Elsewhere

Steve Kemp: Kraków was nice

Planet Debian - Sat, 04/10/2014 - 14:20

We returned safely from Kraków, despite a somewhat turbulent flight home.

There were many pictures taken, but thus far I've only posted a random night-time shot. Perhaps more will appear in the future.

In other news I've just made a new release of the chronicle blog compiler, So 5.0.7 should shortly appear on CPAN.

The release contains a bunch of minor fixes, and some new facilities relating to templates.

It seems likely that in the future there will be the ability to create "static pages" along with the blog-entries, tag-clouds & etc. The suggestion was raised on the github issue tracker and as a proof of concept I hacked up a solution which works entirely via the chronicle plugin-system, proving that the new development work wasn't a waste of time - especially when combined with the significant speedups in the new codebase.

(ObRandom: Mailed the Debian package-mmaintainer to see if there was interest in changing. Also mailed a couple of people I know who are using the old code to see if they had comments on the new code, or had any compatibility issues. No replies from either, yet. *shrugs*)

Categories: Elsewhere

Petter Reinholdtsen: New lsdvd release version 0.17 is ready

Planet Debian - Sat, 04/10/2014 - 08:40

The lsdvd project got a new set of developers a few weeks ago, after the original developer decided to step down and pass the project to fresh blod. This project is now maintained by Petter Reinholdtsen and Steve Dibb.

I just wrapped up a new lsdvd release, available in git or from the download page. This is the changelog dated 2014-10-03 for version 0.17.

  • Ignore 'phantom' audio, subtitle tracks
  • Check for garbage in the program chains, which indicate that a track is non-existant, to work around additional copy protection
  • Fix displaying content type for audio tracks, subtitles
  • Fix pallete display of first entry
  • Fix include orders
  • Ignore read errors in titles that would not be displayed anyway
  • Fix the chapter count
  • Make sure the array size and the array limit used when initialising the palette size is the same.
  • Fix array printing.
  • Correct subsecond calculations.
  • Add sector information to the output format.
  • Clean up code to be closer to ANSI C and compile without warnings with more GCC compiler warnings.

This change bring together patches for lsdvd in use in various Linux and Unix distributions, as well as patches submitted to the project the last nine years. Please check it out. :)

Categories: Elsewhere

Don't Panic: A blog about Drupal: Sprinting for the first time

Planet Drupal - Sat, 04/10/2014 - 08:27

For many years, I've been using Drupal as many people do - by clicking, publishing information and creating websites through the addition of modules and themes. I know how to code in PHP, but with my involvement in the local Drupal community, organizing three DrupalCamps in Gothenburg (2012, 2013 and 2014) and having family and friends, there hasn't been much time to dig down into Drupal and help out with issues and writing code.

When DrupalCon Amsterdam came closer I chose to take a couple of vacation days, and stay for the sprints after the camp. To take part in the First-time Sprinter Workshop on Friday and learn how to code in Drupal.

First-time Sprinter Workshop

We were a big bunch of people, gathered in a room at the Amsterdam RAI, to learn how to code, or at least how to help out. We would have three hours of introduction, which I had high hopes for. Apart from us, there were about 20 mentors helping out. The first thing we had to do was to install all necessary programs, like GIT, Acquia Dev Desktop, Limechat etcetera. Since I work with GIT, have been on IRC for many years, nothing of this was new. Installing the Dev Desktop was troublesome though, and much time went to figure out what was wrong. During this time I couldn't pay attention to what was said about drupal.org and the issue queue, so suddenly I had no idea of what to do with my (slightly) new coding environment. I just didn't know what to do. I asked one of the mentors, and he said to go find an issue in the Drupal Core and work on that. Work on it how? What should I do with it? This was why I wanted to stay for the sprinting, to learn what to do, perhaps even how to do it. Frustration was creeping up on me...

YesCT to the rescue!

So I sat down in front of the issue queue and tried to find something to do. I didn't know what to look for, and I ended up helping out on IRC and helping a guy sitting next to me, who knew less about GIT than me. Felt good to help someone, and to actually feel useful. Then suddenly Cathy Theys, YesCT on Twitter, comes in and asks some of the guys in the room if the mentors had explained what to do when the coding environment installation is done. Since they hadn't been that thorough, Cathy took some time to do so, and that was so welcome. Suddenly I actually had some clue of what to do. A little better clue anyway. With Cathy's words in mind, I also asked a mentor called Andy if he could help me finding something to focus on. He took care of me, placing me next to two other guys who are new to Drupal coding as well, and together we explored the issues queues, trying to find appropriate tasks to do.

"Is that a wall heading my way?"

I realised quickly that even an issue tagged with 'novice' was often to hard for me, since I'm new to Object Oriented Programming, but after a while I started reviewing a patch here, a patch there and summarizing an issue here and an issue there. A fellow podcast member, Kristoffer Wiklund, said that even though everyone here wants as many as possible working on, patching and reviewing Drupal 8, there are still thousands of themes and modules out there, both getting re-written for Drupal 8, but also having issues for Drupal 7. Therefore, I also took time to look at some of the modules and themes that I use, to see if I could help out there. And I could! You can't imagine the feeling when I'm suddenly taking baby-steps towards helping out more and more. My Dashboard on drupal.org was, within the hours, filling up with comments of what I've summarized, what I've added and reactions to my comments. That, my fellow Drupalistas, is something you can't put a price tag on.

Ending on a high note

The day started quite bad, but ended much better, in two ways. Apart from the wounderful mentoring of Andy, we were also approached by some other mentors handing out a handful of cards, with different tasks on them. It was Sprint task cards, and when summarizing what I've been doing with Drupal for the last 4 years and what I've done during DrupalCon Amsterdam, I suddenly was eligible for 4 out of 6 cards. Sure, the mentors were a bit nice on some tasks, but it felt really good on getting 4 stickers with "Explorer", "Mentor", Issue mover" and "Community contributor". The last one was extra nice, since I work quite hard on arranging the DrupalCamps in Sweden.

"One more thing..." 

But that was only one thing that made the day extra special. What about the other? At 5 o'clock, Cathy entered the room and announced it was time to see when webchick, Angie Byron, commits patches to Durpal 8 core live - on stage. Well, there wasn't a stage, but at least in front of everybody. I was sitting at the desk in the front, so I had a very good seat. They did the commits, and denied some, and everything was nice and so. Webchick has a really good sense of humour which made everything extra nice. In the end she thanked the people who had made the patches she committed this afternoon but then  - and I could applause this for a very long time - she also said that it's all of us who are important, from the tiniest little bug reporter to those who do screenshots and write summaries. That showed me that I really can make a difference and that I shouldn't pack it up and go home, just because I can't write code that fixes all the major bugs in Drupal 8. And now for the good part - when Angie asks everyone that had helped out with patches to stand up I thought I shouldn't stand, but my mentor Andy encouraged me to stand up. Sure, I had helped, but I didn't think it mattered that much. But he did. And I thank him for that. That extra encouragement made me want to go home and continue looking through the issue queues at Drupal.org, helping out, fixing it. So we can get Drupal 8 out the door. Together.

(I ended up visiting an art exhibition of LEGO statues called 'Art of the brick' that evening, but that's a different story.)

Categories: Elsewhere

Laura Arjona: I’ve applied to be a (non uploading) Debian Developer

Planet Debian - Sat, 04/10/2014 - 02:05

I’ve just applied to be a (non uploading) Debian Developer. I’ve just filled in the form, and decrypted the message that I received to confirm my application (I had read the important documents long time ago, and again, some weeks ago, and again, some days ago).

I was expecting today to gather some GPG signs, but the event was cancelled (postponed). So beginning next week, I’ll try to gather GPG signs one by one, by myself.

Outdated translations of the website are finished (no more yellow stickers in the Spanish http://www.debian.org!), and I already began with the translation of new files.

I’ve sent mails to say thank you to some of the people that helped me during this phase of Debian Contributor.

I think I’ve done everything that I can do for now. So let’s wait.

I don’t know how will I sleep tonight.

Comments?

You can comment in this pump.io thread.


Filed under: My experiences and opinion Tagged: Communities, Contributing to libre software, Debian, encryption, English, Free Software, Moving into free software, translations
Categories: Elsewhere

Appnovation Technologies: Unit and Functional Testing in Drupal

Planet Drupal - Sat, 04/10/2014 - 01:12

Drupal 7 comes by default with the simpletest (Testing) module which allows you to run test cases against your code, whether it's a small piece of code such as a function, or an entire workflow.

var switchTo5x = false;stLight.options({"publisher":"dr-75626d0b-d9b4-2fdb-6d29-1a20f61d683"});
Categories: Elsewhere

Blue Drop Shop: Drupal Camp A/V Kit REBOOT!

Planet Drupal - Fri, 03/10/2014 - 23:15

This is a continuation of the discussion started here: http://bit.ly/DrupalAVKits

The session record kits we tested at DrupalCamp Fox Valley 2014 show a lot of promise for easy-to-use, affordable recording stations. There are some issues that need to be worked out and some additional testing to be done before we can approach the Drupal Association to consider making them available for camps.

While most sessions were recorded flawlessly, we ran into a few issues:

  • One presenter laptop (MacBook Air) never successfully made a connection, but luckily we were able to capture a QuickTime screen record
  • There is no indicator of the audio levels, and three sessions were lost due to no audio
  • The record is stopped if the presenter laptop goes to sleep, so we lost a session due to that
  • The touch audio panel is visually misleading to presenters, and very touch sensitive
  • There is only one audio input, so to record multiple presenters, we need to test a small mixer to accept multiple inputs and output one audio channel to the recorder
  • The projector must be able to take a 1920x1080 signal
  • The VGA to HDMI adapter didn’t hold a tight connection to the VGA cord for the projector, so we scored some tip ties from the venue AV department. This was inconvenient when we had to switch out the cords
  • The audio was a bit too quiet, so we should have used the +20db boost for the records
  • There is a detectable clicking on some of the audio records, though can’t say why
  • Additional dongles need to be purchased and tested to capture from various tablets for presenters that come in without a laptop
Next Steps

Before this can be ready for prime time, the audio issue definitely needs to be overcome. I’m hoping to find a digital audio recorder that can feed audio out, which would then pipe into the recording device. This would give direct feedback via the audio recorder as well as a backup audio channel. If we had this, we could have saved three session records, since the video capture was perfect. 

The mics proved to be the weakest link. Three sessions were lost because of no audio channel. Hard to say why, but it’s possible that the on/off switch was inadvertently switched off after initial setup, or the unit was muted (seems less likely). It would be worth testing if a portable audio recorder can feed audio in to the record device. That would also overcome the issue of multiple presenters.

Also, with better communication with the presenters, after we hook up the kit, they can be in charge of the start/stop of the record, since that big red “easy” button can’t get any simpler. Maybe a simple printed sheet listing the various indicators on the device. This would eliminate the need to trim and re-process in post.

Ultimately, with predictable/boosted audio and no need of trimming, session videos could be uploaded directly from the thumb drives.

Bonus points if there is a converter out there to take the 1080 signal out of the recorder and downsample it for older projectors.

The Beta Kit

Record Device - $140
Hauppauge HD PVR
http://www.amazon.com/Hauppauge-Rocket-Portable-Recorder-Systems/dp/B00G...

This device provides a pass-through record of the presenters laptop directly onto a USB thumb drive. The movie format is an H.264 1920 x 1080 AAC 30 FPS MP4 video. 

The unit takes HMDI or component video (with a provided adapter cable) in and provides HDMI out. For audio, there is a 3.5mm microphone jack. To start and stop the record, you basically push the big red button. The audio touch panel lets you mute/unmute the microphone, increase the volume and add 20db boost. 

Powered Microphone - $32 
Audio-Technica ATR-3350 Lavalier Omnidirectional Condenser Microphone  
http://www.amazon.com/Audio-Technica-ATR-3350-Omnidirectional-Condenser-...

HDMI to VGA (connects to projector) - $10
VicTsing 1080P HDMI Male to VGA Female Video Converter Adapter Cable For PC Laptop DVD HDTV PS3 XBOX 360 and other HDMI input
http://www.amazon.com/gp/product/B00G9UWP94

VGA to HDMI (support non-HDMI PC laptops) - $25
IO Crest VGA to HDMI Convertor with Audio support (SY-ADA31025)
http://www.amazon.com/gp/product/B006FILNV6

Mini Display Port to HDMI (support non-HDMI Mac laptops) - $10
PNY A-DM-HD-W01 Mini DisplayPort to HDMI Adapter
http://www.amazon.com/PNY-A-DM-HD-W01-Mini-DisplayPort-Adapter/dp/B007B6...

Additional Untested Equipment

2-4 Presenters, if a standalone digital audio recorder does not work

4-channel mixer - 17.44
Nady MM-141 4-Channel Mini Mixer
http://www.amazon.com/Nady-MM-141-4-Channel-Mini-Mixer/dp/B0009X9H9I

1/8” to 1/4” - 2.3
Hosa GPM-103 3.5mm TRS to 1/4" TRS Adaptor
http://www.amazon.com/Hosa-GPM-103-3-5mm-TRS-Adaptor/dp/B000068O3T/

1/4” to 18” - 1.95
Hosa Cable GMP386 1/4 TS To 1/8 Inch Mini TRS Mono Adaptor
http://www.amazon.com/Hosa-Cable-GMP386-Inch-Adaptor/dp/B001CJ68KE

Various tablet support and alternate dongles

Cable Matters SuperSpeed USB 3.0/2.0 to HDMI/DVI Adapter for Windows and Mac up to 2048x1152/1920x1200 in Black - 47.99
http://www.amazon.com/gp/product/B00BPEV1XK

VicTsing Dock to HDMI AV Cable Adapter for iPhone 4 4S iPad 1 2 New iPad (1080P) - 11.99
http://www.amazon.com/VicTsing-Cable-Adapter-iPhone-1080P/dp/B00979QONC/

Lightning Digital AV Adapter - 43.37
http://www.amazon.com/Apple-MD826ZM-Lightning-Digital-Adapter/dp/B009WHV...

EnjoyGadgets Thunderbolt to HDMI Video Adapter Cable, with Audio Support - 9.98
http://www.amazon.com/EnjoyGadgets-Thunderbolt-Video-Adapter-Support/dp/...

Micro HDMI (Type D) to HDMI (Type A) Cable For Microsoft Surface - 5.99
http://www.amazon.com/Micro-Cable-Microsoft-Surface-Compatible/dp/B009XL...

Skiva MHL Micro USB to male HDMI cable (6.5 feet) for Samsung Galaxy S3 (SIII LTE i9300 L710 i747 i535 T999), Samsung Note 2, Galaxy S2, Galaxy Note, HTC One X, LG Optimus HD and other MHL Devices (HD-X3) - 11.99
http://www.amazon.com/Skiva-Samsung-Galaxy-Optimus-Devices/dp/B00A9H30LU/

LinkS Micro USB to HDMI MHL cable +Micro 5pin to 11pin adapter + 3 Feet Charging Cable in Black Kit-(Compatible with any MHL enable smartphones and tablets) (Adapter kit) - 12.99
http://www.amazon.com/LinkS-adapter-Charging-Compatible-smartphones/dp/B...

Cable Matters Gold Plated DisplayPort to HDMI Adapter (Male to Female) with Audio in Black - 11.99
http://www.amazon.com/Cable-Matters-Plated-DisplayPort-Adapter/dp/B005H3...

Samsung ET-H10FAUWESTA Micro USB to HDMI 1080P HDTV Adapter Cable for Samsung Galaxy S3/S4 and Note 2 - Retail Packaging - White - 28.91
http://www.amazon.com/Samsung-ET-H10FAUWESTA-Micro-Adapter-Galaxy/dp/B00...

USB A Male to Mini 5 pin (B5) Female Adapter - 2.97
http://www.amazon.com/USB-Male-Mini-Female-Adapter/dp/B001VLIL3K/

Various HDMI converters - 13.99
AFUNTA Hdmi Cable Adapters Kit (7 Adapters)
http://www.amazon.com/gp/product/B00AA8MAUK

HDMI cable - 7.69
Twisted Veins 1.5ft High Speed HDMI 3 Pack
http://www.amazon.com/gp/product/B00FX6KO8Y

VGA to component video (would still need component video cables) - 7.24
StarTech.com 6-Inch HD15 to Component RCA Breakout Cable Adapter - M/F (HD15CPNTMF)
http://www.amazon.com/StarTech-com-6-Inch-Component-Breakout-Adapter/dp/...

Personal Voice Recorder Option

Personal Voice Recorder with audio line out - $160
Zoom H2n Handy Recorder
http://www.amazon.com/Zoom-H2N-H2n-Handy-Recorder/dp/B005CQ2ZY6/

Zoom APH2n Accessory Pack for H2n Portable Recorder - $40
AC adapter, case, wired remote, tripod, and other goodies
http://www.amazon.com/Zoom-APH2n-Accessory-Portable-Recorder/dp/B005CQ30A4

3.5mm audio cable - $9
FRiEQ® 3.5mm Male To Male Car and Home Stereo Cloth Jacketed Tangle-Free Auxiliary Audio Cable (4 Feet/1.2M)
http://www.amazon.com/Jacketed-Tangle-Free-Auxiliary-Samsung-Android/dp/...

32MB SD Card - $17
SanDisk Ultra 32GB SDHC Class 10/UHS-1 Flash Memory Card Speed Up To 30MB/s
http://www.amazon.com/SanDisk-Frustration-Free-Packaging--SDSDU-032G-AFF...

Tags:
Categories: Elsewhere

Blue Drop Shop: Adding Your Theme Classes to CKEditor

Planet Drupal - Fri, 03/10/2014 - 23:08

WYSIWYG editors are the bane of my existence, yet they are a necessary evil if you have clients that want to edit their site content.

But somewhere between all the inline styles they create to editing source code, there simply had to be a solution that would let me open up my theme css to content creators. 

After much searching and testing, I have found that unicorn. 

CKEditor populates the style drop down menu with a js file, and it lets you override it. Problem is, as stated in the docs, it doesn't work. And there were a few various options posted in the CKEditor module issue queue. 

First off, you create a new js file to name a function that will build the drop down select items and the parameters for each. Contrary to what has been suggested in various posts, I put this in my theme's js folder. That way it won't get overridden by a module or library update, and it just makes sense since it's tied to my theme. Only CKEditor will be looking for this file, so there's no need to call it in your template files nor add it to your .info file. 

For example, I created a file named ckeditor_styles.js like so:
 

( function() {
    CKEDITOR.stylesSet.add( 'my_styles', [ // this is the styles set name you will call later
        { name: 'Teal Heading 2', element: 'h2', attributes: { 'class': 'teal' } }, 
        { name: 'Teal Text', element: 'span', attributes: { 'class': 'teal' } },
        { name: 'Unbold Heading', element: 'span', attributes: { 'class': 'unbold' } }
    ]);
} )();

It's pretty straightforward. The name parameter is what you will actually select in the drop down. The element is where you specify where to inject the class. If it's a block-level element (h1, h2, div, p, etc.), the class will added. If it's a span, then the selected text will be wrapped in a classed span. As for attributes, that's where you specify you are calling a class, and also provide the name of the class you want to inject. The resulting drop down will be split into block styles and inline styles.

The second step is to let CKEditor know where to find this file, via the advanced options section in the configuration. Navigate to admin/config/content/ckeditor and edit the profile you wish to add this to, most likely Full HTML. Docs will say you only need to set config.stylesSet, but as gleaned from the issue queues (and tested personally), you need to also set config.stylesCombo_styleSet.

Expand the Advanced Options field set and add the following to the Custom JavaScript Configuration with your styles set name and the path to your js file:

config.stylesCombo_stylesSet = 'my_styles:/sites/all/themes/mytheme/js/ckeditor_styles.js';
config.stylesSet = 'my_styles:/sites/all/themes/mytheme/js/ckeditor_styles.js';

Clear your caches and you should now be able to pick styles from your drop downs that will add either standard elements or spans with the desired classes. 

Sources:
http://docs.ckeditor.com/#!/guide/dev_howtos_styles
https://www.drupal.org/node/1287432

Tags:
Categories: Elsewhere

Blue Drop Shop: Drupal Camp Organizers, Unite!

Planet Drupal - Fri, 03/10/2014 - 23:04

At DrupalCorn Camp 2014, there seemed to be a fairly high number of camp organizers in attendance, so we held what I like to think of as a SuperBOF. I think we pulled four banquet tables together in order to fit everyone.

The purpose was to share pain points and just brainstorm camp stuff. Notes were taken and the doc is shared publicly here: http://bit.ly/drupal-camps

Most of the discussion was centered around information sharing and coordination of efforts and how to accomplish that. We had thought that creating a private group on g.d.o for organizers to share not-ready-for-prime-time information would work. Turns out, that's not the case, as "private" only means there is moderation on who can join, but all posts are fully public.

Why a private group? Well, mostly for shared contact lists, proposed dates for coordinated planning before announcements, things like that. The intent also is to publicly share as much knowledge as we can, but in a centralized place that's a little less cumbersome than g.d.o.

In addition, we created a #drupalcamp IRC channel, and you should totally join if you are a camp organizer. 

So stay tuned, add your name to the doc if you want to be included on the proposed quarterly meeting, and join the channel so collaboration can start now!

Tags:
Categories: Elsewhere

Ian Donnelly: Config::Model and Elektra

Planet Debian - Fri, 03/10/2014 - 22:55

Hi Everybody,

Today I want to talk about the different approaches of Elektra and Config::Model. We have gotten a lot of questions lately about why Elektra is necessary and what differentiates it between similar tools like Config::Model. While there are a lot of similarities between Config::Model and Elektra, there are some key differences and that is what I will be focusing on in this post.

Once a specification is defined for Elektra and a plug-in is written to work with that specification, other developers will be able to reuse these specifications for programs that have similar configurations (such a specification and plug-in for the ini file type.) Additionally, specifications, once defined in KDB can be used across multiple programs. For instance, if I were to define a specification for my program within KDB:
[/myapp/file_dialog/show_hidden_files]
type=Boolean
default=true

Any other program could use my specification just by referring to show_hidden_files. These features allow Elektra to solve the problem of cross-platform configurations by providing a consistent API and also allow users to easily be aware of other applications’ configurations which allows for easier integration between programs.

Config:: Model also moves to provide a unified interface for configuration data and it also supports validation such as the type=Boolean like in the above example. The biggest differences between these two projects is that Elektra is intended for use by the programs themselves and by external GUIs and validation tools unlike Config::Model. Config::Model provides a tool allowing developers to provide a means for users to interactively edit configuration data in a safe way. Additionally, Elektra uses self-inscribing data. This means that all the specifications are saved within KDB and in metadata. More differences are that validators can be written in any language for Elektra because the specifications are just stored as data and they can enforce constraints on any access because plug-ins define the behavior of KDB itself.

Tying this all together with my GSoC project is the topic of three-way merges.  Config::Model actually does not rely on a base for merges since the specifications all must be complete. This is a very good approach to handle merges in an advanced way too. This is an avenue that Elektra would like to explore in the future when we have enough specifications to handle all types on configuration.

I hope that this post clarifies the different approaches of Elektra and Config::Model. While both of these tools offer a better answer to configuration files they do have different goals and implementations that make them unique. I want to mention that we have a good relationship with the developers of Config::Model, who supported my Google Summer of Code Project. We believe that both of these tools have their own place and uses and they do not compete to achieve the same goals.

For now,
Ian S. Donnelly

Categories: Elsewhere

Gunnar Wolf: Obsoletion notice on githubredir

Planet Debian - Fri, 03/10/2014 - 20:58

Back in 2009, I set up githubredir.debian.net, a service that allowed following using uscan the tags of a GitHub-based project.

Maybe a year or two later, GitHub added the needed bits in their interface, so it was no longer necessary to provide this service. Still, I kept it alive in order not to break things.

But as it is just a silly web scraper, every time something changes in GitHub, the redirector breaks. I decided today that, as it is no longer a very useful project, it should be retired.

So, in the not too distant future (I guess, next time anything breaks), I will remove it. Meanwhile, every page generated will display this:

(of course, with the corresponding project/author names in)

Consider yourselves informed.

AttachmentSize githubredir.png37.68 KB
Categories: Elsewhere

Chapter Three: Chapter Three at Drupalcon Amsterdam

Planet Drupal - Fri, 03/10/2014 - 20:51

Wrapping up today, Drupalcon Amsterdam created a big buzz around Drupal 8. A crew of over 2,100 participated in sessions, sprints and keynotes, and celebrated the release of the Beta 1 version of Drupal 8.

Categories: Elsewhere

Thorsten Glaser: mksh R50c released, security fix

Planet Debian - Fri, 03/10/2014 - 20:12

The MirBSD Korn Shell has got a new security and maintenance release.

This release fixes one mksh(1)-specific issue when importing values from the environment. The issue has been detected by the main developer during careful code review, looking at whether the shell is affected by the recent “shellshock” bugs in GNU bash, many of which also affect AT&T ksh93. (The answer is: no, none of these bugs affects mksh.) Stephane Chanzelas kindly provided me with an in-depth look at how this can be exploited. The issue has not got a CVE identifier because it was identified as low-risk. The problem here is that the environment import filter mistakenly accepted variables named “FOO+” (for any FOO), which are, by general environ(7) syntax, distinct from “FOO”, and treated them as appending to the value of “FOO”. An attacker who already had access to the environment could so append values to parameters passed through programs (including sudo(8) or setuid) to shell scripts, including indirectly, after those programs intended to sanitise the environment, e.g. invalidating the last $PATH component. It could also be used to circumvent sudo’s environment filter which protected against the vulnerability of an unpatched GNU bash being exploited.

tl;dr: mksh not affected by any shellshock bugs, but we found a bug of our own, with low impact, which does not affect any other shell, during careful code review. Please do update to mksh R50c quickly.

Categories: Elsewhere

CiviCRM Blog: Future First's Contact View & Edit

Planet Drupal - Fri, 03/10/2014 - 20:10
Sadly all good things must come to an end.   Here at the CiviCRM 2014 Edale Sprint we've been working closely with members of the core team. As well as fixing bugs, working on integrating Google Summer of Code projects, and readying extensions for release, it's been an excellent opportunity for the Future First Software Developers to learn directly from the CiviCRM experts themselves.   In a presentation I showed something that the Future First Software Development Team made recently - a brand new contact screen. It went down a treat, so here's a blog article revealing how we did it!   Background:   Future First is a charity that helps state-funded schools and colleges mobilise their former students for the benefit of their current students. Former students can do this by attending in-school events to inspire current students, by offering mentoring or work experience opportunities, by assisting in fundraising, or even by appearing on a poster displayed in the school!   A key part of Future First's offering is a Teacher Dashboard that teachers can log into to engage with their former students. This mostly involves an extensive search system and a communal inbox. It is built from a combination of Drupal custom modules and CiviCRM custom extensions.   The legacy:   Future First's Teacher Dashboard is a legacy system. Initially a screen was created to allow teachers to view contacts, based off a profile (with a separate screen to edit). Then notes were attached, so that teachers could add, edit, and remove notes about the alumni. When our Mailbox was operational we added each mail send to and from that alumnus to the profile screen too. Afterwards we added the ability to record mobilisations, so they made their way onto the screen as well!   The result was not pretty: an overburdened, messy screen that didn't allow teachers to view or edit all of the information that was being stored by CiviCRM. It was very slow, as all the mobilisations and emails had to be loaded just to add or remove a note. And everything had to be loaded once to view the contact, then again to edit it, and then a third time to see the saved edit.   It was time to start over.    The requirements:   Our main requirements were:  - fast - have only one screen for both editing - neater - view and edit everything - maintainable. Our system is growing rapidly, and the screen should be ready to support that.   The plan:   With three members of staff to work on the project, it needed to be modular. The data was broken into logical categories, and an api and template file was created for each of these. This structure translated directly into the different tabs.   Only the data on the first tab is loaded. When other tabs are clicked AJAX calls the API function for that tab. This retrieves the relevant data, which some jQuery then puts into the appropriate place.   Inline editing was used for each field. This feature, provided by the CiviCRM core, allows our users to view and update data without needing to move between different screens. Sadly, this didn't let us update custom data, so we patched it and offered our patch to the core!   The results:     AttachmentSize contact_screen_1.png86.5 KB contact_screen_2.png69.15 KB contact_screen_3.png97.02 KB contact_screen_4.png65.94 KB
Categories: Elsewhere

Victor Kane: DrupalCon Amsterdam 2014 - Historic Mirror on Drupal's Future

Planet Drupal - Fri, 03/10/2014 - 18:18

Drupal has immersed all our lives in the web, and the biggest conclusion we can draw from this DrupalCon is that Drupal in particular and we, as creators and consumers of Drupal, are all being rocked to the core by the fast pace of change in the industry. Changes in the development, scope, architecture, process and workforce dynamics prevalent in the development and acquisition of ever-more complex web applications and systems are rocking Drupal too, and the result is a scrambling for solid footing.

The footing we all find, and the journeys we take to find it, will determine our future.

First and foremost we need to come to grips with the debates, with what is shaping up. We need to learn a lot just to fathom the consensus on what the options are now. Then we must prick up courage and make choices.

But one truth is acknowledged by all: there is no simple and straightforward path forward, from here on in we mix and match, we build on an industry-wide workbench to common standards, or we build not at all. There is no more protective balloon, the big blue bubble has burst, or worse, is in the act of bursting now.

But this is not a bad thing. We just need to keep our heads, even if Drupal cannot. If we can drive @eaton's Promiscuous Drupal to its logical limit, if we can Keeping it Simple with @sdboyer we can "bring that knowledge back to the community" no matter what, as @crell guides us through Managing Complexity (be sure to check out his reading list) and the portals decouple, while beset with New Wave PHP, and at every turn: Drupal in the Hip Hop Virtual Machine with the @outlandishjosh.

That's the intoxication of sampling the key presentations from this historic DrupalCon Amsterdam 2014: let's find out what it's all about.

Of course, this is just my own shortlist (grouped by topics, of which, it is worth pointing out, headless is second only to Drupal 8 and way ahead of anything else as a concern), but whether or not I left out any well-deserving items from the list, it's more than enough to be able to say "Wow, we live in interesting times".

Keynote Drupal 8 Headless Drupal PHP Renaissance Web Dev Future Drupal 7

Check some of these out, we need to talk about this over the next few days.

And in later articles and repos, I will be sharing concrete examples of how I am dealing with all of this, and how I am planning, well, my future.

read more

Categories: Elsewhere

Code Karate: Drupal 7 Search Krumo Module

Planet Drupal - Fri, 03/10/2014 - 18:16
Episode Number: 171

The Drupal 7 Search Krumo Module extends the Devel module and makes it easier to debug PHP variables while developing Drupal modules or building Drupal themes. It adds a simple search box that allows you to quickly search through the Krumo output that is generated by the dpm function.

If you want to try it out quickly, simply download and install the module and run the following code on the variable you want to debug:

Tags: DrupalDrupal 7Module DevelopmentTheme DevelopmentDrupal PlanetTips and Tricks
Categories: Elsewhere

Mike Hommey: No PIE for you!

Planet Debian - Fri, 03/10/2014 - 18:00

You are a software vendor. You distribute software on multiple operating systems. Let’s say your software is a mildly popular internet browser. Let’s say its logo represents an animal and a globe.

Now, because you care about the security of your users, let’s say you would like the entire address space of your application to be randomized, including the main executable portion of it. That would be neat, wouldn’t it? And there’s even a feature for that: Position independent executables.

You get that working on (almost) all the operating systems you distribute software on. Great.

Then a Gnome user (or an Ubuntu user, for that matter) comes, and tells you they downloaded your software tarball, unpacked it, and tried opening your software, but all they get is a dialog telling them:

Could not display “application-name”
There is no application installed for “shared library” files

Because, you see, a Position independent executable, in ELF terms, is actually a (position independent) shared library that happens to be executable, instead of being an executable that happens to be position independent.

And nautilus (the file manager in Gnome and Ubuntu’s Unity) usefully knows to distinguish between executables and shared libraries. And will happily refuse to execute shared libraries, even when they have the file-system-level executable bit set.

You’d think you can get around this by using a .desktop file, but the Exec field in those files requires a full path. (No, ./ doesn’t work unless the executable is in the nautilus process current working directory, as in, the path nautilus was run from)

Dear lazyweb, please prove me wrong and tell me there’s a way around this.

Categories: Elsewhere

ThinkShout: Getting Started with Behat

Planet Drupal - Fri, 03/10/2014 - 18:00
Situation

Suppose you build a site, it works great, the client loves it, you launch it, and the client still loves it. Yay! Now life goes on, and six months later, the client comes back to you saying they see a red box when they are logged in, with a message about security updates. You look and see that Drupal core, ctools, rules, views, commerce, date, and a handful of other modules have updates availalbe. Some are security updates, and others are bugfix/feature updates.

So you want to update this code to resolve security issues and improve the functionality of the site. But how can you be sure that these code updates will not hurt or break any of the existing functionality? You could revisit all of your feature work from six months to a year ago and confirm that those features still work as intended. But that can be time consuming and disrupt your other work.

So how do you make updates, whether updating contrib code or doing new custom work, with confidence that you're not breaking essential funcionality and without wasting countless hours doing a bunch of manual testing?

A Better Solution: Automated Testing

Let a machine do it for you. There are several categories of automated testing:

  • Unit testing. This tests that a small piece of code, a function, behaves as expected.
  • Integration testing. These combine several Unit tests in logical groups, to ensure that they work together properly.
  • System testing. This tests the system as a whole, and is mainly code oriented, but starts to touch how real people would use the system.
  • Behavioral testing. Acceptance testing. Customer testing. This involves clickthroughs, user behavior. This is what we are mainly interested in, and what I am talking about today. You will also hear this referred to as BDD or Behavior Driven Development.
Enter Behat

Behat is an automated testing system. Its strength is in behavioral testing, so it fits perfectly in our use case.

Behat tests are written in plain English phrases which are then combined into human readable scenarios. This was inspired by Ruby's Cucumber project and Gherkin syntax. This is probably the most appealing aspect of Behat. Most tests are understandable by anyone, whether you're a developer, project manager, or business owner.

Behat is the core framework used for running tests. It is capabable of testing several types of systems: terminal commands, REST APIs, etc. To enable Behat to test web pages, you need to add Mink and a browser emulator to the mix. Mink functions as the connector between Behat and browser emulators, and provides a consistent testing API.

There are several commonly used browser emulators. Some, like Goutte, are very fast, but don't support JavaScript. Others, like Selenium and Firefox, are full-featured browsers, but will run more slowly.

So when you hear people talking about Behat, they're usually talking about all three components: Behat, Mink, and browser emulators.

Why Behat Versus Others?

Mainly becuase of popularity, which comes mainly from its human readability. There are certainly other contenders with other strengths, but we're focusing on Behat today because it is a popular PHP-based testing framework. Its tests are written as human readable scenarios, can be easily extended by writing additional PHP methods, and, as you'll see soon, getting set up is not too difficult.

Business Use

Even though this all seems like a good thing, it does take some time to write tests, set up a testing environment, and determine what the best tests are. We need to allocate time to do this, and it shouldn't just be a surprise at the end of the project. Automated testing should be considered in several phases of a web project. When writing custom code, it's a good practice to write unit tests, and time should be allocated for that. When developing custom features for a site, behavioral tests should be written to accompany them, and again, time should be allocated. It's good if clients know at the beginning of a project that test writing is part of the development process, and test running is part of deployment.

Things that are measured always get more attention than things that just happen. Clients should have a large say in what is measured and tested. As a result, project managers can gain a better insight into priorities of the client and project. By making behavior tests something that is intentionally done, project stakeholders must clarify and prioritize the most important aspects of the site.

Run Tests

Let's use the scenario where we're ensuring that the user login experience is correct. This will verify that the site is up & running, that valid users can log in, and that invalid credentials will not work. Here's a test run, using a local development site:

And it only takes a few seconds to run.

If you run this test after a code update and find that the test fails, you know immediately that something must be fixed before it can be deployed to the production environment.

Write Tests

Behat tests are written in "Feature" files. They're just text files with a .feature extension on the name, instead of .txt or .php. They are usually placed in a "features" directory inside your Behat directory. More on that in the next section.

In the test run above, I was in my project's Behat directory, and ran bin/behat features/loginout.feature. That launches Behat and tells it to run the tests that are in loginout.feature. Here are the entire contents of that file:

Feature: Log in and out of the site. In order to maintain an account As a site visitor I need to log in and out of the site. Scenario: Logs in to the site Given I am on "/" When I follow "Log In" And I fill in "Username" with "admin" And I fill in "Password" with "test" And I press "Log in" Then I should see "Log out" And I should see "My account" Scenario: Logs out of the site Given I am on "/" When I follow "Log In" And I fill in "Username" with "admin" And I fill in "Password" with "test" And I press "Log in" And I follow "Log out" Then I should see "Log in" And I should not see "My account" Scenario: Attempts login with wrong credentials. Given I am on "/" When I follow "Log In" And I fill in "Username" with "badusername" And I fill in "Password" with "boguspass" And I press "Log in" Then I should see "Sorry, unrecognized username or password." And I should not see "My account"

Indentation is only for readability, and has no impact on how the tests are run.

Now let's look at each line and see what each is doing. The first few lines are essentially comments.

Feature: Log in and out of the site.

^ Name of the feature.

In order to maintain an account

^ Benefit.

As a site visitor

^ Role.

I need to log in and out of the site.

^ Feature itself.

Behat tests are written in the form of scenarios, and they comprise the rest of the feature file.

Scenario: Logs in to the site

^ Description of the first scenario.

Given I am on "/"

^ The context. This is the first line that is actually executed. In this case, it will load "/" (the home page) in a browser.

This (a "Given") as well as the next things ("When" and "Then") are each called a "Step."

When I follow "Log In" And I fill in "Username" with "admin" And I fill in "Password" with "test" And I press "Log in"

^ The events that need to happen. When kicks it off. And adds more events. If Behat is unable to do any of these events, the test will fail. I follow "Log In" looks for a link with the text "Log In" and clicks it. I fill in "Username" with "admin" looks for a field with the label of "Username" and types "admin" into it. I press "Log in" looks for button with the text "Log in" and presses it. Pro tip: follow is for clicking links, and press is for buttons on forms.

Then I should see "Log out" And I should see "My account"

^ The desired outcome. Then starts it, and And adds more outcomes. These are the actual tests that need to pass. Other testing frameworks often call these "assertions". I should see "Log out" looks for the text "Log out" anywhere on the page.

The other two scenarios follow the same format, as well as using not to ensure that certain things do not happen.

That's the quick walkthrough of writing scenarios, but you can dig deeper at http://docs.behat.org/en/v2.5/quick_intro.html#define-your-feature and http://docs.behat.org/en/v2.5/guides/1.gherkin.html and find out about other aspects like Scenario Outlines, Backgrounds and Multiline Arguments.

Get Set Up

I've looked at several resources from behat.org and elsewhere, and ended up just having to piece things together to get something that will work. I've consolidated those notes to ease the setup in the future. Behat Installation and Use.

There are a number of dependencies, so the easiest way to handle them all is to let composer do it for you. So install composer if you haven't already. On a mac, using homebrew works great: brew install composer.

Make a Behat directory, either for a project you're working on, or in a generic location. Copy this composer.json file into it. Run composer install, which might take a while. It's installing Behat, Mink, several Mink extensions, and webdriver, which is for Selenium. Then run bin/behat to make sure that Behat is actually available and doing something. You should see something like No scenarios.

Install selenium. This part is optional, if you don't need to test Javascript. Download the latest version of selenium-server-standalone. You'll also need Firefox and a Java runtime installed. If you get output from java -version you should be good.

In your Behat directory, add a features folder if there's not one already, and add a something.feature file to it. You can use this loginout.feature as an example.

The last thing you need is a behat.yml file in your Behat directory. Use this behat.yml as an example, replacing the domain with the site you want to test. Also remove the selenium2 line if you're not using it.

At this point, running bin/behat in your Behat directory should run any tests located in the features directory.

Hopefully, that gets you started on your road to readable automated testing. The best resources I've found are on the behat site. You'll probably be redirected to something like http://docs.behat.org/en/v2.5/. Please leave a comment with your successes or other suggestions. Thanks for reading, and good luck!

Categories: Elsewhere

Lars Wirzenius: Matthew Garret and Intel and the so-called gamergate

Planet Debian - Fri, 03/10/2014 - 15:55

Kudos to Matthew for taking a stance. It has, not surprisingly, provoked a lot of comments and feedback, most of it unpleasant.

If I did anything that was directly related to Intel, I'd join him, but I do very, very little architecture dependent stuff anymore.

I will, however, say this: Even if the "gamergate" were actually about good journalism and ethics (and it's clear it isn't), if your reaction to a differing opinion is abuse, harrassment, and other kinds of psychological violence, you're not making anything better, you're making it all worse.

Reasonable people can handle disagreement without any kind of violence.

Categories: Elsewhere

Verbosity: Drupal Sprint Cards

Planet Drupal - Fri, 03/10/2014 - 10:26

Announcing the sprint cards! My team created these cards as a condensed version of the DrupalCon Autsin mentor training. They summraize the top tasks needed for new contributors and coders and can be printed at any local print shop (usually in 12-24h) because we formatted them to be printed on standard business cards. So they are cheap to print and ready when you need them.

These cards have been seen at many Drupal events now and they get a good response wherever they go. The first sprint where they appeared was at the Jersey Shore (thanks again to the NJ team for bringing us there!) and they have since been at camps across North America and now at DrupalCon Amsterdam.

You can find them on our DrupalGive page, or use this handy PDF link.

Printing Specifications

Take this information to your local print shop.

  • Business card size (formatted for North America, so 3.5 × 2 inches... in metric that is 88.9 × 50.8mm [you may ask them to "scale" the PDF to your local size])
  • cardstock (thick paper)
  • matte (not glossy... sometimes people want to write on them)
  • double-sided
  • color
  • "no bleed" (extra cropping not necessary)
  • PDF file
  • quantity $x (most print shops have a special rate for different quantity, good to ask)
Category: Drupal 8Drupal Planet
Categories: Elsewhere

Marco d'Itri: 15 years of whois

Planet Debian - Fri, 03/10/2014 - 07:32

Exactly 15 years ago I uploaded to Debian the first release of my whois client.

At the end of 1999 the United States Government forced Network Solutions, at the time the only registrar for the .com, .net and .org top level domains, to split their functions in a registry and a registrar and to and allow competing registrars to operate.

Since then, two whois queries are needed to access the data for a domain in a TLD operating with a thin registry model: first one to the registry to find out which registrar was used to register the domain, and then one the registrar to actually get the data.

Being as lazy as I am I tought that this was unacceptable, so I implemented a whois client that would know which whois server to query for all TLDs and then automatically follow the referrals to the registrars.

But the initial reason for writing this program was to replace the simplistic BSD-derived whois client that was shipped with Debian with one that would know which server to query for IP addresses and autonomous system numbers, a useful feature in a time when people still used to manually report all their spam to the originating ISPs.

Over the years I have spent countless hours searching for the right servers for the domains of far away countries (something that has often been incredibly instructive) and now the program database is usually more up to date than the official IANA one.

One of my goals for this program has always been wide portability, so I am happy that over the years it was adopted by other Linux distributions, made available by third parties to all common variants of UNIX and even to systems as alien as Windows and OS/2.

Now that whois is 15 years old I am happy to announce that I have recently achieved complete world domination and that all Linux distributions use it as their default whois client.

Categories: Elsewhere

Pages

Subscribe to jfhovinne aggregator - Elsewhere