I recently came across situation where the .ppsx files were displayed as some weird characters instead of getting downloaded. For those who aren't aware of the .ppsx file extension, it is nothing but the extension for files created through Microsoft PowerPoint. You can find more information about the Powerpoint file formats here.suresh Tue, 03/08/2016 - 17:45
The last week was mostly spent on bugfixing and cleanup after security releases. Hopefully the amount of security reports will go down now.
Most of the bug fixes were in the SQL parser which influences quite a lot of parts of phpMyAdmin. It is responsible for splitting queries on import, generating queries for export or linting the queries as users type them.
- #12067 Adding "JSON" option to dropdown
- #12047 Filtering databases on databases listing
- #12052 Filtering databases on databases listing, Issue #12047
- #12063 duplicate a table occur an error,for uft-8?
- #12064 Cross-site scripting (XSS) vulnerability in phpMyAdmin Version 188.8.131.52
- #11776 SQL Linter Problems
- #12025 Import reports false SQL error with MariaDB
- #12045 unrecognized keyword left in where clause #11975 (REMAINS UNSOLVED)
- #12041 Missing indexes and constratins in export
- #12028 "ALL" keyword not recognized
- #12054 MySQLDump .sql import in v4.5.5 fails becuase of escaped characters
- #12053 upload-release error
- #12055 Parse eror with 4.6.0-rc1 and master
- #12056 Invalid data stored in $_SESSION[' PMA_token '] if openssl_random_pseudo_bytes() fails
- #12015 create-release errors
- #12048 SQL parser doesn't honor vendor config
- #12024 Better icon for table hiding
- #12032 Icons added and code changed to display icons #12024
- #12037 Fix parse git data without gz support (bug 12030)
- #12030 Do not try to parse git data without gz support
- #12044 Fix example in test/README.rst
- #10 1.1 XSS in Static analysis of SQL query [PMASA-2016-10]
- #11 1.2 XSS in "Edit inline" of SQL query [PMASA-2016-11]
- #16 1.6 XSS Via HOST header [PMASA-2016-11]
- #17 1.7 XSS in file_echo.php by mime sniffing text/plain (only in old IE <= 8 & old Safari on windows) [PMASA-2016-11]
- #19 2. insecure CURL SSL Settings [PMASA-2016-13]
- #37 Fix DROP VIEW statement is not constructed properly by the parser, Issue #36
- #39 Fails to parser CREATE TABLE
- #36 DROP VIEW statement is not constructed properly by the parser
- #38 Recognize ALL when used with WHERE clause
"We're excited to support Debian's annual conference which brings together Debian contributors from all around the world. In addition to our sponsorship, we will actively participate in DebConf", said Steve Geary, Senior Director at Hewlett Packard Enterprise.
HPE is one of the largest computer companies in the world, providing a wide range of products and services, such as servers, storage, networking, consulting and support, software, and financial services.
HPE is also a development partner of Debian, and provides hardware for port development, Debian mirrors, and other Debian services (hardware donations are listed in the Debian machines page).
With this additional commitment as Platinum Sponsor, HPE contributes to make possible our annual conference, and directly supports the progress of Debian and Free Software helping to strengthen the community that continues to collaborate on Debian projects throughout the rest of the year.
Thank you very much Hewlett Packard Enterprise, for your support of DebConf16!Become a sponsor too!
DebConf16 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through email@example.com, and visit the DebConf16 website at http://debconf16.debconf.org.
We updated social intranet OpenLucius (a Drupal distribution) with 6 new functions. Without further ado, let's dive into it:1. Document management revamped
We completely renewed the document management system (Files). It’s now much more usable and recognizable (Apple Finder / MS Exploder -like); intuitive file management out of the box. Check out this demo video (from ~ 1:24):
Triage of 17 CVEs for squeeze-lts. I misread the calendar and thought I was on front-desk duty for a couple of days. Fortunately no duplicate work was done.
Prepared and released DLA-427-1 for nss fixing CVE-2016-1938 after checking that nss is not affected by CVE-2015-7575 since MD5 signatures never got disabled - another good reason why we should have the same nss in all suites.
… and to make sure we have fewer issues that are fixed in squeeze-lts but affect wheezy …
On non LTS time I cooked up a script to make it simpler to check if a package has security support in a certain release.
Now that squeeze-lts is history I'd like to thank the Debian Security Team for their help and answers to all the questions related to security tracker, DSAs, DLAs and whatnot. I'm looking forward to wheezy-lts now…Other Debian stuff
Tassia Camoes Araujo: Some impressions of a flourishing community – bits from the MiniDebConf Curitiba @ Montreal
Last month I more-or-less accepted an invitation that got me scared at first, panicking after a while. Why do I put myself in such an uncomfortable position? Well, I think that’s how we grow up
I was first contacted to talk about women participation in Debian, which I kindly refused, but I said I would maybe talk about motivating new contributors, possibly with some more friends that would maybe join me at the stage. I need to confess that at that moment I had no idea (ok, a vague idea…) about what I was going to talk. So I promptly emailed some Debian friends, shared the invitation, shared some thoughts, got feedbacks, got encouragement, and we finally made it!
For the video conference we used mconf.org which worked super well (the downside is that it requires flash, maybe you could help them get rid of it?). I had also recorded a backup video with vokoscreen, just in case Murphy would decide to go to Curitiba… but everything worked well. We a single moment with connection issues, but the torrent user kindly released the bandwidth…
The main point I made in the talk is that Debian as a Universal Operating System is still an utopia, especially when we extend our understanding of universality to our contributors. And as an utopia, it serves to make us walk! The more we advance, the more it gets further away, so we need to keep walking. Another important point was that diversity is not an issue that touches only woman. My audience was full of Portuguese native speakers, from a third world country, a few women, many more man, a couple of DDs, some longtime contributors, some newbies, and most of them are also part of minorities in our community. I bet many of them has already felt like a weed growing surrounded by concrete at least once in their lifetimes…
Solidarity towards our utopia was my final message. Just for fun, and to make a recap of our conversation at the end, I made a list of 10 steps that we could all give to contribute to a more universal Debian:
1. Read our Social Contract and make sure we are all at the same page
2. Improve Debian documentation
3. Remember that diversity does not concern only women
4. Keep an eye on minority groups and show solidarity
5. Be open and alert to the needs of newbies
6. Help Debian teams to be prepared to welcome new contributors
7. Reserve part of our time to integrate new members to the community
8. Promote hands-on meetings (local and remote)
9. Promote peer-mentoring among newbie contributors
10. Do not see Debian members as special beings, we are all humans!
You can check my slides or the video of the live transmission if you want to see more. In case you can not follow the audio, I’d be happy to provide subtitles (but I probably won’t work on that if I don’t receive have any request). And if you invite me to another conference, we can have a similar chat at with your community. Note: in person is more fun
Finally, I’d like to thank the participants of the mini-DebConf, those that followed this session and those who were practicing how to package on the other room, Paulo Santana and all the local organization team for the invitation, Ana Guerrero and Laura Arjona for the remote support and feedback, Andreas Tille for the efforts in integrating new contributors, Christian Perrier for the developer statistics, Valéssio for being in the audience and the Debian Project for the inspiration.
What we had we Brazil this weekend was a taste of a flourishing and welcoming community, I am proud and honored to be part of it!
Come for the code, stay for the community. That’s more than a tagline for Drupal, it’s a manifesto. Having our community members bring topics to the mainstage to share with all Con attendees is an incredible way for them to contribute back and really make an impact on the Drupal community.
Thursday at DrupalCon New Orleans, we will highlight the community by showcasing a Community Keynote on the main stage. This means that someone from within the community will share their experience on stage with you about issues that you're interested in.
It’s been a few months since I first mentioned the Git Book module here on DPE. I haven’t done much with it since but was able to scrape together a rather epic sprint today. Coupled with improvements to ELMSLN in general, this thing is getting close to a pretty killer workflow for book creation. The scenario we’re striving for:
Acquia Developer Center Blog: Chris Pliakas on the Scrum Process, Working with Drupal, and What’s Next for Content Hub. Part 2 in a Series.
In Part 1 of this 2-part series, Chris Pliakas, the director of Content Services Engineering at Acquia, described how he managed the Acquia Content Hub project, which was released in November, 2015. In this, the second part of the interview, he discusses the Scrum process, the benefits of working with an open source framework like Drupal, and what’s next for the Content Hub project.Tags: acquia drupal planet
Overheard at the Tor Dev meeting in Valencia, from people speaking about online identities: "You were on top of the list of the people I thought were you."
It was really good to be there as my plan to meet people and work on torbrowser-launcher issues worked out nicely: in total seven bugs got fixed upstream and resulted in an torbrowser-launcher upload to sid after the meeting. So now only three bugs are open in sid and it's clear how to fix #811499 in stable so that torbrowser-launcher doesn't stop working on May 3rd 2016. So yay.
At the IFF we also had a small reproducible builds Debian meeting, where I took these raw notes: (please ask for clarifications, how to help or correct me if you think other things are blockers right now as well!)
- dpkg: we need to provide a debian/.buildinfo manpage
- dpkg: get '--clamp-mtime' option for tar upstreamed - or implement it in dpkg-deb
- do blogpost: the deadline to miss reproducible stretch is probably in less than six months
- note from IRC: '< guillem> so the deps would be: finish .buildinfo spec/implementation, and merge that; get dak to keep them; switch dpkg to use the timestamp for ar members, from my PoV'
Too bad IFF was not really well known in advance amongst some local free software advocates, I hope this improves next year!
- Installing quassel server and clients and getting addicted to IRC… It’s not that I chat so much, but I read the backlog of the channels where I am, and it’s hard for me to leave a channel once I join, even if I joined just to ask something and they already answered.
- Writing (correct) English is harder for me than what I imagined. Not here or by mail or in IRC, but when I have to ‘create’ some news for DPN or bits, it takes much time and I doubt in many cases. I trust in the reviews by debian-l10n-english team, and thank them very much, but I also feel a bit ashamed of my broken English. OTOH, note that we have few native English speakers in the Publicity (and website) team. Please consider joining (Publicity or L10n-English) and helping with the reviews! That helps not only to get good quality content in Debian, that also helps non-English speakers to contribute more ideas or paragraphs, because we can trust in somebody reviewing our work.
- It’s hard for me to call for meetings, proposing dates/times. We are very dispersed geographically so I usually come up with long tables with lots of days and times proposed, and I think it does not help. OTOH setting a fixed time can systematically leave out people from certain timezones, and I feel that’s very sad. I suppose I need to try to offer few options and if I see no agreements, then extend.
- I’ve written “hard” word 4 times in this post (well, 5 now!) but that does not mean I don’t want to do those tasks. I feel going out of my comfort zone and that’s ok, needed to learn and experience. I’m having a good time in Debian in the last months, as always!
- We’re 4 people delegated and more team members and contributors, so anybody could think: “Publicity is well covered, let’s go to do other things in Debian”. It’s perfectly ok if you want to do other things in Debian, but please consider combining your contributions with some minutes for the publicity team. Aiming to be the universal operating system, our community and target audience is big and diverse and we’d like to show that diversity to the world. The more we are, the merrier!
Filed under: My experiences and opinion Tagged: Communities, Contributing to libre software, Debian, Developer motivations, English, Free Software
Drawing from 35 years of experience ranging from start-ups to Fortune 500 companies, Bob Moul will share lessons he learned on his journey from the mailroom to tech CEO. The keynote, titled “How to Succeed at Success - Stacking the Odds in Your Favor,” will focus on how to build a successful and empowered life while balancing relationships, health, and, of course, a business itself. This keynote will share practical tips, insightful quotes, and real life experiences gained from his work in different cultures around the world, making and losing money, and even failure.Moul will share lessons he learned on his journey from the mailroom to tech CEO. The keynote, titled “How to Succeed at Success - Stacking the Odds in Your Favor,” will focus on how to build a successful and empowered life while balancing relationships, health, and, of course, a business itself. This keynote will share practical tips, insightful quotes, and real life experiences gained from his work in different cultures around the world, making and losing money, and even failure.
In addition to his many years of experience and current position as CEO of Cloudamize – a leading cloud infrastructure analytics company – Bob Moul is also an active advocate for entrepreneurship and education in Philadelphia. He serves on the board of directors of the Philadelphia Industrial Development Corporation (PIDC), the Philadelphia Alliance of Capital and Technology (PACT), Ben Franklin Technology Partners of Southeastern Pennsylvania, Philadelphia Academies Inc., USA250, as well as being the former chair and president of Philly Startup Leaders.Moul is also an active advocate for entrepreneurship and education in Philadelphia. He serves on the board of directors of the Philadelphia Industrial Development Corporation (PIDC), the Philadelphia Alliance of Capital and Technology (PACT), Ben Franklin Technology Partners of Southeastern Pennsylvania, Philadelphia Academies Inc., USA250, as well as being the former chair and president of Philly Startup Leaders.
Bob was named a 2011 Ernst & Young Entrepreneur of the Year finalist for Philadelphia, the 2013 Small Business Person of the Year by the Philadelphia Chamber of Commerce, and one of the most influential business people in Philadelphia by both Philadelphia Magazine and the Philadelphia Business Journal.
Bob’s career-long dedication to innovation, the technology industry, and community engagement ensures this keynote will go well beyond traditional keys to success. His insights from a long and illustrious career will bring a well-rounded perspective to Drupaldelphia 2016.More about Drupaldelphia
Drupaldelphia is Philly's annual gathering for all things Drupal, the open source content management system. This event attracts developers, site-builders, content administrators, designers, and anyone interested in using Drupal in their organization or upcoming project. This spring, it will again be hosted at the Pennsylvania Convention Center at 1101 Arch St Philadelphia, PA 19107. You can buy tickets now on the Drupaldelphia website.
* This post is based on a press release that originally appeared on Drupaldelphia.
Voting is now open for the 2016 At-Large Board positions for the Drupal Association! If you haven't yet, check out the candidate profiles and review the Meet the Candidate sessions (we ran three) that we held. Get to know your candidates, and then get ready vote.Cast Your Vote!
How does voting work? Voting is open to all individuals who have a Drupal.org account by the time nominations open and who have logged in at least once in the past year. These individuals' accounts will be added to the voters list on association.drupal.org and they will have access to the voting.
To vote, you will rank candidates in order of your preference (1st, 2nd, 3rd, etc.). The results will be calculated using an "instant runoff" method. For an accessible explanation of how instant runoff vote tabulation works, see the this video.
Elections will be held from 7 March through 18 March (midnight UTC) 2015. During this period, you can still review and comment on candidate profiles.
Have questions? Contact Drupal Association Executive Director Holly Ross.
It is DPL nomination time again.
A gentle reminder to avoid making people uncomfortable:
Inviting people to candidate for DPL is like inviting them for sex.
It can be flattering.
And if you insist after one says "no", it becomes harassment.
In learning about custom Drupal 8 module development, I found plenty of very simple field module examples, but none that covered how to store more than one value in a field and still have it work properly, so it's time to fix that.
To save you typing or copy and pasting things around all the code in this post is available on Github at https://github.com/ixis/dicefieldConcepts
There are three main elements to define when creating a field type:
Today is an auspicious day. For those who know (or follow) the Hindu religion will be familiar; Today is Maha Shivaratri
On this day, It is great delight for me to be able to release Laptop Mode Tools, version 1.69
This release adds on many bug fixes and some enhancements. There is a new module (disabled by default) for cpuhotplug. The release tarball also includes a basic PolicyKit file for convenience, that packagers can use for the Laptop Mode Tools Graphical Configuration Interface. Apart from the policykit file, the graphical invocation script has been slightly fine tuned to work under pkexec and sudo. Some defaults have been tuned based on user requests - This should improve in situations where your External USB Mouse/Keyboard used to suspend after idle time periods.
In January this year, I had the pleasure of meeting Bart Samwel in person at his office in Amsterdam. For those who don't know, Bart started off Laptop Mode Tools around 2004, and I took over maintenance around 2008. Meeting in person has been a delight, especially with the ones you work over email for years; This is something I cherished last year at Debconf 15 too.
IMPORTANT:- Until now, Laptop Mode Tools project was hosted on Bart's webserver. Now, as you read, the homepage and mailing lists have changed. I'd urge all users to subscribe to the new mailing list and update their bookmarks.
Mailing List: https://groups.google.com/d/forum/laptop-mode-tools
Note: For users who are not comfortable with creating a google a/c for mailing list subscription, you should still be able to subscribe with your personal email address. Please follow the steps in the mentioned homepage.
Since last couple releases, I've also been providing RPM packages for Opensuse Tumbleweed and Fedora. The same should be available on the github release page. The Debian package will follow shortly in the Debian repository.
Thank you and a Happy Maha Shivaratri. Har Har Mahadev.1.69 - Mon Mar 7 17:44:42 IST 2016 * Wait for all forked modules to complete * Add new module: cputhotplug * CPU online/offine is reverse here * Fix shell syntax * Install policykit file * Detach polling daemon from main process * Do NOT touch speed if throttling is not set * Restore to MAX speed when back to AC Power * Fix manpage about DISABLE_ETHERNET_ON_BATTERY setting * Update documentation about ENABLE_LAPTOP_MODE_ON_AC setting * Change powersaving default for USB class devices * Drop usbhid from default (black)list * Add usb keyboard driver to the list default list * Be consistent with passing args to LMT from different invokers * Honor device plug/unplug events on a per device basis; like how Chromium initially submitted this patch * Also be consistent with option in the event parser * Update links in README.md * Update new github homepage location * Add lmt-config-gui shell script
Starting Monday, you can vote for the next at-large director on our board. Before you do, our candidate sessions: https://t.co/B0lUqmUac4
— Drupal Association (@DrupalAssoc) March 4, 2016
Drupal Association Board Elections are around. So what are these elections? How would it matter to anyone in the Drupal community? Why should one vote?
The At-large Director position is Drupal Association’s way to ensure community representation on the Drupal Association board. ie, you could have a share in shaping the future of Drupal Association by voting for the right candidate whom you think would best represent the community’s interests. You can see the list of candidates competing for this here. More about the election process here.
I have decided to vote for Shyamala Rajaram. I met Shyamala for the first time in November 2008 at a Chennai Drupal Meetup, which she had organized. I had just moved into the city, for my job at TATA Consultancy Services. That was my first weekend in Chennai. Didn’t have many friends around and a lot of time to kill. Drupal, at that time to me, was one of the many CMSs that I had freelanced earlier. Although it was my favorite. But I never saw it as a career option. And was surprised to see a meetup happening in Chennai that weekend and thought of dropping by.
But the meetup definitely had a significant impact on my life and career. I had dabbled a lot with Drupal while in my college (Vellore Institute of Technology). Though Drupal was my favorite, I had always seen in as one of the many CMSs that were mushrooming every day in the PHP ecosystem. This specific meetup gave me an opportunity to see that Drupal and its community existed outside of the internet as well ;-)
And what surprised me the most was that the newspaper portal that I read every day then, one of the largest in India, was actually powered by Drupal, and architected by none other than Shyamala and her team!
Being one of the first adopters of Drupal in India, Shyamala has been organizing meetups in and around Chennai since 2007. She has spearheaded many community initiatives, including taking Drupal to Colleges in and around Chennai.
I believe she has the right mix of leadership and technical capabilities and can best represent the Drupal community in general, and India & Asia in specific, on the board of Drupal Association. All the very best Ma’am!
A few weeks ago I had to go through the process of setting up php code sniffer on my new computer, and realised how confusing most of the blog posts out there are and how many loops and posts you have to jump through to get it set up.
I decided to write a quick post with all the commands in one place and small descriptions for most of the commands:Installing Drupal Coding Sniffer
1. Download php code sniffer (source code: https://github.com/squizlabs/PHP_CodeSniffer)
curl -OL https://squizlabs.github.io/PHP_CodeSniffer/phpcs.phar
curl -OL https://squizlabs.github.io/PHP_CodeSniffer/phpcbf.phar
sudo mv phpcs.phar /usr/bin/phpcs
sudo mv phpcbf.phar /usr/bin/phpcbf
sudo chmod a+x /usr/bin/phpc*
Test that it's installed by running phpcs -hand it should output the code sniffer help.
2. Download the Coder module
Note: download the 8.x branch, even if you intend to use it on Drupal 7.
You can download it in any 'normal' folder, but not in a Drupal project.
drush dl coder
It should download the latest version which is 8.x - if it doesn't then add --select to the drush command and choose the 8.x branch.
3. Add Drupal standards to PHP Code Sniffer
Tell phpcs to use the Drupal standards from the downloaded Coder module:
sudo phpcs --config-set installed_paths /folder/where/i/want/coder/coder/coder_sniffer
At this point you have PHP Code Sniffer set up with Drupal coding standards.
You can use it from command line by running:
phpcs --standard=Drupal file/to/check
or add it to your favourite text editor/IDE.Adding code sniffer to Sublime
Here are the few steps you need to follow to add it to Sublime Text 2/3:
1. Download the Sublime Build file from the repo: https://github.com/sirkitree/DrupalCodingStandard
wget https://raw.githubusercontent.com/sirkitree/DrupalCodingStandard/master/DrupalCodingStandard.sublime-build -O ~/.config/sublime-text-3/Packages/User/DrupalCodingStandard.sublime-build
If you don't know where your Sublime installation saves its packages then open Sublime, go to Preferences > Browse Packages, and replace the above path with yours.
2. Activate the Drupal Build file by going to Tools > Build System > DrupalCodingStandard in Sublime.
3. Open any Drupal file and hit Ctrl (Cmd) + B to run the sniffer on that file.Adding code sniffer to PHPStorm
I have recently started using so am slowly getting used to it and setting up features I used to use in Sublime. Adding PHPCS to PHPStorm is simple and only takes a few steps.
Go into the Settings and either search for the keywords 'code sniffer' or go to Languages&Framerworks then Code Sniffer under the PHP section.
In the Development environment I have chosen Local and clicked on the ... next to the drop down. Add your /usr/bin/phpcs path to the phpcs path and click Validate to make sure it picks it up.
Now that you have phpcs added as a code sniffer we need to tell the 'Inspections' to use it.
In the same settings window, either search for 'code sniffer' again, or go directly to Editor > Inspections. Tick the box for PHP Code Sniffer validation under PHP and then choose the 'Coding standard' from the right hand pane. If the only values in the drop down are 'Custom' or you cannot find 'Drupal' in there then hit the little 'refresh' button next to the drop down and it should pull all the coding standards added to your php code sniffer. Then choose 'Drupal' from the drop down and you are good to go.
The code sniffer will start adding errors/warnings inline in Drupal files, or you can run a code inspection manually by going to Code > Inspect Code and choosing either the whole project or the current file.
This time, three talks were given:
- Kentaro is "groonga"(an open-source fulltext search engine and column store) upstream author and package maintainer in Debian and Fedora. This talk is about his experience how to use Debian "porterbox" for non-DDs.
- "Porting Debian to tilegx" by @wskoka
- About his experience porting Debian to tilegx architecture, multicore processor family by Tilera. He is not porting expert ("I'm sale person", he said :), but did try&error and now apt is working on that machine.
- "Introduction to Debian Ports" by John Paul Adrian Glaubitz
- Adrian comes from Germany(!) and gave a talk about debian-ports.
During break time, did some discussion, GPG keysigning and enjoyed coffee and sweets provided by Cybozu, thanks!
And thanks for all participates!