A breakdown of what constitutes the software supply chain and how to secure each stage
Software Supply-Chain (SCC) attacks has become so critical that it has been driven by the government. The Biden Administration, in its second year in office, released an executive order on SSC risks. This has created a tailwind that has led to a proliferation of companies aiming to protect the supply chain and enable companies to comply with this legislation.
Bundling software components and dependencies into a deployable format and distributing it for installation on target systems. We discuss Software Bill of Materials (SBOM), code provenance and signatures, and artifact repositories.
AAAAXY is a nonlinear 2D puzzle platformer taking place in impossible spaces.
I wrote my latest post on fpdf2
almost a year ago.
As we just released a new version, v2.7,
this is the time to mention some recent additions to this library! 😊
This article will present some of the major features introduced between v2.5.3 & v2.7.3 of …
Universal pencil puzzle editor capable of drawing many different kinds of pencil puzzles. You can also solve problems in the software.
Following last week animated PDF adventure, I have been reading a series of one page dungeons... And yesterday I had the opportunity to play the best one in my opinion: The Sky-Blind Spire by Michael Prescott.
It has everythng I love on one page: a maze to explore, mysteries to …
Join us in sending a token of appreciation to your favorite open source developers and projects.
Here’s how:
- Choose a card
- Log in with GitHub
- Choose recipient
- Send your card
Un outil comme celui-ci est utile pour fournir une version texte d'un fichier média (audio ou vidéo). L'objectif de ce programme est de fournir un outil simple et rapide pour permettre de récupérer un texte et l'utiliser comme version numérique.
Au commencement était le projet de communs numériques "Common Voice" initié par la fondation Mozilla [...] Puis vint le projet du logiciel libre Vosk, à l'initiative d'un collectif de chercheurs (Alpha Cephei) [...] Enfin, vint le projet de transcription de Tykayn, contributeur de l'association "April" [...] Pour finir, vint le projet Scribe, à l'initiative de l'équipe SI des Ceméa qui créa cette interface, simple et fonctionnelle, basique pour proposer aux utilisateur·rices de bénéficier de l'ensemble de ces fonctionnalités sous une forme plus conviviale.
Today I made a small addition to a Javascript library I sometimes use to generate nonograms.
This tool can now build a solvable grid in the form of a valid QR Code that, once decoded, reveals some text:
To find more about it: Nonogram JS demo page.
Note that I've …
fpdf2
is a simple & fast PDF creation library for Python that I have been maintaining since mid-2020.
In this article, I'm going to present some of the new features that landed since my last post on the subject. Hence, this will cover versions 2.5.0, 2.5.1 & 2 …
new_x
and new_y
for cell()
and multi_cell()
, replacing ln=0
, thanks to @gmischleradd_highlight()
method to insert highlight annotations: documentationoffset_rendering()
method: documentation.text_mode
property: documentationunbreakable()
section, which is not supportedlocal_context()
can now "scope" even more properties, like blend_mode
: documentationmulti_cell(align="J")
is given text with multiple paragraphs (text followed by an empty line) at once, it now renders the last line of each paragraph left-aligned,multi_cell()
always renders a cell, even if txt
is an empty string - cf. #349multi_cell(..., split_only=True)
inside an unbreakable
section - cf. #359ln
to cell()
and multi_cell()
is now deprecated, use new_x
and new_y
instead.center
to cell()
is now deprecated, use align="C"
instead.DeprecationWarning
s are not displayed by Python by default.
Hence, every time you use a newer version of fpdf2
, we strongly encourage you to execute your scripts
with the -Wd
option (cf. documentation)
in order to get warned about deprecated features used in your code.
This can also be enabled programmatically with warnings.simplefilter('default', DeprecationWarning)
.
A free and open source web solution to visualize and explore 3D models right in your browser
Sources: https://github.com/kovacsv/Online3DViewer
TL;DR: There are three options to fix an NPM dependency:
- Open a bug ticket on the repository of the maintainer
- Fork & Fix
- Create a patch and fix it
J'avais tendance à privilégier la 2e solution, mais elle a l’inconvénient de créer une dépendance à github.com
au moment du build, ce qui n'est pas toujours pratique dans un contexte d'entreprise... patch-package
peut donc s'avérer bien pratique dans ce cas
Code source de https://www.mobicoop.fr
Made with Symfony
par Mathieu O'Neil, Laure Muselli, Fred Pailler & Stefano Zacchiroli
La communauté du logiciel libre peut-elle se constituer en entité politique qui réfléchit, au-delà du logiciel, sur la société dans son ensemble ? Peut-elle se confronter aux orthodoxies productivistes, au développement infini de la puissance de calcul ? Tout le passé indique le contraire. Son succès, pourtant, en dépend.
$ npm install faker@6.6.6
LIBERTY LIBERTY LIBERTY
Article complémentaire FR: https://www.01net.com/actualites/au-bout-du-rouleau-un-developpeur-sabote-ses-logiciels-open-source-2053434.html
One things that annoys me a little though, is that I often get matches for people too far away from where I live, even with the distance filter set in my Settings:
Hence I wrote some simple Javascript code that auto-pass matches for a list of given cities …
Last month, I realized late that October was hacktoberfest month!
This online event is a month-long celebration (October 1-31) of open source software run in partnership with different software companies, with a focus on encouraging contributions to open source projects.
While I participated in the 2019 edition as a contributor …
I have been amazed recently at the diversity of contributors on the fpdf2 project, coming from all around the world!
Then I thought it would be nice to visualize this diversity by building a world map of all contributors locations. There it is:
Click on the image to access an …
Today I finally took the time to put up a live demo website for Hesperides!
https://hesperides.herokuapp.com
Hesperides is an open source tool dedicated to configuration management: it stores applications properties and mustache templates for configurations files. It is strongly hierarchized based on few main concepts: modules, applications …
fpdf2
is a minimalist PDF creation library for Python that I am maintaining.
With the release yesterday of its v2.4.0
, I'm going to present some of its notable new features since the latest minor version.
https://github.com/pyfpdf/fpdf2/ Doc: https://pyfpdf.github.io/fpdf2/
Undying Dusk is a video game in a PDF format, with a gameplay based on exploration and logic puzzles, in the tradition of dungeon crawlers.
A curse set by the Empress keeps the world in an eternal dusk. You are have recently found shelter in an eerie monastery.
Featuring:
Today, I am happy to announce version 2.3.0 of fpdf2, code name: Unbreakable!
https://github.com/pyfpdf/fpdf2/ Doc: https://pyfpdf.github.io/fpdf2/
Why Unbreakable?
fpdf2
, your Python code can never break!
My highlights / quotes:
This creates an obvious congestion. Most people try to address it in the wrong way: using pragmatism. Let’s close the issue after two weeks of no original poster replies, after we ask some question. Close all the issues that are not very well specified. And other “inbox zero” solutions. The reality is that to process community feedbacks very well you have to take the time needed
So what happens? That you start to prioritize more and more what to look at and what not. And you feel you are a piece of shit at ignoring so many things and people, and also the contributor believes you don’t care about what others have to give you. It’s a complex situation.Sometimes I just stop looking at issues and PRs for weeks, because I’m coding or designing: that is the work I really love and enjoy. However this in turn creates ways more pressure on me, psychologically. To do what I love and I can do well I’ve to feel like shit.
the sum of the productivity of me working just when I want is greater than the productivity I’ve when I’m forced to work every day in a steady way.
Today, I am happy to announce a new version 2.2.0 of fpdf2 !
https://github.com/alexanderankin/pyfpdf/ Doc: https://alexanderankin.github.io/pyfpdf/
During the last few months, I contributed a few improvements to fpdf2
,
David Ankin fork of PyFPDF
,
the user-friendly Python library to generate PDFs:
from …
Linkback protocols are an old breed. They were born in a time where MySpace, Wikipedia & WordPress had just been born, and Friendster was more popular than this new website called Facebook.
The latest linkback protocol, Webmention, is relatively recent though, as it became a W3C …
<link rel="stylesheet" type="text/css" href="images/enigmes/topoloku.css">
Depuis le 24 mars, avec ma compagne, nous avons décidé de partager un petit puzzle logique par jour à nos amis & familles, pour les distraire un peu en cette période difficile.
J'avais même bricolé un petit système de score, et j'en profite d'ailleurs pour féliciter ici les gagnants !
Comme aujourd'hui …
The FOSDEM'20 (Free & Open Source Developers’ European Meeting) conference is:
a free event for software developers to meet, share ideas and collaborate
It took place last week-end at the Université Libre de Bruxelles, and I had the chance to attend it.
Sincere thanks to my employer, oui.sncf, for financing …
At work, we needed to retrieve the full list of jobs a given Jenkins instance was hosting.
Our first solution was to use the jenkinsapi Python package:
import xml.etree.ElementTree as XmlElementTree
from jenkinsapi.jenkins import Jenkins
def get_all_jenkins_jobs(server_url):
jenkins = Jenkins(server_url, lazy=True, timeout=30,
username=os …
The iframe
above displays some graphs I've built last week,
in order to get some insight on some GitHub projects issues & pull requests evolution.
They are directly inspired by nf-core project activity statistics.
Yesterday I was crafting some puzzles for my girlfriends, and I was looking for letter-based ones where I a secret word would be revealed once solved.
With this same goal, I had already once worked on an open-source JS word search generator: https://lucas-c.github.io/wordfind/
(pour les francophones …
Over the past years, on software programming projects where my end users where developers (other than myself or my team), I have tried to follow the advice of this website : keepachangelog(.com)
A changelog is defined by Wikipedia as :
a log or record of all notable changes made to a …
Je crois que j'envisage d'écrire un article sur ce sujet depuis que j'ai créé ce blog ! J'ai retrouvé ces notes datant d'au moins 5 ans, déposées au fin fond d'un fichier texte :
Dans tous ces jeux, un des plaisirs principaux provient de la découverte, à deux ou plus, des règles …
Crows Crows Crows est un studio de jeu vidéo créé en 2015, à l'origine entre autres du jeu complètement déjanté Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist et le créateur du studio, William Pugh, est également un des auteurs de The Stanley Parable.
En 2016 …
Voici une petite dépêche que j'ai écrite sur le site LinuxFr : https://linuxfr.org/news/generateurs-de-puzzles-libres
They show dependencies between the internal modules of various well-known Python libraries.
They goal is to provide a global overview of a Python project architecture, as a map of modules & packages, the top-level code abstractions.
Note that all …
Une courte présentation que j'ai donné ce matin à l'école d'ingénieurs IMT Atlantique (ex Ecole des Mines) via oui.sncf :
(la navigation est meilleure avec les flêches gauche / droite du clavier)
Le code source …
On my personnal server, I used to send myself alerts by email using the handy standard mail
command.
However, recently it appeared that my server became categorized as "spammer" by some online service providers,
due to the alerts frequency (a little bit more than one per day).
Hence, I got …
Le week-end dernier, j'ai participé à ma première Global Game Jam, à Nantes. Dans cet article, je vais vous présenter comment elle s'est déroulée, et faire le point sur ce qui a plus ou moins bien marché pour notre projet, The King Must Know, dont voici l'écran d'accueil :
J'avais déjà …
Cette année, voyages-sncf.com m'a permis d'aller à la conférence annuelle Python à Toulouse.
En vrac, voici un petit résumé personnel de cette PyConFr.
J'y étais présent 3 jours sur 4 (sprint le premier et conférences les deux autres), et j'y ai donné donné 2 présentations, dont le contenu est …
In this blog post, I'm going to demonstrate how to reuse WiseMapping HTML+JS rendering engine to easily visualize...
text-based mindmaps like this one have many benefits they are readable as-it-is they don't require any tool to be edited they follow the UNIX tenets
For the impatient ones, here is …
This week I wrote a small Python script, that can generate a mindmap from a simple indented text input like this:
Winter december january february Spring march april may Summer june july august Autumn september october november
The command: ./graphviz_mindmap.py seasons.txt
.
The results, with various layout
parameters:
Another …
Nouvelle feature pour mon petit projet d'éditeur/visualisateur de feuille de perso de jdr: rpg-bonhomme : une homepage liste désormais tous les layouts et les persos créés !
<iframe style="width:100%" height="500" src="https://chezsoi.org/lucas/jdr/rpg-bonhomme/"></iframe>I love reveal.js. I've been using it for years. But the other day, I was badly bitten by its requirement on a local HTTP server.
What happenned was that I was invited to make a short presentation in a youth and cultural center. I had prepared some slides with …
A year ago, I built a small JS lib using D3.js to visualize JSON-defined genealogy trees.
At the beginning of the year, I added a new feature using flex-calendar and moment-ferie-fr : a birthday calendar using the same JSON genealogy definition and miniature images.
I added this calendar to the …
I'd like to introduce you to an awesome git companion : pre-commit
hooks by Yelp.
Git hooks are scripts that git
executes before or after events such as: commit, push, and receive.
Git hooks are a built-in feature, but git
does not offer much support for them: if there is a …
I'm happy to introduce you with genealogic-d3, a Javascript visualization library to nicely display genealogy trees that I've been working on during the past 3 days.
I'm quite satisfied by the result. You'll find a live demo you can play with at https://chezsoi.org/lucas/genealogic-d3/skywalker.html
I …