Elsewhere

Drupal Association News: Submit Your Design Proposals for DrupalCon Latin America!

Planet Drupal - Mon, 14/04/2014 - 21:19

Though DrupalCon Latin America - Bogotá, Columbia is just under a year away, we’re already getting the ball rolling on planning and organization— and we need your help!

Categories: Elsewhere

ImageX Media: An inheritable install profile architecture for Drupal

Planet Drupal - Mon, 14/04/2014 - 20:55

Drupal core comes with a built-in structure called an installation profile. An install profile is a specific set of features and configurations that get built when the site is installed. Drupal has almost always had some variety of install profile, but with Drupal 7 they became a whole lot easier to create and understand.

Categories: Elsewhere

Frederick Giasson: Installing OSF for Drupal using the OSF Installer (Screencast)

Planet Drupal - Mon, 14/04/2014 - 20:01

The Open Semantic Framework (OSF) for Drupal is a middleware layer that allows structured data (RDF) and associated vocabularies (ontologies) to “drive” tailored tools and data displays within Drupal. The basic OSF for Drupal modules provide two types of capabilities. First, there are a series of connector modules such as OSF Entities, OSF SearchAPI and OSF Field Storage to integrate an OSF instance into Drupal’s core APIs. Second, there is a series of module tools used to administer all of these capabilities.

By using OSF for Drupal, you may create, read, update and delete any kind of content in a OSF instance. You may also search, browse, import and export structured datasets from an OSF instance.

OSF for Drupal connects to the underlying structured (RDF) data via the separately available open-source OSF Web Services. OSF Web Services is a mostly RESTful Web services layer that allows standalone or multiple Drupal installations to share and collaborate structured data with one another via user access rights and privileges to registered datasets. Collaboration networks may be established directly to distributed OSF Web Services servers, also allowing non-Drupal installations to participate in the network.

OSF for Drupal can also act as a linked data platform. With Drupal’s other emerging RDF capabilities, content generated by Drupal can be ingested by the OSF Web Services and managed via the OSF for Drupal tools, including the publication and exposure on the Web of linked data with query and Web service endpoints.

OSF for Drupal has dependencies on OSF Web Services, which means an operational OSF for Drupal website only requires access to a fully operational OSF instance. For instance, you can check the Installing Core OSF (Open Semantic Framework) screencast to see how you can deploy your own OSF Web Services instance.

Installing OSF for Drupal using the OSF Installer

In this screencast, we will cover how to install OSF for Drupal using the OSF Installer command line tool.

Categories: Elsewhere

Daniel Kahn Gillmor: OTR key replacement (heartbleed)

Planet Debian - Mon, 14/04/2014 - 19:45
I'm replacing my OTR key for XMPP because of heartbleed (see below).

If the plain ASCII text below is mangled beyond verification, you can retrieve a copy of it from my web site that should be able to be verified.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 OTR Key Replacement for XMPP dkg@jabber.org =========================================== Date: 2014-04-14 My main XMPP account is dkg@jabber.org. I prefer OTR [0] conversations when using XMPP for private discussions. I was using irssi to connect to XMPP servers, and irssi relies on OpenSSL for the TLS connections. I was using it with versions of OpenSSL that were vulnerable to the "Heartbleed" attack [1]. It's possible that my OTR long-term secret key was leaked via this attack. As a result, I'm changing my OTR key for this account. The new, correct OTR fingerprint for the XMPP account at dkg@jabber.org is: F8953C5D 48ABABA2 F48EE99C D6550A78 A91EF63D Thanks for taking the time to verify your peers' fingerprints. Secure communication is important not only to protect yourself, but also to protect your friends, their friends and so on. Happy Hacking, --dkg (Daniel Kahn Gillmor) Notes: [0] OTR: https://otr.cypherpunks.ca/ [1] Heartbleed: http://heartbleed.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJTTBF+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcYwkQAKLzEnTV1lrK6YrhdvRnuYnh Bh9Ad2ZY44RQmN+STMEnCJ4OWbn5qx/NrziNVUZN6JddrEvYUOxME6K0mGHdY2KR yjLYudsBuSMZQ+5crZkE8rjBL8vDj8Dbn3mHyT8bAbB9cmASESeQMu96vni15ePd 2sB7iBofee9YAoiewI+xRvjo2aRX8nbFSykoIusgnYG2qwo2qPaBVOjmoBPB5YRI PkN0/hAh11Ky0qQ/GUROytp/BMJXZx2rea2xHs0mplZLqJrX400u1Bawllgz3gfV qQKKNc3st6iHf3F6p6Z0db9NRq+AJ24fTJNcQ+t07vMZHCWM+hTelofvDyBhqG/r l8e4gdSh/zWTR/7TR3ZYLCiZzU0uYNd0rE3CcxDbnGTUS1ZxooykWBNIPJMl1DUE zzcrQleLS5tna1b9la3rJWtFIATyO4dvUXXa9wU3c3+Wr60cSXbsK5OCct2KmiWY fJme0bpM5m1j7B8QwLzKqy/+YgOOJ05QDVbBZwJn1B7rvUYmb968yLQUqO5Q87L4 GvPB1yY+2bLLF2oFMJJzFmhKuAflslRXyKcAhTmtKZY+hUpxoWuVa1qLU3bQCUSE MlC4Hv6vaq14BEYLeopoSb7THsIcUdRjho+WEKPkryj6aVZM5WnIGIS/4QtYvWpk 3UsXFdVZGfE9rfCOLf0F =BGa1 -----END PGP SIGNATURE-----
Categories: Elsewhere

AGLOBALWAY: Mobile First?

Planet Drupal - Mon, 14/04/2014 - 18:57
Much has been said over the last number of years since the publication of Luke Wroblewski’s Mobile First in 2011, as part of the A Book Apart series, marked as “brief books for people who make websites.”  The series offers valuable tools about designing for and working in the web business, and Luke’s contribution is no small one.   And while a few years have come and gone, has anything really changed? I don’t think so. But perhaps some clarification of terms is in order.    One of the hallmarks of “mobile first” is asking tough questions about what we actually put on the page. For example, if we determine that something is not necessary for the mobile experience of a website, it can be worth calling into question whether it is valuable for the “full desktop experience” as well.    Given the restrictions of the viewport on mobile devices, it makes perfect sense to limit the things that can take away from a quality experience of your website. Ideally, a user’s focus would be on the content, which (hopefully) is the reason to be on your site in the first place. So let’s get rid of everything else!   Behold the pendulum swinging, babies thrown out with the bathwater.   While nobody would deny the increase in the use of mobile devices, desktop browsers are still king of the hill when it comes to how people access the internet. Given the numbers (a quick Google search will give you a general idea), it is understandable that people get scared that by eliminating things from the mobile experience of your site, we may be getting rid of too much. And indeed, there have no doubt been many cases of this happening.   Mobile first, not mobile only.   What needs bearing in mind, however, is the idea of designing for mobile first. I’m sure Mr. Wroblewski reflected on the terms carefully, deciding not to title his book Designing for Mobile, as though it were a separate thing - indeed, if it is separate, we now know it ought not be. Thankfully, he had the foresight to be able to craft the right message, even if it fell on a few deaf ears.   More and more, mobile users area demanding a complete experience to be possible for them as well. This was certainly to be expected. Should we really be assuming that mobile users are necessarily “on the go” and therefore should not expect what they might experience on a desktop?  We all know what they say about making assumptions…   There are many, many challenges when it comes to building responsive websites, and I believe that designing for the mobile experience is chief among them. Not a small part of which is understanding the technical implications of such designs - this is a certainly justification for placing the mobile experience “first” in the design stage. And yet, rather than being limited by screen size in designing for mobile, we actually have an opportunity to take advantage of the power of the device. Perhaps the mobile experience could even be a superior one because of its capabilities.   So should we still be designing for mobile first? Yes - so long as it remains part of an holistic overall design for the user experience. I’m sure Luke would agree. Tags: Mobiledrupal planet
Categories: Elsewhere

NYC Camp News & Announcements: Free Drupal trainings at NYC Camp

Planet Drupal - Mon, 14/04/2014 - 18:53
Body: 

Did you know NYC Camp has a massive list of completely free Drupal trainings scheduled for Thursday April 10th??? Check out the line-up and sign up!

Don't Forget To Register!

Make sure you create an account and register for NYC Camp 2014, Registration is completely free but the UN security is fairly strict so please register for the camp and then you can go ahead and sign up for a free training on any of the training description pages!

Date: Monday, April 14, 2014
Categories: Elsewhere

Fred Parke | The Web Developer: Creating content types and fields using a custom module in Drupal 7

Planet Drupal - Mon, 14/04/2014 - 18:44

I was writing a custom module recently which used a custom content type or two. I wanted to make the module as reusable as possible but I also wanted to avoid including a feature inside of the module to add these content types.

Categories: Elsewhere

Christine Spang: PyCon 2014 retrospective

Planet Debian - Mon, 14/04/2014 - 18:15

PyCon 2014 happened. (Sprints are still happening.)

This was my 3rd PyCon, but my first year as a serious contributor to the event, which led to an incredibly different feel. I also came as a person running a company building a complex system in Python, and I loved having the overarching mission of what I'm building driving my approach to what I chose to do. PyCon is one of the few conferences I go to where the feeling of acceptance and at-homeness mitigates the introvert overwhelm at nonstop social interaction. It's truly a special event and community.

Here are some highlights:

  • I gave a tutorial about search, which was recorded in its entirety... if you watch this video, I highly recommend skipping the hands-on parts where I'm just walking around helping people out.
  • I gave a talk! It's called Subprocess to FFI, and you can find the video here. Through three full iterations of dry runs with feedback, I had a ton of fun preparing this talk. I'd like to give more like it in the future as I continue to level up my speaking skills.
  • Allen Downey came to my talk and found me later to say hi. Omg amazing, made my day.
  • Aux Vivres and Dieu du Ciel, amazing eats and drink with great new and old friends. Special shout out to old Debian friends Micah Anderson, Matt Zimmerman, and Antoine Beaupré for a good time at Dieu du Ciel.
  • The Geek Feminism open space was a great place to chill out and always find other women to hang with, much thanks to Liz Henry for organizing it.
  • Talking to the community from the Inbox booth on Startup Row in the Expo hall on Friday. Special thanks for Don Sheu and Yannick Gingras for making this happen, it was awesome!
  • The PyLadies lunch. Wow, was that amazing. Not only did I get to meet Julia Evans (who also liked meeting me!), but there was an amazing lineup of amazing women telling everyone about what they're doing. This and Noami Ceder's touching talk about openly transitioning while being a member of the Python community really show how the community walks the walk when it comes to diversity and is always improving.
  • Catching up with old friends like Biella Coleman, Selena Deckelmann, Deb Nicholson, Paul Tagliamonte, Jessica McKellar, Adam Fletcher, and even friends from the bay area who I don't see often. It was hard to walk places without getting too distracted running into people I knew, I got really good at waving and continuing on my way.

I didn't get to go to a lot of talks in person this year since my personal schedule was so full, but the PyCon video team is amazing as usual, so I'm looking forward to checking out the archive. It really is a gift to get the videos up while energy from the conference is still so high and people want to check out things they missed and share the talks they loved.

Thanks to everyone, hugs, peace out, et cetera!

Categories: Elsewhere

Appnovation Technologies: 12 Best Designed College Websites

Planet Drupal - Mon, 14/04/2014 - 17:08
Here's a look at 12 of the best designed college websites. var switchTo5x = false;stLight.options({"publisher":"dr-75626d0b-d9b4-2fdb-6d29-1a20f61d683"});
Categories: Elsewhere

Drupal Association News: Drupal Association Board Meeting this Wednesday

Planet Drupal - Mon, 14/04/2014 - 16:29

The month of March was pretty huge for the Association - we tackled a lot! Join us for the next Drupal Asssociation board meeting where we will review the work we accomplished and set the stage for even more. In addition to our review of March, we'll be discussing a new Marketing Committeee charter, a new Procurement Policy, and review some branding updates for the Association.

Categories: Elsewhere

Craig Small: mutt ate my i key

Planet Debian - Mon, 14/04/2014 - 15:11

I did a large upgrade tonight and noticed there was a mutt upgrade, no biggie really….Except my I have for years (incorrectly?) used the “i” key when reading a specific email to jump back to the list of emails, or from index to pager in mutt speak.

Instead of my pager of mails, I got “No news servers defined!” The fix is rather simple, in muttrc put

bind pager i exit

and you’re back to using the i key the wrong way again like me.

 

Categories: Elsewhere

Chris Lamb: Race report: Cambridge Duathlon 2014

Planet Debian - Mon, 14/04/2014 - 14:59

(This is my first race of the 2014 season.)


I had entered this race in 2013 and found it was effective for focusing winter training. As triathlons do not typically start until May in the UK, scheduling earlier races can be motivating in the colder winter months.

I didn't have any clear goals for the race except to blow out the cobwebs and improve on my 2013 time. I couldn't set reasonable or reliable target times after considerable "long & slow" training over the winter but I did want to test some new equipment and tactics, especially race pacing with a power meter, but also a new wheelset, crankset and helmet.

Preparation was both accidentally and deliberately compromised: I did very little race-specific training as my season is based around an entirely different intensity of race, but compounding this I was confined to bed the weekend before. Additionally, when resuming training midweek I managed to pick up a slight tightness in my hamstring.

Sleep was average in the preceding days and I felt moderately fresh on race morning. Nutrition-wise, I had porridge and bread with jam for breakfast, a PowerGel before the race, 750ml of PowerBar Perform on the bike along with a "Hydro" PowerGel with caffeine at approximately 30km.

Run 1 (7.5km)

A few minutes before the start my race number belt—the only truly untested equipment that day—refused to tighten. However, I decided that once the race began I would either ignore it or even discard it, risking disqualification.

Despite letting everyone go up the road, my first km was still too fast so I dialed down the effort, settling into a "10k" pace and began overtaking other runners. The Fen winds and drag-strip uphill from 3km provided a bit of pacing challenge for someone used to shelter and shorter hills but I kept a metered effort through into transition.

Time
33:01 (4:24/km, T1: 00:47) — Last year: 37:47 (5:02/km)
Bike (40km)

Although my 2014 bike setup features a power meter, I had not yet had the chance to perform an FTP test outdoors and thus was not able to calculate a definitive target power for the bike leg. However, data from my road bike suggested I set a power ceiling of 250W on the longer hills.

This was extremely effective in avoiding going "into the red" and compromising the second run. This lends yet more weight to the idea that a power meter in multisport events is "almost like cheating".

I was not entirely comfortable with my bike position: not only were my thin sunglasses making me raise my head more than I needed to, I found myself creeping forward onto the nose of my saddle. This is sub-optimal, even if only considering that I am not training in that position.

Overall, the bike was uneventful with the only memorable moment provided by a wasp that got stuck between my head and a helmet vent. Coming into transition I didn't feel like I had really pushed myself that hard—probably a good sign—but the time difference from last year's bike leg (1:16:11) was a little underwhelming.

Time
1:10:45 (T2: 00:58)
Run 2 (7.5km)

After leaving transition, my legs were extremely uncooperative and I had great difficulty in pacing myself in the first kilometer. Concentrating hard on reducing my cadence as well as using my rehearsed mental cue, I managed to settle down.

The following 4 kilometers were definitely a mental struggle rather than a physical one, modulo having to force a few burps to ease some discomfort, possibly from drinking too much or too fast on the bike.

I had planned to "unload" as soon as I reached 6km but I didn't really have it in me. Whilst I am physiologically faster compared to last year, I suspect the lack of threshold-level running over the winter meant the required mental component of digging deep will require some coaxing to return.

However, it is said that you have successfully paced a duathlon if the second run faster than the first. On this criterion, this was a success, but it would have a been a bonus to have really felt completely completely drained at the end of the day, if only from a neo-Calvinist perspective.

Time
32:46 (4:22/km) / Last year: 38:10 (5:05/km)
Overall
Total time
2:18:19

A race that goes almost entirely to plan is a bit of a paradox – there's certainly satisfaction in setting goals and hitting them without issue, but this is a slow-burning fire rather than a fireworks display.

However, it was satisfying to learn that I managed to finish 5th in my age group despite this race attracting an extremely strong field. As an indicator, the age-group athlete ranked immediately above me was seven minutes faster and the overall winner finished in 1:54:53.

The race has identified the following areas that I will work on before my next race:

  • Perform an outdoors FTP on my time-trial bike outdoors to develop optimum power plan.
  • Do a few more brick runs, at least to re-acclimatise the feeling.
  • Schedule another bike fit.

Although not strictly race-related, I also need to find techniques for transporting a bike on public transport less stressful.

(Full results & full 2014 race schedule)

Categories: Elsewhere

Acquia: The best kind of learning technology

Planet Drupal - Mon, 14/04/2014 - 14:31

Our training is hands-on, but what that means has changed through the years we’ve run Drupal training. Now you’re just as likely to see learners drawing on paper, collaborating with someone, giving a quick demo, or of course, working hard on their computers. I was reminded of this recently looking at some photos of a client training by our partner, Cegeka with Laurens Vandeput, Senior Drupal developer and team coach.

Categories: Elsewhere

Web Omelette: 3 ways to prompt for user input in Drush

Planet Drupal - Mon, 14/04/2014 - 09:07

Drush is awesome. It makes Drupal development much easier. Not only that it comes already packed with a bunch of useful commands, but you can declare your own with great ease. So if you need to call some of your module's functionality from Drush, all you have to do is declare a simple command that integrates with it.

In this tutorial I am going to show you how to get user feeback for such a command. I do not refer to arguments or options in this case. But how you can ask for confirmation on whether or not the command should proceed as requested and how you can ask for a choice. Additionally we'll quickly look at how to get free text back from the user.

So let's dive in with an example command callback function called drush_module_name_example_command():

/** * Callback function for the example command */ function drush_module_name_example_command() { // Command code we will look at drush_print('Hello world!'); } Confirmation

The first thing we'll look at is how to get the user to confirm the action. So in our case, we'll ask the user if they really want this string to be printed to the screen. Drush provides a great API for this:

if (drush_confirm('Are you sure you want \'Hello world\' printed to the screen?')) { drush_print('Hello world!'); } else { drush_user_abort(); }

You'll notice 2 new functions. The drush_confirm() function prints a question to the screen with the intent of getting one of two answers back form the user: y or n. If the response is y, the function returns true which means our print statement proceeds. If the answer is n, the drush_user_abort() function gets called instead. This is the recommended way to stop executing a Drush command.

Select option

Now let's see how you can make the user choose an option from a list you provide. For our super Hello world use case, we will give the user the choice to select from a list who Drush should say hello to. It can be implemented like this:

$options = array( 'world' => 'World', 'univers' => 'Univers', 'planet' => 'Planet', ); $choice = drush_choice($options, dt('Who do you want to say hello to?')); if ($choice) { drush_print(dt('Hello ' . $options[$choice] . '!')); }

So what happens above? First, we create an array to store the choices called $options. The array keys are the machine name and the values are the human friendly versions. Then, we call the drush_choice() function to which we pass 2 arguments: the $options array and the question we ask from the user.

When the command is run, this function is called and returns the machine name of the option the users chooses. Then we check if this value exists and print to the screen the concatenated string. We do use the human readable value by extracting it from the $options array using the key returned.

Free text values

A third type of user input is in the form of free text that you can ask the user to input. Of course the validation of this kind of input must be much stricter so as to not break your application somehow. But let's ask our user exactly who they want to say hello to.

$value = drush_prompt(dt('Who do you want to say hello to?')); drush_print(dt('Hello ' . $value . '!'));

This one is very simple. When the command is run, the drush_prompt() function is called to which we pass a string of text to be displayed in the terminal. The return value is given by the user and we use that for concatenation. But do remember that this is example code only so if you do use this function, make sure you validate the user input properly.

Conclusion

So there you have it. Three different ways to get user input in the terminal using Drush. The first two are the most common ones I believe but it's good to know there is also the last one available in case we need it.

Drush safely!

In Drupal var switchTo5x = true;stLight.options({"publisher":"dr-8de6c3c4-3462-9715-caaf-ce2c161a50c"});
Categories: Elsewhere

Bits from Debian: DPL election is over, Lucas Nussbaum re-elected

Planet Debian - Mon, 14/04/2014 - 08:10

The Debian Project Leader election has concluded and the winner is Lucas Nussbaum. Of a total of 1005 developers, 401 developers voted using the Condorcet method.

More information about the result is available in the Debian Project Leader Elections 2014 page.

The new term for the project leader will start on April 17th and expire on April 17th 2015.

Categories: Elsewhere

Propeople Blog: Propeople Wins Gold at the Danish Drupal Awards

Planet Drupal - Mon, 14/04/2014 - 07:55

Propeople was the big winner at the first ever Danish Drupal Awards. This new competition acknowledges the agencies and companies that excel in Drupal web design and development. Propeople won gold in 5 of the 7 award categories, one in every category for which we were nominated!

Drupal agencies in Denmark were the ones who nominated, and voted for, each other (with individual companies not able to vote for themselves). It is, of course, a great recognition for the winners to have been chosen by those that make up the industry itself. As a Drupal company that started in Denmark, Propeople is incredibly proud to have received this acknowledgement and seal of approval from our colleagues in the Danish industry.

 

Propeople walked away from the ceremony with awards in the following categories: Best Drupal Website, Best Drupal Media site, Best Drupal NGO Site, Best Drupal Intranet, and Best Public Drupal Site. The last three awards were won in collaboration with Bysted, one of our sister companies who, like Propeople, is a part of the Intellecta Group. The awards bestowed upon Propeople are a testament to the quality and professionalism of our team of web specialists and Drupal experts, and we couldn’t be happier about them! See below for a video recap of the awards ceremony, and a list of the winning websites. 

 

Video of Drupal Award 2014 - Propeople

 

The Winning Websites

Best Drupal Website:
Gold Award: NFBIO.dk , created for Nordisk Film by Propeople

Best Drupal NGO Site:
Gold Award: visitcopenhagen.com, created for Wonderful Copenhagen by Propeople and Bysted

Best Drupal Intranet:
Gold Award : KK intranet, created for the Municipality of Copenhagen by Propeople and Bysted

Best Public Drupal website:
Gold Award: visitcopenhagen.com, created for Wonderful Copenhagen by Propeople and Bysted
Bronze Award: roskilde.dk, created for the Municipality of Roskilde by Propeople and Bysted

Best Drupal Media site:
Gold: NFBIO.dk, created for Nordisk Film by Propeople

The awards bestowed upon Propeople are a testament to the quality and professionalism of our team of web specialists and Drupal experts, and we couldn’t be happier about them! If you want to learn about how Propeople can make your next project a winning website, make sure to contact us.

Tags: PropeopleDrupalAwardsDenmarkCheck this option to include this post in Planet Drupal aggregator: planetTopics: Business & Strategy
Categories: Elsewhere

Andrew Pollock: [life] Day 76: Dora + Fever

Planet Debian - Mon, 14/04/2014 - 07:46

We had a bit of a rough night last night. I noticed Zoe was pretty hot when she had a nap yesterday after not really eating much lunch. She still had a mild fever after her nap, so I gave her some paracetamol (aka acetaminophen, that one weirded me out when I moved to the US) and called for a home doctor to check her ears out.

Her ears were fine, but her throat was a little red. The doctor said it was probably a virus. Her temperature wasn't so high at bed time, so I skipped the paracetamol, and she went to bed fine.

She did wake up at about 1:30am and it took me until 3am to get her back to bed. I think it was a combination of the fever and trying to phase out her white noise, but she just didn't want to sleep in her bed or her room. At 3am I admitted defeat and let her sleep with me.

She had only a slightly elevated temperature this morning, and otherwise seemed in good spirits. We were supposed to go to a family lunch today, because my sister and brother are in town with their respective families, but I figured we'd skip that on account that Zoe may have still had something, and coupled with the poor night's sleep, I wasn't sure how much socialising she was going to be up for.

My ear has still been giving me grief, and I had a home doctor check it yesterday as well, and he said the ear canal was 90% blocked. First thing this morning I called up to make an appointment with my regular doctor to try and get it flushed out. The earliest appointment I could get was 10:15am.

So we trundled around the corner to my doctor after a very slow start to the day. I got my ear cleaned out and felt like a million bucks afterwards. We went to Woolworths to order an undecorated mud slab cake, so I can try doing a trial birthday cake. I've given up on trying to do the sitting minion, and significantly scaled back to just a flat minion slab cake. The should be ready tomorrow.

The family thing was originally supposed to be tomorrow, and was only moved to today yesterday. My original plan had been to take Zoe to a free Dora the Explorer live show that was on in the Queen Street Mall.

I decided to revert back to the original plan, but by this stage, it was too late to catch the 11am show, so the 1pm show was the only other option. We had a "quick" lunch at home, which involved Zoe refusing the eat the sandwich I made for her and me convincing her otherwise.

Then I got a time-sensitive phone call from a friend, and once I'd finished dealing with that, there wasn't enough time to take any form of public transport and get there in time, so I decided to just drive in.

We parked in the Myer Centre car park, and quickly made our way up to the mall, and made it there comfortably with 5 minutes to spare.

The show wasn't anything much to phone home about. It was basically just 20 minutes of someone in a giant Dora suit acting out was was essentially a typical episode of Dora the Explorer, on stage, with a helper. Zoe started out wanting to sit on my lap, but made a few brief forays down to the "mosh pit" down the front with the other kids, dancing around.

After the show finished, we had about 40 minutes to kill before we could get a photo with Dora, so we wandered around the Myer Centre. I let Zoe choose our destinations initially, and we browsed a cheap accessories store that was having a sale, and then we wandered downstairs to one of the underground bus station platforms.

After that, we made our way up to Lincraft, and browsed. We bought a $5 magnifying glass, and I let Zoe do the whole transaction by herself. After that it was time to make our way back down for the photo.

Zoe made it first in line, so we were in and out nice and quick. We got our photos, and they gave her a little activity book as well, which she thought was cool, and then we headed back down the car park.

In my haste to park and get top side, I hadn't really paid attention to where we'd parked, and we came down via different elevators than we went up, so by the time I'd finally located the car, the exit gate was trying to extract an extra $5 parking out of me. Fortunately I was able to use the intercom at the gate and tell my sob story of being a nincompoop, and they let us out without further payment.

We swung by the Valley to clear my PO box, and then headed home. Zoe spontaneously announced she'd had a fun day, so that was lovely.

We only had about an hour and half to kill before Sarah was going to pick up Zoe, so we just mucked around. Zoe looked at stuff around the house with her magnifying glass. She helped me open my mail. We looked at some of the photos on my phone. Dayframe and a Chromecast is a great combination for that. We had a really lovely spell on the couch where we took turns to draw on her Magna Doodle. That was some really sweet time together.

Zoe seemed really eager for her mother to arrive, and kept asking how much longer it was going to be, and going outside our unit's front door to look for her.

Sarah finally arrived, and remarked that Zoe felt hot, and so I checked her temperature, and her fever had returned, so whatever she has she's still fighting off.

I decided to do my Easter egg shopping in preparation for Sunday. A friend suggested this cool idea of leaving rabbit paw tracks all over the house in baby powder, and I found a template online and got that all ready to go.

I had a really great yoga class tonight. Probably one of the best I've had in a while in terms of being able to completely clear my head.

I'm looking forward to an uninterrupted night's sleep tonight.

Categories: Elsewhere

Drupal core announcements: Drupal core security release window on Wednesday, April 16

Planet Drupal - Mon, 14/04/2014 - 07:18
Start:  2014-04-16 (All day) America/New_York Sprint Organizers:  David_Rothstein

The monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, April 16.

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release).

There will be no bug fix release on this date; the next window for a Drupal core bug fix release is Wednesday, May 7.

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Categories: Elsewhere

Larry Garfield: The Functional PHP tour

Planet Drupal - Mon, 14/04/2014 - 06:35

Ever heard of functional programming? Not procedural programming, but actual functional programming. Probably, as some fancy academic thing that no one really uses, right?

Did you know you can do it in PHP, too? It's true. In fact, I'll be speaking about it four times in the next couple of weeks!

read more

Categories: Elsewhere

Matthew Garrett: Real-world Secure Boot attacks

Planet Debian - Mon, 14/04/2014 - 05:22
MITRE gave a presentation on UEFI Secure Boot at SyScan earlier this month. You should read the the presentation and paper, because it's really very good.

It describes a couple of attacks. The first is that some platforms store their Secure Boot policy in a run time UEFI variable. UEFI variables are split into two broad categories - boot time and run time. Boot time variables can only be accessed while in boot services - the moment the bootloader or kernel calls ExitBootServices(), they're inaccessible. Some vendors chose to leave the variable containing firmware settings available during run time, presumably because it makes it easier to implement tools for modifying firmware settings at the OS level. Unfortunately, some vendors left bits of Secure Boot policy in this space. The naive approach would be to simply disable Secure Boot entirely, but that means that the OS would be able to detect that the system wasn't in a secure state[1]. A more subtle approach is to modify the policy, such that the firmware chooses not to verify the signatures on files stored on fixed media. Drop in a new bootloader and victory is ensured.

But that's not a beautiful approach. It depends on the firmware vendor having made that mistake. What if you could just rewrite arbitrary variables, even if they're only supposed to be accessible in boot services? Variables are all stored in flash, connected to the chipset's SPI controller. Allowing arbitrary access to that from the OS would make it straightforward to modify the variables, even if they're boot time-only. So, thankfully, the SPI controller has some control mechanisms. The first is that any attempt to enable the write-access bit will cause a System Management Interrupt, at which point the CPU should trap into System Management Mode and (if the write attempt isn't authorised) flip it back. The second is to disable access from the OS entirely - all writes have to take place in System Management Mode.

The MITRE results show that around 0.03% of modern machines enable the second option. That's unfortunate, but the first option should still be sufficient[2]. Except the first option requires on the SMI actually firing. And, conveniently, Intel's chipsets have a bit that allows you to disable all SMI sources[3], and then have another bit to disable further writes to the first bit. Except 40% of the machines MITRE tested didn't bother setting that lock bit. So you can just disable SMI generation, remove the write-protect bit on the SPI controller and then write to arbitrary variables, including the SecureBoot enable one.

This is, uh, obviously a problem. The good news is that this has been communicated to firmware and system vendors and it should be fixed in the future. The bad news is that a significant proportion of existing systems can probably have their Secure Boot implementation circumvented. This is pretty unsurprisingly - I suggested that the first few generations would be broken back in 2012. Security tends to be an iterative process, and changing a branch of the industry that's historically not had to care into one that forms the root of platform trust is a difficult process. As the MITRE paper says, UEFI Secure Boot will be a genuine improvement in security. It's just going to take us a little while to get to the point where the more obvious flaws have been worked out.

[1] Unless the malware was intelligent enough to hook GetVariable, detect a request for SecureBoot and then give a fake answer, but who would do that?
[2] Impressively, basically everyone enables that.
[3] Great for dealing with bugs caused by YOUR ENTIRE COMPUTER BEING INTERRUPTED BY ARBITRARY VENDOR CODE, except unfortunately it also probably disables chunks of thermal management and stops various other things from working as well.

comments
Categories: Elsewhere

Pages

Subscribe to jfhovinne aggregator - Elsewhere