Elsewhere

Enrico Zini: mozilla-facepalm

Planet Debian - ven, 23/01/2015 - 15:13
Mozilla marketplace facepalm

This made me sad.

My view, which didn't seem to be considered in that discussion, is that people concerned about software freedom and security are likely to stay the hell away from such an app market and its feedback forms.

Also, that thread made me so sad about the state of that developer community that I seriously do not feel like investing energy into going through the hoops of getting an account in their bugtracker to point this out.

Sigh.

Catégories: Elsewhere

OpenLucius: Drupal REST Web Services - What, why and how

Planet Drupal - ven, 23/01/2015 - 10:06

So, here at Lucius HQ we are planning on building a RESTful API (web services) on top on Drupal distribution OpenLucius.

We want to do this so all 3rd party programmers, thus 3rd party applications, can integrate with OpenLucius. And not only Drupal developers and Drupal modules. 

Catégories: Elsewhere

Jaldhar Vyas: Mini-Debconf Mumbai 2015

Planet Debian - ven, 23/01/2015 - 07:47

Last weekend I went to Mumbai to attend the Mini-Debconf held at IIT-Bombay. These are my impressions of the trip.

Arrival and Impressions of Mumbai

Getting there was a quite an adventure in itself. Unlike during my ill-fated attempt to visit a Debian event in Kerala last year when a bureaucratic snafu left me unable to get a visa, the organizers started the process much earlier at their end this time and with proper permissions. Yet in India, the wheels only turn as fast as they want to turn so despite their efforts, it was only literally at the last minute that I actually managed to secure my visa. I should note however that Indian government has done a lot to improve the process compared to the hell I remember from, say, a decade ago. It's fairly straightforward for tourist visas now and I trust they will get around to doing the same for conference visas in the fullness of time. I didn't want to commit to buying a plane ticket until I had the visa so I became concerned that the only flights left would be either really expensive or on the type of airline that flies you over Syria or under the Indian Ocean. I lucked out and got a good price on a Swiss Air flight, not non-stop but you can't have everything.

So Thursday afternoon I set off for JFK. With only one small suitcase getting there by subway was no problem and I arrived and checked in with plenty of time. Even TSA passed me through with only a minimal amount of indignity. The first leg of my journey took me to Zurich in about eight hours. We were only in Zurich for an hour and then (by now Friday) it was another 9 hours to Mumbai. Friday was Safala Ekadashi but owing to the necessity of staying hydrated on a long flight I drank a lot of water and ate some fruit which I don't normally do on a fasting day. It was tolerable but not too pleasant; I definitely want to try and make travel plans to avoid such situations in the future.

Friday evening local time I got to Mumbai. Chhattrapati Shivaji airport has improved a lot since I saw t last and now has all the amenities an international traveller needs including unrestricted free wifi (Zurich airport are you taking notes?) But here my first ominous piece of bad luck began. No sign of my suitcase. Happily some asking around revealed that it had somehow gotten on some earlier Swiss Air flight instead of the one I was on and was actually waiting for me. I got outside and Debian Developer Praveen Arimbrathodiyil was waiting to pick me up.

Normally I don't lke staying in Mumbai very much even though I have relatives there but that's because we usually went during July-August—the monsoon season—when Mumbai reverts back to the swampy archipelago it was originally built on. This time the weather was nice, cold by local standards, but lovely and spring-like to someone from snowy New Jersey. There have been a lot of improvements to the road infrastructure and people are actually obeying the traffic laws. (Within reason of course. Whether or not a family of six can arrange themselves on one Bajaj scooter is no business of the cops.)

The Hotel Tuliip (yes, two i's. Manager didn't know why.) Residency where I was to stay while not quite a five star establishment was adequate for my needs with a bed, hot water shower, and air conditioning. And a TV which to the bellhops great confusion I did not want turned on. (He asked about five times.) There was no Internet access per se but the manager offered to hook up a wireless router to a cable. Which on closer inspection turned out to have been severed at the base. He assured me it would be fixed tomorrow so I didn't complain and decided to do something more productive thank checking my email like sleeping.

The next day I woke up in total darkness. Apparently there had been some kind of power problem during the night which tripped a fuse or something. A call to the front desk got them to fix that and then the second piece of bad luck happened. I plugged my Thinkpad in and woke it up from hibernation and a minute later there was a loud pop from the power adapter. Note I have a travel international plug adapter with surge protector so nothing bad ought to have happened but the laptop would on turning on display the message "critical low battery error" and immediately power off. I was unable to google what that meant without Internet access but I decided not to panic and continue getting ready. I would have plenty of opportunity to troubleshoot at the conference venue. Or so I thought...

I took an autorickshaw to IIT. There also there have been positive improvements. Being quite obviously a foreigner I was fully prepared to be taken along the "scenic route." But now there are fair zones and the rickshaws all have (tamperproof!) digital fare meters so I was deposited at the main gate without fuss. After reading a board with a scary list of dos and don'ts I presented myself at security only to be inexplicably waved through without a second glance. Later I found out they've abandoned all the security theatre but not got around to updating the signs yet. Mumbai is one of the biggest, densely populated cities in the world but the IIT campus is an oasis of tranquility on the shores of Lake Powai. It's a lot bigger than it looked on the map so I had to wander around a bit before I reached the conference venue but I did make for the official registration time.

Registration

I was happy to meet several old friends (Such as Kartik Mistry and Kumar Appiah who along with Praveen and myself were the other DDs there,) people who I've corresponded with but never met, and many new people. I'm told 200+ people registered altogether. Most seemed to be students from IIT and elsewhere in Mumbai but there were also some Debian enthusiasts from further afield and most hearteningly some "civilians" who wanted to know what this was all about.

With the help of a borrowed Thinkpad adapter I got my laptop running again. (Thankfully, despite the error message, the battery itself was unharmed.) However, my streak of bad luck was not yet over. It was that very weekend that IIT had a freak campus-wide network outage something that had never happened before. And as the presentation for the talk I was to give had apparently been open when I hibernated my laptop the night before, the sudden forced shutdown had trashed the file. (ls showed it as 0 length. An fsck didn't help.) I possibly had a backup on my server but with no Internet access I had no way to retrieve it. I still remained cool. The talk was scheduled for the second day so I could recover it at the hotel.

Keynotes

Professor Kannan Maudgalya of the FOSSEE (Free and Open Source Software for Education) Project which is part of the central government Ministry for Human Resource Development spoke about various activities of his project. Of particular interest to us are:

  • A scheme to get labs and college engineering/computer science departments off proprietary software by helping them identify relevant free software (writing it if necessary.) and helping them transition to it. Similarly getting curricula away from textbooks that use proprietary software by rewriting exercises to use free equivalents.
  • A series of videos for self-instruction kind of like Khan Academy but geared to the challenges of being used in places where there might not be a net connection or even a trained teacher.
  • The Vidyut tablet. A very low cost (~5000 Rupees) ARM-based netbook that runs Linux or Android software. You may have heard about earlier plans for a cheap tablet like this. Vidyut is the next generation correcting some flaws in previous attempts. Not only the software but the hardware is free too. It is currently running a stripped down version of Ubuntu but there was a request to port it to Debian and I'm happy to report several Debian users have accepted the challenge.
FOSSEE is well funded, backed by the government and has enthusiastic staff so we should be seeing a lot more from them in the future.

Veteran Free Software activist Venky Hariharan spoke about his experiences in lobbying the government on tech issues. He noted that there has been a sea change in attitudes towards Linux and Open source in the bureacracy of late. Several states have been aggressively mandating the use of it as have several national ministries and agencies. We the community can provide a valuable service by helping them in the transition. They also need to be educated on how to work with the community (contributing changes back, not working behind closed doors etc.)

Debian History and Debian Cycle

Shirish Agarwal spoke about the Debian philosophy and foundational documents such as the social contract and DFSG and how the release cycle works. Nothing new to an experienced user but informative to the newcomers in the audience and sparked some questions and discussion.

Keysigning

One of my main missions in attending was to help get as many isolated people as possible into the web of trust. Unfortunately the keysigning was not adequately publicized and few people were ready. I would have led them through the process of creating a new key there and then but with the lack of connectivity that idea had to be abandoned. I did manage to sign about 8-10 keys during other times.

Future Directions for Debian-IN BOF

I led this one. Lots of spirited discussion and I found feedback from new users in particular to be very helpful. Some take aways are:

  • Some people said it is hard to find concise, easily digestible information about what Debian can do. (I.e. Can I surf the web? Can I play a certain game? etc.) Debian-IN's web presence in particular needs a lot of improvement. We should also consider other channels such as a facebook page. A volunteer stepped up to look into these issues.
  • Along these lines it was felt that we cannot just wait for people to come to us, we should do more outreach. I pointed out that one group that we need to reach out more to is the Debian Project at large. We need to do more publicity in debian-project, DWN, Planet etc. to let everyone know whats going on in India. I also felt that we have a strong base amongst CS/engineering students but should do more to attract other demographics.
  • Debian events have suffered from organizational problems. Partly this is because the people involved are not professional event planners. They are learning how to do it which is an ongoing process and execution is improving with each iteration so no worries there but problems also arise because Debian-IN is dependent on other entities for many things and those entities do not always have, shall we say, the same sense of urgency. Therefore we need legal standing of our own for accepting donations, inviting foreign guests etc. This doesn't necessarily have to be a separate organization. Affiliating with an existing group is an option providing they share our ideology. Swathanthra Malayalam Computing was one suggestion.
  • There is still not much Debian presence in the North and East of India. (Which includes large cities like Delhi and Kolkata.) Unfortunately until we can find volunteers in those areas to take the lead on organizing something there is not a lot we can do to rectify the situation.
  • We must have Debian-IN t-shirts.

Lil' Debi

Kumar Sukhani was a Debian GSoC student and his project which he demonstrated was to be able to install Debian on an Android phone. Why would you want to do this? Apart from the evergreen "Because I can", you can run server software such as sshd on your phone or even use it as an ARM development board. Unfortunately my phone uses Blackberry 10 OS which can run android apps (emulated under QNX) but wouldn't be able to use this. When I get a real Android phone I will try it out.

Debian on ARM

Siji Sunny gave this talk which was geared more towards hardware types which I am not but one thing I learned was thee difference between all the different ARM subarchitectures. I knew Siji first from a previous incarnation when he worked at CDAC with the late and much lamented Prof. R.K. Joshi. We had a long conversation about those days. Prof. Joshi/CDAC had developed an Indic rendering system called Indix which alas became the Betamax to Pango's VHS but he was also very involved in other Indic computing issues such as working with the Unicode Consortium and the preseration of Sanskrit manuscripts which is also an interest of mine. One good thing that cameout of Indix was some rather nice fonts. I had thought they were still buried in the dungeons of CDAC but apparently they were freed at one point. That's one more thing for me to look into.

Evening/Next morning<

My cousin met me and we had a leisurely dinner together. It was quite late by the time I got back to the hotel. FOSSEE had kindly lent me one of their tablets (which incidently are powerful enough to run LibreOffice comfortably.) so I thought I might be able to quickly redo my presentation before bedtime. Well, wouldn't you know it the wifi was not fixed. As I should have guessed but all the progress I'd had made me giddily optimistic. There was an option of trying to find an Internet cafe in a commercial area 15-20 minutes walk away. If this had been Gujarat I would have tried it but although I can more or less understand Hindi I can barely put together two sentences and Marathi I don't know at all. So I gave up that idea. I redid the slides from memory as best I could and went to sleep.

In the morning I checked out and ferried myself and my suitcase via rickshaw back to the IIT campus. This time I got the driver to take me all the way in to the conference venue. Prof. Maudgalya kindly offered to let me keep the tablet to develop stuff on. I respectfully had to decline because although I love to collect bits of tech the fact it is it would have just gathered dust and ought to go to someone who can make a real contribution with it. I transferred my files to a USB key and borrowed a loaner laptop for my talk.

Debian Packaging Workshop

While waiting to do my talk I sat in on a workshop Praveen ran taking participants through the whole process of creating a Debian package (a ruby gem was the example.) He's done this before so it was a good presentation and well attended but the lack of connectivity did put a damper on things.

Ask Me Anything

It turned out the schedule had to be shuffled a bit so my talk was moved later from the announced time. A few people had already showed up so I took some random questions about Debian from them instead.

GNOME Shell Accessibility With Orca

Krishnakant Mane is remarkable. Although he is blind, he is a developer and a major contributor to Open Source projects. He talked about the Accessibility features of GNOME and compared them (favorably I might add) with proprietary screen readers. Not a subject that's directly useful to me but I found it interesting nonetheless.

Rust: The memory safe language Manish Goregaokar talked about one of the new fad programming languages that have gotten a lot of buzz lately. This one is backed by Mozilla and it's interesting enough but I'll stick with C++ and Perl until one of the new ones "wins."

Building a Mail Server With Debian

Finally I got to give my talk and, yup, the video out on my borrowed laptop was incompatible with the projector. A slight delay to transfer everything to another laptop and I was able to begin. I talked about setting up BIND, postfix, and of course dovecot along with spamassassin, clamav etc. It turned out I had more than enough material and I went atleast 30 minutes over time and even then I had to rush at the end. People said they liked it so I'm happy.

The End

I gave the concluding remarks. Various people were thanked (including myself) mementos were given and pictures were taken. Despite a few mishaps I enjoyed myself and I am glad I attended. The level of enthusiasm was very high and lessons were learned so the next Debian-IN event should be even better.

My departing flight wasn't due to leave until 1:20AM so I killed a few hours with my family before the flight. Once again I was stopping in Zurich, this time for most of a day. The last of my blunders was not to take my coat out of my suitcase and the temperature outside was 29F so I had to spend that whole time enjoing the (not so) many charms of Zurich airport. Atleast the second flight took me to Newark instead of JFK so I was able to get home a little earlier on Monday evening, exhausted but happy I made the trip.

Catégories: Elsewhere

groups.drupal.org frontpage posts: Drupalcamp New Orleans 2015

Planet Drupal - ven, 23/01/2015 - 03:19
Start:  2015-03-28 09:00 - 17:00 America/Chicago User group meeting Organizers:  jeffdiecks jasonawant schmook bberl

http://www.drupalcampnola.com

Join us for the second annual Drupalcamp New Orleans on Saturday, March 28, 2015. Visit www.drupalcampnola.com for more information, to register and to submit a session.

Drupalcamp New Orleans
Saturday, March 28, 2015 - 9 am - 5 pm
Launch Pad
643 Magazine St
New Orleans, LA
www.drupalcampnola.com

Catégories: Elsewhere

Michael Prokop: check-mk: monitor switches for GBit links

Planet Debian - ven, 23/01/2015 - 01:04

For one of our customers we are using the Open Monitoring Distribution which includes Check_MK as monitoring system. We’re monitoring the switches (Cisco) via SNMP. The switches as well as all the servers support GBit connections, though there are some systems in the wild which are still operating at 100MBit (or even worse on 10MBit). Recently there have been some performance issues related to network access. To make sure it’s not the fault of a server or a service we decided to monitor the switch ports for their network speed. By default we assume all ports to be running at GBit speed. This can be configured either manually via:

cat etc/check_mk/conf.d/wato/rules.mk [...] checkgroup_parameters.setdefault('if', []) checkgroup_parameters['if'] = [ ( {'speed': 1000000000}, [], ['switch1', 'switch2', 'switch3', 'switch4'], ALL_SERVICES, {'comment': u'GBit links should be used as default on all switches'} ), ] + checkgroup_parameters['if']

or by visting Check_MK’s admin web-interface at ‘WATO Configuration’ -> ‘Host & Service Parameters’ -> ‘Parameters for Inventorized Checks’ -> ‘Networking’ -> ‘Network interfaces and switch ports’ and creating a rule for the ‘Explicit hosts’ switch1, switch2, etc and setting ‘Operating speed’ to ‘1 GBit/s’ there.

So far so straight forward and this works fine. Thanks to this setup we could identify several systems which used 100Mbit and 10MBit links. Definitely something to investigate on the according systems with their auto-negotiation configuration. But to avoid flooding the monitoring system and its notifications we want to explicitly ignore those systems in the monitoring setup until those issues have been resolved.

First step: identify the checks and their format by either invoking `cmk -D switch2` or looking at var/check_mk/autochecks/switch2.mk:

OMD[synpros]:~$ cat var/check_mk/autochecks/switch2.mk [ ("switch2", "cisco_cpu", None, cisco_cpu_default_levels), ("switch2", "cisco_fan", 'Switch#1, Fan#1', None), ("switch2", "cisco_mem", 'Driver text', cisco_mem_default_levels), ("switch2", "cisco_mem", 'I/O', cisco_mem_default_levels), ("switch2", "cisco_mem", 'Processor', cisco_mem_default_levels), ("switch2", "cisco_temp_perf", 'SW#1, Sensor#1, GREEN', None), ("switch2", "if64", '10101', {'state': ['1'], 'speed': 1000000000}), ("switch2", "if64", '10102', {'state': ['1'], 'speed': 1000000000}), ("switch2", "if64", '10103', {'state': ['1'], 'speed': 1000000000}), [...] ("switch2", "snmp_info", None, None), ("switch2", "snmp_uptime", None, {}), ] OMD[synpros]:~$

Second step: translate this into the according format for usage in etc/check_mk/main.mk:

checks = [ ( 'switch2', 'if64', '10105', {'state': ['1'], 'errors': (0.01, 0.1), 'speed': None}), # MAC: 00:42:de:ad:be:af, 10MBit ( 'switch2', 'if64', '10107', {'state': ['1'], 'errors': (0.01, 0.1), 'speed': None}), # MAC: 00:23:de:ad:be:af, 100MBit ( 'switch2', 'if64', '10139', {'state': ['1'], 'errors': (0.01, 0.1), 'speed': None}), # MAC: 00:42:de:ad:be:af, 100MBit [...] ]

Using this configuration we ignore the operation speed on ports 10105, 10107 and 10139 of switch2 using the the if64 check. We kept the state setting untouched where sensible (‘1′ means that the expected operational status of the interface is to be ‘up’). The errors settings specifies the error rates in percent for warnings (0.01%) and critical (0.1%). For further details refer to the online documentation or invoke ‘cmk -M if64′.

Final step: after modifying the checks’ configuration make sure to run `cmk -IIu switch2 ; cmk -R` to renew the inventory for switch2 and apply the changes. Do not forget to verify the running configuration by invoking ‘cmk -D switch2′:

Catégories: Elsewhere

Chocolate Lily: Drupal 8 configuration management: what about small sites and distributions?

Planet Drupal - ven, 23/01/2015 - 01:02

In a recent blog post, Drupal 8 co-maintainer Alex Pott highlighted a seismic shift in Drupal that's mostly slipped under the radar. In Drupal 8, he wrote, "sites own their configuration, not modules".

To see why this change is so far-reaching, it's useful to back up a bit and look at where exportable configuration comes from and what's changed.

Catégories: Elsewhere

Chapter Three: Designing the Berkeley Institute for Data Science from scratch

Planet Drupal - ven, 23/01/2015 - 00:34

Berkeley approached us to not only build a website for an exciting new project but to also develop its brand identity from scratch.



The project was the Berkeley Institute for Data Science (BIDS), a new initiative to provide a common collaborative space for research fellows, faculty and anyone at Berkeley working with data science in some way.



The White House hosted an event to announce the initiative, which is funded by a $37.8 million grant from the Gordon and Betty Moore Foundation and the Alfred P. Sloan Foundation. Berkeley is one of three institutions to receive this funding, in addition to New York University and the University of Washington.



Now that the site is live, I’d like to share some of the processes I used to develop the identity and site design.

Catégories: Elsewhere

Drupal Association News: Drupal.org 2015 Advertising Initiatives

Planet Drupal - jeu, 22/01/2015 - 23:49

I was hired by the Drupal Association in October 2014 to develop a new revenue stream from advertising on Drupal.org. For some time we’ve been trying to diversify revenue streams away from DrupalCon, both to make the Association more sustainable and to ensure that DrupalCons can serve community needs, not just our funding needs. We’ve introduced the Drupal Jobs program already and now, after conversations with the community, we want to put more work into Drupal.org advertising initiatives.

This new revenue stream will help fund various Drupal.org initiatives and improvements including better account creation and login, organization and user profile improvements, a responsive redesign of Drupal.org, issue workflow and Git improvements, making Drupal.org search usable, improving tools to find and select projects, and the Groups migration to Drupal 7.

We spent time interviewing members of the Drupal Association board, representatives of the Drupal Community, Working Groups, Supporting Partners, and Drupal Businesses, both large and small to help develop our strategy and guidelines. Our biggest takeaways are:

  • Advertising should not only appeal to advertisers, but also be helpful to our users and/or our mission.
  • When possible, only monetize users who are logged out and not contributing to the Project. If you’re on Drupal.org to do work and contribute, we don’t want you to see ads.
  • Don’t clutter the site, interfere with navigation or disrupt visitors, especially contributors.
  • Do not put ads on pages where users are coming to work, like the issue queue.
  • Advertising products should be inclusive, with low cost options and tiered pricing. We want to make sure that small businesses without huge marketing budgets have the opportunity to get in front of the Drupal Community.
  • Create high impact opportunities for Partners that already support the Community.
  • Address the industry-wide shift to Programmatic Advertising, which is the automated buying and selling of digital advertising.

There are already advertising banners on Drupal.org, however we need to expand their reach to hit our goals. We’re trying to address challenges for our current advertisers, including a relatively low amount of views on pages with ads, which makes it difficult for them to reach their goals.

We’re also facing industry-wide challenges in Digital Advertising. Advertisers are looking for larger, more intrusive ads that get the users’ attention, or at the very least use standard Interactive Advertising Bureau (IAB) ad sizes, which are larger than the ads we offer on Drupal.org.

We came up with a new line of products that we feel will help us reach our goals, but not disrupt the Drupal.org experience, or the Drupal Association Engineering Team roadmap. We want our Engineering Team to fix search on Drupal.org, not spend time developing and supporting major advertising platforms.

2015 Advertising Initiatives:

  • The ongoing development of curated content with banner ads including resource guides, content by industry and in the future, blog posts.
  • Continued display of banner ads on high profile pages like the Homepage, Marketplace and Case Studies Section.
  • Sponsored listings from Supporting Technology Partners (similar to Hosting Listings).
  • Opt-in email subscriptions with special offers from our Supporters.
  • Audience Extension: a secure, anonymous, non-interruptive way to advertise to Drupal.org visitors. It allows advertisers to programmatically reach the Drupal.org audience while on other websites through Ad Networks and Exchanges.

I wanted to spend most of my time explaining Audience Extension, since its unlike anything we’ve done in the past, and it may prompt questions. This product makes sense because it addresses all of the challenges we’re facing:

  • It’s affordable for small businesses; they can spend as little as $200 on a campaign
  • We don’t need to flood the site with ads and disrupt the user experience.
  • It’s relatively easy to implement - we won’t interrupt the engineering team or their efforts to improve Drupal.org.
  • We will only target anonymous (logged out) users.
  • We will support “Do Not Track” browser requests.
  • This is an industry-wide standard that we’re adopting.
  • Anonymous users will have the option to opt-out.
  • This improves the ad experience on other sites with more relevant, useful ads that also support the community.

How does Audience Extension Work?

We’re partnering with Perfect Audience, a company that specializes in retargeting, and offers a unique audience extension solution called Partner Connect.  We add a Perfect Audience JavaScript tag to the Drupal.org source code. This tag will be loaded on the page to logged out users. The tag places a Perfect Audience cookie in the visitor's browser that indicates that they recently visited Drupal.org. Once that cookie is in place, an advertiser looking to reach out to the Drupal.org community can advertise to those visitors on Facebook, Google's ad network, and many other sites that participate in major online ad networks. Advertisers create and manage these campaigns through their Perfect Audience accounts. They pay for the ads through Perfect Audience and we split the revenue with Perfect Audience and the ad networks that serve the ads.

  • The program is anonymous. No personally identifiable information (such as email address, name or date of birth) is gathered or stored.
  • No data is sold or exchanged, this merely gives advertisers the opportunity to buy a banner ad impression within the Perfect Audience platform.
  • It's easy to opt-out. You can just click over to the Perfect Audience privacy page and click two buttons to opt out of the tracking. Here's the link.
  • Drupal.org will support “Do Not Track” browser requests and only users who have not logged in (anonymous) will be included in the program.
  • It does not conflict with EU privacy rulings. Advertiser campaigns for Partner Connect can only be geotargeted to the United States and Canada right now.
  • Only high quality, relevant advertisers who have been vetted by an actual human will be able to participate in this program. Some good examples of Perfect Audience advertisers would be companies like New Relic and Heroku.
  • Perfect Audience is actually run by a Drupaler! The first business started by founder Brad Flora back in 2008 was built on Drupal. He spent countless hours in the IRC channel talking Drupal and posting in the forums. He understands how important it is to keep sensitive pages on Drupal.org an ad-free experience and he’s very excited to be able to help make that happen.
  • This program has the potential to generate significant revenue for the Drupal Association and Project over time as more advertisers come on board.


It’s important that we fund Drupal.org improvements, and that we do so in a responsible way that respects the community. We anticipate rolling out these new products throughout the year, starting with Audience Extension on February 5th.  Thanks for taking the time to read about our initiatives, and please tell us your thoughts!

Personal blog tags: advertisingdrupal.org
Catégories: Elsewhere

Roy Scholten: FOSDEM 2015 will have an open source design track

Planet Drupal - jeu, 22/01/2015 - 23:26

On January 31 and February 1 the 15th edition of the FOSDEM event will be held in Brussels, Belgium. FOSDEM (Free and Open Source Software Developers’ European Meeting) is the largest gathering of open source community members in Europe. More than 5000 people will come from all parts of the world to meet, share ideas and collaborate.

As the name says, the event is highly developer centric, so the main focus has always been on the technology and the code. But open source software has graphical user interfaces too! Buttons to click, sliders to drag, forms to fill out, boxes to check, screens to swipe and what have you.

Useful software attracts users. To keep them around and attract more users, the useful has to be made usable. Which means uncovering and prioritising user goals and needs and doing the work to find out how to best serve those. That’s where design comes in.

This year FOSDEM will have it’s first ever “devroom” dedicated to the topic of open source design. User experience architects, interaction designers, information architects, usability specialists and designer/coder unicorns will share experiences and discuss the good and bad of design in open source environments.

Open source software is a driving force behind all things online. As more aspects of business, culture, society, humanity as a whole move into the digital domain it becomes just as more important to ensure that people don’t get left behind because of the sheer complexity of it all. There’s a lot that the craft of design can contribute to ensure this.

I’ll deliver a short talk about how we started, grew and maintain a user experience design team within the Drupal project. Otherwise, the schedule is looking great. I’m looking forward to meet my open source designer colleagues.

See you there?

Tags: designfosdemdrupalplanetSub title: Lets make better things.
Catégories: Elsewhere

Mediacurrent: Don’t write a new SSO system (if you can help it)

Planet Drupal - jeu, 22/01/2015 - 22:56

A somewhat common request for projects, especially intranets, is to provide a single sign-on (SSO) system. At a rudimentary level, an SSO system allows one site to handle all logins (authentication) for a group of sites, rather than a visitor needing a separate login for each one. For an organization with several sites it can greatly reduce the headache for its clients, customers, employees, etc increase visitor satisfaction, reduce maintenance costs, and potentially increase sales.

Catégories: Elsewhere

orkjerns blogg: Twice the fun: Twig on the server, twig on the client.

Planet Drupal - jeu, 22/01/2015 - 22:29
Twice the fun: Twig on the server, twig on the client. admin Thu, 01/22/2015 - 22:29

A couple of weeks ago I hacked together a quick proof of concept of editing the same template for using on the client side and the server side with Drupal 8. It looked like this:

Sunday hack. Make #headlessdrupal use #twig for client side templates http://t.co/OQiVya0cu8 #drupal #drupaltwig.

— eiriksm (@orkj) January 4, 2015

If you click the link you can see an animated gif of how I edit the Bartik node template and it reflects in a simple single page app. Or one of these hip headless Drupal things, if you want.

So I thought I should do a quick write up on what it took to make it work, what disadvantages comes with it, what does not actually work, and so on. But then I thought to myself. Why not make a theme that incorporates my thoughts in my last post, "Headless Drupal with head fallback". So I ended up making a proof of concept that also is a live demo of a working Drupal 8 theme with the first page request rendered on the server, and the subsequent requests rendered fully client side. They both use the same node template for both full views and the node listing on the front page. So if you are eager and want to see that, this is the link. 

Next, let's take a look at the inner workings:

Part 1: Twig js

Before I even started this, I had heard of twig.js. So my first thought was to just throw the Drupal templates to it, and see what happened. 

Well, some small problems happened.

The first problem was that some of the filters and tags we have in Drupal is not supported out of the box by twig.js. Some of these are probably Drupal specific, and some are extensions that is not supported out of the box. One example is the tag {% trans %} for translating text. But in general, this was not a big problem. Except that I did as I usually do when doing a POC. I just quickly threw together something that worked, resulting for example in that the trans tag just returns the original string. Which obviously is not the intended use for it. But at least now the templates could be rendered. Part one, complete.

Part 2: Enter REST

Next I needed to make sure I could request a node through the REST module, pass it to twig.js and render the same result as Drupal would do server side. This turned out to be the point where I ended up with the worst hacks. You see, ideally I would just have a JSON structure that represents the node, and pass it to twig.js. But there are a couple of obvious problems with that.

Consider this code (following examples are taken from the Bartik theme):

<a href="{{ url }}" rel="bookmark">{{ label }}</a>

This is unproblematic. If we have a node.url property and a node.label property on the object we send to twig.js, this would just work out of the box. Neither of these properties are available like that in the default REST response for a node, however, but a couple of assignments later, that problem went away as well.

Now, consider this:

{{ content|without('comment', 'links') }}

Let's start with the filter, "without". Well, at least that should be easy. We just need a filter that will make sure comment and links properties on the node.content object will not be printed here. No problem.

Now to the problem. The content variable here should include all the rendered fields of the node. As was the case of label and url, .content is not actually a property in the REST response either. This makes the default output from the REST module not so usable to us. Because to make it generic we would also have to know what fields to compose together to this .content property, and how to render them. So what then?

I'll just write a module, I thought. As I often do. Make it return more or less the render array, which I can pass directly to twig.js. So I started looking into what this looked like now, in Drupal 8. I started looking at how I could tweak the render array to look more or less like the least amount of data I needed to be able to render the node. I saw that I needed to recurse through the render array 0, 1 or 2 levels deep, depending on the properties. So I would get for example node.content with markup in all its children, but also node.label without children, just the actual title of the node. Which again made me start to hardcode things I did not want in the response, just like I just had started hardcoding things I wanted from the REST response.

So I gave up the module. After all this is just a hacked together POC, so I'll be frank about that part. And I went back to hardcoding it client side instead. Not really the most flexible solution, but at least - part two: complete.

Part 3: Putting the pieces together

Now, this was the easy part. I had a template function that could accept data. I had transformed the REST response into the pieces I needed for the template. The rest was just adding a couple of AJAX calls and some pushState for the history (which reminds me. This probably does not work in all browsers at all). And then bundling things together with some well known front-end tools. Of course, this is all in the repo if you want all the details.

Conclusions

Twig on the server and on the client. Enough said, right? 

Well. The form this demo is now, this is not something you would just start to use. But hopefully get some ideas. Or inspiration. Or maybe inspire (and inform) me of the smartest way to return a "half-rendered render array".

Also, I would love to get some discussion going regarding how to use this approach in the most maintainable way.

Some thoughts on how I would improve this if I would actually use it:

  • Request templates via ajax.
  • Improve escaping.
  • Incorporate it into a framework (right now it just vanilla js).
  • Remove hacks, actually implement all the filters.

Finally: The code is up at github. There is a demo on a test site on pantheon. And huge props just mostly go out to both twig and twig js authors. Just another day standing on the shoulders of giants.

I'm going to end this blog post with a classy gif from back in the day. And although it does not apply in the same way these gifs were traditionally used, I think we can say that things said in this blog post are not set in stone, neither in regards to construction or architectural planning.

Tags:
Catégories: Elsewhere

Ryan Szrama: Come to DrupalCon Latin America 2015

Planet Drupal - jeu, 22/01/2015 - 20:08

I've been privileged to attend almost every DrupalCon since Barcelona in 2007. I missed Paris in 2009, but I had a good excuse - my wife was due to give birth to our first child around the same time.

The relocation of the Commerce Guys headquarters to Paris has given me plenty of time to catch up on the missed sightseeing, but I still need to figure out how to get to Sydney after missing that one.

Without access to those hundreds of Drupal developers and enthusiasts in 2007, I never would have known anyone was even using Ubercart. I didn't know how to engage other developers remotely (my early forays into IRC were similar to webchick's, I believe), and there wasn't much going on in Louisville, KY where I called home. Meeting others in the Drupal community, learning from my peers, and being mentored directly by many of the same has grown me personally and professionally in ways I never would have expected.

That's why I'm excited about the opportunity to travel to Bogotá, Colombia for the first DrupalCon in Latin America, February 10-12. I can't wait to hear the keynotes from both Dries and Larry, two of my Drupal heroes, and to learn more about the latest developments in Drupal 8 core and contributed modules.

I'll personally be addressing two topics: Drupal Commerce 2.x for Drupal 8 (on behalf of bojanz) and growing a Drupal based product business. I also look forward to the conversations, shared meals, and sprints that make the conference so rewarding.

I strongly encourage you to come if you're in a position to do so!

With the help of Carlos Ospina, I've recorded a personal invitation in Spanish that I trust doesn't have me saying anything embarrassing. I'm sure my Spanish will be better for at least a week after spending time at the conference.

Catégories: Elsewhere

Erich Schubert: Year 2014 in Review as Seen by a Trend Detection System

Planet Debian - jeu, 22/01/2015 - 20:00
We ran our trend detection tool Signi-Trend (published at KDD 2014) on news articles collected for the year 2014. We removed the category of financial news, which is overrepresented in the data set. Below are the (described) results, from the top 50 trends (I will push the raw result to appspot if possible due to file limits). I have highlighted the top 10 trends in bold, but otherwise ordered them chronologically. January 2014-01-29: Obama's State of the Union address February 2014-02-05..23: Sochi Olympics (11x, including the four below) 2014-02-07: Gay rights protesters arrested at Sochi Olympics 2014-02-08: Sochi Olympics begins 2014-02-16: Injuries in Sochi Extreme Park 2014-02-17: Men's Snowboard cross finals called of because of fog 2014-02-19: Violence in Ukraine and Kiev 2014-02-22: Yanukovich leaves Kiev 2014-02-23: Sochi Olympics close 2014-02-28: Crimea crisis begins March 2014-03-01..06: Crimea crisis escalates futher (3x) 2014-03-08: Malaysia Airlines machine missing in South China Sea (2x) 2014-03-18: Crimea now considered part of Russia by Putin 2014-03-28: U.N. condemns Crimea's secession April 2014-04-17..18: Russia-Ukraine crisis continues (3x) 2014-04-20: South Korea ferry accident May 2014-05-18: Cannes film festival 2014-05-25: EU elections June 2014-06-13: Islamic state Camp Speicher massacre in Iraq 2014-06-16: U.S. talks to Iran about Iraq July 2014-07-17..19: Malaysian airline shot down over Ukraine (3x, 2x top 10) 2014-07-20: Israel shelling Gaza kills 40+ in a day August 2014-08-07: Russia bans EU food imports 2014-08-20: Obama orders U.S. air strikes in Iraq against IS 2014-08-30: EU increases sanctions against Russia September 2014-09-04: NATO summit 2014-09-23: Obama orders more U.S. air strikes against IS Oktober 2014-10-16: Ebola case in Dallas 2014-10-24: Ebola patient in New York is stable November 2014-11-02: Elections: Romania, and U.S. rampup 2014-11-05: U.S. Senate elections 2014-11-25: Ferguson prosecution Dezember 2014-12-08: IOC Olympics sport additions 2014-12-11: CIA prisoner center in Thailand 2014-12-15: Sydney cafe hostage siege 2014-12-17: U.S. and Cuba relations improve unexpectedly 2014-12-19: North Korea blamed for Sony cyber attack 2014-12-28: AirAsia flight 8501 missing As you can guess, we are really happy with this result - just like the result for 2013 it mentiones all the key events. There is one "false positive" there: 2014-11-02 has a lot of articles talking about "president" and "elections", but not all refer to the same topic (we did not do topic modeling yet). There are also some events missing that we would have liked to appear. For example the Chile/Peru earth quake. But I looked at the data: there were not that many reports on this in the data source. Also, there is little about the islamic state - but it has been going on throughout the year. Also Facebook bought Whatsapp on February 19 - which was a very visible trend on Twitter; but likely this was filtered out via the financials category in this data set.
Catégories: Elsewhere

Bluespark Labs: Start your content + commerce revolution

Planet Drupal - jeu, 22/01/2015 - 15:59

Shifting to a content-driven commerce focus is a daunting challenge.

Whether you are a media company adding commerce to your site or a retail site wanting to add richer editorial, there are very different skillsets required to sell product versus those needed for writing and curating content. How do you successfully blend these skillsets — much less these seemingly disparate websites — into a single, cohesive whole?

It ain’t easy, but it’s worth it.

From Media to Commerce

Adding commerce to a media site is tricky. On the one hand, product recommendations can add a new dimension of value to both you and your readers. Just like advertising, though, (and maybe more so), you run the risk of corrupting a brand that your readers have come to trust.

Promotion!

If you are making the step into content-driven commerce, you must be willing to promote products on your site. Sounds like a no-brainer, right? But integrity is one of the things that readers value from media sites. And if they feel like they are being pushed toward a bad product (or even an unrelated product), they will likely revolt.

Now, the promotions don’t have to be in your face, “everything must go”, car-sales promotions. In fact, those are the exact promotions that will spark revolution. But you must be willing to add tasteful product descriptions and honest reviews and recommendations. This means putting your trusted brand behind a product that you like — and, more importantly, one that you think your readers will like.

Not selling out

There is a fine line between promoting product and selling out. Sometimes it’s easy to find. Don’t like a product? Think a product is cheaply made? Don’t recommend it no matter how sweet that affiliate commission looks.

But what about a product you love versus one that you like? The one you love, right? But what if that second product has a much better affiliate program?

It’s tricky. But you can probably find a way to promote both. The Wirecutter (and their sister site, The SweetHome) approach to product reviews is a great example of this. They write in-depth product reviews for different categories of gadgets. Each review has a recommended product along with explanations of why they did and didn’t like some of the other options they reviewed. Each product is a link to Amazon (and other stores) and every link has their affiliate code.

It’s a smart, if intense, solution that allows them to promote a lot of different products without selling out. In fact, it’s quite the opposite. Readers trust the site more because they go into so much detail about so many options.

From Commerce to Media

Now, if you are going in the opposite direction (adding content to your commerce site), then you’ll experience a range of other issues that can be even more challenging. In many respects, they run counter to much of the marketing culture that permeates most retail shops — unless those shops have come to value content-marketing and storytelling as a way to increase online sales.

Content Production

Editorial content is a whole new world. Marketing content goes through a series of edits and reviews. It’s often bland and boring. Intentionally so. You need to put the best foot forward of every product you sell — no matter how much that description might gloss over hard truths.

With a content-driven commerce approach, though, using your marketing-style for your editorial content will sabotage your efforts. You need something with a voice and style that captures people’s attention and engages them on a personal level. Something that product descriptions almost never do.

Willingness to curate

Once you start producing content, you need to start curating it. What products are going to make it onto your top 10 list? Which set of widgets are you going to include in your how-to article? You know those items you promote are going to get more views and more clicks — even a bump in brand perception — that other products won’t.

After you’ve written the piece, then you need to decide what content you’re going to promote on the homepage and throughout the site. Another tough decision. This one, though, fits closely inline with your sales planning process — which sale are promoting and when.

Treating content as a first-class citizen

Another aspect of content-driven commerce that may seem anathema to many commerce sites: treat your content like a first-class citizen. Specifically: give it equal weight on your homepage, which means treating it the same as you would a sale or other promotion. The challenge for many is that this feels like you are losing sales. But you’re trading a bump in short-term sales for long-term engagement.

There are many companies that have seemingly embraced content-driven commerce as a strategy. Big brands like Home Depot, Lowes, and Brooks Brothers are producing some amazing content. A quick glance at their homepages, though, and the only hint at this content is behind a single link. Everything on these pages is focused on the latest sale and other product promotions. This may be a strategic decision or a technological limitation. Regardless, these websites have yet to really embrace content as a cornerstone to their brand.

Admittedly, there are many ways to enter a website—from Google to social media. But what a company includes on their homepage speaks volumes about what a brand values.

Gaining trust

Does your audience see you as an expert on the product you sell (Crutchfield)? Or just as a fancy storefront (Best Buy). In either case, gaining and maintaining the trust of your audience is critical — and, depending on your current relationship with your customers, may be an uphill slog.

Are you willing to write a bad review of a product? Are you willing to pull a product if there are no redeeming qualities? Are you willing to write content that doesn’t directly sell the product?

Imagine if Best Buy started producing content that actually helped their audience better understand and use the technology they were selling. As it is, the store (and by extension, website) has limited audience engagement and does nothing to pull anyone to their site — other than offer product promotions and discounts.

One of the fundamental requirements to succeeding with any kind of content-driven strategy is audience trust. You need to build trust with your audience and you can’t do that if they feel like you are selling them anything and everything.

The move to content-driven commerce

Making the decision to integrate content and commerce has its challenges. The exact challenges you face will really depend on the culture of your organization as well as the abilities and mindset of your staff. But if you’re willing to make the necessary changes to engage your audience and build their trust, you can make the transition.

If you’re moving from a media site into commerce, they key will be maintaining your readers' trust and your own integrity. If you’re moving in the opposite direction, the challenge will be gaining the reader’s trust, which means making some pretty big organizational and cultural changes.

In both cases, though, you’ll find the move well worth the effort.

Tags: Drupal Planet
Catégories: Elsewhere

Open Source Training: Add a New Moderation State Tab to Workbench

Planet Drupal - jeu, 22/01/2015 - 06:14

One of our members was watching our video class on Drupal's Workbench module and has been getting it set up on their site.

They ran into one problem: how to use the new moderation states they added.

They wanted add a tab so that people could easily see the content in a particular moderation state.

In this tutorial, we'll show you how to make that happen.

Catégories: Elsewhere

MJ Ray: Outsourcing email to Google means SPF allows phishing?

Planet Debian - jeu, 22/01/2015 - 04:57

I expect this is obvious to many people but bahumbug To Phish, or Not to Phish? just woke me up to the fact that if Google hosts your company email then its Sender Policy Framework might make other Google-sent emails look legitimate for your domain. When combined with the unsupportive support of the big free webmail hosts, is this another black mark against SPF?

Catégories: Elsewhere

Diego Escalante Urrelo: Link Pack #04

Planet Debian - jeu, 22/01/2015 - 01:55

Writing Your Way to Happiness (nytimes.com)
Researches believe that the way we think about, and remember, “our story” can be so powerful that it can actually influence our happiness and success. It’s a nice little article summarizing actual research. The main study referred put fresh university students to test: a group received tools to “rewrite” their memory and story of their academic performance, another group didn’t. The first group improved their grades and had only 1 student drop school within a year, the other group had 4 drop outs and no specific improvement.

I’ve been thinking about this as I recently rewrote my About page and also started writing down some past Travel journals. Looking back and rewriting your own story is incredibly empowering, it’s a fantastic rush of confidence and self-assertion. Memory is always betraying us, and remembering our success is not particularly high on the list of things to keep.

The concept is based on the idea that we all have a personal narrative that shapes our view of the world and ourselves. But sometimes our inner voice doesn’t get it completely right. Some researchers believe that by writing and then editing our own stories, we can change our perceptions of ourselves and identify obstacles that stand in the way of better health.

It may sound like self-help nonsense, but research suggests the effects are real.

Students who had been prompted to change their personal stories improved their grade-point averages and were less likely to drop out over the next year than the students who received no information. In the control group, which had received no advice about grades, 20 percent of the students had dropped out within a year. But in the intervention group, only 1 student — or just 5 percent — dropped out.

Old Masters at the Top of Their Game (nytimes.com)
Fantastic read on how these artists defy the conventions of old meaning useless. Masters at their art, they haven’t quit nor have laid to rest and cash their reputation. They keep making, they stay alive (physically and metaphorically) through art.

No rush to get to their age, but still a really interesting “letter from the future”. Full of cheat codes, read this now.

Now I am 79. I’ve written many hundreds of essays, 10 times that number of misbegotten drafts both early and late, and I begin to understand that failure is its own reward. It is in the effort to close the distance between the work imagined and the work achieved wherein it is to be found that the ceaseless labor is the freedom of play, that what’s at stake isn’t a reflection in the mirror of fame but the escape from the prison of the self.

T. H. White, the British naturalist turned novelist to write “The Once and Future King,” calls upon the druid Merlyn to teach the lesson to the young prince Arthur:

“You may grow old and trembling in your anatomies, you may lie awake at night listening to the disorder of your veins, you may miss your only love, you may see the world about you devastated by evil lunatics, or know your honour trampled in the sewers of baser minds. There is only one thing for it then — to learn. Learn why the world wags and what wags it. That is the only thing which the mind can never exhaust, never alienate, never be tortured by, never fear or distrust, and never dream of regretting.”

A Life with a View (ribbonfarm.com)
A somewhat tricky read, but with a nice payback. Take your time, and savor it slowly. It’s a very interesting look into how we keep wanting new stuff, and how we shield from ourselves by looking for the “place with no yearns”, the place where we won’t want anything anymore doesn’t exist.

Chains very well into the reads I shared a few days ago on practical contentment.

The arrival fallacy is about seeking a life from which one can look with a complacent equanimity upon the rest of reality, without yearning. It is an ideal of a life that is defined primarily by blindness to itself. You yearn while you see your life as others see it, until you arrive at a situation where you can disappear into the broader background, and see comfortably without being seen discomfittingly, especially by yourself.

Once you’re there, the yearning stops, so the theory goes. Of course it is a laughably bad theory.

How To Escape From A Moving Car (mrporter.com)
By Adam Kirley, stunt double for Daniel Craig in the crazy crane scene of Casino Royale (where 007 jumps from monkey nuts high to donkey bonkers high, a badger bum crazy distance). Really funny, and one of those things I always find myself thinking… Almost as much as what to do in case of a Post Office Showdown (xkcd.com)

Everyone’s first instinct is to put their hands or legs down first. That’s the worst thing you can do: you will break something. The pointy parts of your body hurt – elbows, knees, hips, ankles. Put your fists under your chin, and bring your elbows together. Keep your chin tucked in to your chest to protect your head. The best point of impact is the back of the shoulder and your back. If you dive out directly onto your shoulder you’ll break it.

What the World Looks Like with Social Anxiety (collegehumor.com)
Funny vignettes about how the world looks like when you are socially anxious. I can only really identify with the last one:

Shea Strauss.

Helsinki Bus Station Theory (fotocommunity.com)
Don’t get off the bus. Art comes to those who wait and persevere. At first, you replicate the same route others have done, but only if you stay long enough in such path you begin to find your own path. Although perhaps a little more classic in conception, this is an interesting text advising artists to don’t give up just because they don’t compare well to the masters of their current art or genre. Only those who persevere will catch up and diverge from the masters.

You could say that diverging early is also a way to find your path, but there’s still a case to be made for learning from those who came before. Whether you want to imitate them, or rebel against them, you still need to know them.

My take: it doesn’t hurt to pick up some biographies or works from past masters and see what made them masters. Create your master genealogy, kinda like in Steal Like an Artist (which I recently read but haven’t got around to write about yet).

Georges Braque has said that out of limited means, new forms emerge. I say, we find out what we will do by knowing what we will not do.

And so, if your heart is set on 8×10 platinum landscapes in misty southern terrains, work your way through those who inspire you, ride their bus route and damn those who would say you are merely repeating what has been done before. Wait for the months and years to pass and soon your differences will begin to appear with clarity and intelligence, when your originality will become visible, even the works from those very first years of trepidation when everything you did seemed so done before.

At 90, She’s Designing Tech For Aging Boomers (npr.org)
The inspiring tale of a 90 year old woman who joined IDEO to contribute a unique point of view to the design process. You can never stop learning, life never ceases to be interesting. It’s short, and not incredibly shocking, but that this has happened somewhere as referenced and revered as IDEO says a lot.

And for the bulging demographic of baby boomers growing old, Beskind has this advice: Embrace change and design for it.

Previously on Link Pack
  • Link Pack #04 - Writing Your Way to Happiness (nytimes.com) Researches believe that the way we think about, and remember, “our story” can be so powerful that it can actually influence our happiness and success. It’s a nice little article summarizing actual research. The main study referred put fresh university students to test: a group received tools to “rewrite”…
  • Link Pack #03 - What’s that? The third edition of Link Pack of course! Playing with Power (7 minutes, Vimeo) A super awesome story about a stop motion animator that turned a Nintendo Power Glove into the perfect animation tool. It’s a fun, inspiring video :-). I love the Power Glove, it’s so bad. The Power Glove – Angry…
  • Link Pack #02 - First sequel to my Link Pack “series” (I’ll remove the quotes when it’s LP#05): Link Pack #01. This time I’m going for fewer articles, to try to keep things less overwhelming. There’s no special theme, and I’m actually leaving out some nice things I read recently. On the plus side, that means I have good…
  • Link pack #01 - Following the lead of my dear friend Daniel and his fantastic and addictive “Summing up” series, here’s a link pack of recent stuff I read around the web. Link pack is definitely a terrible name, but I’m working on it. How to Silence Negative Thinking On how to avoid the pitfall of being a Negatron…
Catégories: Elsewhere

Tomasz Buchert: Expired keys in Debian keyring

Planet Debian - mer, 21/01/2015 - 22:00

A new version of Stellarium was recently released (0.13.2), so I wanted to upload it to Debian unstable as I usually do. And so I did, but it was rejected without me even knowing, since I got no e-mail response from ftp-masters.

It turns out that my GPG key in the Debian keyring expired recently and so my upload was rightfully rejected. Not a big deal, actually, since you can easily move the expiration date (even after its expiration!). I did it already and the updated key is already propagated, but be aware that Debian keyring does not synchronize with other keyservers! To update your key in Debian (if you are a Debian Developer or Mantainer) you must send your updated keys to keyring.debian.org like that (you should replace my ID with your own):

$ gpg --keyserver keyring.debian.org --send-keys 24B17D29

Debian keyring is distributed as a standard DEB package and apparently it may take up to a month to have your updated key in Debian. It seems that I may be unable to upload packages for some time.

But the whole story made me thinking: am I the only one who forgot to update his key in Debian keyring? To verify it I wrote the following snippet (works in Python 2 and 3!) which shows keys expired in the Debian keyring (well, two of them). As a bonus, it also shows keys that have non-UTF8 characters in UIDs – see #738483 for more information.

# # be sure to do "apt-get install python-gnupg" # import gnupg import datetime def check_keys(keyring, tab = ""): gpg = gnupg.GPG(keyring = keyring) gpg.decode_errors = 'replace' # see: https://bugs.debian.org/738483 keys = gpg.list_keys() now = datetime.datetime.now() for key in keys: uids = key['uids'] uid = uids[0] if key['expires'] != '': expire = datetime.datetime.fromtimestamp(int(key['expires'])) diff = expire - now if diff.days < 0: print(u'{}EXPIRED: Key of {} expired {} days ago.'.format(tab, uid, -diff.days)) mangled_uids = [ u for u in uids if u'\ufffd' in u ] if len(mangled_uids) > 0: print(u'{}MANGLED: Key of {} has some mangled uids: {}'.format(tab, uid, mangled_uids)) keyrings = [ "/usr/share/keyrings/debian-keyring.gpg", "/usr/share/keyrings/debian-maintainers.gpg" ] for keyring in keyrings: print(u"CHECKING {}".format(keyring)) check_keys(keyring, tab = " ")

I’m not going to show the output of this code, because it contains names and e-mail adresses which I really shouldn’t post. But you can run it yourself. You will see that there is a small group of people with expired keys (including me!). Interestingly, some keys have expired a long time ago: there is one that expired more than 7 years ago!

The outcome of the story is: yes, you should have an expiration date on your key for safety reasons, but be careful - it can surprise you at the worst moment.

Catégories: Elsewhere

Blink Reaction: The Drupal Console is Now Multilingual

Planet Drupal - mer, 21/01/2015 - 17:14

We're very pleased to announce that the new Drupal Console project is now multilingual!

We put a lot of hours into this effort because we felt it was so important to broaden the base of Console users and help them get off to a great start developing modules for Drupal 8. It will be the last major feature to be added before an upcoming code freeze that will allow us to work on Console documentation - another effort to broaden the base of users that can benefit from the project.

Catégories: Elsewhere

Chris Lamb: Sprezzatura

Planet Debian - mer, 21/01/2015 - 11:31

Wolf Hall on Twitter et al:

He says, "Majesty, we were talking of Castiglione's book. You have found time to read it?"

"Indeed. He extrolls sprezzatura. The art of doing everything gracefully and well, without the appearance of effort. A quality princes should cultivate."

"Yes. But besides sprezzatura one must exhibit at all times a dignified public restraint..."

Catégories: Elsewhere

Pages

Subscribe to jfhovinne agrégateur - Elsewhere