Feeds

In accordance with our security release policy, the Django team is issuing Django 5.0.2, Django 4.2.10, and Django 3.2.24. These releases address the security issue detailed below. We encourage all users of Django to upgrade as soon as possible.

CVE-2024-24680: Potential denial-of-service in intcomma template filter

The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

Affected supported versions

• Django main branch
• Django 5.0
• Django 4.2
• Django 3.2

Resolution

Patches to resolve the issue have been applied to Django's main branch and the 5.0, 4.2, and 3.2 stable branches. The patches may be obtained from the following changesets:

• On the main branch
• On the 5.0 release branch
• On the 4.2 release branch
• On the 3.2 release branch

The following releases have been issued:

• Django 5.0.2 (download Django 5.0.2 | 5.0.2 checksums)
• Django 4.2.10 (download Django 4.2.10 | 4.2.10 checksums)
• Django 3.2.24 (download Django 3.2.24 | 3.2.24 checksums)

The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E

General notes regarding security reporting

As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance, nor via the Django Forum, nor via the django-developers list. Please see our security policies for further information.

In Python Basics: Lists and Tuples, you learned that Python lists resemble real-life lists in many ways. They serve as containers for organizing and storing collections of objects, allowing for the inclusion of different data types. You also learned about tuples, which are also collections of objects. However, while lists are mutable, tuples are immutable.

In this Python Basics Exercises course, you’ll test and reinforce your knowledge of Python lists and tuples. Along the way, you’ll also get experience with some good programming practices that will help you solve future challenges.

In this video course, you’ll practice:

• Defining and manipulating lists and tuples in Python
• Leveraging the unique qualities of lists and tuples
• Determining when you should use lists vs tuples

By the end of this course, you’ll have an even stronger grasp of Python lists and tuples. You’ll be equipped with the knowledge to effectively incorporate them into your own programming projects.

This video course is part of the Python Basics series, which accompanies Python Basics: A Practical Introduction to Python 3. You can also check out the other Python Basics courses.

Note that you’ll be using IDLE to interact with Python throughout this course.

[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]

In this second part (check the first part!) of our Tag1 Team Talk on Gander, the new Automated Performance Testing Framework integrated into Drupal Core, we get a live demo from Nat Catchpole (aka. Catch), the lead developer on the project. Nat takes us on a tour through this high-impact tool developed by Tag1 in collaboration with the Google Chrome Team, showing you how you can get up and running with automated performance testing for your projects. Gander is poised to significantly impact Drupal's user experience, performance and Core Web Vitals by creating visibility into how Drupal performs on the front and back end. Catch shares his expert insights into the development and application of Gander and shows how easy it is for developers to start extending and using this today on their projects! Whether you're a Drupal developer looking to improve your project's performance or simply curious about the latest in Drupal technology, this episode offers valuable knowledge and practical advice on getting your Drupal website to perform optimally. With discussions on Gander's immediate benefits and future potential in the Drupal community, this episode is a must-watch for anyone interested in taking their projects to the next level...

Read more Mariano Tue, 02/06/2024 - 05:41

I attended FOSDEM last weekend and had the pleasure to participate in the Flathub / Flatpak BOF on Saturday. A lot of the session was used up by an extensive discussion about the merits (or not) of allowing direct uploads versus building everything centrally on Flathub’s infrastructure, and related concerns such as automated security/dependency scanning.

My original motivation behind the idea was essentially two things. The first was to offer a simpler way forward for applications that use language-specific build tools that resolve and retrieve their own dependencies from the internet. Flathub doesn’t allow network access during builds, and so a lot of manual work and additional tooling is currently needed (see Python and Electron Flatpak guides). And the second was to offer a maybe more familiar flow to developers from other platforms who would just build something and then run another command to upload it to the store, without having to learn the syntax of a new build tool. There were many valid concerns raised in the room, and I think on reflection that this is still worth doing, but might not be as valuable a way forward for Flathub as I had initially hoped.

Of course, for a proprietary application where Flathub never sees the source or where it’s built, whether that binary is uploaded to us or downloaded by us doesn’t change much. But for an FLOSS application, a direct upload driven by the developer causes a regression on a number of fronts. We’re not getting too hung up on the “malicious developer inserts evil code in the binary” case because Flathub already works on the model of verifying the developer and the user makes a decision to trust that app – we don’t review the source after all. But we do lose other things such as our infrastructure building on multiple architectures, and visibility on whether the build environment or upload credentials have been compromised unbeknownst to the developer.

There is now a manual review process for when apps change their metadata such as name, icon, license and permissions – which would apply to any direct uploads as well. It was suggested that if only heavily sandboxed apps (eg no direct filesystem access without proper use of portals) were permitted to make direct uploads, the impact of such concerns might be somewhat mitigated by the sandboxing.

However, it was also pointed out that my go-to example of “Electron app developers can upload to Flathub with one command” was also a bit of a fiction. At present, none of them would pass that stricter sandboxing requirement. Almost all Electron apps run old versions of Chromium with less complete portal support, needing sandbox escapes to function correctly, and Electron (and Chromium’s) sandboxing still needs additional tooling/downstream patching to run inside a Flatpak. Buh-boh.

I think for established projects who already ship their own binaries from their own centralised/trusted infrastructure, and for developers who have understandable sensitivities about binary integrity such such as encryption, password or financial tools, it’s a definite improvement that we’re able to set up direct uploads with such projects with less manual work. There are already quite a few applications – including verified ones – where the build recipe simply fetches a binary built elsewhere and unpacks it, and if this already done centrally by the developer, repeating the exercise on Flathub’s server adds little value.

However for the individual developer experience, I think we need to zoom out a bit and think about how to improve this from a tools and infrastructure perspective as we grow Flathub, and as we seek to raise funds for different sources for these improvements. I took notes for everything that was mentioned as a tooling limitation during the BOF, along with a few ideas about how we could improve things, and hope to share these soon as part of an RFP/RFI (Request For Proposals/Request for Information) process. We don’t have funding yet but if we have some prospective collaborators to help refine the scope and estimate the cost/effort, we can use this to go and pursue funding opportunities.

One of the key components to using a Plasma Wayland session is obviously the Qt Wayland Client module for running Qt applications in a Wayland environment. While it has been successfully deployed to millions of devices over the years, there’s still a few areas that feel like they haven’t been touched much since its inception as part of the Qt Lighthouse project, what turned into QPA, the Qt Platform Abstraction.

WIP: Qt Wayland client-side decoration with a proper drop shadow and all Improving the SHM Backing Store

Fushan Wen complained about abysmal performance when using Kolourpaint (a faithful re-creation of the original MS Paint, just better) under Wayland. Thanks to Hotspot (my favorite profiler front-end) we found a bottleneck in Qt’s Wayland SHM (Shared Memory) Backing Store, the infrastructure that provides software-rendered applications with a canvas to draw into. The way Wayland works is basically that an application creates a wl_buffer, fills it with content, and “sends” it to the compositor. Once the compositor is done processing it (e.g. after having uploaded it to the GPU) the client may re-use that buffer again.

If we pick a different buffer to draw into because we want to start drawing before the compositor is done with the previous one, any previous content needs to be transferred over since Qt expects to see the contents it drew previously. This is where we found the choke point: Even though the application reported the correct region that changed (when drawing with a brush only the new splodges of color need to be rendered after all), Qt Wayland copied the entire buffer. Therefore, I replaced the original memcpy with proper damage tracking which significantly sped up rendering. Many thanks to Ilya Fedin for continued support while implementing this.

I then did more profiling and found that when painting on a window with alpha channel, Qt first clears the region to be painted. While there’s not much we can optimize about a “fill with color” call, we can skip doing that entirely if we have just created a new buffer, like is done repeatedly as you resize the window. The new buffer is initialized with zeroes already, therefore we can just start painting on it. Last but not least, I added support for “scrolling” the backing store, which is something Qt might ask us to do when scrolling through a view, such as a text editor or terminal window, and then have the application just fill in a small gap that’s left.

Prettified “Bradient” Decoration Kolourpaint running under Weston with client-side decorations

I very much dislike client-side decorations for their inconsistencies and burden they put on application developers but I nevertheless grew tired of seeing how hideous Qt applications looked on colleague’s computers running Gnome Shell. That is why I spent some time on making Qt’s “Bradient” decoration plug-in not stick out like a sore thumb. While it’s a massive improvement over the blue decoration Qt Wayland originally shipped, there is still a lot to be desired.

I believe it’s quite detrimental that Mutter doesn’t support server-side decorations at all under Wayland. There’s plenty of applications that display non-application content and don’t care much about providing any decoration. For example, even running kwin_wayland under Gnome for development purposes gives you a window with no title bar or window border whatsoever.

Qt likewise relies on the desktop environment to provide a window frame and its drawing of client-side decorations under Wayland is if anyting a massive band-aid. Currently, Qt’s backing store just adds a window decoration around it and then returns the application a region inside the image that excludes the decoration again. It also lacks several features that one would expect from a window title bar, like double click to maximize or clicking the icon to bring up the window manager menu. In the future I am looking forward to putting the decoration into a sub-surface (or even using libdecor) which hopefully fixes many issues related to input and format handling.

Opening the window menu by clicking the icon, just as you would expect

To start off, the easiest change I did was using the correct mouse cursors for resizing the window. I then found that mouse input wasn’t properly translated when the window border was too thick, something that wasn’t noticeable with the default 3px border but surely would become a problem once we added a large shadow. Next, I fixed it not updating live when system colors changed, e.g. when enabling “Dark Mode”. Additionally, the title bar now includes the application name to be consistent with the title it sends to the compositor for display in task bar and window switchers.

Still, adding a proper drop shadow is work in progress: the most important part is to actually remove the window border and rounded corners altogether when the window is maximized or tiled and to adjust the button layout machinery to cope with changing margins. However, I also need to move the qt_blurImage function which creates the drop shadow texture into a place where I can use it without Qt Graphics Views or Qt Widgets (it’s currently used internally by QGraphicsBlurEffect).

Drag’n’Drop

Furthermore, I improved drag and drop handling: Qt Wayland now tries to decode URLs as UTF-8 – Chrome sometimes sends them like this – rather than just UTF-16. I also had it ignore the mysterious “DELETED” format Firefox sends that is likely a remnant from the XDnd specification. The latter fixes dropping an image to the desktop to set it as a wallpaper since Firefox doesn’t actually let anyone read this entry and Plasma gets stuck on it until it runs into a socket timeout.

Dragging a folder using the correct “Copy” cursor rather than the generic “Grabbing Hand” it had previously

The mouse now also uses the proper drag cursors. While the compositor may overrule the preferred action, we still want the default to match other desktop environments. I also fixed keyboard modifier propagation during drag and drop. While Wayland sends an explicit keyboard modifier change (Shift/Alt/Meta pressed or released), it does so after sending the actual key press. Qt on the other hand only updates its internal modifier state in response to an actual key presses. This meant that Qt doesn’t properly update its internal state when pressing a modifier when starting to drag a file and then holding Shift to initiate a “Move” operation. To fix that, Qt Wayland emits drag and drop events (and others) using the Wayland-internal modifier state rather than the one in QGuiApplication.

In the last post I talked about making things like detachable tabs or widgets work in a Wayland work. The protocol I submitted has now been merged into wayland-protocols!

Following I quickly switched Qt and KWin to use the now standardized protocol. KWin will support it with the initial 6.0 release. The Qt patch has been picked all the way down to the 6.6 branch which means it should be in the 6.6.3 release.

I am also happy to see that Robert Mader is working on making Chrome use the standard protocol, picking up my proof-of-concept level patch. Thank you!

Happy dragging!

<strong>Topics covered in this episode:</strong><br> <ul> <li><a href="https://dokku.com"><strong>Dokku</strong></a></li> <li><a href="https://www.nicholashairs.com/posts/major-changes-between-python-versions/"><strong>Summary of Major Changes Between Python Versions</strong></a></li> <li>How to check Internet Speed via Terminal? <a href="https://github.com/sivel/speedtest-cli">speedtest-cli</a></li> <li><strong>Blogs: We all should blog more</strong></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=1P-XjiHzSNU' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="370">Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by us! Support our work through:</p> <ul> <li>Our <a href="https://training.talkpython.fm/"><strong>courses at Talk Python Training</strong></a></li> <li><a href="https://courses.pythontest.com/p/the-complete-pytest-course"><strong>The Complete pytest Course</strong></a></li> <li><a href="https://www.patreon.com/pythonbytes"><strong>Patreon Supporters</strong></a></li> </ul> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.</p> <p><strong>Michael #1:</strong> <a href="https://dokku.com"><strong>Dokku</strong></a></p> <ul> <li>An open source PAAS alternative to Heroku.</li> <li>Dokku helps you build and manage the lifecycle of applications from building to scaling.</li> <li>Powered by Docker, you can install Dokku on any hardware.</li> <li>Once it's set up on a host, you can push Heroku-compatible applications to it via Git. </li> <li>Rich <a href="https://dokku.com/docs/community/plugins/">plug in architecture</a>.</li> </ul> <p><strong>Brian #2:</strong> <a href="https://www.nicholashairs.com/posts/major-changes-between-python-versions/"><strong>Summary of Major Changes Between Python Versions</strong></a></p> <ul> <li>Nicholas Hairs</li> <li>Changes between versions &amp; Tools &amp; utilities to help with switching</li> <li>Hopefully you’re already at least at 3.8, but come on, 3.11 &amp; 3.12 are so fun!</li> <li>Useful things <ul> <li><code>pyupgrade</code> can automatically upgrade code base <ul> <li>(However, I frequently just upgrade and run tests and let my old code be as-is until it bugs me. - Brian)</li> </ul></li> <li><code>black</code> checks <code>pyproject.toml</code> <code>requires-python</code> setting and uses version specific rules.</li> </ul></li> <li>Versions (way more highlights listed in the article) <ul> <li>3.8 <ul> <li>Assignment expressions <code>:=</code> walrus</li> <li><code>f"{variable=}"</code> now works</li> </ul></li> <li>3.9 <ul> <li>Typing has built in generics like <code>dict[]</code>, so no more <code>from typing import Dict</code></li> <li>Dict union operator</li> <li>Strings can <code>removeprefix</code> and <code>removesuffix</code></li> </ul></li> <li>3.10 <ul> <li>Structural pattern matching <code>match/case</code></li> <li>Typing: Union using pipe <code>|</code></li> <li>Dataclasses support <code>slots=True</code> and <code>kw_only=True</code></li> </ul></li> <li>3.11 <ul> <li><code>tomllib</code> included as a standard TOMP parser</li> <li>Exception groups</li> <li>Exception Notes <code>add_note()</code></li> <li>Typing: A <code>Self</code> type</li> <li>Star unpacking expressions allowed in <code>for</code> statements: <code>for x in *a, *b:</code></li> </ul></li> <li>3.12 <ul> <li>f-strings can re-use quotes</li> <li>Typing: better type parameter syntax</li> <li>Typing: <code>@override</code> decorator ensures a method being overridden by a child class actually exists.</li> </ul></li> </ul></li> </ul> <p><strong>Michael #3:</strong> How to check Internet Speed via Terminal? <a href="https://github.com/sivel/speedtest-cli">speedtest-cli</a></p> <ul> <li>Command line interface for testing internet bandwidth using speedtest.net</li> <li>Just <code>pipx install speedtest-cli</code></li> <li>Has a <a href="https://github.com/sivel/speedtest-cli/wiki">Python API</a> too</li> </ul> <p><strong>Brian #4:</strong> <strong>Blogs: We all should blog more</strong></p> <ul> <li>Jeff Triplett is attempting one post per day in February <ul> <li>Feb 1: <a href="https://micro.webology.dev/2024/02/01/choosing-the-right.html">Choosing the Right Python and Django Versions for Your Projects</a></li> <li>Feb 2: <a href="https://micro.webology.dev/2024/02/02/my-first-mac.html">My First Mac</a> <ul> <li>Which also links to a quite interesting Personal: <a href="https://jefftriplett.com/2023/default-apps-2023/">Default Apps 2023</a></li> </ul></li> <li>Feb 3: <a href="https://micro.webology.dev/2024/02/03/whats-your-goto.html">What’s Your Go-to Comfort Media? [rough cut]</a></li> <li>Feb 4: <a href="https://micro.webology.dev/2024/02/04/the-django-apps.html">The Django apps I actually use (rough cut)</a></li> <li>Feb 5: <a href="https://micro.webology.dev/2024/02/05/how-to-test.html">How to test with Django and pytest fixtures</a></li> </ul></li> <li>Need ideas? <ul> <li>Check out <a href="https://hamatti.org/posts/build-an-idea-bank-and-never-run-out-of-blog-ideas/">Build an idea bank and never run out of blog ideas</a></li> </ul></li> <li>Not using AI? Thanks. We appreciate that. <ul> <li>Maybe tag it as <a href="https://notbyai.fyi/">Not By AI</a></li> </ul></li> </ul> <p><strong>Extras</strong> </p> <p>Brian:</p> <ul> <li>If upgrading to pytest 8, be aware that running individual tests with parametrization will result in a reverse order. <ul> <li>It shouldn’t matter. <a href="https://podcast.pythontest.com/episodes/211-stamp-out-test-dependencies-with-pytest-plugins">You shouldn’t be depending on test order.</a></li> <li>But it was surprising to me.</li> <li><a href="https://github.com/pytest-dev/pytest/issues/11937">Issue has been logged</a></li> </ul></li> </ul> <p>Michael:</p> <ul> <li><a href="https://orbstack.dev">Orbstack</a> follow up</li> </ul> <p><strong>Joke:</strong> <a href="https://workchronicles.com/white-lies/">White Lies</a></p>

Ever wished you could tweak your web page’s header font or switch up your CTA color, but skipped it to save your developer from the hassle? With Acquia Site Studio’s Style Guide Manager, you don’t have to! Non-technical content marketers now have the power to make styling tweaks to their Drupal site theme via an intuitive interface. Are you interested in learning more? Come on in! What is Site Studio Style Guide Manager Previously Acquia Cohesion, Site Studio is a composable, low-code digital experience tool by Acquia that enables users to build and assemble pages with less to no code. Check out our previously written article about how to build component-based websites on Drupal using Site Studio.   Style Guide Manager is an optional module that you can enable within Site Studio. It centralizes the design elements like colors, typography, and components in one place, making it easier to maintain a cohesive look and feel throughout your site. It provides a set of style guides that are theme-specific. You can create style guide(s) to manage Site Studio styles within your Drupal theme settings. You can even override your theme styles using the Style guides. Advantages: Change the appearance of your Drupal website based on the active theme. Apply global styles and change the appearance with a simple-to-use interface. Create design systems for multi-brand and multi-sites. Style guide manager has two interfaces: Style guide builder Style guide Style Guide Builder The Style Guide Builder is a tool within Acquia Site Studio that allows you to actively create and manage the Style Guide. It streamlines the process of updating and maintaining the design standards. Changes made here are automatically applied throughout the site. Style guide The output of a Style Guide Builder - a set of design guidelines, is the Style Guide. The Style Guide is a collection of design rules, standards, and components that define the visual appearance of your website. Creating a Style Guide First, make sure you have installed Acquia Site Studio.  Navigate to /admin/cohesion/style_guides  Click on Add Style guide Add the Title Click the + button below the Style Guide form to add the form fields. Add the fields such as Font picker, Color picker, etc. with the combination of form layout fields such as Group accordion, and Tabs as per your requirement. Give a meaningful name for the Field Label so it will generate a meaningful token. This is how your Style Guide creation page will look like: You can also see the preview below of your Style Guide form builder and how it looks on the theme settings. Click on Save and Continue Managing your Styles Now that you have successfully created a Style Guide, let's see where and how you can manage your styles. Navigate to your theme appearance settings (here mine is: /admin/appearance/settings/techx) Add your values such as fonts, colors, etc., and save the configuration. This is how your style guide will look like after successfully saving the configuration. Now, you need to use the Style Guide tokens in the styles to see your styles on the front end as per the Style Guide values. Tokens are predefined variables or placeholders representing design elements such as colors, typography, spacing, and other visual properties. This is not just restricted to styles, you can use these tokens throughout your Site Studio like templates, or components as per your requirements. For example: Make sure you enable the token variable mode and then add your tokens. Implementing the Style Guide With Site Studio’s Style Guide Manager, you can create multiple style guides as per your requirements. You can see all of them in your theme settings as shown below This is what my front end looks like. You can change the values in the Style Guide per your requirements and verify the page/site accordingly. Final Thoughts Site Guide Manager is a very useful tool for non-technical users like content editors and marketers to see all the styles in one place with an easy-to-use user interface and modify them according to their choice. All of this without depending on a developer.        Are you looking to build highly engaging, omnichannel, and result-driven solutions with Acquia and Drupal? We are Acquia partners and we know what it takes to get you there. Talk to us today to find out more.        

Webform is a Drupal module that allows you to create forms directly in Drupal without using a 3rd party service.

It can be used to create basic “Contact Us” and complex application forms with custom field logic and integration.

In this getting started guide you’ll learn how to:

1. Create a form
2. Add elements to form
3. Customize form with conditional logic
4. Embed the form
5. Send submissions to Google Sheets

This tutorial accompanies the video above.

For years, the last weekend in January has been a special one for the worldwide community behind the CMS system Drupal: The Global Contribution Weekend. Factorial has been a major contributor to the Drupal community for many years, so we hosted our own hybrid Global Contribution Weekend event.

I do consulting1 on software architecture, network protocol development, python software infrastructure, streamlined cloud deployment, and open source strategy, among other nerdy things. I enjoy solving challenging, complex technical problems or contributing to the open source commons. On the best jobs, I get to do both.

Today I would like to share with you a secret of the software technology consulting trade.

I should note that this secret is not specific to me. I have several colleagues who have also done software consulting and have reflected versions of this experience back to me.2

We’ll get to the secret itself in a moment, but first, some background.

Companies do not go looking for consulting when things are going great. This is particularly true when looking for high-level consulting on things like system architecture or strategy. Almost by definition, there’s a problem that I have been brought in to solve. Ideally, that problem is a technical challenge.

In the software industry, your team probably already has some software professionals with a variety of technical skills, and thus they know what to do with technical challenges. Which means that, as often as not, the problem is to do with people rather than technology, even it appears otherwise.

When you hire a staff-level professional like myself to address your software team’s general problems, that consultant will need to gather some information. If I am that consultant and I start to suspect that the purported technology problem that you’ve got is in fact a people problem, here is what I am going to do.

I am going to go get a pen and a pad of paper, then schedule a 90-minute meeting with the most senior IC3 engineer that you have on your team. I will bring that pen and paper to the meeting. I will then ask one question:

What is fucked up about this place?

I will then write down their response in as much detail as I can manage. If I have begun to suspect that this meeting is necessary, 90 minutes is typically not enough time, and I will struggle to keep up. Even so, I will usually manage to capture the highlights.

One week later, I will schedule a meeting with executive leadership, and during that meeting, I will read back a very lightly edited4 version of the transcript of the previous meeting. This is then routinely praised as a keen strategic insight.

I should pause here to explicitly note that — obviously, I hope — this is not an oblique reference to any current or even recent client; if I’d had this meeting recently it would be pretty awkward to answer that “so, I read your blog…” email.5 But talking about clients in this way, no matter how obfuscated and vague the description, is always a bit professionally risky. So why risk it?

The thing is, I’m not a people manager. While I can do this kind of work, and I do not begrudge doing it if it is the thing that needs doing, I find it stressful and unfulfilling. I am a technology guy, not a people person. This is generally true of people who elect to go into technology consulting; we know where the management track is, and we didn’t pick it.

If you are going to hire me for my highly specialized technical expertise, I want you to get the maximum value out of it. I know my value; my rates are not low, and I do not want clients to come away with the sense that I only had a couple of “obvious” meetings.

So the intended audience for this piece is potential clients, leaders of teams (or organizations, or companies) who have a general technology problem and are wondering if they need a consultant with my skill-set to help them fix it. Before you decide that your issue is the need to implement a complex distributed system consensus algorithm, check if that is really what’s at issue. Talk to your ICs, and — taking care to make sure they understand that you want honest feedback and that they are safe to offer it — ask them what problems your organization has.

During this meeting it is important to only listen. Especially if you’re at a small company and you are regularly involved in the day-to-day operations, you might feel immediately defensive. Sit with that feeling, and process it later. Don’t unload your emotional state on an employee you have power over.6

“Only listening” doesn’t exclusively mean “don’t push back”. You also shouldn’t be committing to fixing anything. While the information you are gathering in these meetings is extremely valuable, and you should probably act on more of it than you will initially want to, your ICs won’t have the full picture. They really may not understand why certain priorities are set the way they are. You’ll need to take that as feedback for improving internal comms rather than “fixing” the perceived problem, and you certainly don’t want to make empty promises.

If you have these conversations directly, you can get something from it that no consultant can offer you: credibility. If you can actively listen, the conversation alone can improve morale. People like having their concerns heard. If, better still, you manage to make meaningful changes to address the concerns you’ve heard about, you can inspire true respect.

As a consultant, I’m going to be seen as some random guy wasting their time with a meeting. Even if you make the changes I recommend, it won’t resonate the same way as someone remembering that they personally told you what was wrong, and you took it seriously and fixed it.

Once you know what the problems are with your organization, and you’ve got solid technical understanding that you really do need that event-driven distributed systems consensus algorithm implemented using Twisted, I’m absolutely your guy. Feel free to get in touch.

1. While I immensely value my patrons and am eternally grateful for their support, at — as of this writing — less than $100 per month it doesn’t exactly pay the SF bay area cost-of-living bill. ↩

2. When I reached out for feedback on a draft of this essay, every other consultant I showed it to said that something similar had happened to them within the last month, all with different clients in different sectors of the industry. I really cannot stress how common it is. ↩

3. “individual contributor”, if this bit of jargon isn’t universal in your corner of the world; i.e.: “not a manager”. ↩

4. Mostly, I need to remove a bunch of profanity, but sometimes I will also need to have another interview, usually with a more junior person on the team to confirm that I’m not relaying only a single person’s perspective. It is pretty rare that the top-of-mind problems are specific to one individual, though. ↩

5. To the extent that this is about anything saliently recent, I am perhaps grumbling about how tech CEOs aren’t taking morale problems generated by the constant drumbeat of layoffs seriously enough. ↩

6. I am not always in the role of a consultant. At various points in my career, I have also been a leader needing to sit in this particular chair, and believe me, I know it sucks. This would not be a common problem if there weren’t a common reason that leaders tend to avoid this kind of meeting. ↩

This article compares the development experience with Vue and Django REST Framework against HTMX and Django.

PyCharm 2024.1 EAP 3 is now available. This latest update focuses on enhancing your interactions with the IDE’s interface.

You can download the new version from our website, update directly from the IDE or via the free Toolbox App, or use snaps for Ubuntu.

Let’s take a closer look at what’s included in this new version.

User experience Option to show tool window names in the side toolbars

Starting with PyCharm 2024.1 EAP 3, it is now possible to display tool window names on side toolbars in the new UI. Simply right-click on the toolbar to access the context menu and choose Show Tool Window Names, or enable this option via Settings / Preferences | Appearance & Behavior | Appearance | Tool Windows. It’s also possible to tailor the width of the toolbar by dragging its edge.

Git tab removed from the Search Everywhere dialog

After analyzing the usage statistics, we’ve removed the Git tab from the Search Everywhere dialog by default. If you want to bring it back, you can do so via the Show Git tab in Search Everywhere checkbox in Settings / Preferences | Advanced Settings | Version Control. Git.

That’s it for this week. For a full list of changes, please refer to the release notes.

We value your feedback on these new updates and features. Feel free to leave your thoughts in the comments section or via X (formerly Twitter). If you encounter any issues, please don’t hesitate to report them via our issue tracker.

We talk with Kevin Quillen, author of Drupal 10 Development Cookbook, published in February, 2023 by Packt Publishing. 

URLs mentioned

• Drupal 10 Development Cookbook 
• Open AI / ChatGPT integration module
• Velir 
• Kevin's blog 
• Drupal Test Traits 
• Drush's generate command 

DrupalEasy News

Professional module development - 15 weeks, 90 hours, live, online course.  
Drupal Career Online - 12 weeks, 77 hours, live online, beginner-focused course.

Audio transcript 

We're using the machine-driven Amazon Transcribe service to provide an audio transcript of this episode.

Subscribe

Subscribe to our podcast on iTunes, Google Play, iHeart, Amazon, YouTube, or Spotify.

If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.

Credits

Podcast edited by Amelia Anello.
 

Over the past few years, we've published a couple of blog posts about setting up Xdebug for Drupal module development. But, like all things in tech, there's always more to learn as tools and technology evolve.

The setup

I was recently working with one of our Professional (Drupal) Module Development students trying to determine why she wasn't able to use Xdebug to debug a PhpUnit-based functional test. To be clear, the breakpoint wasn't set in the actual test class, the breakpoint was set in some custom module code that was called by the test class.

In functional tests, Guzzle is used by PhpUnit to make calls like:

$this->drupalGet('')

So, in a way, there isn't a direct PHP connection between test class and the code under test. It is in this circumstance that the breakpoint wasn't working.

Xdebug was working fine for this student to debug other aspects of the same project - it just wasn't hitting breakpoints during functional tests.

The solution

This was one of those instances that I had seen (and solved) previously, but to be honest, PhpStorm/Xdebug solutions have often involved numerous trips into the (extensive) PhpStorm settings area. By the time the problem is fixed, I was never 100% sure exactly which change I made had actually solved the problem. But, this time, I was more careful…

Obviously, Xdebug must be enabled in DDEV, and PhpStorm's almost-magical auto-configuration for Xdebug needs to have configured a new "Server" with proper path mappings (especially for the project root).

The PhpStorm configuration settings related to Xdebug that I now recommend are:

• Set the "Max connections" value to 20 in the "PHP | Debug" configuration area (see image above).
• Uncheck the “Force break at the first line when no path mapping is specified,” "Force break at first line when a script is outside the project" and "Ignore external connections through unregistered server configurations" checkboxes in the "PHP | Debug" configuration area (see image above.)
• Set "Host" and "Name" in the "PHP | Servers" configuration are the same (and of the form name.ddev.site, where name is your site's DDEV machine name) (see image below.)
• When running functional tests, PhpStorm may request to see up a new server connection in "PHP | Servers" with the name "localhost." Allow it and ensure the path mapping is correct.

With these settings, functional PhpUnit tests can be effectively debugged. 

Symfony Scheduler provides a viable replacement to hook_cron wherein messages can be scheduled for dispatch at a predefined interval. Messages are dispatched the moment they are scheduled, and there is no message duplication, making tasks more reliable and efficient.

by daniel.phin / 6 February 2024

This post is part 4 in a series about Symfony Messenger.

1. Introducing Symfony Messenger integrations with Drupal
2. Symfony Messenger’ message and message handlers, and comparison with @QueueWorker
3. Real-time: Symfony Messenger’ Consume command and prioritised messages
4. Automatic message scheduling and replacing hook_cron
5. Adding real-time processing to QueueWorker plugins
6. Making Symfony Mailer asynchronous: integration with Symfony Messenger
7. Displaying notifications when Symfony Messenger messages are processed
8. Future of Symfony Messenger in Drupal

With this, the sm worker provided by the SM project, the Symfony Messenger integration with Drupal, can be solely relied on. Rather than legacy runners such as Drupal web cron, request termination cron (automated_cron.module), Drush cron, and Ultimate Cron.

Scheduler functionality is implemented by the Symfony Scheduler component. The Drupal integration is provided by the SM Scheduler module

Schedule provider

Create a message and message handler as usual, then create a Schedule Provider:

<?php declare(strict_types = 1); namespace Drupal\my_module\Messenger; use Symfony\Component\Scheduler\Attribute\AsSchedule; use Symfony\Component\Scheduler\RecurringMessage; use Symfony\Component\Scheduler\Schedule; use Symfony\Component\Scheduler\ScheduleProviderInterface; #[AsSchedule('my_scheduler_name')] final class MyScheduleProvider implements ScheduleProviderInterface { /** * {@inheritdoc} */ public function getSchedule(): Schedule { return (new Schedule())->add( RecurringMessage::every('5 minutes', new MyMessage()), ); } }

A schedule provider is:

• a class at the Messenger\ namespace
• with a #[AsScheduler] class attribute
• implementing \Symfony\Component\Scheduler\ScheduleProviderInterface
• implements an getSchedule method. This method returns a message instance and the schedule frequency.

For dependency injection, schedule providers have autowiring enabled.

What would normally be the contents of a hook_cron hook would instead be added to the message handler. The message itself does not need to store any meaningful data.

Instead of intervals via RecurringMessage::every(...), crontab syntax can be used:

\Symfony\Component\Scheduler\RecurringMessage::cron('*/5 * * * *', new MyMessage());Running the worker

Lastly, schedulers must be run via the consume command with a dedicated transport. The transport name is the schedule ID prefixed by scheduler_. For example, given the scheduler ID my_scheduler_name from above, the transport name will be scheduler_my_scheduler_name.

The command finally becomes: sm messenger:consume scheduler_my_scheduler_name .

Timing

Messages will be dispatched the moment their interval arrives. Normally intervals begin when the worker is initiated, however you can set a point in time to begin interval computation using the \Symfony\Component\Scheduler\RecurringMessage::every   $from parameter.

The worker must be running at the time when a message is scheduled to be sent. The transport won't retroactively catch-up with messages not dispatched during the time it wasn't running.

The next post outlines how to intercept legacy Drupal @QueueWorker items and insert them into the message bus.

Tagged Symfony, Symfony Messenger, Symfony Scheduler, Cron

Today we are talking about AI within Drupal, How AI can help, and Modules to use with guest Martin Anderson-Clutz. We’ll also cover Augmentor AI as our module of the week.

For show notes visit: www.talkingDrupal.com/436

Topics

• Terminology
• IMF analysis
• Prompt engineering
• AI in Drupal
• Best way to try modules
• Best use of AI
• Other ways of integrating

Resources

• Augmentor AI
• Open AI
• Prompt Engineering: Get the Most From Your Drupal Site's AI Integration
• Terminology
  • NLP - work with text provided in a conversational format, understand the intended meaning, and provide a relevant response
  • AI - A subset of CS that aims to develop systems that can mimic human response, or automating sophisticated behavior
  • ML - subset of AI that aims to act without explicit guidance, by extrapolating from known data
  • Deep learning - a subset of ML which uses artificial neural networks with representational learning to develop and leverage their own means of classification and other feature detection
  • LLM - an AI algorithm that uses Deep Learning techniques to accomplish NLP tasks such as responding to unstructured user prompts. LLMs are trained on massive data sets, often gathered from the internet, but sometimes using more specialized data
  • Typically the AI interfaces our listeners are already using are based on an LLM, but the nature and recency of the data they’ve been trained on can vary widely. Recently Mike Miles created Drupal Droid, a GPT model specifically trained for Drupal developers, and you can find a demo of that in our YouTube channel
• Mike Miles Drupal Droid
• AI module list
• OpenAI Image
• Search API Pinecone
• TMGMT Translator OpenAI

Guests

Martin Anderson-Clutz - mandclu

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi

MOTW Correspondent

Martin Anderson-Clutz - mandclu Augmentor AI

• Brief description:
  • Have you ever wanted a highly configurable way to integrate multiple AI services with your Drupal site? There’s a module for that.
• Brief history
  • How old: created in Oct 2022 by murrayw of Morpht, though recent releases are by elonel
  • Versions available: 1.1.2 which works with Drupal 9.5 and 10
• Maintainership
  • Actively maintained, most recent release was earlier this month
  • Documentation available
  • Number of open issues: 11, 3 of which are bugs
• Usage stats:
  • 82 sites
• Module features and usage
  • To use Augmentor AI, you need to define one or more “augmentor” configuration entities. An augmenter entity implements an augmentor type, which determines what AI service it can use, what configuration options it will have available, and so on.
  • The augmentor will define one or more “messages” that provide structure to the prompt that will be passed to the AI model in order to generate a response. It can also be configured in a variety of ways, such as how much randomness to use, a maximum response length, and more.
  • You can expose your augmentor(s) to content creators by adding a CKEditor button, or by adding fields to your site’s entity forms. For each field use can choose the widget to use, and how it should interact with any existing data in the field you want to target.
  • For example, you could have it generate a summary from your body field and have it automatically populate the summary field. Or, you can have it suggest tags, but the specialized widget renders each suggestion as a clickable element that will add the tag to a core tag field.
  • There are currently modules available to integrate Augmentor AI with ChatGPT, Google Cloud Vision, AWS AI, and more.

Dear Python Enthusiasts,

Excitement is in the air as we gear up for EuroPython 2024, the conference that brings together the brightest minds in the European Python community!

In the spirit of inclusivity and community collaboration, we are thrilled to announce an extension of the Call for Contributors for EuroPython 2024! We want to ensure that everyone who wishes to contribute has the opportunity to do so. This extension allows more Pythonistas to be a part of this incredible event, shaping the conference and making it an enriching experience for all.

How Can You Get Involved?1. Review the proposals:

Have you navigated the ins and outs of proposal submissions? The heart of EuroPython lies in its program. If you&aposre passionate about curating an exceptional conference agenda, we welcome you to join our team of Reviewers. By reviewing proposals and assisting in the selection process, you&aposll contribute to crafting a lineup that reflects the diversity and innovation within the Python community.

2. Volunteer for the Conference Organisation:

EuroPython is not just about talks; it&aposs about fostering connections and creating memorable experiences. We&aposre looking for volunteers to help with various aspects of the conference, from registration to technical support. Your contribution, big or small, will play a crucial role in making EuroPython 2024 an unforgettable event for everyone involved.

3. Become a Speaker Mentor:

Do you have experience as a speaker at Python conferences? Are you passionate about mentorship? We invite you to be a guiding force for our aspiring speakers. By volunteering as a Speaker Mentor, you&aposll play a pivotal role in shaping the future of Python conference speakers. Your expertise will help potential speakers refine their proposals, ensuring a diverse and high-quality program.

How to Get Involved:

1. Reviewers:

• Sign up on the Registration Form.
• Share insights into your experience with Python and conferences.
• Join our collaborative effort to shape an outstanding conference program.

2. Volunteer for Conference Organisation:

• If you’d like to learn more about how we work, check this link: Teams Descriptions
• Let us know your availability and preferences for volunteering roles.
• Be a crucial part of the behind-the-scenes magic that makes EuroPython memorable.

3. Speaker Mentorship:

• Please fill out the Speaker Mentor Application Form.
• Provide details about your experience and areas of expertise.
• Our team will match you with potential speakers based on your background.

&#x1F4DD; Make sure to sign up by February 12th 2024 AoE! &#x1F4DD;

Why Volunteer?

Community Contribution:

• Contribute to the Python community by sharing your knowledge and experience.
• Help newcomers find their voice in the tech world.

Networking Opportunities:

• Connect with like-minded individuals, speakers, and fellow volunteers.
• Build relationships that can shape your professional journey.

Personal Growth:

• Hone your mentoring and organisational skills.
• Gain insights into the latest trends and innovations in the Python ecosystem.

Don&apost miss this chance to be an integral part of EuroPython 2024! Let&aposs join forces to make this conference a celebration of Python&aposs diversity, innovation, and community spirit. Together, we can create an event that inspires, educates, and leaves a lasting impact on every participant.

See you at EuroPython 2024!

EuroPython 2024 Organizing Team

Explore the dynamic journey of Jorge Lopez-Lago, seasoned Solutions Architect at FFW, as he shares his diverse experiences and insights in an exclusive interview with The Drop Times, offering a glimpse into his evolution from a hands-on Drupal developer to a multifaceted leader and his unique approach to problem-solving and community engagement.

Every encountered an _io.TextIOWrapper object when you wished you had a string? That's Python's version of a "text file" object!

Table of contents

1. TextIOWrapper objects are files
2. _io.TextIOWrapper aren't the only "files"
3. Don't try to pass a file to str
4. You can also read line-by-line
5. Use read to convert _io.TextIOWrapper objects to strings

TextIOWrapper objects are files

If you use Python's built-in open function to read from a file, you'll end up with a _io.TextIOWrapper object. You can think of this as a file object.

>>> file = open("example.txt", mode="rt") >>> type(file) <class '_io.TextIOWrapper'>

If you open a file in read mode (the default mode), you should be able to call the read method on your file object to read your file into a string:

>>> contents = file.read() >>> contents 'This is an example text-based file.\nIt existed before we read it.\n'

More on reading text files in reading files in Python.

_io.TextIOWrapper aren't the only "files"

Due to duck typing, …

Read the full article: https://www.pythonmorsels.com/TextIOWrapper/