We are thrilled to introduce ThinkShout’s very first interns! In partnership with the Drupal Association, we will be working with two graduates of Epicodus’ first PHP class, Daniel Toader and Bojana Skarich. We’re very excited to welcome them to our offices, and the Drupal Community. They'll both be spending time at the Drupal Association's headquarters as well as ours. They've already mastered the art of posing for ThinkShout photos...
Without further ado, meet our interns!Daniel Toader
Favorite snack: Pretzels and beer.
Favorite word: SupercalifragilisticexpialidociousBojana Skarich
Bojana comes to us with a background as a public librarian. She’s an Americorp grad with a passion for technology, especially when it’s used for social good. She turned to Epicodus when she decided she wanted to pursue a career in web development development. Front end development is her forte, and she dreams of one day building data-driven websites. She loves Drupal and is looking forward to getting more involved with the community.
Favorite mythical creature: Griffin
Favorite tree: Silver birch
Welcome, Daniel and Bojana! We're so happy we could be a part of your continued Drupal education.
The Core Infrastructure Initiative announced today that they will support two Debian Developers, Holger Levsen and Jérémy Bobbio, with $200,000 to advance their Debian work in reproducible builds and to collaborate more closely with other distributions such as Fedora, Ubuntu, OpenWrt to benefit from this effort.
The Core Infrastructure Initiative (CII) was established in 2014 to fortify the security of key open source projects. This initiative is funded by more than 20 companies and managed by The Linux Foundation.
The reproducible builds initiative aims to enable anyone to reproduce bit by bit identical binary packages from a given source, thus enabling anyone to independently verify that a binary matches the source code from which it was said it was derived. For example, this allow the users of Debian to rebuild packages and obtain exactly identical packages to the ones provided by the Debian repositories.
You may have noticed that Jessie no longer includes the useful rescue flavour of live image, formerly included in Wheezy and earlier releases, and neither will Stretch unless you take action. This is my second public call for help this year to revive it. So if you care about rescue, here’s how you can help:
- First, try a self-built image, based on the old live-image-rescue configuration. While Jessie still contains the live-image-rescue configuration for live-build as a starting point, to successfully build this image for yourself, you need to edit the package lists to drop or substitute any packages that aren’t in the archive. As of writing, this includes libphash0, mii-diag, denyhosts, hal and emacs23-nox. (Tip: for the latter, substitute emacs24-nox.)
- Join or form a team to maintain the rescue metapackages in the long term. All of the official Debian Live images are based on metapackages that are looked after by various other teams, (principally the desktop teams,) with rescue being the sole exception. The old package lists include some forensics packages, so you may wish to contact Debian Forensics, but I don’t want to presume they’ll take it on.
- Have your team decide on what a rescue system should include. You might start with the old lists, spruced up a bit just to make the image build, or you might take an entirely different tack. This is your project, so it’s up to you.
- File a bug on tasksel, preferably with patch, to include a task-forensics and/or task-rescue task (or whatever you decide the task or tasks should be called).
- File a bug on the live-images package to include your work.
If you have any questions not answered in this post, please feel free to leave a comment on this blog, talk to the Debian Live team on irc — I’m SynrG, and hang out with the team at #debian-live @ irc.oftc.net) — or drop us an email at firstname.lastname@example.org.
The web was born as an open, decentralized platform allowing different people in the world to access and share information. I got online in the mid-nineties when there were maybe 100,000 websites in the world. Google didn't exist yet and Steve Jobs had not yet returned to Apple. I remember the web as an "open web" where no one was really in control and everyone was able to participate in building it. Fast forward twenty years, and the web has taken the world by storm. We now have a hundreds of millions of websites. Look beyond the numbers and we see another shift: the rise of a handful of corporate "walled gardens" like Facebook, Google and Apple that are becoming both the entry point and the gatekeepers of the web. Their dominance has given rise to major concerns.
We call them "walled gardens" because they control the applications, content and media on their platform. Examples include Facebook or Google, which control what content we get to see; or Apple, which restricts us to running approved applications on iOS. This is in contrast to the "open web", where users have unrestricted access to applications, content and media.
Facebook is feeling the heat from Google, Google is feeling the heat from Apple but none of these walled gardens seem to be feeling the heat from an open web that safeguards our privacy and our society's free flow of information.
This blog post is the result of people asking questions and expressing concerns about a few of my last blog posts like the Big Reverse of the Web, the post-browser era of the web is coming and my DrupalCon Los Angeles keynote. Questions like: Are walled gardens good or bad? Why are the walled gardens winning? And most importantly; how can the open web win? In this blog post, I'd like to continue those conversations and touch upon these questions.Are "walled gardens" good or bad for the web?
What makes this question difficult is that the walled gardens don't violate the promise of the web. In fact, we can credit them for amplifying the promise of the web. They have brought hundreds of millions of users online and enabled them to communicate and collaborate much more effectively. Google, Apple, Facebook and Twitter have a powerful democratizing effect by providing a forum for people to share information and collaborate; they have made a big impact on human rights and civil liberties. They should be applauded for that.
At the same time, their dominance is not without concerns. With over 1 billion users each, Google and Facebook are the platforms that the majority of people use to find their news and information. Apple has half a billion active iOS devices and is working hard to launch applications that keep users inside their walled garden. The two major concerns here are (1) control and (2) privacy.
First, there is the concern about scale and control. These organizations shape the news that most of the world sees. When too few organizations control the media and flow of information, we must be concerned. They are very secretive about their curation algorithms and have been criticized for inappropriate censoring of information.
Second, they record data about our behavior as we use their sites (and the sites their ad platforms serve) inferring information about our habits and personal characteristics, possibly including intimate details that we might prefer not to disclose. Every time Google, Facebook or Apple launch a new product or service, they are able to learn a bit more about everything we do and control a bit more about our life and the information we consume. They know more about us than any other organization in history before, and do not appear to be restricted by data protection laws. They won't stop until they know everything about us. If that makes you feel uncomfortable, it should. I hope that one day, the world will see this for what it is.
While the walled gardens have a positive and democratizing impact on the web, who is to say they'll always use our content and data responsibly? I'm sure that to most critical readers of this blog, the open web sounds much better. All things being equal, I'd prefer to use alternative technology that gives me precise control over what data is captured and how it is used.Why are the walled gardens winning?
Why then are these walled gardens growing so fast? If the open web is theoretically better, why isn't it winning? These are important questions about future of the open web, open source software, web standards and more. It is important to think about how we got to a point of walled garden dominance, before we can figure out how an open web can win.
The biggest reason the walled gardens are winning is because they have a superior user experience, fueled by data and technical capabilities not easily available to their competitors (including the open web).
Unlike the open web, walled gardens collect data from users, often in exchange for free use of a service. For example, having access to our emails or calendars is incredibly important because it's where we plan and manage our lives. Controlling our smartphones (or any other connected devices such as cars or thermostats) provides not only location data, but also a view into our day-to-day lives. Here is a quick analysis of the types of data top walled gardens collect and what they are racing towards:
On top of our personal information, these companies own large data sets ranging from traffic information to stock market information to social network data. They also possess the cloud infrastructure and computing power that enables them to plow through massive amounts of data and bring context to the web. It's not surprising that the combination of content plus data plus computing power enables these companies to build better user experiences. They leverage their data and technology to turn “dumb experiences” into smart experiences. Most users prefer smart contextual experiences because they simplify or automate mundane tasks.Can the open web win?
I still believe in the promise of highly personalized, contextualized information delivered directly to individuals, because people ultimately want better, more convenient experiences. Walled gardens have a big advantage in delivering such experiences, however I think the open web can build similar experiences. For the open web to win, we first must build websites and applications that exceed the user experience of Facebook, Apple, Google, etc. Second, we need to take back control of our data.Take back control over the experience
The obvious way to build contextual experiences is by combining different systems that provide open APIs; e.g. we can integrate Drupal with a proprietary CRM and commerce platform to build smart shopping experiences. This is a positive because organizations can take control over the brand experience, the user experience and the information flow. At the same time users don't have to trust a single organization with all of our data.
The current state of the web: one end-user application made up of different platform that each have their own user experience and presentation layer and stores its own user data.
To deliver the best user experience, you want “loosely-coupled architectures with a highly integrated user experience”. Loosely-coupled architectures so you can build better user experiences by combining your systems of choice (e.g. integrate your favorite CMS with your favorite CRM with your favorite commerce platform). Highly-integrated user experiences so can build seamless experiences, not just for end-users but also for content creators and site builders. Today's open web is fragmented. Integrating two platforms often remains difficult and the user experience is "mostly disjointed" instead of "highly integrated". As our respective industries mature, we must focus our attention to integrating the user experience as well as the data that drives that user experience. The following "marketecture" illustrates that shift:
Instead of each platform having its own user experience, we have a shared integration and presentation layer. The central integration layer serves to unify data coming from distinctly different systems. Compatible with the "Big Reverse of the Web" theory, the presentation layers is not limited to a traditional web browser but could include push technology like a notification.
For the time being, we have to integrate with the big walled gardens. They need access to great content for their users. In return, they will send users to our sites. Content management platforms like Drupal have a big role to play, by pushing content to these platforms. This strategy may sound counterintuitive to many, since it fuels the growth of walled gardens. But we can't afford to ignore ecosystems where the majority of users are spending their time.Control personal data
At the same time, we have to worry about how to leverage people's data while protecting their privacy. Today, each of these systems or components contain user data. The commerce system might have data about past purchasing behavior, the content management system about who is reading what. Combining all the information we have about a user, across all the different touch-points and siloed data sources will be a big challenge. Organizations typically don't want to share user data with each other, nor do users want their data to be shared without their consent.
The best solution would be to create a "personal information broker" controlled by the user. By moving the data away from the applications to the user, the user can control what application gets access to what data, and how and when their data is shared. Applications have to ask the user permission to access their data, and the user explicitly grants access to none, some or all of the data that is requested. An application only gets access to the data that we want to share. Permissions only need to be granted once but can be revoked or set to expire automatically. The application can also ask for additional permissions at any time; each time the person is asked first, and has the ability to opt out. When users can manage their own data and the relationships they have with different applications, and by extension with the applications' organizations, they take control over their own privacy. The government has a big role to play here; privacy law could help accelerate the adoption of "personal information brokers".
Instead of each platform having its own user data, we move the data away from the applications to the users, managed by a "personal information broker" under the user's control.
The user's personal broker manages data access to different applications.Conclusion
People don't seem so concerned about their data being hosted with these walled gardens since they've willingly given it to date. For the time being, "free" and "convenient" will be hard to beat. However, my prediction is that these data privacy issues are going to come to a head in the next five to ten years, and lack of transparency will become unacceptable to people. The open web should focus on offering user experiences that exceed those provided by walled gardens, while giving users more control over their user data and privacy. When the open web wins through improved transparency, the closed platforms follow suit, at which point they'll no longer be closed platforms. The best case scenario is that we have it all: a better data-driven web experience that exists in service to people, not in the shadows.
I was asked for advice on whether children should have access to smart phones, it’s an issue that many people are discussing and seems worthy of a blog post.Claimed Problems with Smart Phones
The first thing that I think people should read is this XKCD post with quotes about the demise of letter writing from 99+ years ago . Given the lack of evidence cited by people who oppose phone use I think we should consider to what extent the current concerns about smart phone use are just reactions to changes in society. I’ve done some web searching for reasons that people give for opposing smart phone use by kids and addressed the issues below.
Some people claim that children shouldn’t get a phone when they are so young that it will just be a toy. That’s interesting given the dramatic increase in the amount of money spent on toys for children in recent times. It’s particularly interesting when parents buy game consoles for their children but refuse mobile phone “toys” (I know someone who did this). I think this is more of a social issue regarding what is a suitable toy than any real objection to phones used as toys. Obviously the educational potential of a mobile phone is much greater than that of a game console.
It’s often claimed that kids should spend their time reading books instead of using phones. When visiting libraries I’ve observed kids using phones to store lists of books that they want to read, this seems to discredit that theory. Also some libraries have Android and iOS apps for searching their catalogs. There are a variety of apps for reading eBooks, some of which have access to many free books but I don’t expect many people to read novels on a phone.
Cyber-bullying is the subject of a lot of anxiety in the media. At least with cyber-bullying there’s an electronic trail, anyone who suspects that their child is being cyber-bullied can check that while old-fashioned bullying is more difficult to track down. Also while cyber-bullying can happen faster on smart phones the victim can also be harassed on a PC. I don’t think that waiting to use a PC and learn what nasty thing people are saying about you is going to be much better than getting an instant notification on a smart phone. It seems to me that the main disadvantage of smart phones in regard to cyber-bullying is that it’s easier for a child to participate in bullying if they have such a device. As most parents don’t seem concerned that their child might be a bully (unfortunately many parents think it’s a good thing) this doesn’t seem like a logical objection.
Fear of missing out (FOMO) is claimed to be a problem, apparently if a child has a phone then they will want to take it to bed with them and that would be a bad thing. But parents could have a policy about when phones may be used and insist that a phone not be taken into the bedroom. If it’s impossible for a child to own a phone without taking it to bed then the parents are probably dealing with other problems. I’m not convinced that a phone in bed is necessarily a bad thing anyway, a phone can be used as an alarm clock and instant-message notifications can be turned off at night. When I was young I used to wait until my parents were asleep before getting out of bed to use my PC, so if smart-phones were available when I was young it wouldn’t have changed my night-time computer use.
Some people complain that kids might use phones to play games too much or talk to their friends too much. What do people expect kids to do? In recent times the fear of abduction has led to children doing playing outside a lot less, it used to be that 6yos would play with other kids in their street and 9yos would be allowed to walk to the local park. Now people aren’t allowing 14yo kids walk to the nearest park alone. Playing games and socialising with other kids has to be done over the Internet because kids aren’t often allowed out of the house. Play and socialising are important learning experiences that have to happen online if they can’t happen offline.
Apps can be expensive. But it’s optional to sign up for a credit card with the Google Play store and the range of free apps is really good. Also the default configuration of the app store is to require a password entry before every purchase. Finally it is possible to give kids pre-paid credit cards and let them pay for their own stuff, such pre-paid cards are sold at Australian post offices and I’m sure that most first-world countries have similar facilities.
Electronic communication is claimed to be somehow different and lesser than old-fashioned communication. I presume that people made the same claims about the telephone when it first became popular. The only real difference between email and posted letters is that email tends to be shorter because the reply time is smaller, you can reply to any questions in the same day not wait a week for a response so it makes sense to expect questions rather than covering all possibilities in the first email. If it’s a good thing to have longer forms of communication then a smart phone with a big screen would be a better option than a “feature phone”, and if face to face communication is preferred then a smart phone with video-call access would be the way to go (better even than old fashioned telephony).Real Problems with Smart Phones
The majority opinion among everyone who matters (parents, teachers, and police) seems to be that crime at school isn’t important. Many crimes that would result in jail sentences if committed by adults receive either no punishment or something trivial (such as lunchtime detention) if committed by school kids. Introducing items that are both intrinsically valuable and which have personal value due to the data storage into a typical school environment is probably going to increase the amount of crime. The best options to deal with this problem are to prevent kids from taking phones to school or to home-school kids. Fixing the crime problem at typical schools isn’t a viable option.
Bills can potentially be unexpectedly large due to kids’ inability to restrain their usage and telcos deliberately making their plans tricky to profit from excess usage fees. The solution is to only use pre-paid plans, fortunately many companies offer good deals for pre-paid use. In Australia Aldi sells pre-paid credit in $15 increments that lasts a year . So it’s possible to pay $15 per year for a child’s phone use, have them use Wifi for data access and pay from their own money if they make excessive calls. For older kids who need data access when they aren’t at home or near their parents there are other pre-paid phone companies that offer good deals, I’ve previously compared prices of telcos in Australia, some of those telcos should do .
It’s expensive to buy phones. The solution to this is to not buy new phones for kids, give them an old phone that was used by an older relative or buy an old phone on ebay. Also let kids petition wealthy relatives for a phone as a birthday present. If grandparents want to buy the latest smart-phone for a 7yo then there’s no reason to stop them IMHO (this isn’t a hypothetical situation).
Kids can be irresponsible and lose or break their phone. But the way kids learn to act responsibly is by practice. If they break a good phone and get a lesser phone as a replacement or have to keep using a broken phone then it’s a learning experience. A friend’s son head-butted his phone and cracked the screen – he used it for 6 months after that, I think he learned from that experience. I think that kids should learn to be responsible with a phone several years before they are allowed to get a “learner’s permit” to drive a car on public roads, which means that they should have their own phone when they are 12.
I’ve seen an article about a school finding that tablets didn’t work as well as laptops which was touted as news. Laptops or desktop PCs obviously work best for typing. Tablets are for situations where a laptop isn’t convenient and when the usage involves mostly reading/watching, I’ve seen school kids using tablets on excursions which seems like a good use of them. Phones are even less suited to writing than tablets. This isn’t a problem for phone use, you just need to use the right device for each task.Phones vs Tablets
Some people think that a tablet is somehow different from a phone. I’ve just read an article by a parent who proudly described their policy of buying “feature phones” for their children and tablets for them to do homework etc. Really a phone is just a smaller tablet, once you have decided to buy a tablet the choice to buy a smart phone is just about whether you want a smaller version of what you have already got.
The iPad doesn’t appear to be able to make phone calls (but it supports many different VOIP and video-conferencing apps) so that could technically be described as a difference. AFAIK all Android tablets that support 3G networking also support making and receiving phone calls if you have a SIM installed. It is awkward to use a tablet to make phone calls but most usage of a modern phone is as an ultra portable computer not as a telephone.
The phone vs tablet issue doesn’t seem to be about the capabilities of the device. It’s about how portable the device should be and the image of the device. I think that if a tablet is good then a more portable computing device can only be better (at least when you need greater portability).
Recently I’ve been carrying a 10″ tablet around a lot for work, sometimes a tablet will do for emergency work when a phone is too small and a laptop is too heavy. Even though tablets are thin and light it’s still inconvenient to carry, the issue of size and weight is a greater problem for kids. 7″ tablets are a lot smaller and lighter, but that’s getting close to a 5″ phone.Benefits of Smart Phones
Using a smart phone is good for teaching children dexterity. It can also be used for teaching art in situations where more traditional art forms such as finger painting aren’t possible (I have met a professional artist who has used a Samsung Galaxy Note phone for creating art work).
There is a huge range of educational apps for smart phones.
The Wikireader (that I reviewed 4 years ago)  has obvious educational benefits. But a phone with Internet access (either 3G or Wifi) gives Wikipedia access including all pictures and is a better fit for most pockets.
There are lots of educational web sites and random web sites that can be used for education (Googling the answer to random questions).
When it comes to preparing kids for “the real world” or “the work environment” people often claim that kids need to use Microsoft software because most companies do (regardless of the fact that most companies will be using radically different versions of MS software by the time current school kids graduate from university). In my typical work environment I’m expected to be able to find the answer to all sorts of random work-related questions at any time and I think that many careers have similar expectations. Being able to quickly look things up on a phone is a real work skill, and a skill that’s going to last a lot longer than knowing today’s version of MS-Office.
There are a variety of apps for tracking phones. There are non-creepy ways of using such apps for monitoring kids. Also with two-way monitoring kids will know when their parents are about to collect them from an event and can stay inside until their parents are in the area. This combined with the phone/SMS functionality that is available on feature-phones provides some benefits for child safety.iOS vs Android
Rumour has it that iOS is better than Android for kids diagnosed with Low Functioning Autism. There are apparently apps that help non-verbal kids communicate with icons and for arranging schedules for kids who have difficulty with changes to plans. I don’t know anyone who has a LFA child so I haven’t had any reason to investigate such things. Anyone can visit an Apple store and a Samsung Experience store as they have phones and tablets you can use to test out the apps (at least the ones with free versions). As an aside the money the Australian government provides to assist Autistic children can be used to purchase a phone or tablet if a registered therapist signs a document declaring that it has a therapeutic benefit.
I think that Android devices are generally better for educational purposes than iOS devices because Android is a less restrictive platform. On an Android device you can install apps downloaded from a web site or from a 3rd party app download service. Even if you stick to the Google Play store there’s a wider range of apps to choose from because Google is apparently less restrictive.
Android devices usually allow installation of a replacement OS. The Nexus devices are always unlocked and have a wide range of alternate OS images and the other commonly used devices can usually have an alternate OS installed. This allows kids who have the interest and technical skill to extensively customise their device and learn all about it’s operation. iOS devices are designed to be sealed against the user. Admittedly there probably aren’t many kids with the skill and desire to replace the OS on their phone, but I think it’s good to have option.
Android phones have a range of sizes and features while Apple only makes a few devices at any time and there’s usually only a couple of different phones on sale. iPhones are also a lot smaller than most Android phones, according to my previous estimates of hand size the iPhone 5 would be a good tablet for a 3yo or good for side-grasp phone use for a 10yo . The main benefits of a phone are for things other than making phone calls so generally the biggest phone that will fit in a pocket is the best choice. The tiny iPhones don’t seem very suitable.
Also buying one of each is a viable option.Conclusion
I think that mobile phone ownership is good for almost all kids even from a very young age (there are many reports of kids learning to use phones and tablets before they learn to read). There are no real down-sides that I can find.
I think that Android devices are generally a better option than iOS devices. But in the case of special needs kids there may be advantages to iOS.
-  http://www.xkcd.com/1227/
-  https://www.aldimobile.com.au/plans
-  http://etbe.coker.com.au/2014/04/01/comparing-telcos-again/
-  http://etbe.coker.com.au/2010/11/25/the-wikireader/
-  http://etbe.coker.com.au/2013/02/11/phone-tablet-sizes/
In the next couple of weeks we'll be launching a new sponsorship opportunity for Drupal Supporters on the homepage of Drupal.org. The following is background information and a proposal for the program. We would like a period of public community feedback. Feedback is open until the 6th of July. At that time, we will incorporate the feedback into the sponsorship program plan.Background
The Drupal Association has been creating advertising programs on Drupal.org in an effort to do more to serve our mission, and to take the pressure off of DrupalCons to perform financially. We’ve been working to develop advertising products that are meaningful for advertisers, deliver value to the community, and are respectful of users contributing to the project.About the Program
The Homepage Sponsorship will highlight partners who support the community through Drupal Supporter Programs. This includes Supporting Partners, Hosting Supporters and Tech Supporters. The sponsorship will display in the 300 x 250 ad block that already exists on the Drupal.org homepage. The creative template is designed and maintained by the Association. The featured supporter will provide a logo, body copy, button copy, and a link to that will direct to their website. We will display the partner’s supporter badge, and eventually, pass in any applicable organization credits.
The idea for the Homepage Sponsorship originates from the rewards mechanism that Dries discussed in his DrupalCon Amsterdam 2014 Keynote. His vision involves building a system that creates an incentive for Drupal companies to contribute to the project by rewarding them with benefits and giving recognition.
There is a larger project in motion which includes the Drupal Association building commit credits for organizations, and developing the algorithm to apply a value to the credits. The Homepage Sponsorship is one potential reward that will eventually feed into the system. Until that larger project is complete, the Homepage Sponsorship will be available for purchase by Drupal Supporters. It will be sold in one week increments, giving the partner 100% of the page views during the campaign. The program will expand recognition for those organizations who already give back, and will encourage more organizations to participate in Supporter Programs.Homepage Sponsorship Mock Advertising Guidelines for Drupal.org
The Drupal Association interviewed representatives of the Drupal Community to help guide our advertising strategy and ensure a positive advertising experience on Drupal.org. We developed informal guidelines; for example, advertising is not appropriate in issue queues, and when possible, products should monetize users who are logged out and not contributing to the Project. After we received feedback on our most recent program - Try Drupal, we started work on formalizing these guidelines for advertising on Drupal.org.
We created an issue to share a draft advertising policy developed by the Association and Drupal.org Content Working Group. The policy will set guidelines for how we advertise - addressing issues like the labeling of ads, content guidelines, etc. with the aim of providing an advertising experience that complements Drupal.org and supports our community values. Whatever decisions are made in that policy will be applied to existing programs, including the Homepage Sponsorship and Try Drupal program.Talk To Us
We want your input about the Homepage Sponsorship. Please comment on this post, or in the issue, with your questions and insights.
AttachmentSize HP Sponsor Mock-small.png130.36 KB
Commerce Guys has been promoting the value of content-driven commerce for many years, and we are thrilled to see more and more people talking about this continued transformation in the eCommerce market. One company that has recognized this important trend is Forrester Research, who makes a strong and compelling case in their "Content And Commerce: The Odd Couple Or The Power Couple?". In particular, they point out that companies who differentiate themselves by providing a unified user experience to tell their story should consider a tightly integrated solution that provides both a rich Content Management System (CMS) and a flexible eCommerce transactional engine.br />
Today there is almost no barrier to selling online, making it increasingly difficult for companies to differentiate themselves online, create a strong web presence, and attract customers. The solution for many will be to focus more on creating unique user experiences, supported by interesting content, which allows their users to execute transactions anywhere along the buying journey within the context of that information. The challenge today is that this experience requires CMS and eCommerce to work together seamlessly. Unfortunately most companies manage these two functions separately with two distinct systems. This approach results in added complexity and a disjointed and inconsistent user experience that is confusing to users and damages their brand.
According to Forrester, "the convergence of content and commerce platforms is already well underway. [They] expect that these two solution categories to be foundational elements in digital customer experience management"1. They go on to say that "In an ideal world, commerce and content platforms would have fully converged into customer experience management platforms, with commerce services seamlessly exposed through best-in-class digital engagement tools and supported by social, testing, and content management services." - "But this ideal isn’t likely to exist in the near future"1.
The future is NOW - and the reality is that Drupal + Drupal Commerce is the only platform with commerce natively embedded in a CMS, offering a seamless digital experience management solution with a single code base, administration, and database.
Why is this not more widely known?
While this may be news to many, Drupal Commerce has been around for over 5 years and has over 57k active sites. It consists of core and contributed modules, support by Commerce Guys and the broader community, that can be dropped into Drupal (which itself has been around for 10+ years and has over 5 million active sites) allowing transactions to occur anywhere within the user experience created. Contextual relationships between content and products are extremely easy to create - something that is hard to do when you bolt together separate CMS and eCommerce platforms. A great example of the power of Drupal + Drupal Commerce is www.lush.co.uk which helps Lush in the UK tell their story, engage their customers, and sell more product.
Read the Forrester report. They get it right, and they are one of a growing number of analysts talking about the value of content-driven commerce.
2. Don't get stuck on features. Yes, they are important, but they will also change, and you need a solution that will adapt and allow you to take advantage of new ideas quickly. Instead, consider how your business will benefit by creating an experience that keeps your customers coming back and makes it easy for them to buy.
3. If you think your business would benefit from a richer user experience, or if you just want to simplify your infrastructure with a single platform that can serve both your content and commerce needs, take a look at Drupal Commerce - you will be pleasantly surprised by what you see.
Who Benefits from a Content & Commerce Solution?
Potentially everyone, but in particular are brands who benefit from a differentiated user experience that enables them to tell their story through interesting content and community engagement driving sales within the context of that experience. In addition, existing Drupal sites looking to add transactional capabilities is another obvious fit. With an existing investment in technology, skills and content, there is no better choice than to "drop in" commerce functionality, through Drupal Commerce modules, anywhere. Integrating with a separate eCommerce solution and bolting it onto Drupal is a common approach and certainly possible, but the result is added complexity, cost and valuable customer information that is spread out across multiple systems. Two systems makes it harder to create a level of contextualization and a unified experience that buyers are looking for. Given the increasing importance of targeting and personalizing content and offers and knowing your customer, having customer information in one place allows companies to merchandise more effectively.
What Should You Do?
1. Stephen Powers, Peter Sheldon with Zia Daniell Wigder, David Aponovich, Rebecca Katz Content And Commerce: The Odd Couple Or The Power Couple? How To Choose Between Using A Web Content Management Solution, An eCommerce Platform, Or Both (Forrester, November 19, 2013) 11,14
I've been a proponet of CaCert.org for a long time and I'm still using those certificates in some places, but lately I gave in and searched for something that validates even on iOS. It's not that I strictly need it, it's more a favour to make life for friends and family easier.
I turned down startssl.com because I always manage to somehow lose the client certificate for the portal login. Plus I failed to generate several certificates for subdomains within the primary domain. I want to use different keys on purpose so SANs are not helpful, neither are wildcard certs for which you've to pay anyway. Another point against a wildcard cert from startssl is that I'd like to refrain from sending in my scanned papers for verification.
On a sidenote I'm also not a fan of random email address extractions from whois to sent validation codes to. I just don't see why the abuse desk of a registrar should be able to authorize on DV certificates for a domain under my control.
So I decided to pay the self proclaimed leader of the snakeoil industrie (Comodo) via cheapsslshop.com. That made 12USD for a 3 year Comodo DV certificate. Fair enough for the mailsetup I share with a few friends, and the cheapest one I could find at that time. Actually no hassle with logins or verification. It looks a bit like a scam but the payment is done via 2checkout if I remember correctly and the certificate got issued via a voucher code by Comodo directly. Drawback: credit card payment.
That provides now a free and validating certificate for sven.stormbind.net in case you'd like to check out the chain. The validation chain is even one certificate shorter then the chain for the certificate I bought from Comodo. So in case anyone else is waiting for letsencrypt to start, you might want to check wosign until Mozilla et al are ready.
From my point of view the only reason to pay one of the major CAs is for the service of running a reliable OCSP system. I also pointed that out here. It's more and more about the service you buy and no longer just money for a few ones and zeroes.
Today I will show how to authorize a user in your mobile app with a Drupal website. First of all we should configure Drupal to allow REST authentication, so go to /admin/structure/services and click the “Edit” link opposite of your service name. Here, check the “Session authentication” option and save. Next go to the resources tab and edit user resource alias and check off the following options for it: login, logout, token, and register.
Also, we should check the user registration settings on /admin/config/people/accounts to allow new user registration by visitors, and account activation without email or admin confirmation.
To login a user with the services module, we must do following steps:
Send GET request to /services/session/token.
Get the response with CSRF token.
Send POST request with username, password with token received before in X-CSRF-Token header to /user/login endpoint.
Receive an object with user data and new CSRF token on login success or error code with a message on login fail.
To log out a user, we have to send POST request to /user/logout with X-CSRF-token header, that contains the token which we receive on login.
And to register a new user we send a POST request to /user/register API URL with user data. As a response we should get a new user object and error status message on registration fail. The minimum data required for a user registration is username, e-mail address, and password, but we should add a status equal to 1, to immediately make a new account active, ready for use.In-app integration
It is good practice to save some data on a device to prevent the user from manually editing any information that is needed every time that we run application. We should use Local Storage to store user login status, tokens from the last login time and user data. AngularJS has some modules to add to Local Storage support for an application; I chose angularLocalStorage. It also has a cookie fallback and uses the ngCookies module for it.
So we should download these two modules and plug them in our index.html file.
Next we should define the UI Router state for account tab, angularLocalStorage module dependency in our app.js file and add local storage prefix constant, we will add it to our config constant.
In the services.js file we will create a new factory called User. This will contain a list of methods to work with user operations on the REST server, and to save / delete user data from local storage. We use $rootScope services to have access to login status and user information from any part of the application.
In tabs.html we add an Account tab link.
Let’s create a tab-account template. Here we should show the following: for an unauthorized user, show login and register buttons that will open a popup form for each action; and for a logged-in (authorized) user, show information about user and a logout button. To show these parts of the template conditionally, we use the ng-show directive and loginSuccess variable that are stored globally in $rootScope.
To show popups with login/register forms we should use $ionicModal service, which comes with Ionic Framework core. We must create templates for each modal window: login.html and register.html.
Finally, we should define a controller for each (login and register) popup. We initialize a new $ionicModal instance and set a template for it, creating methods to open and close the modals, and doLogin, doLogout and doRegistration actions. It will be easy to handle any error message because our User Factory methods return promises. Also, we should save user information to Local Storage and send requests to the server only if it is necessary.
You can clone and try all this code from my GitHub repository, and to get the code of this part, checkout the part5 branch (just run “git checkout -f part5”). Now we can test the application in a browser - run “ionic serve” prompt command from the project directory and see the result of our work.
Tomorrow, I will add comments to articles and ability to post a comment for logged in users.DrupalBest PracticesDrupal How toDrupal PlanetLearning SeriesTechnology ToolsPost tags: IonicAppsDrupal
A very common use-case for Maestro is to launch a workflow in order to moderate some piece of content. You may have an expense form as a content type and you wish to have a manager review and approve it before handing it off to other departments for processing.
This post will show you how to fire off a moderation workflow after saving content with Rules.
Step 1: Create a simple test flow
I know you have a super-ultra-complex workflow, but this is best to get off the ground with a simple 1 step flow for the time being!
The content that you display on your Drupal site doesn’t necessarily have to be content that you own or store in your own database. In addition to your own content, there could be various use cases and methods for dynamically displaying data from outside sources and displaying it on your site.
In the Drupal modules that I inherit or review, I see a lot of different ways of factoring out into separate files, of what might have begun in the main module file. This can be useful for performance (to a limited extent) and legibility, but depending on how you do it, you might end up ironically spoiling both.
How should you break down your Drupal module files? Well, I'm not here to tell you the perfect file breakdown. Matching the architecture is good, although what "the architecture" means in Drupal 7 isn't clear. Outside of a Drupal 8/Symfony-style architectural model, there's a limit to how much the file breakdown really needs to match the architecture, and a limit to how useful doing so would be.
Sprints are times dedicated to focused work on a project or topic. People in the same location (physical space, IRC, certain issue pages) work together to make progress, remove barriers to completion, and try to get things to "done".
This summer, there are many Drupal 8- focused sprint opportunities before DrupalCon Barcelona.
Some of these are open to everyone, some have mentors or workshops to help new contributors, some have limited space, depending on the event.Earlier this summer
DrupalCon Los Angeles had very productive extended sprints, and the main sprint on Friday was huge! Since then, many sprints have continued the progress, including: Drupal Camp Spain, DrupalCamp Wroclaw, Moldcamp in Chișinău, Moldova, and Frontend United.
And, we had two sprints (New Hampshire and New Jersey) aided by Drupal 8 Accelerate. If you have more money than time for sprinting or resources for planning or hosting a sprint, and you want to help get Drupal 8 out, giving to D8 Accelerate really helps.New Hampshire, USA
Jersey Shore Sprint, New Jersey, USA
Twin Cities Drupal Camp, Minneapolis, Minnesota, USA
Sprints are concurrent with the training day on Thursday, and concurrent with sessions Friday and Saturday. The dedicated sprint day is on Sunday. We are expecting about 10 people on Thursday and 60 people on Sunday. Sunday will have a workshop for new contributors, Core/Contrib sprints, and a Drupal 8 Manual sprint.
See the sprint page on the tcdrupal.org site for details.June 25-28, 2015
Drupal North, Toronto, Canada
Sunday is a dedicated Drupal 8 sprint day. There will be a small unofficial sprint on Thursday.
The whole 4 day camp is focused on Drupal 8.June 28, 2015
This is a dedicated one day sprint to help get Drupal 8 out.
See the announcement for details.July 2-8, 2015
D8 Accelerate critical issue sprint, London
This 7 day sprint will be focused on Drupal 8 critical issues and space is limited.
See the groups.drupal.org post for details.July 4, 2015
DrupalCamp Bristol, United Kingdom
Sprints will run concurrent with sessions on Saturday.July 16-19, 2015
NYC Camp, New York, USA
Monday to Wednesday are sprint only days, with Drupal 8 Core and Media for Drupal 8 scheduled. Panopoly is scheduled for Tuesday and Wednesday. Sprints will also be concurrent with trainings, summits, and sessions on Thursday through Sunday.
DrupalCamp North, Sunderland, United Kingdom
GovCon, Bethesda, Maryland, USA
GovCon conference is July 22-24 with sprints concurrent with sessions, but there will be two dedicated sprint days following on Saturday and Sunday, July 25 and 26 in Washington, DC at the ForumOne offices.August 6-9, 2015
Sprints will be concurrent with the camp all days.
Last year was super focused and relaxing.August 12-15, 2015
MidWest Developers Summit (MWDS), Chicago, Illinois, USA
4 days of only sprinting, hosted in the Palantir.net offices.
Details still to be announced. See the groups.drupal.org event page for more details.September 11-18, 2015
Montréal to Barcelona Sprint, Montréal, Canada
For some people in North America, Montréal could be on the way to Barcelona, where DrupalCon extended sprints start September 19.
See the groups.drupal.org event page for more details.P.S.
I will be at Twin Cities, GovCon, and MWDS.Drupal PlanetDrupalSprints
If you want pizza you can either go to cafe or order delivery, right? So why should Drupal be different? :) We made Drupal delivery possible to any Ukrainian city with DrupalTour!Read more
Debian now have over 22 000 source packages and 45 500 binary packages. To counter that, the FTP masters and I have created a dak tool to automatically remove packages from unstable! This is also much more efficient than only removing them from testing! :)
The primary goal of the auto-decrufter is to remove a regular manual work flow from the FTP masters. Namely, the removal of the common cases of cruft, such as “Not Built from Source” (NBS) and “Newer Version In Unstable” (NVIU). With the auto-decrufter in place, such cruft will be automatically removed when there are no reverse dependencies left on any architecture and nothing Build-Depends on it any more.
Despite the implication in the “opening” of this post, this will in fact not substantially reduce the numbers of packages in unstable. :) Nevertheless, it is still very useful for the FTP masters, the release team and packaging Debian contributors.
The reason why the release team benefits greatly from this tool, is that almost every transition generates one piece of “NBS”-cruft. Said piece of cruft currently must be removed from unstable before the transition can progress into its final phase. Until recently that removal has been 100% manual and done by the FTP masters.
The restrictions on auto-decrufter means that we will still need manual decrufts. Notably, the release team will often complete transitions even when some reverse dependencies remain on non-release architectures. Nevertheless, it is definitely an improvement.
Omelettes and eggs: As an old saying goes “You cannot make an omelette without breaking eggs”. Less so when the only “test suite” is production. So here are some of the “broken eggs” caused by implementation of the auto-decrufter:
- About 30 minutes of “dak rm” (without –no-action) would unconditionally crash.
- A broken dinstall when “dak auto-decruft” was run without “–dry-run” for the first time.
- A boolean condition inversion causing removals to remove the “override” for partial removals (and retain it for “full” removals).
- Side-effect, this broke Britney a couple of times because dak now produced some “unexpected” Packages files for unstable.
- Not to mention the “single digit bug closure” bug.
Of the 3, the boolean inversion was no doubt the worst. By the time we had it fixed, at least 50 (unique) binary packages had lost their “override”. Fortunately, it was possible to locate these issues using a database query and they have now been fixed.
Before I write any more non-trivial patches for dak, I will probably invest some time setting up a basic test framework for dak first.
Filed under: Debian, Release-Team
What happened about the reproducible builds effort this week:Toolchain fixes
- Brendan O'Dea uploaded help2man/1.47.1 which adds support setting SOURCE_DATE_EPOCH for the date for the generated pages.
- Emmanuel Bourg uploaded maven-debian-helper/1.6.12 which sets the locale to en_US when generating the javadoc.
- Emmanuel Bourg uploaded javatools/0.51 which sets the locale to en_US when generating the javadoc.
- Joachim Breitner uploaded haskell-devscripts/0.9.10 which will always run sorts in LC_ALL=C.
The following 12 packages became reproducible due to changes in their build dependencies: collabtive, eric, file-rc, form-history-control, freehep-chartableconverter-plugin , jenkins-winstone, junit, librelaxng-datatype-java, libwildmagic, lightbeam, puppet-lint, tabble.
The following packages became reproducible after getting fixed:
- acorn/0.12.0-1 uploaded by Bas Couwenberg, original patch by Reiner Herrmann.
- avarice/2.13+svn347-3 by Tobias Frost.
- br.ispell/3.0~beta4-19 by Agustin Martin Domingo.
- cpp-netlib/0.11.1+dfsg1-3 by Ximin Luo.
- device3dfx/2013.08.08-3 by Guillem Jover.
- dnsmasq/2.73-1 uploaded by Simon Kelley, original patch by Chris Lamb.
- eigen3/3.2.5-4 by Anton Gladky.
- eo-spell/3.0~beta4-19 by Agustin Martin Domingo.
- espa-nol/3.0~beta4-19 by Agustin Martin Domingo.
- firejail/0.9.26-1 by Reiner Herrmann.
- gcc-mingw-w64/15.2 by Stephen Kitt.
- geoip-database/20150616-1 uploaded by Patrick Matthäi, original patch by Reiner Herrmann.
- ikiwiki-hosting/0.20150614 by Simon McVittie.
- inkscape/0.91-5 by Mattia Rizzolo.
- jtreg/4.1-b12-1 by Emmanuel Bourg.
- libfile-scan-perl/1.43-3 uploaded by gregor herrmann, original patch by Niko Tyno.
- libgpiv/0.6.1-4.2 by akira.
- libnet-twitter-lite-perl/0.12006-4 by Niko Tyni.
- mingw-w64/4.0.2-5 by Stephen Kitt.
- oslo.messaging/1.8.3-3 uploaded by Thomas Goirand, original patch by Juan Picca.
- seabios/1.8.2-1 by Michael Tokarev. Suggested fix by Lunar based on recent upstream changes.
- thuban/1.2.2-7 uploaded by Bas Couwenberg, original patch by Reiner Herrmann.
- tiptop/2.2-3 by Tomasz Buchert.
- ucl/1.03+repack-3 by Robert Luberda.
Some uploads fixed some reproducibility issues but not all of them:
- amsynth/1.5.1-2 uploaded by Alessio Treglia, original patch by Dhole.
- brickos/0.9.0.dfsg-12 uploaded by Michael Tautschnig, original patch by akira.
- cucumber/2.0.0-1 by Cédric Boutillier; currently FTBFS.
- netbeans/8.0.2+dfsg1-2 by Markus Koschany.
- pyopencl/2015.1-2 uploaded by Tomasz Rybak, original patch by Tomasz Rybak.
Patches submitted which have not made their way to the archive yet:
- #788747 on 0xffff by Dhole: allow embedded timestamp to be set externally and set it to the time of the debian/changelog.
- #788752 on analog by Dhole: allow embedded timestamp to be set externally and set it to the time of the debian/changelog.
- #788757 on jacktrip by akira: remove $datetime from the documentation footer.
- #788868 on apophenia by akira: remove $date from the documentation footer.
- #788920 on orthanc by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #788955 on rivet by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #789040 on liblo by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #789049 on mpqc by akira: remove $datetime from the documentation footer.
- #789071 on libxkbcommon by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #789073 on libxr by akira: remove $datetime from the documentation footer.
- #789076 on lvtk by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #789087 on lmdb by akira: pass HTML_TIMESTAMP=NO to Doxygen.
- #789184 on openigtlink by akira: remove $datetime from the documentation footer.
- #789264 on openscenegraph by akira: pass HTML_TIMESTAMP=NO to Doxygen.
- #789308 on trigger-rally-data by Mattia Rizzolo: call dh_fixperms even when overriding dh_fixperms.
- #789396 on libsidplayfp by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #789399 on psocksxx by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #789405 on qdjango by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #789406 on qof by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
- #789428 on qsapecng by akira: pass HTML_TIMESTAMP=NO to Doxygen.
Bugs with the ftbfs usertag are now visible on the bug graphs. This explain the recent spike. (h01ger)
Andreas Beckmann suggested a way to test building packages using the “funny paths” that one can get when they contain the full Debian package version string.debbindiff development
Lunar started an important refactoring introducing abstactions for containers and files in order to make file type identification more flexible, enabling fuzzy matching, and allowing parallel processing.Documentation update
Ximin Luo detailed the proposal to standardize environment variables to pass a reference source date to tools that needs one (e.g. documentation generator).Package reviews
41 obsolete reviews have been removed, 168 added and 36 updated this week.
Some more issues affecting packages failing to build from source have been identified.Meetings
Minutes have been posted for Tuesday June 16th meeting.
The next meeting is scheduled Tuesday June 23rd at 17:00 UTC.Presentations
Annertech is #1 on Google for a number of key search phrases and when we're not, we're usually only beaten by the Drupal Ireland page from g.d.o. (groups.drupal.org/ireland). How did we get to the top of Google? How do we stay there? Two words: hard work - but it really revolves around two other words: content strategy. Let's get down to the details.