A growing trend is seen in governments favouring free and open-source solutions (FOSS) for their official websites. The potential benefits of FOSS include enhanced security, flexibility, and cost savings. But how widespread is this trend, and which specific systems are gaining traction? To understand the scope of this trend, we examined the official websites of 195 countries globally. This analysis digs deeper into the trend of governments favouring free and open-source solutions for their online presence, uncovering which CMS systems—including Drupal, WordPress, and others—are most preferred for official government communication.

Article showing off Hanami and HTMX used in combination, to create an updating progress bar https://2n.pl/blog/hanami-progress-bar-with-htmx
It is sort of a tutorial, but more of a my own write-up of what I experimented with an learned.
Some more hanami articles are on the blog page, with more to come

You clone a Git repository, then pull from it. How can you tell its
contents are “authentic”—i.e., coming from the “genuine” project you
think you’re pulling from, written by the fine human beings you’ve been
working with? With commit signatures and “verified” badges ✅
flourishing, you’d think this has long been solved—but nope!

Four years after Guix deployed its own
tool to allow
users to authenticate updates fetched with guix pull (which uses Git
under the hood), the situation hasn’t changed all that much: the vast
majority of developers using Git simply do not authenticate the code
they pull. That’s pretty bad. It’s the modern-day equivalent of
sharing unsigned tarballs and packages like we’d blissfully do in the
past century.

The authentication mechanism Guix uses for
channels
is available to any Git user through the guix git authenticate
command. This post is a guide for Git users who are not necessarily
Guix users but are interested in using this command for their own
repositories. Before looking into the command-line interface and how we
improved it to make it more convenient, let’s dispel any
misunderstandings or misconceptions.

Why you should care

When you run git pull, you’re fetching a bunch of commits from a
server. If it’s over HTTPS, you’re authenticating the server itself,
which is nice, but that does not tell you who the code actually comes
from—the server might be compromised and an attacker pushed code to the
repository. Not helpful. At all.

But hey, maybe you think you’re good because everyone on your project is
signing commits and tags, and because you’re disciplined, you routinely
run git log --show-signature and check those “Good signature” GPG
messages. Maybe you even have those fancy “✅ verified” badges as found
on
GitLab
and on
GitHub.

Signing commits is part of the solution, but it’s not enough to
authenticate a set of commits that you pull; all it shows is that,
well, those commits are signed. Badges aren’t much better: the presence
of a “verified” badge only shows that the commit is signed by the
OpenPGP key currently registered for the corresponding GitLab/GitHub
account. It’s another source of lock-in and makes the hosting platform
a trusted third-party. Worse, there’s no notion of authorization (which
keys are authorized), let alone tracking of the history of authorization
changes (which keys were authorized at the time a given commit was
made). Not helpful either.

Being able to ensure that when you run git pull, you’re getting code
that genuinely comes from authorized developers of the project is
basic security hygiene. Obviously it cannot protect against efforts to
infiltrate a project to eventually get commit access and insert
malicious code—the kind of multi-year plot that led to the xz
backdoor—but if you don’t even
protect against unauthorized commits, then all bets are off.

Authentication is something we naturally expect from apt update,
pip, guix pull, and similar tools; why not treat git pull to the
same standard?

Initial setup

The guix git authenticate
command authenticates Git checkouts, unsurprisingly. It’s currently
part of Guix because that’s where it was brought to life, but it can be
used on any Git repository. This section focuses on how to use it; you
can learn about the motivation, its design, and its implementation in
the 2020 blog
post, in the 2022
peer-reviewed academic paper entitled Building a Secure Software
Supply Chain with
GNU Guix,
or in this 20mn
presentation.

To support authentication of your repository with guix git authenticate, you need to follow these steps:

1. Enable commit signing on your repo: git config commit.gpgSign true. (Git now supports other signing methods but here we need
   OpenPGP signatures.)

2. Create a keyring branch containing all the OpenPGP keys of all
   the committers, along these lines:

   git checkout --orphan keyring
   git reset --hard
   gpg --export alice@example.org > alice.key
   gpg --export bob@example.org > bob.key
   …
   git add *.key
   git commit -m "Add committer keys."

   All the files must end in .key. You must never remove keys from
   that branch: keys of users who left the project are necessary to
   authenticate past commits.

3. Back to the main branch, add a .guix-authorizations file, listing
   the OpenPGP keys of authorized committers—we’ll get back to its
   format below.

4. Commit! This becomes the introductory commit from which
   authentication can proceed. The introduction of your repository
   is the ID of this commit and the OpenPGP fingerprint of the key
   used to sign it.

That’s it. From now on, anyone who clones the repository can
authenticate it. The first time, run:

guix git authenticate COMMIT SIGNER

… where COMMIT is the commit ID of the introductory commit, and
SIGNER is the OpenPGP fingerprint of the key used to sign that commit
(make sure to enclose it in double quotes if there are spaces!). As a
repo maintainer, you must advertise this introductory commit ID and
fingerprint on a web page or in a README file so others know what to
pass to guix git authenticate.

The commit and signer are now recorded on the first run in
.git/config; next time, you can run it without any arguments:

guix git authenticate

The other new feature is that the first time you run it, the command
installs pre-push and pre-merge hooks (unless preexisting hooks are
found) such that your repository is automatically authenticated from
there on every time you run git pull or git push.

guix git authenticate exits with a non-zero code and an error message
when it stumbles upon a commit that lacks a signature, that is signed by
a key not in the keyring branch, or that is signed by a key not listed
in .guix-authorizations.

Maintaining the list of authorized committers

The .guix-authorizations file in the repository is central: it lists
the OpenPGP fingerprints of authorized committers. Any commit that is
not signed by a key listed in the .guix-authorizations file of its
parent commit(s) is considered inauthentic—and an error is reported.
The format of
.guix-authorizations
is based on S-expressions
and looks like this:

;; Example ‘.guix-authorizations’ file.

(authorizations
 (version 0)               ;current file format version

 (("AD17 A21E F8AE D8F1 CC02  DBD9 F8AE D8F1 765C 61E3"
   (name "alice"))
  ("2A39 3FFF 68F4 EF7A 3D29  12AF 68F4 EF7A 22FB B2D5"
   (name "bob"))
  ("CABB A931 C0FF EEC6 900D  0CFB 090B 1199 3D9A EBB5"
   (name "charlie"))))

The name bits are hints and do not have any effect; what matters is
the fingerprints that are listed. You can obtain them with GnuPG by
running commands like:

gpg --fingerprint charlie@example.org

At any time you can add or remove keys from .guix-authorizations and
commit the changes; those changes take effect for child commits. For
example, if we add Billie’s fingerprint to the file in commit A, then
Billie becomes an authorized committer in descendants of commit A
(we must make sure to add Billie’s key as a file in the keyring
branch, too, as we saw above); Billie is still unauthorized in branches
that lack A. If we remove Charlie’s key from the file in commit B,
then Charlie is no longer an authorized committer, except in branches
that start before B. This should feel rather natural.

That’s pretty much all you need to know to get started! Check the
manual
for more info.

All the information needed to authenticate the repository is contained
in the repository itself—it does not depend on a forge or key server.
That’s a good property to allow anyone to authenticate it, to ensure
determinism and transparency, and to avoid lock-in.

Interested? You can help!

guix git authenticate is a great tool that you can start using today
so you and fellow co-workers can be sure you’re getting the right code!
It solves an important problem that, to my knowledge, hasn’t really been
addressed by any other tool.

Maybe you’re interested but don’t feel like installing Guix “just” for
this tool. Maybe you’re not into Scheme and Lisp and would rather use a
tool written in your favorite language. Or maybe you think—and
rightfully so—that such a tool ought to be part of Git proper.

That’s OK, we can talk! We’re open to discussing with folks who’d like
to come up with alternative implementations—check out the articles
mentioned above if you’d like to take that route. And we’re open to
contributing to a standardization effort. Let’s get in
touch!

Acknowledgments

Thanks to Florian Pelz and Simon Tournier for their insightful comments
on an earlier draft of this post.

Jolie crystallises the programming concepts of service-oriented computing as linguistic constructs. The basic building blocks of software are not objects or functions, but rather services that can be relocated and replicated as needed. A composition of services is a service. ↫ Jolie website Jolie is open source and available on GitHub.

(Android) Blue Reflection Sun – 129 – Kirara Heroine Stories #3 w/dodgy translation

https://wavesart.eu/international.html

In Creating Worlds: From Book to Film to Game, Funcom takes us on a breathtaking journey into the heart of Arrakis, featuring never-before-seen footage from the game. Interviews with Greig Fraser, academy award-winning Cinematographer on Villeneuve’s Dune Part 1 and 2, and Funcom Creative Director, Joel Bylos, reveal the creative overlap between Dune: Awakening and the recent movies. Get a glimpse at what it takes to bring the ultimate Dune fantasy to life.

Dune: Awakening combines the grit and creativity of survival games with the social interactivity of a large, persistent multiplayer game to create a unique and ambitious open-world survival MMO. Dune: Awakening is more sandbox than theme park. The emphasis lies in the freedom it offers in choosing and pursuing your goals, and the emergent moments that arise as they clash with that of other players.

In Creating Worlds, Joel Bylos summed up the meaning of Dune: Awakening, “Funcom as a company has been on this journey for a long time, creating multiplayer worlds where players can live out their dreams and fantasies. We were there in the beginning with massively multiplayer online games. We’ve been there in the beginning with survival open-world crafting games, and Dune: Awakening is a culmination of those legacies, bringing us forward into the future. It’s a culmination of what Funcom means as a company and what we can deliver.”

Dune: Awakening will come to PC, PlayStation 5, and Xbox Series X|S. Sign up to the Beta now at https://www.duneawakening.com and wishlist the game on Steam.

JOIN THE XBOXVIEWTV COMMUNITY
Twitter ► https://twitter.com/xboxviewtv
Facebook ► https://facebook.com/xboxviewtv
YouTube ► http://www.youtube.com/xboxviewtv
Dailymotion ► https://dailymotion.com/xboxviewtv
Twitch ► https://twitch.tv/xboxviewtv
Website ► https://xboxviewtv.com

Note: The #DuneAwakening #Trailer is courtesy of Funcom and LEGENDARY ENTERTAINMENT. All Rights Reserved. The https://amzo.in are with a purchase nothing changes for you, but you support our work. #XboxViewTV publishes game news and about Xbox and PC games and hardware.

pikfre (One Stop for all your Microstocks Search) is a Professional Microstocks Platform. Here we will provide you only collections of website links, which will make your search easier.

Link: https://pikfre.com/

The most important thing about pikfree is that you get all freebies in a single location. You can also add any resource to the pikfre list.

We are dedicated platform for providing the links with the best of microstocks, and focus on dependability, free stock images, free stock videos, free vectors, free pds, free icons, free fonts, free mockups, free pngs, free svgs, free website templates etc in one place. … So you are free to use these graphic elements in both personal and commercial purposes.

pixabay
pexels
unsplash
shutterstock

#shutterstockfree #images #freestockimages #4kimages #designers #FreeStockImages #DesignInspiration #CreativeResources #StockImages #PazaAfrika #PazaSolutions #Design #freestockimages #visualcontent #creativeresources #creativeProjects #highqualityimages #carouselslider #landscapephotograph #cityscapes #freestock #freestockimages #unsplash #unsplashimages #commercialuse #ecommerce #estore #onlinebusiness #ecommercewebsite #webdesign #webdesigner #webdesigning #webdesignagency #webdesigncompany #webdesigns #webdesignservices #sitebuilder #websitebuilder #theme #template #wordpress #wordpressthemes #joomla #webtemplates #websitetemplates #websitedesign #joomlatemplates #webdevelopment #websites #webpages #webdesigners #responsivedesign #fileupload #contactform #form #digitalmarketing #lawfirmmarketing #freestockimages #freemockup #freebies #shorts

Drupal 7 lacked a streamlined mechanism for handling assets, which necessitated the development of more efficient solutions like the Asset Library introduced in Drupal 8 and the latest versions. Asset library solves the problem of loading JS and CSS files on every page. However, unless specified, Drupal does not load these assets as it can affect front-end performance.
Let’s learn more about asset libraries in Drupal 10 and how to work with them.

What is an Asset Library in Drupal
An Asset library in Drupal is nothing but a YAML data structured inside a THEMENAME.libraries.yml file and they contain only CSS and JS files. They are the bundles of CSS and JavaScript files that present inside a module or theme and perform together for style and functionality.

The Asset Library in Drupal provides a centralized and organized repository for managing various types of digital assets.
Assets Library boasts various features designed to enhance usability, scalability, and flexibility.
Asset Library in Drupal is designed to support responsive web design, ensuring that assets are displayed consistently on various devices.
Drupal places a strong emphasis on accessibility, and the Asset Library follows these standards to ensure a positive user experience for all.
Drupal’s Asset Library includes version control features, allowing users to manage and track changes to assets over time.
Performance Optimization

Define an Asset Library
Let’s declare a new Asset library named custom-slider.
custom-slider:
  version: 1.0
  CSS:
    theme:
      css/custom-slider-theme.css: {}
  js:
    js/custom-slider.js: {}Some of the attributes used include:

Minified: If the file is already minified, set this to True to avoid minifying it again, else default value is False.
Preprocess: Default value is True, set to False to exclude a file from Aggregation.
Type (Javascript Only):        ◦ The default value is a file, if you leave it blank.       ◦ For external files, use type as external like:

//cdn.com/js/example.js: {type: external}Assets Loading Order

By default, all JS files are loaded in the order in which files are listed.
By default, JS files are loaded in the footer.
Set header: true for a library to get loaded in the header.
For example:

jquery.ui:
  header: true
  js:
    assets/vendor/jquery.ui/ui/core-min.js: {}SMACSS Categorization

Drupal follows a SMACSS-style categorization and all CSS files are loaded first based on their category and then by the order.
SMACSS categorization is used to set the weight of CSS files, this will not work for JS files.
To set CSS weights there are 5 different levels:       ◦ base – This rule consists of styling HTML elements only. CSS_BASE = -200       ◦ layout – Macro management of page or arrangements of elements on the page, including any grid system. CSS_LAYOUT = -100       ◦ component – Components are reusable and discrete UI elements. CSS_COMPONENT = 0       ◦ state – Styles that deal mostly with client-side changes such as hovering links, opening modal dialog, etc. CSS_STATE = 100       ◦ theme – This is purely visual styling such as box-shadow, backgrounds, borders, colors, etc. CSS_THEME = 200

Attach an Asset Library
1. Globally: 

We can attach the asset library globally via the THEMENAME.info.yml file, but this approach would work only for a Theme.
For any modules you should use hook_page_attachments_alter() or similar.
For example:

name: ‘My Custom Theme’
type: theme
description: ‘A custom Drupal 9 theme for demonstration purposes.’
package: Custom
core_version_requirement: ^8 || ^9 || ^10
base theme: false

libraries:
  – THEMENAME/global-styling
  – THEMENAME/global-scripts2. Conditionally, via a preprocess function using #attached: 
If you need to restrict the library to a particular page or element, then this is the best way to add libraries.
For example:Taking a case where we need to attach a library to our page, then we can use hook_page_attachments_alter():
/**
* Implements hook_page_attachments_alter().
*/
function custom_module_page_attachments_alter(array &$attachments) {
  // Adding stylesheet to the page.
  $attachments[‘#attached’][‘library’][] = ‘custom_module/custom-styles’;
 
  // Add a custom JavaScript file to the page.
  $attachments[‘#attached’][‘library’][] = ‘custom_module/custom-scripts’;

  }Or hook_preprocess_page():
/**
* Implements hook_preprocess_page().
*/
function custom_module_preprocess_page(&$variables) {
  // Adding stylesheet to the page.
  $attachments[‘#attached’][‘library’][] = ‘custom_module/custom-styles’;
}Similarly, with different preprocess functions we can attach a library using the #attached render array property like:
/**
* Implements hook_page_attachments_alter
*/
function custom_module_attachments_alter(array &$page) {
  // Get the current path.
  $path = $current_path = Drupal::service(‘path.current’)->getPath();
  // If we’re on the node listing page, add our retro library.
  if ($path == ‘/node’) {
    $page[‘#attached’][‘library’][] = ‘custom_module/custom-styles’;
  }
}3. Inside a Twig template file:
Use attach_library() in twig template.
{# Attach a CSS library #}
{% attach_library(‘my_theme/global-styling’) %}

{# Attach a JavaScript library #}
{% attach_library(‘my_theme/global-scripts’) %}Final Thoughts
Assets Library in Drupal (versions 8 and above) has a profound impact on web development. It centralizes the management of CSS and JavaScript files within modules or themes, ensuring consistency and ease of maintenance across a website or application. By bundling these assets together, developers can efficiently control the presentation and functionality of their digital creations. If you’re looking to implement fantastic features of Drupal like this one in your next project, we have a team of Drupal experts who can help you. We’d love to talk!