Back in 2009, I set up githubredir.debian.net, a service that allowed following using uscan the tags of a GitHub-based project.
Maybe a year or two later, GitHub added the needed bits in their interface, so it was no longer necessary to provide this service. Still, I kept it alive in order not to break things.
But as it is just a silly web scraper, every time something changes in GitHub, the redirector breaks. I decided today that, as it is no longer a very useful project, it should be retired.
So, in the not too distant future (I guess, next time anything breaks), I will remove it. Meanwhile, every page generated will display this:
(of course, with the corresponding project/author names in)
Consider yourselves informed.AttachmentSize githubredir.png37.68 KB
Wrapping up today, Drupalcon Amsterdam created a big buzz around Drupal 8. A crew of over 2,100 participated in sessions, sprints and keynotes, and celebrated the release of the Beta 1 version of Drupal 8.
The MirBSD Korn Shell has got a new security and maintenance release.
This release fixes one mksh(1)-specific issue when importing values from the environment. The issue has been detected by the main developer during careful code review, looking at whether the shell is affected by the recent “shellshock” bugs in GNU bash, many of which also affect AT&T ksh93. (The answer is: no, none of these bugs affects mksh.) Stephane Chanzelas kindly provided me with an in-depth look at how this can be exploited. The issue has not got a CVE identifier because it was identified as low-risk. The problem here is that the environment import filter mistakenly accepted variables named “FOO+” (for any FOO), which are, by general environ(7) syntax, distinct from “FOO”, and treated them as appending to the value of “FOO”. An attacker who already had access to the environment could so append values to parameters passed through programs (including sudo(8) or setuid) to shell scripts, including indirectly, after those programs intended to sanitise the environment, e.g. invalidating the last $PATH component. It could also be used to circumvent sudo’s environment filter which protected against the vulnerability of an unpatched GNU bash being exploited.
tl;dr: mksh not affected by any shellshock bugs, but we found a bug of our own, with low impact, which does not affect any other shell, during careful code review. Please do update to mksh R50c quickly.
Drupal has immersed all our lives in the web, and the biggest conclusion we can draw from this DrupalCon is that Drupal in particular and we, as creators and consumers of Drupal, are all being rocked to the core by the fast pace of change in the industry. Changes in the development, scope, architecture, process and workforce dynamics prevalent in the development and acquisition of ever-more complex web applications and systems are rocking Drupal too, and the result is a scrambling for solid footing.
The footing we all find, and the journeys we take to find it, will determine our future.
First and foremost we need to come to grips with the debates, with what is shaping up. We need to learn a lot just to fathom the consensus on what the options are now. Then we must prick up courage and make choices.
But one truth is acknowledged by all: there is no simple and straightforward path forward, from here on in we mix and match, we build on an industry-wide workbench to common standards, or we build not at all. There is no more protective balloon, the big blue bubble has burst, or worse, is in the act of bursting now.
But this is not a bad thing. We just need to keep our heads, even if Drupal cannot. If we can drive @eaton's Promiscuous Drupal to its logical limit, if we can Keeping it Simple with @sdboyer we can "bring that knowledge back to the community" no matter what, as @crell guides us through Managing Complexity (be sure to check out his reading list) and the portals decouple, while beset with New Wave PHP, and at every turn: Drupal in the Hip Hop Virtual Machine with the @outlandishjosh.
That's the intoxication of sampling the key presentations from this historic DrupalCon Amsterdam 2014: let's find out what it's all about.
Of course, this is just my own shortlist (grouped by topics, of which, it is worth pointing out, headless is second only to Drupal 8 and way ahead of anything else as a concern), but whether or not I left out any well-deserving items from the list, it's more than enough to be able to say "Wow, we live in interesting times".Keynote
- Drupal 8: The Crash Course
- Managing Complexity
- Drupal 8 CMI on Managed Workflow
- Twig and the new Drupal 8 Theme System
- Drupal 8 multilingual hands-on
- Drupal 8 Media
- Turbocharging Drupal syndication with Node.JS
- Decoupled Front-end and the Future
- Building Modern Web Applications with Ember.js and Headless Drupal
- A Decoupled Drupal with Silex
- BOF: Zariz & RESTful - We've got your headless covered
- Drupal in the Hip Hop Virtual Machine
- New Wave PHP
- OOP For Drupal Developers
- Drupal’s PHP Component Future
- Styleguide-Driven Development: The New Web Development
- Distributed Companies are the Future
- Open Source Enterprise Continuous Delivery with "Go"
Check some of these out, we need to talk about this over the next few days.
And in later articles and repos, I will be sharing concrete examples of how I am dealing with all of this, and how I am planning, well, my future.
The Drupal 7 Search Krumo Module extends the Devel module and makes it easier to debug PHP variables while developing Drupal modules or building Drupal themes. It adds a simple search box that allows you to quickly search through the Krumo output that is generated by the dpm function.
If you want to try it out quickly, simply download and install the module and run the following code on the variable you want to debug:Tags: DrupalDrupal 7Module DevelopmentTheme DevelopmentDrupal PlanetTips and Tricks
You are a software vendor. You distribute software on multiple operating systems. Let’s say your software is a mildly popular internet browser. Let’s say its logo represents an animal and a globe.
Now, because you care about the security of your users, let’s say you would like the entire address space of your application to be randomized, including the main executable portion of it. That would be neat, wouldn’t it? And there’s even a feature for that: Position independent executables.
You get that working on (almost) all the operating systems you distribute software on. Great.
Then a Gnome user (or an Ubuntu user, for that matter) comes, and tells you they downloaded your software tarball, unpacked it, and tried opening your software, but all they get is a dialog telling them:
Could not display “application-name”
There is no application installed for “shared library” files
Because, you see, a Position independent executable, in ELF terms, is actually a (position independent) shared library that happens to be executable, instead of being an executable that happens to be position independent.
And nautilus (the file manager in Gnome and Ubuntu’s Unity) usefully knows to distinguish between executables and shared libraries. And will happily refuse to execute shared libraries, even when they have the file-system-level executable bit set.
You’d think you can get around this by using a .desktop file, but the Exec field in those files requires a full path. (No, ./ doesn’t work unless the executable is in the nautilus process current working directory, as in, the path nautilus was run from)
Dear lazyweb, please prove me wrong and tell me there’s a way around this.
Suppose you build a site, it works great, the client loves it, you launch it, and the client still loves it. Yay! Now life goes on, and six months later, the client comes back to you saying they see a red box when they are logged in, with a message about security updates. You look and see that Drupal core, ctools, rules, views, commerce, date, and a handful of other modules have updates availalbe. Some are security updates, and others are bugfix/feature updates.
So you want to update this code to resolve security issues and improve the functionality of the site. But how can you be sure that these code updates will not hurt or break any of the existing functionality? You could revisit all of your feature work from six months to a year ago and confirm that those features still work as intended. But that can be time consuming and disrupt your other work.
So how do you make updates, whether updating contrib code or doing new custom work, with confidence that you're not breaking essential funcionality and without wasting countless hours doing a bunch of manual testing?A Better Solution: Automated Testing
Let a machine do it for you. There are several categories of automated testing:
- Unit testing. This tests that a small piece of code, a function, behaves as expected.
- Integration testing. These combine several Unit tests in logical groups, to ensure that they work together properly.
- System testing. This tests the system as a whole, and is mainly code oriented, but starts to touch how real people would use the system.
- Behavioral testing. Acceptance testing. Customer testing. This involves clickthroughs, user behavior. This is what we are mainly interested in, and what I am talking about today. You will also hear this referred to as BDD or Behavior Driven Development.
Behat is an automated testing system. Its strength is in behavioral testing, so it fits perfectly in our use case.
Behat tests are written in plain English phrases which are then combined into human readable scenarios. This was inspired by Ruby's Cucumber project and Gherkin syntax. This is probably the most appealing aspect of Behat. Most tests are understandable by anyone, whether you're a developer, project manager, or business owner.
Behat is the core framework used for running tests. It is capabable of testing several types of systems: terminal commands, REST APIs, etc. To enable Behat to test web pages, you need to add Mink and a browser emulator to the mix. Mink functions as the connector between Behat and browser emulators, and provides a consistent testing API.
So when you hear people talking about Behat, they're usually talking about all three components: Behat, Mink, and browser emulators.Why Behat Versus Others?
Mainly becuase of popularity, which comes mainly from its human readability. There are certainly other contenders with other strengths, but we're focusing on Behat today because it is a popular PHP-based testing framework. Its tests are written as human readable scenarios, can be easily extended by writing additional PHP methods, and, as you'll see soon, getting set up is not too difficult.Business Use
Even though this all seems like a good thing, it does take some time to write tests, set up a testing environment, and determine what the best tests are. We need to allocate time to do this, and it shouldn't just be a surprise at the end of the project. Automated testing should be considered in several phases of a web project. When writing custom code, it's a good practice to write unit tests, and time should be allocated for that. When developing custom features for a site, behavioral tests should be written to accompany them, and again, time should be allocated. It's good if clients know at the beginning of a project that test writing is part of the development process, and test running is part of deployment.
Things that are measured always get more attention than things that just happen. Clients should have a large say in what is measured and tested. As a result, project managers can gain a better insight into priorities of the client and project. By making behavior tests something that is intentionally done, project stakeholders must clarify and prioritize the most important aspects of the site.Run Tests
Let's use the scenario where we're ensuring that the user login experience is correct. This will verify that the site is up & running, that valid users can log in, and that invalid credentials will not work. Here's a test run, using a local development site:
And it only takes a few seconds to run.
If you run this test after a code update and find that the test fails, you know immediately that something must be fixed before it can be deployed to the production environment.Write Tests
Behat tests are written in "Feature" files. They're just text files with a .feature extension on the name, instead of .txt or .php. They are usually placed in a "features" directory inside your Behat directory. More on that in the next section.
In the test run above, I was in my project's Behat directory, and ran bin/behat features/loginout.feature. That launches Behat and tells it to run the tests that are in loginout.feature. Here are the entire contents of that file:Feature: Log in and out of the site. In order to maintain an account As a site visitor I need to log in and out of the site. Scenario: Logs in to the site Given I am on "/" When I follow "Log In" And I fill in "Username" with "admin" And I fill in "Password" with "test" And I press "Log in" Then I should see "Log out" And I should see "My account" Scenario: Logs out of the site Given I am on "/" When I follow "Log In" And I fill in "Username" with "admin" And I fill in "Password" with "test" And I press "Log in" And I follow "Log out" Then I should see "Log in" And I should not see "My account" Scenario: Attempts login with wrong credentials. Given I am on "/" When I follow "Log In" And I fill in "Username" with "badusername" And I fill in "Password" with "boguspass" And I press "Log in" Then I should see "Sorry, unrecognized username or password." And I should not see "My account"
Indentation is only for readability, and has no impact on how the tests are run.
Now let's look at each line and see what each is doing. The first few lines are essentially comments.
Feature: Log in and out of the site.
^ Name of the feature.
In order to maintain an account
As a site visitor
I need to log in and out of the site.
^ Feature itself.
Behat tests are written in the form of scenarios, and they comprise the rest of the feature file.
Scenario: Logs in to the site
^ Description of the first scenario.
Given I am on "/"
^ The context. This is the first line that is actually executed. In this case, it will load "/" (the home page) in a browser.
This (a "Given") as well as the next things ("When" and "Then") are each called a "Step."When I follow "Log In" And I fill in "Username" with "admin" And I fill in "Password" with "test" And I press "Log in"
^ The events that need to happen. When kicks it off. And adds more events. If Behat is unable to do any of these events, the test will fail. I follow "Log In" looks for a link with the text "Log In" and clicks it. I fill in "Username" with "admin" looks for a field with the label of "Username" and types "admin" into it. I press "Log in" looks for button with the text "Log in" and presses it. Pro tip: follow is for clicking links, and press is for buttons on forms.Then I should see "Log out" And I should see "My account"
^ The desired outcome. Then starts it, and And adds more outcomes. These are the actual tests that need to pass. Other testing frameworks often call these "assertions". I should see "Log out" looks for the text "Log out" anywhere on the page.
The other two scenarios follow the same format, as well as using not to ensure that certain things do not happen.
That's the quick walkthrough of writing scenarios, but you can dig deeper at http://docs.behat.org/en/v2.5/quick_intro.html#define-your-feature and http://docs.behat.org/en/v2.5/guides/1.gherkin.html and find out about other aspects like Scenario Outlines, Backgrounds and Multiline Arguments.Get Set Up
I've looked at several resources from behat.org and elsewhere, and ended up just having to piece things together to get something that will work. I've consolidated those notes to ease the setup in the future. Behat Installation and Use.
There are a number of dependencies, so the easiest way to handle them all is to let composer do it for you. So install composer if you haven't already. On a mac, using homebrew works great: brew install composer.
Make a Behat directory, either for a project you're working on, or in a generic location. Copy this composer.json file into it. Run composer install, which might take a while. It's installing Behat, Mink, several Mink extensions, and webdriver, which is for Selenium. Then run bin/behat to make sure that Behat is actually available and doing something. You should see something like No scenarios.
In your Behat directory, add a features folder if there's not one already, and add a something.feature file to it. You can use this loginout.feature as an example.
The last thing you need is a behat.yml file in your Behat directory. Use this behat.yml as an example, replacing the domain with the site you want to test. Also remove the selenium2 line if you're not using it.
At this point, running bin/behat in your Behat directory should run any tests located in the features directory.
Hopefully, that gets you started on your road to readable automated testing. The best resources I've found are on the behat site. You'll probably be redirected to something like http://docs.behat.org/en/v2.5/. Please leave a comment with your successes or other suggestions. Thanks for reading, and good luck!
Kudos to Matthew for taking a stance. It has, not surprisingly, provoked a lot of comments and feedback, most of it unpleasant.
If I did anything that was directly related to Intel, I'd join him, but I do very, very little architecture dependent stuff anymore.
I will, however, say this: Even if the "gamergate" were actually about good journalism and ethics (and it's clear it isn't), if your reaction to a differing opinion is abuse, harrassment, and other kinds of psychological violence, you're not making anything better, you're making it all worse.
Reasonable people can handle disagreement without any kind of violence.
Announcing the sprint cards! My team created these cards as a condensed version of the DrupalCon Autsin mentor training. They summraize the top tasks needed for new contributors and coders and can be printed at any local print shop (usually in 12-24h) because we formatted them to be printed on standard business cards. So they are cheap to print and ready when you need them.
These cards have been seen at many Drupal events now and they get a good response wherever they go. The first sprint where they appeared was at the Jersey Shore (thanks again to the NJ team for bringing us there!) and they have since been at camps across North America and now at DrupalCon Amsterdam.
Take this information to your local print shop.
- Business card size (formatted for North America, so 3.5 × 2 inches... in metric that is 88.9 × 50.8mm [you may ask them to "scale" the PDF to your local size])
- cardstock (thick paper)
- matte (not glossy... sometimes people want to write on them)
- "no bleed" (extra cropping not necessary)
- PDF file
- quantity $x (most print shops have a special rate for different quantity, good to ask)
Exactly 15 years ago I uploaded to Debian the first release of my whois client.
At the end of 1999 the United States Government forced Network Solutions, at the time the only registrar for the .com, .net and .org top level domains, to split their functions in a registry and a registrar and to and allow competing registrars to operate.
Since then, two whois queries are needed to access the data for a domain in a TLD operating with a thin registry model: first one to the registry to find out which registrar was used to register the domain, and then one the registrar to actually get the data.
Being as lazy as I am I tought that this was unacceptable, so I implemented a whois client that would know which whois server to query for all TLDs and then automatically follow the referrals to the registrars.
But the initial reason for writing this program was to replace the simplistic BSD-derived whois client that was shipped with Debian with one that would know which server to query for IP addresses and autonomous system numbers, a useful feature in a time when people still used to manually report all their spam to the originating ISPs.
Over the years I have spent countless hours searching for the right servers for the domains of far away countries (something that has often been incredibly instructive) and now the program database is usually more up to date than the official IANA one.
One of my goals for this program has always been wide portability, so I am happy that over the years it was adopted by other Linux distributions, made available by third parties to all common variants of UNIX and even to systems as alien as Windows and OS/2.
Now that whois is 15 years old I am happy to announce that I have recently achieved complete world domination and that all Linux distributions use it as their default whois client.
You will find often find the less you are allowed to do with a computer the more user friendly it seems. This is hardly a coincidence. You need to make your decisions on how much inconvenience you are willing to take for freedom in computing. The first and most important step is to make these decisions deliberate. Perhaps after the keynote this necessity is clear.
I will detail my choices and my rationale. As Doctorow said, I avoid everything Apple. They have made DRM'd computing mainstream and I do not really want anything to do with them. When work makes me use a Mac (happens) then I use a very old second hand Mac Mini but have plans to switch to a Hackintosh. The best is if you can find a free hand down piece to make sure you are not fueling the Apple ecosystem even indirectly. And, I run OS X 10.7.4 because 10.7.5 comes with Gatekeeper and that software is simply not acceptable because it can limit the computer to only run Apple sanctioned applications. Another possible choice is to refuse work that requires a Mac -- I never claimed to be perfect.
Alas, the above decision makes you use Linux as your primary OS. Mind you: there are no good choices in the OS space. The "classic" Linux problems of laptops not sleeping, wifi, projectors are gone by now. Buying printers need a little care but most work.
Probably you want a smartphone and with the iPhone ruled out that probably means an Android phone. Pick one with an unlockable bootloader and install a custom recovery and a custom ROM. Consider as you install each free app on what are you giving up. I decided that using Google Maps is worth it for me but that's something everyone needs to decide for themselves and that's one of the hardest decisions. Practice healthy paranoia by sniffing your own traffic with tPacketCapture or a similar tool from time to time to make sure you know what's happening on the phone.
Speaking of traffic, make sure you can trust your router: buy one that is compatible with open source firmware and flash one. I was much afraid to make this step because I feared I will get another maintenance and/or stability nightmare but nothing like that occured. These days you can find a few with preinstalled DD-WRT even. If you choose one of these, make sure to email the manufacturer saying you've choosen their device because of the open source firmware. This perhaps will spur them to make more of the same. There are companies that purport open source compatibility but at the same time the small print says installing such violates warranty. Ask them why.
In eReaders, avoid the Kindle. I had a Kindle once -- the Paperwhite screen made me waver -- but no longer. These days I have a Kobo Aura HD for the beautiful screen of it. Make sure your eReader radio is off. Another of those convenience vs freedom decisions -- I very strongly prefer my device and my books being controlled by me and in turn I can suffer plugging the reader in to download a book or four. I recommend buying books from Barnes & Noble because their DRM is super easy to remove. Don't forget to email them thanking for this -- it's understandable they don't have the choice to sell DRM free books but at least they don't use the vile Adobe system many places use. Also, tech books at O'Reilly are DRM free, yay!
Campbell and I presented our session, Coder vs. Themer, Thursday morning and it was a huge success! The gist of the session was this: Campbell and I are both martial artists in addition to Drupalists, and we drew comparisons between our respective martial arts (Ninjitsu and Kung fu) and our respective Drupal roles (coder and themer). Then we both attempted, in real time, to build a Drupal site from a markup. I could only use the theme layer and Campbell could only use the code/module layer. The 302 attendees were more than spectators, they were active participants, cheering us on when we found clever solutions and booing when we took hacky shortcuts! Who won?!Watch the video (slides with audio) and decide for yourself!!
Later that afternoon we also led a BOF (Birds of a Feather) expanding on our earlier session. We dubbed this follow-up Coder vs. Themer: Fight Club, and in it the attendees are divided into small development teams, each containing at least one coder and one themer. We then challenged them to collaborate and build out mockups. We had the luxury of having Augustin Delaporte and Robert Douglass of Commerce Guys there to provide development servers on their platform.sh hosting platform. All the teams did well and more importantly everyone had fun.
Drupalcon Amsterdam’s closing session always has the big reveal of next year’s European Drupalcon venue, and we were all very excited when it was announced that the 2015 Drupalcon Europe would take place in beautiful Barcelona, Spain on September 21-25. Campbell and I cannot wait and are already planning several new, fun, energetic, and engaging sessions!
Our industry needs a new position. A person whose entire job is owning, directing and overseeing a website. We need a new title for them. I propose we call them Digital Experience Directors.
The current landscape for smaller companies
At best, people who currently do this work are called Web Master, Site Administrator or Marketing Coordinator—all titles which are low on the political totem pole. At worst (and more commonly), it’s a task tacked on to someone’s job, often forgotten or ignored.
How this hurts companies
Businesses suffer because of this hierarchy. The lack of long-term strategic oversight devalues the investments companies make in websites. Relegating content upkeep to roles without director-level authority creates headless websites. This usually produces sites with:
For my 31st birthday I decided to build myself a computer, specifically a NAS and backup server which could do some other bits and pieces. I ended up buying a system based on the Gigabyte J1900N-D3V SoC from Mini-ITX (who's after sales support is great, by the way).
I hope to write up a more comprehensive overview of what I've ended up with (probably in my rather dusty hardware section), but in the meantime I have a question for anyone else with this board:
If you've upgraded the BIOS, do the more recent BIOS versions insist on there being a display connected in order to boot?
Sadly the V1 BIOS version does, which seriously limits the utility of this board for my purposes. I did manage to flash the board up to V3, once, but it later decided to downgrade itself (believing the flashed BIOS to be corrupt). I haven't managed a second time. The EFI implementation in this board is... interesting. Convincing it to boot anything legacy is a tricky task.
As an aside, I recently stumbled across this suggestion on reddit to use an old-ish, Core-era Thinkpad T-series with a dock for this exact purpose: the spare ultrabay gives you two SATA drive slots; the laptop battery serves as a crude UPS and there's a built in keyboard and mouse, avoiding the issue I'm having with the J1900N-D3V. A Core i5 is more than fast enough for what I want to do and it will have vt. Hindsight is a wonderful thing...
It's taken me a while to get sufficiently riled up about Australia's current Islamaphobia outbreak, but it's been brewing in me for a couple of weeks.
For the record, I'm an Atheist, but I'll defend your right to practise your religion, just don't go pushing it on me, thank you very much. I'm also not a huge fan of Islam, because it does seem to lend itself to more violent extremism than other religions, and ISIS/ISIL/IS (whatever you want to call them) aren't doing Islam any favours at the moment. I'm against extremism of any stripes though. The Westboro Baptists are Christian extremists. They just don't go around killing people. I'm also not a big fan of the burqa, but again, I'll defend a Muslim woman's right to choose to wear one. They key point here is choice.
I got my carpets cleaned yesterday by an ethnic couple. I like accents, and I was trying to pick theirs. I thought they may have been Turkish. It turned out they were Kurdish. Whenever I hear "Kurd" I habitually stick "Bosnian" in front of it after the Bosnian War that happened in my childhood. Turns out I wasn't listening properly, and that was actually "Serb". Now I feel dumb, but I digress.
I got chatting with the lady while her husband did the work. I got a refresher on where most Kurds are/were (Northern Iraq) and we talked about Sunni versus Shia Islam, and how they differed. I learned a bit yesterday, and I'll have to have a proper read of the Wikipedia article I just linked to, because I suspect I'll learn a lot more.
We briefly talked about burqas, and she said that because they were Sunni, they were given the choice, and they chose not to wear it. That's the sort of Islam that I support. I suspect a lot of the women running around in burqas don't get a lot of say in it, but I don't think banning it outright is the right solution to that. Those women need to feel empowered enough to be able to cast off their burqas if that's what they want to do.
I completely agree that a woman in a burqa entering a secure place (for example Parliament House) needs to be identifiable (assuming that identification is verified for all entrants to Parliament House). If it's not, and they're worried about security, that's what the metal detectors are for. I've been to Dubai. I've seen how they handle women in burqas at passport control. This is an easily solvable problem. You don't have to treat burqa-clad women as second class citizens and stick them in a glass box. Or exclude them entirely.
Recently, as part of the anti-women #GamerGate campaign, a set of awful humans convinced Intel to terminate an advertising campaign because the site hosting the campaign had dared to suggest that the sexism present throughout the gaming industry might be a problem. Despite being awful humans, it is absolutely their right to request that a company choose to spend its money in a different way. And despite it being a dreadful decision, Intel is obviously entitled to spend their money as they wish. But I'm also free to spend my unpaid spare time as I wish, and I no longer wish to spend it doing unpaid work to enable an abhorrently-behaving company to sell more hardware. I won't be working on any Intel-specific bugs. I won't be reverse engineering any Intel-based features. If the backlight on your laptop with an Intel GPU doesn't work, the number of fucks I'll be giving will fail to register on even the most sensitive measuring device.
On the plus side, this is probably going to significantly reduce my gin consumption.
 In the spirit of full disclosure: in some cases this has resulted in me being sent laptops in order to figure stuff out, and I was not always asked to return those laptops. My current laptop was purchased by me.
 I appreciate that there are some people involved in this campaign who earnestly believe that they are working to improve the state of professional ethics in games media. That is a worthy goal! But you're allying yourself to a cause that disproportionately attacks women while ignoring almost every other conflict of interest in the industry. If this is what you care about, find a new way to do it - and perhaps deal with the rather more obvious cases involving giant corporations, rather than obsessing over indie developers.
For avoidance of doubt, any comments arguing this point will be replaced with the phrase "Fart fart fart".
 Except for the purposes of finding entertaining security bugs
This is my monthly summary of my free software related activities. If you’re among the people who made a donation to support my work (26.6 €, thanks everybody!), then you can learn how I spent your money. Otherwise it’s just an interesting status update on my various projects.Django 1.7
Since Django 1.7 got released early September, I updated the package in experimental and continued to push for its inclusion in unstable. I sent a few more patches to multiple reverse build dependencies who had asked for help (python-django-bootstrap-form, horizon, lava-server) and then sent the package to unstable. At that time, I bumped the severity of all bug filed against packages that were no longer building with Django 1.7.
Later in the month, I made sure that the package migrated to testing, it only required a temporary removal of mumble-django (see #763087). Quite a few packages got updated since then (remaining bugs here).Debian Long Term Support
I have worked towards keeping Debian Squeeze secure, see the dedicated article: My Debian LTS report for September 2014.Distro Tracker
The pace of development on tracker.debian.org slowed down a bit this month, with only 30 new commits in the repository, closing 6 bugs. Some of the changes are noteworthy though: the news now contain true links on bugs, CVE and plain URLs (example here). I have also fixed a serious issue with the way users were identified when they used their Alioth account credentials to login via sso.debian.org.
On the development side, we’re now able to generate the test suite code coverage which is quite helpful to identify parts of the code that are clearly missing some tests (see bin/gen-coverage.sh in the repository).Misc packaging
Publican. I have been behind packaging new upstream versions of Publican and with the freeze approaching, I decided to take care of it. Unfortunately, it wasn’t as easy as I had hoped and found numerous issues that I have filed upstream (invalid public identifier, PDF build fails with noNumberLines function available, build of the manual requires the network). Most of those have been fixed upstream in the mean time but the last issue seems to be a problem in the way we manage our Docbook XML catalogs in Debian. I have thus filed #763598 (docbook-xml: xmllint fails to identify local copy of docbook entities file) which is still waiting an answer from the maintainer.
Package sponsorship. I have sponsored new uploads of dolibarr (RC bug fix), tcpdf (RC bug fix), tryton-server (security update) and django-ratelimit.
GNOME 3.14. With the arrival of GNOME 3.14 in unstable, I took care of updating gnome-shell-timer and also filed some tickets for extensions that I use: https://github.com/projecthamster/shell-extension/issues/79 and https://github.com/olebowle/gnome-shell-timer/issues/25
git-buildpackage. I filed multiple bugs on git-buildpackage for little issues that have been irking me since I started using this tool: #761160 (gbp pq export/switch should be smarter), #761161 (gbp pq import+export should preserve patch filenames), #761641 (gbp import-orig should be less fragile and more idempotent).Thanks
See you next month for a new summary of my activities.
Today, I received my Acer Chromebook 13, in the glorious FullHD variant with 4GB RAM. For those of you who don’t know it, the Acer Chromebook 13 is a 13.3 inch chromebook powered by a Tegra K1 cpu.
This version cannot be ordered currently, only pre-orders were shipped yesterday (at least here in Germany). I cannot even review it on Amazon (despite having it bought there), as they have not enabled reviews for it yet.
The device feels solidly built, and looks good. It comes in all-white matte plastic and is slightly reminiscent of the old white MacBooks. The keyboard is horrible, there’s no well defined pressure point. It feels like your typing on a pillow. The display is OK, an IPS would be a lot nicer to work with, though. Oh, and it could be brighter. I do not think that using it outside on a sunny day would be a good idea. The speakers are loud and clear compared to my ThinkPad X230.
The performance of the device is about acceptable (unfortunately, I do not have any comparison in this device class). Even when typing this blog post in the visual wordpress editor, I notice some sluggishness. Opening the app launcher or loading the new tab page while music is playing makes the music stop for or skip a few ms (20-50ms if I had to guess). Running a benchmark in parallel or browsing does not usually cause this stuttering, though.
There are still some bugs in Chrome OS: Loading the Play Books library the first time resulted in some rendering issues. The “Browser” process always consumes at least 10% CPU, even when idling, with no page open; this might cause some of the sluggishness I mentioned above. Also watching Flash videos used more CPU than I expected given that it is hardware accelerated.
Finally, Netflix did not work out of the box, despite the Chromebook shipping with a special Netflix plugin. I always get some unexpected issue-type page. Setting the user agent to Chrome 38 from Windows, thus forcing the use of the EME video player instead of the Netflix plugin, makes it work.
I reported these software issues to Google via Alt+Shift+I. The issues appeared on the current version of the stable channel, 37.0.2062.120.
What’s next? I don’t know.
Filed under: Uncategorized