Agrégateur de flux

Forum One: DrupalCon Amsterdam, Day 2: From Memories to the Future

Planet Drupal - mer, 01/10/2014 - 01:17

Today started out bright and early for our Forum One team, setting up for our part in the famous DrupalCon Prenote. This is one of the best-known “secrets” of DrupalCon. As Drupal founder Dries Buytaert puts it, “If you only get up early once during DrupalCon, this is the morning to do it.” In past years we’ve taught the audience how to pour beer (DrupalCon Munich), conducted the crowd in the “Drupal Opera” (DrupalCon Prague), and explored the funny and strange talents of the Drupal community (DrupalCon Portland). Of course, no one could forget our famous Coder/Themer Wonder Twins appearance at the Drupal Superheroes Prenote from DrupalCon Austin!

This year, the Prenote theme was Drupal memories. We heard from many of the famous Drupal core contributors about how they became involved in the community and how it ultimately changed their lives. A beautiful highlight was Nancy Beers sharing the romantic video her husband sent her from Drupal Camp in Seville, shortly after they met at DrupalCon in London. After showing the video, Nancy got down on one knee on stage and proposed!

Adam and I got to re-enact the founding of Acquia, one of Drupal’s biggest service providers. We re-enacted that first partnership between Dries Buytaert and Jay Batson in a great Star Wars-themed parody. “Join me, and together we can rule the Internets as CEO and CTO,” intoned Jay in a Darth Vader mask. The audience loved it, and, of course, Adam and I thoroughly enjoyed our parts as well.

At the end of the reminiscing, we directed the audience to stand up and take “selfies” of themselves with the stage in the background, while the core contributors up front took their own “selfies” to match. Then I took the microphone with my opera singing, Drupalist wife, Bryn Vertesi, to sing a Drupal-lyrics version of “Memories”, from the musical CATS. “Once we’re Beta, you’ll understand what happiness is,” became the catchphrase for the day!

The Dries keynote was exciting as well, mostly because of the announcement that Drupal 8 is going to Beta at the end of the convention! This is great news for developers and clients alike, as the Drupal 8 API brings enormous improvements in flexibility, scalability, and usability. Forum One’s own Kalpana Goel has been hard at work, not just helping to write Drupal 8, but mentoring others as well. She spent her day in the sprint room, where the core contributors mixed celebrating the milestone with planning sessions for the next development phase.

Today I also got to try out a new session, introducing the fundamental layout concepts in Drupal 7 and 8, and teaching people how to combine them for the best effect. Panels, Display Suite, and Context – oh my! ran overtime with a full room, and finally I decided we had to move the discussion to a “Birds of a Feather” workshop, tomorrow. I’m looking forward to it!

This was a long and eventful day for us here at DrupalCon Amsterdam. We’ll finish it off with a well-deserved beer at one of Holland’s famous breweries, hopefully somewhere along one of the many beautiful canals that dot this city. We’ll report back with more tomorrow!

Catégories: Elsewhere

Propeople Blog: New Propeople Drupal 8 Contributors Attending DrupalCon Amsterdam

Planet Drupal - mer, 01/10/2014 - 00:02

If you’re reading this blog post then you probably know what Drupal is...and I’m pretty sure that you are from the “Drupal world”. But just in case you don’t know - Drupal is an awesome open-source content management system. And for me, the best thing about Drupal is the community! With over 1 million members, and 30,000+ developers, it is one of the largest and most dedicated open-source tech communities in the world. For some people “Drupal community” means their developer friends around the world, for others it’s all about giving back to the Drupal project. No matter what you think - everyone must admit that DrupalCon is one of the main symbols of our community! DrupalCons are the most important conferences of the year for the Drupal community, and an event that Propeople supports as a sponsor year after year.

Unfortunately, DrupalCon is also one of the most expensive Drupal events of the year, specially when compared with small Drupal camps and events (e.g. DevDays in Szeged or a local DrupalCamp). Companies attending the conference will usually be represented by team leads and other senior team members. All the while, there are many, more junior Drupalists that would like to attend, but are not able to. For DrupalCon Amsterdam, we have decided to give some of our younger team members here in Propeople the opportunity to go to the event.

In order to do this, we had the idea of setting up a contest for our team. After all, some friendly competition is always fun! And what’s the most useful, interesting, and honest thing to base a DrupalCon contest around? Contributions to Drupal, of course! Whoever had the most Drupal contributions and patches to their name at the end of the contest would win a ticket to attend their first Con! Actually, our formula was a bit more complex than just a sum total of contributions. We accounted for the final status of the task or issue (if it was committed to Drupal - then max points, if it’s in the “needs review” stage - then no points); kind of project (Drupal core - max points, small sandbox - minimum points); and whether the patch was just a reroll or full of new logic. Other small multipliers were also used to “keep score”. Also we had some ground rules: contributions to documentation did not count, and there was only one month.

Personally, I think that the best and the easiest way to begin contributing is to find an interesting task, grab a laptop and start writing code. Similarly, I also think that the best and easiest way to become familiar with Drupal 8 (the upcoming version of Drupal) is to start contributing to the Drupal 8 core, or to port a module from Drupal 7. And even with tasks as simple as “Replace file_load() with File::load()”(https://www.drupal.org/node/2321969) you could learn a bit about EntityAPI, new FieldAPI, internal storage API, Unit test API and even fix some non-ideal code or remove external dependency to keep the DI pattern!

As a result of our month-long competition, those who competed were involved in 80+ Drupal 8 issues, and many of them have been resolved and committed to the Drupal core! Keep in mind that those who took part in the competition didn’t have any previous experience with Drupal 8.

So here are the results of our top-three contestants, who are in attendance at DrupalCon Amsterdam this week!

Temoor Gilmutdinov (https://www.drupal.org/u/temoor) - 25 issues: 10 were committed

Yaroslav Kharchenko (https://www.drupal.org/user/2312280) 30 issues: 12 were committed

Mike Sokolovskiy (https://www.drupal.org/u/lokeoke) - 23 issues: 12 were committed

These young developers were not alone. Afterall, when you help the community, the community helps you in return. Thank you to the great mentors that helped throughout:

  • @m1r1k

  • @andypost

  • @podarok

  • @dawehner

And of course, a big THANK YOU to our core committers:

@Webchick and @alexpott!

Overall, this was a great internal initiative for our team, motivating a number of our developers to contribute to Drupal 8. In addition to the opportunity to attend DrupalCon, they have also earned valuable experience that will be put to good use in the coming months, as we continue to be involved with the development of Drupal 8. When Drupal 8 launches, initiatives such as this will ensure that Propeople will be in a good place to continue to provide the professional Drupal services that we are so proud of!

Tags: DrupalCon AmsnterdamService category: TechnologyCheck this option to include this post in Planet Drupal aggregator: planetTopics: Community & Events
Catégories: Elsewhere

Mediacurrent: Adding Your Own Icon Fonts to Your Drupal Theme

Planet Drupal - mar, 30/09/2014 - 22:14

Icon fonts are a flexible solution for adding icons to your website. Having the icon contained in the font allows you to switch size and scale, color and add effects easily without having to redraw an image. In addition a font needs to be only loaded once, rather than 1 call per image (unless you are using a sprite like a fancy person, but sprites don't have the previously mentioned font benefits)...

Catégories: Elsewhere

Drupal @ Penn State: Drush recipes cookin' up sweet beta eats!

Planet Drupal - mar, 30/09/2014 - 21:42

Drush Recipes has come a long way since the project was first announced on planet a month ago.

Catégories: Elsewhere

Forum One: Where in the World is DrupalCon? – Day One

Planet Drupal - mar, 30/09/2014 - 20:27

How do you get to DrupalCon? Well, apparently you just follow the signs!

I’d never thought about it, but nothing makes one happier than official street signs guiding me from the hotel to the venue!

But even with such a welcome, I love the first day of DrupalCon, and I don’t mean trainings, community summit, or sprints, although they are important and valuable. More than all of that I love reconnecting with friends, colleagues, and collaborators.

We discuss the state of Drupal 8, and celebrate recent accomplishments, like the acceptance of the pagination dream markup (https://www.drupal.org/node/1912608) into Drupal 8 core!

This particular issue is one I’ve been working on consistently since Drupal Dev Days last March, but it’s not my victory alone, seven of us worked heavily on the ticket and even more contributed in smaller chunks.

We talk about which sessions we’ll attend and promote our own, namely Campbell’s and my Coder vs. Themer!

We also discuss new challenges and next steps, and in the sprint area we collaborate and problem solve together. Forum One’s Kalpana Goel is immensely passionate about core contribution and sprinting and received a scholarship from Drupal Association to come to Amsterdam and do just that.

Last but not least, we talk about the after parties and the social activities. But ultimately, it’s not about the hippest new nightclub or sushi at a shi-shi restaurant, it’s about people. I vastly prefer collecting colleagues and friends old and new into a semi-spontaneous dinner group, and so that’s what we did.

So that’s completes my recap of Day 1 in Amsterdam. Stay tuned for more updates soon!

 

 

Catégories: Elsewhere

Lisandro Damián Nicanor Pérez Meyer: Qt5 in Jessie: we will release with 5.3.2

Planet Debian - mar, 30/09/2014 - 19:08
Qt 5.3.2 has entered testing a few hours ago. This will be the version of Qt we will release with Debian Jessie, and it happens to be a nice coincidence, because upstream focused in stability for the 5.3 branch.

I'll now focus in fixing as many bugs as possible and in backporting Qt5 to Wheezy.

Let me warn you: if you are an upstream for a Qt4 based project be sure to be ready to switch to Qt5. If you are a maintainer of a Qt4 based project you better start asking your upstream to be ready for it :)
Catégories: Elsewhere

ThinkShout: Adding Encrypted USB Card Reader Support to Commerce iATS

Planet Drupal - mar, 30/09/2014 - 18:00

Ever been in a situation where you wished your Drupal Commerce installation could operate more like a Point of Sale system? Especially for nonprofits, taking donations and charging admission to events are prime examples of times when swiping a customer's credit card would be a great time saver.

As of version 2.5, Commerce iATS supports the use of encrypted USB card readers with iATS Payments.

Setting things up is easy:

  1. Upgrade to Commerce iATS 2.5
  2. Edit the Commerce iATS credit card payment method by selecting Store, Configuration, then Payment methods from your Drupal admin menu
  3. Check the "Use encrypted USB card reader" option of the credit card payment method (see screenshot below)
  4. Select the name of the USB card reader you're using
  5. Save the changes to the payment method and you're good to go

The USB card reader option is only available to Drupal admin users, not regular customers, so you'll need to create an order manually through the Drupal Commerce admin interface before you can process a payment by swiping a credit card.

The next time you add a credit card payment to an order, you'll see something like this:

That code is the encrypted credit card data fed into Drupal by the USB card reader. Or it might be the Matrix, we're still not entirely sure.

In addition to the convenience of not having to type in credit card details, the USB card readers are fully PCI compliant. All sensitive credit card information is encrypted by the reader before it reaches Drupal, meaning you never need to pass unencrypted card data through your server.

For the developers out there, the USB card readers can hook into three of iATS Payments' API services:

  • ProcessCreditCardV1

    • Process a credit card transaction without storing any data locally.
  • CreateCreditCardCustomerCodeV1

    • Create a customer code without a charge. This is a great way to store a customer's credit card to bill later. Fully PCI compliant as only the iATS Payments customer code is stored on your server, not the credit card information.
  • CreateCustomerCodeAndProcessCreditCardV1

    • A combination of the above two services, charge a credit card and create a customer code at the same time.

You can see some example card data in iATS Payments' developer documentation. If you're ready to start swiping credit cards, the documentation includes links to sites where you can purchase one of the two encrypted USB card readers supported by iATS Payments.

Catégories: Elsewhere

Cruiskeen Consulting: Drupal Hosting Survey

Planet Drupal - mar, 30/09/2014 - 16:46

As a hosting company, we're interested in the hosting needs of the Drupal community. We are doing some infrastructure and software planning at the moment, and we thought it would be great to get some feedback from the Drupal community as a whole.

We are conducting this as an open source survey - that is, we're planning on making the results publicly available after the survey closes.  We're planning on leaving the survey up through the end of October, so if you're interested in informing the decisions of hosting companies catering to Drupal, please come fill out the survey.

Gunnar Wolf: Diego Gómez: Imprisoned for sharing

Planet Debian - mar, 30/09/2014 - 16:01

I got word via the Electronic Frontier Foundation about an act of injustice happening to a person for doing... Not only what I do day to day, but what I promote and believe to be right: Sharing academic articles.

Diego is a Colombian, working towards his Masters degree on conservation and biodiversity in Costa Rica. He is now facing up to eight years imprisonment for... Sharing a scholarly article he did not author on Scribd.

Many people lack the knowledge and skills to properly set up a venue to share their articles with people they know. Many people will hope for the best and expect academic publishers to be fundamentally good, not to send legal threats just for the simple, noncommercial act of sharing knowledge. Sharing knowledge is fundamental for science to grow, for knowledge to rise. Besides, most scholarly studies are funded by public money, and as the saying goes, they should benefit the public. And the public is everybody, is all of us.

And yes, if this sounds in any way like what drove Aaron Swartz to his sad suicide early this year... It is exactly the same thing. Thankfully (although, sadly, after the sad fact), thousands of people strongly stood on Aaron's side on that demand. Please sign the EFF petition to help Diego, share this, and try to spread the word on the real world needs for Open Access mandates for academics!

Some links with further information:

Catégories: Elsewhere

Russell Coker: Links September 2014

Planet Debian - mar, 30/09/2014 - 15:55

Matt Palmer wrote a short but informative post about enabling DNS in a zone [1]. I really should setup DNSSEC on my own zones.

Paul Wayper has some insightful comments about the Liberal party’s nasty policies towards the unemployed [2]. We really need a Basic Income in Australia.

Joseph Heath wrote an interesting and insightful article about the decline of the democratic process [3]. While most of his points are really good I’m dubious of his claims about twitter. When used skillfully twitter can provide short insights into topics and teasers for linked articles.

Sarah O wrote an insightful article about NotAllMen/YesAllWomen [4]. I can’t summarise it well in a paragraph, I recommend reading it all.

Betsy Haibel wrote an informative article about harassment by proxy on the Internet [5]. Everyone should learn about this before getting involved in discussions about “controversial” issues.

George Monbiot wrote an insightful and interesting article about the referendum for Scottish independence and the failures of the media [6].

Mychal Denzel Smith wrote an insightful article “How to know that you hate women” [7].

Sam Byford wrote an informative article about Google’s plans to develop and promote cheap Android phones for developing countries [8]. That’s a good investment in future market share by Google and good for the spread of knowledge among people all around the world. I hope that this research also leads to cheap and reliable Android devices for poor people in first-world countries.

Deb Chachra wrote an insightful and disturbing article about the culture of non-consent in the IT industry [9]. This is something we need to fix.

David Hill wrote an interesting and informative article about the way that computer game journalism works and how it relates to GamerGate [10].

Anita Sarkeesian shares the most radical thing that you can do to support women online [11]. Wow, the world sucks more badly than I realised.

Michael Daly wrote an article about the latest evil from the NRA [12]. The NRA continues to demonstrate that claims about “good people with guns” are lies, the NRA are evil people with guns.

Related posts:

  1. Links July 2014 Dave Johnson wrote an interesting article for Salon about companies...
  2. Links May 2014 Charmian Gooch gave an interesting TED talk about her efforts...
  3. Links September 2013 Matt Palmer wrote an insightful post about the use of...
Catégories: Elsewhere

Raphaël Hertzog: My Debian LTS report for September

Planet Debian - mar, 30/09/2014 - 15:24

Thanks to the sponsorship of multiple companies, I have been paid to work 11 hours on Debian LTS this month.

I started by doing lots of triage in the security tracker (if you want to help, instructions are here) because I noticed that the dla-needed.txt list (which contains the list of packages that must be taken care of via an LTS security update) was missing quite a few packages that had open vulnerabilities in oldstable.

In the end, I pushed 23 commits to the security tracker. I won’t list the details each time but for once, it’s interesting to let you know the kind of things that this work entailed:

  • I reviewed the patches for CVE-2014-0231, CVE-2014-0226, CVE-2014-0118, CVE-2013-5704 and confirmed that they all affected the version of apache2 that we have in Squeeze. I thus added apache2 to dla-needed.txt.
  • I reviewed CVE-2014-6610 concerning asterisk and marked the version in Squeeze as not affected since the file with the vulnerability doesn’t exist in that version (this entails some checking that the specific feature is not implemented in some other file due to file reorganization or similar internal changes).
  • I reviewed CVE-2014-3596 and corrected the entry that said that is was fixed in unstable. I confirmed that the versions in squeeze was affected and added it to dla-needed.txt.
  • Same story for CVE-2012-6153 affecting commons-httpclient.
  • I reviewed CVE-2012-5351 and added a link to the upstream ticket.
  • I reviewed CVE-2014-4946 and CVE-2014-4945 for php-horde-imp/horde3, added links to upstream patches and marked the version in squeeze as unaffected since those concern javascript files that are not in the version in squeeze.
  • I reviewed CVE-2012-3155 affecting glassfish and was really annoyed by the lack of detailed information. I thus started a discussion on debian-lts to see whether this package should not be marked as unsupported security wise. It looks like we’re going to mark a single binary packages as unsupported… the one containing the application server with the vulnerabilities, the rest is still needed to build multiple java packages.
  • I reviewed many CVE on dbus, drupal6, eglibc, kde4libs, libplack-perl, mysql-5.1, ppp, squid and fckeditor and added those packages to dla-needed.txt.
  • I reviewed CVE-2011-5244 and CVE-2011-0433 concerning evince and came to the conclusion that those had already been fixed in the upload 2.30.3-2+squeeze1. I marked them as fixed.
  • I droppped graphicsmagick from dla-needed.txt because the only CVE affecting had been marked as no-dsa (meaning that we don’t estimate that a security updated is needed, usually because the problem is minor and/or that fixing it has more chances to introduce a regression than to help).
  • I filed a few bugs when those were missing: #762789 on ppp, #762444 on axis.
  • I marked a bunch of CVE concerning qemu-kvm and xen as end-of-life in Squeeze since those packages are not currently supported in Debian LTS.
  • I reviewed CVE-2012-3541 and since the whole report is not very clear I mailed the upstream author. This discussion led me to mark the bug as no-dsa as the impact seems to be limited to some information disclosure. I invited the upstream author to continue the discussion on RedHat’s bugzilla entry.

And when I say “I reviewed” it’s a simplification for this kind of process:

  • Look up for a clear explanation of the security issue, for a list of vulnerable versions, and for patches for the versions we have in Debian in the following places:
    • The Debian security tracker CVE page.
    • The associated Debian bug tracker entry (if any).
    • The description of the CVE on cve.mitre.org and the pages linked from there.
    • RedHat’s bugzilla entry for the CVE (which often implies downloading source RPM from CentOS to extract the patch they used).
    • The upstream git repository and sometimes the dedicated security pages on the upstream website.
  • When that was not enough to be conclusive for the version we have in Debian (and unfortunately, it’s often the case), download the Debian source package and look at the source code to verify if the problematic code (assuming that we can identify it based on the patch we have for newer versions) is also present in the old version that we are shipping.

CVE triaging is often almost half the work in the general process: once you know that you are affected and that you have a patch, the process to release an update is relatively straightforward (sometimes there’s still work to do to backport the patch).

Once I was over that first pass of triaging, I had already spent more than the 11 hours paid but I still took care of preparing the security update for python-django. Thorsten Alteholz had started the work but got stuck in the process of backporting the patches. Since I’m co-maintainer of the package, I took over and finished the work to release it as DLA-65-1.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Catégories: Elsewhere

Mario Lang: A simple C++11 concurrent workqueue

Planet Debian - mar, 30/09/2014 - 14:20

For a little toy project of mine (a wikipedia XML dump word counter) I wrote a little C++11 helper class to distribute work to all available CPU cores. It took me many years to overcome my fear of threading: In the past, whenever I toyed with threaded code, I ended up having a lot of deadlocks, and generally being confused. It appears that I finally have understood enough of this crazyness to be able to come up with the small helper class below.

It makes use of C++11 threading primitives, lambda functions and move semantics. The idea is simple: You provide a function at construction time which defines how to process one item of work. To pass work to the queue, simply call the function operator of the object, repeatedly. When the destructor is called (once the object reachs the end of its scope), all remaining work is processed and all background threads are joined.

The number of threads defaults to the value of std::thread::hardware_concurrency(). This appears to work at least since GCC 4.9. Earlier tests have shown that std::thread::hardware_concurrency() always returned 1. I don't know when exactly GCC (or libstdc++, actually) started to support this, but at least since GCC 4.9, it is usable. Prerequisite on Linux is a mounted /proc.

The number of maximum items per thread in the queue defaults to 1. If the queue is full, calls to the function operator will block.

So the most basic usage example is probably something like:

int main() { typedef std::string item_type; distributor<item_type> process([](item_type &item) { // do work }); while (/* input */) process(std::move(/* item */)); return 0; }

That is about as simple as it can get, IMHO.

The code can be found in the GitHub project mentioned above. However, since the class is relatively short, here it is.

#include <algorithm> #include <condition_variable> #include <mutex> #include <queue> #include <stdexcept> #include <thread> #include <vector> template <typename Type, typename Queue = std::queue<Type>> class distributor: Queue, std::mutex, std::condition_variable { typename Queue::size_type capacity; bool done = false; std::vector<std::thread> threads; public: template<typename Function> distributor( Function function , unsigned int concurrency = std::thread::hardware_concurrency() , typename Queue::size_type max_items_per_thread = 1 ) : capacity{concurrency * max_items_per_thread} { if (not concurrency) throw std::invalid_argument("Concurrency must be positive and non-zero"); if (max_items_per_thread) std::invalid_argument("Max items per thread must be positive and non-zero"); for (unsigned int count {0}; count < concurrency; count += 1) threads.emplace_back(static_cast<void (distributor::*)(Function)> (&distributor::consume), this, function); } distributor(distributor &&) = default; distributor(distributor const &) = delete; distributor& operator=(distributor const &) = delete; ~distributor() { { std::lock_guard<std::mutex> guard(*this); done = true; } notify_all(); std::for_each(threads.begin(), threads.end(), std::mem_fun_ref(&std::thread::join)); } void operator()(Type &&value) { std::unique_lock<std::mutex> lock(*this); while (Queue::size() == capacity) wait(lock); Queue::push(std::forward<Type>(value)); notify_one(); } private: template <typename Function> void consume(Function process) { std::unique_lock<std::mutex> lock(*this); while (true) { if (not Queue::empty()) { Type item { std::move(Queue::front()) }; Queue::pop(); lock.unlock(); notify_one(); process(item); lock.lock(); } else if (done) { break; } else { wait(lock); } } } };

If you have any comments regarding the implementation, please drop me a mail.

Catégories: Elsewhere

Dries Buytaert: Scaling Open Source communities

Planet Drupal - mar, 30/09/2014 - 11:47
Topic: Drupal

We truly live in miraculous times. Open Source is at the core of the largest organizations in the world. Open Source is changing lives in emerging countries. Open Source has changed the tide of governments around the world. And yet, Open Source can be really difficult. Open Source can be largely a thankless job. It is hard to find volunteers, it is hard to find organizations to donate time or money, it is hard to organize the community, it is hard to learn, it is hard to attract full-time contributors, and more. As the project lead for Drupal, one of the largest Open Source projects/communities in the world, I live these challenges every day. In this blog post, I will analyze the challenge with scaling Open Source communities and recommend a solution for how to build very large Open Source communities.

Open Source projects are public goods

In economic terms, for something to be a "public good", it needs to match two criteria:

  1. non-excludability - it is impossible to prevent anyone from consuming that good, and
  2. non-rivalry - consumption of this good by anyone does not reduce the benefits available to others.

Examples of public goods include street lighting, national defense, public parks, basic education, the road system, etc. By that definition, Open Source software is also a "public good": we can't stop anyone from using Open Source software, and one person benefiting from Open Source software does not reduce the benefits available to others.

The realization that Open Source is a public good is a helpful one because there has been a lot of research about how to maintain and scale public goods.

Public goods and the free-rider problem

The biggest problem with public goods is the "free rider problem". A free rider is someone who uses a public good but who does not pay anything (or pay enough) towards its cost or production. If the maintainers of a public good do not address the free-rider problem it can lead to the non-production or under-production of a public good. This is generally known as the "Tragedy of the Commons".

In Open Source, a free-rider is someone who uses an Open Source software project without contributing to it. If too few people or organizations contribute to the project, the project can become unhealthy, and ultimately could cease to exist.

The free-rider problem is typical for public goods and does not usually arise with private businesses. For example, community-maintained software like Drupal may have many free riders but proprietary competitors like Adobe or Sitecore have no problem excluding those who will not pay a license fee.

To properly understand the free-rider problem and public good provision, we need to understand both self-interest theory and the theory of collective action. I'll discuss both theories and apply them to Open Source.

Self-interest theory

Open Source contributors do amazing things. They contribute to fixing the hardest problems, they volunteer to help others, they share their expertise, and more. Actions like these are often described as altruistic, in contrast to the pursuit of self-interest. In reality, generosity is often driven by some level of self-interest: we provide values to others only on terms that benefit ourselves.

Many reasons exist why people contribute to Open Source projects; people contribute because they enjoy being part of a community of like-minded people, to hone their technical skills, to get recognition, to try and make a difference in the world, because they are paid to, or for different forms of "social capital". Often we contribute because by improving the world we are living in, we are making our world better too.

Modern economics suggest that both individuals and organizations tend to act in their own self-interest, bound by morals, ethics, the well-being of future generations and more. The theory of self-interest goes back to the writings of the old Greeks, is championed by early modern economists, and is still being adhered to by late-modern economists. It follows from the theory of self-interest that we'd see more individuals and organizations contribute if they received more benefits.

While contributing to Open Source clearly has benefits, it is not obvious if the benefits outweigh the cost. If we can increase the benefits, there is no doubt we can can attract more contributors.

Collective action theory

The theory of self-interest also applies to groups of individuals. In his seminal work on collective action and public goods, economist Mancur Olson shows that the incentive for group action diminishes as group size increases. Large groups are less able to act in their common interest than small ones because (1) the complexity increases and (2) the benefits diminish.

We see this first hand in Open Source projects. As an Open Source project grows, aspects of the development, maintenance and operation have to be transferred from volunteers to paid workers. Linux is a good example. Without Red Hat, IBM and Dell employing full-time Linux contributors, Linux might not have the strong market share it has today.

The concept of major public goods growing out of volunteer and community-based models is not new to the world. The first trade routes were ancient trackways, which citizens later developed on their own into roads suited for wheeled vehicles in order to improve commerce. Transportation was improved for all citizens, driven by the commercial interest of some. Today, we certainly appreciate that full-time government workers maintain the roads. Ditto for the national defense system, basic education, etc.

The theory of collective action also implies that as an Open Source project grows, we need to evolve how we incent contributors or we won't be able to attract either part-time volunteers or full-time paid contributors.

Selective benefits

Solutions for the free-rider problem and collective action problem exist, and this is where Open Source can learn from public goods theory and research. The most common solution for the free-rider problem is taxation; the government mandates all citizens to help pay for the production of the public good. Taxpayers help pay for our basic education system, the road system and national defense for example. Other solutions are privatization, civic duty or legislation. These solutions don't apply to Open Source.

I believe the most promising solution for Open Source is known as "privileged groups". Privileged groups are those who receive "selective benefits". Selective benefits are benefits that can motivate participation because they are available only to those who participate. The study of collective action shows that public goods are still produced when a privileged group benefits more from the public good than it costs them to produce it.

In fact, prominent "privileged groups" examples exist in the Open Source community; Automattic is a privileged group in the WordPress community as it is in a unique position to make many millions of dollars from WordPress.com. Mozilla Corporation, the for-profit subsidiary of the Mozilla Foundation, is a privileged group as it is in a unique position to get paid millions of dollars by Google. As a result, both Automattic and Mozilla Corporation are willing to make significant engineering investments in WordPress and Mozilla, respectively. Millions of people in the world benefit from that every day.

Drupal is different from Automattic and Mozilla in that no single organization benefits uniquely from contributing. For example, my company Acquia currently employs the most full-time contributors to Drupal but does not receive any exclusive benefits in terms of monetizing Drupal. While Acquia does accrue some value from hiring the Drupal contributors that it does, this is something any company can do.

Better incentives for Drupal contributors

It's my belief that we should embrace the concept of "privileged groups" and "selective benefits" in the Drupal community to help us grow and maintain the Drupal project. Furthermore, I believe we should provide "selective benefits" in a way that encourages fairness and equality, and doesn't primarily benefit any one particular organization.

From the theory of self-interest it follows that to get more paid core contributors we need to provide more and better benefits to organizations that are willing to let their employees contribute. Drupal agencies are looking for two things: customers and Drupal talent.

Many organizations would be eager to contribute more if, in return, they were able to attract more customers and/or Drupal talent. Hence, the "selective benefits" that we can provide them are things like:

  • Organizational profile pages on drupal.org with badges or statistics that prominently showcase their contributions,
  • Advertising on the drupal.org in exchange for fixing critical bugs in Drupal 8 (imagine we rewarded each company that helped fix a critical Drupal 8 bug 10,000 ad views on the front page of drupal.org),
  • Better visibility on Drupal.org's job board for those trying to hire Drupal developers,
  • The ability to sort the marketplace by contributions, rather than just alphabetically
  • ...

I'm particularly excited about providing ads in exchange for contributing. Contributing to Drupal now becomes a marketing expense; the more you contribute, the more customers you can gain from drupal.org. We can even direct resources; award more ad views in exchange for fixing UX problems early in the development cycle, but award critical bugs and beta blockers later in the development cycle. With some relatively small changes to drupal.org, hiring a full-time core developer becomes a lot more interesting.

By matching the benefits to the needs of Drupal agencies, we candirect more resources towards Drupal development. I also believe this system to be fair; all companies can choose to contribute to Drupal 8 and earn advertising credits, and all participants are rewarded equally. We can turn Drupal.org into a platform that encourages and directs participation from a large number of organizations.

Systems like this are subject to gaming but I believe these challenges can be overcome. Any benefit is better than almost no benefit. In general, it will be interesting to see if fairness and heterogeneity will facilitate or impede contribution compared to Open Source projects like WordPress and Mozilla, where some hold unique benefits. I believe that if all participants benefit equally from their contributions, they have an incentive to match each other's contributions and it will facilitate the agreement and establishment of a contribution norm that fosters both cooperation and coordination, while minimizing gaming of the system. In contrast, when participants benefit very differently, like with WordPress and Mozilla, this decreases the willingness to cooperate, which, in turn, could have detrimental effects on contributions. While not necessarily the easiest path, I believe that making the system fair and heterogeneous is the "Drupal way" and that it will serve us in the long term.

Conclusions

There are plenty of technical challenges ahead of us that we need to work on, fun ideas that we should experiment with, and more. With some relatively small changes, we could drastically change the benefits of contributing to Drupal. Better incentives mean more contributors, and more contributors mean that we can try more things and do things better and faster. It means we can scale Drupal development to new heights and with that, increase Open Source's impact on the world.

Catégories: Elsewhere

Francois Marier: Encrypted mailing list on Debian and Ubuntu

Planet Debian - mar, 30/09/2014 - 07:30

Running an encrypted mailing list is surprisingly tricky. One of the first challenges is that you need to decide what the threat model is. Are you worried about someone compromising the list server? One of the subscribers stealing the list of subscriber email addresses? You can't just "turn on encryption", you have to think about what you're trying to defend against.

I decided to use schleuder. Here's how I set it up.

Requirements

What I decided to create was a mailing list where people could subscribe and receive emails encrypted to them from the list itself. In order to post, they need to send an email encrypted to the list' public key and signed using the private key of a subscriber.

What the list then does is decrypt the email and encrypts it individually for each subscriber. This protects the emails while in transit, but is vulnerable to the list server itself being compromised since every list email transits through there at some point in plain text.

Installing the schleuder package

The first thing to know about installing schleuder on Debian or Ubuntu is that at the moment it unfortunately depends on ruby 1.8. This means that you can only install it on Debian wheezy or Ubuntu precise: trusty and jessie won't work (until schleuder is ported to a more recent version of ruby).

If you're running wheezy, you're fine, but if you're running precise, I recommend adding my ppa to your /etc/apt/sources.list to get a version of schleuder that actually lets you create a new list without throwing an error.

Then, simply install this package:

apt-get install schleuder Postfix configuration

The next step is to configure your mail server (I use postfix) to handle the schleuder lists.

This may be obvious but if you're like me and you're repurposing a server which hasn't had to accept incoming emails, make sure that postfix is set to the following in /etc/postfix/main.cf:

inet_interfaces = all

Then follow the instructions from /usr/share/doc/schleuder/README.Debian and finally add the following line (thanks to the wiki instructions) to /etc/postfix/main.cf:

local_recipient_maps = proxy:unix:passwd.byname $alias_maps $transport_maps Creating a new list

Once everything is set up, creating a new list is pretty easy. Simply run schleuder-newlist list@example.org and follow the instructions

After creating your list, remember to update /etc/postfix/transports and run postmap /etc/postfix/transports.

Then you can test it by sending an email to LISTNAME-sendkey@example.com. You should receive the list's public key.

Adding list members

Once your list is created, the list admin is the only subscriber. To add more people, you can send an admin email to the list or follow these instructions to do it manually:

  1. Get the person's GPG key: gpg --recv-key KEYID
  2. Verify that the key is trusted: gpg --fingerprint KEYID
  3. Add the person to the list's /var/lib/schleuder/HOSTNAME/LISTNAME/members.conf: - email: francois@fmarier.org key_fingerprint: 8C470B2A0B31568E110D432516281F2E007C98D1
  4. Export the public key: gpg --export -a KEYID
  5. Paste the exported key into the list's keyring: sudo -u schleuder gpg --homedir /var/lib/schleuder/HOSTNAME/LISTNAME/ --import
Catégories: Elsewhere

Drupal Watchdog: Baby Steps

Planet Drupal - mar, 30/09/2014 - 06:47
Column

FADE IN:

INTERIOR. RONNIE’S APARTMENT – EVENING
(RONNIE paces, on the phone.)

RONNIE: Jeremy, I have a bit of a problem. My Drupal guru-guy got two million dollars seed capital for his start-up and moved to Palo Alto. But I was thinking, maybe you should send me to DrupalCon Austin... Why? So I can experience the whole Drupal community-thing first-hand... Really?... Awesome!

DISSOLVE TO:

EXTERIOR. CONVENTION CENTER – ESTABLISHING SHOT – MORNING
(RONNIE enters the massive Neal Kocurek Memorial Austin Convention Center, along with hundreds of enthusiastic Drupalists.)

[TITLE: DRUPALCON. DAY ONE]

INT. CONVENTION CENTER, REGISTRATION AREA
(Ronnie approaches a heavily costumed gentleman and explains that he is interviewing attendees for an article in Drupal Watchdog. HILMAR HALLBJÖRNSSON, a Drupal developer from Iceland, readily agrees to be questioned. Ronnie sets his cellphone to Record.)

RONNIE: Hilmar, why the helmet and horns?

HILMAR: Three days before I came here, I saw Morten DK announcing a big Vikings party and claiming that Vikings came from Denmark.

RONNIE: Uh-huh.

HILMAR: Well, everyone with a little knowledge of Vikings knows there are as many genuine Vikings in Denmark as there are high mountains. Which is: none.

RONNIE: So...?

HILMAR: So I decided to show him who was the boss.

RONNIE: And you showed him?

HILMAR: He was defeated and knelt before me.

INT. CONVENTION CENTER – LATER
(Exiting Exhibit Hall, Ronnie keeps up with a scurrying man-on-a-mission: JASON MOSS, an applications developer for the University of North Carolina in Chapel Hill.)

JASON: This is my fourth DrupalCon and what makes it most favorable over the last three is that it’s in a warm place.

RONNIE: Uh-huh. But aside from the weather –

JASON: – I always get a lot of little tidbits and useful tips at Drupalcon. It’s what keeps me coming.

RONNIE: Did you hear Dries’s keynote speech?

Catégories: Elsewhere

Drupal core announcements: No Drupal 6 or Drupal 7 core release on Wednesday, October 1

Planet Drupal - mar, 30/09/2014 - 06:44

The monthly Drupal core bug fix release window is scheduled for this Wednesday. However, due to DrupalCon and other scheduling conflicts, there will be no release on this date.

Upcoming release windows include:

  • Wednesday, October 15 (security release window)
  • Wednesday, November 5 (bug fix release window)

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

Catégories: Elsewhere

Dirk Eddelbuettel: Rcpp 0.11.3

Planet Debian - mar, 30/09/2014 - 03:39

A new release 0.11.3 of Rcpp is now on the CRAN network for GNU R, and an updated Debian package has been uploaded too.

Rcpp has become the most popular way of enhancing GNU R with C++ code. As of today, 273 packages on CRAN depend on Rcpp for making analyses go faster and further.

This release brings a fairly large number of continued enhancements, fixes and polishing to Rcpp. These were provided by a total of seven different contributors---which is a new record as well.

See below for a detailed list of changes extracted from the NEWS file, but some highlights included in this release are

  • Several API cleanups, polishes and a pre-announced code removal
  • New InternalFunction interface, and new Timer functionality.
  • More robust functionality of Rcpp Attributes as well as a new dryRun option.
  • The Rcpp FAQ was updated, as was the main Description: in the DESCRIPTION file.
  • Rcpp.package.skeleton() can now deploy functionality from pkgKitten to create Rcpp packages that purr.

One sore point, however, is that we missed that packages using Rcpp Modules appear to require a rebuild. We are sorry for the inconvenience; this has highlighted a shortcoming in our fairly robust and extensive tests. While we test our packages against all known CRAN dependents, such tests check for the ability to compile and run freshly and not whether previously built packages still run. We intend to augment our testing in this direction to avoid a repeat occurrence of such a misfeature.

Changes in Rcpp version 0.11.3 (2014-09-27)
  • Changes in Rcpp API:

    • The deprecation of RCPP_FUNCTION_* which was announced with release 0.10.5 last year is proceeding as planned, and the file macros/preprocessor_generated.h has been removed.

    • Timer no longer records time between steps, but times from the origin. It also gains a get_timers(int) methods that creates a vector of Timer that have the same origin. This is modelled on the Rcpp11 implementation and is more useful for situations where we use timers in several threads. Timer also gains a constructor taking a nanotime_t to use as its origin, and a origin method. This can be useful for situations where the number of threads is not known in advance but we still want to track what goes on in each thread.

    • A cast to bool was removed in the vector proxy code as inconsistent behaviour between clang and g++ compilations was noticed.

    • A missing update(SEXP) method was added thanks to pull request by Omar Andres Zapata Mesa.

    • A proxy for DimNames was added.

    • A no_init option was added for Matrices and Vectors.

    • The InternalFunction class was updated to work with std::function (provided a suitable C++11 compiler is available) via a pull request by Christian Authmann.

    • A new_env() function was added to Environment.h

    • The return value of range eraser for Vectors was fixed in a pull request by Yixuan Qiu.

  • Changes in Rcpp Sugar:

    • In ifelse(), the returned NA type was corrected for operator[].

  • Changes in Rcpp Attributes:

    • Include LinkingTo in DESCRIPTION fields scanned to confirm that C++ dependencies are referenced by package.

    • Add dryRun parameter to sourceCpp.

    • Corrected issue with relative path and R chunk use for sourceCpp.

  • Changes in Rcpp Documentation:

    • The Rcpp-FAQ vignette was updated with respect to OS X issues.

    • A new entry in the Rcpp-FAQ clarifies the use of licenses.

    • Vignettes build results no longer copied to /tmp to please CRAN.

    • The Description in DESCRIPTION has been shortened.

  • Changes in Rcpp support functions:

    • The Rcpp.package.skeleton() function will now use pkgKitten package, if available, to create a package which passes R CMD check without warnings. A new Suggests: has been added for pkgKitten.

    • The modules=TRUE case for Rcpp.package.skeleton() has been improved and now runs without complaints from R CMD check as well.

  • Changes in Rcpp unit test functions:

    • Functions from the RUnit package are now prefixed with RUnit::

    • The testRcppModule and testRcppClass sample packages now pass R CMD check --as-cran cleanly with NOTES or WARNINGS

Thanks to CRANberries, you can also look at a diff to the previous release As always, even fuller details are on the Rcpp Changelog page and the Rcpp page which also leads to the downloads page, the browseable doxygen docs and zip files of doxygen output for the standard formats. A local directory has source and documentation too. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Catégories: Elsewhere

Web Wash: 3 Easy Ways to Create View Modes in Drupal 7

Planet Drupal - lun, 29/09/2014 - 23:14

View modes allow site builders to display the same piece of content in various ways. Drupal ships with a bunch of them out of the box like Teaser, "Full content", RSS and much more. There is even one for the search result page called "Search result". However, the two most prominent are Teaser and "Full content".

The "Full content" view mode is the one used to display content on its "node/123" page. It's the one you'll customise the most. Teaser, on the other hand, is used to display a summarised or trimmed down version of an article.

You can create as many view modes as necessary. But like many things in Drupal, they can be created in a few ways. They can be implemented using code and with a module or two.

In this tutorial, you'll learn how to create view modes in three ways: using hook_entity_info_alter(), using Display Suite and Entity view modes.

Catégories: Elsewhere

Drupal Association News: Drupal.org Content Strategy: Announcing a Request for Proposals!

Planet Drupal - lun, 29/09/2014 - 22:45

Earlier this year the Drupal Association began work on an initiative to launch a redesigned and improved Drupal.org in 2015. The first step of the plan was the Drupal.org user research, which was recently finished. Today we’d like to issue a Request for Proposals (RFP) for the content strategy for Drupal.org, next step of our redesign project.

We’d like to develop the strategy, which will guide ongoing content development work performed by Drupal Association staff and the Drupal community, and inform our ongoing branding and design efforts.

If you or your company is interested in potentially performing the content strategy work, please see the dates and instructions in the RFP document for more detail. Also, if you know of a person or company who would be awesome for this project, please encourage them to participate. Thank you!

Drupal.org Content Strategy RFP

Catégories: Elsewhere

Pages

Subscribe to jfhovinne agrégateur