Elsewhere

Matthew Palmer: Witness the security of this fully DNSSEC-enabled zone!

Planet Debian - Sun, 06/07/2014 - 07:00

After dealing with the client side of the DNSSEC puzzle last week, I thought it behooved me to also go about getting DNSSEC going on the domains I run DNS for. Like the resolver configuration, the server side work is straightforward enough once you know how, but boy howdy are there some landmines to be aware of.

One thing that made my job a little less ordinary is that I use and love tinydns. It’s an amazingly small and simple authoritative DNS server, strong in the Unix tradition of “do one thing and do it well”. Unfortunately, DNSSEC is anything but “small and simple” and so tinydns doesn’t support DNSSEC out of the box. However, Peter Conrad has produced a patch for tinydns to do DNSSEC, and that does the trick very nicely.

A brief aside about tinydns and DNSSEC, if I may… Poor key security is probably the single biggest compromise vector for crypto. So you want to keep your keys secure. A great way to keep keys secure is to not put them on machines that run public-facing network services (like DNS servers). So, you want to keep your keys away from your public DNS servers. A really great way of doing that would be to have all of your DNS records somewhere out of the way, and when they change regenerate the zone file, re-sign it, and push it out to all your DNS servers. That happens to be exactly how tinydns works. I happen to think that tinydns fits very nicely into a DNSSEC-enabled world. Anyway, back to the story.

Once I’d patched the tinydns source and built updated packages, it was time to start DNSSEC-enabling zones. This breaks down into a few simple steps:

  1. Generate a key for each zone. This will produce a private key (which, as the name suggests, you should keep to yourself), a public key in a DNSKEY DNS record, and a DS DNS record. More on those in a minute.

    One thing to be wary of, if you’re like me and don’t want or need separate “Key Signing” and “Zone Signing” keys. You must generate a “Key Signing” key – this is a key with a “flags” value of 257. Doing this wrong will result in all sorts of odd-ball problems. I wanted to just sign zones, so I generated a “Zone Signing” key, which has a “flags” value of 256. Big mistake.

    Also, the DS record is a hash of everything in the DNSKEY record, so don’t just think you can change the 256 to a 257 and everything will still work. It won’t.

  2. Add the key records to the zone data. For tinydns, this is just a matter of copying the zone records from the generated key into the zone file itself, and adding an extra pseudo record (it’s all covered in the tinydnssec howto).

  3. Publish the zone data. Reload your BIND config, run tinydns-sign and tinydns-data then rsync, or do whatever it is PowerDNS people do (kick the database until replication starts working again?).

  4. Test everything. I found the Verisign Labs DNSSEC Debugger to be very helpful. You want ticks everywhere except for where it’s looking for DS records for your zone in the higher-level zone. If there are any other freak-outs, you’ll want to fix those – because broken DNSSEC will take your domain off the Internet in no time.

  5. Tell the world about your DNSSEC keys. This is simply a matter of giving your DS record to your domain registrar, for them to add it to the zone data for your domain’s parent. Wherever you’d normally go to edit the nameservers or contact details for your domain, you probably want to do to the same place and look for something about “DS” or “Domain Signer” records. Copy and paste the details from the DS record in your zone into there, submit, and wait a minute or two for the records to get published.

  6. Test again. Before you pat yourself on the back, make sure you’ve got a full board of green ticks in the DNSSEC Debugger. if anything’s wrong, you want to rollback immediately, because broken DNSSEC means that anyone using a DNSSEC-enabled resolver just lost the ability to see your domain.

That’s it! There’s a lot of complicated crypto going on behind the scenes, and DNSSEC seems to revel in the number of acronyms and concepts that it introduces, but the actual execution of DNSSEC-enabling your domains is quite straightforward.

Categories: Elsewhere

Maximilian Attems: xserver-xorg-video-intel 2.99.912+20140705 in experimental

Planet Debian - Sun, 06/07/2014 - 01:00

Since the release of xf86-video-intel 2.99.912 a month ago several enhancements and fixes in xf86-video-intel git piled up. Again testing is very much appreciated: xserver-xorg-video-intel packages.

Categories: Elsewhere

SitePoint PHP Drupal: The Drupal 8 version of EntityFieldQuery

Planet Drupal - Sat, 05/07/2014 - 18:00

Even though Drupal 7 core fell short of a proper way of handling its brand new entity system (we currently rely on the great Entity module for that), it did give us EntityFieldQuery. For those of you who don’t know, EntityFieldQuery is a very powerful querying class used to search Drupal entities programatically (nodes, users, etc).

It provides a number of methods that make it easy to query entities based on conditions such as field values or class properties. If you don’t know how it works, feel free to check out this documentation page or this great tutorial on the subject.

In this article I am going to talk about what we have in Drupal 8 for querying entities. There is no more EntityFieldQuery, but there’s an entity.query service that will instantiate a query object for a given entity type (and that implements the \Drupal\Core\Entity\Query\QueryInterface). We can access this service statically through the \Drupal namespace or using dependency injection.

First up, we’ll look at querying node entities and then we’ll see how to load them. The same techniques will work with other content entities as well (users, comments etc), but also with configuration entities, and that’s really cool.

The entity query service

As mentioned, there are two ways we can access the entity.query service that we use for querying entities. Statically, we can do this:

Continue reading %The Drupal 8 version of EntityFieldQuery%

Categories: Elsewhere

flink: Earl's chicken

Planet Drupal - Sat, 05/07/2014 - 11:27

Here’s a little history I pieced together about, Drupal, the Views module and the human condition.

It must have been 4 years or so ago that the new Field API for D7 crystallises, requiring modifications to Views. So someone adds lines of code to make this happen. They don’t think much about those lines or the performance impact these may have. They don’t put a “hook” in to allow developers to alter the behaviour of those lines. Why would they? It’s a pretty trivial change. In fact it never crosses their minds to add the CPU cycles spent by that code to the view's performance stats.

4 years go by.

Nobody is aware that if you piled up the seconds collectively wasted in that code across all Drupal sites using Views over a period of 4 years, it would amount to like,…. like higher than the Eiffel tower. So to speak…

Until a couple of weeks ago some RdeBoer employs XHProf to find out why a client’s site is a little sluggish. And he finds those lines of code. And although there’s no hook as such to bypass those lines, he finds a way without hacking the Views module to neutralise those lines, offering a simple switch on the UI. Like a Turbo button, it makes selected Views run faster.

The customer is delighted. Now their site is finally speedy enough to go live! Another client quotes the results as “amazing”.

Encouraged by the happy customers RdeBoer tarts up his module to share it with the Drupal community. Now everyone can enjoy similar speed improvements. He writes a little blog post about it.

In a comment to that post @merlinofchaos confirms that those lines were indeed added with the introduction of the Field API. And that not showing how much time is spent in those lines is an oversight.

RdeBoer smiles. Takes a sip of his wine. 4 years... Isn’t life funny?

@merlinofchase goes back to the garden and throws another shrimp on the barbie. Metaphorically speaking. Might have been chicken. Have you seen Earl’s chicken? The photo above that’s his chicken. He cooked that last week. I would love a bit of that chicken. With its juices dripped over the veggies. Yummo!

Meanwhile @someViewsDude has a not-so-constructive go via Twitter, email and the module’s issue queue ...

My friend and colleague Susan concludes her writings with a beautiful phrase: “Breathe and do the next right thing”.

Maybe we can all sit around Earl's barbie. Try his chicken. It looks delish.

File under: Planet Drupal
Categories: Elsewhere

Mario Lang: I love my MacBookAir with Debian

Planet Debian - Sat, 05/07/2014 - 10:25

In short: I love my MacBook Air. It is the best (laptop) hardware I ever owned. I have seen hardware which was much more flaky in the past. I can set the display backlight to zero via software, which saves me a lot of battery life and also offers a bit of anti-spy-acroos-my-shoulder support. WLAN and bluetooth work nicely.

And I just love the form-factor and the touch-feeling of the hardware. I even had the bag I use to carry my braille display modified so that the Air just fits in.

I can't say how it behaves with X11. Given how flaky accessibility with graphical desktops on Linux is, I have still not made the switch. My MacBookAir is my perfect mobile terminal, I LOVE it.

I am sort of surprised about the recent rant of Paul about MacBook Hardware. It is rather funny that we perceive the same technology so radically different.

And after reading the second part of his rant I am wondering if I am no longer allowed to consider myself part of the "hardcore F/OSS world", because I don't consider Apple as evil as apparently most others. Why? Well, first of all, I actually like the hardware. Secondly, you have to show me a vendor first that builds usable accessibility into their products, and I mean all their products, without any extra price-tag attached. Once the others start to consider people with disabilities, we can talk about apple-bashing again. But until then, sorry, you don't see the picture as I do.

Apple was the first big company on the market to take accessibility seriously. And they are still unbeaten, at least when it comes to bells and whistles included. I can unbox and configure any Apple product sold currently completely without assisstance. With some products, you just need to know a signle keypress (actually, tripple-press the home button), and with others, during initial bootup, a speech synthesizer even tells you how to enable accessibility if you need it.

And after that is enabled, I can perform the setup of my device completely on my own. I don't need help from anyone else. And after the setup is complete, I can use 95% of the functionality provided by the operating system.

And I am blind, part of a very small margin group so to speak.

In Debian circles, I have even heard the sentiment that we supposedly have to accept that small margin groups are ignored sometimes. Well, as long as we think that way, as long as we strictly think economically, we will never be able to go there, fully.

So, who is evil? Scratch your own itch doesn't always work to cover everything.

Categories: Elsewhere

John Goerzen: The Heights of Coronado

Planet Debian - Sat, 05/07/2014 - 06:28

Near the beautiful Swedish town of Lindsborg, Kansas, there stands a hill known as Coronado Heights. It lies in the midst of the Smoky Hills, named for the smoke-like mist that sometimes hangs in them. We Kansans smile our usual smile when we tell the story of how Francisco Vásquez de Coronado famously gave up his search for gold after reaching this point in Kansas.

Anyhow, it was just over a year ago that Laura, Jacob, Oliver, and I went to Coronado Heights at the start of summer, 2013 — our first full day together as a family.

Atop Coronado Heights sits a “castle”, an old WPA project from the 1930s:

The view from up there is pretty nice:

And, of course, Jacob and Oliver wanted to explore the grounds.

As exciting as the castle was, simple rocks and sand seemed to be just as entertaining.

After Coronado Heights, we went to a nearby lake for a picnic. After that, Jacob and Oliver wanted to play at the edge of the water. They loved to throw rocks in and observe the splash. Of course, it pretty soon descended (or, if you are a boy, “ascended”) into a game of “splash your brother.” And then to “splash Dad and Laura”.

Fun was had by all. What a wonderful day! Writing the story reminds me of a little while before that — the first time all four of us enjoyed dinner and smores at a fire by our creek.

Jacob and Oliver insisted on sitting — or, well, flopping — on Laura’s lap to eat. It made me smile.

(And yes, she is wearing a Debian hat.)

Categories: Elsewhere

Matthew Garrett: Self-signing custom Android ROMs

Planet Debian - Sat, 05/07/2014 - 00:10
The security model on the Google Nexus devices is pretty straightforward. The OS is (nominally) secure and prevents anything from accessing the raw MTD devices. The bootloader will only allow the user to write to partitions if it's unlocked. The recovery image will only permit you to install images that are signed with a trusted key. In combination, these facts mean that it's impossible for an attacker to modify the OS image without unlocking the bootloader[1], and unlocking the bootloader wipes all your data. You'll probably notice that.

The problem comes when you want to run something other than the stock Google images. Step number one for basically all of these is "Unlock your bootloader", which is fair enough. Step number two is "Install a new recovery image", which is also reasonable in that the key database is stored in the recovery image and so there's no way to update it without doing so. Except, unfortunately, basically every third party Android image is either unsigned or is signed with the (publicly available) Android test keys, so this new recovery image will flash anything. Feel free to relock your bootloader - the recovery image will still happily overwrite your OS.

This is unfortunate. Even if you've encrypted your phone, anyone with physical access can simply reboot into recovery and reflash /system with something that'll stash your encryption key and mail your data to the NSA. Surely there's a better way of doing this?

Thankfully, there is. Kind of. It's annoying and involves a bunch of manual processes and you'll need to re-sign every update yourself. But it is possible to configure Nexus devices in such a way that you retain the same level of security you had when you were using the Google keys without losing the freedom to run whatever you want. Here's how.

Note: This is not straightforward. If you're not an experienced developer, you shouldn't attempt this. I'm documenting this so people can create more user-friendly approaches.

First: Unlock your bootloader. /data will be wiped.
Second: Get a copy of the stock recovery.img for your device. You can get it from the factory images available here
Third: Grab mkbootimg from here and build it. Run unpackbootimg against recovery.img.
Fourth: Generate some keys. Get this script and run it.
Fifth: zcat recovery.img-ramdisk.gz | cpio -id to extract your recovery image ramdisk. Do this in an otherwise empty directory.
Sixth: Get DumpPublicKey.java from here and run it against the .x509.pem file generated in step 4. Replace /res/keys from the recover image ramdisk with the output. Include the "v2" bit at the beginning.
Seventh: Repack the ramdisk image (find . | cpio -o -H newc | gzip > ../recovery.img-ramdisk.gz) and rebuild recovery.img with mkbootimg.
Eighth: Write the new recovery image to your device
Ninth: Get signapk from here and build it. Run it against the ROM you want to sign, using the keys you generated earlier. Make sure you use the -w option to sign the whole zip rather than signing individual files.
Tenth: Relock your bootloader
Eleventh: Boot into recovery mode and sideload your newly signed image.

At this point you'll want to set a reasonable security policy on the image (eg, if it grants root access, ensure that it requires a PIN or something), but otherwise you're set - the recovery image can't be overwritten without unlocking the bootloader and wiping all your data, and the recovery image will only write images that are signed with your key. For obvious reasons, keep the key safe.

This, well. It's obviously an excessively convoluted workflow. A *lot* of it could be avoided by providing a standardised mechanism for key management. One approach would be to add a new fastboot command for modifying the key database, and only permit this to be run when the bootloader is unlocked. The workflow would then be something like
  • Unlock bootloader
  • Generate keys
  • Install new key
  • Lock bootloader
  • Sign image
  • Install image
which seems more straightforward. Long term, individual projects could do the signing themselves and distribute their public keys, resulting in the install process becoming as easy as
  • Unlock bootloader
  • Install ROM key
  • Lock bootloader
  • Install ROM
which is actually easier than the current requirement to install an entirely new recovery image.

I'd actually previously criticised Google on the grounds that using custom keys wasn't possible on Android devices. I was wrong. It is, it's just that (as far as I can tell) nobody's actually documented it before. It's important that users not be forced into treating security and freedom as mutually exclusive, and it's great that Google have made that possible.

[1] This model fails if it's possible to gain root on the device. Thankfully this would never hold on what's that over there is that a distraction?

comments
Categories: Elsewhere

Drupal 8 and iOS: Use Caching with NSURLRequest

Planet Drupal - Fri, 04/07/2014 - 22:45
Use Caching with NSURLRequest

I am Vivek Pandya and I am working on Google Summer of Code 2014 project to build an iOS application for Drupal 8 site. In this article I am sharing my experience about caching retrieved data from Durpal 8 REST web service with in iOS7 application.

While writing iOS application that loads data(JSON) like a list of articles it is better to use cache mechanism provided by NSURLSession api. An NSURLRequest instance specifies how local cache is used by setting NSURLRequestCachePolicy values: with NSURLRequestProtocolCachePolicy, NSURLRequestReloadIgnoringCacheData, NSURLRequestReturnCacheDataElseLoad, NSURLRequestReturnCacheDataDontLoad etc.

The default cache policy for an NSURLRequest is NSURLRequestUseProtocolCachePolicy. While working with REST endpoint HTTP is default protocol so when NSCachedURLResponse does not exist for the request the NSURLSession will fetch data for that request.

If cached response exist than NSURLSession api will make HEAD request to the resource and check for cached data's validity by examining various response header like “Last-Modified” , “Cache-Control” etc. And if it finds data to be stale one it will load the data again otherwise returns cached data.

But, before using this cache mechanism at iOS side we have to make our Drupal site pages cacheable to do so navigate to “admin/config/development/performance” and set time limit value for page cache. Save the configuration. Now to verify whether Drupal has really enabled cache for pages or note try HEAD request with any REST api client like Postman, in response header you should be able to see “Cache-Control : max-age=<seconds>” here seconds should be same as you specified in configuration. See the picture below to get more clarity.

Now while creating request object with iOS SDK set it's caching policy to NSURLRequestProtocolCachePolicy. Now run the code , first time it will take normal time to load the data but next time onwards it will only reload the data if it has been changed or max-age value has expired.

For more details please refer to URLLoading system guide by Apple.

 

Tags:
Categories: Elsewhere

Paul Tagliamonte: Apple Hardware: Part II

Planet Debian - Fri, 04/07/2014 - 20:05

A few interesting things happened after I got a macbook air.

Firstly, I got a lot of shit from my peers and friends about it. This was funny to me, nothing really bothered me about it, but I can see this becoming really tiresome at events like hackathons or conferences.

As a byproduct, there’s a strong feeling in the hardcore F/OSS world that Apple hardware is the incarnation of evil.

As a result of both of the above, hardcore F/OSS (and Distro hackers) don’t buy apple hardware.

Therefore, GNU/Linux is complete garbage on Apple hardware. Apple’s firmware bugs don’t help, but we’re BAD.

Some might ask why this is a big deal. The fact is, this is one of the most used platforms for Open Source development (note I used that term exactly).

Are we to damn these users to a nonfree OS because we want to maintain our purity?

I had to give back my Air, but I still have a Mac Mini that i’ve been using for testing bugs on OSX in code I have. Very soon, my Mac Mini will be used to help fix the common bugs in the install process.

Some things you can do:

  • Consider not giving off an attitude to people with Apple hardware. Be welcoming.
  • Consider helping with supporting your favorate distro on Apple hardware. Props to Fedora for doing such a great job, in particular, mjg59 and Peter Jones for all they do with it.
  • Help me make Debian Apple installs one-click.
Categories: Elsewhere

Dimitri John Ledkov: Hacking on launchpadlib

Planet Debian - Fri, 04/07/2014 - 19:54
So here is a quick sample of my progress playing around with launchpadlib using lp-shell from lptools:
In [1]: lp
Out[1]: <launchpadlib.launchpad.Launchpad at 0x7f49ecc649b0>

In [2]: lp.distributions
Out[2]: <launchpadlib.launchpad.DistributionSet at 0x7f49ddf0e630>

In [3]: lp.distributions['ubuntu']
Out[3]: <distribution at https://api.launchpad.net/1.0/ubuntu>

In [4]: lp.distributions['ubuntu'].display_name
Out[4]: 'Ubuntu'

In [5]: lp.distributions['ubuntu'].summary
Out[5]: 'Ubuntu is a complete Linux-based operating system, freely available with both community and professional support.'

In [7]: import sys; print(sys.version)
3.4.1 (default, Jun 9 2014, 17:34:49)
[GCC 4.8.3]
There is not much yet, but it's a start. python3 port of launchpadlib is coming soon. It has been attempted a few times before and I am leveraging that work. Porting this stack has proven to be the most difficult python3 port I have ever done. But there is always python-libvirt that still needs porting ;-)

Some of above is just merge proposals against launchpadlib & lazr.restfulclient, and requires not yet packaged modules in the archive. When trying it out, I'm still getting a lot of run-time asserts and things that haven't been picked up by e.g. pyflakes3 and has not been unit-tested yet.
Categories: Elsewhere

Rapha&#235;l Hertzog: My Free Software Activity in June 2014

Planet Debian - Fri, 04/07/2014 - 17:15

This is my monthly summary of my free software related activities. If you’re among the people who made a donation to support my work (168.17 €, thanks everybody!), then you can learn how I spent your money. Otherwise it’s just an interesting status update on my various projects.

Debian LTS

After having put in place the infrastructure to allow companies to contribute financially to Debian LTS, I spent quite some time to draft the announce of the launch of Debian LTS (on a suggestion of Moritz Mühlenhoff who pointed out to me that there was no such announce yet).

I’m pretty happy about the result because we managed to mention a commercial offer without generating any pushback from the community. The offer is (in my necessarily biased opinion) clearly in the interest of Debian but still the money doesn’t go to Debian so we took extra precautions. When I got in touch with the press officers, I included the Debian leader in the discussion and his feedback has been very helpful to improve the announce. He also officially “acked” the press release to give some confidence to the press officers that they were doing the right thing.

Lucas also pushed me to seek public review of the draft press release, which I did. The discussion was constructive and the draft got further improved.

The news got widely relayed, but on the flip side, the part with the call for help got almost no attention from the press. Even Linux Weekly News skipped it!

On the Freexian side, we just crossed 10% of a full-time position (funded by 6 companies) and we are in contact with a few other companies in discussion. But we’re far from our goal yet so we will have to actively reach out to more companies. Do you know companies who are still running Debian 6 servers ? If yes, please send me the details (name + url + contact info if possible) to deblts@freexian.com so that I can get in touch and invite them to contribute to the project.

Distro Tracker

In the continuation of the Debian France game, I continued to work together with Joseph Herlant and Christophe Siraut on multiple improvements to distro tracker in order to prepare for its deployment on tracker.debian.org (which I just announced \o/).

Debian France

Since the Debian France game was over, I shipped the rewards. 5 books have been shipped to:

Misc Debian work

I orphaned sql-ledger and made a last upload to change the maintainer to Debian QA (with a new upstream version).

After having been annoyed a few times by dch breaking my name in the changelog, I filed #750855 which got quickly fixed.

I disabled a broken patch in quilt to fix RC bug #751109.

I filed #751771 when I discovered an incorrect dependency on ruby-uglifier (while doing packaging work for Kali Linux).

I tested newer versions of ruby-libv8 on armel/armhf on request of the upstream author. I had reported him those build failures (github ticket here).

Thanks

See you next month for a new summary of my activities.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Categories: Elsewhere

groups.drupal.org frontpage posts: Drupal 8 core sprints, August 7-10

Planet Drupal - Fri, 04/07/2014 - 15:56
Start:  2014-08-07 (All day) - 2014-08-10 (All day) UTC Sprint

Summer is in full swing, but we know you enjoy Drupaling with your peers in the summer as much as any other time of the year! Plus, this summer is an important time to help get Drupal 8 done, so there is no good reason to skip getting together. We are holding two Drupal 8 sprints at the same time on August 7 to 10: one in North America at TCDrupal, and one in Europe at Drupalaton. Sprinters from both events will collaborate on Drupal 8 issues.

Twin Cities DrupalCamp (North America)

Twin Cities DrupalCamp hosts a four-day Drupal sprint, with a focus on unblocking the release of Drupal 8 and other topics like multilingual, accessibility, and Drupal.org. The last day of the event provides a mentored sprint which is ideal for Drupalers new to sprinting or the issue queues. The camp itself features keynotes from Holly Ross and Chris Shattuck, free Drupal training on the first day, and five parallel session tracks on the middle days. The event is in Minneapolis and Bloomington, MN and the early bird ticket is $35. If you need funding to attend, contact the organizers.

Sign up for TCDrupal sprints Drupalaton (Europe)

Great location for a summer camp in an affordable hotel right on the beach of the biggest warm water lake in Europe (with a tiny private island), Drupalaton sprints provide a relaxed environment to work and have fun together. The camp programme focuses on providing longer hands-on workshops with featured speakers Ruben Teijeiro, Campbell Vertesi, Adam Juran and Gábor Hojtsy. The event is in Keszthely, Hungary and the ticket is 50 EUR. There is a funding pool for sprinters who would not attend otherwise; contact the organizers.

Sign up for Drupalaton sprints

P.S. Even if you cannot attend in August, keep in mind we have 9 consecutive days of sprints coming up in September in Amsterdam around DrupalCon.

#node-431758 h3 { display: none; } #node-431758 h3.content { display: block; }
Categories: Elsewhere

Lullabot: DrupalCon Session Selection

Planet Drupal - Fri, 04/07/2014 - 14:59

The session selection for DrupalCon Amsterdam has just been completed and will be announced next week. In this episode Addison Berry is joined by Steve Parks (steveparks), Pedro Cambra (pcambra), and Michael Schmid (schnitzel) to talk about how this actually works.

Categories: Elsewhere

Makak Media: PhoneGap and Drupal 7 Data Synchronization for My Caribbean Offers App

Planet Drupal - Fri, 04/07/2014 - 14:34

In our last blog post we launched the My Caribbean Offers app for Android and Apple iOS.

The app displays offers for all types of tourist related businesses from across the Caribbean and is currently free to download!

We thought we'd share what went into building the app, the modules used and processes involved.

Client side requirements

Phonegap with local database (SQLite in our case), jQuery for ajax operations (http requests)

Module requirements

Views, Services, Custom module to save node deletions

read more

Categories: Elsewhere

LimoenGroen company blog: The power of sharing

Planet Drupal - Fri, 04/07/2014 - 12:39
Scientia potentia est - Francis Bacon, 1597

Napoleon beat his opponents for years, despite his much smaller army. His knowledge of warfare and the armies of his opponents made him win the wars every time, and ultimately he was able to dominate Europe.

Knowledge is power > Sharing is power

The phrase "Knowledge is power" does not come out of thin air – where you could also explain power as influence, wealth or fame. However, in the knowledge economy of today is just having knowledge not enough. It becomes powerful when you can convey that knowledge. In the Open Source community we see that one who shares the most has the most "power". The real change agents, the core developers; they get done a lot because they not only know a lot, but also share this knowledge. And that goes in many ways: by writing a blog, giving a presentation, or simply just by contributing code.

Contributing code

Open Source is only good if people not only use it, but also improve it. Drupal is great software, but it has bugs. In the core itself, but (especially) in its thousands of community modules. If we discover a bug during a project we could fix this locally and continue with our work; our problem is resolved. However, we won’t. We always make sure that the solution flows back into the community. That can be done in several ways:

Contribute a patch

Can we solve the problem? Great! We create a new issue in the issue queue of the relevant module and deliver the code change as a patch. Example of Martijn: https://www.drupal.org/node/1783678

Describe the problem

Are we unable to fix it ourselves? Then at least create an issue and describe how the issue can be reproduced. This helps another developer to fix this, or recognize them their own problem quickly. Example of Dominique: https://www.drupal.org/node/907504

Start een nieuwe module

Did we write a separate piece of code that might be interesting for others? We’ll then try to offer this as a separate project. The extra time it takes to make a piece of client code generic and configurable is not an issue, knowing that the community as a whole can now help to improve and maintain the code for us. Example of myself, commissioned by the European Space Agency: https://www.drupal.org/project/commons_hashtags

Featured Drupal Provider

By sharing so much code we became one of the 4 Featured Drupal Providers in the Netherlands.

Taking equals giving

At LimoenGroen (Lime Green) everyone gets 10% community time: every other week, our employees have a full Friday to do what they think is important. They experiment with new technology, write a blog, or "open-source" customer code.

To make sure that the client agrees, we add the following boilerplate text to any quote that we write:

Drupal is developed under an open source software license. All, in the context of this project developed software falls under the same license as Drupal itself: GNU General Public License, version 2 or later. The intellectual property is yours. To take full advantage of the benefits of the open source development model, we believe it is important that we have the ability to develop parts of the software generic and share this with the community (with the mention that this is developed for <CUSTOMER NAME>).Appeal to Drupal suppliers

Taking equals giving is what I truly believe in. Therefore, I call on every Drupal supplier to include the text mentioned above in your offers. By doing so, there will soon be more to take! Who's with me?

Categories: Elsewhere

Rapha&#235;l Hertzog: Tracker.debian.org is live

Planet Debian - Fri, 04/07/2014 - 12:15

Maybe do you remember, last year I mentored a Google Summer of code whose aim was to replace our well known Package Tracking System with something more modern, usable by derivatives and more easily hackable. The result of this project is a new Django-based software called Distro Tracker.

With the help of the Debian System Administrators, it’s now setup on tracker.debian.org!

This service is also managed by the Debian QA team, it’s deployed in /srv/tracker.debian.org/ (on ticharich.debian.org, a VM) if you want to verify something on the live installation. It runs under the “qa” user (so members of the “qa-core” group can administer it).

That said you can reproduce the setup on your workstation quite easily, just by checking out the git repository and applying this change:

--- a/distro_tracker/project/settings/local.py +++ b/distro_tracker/project/settings/local.py @@ -10,6 +10,7 @@ overrides on top of those type-of-installation-specific settings.   from .defaults import INSTALLED_APPS from .selected import * +from .debian import *   ## Add your custom settings here

Speaking of contributing, the documentation includes a “Contributing” section to get you up and running, ready to do your first contribution!

Now go use this new service and report any issue against the new tracker.debian.org pseudo-package (BTW tracker.debian.org knows about pseudo-packages, example here).

There are many small things that need to be fixed/improved, if you know Python/Django and would like to start contributing to Debian, here’s your chance!

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Categories: Elsewhere

Pages

Subscribe to jfhovinne aggregator - Elsewhere