Rolandt

I ran across this item while working on a paper and though it's from 2017 decided it was worth passing along. It's a quick overview of the concept of alternative learning credentials, followed by a number of case studies from some U.S. colleges, including SUNY Empire State College, Rio Salado Community College and the American Public University System. Most of the alternatives are what you would expect - prior learning assessment and competency-based learning - but I appreciated the concrete examples. See also: Algonquin College's microcredential framework.

The incredibly talented folks over at Bishop Fox were quite generous this week, providing a scanner for figuring out PAN-OS GlobalProtect versions. I’ve been using their decoding technique and date-based fingerprint table to keep an eye on patch status (over at $DAYJOB we help customers, organizations, and national cybersecurity centers get ahead of issues as best as we can).

We have at-scale platforms for scanning the internet and aren’t running the panos-scanner repo code, but I since there is Python code for doing this, I thought it might be fun to show R folks how to do the same thing and show folks how to use the {httr} package to build something similar (we won’t hit all the URLs their script assesses, primarily for brevity).

What Are We Doing Again?

Palo Alto makes many things, most of which are built on their custom linux distribution dubbed PAN-OS. One of the things they build is a VPN product that lets users remotely access internal company resources. It’s had quite the number of pretty horrible problems of late.

Folks contracted to assess security defenses (colloquially dubbed “pen-testers” tho no pens are usually involved) and practitioners within an organization who want to gain an independent view of what their internet perimeter looks like often assemble tools to perform
ad-hoc assessments. Sure, there are commercial tools for performing these assessments ($DAYJOB makes some!), but these open source tools make it possible for folks to learn from each other and for makers of products (like PAN-OS) to do a better job securing their creations.

In this case, the creation is a script that lets the caller figure out what version of PAN-OS is running on a given GlobalProtect box.

To follow along at home, you’ll need access to a PAN-OS system, as I’m not providing an IP address of one for you. It’s really not hard to find one (just google a bit or stand up a trial one from the vendor). Throughout the examples I’ll be using {glue} to replace ip and port in various function calls, so let’s get some setup bits out of the way:

library(httr)
library(tidyverse) # for read_fwf() (et al), pluck(), filter(), and %>%

gg <- glue::glue # no need to bring in the entire namespace just for this

Assuming you have a valid ip and port, let’s try making a request against your PAN-OS GlobalProtect (hereafter using “GP” so save keystrokes) system:

httr::HEAD(
  url = gg("https://{ip}:{port}/global-protect/login.esp")
) -> res
## Error in curl::curl_fetch_memory(url, handle = handle) : 
##  SSL certificate problem: self signed certificate

We’re using a HEAD request as we really don’t need the contents of the remote file (unless you need to verify it truly is a PAN-OS GP server), just the metadata about it. You can use a traditional GET request if you like, though.

We immediately run into a snag since these boxes tend to use a self-signed SSL/TLS certificate which web clients aren’t thrilled about dealing with unless explicitly configured to. We can circumvent this with some configuration options, but you should not use the following incantations haphazardly. SSL/TLS no longer really means what it used to (thanks, Let’s Encrypt!) but you have no guarantees of what’s being delivered to you is legitimate if you hit a plaintext web site or one with an invalid certificate. Enough with the soapbox, let’s make the request:

httr::HEAD(
  url = gg("https://{ip}:{port}/global-protect/login.esp"),
  config = httr::config(
    ssl_verifyhost =FALSE, 
    ssl_verifypeer = FALSE
  )
) -> res

httr::status_code(res)
## [1] 200

In that request, we’ve told the underlying {curl} library calls to not verify the validity of the host or peer certificates associated with the service. Again, don’t do this haphazardly to get around generic SSL/TLS problems when making normal API calls or scraping sites.

Since we only made a HEAD request, we’re just getting back headers, so let’s take a look at them:

str(httr::headers(res), 1)
## List of 18
##  $ date                     : chr "Fri, 10 Jul 2020 15:02:32 GMT"
##  $ content-type             : chr "text/html; charset=UTF-8"
##  $ content-length           : chr "11749"
##  $ connection               : chr "keep-alive"
##  $ etag                     : chr "\"7e0d5e2b6add\""
##  $ pragma                   : chr "no-cache"
##  $ cache-control            : chr "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
##  $ expires                  : chr "Thu, 19 Nov 1981 08:52:00 GMT"
##  $ x-frame-options          : chr "DENY"
##  $ set-cookie               : chr "PHPSESSID=bde5668131c14b765e3e75f8ed5514a0; path=/; secure; HttpOnly"
##  $ set-cookie               : chr "PHPSESSID=bde5668131c14b765e3e75f8ed5514a0; path=/; secure; HttpOnly"
##  $ set-cookie               : chr "PHPSESSID=bde5668131c14b765e3e75f8ed5514a0; path=/; secure; HttpOnly"
##  $ set-cookie               : chr "PHPSESSID=bde5668131c14b765e3e75f8ed5514a0; path=/; secure; HttpOnly"
##  $ set-cookie               : chr "PHPSESSID=bde5668131c14b765e3e75f8ed5514a0; path=/; samesite=lax; secure; httponly"
##  $ strict-transport-security: chr "max-age=31536000;"
##  $ x-xss-protection         : chr "1; mode=block;"
##  $ x-content-type-options   : chr "nosniff"
##  $ content-security-policy  : chr "default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';"
##  - attr(*, "class")= chr [1:2] "insensitive" "list"

As an aside, I’ve always found the use of PHP code in security products quite, er, fascinating.

The value we’re really looking for here is etag (which really looks like ETag in the raw response).

Bishop Fox (and others) figured out that that header value contains a timestamp in the last 8 characters. That timestamp maps to the release date of the particular PAN-OS version. Since Palo Alto maintains multiple, supported versions of PAN-OS and generally releases patches for them all at the same time, the mapping to an exact version is not super precise, but it’s sufficient to get an idea of whether that system is at a current, supported patch level.

The last 8 characters of 7e0d5e2b6add are 5e2b6add, which — as Bishop Fox notes in their repo — is just a hexadecimal encoding of the POSIX timestamp, in this case, 1579903709 or 2020-01-24 22:08:29 GMT (we only care about the date, so really 2020-01-24).

We can compute that with R, but first we need to note that the value is surrounded by " quotes, so we’ll have to deal with that during the processing:

httr::headers(res) %>% 
  pluck("etag") %>% 
  gsub('"', '', .) %>% 
  substr(5, 12) %>% 
  as.hexmode() %>% 
  as.integer() %>% 
  anytime::anytime(tz = "GMT") %>% 
  as.Date() -> version_date

version_date
## [1] "2020-01-24"

To get the associated version(s), we need to look the date up in their table, which is in a fixed-width format that we can read via:

read_fwf(
  file = "https://raw.githubusercontent.com/noperator/panos-scanner/master/version-table.txt",
  col_positions = fwf_widths(c(10, 14), c("version", "date")),
  col_types = "cc",
  trim_ws = TRUE
) %>% 
  mutate(
    date = lubridate::mdy(date)
  ) -> panos_trans

panos_trans
## # A tibble: 153 x 2
##    version  date      
##    <chr>    <date>    
##  1 6.0.0    2013-12-23
##  2 6.0.1    2014-02-26
##  3 6.0.2    2014-04-18
##  4 6.0.3    2014-05-29
##  5 6.0.4    2014-07-30
##  6 6.0.5    2014-09-04
##  7 6.0.5-h3 2014-10-07
##  8 6.0.6    2014-10-07
##  9 6.0.7    2014-11-18
## 10 6.0.8    2015-01-13
## # … with 143 more rows

Now, let’s see what version or versions this might be:

filter(panos_trans, date == version_date)
## # A tibble: 2 x 2
##   version date      
##   <chr>   <date>    
## 1 9.0.6   2020-01-24
## 2 9.1.1   2020-01-24

Putting It All Together

We can make a command line script for this (example) scanner:

#!env Rscript
library(purrr)

gg <- glue::glue

# we also use {httr}, {readr}, {lubridate}, {anytime}, and {jsonlite}

args <- commandArgs(trailingOnly = TRUE)

stopifnot(
  c(
    "Must supply both IP address and port" = length(args) == 2
  )
)

ip <- args[1]
port <-  args[2]

httr::HEAD(
  url = gg("https://{ip}:{port}/global-protect/login.esp"),
  config = httr::config(
    ssl_verifyhost =FALSE, 
    ssl_verifypeer = FALSE
  )
) -> res

httr::headers(res) %>% 
  pluck("etag") %>% 
  gsub('"', '', .) %>% 
  substr(5, 12) %>% 
  as.hexmode() %>% 
  as.integer() %>% 
  anytime::anytime(tz = "GMT") %>% 
  as.Date() -> version_date

panos_trans <- readr::read_csv("panos-versions.txt", col_types = "cD")

res <- panos_trans[panos_trans[["date"]] == version_date,]

if (nrow(res) == 0) {
  cat(gg('{{"ip":"{ip}","port":"{port}","version"=null,"date"=null}}\n'))
} else {
  res$ip <- ip
  res$port <- port
  jsonlite::stream_out(res[,c("ip", "port", "version", "date")], verbose = FALSE)
}

Save that as panos-scanner.R and make it executable (provided you’re on a non-legacy operating system that doesn’t support such modern capabilities). Save panos_trans as a CSV file in the same directory and try it against another (sanitized IP/port) system:

./panos-scanner.R 10.20.30.40 5678                                                                                                                                                    1
{"ip":"10.20.30.40","port":"5678","version":"9.1.2","date":"2020-03-30"}

FIN

To be complete, the script should test all the URLs the ones in the script from Bishop Fox does and stand up many more guard rails to handle errors associated with unreachable hosts, getting headers from a system that is not a PAN-OS GP host, and ensuring the ETag is a valid date.

You can grab the code [from this repo](https://git.rud.is/hrbrmstr/2020-07-10-panos-rstats.

“Meeting…” is an ongoing series from NYT Open that features New York Times employees from different corners of the company. In this installment, we meet Tiffany Peón, a senior software engineer on NYT Cooking.

What is your name?
Tiffany Peón

What are your pronouns?
She/Her

What is your job?
Senior Software Engineer on NYT Cooking.

What does that mean?
I write and maintain software for NYT Cooking. As a backend engineer, a lot of it isn’t work you can see, but it powers features for the website and the iOS and Android apps.

How long have you been at The Times?
My four year anniversary is coming up! I started on July 11, 2016.

Most Times employees are working remotely right now. Where are you working from these days?
Mostly from my couch in my East Village apartment. If I’m feeling a little crazy, sometimes I’ll work from my bed or the kitchen.

How do you start your day?
I pull my pet guinea pig out of her cage so she can cuddle with me on the couch while I work, and I crack open a Diet Coke — the signature breakfast beverage of people from Atlanta.

What is something you’ve worked on recently?
Lately I’ve been doing some clean-up work on our free-trial experience. We have a lot of complicated logic to determine whether or not someone is eligible for a free trial with Cooking, so I’ve been working on simplifying it so it’s easier to make changes to it in the future.

Tell us about a project you’ve worked on at The Times that you’re especially proud of.
Last year, I wrote the API for our grocery lists feature, which was something I had been wanting to put in our app for a very long time. I worked with one front-end and one iOS engineer so that we could launch the product cross-platform, which was something I hadn’t done before. I use the feature almost every time I go grocery shopping!

What was your first job?
I was a hostess at Waffle House (another Southern staple). The official title was “Door Corps” and one of my biggest responsibilities was sweeping cigarette butts off of the sidewalk every hour. I lasted about two months.

What is something most people don’t know about you?
I once auditioned for Wheel of Fortune and got cut in the first round for not being animated enough.

What is your secret to career success?
I had a pretty negative college experience that resulted in me feeling like a huge failure for most of my twenties. When I decided to go to a coding bootcamp, I looked back on the mistakes I’d made as a result of feeling scared or not good enough in school and I didn’t let myself make the same mistakes. I learned how to push past my feelings and trust the process.

What is your superpower?
I’m pretty good at binge-watching TV shows?

What are you inspired by?
I feel my best when the people around me are happy and comfortable. Whether it be in work or life, I find opportunities to help and enhance the experiences of those around me—that’s the driving force behind most of my actions.

Name one thing you’re excited about right now.
Chiu Chow style chili oil! I went to a dumpling making class in January, and the instructor introduced me to it. It’s life changing.

What is your best advice for someone starting to work in your field?
Programming is an exercise in humility. Learn to separate your work from your ego — ask the dumb question, and ask for clarification when you don’t understand the answer to the dumb question the first time. Pair yourself up with people who think differently than you, even when it’s frustrating or intimidating. The reason this job can be so rewarding is because you end up accomplishing things you thought to be impossible.

More in “Meeting…”

Meeting… Jasmine Chan, Engineering Manager at The New York Times
Meeting… Storm Hurwitz, Senior Analyst at The New York Times

Meeting… Tiffany Peón, Senior Software Engineer at The New York Times was originally published in NYT Open on Medium, where people are continuing the conversation by highlighting and responding to this story.

I will have more to say about the fact that Reclaim Hosting turns seven years old later this month, but that will most likely be linked with the official launch of Reclaim Cloud—the existence of which testifies there’s no seven-year itch in this professional relationship. But rather than talking about the Cloud, which has taken up much of the oxygen on this blog for the last couple of months, I wanted to just take a moment and recognize how unbelievably grateful I am that this crazy idea born off the side of our desks in 2013 has developed into such a solid and rewarding way of life.

What’s more, this year has been the first time Tim and I have been able to pull our heads out of the day-to-day work of answering tickets, onboarding new clients, and managing the servers in the engine room : ) It’s a lot of balls to juggle for a small team of just seven full-time employees—all of whom regularly punch above their weight and repeatedly prove just how lucky we are to work with them. In fact, I was just reading a support ticket review for Meredith that said this:

Meredith was great about helping me out …. your company is fortunate to have such a dedicated employee, and I would hope you would make it a point to compliment her!

Well, consider this post a long overdue point to compliment Meredith, whose moved into the role of Customer Support Manager and has adeptly taken over the management of our world class  support team.

But why stop there? Lauren Brumfield has taken over our sales division and is running that as brilliantly as everything else she has done at Reclaim for the last 5 years. That’s right 5 YEARS!

We also brought on few new full-time employees on over the last year, Chris Blankenship started part-time over a year ago and not only has he proven a quick study on support, but in September he became the first full-time hire to work in our newly formed infrastructure division, and he has surpassed all our expectations as a sysadmin and has given Tim some long overdue relief.

We hired Gordon Hawley in late fall as a part-time support specialist, and we could not make him full-time fast enough. he is an absolute workhorse, and his years of experience in the field meant he could dive right in on just about anything that came his way when it comes to domain management or cPanel.

And in May, our intern Katie Hartraft became a newly minted UMW graduate that defied all COVID-19 odds and transitioned immediately into a full-time role splitting time between support specialist and account manager. Katie has been nothing short of brilliant in both support and sales, and I have been blown away at how quickly she has come up to speed on two distinct yet equally complex facets of Reclaim’s day-to-day: support and sales.

The evidence our team is really beginning to congeal and take shape in the most impressive of ways is everywhere apparent. And as this post suggests, we’re starting to naturally break into distinct divisions: support, infrastructure, and sales.*  With this shift the need for more intentional organizational frameworks to ensure the three divisions are communicating becomes essential, and luckily Lauren has been taking on that overarching role for us as Director of Operations for more than a year now. We are starting to build in processes to ensure each of these three areas have clear workflows, documentation, and redundancy internally and externally. In fact, operationalizing Reclaim has given us the confidence to take on entirely new projects like Reclaim Cloud, and that is a direct result of the amazing people who work with us.

I am proud to be a Reclaimer, and building this team has been one of the most rewarding experiences of my professional life and I really feel like it’s only just begun. Avanti!

________________________

*Although that last one, “sales,” could be deceiving given we often do not sell in the traditional “there’s a virus, use our tech to disrupt higher ed even further” kinda way, but rather respond to interest and help institutional and individuals get up and running and quickly and painlessly as possible. Not to mention the policy and legal implications of running this service for a campus. Turns out we have a growing list of folks that we need to make sure are getting the services and support they need on the regular.

Just one long action piece.

Google will reportedly release three different smartphones in 2020.

A new leak from 9to5Google indicates that the tech giant will launch the Pixel 4a, Pixel 4a (5G) and the Pixel 5 this year. If this rumour is accurate, it looks like Google won’t be releasing a Pixel 5 XL.

Regarding specs, the Pixel 4a 5G and Pixel 5 are tipped to sport Qualcomm’s Snapdragon 765 5G processor.

If Google isn’t launching a Pixel 5 XL, this might mean that the Pixel 5 will be larger in size than the Pixel 4. The Pixel 4a (5G) and Pixel 4a would, in theory, be substitutes for the regular-sized Pixel 5.

The Pixel 5 will likely feature a more premium build, as opposed to the 4a and the 4a (5G), which will probably be positioned as cheaper alternatives.

However, with the Pixel 5 featuring a Snapdragon 765 5G processor and sporting a rear-facing fingerprint scanner, according to this rumour that I hope is wrong, it could be more affordable than previous years (or, at least, similarly priced).

The Pixel 4a (5G) and Pixel 5 will both likely launch in October. It’s also possible that Google will launch all three of these handsets that same month, as the Pixel 4a has yet to become available.

Source: 9to5Google

The post Google rumoured to launch Pixel 4a, 4a 5G and 5 in 2020 appeared first on MobileSyrup.

While we’ve known for a few weeks now that Apple is shifting its entire laptop and desktop line to ARM-based proprietary processors over the next two years, until now it’s been unclear what the first Macs to feature the silicon would be.

According to a research note from often-reliable Apple analyst Ming-Chi Kuo that was first reported by MacRumors, Apple will enter mass-production of a new ARM-based 13.3-inch MacBook Pro in the fourth quarter of 2020.

Next, Apple plans to release an ARM-based MacBook Air towards the end of the year, according to Kuo. Following this, a new 14-inch and 16-inch MacBook Pro powered by Apple’s proprietary silicon is coming in the third quarter of next year.

In the past, Kuo has stated that Apple’s MacBooks with these screen sizes will feature Mini-LED display technology that features better contrast than previous laptops. The laptops will also reportedly feature minimized bezels, allowing Apple to fit a 14-inch display in a body similar in size to the currently 13-inch MacBook Pro.

Interestingly, Kuo’s report doesn’t mention an ARM-based iMac, though the analyst has previously stated that it should arrive in the first quarter of 2021.

All we know officially is that Apple will launch its first Mac powered by its proprietary chip later this year. The tech giant hasn’t stated whether this device will be a MacBook or an iMac. The current developer kit for Apple’s future ARM-based Macs is a Mac mini equipped with an A12Z chip.

Apple stated during WWDC 2020 that it expects the transition its Mac line to its own ARM-based chips to take two years.

Source: MacRumors

The post Apple reportedly plans to release 13-inch, 14-inch and 16-inch ARM-based MacBooks appeared first on MobileSyrup.

Linnet Taylor was kind enough to ask me to contribute a chapter to “Data Justice and COVID-19: Global Perspectives”, a new edited volume out of Meatspace Press. My chapter can be found here.

It’s short and to the point; when we focus on privacy as the only negative implication of contact tracing apps, we ignore the historic inequalities in who can afford privacy - and who has the technologies such apps depend on available to them. These inequalities are frequently racialised, and at a time when we know that there are dramatic racial disparities in the impact of coronavirus, worth paying at least as much attention to as privacy.

One thing I didn’t have the space to unpack was a systemic, indirect consequence of these disparities in this technology; that of concretisation. These apps generate data, which is used to identify the prevalence of coronavirus. A dependence on that data will, due to aforementioned inequalities, produce an image and materialisation of coronavirus in which racial minorities disproportionately appear at the “end” of the cycle: entering data only in emergency room admissions and fatalities, rather than before. Now: we’re already seeing people respond to the disparities in infection and fatality rates by coming up with racial pseudoscience about vitamin D deficiencies or melanin or whatever; my worry is that an infection tracking system which primarily represents those racial minorities with particularly serious/severe infections is going to boost and further legitimise this nonsense. That is: as well as the direct harms to individuals who experience (avoidable) infections and medical malpractice, the systemic consequences include further data that “proves” people of colour are more succeptible - a proof that stems in part from their underrepresentation in the early notification and exposure data streams.

Swift is open source and is used in more places than just Mac and iOS apps — it’s now appearing in places like AWS Lambda, for instance.

But SwiftUI is not open source. At least not yet.

As a developer who uses SwiftUI, I’d sure like to see it made open source. I think there might be a good reason beyond just that, though — an open source SwiftUI could be made to work on other platforms.

Somebody would have to actually do that work, of course. But imagine that work has been done, and you can write SwiftUI code that runs on the web, Android, Windows, and Linux as well as on Apple devices.

Right now people are using web technologies and things like Electron to do cross-platform apps. And… it’s not great, and it’s hard to imagine Apple likes this situation. At all.

If SwiftUI makes it easier to make apps that work across Apple platforms only, that’s nice but not enough: the future will still belong to web wrappers like Electron.

The reason for that is simple. Apps cost a lot of money to make, and every additional platform costs yet more money.

The people who make the decisions on what to use aren’t generally the people who care about things like platform differences and performance. Those folks want to get the most bang for their buck, and so they’ll do what’s cheapest. Especially if you can’t prove, with data, the benefits of a native app over something like Electron (or other web wrapper).

(Bless those people. They are not Philistines as a rule — it’s just that they take their responsibilities seriously, as they should. They’re doing their job.)

But what if you could come to those people with an alternative — SwiftUI (and Combine) — and tell them that it will run everywhere, and that it’s at least as cheap as a web wrapper, and that it creates high-quality native apps?

That would be cool. I have no idea if that’s how people at Apple are thinking. But I hope they are.

If SwiftUI and Combine are the new, Swifty V and C in MVC, where’s the M?

I keep thinking that Core Data, amazing as it’s been, is part of NeXT-world Apple, and we’re due for a Swift data model framework.

Instead of defining your model in a schema editor (a la Core Data), you’d use a Swift DSL — which would be nice because you wouldn’t have to keep the schema and your model code in sync. It would be just one thing.

It would use (or at least allow for) value types over reference types. It would use protocols instead of inheritance. It would play perfectly well with Combine.

It might not even use SQLite — I can imagine Apple creating a storage system more purpose-built. It might be built with syncing in mind first rather than as afterthought.

I have no inside knowledge. And maybe this is just wishful thinking. But it surely seems to me that something like the above should be coming — it would be weird if not, I think. Maybe next year?

This post outlines some of the new problems the post-Brexit U.K. is facing now that it is no longer part  the EU's GDPR regime. "Deviation from GDPR will mean the UK will need the EU to issue an adequacy ruling that the UK's data protection framework is compatible. The UK's data retention and surveillance policies may make obtaining that adequacy decision difficult." The UK finds itself in a position similar to Canada, pulled between major powers like the EU, the U.S., and China.

Local Seattle developer and good friend Olof Hellman finds the phrase “the blind leading the blind” problematic, and he writes:

Let your guide take you to Pike Place Market and taste the coffee and the piroshky and the crumpets and the nectarines and the chowder. Let your guide take you to the Olympic Sculpture Park, to hear the city and the train tracks and the ferry and the the wind curling around Alexander Calder’s Eagle, and taste the air from the Sound and feel the full force of the sunset. Let your guide take you to Sake Nomi where Johnnie will pour you a flight of Junmai Daiginjoshu and treat you like the Nomidachi regulars.

That right there is why we wish Olof would write every day.

Lots of transit related news stories have hit the mainstream, and we’ve barely covered any of it here! Oh well, here’s one for lost time.

https://boingboing.net/2020/07/10/roman-road-maps-in-the-style-o.html

Roman road maps in the style of the London Underground’s

GitHub quietly released a new feature at some point in the past few days: profile READMEs. Create a repository with the same name as your GitHub account (in my case that's github.com/simonw/simonw), add a README.md to it and GitHub will render the contents at the top of your personal profile page - for me that's github.com/simonw

I couldn't resist re-using the trick from this blog post and implementing a GitHub Action to automatically keep my profile README up-to-date.

Visit github.com/simonw and you'll see a three-column README showing my latest GitHub project releases, my latest blog entries and my latest TILs.

I'm doing this with a GitHub Action in build.yml. It's configured to run on every push to the repo, on a schedule at 32 minutes past the hour and on the new workflow_dispatch event which means I get a manual button I can click to trigger it on demand.

The Action runs a Python script called build_readme.py which does the following:

• Hits the GitHub GraphQL API to retrieve the latest release for every one of my 300+ repositories
• Hits my blog's full entries Atom feed to retrieve the most recent posts (using the feedparser Python library)
• Hits my TILs website's Datasette API running this SQL query to return the latest TIL links

It then turns the results from those various sources into a markdown list of links and replaces commented blocks in the README that look like this:

<!-- recent_releases starts -->
...
<!-- recent_releases ends -->

The whole script is less than 150 lines of Python.

GitHub GraphQL

I have a bunch of experience working with GitHub's regular REST APIs, but for this project I decided to go with their newer GraphQL API.

I wanted to show the most recent "releases" for all of my projects. I have over 300 GitHub repositories now, and only a portion of them use the releases feature.

Using REST, I would have to make over 300 API calls to figure out which ones have releases.

With GraphQL, I can do this instead:

query {
  viewer {
    repositories(first: 100, privacy: PUBLIC) {
      pageInfo {
        hasNextPage
        endCursor
      }
      nodes {
        name
        releases(last:1) {
          totalCount
          nodes {
            name
            publishedAt
            url
          }
        }
      }
    }
  }
}

This query returns the most recent release (last:1) for each of the first 100 of my public repositories.

You can paste it into the GitHub GraphQL explorer to run it against your own profile.

There's just one catch: pagination. I have more than 100 repos but their GraphQL can only return 100 nodes at a time.

To paginate, you need to request the endCursor and then pass that as the after: parameter for the next request. I wrote up how to do this in this TIL.

Next steps

I'm pretty happy with this as a first attempt at automating my profile. There's something extremely satsifying about having a GitHub profile that self-updates itself using GitHub Actions - it feels appropriate.

There's so much more stuff I could add to this: my tweets, my sidebar blog links, maybe even download statistics from PyPI. I'll see what takes my fancy in the future.

I'm not sure if there's a size limit on the README that is displayed on the profile page, so deciding how much information is appropriate is appears to be mainly a case of personal taste.

Building these automated profile pages is pretty easy, so I'm looking forward to seeing what kind of things other nerds come up with!

Deutsche Welle: Opinion: People die as Donald Trump lets the pandemic rage. “More than 130,000 people have died of COVID-19 in the US — and the number of cases is exploding. Yet President Donald Trump refuses to take action. DW’s Ines Pohl fears that the United States is heading for disaster.” By Ines Pohl.

“The coronavirus is particularly spreading in the regions that Trump needs for his reelection. Hospitals are filled to capacity, and the number of infections is expected to rise in the wake of last weekend’s July 4th celebrations.

Finally, mayors and governors in many Republican states — even Texas — have made face masks mandatory in situations where socially distancing is not possible. Fewer people are attending Trump’s rallies, and his efforts to distract voters from the catastrophic consequences of his failure to react to the pandemic seem to be failing.

Even some prominent Republicans have expressed their doubts about him or warned of the dangers that the United States would face should he win reelection. Many of his former supporters also seem to be waking up. They are worried as it becomes increasingly clear that they are at risk of getting seriously ill, of dying, of losing loved ones.”

Deutsche Welle: Kommentar: Der tödliche Realitätsverlust des Donald Trump. “Über 130.000 tote US-Bürger, explodierende Infektionszahlen – und Donald Trump weigert sich weiterhin, klare Schutzmaßnahmen zu erlassen. Der Präsident droht sein Land an den Abgrund zu führen, meint Ines Pohl.”

“In den vergangenen Tagen hat dieses Lügengebäude allerdings starke Risse bekommen. Gerade in Regionen, die Trump dringend für seine Wiederwahl braucht, sind die Zustände katastrophal. Hospitäler haben schon jetzt ihre Kapazitätsgrenzen erreicht, es muss damit gerechnet werden, dass nach dem vergangenen Feiertagswochenende die Zahlen weiter ansteigen.

Bürgermeister und Gouverneure ordnen jetzt die Maskenpflicht an, selbst in Staaten wie Texas. Trumps Auftritte werden von weniger Menschen besucht, seine rassistischen Einlassungen, mit denen er von der bedrohlichen Lage abzulenken versucht, bewirken bei vielen das Gegenteil. Immer mehr Republikaner üben offene Kritik und warnen vor seiner Wiederwahl.

Anders als der Staatsführer selbst scheinen viele Bürgerinnen und Bürger nunmehr aufzuwachen. Die Angst, ernsthaft zu erkranken, vielleicht sogar zu sterben oder Familienangehörige durch COVID-19 zu verlieren wird spürbarer in dem Land, das vor knapp vier Jahren Donald Trump ins Weiße Haus gewählt hat.”

Deutsche Welle: Severe brain damage possible even with mild coronavirus symptoms. “According to British neurologists, COVID-19 can cause serious damage to the brain and central nervous system, causing psychosis, paralysis and strokes, which are often detected in their late stages.”

“There are numerous signs that the novel coronavirus SARS-CoV-2 not only attacks the lungs and respiratory tract, but also other organs on a massive scale.It can severely affect the heart, vessels, nerves, kidneys, and skin.

British neurologists have now published shocking details in the journal “Brain,” which suggests SARS-CoV-2 can cause severe brain damage — even in patients with mild symptoms or those in recovery. Often this damage is detected very late or not at all.

Neurologists at the University College London (UCL) diagnosed acute demyelinating encephalomyelitis (ADEM) in more than 40 British COVID-19 patients. This inflammatory disease causes a degenerative destruction of the central nervous system, affecting the myelin sheaths of the nerves in the brain and spinal cord.”

Deutsche Welle: Schwere Hirnschäden selbst bei leichten Corona-Symptomen möglich. “Laut britischen Neurologen kann SARS-CoV-2 schwerwiegende Schäden am Hirn und am Zentralen Nervensystem auslösen, die Psychosen, Lähmungen und Schlaganfälle verursachen und oftmals nur spät erkannt werden.”

“Mittlerweile gibt es zahlreiche Hinweise, dass das neuartige Coronavirus SARS-CoV-2 nicht nur die Lungen und Atemwege, sondern auch andere Organe massiv angreift und auch dem Herzen, den Gefäßen, den Nerven, den Nieren und der Haut schwer zusetzen kann.

Britische Neurologen haben jetzt schockierende Einzelheiten in der Zeitschrift “Brain” veröffentlicht, wonach SARS-CoV-2 selbst bei Patienten mit leichten Symptomen oder bei bereits Genesenen schwerwiegende Hirnschäden verursachen kann. Und oftmals werden diese Schädigungen nur sehr spät oder gar nicht erkannt.

Bei mehr als 40 britischen COVID-19-Patienten diagnostizierten die Neurologen am University College London (UCL) eine akute demyelinisierende Enzephalomyelitis (ADEM). Bei dieser entzündlichen Erkrankung kommt es zu einer degenerative Zerstörung des Zentralen Nervensystems, die die Myelinscheiden der Nerven im Gehirn und Rückenmark betrifft.”

Using the now all too familiar baseline chart, where all of the time series line up relative to to starting point, The New York Times shows how case rates have fared since states reopened. Up, up, and away.

Tags: coronavirus, New York Times

A friend and fellow author recently asked me to be his coauthor on a topic close to his heart. I said no. Quickly. It has nothing to do with him. It has to do with the nature of coauthoring. What a coauthor is, and why I won’t be yours I’ve coauthored three books. Here’s the … Continued

The post “Will you be my coauthor?” and other questions about collaborating on books appeared first on without bullshit.

I remember the first gathering of Drupal contributors back in 2005. At the time, there were less than 50 people in attendance. In the 15 years since that first gathering, DrupalCon has become the heartbeat of the Drupal community. With each new DrupalCon, we introduce new people to our community, demonstrate the best that Drupal has to offer, and reconnect with our Drupal family.

Next week's DrupalCon Global is going to be no different.

Because of COVID-19, it is the first DrupalCon that will be 100% virtual. But as much as we may miss seeing each other in person, the switch to virtual has opened opportunities to bring in speakers and attendees who never would have been able to attend otherwise.

There are a few moments I'm particularly excited about:

• Mitchell Baker, CEO and Chair of the Mozilla Foundation, is joining us to talk about the future of the Open Web, and the importance of Open Source software.
• Jacqueline Gibson, Digital Equity Advocate and Software Engineer from Microsoft, will be talking about Digital Inequity for the Black community – a topic I believe is deeply important for our community and the world.
• Leaders of current Drupal strategic initiatives will be presenting their progress and their calls for action to keep Drupal the leading CMS on the web.
• And of course, I'll be giving my keynote presentation to celebrate the community's accomplishment in releasing Drupal 9, and to talk about Drupal's future.

Beyond the sessions, I look forward to the human element of the conference. The side conversations and reunions with old friends make attending DrupalCon so much more powerful than simply watching the recordings after the fact. I hope to see you at DrupalCon Global next week!

After a particularly challenging or sweaty work out, your favorite athletic wear might smell a little worse than usual. Odor developing on clothing—especially items made from synthetic fibers— is extremely normal, but, your routine laundry habits may not be enough to get extra stinky workout clothes smelling fresh again.

I haven’t used this at all (and can’t really use OBS and the like because it requires too much CPU and makes my relatively old machines sound like leaf blowers), but the branding and demo video are nothing short of brilliant.

Remarkably well thought out as a product, even if it’s not breakthrough technology–it just uses what is out there in a great, thoughtful way.