Elsewhere

Dave Hall Consulting: Leaking Information in Drupal URLs

Planet Drupal - Thu, 14/05/2015 - 21:26

When a user doesn't have access to content in Drupal a 403 forbidden response is returned. This is the case out of the box for unpublished content. The problem with this is that sensitive information may be contained in the URL. A great example of this the DrupalCon site.

The way to avoid this is to use the m4032404 module which changes a 403 response to a 404. This simple module prevents your site leaking information via URLs.

AttachmentSize DrupalCon-Philadephia.png139.21 KB
Categories: Elsewhere

Chapter Three: Drupal 8 Automated Testing with Travis CI

Planet Drupal - Thu, 14/05/2015 - 19:05

Travis CI burst onto the hosted continous integration scene by offering free testing for public projects. If your code is on Github and available to the public then Travis will run your tests for you.



I will show you how to get Drupal 8 running all of it's PHPunit tests in Travis. If you want to use Travis for your own private repo, you will have to pay a little bit. In my opinion that is a small price to pay for never setting up Jenkins again.



First we specify our programming language and the version.




language: php

php:
- 5.4


Next up we specify our database information. Note that we do not have to specify install steps for either PHP or MySQL.

Categories: Elsewhere

Forum One: Zero to MVP in 40 Minutes: What We learned Building Headless Drupal 8 for DrupalCon LA

Planet Drupal - Thu, 14/05/2015 - 18:51

My colleague Adam Juran and I just finished with our session, Zero to MVP in 40 minutes: Coder and Themer Get Rich Quick in Silicon Valley, at DrupalCon LA. This one was a real journey to prepare, and through it we learned a lot of dirty truths about Drupal 8, Javascript frameworks, and the use cases where the two make sense together.

The live coding challenge in our session proposal seemed simple: create a web application that ingests content from an external API, performs content management tasks (data modelling, relationships, etc.) through the Drupal 8 interface, and deliver it all to an AngularJS front-end. This is exactly the “headless Drupal” stuff that everyone has been so excited about for the last year, so doing it in a 40 minute head-to-head code battle seemed like an entertaining session.

Ingesting content from an external API

The first hard truth we discovered was the limitations of the still-nascent Drupal 8. Every monthly release of a new Drupal 8 beta includes a series of “change records,” defining all the system-wide changes that will have to be accounted for everywhere else. For example, one change record notes that a variable we often use in Drupal forms is now a different kind of object. This change breaks every single form, everywhere in Drupal.

The frequency of this kind of change record is a problem for anyone who tries to maintain a contributed module. No one can keep up with their code breaking every month, so most don’t. The module works when they publish it as “stable”, but two or three months later, it’s fundamentally broken. changes like this currently happen 10-15 times every month. Any module we were hoping to use as a part of this requirement – Twitter, Oauth, Facebook – were broken when we started testing.

We finally settled on using Drupal’s robust Migrate module to bring in external content. After all, Drupal 7 Migrate can import content from almost any format! Turns out that this isn’t the case with Drupal 8 core’s Migrate module. It’s limited to the basic framework you need for all migrations. Importers for various file types and sources simply haven’t been written yet.

No matter which direction we turned, we were faced with the fact that Drupal 8 needed work to perform the first requirement in our challenge. We chose to create a CSV Source plugin ourselves (with much help from mikeryan and chx) just to be able to meet this requirement. This was not something we could show in the presentation; it was only a prerequisite. Phew!

Displaying it All in Angular

Building an AngularJS based front end for this presentation involved making decisions about architecture, which ended up as the critical focus of our talk. AngularJS is a complete framework, which normally handles the entire application: data ingestion, manipulation, and display. Why would you stick Drupal in there? And what would an Angular application look like architecturally, with Drupal 8 inside?

You always have a choice of what to do and where to do it. Either system can ingest data, and either system can do data manipulation. Your decision should be based on which tool does each job the best, in your particular use case: a catch-all phrase that includes factors like scalability and depth of functionality, but also subtler elements like the expertise of your team. If you have a shop full of AngularJS people and a simple use case, you should probably build the entire app in Angular!

Given that perspective, Drupal really stands out as a data ingestion and processing engine. Even when you have to write a new Migration source plugin, the Entity model, Drupal’s “plug-ability”, and Views make data crunching extremely easy. This is a strong contrast to data work in Angular, where you have to write everything from scratch.

We feel that the best combination of Drupal and Angular is with Drupal ingesting content, manipulating it, and spitting it out in a ready-to-go format for AngularJS to consume. This limits the Angular application to its strengths: layout, with data from a REST back-end, and only simple logic.

The Session

In the session, we talked a bit about the larger concepts involved, and moved fairly quickly into the technical demonstration. First, Adam demonstrated the flexibility of the decoupled front-end, using bower libraries to build an attractive layout without writing a single line of custom CSS.  Then I demonstrated importing data from CSV sources into Drupal 8, along with the simplicity of configuring Drupal Views to output JSON. Taken together, the videos are 37 minutes long – not bad for a totally custom RESTful endpoint and a nice looking front-end!

Here is Adam’s screencast, showing off the power of the bootstrap-material-design library to build a good looking site without any custom CSS at all:


http://forumone.com/wp-content/uploads/2015/05/cvst-theming.m4v

Here is my screencast, demonstrating how easy it is to create Migrate module importers and REST exports in Drupal 8.

And here is the final screencast, quickly showing the changes we made in AngularJS to have it call the two Drupal Services.

Want to learn of Forum One’s Drupal development secrets? Check out our other Drupalcon blog posts, or visit our booth (#107) and talk with our tech wizards in person!

Categories: Elsewhere

Another Drop in the Drupal Sea: DrupalCon LA Wednesday Recap

Planet Drupal - Thu, 14/05/2015 - 18:30

After the keynote I took advantage of the opportunity to meet face to face with a new contact. Then, after lunch I headed into a couple of BOFs that were way out of my league and made my brain hurt. I finished up the day with a session that was more in my comfort zone.

I think it's good to stretch my mind and get out of my comfort zone even though it, quite honestly, left me feeling really stupid. I also felt really tired by the end of the day. So, I decided to take a pass on any social events for the evening and just relax in my hotel room.

read more

Categories: Elsewhere

InternetDevels: DrupalTour Zhytomyr

Planet Drupal - Thu, 14/05/2015 - 15:52

Spring time is just perfect for Drupal rides! The weather is great, drupallers are in the good mood and Drupal-van shines in the bright sun… So we decided to make a ride to Zhytomyr. And it turned out to be awesome!

We had to leave Lutsk at 7:30 AM to arrive to Zhytomyr in time. Getting up at 6 on Saturday morning is not so easy, by the way! But we actually had no other options and the trip to Zhytomyr was worth it :)

Read more
Categories: Elsewhere

Friendly Machine: Notes from DrupalCon Los Angeles

Planet Drupal - Thu, 14/05/2015 - 15:41

On Tuesday, Dries gave the best keynote I’ve heard him deliver. It included some very interesting Drupal history and it brought home to me how extraordinary Drupal really is. There were so many points in the project’s history when things could have happened differently - or not happened at all. To see a photo of the first DrupalCon attendees 10 years ago (27 people) while sitting among ~3000 Drupalists from around the world was pretty amazing.

There are so many people doing big, interesting things with Drupal. Despite concerns about corporate influence within the Drupal community, the project empowers a huge number of non-profits and institutions of higher education and it was great to see them so well represented here. It might be weird to talk about software as a force for good, but that’s really how I see Drupal. It makes a huge difference to a lot of organizations and the valuable work they contribute to society.

As you may have heard, there will be a DrupalCon in India next year. The city hasn’t been announced yet, but my money is on Mumbai. I’ve known two people who have traveled to India. Both said it was amazing and intense. I’m not sure if I’ll go, but I’m very tempted. I love travel, but that is one hell of a long flight (20 hours).

The sessions this year were all recorded and put on YouTube, so if you want to catch up on anything you might have missed, here’s the link. There are a few sessions I recommend you check out:

However, the biggest benefit of DrupalCon for me isn’t the sessions. It’s getting to meet people and talking with them about their projects and how they are solving the problems they encounter. To everyone that came by the Lullabot booth to chat, thank you! It was great to see you in person and I hope to chat again next year - if not sooner!

Drupal
Categories: Elsewhere

Acquia: Build Your Drupal 8 Team: Technical Roles and Required Skills

Planet Drupal - Thu, 14/05/2015 - 15:38

Last time, we discussed some big themes your Drupal 8 team should be synched up with, like object-oriented programming. Now we're going to drill down into more specifics on the technical side.

Is your tech team full of generalists, or do all your developers have special skill sets and focus on specific kinds of functionality, like databases or communications? Either way, someone on your team will have to fill each of these technical roles for a successful Drupal 8 project.

Drupal 8 Architect

More than anyone else on the project, the Drupal 8 architect needs to understand Drupal 8 in depth. The architect needs to make the decisions about the project's overall architecture, which requires envisioning how the system works as a whole. This is bigger than just the Drupal 8 application, because the project needs to fit into your company's entire software environment. It may need to be integrated with other corporate back-end systems, so this role needs to understand the full technical environment, not just the tech stack that comes with Drupal 8. As much as possible, this individual needs to have a strong understanding of front-end and back-end development tools in addition to a thorough understanding of how Drupal 8 works.

UI Designer

The UI designer needs to understand what the technology is capable of and how to use it to create the best experience for end users. To work with Drupal 8, the UI designer should keep building HTML, CSS and Javascript knowledge, but also develop a Drupal 8-specific understanding of how to create themes and build sites. Learning the capabilities of Twig is needed because Twig replaces PHPTemplate in the new version of Drupal. Instead of .tpl.php files, .html.twig files are needed.

Front-End Developer

All that stuff the UI designer promised the business? It's the front-end developer's job to turn that hypothetical design into a functioning interface. Like the UI designer, front end developers should enhance their knowledge of HTML, CSS and Javascript, and pick up knowledge of Twig. PHP knowledge will help also; so will knowing MySQL. The front-end developer will also want a Drupal 8-specific understanding of how to create themes and build sites, as well as how to develop custom modules and address Drupal 8 performance and Drupal 8 security concerns.

Back-End Developer

Clicking on website front-end elements does nothing until you implement the functionality in the back-end. You need to be able to write new functionality from scratch, building on existing components when possible. When the application needs to integrate with other systems, the back-end developer writes the code that hooks it all together into a system that functions seamlessly. This role needs some knowledge of front-end tools like HTML, CSS and JavaScript, but it also requires understanding back-end tools like PHP and MySQL in depth. For Drupal 8 knowledge, the back-end developer should focus on architecture and planning topics as well as how to develop custom modules and address Drupal 8 performance and Drupal 8 security concerns.

Marketing Technical Lead

The marketing technical lead owns the content publishing process. She defines the procedure for publishing content and makes sure it adheres to site standards. Because content doesn't accomplish anything unless someone sees it, the marketing technical lead needs to make sure it follows good SEO and SEM practices. It's important that the marketing tech lead keeps current with ever-changing SEO practices, and focuses on learning Drupal 8 as a content management system. Learning about the administration functions, and the kinds of changes you can make that won't require a developer to write code, will be especially useful for this role.

Next time: Non-Technical Team Roles and Required Skills for a Drupal 8 Project.

Tags:  acquia drupal planet
Categories: Elsewhere

Ritesh Raj Sarraf: Drupal maintenance with Drush

Planet Debian - Thu, 14/05/2015 - 15:10

Another of my articles for self. Writing it down on the website is much better than pushing it on a 3rd party social site. Your data is yours.

My site runs on Drupal. Given I'm not a web designer, it is not my core area. Thus I've always wanted to have minimal engagement with it. My practices have paid me well so far. And I should thank all the free tools that help do that. I like to keep a running snapshot of my website on my local laptop, to keep it handy when trying anything new. This means that the setup has to be almost identical to what is running remotely.

Thanks to Drush, managing Drupal is very easy. It allows me to easily try to out changes and push them from dev => staging => live withtout too much effort. It also helps me control the environment well. And since the whole transport is over SSH, no separate exceptions are required.

For long, the theme on my site had some issues. The taxonomy terms did not have proper spacing. See bug for details.

With the fix, this transformed into:

 

I wish Drush had support for revision control. Or maybe it already has, and I need to check ? Bug Fixes and Customizations would have been well recorded with a revision control system.

 

Categories: Keywords: Images: 
Categories: Elsewhere

Drupalize.Me: Learning To Debug: Stop Thinking and Look

Planet Drupal - Thu, 14/05/2015 - 15:02

Debugging is a discipline that requires patience, and a fervent attention to detail. In the often times fast paced world of software development, when we're faced with deadlines, and an ever growing list of new features to add, and bugs to resolve, it can be a difficult to slow down and proceed in a meticulous, measured fashion. When it comes to solving difficult problems though, this fastidious approach is exactly what's required to locate, and resolve, a problem's root cause.

Categories: Elsewhere

Craig Small: Hello world!

Planet Debian - Thu, 14/05/2015 - 14:10

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Categories: Elsewhere

Annertech: Thoughts on DrupalCon LA's Front End Forum

Planet Drupal - Thu, 14/05/2015 - 13:34
Thoughts on DrupalCon LA's Front End Forum

At DrupalconLA, I had the opportunity to go to an Open Front End Forum, wherein people chatted about the state of the front end. It was good fun, and the moderator did a good job of keeping the conversation flowing.

First question: "Where is the line that separates front end from back end?"

There was some disagreement on that. There is a line, there is no line, it's a permeable line... Going on to explore what defined front end or backend, people cited tasks and tools like PHP, HTML/CSS/JS, the browser, Photoshop, in favour of one argument or another.

Categories: Elsewhere

Raphael Geissert: On using https mirrors

Planet Debian - Thu, 14/05/2015 - 13:32
On confidentiality:


So that they don't know what's inside
Categories: Elsewhere

MJ Ray: Recorrecting Past Mistakes: Window Borders and Edges

Planet Debian - Thu, 14/05/2015 - 06:58

A while ago, I switched from tritium to herbstluftwm. In general, it’s been a good move, benefitting from active development and greater stability, even if I do slightly mourn the move from python scripting to a shell client.

One thing that was annoying me was that throwing the pointer into an edge didn’t find anything clickable. Window borders may be pretty, but they’re a pretty poor choice as the thing that you can locate most easily, the thing that is on the screen edge.

It finally annoyed me enough to find the culprit. The .config/herbstluftwm/autostart file said “hc pad 0 26″ (to keep enough space for the panel at the top edge) and changing that to “hc pad 0 -8 -7 26 -7″ and reconfiguring the panel to be on the bottom (where fewer windows have useful controls) means that throwing the pointer at the top or the sides now usually finds something useful like a scrollbar or a menu.

I wonder if this is a useful enough improvement that I should report it as an enhancement bug.

Categories: Elsewhere

Gunnar Wolf: Everybody seems to have an opinion on the taxis vs. Uber debate...

Planet Debian - Thu, 14/05/2015 - 06:46

The discussion regarding the legality and convenience of Uber, Cabify and similar taxi-by-app services has come to Mexico City — Over the last few days, I've seen newspapers talk about taxi drivers demonstrating against said companies, early attempts at regulating their service, and so on.

I hold the view that every member of a society should live by its accepted rules (i.e. laws) — and if they hold the laws as incorrect, unfair or wrong, they should strive to get the laws to change. Yes, it's a hard thing to do, most often filled with resistence, but it's the only socially responsible way to go.

Private driver hiring applications have several flaws, but maybe the biggest one is that they are... How to put it? I cannot find a word better than illegal. Taxi drivers in our city (and in most cities, as far as I have read) undergo a long process to ensure they are fit for the task. Is the process incomplete? Absolutely. But the answer is not to abolish it in the name of the free market. The process must be, if anything, tightened. The process for granting a public driver license to an individual is way stricter than to issue me a driving license (believe it or not, Mexico City abolished taking driving tests several years ago). Taxis do get physical and mechanical review — Is their status mint and perfect? No way. But compare them to taxis in other Mexican states, and you will see they are in general in a much better shape.

Now... One of the things that angered me most about the comments to articles such as the ones I'm quoting is the middle class mentality they are written from. I have seen comments ranging from stupidly racist humor attempts (Mr. Mayor, the Guild of Kidnappers and Robbers of Iztapalapa demand the IMMEDIATE prohibition on UBER as we are running low on clients or the often repeated comment that taxi drivers are (...) dirty, armpit-smelly that listen to whatever music they want) to economic culture-based discrimination Uber is just for credit card users as if it were enough of an argument... Much to the opposite, it's just discrimination, as many people in this city are not credit subjects and do not exist in the banking system, or cannot have an always-connected smartphone — Should they be excluded from the benefits of modernity just because of their economic difference?

And yes, I'm by far not saying Mexico City's taxi drivers are optimal. I am an urban cyclist, and my biggest concern/fear are usually taxi drivers (more so than microbus drivers, which are a class of their own). Again , as I said at the beginning of the post, I am of the idea that if current laws and their enforcement are not enough for a society, it has to change due to that society's pressure — It cannot just be ignored because nobody follows the rules anyway. There is quite a bit that can be learnt from Uber's ways, and there are steps that can be taken by the company to become formal and legal, in our country and in others where they are accused of the same lacking issues.

We all deserve better services. Not just those of us that can pay for a smartphone and are entitled to credit cards. And all passenger-bearing services require strict regulations.

Categories: Elsewhere

Trellon.com: Agile Design Techniques - Video Is Live

Planet Drupal - Thu, 14/05/2015 - 02:47

Trellon presented a session about Agile design techniques at Drupalcon Los Angeles which was very well received. Over 100 people were in attendance to hear Blake Maples, Mike Haggerty and Jake Tooman talk about the way we introduced Agile design within Trellon and made it work for the groups we serve.

Slides from the presentation are available at the following URL:

https://docs.google.com/presentation/d/1XwXELD7pIQ8CQUuNCv00hxaavUWeaKBj...

Categories: Elsewhere

Pixelite: Drupal Migrate D2D :: Taxonomy terms on nodes

Planet Drupal - Thu, 14/05/2015 - 02:00

A migration project I am currently working on hit a small hurdle with taxonomy terms on a content type. This took too long to resolve. Hopefully posting this here will save others the time and hassle I went though.

Migrate D2D

I am going to assume that if you are reading this you are already using the migrate_d2d module so I won’t go into the big explanation about what it is, why you should use it and just how greatful we all should be to Mike Ryan.

Node migration and taxonomies

After following the docs I found that my taxonomy field was not being populated. A little digging led me to the conclusion that this was not something d2d handled out of the box and it was something I would have to deal with myself. There are a number of moving parts involved with this and due to all of these I can understand why it is not something migrate d2d could do.

public function prepare($entity, $row)

The magic happens here. The prepare() function is the final thing to be called before the node object is saved. This is where we get to do any final tweaks or tidyups. You can find full detail on this in the Commonly implemented Migration methods page in the Migrate handbook.

In the prepare() function the $entity is the new object that we are about to save and the $row is our source object. At this point the taxonomy has been added to the $row.

Within the $row object the taxonomy has been added with its vid as the root level attribute. If you don’t know to watch for that it can catch you. Added to that it is the vid of the destination vocabulary that is used which caught me off guard. The situation I had did not have me migrating the vobacularies, just the terms within them and the vid for the Categories vocab was not the same on my development environment as it was on my staging environment. This caught me out initially as I don’t have direct access to the staging database to examine the content of tables.

source $row->{destination vid} = array({source tid}, {source tid}, {source tid})

Once it was realised that the vid was from the destination vocabulary things got easier. This is how the code looked in the end for me;

<?php public function prepare($node, $row) { // The node's terms are in an array under their destination vocab ID and // this is different from environment to environment. However, we've only // got one taxonomy... $keys = array_keys((array) $row); foreach ($keys as $key) { if (is_numeric($key)) { $cat_vid = $key; break; } } if (!empty($row->{$cat_vid})) { foreach ($row->{$cat_vid} as $tid) { // We want the tid of the term we have migrated. This lets us look it up // our migrate_map table. $new_tid = db_select('migrate_map_tncategoryterms', 'm') ->fields('m', array('destid1')) ->condition('sourceid1', $tid) ->execute() ->fetchField(); $node->field_category[LANGUAGE_NONE][]['tid'] = $new_tid; } } } ?> Caveats

This worked for me because I only had one taxonomy field to worry about. The moment you get more than one you will want to revisit the assignment of $new_tid to the appropriate field. This shouldn’t be a problem to hand code and if you have migrated the vocabularies too you may be able to use the migrate_map table to make something more dynamic.

Comments

If you have (or are currently) using migrate I would be interested to hear how you found it. Especially if you are migrating terms, but not the vocabulary.

Categories: Elsewhere

Andrew Pollock: [tech] LWN Chrome extension published

Planet Debian - Thu, 14/05/2015 - 00:03

I finally got around to finishing off and publishing the LWN Chrome extension that I wrote a couple of months ago.

I received one piece of feedback from someone who read my blog via Planet Debian, but didn't appear to email me from a usable email address, so I'll respond to the criticisms here.

I wrote a Chrome extension because I use Google Chrome. To the best of my knowledge, it will work with Chromium as well, but as I've never used it, I can't really say for sure. I've chosen to licence the source under the Apache Licence, and make it freely available. So the extension is available to anyone who cares to download the source and "side load" it, if they don't want to use the Chrome Web Store.

As for whether a userscript would have done the job, maybe, but I have no experience with them.

Basically, I had an itch, and I scratched it, for the browser I choose to use, and I also chose to share it freely.

Categories: Elsewhere

Midwestern Mac, LLC: Ansible for Drupal infrastructure and deployments - DrupalCon LA 2015 BoF

Planet Drupal - Wed, 13/05/2015 - 23:57

We had a great discussion about how different companies and individuals are using Ansible for Drupal infrastructure management and deployments at DrupalCon LA, and I wanted to post some slides from my (short) intro to Ansible presentation here, as well as a few notes from the presentation.

The slides are below:

Notes from the BoF

If first gave an overview of the basics of Ansible, demonstrating some Ad-Hoc commands on my Raspberry Pi Dramble (a cluster of six Raspberry Pi 2 computers running Drupal 8), then we dove headfirst into a great conversation about Ansible and Drupal.

Categories: Elsewhere

Drupal Easy: DrupalEasy Podcast 152: DrupalCon Los Angeles - Day 1 Recap

Planet Drupal - Wed, 13/05/2015 - 22:20
Download Podcast 152

Live (almost) from Los Angeles, Ryan, Ted, and Mike are joined by a few familiar voices for a quick recap of day 1 of DrupalCon. We talk highlights, songs from the prenote, special Drupal moments, and Ryan interviews Rob Loach from Kalamuna about Kalabox 2.0.

read more

Categories: Elsewhere

Pages

Subscribe to jfhovinne aggregator - Elsewhere