MediaGoblin 0.13.0

    | tags: release

    We're pleased to announce the release of MediaGoblin 0.13.0. See the release notes for full details and upgrading instructions.

    This minor release adds support for Python 3.10 and 3.11 and drops support for Python versions prior to 3.7. It also upgrades a number of Python dependencies and adds a few small bug fixes and improvements.

    This version has been tested on Debian Bullseye (11), Debian Bookworm (12), Ubuntu 20.04, Ubuntu 22.04 and Fedora 39.

    Thanks go to Olivier Mehani, Michael McMahon, Andrew Dudash for their contributions in this release!

    To join us and help improve MediaGoblin, please visit our getting involved page.

    MediaGoblin 0.12.1

    | tags: release

    We're pleased to announce the release of MediaGoblin 0.12.1. See the release notes for full details and upgrading instructions.

    This patch release fixes a number of Python dependency issues, allows us to support newer autoconf versions, fixes a few small bugs and improves the documentation. Support for Debian Bookwork, Ubuntu 22.04 and Fedora 36 is notably missing from this release, but will be addressed in the upcoming version 0.13.0.

    Thanks go to Olivier Mehani, Elisei Roca, Jgart, Dan Helfman and Peter Horvath for their contributions in this release. Since our last release, long-time MediaGoblin user and contributor Olivier has joined me as co-maintainer on the project. Thanks for all your help Olivier!

    To join us and help improve MediaGoblin, please visit our getting involved page.

    MediaGoblin 0.12.0: Potions

    | tags: release
    "Potions" by Charlotte Koch (reproduced with permission)

    Happy Software Freedom Day! Today we're pleased to announce the release of MediaGoblin 0.12.0. See the release notes for full details and upgrading instructions.

    This release resolves two significant issues in the Celery backend media processing. The first was causing processed media to be marked as failed and the second was inhibiting useful error messages. We've also resolved installation issues caused by deprecated upstream code in the Werkzeug and jsonschema libraries.

    We've added provisional gmg serve and gmg celery commands to simplify deployment. These commands may change in the future and are not yet recommended in the deployment documentation. If your deployment is already running smoothly, there's no reason to switch at this stage.

    Thanks to Rodrigo Martins, Marco Pessotto and Jgart for their contributions in this release. Thanks again to Charlotte for allowing us to feature her artwork.

    To join us and help improve MediaGoblin, please visit our getting involved page.

    MediaGoblin 0.11.0: Punky Magmalian

    Punky Magmalian Portrait
    "Punky Magmalian Portrait" by Charlotte Koch (reproduced with permission)

    This release of MediaGoblin removes support for Python 2 and marks the end of five years of concurrent support for both Python 2 and Python 3. That's a major achievement, so congratulations to everyone who contributed.

    As a bonus, the release also includes a completely rewritten replacement for the previously Python 2-only audio spectrograms feature. Thank you to Fernando Gutierrez for this contribution; it's a significant piece of work. The release also includes contributions from Jeremy Bowman, Jesús Eduardo Estupiñan Medina, Charlotte Koch, Olivier Mehani, milquetoast and Ben Sturmfels.

    On reflection, the Python 3 transition has been bitter-sweet. Without doubt, Python 3 is both technically and ergonomically superior to Python 2, but I don't think anyone in the Python community realised quite how long or how much work the transition would be. It's been an especially challenging time for small projects like MediaGoblin and for anyone supporting a significant Python codebase on limited resources. Looking forward though, ending support for Python 2 significantly simplifies the maintenance of the project, making it easier to add new features and prevent bugs. We're really excited about this! Although we're not bug-free yet, as of this release our test suite is passing 100% and we'll be continuing with further quality improvements.

    We would like to take this opportunity to acknowledge Boris Bobrov, project maintainer and long-time contributor. Boris recently retired from his maintainer role which he began in 2016. Thanks Boris for all your hard work, contributions and leadership, we really appreciate it!

    This release is named Punky Magmalian after a character created by artist and MediaGoblin contributor Charlotte Koch. Take a look at Charlotte's other work on her MediaGoblin site.

    For more details on this release and on upgrading see the release notes. To join us and help improve MediaGoblin, please visit our getting involved page.

    MediaGoblin 0.10.0 released

    We're pleased to announce the release of MediaGoblin 0.10.0!

    It's been a while between releases for MediaGoblin, but work has continued steadily. Highlights of this release include a new plugin for displaying video subtitles and support for transcoding and displaying video in multiple resolutions. There have also been a large number of smaller improvements and bug fixes which are listed in the release notes.

    After enabling the new subtitles plugin, you can upload and edit captions for your videos. Multiple subtitle tracks are supported, such as for different languages. This feature was added by Saksham Agrawal during Google Summer of Code 2016 and mentored by Boris Bobrov. The feature has been available for some time on the master branch, but it definitely deserves a mention for this release.

    A screenshot showing MediaGoblin with subtitles shown on a video
    A video with subtitles added

    Videos are now automatically transcoded at various video qualities such as 360p, 480p and 720p. You can choose your preferred quality while watching the video. This feature was added by Vijeth Aradhya during Google Summer of Code 2017 and mentored by Boris Bobrov. Again this feature has been available for some time on master, but is also worthy of a mention.

    A screenshot showing the video quality selector in MediaGoblin
    Selecting a video quality

    For details on installing MediaGoblin, see Deploying MediaGoblin and for tips on upgrading, see the release notes. To join us and help improve MediaGoblin, please visit our getting involved page!

    We're still here!

    | tags: mediagoblin

    Hello Goblin-Lovers! [tap tap] Is this thing still on? ... Great! Well, we've had a few polite questions as to what's happening in MediaGoblin-land, given our last blog post was a few years back. Let's talk about that.

    While development on MediaGoblin has slowed over the last few years, work has continued steadily, with significant improvements such as multi-resolution video (Vijeth Aradhya), video subtitles (Saksham) and a bunch of minor improvements and bug-fixes. Like most community-driven free software projects, progress only happens when people show up and make it happen. See below for a list of the wonderful people who have contributed over the last few years. Thank you all very much!

    In recent years, Chris Lemmer Webber has stepped back from the role of much-loved project leader to focus on ActivityPub and the standardisation of federated social networking protocols. That process was a lot of work but ultimately successful with ActivityPub becoming a W3C recommendation in 2018 and going on to be adopted by a range of social networking platforms. Congratulations to Chris, Jessica and the other authors on the success of ActivityPub! In particular though, we would like to express our gratitude for Chris's charismatic leadership, community organising and publicity work on MediaGoblin, not to mention the coding and artwork contributions. Thanks Chris!

    During this time Andrew Browning, Boris Bobrov and Simon Fondrie-Teitler have led the MediaGoblin project, supported the infrastructure and worked with numerous new contributors to add new features and bug-fixes. More recently, I've stepped up to support them and deal with some of the project admin. I've also been working an exciting pilot project here in Australia using MediaGoblin to publish culturally significant media in remote indigenous communities.

    Back in February we held the first community meeting in quite a while. We met via a Mumble audio-conference and discussed short-term project needs including problems with the issue tracker, urgent/blocking bugs, a release, a bug squashing party, and the need for this blog post. Next meeting we'll be diving into some of the longer-term strategy. Keep an eye on the mailing list for the announcement and please join us.

    Based on that meeting, our current short-term priorities are:

    1. Improve/replace the issue tracker. There was general agreement that our current issue tracker, Trac, is discouraging new contributions. Firstly, registrations and notifications were not working properly. Secondly, the process of submitting code is more complicated than other modern collaboration tools. Our friends at FSF are currently working to select a new collaboration tool, so we'll look forward to evaluating their recommendation when it is announced. In the short-term, we've fixed the registration and notification problems with Trac to keep us going.

    2. Make a minor release. A release is an important opportunity to highlight the work that's been done over the last few years such as the multi-resolution video and subtitles I mentioned, as well as important fixes such as to audio upload in Python 3. This will likely also be our last Python 2-compatible release. Many of MediaGoblin's dependencies are beginning to drop support for Python 2, and time troubleshooting such installation issues takes away from our forward-looking work.

    3. Organise a bug triage/fixing day. We're planning to nominate a day where a group MediaGoblin contributors will make a concerted effort to resolve bugs. This is aided by having a team across many timezones.

    4. Automate testing of the installation process and test suite. Many of the questions we get to the mailing list are installation or dependency related. By automating our testing, hopefully across a number of popular operating systems, we should be able to reduce these issues and improve the installation experience.

    We'll look forward to telling you about our longer-term plans soon! For now though, from all of us hear at MediaGoblin, please take care of yourselves, your families and communities through the ongoing COVID-19 health crisis.

    Contributors in the last few years:

    • Andrew Browning (aleph): bug fixes and improvements, merging contributions
    • Boris Bobrov: bug fixes and improvements, merging contributions
    • Chris Lemmer Webber: bug fixes and improvements, community organising, ActivityPub
    • Jessica Tallon: bug fixes and improvements, ActivityPub
    • Vijeth Aradhya: multiple-resolition video transcoding/switching
    • Simon Fondrie-Teitler: upgraded/migrated/managed hosting for website, Trac, mailing lists and wiki
    • Saksham: lightbox, video subtitles
    • Amelia Rose: bug squashing parties
    • Ben Sturmfels: bug fixes and improvements, migrated mailing lists
    • Iyzsong: bug fixes
    • Berker Peksag: Python 3 bug fixes
    • Johnathan Sandoval: login validation improvement
    • Leah Velleman: localisation
    • Loic Dachary: cleanups
    • Matt Dealsy: UI improments (PyCon AU 2016 sprint)
    • Kesra: bug fixes (PyConAU 2016 sprint)
    • Josh Crompton: UI improvements (PyCon AU 2016 sprint)
    • Olivier Mehani (shtrom): OSM tiles, datetime format config
    • Alexandre Frankie: docs improvements
    • Stéphane Péchard: collection option to addmedia
    • Robert Smith: bug fixes
    • Simen Heggestøyl: bug fixes and improvements
    • Romain Porte: tags in API
    • Chrysn: EXIF rotation
    • DPG: license option updates
    • Dod: bug fixes
    • Michael Lynch: dev setup improvements
    • Ian Kelling: set up and imported our mailing lists (twice!)
    • ... and apologies to anyone else I've missed

    ActivityPub and MediaGoblin at TPAC 2016 (or: ActivityPub needs your review!)

    Screenshot of ActivityPub Working Draft

    Hello everyone! We have a lot of news to cover, but I'm going to jump right into the thick of it: we've been working hard on a new federation (as well as client to server) standard called ActivityPub (formerly ActivityPump). We've made tremendous progress, and I was just recently at a face to face meeting at TPAC, the W3C's big technical conference.

    The good news: ActivityPub is aiming to hit Candidate Recommendation status by October 11th. (That's less than a week away!) However, in order to enter that stage, we need your review! If you have any interest in the decentralized web, you can help. All you have to do is read the latest editor's draft and provide feedback. (The earlier the better... maybe a fun weekend project?) You can do this by any of the following:

    • Post issues on the issue tracker (yes, I think it's ironic and problematic that we're using GitHub, I picked my battles here, whether right or wrong).
    • Email the social working group comments mailing list.
    • You can email me directly. Email cwebber AT dustycloud DOT org, and include "ActivityPub" in the subject. Note that I will be publishing your comments publicly, probably on the Social Working Group wiki!

    If you have feedback, we want to hear it! (From anyone, but especially from those who are interested in implementing ActivityPub!) Thank you!

    ActivityPub live

    Note, the rest of this post is a bit of a dive into behind the scenes decisions and activity in MediaGoblin and ActivityPub... there's no need to read this part to submit a review!

    I'm kind of traveling through time in all the wrong order in this post... but it's worth jumping forward a bit to see the results of what we've done. Over the last many months there's been a huge push on ActivityPub as a standard, as we'll talk about. But in order to succeed, I also needed implementations, both of client to server and server to server. Well, I'm happy to say that those did come together...

    Pubstrate in action!

    This is Pubstrate, an implementation of ActivityStreams and ActivityPub for GNU Guile. Sorry for the sappy embedded love-note, though what's nice about this is that it's the first demo I gave to someone else of the client to server functionality working in Pubstrate. But wait, what was the client?

    Soci-El in action!

    This is soci-el, an ActivityPub client written in... you guessed it... emacs lisp. You can see the rendering of the user's outbox here as well as the buffers from which the message was composed.

    Pretty nerdy! I don't expect everyone to be using emacs as an ActivityPub client of course... I hope to see various desktop, web, and mobile clients made available. But, Emacs is the most fun for me, and I was time pressed, so there we are.

    Everyone loves seeing screenshots, but maybe not all of this stuff makes sense without context. What does this mean for MediaGoblin?

    So what's been going on?

    It seems a recurring meme in MediaGoblin land to say "we've been quiet, because we've been busy" (or maybe historically on every tech blog ever), but I guess I can't resist repeating the mantra. It's true! Though the weight of my focus has been shifted from where I expected it to be. From the last few updates over the last year, you would be right to anticipate that the main thing I would be working on would be merging the federation code Jessica has written and getting 1.0 out the door. That was the plan, and we're still working towards that, but priorities shifted as we realized the opportunities and time pressures we were under with ActivityPub. After the Social Working Group face to face meeting in June, Jessica and I sat down and talked about what we should do. Jessica had recently started working at Igalia (great people!) and was busy with that and other transitions in her life, so we discussed whether we thought it was most sensible to focus my energy on MediaGoblin or on ActivityPub. It was clear that ActivityPub was shaping into a solid specification, but it was also made clear that the Social Working Group's charter was running out by the end of 2016. We both think ActivityPub is key to MediaGoblin's success and didn't want to see our invested time go to waste, so decided my immediate focus should switch to ActivityPub so it could successfully make it as a standard.

    Which isn't doom and gloom for MediaGoblin! MediaGoblin development has continued... the community is good enough that people have been able to work while I've been busy. I'm happy to say we also appointed longtime contributor Boris Bobrov as co-maintainer to help reduce me being a bottleneck. (Thank you Boris, and congrats!) Other contributors have also stepped up to the plate. I'm especially thankful of Ben Sturmfels for hosting MediaGoblin hackathons and being so responsive to community members. (And of course, there are many others to thank, too!)

    Anyway, I'm not going anywhere, I've just been shifting focus to standards work for a bit... but it's all for the greater good of MediaGoblin. (Well, and the greater federated social web!) Soon, we'll be putting the work we're doing on ActivityPub directly into MediaGoblin. When we merge Jessica's work on federation, we will also retool it so that the first federated release of MediaGoblin will be blazing the trails with ActivityPub.

    Both ActivityPub and I personally got a significant boost by a happy visit from friend and Social Working Group co-conspirator Amy Guy. Amy dropped by for an intense four days of standards hacking and scheming, and came up with several significant ways to restructure and improve the document. With her help, we now have much clearer distinction between the use of ActivityPub as a client to server protocol (think mobile applications and desktop applications connecting to your server) vs the server to server protocol (federation). Both of these are now clearly intertwined in the document, but are distinct enough where they can be used and understood separately if desired. We also more clearly established the connections between ActivityPub and the linked data community by explaining ActivityPub's relationship with Linked Data Notifications.

    Amy has a gift for composing standards language, something I'm still struggling to learn (but hopefully getting better with over time). ActivityPub is much better with her hard work. Thank you Amy!

    In addition to the standards side of things, in order to get ActivityPub to the next level, we needed to be able to present real live demonstrations of the standard in action. Hence the work on Pubstrate and soci-el mentioned previously. For most of the months before TPAC, I was working furiously day and night to get things ready to show... And then, it was time to head off, and hope it was good enough...


    Live demo image, by aaronpk
    TPAC demo room photo by Aaron Parecki

    Fortunately, all that hard work paid off. The Social Working Group kicked off TPAC with live open-viewing demonstrations of the various standards we've been working on. We got in a really solid set of demos from everyone in the group.

    From my end, I managed to demo all the core parts of the ActivityPub spec: I wrote a note in my client (soci-el), fired it off to the server (Pubstrate), where it rendered successfully. Then I explained, well, what if you want someone on another machine to see it? So I had another user on a separate Pubstrate instance, added the user over there to the recipients list on my message, shot the message over to the server, crossed my fingers and hey! The live demo of federation succeeded. (Whew!)

    In the actual main Social Working Group meeting, we hammered things forward pretty nicely. As said, ActivityPub was positioned to move ahead towards Candidate Recommendation by the 11th. Again, your feedback is most valuable at this time!

    Spying image from the campaign video

    Oh, one more thing. On the second day of the main Social Working Group meetings, at Amy's suggestion (apparently she was impressed when I showed her at her visit), I showed off the MediaGoblin campaign video to the group. Apparently I had never done so previously, so it was really nice to hear the reaction: "Holy cow, this is describing exactly the type of stuff we're working on in the working group!" Yep, exactly... all that stuff you see illustrated in that video, we're working on putting into code and standards. The dream lives!

    So, all this Social Working Group stuff... things are happening! We're not just goofing off!

    Super serious TPAC group "photo" by Aaron Parecki

    ... er, right. Not just goofing off! :)

    MediaGoblin 0.9.0: The Three Goblineers

    MediaGoblin 0.9.0: The Three Goblineers
    "The Three Goblineers" by Christopher Allan Webber (pen and ink) and Morgan Lemmer-Webber (colored pencils). Licensed under CC BY-SA 4.0.

    This release is called The Three Goblineers, because we are finally fully embracing Python 3! You could even think of this release as Py-oneering, which it definitely is. Many traditional web service tools are less-than-ideal for federation and so we've had to do a lot of rebuilding and retooling. This release represents lots of intense behind the scenes work to make the user experience smoother, as well as some key improvements for MediaGoblin developers and deployers.

    Federated services use databases in a some fundamentally different ways. We had to make a traditional (rigid) database more friendly for more flexible relationships. The result is similar to the generic foreign key implementation used by Django, but optimized especially for federation. Jessica Tallon did the lion's share of this work and was aided by Andrew Browning who did extensive testing.

    We also updated how we handle comments and media collections. On a multi-media service, people will naturally want to reply to comments with videos and to ASCII art with songs so we had to make our commenting function support all the available media types. Also, the media collections aren't just for your personal gallery anymore; they're also used now in federation and the API as the backbone of a user's "inbox" and "outbox" feeds. Also, to make life easier on those uploading whole albums of content, if your user has some collections available, these will be presented as a dropdown option while submitting media.

    Selecting a collection during submit

    In the less visible but equally important department, we updated OAuth and created a "graveyard" system. We updated our code to make better and more secure use of OAuth so that my server and your server can be really sure we are actually talking to each other. The "graveyard" system uses tombstone icons to let you know that an object was removed by it's original poster. This makes it easy for users to remove media they no longer want to share, while creating as little confusion as possible for other users.

                  *                      *
     *                      *                  _.     *
          *           *          *            <  '.
                 *                             )  )       *
                                        *     <_.'   *
        *      *        .-------------.
                      .'               '.                *
           *          |                 |   *
                      |   TOMB OF THE   |       *
                *     |     UNKNOWN     |            *
       *              | ACTIVITYSTREAMS |
                      |     OBJECT      |
                 .^.  |                 |
      _  .+.  _  |~|  |    ????-????    |  .+. .-.  _  .-.
     | | |~| |=| | |  |                 |  |=| |~| | | |"|

    Developers will be happy to know that we are keeping pace with the larger Python community and now have complete support for Python 3. We had early and experimental Python 3 support in 0.8.0 but couldn't quite recommend it for production use. That work is finished! Now you can choose to hack in Python 3 or Python 2 and your code will be totally compatible with the main codebase. Since Python 2 won't be supported forever, Python 3 is the future. And we are all about the future.

    We also switched our migration system over to Alembic. Previously, we'd been using sqlalchemy-migrate, but it also wasn't as good for updating the database layout when you upgrade, and lots of dragons be there. We think Alembic will make it less terrifying to update your MediaGoblin instance so you can stay current and without spending lots of time trying to sort what happened in the database. Alembic is also newer, fresher and better maintained!

    Another thing that makes updating a little persnickety is finding out that the dependencies have changed. We are collaborating and experimenting with the Guix community to fix this issue. Cleaner packaging will help people upgrade without fear, using deployments they can trust. Watch this space for a future post on how to use Guix and MediaGoblin together for worry-free upgrades.

    For users upgrading from previous versions, as always, check the release notes for instructions on upgrading!

    Our work to overthrow the red eminence of the centralized web continues! Between Python 3 support and laying down foundational changes to support federation, this release brings us much, much closer to our long term goals! Thanks to all our Goblineers and Py-oneers without whom this work would not be possible! Give a round of applause to Andrew Browning, Ben Sturmfels, Berker Peksag, Boris Bobrov, Christopher Allan Webber, Daniel Krol, Deb Nicholson, Duncan, jerome, Jessica Tallon, Loic Dachary, Sebastian Spaeth, Tom Fay, and 宋文武! You all helped make it happen!

    And if you want to make it happen in our next exciting release, we'd love to have you get involved! Visit us in IRC; #mediagoblin on! Or sign up for regular updates on our mailing list. Got ideas or questions about our work? Email us at -- we look forward to hearing from you!

    Apply for GSoC in MediaGoblin (and Guix/Shepherd!)

    Hello all!

    Summertime is fast approaching, and this means GSoC is fast approaching too. This year we have some interesting potential projects. Check it out, and if you're interested, apply! You have until Friday (March 25th) to get your application in.

    We just added a new item, and I wanted to call it out specifically: porting federation to ActivityPub. This is not the only potentially interesting GSoC project, but it is a special one; you'd be able to work with Jessica Tallon (the source of federation support in MediaGoblin!) on updating federation to our current standards work.

    One more call-out: this one isn't MediaGoblin specific, but I (Chris Webber) am willing to mentor it: Adding an extensible event loop to Shepherd (the init system used by Guix). This would quite probably use the under-announced GNU 8sync project. If you're interested in learning about event loops and how to write them, you might want to watch and even better, read the corresponding sections of SICP which inspire it. This will be a tough one! But if you're really interested in digging into some cool ideas about concurrency, I'd recommend it. There are some other great projects for Guix as well!

    Both MediaGoblin and Guix welcome all applicants, though both projects also strongly encourage women, non-binary gendered individuals, people of color, and other underrepresented groups to apply. Both projects follow a Code of Conduct (for MediaGoblin and for Guix).

    Time is running short; apply! Detailed proposals are encouraged, and jumping in and experimenting / will greatly enhance your possibility of acceptance in both projects. Join #mediagoblin and #guix respectively on to talk to other developers.

    Happy hacking!

    MediaGoblin 0.8.1: Security release

    Basic Summary

    We have had a security problem in our OAuth implementation reported to us privately and have taken steps to address it. The security problem affects all versions of GNU MediaGoblin since 0.5.0. I have created a patch for this and released a minor version 0.8.1 (see the release notes page). It's strongly advised that everyone upgrade as soon as they can.

    In order to exploit the security issue, an attacker must have had access to a logged in session to your GNU MediaGoblin account. If you have kept your username and password secret, logging in only over HTTPS and you've not left yourself logged in on publicly accessible computers, you should be safe. However it's still advised all users take the following precautions, listed below.

    Users should check their authorized clients. Any client which looks unfamiliar to you, you should deauthorize. To check this:

    1. Log in to the GNU MediaGoblin instance
    2. Click the drop down arrow in the upper right
    3. Click "Change account settings"
    4. At the bottom click the "Deauthorize applications" link

    If you are unsure of any of these, click "Deauthorize".

    I would like to thank Dylan Jeffers (author of Goblinoid) for finding and reporting this to us in a responsible manner so that we were able patch this.

    Technical Information

    The security issue was caused by the verification of the OAuth verifier code. There the proper checks were not occurring to validate the verifier code matched the one issued to the request.

    This only affected those who clicked the verifier link whilst being logged in and entered a different code. The assignment of the user to the access token only occurs when you go to the authorization page whilst being logged in. If the link isn't clicked with the user logged in no user will be assigned to the access token and a client attempts to use it will be denied as the endpoints won't be able to look up the requesting user.

    A patch has been made should you wish to view the fix.

Page 1 / 8 »