Elsewhere

Code Karate: Git Cheat Sheet

Planet Drupal - Wed, 12/11/2014 - 15:23

There is a saying that "All good things come to those who wait".

Categories: Elsewhere

InternetDevels: Drupal tourists are Drupal Touring!

Planet Drupal - Wed, 12/11/2014 - 14:49

Ukrainian Drupal community with an active support of InternetDevels team has actually invented completely unique kind of Drupal event, which makes the whole community go wow! So, ladies and gentlemen, we proudly present you Drupal Tour! The main point of the event is in it’s dynamics and velocity — we’re not going to stop just on one location, but would travel all around the country to involve even larger amount of audience, interested in Drupal development.

Read more
Categories: Elsewhere

Modules Unraveled: 126 What Varnish Can and Can't Do for Your Drupal Site with Dan Reif - Modules Unraveled Podcast

Planet Drupal - Wed, 12/11/2014 - 07:00
Published: Wed, 11/12/14Download this episodePerformance Optimization
  • Before we dive deep into Varnish, I’d like to get a feel for the various performance improvements anyone can make to speed up their Drupal. What’s the process you think through when optimizing a site?
    • DB Tuning
    • Boost
    • Memcache
    • Redis
    • APC
    • Varnish
    • Module Choices!
Varnish
  • What exactly is Varnish?
  • When researching Drupal performance optimization, I came across a lot of references to APC and Varnish. What is the difference?
  • Is this for anonymous or authenticated traffic?
  • Is the Varnish module required to utilize Varnish with Drupal?
  • What are the steps needed to install and utilize Varnish? (Broad terms, not actual terminal commands)
  • Does SSL affect Varnish?
  • What doesn’t Varnish do? (What needs to be done by Drupal, or other software instead?)
  • How does Varnish affect a dev/staging/live workflow? Does Varnish need to be instlaled on the local machine?
Episode Links: Dan on drupal.orgDan on TwitterDan on GitHubDan on ServerFaultVarnish moduleVarnish info on Drupal.orgXHProfXHProf Drupal moduleTags: PerformanceOptimizationplanet-drupal
Categories: Elsewhere

Simon Josefsson: Dice Random Numbers

Planet Debian - Wed, 12/11/2014 - 00:36

Generating data with entropy, or random number generation (RNG), is a well-known difficult problem. Many crypto algorithms and protocols assumes random data is available. There are many implementations out there, including /dev/random in the BSD and Linux kernels and API calls in crypto libraries such as GnuTLS or OpenSSL. How they work can be understood by reading the source code. The quality of the data depends on actual hardware and what entropy sources were available — the RNG implementation itself is deterministic, it merely convert data with supposed entropy from a set of data sources and then generate an output stream.

In some situations, like on virtualized environments or on small embedded systems, it is hard to find sources of sufficient quantity. Rarely are there any lower-bound estimates on how much entropy there is in the data you get. You can improve the RNG issue by using a separate hardware RNG, but there is deployment complexity in that, and from a theoretical point of view, the problem of trusting that you get good random data merely moved from one system to another. (There is more to say about hardware RNGs, I’ll save that for another day.)

For some purposes, the available solutions does not inspire enough confidence in me because of the high complexity. Complexity is often the enemy of security. In crypto discussions I have said, only half-jokingly, that about the only RNG process that I would trust is one that I can explain in simple words and implement myself with the help of pen and paper. Normally I use the example of rolling a normal six-sided dice (a D6) several times. I have been thinking about this process in more detail lately, and felt it was time to write it down, regardless of how silly it may seem.

A dice with six sides produces a random number between 1 and 6. It is relatively straight forward to intuitively convinced yourself that it is not clearly biased: inspect that it looks symmetric and do some trial rolls. By repeatedly rolling the dice, you can generate how much data you need, time permitting.

I do not understand enough thermodynamics physics to know how to estimate the amount of entropy of a physical process, so I need to resort to intuitive arguments. It would be easy to just assume that a dice produces 3 bits of entropy, because 2^3=6 which matches the number of possible outcomes. At least I find it easy to convince myself that 3 bits is the upper bound. I suspect that most dice have some form of defect, though, which leads to a very small bias that could be found with a large number of rolls. Thus I would propose that the amount of entropy of most D6’s are slightly below 3 bits on average. Further, to establish a lower bound, and intuitively, it seems easy to believe that if the entropy of particular D6 would be closer to 2 bits than to 3 bits, this would be noticeable fairly quickly by trial rolls. That assumes the dice does not have complex logic and machinery in it that would hide the patterns. With the tinfoil hat on, consider a dice with a power source and mechanics in it that allowed it to decide which number it would land on: it could generate seamingly-looking random pattern that still contained 0 bits of entropy. For example, suppose a D6 is built to produce the pattern 4, 1, 4, 2, 1, 3, 5, 6, 2, 3, 1, 3, 6, 3, 5, 6, 4, … this would mean it produces 0 bits of entropy (compare the numbers with the decimals of sqrt(2)). Other factors may also influence the amount of entropy in the output, consider if you roll the dice by just dropping straight down from 1cm/1inch above the table. With this discussion as background, and for simplicity, going forward, I will assume that my D6 produces 3 bits of entropy on every roll.

We need to figure out how many times we need to roll it. I usually find myself needing a 128-bit random number (16 bytes). Crypto algorithms and protocols typically use power-of-2 data sizes. 64 bits of entropy results in brute-force attacks requiring about 2^64 tests, and for many operations, this is feasible with today’s computing power. Performing 2^128 operations does not seem possible with today’s technology. To produce 128 bits of entropy using a D6 that produces 3 bits of entropy per roll, you need to perform ceil(128/3)=43 rolls.

We also need to design an algorithm to convert the D6 output into the resulting 128-bit random number. While it would be nice from a theoretical point of view to let each and every bit of the D6 output influence each and every bit of the 128-bit random number, this becomes difficult to do with pen and paper. For simplicity, my process will be to write the binary representation of the D6 output on paper in 3-bit chunks and then read it up as 8-bit chunks. After 8 rolls, there are 24 bits available, which can be read up as 3 distinct 8-bit numbers. So let’s do this for the D6 outputs of 3, 6, 1, 1, 2, 5, 4, 1:

3 6 1 1 2 5 4 1 011 111 001 001 010 101 010 001 01111100 10010101 01010001 124 0x7C 149 0x95 81 0x51

After 8 rolls, we have generated the 3 byte hex string “7C9551″. I repeat the process 5 more times, concatenating the strings, resulting in a hex string with 15 bytes of data. To get the last byte, I only need to roll the D6 three more times, where the two high bits of the last roll is used and the lowest bit is discarded. Let’s say the last D6 outputs were 4, 2, 3, this would result in:

4 2 3 100 010 011 10001001 137 0x89

So the 16 bytes of random data is “7C9551..89″ with “..” replaced by the 5 pieces of 3-byte chunks of data.

So what’s the next step? Depends on what you want to use the random data for. For some purposes, such as generating a high-quality 128-bit AES key, I would be done. The key is right there. To generate a high-quality ECC private key, you need to generate somewhat more randomness (matching the ECC curve size) and do a couple of EC operations. To generate a high-quality RSA private key, unfortunately you will need much more randomness, at the point where it makes more sense to implement a PRNG seeded with a strong 128-bit seed generated using this process. The latter approach is the general solution: generate 128 bits of data using the dice approach, and then seed a CSPRNG of your choice to get large number of data quickly. These steps are somewhat technical, and you lose the pen-and-paper properties, but code to implement these parts are easier to verify compared to verifying that you get good quality entropy out of your RNG implementation.

Categories: Elsewhere

Richard Hartmann: One pot noodles

Planet Debian - Tue, 11/11/2014 - 21:00

I had prepared a long and somewhat emotional blog post called "On unintended consequences" to write a rather sad bit of news off of my heart. While I believe the points raised were logical, courteous, and overall positive, I decided to do something different and replace sad things with happy things.

So anyway, for 3-4 people you will need:

  • The largest, widest cooking pot you can find (you want surface to let more water evaporate)
  • 500g noodles, preferably Bavette)
  • 300g cherry tomatoes
  • ~150g sundried tomatoes
  • ~150g grilled peppers
  • a handful of olives
  • two medium-sized red onions
  • as much garlic as is socially acceptable in your group
  • one or two handful of fresh basil leaves
  • large gulp of olive oil
  • ~100g fresh-ground Parmesan
  • salt, to taste
  • random source of capsaicin, to taste
  • water

Proceed to the cooky part of the evening:

  • Slice and cut all vegetables into sizes of your preference; personally, I like to stay on the chunky side, but do whatever you feel like.
  • Pour the olive oil into the pot; optionally add oil from your sundried tomatoes and/or grilled peppers in case those came in oil.
  • Put the pot onto high heat and toss the chopped vegetables in as soon as it starts heating up.
  • Stir for maybe a minute, then add a bit of water.
  • Toss in the noodles and add just enough water to cover everything.
  • Now is a good time to add salt and capsaicin, to taste.
  • Cook everything down on medium to high heat while stirring and scraping the bottom of the pot so nothing burns. You want to get as much water out of the mix as possible.
  • Towards the end, maybe a minute before the noodles are al dente, wash the basil leaves and rip them into small pieces.
  • Turn off the heat, add all basil and cheese, stir a few times, and serve.

If you don't have any of those ingredients on hand and/or want to add something else: Just do so. This is not an exact science and it will taste wonderful any way you make it.

Categories: Elsewhere

Ben's SEO Blog: Must-Attend Drupal Events of 2015

Planet Drupal - Tue, 11/11/2014 - 20:34

Earlier this year, I posted a blog about Must-Attend Drupal Events of 2014; it was fairly well received so I figured I'd work on a similar list for the 2015 Drupal events.

It appears that BuildAModule keeps their list updated, as does Drupical's map. Instead of categorizing by Drupal Camps or Drupal Cons, this list will simply be in chronological order. I will be updating this blog over the next couple of months as more details are released. Also, don't forget to post in the comments if I missed one; I won't hesitate to add it.

  • DrupalCamp Brighton - Brighton, UK - Jan. 16-18
  • DrupalCamp NJ - Princeton, NJ - Jan. 31
    • The 4th Annual Gathering of Drupalists in the Garden State!
    • @DrupalcampNJ
  • DrupalCon Latin America - Bogotá, Colombia - Feb. 10-12
    • "DrupalCon Latin America is our first DrupalCon in an emerging Drupal community, and we couldn’t be more excited to be hosted by the wonderful people of Bogota, Colombia."
    • Will be held at the RoyalPark Metrotel Convention Center Hotel
    • DrupalCon Latin America is the third DrupalCon in 2015
    • @DrupalconLatino
  • Drupal Camp Utah - Salt Lake City, UT - Feb. 27
    • 5th Annual Drupal Camp Utah
  • DrupalSouth Melbourne - South Wharf, VIC, Australia - Mar. 5-7
  • MidCamp (Midwest Area) - Chicago, IL - Mar. 19-22
  • NYC Camp - New York, NY - Mar. 23-29
    • other site
    • NYC (Nice) Camp is a free, week-long Drupal conference in New York City. We invite you to come learn from some of the brightest minds in Open Source, and expand your horizons. There will be numerous opportunities to contribute back to the community, so jump in!
    • @NYCCampDrupal
  • DrupalCon LA - Los Angeles, CA - May 11-15
    • Host city of the DrupalCon North America conference in 2015.
    • Some of the world's best and biggest museums, universities and entertainment giants are in Los Angeles and they use Drupal. A Drupal powerhouse, Los Angeles is one of the most active areas for Drupal in the world. The Drupal community in and around Los Angeles organizes hundreds of Drupal events each year, including GLADCamp, Drupal Design Camp LA and DrupalCamp LA.
    • While you're enjoying DrupalCon, your family can enjoy Disneyland, bike rides at the beach, and culture and science at the Getty, Museum of Modern Art and the California Science Center. The Downtown area has a thriving nightlife, walkable streets and contrary to popular belief, is the heart of the LA Metro and can be enjoyed car-free.
    • @DrupalConLA
    • @GLADrupal
    • @DrupalConNA
  • DrupalCamp Spain - Jerez, Spain - May 22-24
  • DrupalCon Barcelona - Barcelona, Spain - Sept. 21-25
    • From the colorful tiles of Park Güell to the sparkling Mediterranean, Barcelona is a vibrant city where modernity joins timeless tradition. Experience the culture, festivals, sunny weather and world-class dining with friendly locals, all while celebrating the world’s best open source project.
    • @DrupalConEUR
  • DrupalCamp Bristol - Bristol, UK - date: TBA
drupal, Planet Drupal
Categories: Elsewhere

Mike Hommey: Building a Firefox Debian package

Planet Debian - Tue, 11/11/2014 - 11:26

It’s actually been possible for some time, but I made that simpler recently, and I figured I should mention it.

  • Grab the iceweasel source
    $ apt-get source iceweasel
  • Install its build dependencies
    $ apt-get build-dep iceweasel
  • Build it
    $ cd iceweasel-* $ PRODUCT_NAME=firefox dpkg-buildpackage -rfakeroot
Categories: Elsewhere

Paul Booker: How to give your Drupal site a Canonical URL

Planet Drupal - Tue, 11/11/2014 - 10:35

You will need to modify your .htaccess file located under your web root.

Change ..

# To redirect all users to access the site WITH the 'www.' prefix, # (http://example.com/... will be redirected to http://www.example.com/...) # uncomment the following: # RewriteCond %{HTTP_HOST} . # RewriteCond %{HTTP_HOST} !^www\. [NC] # RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

to ..

# To redirect all users to access the site WITH the 'www.' prefix, # (http://example.com/... will be redirected to http://www.example.com/...) # uncomment the following: RewriteCond %{HTTP_HOST} . RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Tags:
Categories: Elsewhere

John Goerzen: I’m hiring a senior Linux sysadmin/architect

Planet Debian - Tue, 11/11/2014 - 05:29

I’m never sure whether to post such things here, but I hope that it’s of interest to people: I’m trying to hire a top-notch Linux person for a 100% telecommute position. I’m particularly interested in people with experience managing 500 or more OS instances. It’s a shop with a lot of Debian, by the way. You can apply at that URL and mention you saw it in my blog if you’re interested.

Categories: Elsewhere

Pages

Subscribe to jfhovinne aggregator - Elsewhere