We got an interesting requirement, to integrate Drupal and Moodle (Totara actually) in order for a nice combination of CMS features and LMS features. The integration should follow SSO, where a user logged in Drupal should automatically be logged in Moodle.
We decided to use existing plugins as much as possible along with additional customization wherever needed.selvam Wed, 04/06/2016 - 16:30
I use IRC a lot. For many things, which are often unrelated. As IRC proxy I currently use bip so I can run a local IRC client.
To get less distracted by "random stuff" popping up when I want to focus on something, I would like to use an IRC proxy, which I can configure - for example - to do this: "immediatly relay everything from all debian channels and cache everything said on all other channels". Direct messages should always be relayed immediatly. And of course more fine grained control should be possible too: "all debian channels except reproducible related", "everything reproducible builds related", "debconf channels", "everything else", and so on.
Does an IRC proxy with such a feature exist? Any suggestions on which proxys come close? Feedback much appreciated, if I manage to find something, I will post an update on this blog.
The long requested feature for Weblate is here - it now has API which you can use to control it. It's scope is currently limited, but it will expand in future releases. The API is currently available in Git, deployed on both Demo server and Hosted Weblate, our hosted solution. It will be also part of 2.6 release, which should be released by end of April.
Anyway the API now provides basic operations up to translation level - you can not edit individual translations, handle suggestions or other advanced features. However what you can do includes:
- Manipulating with the underlaying VCS repository (commit, push, pull, reset)
- Download or upload translation files
- Get information about translations, components, projects and languages
- Lock or unlock components for translation
As you can see this really covers the basic operations which were most frequently requested, more will come in future. You can see more detailed the Weblate API documentation.
Drupal is a secure system, but you really need to keep your software up to date. Code Enigma director responsible for support services, Greg Harvey, explains why this is so important.Wed, 2016-04-06 10:42By greg
In light of the much talked about #PanamaPapers leak, it seems there has never been a better time to talk about keeping your software up to date. It has been reported by Forbes that a possible (if not the most significant) vector of the leak was a Drupal vulnerability, well publicised a few years ago, called Drupageddon. This story has been picked up by the Drupal.ovh website, which ran a piece last night on Drupal's possible involvement in the scandal.
The author of that piece rightly points out:
Since there is no single entity to blame for Drupal or other Open Source CMSes, as opposed to commercial entities like Oracle or Microsoft - there will likely be no fingerpointing in this issue.
But then goes on to say:
Increased awareness of web services security matters is required from the Open Source [communities] so that we will avoid large information leaks in the future.
We beg to differ! Sure, nobody is saying we can't improve on developer awareness, and that's true absolutely across the board in every developer community. But hindsight is always 20/20 and that kind of comment carries an implied "mea culpa" for open source software that, in my opinion, is totally misplaced and maybe even a little dangerous.
And more importantly, it has nothing whatsoever to do with the issue at hand! It really doesn't matter what software is or is not behind the leak. The principle point is this: it is alleged that the affected company, Mossack Fonseca, was running a version of Drupal more than two years old (7.23*) as its customer portal software. More than two years old!
Many information security specialists around the world (ourselves included) will tell you the first, single, most important thing anybody can do to protect themselves from infiltration and disclosure is keep their software up to date. It's a security 101. It is the first line of defence, the most basic number one priority, because researchers and hackers find security holes in software all the time. At Code Enigma we manage over 150 servers for our customers, we have the intrusion detection system (IDS) logs, we know we get scanned for known vulnerabilities like Drupageddon literally thousands of times a day! A colleague tells me he saw a Drupageddon attack this very week on another website (not managed by Code Enigma, I might add).
If the Forbes article is correct, and Mossack Fonseca were still running Drupal 7.23 in 2016, this is absolutely unforgiveable from a corporate infosec standpoint. There have been literally dozens of security fixes to Drupal since that date, allegedly none of which had been applied to Mossack Fonseca's (presumably) confidential client portal. The only thing I find astounding is that it took two years for this leak to break.
(Side point, but I find it telling Mossack Fonseca's official statement doesn't talk about their information security posture at all.)
So let's assume you're just an ordinary person or organisation using Drupal, and information security is important to you. Regardless of what Mossack Fonseca were alleged to have been up to, there are many good reasons you might not want information held on a website to be disclosed. Numerous Code Enigma clients could not afford a leak like this for far more honourable reasons than a political fire-storm - they carry genuine private data, for example medical researchers' contact information, interactions of members of the public with local government, sometimes we relay payment details, and so on. What do you do? Well, you can never entirely protect yourself from a clever and resourceful attacker, but at a bare minimum:
You keep your software up to date!
All of it.
All of the time!
It's not that difficult, and if you do that one thing then it's much, much harder for a Panama Papers-style leak to happen to you. If you don't have the time or the ability to do so yourself, you can get support for Drupal and support for Linux from literally hundreds of companies around the world. Those packages vary hugely from the relatively inexpensive and totally automated services (like Drop Guard) to hands-on Enterprise support packages (such as our own) where professional experts hand-check your updates. We're at the expensive end, but then we're ISO 27001 certified by the British Standards Institute, and you get what you pay for.
Finally, you may be wondering what Code Enigma did in the face of Drupageddon? Why wasn't this an issue for our customers?
Well firstly, because we have a member of our security and support team actually on the Drupal security committee, we have our finger on the pulse. He actually respected the embargo on disclosure, even internally, but we were primed and ready. As soon as the vulnerability was announced, we patched all customer systems. And here's the thing:
We have customers who pay us for security patching and those that don't. But Drupageddon was so serious that in the interests of good 'net citizenship, we took the view that regardless of whether or not our customers were paying for security updates, we would patch everyone. In fact, we had that patching done inside an hour. We also blocked all customer automated deployment tools until they could demonstrate to us they had upgraded Drupal core in their version control repositories, so we could be sure customer changes to code could not reinstate the vulnerability.
The TL;DR is we patched EVERYONE, regardless of contract, and we took the responsibility to ensure their systems stayed patched upon ourselves, even when we weren't contractually obliged to.
Stay up to date, stay safe.
* This version pre-dated the devastating Drupageddon vulnerability, which made it extremely trivial to gain total control of a Drupal website if left unpatched. The vulnerability was widely reported in the technology press when it broke, in October 2014, and Drupal.org posted strong advice that any website left unpatched for more than seven hours after disclosure should be considered compromised as a matter of course.
BlogISO 27001 - what you need to know PageSecure Drupal Hosting PageDrupal Security Updates BlogDrupal Security Audits: What to look for
I've been writing a lot about what I believe is important for the future of Drupal, but now it is your turn. After every major release of Drupal I do a "product management" survey to get your ideas on what to focus on for future releases of Drupal (8.x/9).
The last time we had such a survey was after the release of Drupal 7, six months into the development of Drupal 8. I presented the results at DrupalCon London in 2011. The results of that survey informed the Drupal community at large, but were also the basis for defining initiatives for Drupal 8. This time around, I'm hoping for similar impact, but also some higher-level strategic thinking about how Drupal should respond to various market trends.
It shouldn't take more than 10-15 minutes to fill out the survey. We'd like to hear from everyone who cares about Drupal: content managers, site owners, site builders, module developers, front-end developers, people selling Drupal, etc. Whether you are a Drupal expert or just getting started with Drupal, every voice counts! Best of all, with Drupal 8's new 6-month release cycle, we can act on the results of this survey much sooner than in the past.
I will be presenting the results during my DrupalCon New Orleans keynote (the video recording of the keynote, the presentation slides and the survey results will be downloadable on my blog after). Please tell us what you think about Drupal; your feedback will shape future versions of Drupal.
A new version of RcppAPT -- our interface from R to the C++ library behind the awesome apt, apt-get, apt-cache, ... commands and their cache -- is now on CRAN.
It adds three new commands to the package. Two are relatively simple: showSrc() and dumpPackage() displays information about a given package, similar to what apt-cache showsrc and apt-cache showpkg, respectively, would reveal. Lastly, the buildDepends() function retrieves all build-dependencies for a packages. This should come in handy for automated tested for which I have some plans.
We’re on a mission to bring more free live Drupal training to more people and organizations than ever before. I’m very pleased to say this quarter we’ve beat our own personal best.
Since January we’ve delivered more than $100,000 worth of free training. That's 19 free trainings in six cities and online to more than 417 registered participants. That’s a total of 72 hours of training delivery and more than 1,700 hours spent in the classroom by individuals learning Drupal. And this doesn't even include all those here at FFW that provided sessions at camps and participated in community training and sprints.
We delivered training in Princeton, New York, Albany, Dallas, Orlando and Chicago and online to participants all over the US, Europe and Asia.
In the coming months we’ll be back to Dallas and down to Atlanta and New Orleans for Drupalcon NA where we’ll be top level Diamond sponsors for the second year in a row. We’ll have live demonstrations at our booth of the latest versions of Drupal Console and of Drude, our new container-based Continuous Development environment for all your Drupal development needs. And we'll continue our online and face to face training in New York and add more cities.
Visit our event page for more information and please take a moment to give us your comments here. Tell us what new topics you’d like us to explore and especially where you’d like us to visit next.
Keep on Drupaling.Tagged with Comments
Each day, more Drupal 7 modules are being migrated to Drupal 8 and new ones are being created for the Drupal community’s latest major release. In this series, the Acquia Developer Center is profiling some of the most prominent, useful modules, projects, and tools available for Drupal 8. This week: simpleSAMLphp Authentication.Tags: acquia drupal planetSSOsingle sign onSAMLLDAPShibboleth
Thirsty for Drupal knowledge? Want to dive deep into a topic and learn from the best in the field? Like to get hands-on with your learning material? We are excited to offer 15 full-day training classes at DrupalCon New Orleans that will turn you into a Drupal superhero. No matter if you are an absolute beginner or Drupal expert, our classes cover all experience levels. Our world-class Drupal trainers are eager to share their knowledge in what may be our most diverse line-up yet.
Site builders, accustomed to working with Drupal 7 or Drupal 6, are able to do much more with Drupal 8 right out of the box. There are many excellent enhancements you should know more about.Tags: acquia drupal planet
We’re going to be in New Orleans next month for DrupalCon, will you be? Heather White, Sandy Smith, and I will all be flying down the week of May 9th. Heather helped organize the PHP track for this year’s event and will be helping to make sure everything runs smoothly for the speakers. Sandy will be at our sponsor booth to chat with all of you and show off our magazine and some sample books. I’ll be at our booth with Sandy and also presenting Navigating the PHP Community.
Want to join us? We’re giving away a free ticket to DrupalCon at random. We’ll draw names from all entries on Wednesday, April 13th.
In June of 2015 I wrote a blog post on information architecture and user-centered design that discussed creating a content inventory, writing for the Web, focusing on page layouts and navigation, and conducting user testing.Tags: acquia drupal planet
Last week was mostly vacation for me, so I'm publishing this report more for not missing one rather than to provide real report.
I've spent only little of time on last Tuesday on reviewing issues and there was no coding involved.