Author: Michael G

Wigan Today reporter Holly Pritchard with today’s top news headlines, comment and weather

We’ve packaged three releases of Commerce Core this year, from the 2.29 release in February to this month’s 2.31 release. While DrupalCon, Kickstart development, and client launches have kept us busy, we wanted to take the opportunity to share the good news while we take a breather before DrupalCon Prague.

Each release includes general maintenance and modernization work, improving PHP 8.1 and Drupal 10 support while keeping up with tax rate changes around the world. They also include a variety of minor bug fixes and enhancements, like database indexes to improve performance or new permissions to support finer grained store management. Altogether, we’ve seen 87 issues resolved by dozens of contributors.

In this blog post, we’ll review the more significant new features, including for BOGO promotions, product display pages, and order management.

“Buy One Get One” promotions

Commerce Core 2.x has always included BOGO promotion support, including the ability to adjust the quantities (which is why we call it “Buy X, Get Y” in the UI) and fine tune other rules around applicability. Thanks to a variety of merchants pushing the limits of what core can do, we found fixed a few bugs and found ways to improve the feature. In particular, we’ve ensured that:

Read more

I’m always looking for ways to speed up my workflows, and I recently discovered a great use case for the 1Password CLI. Here’s my detailed tutorial showing how I Automate GitHub API Calls With Ruby, Keyboard Maestro, and 1Password CLI.

2022-08-30 – Christian Hesse

Recent changes in grub added a new command option to fwsetup and changed the way the command is invoked in the generated boot configuration. Depending on your system hardware and setup this could cause an unbootable system due to incompatibilities between the installed bootloader and configuration. After a grub package update it is advised to run both, installation and regeneration of configuration:

grub-install ...
grub-mkconfig -o /boot/grub/grub.cfg

F-Droid is always commited to distribute FOSS Android apps. Building free
software from source for Android comes with a different set of challenges
from GNU/Linux distros like Debian. Android apps are cross-compiled: they
are not built on the same OS as they run. On top of that, Android provides
only a barebones set of libraries built-in. Like the Java ecosystem, apps
are expected to fetch library binaries from Maven repos and build them into
the app. To ensure that the app is only built with FOSS deps, we develop a
scanning system in fdroidserver to restrict the dependency source and find
problematic dependencies.

F-Droid forbids unknown Maven repos and trusts only some well-known Maven
repos since
2015.
From then on,
some
more
repos
are
added
to the
list. Currently there are 8 Maven repos we trust:

• Maven Central – Google Maven Repo – JCenter – OSS Sonatype – OSS JFrog –
  JitPack.io – Clojars – CommonsWare – Gradle plugin repo

In 2020, JAR and AAR files embeded in the source code were
forbidden and
these trusted repos became the last weak point. We rely on them to provide
only FOSS libs. However, none of them are guaranteed to do so and they have
been a big source of non-free libs sneaking into the APKs.

The Maven Central repo is “the largest collection of Java and other open
source
components”
and a default source of libraries for Maven and Gradle “Serving Open Source
Components Since 2002”. The vast majority of
libraries used in Android apps, outside of Google’s own, are fetched from
Maven Central. It’s one of the most established and well-known Maven
repos. Maven Central has strict requirements that the source
code
and the source control system
information
should be provided, and the license should be
declared.
It also requires that the group ID should match the owner’s domain and the
files should be signed. Furthermore, Maven Central supports reproducible
builds
in a first class way which is a big help for ensuring that apps are 100%
free software.

Everything sounds too good to be true. Unfortunately, it is. Though they
declare that Maven Central is “OSS Repository
Hosting”,
they don’t require that the libs hosted on there are FOSS. Sometimes we find
that a
non-free
lib was
pulled from Maven Central and have to disable lots of affected versions of
published apps.

Are those open source libs hosted on Maven Central trustable? No, not
really. Some libs are tagged with a FOSS license but the source JAR files
are empty. What is worse is that they even encourage uploading a dummy
source JAR file of the sources to pass the
requirements which makes
their requirement totally meaningless. The declared license information may
just
be
wrong and
the source control system information just points to a random
link or a
repo with binary jars
only. Another
common case is that the lib itself is “open source” but it depends on other
proprietary
libs.

Other trusted Maven repos also have problems. The Google one hosts many
proprietary libs, of course, and the open source libs may
depend on
those proprietary one. The OSS Sonatype and JCenter repos are synced with
Maven Central, and include some extra libs. JitPack.io hosts whatever is
built from GitHub, without checking the
license or if
there is any binary in the repo, let alone the dependencies. Clojars and
Gradle plugin repo don’t have a license requirement either. The java
packages from Debian and the CommonsWare repo are pretty good but barely
used.

Given our limited resource and the situation, this may be an endless fighting. But we are getting more weapons. Thanks to our binary scanner, we have found lots of libs that depend on non-free deps in these Maven repos, most of which are from Maven Central. In the future we may scan the dependency map to find them before the build. However, this can’t help find libs with non-free license. Those non-free libs in our block list are mostly found by chance and experience. We are now working on more reliable methods for the future.

In 2020 during the height of the pandemic, Connor Leahy, co-founder of EleutherAI and CEO…

The post Episode 3: When hackers take on AI: Sci-fi – or the future? first appeared on Voices of Open Source.

This week, the Fuchsia team shared a new proposal titled “ADB on Fuchsia” that shares the team’s intention to support ADB for controlling devices and the reasoning behind wanting to do so. At present, the core “fx” and “ffx” tools used to control Fuchsia devices are only compatible with Linux and macOS computers. And while there’s an effort to get ffx running on Windows, that’s not projected to be completed until the end of 2022. Sadly, ADB for Fuchsia won’t work for consumer Fuchsia devices, such as the Nest Hubs, since Goolgle states that it will only be available during early development phases of Fuchsia devices.