Feed aggregator

Miriam Ruiz: Awesome Bullying Lesson

Planet Debian - Wed, 19/11/2014 - 22:36

A teacher in New York was teaching her class about bullying and gave them the following exercise to perform. She had the children take a piece of paper and told them to crumple it up, stamp on it and really mess it up but do not rip it. Then she had them unfold the paper, smooth it out and look at how scarred and dirty is was. She then told them to tell it they’re sorry. Now even though they said they were sorry and tried to fix the paper, she pointed out all the scars they left behind. And that those scars will never go away no matter how hard they tried to fix it. That is what happens when a child bullies another child, they may say they’re sorry but the scars are there forever. The looks on the faces of the children in the classroom told her the message hit home.

( Source: http://www.buzzfeed.com/mjs538/awesome-bullying-lesson-from-a-new-york-teacher )

Categories: Elsewhere

Erich Schubert: What the GR outcome means for the users

Planet Debian - Wed, 19/11/2014 - 20:58
The GR outcome is: no GR necessary This is good news. Because it says: Debian will remain Debian, as it was the last 20 years. For 20 years, we have tried hard to build the "universal operating system", and give users a choice. We've often had alternative software in the archive. Debian has come up with various tool to manage alternatives over time, and for example allows you to switch the system-wide Java. You can still run Debian with sysvinit. There are plenty of Debian Developers which will fight for this to be possible in the future. The outcome of this resolution says:
  • Using a GR to force others is the wrong approach of getting compatibility.
  • We've offered choice before, and we trust our fellow developers to continue to work towards choice.
  • Write patches, not useless GRs. We're coders, not bureocrats.
  • We believe we can do this, without making it a formal MUST requirement. Or even a SHOULD requirement. Just do it.
The sysvinit proponents may perceive this decision as having "lost". But they just don't realize they won, too. Because the GR may easily have backfired on them. The GR was not "every package must support sysvinit". It was also "every sysvinit package must support systemd". Here is an example: eudev, a non-systemd fork of udev. It is not yet in Debian, but I'm fairly confident that someone will make a package of it after the release, for the next Debian. Given the text of the GR, this package might have been inappropriate for Debian, unless it also supports systemd. But systemd has it's own udev - there is no reason to force eudev to work with systemd, is there? Debian is about choice. This includes the choice to support different init systems as appropriate. Not accepting a proper patch that adds support for a different init would be perceived as a major bug, I'm assured. A GR doesn't ensure choice. It only is a hammer to annoy others. But it doesn't write the necessary code to actually ensure compatibility. If GNOME at some point decides that systemd as pid 1 is a must, the GR only would have left us three options: A) fork the previous version, B) remove GNOME, C) remove all other init systems. Does this add choice? No. Now, we can preserve choice: if GNOME decides to go systemd-pid1-only, we can both include a forked GNOME, and the new GNOME (depending on systemd, which is allowed without the GR). Or any other solution that someone codes and packages... Don't fear that systemd will magically become a must. Trust that the Debian Developers will continue what they have been doing the last 20 years. Trust that there are enough Debian Developers that don't run systemd. Because they do exist, and they'll file bugs where appropriate. Bugs and patches, that are the appropriate tools, not GRs (or trolling).
Categories: Elsewhere

Mediacurrent: Highlights From BADCamp, Part 2

Planet Drupal - Wed, 19/11/2014 - 20:07

From November 6th through the 9th, members of the Mediacurrent team headed to San Francisco for the Bay Area Drupal Camp. Hundreds of Drupal enthusiasts convened at the Palace of Fine Arts to take part in some fantastic sessions, code sprints, and all the San Francisco has to offer. Mark Casias and Matt Davis weigh in for Part 2 of BADCamp's highlights.

Categories: Elsewhere

Drupal.org frontpage posts for the Drupal planet: Drupal 7.34 and 6.34 released

Planet Drupal - Wed, 19/11/2014 - 19:39

Drupal 7.34 and Drupal 6.34, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.34 and Drupal 6.34 release notes for further information.

Download Drupal 7.34
Download Drupal 6.34

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.34 is a security release only. For more details, see the 7.34 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.34 is a security release only. For more details, see the 6.34 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.34 and 6.34 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.34 or Drupal 6.34.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Categories: Elsewhere

Károly Négyesi: Drupal 8 critical issues office hours November 14, 2014

Planet Drupal - Wed, 19/11/2014 - 19:27

cilefen begin to work on the When a content entity type providing module is uninstalled, the entities are not fully deleted, leaving broken references issue. Turned out that a necessary dependent issue is already being worked on so he was able proceed well. I am reasonably confident this issue will get resolved in due time. Sam Hermans have advanced Bulk operations does not respect entity access forward which is great but it still needs some work. Let's note that Sam "only" had a core patch reroll so far and yet he was able to move a critical forward! You could do it as well: I will be waiting for you on IRC in channel #drupal-contribute every Friday noon Pacific (9pm CET).

Categories: Elsewhere

Phase2: Make Your Product Vision Real – A Case for Incorporating Prototyping Into Your Next Project

Planet Drupal - Wed, 19/11/2014 - 17:53

As product designers and experience strategists, we research how people use systems and design products that tap into users’ natural behaviors. We want people to instinctively know how our product works.

Years of research into the human mind tells us that our brains love patterns, the repeated way in which something happens or is done. Our subconscious mind uses what we’ve learned from patterns – like turning a knob will open a door – to instinctively make decisions about what we do throughout our day. This is why we can walk or breathe without thinking about it – we spend most of our time running on autopilot.

We have an understanding of how people make decisions, but we forget to apply this knowledge when communicating our product vision to stakeholders.

There are Drawbacks to Designing in the Abstract

Experience design deliverables, or artifacts, are abstract. We too often produce artifacts, intended to build a shared understanding of a product vision, that are hard to understand. Low-fidelity wireframes and complex flow diagrams require stakeholders to think hard about what we are trying to communicate. They mentally fill in the gaps where we lack details. We consistently break Steve Krug’s number one rule: “Don’t make me think!”

Imagine how these abstract artifacts skew conversations about a product:

We show a stakeholder some wireframes and talk them through the features. Once they see them they begin to imagine the ways features will look and act based on similar products they have used.

While perfectly natural, this behavior is problematic – what we envision may be nothing like products this stakeholder has previously used. These assumptions your stakeholder makes will lead to you and your stakeholders having different expectations during product development.

You need to make artifacts as real as possible in order to elicit the most unbiased, unimpeachable feedback from users during research. You do not need to build a fully functioning product to validate your idea.You do need to eliminate or reduce the guesswork needed to understand how your product will work.

Make Your Product Vision Real

Prototyping is a great way to eliminate ambiguity so that you get the best results from user research. A prototype is a preliminary model of a product used to show a concept or validate an idea. A prototype should only contain the minimum amount of content, design and functionality needed to demonstrate how the end-product will function.

Context is key to determining fidelity of a prototype. If you are conducting user testing with a tech-savvy group of stakeholders, clickable wireframes may suffice. If you are introducing a new concept to a set of clients, then you may need a higher-fidelity, interactive web page. Your prototype should only contain the fidelity needed to have a meaningful conversation with your users about your product.

Build The Right Prototype For You

There are many different approaches to building prototypes. You can link wireframes together to show user flow with a system like inVision, or build interactive features using an open source CMS like Drupal.

When creating prototypes, make sure to include the following:

  1. The main actions that a user can take and the reactions they will receive from interactive elements.

  2. The key messages you want to communicate to users at different stages of their interaction.

  3. A programmatic way to track user behavior while they use the prototype.

Get Better Results from Your Projects

Some of the many benefits of prototyping are:

  • It produces more accurate results from user testing, allowing you to better determine what works and what doesn’t.

  • It gives you more opportunity to focus on interaction design by forcing you to have conversations about interactive elements during user research rather than development.

  • Prototypes bring less-apparent usability issues to light earlier in the development process.

  • You have a potential starting point to work from when beginning development, minimizing the amount of work that needs to be done in the long run.

John Whalen said “UX does not happen on a screen. It happens here. In the mind.” Keep that in mind (no pun intended) as you seek to build a shared understanding of, and validate, your product ideas. The more real you make the experience of interacting with your product early in the design process, the more accurate a feedback you will get from your users. For more thoughts on prototyping, check out Frederic Mitchell’s “Static Prototyping and Keeping Drupal Simple (KDS)” and “The Devil’s in The Details” by Sharon Smith!

Categories: Elsewhere

EvolvisForge blog: Valid UTF-8 but invalid XML

Planet Debian - Wed, 19/11/2014 - 15:18

Another PSA: something surprising about XML.

As you might all know, XML must be valid UTF-8 (or UTF-16 (or another encoding supported by the parser, but one which yields valid Unicode codepoints when read and converted)). Some characters, such as the ampersand ‘&’, must be escaped (“&#38;” or “&#x26;”, although “&amp;” may also work, depending on the domain) or put into a CDATA section (“<![CDATA[&]]>”).

A bit surprisingly, a literal backspace character (ASCII 08h, Unicode U+0008) is not allowed in the text. I filed a bugreport against libxml2, asking it to please encode these characters.

A bit more research followed. Surprisingly, there are characters that are not valid in XML “documents” in any way, not even as entities or in CDATA sections. (xmlstarlet, by the way, errors out somewhat nicely for an unescaped literal or entity-escaped backspace, but behaves absolutely hilarious for a literal backspace in a CDATA section.) Basically, XML contains a whitelist for the following Unicode codepoints:

  • U+0009
  • U+000A
  • U+000D
  • U+0020‥U+D7FF
  • U+E000‥U+FFFD
  • U-00010000‥U-0010FFFF

Additionally, a certain number of codepoints is discouraged: U+007F‥U+0084 (IMHO wise), U+0086‥U+009F (also wise, but why allow U+0085?), U+FDD0‥U+FDEF (a bit surprisingly, but consistent with disallowing the backspace character), and the last two codepoints of every plane (U+FFFE and U+FFFF were already disallowed, but U-0001FFFE, U-0001FFFF, …, U-0010FFFF weren’t; this is extremely wise).

The suggestion seems to be to just strip these characters silently from the XML “document”.

I’m a bit miffed about this, as I don’t even use XML directly (I’m extending a PHP “webapplication” that is a SOAP client and talks to a Java™ SOAP-WS) and would expect this to preserve my strings, but, oh my. I’ve forwarded the suggestion to just strip them silently to the libxml2 maintainers in the aforementioned bug report, for now, and may even hack that myself (on customer-paid time). More robust than hacking the PHP thingy to strip them first, anyway – I’ve got no control over the XML after all.

Sharing this so that more people know that not all UTF-8 is valid in XML. Maybe it saves someone else some time. (Now wondering whether to address this in my xhtml_escape shell function. Probably should. Meh.)

Categories: Elsewhere

Cheppers blog: Busy Drupal weekend with a training day and a camp

Planet Drupal - Wed, 19/11/2014 - 13:54

In the middle of November there was a weekend when it was all about Drupal in Hungary. Cheppers was hosting the Drupal Global Training Day Hungary 2014 and I was one of the core organizers of Drupal Weekend Budapest 2014, so we were concerned by the success of both.

Categories: Elsewhere

Code Karate: Drupal 7 FullCalendar

Planet Drupal - Wed, 19/11/2014 - 13:49
Episode Number: 179

The Drupal FullCalendar module makes it easy to build an interactive calendar using the power of Views. The Drupal FullCalendar module uses the JQuery FullCalendar plugin to make it easy to create an event calendar that allows event dates to be changed by drag and drop.

In this episode you will learn:

Tags: DrupalDrupal 7Drupal PlanetUI/Design
Categories: Elsewhere

Thorsten Glaser: Debian init system freedom of choice GR worst possible outcome

Planet Debian - Wed, 19/11/2014 - 13:44

Apparently (the actual results have not yet been published by the Secretary), the GR is over, and the worst possible option has won. This is an absolutely ambiguous result, while at the same time sending a clear signal that Debian is not to be trusted wrt. investing anything into it, right now.

Why is this? Simply: “GR not required” means that “whatever people do is probably right”. Besides this, we have one statement from the CTTE (“systemd is default init system for jessie. Period.”) and nothing else. This means that runit, or upstart, or file-rc, or uselessd, can be the default init system for zurg^H^H^H^Hstretch, or even the only one. It also means that the vast majority of Debian Developers are sheeple, neither clearly voting to preserve freedom of choice between init systems for its users, nor clearly voting to unambiguously support systemd and progress over compatibility and choice, nor clearly stating that systemd is important but supporting other init systems is still recommended. (I’ll not go into detail on how the proposer of the apparently winning choice recommends others to ignore ftpmaster constraints and licences, and even suggests to run a GR to soften up the DFSG interpretation.) I’d have voted this as “no, absolutely not” if it was possible to do so more strongly.

Judging from the statistics, the only thing I voted above NOTA/FD is the one least accepted by DDs, although the only other proposal I considered is the first-rated of them: support for other init systems is recommended but not required. What made me vote it below NOTA/FD was: “The Debian Project makes no statement at this time on sysvinit support beyond the jessie release.” This sentence made even this proposal unbearable, unacceptable, for people wanting to invest (time, money, etc.) into Debian.

This opens up a very hard problem: I’m absolutely stunned by this and wondering what to do now. While there is no real alternative to Debian at $dayjob I can always create customised packages in my own APT repository, and – while it was great when those were eventually (3.1.17-1) accepted into Debian, even replacing the previous packages completely – it is simpler and quicker to not do so. While $dayjob benefits from having packages I work on inside Debian itself, even though I cannot always test all scenarios Debian users would need, some work reduction due to… reactions… already led to Debian losing out on Mediawiki for jessie and some additional suffering. With my own package repository, I can – modulo installing/debootstrap – serve my needs for $dayjob much quicker, easily, etc. and only miss out on absolutely delightful user feedback. But then, others could always package software I’m upstream of for Debian. Or, if I do not leave the project, continue doing so via QA uploads.

I’m also disappointed because I have invested quite some effort into trying to make Debian better (my idea to join as DD was “if I’ve got to use it, it better be damn good!”), into packaging software and convincing people at work that developing software as Debian packages instead of (or not) thinking of packaging later was good. I’ve converted our versions of FusionForge and d-push to Debian packages, and it works pretty damn well. Sometimes it needs backports of my own, but that’s the corportate world, and no problem to an experienced DD. (I just feel bad we lost some people, an FTP master along them, before this really gained traction.)

I’d convert to OpenBSD because, despite MirBSD’s history with them, they’re the only technically sound alternative, but apparently tedu (whom I respect technically, and who used to offer good advice to even me when asked, and who I think wouldn’t choose systemd himself) still (allying with the systemd “side” (I’m not against people being able to choose systemd, for the record, I just don’t want to be forced into it myself!)) has some sort of grudge against me. Plus, it’d be hard to get customers to follow. So, no alternative right now. But I’m used to managing my own forks of software; I’m doomed to basically hack and fix anything I use (I recently got someone who owns a licence to an old-enough Visual Studio version to transfer that to me, so I can hack on the Windows Mobile 6 version of Cachebox, to fix bugs in one of the geocaching applications I use. Now I “just” need to learn C# and the .NET Compact Framework. So I’m also used to some amount of pain.)

I’m still unresolved wrt. the attitude I should show the Debian project now. I had decided to just continue to live on, and work on the things I need done, but that was before this GR non-result. I absolutely cannot recommend anyone to “invest” into Debian (without sounding hypocriet), but I cannot recommend anything else either. I cannot justify leaving but don’t know if I want to stay. I think I should sleep over it.

One thing I promised, and thus will do, is to organise a meeting of the Debian/m68k people soonish. But then, major and important and powerful forces inside Debian still insist that Debian-Ports are not part of it… yet, all forks of Debian now suffer from the systemd adoption in it instead of having a freedom-of-choice upstream. I’ve said, and I still feel that systemd adoption should have done in a Debian downstream / (pure?) blend, and maybe (parts of) GNOME removed from Debian itself for it. (Adding cgroups support to the m68k kernel to support systemd was done. I adviced against it, on the grounds of memory and code size. But no downstream can remove it now.)

Categories: Elsewhere

Rhonda D'Vine: The Pogues

Planet Debian - Wed, 19/11/2014 - 12:10

Actually I was working already on a different music blog entry, but I want to get this one out. I was invited to join the Organic Dancefloor last thursday. And it was a really great experience. A lot of nice people enjoying a dance evening of sort of improvisational traditional folk dancing with influences from different parts of europe. Three bands playing throughout the evening. I definitely plan to go there again. :)

Which brings me to the band I want to present you now. They also play sort-of traditional songs, or at least with traditional instruments, and are also quite danceable to. This is about The Pogues. And these are the songs that I do enjoy listening to every now and then:

  • Medley: Don't meddle with the Medley. Rather dance to it.
  • Fairytale of New York: Well, we're almost in the season for it. :)
  • Streams of Whiskey: Also quite the style of song that they are known for and party with at concerts.

Like always, enjoy!

/music | permanent link | Comments: 0 | Flattr this

Categories: Elsewhere

Jonathan Wiltshire: Getting things into Jessie (#4)

Planet Debian - Wed, 19/11/2014 - 11:12
Make sure bug metadata is accurate

We use the metadata on the bugs you claim to have closed, as well as reading the bug report itself. You can help us out with severities, tags (e.g. blocks), and version information.

Don’t fall into the trap of believing that an unblock is a green light into Jessie. Britney still follows her validity rules, so if an RC bug appears to affect the unblocked version, it won’t migrate. Versions matter, not only the bug state (closed or open).

Getting things into Jessie (#4) is a post from: jwiltshire.org.uk | Flattr

Categories: Elsewhere

Bastian Venthur: General Resolution is not required

Planet Debian - Wed, 19/11/2014 - 09:21

The result for the General Resolution about the init system coupling is out and the result is, not quite surprisingly, “General Resolution is not required”.

When skimming over -devel or -private from time to time, one easily gets the impression that we are all a bunch of zealots, all too eager for fighting. People argue in the worst possible ways. People make bold statements about the future of Debian if solution X is preferred over Y. People call each other names. People leave the project.

At some point you realize, we’re not all a bunch of zealots, it is usually only the same small subset of people always involved in those discussions. It’s reassuring that we still seem to have a silent majority in Debian that, without much fuss, just do what they can to make Debian better. In this sense: A General Resolution is not required.

Categories: Elsewhere

Modules Unraveled: 127 Using Entity Pilot for Content Staging in Drupal 8 with Lee Rowlands - Modules Unraveled Podcast

Planet Drupal - Wed, 19/11/2014 - 07:00
Published: Wed, 11/19/14Download this episodeEntity Pilot
  • What is Entity Pilot?
    • I’ve been working on Entity Pilot since February, and have slowly been working through my backlog of features - but now its ready for Beta testers so that’s why I here on the show.
  • How does Entity Pilot work?
    • The basic premise is you create your content like normal and then create a new departure. You can add the content to your departure in logical groups, or you can create one departure for each piece of content - its a pretty flexible workflow. So if you were working on a new product launch you might create all of that content on your staging site. You’d be able to see what the site will look like with the new content, preview the front-page and landing pages etc.
  • You’re using airport terminology, like “baggage”, “departure” and “arrival”. Can you break those down, and explain what each one entails?
    • Passengers
    • Baggage
    • Departure - When you create the departure the baggage handler service takes care of adding the dependencies - so if you create a node, any terms or images it requires, or the author account are automatically added as baggage.
    • Arrival - On another site, you setup your Entity Pilot account and then create a new Arrival. This presents you with the list of your flights that exist in Entity Pilot for your account. After selecting the flight for the arrival, you move to the approval stage.
    • Customs - The approval stage presents you with a list of content on the incoming flight. Each item can be previewed and if it matches existing content on the site the administrator is able to view a diff of the changplanet-drupal the desired items to import are selected and imported either immediately, or via background processing.
  • How does this work in a team?
  • Talk about security
  • Pricing
Use Cases
  • For marketing: Prepare content for a product launch on the staging site. Land the content on the live site on launch day.
  • For editors: Share content between your sites. Write content once and adapt to any site in your network.
  • For developers: Deploy content when you deploy code. Use real content not lorem ipsum. Solid APIs to integrate into your custom deployment workflow or code.
Episode Links: Lee on drupal.orgLee on TwitterEntity Pilot on Twitterlarowlan on IRCEntity PilotTags: Content StagingDrupal 8planet-drupal
Categories: Elsewhere

Large Robot: Better Sleep Through Web Security

Planet Drupal - Wed, 19/11/2014 - 03:09

This Thursday I'm presenting on Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

It's at the beautiful Fuller Theological Seminary in Pasadena, California, and there's a video conference for those who can't attend in person. The meeting is from 6-8pm Pacific Time and we'll launch into the security talk after some quick intros and raffle prizes.

It's been about a year since I last gave a talk on internet security and the recent Heartbleed, Shellshock and POODLE (and now the "Drupalgeddon" vulnerabilities that hit the mainstream news in Forbes, the BBC and The Register), have prompted me to dust off my slides and update them for some of the internet security threats we face today.

This particular presentation goes into some detail about the "Drupalgeddon" vulnerability, officially known as SA-CORE-2014-005. It allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control. Scary stuff.

I hope you can join me. If you haven't heard of Drupal or aren't interested in general web application security, you can skip this one (unless, of course, you just like the sound of my voice). If, however, you make websites for either fun or profit, this is a great chance to get up to speed on some security best practices, including common attack vectors, what to do if your site gets hacked, and the the differences between security and privacy.

Tags: Planet Drupalinternet securityDrupal
Categories: Elsewhere

Dirk Eddelbuettel: R / Finance 2015 Call for Papers

Planet Debian - Wed, 19/11/2014 - 01:56

Earlier today, Josh send the text below to the R-SIG-Finance list, and I updated the R/Finance website, including its Call for Papers page, accordingly.

We are once again very excised about our conference, thrilled about the four confirmed keynotes, and hope that many R / Finance users will not only join us in Chicago in May 2015 -- but also submit a exciting proposal.

So read on below, and see you in Chicago in May!

Call for Papers:

R/Finance 2015: Applied Finance with R
May 29 and 30, 2015
University of Illinois at Chicago, IL, USA

The seventh annual R/Finance conference for applied finance using R will be held on May 29 and 30, 2015 in Chicago, IL, USA at the University of Illinois at Chicago. The conference will cover topics including portfolio management, time series analysis, advanced risk tools, high-performance computing, market microstructure, and econometrics. All will be discussed within the context of using R as a primary tool for financial risk management, portfolio construction, and trading.

Over the past six years, R/Finance has included attendees from around the world. It has featured presentations from prominent academics and practitioners, and we anticipate another exciting line-up for 2015. This year will include invited keynote presentations by Emanuel Derman, Louis Marascio, Alexander McNeil, and Rishi Narang.

We invite you to submit complete papers in pdf format for consideration. We will also consider one-page abstracts (in txt or pdf format) although more complete papers are preferred. We welcome submissions for both full talks and abbreviated "lightning talks." Both academic and practitioner proposals related to R are encouraged.

All slides will be made publicly available at conference time. Presenters are strongly encouraged to provide working R code to accompany the slides. Data sets should also be made public for the purposes of reproducibility (though we realize this may be limited due to contracts with data vendors). Preference may be given to presenters who have released R packages.

The conference will award two (or more) $1000 prizes for best papers. A submission must be a full paper to be eligible for a best paper award. Extended abstracts, even if a full paper is provided by conference time, are not eligible for a best paper award. Financial assistance for travel and accommodation may be available to presenters, however requests must be made at the time of submission. Assistance will be granted at the discretion of the conference committee.

Please make your submission online at this link. The submission deadline is January 31, 2015. Submitters will be notified via email by February 28, 2015 of acceptance, presentation length, and financial assistance (if requested).

Additional details will be announced via the R/Finance conference website as they become available. Information on previous years' presenters and their presentations are also at the conference website.

For the program committee:

Gib Bassett, Peter Carl, Dirk Eddelbuettel, Brian Peterson, Dale Rosenthal,
Jeffrey Ryan, Joshua Ulrich

Categories: Elsewhere

Simon McVittie: still aiming to be the universal operating system

Planet Debian - Wed, 19/11/2014 - 01:00

Debian's latest round of angry mailing list threads have been about some combination of init systems, future direction and project governance. The details aren't particularly important here, and pretty much everything worthwhile in favour of or against each position has already been said several times, but I think this bit is important enough that it bears repeating: the reason I voted "we didn't need this General Resolution" ahead of the other options is that I hope we can continue to use our normal technical and decision-making processes to make Debian 8 the best possible OS distribution for everyone. That includes people who like systemd, people who dislike systemd, people who don't care either way and just want the OS to work, and everyone in between those extremes.

I think that works best when we do things, and least well when a lot of time and energy get diverted into talking about doing things. I've been trying to do my small part of the former by fixing some release-critical bugs so we can release Debian 8. Please join in, and remember to write good unblock requests so our hard-working release team can get through them in a finite time. I realise not everyone will agree with my idea of which bugs, which features and which combinations of packages are highest-priority; that's fine, there are plenty of bugs to go round!

Regarding init systems specifically, Debian 'jessie' currently works with at least systemd-sysv or sysvinit-core as pid 1 (probably also Upstart, but I haven't tried that) and I'm confident that Debian developers won't let either of those regress before it's released as Debian 8.

I expect the freeze for Debian 'stretch' (presumably Debian 9) to be a couple of years away, so it seems premature to say anything about what will or won't be supported there; that depends on what upstream developers do, and what Debian developers do, between now and then. What I can predict is that the components that get useful bug reports, active maintenance, thorough testing, careful review, and similar help from contributors will work better than the things that don't; so if you like a component and want it to be supported in Debian, you can help by, well, supporting it.

PS. If you want the Debian 8 installer to leave you running sysvinit as pid 1 after the first reboot, here's a suitable incantation to add to the kernel command-line in the installer's bootloader. This one certainly worked when KiBi asked for testing a few days ago:

preseed/late_command="in-target apt-get install -y sysvinit-core"

I think that corresponds to this line in a preseeding file, if you use those:

d-i preseed/late_command string in-target apt-get install -y sysvinit-core

A similar apt-get command, without the in-target prefix, should work on an installed system that already has systemd-sysv. Depending on other installed software, you might need to add systemd-shim to the command line too, but when I tried it, apt-get was able to work that out for itself.

If you use aptitude instead of apt-get, double-check what it will do before saying "yes" to this particular switchover: its heuristic for resolving conflicts seems to be rather more trigger-happy about removing packages than the one in apt-get.

Categories: Elsewhere

Laura Arjona: Translating (reviewing) Debian package descriptions

Planet Debian - Wed, 19/11/2014 - 00:22

Some days I feel super lazy but I still would like to go on contributing translations to Debian.
Then, I leave the web translations a bit, and change to translate or review Debian package descriptions.

It’s something that anybody can do without any knowledge of translation tools, since it is a very simple web interface, as you will see.

First you need to create a login account, then, login into the system.

And then, go to the page of your mother language (in my case, Spanish, “es”). You will see some introductory text, and the list of pending translations:

At the end of the page, there is the list of translations pending to review:

We should begin with this, so the work that other people already made arrives quickly its destination. And it’s the easiest part, as you will see. Let’s pick one of them (libvformat1-dev):


You see the short description in the original English, and the current translation (if there were changes from a former version, they are coloured too).

I didn’t know what the package libvformat1-dev does, but here’s a nice opportunity to learn aobut it a bit :)

The short description looks ok for me. Let’s go on to the long description:

It also looks correct for me. So I leave the text box as is, and go on until the bottom of the page:

and click “Accept as is”. That’s all!!

The system brings you back to the page with pending translations and reviews. Let’s pick another one: totem

I found a typo and corrected some other words, so I updated the text in the translation box, left a message to the other translators in the comment box, and clicked “Accept with changes”.

And… iterate.

When 3 translators agree in a translation, it becomes official, and its propagated to apt-cache, aptitude, synaptic, etc., and the website (packages.debian.org). This is the most difficult part (to get 3 reviews for each package description):  many language teams are small, and their workforce is spread in many fronts: translations for the website, news and announcements, debconf templates (the messages that are shown to the user when a package is installed), the Debian installer, the documentation, the package descriptions… So your help (even when you only review some translations from time to time) will be appreciated, for sure.


Filed under: Tools Tagged: Contributing to libre software, Debian, English, translations
Categories: Elsewhere

Exaltation of Larks: Is Drupal Secure? Drupalgeddon and Our Approach to Security at Exaltation of Larks

Planet Drupal - Tue, 18/11/2014 - 22:09

Is Drupal secure software? You may have heard about the significant security announcement nicknamed “Drupalgeddon” and are wondering where Drupal fits in today’s fast-changing world of internet threats, enterprise software and risk management.

We stand by Drupal’s security record and recommend it for a variety of business cases. To put our money where our mouth is, our cofounder and chief tin-foil-hat fashionista, Christefano Reyes, is presenting Better Sleep Through Web Security. this Thursday, November 20th, at the San Gabriel Valley Drupal Meetup.

Thanks to a the Greater Los Angeles Drupal user group and its sponsors, this meetup is hosted on the beautiful Fuller Theological Seminary campus in Pasadena, California, and also have a video conference for those who can attend only by video conference or phone.

   Date and time: November 20, 2014 at 6pm Pacific Time
   Location: Fuller Theological Seminary, at 135 N Oakland Ave
Pasadena, CA 91101 (Building “Glasser 110”)
   Video conference: https://glad.zoom.us/j/129319220
   Phone: +1 415-762-9988 or +1 646-568-7788
   Meeting ID: 129 319 220

Better Sleep Through Web Security

Christefano Reyes presents Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

The “Drupalgeddon” vulnerability has been covered in mainstream news including Forbes, the BBC and The Register, and has brought web security, frequently an overlooked part of web development, back to the center stage.

This particular vulnerability, officially known as SA-CORE-2014-005, allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control.

Topics that will be covered in this presentation include:

  • Security vs. Privacy
  • Common Attack Vectors
  • Drupal’s security record and the Drupal Security Team
  • SA-CORE-2014-005 (also known as “Drupalgeddon”)
  • I’ve Been Hacked! Now What?
  • Best Practices for Helping Others and Yourself
  • Resources
  • Questions / Answers

Christefano is one of the founders of Exaltation of Larks, a Drupal design and engineering firm with a worldwide team of Drupal experts; and Droplabs, an open source-friendly coworking space and business incubator near Downtown Los Angeles. As an advocate of open source software and self-declared meetup junky, he helps organize meetups and conferences all over the Greater Los Angeles Area, including the Los Angeles Chess meetup and LA Geek Dinners.

If you haven’t heard of Drupalgeddon or don’t know if your Drupal sites have been updated since the announcement, please stop reading and see the SA-CORE-2014-005 FAQ immediately. You can contact us for any questions related to Drupal maintenance and support, including security services, at 888-527-5752 and via our Contact form.

read more

Categories: Elsewhere

Mediacurrent: Highlights From BADCamp, Part 1

Planet Drupal - Tue, 18/11/2014 - 21:48

From November 6th through the 9th, members of the Mediacurrent team headed to San Francisco for the Bay Area Drupal Camp. Hundreds of Drupal enthusiasts convened at the Palace of Fine Arts to take part in some fantastic sessions, code sprints, and all the San Francisco has to offer. Below is Part 1 of their weekend highlights.

Categories: Elsewhere

Pages

Subscribe to jfhovinne aggregator