (Virtual)

December 7, 2022

Python Atlanta

December 8, 2022

PyCon Bolivia 2022

December 9 to December 11, 2022

Happy Pythoning!
This was PyCoder’s Weekly Issue #554.
View in Browser »

[ Subscribe to 🐍 PyCoder’s Weekly 💌 – Get the best Python news, articles, and tutorials delivered to your inbox once a week >> Click here to learn more ]

Categories: FLOSS Project Planets

Evolving Web: How I Discovered Open Source and Drupal

Planet Drupal - Tue, 2022-12-06 13:24
A Chance Encounter with an Exciting Community

It all started with COVID-19. As someone with both personal and professional aspirations to travel abroad, the onset of the pandemic first came as a major setback. However, I was still determined to do whatever I needed to do to achieve my goals, so I started looking for a remote job. One that would help me gain experience in a global, multicultural context without the need for physical travel. 

Soon after, I was offered an interesting position mixing marketing and relationship management to bridge the gap between an agency and the Drupal community. Back then, I had heard of Drupal as a content management system, but I had no idea about the open-source world behind it.

Since that first remote job, I’ve continued to advance my career and I accepted a position as a Drupal Community Manager at Evolving Web in 2021. I make many connections and get to learn from experts from around the globe, and to this day, I am continually amazed by the Drupal community's openness.

I'll celebrate my 1st anniversary working at @evolvingweb in a couple of weeks 😲! It's just amazing how much I've learned so far. I guess time flies by when you're having fun...proud to be part of this world-class team <3 pic.twitter.com/GOoYeINVOZ

— Pieri (@pieriwww) April 12, 2022

Community Building at Evolving Web

Communities start with conversation. They are built when people can collaborate and share inspiring stories without constraint. 

Evolving Web was born from the open-source community, and since day one has sought to create a community where members can learn from experts and share that knowledge with others. Our roots in Drupal’s open-source community teach us how to disseminate its values to grow as a team and as a full-service digital agency, centred on the values of openness, innovation and diversity.



Being Makers in Open Source

One of the greatest features of Drupal is that it’s free from lock-in and licensing fees. It’s free to use by everyone, and you can access its code and customize it to your needs. However, the open source nature of Drupal is only sustainable through agencies like ours understanding the value of giving back “product” contributions to innovate and improve the platform. 

This year alone, we support 16 projects, and have been credited over 200 times for a wide range of tasks, from reporting bugs to event organizing. We also encourage all our team members to get involved and contribute while making sure to assign fixed time for key team members to invest exclusively in contributions. Additionally, we support the Drupal Association, the non-profit organization in charge of fostering the Drupal community through various initiatives.

All of this earned us the badge of Platinum Drupal Certified Partners, and we’re proud to be makers in the community. 

“If you are an [Drupal] end-user looking for a company to work with, Platinum Drupal partners are some of the companies I'd work with first. Not only do they know Drupal best, but they also help improve your investment in Drupal. If you are a Drupal developer looking for work, these are some of the companies I'd apply to first” – Dries Buytaert, Drupal Founder and Acquia’s CTO

If you want to learn more about the contribution and credit system behind the Drupal community, check out Dries’ blog post Who sponsors Drupal development? (2020-2021 edition)

Open Source Marketing: the Promote Drupal Initiative

Most people associate open source projects with software and developer communities. There are, of course, other fields where this or similar kinds of collaborative networks get organized, but open source marketing stays mostly in uncharted digital media territory. 

The “Promote Drupal Initiative” has been an ongoing project within the Drupal community since 2019. The project brings together a group of marketers working for Drupal agencies who combine their marketing intelligence and industry insights to develop business materials targeted at the decision-makers who adopt Drupal for their business.

Suzanne Dergacheva, Evolving Web’s co-founder, is the project lead for this initiative, and other marketers and designers from our team regularly contribute to this group. I’m personally involved, and right now, we’re working on several exciting projects, including a complete redesign of Drupal.org, which encompasses UX and content strategy work. 

Last Friday we had a #DrupalFest event for @DrupalBA
3-hour long conversation about tools, best practices, recruiting and business.
23 people from 5 countries in LatAm 🙇‍♀️💙
I'm still smiling.
Check the upcoming events in your timezone & #CelebrateDrupalhttps://t.co/PiniT0NtXe pic.twitter.com/pNZ8Xb3mff

— Pieri (@pieriwww) April 13, 2021

For me, it’s been a great opportunity to fast-track my learnings on the latest trends in promoting Drupal, its competitive landscape and value propositions, which is valuable knowledge I bring back to my team.

If you’re reading this and want to contribute to open source without having to write code. It is an excellent opportunity to learn from expert marketers. Volunteers are always welcome, you too can be part of this initiative.

Onboarding New Members From Diverse Backgrounds

At Evolving Web, we strive to offer inroads to the project. This is one of the reasons why our training program was developed in the first place. In the past 15 years of experience teaching Drupal, we’ve put together a course catalogue that caters to all roles needed in a web team, from content editors to developers. During the pandemic, we pivoted to a virtual environment, which has enabled us to reach a broader audience than before. Our classes help veteran Drupal users refresh their knowledge and support freelancers and career-changers in acquiring tangible skills to help them advance their careers.

For two years in a row now, Evolving Web has been a sponsor and training partner for the Discover Drupal program, a Drupal Association’s talent growth initiative . This program provides full scholarships to members of groups historically marginalized in the tech industry, to close the “talent gap” through access to resources, skills, and connections.

I’ve been lucky enough to see two cohorts of Discover Drupal students progress from complete newbies to landing their first Drupal jobs. I’ve seen students express infinite gratitude to our trainers and make friends in the process.

If you or your agency is interested in supporting this initiative or would be interested in hiring from our alumni, find out how to get involved.

Empowering our Team through Knowledge Sharing

As I said previously, open source communities rest on two pillars: people and knowledge. Altruistic knowledge sharing is the fuel that powers this movement, creating a virtuous cycle where teachers, learners, and the community all win.

For the team at Evolving Web, sharing valuable content is key. From training to blog posts, webinars and conference sessions, we strive to give back, sharing what’s worked and what we’ve learned.

We have presented at countless Drupal conferences, community camps and other events in the higher education, government and technology spaces. We all start with internal activities, such as our “Weekly Watercooler” sessions. During these sessions, anyone can share their experience on a given topic to empower others in their career. These evolve into opportunities to write blog posts or host webinars, and, eventually, submit presentation proposals for a conference.

Those who get selected as speakers are sponsored to travel and attend the event, with all the exciting opportunities that come with that. Last year, members of our team presented at DrupalCon Portland and DrupalCamp New Jersey in a slow post-pandemic return to in-person events. And for the year to come, we have already submitted over 20 sessions to events in 2023 and are excited for what is to come.

These week at #DrupalConPortland I finally dared to speak and go talk to people I admire! I'm glad I did because I got the chance to meet @TearyneG and @sugaroverflow, it was super exciting, they were super kind and sweet! Thank you so much for everything! ❤️ pic.twitter.com/4MuXq8MttF

— Dharizza Espinach B (@Dharizza) April 29, 2022

Giving back, as a Growth Strategy

As someone who studied Political Science, I’d never imagined I would end up in STEM. Neither would I have dreamt I would experience such a sense of belonging from being part of a worldwide community of people building a safer web for all. 

Being part of a thriving industry while finding a sense of purpose is not a combination you find in most jobs. I recently celebrated my second anniversary as part of the Drupal community, and I know it’s just the beginning. The opportunities to learn and build connections are simply endless.

If what you’ve read here resonates, then we want to hear from you!

//--> //--> //--> //--> //-->

+ more awesome articles by Evolving Web
Categories: FLOSS Project Planets

Python Insider: Python 3.11.1, 3.10.9, 3.9.16, 3.8.16, 3.7.16, and 3.12.0 alpha 3 are now available

Planet Python - Tue, 2022-12-06 12:58

Greetings! We bring you a slew of releases this fine Saint Nicholas / Sinterklaas day. Six simultaneous releases has got to be some record. There’s one more record we broke this time, you’ll see below.

In any case, updating is recommended due to security content:

  • 3.7 - 3.12: gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680 (heap use-after-free).
  • 3.7 - 3.12: gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm to fix CVE-2022-45061. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.
  • 3.7 - 3.12: gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.
  • 3.8 - 3.12: gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module.
  • 3.9 - 3.10 (already released in 3.11+ before): gh-97514: On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected. This prevents Linux CVE-2022-42919 (potential privilege escalation) as abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier.
  • 3.7 - 3.10: gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 to fix CVE-2022-37454.
  • 3.7 - 3.9 (already released in 3.10+ before): gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands to address CVE-2015-20107. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).
Python 3.12.0 alpha 3

Get it here, read the change log, sing a GPT-3-generated Sinterklaas song:


216 new commits since 3.12.0 alpha 2 last month.

Python 3.11.1

Get it here, see the change log, read the recipe for quark soup:


A whopping 495 new commits since 3.11.0. This is a massive increase of changes comparing to 3.10 at the same stage in the release cycle: there were “only” 339 commits between 3.10.0 and 3.10.1.

Python 3.10.9

Get it here, read the change log, see circular patterns:


165 new commits.

Python 3.9.16

Get it here, read the change log, consider upgrading to a newer version:


Security-only release with no binaries. 10 commits.

Python 3.8.16

Get it here, see the change log, definitely upgrade to a newer version:


Security-only release with no binaries. 9 commits.

Python 3.7.16

Get it here, read the change log, check PEP 537 to confirm EOL is coming to this version in June 2023:


Security-only release with no binaries. 8 commits.

We hope you enjoy the new releases!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.


Your friendly release team,

Ned Deily @nad
Steve Dower @steve.dower
Pablo Galindo Salgado @pablogsal
Łukasz Langa @ambv
Thomas Wouters @thomas








Categories: FLOSS Project Planets

Hotspot v1.4.0

Planet KDE - Tue, 2022-12-06 10:32

Hotspot 1.4.0 has been released!

Hotspot is a replacement for perf report. It’s a GUI for the perf profiler that takes a perf.data file, parses and evaluates its contents, and then displays the result in a graphical way.

This feature release contains close to 400 commits since the last stable v1.3.0 release. It comes with its usual assorted list of bug fixes and performance improvements along with new features.

One of the most notable new features in Hotspot 1.4.0 is a greatly improved disassembly view with a godbolt-like source code annotation:


Several other new features come with this release of Hotspot as well, including:

  • the self cost columns for tracepoints are now hidden by default, as they would always show 0 except for the function that contains the tracepoint. the inclusive cost column is much more useful
  • more flexible window layouting with KDDockWidgets
  • you can export and import data from hotspot in a custom format that is efficient to load and self-contained, meaning exported data can be read on any other machine with hotspot and does not require access to the original client application code for unwinding anymore note: this feature is broken in this release when using the AppImage, see #441 and stay tuned for a 1.4.1 release that will contain a fix for this issue
  • analysis data can be grouped by thread, process or CPU
  • demangling for the D programming language
  • a new frequency page that shows how often certain events got measured, which can also indicate the CPU frequency scaling when cycles are measured
  • new GitHub actions based CI and continuous AppImage build


Get Hotspot 1.4.0 here.

Read more about Hotspot and its background here.


The post Hotspot v1.4.0 appeared first on KDAB.

Categories: FLOSS Project Planets

Django Weblog: DjangoCon US and Europe 2022 Talks Available Online

Planet Python - Tue, 2022-12-06 10:12

The organizers of DjangoCon US and DjangoCon Europe spend a tremendous amount of energy both hosting the conferences and putting all the talks online after. The complete playlists of talks from each conference are now available on YouTube:

Categories: FLOSS Project Planets

PyCon: PyCon US 2023 Registration Launch!

Planet Python - Tue, 2022-12-06 09:04

The news you’ve been waiting for is finally here - registration for PyCon US 2023 is officially open!

PyCon US will take place April 19 - April 27, 2023, online and in Salt Lake City, Utah. The core of the conference, April 21 - April 23, 2023, packs in three days worth of our community’s 95 best talks, amazing keynote speakers, and our famed lightning talks to close out each day, but it is much more than that.

It’s gathering together with the members of our community, to learn from and share with. It’s joining a conversation in the hallway with the creators of open source projects. It’s taking yourself from beginner to intermediate, or intermediate to advanced. For some, it’s getting started with Python for the first time.

We hope you’ll join us for this special anniversary year, celebrating 20 years of PyCon.

Health & Safety Guidelines

PyCon US is committed to protecting the health and safety of our community. To ensure that we are gathering safely, we have implemented COVID-19 guidelines and protocols to be followed by all attendees during the event. We ask that you please review these guidelines prior to registration.

Please note: We will not be rolling back our mask requirement. If the situation changes and there are additional ways to keep attendees safe, we may incorporate those strategies closer to the event. Please check back regularly to stay updated on current guidelines.

How to Register

Once you have created an account on the PyCon US 2023 conference website, you can register via the registration button on your dashboard. Head over to our Registration Information page to get all the details on how to register.

Early Bird Registration Rates

PyCon US is providing discounted rates for Corporate, Student, and Individual tickets for the first 500 tickets sold. Register now to get your discount while supplies last!

  • Corporate - $650 
  • Individual - $350 
  • Student - $75

Once the first 500 tickets are sold, prices will switch to the regular registration rate.

Registration Rates

  • Corporate - $750 USD 
  • Individual - $400 USD 
  • Student - $100 USD 
  • Online - $100 USD 
  • Patron / Patron Online - $1200 USD


Tutorials will be presented Wednesday, April 19, 2023, and Thursday, April 20, 2023. We are accepting proposals for tutorials through December 9, 2022. Find more information and submit a proposal here. Once our program committee has scheduled the selected tutorials, you will be able to add them to your conference registration.

Watch for tutorial launch in February 2023. Opt-in for PyCon US News and follow us on Twitter and Mastodon for the announcement.
Sponsorship and Sponsor Presentations

Sponsorship for PyCon US 2023 is open now, and you can apply directly on our Sponsorship Application page. We’re grateful to all of our sponsors, who make PyCon US possible.

Sponsor Presentations will take place Thursday, April 20, 2023. To reserve a slot for an hour-long Sponsor Presentation on the topic of your choice, please apply for Partner Level Sponsorship or higher and select the check mark next to “Sponsor Presentation.” Slots are limited and typically sell out, so please submit your request soon. Contact sponsors@python.org with any questions.


PyCon US has contracted special rates with nearby hotels. When you complete your registration for PyCon US 2023, you will be able to book a hotel reservation on your dashboard through our official housing bureau, Orchid Events. This is the only way to get the conference rates so book now while supplies last!

More information can be found on the Venue and Hotels page.

Note: Beware of Housing Pirates! PyCon US or Orchid Events will not be calling delegates to sell rooms. If you are contacted by an agency other than Orchid Events offering to make your hotel reservations, we urge you to not use their services. We cannot protect you against them if you do book a reservation.

Cancellation Fees

Registration cancellations must be submitted in writing and received by April 3, 2023, in order to receive a refund minus the $50 cancellation fee ($25 for students; waived for cancellation due to health reasons). No refunds will be granted for cancellations received after April 3, 2023, unless you must cancel for any health-related reasons (see more details under Attendance in the Health & Safety Guidelines).

In lieu of cancellation, you are able to transfer your registration to another person. For details about transferring your registration, visit the registration page.

Attendees traveling to PyCon US internationally are encouraged to review our International Travel Refund Policy as well as their countries' international travel guidelines prior to registering. This is especially important for recipients of Travel Grants attending from abroad. PyCon US strives to support the Python community in attending, no matter where they are traveling from.

Travel Grants

Check out the Travel Grant page to learn more about the support we provide for travel, hotel, and registration to ensure that everyone has an opportunity to attend PyCon US. We actively encourage people to apply for travel grants and welcome applications from attendees who otherwise would not be able to attend. Our goal is to support diversity and provide equity to attendees and attract Python developers at all experience levels from around the world. For questions during the application process, visit the Travel Grant FAQ page.

Categories: FLOSS Project Planets

Real Python: Python Basics: Dictionaries

Planet Python - Tue, 2022-12-06 09:00

In plain English, a dictionary is a book containing the definitions of words. Each entry in a dictionary has two parts: the word being defined, and its definition.

Python dictionaries, like lists and tuples, store a collection of objects. However, instead of storing objects in a sequence, dictionaries hold information in pairs of data called key-value pairs. That is, each object in a dictionary has two parts: a key and a value. Each key is assigned a single value, which defines the relationship between the two sets.

In this video course, you’ll learn:

  • What a dictionary is and how it’s structured
  • How dictionaries differ from other data structures
  • How to define and use dictionaries in your own code

This video course is part of the Python Basics series, which accompanies Python Basics: A Practical Introduction to Python 3. You can also check out the other Python Basics courses.

Note that you’ll be using IDLE to interact with Python throughout this course.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

Categories: FLOSS Project Planets

The Fediverse unlocks a world of composable distributed apps

Open Source Initiative - Tue, 2022-12-06 09:00

There’s more to Mastodon than just replacing Twitter. ActivityPub has the potential to end the reign of monetized surveillance with a switch to user-owned applications.

The post The Fediverse unlocks a world of composable distributed apps first appeared on Voices of Open Source.

Categories: FLOSS Research

PyPy: PyPy v7.3.10 release

Planet Python - Tue, 2022-12-06 08:22
PyPy v7.3.10: release of python 2.7, 3.8, and 3.9

The PyPy team is proud to release version 7.3.10 of PyPy. We have some nice speedups and bugfixes we wish to share. The release includes three different interpreters:

  • PyPy2.7, which is an interpreter supporting the syntax and the features of Python 2.7 including the stdlib for CPython 2.7.18+ (the + is for backported security updates)

  • PyPy3.8, which is an interpreter supporting the syntax and the features of Python 3.8, including the stdlib for CPython 3.8.15.

  • PyPy3.9, which is an interpreter supporting the syntax and the features of Python 3.9, including the stdlib for CPython 3.9.15. We have gained confidence in the stability of this version, and are removing the "beta" label.

The interpreters are based on much the same codebase, thus the multiple release. This is a micro release, all APIs are compatible with the other 7.3 releases. Highlights of the release, since the release of 7.3.9 in March 2022 include:

  • A release of Apple Silicon M1 arm64 versions. This work was sponsored by an anonymous donor and is tested on our buildbots.

  • Many improvements to the basic interpreter to make it 15-20% faster

  • The conda-forge community has built over 1000 packages for PyPy3.8 and 3.9, making it easier than ever to use PyPy.

  • Update the packaged OpenSSL to 1.1.1s, sqlite3 to 3.39.4, and apply applicable security fixes from CPython 3.9.15 to PyPy2.7

  • Update the HPy backend in PyPy3.8 and PyPy3.9 to 0.0.4

We recommend updating. You can find links to download the v7.3.10 releases here:


We would like to thank our donors for the continued support of the PyPy project. If PyPy is not quite good enough for your needs, we are available for direct consulting work. If PyPy is helping you out, we would love to hear about it and encourage submissions to our blog via a pull request to https://github.com/pypy/pypy.org

We would also like to thank our contributors and encourage new people to join the project. PyPy has many layers and we need help with all of them: bug fixes, PyPy and RPython documentation improvements, or general help with making RPython's JIT even better. Since the previous release, we have accepted contributions from five new contributors, thanks for pitching in, and welcome to the project!

If you are a python library maintainer and use C-extensions, please consider making a HPy / CFFI / cppyy version of your library that would be performant on PyPy. In any case, both cibuildwheel and the multibuild system support building wheels for PyPy.

What is PyPy?

PyPy is a Python interpreter, a drop-in replacement for CPython 2.7, 3.8 and 3.9. It's fast (PyPy and CPython 3.7.4 performance comparison) due to its integrated tracing JIT compiler.

We also welcome developers of other dynamic languages to see what RPython can do for them.

We provide binary builds for:

  • x86 machines on most common operating systems (Linux 32/64 bits, Mac OS 64 bits, Windows 64 bits)

  • 64-bit ARM machines running Linux (aarch64).

  • Apple M1 arm64 machines (macos_arm64).

  • s390x running Linux

PyPy support Windows 32-bit, Linux PPC64 big- and little-endian, and Linux ARM 32 bit, but does not release binaries. Please reach out to us if you wish to sponsor binary releases for those platforms. Downstream packagers provide binary builds for debian, Fedora, conda, OpenBSD, FreeBSD, Gentoo, and more.

What else is new?

For more information about the 7.3.10 release, see the full changelog.

Please update, and continue to help us make pypy better.

Cheers, The PyPy Team

Categories: FLOSS Project Planets