Feed aggregator

Drupal Watchdog: Watch Over My Shoulder

Planet Drupal - Wed, 12/11/2014 - 19:47
Article

One of the best ways to learn useful tricks at the command line is to sit with someone and watch what they do. Due to the distributed nature of the Drupal community, we don't do nearly enough pair programming. Too often we work in isolation and then push our work on others when we finish. In this article I invite you to sit down beside me and watch over my shoulder as I explore Drupal 8 from the command line.

Navigating Drupal in the Bash Shell

The instructions in this article will work for OSX, and Linux systems, such as Ubuntu, but not Windows.
When reading command line instructions, there are two important characters we need to know about: $ and #. When applied to the beginning of a line, these refer to the prompt. We don't type these characters when issuing our command. $ signifies the command should be run as a regular user; # signifies the command is run as the administrative user (“root”).

As a themer, the first thing I want to explore is, of course, the themes. Let's begin by navigating to our Drupal folder. I start by opening up a terminal application. At the command line, I type cd, and then, using Finder, locate my Drupal folder. I then drag this folder onto the terminal application. It will automatically paste the path to the Drupal folder into my bash prompt. I press return, and bingo – we have navigated to the Drupal folder!

Let's take a peek inside the core folder of themes: we’ll navigate to the folder core/themes and then list (or ls) all files.

$ cd core/themes $ ls

There should be four things listed. See them all?

Categories: Elsewhere

Drupal Association News: How to Read the Association Financial Statements

Planet Drupal - Wed, 12/11/2014 - 19:37

I've had a couple of questions related to Association finances lately in various communications channels. I know that most of you are not finance professionals for a living, so rather than answering in several different silos, I thought I might write up this post about how the Association financials are structured and how you can read them. You know, for when you need a break from your other Drupal work! So if you're into this sort of thing (and I am not judging here, because I am WAY INTO this sort of thing), read on!

What are financial statements?

A financial statement is a formal record of the financial activities of the Drupal Association. The financial statements present information in a structured way that should make it easy to understand what is happening with the organization's finances. In other words, financial statements should tell a story about what is happening with the Association's money. Generally, financial statements include three standard reports:

  • Income Statement (or Profit & Loss): This report shows the revenue that is recognized as received and spent during a given period. It is tempting to compare the income statement to your checkbook register, but it's not quite that simple. The catch is that the income statement shows RECOGNIZED income and expense. One of the US accounting rules, for example, is that we can not recognize revenue for a DrupalCon ticket until the month in which the event happens. So, if you buy your DrupalCon Barcelona ticket in June, and the event is in September, your ticket revenue will not show up until our September income statement. Until then, that revenue sits on our Balance Sheet. So, the income statement alone does not give you a full picture of the organiztion's financial position. It simply represents the movement of recognized revenue in a specific time period. The income statement also represents some non-cash changes, such as depreciation.
  • Balance Sheet: The balance sheet shows us the assets and liabilities for the organization for that given time period. Reading the balance sheet, you can get a better understanding of how much money is in the bank, and where we owe, or might possibly owe, money. These things are not reflected in the income statement. Going back to our DrupalCon Barcelona example, prior to the Con, any revenue from sponsorship, ticket sales, or training sales would be held on the balance sheet in two ways. First, it will simply be reflected as cash in our bank account. Secondly, it is reflected as a liability, broken out specifically as sponsorship or ticket revenue. It's a liability because if we cancel the Con, we have to give you your money back! When preparing the September financials, we move the ticket revenue from the balance sheet liabilities session to the Income Statement, where it is treated as recognized revenue. 
  • Cash Summary: The cash summary (or cash flow) is the report that simply shows the movement of money into and out of our accounts. It does not account for depreciation or other non-cash accounting.

Those three reports are the standard set that organizations issue when reporting their financials.  The Association, however, issues additional reports to add clarity and transparency around the programs that you care most about.

About the Drupal Association Financial Statements

The Drupal Association financials are created on a monthly basis, and then are reviewed by the Finance Comittee of the board. On a quarterly basis, the Finance Committee presents the financials to the Board in executive session, which, if there are no serious questions, approves the financials. At that point, we publish the three months of financials to the community. They are promoted in a blog post about the meeting, and are also always available on the board materials page on the Association site. 

As I mentioned above, the Association financial statements go above and beyond the standard reports. In addition to the main three, our monthly financials also include the following: 

  • "PL All Classes:" This is an income statement report, showing recognized revenue and expenses for the month, but it is broken out by program area. This gives you the opportunity to see, for that month, the recognized revenue and expense for the upcoming Cons, or Drupal.org, or our Drupal Product Marketing efforts, for example. This report is for the month only, so keep that in mind. If you are looking at the May financial statements, the numbers in this report are for May only.
  • "Revenue:" This report was designed to show how our various revenue lines are performing. One of our board mandates is to diversify revenue so that DrupalCons are not our primary source of income. Taking this pressure off the Cons to perform financially will allow us to make different kinds of choices for the Cons, and it provides us more stability as an organization. This report helps us monitor progress for those revenue lines.
  • "PL DC ConName:" We create one of these report for each of the Cons we are working on. They are income statements for those Cons, year to date (YTD). YTD means that the report reflects all income and expense for that year, not just the current month. In these reports, you can see detailed information about expenses, with revenue generally not recognized on the report until the month of the Con.

And, keep in mind that all Association financial statements are reported in US Dollars.

How to Read the Financial Statements

A goal of financial statements is that they are supposed to make financial information easier to understand. However, the truth is that it is difficult for mere mortals to read financial statements. It takes both training and practice. However, let's see if I can walk you through some details. I'll use the March 2014 financial statements in this example.

Income Statement

The Income Statement presents the income and expenses for both the month of the report (in this case, March) as well as the year to date, or YTD, amounts (in this case, 1 January through 31 March 2014). So the top of the report looks like this:

Here's what what the columns represent:

  • Actual: Amounts for the month the financials report represents. In this case, March 2014.
  • Budget: The budgeted amount for the month the financial report represents. In this case, the amount we budgeted for March 2014.
  • YTD Actual: Total amount for the year, through the month the financial report represents. In this case, 1 January through 31 March 2014.
  • YTD Budget: Total budgeted amount for the year, through the month the financial report represents. In this case, the amount we budgeted for 1 January through 31 March 2014.
  • Var %: The percent difference between the YTD Actual and YTD Budget. This gives you a sense of how good a job we did at budgeting. Variance can occur because we receieved or spent money faster than we anticipated, or our models were off entirely. Remember that the Association only began budgeting and reporting in these formats 18 months ago, so we're still learning about what our cycles of revenue and expense are, so we expect the variance to decrease overall throughout the next few years as we get better at this.
Balance Sheet

The Balance Sheet presents the assets and liabilities as of the month of the report, which is March 2014 in this example. The balance sheet almost always also shows a comparative period - the same period the year prior, which is March 2013 for this example. This gives you the opportunity to see how things have changed in the last year. The report looks like this:

Cash Summary

The Cash Summary report shows the flow of money into and out of the organization in the given period. For compartive purposes, it also includes a Year to Date (YTD) column that shows all cash movement for the year, which is 1 January through 31 March in this example. The Cash Summary looks like this:

What our Financial Statements do not show

Simply put, our financial statements do not show a lot of information. The point of statements is to take complex and copious amounts of data and distill it into something digestable. We do not, for example, show each of the tickets sold for a DrupalCon and who they were sold to. We don't show each invoice that was received for Association software as a service subscriptions. We have the data, and I'm not oppposed to sharing it (as long as I check that we are not violating any privacy or other laws - you never know). However, it does not make sense for us to publish this level of detail on a monthly basis. 

That said, if there is something our financial statements do not show you, you can always ask. If it's not published here, it's not because we don't want to share the information. It's because we want to share information that can be meaningfully understood.

Summary

That should help you get through some of our financial statements a little better. I am not an accountant, but I am always happy to field any questions you have about these documents, and our amazing Operation Team of Kris and Leslie love to help. Just drop me a line via email or go ahead and post in a public channel like Twitter or a forum. Give me a heads up and I will get back to you.

Flickr photo: Doug88888

Categories: Elsewhere

David Stoline: Fake DNS Hosts with Behat with custom behat parameters

Planet Drupal - Wed, 12/11/2014 - 18:06

I was recently working on a Drupal project that had some internal DNS managed via hosts file. Tell me about it. Having no publicly accessible DNS or IP creates a challenge when your SaaS based Jenkins runs the tests.

The solution for this is a little custom work in your FeatureContext constructor and a BeforeScenario method.

And a little glue in the behat.yml to pass the custom hostHeader variable to the FeatureContext. Make sure that you're also setting the IP of the server for base_url and you're all set.

You can use this same pattern to pass around other variables from behat.yml to your FeatureContext.

Tags: 
Categories: Elsewhere

Paul Booker: How to set up your own Git server.

Planet Drupal - Wed, 12/11/2014 - 18:02

From your local machine ..

1. Create your keys

ssh-keygen -t rsa

2. Upload to your server

scp ~/.ssh/paulbooker.pub root@92.243.12.252:/tmp/paulbooker.pub

From your server ..

1. Install Gitolite.

apt-get install gitolite

2. Create a user for Gitolite.

adduser \ --system \ --shell /bin/bash \ --gecos 'git version control' \ --group \ --disabled-password \ --home /home/gitolite \ gitolite Adding system user `gitolite' (UID 103) ... Adding new group `gitolite' (GID 105) ... Adding new user `gitolite' (UID 103) with group `gitolite' ... Creating home directory `/home/gitolite' ...

3. Setup Gitolite

su - gitolite gl-setup /tmp/paulbooker.pub The default settings in the rc file (/home/gitolite/.gitolite.rc) are fine for most people but if you wish to make any changes, you can do so now. hit enter... /usr/bin/select-editor: 1: /usr/bin/select-editor: gettext: not found 'select-editor'. /usr/bin/select-editor: 1: /usr/bin/select-editor: gettext: not found 1. /bin/nano <---- 2. /usr/bin/emacs23 3. /usr/bin/vim.tiny /usr/bin/select-editor: 1: /usr/bin/select-editor: gettext: not found 1-3 [1]: 1 creating gitolite-admin... Initialized empty Git repository in /home/gitolite/repositories/gitolite-admin.git/ creating testing... Initialized empty Git repository in /home/gitolite/repositories/testing.git/ [master (root-commit) 7e358c3] start 2 files changed, 6 insertions(+) create mode 100644 conf/gitolite.conf create mode 100644 keydir/paulbooker.pub

4. Add the Gitolite user to your SSH configuration file.

nano /etc/ssh/sshd_config PermitRootLogin yes #without-password PasswordAuthentication no AllowUsers root gitolite #no commas service ssh reload # /etc/init.d/ssh reload .. Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service ssh reload

On your local machine.

nano ~/.ssh/config Host Git user git hostname 92.243.12.252 port 22 identityfile ~/.ssh/git Host * user paul hostname * port 22 identityfile ~/.ssh/paulbooker

1. Clone your gitolite repository

$ git clone gitolite@92.243.12.252:gitolite-admin

Cloning into 'gitolite-admin'... remote: Counting objects: 6, done. remote: Compressing objects: 100% (4/4), done. remote: Total 6 (delta 0), reused 0 (delta 0) Receiving objects: 100% (6/6), done.

2. Add a test repository

cd gitolite-admin vi conf/gitolite.conf git commit -a -m "Add a test repository" [master ee674e9] Add a test repository 1 file changed, 3 insertions(+) git push Counting objects: 7, done. Delta compression using up to 2 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (4/4), 399 bytes, done. Total 4 (delta 0), reused 0 (delta 0) remote: creating test... remote: Initialized empty Git repository in /home/gitolite/repositories/test.git/

To gitolite@92.243.12.252:gitolite-admin
7e358c3..ee674e9 master -> master

3. Clone the test repository.

git clone gitolite@92.243.12.252:test Cloning into 'test'... warning: You appear to have cloned an empty repository. cd test echo "test" > README git add . git commit -m "Initial commit" [master (root-commit) 21e352e] Initial commit 1 file changed, 1 insertion(+) create mode 100644 README git push origin master Counting objects: 3, done. Writing objects: 100% (3/3), 224 bytes, done. Total 3 (delta 0), reused 0 (delta 0) To gitolite@92.243.12.252:test * [new branch] master -> master

4. Add committer to the repository.

Add public key to the gitolite-admin key directory and edit the gitolite configuration file gitolite.conf

repo gitolite-admin RW+ = git repo testing RW+ = @all repo repo1 RW+ = git = paulbooker paul$ git add -A Paul-Bookers-Mac-mini:Git paul$ git commit -m "Updated configuration" [master 511d9af] Updated configuration 2 files changed, 5 insertions(+) create mode 100644 keydir/paulbooker.pub Paul-Bookers-Mac-mini:Git paul$ git push Counting objects: 10, done. Delta compression using up to 2 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (6/6), 1012 bytes, done. Total 6 (delta 0), reused 0 (delta 0) remote: creating repo1... remote: Initialized empty Git repository in /home/git/repositories/repo1.git/ To git@92.243.12.252:gitolite-admin 05c16f3..511d9af master -> master 5. Commit and push changes to the server. git commit -m "Initial commit to repo1" git remote add origin git@92.243.12.252:repo1.git git push origin master Tags:
Categories: Elsewhere

Rapha&#235;l Hertzog: Freexian’s third report about Debian Long Term Support

Planet Debian - Wed, 12/11/2014 - 17:56

Like last month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In October 2014, we affected 13.75h works hours to 3 contributors:

  • Thorsten Alteholz
  • Raphaël Hertzog worked only 10 hours. The remaining hours will be done over November.
  • Holger Levsen did nothing (for unexpected personal reasons), he will catch up in November.

Obviously, only the hours done have been paid. Should the backlog grow further, we will seek for more paid contributors (to share the workload) and to make it easier to redispatch work hours once a contributor knows that he won’t be able to handle the hours that were affected to him/her.

Evolution of the situation

Compared to last month, we gained two new sponsors (Daevel and FOSSter, thanks to them!) and we have now 45.5 hours of paid LTS work to “spend” each month. That’s great but we are still far from our minimal goal of funding the equivalent of a half-time position.

In terms of security updates waiting to be handled, the situation is a bit worse than last month: while the dla-needed.txt file only lists 33 packages awaiting an update (6 less than last month), the list of open vulnerabilities in Squeeze shows about 60 affected packages in total. This differences has two explanations: CVE triaging for squeeze has not been done in the last days, and the POODLE issue(s) with SSLv3 affects a very large number of packages where it’s not always clear what the proper action is.

In any case, it’s never too late to join the growing list of sponsors and help us do a better job, please check with your company managers. If not possible for this year, consider including it in the budget for next year.

Thanks to our sponsors

Let me thank our main sponsors:

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Categories: Elsewhere

Last Call Media: Baltimore Drupal Camp

Planet Drupal - Wed, 12/11/2014 - 17:22
Categories: Elsewhere

Blink Reaction: Create a Simple Next/Previous Navigation in Drupal 8

Planet Drupal - Wed, 12/11/2014 - 15:46

In my last post we went over the new Drupal 8 plugin system as it concerns blocks. Today, we're going to take this idea a bit further and create a simple next/previous navigation.

First thing's first, you're going to want to create another new file at modules/YOURMODULE/src/Plugin/Block/YOURBLOCKNAME.php

In my case, this file looks like this:

Categories: Elsewhere

Code Karate: Git Cheat Sheet

Planet Drupal - Wed, 12/11/2014 - 15:23

There is a saying that "All good things come to those who wait".

Categories: Elsewhere

InternetDevels: Drupal tourists are Drupal Touring!

Planet Drupal - Wed, 12/11/2014 - 14:49

Ukrainian Drupal community with an active support of InternetDevels team has actually invented completely unique kind of Drupal event, which makes the whole community go wow! So, ladies and gentlemen, we proudly present you Drupal Tour! The main point of the event is in it’s dynamics and velocity — we’re not going to stop just on one location, but would travel all around the country to involve even larger amount of audience, interested in Drupal development.

Read more
Categories: Elsewhere

Modules Unraveled: 126 What Varnish Can and Can't Do for Your Drupal Site with Dan Reif - Modules Unraveled Podcast

Planet Drupal - Wed, 12/11/2014 - 07:00
Published: Wed, 11/12/14Download this episodePerformance Optimization
  • Before we dive deep into Varnish, I’d like to get a feel for the various performance improvements anyone can make to speed up their Drupal. What’s the process you think through when optimizing a site?
    • DB Tuning
    • Boost
    • Memcache
    • Redis
    • APC
    • Varnish
    • Module Choices!
Varnish
  • What exactly is Varnish?
  • When researching Drupal performance optimization, I came across a lot of references to APC and Varnish. What is the difference?
  • Is this for anonymous or authenticated traffic?
  • Is the Varnish module required to utilize Varnish with Drupal?
  • What are the steps needed to install and utilize Varnish? (Broad terms, not actual terminal commands)
  • Does SSL affect Varnish?
  • What doesn’t Varnish do? (What needs to be done by Drupal, or other software instead?)
  • How does Varnish affect a dev/staging/live workflow? Does Varnish need to be instlaled on the local machine?
Episode Links: Dan on drupal.orgDan on TwitterDan on GitHubDan on ServerFaultVarnish moduleVarnish info on Drupal.orgXHProfXHProf Drupal moduleTags: PerformanceOptimizationplanet-drupal
Categories: Elsewhere

Simon Josefsson: Dice Random Numbers

Planet Debian - Wed, 12/11/2014 - 00:36

Generating data with entropy, or random number generation (RNG), is a well-known difficult problem. Many crypto algorithms and protocols assumes random data is available. There are many implementations out there, including /dev/random in the BSD and Linux kernels and API calls in crypto libraries such as GnuTLS or OpenSSL. How they work can be understood by reading the source code. The quality of the data depends on actual hardware and what entropy sources were available — the RNG implementation itself is deterministic, it merely convert data with supposed entropy from a set of data sources and then generate an output stream.

In some situations, like on virtualized environments or on small embedded systems, it is hard to find sources of sufficient quantity. Rarely are there any lower-bound estimates on how much entropy there is in the data you get. You can improve the RNG issue by using a separate hardware RNG, but there is deployment complexity in that, and from a theoretical point of view, the problem of trusting that you get good random data merely moved from one system to another. (There is more to say about hardware RNGs, I’ll save that for another day.)

For some purposes, the available solutions does not inspire enough confidence in me because of the high complexity. Complexity is often the enemy of security. In crypto discussions I have said, only half-jokingly, that about the only RNG process that I would trust is one that I can explain in simple words and implement myself with the help of pen and paper. Normally I use the example of rolling a normal six-sided dice (a D6) several times. I have been thinking about this process in more detail lately, and felt it was time to write it down, regardless of how silly it may seem.

A dice with six sides produces a random number between 1 and 6. It is relatively straight forward to intuitively convinced yourself that it is not clearly biased: inspect that it looks symmetric and do some trial rolls. By repeatedly rolling the dice, you can generate how much data you need, time permitting.

I do not understand enough thermodynamics physics to know how to estimate the amount of entropy of a physical process, so I need to resort to intuitive arguments. It would be easy to just assume that a dice produces 3 bits of entropy, because 2^3=6 which matches the number of possible outcomes. At least I find it easy to convince myself that 3 bits is the upper bound. I suspect that most dice have some form of defect, though, which leads to a very small bias that could be found with a large number of rolls. Thus I would propose that the amount of entropy of most D6’s are slightly below 3 bits on average. Further, to establish a lower bound, and intuitively, it seems easy to believe that if the entropy of particular D6 would be closer to 2 bits than to 3 bits, this would be noticeable fairly quickly by trial rolls. That assumes the dice does not have complex logic and machinery in it that would hide the patterns. With the tinfoil hat on, consider a dice with a power source and mechanics in it that allowed it to decide which number it would land on: it could generate seamingly-looking random pattern that still contained 0 bits of entropy. For example, suppose a D6 is built to produce the pattern 4, 1, 4, 2, 1, 3, 5, 6, 2, 3, 1, 3, 6, 3, 5, 6, 4, … this would mean it produces 0 bits of entropy (compare the numbers with the decimals of sqrt(2)). Other factors may also influence the amount of entropy in the output, consider if you roll the dice by just dropping straight down from 1cm/1inch above the table. With this discussion as background, and for simplicity, going forward, I will assume that my D6 produces 3 bits of entropy on every roll.

We need to figure out how many times we need to roll it. I usually find myself needing a 128-bit random number (16 bytes). Crypto algorithms and protocols typically use power-of-2 data sizes. 64 bits of entropy results in brute-force attacks requiring about 2^64 tests, and for many operations, this is feasible with today’s computing power. Performing 2^128 operations does not seem possible with today’s technology. To produce 128 bits of entropy using a D6 that produces 3 bits of entropy per roll, you need to perform ceil(128/3)=43 rolls.

We also need to design an algorithm to convert the D6 output into the resulting 128-bit random number. While it would be nice from a theoretical point of view to let each and every bit of the D6 output influence each and every bit of the 128-bit random number, this becomes difficult to do with pen and paper. For simplicity, my process will be to write the binary representation of the D6 output on paper in 3-bit chunks and then read it up as 8-bit chunks. After 8 rolls, there are 24 bits available, which can be read up as 3 distinct 8-bit numbers. So let’s do this for the D6 outputs of 3, 6, 1, 1, 2, 5, 4, 1:

3 6 1 1 2 5 4 1 011 111 001 001 010 101 010 001 01111100 10010101 01010001 124 0x7C 149 0x95 81 0x51

After 8 rolls, we have generated the 3 byte hex string “7C9551″. I repeat the process 5 more times, concatenating the strings, resulting in a hex string with 15 bytes of data. To get the last byte, I only need to roll the D6 three more times, where the two high bits of the last roll is used and the lowest bit is discarded. Let’s say the last D6 outputs were 4, 2, 3, this would result in:

4 2 3 100 010 011 10001001 137 0x89

So the 16 bytes of random data is “7C9551..89″ with “..” replaced by the 5 pieces of 3-byte chunks of data.

So what’s the next step? Depends on what you want to use the random data for. For some purposes, such as generating a high-quality 128-bit AES key, I would be done. The key is right there. To generate a high-quality ECC private key, you need to generate somewhat more randomness (matching the ECC curve size) and do a couple of EC operations. To generate a high-quality RSA private key, unfortunately you will need much more randomness, at the point where it makes more sense to implement a PRNG seeded with a strong 128-bit seed generated using this process. The latter approach is the general solution: generate 128 bits of data using the dice approach, and then seed a CSPRNG of your choice to get large number of data quickly. These steps are somewhat technical, and you lose the pen-and-paper properties, but code to implement these parts are easier to verify compared to verifying that you get good quality entropy out of your RNG implementation.

Categories: Elsewhere

Richard Hartmann: One pot noodles

Planet Debian - Tue, 11/11/2014 - 21:00

I had prepared a long and somewhat emotional blog post called "On unintended consequences" to write a rather sad bit of news off of my heart. While I believe the points raised were logical, courteous, and overall positive, I decided to do something different and replace sad things with happy things.

So anyway, for 3-4 people you will need:

  • The largest, widest cooking pot you can find (you want surface to let more water evaporate)
  • 500g noodles, preferably Bavette)
  • 300g cherry tomatoes
  • ~150g sundried tomatoes
  • ~150g grilled peppers
  • a handful of olives
  • two medium-sized red onions
  • as much garlic as is socially acceptable in your group
  • one or two handful of fresh basil leaves
  • large gulp of olive oil
  • ~100g fresh-ground Parmesan
  • salt, to taste
  • random source of capsaicin, to taste
  • water

Proceed to the cooky part of the evening:

  • Slice and cut all vegetables into sizes of your preference; personally, I like to stay on the chunky side, but do whatever you feel like.
  • Pour the olive oil into the pot; optionally add oil from your sundried tomatoes and/or grilled peppers in case those came in oil.
  • Put the pot onto high heat and toss the chopped vegetables in as soon as it starts heating up.
  • Stir for maybe a minute, then add a bit of water.
  • Toss in the noodles and add just enough water to cover everything.
  • Now is a good time to add salt and capsaicin, to taste.
  • Cook everything down on medium to high heat while stirring and scraping the bottom of the pot so nothing burns. You want to get as much water out of the mix as possible.
  • Towards the end, maybe a minute before the noodles are al dente, wash the basil leaves and rip them into small pieces.
  • Turn off the heat, add all basil and cheese, stir a few times, and serve.

If you don't have any of those ingredients on hand and/or want to add something else: Just do so. This is not an exact science and it will taste wonderful any way you make it.

Categories: Elsewhere

Ben's SEO Blog: Must-Attend Drupal Events of 2015

Planet Drupal - Tue, 11/11/2014 - 20:34

Earlier this year, I posted a blog about Must-Attend Drupal Events of 2014; it was fairly well received so I figured I'd work on a similar list for the 2015 Drupal events.

It appears that BuildAModule keeps their list updated, as does Drupical's map. Instead of categorizing by Drupal Camps or Drupal Cons, this list will simply be in chronological order. I will be updating this blog over the next couple of months as more details are released. Also, don't forget to post in the comments if I missed one; I won't hesitate to add it.

  • DrupalCamp Brighton - Brighton, UK - Jan. 16-18
  • DrupalCamp NJ - Princeton, NJ - Jan. 31
    • The 4th Annual Gathering of Drupalists in the Garden State!
    • @DrupalcampNJ
  • DrupalCon Latin America - Bogotá, Colombia - Feb. 10-12
    • "DrupalCon Latin America is our first DrupalCon in an emerging Drupal community, and we couldn’t be more excited to be hosted by the wonderful people of Bogota, Colombia."
    • Will be held at the RoyalPark Metrotel Convention Center Hotel
    • DrupalCon Latin America is the third DrupalCon in 2015
    • @DrupalconLatino
  • Drupal Camp Utah - Salt Lake City, UT - Feb. 27
    • 5th Annual Drupal Camp Utah
  • DrupalSouth Melbourne - South Wharf, VIC, Australia - Mar. 5-7
  • MidCamp (Midwest Area) - Chicago, IL - Mar. 19-22
  • NYC Camp - New York, NY - Mar. 23-29
    • other site
    • NYC (Nice) Camp is a free, week-long Drupal conference in New York City. We invite you to come learn from some of the brightest minds in Open Source, and expand your horizons. There will be numerous opportunities to contribute back to the community, so jump in!
    • @NYCCampDrupal
  • DrupalCon LA - Los Angeles, CA - May 11-15
    • Host city of the DrupalCon North America conference in 2015.
    • Some of the world's best and biggest museums, universities and entertainment giants are in Los Angeles and they use Drupal. A Drupal powerhouse, Los Angeles is one of the most active areas for Drupal in the world. The Drupal community in and around Los Angeles organizes hundreds of Drupal events each year, including GLADCamp, Drupal Design Camp LA and DrupalCamp LA.
    • While you're enjoying DrupalCon, your family can enjoy Disneyland, bike rides at the beach, and culture and science at the Getty, Museum of Modern Art and the California Science Center. The Downtown area has a thriving nightlife, walkable streets and contrary to popular belief, is the heart of the LA Metro and can be enjoyed car-free.
    • @DrupalConLA
    • @GLADrupal
    • @DrupalConNA
  • DrupalCamp Spain - Jerez, Spain - May 22-24
  • DrupalCon Barcelona - Barcelona, Spain - Sept. 21-25
    • From the colorful tiles of Park Güell to the sparkling Mediterranean, Barcelona is a vibrant city where modernity joins timeless tradition. Experience the culture, festivals, sunny weather and world-class dining with friendly locals, all while celebrating the world’s best open source project.
    • @DrupalConEUR
  • DrupalCamp Bristol - Bristol, UK - date: TBA
drupal, Planet Drupal
Categories: Elsewhere

Mike Hommey: Building a Firefox Debian package

Planet Debian - Tue, 11/11/2014 - 11:26

It’s actually been possible for some time, but I made that simpler recently, and I figured I should mention it.

  • Grab the iceweasel source
    $ apt-get source iceweasel
  • Install its build dependencies
    $ apt-get build-dep iceweasel
  • Build it
    $ cd iceweasel-* $ PRODUCT_NAME=firefox dpkg-buildpackage -rfakeroot
Categories: Elsewhere

Paul Booker: How to give your Drupal site a Canonical URL

Planet Drupal - Tue, 11/11/2014 - 10:35

You will need to modify your .htaccess file located under your web root.

Change ..

# To redirect all users to access the site WITH the 'www.' prefix, # (http://example.com/... will be redirected to http://www.example.com/...) # uncomment the following: # RewriteCond %{HTTP_HOST} . # RewriteCond %{HTTP_HOST} !^www\. [NC] # RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

to ..

# To redirect all users to access the site WITH the 'www.' prefix, # (http://example.com/... will be redirected to http://www.example.com/...) # uncomment the following: RewriteCond %{HTTP_HOST} . RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Tags:
Categories: Elsewhere

John Goerzen: I’m hiring a senior Linux sysadmin/architect

Planet Debian - Tue, 11/11/2014 - 05:29

I’m never sure whether to post such things here, but I hope that it’s of interest to people: I’m trying to hire a top-notch Linux person for a 100% telecommute position. I’m particularly interested in people with experience managing 500 or more OS instances. It’s a shop with a lot of Debian, by the way. You can apply at that URL and mention you saw it in my blog if you’re interested.

Categories: Elsewhere

Gustavo Noronha Silva: Yay, the left won! Or did it?

Planet Debian - Tue, 11/11/2014 - 00:38

Originally published on politi.kov

I have been asked by a bunch of friends from outside of Brazil for my opinion regarding the recent elections we had in Brazil, and it is a bit complicated to explain it without some background, so I decided to write this piece providing a bit of history so that people can understand my opinion.

The elections this year were a rematch of our traditional polarization between the workers party (PT) and the social democracy party (PSDB), which has been going on since 1994. PT and PSDB used to be allies. In the 80s, when the dictatorship dropped the law that forbade more than 2 parties, the opposition party, MDB, began breaking up in several smaller ones.

PSDB was founded by politicians and intelectuals who were inspired by Europe’s social democracy and political systems. Parliamentarism, for instance, is one of the historical causes of the party. The workers party had a more grassroots origin, with union leaders, marxist intelectuals and marxist-inspired catholic priests being the main founders. They drew their inspiration from the USSR and Cuba, and were very close to social movements.

Lula (PT) and FHC (PSDB) campaigning together in 1981, by Clóvis Cranchi Sobrinho

Some people have celebrated the reelection of Dilma Roussef as a victory of the left against the right. In my opinion that view is wrong for several reasons. First, because I disagree that PSDB and Aécio Neves in particular are right-wing, both in terms of economics and social/moral issues. Second, because I believe Dilma’s first government has taken a quite severe turn to the right in several topics that matter a lot to me. Since comparisons with PSDB’s government during the 90s has been one of the main strategies of the campaign this year, I’ll argue why I think it was actually a pretty good government with a lot of left in it.

Unlike what happens in most other places, Brazil does not really have an actual right-wing party, economics-wise. Although we might see the birth of a couple in the near future, no current party is really against public health, education and social security being provided by the state as rights, or wants to decrease state size and lower taxes significantly. It should come as no surprise that even though it has undergone a lot of liberal reforms over the last 20 years, Brazil is still a very closed country, with very high import tariffs and a huge presence of the state in the economy. There is a certain consensus about all of that, with disagreements being essentially on implementation details, not goals.

On the other hand, and contrary to popular belief, when it comes to social and moral issues we are a very conservative people. Ironically, the two parties which have been in power over the last 20 years are quite progressive, being historically proponents of diversity, minorities rights, reproductive rights. They have had to compromise on those causes to become viable alternatives, given the conservative nature of the majority of the voters.

Despite their different origins and beliefs, both parties share socialist inclinations and were allies from the onset. That changed in 1992, when president Collor, who had been elected on a runoff against Lula (who PSDB supported), was impeached by Congress for corruption. With no formal political support and a chaotic situation in his hands, Itamar Franco, the vice president, called for a “national union” government to go through the last two years of his term. PSDB answered the call, but the workers party decided against being part of the government.

Fernando Henrique Cardoso, a sociologist who was one of the leaders of PSDB was chosen to lead the Foreign Relations Ministry, but a few months later got nominated to the Economy. At the time, Brazil lived under hyperinflation of close to 1000% a year, and several stabilization plans had been attempted. Economy Ministers did not last very much in office at the time. FHC gathered a team of economists and sponsored their stabilization plan, which turned out to be highly successful: the Plano Real (“Real Plan”). In addition to introducing a new currency, something that was becoming pretty common to Brazilians by then, it also attacked the structural causes of inflation.

Lula was counting on the failure of the Plano Real when he ran against FHC in 1994, but the plan succeeded, giving FHC two terms as president. During those two terms, FHC introduced several institutional changes that made Brazil a saner country. In addition to the hyperinflation, Brazil had lived a debt crises for decades and was still in default. FHC’s team renegotiated the debts, reopened lines of credit, but most importantly, introduced reforms that made the Brazilian finances and financial system credible.

The problem was not even that Brazil had a fiscal déficit, it just did not have any control whatsoever of money supply and budget. Banks, regardless of whether they were private or public, had very little regulation and took advantage of the hyperinflation to hide monstrous holes in their balances. When inflation was gone and regulation became more strict, those became apparent, and it was pretty clear that the system would collapse if nothing was done.

Some people like to say that FHC was a president who ruled for the rich and didn’t care about the poor. I think the way the potential collapse of the banking system was handled is a great counter-example of that. The government passed laws that made the owners of the banks responsible for the financial problems, regardless of whether caused by mismanagement or fraud. If a bank went under, the central bank intervened and added enough money to protect the deposits, but that money was a loan that had to be repaid by the owners of the bank, and the owners’ properties were added as collateral to the loan. As a brazilian journalist once said, the people did not risk losing their deposits, the bankers did risk losing the banks, though. Today, we have a separate fund, filled with money from the banks, that does what the central bank did back then when required.

Compare that to countries where the banking system was saved with tax payer money and executives kept getting huge bonuses regardless, while owners kept their profits. It is hard to find an initiative that is more focused on the public interest against the interest of the rich people who caused the problem. This legislation, called PROER, is still in place today, and it came along with solid regulation of the banking system. It should come as no surprise that Brazil went through the financial crisis of 2008 with not a single hiccup of the banking system and no fear of bank runs. Despite having been against PROER back in the day, Lula celebrated its existence in 2008, when it was clear it was one of the reasons we would not suffer much. He even advertised it as something that should be adopted by the US and Europe.

It is also pretty common to hear that under FHC social questions were not a priority. I believe it is pretty simple to see that that was not the case both by inspecting the growth of social spending and the improvement of social indicators for the period, such as UN’s human development index. One area in which people are particularly critical of the FHC government is the investment on higher education, and they are actually quite right. Brazil has free Federal universities and those did not get a lot of priority in the 90s. However, I would argue that while it is a matter of priorities, it is not one of education versus something else, but rather of what to invest on inside education. The reality is basic education was the priority.

When FHC came to power, Brazil had a significant number of children who were not going to school at all. The goal was to make access to schools universal for young children, and that goal was reached. Every child has been going to school since the early 2000s, and that is a significant achievement which reaches the poorest. While the federal universities are attended essentially by the Brazilian elite, given the difficulty of passing the exams and the relative lack of quality of free public schools compared to private ones, which is still a reality to this day, investment on getting children to even go to school for the early years has a significant impact on the lives of the poorest.

It is important to remember that getting every child to go to school is also what gave birth to one of the most celebrated programs from the Lula era: Bolsa Família (“Family Allowance”) is a direct money transfer to poor families, particularly those who have children and has been an important contribution to lowering inequality and getting people out of extreme poverty. To get the money, the families need to ensure their children are 1) attending school and 2) getting vaccinated.

That program comes from the FHC government, in which it was created with the name Bolsa Escola (“School Allowance”), in its turn inspired by a program of the same name by governor Cristovam Buarque, from PT. What Lula did, and he deserves a lot of credit for this, was to merge a series of smaller programs with Bolsa Escola, and then expand the program to ensure it got to more and more people. Interestingly, during the announcement of the program he credited the idea of doing that to a state governor from PSDB. You can see why I think these two should be allies again.

When faced with all these arguments, people will eventually say that FHC was bad because he privatized companies and used orthodox economic policies. Well, if that is what it takes, then we’ll have to take Lula down with him, because his first term was essentially a continuation of FHC’s second term: orthodox economic policies to keep inflation down, along with privatization of several state-owned companies and banks. But Lula, whom I voted for and whose government I believe was a good one, is not my subject: Dilma is.

On Lula’s second term, Dilma gained a lot of power when other major leaders of PT went down for corruption. She became second in command and started leading several programs. A big believer in developmentalism, she started pushing for a bigger role of the state in the coordination of the productive sector, with a clear focus on growing the industrial base.

One of the initiatives she sponsored was a sizable increase on the number and size of subsidized loans given out by the national development bank (BNDES). Brazil started an unnofficial “national champions” program, where the government elected a few big companies to get a huge amount of subsidized credit.

The goal was for these selected firms to get big enough to be competitive on the global market. The criteria for the choices is completely opaque, if it even exists, and includes handing out milions in subsidized credit for Eike Batista, who became Brazil’s richest enterpreneur for a while, and lost pretty much everything when it became clear the oil would not be pumping out of his campos, after all, sinking with it a huge amount of public funds invested by BNDES.

The way this policy was enacted, it is unclear how much it really costs in terms of public funds: the Brazilian treasury emits debt to capitalize, lends that money to BNDES with higher than market interest, and BNDES then lends it out to the big companies with a lower than market interest rate. Although it is obviously unsustainable, the problem does not yet show in the balance because the grace period for BNDES debt with the treasury is 2040. The fact that this has a cost and, perhaps more importantly, a huge opportunity cost is not clear because it is not part of the government budget. Why are we putting money in this rather than quadrupling Bolsa Família, which studies show generates 1,78 reais in PIB for every 1 real invested? Worse, why are we not even updating Bolsa Família enough to cover inflation?

When Dilma got elected in 2010, the first signs were pretty bad. She was already seen as someone who did not care much for the environment, and on her first month in power she made good on that promise by pushing to get the Belo Monte Dam building started as soon as possible regardless of conditionalities being satisfied. To this day there are several issues with how the building of the dam is going: the handling of the indigenous people and the small city nearby are lacking, conditionalities are not met.

Beyond Belo Monte, indigenous leaders are being assassinated, deforestation in the Amazon forest has increased by 122% in 2014 alone. Dilma’s answer to people who question her on these kinds of issues is essentially: “would you rather not have electric power?”

Her populist authoritarian nature and obsession with industry are also pretty evident when it comes to her policies in the energy area as a whole. She showed up in national tv on the eve of our independence day celebration to announce a reduction in electric tariffs, mainly for industry, but also for homes. Nobody really knew how. The following week she sent a fast-track project to Congress to automatically renew concessions of power grid operators, requiring those who accepted it to lower tariffs, instead of doing an auction, which was already necessary anyway because the concessions were up on 2015. There was no discussion with stakeholders, there was just a populist announcement and a great deal of rhethoric to paint anyone who opposed as being against the people.

And now, everything went into the crapper because that represented a breach of contract that required indemnification, and we had a pretty bad drought that made power more expensive given the need to turn on the thermal generators. Combining the costs of the thermal generation, indemnity, and financial fallout that the grid operators suffered, we are already at 105 billion reais and counting, nobody knows how high the cost will reach. Any reduction in tariffs has long been invalidated. And the fact that industry has lowered production significantly ends up being good news, we would probably be under rationing already if that was not the case.

You would expect someone who fought a dictatorship to be pretty good in terms of human and civil rights. What we see in reality is a lack of respect for those things. During the world cup, Dilma has put the army on the streets and has supported arbitrary behaviour from state polices throughout the country. They jailed a bunch of demonstrators preemptively. No shit. The would be demonstrators were kept in jail throghout the tournament under false accusations. Dilma’s Minister of Justice said several times that the case against them was solid and that the arrests were legal, but it turned out the case simply did not exist. Just this week we had a number of executions orchestrated by policemen in the state of Pará and there is zero reaction from the federal government.

In the oil industry, Dilma has enacted a policy of subsidizing gas prices by using a fixed price that used to be lower than the international prices (it is no longer the case with the fall in international prices). That would not be a problem if Brazil was selfsufficient in oild and gas, which we are not: we had to import a significant amount of both. The implicit subsidy cost Petrobrás a huge amount of cash – the more gas it sold, the bigger the losses. This lead not only to decreasing the company’s market value (it is a state-controlled, but open company), but to reducing its capacity of investment as well.

That is more problematic than it sounds because, with our current concession model, every single oil camp needs to have Petrobrás as a member of the consortium. Limiting the company’s investment capacity limits the rate at which our pre-salt oil camps can be explored and thus the speed at which we can become selfsufficient. Chicken and egg anyone?

To make things worse, Dilma has made policies that lowered taxes on car production, used to foster economic activity during the crisis in 2008-2010, essentially permanent. This lead to a significant increase in traffic and polution on Brazilian cities, while at the same time increasing the pressure on Petrobrás, which had to import more and more gas. Meanwhile, Brazilian cities suffer from a severe lack of mobility infrastructure. A recent study has shown that Brazil has spend almost twice as much subsidized money on pro-car policies than on pro-mass transit projects. Talk about good usage of public funds.

One of the only remaining good news the government was still able to mention was the constant reduction in extreme poverty. Dilma was actually ellected promising to erradicate extreme poverty and changed the government’s slogan to “A rich country is a country with no poverty” (País rico é país sem pobreza). Well, it turns out all of these policies caused inequality and extreme poverty both to stop falling as of 2013. And given the policies were actually deepened in 2014, I believe it is very likely we’ll see an increase in both when we get the data for 2014, next year.

Other than that, her policies ended up being a complete failure. Despite giving tax benefits to several sectors, investment has fallen, growth has fallen and inflation is quite high at 6,6% for the last 12 months. In terms of minorities, her government has been a severe set back, with the government going back on educational material against homophoby saying it would not do “advertisement of sexual choice”, and going back on a decree that allowed the public health system to perform abortions on the cases allowed by the law (essentially if the woman has been raped).

Looking at Dilma’s policies, I really can’t see that much of the left, honestly. So why, you might ask, has this victory been deemed a victory of the left over the right? My explanation is the aura the workers party still manages to keep over itself. There’s a notion that whatever PT does, it will still be more to the left than PSDB, which I think is just crazy.

There is also a fair amount of idealizing Dilma just because she is Lula’s protegé. People will forgive anything, provided it is the workers party doing it. Thankfully, the number of people aligned on the left that supported the candidate from PSDB this election tells me this is changing quite rapidly. Hopefully that leads to PT having to reinvent itself, and get in touch with the left again.

Categories: Elsewhere

Steinar H. Gunderson: Chess analysis

Planet Debian - Tue, 11/11/2014 - 00:37

For those watching the World Chess Championship: I've put up an analysis site that runs during the games. (They start 12:00 GMT every day, except rest days. 15:00 local Sochi time.)

Rambling ahead:

Interest has been fabulous; what started with something like 30-40 viewers in the first game of last year, peaked at 650 during game 2 of this match. I have no idea where they come from, but seemingly word of mouth has created interest, and after I upgraded to a 20-core Haswell-EP, it's easily the place where you can get the strongest chess analysis (save for maybe Chessdom, if you pay for the premium option). Enough interest that I can't be lazy with the scaling anymore; glad I rewrote the JSON serving engine for an earlier tournament. (One Perl process per user didn't really work well anymore; now it's on Node.js because the event-based model fits that exact problem domain really well. I tried learning Go for it at first, but it really didn't work out well for me. Somehow the syntax is just too ugly, and the channels-of-channels stuff is too constrained a way for me to think.) I've received emails from Italy and Buenos Aires. Seen visitors from something like 15 different countries at a time. Probably that's massively undercounting. Chess is an Internet sport.

I had problems enough with bandwidth (choose between wasting 2–3 cores for Varnish gzipping the same data over and over again, or using 200 Mbit/sec of bandwidth) that I had to code in support for gzip in the backend, too. I dread the day when I have to support JSON diffing or something, but I think I've generally just made it small enough that we shouldn't see too big of a problem in game 3. I think we can sustain something like 10k users right now. Plan for scaling 10x, but not 100x. Check.

I struggle with Perl segfaults (I use Perl to control the two analysis engines, combine everything together and output the JSON that's the basis of what's being shown on the page). They always come at the worst possible time, but so rarely that it's impossible to reproduce. I've considered trying Perl from jessie instead of wheezy, but dist-upgrade in the middle of a match would be madness. Optionally I could try to switch to another language, but that would only give me a new set of problems to discover. (There's a surprising amount of code already.)

Rambling over. Good luck to both players!

Categories: Elsewhere

Promet Source: <a href="/blog/developing-promet-way-part-i">Developing the Promet Way: Part I</a>

Planet Drupal - Mon, 10/11/2014 - 23:42

How often do pushes turn into nail biting, hair pulling, obscenity screaming, hours-long events? How often does one hear, “It works on my machine!” How fast can you push all the work (bug fixes, new features, etc.)  to production? Theoretically, only in the time necessary to deploy the code.

Categories: Elsewhere

Pages

Subscribe to jfhovinne aggregator