Francesca Ciceri: A month with Mozilla

Planet Debian - Wed, 14/05/2014 - 13:53
Random thoughts of a new contributor

I've started to contribute to Mozilla - and particularly to the Firefox Desktop QA team - at the end of March, in order to apply for the OPW with Mozilla as Bug Wrangler.
While being already part of the Free Software world as contributor clearly helps, it's always difficult to find your way at first in such a big project, no matter how helpful the people you're working with are.

It's about trying to understand how the project is organized and who works on what, what is expected from you as contributor and the specific style of interaction and contribution accepted in the project.

So, here's a couple of thought about it: the necessary disclaimer is that I'm a long-time Debian contributor meaning that, inevitably, Debian is my reference model. Also, everything I'm writing here regards only the specific part of the project I've been working in: Desktop QA and Bugmastering.


The first thing that I noticed is the huge amount of documentation. Everything is very well documented and while this is definitely a plus in my book, it's sometimes difficult to keep track of all this resources.

AFAICT, there are basically three main sources of documentation:

  1. the wiki
  2. the Mozilla Developer Network
  3. the site of the QA team

Some of the documents on these three different places are sometimes similar, making them redundant and it's difficult to remember where you read what. At least for me. My workaround has been to bookmark pages as a mad woman, and also to make a list on my wikipage of the pages I found more useful.
My top five of useful pages? Here we go!

  1. a bug's life: lifecycle of bugs in BMO
  2. Tyler's BMO survival guide (parts 1, 2 and 3)
  3. Tyler's Triage Guidelines
  4. on reducing testcases
  5. bug verification walkthrough

And speaking of triage, special shout-out for the most useful addon ever for Mozilla triagers/testers: Nightly Tester Tools.

Community interaction

For someone coming from Debian, where everything is done via public mailing lists and/or IRC chans, Mozilla was a bit of a cultural shock. The mailing lists are not very much used, at least in the QA community (or I'm not subscribed to the right ones ;)). As for IRC, while there are many channels, they are not very active: meetings and important discussions are held using a proprietary videoconference software (Vidyo), and are mostly restricted to employees (but other people can join if they have a guest URL).

On the other hand, every time I asked for help - even the most stupid question - on IRC, I got a useful reply. And thanks to the folks on #testdays and #qa (especially petruta and Aleksej) I was able to speed up the learning process and understand how things work in the project. So, while I'd like to see more public meetings, it's also true that the community is working well on interaction among contributors.

Community outreach

This is where I think Debian could borrow a couple of ideas. Mozilla basically got me hooked thanks to their Bugdays: every Monday and Wednesday are - respectively - dedicated to Triage and Verification of bugs. The events are open to everyone, the wikipages for the events provide a good tutorial explaining the workflow in detail, and if you have any doubts there are always people willing to help you on the dedicated IRC chan. Every bug worked on during these events is also tagged: so that later it's possible to check how successful the day was in terms of participation.

Bugzilla and the triaging/verification workflow

About Bugzilla I can only say that I like it. I like how flexible is for search queries, I like the possibility to have custom tags on the whiteboard (as the [bugday-xxxxxx] one) and the smart way to interact among people in the bug without making the bug go stale (ie, mostly the needinfo feature). But beside the software used as BTS, I must admit that I really like the workflow and the whole concept of triaging in Mozilla. The granularity of rights (everyone, canconfirm, editbugs) and the clear procedure for a permission upgrade; the presence of a team constantly working on cleaning the incoming bugs, regardless of the product/component, to make easier for the developers the filtering and the resolution as well; the attention to details of the verification process: each bug marked as Resolved → Fixed need to be Verified, to be sure that it's been actually fixed... All these things are really impressive.

This, obviously, is something that can be done inside an upstream project where there are people doing paid work, and where the products are not too many. I cannot see how this kind of QA process can be applied to bugs against an entire OS.
But there are some things we (as in Debian) could take inspiration from.

Organizing regular Bugdays, for instance. Creating a team of triagers to help both with incoming and with very old bugs. And this, again, is a kind of work that can be done by everyone, not only coding contributors: meaning that an additional effect would be to increase the diversity in the contributors pool.

As a side note: I'll start my OPW internship next Monday, and will spend three months playing with bugs and learning how to be a Bug Wrangler! \o/\o/

Categories: Elsewhere

Code Karate: Drupal 7 Commerce Stripe Module

Planet Drupal - Wed, 14/05/2014 - 13:37

The Commerce Stripe module integrates Stripe with the Drupal Commerce checkout and payment system.

Categories: Elsewhere

Modules Unraveled: 107 The Community Summit at DrupalCon Austin with Addison Berry and Mortendk - Modules Unraveled Podcast

Planet Drupal - Wed, 14/05/2014 - 10:41
Published: Wed, 05/14/14Download this episodeTrack
  • What exactly is the Community Summit?
  • When is it? Monday, June 2 - the day before the conference itself starts
  • How did it go in Prague?
  • Is there anything that will be new or different in Austin?
Episode Links: Community Summit in AustinSubmit Your Desired ProjectDrupalCon Social EventsMorten on TwitterMorten on Drupal.orgMorten’s BlogHire Morten for Theming StuffAddison on TwitterDrupalize.meAddison’s BlogDareConf 2014GruntTags: 
Categories: Elsewhere

Modules Unraveled: 107 The Community Summit at DrupalCon Austin with Addison Berry and Mortendk - Modules Unraveled Podcast

Planet Drupal - Wed, 14/05/2014 - 10:41
Published: Wed, 05/14/14Track
  • What exactly is the Community Summit?
  • When is it? Monday, June 2 - the day before the conference itself starts
  • How did it go in Prague?
  • Is there anything that will be new or different in Austin?
Episode Links: Community Summit in AustinSubmit Your Desired ProjectDrupalCon Social EventsMorten on TwitterMorten on Drupal.orgMorten’s BlogHire Morten for Theming StuffAddison on TwitterDrupalize.meAddison’s BlogDareConf 2014GruntTags: 
Categories: Elsewhere

Jose Luis Rivas: transloadit-api v1.0.0-rc1

Planet Debian - Wed, 14/05/2014 - 07:10

A release candidate for v1.0.0 of transloadit-api is out.

You can install it via npm and give it a try.

npm install transloadit-api@1.0.0-rc1

Now it supports the full transloadit API, together with signature's creation, assemblies, notifications and templates management.

The source is on github, the docs are in this website as well as in the comments in the code (which is the source for the website) and of course, any issue just report it on the github's tracker. It has a lot of tests but there are some tests missing, specially for operations that require internet.

Hopefully I will have time to write them this week and then release a proper v1.0.0.

Categories: Elsewhere

Martín Ferrari: Introducing Yakker: an open, secure and distributed alternative to WhatsApp

Planet Debian - Wed, 14/05/2014 - 04:45

Did I get your attention with the title? Good. In this post I will outline something that I have been thinking about for some months:

I believe it is possible to build a system with the simplicity and functionality of WhatsApp or Viber, which provides end-to-end encryption, is built on free software and open protocols, that supports federation and is almost decentralised, and that would allow interested companies to turn a profit without compromising any of these principles.


This is the first post of a series that I will be publishing in the next few days. Many parts of these posts will be technical, but I expect that the main concepts can be understood by a wider audience.

What I am proposing seems like a bold statement, I know. Maybe there is some fatal flaw somewhere in my thinking, and that is why I am publishing this: I hope to get constructive feedback, and maybe get enough traction to start implementing it Real Soon Now™.

I have been thinking about this problem since February, when I discussed this extensively with friends at FOSDEM. I have already published a critique of Telegram, which had way more impact than I ever imagined, showing that there is people out there interested in this kind of stuff. The last posts about DNSSEC and DANE were part of my musings about this, too.

There are many components that need to be built for this to happen. But more importantly, this can only be useful if it gains a critical mass. And that's why I think making this a viable business tool is very important. At the same time, that means I need to think extra carefully to make it impossible for any for-profit company to mutate this effort into Just Another Walled Garden.

My goals for this architecture are:

  • First and foremost, target the same people that nowadays is using a plethora of walled gardens for their instant communication needs. That is WhatsApp, Viber, Skype, Facebook messenger, etc.
  • It must focus on mobile, that is what people care about, without forgetting about other use cases.
  • Creating an account and placing the first call/text message should be as easy as it is currently with the competition.
  • All communication must be encrypted end-to-end with public-key cryptography; nobody but the user has access to the private keys.
  • Most components must be decentralised, and allow for competition.
  • There should be as little trust as possible placed on any part of the system.
  • Anybody can set up a compatible service provider and offer it to its users, while having full interoperability with other providers.
  • Compatible services which are not part of the network must be able to interoperate.
  • Contacting a person should happen even if they are not subscribed to the service. The client application must fall-back seamlessly to using interoperability gateways, PSTN termination, or the mobile network.
  • Interoperability with the competition is desirable, but possibly is better left to be implemented by the client applications.

I have identified a few components needed for this to work, I will expand on each one later.

  1. A flagship mobile application for Android and iOS, based on Lumicall or CSIPSimple, but with several important modifications.
  2. One or many directory and authentication services, based on ENUM and DNSSEC. These are the most critical piece of this idea, and possibly must only be operated by community-governed non-profits.
  3. One or many service providers, that offer simple account creation, registration, and optionally PSTN termination (which can be the main way of generating profit). An API needs to be defined for operations that are not part of the communications protocol, like account creation, credit purchasing, and balance querying.
  4. A network governing charter, and a trusted non-profit organisation that oversees that any participating parties are following the charter. This organisation defines which directory services are to be trusted (and possibly operates one of them), and which service providers the client application can use to create accounts.
Key points

Some of the issues that need to be solved are:

  • How to handle and distribute public keys securely without the user understanding anything about security.
  • How to make registration painless and password-free, while offering an acceptable level of security.
  • How to fund development of the client application, and maintenance of the directory services.
  • How to get companies interested in this, so them would bring users to the network.
  • How to allow the user to migrate from one service provider to another, to improve competition.
  • How to prevent any party from subverting the spirit of the network.
  • How to make the client application work everywhere and have reasonably quality.
To be continued

I think I have answers to most of these problems. I will elaborate in the next few days, stay tuned!


The name is something I've chosen a name in less than 2 minutes, while starting this post, so probably is awful.

The distributed part is only half true, as the directory services need to be centralised, but I think it's good enough.

I am aware that Lumicall seems to be trying to build something similar. I only found about that recently, when I was thinking about this design. Sadly, I think it has several shortcomings, but it is definitely one of the building blocks of this project.

Categories: Elsewhere

Drupal Association News: Drupal.org team week notes #25: exciting 2 years

Planet Drupal - Tue, 13/05/2014 - 22:41

Today is a special edition of week notes. Exactly 2 years ago I published the first post. A lot has happened since then, but we are still happy to share our news and updates every couple of weeks. Here is for the next 2 years!

So... what happened in the past few weeks?

Drupal.org improvements

A number of small and big things were deployed. We fixed the size of the Drupal Association badges on Drupal.org user profiles, so that you could actually see them. Go take a look, they are new and fancy!

We've added a new metric on project pages: you can now see average time for an issue to receive a response.

One of the last issues, fixed during the Developer Days Szeged sprint, got deployed -- fix for issue sorting in the queues to be by project name instead of project node id.

The Metatag module got deployed on Drupal.org, which will let us customize meta tags and potentially do things like add Twitter Cards metadata to issue pages.

We are moving further with improving support for Drupal.org users. As a small step there we deployed r4032login module in order to improve experience for anonymous users who seek support.

A new issue queue was created last week: Drupal.org project ownership queue. This will be a dedicated place for all ownership related requests and issues (e.g. ownership transfer, abandoned projects process, etc). One new addition to this queue is the "Needs maintainers" component. If you are looking for maintainers for your project, open an issue there, announce it in IRC, on Twitter, etc., and hopefully someone from the community will step up and help you. The process and guidelines for this new "Needs maintainers" queue are still being worked on, and you can help flesh them out in this issue.

There were also lots of not so exciting maintenance fixes, such as:

Among the people who helped us to get all of that done were MarkCarver, gease, marvil07.

Drupal.org Infrastructure

The CDN is now rolled out for all *.drupal.org sites except for Drupal.org, giving us better security and faster response times for static assets. The web nodes are also 75% rebuilt, and load balancers are in the process of being rebuilt as well.

Other news Drupal.org User Research

As we announced recently Whitney Hess will be helping us with the user research for Drupal.org. We have already started working on the initial steps and preparations to kick off the project around DrupalCon Austin. This is very important initiative for Drupal.org and we are excited to get started. Expect more news as we go.

Drupal.org Staffing Update

Our team is growing. Oliver Davies (opdavies) joined us as a Developer on May 7th. Some of you might have seen him in Drupal.org issue queues already. Welcome Oliver!

But we are not stopping here. We’ve posted several open positions and are trying to expedite the hiring process.

As always, we’d like to say thanks to all volunteers who are working with us and to the Drupal Association Supporting Partners and Technology Supporters, who made it possible for us to work on these projects. The Supporting Partner Program crowd sources funds that pay for the development team’s time and Drupal.org hosting costs.

Cross-posting from g.d.o/drupalorg

Flickr photo by kelly.sikkema

Categories: Elsewhere

Lars Wirzenius: Obnam 1.8 (backup program)

Planet Debian - Tue, 13/05/2014 - 20:34

I have just tagged Obnam (my backup program) 1.8 in git, and built and uploaded Debian packages to code.liw.fi and Debian unstable. NEWS snippet below.

Version 1.8, released 2014-05-13
  • The error message has been improved for when setting metadata (owner, permission, and similar) of a restored file fails.

  • obnam force-lock now works even when the client running it is not in the client list.

Security issues:

  • Joey Hess found a problem in obnam restore: restored files would be created with quite liberal default permissions, which would be set to the backed-up permissions later. This could allow a snooper to read files they shouldn't be. This has been fixed now by using restrictive default permissions. A workaround for older versions is to create a directory, set its permissions to 0700, and restore to a subdirectory of that directory.

Bug fixes:

  • --help output no longer shows the default value of any options. It was shown only for a few options anyway. The proper way to see the current settings is with the --dump-config option. The bug that was fixed that the generated manual page no longer contains values that are specific to the machine doing the generation, such as the hostname as the default value for --client-name. Reported by SanskritFritz.

  • When a file was backed up, and later excluded with --exclude, Obnam wouldn't remove it from the new backups. Now it does. Bug fixed by Anssi Hannula, though his patch got changed because it no longer applied.

  • When restoring extended attributes not in the user namespace (named like user.foo) Obnam now ignores them, instead of trying to set them and crashing.

  • When restoring from a directory that is not a repository, the error message is now clearer.

  • Obnam would previously allow the backup root to be a symbolic link pointing at a directory. However, this only worked for backups. No other operations would work and would only see the symbolic link, not the directory it pointed at. Obnam now gives an error message even for the backup.

  • Obnam no longer excludes files named syslog or none, if the setting --log=none or --log=syslog is used.

Categories: Elsewhere

Victor Kane: Bitnami LAMP Virtual Machine Stack using VirtualBox for Drupal development

Planet Drupal - Tue, 13/05/2014 - 18:41

Work Local with your favorite editor or IDE! Then deploy wherever

I have previously written about the great Kalabox dev environment which is especially useful in the development process if you are using Pantheon hosting. When you install that, you automatically get VirtualBox installed.

Using VirtualBox you can work with other cool virtual machine images, like Bitnami, for example. In this article we learn how to setup a no-nonsesense Lamp virtual machine using the Bitnami LAMP Stack Virtual Appliance riding on VirtualBox, with no-nonsense virtual host based Drupal instances accessible anywhere on your network, and you can use a best-practices based process workflow with an Ubuntu server running right on your Windows, Mac or Linux laptop.

Quo vadis? Native Installer or Virtual Machine?

Downloading and unpacking

Creating the virtual machine instance

Login and configuration

Installing drush

Take a snapshot and stop the virtual machine

Set up Drupal Instances with Drush and Virtual Hosts, not Bitnami Drupal modules

read more

Categories: Elsewhere

Thorsten Glaser: Lügen haben lange Leitern

Planet Debian - Tue, 13/05/2014 - 18:25

Endlich tut mal jemand was gegen die rechte Hetzpartei! – Ein Arbeitskollege fragt, ob man die nicht einfach mit einem langen Heckenschneider abmachen kann… aber sie so lächerlich zu machen hat auch was ☺

Finally, someone is doing something against this Nazi party! A coworker wondered whether it’s legal to cut them off with a long tool, but making them ridiculous like this is also funny ☻

Categories: Elsewhere

Open Source Training: Schedule Publish and Unpublish Dates for Drupal Content

Planet Drupal - Tue, 13/05/2014 - 17:27

One feature that is common with other software but missing with Drupal is the ability to schedule content. 

The Scheduler module fills in this gap by allowing you to create content and have it published and unpublished on any day and time you choose.

These three videos will give you a great introduction to using Scheduler.

These videos are part of a complete class on Scheduler.

Categories: Elsewhere

Mediacurrent: Webinar: You Stay Classy Panels Module

Planet Drupal - Tue, 13/05/2014 - 17:24

On Tuesday, May 20th, Mediacurrent's own Design and Theming Manager, Kendall Totten and Drupal Developer, Derek DeRaps will be leading a webinar with our partners at Acquia on Classy Pannels. This is a session you won't want to miss. For more information, register today!

About the webinar:

Categories: Elsewhere

Vasudev Kamath: Enabling DNSSEC for copyninja.info

Planet Debian - Tue, 13/05/2014 - 17:00

Recently I've been seeing lot of posts about DNSSEC on Internet and I thought I should configure my domain to be secured by DNSSEC.

copyninja.info domain is now secured with DNSSEC you can verify this by DNSSEC analyzer by Verisign and DNSViz online tool or by installing DNSSEC validator addon for your browser.

There are good amount of tutorials and guides available to enable DNSSEC for your domain, still I want to note down steps I followed to here for the record (of course it will be helpful for me if I forget it ;-))

First step will be installing bind9 and dnssec-tools package, if you use aptitude installing dnssec-tools will pull down the bind9 unless you have configured aptitude to not install the Recommends.

Next setting up the zone file for your domain, for this first make a copy of /etc/bind/db.local as /etc/bind/db.example.com, replace example.com with your domain name. Now you need to add your zone records to the zone file.

Next edit the /etc/bind/named.conf.local file and add following lines

zone "example.com" { type master; file "/etc/bind/db.copyninja.info"; allow-transfer {secondary;}; };

Here replace secondary with your secondary DNS servers, if you don't have one you can ommit this but its always recommended to have secondary DNS servers for a zone, in cases when primary fails. After this we need to enable DNSSEC on bind, this is done by editing the file /etc/bind/named.conf.options. Add following lines into options section.

dnssec-validation yes; dnssec-enable yes; dnssec-lookaside auto;

A more explanation on this can be found on Linux Journal article.

Now its time to create DNSSEC keys and sign your zone, more about different DNSSEC keys and records can be found in the Linux Journal Article on implementation.

I used zonesigner utility from dnssec-tools which does job of signing and including KSK and ZSK keys into bind configuration which otherwise should be done manually. Here is the command line I used for generating keys, thanks to Jonas for this.

mkdir -p /etc/bind/keys zonesigner -a': zonesigner -algorithm RSASHA256 -keydirectory /etc/bind/keys\ -dsdir /etc/bind/keys -archivedir /etc/bind/keys/archive \ /etc/bind/db.example.com

Here we store our keys into /etc/bind/keys directory, and use RSASHA256 algorithm for key generation which is more stronger than the default used RSASHA1 (atleast thats what Jonas told me). This will create ZSK and KSK for the signing zone and creates a signed zone file db.example.com.signed in same directory as original zone file. Now all you need to do is replace the zone file from db.example.com to db.example.com.signed in file directive with your named.conf.local file.

Note that this keys expire after 30 days so you need to resign your zone before 30 days. For resigning just run zonesigner from /etc/bind/keys. You can setup cron job to do this periodically. zonesigner -zone example.com /path/to/db.example.com

Our signed zone is ready but we are not done yet! For DNSSEC to work others should trust your signed record for this you need to register your public keys with registrar for your domain and this can be done via your domain provider (in my case this is Gandi).

You need to check your domain name providers documentation on how to do this. For Gandi users there is a nice documentation.

  1. Linux Journal - DNSSEC concepts
  2. Linux Journal - DNSSEC implementation
  3. Signing your zone
Categories: Elsewhere

willvincent.com: AngularJS on top of Drupal

Planet Drupal - Tue, 13/05/2014 - 16:55

AngularJS can be used along with, or more precisely on top of, Drupal fairly painlessly.

I've had a few occasions recently that called for a good deal of javascript to process and display data, and angular really is a great fit for that. Not only is angular a great fit, but since it's pretty painless to build up various content types in Drupal, and then query against those and prepare data to feed to an angular application, pairing Drupal with Angular has been productive, fun, and interesting.

Categories: Elsewhere

Drupalize.Me: We Want to Know: Got Plans for Learning Drupal 8?

Planet Drupal - Tue, 13/05/2014 - 15:00
Hey Drupal community! Drupal 8 is on the horizon, and Drupalize.Me is gearing up to produce hundreds of new videos. Before getting started, we want to know what training you need. Please tell us by completing the following survey. For your time, we'll give you $20 toward a Drupalize.Me membership. Thanks!
Categories: Elsewhere

Hideki Yamane: rpm %{?_smp_flags} macro for dpkg-buildpackage

Planet Debian - Tue, 13/05/2014 - 14:59
I've watched openSUSE Conference video and been interested in RPM packaging workshop. Some features are nice, so I'd like to introduce one of those.

He says
Using %{?_smp_flags} can speed up your build a lot.Above RPM macro enables SMP, use all CPU cores to build package and it looks good. We can easily buy multi core processor machine nowadays even if it is cheapest laptop.

In Debian, we can do parallel build by specifiying DEBBUILDOPT=-"j<job number>" in /etc/pbuilderrc and run pbuilder/cowbuilder, but this %{?_smp_flags} can automatically use multiple cores without any setting, good. However, add %{?_smp_flags} to each rpm spec file, it means that we need to modify each source package, is not handy.

Then back to Debian, I've made a quick hack to dpkg-buildpackage (disclaimer: I'm Perl beginner, you know :).

 - Automatically use all CPU cores to build package, faster build.

 - some package would be FTBFS (e.g. Bug#694726) but it should be fixed, right? ;)

It may break some builds but "enable multiple build by default, and specify single build exceptions to each problematic packages" is better, IMHO.

Any suggestions are welcome, of course.
Categories: Elsewhere

Blair Wadman: Recreate a Drupal Feature

Planet Drupal - Tue, 13/05/2014 - 14:09

In the first part of this Drupal Features guide, you learned why Features is a vital tool for Drupal site builders and developers. We then created a new Feature, which contained a Todo list content type. In this part, you will create a View to display the todo list in a block and add the View to the Feature by recreating it. Views are not the only thing you might add to a feature module. You can add a whole range of components, such as image presets, context and strongarm (for variables) to an existing feature.

Tags: FeaturesDrupal Site buildingPlanet Drupal
Categories: Elsewhere

Jose Luis Rivas: angular-geocomplete's first version

Planet Debian - Tue, 13/05/2014 - 14:08

So I was needing a resulting JSON array with possible solutions for a given address or city name and then angular-geocomplete was made.

The great thing is that you can use it together with typeahead and now you have address/location autocomplete, just like the one on Google Maps.

And yes, it does uses Google Maps's API.

What's the advantage of this thing? You get coordinates together with all the names.

Installable via bower as well with bower install angular-geocomplete.

Any issue: to the GitHub tracker.

Categories: Elsewhere


Subscribe to jfhovinne aggregator - Elsewhere