Planet Drupal

Subscribe to Planet Drupal feed - aggregated feeds in category Planet Drupal
Updated: 2 min 57 sec ago

Drupal Watchdog: VIDEO: DrupalCon Los Angeles Interview: Brett Meyer & Stephanie Gutowski

Wed, 22/07/2015 - 18:36

Back in high school, Brett Meyer (ThinkShout Director of Strategy) played the entire Ultima Series, right through Ultima IV; Stephanie Gutowski (ThinkShout Community Engagement Organizer) confesses to playing video games “since I was old enough to hold a controller.”
Together, they wrote a nifty article – “Got Game?” – in Drupal Watchdog 5.01 (Subscribe now!, analyzing Dragon Age: Inquisition from a Drupalist perspective.

BONUS! A revealing answer to a provocative question: Would you be in a relationship with someone who practices open source?

Tags:  DrupalCon LA Drupal Video Video: 
Categories: Elsewhere

Viktor Bán: GSoC 2015 - Security Review D8 - Week 8: Request for review

Wed, 22/07/2015 - 18:11

I'm working on porting Security Review to Drupal 8 as my Google Summer of Code project this year. 8 weeks have passed since the beginning of the coding period, and the port is ready to be reviewed. In the remaining 4 weeks I'm going to address issues found by reviewers, possibly add more functionality and solve some issues related to the old version of the module prioritizing issues that are already solved in the D8 port. 

What is Security Review?

Security Review automates checking many of the configuration errors that lead to an insecure Drupal site and looks for existing vulnerabilities and attack attempts. The primary goal of the module is to elevate your awareness of the importance of securing your Drupal site. 

How can you help?

If you would like to help, you could review the ported module and post your findings in this issue. It helps if you have used Security Review before.

The 8.x-1.x branch of the code can be downloaded from here. For installation instructions check README.txt.

Alternatively you can use and you won't even have to leave your browser. Start writing Security Review in the first input box, choose the 8.x-1.x branch and start the sandbox! After going through the Drupal installation enable the module on /admin/modules (Extend) and you are ready to start testing. Note: the module has a Drush function that won't be testable this way.

Developer blog for Week 8

This is mainly a developer blog post, so let's walk through what I've worked on this week.

Added status icons

I've added some icons to the first column of the table on Run & review, and that instantly made it look a lot better. Below are the results.

The icons are loaded from /core/misc/icons which has some weirdly named subdirectories inside it, but I'm sure there's an explanation for that, I haven't looked into it.

Added progress bar (Batch)

I've implemented the usage of the Batch API in hope that it would let the user know which check runs slow on their system. Sadly the progress bar doesn't provide the needed information as it can't update itself in the right times. Anyway it does let the user know that something is happening, and it might prevent a few timeouts, so implementing it was still useful.

Wrote tests

I've added a test module that defines 2 security checks. Both checks fill the findings array with some random integers and strings, the difference is that one stores it in the State system, the other does not. This way some tests got more controlled (they don't use the real security checks), and it's also a good way of providing an example implementation of a module that defines security checks.

Fixed code style issues

I've checked for code style issues in the project. I was stunned by the amount of errors it listed, but I've successfully addressed all of them (except false positives). This is the commit that fixed all of them. 

Categories: Elsewhere

Mediacurrent: Getting your Drupal 6 site ready to run on PHP 5.6

Wed, 22/07/2015 - 16:14

The Drop isn't the only thing that is moving; so is PHP. If you have a Drupal 6 site you are most likely running PHP 5.3 or older, versions that stopped being supported in 2014 or prior. Now that PHP 5.5 has moved out of active support, some hosts, such as Acquia, are dropping support for anything older and sites will be forced to upgrade, ready or not. The good news is that Drupal 6 can be made to work with PHP 5.6, which is actively supported.

Categories: Elsewhere

Realityloop: 6 image related website performance tips

Wed, 22/07/2015 - 15:24
22 Jul Brian Gilbert

Two of the services Realityloop provide are Drupal Site Audits and Drupal Performance Audits. We almost always see that images used in a site haven’t been optimised, something I find surprising given images are often the weightiest parts of a webpage.

There are really 2 separate places where images can be optimised, in the theme, and in site content, I personally think that optimising theme images is a no brainer as you can usually just do it before the site goes live. Content images are something that aren’t something you can really expect your content creators to optimise, luckily we’ve implemented something to deal with that which I will outline in my next post.


Image Types

There are essentially 2 types of images. Raster images define the position of each of the pixels each a different colour arranged to display an image. Vector images are made of paths each mathematically defined that tell it’s shape and what colour it is bordered or filled with.

Raster images can display nuances in light and shading at their created resolution but cannot be made larger without sacrificing quality. Vector images are scalable, allowing the same images to be designed once and resized for any application.

Here are my key tips for optimising the graphics in your theme.


What filetype.. GIF, PNG, JPEG or SVG?

For raster images you’ll usually want to use either PNG or JPEG. SVG’s are your go to web friendly vector format.

Basically GIF’s are almost always larger than a well optimised PNG. JPEGs are usually better than PNG’s when there aren’t any sharp edges, text, or transparency.

If you’re not sure whether you should use a raster or vector file, follow this simple rule of thumb: If you’re drawing something from scratch with only a few colors, go with vector. If you’re editing a photo with multiple colors and gradients, go with raster.

Work with the grid (JPEG)

Nearly everyone has seen a heavily compressed jpeg image that show lots of artifacts,  this is because JPEG’s are made up of a series of 8x8 pixel blocks. We can use these blocks to our advantage in 2 key ways:

Align rectangular objects to this 8x8 grid:

The above image is not aligned to the 8 pixel grid it's file size is 2.53KB

The above image is aligned to the 8 pixel grid it's file size is only 1.84KB using the exact same save settings in Photoshop.

If jpeg images are allowed for upload I try to make the dimensions of any related image styles a multiple of 8 to work with the 8x8 compression system of jpeg.


Use Image Sprites in your theme

Image sprites allow you to reduce the http requests required to load your webpages, you create them by making a single image that contains all of the required images in a grid and then using CSS to manage the display of the correct part of the image.

The simplest way I’m aware of to create image sprites is to use compass sprites, this only works with PNG’s though.

I personally prefer to use SVG’s so that a single asset can be used for all breakpoints within the site, unfortunately the only way I know of to do this is manually create the sprite using an SVG editor (Inkscape or Illustrator for example).


Compress your images

Photoshop has “Save for web” but you can get much better compression using other applications.  If you do use a lossy compression I also recommend using a lossless optimiser straight afterwards to get further filesize savings if it is possible for the filetype you are compressing.

Lossy Compressors

Lossless Compressors

Learn to use Pixel Fitting when shrinking images with hard lines

For a vector graphic to be displayed, the computer has to perform a translation from the mathematical vectors into something that can be displayed with pixels.

This translation process is relatively simple: the computer takes vector lines, lays them on top of a pixel canvas, and then fills in each pixel that the lines enclose. So, for important icons and logos– really, for all rasterised vector images–you should fit the pixels to the grid and ensure they are as sharp as possible.

An excellent description of this can be found at


For the greatest reduction in filesize optimise files manually

To gain the greatest saving in file size you will need to choose a lossy compression method, for this reason you will pretty much need to play with settings to adjust the image quality versus file size tradeoff.


Stay tuned for my upcoming post about how to implement on-the-fly lossless compression to image uploads on all image fields in your Drupal site

drupal planet
Categories: Elsewhere

Drupal Easy: DrupalEasy Podcast 159: How Drude (Leonid Makarov talks Docker)

Wed, 22/07/2015 - 14:20
Download Podcast 159

Leonid Makarov (inqui), Chief Architect at FFW US East joins Ryan to talk about Docker and FFW's (Blink Reaction's) internal developer environment, Drude.

read more

Categories: Elsewhere Saving the web with responsible websites

Wed, 22/07/2015 - 12:06

I recently read the trending article The Web We Have to Save, by blogger Hossein Derakhshan ('Hoder'), who had been imprisoned in Iran for six years. In the article, he talks about how the internet had changed over that time. Quality can be drowned out; what is important is diluted in amongst the trivial.

Personally, I believe any expression of culture will reflect the society it flows from. The internet is a global society, so incorporates so many different aspects of humanity - different, good, and bad. What does the internet say about our global society? I believe that we should all take responsibility to some extent -- especially those of us in the business of websites and content on the internet! Can we contribute to a more responsible internet? Are we equipped to do so?

Categories: Elsewhere

Annertech: Website Security: What You Need to Know as a Site Owner

Wed, 22/07/2015 - 12:00
Website Security: What You Need to Know as a Site Owner

Hacked sites. Security flaws. Lost data. Loss of trust. Lost customers. Lost revenue. Nightmare.

Just thinking about themes such as these in the media can send a shiver down your spine. It can all seem very daunting, and not just a bit scary when you start to think about it. This article aims to paint a clear picture of what you should be aware of as a site owner - where security weak points are, and strategies to avoid them.

Categories: Elsewhere

OSTraining: Webinar: 10 Things Site Builders Need to Know Before Leaping to Drupal 8

Tue, 21/07/2015 - 22:22

Everyone is excited for the launch of Drupal 8.

Come and join us and Acquia on August 20th for a fast-paced Drupal 8 webinar.

Rod will introduce you to all the major advances in Drupal 8. Rod will cover user-friendly features including the mobile-friendly admin interface and the in-place WYSIWYG editor, plus improvements in theming and module development.

Categories: Elsewhere

CiviCRM Blog: Drupal 8 and CiviCRM - the countdown continues

Tue, 21/07/2015 - 21:52

Drupal 8 is likely to be released around September. Fuzion have been driving the initiative to have CiviCRM ready to roll when Drupal 8 is released. We have CIviCRM currently working on latest beta, and old friends like Views are working fine. But there is still lots to do to get Rules, Entities and Webform working. We expect there to be a MIH (make it happen) campaign launched soon, but we have already had some generous sponsors for our work to help get us this far.

You can give it a try out at and you can help progress this work by chipping in here, or you can request that we set you up your own test suite. 

If you are happy trying out your own installation, details can be found here

Categories: Elsewhere

Midwestern Mac, LLC: Solving the Emoji problem in Drupal 7

Tue, 21/07/2015 - 19:39

On many Drupal 7 sites, I have encountered issues with Emoji (mostly) and other special characters (rarely) when importing content from social media feeds, during content migrations, and in other situations, so I finally decided to add a quick blog post about it.

Have you ever noticed an error in your logs complaining about incorrect string values, with an emoji or other special character, like the following:

PDOException: SQLSTATE[HY000]: General error: 1366 Incorrect string value: '\xF0\x9F\x98\x89" ...' for column 'body_value' at row 1: INSERT INTO {field_data_body} (entity_type, entity_id, revision_id, bundle, delta, language, body_value, body_summary, body_format) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2, :db_insert_placeholder_3, :db_insert_placeholder_4, :db_insert_placeholder_5, :db_insert_placeholder_6, :db_insert_placeholder_7, :db_insert_placeholder_8); Array ( [:db_insert_placeholder_0] => node [:db_insert_placeholder_1] => 538551 [:db_insert_placeholder_2] => 538550 [:db_insert_placeholder_3] => story [:db_insert_placeholder_4] => 0 [:db_insert_placeholder_5] => und [:db_insert_placeholder_6] => <p>[EMOJI_HERE]</p> [:db_insert_placeholder_7] => [:db_insert_placeholder_8] => filtered_html ) in field_sql_storage_field_storage_write() (line 514 of /drupal/modules/field/modules/field_sql_storage/field_sql_storage.module).

(Note: Actual Emoji was removed from this summary post to prevent Drupal Planet's aggregator from barfing on the feed... due to this very issue!).

To fix this, you need to switch the affected MySQL table's encoding to utf8mb4, and also switch any table columns ('fields', in Drupal parlance) which will store Emojis or other exotic UTF-8 characters. This will allow these special characters to be stored in the database, and stop the PDOExceptions.

Categories: Elsewhere How To Expire Nodes With Rules Scheduler (Article + Video) (Drupal 7 Tutorial)

Tue, 21/07/2015 - 19:09

How to schedule nodes to be deleted with Rules Scheduler and let people postpone the expiry date with Flags. Users also get an expiration mail before the nodes expire.

Categories: Elsewhere

Drupalize.Me: Load Testing your Site with Siege

Tue, 21/07/2015 - 15:01

Siege is a useful load testing tool to add to your performance testing tool kit. From the website: "Siege is an HTTP load testing and benchmarking utility. It was designed to let web developers measure their code under duress, to see how it will stand up to load on the internet. Siege supports basic authentication, cookies, HTTP, HTTPS and FTP protocols. It lets its user hit a server with a configurable number of simulated clients. Those clients place the server 'under siege.'"

Load testing is useful for testing the performance of your site, and the infrastructure that it runs on. There’s nothing worse than having one of your blog posts end up on Hacker News and then having your site crumble under the load. Siege can simulate activity on your site, and you can then use your site from your browser as you normally would, while your siege is running and really get a feel for how your site responds under load.

This blog post will cover installing Siege on OS X and Linux, and running a basic load test with Siege.

Categories: Elsewhere

Advomatic: Decoupling Drupal Without Losing Your Head — Part 1

Tue, 21/07/2015 - 14:15
What exactly are we trying to do here? And is there another way to do it? Headless/decoupled Drupal has received a lot of buzz in the last year. But the rise of decoupled Drupal has also been met with due skepticism, as there are significant challenges. We’re not here to further that flame war; you can find... Read more »
Categories: Elsewhere

InternetDevels: DruDesk: new Drupal website support of the best sort!

Tue, 21/07/2015 - 14:15

Innovations from InternetDevels Drupal development company are meant to solve your problems

Let us guess what you are thinking about. Do you have a Drupal website and need some improvements or fixes to be done on it? Does the perspective of having to look for a good Drupal support service give you a headache? Now it’s time for relief!

Read more
Categories: Elsewhere

Mpumelelo Msimanga: Data First Drupal Development

Tue, 21/07/2015 - 12:00
Data First Drupal Development

This post describes by example, a very efficient Drupal implementation methodology that involves first generating the expected data for your system then only using Drupal to manipulate the data. I simplified the implementation of a Drupal based facility booking system by pre-populating the booking entities with all possible booking time slots for the next two years. The only functionality I had to “program” using Drupal was updating the booking status field to booked when a booking was made.

Categories: Elsewhere

Pantheon Blog: Patching and the Composer Workflow

Tue, 21/07/2015 - 01:13
Let’s face it—nobody likes to rely on patches. A project is much easier to maintain when it is using standard versions of all of its dependencies.  Without patches, a project can be kept up to date simply by running composer update. 
Categories: Elsewhere

Drupal Association News: What’s new on - June 2015

Mon, 20/07/2015 - 23:19

Look for links to our Strategic Roadmap highlighting how this work falls into our priorities set by the Drupal Association Board and Working Groups. Iterative Changes to the Front Page of

The home page of has been changing in several small but important ways. The main focus of our design work in June was to provide new community metrics to replace the less meaningful and somewhat misleading metrics that were removed in the previous home page update.

We also updated the text of the Try Drupal button on, to better clarify the purpose of the feature. Try Drupal allows potential users to evaluate Drupal by using a highly polished demo hosted by our Supporting Partners. This gives Drupal newcomers and learners the chance to see examples of Drupal configured at its best, to encourage evaluators to choose Drupal for their needs. The program supports a core part of the mission of the Drupal Association: helping to promote Drupal and grow Drupal adoption.

Improving Performance with Advanced Aggregator

The Association has also been working to improve the performance of using Advanced CSS/JS aggregation, with the help of mikeytown2.

These configuration changes have been made carefully to ensure they don’t degrade the user experience for any user of the site - and are continuing into July.

The Plan Category for Issues

Another small deployment made in June was the addition of a Plan category to the issue queues.

The Plan category codifies the informal [meta] issues into a category selectable within the Issues UI.

This only scratches the surface of a long-buried issue in the issue queues - a lack of project management and prioritization tools. The larger Content Strategy work that the Drupal Association is beginning to implement will help to address this need further with a new Initiative content type to provide better hierarchy and prioritization tools.

Organization and User Profile Improvements Recent Issue Credits (3 months) now appear on individual and organization profiles.

Expanding upon the work the Association staff has done to create a system for credit and attributions in the Issue queues, the Association has begun displaying information about issue credits on user’s profiles.

Whenever a project maintainer has credited the user in an issue when marking the issue closed - the project will appear on the profile, along with a link to a list of the credited issues.

Additional improvements are planned for the crediting UI to allow credit attribution to users who did not comment directly on the issue. The Association will also begin to backfill historical credit data.

Organizations benefit from this change as well. When a maintainer closes an issue and assigns credit, if any of the users being credited have attributed the work to an organization - that issue credit will be displayed on the organization page. This change rewards those organizations that give their employees time to give back to Drupal.

Content Strategy and Visual Design System for

In May, the long-running Content Strategy work culminated the presentation of the Drupal Association’s proposal for a new content model on In June, after monitoring feedback from the Drupal community and the Working Groups following DrupalCon Los Angeles - we transitioned  from planning the new Information Architecture to planning the implementation details to make the new content model a reality on

Implementation of the new content model and governance plan is going to involve quite a few changes to the modules on, so we want to approach the implementation iteratively and carefully.

Our plan developed in June calls for us to create the new ‘Why Drupal’ section of the site first. In June, we prototyped an implementation of this first section using Organic Groups and Panelizer and prepared a plan for performance profiling.

Issue Workflow and Git Improvements

The Association Team is excited to implement our vision for new issue workspaces on - including a new spin on the implementation of pull requests.

Work on the Issue Workspaces is slated to begin once major work on DrupalCI is complete, and we are able to retire the PIFT/PIFR testing system without regressions.

However, we were able to remove a blocker to this work by updating our servers for our Git architecture (more below in sustaining support and maintenance.)

Community Initiatives DrupalCI

DrupalCI was a major focus of the Drupal Association staff in June. In June the integration between DrupalCI and was enabled for the first time. DrupalCI is now running in parallel with the PIFT/PIFR testbots to provide us a reference frame to prove out the implementation.

A remaining MVP hit list was codified in June - representing the few remaining issues needed to meet the guidelines set out by the Drupal core developers. (Spoilers: Most of these issues are resolved at the time of this posting in July!).

Going into July the focus will be on providing testing for Contrib through DrupalCI, and then ensuring that there are no regressions in functionality or test result detail as compared to PIFT/PIFR so that the old test bots can be retired.

Once that is achieved, the Assocation’s work on DrupalCI will scale back to maintaining the system’s stability- and more development focus will be provided to our next initiatives.

At the end of June we initiated a final round of community testing for the port of from Drupal 6 to Drupal 7.

That testing period has ended as of the first week of June, and we are now working together with the community to resolve the issues uncovered by this final testing before deployment.

Revenue-related projects (funding our work) DrupalCons

Registration for DrupalCon Barcelona opened in June, with some small refinements to the registration process from lessons learned in DrupalCon Los Angeles. did receive one new front-facing feature, an opportunity in the registration process for ticket purchasers to purchase or renew their Individual or Organization memberships with the Drupal Association.

The Drupal Association is also working very closely with the DrupalCon Asia designer in preparation for the full site launch in the coming months.

Better Cart Management on

On Drupal Jobs we deployed a small update to the checkout workflow to make cart management easier - addressing the top support request that we receive from our users.

Future development for Drupal Jobs continues to be limited to the most high-impact bugs or features identified in the support requests we receive for job postings.

Signature Supporting Partners Page Launched

June also saw the launch of the Signature Supporting Partner program. This required a small update to our supporting partners page to support the new partner category.

Sustaining Support and Maintenance

Final work preparing for deployment of our new git servers was completed in June - but for scheduling reasons the maintenance window for replacing our existing Git infrastructure was scheduled to take place on 7/9/2015. (This deployment was successful!)

Our Fastly CDN deployment for updates traffic ( was also successful. Updates now use dynamic purging to reduce the number of requests served by our origin servers and decreases the latency between packaging a release and serving the update data from a number of minutes to a few seconds.

As part of the updates deployment with Fastly, we now have a * wildcard TLS/SSL certificate for and This enables HTTPS support on all of and its’ sub-sites for the first time.

As always, we’d like to say thanks to all volunteers who are working with us and to the Drupal Association Supporters, who made it possible for us to work on these projects.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra.

Personal blog tags: whats new on
Categories: Elsewhere

Paul Rowell: Repeatable fieldsets in Drupal: Paragraphs

Mon, 20/07/2015 - 22:46

I've talked about a couple of modules to handle repeatable fieldsets before, with a comparison between Field Collections and Inline Entity Form. At Drupal Camp London this year I learnt about a new method: Paragraphs. Below I'll go through the basic setup and implementation of the module comparing it to the previous modules I used.

Categories: Elsewhere

Bert Boerland: The Orange Suit, E01 something you have. AKA using the Two Factor Authentication module on a Drupal website

Mon, 20/07/2015 - 21:48

Trust, authentication. The key factors of the internet in this age where hacking, privacy and security are the biggest threat to freedom on the Internet. Trust starts with authentication. Authentication starts with identification. For some good background, the decade old ">keynote of Dick Hardt with regards to identity, it is still a classic.

The old adagium is that good authentication can be done by using three factors, something you know, something you have and something you are. For example, a pincode (know), a key (have) and a photo (are).

Two factor authentication combines two of these three for identification, often a password and a one-time-usable code delivered via the phone that you have. Two factor authentication is standard in the offline world, a driver's license (have) with a photo (are) or a bank card (have) with a PIN code (know). And it is about time that we use this Two Factor Authentication (TFA) as the basis for our web presence as well, to log in to your mail, your bank account and to your Drupal website.

This will prevent ugly security incidents or frontpage defacements. People reuse passwords, write them down never change the passwords, have listed passwords or share them and if you have a website where editers and administrators can publically can log in, you will have a security incident waiting to happen.

On we use TFA for higher roles. The module being used as d.o is and I do think it should be on every Drupal site.

I always wanted to start a screencast series on Drupal modules for site builders. So it was only logical that the TFA module was the first module I used for this vlog. You can see the screencast called "The Orange Suit" episode 1, "Something you have" and hear why you need this module, how to configure the module and what the module does.

Please leave a comment with your feedback on the youtube video, if you just liked it, thumbs up on youtube: and do follow "The Orange Suit" on facebook and twitter

Suggestions for the next episode are welcome as well via one of those channels.

Categories: Elsewhere