Feed aggregator

[$] Building the kernel with clang

LWN Headlines -

Over the years, there has been a persistent effort to build the Linux kernel using the Clang C compiler that is part of the LLVM project. We last looked in on the effort in a report from the LLVM microconference at the 2015 Linux Plumbers Conference (LPC), but we have followed it before that as well. At this year's LPC, two Google kernel engineers, Greg Hackmann and Nick Desaulniers, came to the Android microconference to update the status; at this point, it is possible to build two long-term support kernels (4.4 and 4.9) with Clang.

Apple File System in macOS High Sierra Won't Work With Fusion Drives

Slashdot -

An anonymous reader shares a report: MacOS High Sierra will come out of beta and roll out to the public next week. If you have previously installed the beta version, you may need to take extra steps before installing the release so your Fusion Drive-toting machine doesn't experience any negative consequences. Apple announced that the new Apple File system (APFS) won't immediately support Fusion Drives and will only support systems with all-flash built-in storage in the initial release of High Sierra. Those who tested out the beta versions of macOS High Sierra had their Fusion Drives converted to the new APFS. However, support was removed from the most recent beta versions, and it isn't coming back with the public release of High Sierra. Apple provided a set of instructions to help those users convert their Fusion Drives back from APFS to the standard HFS+ format before installing the High Sierra update. The instructions include backing up data using Time Machine, creating a bootable installer, reformatting the machine using Disk Utility, and reinstalling the operating system update.

Read more of this story at Slashdot.

Drupal.org blog: What’s new on Drupal.org? - August 2017

Drupal Planet -

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Announcement TLS 1.0 and 1.1 deprecated

Drupal.org uses the Fastly CDN service for content delivery, and Fastly has depreciated support for TLS 1.1, 1.0, and 3DES on the cert we use for Drupal.org, per the mandate by the PCI Security Standards Council. This change took place on 9 Aug 2017. This means that browsers and API clients using the older TLS 1.1 or 1.0 protocols will no longer be supported. Older versions of curl or wget may be affected as well.

Almost time for DrupalCon Vienna

DrupalCon Vienna is almost here! From September 26-29 you can join us for keynotes, sessions, and sprinting. Most of the Drupal Association engineering team will be on site, and we'll be hosting a panel discussion about recent updates to Drupal.org, and our plans for the future.

We hope to see you there!

Drupal.org updates 8.4.0 Alpha/Beta/Release Candidate 1

On August 3rd, Drupal 8.4.0 received its alpha release, followed on the 17th by a beta release, and on September 6th by the first release candidate. Several new stable API modules are now included in core for everything from workflow management to media management. Core maintainers hope to reach a stable release of Drupal 8.4 soon.

Improvements to Project Pages

We made a number of improvements to project pages in August, one of which was to clean up the 'Project information' section and add new iconography to make signals about project quality more clear to site builders.

In the same vein, we've also improved the download table for contrib projects, by making it more clear which releases are recommended by the maintainer, providing pre-release information for minor versions, and displaying recent test results.

Metadata about security coverage available to Composer

Developers who build Drupal sites using Composer may miss some of the project quality indicators from project pages on Drupal.org. Because of this, we now include information about whether a project receives security advisory coverage in the Composer 'extra' attribute. By including this information in the composer json for each project, we hope to make it easier for developers using Composer to ensure they are only using modules with security advisory coverage. This information is also accessible for developers who may want to make additional tools for managing composer packages.

Automatic issue credit for committers

Just about the last step in resolving any code-related issue is for a project maintainer to commit the changes. To make sure these maintainers are credited for the work they do to review these code changes, we now automatically add issue credit for committers.

Performance Improvements for Events.Drupal.org

With DrupalCon coming up in September we spent a little bit of time tuning the performance of Events.Drupal.org. We managed to resolve a session management bug that was the root cause of a significant slow down, so now the site is performing much better.

Syncing your DrupalCon schedule to your calendar

A long requested feature for our DrupalCon websites has been the ability to sync a user's personal schedule to a calendar service. In August we released an initial implementation of this feature, and we're working on updating it in September to support ongoing syncing - stay tuned!

Membership CTA on Download and Extend

We've added a call to action for new members on the Drupal.org Download and Extend page, which highlights some great words and faces from the community. Membership contributions are a crucial part of funding Drupal.org and DrupalCon, but much the majority of traffic we receive on Drupal.org is anonymous, and may not reach the areas of the site where we've promoted membership in the past. We're hoping this campaign will help us reach a wider audience.

DrupalCI sponsorship

DrupalCI is one of the most critical services the Drupal Association provides to the project, and also one of the more expensive. We've recently added a very small section to highlight how membership contributions help provide testing for the project - and in the future we hope to highlight sponsors who will step up specifically to subsidize testing for the Drupal project.

Infrastructure More semantic labels for testing

In August we added more semantic labels for DrupalCI test configuration. This means that project maintainers no longer have to update their testing targets with each new release of Drupal, they can instead test against the 'pre-release' or 'supported' version, etc. More information can be found in the DrupalCI documentation.

Started PCI audit

In August we also began a PCI audit, and developed a plan of action to reduce the Drupal Association's PCI scope. Protecting our community's personal and financial information is critically important, and with a small engineering team, the more we can offload PCI responsibility onto our payment vendors the better. We'll be continuing to work on these changes into the new year.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Sonos To Launch a Wireless Speaker That Would Support Multiple Voice Assistants

Slashdot -

Sonos, a mid- to high-end speaker manufacturer, released an updated privacy policy for its speakers that almost certainly confirms that the company will release a speaker with Amazon's Alexa voice assistant built into the device in the near term. From a report: Though many devices that integrate with Alexa have been announced and are starting to come to market, this is one of the higher-profile examples and could be instructive for smart-speaker designers. The company first announced its intention to add voice-assistant integration to its speakers over a year ago, but didn't give any specific time frame for that step. And an FCC filing from the company that surfaced a few weeks ago showed that it is looking into systems that would support multiple voice assistants, so a user could potentially have the option to choose between Amazon's Alexa or Google's Assistant, depending on what other devices they own and what platform they prefer.

Read more of this story at Slashdot.

Developer Marco Arment Shares Thoughts On iPhone X's Notch

Slashdot -

Developer Marco Arment writes about the infamous notch on the iPhone X, which Apple has told developers to embrace rather than ignore: This is the new shape of the iPhone. As long as the notch is clearly present and of approximately these proportions, it's unique, simple, and recognizable. It's probably not going to significantly change for a long time, and Apple needs to make sure that the entire world recognizes it as well as we could recognize previous iPhones. That's why Apple has made no effort to hide the notch in software, and why app developers are being told to embrace it in our designs. That's why the HomePod software leak depicted the iPhone X like this: it's the new basic, recognizable form of the iPhone. Apple just completely changed the fundamental shape of the most important, most successful, and most recognizable tech product that the world has ever seen.

Read more of this story at Slashdot.

Deeson: Deeson allocates 20% of my time to work on open source: here’s how I spend it

Drupal Planet -

Last week, Dries Buytaert published a post detailing the organisations that sponsor Drupal. It’s an insightful report, and we’re proud to be represented among the top 30 contributing organisations globally based on the number of Drupal.org commit credits.

This is due to the hard work of our development team. We’ve written before about why we think businesses should pay developers to contribute to open source, and we continue to practice what we preach.

I spend around 20% of my work week contributing to open source, primarily Group – the Drupal 8 module I wrote to allow you to create arbitrary collections of content and users, and grant access control permissions on those collections. Check out all the reasons Group is awesome!

How much time I spend on open source.

Before I joined Deeson I worked almost exclusively on Group in my own time. My previous employer promised me time for Group but I could never really get round to it properly during office hours. It started putting a massive strain on my personal life. Since joining Deeson, I work one day a week on contrib or core.

My main focus is Group, which gets the most attention throughout the year. However, sometimes I need to add or fix something in core so I focus on that instead. That may take up several weeks but in the end I always return to Group.

I now only spend my personal time reading incoming issues, blog posts and Twitter about Group and coming up with architecture. The actual coding is done during office hours.

Employer buy in is key.

Deeson cares about what I work on, encourages me to work on high-visibility modules and issues, and generally gives me the space I need to properly contribute back to the project.

They recognise the fact that this type of work leads to a high level of expertise which in turn benefits the company in the quality of the work we do for clients. 

Deeson ranks top of the list for me, hands down, when it comes to agency commitment to encouraging developers to work on open source projects. When they say I get one day a week, I get one day a week. 

Only over the summer with people on vacation was I asked to cover for others for a couple of weeks. Which is only natural when you’re part of a team. The rest of the year I really get the time I need to keep up with my contributions.

Contributing to open source makes for better developers.

Open source is what I do. The inherent constant peer review is exactly what I need because I don’t have a degree in computer sciences. If it weren’t for the way open source works, I wouldn’t be the developer I am now. It has really helped my hone my skills in a way that education probably never could. 

In other words: My job would probably suck if it weren’t for the fun aspects open source software has to offer!

If you want to work for an agency that offers paid time to support open source projects, check out our current vacancies.

Roy Scholten: If you’re coming to Drupalcon Vienna to discuss a hard problem,

Drupal Planet -

19 Sep 2017 If you’re coming to Drupalcon Vienna to discuss a hard problem,

Prepare to start in the middle

Help your peers get up to speed before Drupalcon so that while at Drupalcon you can more quickly go beyond “getting everybody on the same page” and move on to making decisions and defining next steps.

We can always do with more feedback from people using the Drupal toolkit to tackle, specific, challenges.

Get a blog post out, tweet out those “plan” style issue links, share that google doc, let us know which BoF you’ll host, etc. Help more people understand what’s moving where and what’s needed now.

It helps getting this info out there before Drupalcon because Drupalcon itself is where you then get together to decide and agree on path(s) forward.

Help people prepare so that you can start in the middle.

Maybe the feedback forces a restart from scratch after all because the problem is actually a different one than initially imagined. That’s still a win :)

Drupalcon is a great way to connect with the known experts and to onboard new experts.

Let us know what you hope to achieve.

Tags drupalplanet

Moore: The 2017 Linux Security Summit

LWN Headlines -

Paul Moore has posted his notes from the 2017 Linux Security Summit, held September 14 and 15 in Los Angeles. "LinuxKit was designed to make it easy for people to create their own Linux distribution, with a strong focus on minimal OS installs such as one would use in a container hosting environment. LinuxKit has several features that make it interesting from a security perspective, the most notable being the read-only rootfs which is managed using external tooling. Applications are installed via signed container images."

Security updates for Tuesday

LWN Headlines -

Security updates have been issued by Arch Linux (apache and ettercap), Debian (gdk-pixbuf and newsbeuter), Red Hat (kernel), Slackware (httpd, libgcrypt, and ruby), SUSE (kernel), and Ubuntu (bind9, kernel, libidn2-0, libxml2, linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-lts-trusty, and linux-lts-xenial).

Amazee Labs: We’re going to Vienna!

Drupal Planet -

We’re going to Vienna!

In a bit less than a week's time of writing this post, I’ll be packing my bag and getting ready to fly from Edinburgh to Vienna for the annual DrupalCon event. 

Bryan Gruneberg Tue, 09/19/2017 - 16:40

For those reading this who don’t already know, DrupalCon Europe is a community-focused event intended to bring existing community members together as well as encourage new participation in the project. There are a number of session tracks focusing on broadly accessible topics such as “Being Human” all the way through to the detailed and technical sessions. There are also sprint workshops focused on adding features and fixing bugs in the existing and future version of Drupal. In a very real sense, there is something for everyone.

 Compared with some of the other Amazee Labs team members, I am a relative DrupalCon newbie. I’ve only recently moved to the UK, so this will be my second DrupalCon. For some of the team members, this will be their 10th or even 15th DrupalCon!

Something that struck me last year, and that I’m really excited to see again this year, is the diversity of the attendees and how much work the organisers and community put into making the event accessible. I’m really looking forward to seeing people from all ages, races, and genders getting together under the banner of something we all have in common, namely our support (albeit in varied forms) for the Drupal Open Source project.


There is a growing sense of excitement in our daily standups and on our Slack channels as we draw closer to this year’s event. We have people coming from across Europe, South Africa, the UK, Taiwan, and the USA. While most of us are traveling to the event by way of planes, trains, and automobiles we can proudly boast that one of our team members is cycling all the way from Zurich to Vienna through the Alps! This is not the result of a lost bet between rivals but rather Amazee’s latest “Extreme Challenge” participant. Check out the Tour de Drupalps if you are (understandably) intrigued. You can also follow @dasjo or the #drupalps on Twitter.

 

Amazee submitted a number of session proposals this year and we are extremely proud of our team members who were selected to share their knowledge and ideas with the Drupal community.

Dania and Michael from the Amazee Group will present “How to go from one to seven companies around the world and how to run them”.

Lisa and Sarah will drop some creative styles and share “Motion Design - Improving UX with animations

Bastian and Tyler from Amazee.io will be showing us “Power to the People - How using containers can make your life easier”. 

John Albin (this being his 14th DrupalCon!) has a talk planned to shed some light on CSS-in-JS and share some of his unexpected lessons for Drupal component design. 

And finally “Everybody cheer! Here comes Media!” will be presented by Sasa and Tadej

With so many of our core team members working all over the world, we love to take these opportunities to have some real-world and in-person conversations. Our team dinner is a great opportunity to buy that person - who is usually on the other side of the world - a beer to say thanks for that one time where they made magic happen on that deadline that needed to get done that one Friday. It’s also a great opportunity to seek out that core or module developer and say thanks for all their efforts on the Drupal project.

Looking beyond ourselves, we’re also really excited to see what other companies and teams are doing and thinking. Josef is super excited for the Community Summit on Monday. Mary is excited to see the presentation on “Teaching Clients How to Succeed”, and I’m looking forward to seeing a presentation on Drupal & Ethereum as well as the Commerce 2.0 “Lessons Learned”.

If you’re attending, I hope to see you around! If you’re not attending you’ll be able to follow along with us. During the course of DrupalCon we will be posting at least one blog post per day on our Amazee Labs blog about the various events and highlights of our team’s experiences, so check back here and keep an eye out for our various social media posts.

Results of the Ubuntu Desktop Applications Survey

Slashdot -

Ubuntu Product and Strategy head at Canonical, dustinkirkland writes: A few months ago, Slashdot readers were asked for feedback on the Ubuntu Desktop default applications. This blog post, by the author of that post (hi, it's me again), provides the aggregated and processed results of that survey.

Read more of this story at Slashdot.

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Module Sitemap (video tutorial)

Drupal Planet -

Drupal Modules: The One Percent — Module Sitemap (video tutorial) NonProfit Tue, 09/19/2017 - 09:37 Episode 36

Here is where we seek to bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Module Sitemap, a module which will help you navigate through pages associated with modules you have enabled on your site. We also briefly review the Coffee module.

Google Chrome Most Resilient Against Attacks, Researchers Find

Slashdot -

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.

Read more of this story at Slashdot.

Schaller: Launching Pipewire

LWN Headlines -

Christian Schaller announces Pipewire, a media system that is meant to eventually replace PulseAudio and handle video as well. "Anyway as work progressed Wim decided to also take a look at Jack, as supporting the pro-audio usecase was an area PulseAudio had never tried to do, yet we felt that if we could ensure Pipewire supported the pro-audio usecase in addition to consumer level audio and video it would improve our multimedia infrastructure significantly and ensure pro-audio became a first class citizen on the Linux desktop." A video-only version will be shipping in Fedora 27.

Why You Shouldn't Use Texts For Two-Factor Authentication

Slashdot -

An anonymous reader quotes a report from The Verge: A demonstration video posted by Positive Technologies (and first reported by Forbes) shows how easy it is to hack into a bitcoin wallet by intercepting text messages in transit. The group targeted a Coinbase account protected by two-factor authentication, which was registered to a Gmail account also protected by two-factor. By exploiting known flaws in the cell network, the group was able to intercept all text messages sent to the number for a set period of time. That was enough to reset the password to the Gmail account and then take control of the Coinbase wallet. All the group needed was the name, surname and phone number of the targeted Bitcoin user. These were security researchers rather than criminals, so they didn't actually steal anyone's bitcoin, although that would have been an easy step to take. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself. Positive Technologies was able to hijack the text messages using its own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. Known as the SS7 network, that network is shared by every telecom to manage calls and texts between phone numbers. There are a number of known SS7 vulnerabilities, and while access to the SS7 network is theoretically restricted to telecom companies, hijacking services are frequently available on criminal marketplaces. The report notes of several ways you can protect yourself from this sort of attack: "On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you've got a more secure app-based method established. Google, for instance, will let you manage two-factor and account recovery here and here; just set up Authenticator or a recovery code, then go to the SMS option for each and click 'Remove Phone.'"

Read more of this story at Slashdot.

Annertech: 5 Reasons to Stop Using Static Design Tools and Start Designing in the Browser

Drupal Planet -

5 Reasons to Stop Using Static Design Tools and Start Designing in the Browser

I'll be presenting at DrupalCon Vienna next week as part of my evangelising against static design tools like Photoshop, InVision, and Sketch. The talk will cover items such as "What's the problem we are trying to solve?", "Why do static tools not solve the problem?", and "Why is working with component design and design in the browser the most sustainable solution?".

I got a request today from a former colleague:

Poor Shoe

The Daily WTF -

"So there's this developer who is the end-all, be-all try-hard of the year. We call him Shoe. He's the kind of over-engineering idiot that should never be allowed near code. And, to boot, he's super controlling."

Sometimes, you'll be talking to a friend, or reading a submission, and they'll launch into a story of some crappy thing that happened to them. You expect to sympathize. You expect to agree, to tell them how much the other guy sucks. But as the tale unfolds, something starts to feel amiss.

They start telling you about the guy's stand-up desk, how it makes him such a loser, such a nerd. And you laugh nervously, recalling the article you read just the other day about the health benefits of stand-up desks. But sure, they're pretty nerdy. Why not?

"But then, get this. So we gave Shoe the task to minify a bunch of JavaScript files, right?"

You start to feel relieved. Surely this is more fertile ground. There's a ton of bad ways to minify and concatenate files on the server-side, to save bandwidth on the way out. Is this a premature optimization story? A story of an idiot writing code that just doesn't work? An over-engineered monstrosity?

"So he fires up gulp.js and gets to work."

Probably over-engineered. Gulp.js lets you write arbitrary JavaScript to do your processing. It has the advantage of being the same language as the code being minified, so you don't have to switch contexts when reading it, but the disadvantage of being JavaScript and thus impossible to read.

"He asks how to concat JavaScript, and the room tells him the right answer: find javascripts/ -name '*.js' -exec cat {} \; > main.js"

Wait, what? You blink. Surely that's not how Gulp.js is meant to work. Just piping out to shell commands? But you've never used it. Maybe that's the right answer; you don't know. So you nod along, making a sympathetic noise.

"Of course, this moron can't just take the advice. Shoe has to understand how it works. So he starts googling on the Internet, and when he doesn't find a better answer, he starts writing a shell script he can commit to the repo for his 'jay es minifications.'"

That nagging feeling is growing stronger. But maybe the punchline is good. There's gotta be a payoff here, right?

"This guy, right? Get this: he discovers that most people install gulp via npm.js. So he starts shrieking, 'This is a dependency of mah script!' and adds node.js and npm installation to the shell script!"

Stronger and stronger the feeling grows, refusing to be shut out. You swallow nervously, looking for an excuse to flee the conversation.

"We told him, just put it in the damn readme and move on! Don't install anything on anyone else's machines! But he doesn't like this solution, either, so he finally just echoes out in the shell script, requires npm. Can you believe it? What a n00b!"

That's it? That's the punchline? That's why your friend has worked himself into a lather, foaming and frothing at the mouth? Try as you might to justify it, the facts are inescapable: your friend is TRWTF.

code { font-family: Consolas, monospace; } [Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Bacteria In Tumors Can Inactivate Common Chemotherapy Drugs, Study Suggests

Slashdot -

Researchers caught the bacteria Mycoplasma hyorhinis hiding out among cancer cells, thwarting chemotherapy drugs intended to treat the tumors they reside in. The findings have been published this week in Science. Ars Technica reports: Drug resistance among cancers is a "foremost challenge," according to the study's authors, led by Ravid Straussman at the Weizmann Institute of Science. Yet the new data suggest that certain types of drug-resistant cancers could be defeated with a simple dollop of antibiotics alongside a chemotherapy regimen. Dr. Straussman and his colleagues got a hunch to look for the bacteria after noticing that, when they grew certain types of human cancer cells together in lab, the cells all became more resistant to a chemotherapy drug called gemcitabine. This is a drug used to treat pancreatic, lung, breast, and bladder cancers and is often sold under the brand name Gemzar. The researchers suspected that some of the cells may secrete a drug-busting molecule. So they tried filtering the cell cultures to see if they could catch it. Instead, they found that the cell cultures lost their resistance after their liquid broth passed through a pretty large filter -- 0.45 micrometers. This would catch large particles -- like bacteria -- but not small molecules, as the researchers were expecting. Looking closer, the researchers noticed that some of their cancer cells were contaminated with M. hyorhinis. And these bacteria could metabolize gemcitabine, rendering the drug useless. When the researchers transplanted treatable cancer cells into the flanks of mice -- some with and some without M. hyorhinis -- the bacteria-toting tumors were resistant to gemcitabine treatment.

Read more of this story at Slashdot.

Agiledrop.com Blog: AGILEDROP: Agiledrop going to DrupalCon Vienna!

Drupal Planet -

There have been many blog post written about the forthcoming DrupalCon in Vienna. Many topics were covered including our Accepted Business sessions for DrupalCon Vienna. To refresh your memories, we presented them because our commercial director Iztok Smolic was selected in a business track team to help prepare the program and select the sessions. Maybe it is obvious or maybe it is not. But it's definitely time to say that we will be present on a DrupalCon in Vienna! Besides Iztok, who will be attending his eight DrupalCon, with the first one dating back to 2009, our development director… READ MORE

Pages

Subscribe to Heydon Consulting aggregator