Planet Drupal

Subscribe to Planet Drupal feed - aggregated feeds in category Planet Drupal
Updated: 18 min 56 sec ago

CiviCRM Blog: 16-19 July 2015: NYC Drupal Camp, Aegir Summit and CiviCRM turn-key hosting

Fri, 05/06/2015 - 15:44

For those of you in the New York City area, 16-19 July 2015 is NYC Drupal Camp (pronounced "nice camp"), an annual grassroots non-profit conference run by volunteers. The event covers a broad range of topics related to Drupal. As part of the camp, the developers of the Aegir hosting system have organised the first Aegir Summit, 16-18 July.

For those not familiar with Aegir: it is a control panel based on Drupal and Drush to help automate the installation of Drupal, typically in a multi-site architecture (1 code base, many independant sites). With the provision_civicrm module, Aegir can also automate the installation of CiviCRM. This means that with a few clicks, you can create a new database, install Drupal and CiviCRM, configure the web server and optionally manage the SSL certificate. It also helps to automate other tasks, such as backups, upgrades and cloning. Need to create a new testing site for a client? Two clicks and it's ready. If you often create the same types of sites: create a model site, then clone it everytime you need a new instance.

There are also plans to support WordPress in Aegir. I have been working on a prototype that uses the command line tool wp-cli instead of Drush. If you would like to try it, please keep it mind that it is highly experimental and requires patching Aegir 3 (which is still in beta, although there are Debian/Ubuntu packages). The code is available here: hosting_wordpress (please read the 'Readme' file for installation notes).

If you are into Docker and other types of farming, you might find the Aegir Summit interesting as well. There has been a lot of talk about moving Aegir to a more Docker/container-friendly architecture in the next phase, for example.

Long story short: if you are in the NYC area, it would be great to see you there. If you cannot make it and you are interested in any of the above, feel free to leave a comment on this blog post or contact me by e-mail: mathieu at

If you are a CiviCRM hosting provider and you would like to provide a self-serve online form so that your future users can test your services and create a new CiviCRM instance, that's possible too. Hopefully we will have a demo on time for the Aegir Summit, but in the mean time, I will leave the following teaser below (and yes, the sign-up form is a CiviCRM form!) :-)

Categories: Elsewhere

J-P Stacey: Client/agency relationships at last week's Oxford Drupal User Group

Fri, 05/06/2015 - 15:40

Two days ago was June's Oxford Drupal User Group. In a similar manner to our March special event, we were very lucky to get two local speakers: this time round, our speakers were both the main points of contact at their respective organizations: leading Drupal projects themselves, but as part of that having to work with external suppliers, Drupal agencies brought in for their relevant expertise.

Read more of "Client/agency relationships at last week's Oxford Drupal User Group"

Categories: Elsewhere

Lullabot: Let's Chat About Web Accessibility

Fri, 05/06/2015 - 14:57

Join Amber Matz as she chats with web accessibility aficionados Mike Gifford, Chris Albrecht, and Helena Zubkow about what web developers and Drupalistas can do to build more accessible web sites. How has web accessibility changed over the years? Who is being left behind? What are some common gotchas? What are some easy ways to get started testing for accessibility? All these questions and more are discussed in today's podcast. Don't forget to check out the links and resources in the show notes for all sorts of useful things mentioned in our discussion.

Categories: Elsewhere

Drupal core announcements: Recording from June 5th 2015 Drupal 8 critical issues discussion

Fri, 05/06/2015 - 14:07

It came up multiple times at recent events that it would be very helpful for people significantly working on Drupal 8 critical issues to get together more often to talk about the issues and unblock each other on things where discussion is needed. While these do not by any means replace the issue queue discussions (much like in-person meetings at events are not), they do help to unblock things much more quickly. We also don't believe that the number of or the concrete people working on critical issues should be limited, so we did not want to keep the discussions closed. After our first meeting last week, here is the recording of the second meeting from today in the hope that it helps more than just those who were on the meeting:

Unfortunately not all people invited made it this time. If you also have significant time to work on critical issues in Drupal 8 and we did not include you, let me know as soon as possible.

The issues mentioned were as follows:

Alex Pott
Performance issue:
Entity title:
Render cache for views:

daniel wehner, Gábor Hojtsy
Make Views bulk operations entity translation aware:

Lee Rowlands
Ensure #markup is XSS escaped in Renderer::doRender():
Create a php script that can dump a database for testing update hooks:
Views::getApplicableViews() initializes displays during route rebuilding etc.:

Jibran Ijaz
FieldItemInterface methods are only invoked for SQL storage and are inconsistent with hooks:

Alex Pott
Ajax form patch:

daniel wehner

Jibran Ijaz
PHP Script for dumping the database:

Categories: Elsewhere

Sooper Drupal Themes: Case Study: Glazed Drag and Drop Drupal Theme

Fri, 05/06/2015 - 12:32

On June 1st 2015, released the first Drupal Theme that integrates a visual front-end Drag and Drop page builder. I have worked on this project for almost a year, with some breaks in between for client projects that pay the bills. With the release of this theme I have retired all other SooperThemes drupal themes. All new designs will use Glazed theme as a platform. It was a great adventure and I feel proud to show you what I think is the best I could do.

Project Goals 1. Empowering novice users in building high-end responsive websites

I think the Wordpress ecosystem for paid plugins has worked rather well for the WordPress community. Wordpress has various plugins that do Drag and Drop better then any other web application. Now there are also various open source solutions emerging for WordPress. This is an example of how the WordPress community profits from a thriving paid-plugin ecosystem. 

Drupal is really lagging behind in the user experience for building responsive websites. I hope that my Drag and Drop theme will help reverse the trend and attract more young people who are interested in Drupals' flexibility and power as a CMS. In Glazed theme, building grids and setting breakpoints is all done without writing a single line of code:


2. Helping experienced site builders work faster through development automation Amazee Labs employs three back end developers, but nine site builders Michael Schmidt, Amazee Labs

Like many Drupal shops, Amazee Labs has discovered you can provide the most value to your customers by hiring several site builder for every programmer in your team. Automation is good for everyone: you can build more websites in less time and with less training.

Drag and drop web building is not just a gimmick anymore. The tools have evolved to be more powerful, produce better code, and leverage MVC frameworks to create a fluent site building experience that runs mostly in the browser. In Glazed theme this experience is integrated with Views and the block system: you can create highly dynamic pages and even dashboards with Drag and Drop, without loosing re-usability of components you build.


Visual Design and Front-end Architecture

Glazed at the core is architected to be a platform for design. Still it's neccessary that Glazed has a visual identity through which it can demonstrate how good Drupal can look right out of the installer: 

Glazed Drupal Theme Main Demo

There are also several demo packs that demonstrate different niche-designs that are built with Glazed.

Bootstrap to the bone

One of my goals with Glazed theme was for everything to be naturally mobile-friendly. The decision to integrate with Bootstrap 3 seems like an easy one but at first it was not. I was always wary of CSS frameworks because they somewhat limit design freedom, whereas Susy and Zen grids are more sophisticated tools that I had always used in the past. However, the overwhelming availability of Drupal integrations with Bootstrap 3, and the excellent documentation and support that comes from the Twitter Bootstrap team sealed the deal for me.

Glazed theme integrates with Bootstrap on many levels:

  • Bootstrap based Drag and Drop page builder
  • Bootstrap views integration
  • Bootstrap fields API integration
  • Bootstrap block class integration 
  • Bootstrap shortcode library
  • Bootstrap basetheme
  • Bootstrap image style and media integration
  • Bootstrap based Drupal Distribution ( CMS Powerstart )
SASS Bootstrap and a library of CSS Elements

I just love SASS, it makes writing CSS a joyful experience without nasty browser prefixes and futile code repitition. Having an awesome Drag and Drop page builder is boring if you don't have beautiful design elements to drop into your website. Glazed comes with an army of naturally mobile-friendly beautiful elements. To get an idea of what this means take a look at the Motion Box, Time Line and Pricing Table elements in the main demo. These elements can be dropped anywhere in a your webpage and you can edit them without writing a single line of code! This is a one-step process and you get fully customizeable elements.

Icon Box Element

In order to keep track of the design elements and element variations I was coding I felt the need to have more order and logic in the HTML code that marks up the elements. After research in existing CSS namespacing methods I decided on a BEM (block__element--modifier) namespace. 

.stpe-imagebox__figure {   &.stpe-imagebox__figure--akan {     .stpe-imagebox__image {       opacity: 0.7;     }     .stpe-imagebox__fig-caption {       top: auto;       bottom: 0;       height: 50%;       text-align: left;     }     .stpe-imagebox__title, .stpe-imagebox__fig-content {       transform: translate3d(0, 40px, 0);     } Improving Drupal's HTML Output
  • Fences
  • html5_tools
  • Metatag

Drupal does not naturally produce the HTML code that frontend-developers will fall in love with. Fortunately, this is easily fixed with a few add-ons. The first is the Bootstrap basetheme, which overrides most of Drupals' templates. This will not only get you nicer formatting but also cool Bootstrap forms and form buttons. Looks great on administrative pages!

To gain even more control of Drupals' HTML I integrated the Fences and HTML5_tools modules. This adds field-level control of HTML output. I integrated the metatag module for better SEO general future-friendliness. Metatags give search engine and other non-human readers a deeper level of information about the pages and structure of the website.

Drupal integrated Drag and Drop page builder
  • Front-end visual page building
  • HTML5 Based.
  • Pages work fine in regular backend WYSIWYG
  • Blocks, Views integration
  • Refined user experience
  • Naturally mobile-friendly
  • MVC with Backbone and Underscore JS

You may have seen drag and drop builders like Visual Composer in Wordpress. Visual Compores is the best selling Wordpress plugin ever. I think the page builder experience in Glazed is even better. More visual, more editable, less shortcodes. In fact, no shortcodes are used. The Glazed drag and drop builder leverages Backbone and Underscore JS. This means that the document (webpage) is the data. All of the controls and metadata are valid HTML. No shortcodes, no processing needed to render a page after you save it.

The UI is also very user friendly. There is a sidebar that contains visual shortcuts to pre-made beautiful design elements. You can drop them anywhere in your page and edit them, make them bigger or smaller. No problem. The grid system is based on bootstrap. With the greatest ease you can make 3 columns, 4 columns, or anything you can imagine within a 12 column grid system. You can easily control for each row individually at which breakpoint (Screen size) the layout will collapse to a vertical, mobile-friendly stack. 

Views, Media and Blocks integration

Our drag and drop builder is not just a vanity tool. It's integrated with Drupal and makes available all Drupal blocks as well as all views. This allows you to create dynamic, complex pages. For example, on I could easily re-create and improve the customer dashboard with our drag and drop tool. The dashboard contains several views that show download links and documentation for products that are bought by a user. It was no problem to drop the views into the page and then surround them with drag and drop mobile-friendly peripheral content and imagery.

Managing images is done with the Media module. Images can easily be added, used, re-used and then resized using bootstrap-grid image styles. Moreover, our page builder features an awesome animation engine and a number of preset image effects that help you build an immersive experience. My favorite element is the CSS3  Motion Image box:

Motion Image Box Element


Installation Profile Builder
  • Open source CMS Drupal Distro
  • Auto-download custom selection of features and dependencies
  • I plan to add hosting integration in the future

All these modules, libraries and settings need to be carefully set-up to make all this code work. To this purpose I have built an open source Drupal distribution called Drupal CMS Powerstart. I have blogged about CMS Powerstart before so I will skip that and talk about Custom Installation profiles. Drupal distributions are a great way to ship different kinds of Drupal. Unfortunately the way distributions are processed and displayed at is very rigid and not enticing to prospective users. What I built at is a custom installation profile build interface:

Thanks to CMS Powerstarts' autonomous CMS components you can configure a Drupal installation profile that contains only the features you need. Once you make a selection my webserver will download all modues, libraries and patches that are needed for your selected feaures. This service is totally free! The installation profile even contains block/region layout configurations for dozens of free themes, so that all blocks will be in the right region for each installed feature. My server has already built over a hundred custom installation profiles for CMS Powerstart and I'm actually surprised it's holding up. I hope people will also be interested in buying a subscription for Glazed on so that I can buy a new server. I'm not running a trusty but laggy 7 years old AMD Dual core machine.

Community Contributions

SooperThemes loves Drupal and is committed to improve Drupal not only in the premium themes landscape but also as an open source platform. During a year of development for Glazed theme and its backend tools I contributed a number of modules as well as a bunch of patches and the Drupal CMS Powerstart distribution.

Drupal CMS Powerstart

CMS Powerstart is a collection of CMS related components that are enhanced and glued together by the cms_core module. You actually don't need to use the installation profile or cms_core module to use the components, they are all autonomous and you can easily add cms_blog or cms_events to add functionality to any existing Drupal 7 website.

Thank you for reading my case study. If you are still interested to learn more, check out my drupal themes website. I'm also working on a video tutorial that demonstrates the Drag and Drop interface, keep an eye on my blog or twitter or linkedin to get an update for that.



Tags planet glazed drag and drop drupal case study Drupal 7.x
Categories: Elsewhere

InternetDevels: Implementing Websockets using php (Ratchet library) or Tornado web server

Fri, 05/06/2015 - 11:35

Websockets is an important protocol in web development which provides a two-way communication channel between the browser and the web server. Its difference from the traditional way of data transfer is in the fact that the connection is not closed after receiving the answer, but is kept open. Thus, there is an exchange of information in real time, in particular, you can receive notifications from the server without additional requests.

Read more
Categories: Elsewhere

LevelTen Interactive: Content Migration From One Drupal 7 Site to Another

Fri, 05/06/2015 - 07:00

I have first hand experience dealing with content migration, and let me tell you, it can be frustrating sometimes. If you're tired already and you're looking for ways to migrate content between Drupal 7 sites, then you are in the right place. I'm going to walk you through the steps that I had to do in order to get 500+ nodes seamlessly migrated from one Drupal site to another.... Read more

Categories: Elsewhere

Pantheon Blog: Configuration Workflow for Drupal 8 Sites

Fri, 05/06/2015 - 01:29
Managing configuration is an extremely important part of any multi-person website project. Parallel development of different features can lead to conflicts, and the tools that have been available for Drupal 7 do not provide complete coverage of all configuration settings, leading to inconsistencies in configuration handling, and inconvenient workarounds.
Categories: Elsewhere Blog: Authcache: caching for registered users CAN happen!

Thu, 04/06/2015 - 23:34

Recently, I had to build a Drupal site that had to be fast for registered and non-registered users. One of the most frequently used module for caching, boost, can offer caching for unregistered users only. But what can we do for the rest of our visitors?
Why can't we offer them more speed? 

The solution

The module I used is authcache and can give us a plain and straighforward configuration that can be used with or without advanced caching server software. For example, if our web server has no Varnish or opcache or memcache etc. we can get from the module a very satisfying out-of-the-box result providing fast page surfing for our registered visitors. 

In a nutshell, the module is similar to the well known boost. The first time a page is requested, a HTML version of it is stored for future requests. Each user role, has its own HTML version of the requested page. Once the cached page is stored, whenever it's been served as static page, an additional AJAX light-weight request is made to the server in order to update the usage statistics of the page requested and as a result the module returns personalized data for this page such as FAPI tokens, FAPI default values etc.

And where are the cached files?

Authcache gives us the ability to expand its functionality with extra features that allows us to use any advanced caching software the server may have. By adding some contrib modules, we can store the cached content either on files, Redis, Memcache, MongoDB etc. By default the module stores the content on our database. That may be a solid approach, but we suggest to use the File Cache module so that the content is stored in sites/default/files folder. With that aproach, MySQL stores only the URL and the age of each stored page. That keeps our database more clean and easier to maintain. Like many caching modules, authcache, has configurable settings such as minimum/maximum lifetime, cache update triggers, debugging modes etc as well.

What do the numbers say?

If a registered user requests a page that has 2 views, 3 blocks, 2 menus and some more "plain" content, the average rendering time is ~650ms. That means that a registered user has to wait for ~650ms after his click before the server can send to him the 1st byte of our page. 
With authcache and File Cache, we got to ~48ms!

These numbers are recorded on a 64bit Windows 7 laptop with SSD and plenty of memory (8GB). You will never going to host you site on something like that, but you get the picture. And if you use any of the contrib modules with the appropriate server software, you WILL get even better response times.

If you use authcache, boost, Block Cache Alter and the native caching of Drupal and Views, you will turn your sluggish Drupal installation to a rocket!

And never forget: Keep your site fast, keep your visitors happy!

Categories: Elsewhere

Drupal Association News: My week at DrupalCon, part 1

Thu, 04/06/2015 - 22:22

The sky is truly the limit for getting value from attending a DrupalCon. There are so many ways to involve yourself, be a part of different opportunities to give back, and meet many people from all over the world and of all walks of life.  At DrupalCon Los Angeles, we saw so many of our wonderful community members coming together to share their experiences and learn from each other -- and one of the places where this happened most was at our Monday summits.

A much anticipated part of my job is to host the Community Summit at DrupalCons. It’s a truly wonderful and humbling experience to stand in is a room filled with like-minded caring people, all of whom are ready to roll up their sleeves and work on some community topics and projects.

Here we are...the best group of #drupal people around. #CommunitySummit #drupalcon #notbiasedatall

— Lauren Shey (@lsheydrupal) May 11, 2015

This DrupalCon we had some folks working on COD, which stands for Conference Organizing Distribution.  COD packages all of the features event organizers need to create a website for their event.  One of the coolest features is that they can update their site for multiple events and years.  We also had participants discuss Drupal and non-profits.  They sprinted on how to incorporate CiviCRM into their work, best practices for site builders to utilize and pro-tips for those in non-profit using Drupal.  

Additionally, we had Donna Benjamin come out to represent the Drupal Association board.  Donna and her group discussed governance and conflict resolution for the Drupal community.  The group learned about the Community Working Group, its goals, and generated some great ideas on how to keep DrupalCon a warm and inviting event.  

Other groups sprinted on community topics such as a Campus Ambassador program, International Collaboration and Community building, Large Scale Drupal, and Building local Drupal Communities.  

All in all, it was a successful day, with around 60 participants from Australia, North America, South America, Europe, and Asia.  However, the fun and networking didn’t stop at the end of the summit.

More on my experiences at DrupalCon Los Angeles next week, until then, cheers!

Lauren Shey
Community Outreach Coordinator
Drupal Association

Categories: Elsewhere

Drupal for Government: cranking out new versions of an android drupalgap app

Thu, 04/06/2015 - 22:14

DrupalGap has been a breakthrough product for me.  Since my upcoming political campaign rests on RESTful services and an app.... I kinda need it now... here's a walkthrough of upgrading an app that's already been built.. there are probably a few too many assumptions in here, but it should help those who may follow.... 

cd AndroidStudioProjects/cvillecouncil/www
Download from /admin/config/services/drupalgap
unzip (replace all)
mv cordova.index.html index.html
vim app/settings.js - change web-app to phonegap 
cordova build android

vim ../config.xml - set the version number <widget id="com.cvillecouncil" version="0.0.2" 

cd ../platforms/android/
vim AndroidManifest.xml - make sure that  <application android:debuggable="false" 

Categories: Elsewhere

Lullabot: Drupal 8 Theming Fundamentals, Part 1

Thu, 04/06/2015 - 21:00

In this series of posts we’re going to dig into some of the fundamentals of Drupal 8 theming. By the time we’re finished we’ll have a solid understanding of how to apply many of the new tools and techniques in our work. We’ll also have a starter theme we’ll be able to use in our future projects.

We’re going to begin by building the bare minimum required to get our theme working. We’ll create the basic file structure as well as a critical configuration file so that Drupal will recognize our theme and let us enable it.

Categories: Elsewhere

Drupal Watchdog: Drush: The Swiss Army Knife for Drupal

Thu, 04/06/2015 - 18:22

I'm always interested in finding ways to reduce the busy-work and get right to the fun parts of development. Drush has been the tool to help me do that. If the last three articles on Drush haven't convinced you, perhaps it's because I haven't told you about aliases and make files. Both require some setup but after that you will wonder why you didn't use them sooner.


A Drush alias is a short name for one of three things: a specific site, a Drush command, or a shell command.

Let’s say you have three Drupal sites sharing the same codebase (multisite). We’ll call them “default”, “”, and “”. When executing a command, Drush assumes you want to run the command against the default site. But what if you want to check the status of That's where a site alias becomes useful!

We first need to create an alias file where we can define our aliases for Drush. Although it’s possible to add system-wide aliases in /etc/drush, for this example we are going to create the file drushrc.php in our user’s home folder. (If you don't already have a .drush folder, create one.)


Now we define our alias within that file. In the example code below, I'm defining the alias "store" by telling Drush where to find the Drupal root and the domain name of this particular site. Copy this example and insert it into your file. Replace the alias, root, and uri with the information that fits your situation.

<?php $aliases['store'] = array( 'root' => '/path/to/drupal', 'uri' => '', );

Save the file and you are done! You have just created a site alias. Now you can use this new alias in commands. Prefixed with @, your alias should be the second thing you type, as in the command below.

Categories: Elsewhere

Drupal Easy: DrupalEasy Podcast 156 - Ryan forgot to do his homework (Jesus Olivas, Eduardo Garcia - Drupal Console)

Thu, 04/06/2015 - 14:40
Download Podcast 156

Jesus Manuel Olivas (jmolivas), Drupal 8 Solutions Engineer at FFW and Eduardo (Enzo) Garcia (enzo), CTO at Anexis IT, two of the maintainers of the Drupal Console project join Mike Anello and Ryan Price to talk about Drupal Console, Cultural Construction, keeping core and module development on, as well as some other current Drupal-y news and our picks of the week!

read more

Categories: Elsewhere Blog: Drupal 7 advanced hands-on training workshop in London, 13-14/7/2015

Thu, 04/06/2015 - 07:17

Learn Advanced Drupal 7. Unlock its powerful API and theming engine at a 2-day hands-on workshop delivered by top Drupal developers.

The Workshop spans 2 eight-hour sessions taking place on Monday 13th and Tuesday 14th July 2015 in Central London. Monday will be about Drupal Website Building, and Tuesday about Drupal Theming and Drupal Module Development.

The training will be highly personalized as there will be one trainer per at most 4 students, so you will can get the attention you need in order to follow the flow of it.

Whom is it for?

The Workshop is for people accustomed with basic CMS terms. Especially for the second day, basic knowledge of HTML, CSS and PHP is a prerequisite.

The workshop aims at providing the tools and knowledge required for using Drupal as a framework. You won't leave the workshop as a Drupal expert, but you will be led into the right path with top Drupal developers. To attend, you will need to bring your laptop along.


Registration fees for workshop attendance are £495 per day. If you choose to register for both days, you will get a £100 discount, so the total will be £890 plus VAT. You can make your payment using PayPal.

Price includes coffee and lunch.

An attendance certificate will be provided.

Check out the workshop schedule below and book now, as seats are limited!

Monday, 13 July 2015: Site Building Time Duration Description 10:00 - 11:30 90’ Introduction, Drupal Installation, Learn the Administration environment 11:30 - 11:40 10’ Coffee Break 11:40 - 12:40 60’ Custom Content Types, Fields & Modules 12:40 - 12:50 10’ Coffee Break 12:50 - 13:50 60’ Showing Content, Views, Panels & Display Suite 13:50 - 14:50 60’ Lunch Break 14:50 - 15:50 60’ Internationalization, Performance (Cache, Cache Expiration) 15:50 - 16:00 10’ Coffee Break 16:00 - 17:00 60’ Commerce 17:00 - 17:10 10’ Coffee Break 17:10 - 18:00 50’ Rules


Tuesday, 14 July 2015: Theming & Module Development Time Duration Description Theming 10:00 - 11:30 90’ Introduction to Drupal Theming, Appearance Interface, Install themes from 11:30 - 11:40 10’ Coffee Break 11:40 - 12:40 60’ Base Themes, Create a new theme 12:40 - 12:50 10’ Coffee Break 12:50 - 13:50 60’ Editing the basic templates & javascript libraries 13:50 - 14:50 60’ Lunch Break Module Development 14:50 - 15:50 60’ Introduction to Drupal for Coders, creation of a Module, Hooks, Menu System, Theme API 15:50 - 16:00 10’ Coffee Break 16:00 - 17:00 60’ Creation of an Admin Interface, Form API, Entity API, Users and Permissions 17:00 - 17:10 10’ Coffee Break 17:10 - 18:00 50’ Using the Database API, Caching, Development Best Practices

For more information, please contact us.

Book Now:
Categories: Elsewhere

NEWMEDIA: Do You Have Unanswered Drupal PCI Compliance Questions?

Thu, 04/06/2015 - 04:45
Do You Have Unanswered Drupal PCI Compliance Questions?Securing credit card transactions is an important yet daunting task for most eCommerce merchants. And while the community sponsored Drupal PCI Compliance White paper has helped bring awareness and clarity to the topic, important questions still remain. Do you have any unanswered questions or constructive feedback?

It’s been almost two years since my colleagues and I released the first version of the Drupal PCI Compliance white paper. Since then it’s been incredibly rewarding to watch the conversations evolve in the issue queues, within twitter threads, and during person conversations. Rather than ignore the topic altogether, individuals are tackling it head on and having meaningful conversations. Rather than falling back on speculation and hearsay, individuals are referencing specific parts of the specification. Best of all, I’m seeing more and more evidence of people using this information during their selection process of a payment gateway. Overall, I’m thrilled to see this level of progress.

And yet despite this progress, we still have a long way to go as a community. Recently I’ve become involved in the Commerce Braintree and Commerce Stripe issue queues to help review the new (and awesome) iframe solutions. During that process, a lot of questions came up regarding whether or not these modules were truly PCI 3.0 SAQ A compatible or not. These are great questions, but it leaves me asking a few questions:

  • Are these users aware of the white paper?
  • Is the white paper thorough enough in answering these questions?
  • Is the white paper enough? Do we need a shorter distillation (infographic?) or a more succinct executive summary?

To that end I’m soliciting feedback from the community, and that means you! Are you aware of the paper? Did it adequately summarize the important nuances around the subject matter? Do you have more questions? Can we make it any clearer?

If you’re willing to provide said feedback, please either leave a comment below OR submit an issue directly to the github project’s issue page. And thanks in advance. Any improvements that can be made will benefit all users that ultimately build and/or operate a Drupal eCommerce site.

Finally, a huge thanks for the white paper sponsors: Applied Trust,, CrossFunctional, Commerce Guys, NEWMEDIA, Towsend Security, Hosted PCI, and Copperly. Your support went far beyond anything monetary. Your confidence in me to get the job done is something I’ll always be grateful for.

Categories: Elsewhere

Phase2: “Reply to Anything” in Open Atrium

Wed, 03/06/2015 - 23:41

Since it’s beginning, Open Atrium had Discussion Forums, allowing members to collaborate on various topics.  In the Winter 2015 2.3x release, we added Related Content, which allowed you to attach a Discussion Post to other content, such as an Event.  But what if you wanted to have a discussion around a piece of content directly without creating a separate related discussion post?  In the new Spring 2.4x release, you can “Reply to Anything,” whether it’s core content such as an Event or a custom site-specific content type.

Drupal Comments

At a high level, the “Reply to Anything” release of Atrium was a simple task of enabling normal Drupal comments for any content type.  The Atrium Discussion forum didn’t use Comments, but instead used the same content type for “Replies” as for the “Original Post.”  While this was architecturally convenient and allowed Replies to contain attachments, it didn’t allow Replies to be added to other content types easily.

Comments in Drupal tend to get a bad rep.  Many feel that comments look ugly, don’t support rich content such as attachments, or are subject to spam and require serious moderation.  The challenge for Atrium was to enable Comments while dealing with some of these complaints.

Improving Comments

Significant testing and feedback went into the original design of the Atrium Discussion forums.  We decided to implement the same functionality for Comments, plus some new features:

  1. Personalization: causing new comments to be auto-expanded, while old comments are collapsed.
  2. Attachments: rather than just allowing attachments to be added to Comments, the entire Related Content paragraphs architecture was re-used.  More on this below.
  3. Migration: previous Discussion Replies are migrated automatically into Comments.
  4. Easy Administration: rather than editing the content type to enable Comments, a central UI interface is used to choose which content types use comments.
  5. Threaded Discussions: support comments to comments, allowing fully threaded discussions.

The result is a consistent and intuitive interface across Atrium for handling comments to content, whether it’s a Discussion post, a worktracker Task, an Event, a Space, or any other type of content.

Rich Comment Content

Re-using the Related Content work from v2.3x, we were able to support very rich comment content.  For example, the screenshot in the previous section shows a comment with an image and two columns of text.  Rather than just using the WYSIWYG to embed an image, that comment uses the Media Gallery paragraph type to add the image, along with a Text paragraph to add two columns of text.  You can even use the Related Content to embed another live discussion along with it’s own comments and reply form within another comment.  Comment Inception!   In the past you could only add a file attachment to a Reply.  With Related Content you can add a Related Document to a Comment, which might be a file attachment, but might also be just a Wiki-like web document.

When integrating the Related Content we also did a large amount of UX improvement.  The different paragraph types are now represented with icon “tabs” along the bottom of the WYSIWYG editor, much like the tabs at the bottom of your Facebook status field.  Using a Drupal hook you can even specify icons for your own custom paragraph types!  This new UX for Related Content paragraphs was taken from Comments and then extended to work on the Body of the node/edit form, providing a consistent Related Content experience across all of Atrium.  You can separately control which paragraph types are available for the node Body vs available for Comments.

What can I do with all this?

Technical features are fine, but it’s really all about the client needs that can be solved.  Here are some of the use-cases you can solve now using Atrium:

  1. Feedback and Collaboration on Anything:  Threaded discussions on any content type, not just the Discussion posts, without needing to use Related Content.  Because of Atrium’s strong data privacy controls, comments are added by Members of a Space and are less subject to spam or needing moderation.  However, full comment approval moderation is also still available.  Comment threads can be open or closed on a per-node basis.
  2. Social Feeds: Enable comments on Space, Section, or even Team pages, providing a “Status Feed” functionality.  Users can quickly and easily post comments (status updates) and have them appear in the Recent Activity.  If you enable comments on User Profiles (from the Open Atrium Profile2 app), you can even support the concept of a “Facebook Wall” where users can post comments (status) on a specific user’s profile dashboard.  These are areas still requiring some improvements to the UX that you will see in future versions of Atrium to make this a more useable social experience, but you can get started with it now.
  3. Fieldable Comments:  By adding new paragraph entity bundles, you are essentially adding optional fields to comments.  Developers can define templates to control the edit and view experience for custom fields.  Using the included Comments Alter module, comments can actually change the values of fields on the parent content node, such as the Status, Type, and Priority fields on the worktracker Task content.
  4. Email Integration: As with past Discussion Replies, adding a Comment causes a notification email to be sent.  Users can reply to the email and the reply will be posted back to the Atrium site.  This now works with any comments on any content type, such as replying to comments from a worktracker Task.

Many users of Atrium have asked for comment support, which was specifically disabled in past versions.  Now Atrium fully supports the Drupal Comment system and everything sites want to do with it.  Integrating the Recent Content work into Comments provides powerful functionality that is implemented consistently and intuitively across the entire platform.  Allowing Comments on anything further pushes the core mission of Atrium to enable and enhance collaboration across your organization.

Want to learn more or see the new comments in action?  Sign up for the Open Atrium Spring Release webinar on Thursday, June 4th, at 12:30pm EST.

Categories: Elsewhere

Drupal core announcements: Drupal 8 Security bug bounty program: Get paid to find security issues in D8

Wed, 03/06/2015 - 22:17

Drupal 8 is nearing release, and with all the big architectural changes it brings, we want to ensure D8 upholds the same level of security as our previous releases. That's where you come in!

The security team is using monies from the D8 Accelerate fund to pay for valid security issues found in Drupal 8, from now until August 31, 2015 (open to extension). This program is open for participation by anyone.

Read more details here:

Categories: Elsewhere

Drupal Association News: What have Chinese Drupalers been doing in 2015?

Wed, 03/06/2015 - 21:07

On March14th 2015, the Chinese Drupal Community gathered in Shanghai for DrupalCampChina 2015. With two keynotes, three one-hour presentations, nine thirty-minute sessions and a great after party, it was a busy day of learning and sharing ideas.

Learn from the best

China is a large country, but on the day of DrupalCampChina 2015, attendees from cities as far away as Beijing and Hong Kong traveled more than 8 hours to the event. One of the top reasons that many Chinese Drupalers were motivated to travel from afar was the keynote speakers, who were funded by Drupal Association. Many Chinese Drupalers appreciated the opportunity to listen and meet some of the top Drupal developers in the world; furthermore, they wanted to learn more about open source culture, the organization of the Drupal Community, and Drupal core development.

This year, we were thrilled to have Ryan Szrama and Clay Shirky as our two keynotes. Ryan’s talk, “Opening Doors with Open Source eCommerce,” was inspiring. His stories charted the path he took that defined his open source career, and how it shaped both Ubercart and Drupal Commerce modules.

Our other keynote, Clay Shirky presented on “Collaborative Technologies.” Analyzing the social aspects around recent technologies, Clay’s talk demonstrated how humans are not only producing the technologies, but how those technologies in turn shape the development, distribution, and community of the future. In a way, Clay’s talk explained how Drupal and its community was born and why they are what they are today.

Both keynotes were exciting and inspiring, and boosted our attendees’ confidence and enthusiasm for Drupal and Open Source.

Growing Drupal in China

As Chinese philosopher Confucius once said, “Isn’t it delightful to have a friend coming from afar?” At DrupalCampChina 2015, Adam Malone from Acquia and Felipe Rubim from CI&T travelled to Shanghai from Australia and offered their insights and guidance. I took the opportunity to discuss methods of growing Drupal in China with them based on their experiences both in Asia Pacific and the rest of the world.

Many people at the camp had fun and were inspired watching Adam present “Let's talk about web experience management with Drupal 8”. Later on, while discussing the growth of Drupal in China, Adam mentioned Acquia’s broad interest in helping Drupal grow in Asian markets. His rule of thumb is to organize more local meetups and to encourage social activities for the group where Drupal isn’t the focus. By creating friendships within the community, we make stronger ties between its members. Adam also pointed out that it’s important to learn the decision making process within different business areas. Once the requirements and priorities are better presented, Drupal usually can offer many solutions with the ability for further customization. If we want to increase Drupal adoption from the top down in China, then the developers and site builders have a lot of learning to do, and we can’t wait to get started.

Felipe Rubim has assisted with the organization of this camp over the past six months. He firmly believes in the value of DrupalCamp China, which is why he motivated a whole team of Drupalers at CI&T to travel from Ningbo to Shanghai. Their bold presence gives many newcomers a great impression of Drupal. Felipe believes Chinese developers must see more opportunities related to Drupal before they join, and that businesses may also expect a bigger pool of Drupal shops and developers before they jump in. To try and tackle both at the same time, Felipe and his team suggest that the Drupal community should focus on:

  • Localized Drupal marketing (Chinese material on Drupal, locally searchable/reachable);
  • The translation of more key documentation, along with support on forums;
  • Increasing the number of  key advocates  (e.g.: D.A., local evangelists, etc), people that can speak up for Drupal across different audiences/prospects
  • Implementing and marketing flagship local cases;
The Future of Drupal in China

In early 2015, CNN claimed that China had 557 million smartphone or tablet users, which was almost double of the entire U.S. population. One thing worth noting is that these 557 million users are 80% of the total number of Chinese internet users. Furthermore, as famous Google Exec Hugo Barra pointed out, Alibaba/Taobao in China sold $5.75 billion online in one single day, comparing to $2 billion for U.S. Cyber Monday. In fact, Barra’s Chinese company Xiaomi also recently won a Guinness record for selling 2.11 million phones in 24 hours.

Given that mobile and eCommerce has exploded in China, many Chinese Drupalers have been working on mobile and eCommerce related projects lately, which made it a popular topic at DrupalCamp. We discussed how two large sets of APIs offer the integration to this massive Chinese eCommerce and mobile world. One is from Alibaba, and the other is from Tencent (WeChat). Drupal and the Commerce module offer the amazing capability to integrate Content, Workflow and Commerce together, making it incredibly easy to develop for Chinese eCommerce sites. Drupal Commerce Kickstart Distribution also lets users open a new simple eCommerce site in hours. Hundreds of thousands of Chinese Taobao shop owners have been dreaming about customized shop displays and the Commerce Kickstart distribution can make their dream come true without writing any code. Clearly, there is a lot of opportunity for Drupal in China. Now what we need to do is begin growing.

The security aspect of Drupal was another popular topic at DrupalCampChina. China experienced a lot of cyber security challenges in the past 6 months, for example the recent man-on-the-side-attack. Most Chinese internet companies gradually learned the importance of cyber security and the advantage of using open source software like Drupal. At the camp, many attendees learned about the work and responsibilities of the Drupal Security Team, and learned about Drupal security advice compared to other popular open source software. Ultimately, we concluded that  it will be almost impossible for most proprietary Chinese CMS software to catch up with the security practices that Drupal can offer.

Many small and medium businesses in China were eager to learn about optimization of hosting websites for Chinese markets. Both the technical aspects like bandwidth and connectivity, and political governance of Internet are quite different when the Internet crosses border in China. Some Chinese companies host websites in China, but then must deal with increasing market demand in the rest of the world, while many international companies are uncertain of the best practices to optimize speed for Chinese market. Numerous strategies have been discussed, but thanks to the power of Drupal (e.g. CDN module, Storage API), the implementation of many optimization strategies is only a marginal investment for many companies.

Attending DrupalCon LA

DrupalCampChina 2015 was held shortly after the Chinese New Year. We took the opportunity to meet and discuss the plans for the near future. Many Chinese developers had a taste of the fun and value of this camp in Shanghai, and wanted to learn more about Drupal and its community. Therefore, we formed a team to travel to DrupalCon LA. Keith Yau, Jackie Chen, Jerenus Zheng, and Everright Chen had a great time at DrupalCon LA and had lots of exciting new ideas to bring back and share with our community in China. For most, this was both their first DrupalCon and their first trip to the US. They witnessed how well the Drupal community collaborated at Sprints; learned to communicate with many Drupalers both offline and online; and they were shocked to see how many potential career choices were available at DrupalCon. When they talked about this trip after they returned, it was certain that they were amazed and inspired. Nicely done, DrupalCon LA!

Categories: Elsewhere

DrupalCon News: A Wallet-Friendly Guide to DrupalCon

Wed, 03/06/2015 - 19:44

DrupalCon Europe is one of the biggest and most important Drupal events that happens in the world every year. Since we, the local community, assume that you are already convinced to come to Barcelona in September, we would like to provide some tips to help you make your stay wallet-friendly. You can cherry pick any of these tips and use the ones that apply to your ideal DrupalCon experience.

Categories: Elsewhere