Elsewhere

Richard Hartmann: Release Critical Bug report for Week 46

Planet Debian - Fri, 14/11/2014 - 17:34

I know I promised better stats, but meh... Next week :(

As you can see, there's been a bit of a mass-filing going on. and that pushed ys above Wheezy's count for week 46.

My own personal favourite bug is, of course, this one.

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1263 (Including 218 bugs affecting key packages)
    • Affecting Jessie: 427 (key packages: 175) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 313 (key packages: 131) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 33 bugs are tagged 'patch'. (key packages: 15) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 12 bugs are marked as done, but still affect unstable. (key packages: 6) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 268 bugs are neither tagged patch, nor marked done. (key packages: 110) Help make a first step towards resolution!
      • Affecting Jessie only: 114 (key packages: 44) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 82 bugs are in packages that are unblocked by the release team. (key packages: 32)
        • 32 bugs are in packages that are not unblocked. (key packages: 12)

How do we compare to the Squeeze release cycle?

Week Squeeze Wheezy Diff 43 284 (213+71) 468 (332+136) +184 (+119/+65) 44 261 (201+60) 408 (265+143) +147 (+64/+83) 45 261 (205+56) 425 (291+134) +164 (+86/+78) 46 271 (200+71) 401 (258+143) +130 (+58/+72) 47 283 (209+74) 366 (221+145) +83 (+12/+71) 48 256 (177+79) 378 (230+148) +122 (+53/+69) 49 256 (180+76) 360 (216+155) +104 (+36/+79) 50 204 (148+56) 339 (195+144) +135 (+47/+90) 51 178 (124+54) 323 (190+133) +145 (+66/+79) 52 115 (78+37) 289 (190+99) +174 (+112/+62) 1 93 (60+33) 287 (171+116) +194 (+111/+83) 2 82 (46+36) 271 (162+109) +189 (+116/+73) 3 25 (15+10) 249 (165+84) +224 (+150/+74) 4 14 (8+6) 244 (176+68) +230 (+168/+62) 5 2 (0+2) 224 (132+92) +222 (+132/+90) 6 release! 212 (129+83) +212 (+129/+83) 7 release+1 194 (128+66) +194 (+128/+66) 8 release+2 206 (144+62) +206 (+144/+62) 9 release+3 174 (105+69) +174 (+105/+69) 10 release+4 120 (72+48) +120 (+72/+48) 11 release+5 115 (74+41) +115 (+74/+41) 12 release+6 93 (47+46) +93 (+47/+46) 13 release+7 50 (24+26) +50 (+24/+26) 14 release+8 51 (32+19) +51 (+32/+19) 15 release+9 39 (32+7) +39 (+32/+7) 16 release+10 20 (12+8) +20 (+12/+8) 17 release+11 24 (19+5) +24 (+19/+5) 18 release+12 2 (2+0) +2 (+2/+0)

Graphical overview of bug stats thanks to azhag:

Categories: Elsewhere

Paul Booker: How to create an autocomplete form element in Drupal 7

Planet Drupal - Fri, 14/11/2014 - 17:22
<?php function demo_menu() { $items['demo-autocomplete-test'] = array( 'title' => 'Test autocomplete', 'page callback' => 'drupal_get_form', 'page arguments' => array('demo_form'), 'access arguments' => array('view published content'), 'type' => MENU_NORMAL_ITEM, ); $items['demo-autocomplete-engine'] = array( 'page callback' => 'demo_autocomplete', 'access arguments' => array('view published content'), 'type' => MENU_CALLBACK, ); return $items; } function demo_form($form, &$form_state) { $form = array(); $form['colors'] = array( '#title' => t('Colors'), '#type' => 'textfield', '#maxlength' => 60, '#autocomplete_path' => 'demo-autocomplete-engine', ); $form['submit'] = array( '#type' => 'submit', '#value' => 'Submit', ); return $form; } function demo_autocomplete($text) { $results = array(); $query = db_select('colors', 'c'); $query ->condition('c.color', '%' . db_like($text) . '%', 'LIKE') ->fields('c', array('color')) ->orderBy('color', 'ASC'); $colors = $query->execute(); foreach ($colors as $row) { $results[$row->color] = check_plain($row->color); } drupal_json_output($results); } Tags:
Categories: Elsewhere

MariqueCalcus: Prius is in Beta like Drupal :-)

Planet Drupal - Fri, 14/11/2014 - 17:05

Alongside the long awaited Drupal 8 Beta release, we have also updated our first Drupal 8 theme. We haven't include many new features but we have tried to clean up its code and have improved our starter kit. Anyway, let's dig into the latest new features we have discovered with the first Beta releases of Drupal 8. Feel free to check out the code on drupal.org or read our dedicated blog entry if you want to find out more about our first Drupal 8 theme. If you can wait to see the result, take a look at our online demo.

Read More...
Categories: Elsewhere

Blue Drop Shop: Failing is Important: Drupal Camp A/V Kit Update

Planet Drupal - Fri, 14/11/2014 - 15:17

When I learned BADCamp wasn't going to be recording sessions, I jumped at the chance to field-test the camp record kits I'm working on. After all, I was confident I fixed the audio equation and was going to start talks with the Drupal Association about next steps.

The current recipe for the kit is a Hauppage HD Rocket PVR for the screen capture and the Zoom H2N voice recorder as the microphone. Add to that a handful of dongles and converters to cover HDMI in/out for the PVR, and you're good to go.

Walking in to BADCamp, I was feeling great. I'm a big advocate for session records and I would be covering three rooms. Pretty cool, right? 

Wrong.

Throughout day one of sessions, a couple laptops had connection issues and had to bypass recordings, but overall things appeared to be going smoothly. It wasn't until the end of the day when copying files off the thumb drives that I noticed many recordings were 0k mp4 files, primarily from the main room. This was the most disconcerting, because every indication was that things were working.

On this, I have a couple ideas, but no solid understanding of why the files didn't write. That was the easiest room in terms of handshake between PVR and projector, plus there was a dedicated A/V crew that was helping hook up laptops.

When we tested at Fox Valley's camp, the laptop was typically disconnected by the time I made it to the rooms to swap out equipment. I suspect that disconnecting the device before hitting the stop button and waiting long enough for the files to write may kill the save. This one will be easy to test.

Projectors were also an issue. In the main space, none were HD and all were different flavors of Sony. Some hooked up just fine, while others squeezed the output. The Saturday-only keynote room was loving it. 

And then there were presenter laptop issues. There were a few older VGA-only laptops. One refused to work with the VGA to HDMI converted, while one worked for about 15 minutes before failing off and on, mid-presentation. One of the A/V techs suggested that maybe there is not enough USB power on the laptops to handle both the PVR and the converter, so a powered USB hub may be in order. Most Macbooks were fine, but a handful gave output with a very green tint to it.

No surprise, HDMI in/out is proving to be more of a hurdle than originally anticipated. In addition to HDMI in, the PVR also has an option to accept component video. It's likely that converting VGA out from a laptop to component video in to the PVR will be a safer bet. So the question becomes whether I can convert the HDMI out of the PVR to VGA for the projectors.   

All in all, this was an enormous fail. That said, this was the absolute best time for it to happen. My goal is to build a system that can handle the majority of the random that a camp will throw at it. 

I'm looking forward to testing the next iteration.

Tags:
Categories: Elsewhere

Tyler Frankenstein: Build a Mobile App to Geo Locate Nearby Places with Drupal

Planet Drupal - Fri, 14/11/2014 - 13:30

In this tutorial (for DrupalCamp Ohio 2014) we'll explore how to build a mobile application and website that can geo locate places near our current position. The nearby location results will be displayed on a map, and will allow us to click on a result item to view its complete details.

The website will be powered by Drupal 7. The mobile application will be built using DrupalGap, which is powered by PhoneGap and jQuery Mobile. Let's get started!

Categories: Elsewhere

InternetDevels: Welcome us in Lviv! New office of InternetDevels company

Planet Drupal - Fri, 14/11/2014 - 13:11

Long time ago in a galaxy far far away… Hold on, it was precisely 7 years ago, 15 November, 2007 in Lutsk, when the InternetDevels Drupal development studio was founded. The company has made a long way since then: overcomed lots of obstacles to gain the respected position at web development market; established number of contacts and connections; made significant contribution to the world’s Drupal community; taken over new development technologies, like Symfony framework… But there’s always something to do!

Read more
Categories: Elsewhere

Debian Med: Bits from Debian Med team (by Andreas Tille)

Planet Debian - Fri, 14/11/2014 - 07:50
New set of metapackages

The version number of debian-med metapackages was bumped to 1.99 as a signal that we plan to release version 2.0 with Jessie. As usual the metapackages will be recreated shortly before the final release to include potential changes in the package pool. Feel free to install the metapackages med-* with the package installer of your choice.

As always you can have a look at the packages in our focus by visiting our tasks pages. Please note that there may be new packages that aren’t ready for release and that won’t be installed by using the current metapackages. This is because we don’t stop packaging software when the current testing is in freeze.

Some support for Hospital Information Systems

This release contains, for the first time some support for Hospital Information Systems (HIS) with the dependency fis-gtm of the med-his metapackage. This was made possible due to the work of Luis Ibanez (at kitware at the time when working on the packaging) and Amul Shah (fisglobal). Thanks to a fruitful cooperation between upstream FIS and Debian the build system of fis-gtm was adapted to enable an easier packaging.

The availability of fis-gtm will simplify running Vista-foia on Debian systems and we are finally working on packaging Vista as well to make Debian fit for running inside hospitals.

There was some interesting work done by Emilien Klein who was working hard to get GNUHealthpackaged. Emilien has given a detailed explanation on the Debian Med mailing list giving reasons why he removed the existing packages from the Debian package pool again. While this is a shame for GNUHealth users there might be an opportunity to revive this effort if there was better coordination between upstream and Tryton (which is the framework GNUHealth is based upon). In any case the packaging code in SVN as a useful resource to base private packages on. Feel free to contact us via the Debian Med mailing list if you consider creating GNUHealth Debian packages.

Packages moved from non-free to main

The Debian Med team worked hard to finally enable DFSG free licenses for PHYLIPand other package based on this tool. PHYLIP is well known in bioinformatics and actually one of the first packages in this field inside Debian (oldest changelog entry 28 Aug 1998). Since then it was considered non-free because its use was restricted to scientific / non-commercial use and also has the condition that you need to pay a fee to the University of Washington if you intend to use it commercially.

Since Debian Med was started we were in continuous discussion with the author Joe Felsenstein. We even started an online petition to show how large the interest in a DFSG free PHYLIP might be. As a side note: This petition was *not* presented to the authors since they happily decided to move to a free license because of previous discussion and since they realised that the money they "gained" over they years was only minimal. The petition is mentioned here to demonstrate that it is possible to gather support to see positive changes implemented that benefit all users and that this approach can be used for similar cases.

So finally PHYLIP was released in September under a BSD-2-clause license and in turn SeaView (a similarly famous program and also long term non-free citizen) depending on PHYLIP code was freed as well. There are several other tools like python-biopython and python-cogent which are calling PHYLIP if it exists. So not only is PHYLIP freed we can now stop removing those parts of the test suites of these other tools that are using PHYLIP.

Thanks to all who participated in freeing PHYLIP specifically its author Joe Felsenstein.

Autopkgtest in Debian Med packages

We tried hard to add autopkgtests to all packages where some upstream test suite exists and we also tried to create some tests on our own. Since we consider testing of scientific software a very important feature this work was highly focused on for the Jessie release. When doing so we were able to drastically enhance the reliability of packages and found new formerly hidden dependency relations. Perhaps the hardest work was to run the full test suite of python-biopython which also has uncovered some hidden bugs in the upstream code on architectures that are not so frequently used in the field of bioinformatics. This was made possible by the very good support of upstream who were very helpful in solving the issues we reported.

However, we are not at 100% coverage of autopkgtest and we will keep on working on our packages in the next release cycle for Jessie+1.

General quality assurance

A general inspection of all Debian Med packages was done to check all packages which were uploaded before the Wheezy release and never touched since then. Those packages where checked for changed upstream locations which might have been hidden from uscan and in some cases new upstream releases were spotted by doing this investigation. Other old packages were re-uploaded conforming to current policy and packaging tools also polishing lintian issues.

Publication with Debian Med involvement

The Debian Med team is involved in a paper which is in BioMed Central (in press). The title will be "Community-driven development for computational biology at Sprints, Hackathons and Codefests"

Updated team metrics

The team metrics graphs on the Debian Med Blend entry page were updated. At the bottom you will find a 3D Bar chart of dependencies of selected metapackages over different versions. It shows our continuous work in several fields. Thanks to all Debian Med team members for their rigorous work on our common goal to make Debian the best operating system for medicine and biology.

Please note that VCS stat calculation is currently broken and does not reflect the latest commits this year.

Blends installable via d-i?

In bug #758116 it is requested to list all Blends and thus also Debian Med in the initial tasksel selection. This would solve a long term open issue which was addessed more than eleven years ago (in #186085) in a more general and better way. This would add a frequently requested feature by our users who always wonder how to install Debian Med.

While there is no final decision on bug #758116 and we are quite late with the request to get this implemented in Jessie feel free to contribute ideas so that this selection of Blends can be done in the best possible manner.

Debian Med Bug Squashing Advent Calendar 2014

The Debian Med team will again do the Bug Squashing Advent Calendar. Feel free to join us in our bug squashing effort where we close bugs while other people are opening doors. :-)

Categories: Elsewhere

Steve McIntyre: Weird things I've noticed in hotels lately...

Planet Debian - Fri, 14/11/2014 - 01:02

I've been crap about blogging lately. Let's see if I can fix that.

Back in February and March, Jo and I went on vacation for 2 weeks touring California and Nevada. We had an awesome time and we got to see and do lots of fun stuff. I'm not going to go into all the details, as it's a long time ago now...! I've got a massive set of photos online, though.

However, two things struck me as odd when we were there. I'm travelling quite regularly to the US these days due to my work in Linaro, but these still seemed new when I saw them this February/March. These are, admittedly trivial things, but they really stood out for me. Maybe I'm a little weird? :-)

Curved shower curtain tracks

I guess I'm not the only one who's been annoyed by shower curtains sticking to me in the shower, but I'd not really paid much thought to it until now. Suddenly, as of maybe 18 months ago I'm seeing most hotel bathrooms replacing the straight curtain track with a curved one, to stop that happening. This photo shows that process with both tracks visible...

Waterproof/washable TV remotes

This one really surprised me. As Jo will attest, I have a little bit of an obsession with TVs and set-top boxes in hotel rooms. This dates from my time working for Amino where we made set-top boxes, and I got into the habit of checking what products were in the hotels I stayed in. I've seen a range of weird and wonderful setups over the years, but never this one before. In two of the hotels on our trip, they had replaced the normal TV remotes with washable/wipe-down ones. Weird...

Categories: Elsewhere

CiviCRM Blog: New features for Webform-Integration - cases, activities, grants and attachments!

Planet Drupal - Fri, 14/11/2014 - 00:36

Thanks to sponsorship from Amnesty Intl. Spain and GMCVO the Webform-Integration module now has 4 new features available for you to try out:

  • Support for CiviGrant - allows front-end users to apply for grants and update their application information.
  • Multiple Cases - open or update any number of cases on a single webform.
  • Multiple Activities - Create as many activities as you wish. 
    Activity and case settings have been decoupled from each other so you can file activities on a case, or not, independent of what cases you are working with.
  • File Attachments - Webform Grants and Activities now have built-in support for native file attachments.
Try it out!

You can test these new features by downloading the "dev" version of Webform-CiviCRM 4 and going through the usual module upgrade procedure. This upgrade will alter your existing webform activity and case settings to work with the new features. I recommend trying it out on a test copy of your site and let me know if you spot any bugs. As soon as it's had a bit more testing and feedback we'll get these features into the next stable release of the module.

Categories: Elsewhere

Steve McIntyre: Mini-Debconf in Cambridge, November 6-9 2014

Planet Debian - Fri, 14/11/2014 - 00:25

For the second year running, we held our mini-debconf in Cambridge last weekend. Roughly 70 people turned up this year to the ARM offices in Cambridge over the 4 days.

Alongside our originally planned general sprint work on Thursday and Friday, the Release Team had their own sprint to work through remaining post-freeze decisions about policies, architectures, naming etc. The rest of us worked through a range of topics all over Debian: installer, admin, ARM arch support etc. We even managed to fix Andy's laptop :-).

Saturday and Sunday were two days devoted to more traditional conference sessions. Our talks covered a wide range of topics: d-i progress and an update from the Release Team, backup software and an arm64 laptop project to name but a few.

I was very happy that the Release Team announced Zurg"Stretch" and "Buster" as upcoming release names, and obviously it was lovely to have arm64 and ppc64el confirmed as release architectures for Jessie. It's a shame to see the kfreebsd ports dropped from the official Jessie list, but let's see if the porters can do an unofficial release anyway. I'll help if I can with things like CD builds...

Several volunteers from the DebConf video team were on hand too, so our talks were recorded and are already online at http://meetings-archive.debian.net/pub/debian-meetings/2014/mini-debconf-cambridge/webm/. Yay!

Again, the mini-conf went well and feedback from attendees was universally positive. We may run again next year. More importantly, I can confirm that we're definitely planning on bidding to host a full DebConf in Cambridge in the summer of 2017.

Thanks to all our helpers, and of course to our sponsors: ARM for providing the venue and infrastructure for the event, and Codethink for helping with food costs.

Categories: Elsewhere

Annertech: My First DrupalCon: DrupalCon Amsterdam

Planet Drupal - Thu, 13/11/2014 - 23:36
My First DrupalCon: DrupalCon Amsterdam

I was given various bits of advice leading up to my attending my first DrupalCon ever. The essence of the one that stuck with me the most is:

Plan. Be realistic. Know you won’t see everything, so make what you do see count.

First on the agenda - get the travel bug out of my system.

It was great. I have a new favourite city, and very fond memories of a real, live Van Gogh. Monday: explore city. Check.

Categories: Elsewhere

Vincent Sanders: The care of open source creatures

Planet Debian - Thu, 13/11/2014 - 23:32
A mini Debian conference happened at the weekend in Cambridge at which I was asked to present. Rather than go with an old talk I decided to try something new. I attempted to cover the topic of application life cycle for open source projects.

The presentation abstract tried to explain this:
A software project that is developed by more than a single person starts requiring more than just the source code. From revision control systems through to continuous integration and issue tracking, all these services need deploying and maintaining.

This presentation takes a look at what a services a project ought to have, what options exist to fulfil those requirements and a practical look at an open source projects actual implementation.I presented on Sunday morning but got a good audience and I am told I was not completely dreadful. The talk was recorded and is publicly available along with all the rest of the conference presentations.

Unfortunately due to other issues in my life right now I did not prepare well enough in advance and my slide deck was only completed on Saturday so I was rather less familiar with the material than I would have preferred.

The rest of the conference was excellent and I managed to see many of the presentations on a good variety of topics without an overwhelming attention to Debian issues. My youngest son brought himself along on both days and "helped" with front desk. He was also the only walk out in my presentation, he insists it was just because he "did not understand a single thing I was saying" but perhaps he just knew who the designated driver was.

I would like thank everyone who organised and sponsored this event for an enjoyable weekend and look forward to the next one.
Categories: Elsewhere

ERPAL: How to build a full-featured e-commerce business with Drupal

Planet Drupal - Thu, 13/11/2014 - 22:21

Whether you’re a startup or an already-established business that wants to start selling online, Drupal has all the tools you need. It provides flexible modules for building e-commerce features and for defining workflows, data structures and lists, and displays. The Drupal Commerce framework provides you with everything required to sell products, services or files online. It integrates very well with Drupal and all its contrib modules, so you almost only need to do configuration – no programming – to build the features you need. In ERPAL Platform, we’ve built a Drupal distribution for the community to use to create flexible business applications. To be as adaptable as possible, it’s based on Drupal Commerce, CRM Core and ERPAL Core. So ERPAL Platform itself actually just supplies an appropriate collection of "best practice" modules from the Drupal community that are already preconfigured and cleverly fitted together to provide features for all kinds of business processes. The sales process is therefore already preconfigured and you can extend it as necessary to integrate seamlessly with project management features, manufacturing features or online shop features.

In the video below, we show you how you can implement ERPAL Platform to use its existing features as the administration backend of your online shop and add a storefront where your customers can buy your products, request quotations and place orders. This enables you to build a complete online business "in one Drupal box" including a backend with a lightweight CRM as well as quotations, orders and invoices to cover the entire sales process for an e-commerce business. In this example your online store will have a completely different theme compared to the administration backend. All you need to do is to download some additional modules and add some specific configurations. It’s that easy: just watch the video!

To see some real use cases about how it works in projects where ERPAL Platform is used to sell products online, you may be interested in the slides of a previous webinar, created in cooperation with the Commerce Guys, the company behind Drupal Commerce.

Motivational slides from a presentation at Drupalcamp Berlin can be found at

Building an online business "in a Drupal box" from Manuel Pistner

 

Categories: Elsewhere

Commerce Guys: Is your Drupal site protected?

Planet Drupal - Thu, 13/11/2014 - 20:47

On October 15th a new version of Drupal core was published (see details of this fix), so naturally everyone is wondering: How do I protect my site?

How Updates Work in Drupal

Drupal is open source software managed by a community made up of all kinds of experts and hobbyists. Community members who manage security specialize in the processing and verification of all modules hosted on drupal.org and the core of Drupal itself. This super-smart team has a long history in Drupal and a vast understanding of the core code, its history and its planned future. 

They are in charge of analyzing the existing application to protect it from malicious threats, regardless of their origins. When an issue is detected, they evaluate its impact and urgency in order to determine an appropriate mode of communication that meets the needs of the community. This usually means that in the event of a risk, an update is issued on one of the pre-planned bi-weekly release dates.

The security team works independently and regularly offers updates to the modules and Drupal core. Below are some ways you can follow these updates to keep your site secure and up to date.

The Security Alerts

Most Drupal users have an account on drupal.org. If you don’t have one, you’re missing out and you should get one immediately. From your account, you have access to the "Newsletter" tab. On this page, you are invited to subscribe to the security newsletter and be informed of updates.

Twitter

Like any self-respecting tech community, the security team is on Twitter: @drupalsecurity.

RSS

You can find subscribe to two different RSS feeds of security advisories for Drupal core and for contributed modules.

Application maintenance of your site

Whether you developed your site or worked with an agency, once online it must be maintained. The purpose of this maintenance is not to make your site a Rolls Royce, but rather to protect it against errors, insecurities and to improve it with the new features added to Drupal core and the modules you use. It’s encouraged to update early and often.

You can choose the frequency and process for updates, but the operations to be carried out are always the same: update the core of Drupal, update themes and modules and test the full operation of your application before you push your updated project live. Prior to deployment, ensure you have a full backup of your codebase, your files directories, and your database in case anything goes wrong.

How do I update my site?

Several technical means are available to you to get the latest version of core, themes and Drupal modules. Whatever method you choose, you will retrieve new files to install it on your production site. Here is a summary of what to do in general (this protocol is an example for your project, please refer to your usual procedure of deployment).

Starting with a copy of your site on a local environment:

  • Get the new version of files or a patch containing updates.
  • Review the changelog to see what has been changed that may affect existing functionality on your site, including any new dependencies, minor API changes, or other notes requiring manual intervention in the update process.
  • Replace the files or apply the patch. At this point updates are physically available but they are not necessarily applied on your site.
  • You may be asked to launch an "update" of the database, for example.
    • In this case, start Drush UPDB drush command or run the update.php page on your local copy site. This operation will be applied to your site changes in its database.
  • To ensure that the updates have all been taken into account, empty the cache of your site. Please note this may take some time and will affect the navigation on the site for treatment. For production sites, it is recommended to keep your current deployment procedure.
  • Once this is done, test your site. Check that everything is working properly.

If you update a Drupal site between two very different versions of the core, it is possible that some functionalities could be affected. However, in an update of one direct release to another, you should not experience major functional changes. When you are confident with this procedure, following your usual process, update your site or sites.

How to update Security SA-CORE-2014-005 - Drupal core - SQL injection

If your site has been well-maintained, the security update will be simple and have no effect on the functionality of your project. You can update the core of Drupal as you normally do using this new version: https://www.drupal.org/project/drupal

However, if you have not maintained the core of your application for some time (skipping several versions) and even though we do not recommend it, if you made a manual change in the core of Drupal, we recommend that you apply the patch only containing the security patch itself, here: https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch

In both cases, the changes in the new version of Drupal will have no effect on the functionality of your project, because it only affects one file related to forms.

How to ensure security on my eCommerce site?

Security is a key issue for an eCommerce website and it is your duty as a merchant to maintain a safe site for your users. To ensure the security of your site, you must first perform regular Drupal core updates, security or not, or suffer the risky consequences.

Then, regularly update the modules you use. In some cases, this may affect the functionality of your site, and must be treated with kid gloves.

In any case, to make these updates, please refer to the standard procedure for updating your site that you have set up with your agency or web host, or enjoy the new technology implementation of Platform.sh to easily update your site and test with confidence.

How Commerce Guys ensures the security of your projects

Subscribers of our Drupal Application Support and Commerce Application Support programs have seen first hand how we can help protect your sites. We patched our customers immediately and 100% were protected whether they hosted with us or not.

Our Platform.sh subscribers benefited from the ability to use a “Drush make” driven workflow to manage the codebase for their sites. This workflow has the advantage of managing the versions of Drupal core and contributed themes and modules on your site through a single configuration file that contains a list of elements that make up your site. Platform.sh uses this file to create and deploy your site by downloading modules and the core of Drupal, making updates fast and easy.

By creating a file Drush Make File, you can ask to recover the latest version of Drupal with the security patch automatically. You gain in maintenance time and reduce your potential for errors.

In addition to ensuring the stability of your hosting, Platform.sh blocked incoming HTTP requests for applications that had not applied the patch. Therefore, only stable sites were available on Platform.sh, and any unprotected sites were immediately aware that action must be taken.

Read more about this protective block here.

If you want to know more about the updates to Drupal, the following links to learn more:

Categories: Elsewhere

Joey Hess: on leaving

Planet Debian - Thu, 13/11/2014 - 19:59

I left Debian. I don't really have a lot to say about why, but I do want to clear one thing up right away. It's not about systemd.

As far as systemd goes, I agree with my friend John Goerzen:

I promise you – 18 years from now, it will not matter what init Debian chose in 2014. It will probably barely matter in 3 years.

read the rest

And with Jonathan Corbet:

However things turn out, if it becomes clear that there is a better solution than systemd available, we will be able to move to it.

read the rest

I have no problem with trying out a piece of Free Software, that might have abrasive authors, all kinds of technical warts, a debatable design, scope creep etc. None of that stopped me from giving Linux a try in 1995, and I'm glad I jumped in with both feet.

It's important to be unafraid to make a decision, try it out, and if it doesn't work, be unafraid to iterate, rethink, or throw a bad choice out. That's how progress happens. Free Software empowers us to do this.

Debian used to be a lot better at that than it is now. This seems to have less to do with the size of the project, and more to do with the project having aged, ossified, and become comfortable with increasing layers of complexity around how it makes decisions. To the point that I no longer feel I can understand the decision-making process at all ... or at least, that I'd rather be spending those scarce brain cycles on understanding something equally hard but more useful, like category theory.

It's been a long time since Debian was my main focus; I feel much more useful when I'm working in a small nimble project, making fast and loose decisions and iterating on them. Recent events brought it to a head, but this is not a new feeling. I've been less and less involved in Debian since 2007, when I dropped maintaining any packages I wasn't the upstream author of, and took a year of mostly ignoring the larger project.

Now I've made the shift from being a Debian developer to being an upstream author of stuff in Debian (and other distros). It seems best to make a clean break rather than hang around and risk being sucked back in.

My mailbox has been amazing over the past week by the way. I've heard from so many friends, and it's been very sad but also beautiful.

Categories: Elsewhere

Bits from Debian: DebConf15 welcomes its first nine sponsors!

Planet Debian - Thu, 13/11/2014 - 14:35

DebConf15 will take place in Heidelberg, Germany in August 2015. We strive to provide an intense working environment and enable good progress for Debian and for Free Software in general. We extend an invitation to everyone to join us and to support this event. As a volunteer-run non-profit conference, we depend on our sponsors.

Nine companies have already committed to sponsor DebConf15! Let's introduce them:

Our first Gold sponsor is credativ, a service-oriented company focusing on open-source software, and also a Debian development partner.

Our second Gold sponsor is sipgate, a Voice over IP service provider based in Germany that also operates in the United Kingdom (sipgate site in English).

Google (the search engine and advertising company), Fairsight Security, Inc. (developers of real-time passive DNS solutions), Martin Alfke / Buero 2.0 (Linux & UNIX Consultant and Trainer, LPIC-2/Puppet Certified Professional) and Ubuntu (the OS supported by Canonical) are our three Silver sponsors.

And last but not least, Logilab, Netways and Hetzner have agreed to support us as Bronze-level.

Become a sponsor too!

Would you like to become a sponsor? Do you know of or work in a company or organization that may consider sponsorship?

Please have a look at our sponsorship brochure (also available in German), in which we outline all the details and describe the sponsor benefits. For instance, sponsors have the option to reach out to Debian contributors, derivative developers, upstream authors and other community members during a Job Fair and through postings on our job wall, and to show-case their Free Software involvement by staffing a booth on the Open Weekend. In addition, sponsors are able to distribute marketing materials in the attendee bags. And it goes without saying that we honour your sponsorship with visibility of your logo in the conference's videos, on our website, on printed materials, and banners.

The final report of DebConf14 is also available, illustrating the broad spectrum, quality, and enthusiasm of the community at work, and providing detailed information about the different outcomes that last conference brought up (talks, participants, social events, impact in the Debian project and the free software scene, and much more).

For further details, feel free to contact us through sponsors@debconf.org, and visit the DebConf15 website at http://debconf15.debconf.org.

Categories: Elsewhere

Tanguy Ortolo: Re: About choice

Planet Debian - Thu, 13/11/2014 - 12:42

This is a reply to Josselin Mouette's blog article About choice, since his blog does not seem to accept comments¹.

Please note that this is not meant to be systemd-bashing, just a criticism base one a counter-example refutation of Josselin's implication that there is no use case better covered by SysV init: this is false, as there is at least one. And yes, there are probably many cases better covered by systemd, I am making no claims about that.

A use case better covered by SysV init: encrypted block devices

So, waiting for a use case better covered by SysV init? Rejoice, you will not die waiting, here is one: encrypted block devices. That case works just fine with SysV init, without any specific configuration, whereas systemd just sucks at it. There exist a way to make it work², but:

  • if systemd requires specific configuration to handle such a case, whereas SysV init does not, that means this case is better covered by SysV init;
  • that work around does not actually work.

If you know any better, I would be glad to try it. Believe me, I like the basic principles of systemd³ and I would be glad to have it working correctly on my system.

Notes
  1. Well, it does accept comments, but marks them as span and does not show them, which is roughly equivalent.
  2. Installing an additional piece of software, Plymouth, is supposed to make systemd work correctly with encrypted block devices. Yes, this is additional configuration, as that piece of software does not come when you install systemd, and it is not even suggested so a regular user cannot guess it.
  3. Though I must say I hate the way it is pushed into the GNU/Linux desktop systems.
Categories: Elsewhere

Josselin Mouette: About choice

Planet Debian - Thu, 13/11/2014 - 09:45
Categories: Elsewhere

Pages

Subscribe to jfhovinne aggregator - Elsewhere