سیاره دروپال

Drupal.org - aggregated feeds in category Planet Drupal
Subscribe to خوراک سیاره دروپال

This blog post attempts to focus on the highly critical vulnerability that was announced by Drupal on 28th March tagged as SA-CORE-2018–002, Drupalgeddon 2.

Recently, Drupal core announced a security advisory rated as highly vulnerable - dubbed DrupalGeddon 2 (SA-CORE-2018-002 / CVE-2018-7600) - that has the potential to affect the vast majority of Drupal 6, 7 and 8 websites.

According to BuiltWith, around 9% of websites are running on Drupal and hence had a high probability of being affected by the vulnerability as the score is 24/25.

This blog post attempts to focus on the highly critical vulnerability that was announced by Drupal on 28th March tagged as SA-CORE-2018–002, Drupalgeddon 2.

Recently, Drupal core announced a security advisory rated as highly vulnerable - dubbed DrupalGeddon 2 (SA-CORE-2018-002 / CVE-2018-7600) - that has the potential to affect the vast majority of Drupal 6, 7 and 8 websites.

According to BuiltWith, around 9% of websites are running on Drupal and hence had a high probability of being affected by the vulnerability as the score is 24/25.

© Yes Moon

Last week, I shared my State of Drupal presentation at Drupalcon Nashville. In addition to sharing my slides, I wanted to provide more information on how you can participate in the various initiatives presented in my keynote, such as growing Drupal adoption or evolving our community values and principles.

Drupal 8 update

During the first portion of my presentation, I provided an overview of Drupal 8 updates. Last month, the Drupal community celebrated an important milestone with the successful release of Drupal 8.5, which ships with improved features for content creators, site builders, and developers.

Drupal 8 continues to gain momentum, as the number of Drupal 8 sites has grown 51 percent year-over-year:

This graph depicts the number of Drupal 8 sites built since April 2015. Last year there were 159,000 sites and this year there are 241,000 sites, representing a 51% increase year-over-year.

Drupal 8's module ecosystem is also maturing quickly, as 81 percent more Drupal 8 modules have become stable in the past year:

This graph depicts the number of modules now stable since January 2016. This time last year there were 1,028 stable projects and this year there are 1,860 stable projects, representing an 81% increase year-over-year.

As you can see from the Drupal 8 roadmap, improving the ease of use for content creators remains our top priority:

This roadmap depicts Drupal 8.5, 8.6, and 8.7+, along with a column for "wishlist" items that are not yet formally slotted. The contents of this roadmap can be found at https://www.drupal.org/core/roadmap.
Four ways to grow Drupal adoption

Drupal 8 was released at the end of 2015, which means our community has had over two years of real-world experience with Drupal 8. It was time to take a step back and assess additional growth initiatives based on what we have learned so far.

In an effort to better understand the biggest hurdles facing Drupal adoption, we interviewed over 150 individuals around the world that hold different roles within the community. We talked to Drupal front-end and back-end developers, contributors, trainers, agency owners, vendors that sell Drupal to customers, end users, and more. Based on their feedback, we established four goals to help accelerate Drupal adoption.

Goal 1: Improve the technical evaluation process

Matthew Grasmick recently completed an exercise in which he assessed the technical evaluator experience of four different PHP frameworks, and discovered that Drupal required the most steps to install. Having a good technical evaluator experience is critical, as it has a direct impact on adoption rates.

To improve the Drupal evaluation process, we've proposed the following initiatives:

Initiative Issue link Stakeholders Initiative coordinator Status Better discovery experience on Drupal.org Drupal.org roadmap Drupal Association hestenet Under active development Better "getting started" documentation #2956879 Documentation Working Group grasmash In planning More modern administration experience #2957457 Core contributors ckrina and yoroy Under active development

To become involved with one of these initiatives, click on its "Issue link" in the table above. This will take you to Drupal.org, where you can contribute by sharing your ideas or lending your expertise to move an initiative forward.

Goal 2: Improve the content creator experience

Throughout the interview process, it became clear that ease of use is a feature now expected of all technology. For Drupal, this means improving the content creator experience through a modern administration user interface, drag-and-drop media management and page building, and improved site preview functionality.

The good news is that all of these features are already under development through the Media, Workflow, Layout and JavaScript Modernization initiatives.

Most of these initiative teams meet weekly on Drupal Slack (see the meetings calendar), which gives community members an opportunity to meet team members, receive information on current goals and priorities, and volunteer to contribute code, testing, design, communications, and more.

Goal 3: Improve the site builder experience

Our research also showed that to improve the site builder experience, we should focus on improving the three following areas:

  • The configuration management capabilities in core need to support more common use cases out-of-the-box.
  • Composer and Drupal core should be better integrated to empower site builders to manage dependencies and keep Drupal sites up-to-date.
  • We should provide a longer grace period between required core updates so development teams have more time to prepare, test, and upgrade their Drupal sites after each new minor Drupal release.

We plan to make all of these aspects easier for site builders through the following initiatives:

Initiative Issue link Stakeholders Initiative coordinator Status Composer & Core #2958021 Core contributors + Drupal Association Coordinator needed! Proposed Config Management 2.0 #2957423 Core contributors Coordinator needed! Proposed Security LTS 2909665 Core committers + Drupal Security Team + Drupal Association Core committers and Security team Proposed, under discussion Goal 4: Promote Drupal to non-technical decision makers

The fourth initiative is unique as it will help our community to better communicate the value of Drupal to the non-technical decision makers. Today, marketing executives and content creators often influence the decision behind what CMS an organization will use. However, many of these individuals are not familiar with Drupal or are discouraged by the misconception that Drupal is primarily for developers.

With these challenges in mind, the Drupal Association has launched the Promote Drupal Initiative. This initiative will include building stronger marketing and branding, demos, events, and public relations resources that digital agencies and local associations can use to promote Drupal. The Drupal Association has set a goal of fundraising $100,000 to support this initiative, including the hiring of a marketing coordinator.

Megan Sanicki and her team have already raised $54,000 from over 30 agencies and 5 individual sponsors in only 4 days. Clearly this initiative resonates with Drupal agencies. Please consider how you or your organization can contribute.

Fostering community with values and principles

This year at DrupalCon Nashville, over 3,000 people traveled to the Music City to collaborate, learn, and connect with one another. It's at events like DrupalCon where the impact of our community becomes tangible for many. It also serves as an important reminder that while Drupal has grown a great deal since the early days, the work needed to scale our community is never done.

Prompted by feedback from our community, I have spent the past five months trying to better establish the Drupal community's principles and values. I have shared an "alpha" version of Drupal's values and principles at https://www.drupal.org/about/values-and-principles. As a next step, I will be drafting a charter for a new working group that will be responsible for maintaining and improving our values and principles. In the meantime, I invite every community member to provide feedback in the issue queue of the Drupal governance project.

An overview of Drupal's values with supporting principles.

I believe that taking time to highlight community members that exemplify each principle can make the proposed framework more accessible. That is why it was very meaningful for me to spotlight three Drupal community members that demonstrate these principles.

Principle 1: Optimize for Impact - Rebecca Pilcher

Rebecca shares a remarkable story about Drupal's impact on her Type 1 diabetes diagnosis:

Principle 5: Everyone has something to contribute - Mike Lamb

Mike explains why Pfizer contributes millions to Drupal:

Principle 6: Choose to Lead - Mark Conroy

Mark tells the story of his own Drupal journey, and how his experience inspired him to help other community members:

Watch the keynote or download my slides

In addition to the community spotlights, you can also watch a recording of my keynote (starting at 19:25), or you can download a copy of my slides (164 MB).

Adding {{ attributes }} to a Drupal PatternLab Theme

Ever gotten this error: User error: “attributes” is an invalid render array key? Here's what I do to get around it. If you've a better solution, let me know.

markconroy Mon, 04/16/2018 - 19:52

When building PatternLab-based Drupal themes, I try to get the Twig in PatternLab to match what I expect from Drupal. So, if I know Drupal has a line like this in its node.html.twig:

I want to be able to put the same thing into my PatternLab template - even though I am not going to use the {{ attributes }} in PatternLab. This means then I can simply let the Drupal template extend from the PatternLab one and not need to worry about anything.

However, when you do this, you will often get an error to say "attributes” is an invalid render array key. How do I get that error message to go away? Simple - I just add attributes to my Pattern's .yml file, like so:

attributes:
  Attribute():
    class:

The data.json File

You can do this for each individual pattern, but then you might get an error somewhere else talking about "title_attributes” is an invalid render array key. To get around all these errors, I simply add these items globally to the default data.json file, like so:

  "attributes": {
    "Attribute()": {
      "class": []
    }
  },
  "content_attributes": {
    "Attribute()": {
      "class": []
    }
  },
  "title_attributes": {
    "Attribute()": {
      "class": []
    }
  },
  "rows": {
    "Attribute()": {
      "class": []
    }
  },
  "teaser": {
    "Attribute()": {
      "class": []
    }
  }

The PatternLab Teaser Twig File

Taking the teaser view mode as an example, here's what my PatternLab twig file looks like:

{%
set classes = [
  'node',
  'node--type-' ~ node.bundle|clean_class,
  node.isPromoted ? 'node--promoted',
  node.isSticky ? 'node--sticky',
  not node.isPublished ? 'node--unpublished',
  view_mode ? 'node--view-mode-' ~ view_mode|clean_class,
]
%}

  {% if display_submitted %}
   
      Published: {{ node.created.value|date("D d M Y") }}
   
  {% endif %}

  {{ title_prefix }}
   
      {{ label }}
   
  {{ title_suffix }}

  {{ content.field_intro }}

The PatternLab yml (or json) File

Here's the corresponding .yml (or .json) file:

node:
  bundle: article
  isPublished: true
  created:
    value: 1511941986
  changed:
    value: 1512127363

view_mode: teaser

display_submitted: true

label: 'A Blog Post by Mark Conroy, all about PatternLab and Drupal'

content:
  field_intro:

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis. Maecenas faucibus mollis interdum.

The Rendered HTML in PatternLab

This will then print our html like so (notice, no attributes):

     
      Published: Wed 29 Nov 2017
   
 
 
   
      A Blog Post by Mark Conroy, all about PatternLab and Drupal
   

 

 

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis. Maecenas faucibus mollis interdum.

The Drupal Template File

Next, my node--teaser.html.twig file is as follows (just one line):

{% extends '@content/01-display-types/teaser/teaser.twig' %}

The Rendered Drupal HTML

And that renders html like so (notice, we have attributes that Drupal will use):

      ...

Full disclosure, I came up with this idea about a year ago after seeing something similar in the Bear Skin theme.

You can see this in action on my PatternLab's teaser pattern.

Every year we go to DrupalCon (this time it was in Nashville).

Every year, it's an excellent event.

Every year, Dries Buytaert gives his keynote address, known as the "Driesnote".

However, something was different this year.

What Is the Best WYSIWYG Website Builder in 2018? A Top 5 List silviu.serdaru Mon, 04/16/2018 - 17:22

“Empower... anyone who wants to build his own website!” This is how modern web builders' “motto” could sound like. And how could you not embrace this kind of “liberalization” in web development? Yet, the question that arises now is: with so many options, how do you choose the best WYSIWYG website builder for you?

… for your own:
 

Messages from DrupalCon Nashville via Youtube Webmaster Mon, 04/16/2018 - 17:10

I have just spent several days watching most of the videos of presentations form DrupalCon Nashville 2018. It is no substitute for attending, when you learn a lot from BoF sessions and private conversations. Nevertheless, having heard more sessions than would have been possible in person (since several sessions take place simultaneously), it seemed worth sharing a few thoughts and takeaways from my particular perspective.

There’s no doubt that the digital landscape looks very different these days. When we talk about an organization's digital presence we are talking about a whole lot more than websites or content management systems.  


At Drupalcon Nashville, we got down to business with our Drupal community, partners and clients to discuss where Drupal fits into this new digital ecosystem, customer experience trends, Drupal 8 best practices, and how to maintain a competitive digital experience platform in this fast-moving, ever-changing market.

Drupalcon 2018 is officially done! Mediacurrent was well represented with 37 teammates converging to Nashville for learning, networking, camaraderie, and professional growth. 

In the coming weeks, we will be providing a cross-section of feedback from people who perform different roles. Our goal is to give you some insight around "what you missed." 

Drupalcon Nashville 2018 (by the numbers):
  • Approximately 3000 attendees from around the globe and 150 sessions.
  • Hundreds of informal birds of feather (BoFs) meetings where like minded peers gathered, custom training sessions, Summits, and code sprints were held in conjunction with the conference.
  • Over 20,000 Drupal 8 sites are now being launched per month.
  • 81% more of Drupal 8's modules are now considered fully stable compared to this time last year.
  • Some of the biggest logos in the world that have adopted Drupal were well represented in Nashville.

​​

The Surgence of Marketing & Strategy: 

There was a common theme throughout the conference around how Drupal can provide a more holistic digital experience. Lauren Vaccarello, VP of Marketing at Box captured many of these points.  While there are a myriad of marketing tools and campaign options available, executives must not lose sight of the obvious - your company's web presence is the singular most important digital asset in your organization. Marketers and editors are demanding more though. They want a content management platform and a best of class partner to:

1.  Really lean in and understand their role and where Drupal solves problems for them.
2.  Take the time to learn about goals, success factors, KPIs and the vision of not just the project or department, but company as a whole.
3.  Show a simpler and easier editorial experience workflow.
4.  Leverage data analytics to make more informed decisions.
5.  Execute at a consistent, predicable level, but also provide insight and exposure to how other organizations are utilizing Drupal in creative ways.

These items are resonating. Megan Saniki, Executive Director of the Drupal Association (DA), talked about how the DA will be working hard to serve the needs of everyone involved in a company's digital experience, especially those who would consider themselves "non-technical."  For example, there will now be a new content and editorial track at Drupalcon, more case studies, and a newly redesigned home page was announced for drupal.org.

Vision of Drupal:

Dries Buytaert, the founder of Drupal, gave a powerful keynote presentation. He mentioned what an exciting time and huge opportunity there is "to grab" for everyone who has been involved with Drupal the past 17 years. After listening to a cross-section of stakeholders, Dries articulated what Drupal's 4 most critical priorities will be to drive the community forward. They include:

1. Improving the evaluation process to help increase adoption - this includes the number of clicks and steps to download Drupal.
2. Improving the content creator experience (people want Drupal to act more like social media tools they already use on a daily basis).
3. Improving the site builder experience - this could include making the version update path easier (note: 8.5 is the newest release of Drupal).
4. Promote Drupal to non-technical decision makers.  In general, this should entail more collaboration for those who have a vested interest in marketing Drupal. This includes a "Promote Drupal Fund" drive that was announced to collect $100,000 to among other things hire an extra, full-time employee for the Drupal Association. 

Recommended Sessions:

Top Drupal 8 Modules: A tour through the best of Drupal in 2018
A Farewell to Twig 
WordPress vs Drupal: How the website industry is evolving

Looking to the future:

Let's continue the conversation. Please do not hesitate to reach out and schedule a follow-up meeting with myself or a Mediacurrent expert if you have any questions about Drupalcon Nashville or your next digital project.

Drupalcon Nashville has just been amazing with an interactive and productive board retreat, amazing inspiring Keynotes, meeting friends, the many sessions, great ideas and a wonderful community!

We're counting down the days to the official SooperThemes Drupal 8 Release! Count with us as we will be writing a Drupal 8 related blog post every day for the next 8 days.

Media management is one of the areas where Drupal was lagging compared to competing systems, like WordPress. In Drupal 8 Media management has improved greatly! With the Entity Browser you can create highly customized user experiences to manage your creative assets. In the early times of Drupal 8 it was difficult to set up the Entity Browser but in the meanwhile turn-key solutions have become available that do the tedious configuration work for you. 

Entity Browser Meet File Entity Browser

If you're using SooperThemes Drupal themes you have the option to use our demo content installation profiles. This is a real time-saver because the demo profiles do not only contain demo content; they come with a complete configuration of all the Drupal features you need. We chose to include the File Entity Browser in Glazed CMS for it's beautiful masonry grid and extended features. This module configures and extends the Entity Browser modules with media library views, mass upload with drag and drop support, and a useful image-preview feature that lets you check the quality your assets while browsing the library.

view on sooperthemes.com if you can't see the video

The preview tool even has an option to preview images in all your image styles, allowing you to decide the right compression/quality trade-off for your creatives!

Media Management In Glazed Builder 8.x

In Drupal 7 our Glazed Builder Drupal page builder module integrates with the Media module. The Media module integrates seamlessly with Glazed Builder, offering all creative assets in Glazed Builder that you have uploaded elsewhere in your Drupal site. Of course any images you upload in the Glazed Builder interface are also available in the media library elsewhere in your Drupal site. 

We achieved the same feat in Drupal 8. Getting there was not easy: the Media module in Drupal 7 offered an API to integrate media library in your frontend application but there is no such API in Entity Browser

Of course we don't let that stop us from building exactly what we want, and we achieved the same seamless integration with Entity Browser that we have with the Media module. 

SooperThemes Open Source Contributions For Entity Browser

In order to get the media management experience up to our standards we made some improvements to the experience and functionality. We contributed several patches to Entity Browser and File Entity Browser.

Supporting field cardinality in File Entity Browser and visual cues for media selection limits

Out of the box Entity Browser does not limit the number of files you can select based on field cardinality. On a single-image field you can select more than one image. Our patch doesn't just limit the number of files you can select based on the field settings but also adds a layer of visual cues that let the user know when he cannot select more images. The patch is unfortunately not committed at the time of writing this blog because there is uncertainty about whether this functionlity beling in Entity Browser core or in the File Entity Browser add-on module.

Check out this video to see how the patched version of File Entity Browser handles fields with unlimited, multi-value, and single-value cardinality:

view on sooperthemes.com if you can't see the video

What Is Business Process Consulting? 5 Reasons Why You Should Use These Services adriana.cacoveanu Sat, 04/14/2018 - 06:33

Has that time come yet? The “time” when you realize that your once a start-up business, involving just a few processes and people, has gradually grown into a hard to manage infrastructure? One having plenty of... “holes” to be plugged for better efficiency? Then it's a fact: you need to look for a business process consultant! But what is business process consulting anyway?

And this is just one of the questions that I'll do my best to answer in today's post. Besides this, I'll be:
 

Drupal SA-2018-002 has been weaponized. Within 12 hours of a published proof-of-concept by security researchers, we can see automated attempts to systematically exploit sites across the internet.

Drupal Global Training Days had a great start in 2018. And it keeps that fast pace. The March wave of events featured 13 GTDs in such countries as Rwanda, China, Japan, Russia, Serbia, Spain, Mexico, the USA, Nicaragua. Some of the trainings were delivered online and were accessible for everyone from around the globe.

Highlights from the organizers

We contacted several GTD organizers and asked them to share some insights on their events and local communities. Thank you Miriam, Suzanne, and Strahinja for participating. I share my story below too.

Miriam Torres (mtorresn) from Monterrey, Mexico How did you get started with GTD?

In Mexico there is a lot of talent in the IT area, which is why we started to organize GTD in Monterrey, Mexico several years ago with the intention of both growing the Drupal community in Monterrey, and discovering talents to which we can offer job opportunities.

Who helped to make your training happen?

Many talented people have supported this training and Accenture has been our sponsor for several years. However, Eduardo Santiago has been our main organizer, who has been present at all our events. In our March event, 8 speakers shared with us a little of their knowledge in very diverse subjects (Gerardo García, Omar González, Luis Nicanor (luisnicg), Reinaldo Araque, Omar Aguirre (omers), Aldo Velasco, Eduardo Santiago and Miriam Torres) and 6 staff members made our event possible (Magdalena Lozano, Adrián Briano, Ruth Medina, Karla González, Ricardo Bolio and Ramiro García). We also had the support of Tec Milenio University who gave us access to their campus and helped us spread the word about the event.

How many attended your March 2018 event and what did they say they wanted?

In GTD of March 2018, we had a total of 49 attendees, most of whom wanted to learn a little more about frontend development, but we had people with special interest in backend development and testing in attendance too.

What new knowledge did attendees receive from you?

On March 16, we held a meetup with 5 talks: "Reactive programming" (Gerardo García), "SCRUM: An agile framework" (Omar González), "Organizing Drupal Teams" (Luis Nicanor), "Docker + Drupal, Practical applications and its integration with Drupal" (Reinaldo Araque) and "Component-Driven design using Pattern Lab" (Omar Aguirre), and on March 17, our attendees took a training, choosing between 2 different topics: Site Building with Drupal 8 (Eduardo Santiago) and Angular + Drupal REST. (Aldo Velasco, Gerardo García and Miriam Torres)

Suzanne Dergacheva (pixelite) from Montreal, Canada How did you get started with GTD?

We started our Drupal training program at Evolving Web in 2012 by giving a free training at DrupalCamp Montreal. Since then, we've been offering professional Drupal trainings on a wide range of topics as well as community trainings at camps. We regularly offer free trainings through Global Training Days, and have done both in-person and online trainings for GTD. Inspired by this, we're now offering a monthly free, online 'What is Drupal' session.

Who helped to make your training happen?

I led the training at Evolving Web. The Drupal Association helped promote the event with emails and we had lots of re-tweets from others in the Drupal community which helped spread the word.

How many attended your March 2018 event and what did they say they wanted to learn?

We had around 50 participants in our online video conference. Some of them were exploring Drupal and trying to see if it's a good fit for their projects, others were Drupal 7 users trying to figure out what's new in Drupal 8.

What new knowledge did attendees receive from you?

We offer a 'What is Drupal?' Introductory course for the Global Training Days. It introduces participants to Drupal terminology and general concepts. Participants get to follow along with hands-on exercises and explore why they would use Drupal. They see what you get out-of-the-box with Drupal and what you can customize it to do. They see the role of themes and modules. The training also introduces participants to the Drupal community so that they can see the importance of community contributions and the value of open source.

My story: Marina Paych (paych) from Omsk, Russia How did you get started with GTD?

Initially the Omsk Drupal Community emerged in 2013 from random meetups. The first GTD happened in 2014 and was aimed to engage more people with Drupal and involve them in the community’s life. Since that time, GTD has been being organized regularly and more and more people attend this event.

Who helped to make your training happen?

The greatest help comes from the company ADCI Solutions. They sponsor all the expenses connected with the organization of GTDs and other Drupal Meetups in our city. Also, they provide a venue in their office called ADCI Events Hub.

The organizers of this event put many efforts in order to make an interesting event in a warm atmosphere. Anastasia Dubina (anastasiya-dubina) was responsible for an overall organizational process such as promoting the event, setting up logistics and equipment, preparing coffee breaks, etc. And I was responsible for agenda management and speakers preparation.

We had 8 amazing speakers who delivered plenty of useful information: Denis Usov (usdv), Tatiana Shulgina (tatiana-shulgina), Artyom Zenkovets (azenkovets), Alexander Kuznetsov (bikba), Maksim Lukyanchikov (max-luckianchikov), Dmitry Chuchin (choo_choo), Iuliia Gapunenko (iuliia_g), and Marina Kardopolova (mkardo).

How many attended your March 2018 event and what did they say they wanted to learn?

There were 93 attendees at March GTD. The target audience of GTD in Omsk consists of students and recent graduates, therefore they wanted to learn about the whole web development process and how it is operated by a real company. Also, they wanted to try themselves in development. Around 60% of attendees were more interested in back end, and 40% -- in front end.

What new knowledge did attendees receive from you?

On March, 17 attendees listened to 5 sessions aimed to explain the peculiarities of Drupal development. The agenda covered all the processes, and sessions were logically connected to each other in order to show to attendees a full idea of web development.

In the first session -- “How to create a web application architecture” -- Denis Usov narrated about each role in a web development team and how they work for a successful result. The second session “The role of a designer in an IT team” by Tatiana Shulgina clarified web designers’ responsibilities and tasks in a project. The third session “What is back end?” delivered by Artyom Zenkovets and Alexander Kuznetsov contained information about traditional and decoupled approaches and the specifics of back end in Drupal. The fourth session “How to become a front-end Jedi” by Maskim Lukyanchikov and Dmitry Chuchin included a list of tools and useful links that will help newcomers dive into the JS world.
The final session of the first day was dedicated to the Drupal Community and ways to get involved and was delivered by Iuliia Gapunenko. She also showed videos about how Drupal changed many people’s lives from her #DrupalChanges campaign.

On March, 18 there was a training where attendees could use their new knowledge in practice within a captivating coding competition. First, attendees were taught to build their first website and then - to code a custom module. The training was delivered by Marina Kardopolova.

Strahinja Miljanovic (SixZeroNine) from Novi Sad, Serbia How did you get started with GTD?

Colleagues and I were discussing how many people they know who are using other CMS and they've never used Drupal. We heard that we have Global Training Day coming soon and we wanted to invite people to come, see, try and learn Drupal. So we created a Google Event Registration Form with questions that will help us to see how many people know about Drupal, are they more interested in Theming, Site Building or Developing custom modules.

Who helped to make your training happen?

Vladimir Zdravkovic (botanic_spark), ramns, helped with sessions, Dragan Eror - with workshops. Radoslav Curcic (wingpaler) and Aleksandar Cvijovic (cvijo) contributed to both sessions and workshop. Miki Stojkovic (mikispeed) provided space, food, and refreshments. And I was an organizer of the event.

How many attended your March 2018 event and what did they say they wanted to learn?

The number of people who applied to attend the event was 23. Almost everybody wanted to learn everything, but it was physically impossible to hold all sessions and workshops one at the time, so we merged Site Building and Module development. 90% of the people wanted to learn site-building and module development more than Theming.

What new knowledge did attendees receive from you?

Attendees from Site Building learned how to create nodes, content types, block types, views (page, block, filtering, and sorting), taxonomies, fields and basic and most common hook examples.

Attendees from Developing Custom Modules learned how to create a module, how to enable it VIA interface, Drush, as dependency and hook_install. They also learned to create configuration forms and blocks programmatically and render input data from configuration form into a custom block.

Attendees from Drupal 8 Theming learned about general themes and twig, How to create a theme and subtheme, theme suggestion, regions, libraries, adding CSS and js files, adding custom classes and adding templates.

Join the movement

That was a report on how March Global Training Days went. You still have a chance to join the movement, organize an outstanding GTD in June, September, or December, and get featured in an upcoming blog post.

If you are in doubt about whether to organize a GTD event or not, check out the GTD group where you can find the GTD Working Group if you need help. Also, follow @DrupalGTD on Twitter to stay tuned.

You really want to upgrade that old site to Drupal 8. You’ve seen the improvements, the new features, and you even figured out how to pull off an upgrade. The only thing between you and sweet Drupal 8 goodness is your boss. They don’t see the need to upgrade and think it won’t be worth the time or money to make the jump. Maybe they do think Drupal 8 is a needed improvement, but aren’t convinced that it is ready for prime-time. Here is what you do.

At DrupalCon Nashville 2018, I became deeply interested in the realm of first-time Drupal experiences, specifically around technical evaluation, and how people would get their feet wet with Drupal. There were two great BoFs related to the topic which I attended, and which I hope will bear some fruits over the next year in making Drupal easier for newcomers:

There are a number of different tools people can use to run a new Drupal installation, but documentation and ease of use for beginners is all over the place. The intention of this project is to highlight the most stable, simple, and popular ways to get a Drupal site installed and running for testing or site building, and measure a few benchmarks to help determine which one(s) might be best for Drupal newcomers.

Website maintenance is needed to address any vulnerabilities identified in software over time.

Thanks to the collaborative nature of the open source communities of Drupal and WordPress, we get a heads up when new vulnerabilities are identified (Read more about why open source is great for business). When the fixes and security updates for those vulnerabilities are released, they need to get installed and tested as soon as possible.

There are benefits and drawbacks to fully automated website maintenance, just as there are for fully manual website maintenance. The best path is to do both.

A machine never forgets a step in a process. It just gets confused when it's presented with the unexpected. A person can introduce human error, but can create novel solutions to unexpected problems.

Benefits of Automation Fast

Machines are much faster than people at reading code. Computers are fast and they can apply steps in a process much quicker than we can. They can also run multiple tests simultaneously, leading to even more time savings. There is an inherent, upfront time investment to program the scripts, but once that time investment is made, all subsequent processes are significantly faster.

Accurate

A machine can repeat the exact same process, in the exact same way, thousands of times. It can also log processes, errors and results at every step, every time. A person couldn’t log the results of every single step, or, if they did, they would take significantly longer than usual to finish each test and there’d be many more opportunities for human error. This accuracy in repetition and recording means that we have a clearer picture of the test and its results available to us.

Thorough

A machine checks everything within the scope you set for it and nothing outside of it. It doesn’t care if “this little change isn’t going to mess anything up”. It checks everything you set it to. That total adherence to process is key when testing a system with multiple, related, and moving parts, like a website.

The Human Advantage We’re innovative

A machine never forgets a step, ever. It just gets confused when presented with the unexpected. People are needed to create novel solutions to those unexpected problems. A developer can invent new processes, fixes, and features and create new applications for existing ones. 

We can give human feedback

A machine won’t tell you if the final result looks professional and aesthetically appealing. It can only check if objects are rendered in specific predefined colors, object types appear in the correct spot on the screen and so on.  A person can see if everything comes together and looks good. They can provide feedback on the branding of your site, give you unquantifiable assessments of how your site makes them feel as a person.

We can do ad-hoc testing

Automated tests have to be developed, programmed and tested themselves before they can begin to test new features for your site. A person can run through some manual tests very quickly when there isn’t a need to develop a deeper test.

How we put it into practice

Our system automatically creates a cloned copy of our clients' sites and applies updates. It then runs a battery of automated tests on the patched clone sites, out of public view, before notifying our developers to review the results. 

Once the updates are confirmed to be working properly and that nothing untoward is going on, the developer pushes the site to live. If anything is off, the developer can dive right in and make any needed adjustments, again, behind the scenes. For anyone visiting a site during this process, it's business as usual.

Website maintenance solutions like this are critical to any business. Gone are the days (if ever they existed) of launch and forget websites. Websites vulnerabilities are identified over time as intruders' techniques become more sophisticated. You can't prevent 100% of all data breaches, just like you can't prevent every burglar from trying to break into your house. But you can fix the porch light when it gets broken, and tighten up the deadbolt if it gets loose. So long as you've got someone checking the lights and testing the doors.

 

Keep up your Website's Performance with Website Maintenance!

 

 

Description

This Public Service Announcement is a follow-up to SA-CORE-2018-002 - Drupal core - RCE. This is not an announcement of a new vulnerability. If you have not updated your site as described in SA-CORE-2018-002 you should assume your site has been targeted and follow directions for remediation as described below.

The security team is now aware of automated attacks attempting to compromise Drupal 7 and 8 websites using the vulnerability reported in SA-CORE-2018-002. Due to this, the security team is increasing the security risk score of that issue to 25/25

Sites not patched by Wednesday, 2018-04-11 may be compromised. This is the date when evidence emerged of automated attack attempts. It is possible targeted attacks occurred before that.

Simply updating Drupal will not remove backdoors or fix compromised sites.

If you find that your site is already patched, but you didn’t do it, that can be a symptom that the site was compromised. Some attacks in the past have applied the patch as a way to guarantee that only that attacker is in control of the site.

What to do if your site may be compromised

Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack.

Take a look at our help documentation, ”Your Drupal site got hacked, now what.”

Recovery

Attackers may have created access points for themselves (sometimes called “backdoors”) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access.

Removing a compromised website’s backdoors is difficult because it is very difficult to be certain all backdoors have been found.

If you did not patch, you should restore from a backup. While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find. The recommendation is to restore from backup or rebuild from scratch. For more information please refer to this guide on hacked sites.

Contact and More Information

We prepared a FAQ that was released when SA-CORE-2018-002 was published. Read more at FAQ on SA-CORE-2018-002.

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Adaptive vs Responsive Design: What Is the Difference? Which One Is Better for You? silviu.serdaru Fri, 04/13/2018 - 16:40

Adaptive vs responsive design. Is there really a matter of “better vs worse”? What's the difference anyway?

For the boundaries sure look blurry enough. Especially since both types of web design provide you with a solution to the same challenge. The one you're facing as a web designer:

A design that should cater to all screen sizes.

Now, instead of delving into this confusion even deeper, let's shed some light on:
 

Lessons In Leadership From DrupalCon Nashville

Taking on a leadership position can be a very rewarding but also draining experience. I’d like to share some of the exciting things that stood out to me at DrupalCon in terms of leadership. In the last few years, I was able to take on a number different leadership positions such as CTO at Amazee Labs, running the #d8rules initiative or co-organizing camps in Austria and Switzerland. To me, it’s a deeply satisfying experience to be part of a team that works towards a common goal and see myself being able to help drive us to be successful. At the same time, leadership always felt very difficult to me. Why wasn’t I able to take decisions effectively? Why wouldn’t others follow my advice as I wanted them to?

Looking up to other leaders at work and in our community is really valuable to me. It allows me to feel inspired, keep improving, and relate my own struggle to the struggles of others. I’d like to share an overview of the things that inspired me during this DrupalCon Nashville.

Josef Dabernig Fri, 04/13/2018 - 17:53 Leadership lessons at DrupalCon Nashville

The Diversity & Inclusion team ensured me that fighting for a common cause with a well structured approach can lead to great results. This DrupalCon featured 40% speakers who identified as part of an underrepresented group. This is an awesome achievement and I appreciate the group and the DrupalCon program team who made this possible. I also really like how D&I tries to lead by example as they extend their attribution system to credit for non-code contributions such as attending an initial meeting. Finally, Nikki Steven handed over initiative leadership to Fatima and they mentioned how helpful it can be to distribute ownership of an initiative to make sure the cause is more important than the actual person leading it.

The Community Working Group (CWG), together with Jordana & George, explained their approach to ensuring safety within the Drupal Community. I appreciate the hard work they put into such a thoughtful process that helps us deal with difficult situations. An important aspect of the communication is to always try to separate internet and impact. A person might have the best intentions when they do something, but it is also really important that they understand the impact their actions have on others. A lot of the work that the CWG does goes into the mediation process. This brings disagreeing parties together to reach an understanding their own actions and how others feel about it. Not every difficult situation can be solved in a mediation process so it was great to learn that the CWG also relies on a careful process that leads to taking action if needed.

On Tuesday I was able to attend a Leadership workshop that was organized by the CWG and facilitated by Adam Goodman, Chairman of the Drupal Association. Adam is Director for the Center of Leadership at Northwestern University and I really appreciated his thoughtful approach to this workshop. Together as a group of roughly 50 attendees, we used individual and group exercises to discuss our different perspectives on leadership. Adam was able to make sure that there was a balanced discussion, added plenty of valuable insights, and reassured us that leadership is not always an easy topic. There was also a controversial discussion about the boundaries of leadership and I would like to thank Donna Benjamin for writing her thoughts on it.

In his keynote, Dries took a good amount of time to reflect on the leadership of Drupal. In his section on fostering the community, Dries presented his version of Drupal’s values and principles. I think this is an exciting move forward for us as a community to being able to define and iterate on our values and principles definition. I like how Dries stressed that he put a lot of effort into working on those but at the same time, that he also recognizes that they by no means will be perfect from the beginning. We’ll need a good amount of feedback & collaboration to help make sure that the values & principles definition of the Drupal community, as diverse as it is, serves the purpose and needs of our extensive community.

Rachel Lawson, Community Liaison at the Drupal Association, shared her story at the beginning of Wednesday’s keynote. I appreciated finding out how her feeling welcomed enabled her to become a key contributor and leader within our community. Rachel’s open and candid approach has always been a refreshing experience for me. Over the years, Rachel has always provided an open ear for me to discuss leadership challenges. It’s great to know there are people available that will listen to you and that want to help you to become better at what you do.

Finally, in the keynote itself, Steve Francia shared his very inspiring journey leading various open source community projects. There were tears in my eyes when I found out that Steve had been struggling with the responsibility of being the lead of these big, successful projects, especially when he wasn’t aligned with the project's goals anymore. Steve realised he needed to step down in order to focus on what he wants to work on. I especially appreciated Steve’s honest approach to giving genuine feedback to himself and us as a Drupal community. Steve’s presentation was full of great feedback for us a Drupal community and how we have inspired him to develop the communities he is working with.

Final thoughts

It’s awesome to look at what others do when it comes to leadership and get inspired by them. But without introspection, true leadership cannot really emerge. I’d like to conclude with my own notes from the leadership workshop:

What is teamwork?

The work performed together as a group of individuals towards shared goals.

What is leadership?

Everything that helps the teamwork such as leading by example, principles, coaching or being a servant leader.

How do people learn to become more effective team members, followers, and leaders?

When we learn to express our needs, feelings, and provide feedback. When we understand what our peers need and learn how to create safe spaces for interaction and collaboration. When we listen actively, take responsibility and are open to learning something new every day.

What’s next?

Today is the most collaborative day for DrupalCon. At the sprints we all come together to work on Drupal initiatives. On my side, I’m looking forward to meeting the DrupalCon Europe team to discuss the program. If you are interested, check out the website to get your ticket or sign up as a volunteer.

I want to get better at enabling others. In that spirit, I am looking for a new #d8rules initiative coordinator. If you are interested in helping the Rules module to Drupal 8, this might be a great opportunity for me to learn how to coach you. Feel free to reach out to me.

CCBot/2.0 (http://commoncrawl.org/faq/)

آخرین ارسال ها

محتواهای محبوب

درباره ما

Author
اینجا دروپال یعنی همه چیز. در مورد دروپال صحبت میکنیم. ماژول هامون رو به اشتراک میزاریم در مورد قالب دروپال ، فروشگاه دروپال، دروپال فارسی و تاریخ شمسی دروپال صحبت میکنیم و هرچیزی که در مورد طراحی سایت با دروپال میدونیم به هم انتقال میدیم. دروپالیون یک سایت شخصی نیست. ما دست همه کسانی که برای پیشرفت دروپال تلاش میکنند رو میفشاریم و با آغوش باز اونها رو در این سایت میپذیریم.

تماس با ما

با ما تماس بگیرید.

logo-samandehi