Feeds

Patching .htaccess for SEO mandclu Sat, 03/25/2023 - 11:58 Anyone who has ever gone through the process of trying to maximize their site's Lighthouse or PageSpeed Insights score will have seen suggestions to increase the cache lifetime of static assets: at least 1 year for assets like images and fonts, and at least 1 month for assets like CSS and Javascript files. As noted in the linked page, it is possible to set this cache lifetime site-wide, but if you want to set a shorter cache lifetime for your content than your static assets, we can achieve this with minimal effort.The easiest way to set the cache lifetime for static assets specifically (for sites hosted on Apache webservers) is by modifying Drupal's default .htaccess file.If you're hosting your own webfonts (as I recommended in a previous post) you'll want to define a type for them. NearMore

The Drop Times is pleased to declare that we are media partners for the upcoming Drupal Camp Poland. We will share the space along with seven other media partners.The DrupalCamp Poland 2023 is scheduled to be conducted between 13th - 14th May 2023 at Wroclaw.

Some interesting notes. I will update this posting as i find more: * https://dart.dev/guides/libraries/objective-c-interop

As the much villified theme for star trek enterprise says "its been a long road getting from there to here" i am almost done with all of the work that needed to be done to get us to Catalina compatibility in GNUstep. The reason this is still significant is because Apple hasn't made many changes to either the Foundation or AppKit APIs since then. I have been workinf hard over the last three years. All of the new classes are fully tested. Once this effort is completed I am going to focus on printing, which has always been a problem in GS. And possibly a "reference" distribution.

Last week I attended the FOSSGIS-Konferent 2023 in Berlin and spoke about KDE Itinerary’s use of OSM data there.

Conference

With three days of three parallel conference tracks with tightly packed 20 minute slots I only got to see a small subset of the talks, focusing on the topics most relevant for KDE Itinerary. Some takeaways for me:

• OSM core data model evolution: The initial steps discussed here aren’t directly impacting KDE’s uses of OSM data yet, the possible improvements for more efficient and accurate tile expiry are something potentially interesting for our raw data tile server though (although we currently don’t implement any form of tile expire yet).
• Indoor positioning (with GPS usually not available inside buildings there is no similarly prevalent solution yet, let alone one that works without needing extra infrastructure in the building and without requiring non-standard/not-yet-standard hardware in phones): Two possible approaches for this were presented, one using common inertial sensors and map matching to compensate the drift, the other using a camera and a SLAM-like algorithm. Nothing published yet unfortunately, so we have to see how well those actually perform in practice.
• Indoor map data: I found it particularly interesting to see for which very different usecases people need the same kind of data, from navigating through a train station to city-scale earthquake risk assessments with a scary level of detail and accuracy.

I also did my first major conference talk in German there, which I hopefully managed to do without using an English term for every other word.

Public institutions and FOSS

There were plenty of presentations from public administrations and universities, for all of whom it’s no longer a question whether or not to publish their data and source code under an open license. There is a bit of a selection bias by the event here of course, but given how often the Public money? Public code! slogan of the FSFE was mentioned, it would seem campaigns in that direction had an effect. And that’s absolutely great.

It doesn’t stop there though, I think we also can help those institutions with how to do this properly. A one-time code dump on Github once a project is finished isn’t the ideal way for example.

• Start in the open, and do as much as possible in the open. Not just code, this includes communication, requirements and goals, design and planning, etc.
• Think about how to deal with input, feedback and contributions from the outside. This needs time and effort to review and process. It is also not unlikely that outside parties have slightly different goals, priorities and timelines, ie. you need to have a plan for project governance.
• Consider how things can live on after your funding/grant or research project runs out. Who owns the repository and other project assets? Who continues server operations? What happens to app store accounts or signing keys?

This might seem obvious for people active in larger communities like KDE or OSM, but that’s in part because we are used to having a long-living umbrella organization handle a lot of these issues for us. Umbrella organizations could be part of the solution here as well, either any of the existing ones or something new e.g. on a national or EU level for public administrations.

It’s also good to see that some institutions are indeed considering those aspects and see FOSS as more than just a grant completion form checkbox.

BoFs and hallway track

There were also plenty of interesting discussions, from BoF sessions to chats in the hallway, on a wide range of topics:

• Getting the various people looking at indoor map data connected and working together on the open questions around data modelling.
• Ongoing work and new findings around indoor positioning and routing, as well as legal questions around obtaining indoor map data.
• Modelling and collecting accessibility-related attributes. From the KDE perspective accessibility usually means building accessible software, here it’s about software assisting with navigating the more or less accessible real world.
• Tools for aligning OSM data with other data sources of varying quality, e.g. the official data sets of public transport stops and their respective identifiers. That’s relevant for matching public transport journey data to the exact stop position.
• Handling of transient map data, such as temporary setups around conferences or other events. Imagine we’d use our indoor map component in Kongress and we want to see things like a temporary added registration desk there and be able to show event-specific room labels (e.g. “BoF room 1” instead of “Room 1.234”), on top of the OSM base map of the building.
• Various approaches for moving beyond raster tiles. The raw data tile setup we have at KDE for this is a bit of an unusual solution compared to what else is out there, but something in that direction could be one piece of that puzzle. Either way, being involved in upstream discussions on that topic makes sense, the more we can align KDE’s infrastructure with what OSM does the better I think.
• Putting things on a map (quite literally here) makes things visible, and that has real-world implications. This can be good (visibility for a issue you care about) or bad (security implications for e.g. certain vulnerable groups), and that assessment might even depend on who you ask. How should decisions be made in that context, and how to deal with the responsibility this entails?

Another recurring topic at any FOSS event is sustainable funding. Project-based low-threshold grants are available from a number of entities (NLnet, Prototype Fund, mFund, etc), but their short term nature make those only viable for a very limited subset of the people you’d ideally want to see funded for working on FOSS projects and infrastructure.

Cross-community collaboration

The deeper I dive into the OSM community the more déjà-vus I get, and it seems there is probably more we can do in terms of inter-community collaboration/knowledge sharing in the FOSS/open data world, in particular around adjacent/supporting topics, ie. things we all have to deal with in order to achieve the things we actually want to do.

Simple example: we shouldn’t all have to learn the hard way that Jambra conference mics, BBB and your average university seminar room don’t really get along very well out of the box.

Event management, hybrid events, funding sources/grant programs, getting useful results out of GSoC, PR and lobbying on various levels, legal and licensing, infrastructure operations, the list of potential topics is long. For some aspects there have dedicated entities like the FSFE, but for many others this seems to be much more ad hoc.

Not that I have a good idea on how to address this, but it does seem like something where everyone could benefit from more exchange.

Either way, attending events outside of our own bubbles certainly helps with that :)

Listen here

Or watch here (recommended because there will be code!)

Welcome back to our podcast. In this week’s episode we look at Python packaging.

I was teaching this on our weekly PDM Code Clinic call and we ended up building quite a useful Pybites Open Source tool.

Introducing pybites-search, a command line tool to search our content (articles, Bite exercises, podcast episodes, youtube videos and tips).

We look at how to build a package and some of the code + design that went into pybites-search and how open sourcing this is a double win: our PDM bot project can leverage it and people can now contribute to this project.

Hope you enjoy this episode and comment your thoughts below as well as preferences for more Python / Developer / Mindset content. Thanks for watching.

Links / resources:

• Packaging Python Projects docs
• Pybites search tool / package
• Check out our PDM program
• Currently reading: The Gap and The Gain

Introduction

Great Place To Work® has certified Axelerant as among India’s 40 Best Workplaces in Health & Wellness. 

What have I been up to?

Late last year, I launched a Patreon. Although not quite a “soft” launch — I did toot about it, after all — I didn’t promote it very much.

I started this way because I realized that if I didn’t just put something up I’d be dithering forever. I’d previously been writing a sprawling monster of an announcement post that went into way too much detail, and kept expanding to encompass more and more ideas until I came to understand that salvaging it was going to be an editing process just as brutal and interminable as the writing itself.

However, that post also included a section where I just wrote about what I was actually doing.

So, for lots of reasons1, there are a diverse array of loosely related (or unrelated) projects below which may not get finished any time soon. Or, indeed, may go unfinished entirely. Some are “done enough” now, and just won’t receive much in the way of future polish.

That is an intentional choice.

The rationale, as briefly as I can manage, is: I want to lean into the my strength2 of creative, divergent thinking, and see how these ideas pan out without committing to them particularly intensely. My habitual impulse, for many years, has been to lean extremely hard on strategies that compensate for my weaknesses in organization, planning, and continued focus, and attempt to commit to finishing every project to prove that I’ll never flake on anything.

While the reward tiers for the Patreon remain deliberately ambiguous3, I think it would be fair to say that patrons will have some level of influence in directing my focus by providing feedback on these projects, and requesting that I work more on some and less on others.

So, with no further ado: what have I been working on, and what work would you be supporting if you signed up? For each project, I’ll be answering 3 questions:

1. What is it?
2. What have I been doing with it recently?
3. What are my plans for it?

This. i.e. blog.glyph.im What is it?

For starters, I write stuff here. I guess you’re reading this post for some reason, so you might like the stuff I write? I feel like this doesn’t require much explanation.

What have I done with it recently?

You might appreciate the explicitly patron-requested Potato Programming post, a screed about dataclass, or a deep dive on the difficulties of codesigning and notarization on macOS along with an announcement of a tool to remediate them.

What are my plans for it?

You can probably expect more of the same; just all the latest thoughts & ideas from Glyph.

Twisted What is it?

If you know of me you probably know of me as “the Twisted guy” and yeah, I am still that. If, somehow, you’ve ended up here and you don’t know what it is, wow, that’s cool, thanks for coming, super interested to know what you do know me for.

Twisted is an event-driven networking engine written in Python, the precursor and inspiration for the asyncio module, and a suite of event-driven programming abstractions, network protocol implementations, and general utility code.

What have I done with it recently?

I’ve gotten a few things merged, including type annotations for getPrimes and making the bundled CLI OpenSSH server replacement work at all with public key authentication again, as well as some test cleanups that reduce the overall surface area of old-style Deferred-returning tests that can be flaky and slow.

I’ve also landed a posix_spawnp-based spawnProcess implementation which speed up process spawning significantly; this can be as much as 3x faster if you do a lot of spawning of short-running processes.

I have a bunch of PRs in flight, too, including better annotations for FilePath Deferred, and IReactorProcess, as well as a fix for the aforementioned posix_spawnp implementation.

What are my plans for it?

A lot of the projects below use Twisted in some way, and I continue to maintain it for my own uses. My particular focus is in quality-of-life improvements; issues that someone starting out with a Twisted project will bump into and find confusing or difficult. I want it to be really easy to write applications with Twisted and I want to use my own experiences with it.

I also do code reviews of other folks’ contributions; we do still have over 100 open PRs right now.

DateType What is it?

DateType is a workaround for a very specific bug in the way that the datetime standard library module deals with type composition: to wit, that datetime is a subclass of date but is not Liskov-substitutable for it. There are even #type:ignore comments in the standard library type stubs to work around this problem, because if you did this in your own code, it simply wouldn’t type-check.

What have I done with it recently?

I updated it a few months ago to expose DateTime and Time directly (as opposed to AwareDateTime and NaiveDateTime), so that users could specialize their own functions that took either naive or aware times without ugly and slightly-incorrect unions.

What are my plans for it?

This library is mostly done for the time being, but if I had to polish it a bit I’d probably do two things:

1. a readthedocs page for nice documentation
2. write a PEP to get this integrated into the standard library

Although the compatibility problems are obviously very tricky and a PEP would probably be controversial, this is ultimately a bug in the stdlib, and should be fixed upstream there.

Automat What is it?

It’s a library to make deterministic finite-state automata easier to create and work with.

What have I done with it recently?

Back in the middle of last year, I opened a PR to create a new, completely different front-end API for state machine definition. Instead of something like this:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17class MachineExample: machine = MethodicalMachine() @machine.state() def a_state(self): ... @machine.state() def other_state(self): ... @machine.input() def flip(self): ... @machine.output() def _do_flip(self): return ... on.upon(flip, enter=off, outputs=[_do_flip], collector=list) off.upon(flip, enter=on, outputs=[_do_flip], collector=list)

this branch lets you instead do something like this:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19class MachineProtocol(Protocol): def flip(self) -> None: ... class MachineCore: ... def buildCore() -> MachineCore: ... machine = TypicalBuilder(MachineProtocol, buildCore) @machine.state() class _OffState: @machine.handle(MachineProtocol.flip, enter=lambda: _OnState) def flip(self) -> None: ... @machine.state() class _OnState: @machine.handle(MachineProtocol.flip, enter=lambda: _OffState) def flip(self) -> None: ... MachineImplementation = machine.buildClass()

In other words, it creates a state for every type, and type safety that much more cleanly expresses what methods can be called and by whom; no need to make everything private with tons of underscore-prefixed methods and attributes, since all the caller can see is “an implementation of MachineProtocol”; your state classes can otherwise just be normal classes, which do not require special logic to be instantiated if you want to use them directly.

Also, by making a state for every type, it’s a lot cleaner to express that certain methods require certain attributes, by simply making them available as attributes on that state and then requiring an argument of that state type; you don’t need to plot your way through the outputs generated in your state graph.

What are my plans for it?

I want to finish up dealing with some issues with that branch - particularly the ugly patterns for communicating portions of the state core to the caller and also the documentation; there are a lot of magic signatures which make sense in heavy usage but are a bit mysterious to understand while you’re getting started.

I’d also like the visualizer to work on it, which it doesn’t yet, because the visualizer cribs a bunch of state from MethodicalMachine when it should be working purely on core objects.

Secretly What is it?

This is an attempt at a holistic, end-to-end secret management wrapper around Keyring. Whereas Keyring handles password storage, this handles the whole lifecycle of looking up the secret to see if it’s there, displaying UI to prompt the user (leveraging a pinentry program from GPG if available)

What have I done with it recently?

It’s been a long time since I touched it.

What are my plans for it?

• Documentation. It’s totally undocumented.
• It could be written to be a bit more abstract. It dates from a time before asyncio, so its current Twisted requirement for Deferred could be made into a generic Awaitable one.
• Better platform support for Linux & Windows when GPG’s pinentry is not available.
• Support for multiple accounts so that when the user is prompted for the relevant credential, they can store it.
• Integration with 1Password via some of their many potentially relevant APIs.

Fritter What is it?

Fritter is a frame-rate independent timer tree.

In the course of developing Twisted, I learned a lot about time and timers. LoopingCall encodes some of this knowledge, but it’s very tightly coupled to the somewhat limited IReactorTime API.

Also, LoopingCall was originally designed with the needs of media playback (particularly network streaming audio playback) in mind, but I have used it more for background maintenance tasks and for animations. Both of these things have requirements that LoopingCall makes awkward but FRITTer is designed to meet:

1. At higher loads, surprising interactions can occur with the underlying priority queue implementation, and different algorithms may make a significant difference to performance. Fritter has a pluggable implementation of a priority queue and is carefully minimally coupled to it.

2. Driver selection is a first-class part of the API, with an included, public “Memory” driver for testing, rather than LoopingCall’s “testing is at least possible” .reactor attribute. This means that out of the box it supports both Twisted and asyncio, and can easily have other things added.

3. The API is actually generic on what constitutes time itself, which means that you can use it for both short-term (i.e.: monotonic clock values as float-seconds) and long-term (civil times as timezone-aware datetime objects) recurring tasks. Recurrence rules can also be arbitrary functions.

4. There is a recursive driver (this is the “tree” part) which both allows for:

   a. groups of timers which can be suspended and resumed together, and

   b. scaling of time, so that you can e.g. speed up or slow down the ticks for AIs, groups of animations, and so on, also in groups.

5. The API is also generic on what constitutes work. This means that, for example, in a certain timer you can say “all work units scheduled on this scheduler, in addition to being callable, must also have an asJSON method”. And in fact that’s exactly what the longterm module in Fritter does.

I can neither confirm nor deny that this project was factored out of a game engine for a secret game project which does not appear on this list.

What have I done with it recently?

Besides realizing, in the course of writing this blog post, that its CI was failing its code quality static checks (oops), the last big change was the preliminary support for recursive timers and serialization.

What are my plans for it?

• These haven’t been tested in anger yet and I want to actually use them in a larger project to make sure that they don’t have any necessary missing pieces.

• Documentation.

Encrust What is it?

I have written about Encrust quite recently so if you want to know about it, you should probably read that post. In brief, it is a code-shipping tool for py2app. It takes care of architecture-independence, code-signing, and notarization.

What have I done with it recently?

Wrote it. It’s brand new as of this month.

What are my plans for it?

I really want this project to go away as a tool with an independent existence. Either I want its lessons to be fully absorbed into Briefcase or perhaps py2app itself, or for it to become a library that those things call into to do its thing.

Various Small Mac Utilities What is it?

• QuickMacApp is a very small library for creating status-item “menu bar apps” in Python which don’t have much of a UI but want to run some Python code in the background and occasionally pop up a notification or ask the user a question or something. The idea is that if you have a utility that needs a minimal UI to just ask the user one or two things, you should be able to give it a GUI immediately, without thinking about it too much.
• QuickMacHotkey this is a very minimal API to register hotkeys on macOS. this example is what comes up if you search the web for such a thing, but it hasn’t worked on a current Python for about 11 years. This isn’t the “right” way to do such a thing, since it provides no UI to set the shortcut, you’d have to hard-code it. But MASShortcut is now archived and I haven’t had the opportunity to investigate HotKey, so for the time being, it’s a handy thing, and totally adequate for the sort of quick-and-dirty applications you might make with QuickMacApp.
• VEnvDotApp is a way of giving a virtualenv its own Info.plist and bundle ID, so that command-line python tools that just need to pop up a little mac GUI, like an alert or a notification, can do so with cross-platform tools without looking like it’s an app called “Python”, or in some cases breaking entirely.
• MOPUp is a command-line updater for upstream Python.org macOS Python. For distributing third-party apps, Python.org’s version is really the one you want to use (it’s universal2, and it’s generally built with compiler options that make it a distributable thing itself) but updating it by downloading a .pkg file from a web browser is kind of annoying.

What have I done with it recently?

I’ve been releasing all these tools as they emerge and are factored out of other work, and they’re all fairly recent.

What are my plans for it?

I will continue to factor out any general-purpose tools from my platform-specific Python explorations — hopefully more Linux and Windows too, once I’ve got writing code for my own computer down, but most of the tools above are kind of “done” on their own, at the moment.

The two things that come to mind though are that QuickMacApp should have a way of owning the menubar sometimes (if you don’t have something like Bartender, menu-bar-status-item-only apps can look like they don’t do anything when you launch them), and that MOPUp should probably be upstreamed to python.org.

Pomodouroboros What is it?

Pomodouroboros is a pomodoro timer with a highly opinionated take. It’s based on my own experience of ADHD time blindness, and is more like a therapeutic intervention for that specific condition than a typical “productivity” timer app.

In short, it has two important features that I have found lacking in other tools:

1. A gigantic, absolutely impossible to ignore visual timer that presents a HUD overlay over your entire desktop. It remains low-opacity and static most of the time but pulses every 30 seconds to remind you that time is passing.
2. Rather than requiring you to remember to set a timer before anything happens, it has an idea of “work hours” when you want to be time-sensitive and presents constant prompting to get started.

What have I done with it recently?

I’ve been working on it fairly consistently lately. The big things I’ve been doing have been:

1. factoring things out of the Pomodouroboros-specific code and into QuickMacApp and Encrust.
2. Porting the UI to the redesigned core of the application, which has been implemented and tested in platform-agnostic Python but does not have any UI yet.
3. fully productionizing the build process and ensuring that Encrust is producing binary app bundles that people can use.

What are my plans for it?

In brief, “finish the app”. I want this to have its own website and find a life beyond the Python community, with people who just want a timer app and don’t care how it’s written. The top priority is to replace the current data model, which is to say the parts of the UI that set and evaluate timers and edit the list of upcoming timers (the timer countdown HUD UI itself is fine).

I also want to port it to other platforms, particularly desktop Linux, where I know there are many users interested in such a thing. I also want to do a CLI version for folks who live on the command line.

Finally: Pomodouroboros serves as a test-bed for a larger goal, which is that I want to make it easier for Python programmers, particularly beginners who are just getting into coding at all, to write code that not only interacts with their own computer, but that they can share with other users in a real way. As you can see with Encrust and other projects above, as much as I can I want my bumpy ride to production code to serve as trailblazing so that future travelers of this path find it as easy as possible.

And Here Is Where The CTA Goes

If this stuff sounds compelling, you can obviously sign up, that would be great. But also, if you’re just curious, go ahead and give some of these projects some stars on GitHub or just share this post. I’d also love to hear from you about any of this!

If a lot of people find this compelling, then pursuing these ideas will become a full-time job, but I’m pretty far from that threshold right now. In the meanwhile, I will also be doing a bit of consulting work.

I believe much of my upcoming month will be spoken for with contracting, although quite a bit of that work will also be open source maintenance, for which I am very grateful to my generous clients. Please do get in touch if you have something more specific you’d like me to work on, and you’d like to become one of those clients as well.

1. Reasons which will have to remain mysterious until I can edit about 10,000 words of abstract, discursive philosophical rambling into something vaguely readable. ↩

2. A strength which is common to many, indeed possibly most, people with ADHD. ↩

3. While I want to give myself some leeway to try out ideas without necessarily finishing them, I do not want to start making commitments that I can’t keep. Particularly commitments that are tied to money! ↩

Review: Thief of Time, by Terry Pratchett

Series: Discworld #26 Publisher: Harper Copyright: May 2001 Printing: August 2014 ISBN: 0-06-230739-8 Format: Mass market Pages: 420

Thief of Time is the 26th Discworld novel and the last Death novel, although he still appears in subsequent books. It's the third book starring Susan Sto Helit, so I don't recommend starting here. Mort is the best starting point for the Death subseries, and Reaper Man provides a useful introduction to the villains.

Jeremy Clockson was an orphan raised by the Guild of Clockmakers. He is very good at making clocks. He's not very good at anything else, particularly people, but his clocks are the most accurate in Ankh-Morpork. He is therefore the logical choice to receive a commission by a mysterious noblewoman who wants him to make the most accurate possible clock: a clock that can measure the tick of the universe, one that a fairy tale says had been nearly made before. The commission is followed by a surprise delivery of an Igor, to help with the clock-making.

People who live in places with lots of fields become farmers. People who live where there is lots of iron and coal become blacksmiths. And people who live in the mountains near the Hub, near the gods and full of magic, become monks. In the highest valley are the History Monks, founded by Wen the Eternally Surprised. Like most monks, they take apprentices with certain talents and train them in their discipline. But Lobsang Ludd, an orphan discovered in the Thieves Guild in Ankh-Morpork, is proving a challenge. The monks decide to apprentice him to Lu-Tze the sweeper; perhaps that will solve multiple problems at once.

Since Hogfather, Susan has moved from being a governess to a schoolteacher. She brings to that job the same firm patience, total disregard for rules that apply to other people, and impressive talent for managing children. She is by far the most popular teacher among the kids, and not only because she transports her class all over the Disc so that they can see things in person. It is a job that she likes and understands, and one that she's quite irate to have interrupted by a summons from her grandfather. But the Auditors are up to something, and Susan may be able to act in ways that Death cannot.

This was great. Susan has quickly become one of my favorite Discworld characters, and this time around there is no (or, well, not much) unbelievable romance or permanently queasy god to distract. The clock-making portions of the book quickly start to focus on Igor, who is a delightful perspective through whom to watch events unfold. And the History Monks! The metaphysics of what they are actually doing (which I won't spoil, since discovering it slowly is a delight) is perhaps my favorite bit of Discworld world building to date. I am a sucker for stories that focus on some process that everyone thinks happens automatically and investigate the hidden work behind it.

I do want to add a caveat here that the monks are in part a parody of Himalayan Buddhist monasteries, Lu-Tze is rather obviously a parody of Laozi and Daoism in general, and Pratchett's parodies of non-western cultures are rather ham-handed. This is not quite the insulting mess that the Chinese parody in Interesting Times was, but it's heavy on the stereotypes. It does not, thankfully, rely on the stereotypes; the characters are great fun on their own terms, with the perfect (for me) balance of irreverence and thoughtfulness. Lu-Tze refusing to be anything other than a sweeper and being irritatingly casual about all the rules of the order is a classic bit that Pratchett does very well. But I also have the luxury of ignoring stereotypes of a culture that isn't mine, and I think Pratchett is on somewhat thin ice.

As one specific example, having Lu-Tze's treasured sayings be a collection of banal aphorisms from a random Ankh-Morpork woman is both hilarious and also arguably rather condescending, and I'm not sure where I landed. It's a spot-on bit of parody of how a lot of people who get very into "eastern religions" sound, but it's also equating the Dao De Jing with advice from the Discworld equivalent of a English housewife. I think the generous reading is that Lu-Tze made the homilies profound by looking at them in an entirely different way than the woman saying them, and that's not completely unlike Daoism and works surprisingly well. But that's reading somewhat against the grain; Pratchett is clearly making fun of philosophical koans, and while anything is fair game for some friendly poking, it still feels a bit weird.

That isn't the part of the History Monks that I loved, though. Their actual role in the story doesn't come out of the parody. It's something entirely native to Discworld, and it's an absolute delight. The scene with Lobsang and the procrastinators is perhaps my favorite Discworld set piece to date. Everything about the technology of the History Monks, even the Bond parody, is so good.

I grew up reading the Marvel Comics universe, and Thief of Time reminds me of a classic John Byrne or Jim Starlin story, where the heroes are dumped into the middle of vast interdimensional conflicts involving barely-anthropomorphized cosmic powers and the universe is revealed to work in ever more intricate ways at vastly expanding scales. The Auditors are villains in exactly that tradition, and just like the best of those stories, the fulcrum of the plot is questions about what it means to be human, what it means to be alive, and the surprising alliances these non-human powers make with humans or semi-humans. I devoured this kind of story as a kid, and it turns out I still love it.

The one complaint I have about the plot is that the best part of this book is the middle, and the end didn't entirely work for me. Ronnie Soak is at his best as a supporting character about three quarters of the way through the book, and I found the ending of his subplot much less interesting. The cosmic confrontation was oddly disappointing, and there's a whole extended sequence involving chocolate that I think was funnier in Pratchett's head than it was in mine. The ending isn't bad, but the middle of this book is my favorite bit of Discworld writing yet, and I wish the story had carried that momentum through to the end.

I had so much fun with this book. The Discworld novels are clearly getting better. None of them have yet vaulted into the ranks of my all-time favorite books — there's always some lingering quibble or sagging bit — but it feels like they've gone from reliably good books to more reliably great books. The acid test is coming, though: the next book is a Rincewind book, which are usually the weak spots.

Followed by The Last Hero in publication order. There is no direct thematic sequel.

Rating: 8 out of 10

An experimental ‘fow’ command to forward TCP streams on Dilation subchannels

As developers living in a Western Country, a lot of us are used to build websites for left-to-right languages only and, depending on your clients and their markets, chances are high you might never have to worry about any other directional concept – until you suddenly do.

Four of our colleagues at Cocomore happily packed their bags to travel to Prague and spend a few days with our fellow Drupal community members, partners of our agency, and clients.

Github accidentally committed their SSH RSA private key to a repository, and now a bunch of people's infrastructure is broken because it needs to be updated to trust the new key. This is obviously bad, but what's frustrating is that there's no inherent need for it to be - almost all the technological components needed to both reduce the initial risk and to make the transition seamless already exist.

But first, let's talk about what actually happened here. You're probably used to the idea of TLS certificates from using browsers. Every website that supports TLS has an asymmetric pair of keys divided into a public key and a private key. When you contact the website, it gives you a certificate that contains the public key, and your browser then performs a series of cryptographic operations against it to (a) verify that the remote site possesses the private key (which prevents someone just copying the certificate to another system and pretending to be the legitimate site), and (b) generate an ephemeral encryption key that's used to actually encrypt the traffic between your browser and the site. But what stops an attacker from simply giving you a fake certificate that contains their public key? The certificate is itself signed by a certificate authority (CA), and your browser is configured to trust a preconfigured set of CAs. CAs will not give someone a signed certificate unless they prove they have legitimate ownership of the site in question, so (in theory) an attacker will never be able to obtain a fake certificate for a legitimate site.

This infrastructure is used for pretty much every protocol that can use TLS, including things like SMTP and IMAP. But SSH doesn't use TLS, and doesn't participate in any of this infrastructure. Instead, SSH tends to take a "Trust on First Use" (TOFU) model - the first time you ssh into a server, you receive a prompt asking you whether you trust its public key, and then you probably hit the "Yes" button and get on with your life. This works fine up until the point where the key changes, and SSH suddenly starts complaining that there's a mismatch and something awful could be happening (like someone intercepting your traffic and directing it to their own server with their own keys). Users are then supposed to verify whether this change is legitimate, and if so remove the old keys and add the new ones. This is tedious and risks users just saying "Yes" again, and if it happens too often an attacker can simply redirect target users to their own server and through sheer fatigue at dealing with this crap the user will probably trust the malicious server.

Why not certificates? OpenSSH actually does support certificates, but not in the way you might expect. There's a custom format that's significantly less complicated than the X509 certificate format used in TLS. Basically, an SSH certificate just contains a public key, a list of hostnames it's good for, and a signature from a CA. There's no pre-existing set of trusted CAs, so anyone could generate a certificate that claims it's valid for, say, github.com. This isn't really a problem, though, because right now nothing pays attention to SSH host certificates unless there's some manual configuration.

(It's actually possible to glue the general PKI infrastructure into SSH certificates. Please do not do this)

So let's look at what happened in the Github case. The first question is "How could the private key have been somewhere that could be committed to a repository in the first place?". I have no unique insight into what happened at Github, so this is conjecture, but I'm reasonably confident in it. Github deals with a large number of transactions per second. Github.com is not a single computer - it's a large number of machines. All of those need to have access to the same private key, because otherwise git would complain that the private key had changed whenever it connected to a machine with a different private key (the alternative would be to use a different IP address for every frontend server, but that would instead force users to repeatedly accept additional keys every time they connect to a new IP address). Something needs to be responsible for deploying that private key to new systems as they're brought up, which means there's ample opportunity for it to accidentally end up in the wrong place.

Now, best practices suggest that this should be avoided by simply placing the private key in a hardware module that performs the cryptographic operations, ensuring that nobody can ever get at the private key. The problem faced here is that HSMs typically aren't going to be fast enough to handle the number of requests per second that Github deals with. This can be avoided by using something like a Nitro Enclave, but you're still going to need a bunch of these in different geographic locales because otherwise your front ends are still going to be limited by the need to talk to an enclave on the other side of the planet, and now you're still having to deal with distributing the private key to a bunch of systems.

What if we could have the best of both worlds - the performance of private keys that just happily live on the servers, and the security of private keys that live in HSMs? Unsurprisingly, we can! The SSH private key could be deployed to every front end server, but every minute it could call out to an HSM-backed service and request a new SSH host certificate signed by a private key in the HSM. If clients are configured to trust the key that's signing the certificates, then it doesn't matter what the private key on the servers is - the client will see that there's a valid certificate and will trust the key, even if it changes. Restricting the validity of the certificate to a small window of time means that if a key is compromised an attacker can't do much with it - the moment you become aware of that you stop signing new certificates, and once all the existing ones expire the old private key becomes useless. You roll out a new private key with new certificates signed by the same CA and clients just carry on trusting it without any manual involvement.

Why don't we have this already? The main problem is that client tooling just doesn't handle this well. OpenSSH has no way to do TOFU for CAs, just the keys themselves. This means there's no way to do a git clone ssh://git@github.com/whatever and get a prompt asking you to trust Github's CA. Instead, you need to add a @cert-authority github.com (key) line to your known_hosts file by hand, and since approximately nobody's going to do that there's only marginal benefit in going to the effort to implement this infrastructure. The most important thing we can do to improve the security of the SSH ecosystem is to make it easier to use certificates, and that means improving the behaviour of the clients.

It should be noted that certificates aren't the only approach to handling key migration. OpenSSH supports a protocol for key rotation, basically by allowing the server to provide a set of multiple trusted keys that the client can cache, and then invalidating old ones. Unfortunately this still requires that the "new" private keys be deployed in the same way as the old ones, so any screwup that results in one private key being leaked may well also result in the additional keys being leaked. I prefer the certificate approach.

Finally, I've seen a couple of people imply that the blame here should be attached to whoever or whatever caused the private key to be committed to a repository in the first place. This is a terrible take. Humans will make mistakes, and your systems should be resilient against that. There's no individual at fault here - there's a series of design decisions that made it possible for a bad outcome to occur, and in a better universe they wouldn't have been necessary. Let's work on building that better universe.

comments

INI files are primarily used as a file format for configuration files. In this article, we will discuss how to convert a python dictionary to an INI file using the configparser module.

Table of Contents

1. What is the INI File Format?
2. Convert Python Dictionary to INI File
3. Conclusion

What is the INI File Format?

INI format, short for Initialization format, is a simple text file format used to store configuration settings for software applications. It was widely used in the early days of Windows and is still used in some applications today.

An INI file consists of sections, each of which contains key-value pairs. Each key-value pair is written as "key=value" and is separated by an equals sign (=). Sections are enclosed in square brackets ([]), and each key-value pair is written on a new line.

For example, consider the following INI file.

[employee] name=John Doe age=35 [job] title=Software Engineer department=IT years_of_experience=10 [address] street=123 Main St. city=San Francisco state=CA zip=94102

The above data is an example of an INI file that contains information about an employee. The file is organized into three sections: [employee], [job], and [address].

• The [employee] section contains basic information about the employee, such as their name and age.
• [job] section contains information about the employee’s job, including their job title, department, and years of experience.
• The [address] section contains information about the employee’s address, including their street address, city, state, and zip code.

As you can see, INI files are easy to read and write by both humans and computers. This makes them a popular choice for storing configuration settings in many different types of software applications.

Nowadays, INI files aren’t much popular due to their inability to store nested or complex data. However, it is possible that you might need to store data from a python dictionary in an INI file for some purpose. Let us discuss how to convert a python dictionary to INI file format.

Convert Python Dictionary to INI File

We can convert a python dictionary to an INI file using the configparser module. However, we need to keep in mind that we can use nested dictionaries with one and only one nesting level. This is due to the reason that INI files cannot contain nested data.

We will use the following dictionary and convert it into an INI file.

{'employee': {'name': 'John Doe', 'age': '35'}, 'job': {'title': 'Software Engineer', 'department': 'IT', 'years_of_experience': '10'}, 'address': {'street': '123 Main St.', 'city': 'San Francisco', 'state': 'CA', 'zip': '94102'}}

The above dictionary contains three outer keys i.e. 'employee', 'job', and 'address'. We will use these keys as sections in the INI file. Also, we will use the key-value pairs in the dictionaries associated with these keys as key-value pairs in the INI file for each section. 

To convert the python dictionary to an INI file, we will use the following steps.

• First, we will create an empty ConfigParser object using the ConfigParser() function defined in the configparser module. 
• We will also open an INI file in write mode using the open() function. The open() function takes the file name as its first argument and the python literal “w” as the second argument. After execution, it returns a file pointer.
• Next, we will add sections to the ConfigParser object. For this, we will use the add_section() method. The add_section() method takes the section name as the input argument and adds it to the ConfigParser object. 
• To add the sections, we will first get the outer keys of the dictionary using the keys() method. The keys() method, when invoked on the dictionary, returns a list of keys. We will iterate over the list of keys and add them as sections in the ConfigParser object. 
• After adding sections, we need to add fields for each section. For this, we will use the set() method. The set() method, when invoked on a ConfigParser object, takes three input arguments. The first argument is the section name, the second argument is the field name, and the third input argument is the field value. After execution, it adds the field to the corresponding section in the ConfigParser object. 
• To add the field names to the ConfigParser object, we will use the outer keys in the dictionary to access the inner dictionaries and iterate through the key-value pairs. For each section, we will iterate through the key-value pairs in the inner dictionary and add them to the ConfigParser object using the set() method.
• By now, we have added all the data from the dictionary to the ConfigParser object. To save the ConfigParser object to the file, we will invoke the write() method on the ConfigParser object and pass the file pointer as the input argument.
• Finally, we will close the file using the close() method.

After executing the above steps, we can easily convert a python dictionary to an INI file. You can observe this in the following example.

import configparser file =open("employee1.ini","w") config_object = configparser.ConfigParser() myDict={'employee': {'name': 'John Doe', 'age': '35'}, 'job': {'title': 'Software Engineer', 'department': 'IT', 'years_of_experience': '10'}, 'address': {'street': '123 Main St.', 'city': 'San Francisco', 'state': 'CA', 'zip': '94102'}} sections=myDict.keys() for section in sections: config_object.add_section(section) for section in sections: inner_dict=myDict[section] fields=inner_dict.keys() for field in fields: value=inner_dict[field] config_object.set(section, field, str(value)) config_object.write(file) file.close()

The output INI file looks as follows.

Output INI File From Dictionary

The python code used in the above example is somewhat inefficient. We can implement the above logic in a more efficient way as shown below.

import configparser file =open("employee1.ini","w") config_object = configparser.ConfigParser() myDict={'employee': {'name': 'John Doe', 'age': '35'}, 'job': {'title': 'Software Engineer', 'department': 'IT', 'years_of_experience': '10'}, 'address': {'street': '123 Main St.', 'city': 'San Francisco', 'state': 'CA', 'zip': '94102'}} for section, options in myDict.items(): config_object.add_section(section) for key, value in options.items(): config_object.set(section, key, str(value)) config_object.write(file) file.close()

The output for this code will be the same as the previous code.

Conclusion

In this article, we have discussed how to convert a dictionary to an INI file in Python. To learn more about programming, you can read this article on how to append row to a dataframe in Python. You might also like this article on how to convert yaml to XML in python.

I hope you enjoyed reading this article. Stay tuned for more informative articles.

Happy Learning!

The post Convert Dictionary to INI File in Python appeared first on PythonForBeginners.com.

Let’s go for my web review for the week 2023-12.

twenty-five years of curl | daniel.haxx.se

Tags: tech, tools

Happy Birthday curl! This project is really focused and popular.

https://daniel.haxx.se/blog/2023/03/20/twenty-five-years-of-curl/

The dark defaults of Microsoft Edge

Tags: tech, microsoft, browser, surveillance

This browser is really an horrible data harvesting platform for Microsoft’s benefit. They never learn…

https://thomask.sdf.org/blog/2023/03/18/the-dark-defaults-of-microsoft-edge.html

Web fingerprinting is worse than I thought - Bitestring’s Blog

Tags: tech, web, browser, surveillance

It’s clearly way too reliable. This needs explicit hardening.

https://www.bitestring.com/posts/2023-03-19-web-fingerprinting-is-worse-than-I-thought.html

Meta gives up on NFTs for Facebook and Instagram - The Verge

Tags: tech, facebook, nft, funny

How surprising, did they realize this was one more fad they were helping to fuel?

https://www.theverge.com/2023/3/13/23638572/instagram-nft-meta-facebook-quits-digital-collectibles

The climate cost of the AI revolution • Wim Vanderbauwhede

Tags: tech, climate, ai, neural-networks, gpt

The climate constraints are currently not compatible with the ongoing arm race on large neural networks models. The training seems kinda OK, but the inferences… and it’s currently just rolled out as shiny gadgets. This really need to be rethought.

https://limited.systems/articles/climate-cost-of-ai-revolution/

The Unpredictable Abilities Emerging From Large AI Models | Quanta Magazine

Tags: tech, ai, gpt, complexity, emergence

Now, this is interesting research. With all that complexity, emergence is bound to happen. There’s a chance to explain how and why. The links with the training data quality and the prompts themselves are interesting. It also explains a lot of the uncertainty.

https://www.quantamagazine.org/the-unpredictable-abilities-emerging-from-large-ai-models-20230316/

Hallucinations Could Blunt ChatGPT’s Success - IEEE Spectrum

Tags: tech, ai, machine-learning, gpt

Now this is a properly balanced piece which looks beyond the hype. Usable yes, if hallucinations don’t have a high impact. Can the hallucinations be solved? To be seen, I personally have my doubts with the current architecture… at least banking it all on human feedback is being very naive about the scale of the task.

https://spectrum.ieee.org/ai-hallucination

Google and Microsoft’s chatbots are already citing one another in a misinformation shitshow - The Verge

Tags: tech, ai, gpt, google, microsoft, criticism, fake

Training sets are obviously already contaminated… now it’ll be a race of hiding such mistake under the carpet with human interventions. That’ll be a boon for misinformation. That’s what we get for a useless large models arm race.

https://www.theverge.com/2023/3/22/23651564/google-microsoft-bard-bing-chatbots-misinformation

ChatGPT Gets Its “Wolfram Superpowers”!—Stephen Wolfram Writings

Tags: tech, ai, machine-learning, gpt, computation

Now, this starts to become interesting. This is a first example of trying to plug symbolic and sub-symbolic approaches together in the wild. This highlights some limitations of this particular (quite a bit rough) approach, we’ll see how far that can go before another finer approach is needed.

https://writings.stephenwolfram.com/2023/03/chatgpt-gets-its-wolfram-superpowers/

Epic’s new motion-capture animation tech has to be seen to be believed | Ars Technica

Tags: tech, ai, 3d, animation

Now this is a truly impressive technology! This will make facial motion capture a really smoother process.

https://arstechnica.com/gaming/2023/03/epics-new-motion-capture-animation-tech-has-to-be-seen-to-be-believed/

Image Codec Comparison

Tags: tech, photography, codec, art

Interesting benchmark, this seems to point toward AVIF and JPEG-XL as two great codecs for pictures.

https://giannirosato.com/blog/post/image-comparison/

ThumbHash: A very compact representation of an image placeholder

Tags: tech, graphics, frontend, hash

Interesting algorithm for generating image placeholders.

https://evanw.github.io/thumbhash/

TinyVG

Tags: tech, graphics, vector

Looks like an interesting vector image format. Let’s see if it gets some buy in.

https://tinyvg.tech/

Modern Font Stacks

Tags: tech, frontend, web, fonts

Very nice approach to avoid the font bloating on the web. I’m slightly concerned about the maintenance over time but at least it has proper fallbacks and the fonts used seem widespread enough (for now).

https://modernfontstacks.com/

Introducing Ares - The Fastest Way to Decode Anything

Tags: tech, tools, cryptography, encodings

Still a bit young but looks like an interesting and fast tool to decode random data.

https://skerritt.blog/introducing-ares/

Envio is a command-line tool that simplifies the management of environment variables

Tags: tech, tools, command-line

This looks interesting, I especially like the fact that it’s easily encrypted, definitely a good thing regarding secrets. Now I wonder if that’s easy to couple with direnv…

https://github.com/humblepenguinn/envio

Why I Will Never Use Alpine Linux Ever Again | Martin Heinz | Personal Website & Blog

Tags: tech, docker

This is a very good point, it’s good to reduce containers size. Be careful of the cost though.

https://martinheinz.dev/blog/92

Laurence Tratt: How Big Should a Programming Language Be?

Tags: tech, programming, language

Interesting musing about a language size and how it evolves over time. There’s clearly tension between making it too big and keeping it relevant to modern uses.

https://tratt.net/laurie/blog/2023/how_big_should_a_programming_language_be.html

Why people misuse inheritance | Thoughts, solicited and otherwise

Tags: tech, object-oriented, programming

A good point… everybody should know at this point that delegation should be favor. So why do we keep turning to inheritance even in cases we shouldn’t? Convenience and writing less code mainly. Unfortunately that leads to bugs more often than not.

https://solicited-thoughts.bearblog.dev/why-people-misuse-inheritance/

System design and the cost of architectural complexity

Tags: tech, architecture, complexity, hr, bug, productivity

It’s been a while since I dived into reading a Ph.D thesis… I bumped into that one through an article which was trying to summarize it but I wasn’t super happy with it. That’s why I decided to go to the source.

It’s an interesting read, it has the benefit of making a clear difference between complicated and complex from the get go, which is welcome (generally a good sign for me). If you want the tl;dr it’s at the end of page 16: “we found that differences in architectural complexity accounted for differences in developer productivity of 50%, three-fold differences in defect density, and order-of-magnitude differences in staff turnover”.

Note the last point about the staff turnover should be taken with a grain of salt though. It is well explained in the limitations of the study, being a lot in the high complexity areas of the code can also be a sign of higher skills and thus more job opportunities.

Anyway, I think we all suspected some link between complexity and productivity but I always wondered how much. Seeing how the study was done it’s definitely not an absolute answer (very thorough and precise, even historical data taken into account over several releases… but in a single company). Still the value is in at last giving us some rough numbers on how far the impacts can go. Thus, the scale of those impacts are potentially huge.

Maybe it’s time to stop trying to find rockstar developers or mythical 10x developers (common “leprechauns” of our industry)… Let’s focus on tackling undue or uncontrolled architectural and code complexity instead, shall we? Even better if that’s done through the use of documented patterns when applicable.

Interestingly, the literature review part gives a few clues about why there is under-investment in architecture in general, or reworking the architecture on long term project. It’s unclear to organizations the costs of the undue complexity will carry. It’s exactly what this thesis tries to shed light on (see tl;dr above).

Also, it’s interesting to see confirmed that the perception of the architectural complexity we have is often wrong when looking at parts in isolation. The relationships need to be transitively mapped to start to grasp the presence of architectural complexity. That’s why only coordinated efforts can tackle it, it’s almost impossible to tackle for a single developer.

Of course I’d advise reading it in full, that requires investing some time into it though.

Very stimulating, I’d like to apply some of those tools on projects in the wild but I’m not sure there are ready made tools available. Also I’m wondering what we would find if I’d reuse some of those in ComDaAn to work on temporality of changes rather than dependencies. I think this could give interesting insights.

https://dspace.mit.edu/handle/1721.1⁄79551

Go slow to move fast - Thoughts on software and technical leadership

Tags: tech, project-management, technical-debt

Technical debt was an interesting metaphor to kickstart the conversation but has been overused. It can still be useful, especially with the proposed approach here to make it intentional and explicit. This can be factored in how to drive the project.

https://jordankaye.dev/posts/go-slow-move-fast/

Project Management for Software Engineers | Kevin Sookocheff

Tags: tech, project-management

This is a good summary of the most important points in the PMI body of knowledge. If you dabble in project management it’s worth looking at it.

https://sookocheff.com/post/engineering-management/project-management-for-software-engineers/

I’ve been employed in tech for years, but I’ve almost never worked – Emmanuel Maggiori

Tags: tech, business, agile, criticism

OK, not a perfect article, I think there are a couple of blind spots in the reasoning (I doubt all the estimates were as systematically bloated as presented here). Still, it’s another interesting account of the problems created by the cargo cult agile. It indeed seems to resonate with the fact that the tech sector is very hype driven. A lot of useless work then ensues.

https://emaggiori.com/employed-in-tech-for-years-but-almost-never-worked/

Why Construction Projects Always Go Over Budget — Practical Engineering

Tags: tech, engineering, estimates

For all we like to point out the software industry for blowing up estimates and budgets… it’s not a unique phenomenon, civil engineering is also struggling with it. This is a good reminder.

https://practical.engineering/blog/2023/3/21/why-construction-projects-always-go-over-budget

Culture Viruses | Stay SaaSy

Tags: management, hr, culture

Interesting way to frame the potential problems around organizational culture. This indeed influence behaviors quite a bit so should be in check. It also shows it’s a complicated problem you don’t want to overdo it, freeze the culture in place, and see it used mainly for blaming… it’d effectively turn into a cult.

https://staysaasy.com/business/2023/03/01/culture-viruses.html

Bye for now!

Co-authors: Vladimir Roudakov, Lisa McCray

The industry summits at DrupalCon are a great way to get the most out of your conference experience if you’re a government or higher education professional. Summits are full day sessions scheduled when there are no general conference sessions happening, so you won’t miss anything from the main event. 

What are the registration details?

Although the Summits are part of the DrupalCon program, they are separate events and require a separate registration. There is also an additional cost associated with Summit registration. It’s an additional $250, and you can add a summit package to regular registration all through one convenient platform. 

Register now

Higher Education Summit 

Whether you are a web developer, administrator, or educator, you will gain valuable insights into how other institutions have used Drupal to improve their websites, streamline processes, and enhance the student experience. The Higher Ed Summit is the perfect meeting ground for folks doing Drupal in a higher education context. Pittsburgh is a huge Drupal higher education city, with both Carnegie Mellon University and University of Pittsburgh using Drupal! 

When is it?

Thursday, 8 June, 2023 from 9:00-16:00 EST

Who should attend?

The DrupalCon Higher Education Summit is a must-attend summit for anyone working in the higher education sector. This summit provides a unique opportunity to network and collaborate with experts and professionals in the field. Attendees will have the chance to learn about the latest trends and best practices in higher education technology and hear from leading experts in the field.

Attending the DrupalCon Higher Education Summit is a great investment in your professional development. The summit provides a wealth of knowledge and resources that you can use to improve your skills and stay ahead of the curve in higher education technology. With a focus on cutting-edge technology, best practices, and real-world examples, the DrupalCon Higher Education Summit is a must-attend event for anyone looking to stay ahead in the fast-paced world of higher education technology.

What will I get by attending?

One of the key benefits of attending the DrupalCon Higher Education Summit is the opportunity to learn from real-world case studies and practical applications. You will also have the chance to engage with peers and share your own experiences and challenges. 

About those schools…

Carnegie Mellon and Pitt are 14 and 10 minutes, respectively, away from the David L. Lawrence Convention center! Take a stroll through these historic campuses, where there’s a rich history of computer science and academic achievement. Both campuses have beautiful cathedrals with incredible architecture that make for the perfect peaceful afternoon. 

Fountain outside of the Cathedral of Learning, Pitt

Image source: By Christopher Lancaster from Oshawa, Canada - 20080621_2744 Uploaded by crazypaco, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=6625882 

Government Summit 

Are you a federal, state, or local government employee, or a private sector employee supporting the government?  

• Would you like to meet up with Drupalers from all different skill levels in a variety of roles and talk about common issues you face while supporting government work?
• Do you dream of seeing one of the actual bikes used in the filming of PeeWee’s Big Adventure? 

Will attending the DrupalCon Government Summit makes you feel this excited? Probably!  

Image source: Wikimedia, Fair Use

Then I’ve got great news for you! We can help with two out of three of those! Yinz should make plans to attend the DrupalCon Pittsburgh Government Summit. We have a full day planned of government-y goodness that you won’t want to miss. 

When is it?

Thursday, 8 June, 2023 from 9:00-16:00 EST

Who should attend?

The Government Summit is intended for anyone who uses Drupal in the context of government, whether it be at a local, state or federal level. All skill levels and roles are welcome. You’ll meet site builders, developers, themers, project managers, support specialists, and more.

What will I get by attending?

This year we are returning to the full day format, and will be featuring a panel, case studies, presentations, and plenty of talk and discussion on topics such as approaches to content author training, the impact of accessibility work, how to design *with* Drupal’s strengths to support agency needs, and much much more! Specifics on presentations and topics are being ironed out now, so stay tuned for more detail.

In addition, similar to past years, part of our schedule will be dedicated to “unconference” table-talk time with interactive discussions on topics chosen by you, the attendees. We like to think of them as mini-BoFs. Tables can form to continue the discussions from earlier in the day or your own unique topics. Opportunities to suggest topics will be available throughout the morning.

But I really want to see that bike….

While the Government Summit will sadly have a distinct lack of movie prop bicycles, you are in luck! It turns out that one of the 4 bikes used in the filming of the movie is on display just across the river at Bicycle Heaven, which, according to Wikipedia, is the largest transportation museum in the world dedicated to bicycles. It’s also free to visit, so if you want to see that bike or any of its approximately 3500 friends, roll on over and check it out!

What are the core lessons you've learned along your Python development journey? What are key takeaways you would share with new users of the language? This week on the show, Duarte Oliveira e Carmo is here to discuss his recent talk, "Four Years of Python."

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

What does a good day look like? For me, it is the day to spend with friends and doing what I love the most, talking and spreading knowledge about Open Source. Yesterday was one such day.

Yesterday was my first-ever Women in Tech Sweden event. The first thing I noticed upon entering the venue was the long queue of women waiting for registration. Trust me, that view itself made my day.

PyLadies booth

Our PyLadies Stockholm team Christine, Mariana, Gabriela, Alexendre was working relentlessly for the preparation of the event. Mariana created the website. Have you checked the new PyLadies logo? It is so cool. The logo defines the core of PyLadies Stockholm, diversity and equality. Try to find out if you can recognize some of us there :). Thank you, Mariana for this beautiful job.

I was confident that I wouldn&apost be able to attend the event. But thanks to my eternal savior Chirstine, a week before the event, she organized a ticket for me to participate in the PyLadies booth. I am so grateful to her.

At the event

I choose booth duty or hallway tracks over talks at any or every conference. Today was no exception. I was at the PyLadies. I was doing booth duty after the pandemic. I had a Deja Vu feeling. I often wondered during the pandemic if the need for PyLadies is still there, especially when so many online courses are available now. But today, I and all my worries were proven wrong. People were still coming into the booth wanting to know more about PyLadies, encouraging us, and joining our mission.

Now there is another hat I wear apart from being an organizer of PyLadies Stockholm. I am also a part of the Ansible community. I run the Ansible Stockholm Meetup group. Few people recognized me as an organizer of Ansible Stockholm and not as PyLadies Organizer, which is a big win for me.

Meeting with friends

Ellie and I have wanted to have an online chat for months now. Even we had to cancel our meeting last Friday. But we must learn that we can do it in person today at the event. She was among the first people I met when I reached the PyLadies booth. She is as warm and as helpful even in person. I feel lucky to call you a friend.

Today I made some new connections and revived the old ones. Today was the day of positivity, trust, and friendship. Thank you, Women in Tech for organizing this event.

In recent years, there has been a lot of experimenting how we work with dependencies and external libraries for our Python code. There is pip, pip-tools, Poetry, pdm, pyenv, pipenv, Hatch and others workflows. We dove into this deeply back on episode 406: Reimagining Python's Packaging Workflows. We're back with Ofek Lev to take a deeper look at Hatch. <br/><br/> <br/> <strong>Links from the show</strong><br/> <br/> <div><b>Hatch</b>: <a href="https://hatch.pypa.io/latest/" target="_blank" rel="noopener">hatch.pypa.io</a><br/> <b>Ofek on Twitter</b>: <a href="https://twitter.com/Ofekmeister" target="_blank" rel="noopener">@Ofekmeister</a><br/> <b>Mamba</b>: <a href="https://github.com/mamba-org/mamba" target="_blank" rel="noopener">github.com</a><br/> <b>Hatch env management</b>: <a href="https://hatch.pypa.io/latest/cli/reference/#hatch-env" target="_blank" rel="noopener">hatch.pypa.io</a><br/> <b>Packaging a Python project tutorial</b>: <a href="https://packaging.python.org/en/latest/tutorials/packaging-projects/" target="_blank" rel="noopener">packaging.python.org</a><br/> <b>Customize project generation</b>: <a href="https://hatch.pypa.io/latest/config/project-templates/" target="_blank" rel="noopener">hatch.pypa.io</a><br/> <b>Textual</b>: <a href="https://www.textualize.io" target="_blank" rel="noopener">textualize.io</a><br/> <b>Ruff on Talk Python</b>: <a href="https://talkpython.fm/episodes/show/400/ruff-the-fast-rust-based-python-linter" target="_blank" rel="noopener">talkpython.fm</a><br/> <b>RustUp</b>: <a href="https://rustup.rs" target="_blank" rel="noopener">rustup.rs</a><br/> <b>Conda</b>: <a href="https://docs.conda.io/en/latest/" target="_blank" rel="noopener">docs.conda.io</a><br/> <b>import antigravity</b>: <a href="https://xkcd.com/353/" target="_blank" rel="noopener">xkcd.com</a><br/> <b>Watch this episode on YouTube</b>: <a href="https://www.youtube.com/watch?v=gcgMyRfE8a4" target="_blank" rel="noopener">youtube.com</a><br/> <b>Episode transcripts</b>: <a href="https://talkpython.fm/episodes/transcript/408/hatch-a-modern-python-workflow" target="_blank" rel="noopener">talkpython.fm</a><br/> <br/> <b>--- Stay in touch with us ---</b><br/> <b>Subscribe to us on YouTube</b>: <a href="https://talkpython.fm/youtube" target="_blank" rel="noopener">youtube.com</a><br/> <b>Follow Talk Python on Mastodon</b>: <a href="https://fosstodon.org/web/@talkpython" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>talkpython</a><br/> <b>Follow Michael on Mastodon</b>: <a href="https://fosstodon.org/web/@mkennedy" target="_blank" rel="noopener"><i class="fa-brands fa-mastodon"></i>mkennedy</a><br/></div><br/> <strong>Sponsors</strong><br/> <a href='https://talkpython.fm/foundershub'>Microsoft Founders Hub 2023</a><br> <a href='https://talkpython.fm/sentry'>Sentry Error Monitoring, Code TALKPYTHON</a><br> <a href='https://talkpython.fm/training'>Talk Python Training</a>

ElasticSearch Empty Reply From Server Error

In Elasticsearch latest versions, xpack security is enabled by default. To resolve the error "Empty reply from server"

 curl --cacert /etc/elasticsearch/certs/http_ca.crt https://localhost:9200 -u elastic

You will be prompted for a password. 

If you don't know your password, run following command to setup one...

sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i

After you are done setting the password, run the following command again with the password that you set above...

 curl --cacert /etc/elasticsearch/certs/http_ca.crt https://localhost:9200 -u elastic