Elsewhere

Dirk Eddelbuettel: New package gettz on CRAN

Planet Debian - sam, 10/09/2016 - 23:40

gettz is now on CRAN in its initial release 0.0.1.

It provides a possible fallback in situations where Sys.timezone() fails to determine the system timezone. That can happen when e.g. the file /etc/localtime somehow is not a link into the corresponding file with zoneinfo data in, say, /usr/share/zoneinfo.

Duane McCully provided a nice StackOverflow answer with code that offers fallbacks via /etc/timezone (on Debian/Ubuntu) or /etc/sysconfig/clock (on RedHat/CentOS/Fedora, and rumour has it, BSD* systems) or /etc/TIMEZONE (on Solaris). The gettz micro-package essentially encodes that approach so that we have an optional fallback when Sys.timezone() comes up empty.

In the previous paragraph, note the stark absense of OS X where there seems nothing to query, and of course Windows. Contributions for either would be welcome.

For questions or comments use the issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Catégories: Elsewhere

Steve Kemp: If your code accepts URIs as input..

Planet Debian - sam, 10/09/2016 - 11:24

There are many online sites that accept reading input from remote locations. For example a site might try to extract all the text from a webpage, or show you the HTTP-headers a given server sends back in response to a request.

If you run such a site you must make sure you validate the schema you're given - also remembering to do that if you're sent any HTTP-redirects.

Really the issue here is a confusion between URL & URI.

The only time I ever communicated with Aaron Swartz was unfortunately after his death, because I didn't make the connection. I randomly stumbled upon the html2text software he put together, which had an online demo containing a form for entering a location. I tried the obvious input:

file:///etc/passwd

The software was vulnerable, read the file, and showed it to me.

The site gives errors on all inputs now, so it cannot be used to demonstrate the problem, but on Friday I saw another site on Hacker News with the very same input-issue, and it reminded me that there's a very real class of security problems here.

The site in question was http://fuckyeahmarkdown.com/ and allows you to enter a URL to convert to markdown - I found this via the hacker news submission.

The following link shows the contents of /etc/hosts, and demonstrates the problem:

http://fuckyeahmarkdown.com/go/?u=file:///etc/hosts&read=1&preview=1&showframe=0&submit=go

The output looks like this:

.. 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost 127.0.0.1 stage 127.0.0.1 files 127.0.0.1 brettt.. ..

(Actually the actual output all newlines had been stripped. Weird.)

Despite reporting the problem to the author on Friday, and following up the report via Twitter this has not yet been fixed, but after four days I assume I'm not alone in spotting this.

Catégories: Elsewhere

Enrico Zini: Dreaming of being picked

Planet Debian - sam, 10/09/2016 - 09:47

From "Stop stealing dreams":

«Settling for the not-particularly uplifting dream of a boring, steady job isn’t helpful. Dreaming of being picked — picked to be on TV or picked to play on a team or picked to be lucky — isn’t helpful either. We waste our time and the time of our students when we set them up with pipe dreams that don’t empower them to adapt (or better yet, lead) when the world doesn’t work out as they hope.

The dreams we need are self-reliant dreams. We need dreams based not on what is but on what might be. We need students who can learn how to learn, who can discover how to push themselves and are generous enough and honest enough to engage with the outside world to make those dreams happen.»

This made me think that I know many hero stories based on "the chosen", like Matrix, like most superheros getting powers either from some entity chosing them for it, or from chance.

I have a hard time thinking of a superhero who becomes one just by working hard at acquiring and honing their skills: I can only think of Batman and Ironman, and they start off as super rich.

If I think of people who start from scratch as commoners and work hard to become exceptional, in the standard superhero narrative, I can only think of supervillains.

Scary.

It makes me feel culturally biased into thinking that a common person cannot be trusted to act responsibly, and that only the rich, the chosen and the aristocrats can.

As a bias it may serve the rich and the aristocrats, but I don't think it serves society as a whole.

Catégories: Elsewhere

Dirk Eddelbuettel: RProtoBuf 0.4.6: bugfix update

Planet Debian - sam, 10/09/2016 - 01:40

Relatively quickly after version 0.4.5 of RProtoBuf was released, we have a new version 0.4.6 to announce which appeared on CRAN today.

RProtoBuf provides R bindings for the Google Protocol Buffers ("Protobuf") data encoding and serialization library used and released by Google, and deployed as a language and operating-system agnostic protocol by numerous projects.

This version contains a contributed bug-fix pull request covering conversion of zero-length vectors, and adding native support for S4 objects. At the request / suggestion of the CRAN maintainers, it also uncomments a LaTeX macro in the vignette (corresponding to our recent JSS paper paper) which older R versions do not (yet) have in their jss.cls file.

Changes in RProtoBuf version 0.4.6 (2016-09-08)
  • Support for serializing zero-length objects was added (PR #18 addressing #13)

  • S4 objects are natively encoded (also PR #18)

  • The vignette based on the JSS paper no longer uses a macro available only with the R-devel version of jss.cls, and hence builds on all R versions

CRANberries also provides a diff to the previous release. The RProtoBuf page has an older package vignette, a 'quick' overview vignette, a unit test summary vignette, and the pre-print for the JSS paper. Questions, comments etc should go to the GitHub issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Catégories: Elsewhere

Roy Scholten: Making possible needs examples

Planet Drupal - ven, 09/09/2016 - 22:53

Tim blogs about core development being hard. Lee talks about adding sample content. Jeff’s comment there (the first) gives a good example of why core dev is so difficult:

…what we need is a tool that allows modules or profiles to optionally install content after their other setup steps

It’s never just the direct application X or feature Y that gets added. It’s the tools that enable X or Y that get added to core. And for a long time this generalized approach was considered enough.

What’s changing is that on top of the enabling tech we now strive to also add a more opiniated example, a more concrete and specific expression of those new capabilities. I’m reminded of of Stevey’s Google Platforms Rant: “A platform needs a killer app.”

It’s interesting to see this shift in balance and I’m curious to see how it will play out.

Tags: drupalproductframeworkdrupalplanetSub title: A platform needs a killer app
Catégories: Elsewhere

Lars Wirzenius: Thinking about CI, maybe writing ick2

Planet Debian - ven, 09/09/2016 - 20:04

A year ago I got tired of Jenkins and wrote a CI system for myself, Ick. It's served me well since, but it's a bit clunky and awkward and I have to hope nobody else wants to use it.

I've been thinking about re-architecting Ick from scratch, and so I wrote down some of my thinking about this. It's very raw, but just in case someone else might be interested, I put it online at ick2.

At this point I'm still thinking about very high level concepts. I've not written any code, and probably won't in the next couple of months. But I had to get this out of my brain.

Catégories: Elsewhere

DrupalCon News: Update on DrupalCon Dublin Program

Planet Drupal - ven, 09/09/2016 - 19:23

Greetings from the DrupalCon Events Team, we have a few programming updates to share. 

For the past few years we have been thrilled to offer live streaming of the DrupalCon keynotes and closing sessions. Unfortunately, we will not be live streaming these sessions in Dublin. To catch the action live, you will need to meet us in Dublin. The good news is that we have a top-notch archiving crew who will archive these sessions as quickly as possible. 

Catégories: Elsewhere

Steve McIntyre: Time flies

Planet Debian - ven, 09/09/2016 - 17:57

Slightly belated...

Another year, another OMGWTFBBQ. By my count, we had 49 people (and a dog) in my house and garden at the peak on Saturday evening. It was excellent to see people from all over coming together again, old friends and new. This year we had some weather issues, but due to the delights of gazebo technology most people stayed mostly dry. :-)

Also: thanks to a number of companies near and far who sponsored the important refreshments for the weekend:

As far as I could tell, everybody enjoyed themselves; I know I definitely did!

Catégories: Elsewhere

ActiveLAMP: Drupal 7 or 8: DrupalCamp LA 2016 Table Talk - pt. 1/5

Planet Drupal - ven, 09/09/2016 - 17:01

We got a few shop owners together at DrupalCamp LA 2016, at UC Irvine to talk Drupal. This is Part 1 of 5 of that conversation, talking about using Drupal 7 or Drupal 8 for new projects that we’re building.

Read more...
Catégories: Elsewhere

Code Enigma: Introducing the Selective Watchdog Backend module

Planet Drupal - ven, 09/09/2016 - 16:20
Introducing the Selective Watchdog Backend module Language English Return to Blog Introducing the Selective Watchdog Backend module

Keep a good performance while storing logs on your Drupal database.

Fri, 2016-09-09 15:20By salva

In the world of Drupal, it's a common and best practice to disable the Dblog module (Database logging) on production sites, in favour of using the Syslog module, which will take care of logging all php errors, notices, or any custom log messages into the Unix system logs, removing the performance burden of writing them to the Drupal database.

There are scenarios in which this approach, while convenient to keep the site running smoothly, is rather problematic when troubleshooting issues that appear only in a given environment and under very specific conditions. For those, unless you can count with some custom logging system built for very specific aspects of a site, you are pretty much blind and unable to find the source of a bug. 

We've recently had this problem in one of our sites, where several external systems were involved in the feature that we were trying to debug. Given that those systems couldn't be reached from a development environment, we needed a minimum amount of information to be kept on the Drupal database, so that it was easier to navigate and see the details than it is to sail through the syslog. For that, Pascal Morin wrote a new module called Selective Watchdog Backend (selectlog).

So what's it?

The concept behind the Selective Watchdog Backend is quite simple: instead of sending all logs to the syslog, give developers some flexibility to choose what can be also sent to the Drupal database. That way, you ensure that everything is sent to the syslog as usual, but for very specific sections of your site, you still have a meaningful set of logs of what you might consider more important at any given point. The great thing of the module, is that it doesn't affect any other watchdog modules you may be using. It's just an addition on top of them.

Let's see a couple examples, of what could be common use cases:

Scenario 1: You have a complex integration with a 3rd party API, and all the site users make constant use of it. However, it's not very stable, and you need to assist your client by providing them with exact details of the points at which the API is failing to return the expected results. Of course you've already added watchdog entries for these cases when you wrote the module, because you're a smart developer, but now you need these entries to be surfaced on the Drupal site. With the selectlog module enabled, all you'd have to would be editing your settings.php file and add these lines:

$conf['selectlog'] = array( 'dblog' => array(
  'your_api_integration_module' => '*',
);

That would log every watchdog entry of your custom module to the database, making it available under admin/reports/dblog.

Scenario 2: Some of your views are breaking on production and you don't manage to find the problem (this is less likely to happen, but it'll do for the sake of the explaining the module usage). To troubleshoot this, you want to store the watchdog entries from the views module in the database, but just those of a certain severity. To do so:

$conf['selectlog'] = array( 'dblog' => array(
  'views' => array(
    WATCHDOG_CRITICAL,
    WATCHDOG_ERROR,   
  ),
);

And that's it. Pretty neat and convenient. Hopefully we'll be promoting this sandbox to a full project soon. In the meantime, take our word that it works wonderfully. If you think it's going to be an useful feature on your site, I recommend checking out the details on the project page or the comprehensive README.md file included with the module. Enjoy your logs!

 

BlogViewport module ready for Drupal 8 BlogSpinning up a CentOS server for Drupal FAQHow do I find Drupal messages with the syslog module enabled? BlogDoing more with Drush sql-sanitize
Catégories: Elsewhere

Kodamera Screencast: The Coffee module

Planet Drupal - ven, 09/09/2016 - 16:08

Time to check out one of our favourite contrib modules for Drupal - The Coffee module. With a keyboard shortcut it displays a quicksearch moodal window that lets you navigate around in Drupal very quick and easy.

Simliar modules are EazyLaunch and Cobalt, but they are only available for Drupal 7 (so far).


Read more
Catégories: Elsewhere

Jonathan Dowland: Metropolis

Planet Debian - ven, 09/09/2016 - 12:55

Every year since 2010 the Whitley Bay Film Festival has put on a programme of movies in my home town, often with some quirk or gimmick. A few years back we watched "Dawn Of The Dead" in a shopping centre—the last act was interrupted by a fake film-reel break, then a load of zombies emerged from the shops. Sometime after that, we saw "The Graduate" within a Church as part of their annual "Secret Cinema" showing. Other famous stunts (which I personally did not witness) include a screening of Jaws on the beach and John Carpenter's "The Fog" in Whitley Bay Lighthouse.

Massive thanks to Hunter North Recruitment for sponsoring Metropolis https://t.co/mphzHPCQ6O @snattaz pic.twitter.com/S9MNQmeLWZ

— Whitley Film Fest (@wbayfilmfest) August 14, 2016

This year I only went to one showing, Fritz Lang's Metropolis. Two twists this time: it was being shown in The Rendezvous Cafe, an Art-Deco themed building on the sea front; the whole film was accompanied by a live, improvised synthesizer jam by a group of friends and synth/sound enthusiasts who branded themselves "The Mediators" for the evening.

Metropolis live soundtrack preparations at the Rendezvous Cafe. Doors open 19.30 #metropolis pic.twitter.com/AdAqNVdEdx

— Whitley Film Fest (@wbayfilmfest) August 14, 2016

I've been meaning to watch Metropolis for a long time (I've got the Blu-Ray still sat in the shrink-wrap) and it was great to see the newly restored version, but the live synth accompaniment was what really made the night special for me. They used a bunch of equipment, most notably a set of Korg Volcas. The soundtrack varied in style and intensity to suit the scenes, with the various under-city scenes backed by a pumping, industrial-style improvisation which sounded quite excellent.

I've had an interest in playing with synthesisers and making music for years, but haven't put the time in to do it properly. I left newly inspired and energised to finally try to make the time to explore it.

Catégories: Elsewhere

PreviousNext: We could add default content to Drupal core, but what would that mean?

Planet Drupal - ven, 09/09/2016 - 05:07

There has been some movement of late around adding some default content to the standard profile.

This was originally reignited by Roy Scholten in his getting something in the box post.

As author and co-maintainer of the default content module for Drupal 8, I wanted to share my thoughts on the potential of adding it to Drupal core.

Catégories: Elsewhere

Drupal core announcements: User Guide 8.x-2.0 released!

Planet Drupal - ven, 09/09/2016 - 00:51

At long last, the copy editing of the User Guide is done! (If you've been a member of this group for a while, you should know what I'm talking about; if not, go browse the archives at https://groups.drupal.org/documentation for the last 1.5 years or so). I'd like to thank everyone who helped with editing tasks, and especially Jojy Alphonso (jojyja), who did the vast majority of the copy editing. THANK YOU!

So, the guide is in very good shape, and I just made an official release of version 8.x-2.0, corresponding to Drupal Core 8.2.x (which is supposed to be released soon). It should be live on Drupal.org soon, in HTML format, for your reading pleasure (not sure exactly when, since the reduced Drupal Association staff is pretty busy, but we're working on it). I'll post a link in a comment here when that happens.

Meanwhile, you can go to the User Guide project page and download the release, which contains all of the source files (which are written in AsciiDoc markup language), as well as PDF, ePub, and Mobi ebook versions (those are in the "ebooks" folder/directory of the archive you get when you download the project).

Enjoy!

Also... The next step will be to translate the User Guide into other languages. The enthusiastic and experienced Catalan and Hungarian language teams will be starting on that shortly, and refining the process so that hopefully the other language teams can get started soon as well. If you want to help translate the Guide, you should start by joining the translation team on https://localize.drupal.org for your language. Thanks!

Catégories: Elsewhere

Lullabot: Syntax is Syntax? Lullabot's Non-Drupal Development Work

Planet Drupal - jeu, 08/09/2016 - 22:00
Did you know that Lullabot does a significant amount of non-Drupal work? Matt and Mike sit down with several Lullabots who are working on non-Drupal projects including Node, Swift, and React. We talk pros and cons of working in various languages, how they compare to our PHP world, and lots more.
Catégories: Elsewhere

DrupalCon News: Wining and Dining in Dublin

Planet Drupal - jeu, 08/09/2016 - 20:45

Dublin is a great place to eat out.

You probably won’t be surprised to learn that Dublin has a pretty good selection of bars and restaurants and selecting just a few is a difficult task. This is most certainly not a comprehensive list of venues, but here is a selection of our favourites.

Let us begin with that most important institution: the full Irish breakfast!

Catégories: Elsewhere

Jamie McClelland: Wait... is that how you are supposed to configure your SSD card?

Planet Debian - jeu, 08/09/2016 - 19:43

I bought a laptop with only SSD drives a while ago and based on a limited amount of reading, added the "discard" option to my /etc/fstab file for all partitions and happily went on my way expecting to avoid the performance degradation problems that happen on SSD cards without this setting).

Yesterday, after a several month ordeal, I finally installed SSD drives in one of May First/People Link's servers and started doing more research to find the best way to set things up.

I was quite surprised to learn that my change in /etc/fstab accomplished nothing. Well, not entirely true, my /boot partition was still getting empty sectors reported to the SSD card.

Since my filesystem is on top of LVM and LVM is on top of an encrypted disk, those messages from the files system to the disk were not getting through. I learned that when I tried to run the fstrim command on one of the partitions and received the message that the disk didn't support it. Since my /boot partition is not in LVM or encrypted, it worked on /boot.

I then made the necessary changes to /etc/lvm/lvm.conf and /etc/crypttab, restarted and... same result. Then I ran update-initramfs -u and rebooted and now fstrim works. I decided to remove the discard option from /etc/fstab and will set a cron job to run fstrim periodically.

Also, I learned of some security implications of using trim on an encrypted disk which don't seem to outweigh the benefits.

Catégories: Elsewhere

Annertech: How to Get the Most out of DrupalCon Dublin

Planet Drupal - jeu, 08/09/2016 - 13:34
How to Get the Most out of DrupalCon Dublin

DrupalCon is big. It's got hundreds of sessions. A similar amount of BoFs. Approximately 2,000 attendees. Social events left, right, and centre. It's not hard to get confused, miss things that you promised not to, and leave thinking "damn, I could have done that better". At Annertech, we're Ireland's most seasoned DrupalCon attendees. Here's our guide to making the most of it.

Catégories: Elsewhere

Drop Guard: Meet us in Dublin at booth #105!

Planet Drupal - jeu, 08/09/2016 - 12:00

Only 20 days are left until we head to Dublin to join the DrupalCon 2016! It’s the first time that we, the Drupal agency team from Bright Solutions (which is the "birthplace" of Drop Guard), arrive at a Con only with our Drop Guard team, so we can focus on our most famous contribution to the Community: our update management service tool “Drop Guard”.

Yes, we’d be happy to show people the great values which Drop Guard provides - but most of all we look forward to personal and honest conversations to progress in our work and as part of the Community!

 

Drupal Drupal Planet Drupalcon
Catégories: Elsewhere

Flocon de toile | Freelance Drupal: Introduction to Drupal 8 module : Permissions by field

Planet Drupal - jeu, 08/09/2016 - 07:51
The powerful access control system provided by Drupal 8 and permissions can prove to be a decisive criterion for choosing Drupal. This system is the basis of modules as Organic Group or Domain access, which respectively implement groups within the same site and implement a virtual multi-site architecture. The Permissions by field module allows us to control access to contents of a Drupal site in several generic methods, relying on the power of Entity Reference and the Drupal Field API, and to be able to delegate complex management access rights to content publishers according to their needs. Discover this module and the different possible use cases.
Catégories: Elsewhere

Pages

Subscribe to jfhovinne agrégateur - Elsewhere