Elsewhere

IXIS: Nippy EdgeCast Purging

Planet Drupal - mer, 16/07/2014 - 11:27

Since we integrated the EdgeCast CDN for one of our clients, and released a related EdgeCast Drupal module we have been encouraging more and more clients to consider a CDN layer to accelerate performance to multiple geographic locations and maintain an excellent uptime even during site maintenance periods.

A recent international client who is running many domains with federated content using the Domain module needed to make use of the content delivery network to improve performance and resiliance for their sites.

read more

Catégories: Elsewhere

Mogdesign: #D8Rules As a Proof that Drupal Community Is a Living Cell

Planet Drupal - mer, 16/07/2014 - 11:03

When D8Rules project waiting in a Funding phase had just seven days left to be successfully funded, success didn’t seem likely. The project had raised just over 40% of its funding goal so far. The days shortened; the pressure rose.

Catégories: Elsewhere

Raphaël Hertzog: Spotify migrates 5000 servers from Debian to Ubuntu

Planet Debian - mer, 16/07/2014 - 10:07

Or yet another reason why it’s really important that we succeed with Debian LTS. Last year we heard of Dreamhost switching to Ubuntu because they can maintain a stable Ubuntu release for longer than a Debian stable release (and this despite the fact that Ubuntu only supports software in its main section, which misses a lot of popular software).

A few days ago, we just learned that Spotify took a similar decision:

A while back we decided to move onto Ubuntu for our backend server deployment. The main reasons for this was a predictable release cycle and long term support by upstream (this decision was made before the announcement that the Debian project commits to long term support as well.) With the release of the Ubuntu 14.04 LTS we are now in the process of migrating our ~5000 servers to that distribution.

This is just a supplementary proof that we have to provide long term support for Debian releases if we want to stay relevant in big deployments.

But the task is daunting and it’s difficult to find volunteers to do the job. That’s why I believe that our best answer is to get companies to contribute financially to Debian LTS.

We managed to convince a handful of companies already and July is the first month where paid contributors have joined the effort for a modest participation of 21 work hours (watch out for Thorsten Alteholz and Holger Levsen on debian-lts and debian-lts-announce). But we need to multiply this figure by 5 or 6 at least to make a correct work of maintaining Debian 6.

So grab the subscription form and have a chat with your management. It’s time to convince your company to join the initiative. Don’t hesitate to get in touch if you have questions or if you prefer that I contact a representative of your company. Thank you!

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Catégories: Elsewhere

Jon Dowland: Mac

Planet Debian - mar, 15/07/2014 - 21:22

My job exposes me to a large variety of computing systems and I regularly use Mac, Windows and Linux desktops. My main desktop environment at home and work has been Debian GNU/Linux for over 10 years. However every now and then I take a little "holiday" and use something else for a few weeks. Often I'm spurred on by some niggle or other on the GNOME desktop, or burn-out with whatever the current contentious issue of the moment is in Debian. Usually I switched to Windows and I used it as an excuse to play some computer games.

Last November I had just such an excuse to take a holiday but this time I opted to go for Mac. I had a back-log of Mac issues to investigate at work anyway.

I haven't looked back.

It appears I have switched for good. I've been meaning to write about this for some time, but I couldn't quite get the words right. I doubted I could express my frustrations in a constructive, helpful way, even if I think that my experiences are useful and my discoveries valuable, perhaps I would put them across in a way that seemed inciteful rather than insightful. I wasn't sure anyone cared. Certainly the GNOME community doesn't seem interested in feedback.

I turns out that one person that doesn't care is me: I didn't realise just how broken the F/OSS desktop is. The straw that broke the camel's back was the file manager replacing type-ahead find with a search but (to seemlessly switch metaphor) it turns out I'd been cut a thousand times already. I'm not just on the other side of the fence, I'm several fields away.

Sometimes community people write about their concerns with whether they're going in the right direction, or how to tell the difference between legitimate complains, trolls and whiners. When I look at conferences now, the sea of Thinkpads was replaced with a sea of Apple Macs a long time ago now, and the Thinkpads haven't come back. I'd suggest: don't worry about the whiners. Worry about the leavers.

What does this mean for my Debian involvement? Well, you can't help but have noticed that I've done very little this year. I've written nearly exclusively about music so far. the good news is: I still regularly use Debian, and I still intend to stay involved, just not on the desktop. I'm essentially only maintaining two packages now, lhasa and squishyball. I might pick up a few more (possibly archivemail if the situation doesn't improve) but I'm happy with a low package load; I'd like to make sure the ones I do maintain are maintained well. The sum of all my Debian efforts this year have been to get these two (or three) ship-shape. I have a bunch of other things I'd like to achieve in Debian which are not packages, and a larger package load would just distract from them. (We really are too package-oriented in Debian).

Catégories: Elsewhere

Michal Čihař: New UI for Weblate

Planet Debian - mar, 15/07/2014 - 18:00

For quite some time, I'm working on new UI for Weblate. As the time is always limited, the progress is not that fast as I would like to see, but I think it's time to show the current status to wider audience.

Almost all pages have been rewritten, the major missing parts are zen mode and source strings review. So it's time to play with it on our demo server. The UI is responsive, so it works more or less on different screen sizes, though I really don't expect people to translate on mobile phone, so not much tweaking was done for small resolutions.

Anyway I'd like to hear as much feedback as possible :-).

Filed under: English phpMyAdmin SUSE Weblate | 0 comments | Flattr this!

Catégories: Elsewhere

Acquia: Deliver digital faster with Drupal – Part 2

Planet Drupal - mar, 15/07/2014 - 15:45

In Deliver digital faster with Drupal Part 1, I showed you some of the many examples of successful sites built rapidly thanks to Drupal’s modularity. To stay ahead of your competition, you need to be nimble and agile; Drupal helps you do this with reusable, transferable digital experiences that can be customised to suit various niches even within a single business enterprise. All, of course, without paying additional license fees or mandated limits on developers, environments, or copies.

Catégories: Elsewhere

Liran Tal's Enginx: Migrate Drupal 7 to WordPress 3.9 – The Conclusion

Planet Drupal - mar, 15/07/2014 - 15:35
This entry is part 2 of 2 in the series Drupal 7 to Wordpress 3.9 Migration

Migrate Drupal 7 to WordPress 3.9  - To recap, in a previous post on this series, I’ve set the background for my action to migrate  from Drupal 7 to WordPress 3.9. In this post, we will explore the process of making this migration happen.

If you’ve been on this search before to migrate from Drupal to WordPress, then you’ve realized that there aren’t a lot of resources, and that you may have some preferences in regards to the migration process. Some solutions that popped required to have both instances of Drupal and WordPress up and running for some reason, but that didn’t fit my requirements as I wanted to use the same domain and not needing to setup another one just for the migration process. Other solutions are of course professional support services which will perform the migration for you, but you’d have to say goodbye to a few hundred dollars to begin with (prices range from $750 to $3500 for a website migration)

Finding Drupal2Worpdress provided me a good start to get things rolling. As with most things on Github for me, I usually begin by forking a repository and Drupal2Wordpress was no exception. Quickly after I reviewed the code in the original repository I found out that the script is very small and focused, without requiring any special dependencies or extra configuration which was my primary goal – finding the most simple solution as possible. Now I’m ready to take a stub at it.

 

My Video Course - Step by Step Drupal 7 to WordPress 3.9 Migration

I created a Video course on Udemy.com to teach you the skills of migrating Drupal 7 to WordPress 3.9.

I’d appreciate if you leave a review after taking the quick course

Step-by-Step Drupal 7 to WordPress 3.9 Migration Learn how to migrate your content, users, and more from a Drupal 7 website to WordPress 3.9.

 

 

 

Getting to Business with Drupal2Wordpress

Drupal2Wordpress is essentially very simple. It only requires to edit the PHP code at the beginning, and set the connection information correctly for both WordPress and Drupal database. That already implies on the characteristics of this migration tool – it expects that both instances of Drupal and WordPress are available through a database connection and since this tool has to be accessible and run on the hosting account service  and be triggered from the web or from a cron job (because hosting accounts do not open their database servers to the public).

Some of my fixes to this tool began with importing any content type from Drupal, yet making sure they are imported into WordPress as eligble posts content type (as opposed to pages for example, which aren’t blog related). URL aliasing has also been fixed so that imported posts in the new WordPress install are just working good, as well as another fix to migrate only approved comments. New additions to the tool included the support for migrating users, and adding a default ‘Blog’ category on WordPress and relating all posts to it (as otherwise they are not displayed).

The tool has been tested and it only requires to get a fresh installation of WordPress 3.9 to migrate any Drupal 7 site to it. You’re welcome to fork out the repository or test it and comment so we can further improve upon it.

Drupal2Wordpress – the Github repository.

 

(adsbygoogle = window.adsbygoogle || []).push({});

The post Migrate Drupal 7 to WordPress 3.9 – The Conclusion appeared first on Liran Tal's Enginx.

Catégories: Elsewhere

Drupalize.Me: Drupal 8 Plugins Explained

Planet Drupal - mar, 15/07/2014 - 15:00

As you start down the road of learning Drupal 8 module development, one of the first new Drupalisms that you're likely to encounter are plugins. After writing a blog post about creating blocks, which uses the new plugin architecture, I thought it might be interesting to take a step back and talk a little bit more about plugins at a higher level. This blog post contains an introduction to the what and why of plugins to help Drupal 7 developers make the transition to Drupal 8.

Catégories: Elsewhere

Nuvole: Packaging and reusing configuration in Drupal 8

Planet Drupal - mar, 15/07/2014 - 15:00
Bringing "reusable features" to Drupal 8.

This is a preview of Nuvole's training at DrupalCon Amsterdam: An Effective Development Workflow in Drupal 8.

Configuration Management in Drupal 8 elegantly solves staging configuration between different environments addressing an issue that is still haunting even the most experienced Drupal 7 developer. In earlier posts we covered the new Configuration Management in Drupal 8, seeing how it compares to Drupal 7 and Features, and even investigated how to manually simulate Features in Drupal 8 last year. Recent developments and contrib modules can take us several steps closer.

Configuration Management can get quite streamlined when using Git and Drush 7 as explained below.

Step 1: Move staging configuration directory into a versionable location

By default Drupal 8 will place the staging directory under sites/default/files and it is considered a good practice to not version that location, but an alternative location can easily be specified in our settings.php:

<?php
$config_directories['staging'] = 'config/staging';
?>

Done that, we must rebuild the Drupal cache:

$ drush cache-rebuild

Step 2: Export active configuration into staging directory via Drush

The Configuration Management system exposes a set of very handy Drush commands: in order to “dump” all active configuration into our newly set staging directory we can just run:

$ drush config-export
The current contents of your export directory (config/staging) will be deleted. (y/n): y
Configuration successfully exported to config/staging.                                                    

Step 3: Push configuration changes and import it on the staging environment

Since the staging directory is under version control we can simply git-add all its content and push it to the remote repository. After having set-up the staging environment as an exact replica of our development environment (this is actually required for the configuration staging to work) we can start profiting from the new Drupal 8 CM system. Imagine we have changed the site name on dev, after having exported, committed and pushed that change, on the staging site we will simply run:

$ git pull

$ drush config-import

Config               Operation               
system.site          update
Import the listed configuration changes? (y/n): y
The configuration was imported successfully.

For a more comprehensive overview of the Configuration Management system please refer to our previous blog post Configuration Management: Drupal 7 to Drupal 8.

Packaging configuration

For those developers familiar with code-driven development practices the three steps above might resemble what the Features module does in Drupal 7 with its features-update and features-revert Drush commands.

While Drupal 8 configuration staging capabilities are far more advanced than what Features could possibly provide, what the new Configuration Management system really lacks is the ability to package configuration.

Enter the Configuration development module

The Configuration development module, currently maintained by chx, serves two main purposes:

  • It automates the import of specified configuration files into the active storage.
  • It automates the export of specified configuration objects into files.

The module offers a simple, global UI interface where a Drupal developer can set which configuration is automatically exported and imported any time they hit the “Save” button on a configuration setting page.

In order to achieve a more modular configuration packaging it would be enough to set a specific module’s config/install directory as the actual export destination.

Nuvole contributed a patch to make that possible: instead of firing an auto-export every time a “Save” button is clicked the developer can, instead, specify in the module’s info file which configuration needs to be written back to that module’s install directory and run a simple Drush command to do that.

Reusable “features” in Drupal 8

One of the main advantages of having a standardized way of dealing with configuration means that modules can now stage configuration at installation time. In a way that’s something very close to what Features allowed us to do in Drupal 7.

Say we have our news section up and running on the site we are currently working on and we would like to package it into a custom module, together with some other custom code, and ship it over a new project. The patched Config development module will help us to do just that! Here it is how:

Step 1: Download, patch and enable Configuration development module

We need to download and enable the Configuration development module version 8.x-1.x-dev and apply the patch attached to this Drupal.org issue.

After rebuilding the cache, we will have the config-writeback Drush command available. Let's have a closer look at what it is meant to do:

$ drush help config-writeback

Write back configuration to a module's config/install directory. State which configuration settings you want to export in the module's info file by listing them under 'config_devel', as shown below:

config_devel:
  - entity.view_display.node.article.default
  - entity.view_display.node.article.teaser
  - field.instance.node.article.body


Examples:
drush config-writeback MODULE_NAME        Write back configuration to the specified module, based on .info file.

Arguments:
module                                    Module machine name.

Aliases: cwb

Step 2: Find what configuration needs to be packaged

We now look for all configuration related to our site’s news section. In Drupal 8 most of the site configuration is namespaced with related components so, if we keep on using consistent naming conventions, we can easily list all news-related configuration by simply running:

$ drush config-list | grep news

entity.form_display.node.news.default
entity.view_display.node.news.default
entity.view_display.node.news.teaser
field.instance.node.news.body
image.style.news_medium
menu.entity.node.news
node.type.news

Step 3: Package configuration

To package all the settings above we will create a module called custom_news and, in its info file, we will specify all the settings we want to export, listing them under the config_devel: directive, as follows:

$ cat modules/custom_news/custom_news.info.yml

name: Custom News
type: module
description: 'Custom news module.'
package: Custom
core: 8.x
config_devel:
  - entity.form_display.node.news.default
  - entity.view_display.node.news.default
  - entity.view_display.node.news.teaser
  - field.instance.node.news.body
  - image.style.news_medium
  - menu.entity.node.news
  - node.type.news

After enabling the module we will run:

$ drush config-writeback custom_news

And we will have all our settings exported into the module’s install directory:

$ tree -L 3 modules/custom_news/

modules/custom_news/
├── config
│   └── install
│       ├── entity.view_display.node.news.default.yml
│       ├── entity.view_display.node.news.teaser.yml
│       ├── field.instance.node.news.body.yml
│       ├── image.style.news_medium.yml
│       ├── menu.entity.node.news.yml
│       └── node.type.news.yml
└── custom_news.info.yml

The Drush command above takes care of clearing all sensitive UUID values making sure that the module will stage the exported configuration cleanly, once enabled on a new Drupal 8 site.

To get the news section on another site we will just copy the module to the new site's ./modules/ directory and enable it:

$ drush en custom_news

The following extensions will be enabled: custom_news
Do you really want to continue? (y/n): y
custom_news was enabled successfully.      Final evaluation: Drupal 7 versus Drupal 8

One of the main differences between working in Drupal 7 and in Drupal 8 is represented by the new Configuration Management system.

While Features was proposing a one-stop solution for both configuration staging and packaging, Drupal 8 CM does a better job in keeping them separate, allowing developers in taking a greater control over these two different and, at the same time, complementary aspect of a solid Drupal development workflow.

By using the method described above we can upgrade our comparison table between Drupal 7 and Drupal 8 introduced in one of our previous posts as follows:

Functionality D7 Core D7 Core + Features D8 Core (current) D8 Core (current) + Patched Config Devel Export full site config (no content) NO NO YES YES Export selected config items NO YES YES YES Track config changes (full site) NO NO YES YES Track config changes (selected items) NO YES YES YES Stage configuration NO YES YES YES Package configuration NO YES NO YES Reuse configuration in other projects NO YES NO YES Collaborate on the same project NO YES NO NO

The last "NO" deserves a brief explanation: Configuration Management allows two developers to work simultaneously on different parts of the same project if they are very careful: but "merging" the work would have to be done by version control (GIT or similar), that doesn't know about YAML or Drupal.

Some open issues

Contributed modules seem to be the best way to enhance the core Configuration Management system, much like what happened with Drupal 7 and Features. There are still several issues that should be considered for an optimal workflow, to match and improve what we already have in Drupal 7:

  • Piping: the ability to relate configuration components based on both hard and logic dependencies, for example: I export a content type and, automatically, I get also its fields. If piping might have been too rigid, at times, it would be still useful to have in some configurable form.
  • Enhanced configuration diff: it might be useful to have the possibility to review what configuration is going to be installed before enabling a module, like it is now when importing staged configuration to the active storage.
  • Granularity: it is still impossible to export part of a configuration file, so we still depend on the core conventions for grouping configuration into files, and we can't export a single permission for example.
  • Ownership: we can't know if another module (or "feature") is tracking a component we wish to track; this could be useful in the perspective of maintaining several "modular" features.
  • Updates: we can reuse configuration by simply enabling a module, but this holds only for the initial installation; after a module is enabled, we don't have a clean way to import changes (say, to "upgrade" to a newer version of the feature) outside the standard workflow foreseen in Configuration Management.
Tags: Drupal 8, Drupal Planet, DrupalCon, Drush, Code Driven DevelopmentImage: 
Catégories: Elsewhere

Mario Lang

Planet Debian - mar, 15/07/2014 - 10:15
Mixing vinyl again

The turntables have me back, after quite some long-term mixing break.

I used to do straight 4-to-the-floor, mostly acid or hardtek. You can find an old mix of mine on SoundCloud. This one is actually back from 2006.

But currently I am more into drum and bass. It is an interesting mixing experience, since considerably harder. Here is a small but very recent minimix. Experts in the genre might notice that I am mostly spinning stuff from BlackOutMusicNL, admittedly my favourite label right now.

Catégories: Elsewhere

Kristian Polso: Password protect your Drupal site with Shield-module

Planet Drupal - mar, 15/07/2014 - 09:26
From time to time, there might arise a situation where you want to password protect your Drupal site. Maybe the site is under development, or you just want it to be available to a selection of users. This is usually done with something called "HTTP Basic Auth", which allows you to password protect a site. This can be done in Apache by modifying the .htaccess file.  There are some great tutorials on how to do this, but this is not the correct way of doing it for couple of reasons.
Catégories: Elsewhere

DrupalCon Amsterdam: Come for the Con, stay for the sprints! Plan your travel for weekend and Friday sprints in Amsterdam

Planet Drupal - mar, 15/07/2014 - 08:10

Sprints are an important part of DrupalCon you will want to experience. Arrange your travel and hotel to take advantage of the extended sprints before DrupalCon on 27-28 September, the big sprint day on Friday, 3 October, and the extended sprints after DrupalCon on 4-5 October.

Stay for the sprints on Friday

Every DrupalCon, we cap off the week with a full day of Drupal sprints. DrupalCon Amsterdam's sprint day is Friday, 3 October, starting at 9:00 and going until 18:00. You will not want to leave early and miss any of it. So, book your departure very very late Friday, or even better, Saturday or Sunday!

Whether you are a site builder, designer, programmer, themer, technical writer, project manager, or usability specialist, if you have Drupal experience, this is your chance to contribute back to the Drupal community, meet other Drupal enthusiasts and interact with them building the future of Drupal.

Something for everyone

The sprint on Friday will include three separate events:

1. First-Time Sprinter Workshop
If you're new to Drupal contribution, you can attend the FREE mentored workshop on Friday from 9-noon. The hands-on workshop will cover the basics of contribution essentials like the Drupal.org issue queues, IRC, git, and optionally setting up Drupal 8 on your laptop.

2. Mentored Core Sprint
If you are already have all the tools, have used the issue queue, have a working Drupal 8 development environment on your laptop, would like to work with a mentor to contribute to Drupal core, and would like help finding an issue to work on, or if you're not quite sure where to start contributing, come to the Mentored Core Sprint. This sprint will run all day, with First-Time sprinter workshop attendees joining in the afternoon.

Sprint mentors will help you find a task for a Drupal core issue and then help you work on it. You can create patches for bugs, add documentation to issues, test patches, and more!

To get a head start, set up your Drupal 8 development environment before Friday. Attend the core office hours from home. Or, at the conference, we will have plenty of opportunities to help get you set up at any of our Get Involved BOFs (times and locations TBD), or you can come to the First-Time Sprinter Workshop Friday morning.

3. All the Sprints!
If you're an experienced Drupal contributor, you can head straight to one of the many other share your sprint initiative to do focused work on one particular area of Drupal, like Views, the Drupal 8 multilingual initiative, the Twig theming system, Migrate, Drupal.org, and more.

You will work directly with initiative leads and collaborate on issues. This is a great opportunity to make a difference for the Drupal project AND learn from peers how to solve problems!

Mentor new contributors

Are you already familiar with setting up a development environment or with the core contribution process? Want to help other contributors? We need about 35 mentors to work with our first-time contributors. Sign up early and secure your mentor t-shirt in the size of your choice.

Sign up to help mentor

Want to mentor, but also want to sprint yourself? Extended sprints to the rescue!

Extended Sprints are 27-28 September and 4-5 October

Take advantage of being able to work with others from around the world with extra days: extended sprint days! Read more details and sign up for extended sprints so we can make sure we have enough resources and room for you! We'll be sprinting around the clock at the Berlage in the heart of Amsterdam and seeing the sights and enjoying the city's great pubs and restaurants during breaks.

Make a difference

DrupalCon sprints are critically important to pushing the Drupal project forward, and are also a great opportunity to give back alongside the people who help bring the code to life. Join us DrupalCon Amsterdam and help make an impact!

Sponsor opportunities available

Friday sprints are sponsored by Werk21, extended sprint venue, coffee and catering thanks to the Drupal Association, Acquia Large Scale Drupal, Open8, and … YOU?

Contact us for more information or to sponsor.

--
Cathy Theys (YesCT)
DrupalCon Amsterdam sprint lead

Catégories: Elsewhere

NEWMEDIA: Drupal PCI Compliance White Paper: Version 1.1 Released!

Planet Drupal - mar, 15/07/2014 - 05:20
Drupal PCI Compliance White Paper: Version 1.1 Released!Version 3.0 of the PCI compliance standard becomes mandatory on January 1st, 2015 and will be a complete game changer for most Drupal eCommerce sites.Are you ready to meet the challenge?

For those wanting to dive right in, simply click this link to download the white paper.

Matt Kleve was spot on in his DrupalCon Denver 2013 presentation title PCI: a Four-Letter Word of eCommerce. Whenever I present on or discuss the subject matter with other members of the community, there is usually some level of disdain for the payment card industry (PCI) for creating the data security standard (DSS) that we all commonly know as PCI compliance. The complaints are many:

  • It's too confusing.
  • It's too difficult.
  • It's too expensive to deal with.
  • It's security theater.
  • It doesn't guarantee you'll never get hacked.

Once everyone has finished airing their grievances, there is always the unspoken question that you can see on everyone's face... Can't we just ignore this little nuisance of a requirement and get back to processing credit card transactions?

The reality is that we cannot pretend PCI compliance doesn't exist. The growth of the eCommerce market can only continue as long as users trust the process, and that can only happen if the end-to-end process remains secure. Oh—and any merchant agreement you sign will stipulate PCI compliance as a requirement (make sure to read all that fine print!). Therefore, if you want to accept credit or debit cards payments online (even through 3rd party) then you really have no other choice. Compliance is mandatory.

That's the bad news. The good news is that understanding where and how to get started for a Drupal site is much easier as a result of the Drupal PCI Compliance White Paper that was initially published a year ago (and a HUGE thanks to the many sponsors that helped make that happen). It's readable within an hour and can help everyone involved on a Drupal project make informed decisions and reduce their risk as much as possible.

The Standard Gets Stronger

As the volume of eCommerce transactions continues to grows, it becomes even more important to protect every component in the entire system handling the transaction. After all, a single point of failure was responsible for Target debacle, where the credit card records of 40+ million customers were compromised. This resulted in a huge financial loss for the company as well as a PR nightmare to deal with.

To minimize these types of attacks from growing in size and frequency, the security standard must keep up. The latest update to the PCC-DSS (version 3.0) was published in November, 2013 and will become mandatory of all eCommerce sites on January 1st, 2015.

What PCI-DSS 3.0 Means for Drupal

It's hard to understate the impact this will have on the Drupal community. In version 1.0 of the standard, there was a there was a very easy way out. Simply redirect the user to a hosted payment page on PayPal or Authorize.Net and you could outsource almost all of your responsibilities. This became the goto solution for many budget conscious eCommerce websites.

Version 2.0 of the standard introduced a gray area. The PCI council created a supplemental guide that stated the hosted payment pages, direct post, and iframe solutions all had vulnerabilities. Despite disclosing these attack vectors, the PCI council didn't directly come out and state that they must now meet a larger set of security controls. This didn't stop certain vendors (notably Braintree) from promising compliance within 15 minutes. The dilemma for someone interpreting version 2.0 of the standard was obvious: if there were ways to break in and steal cards, wouldn't that require one to fully lock down the LAMP stack and Drupal application layer? This gray area only led to additional confusion among the Drupal community, who (as a whole) simply opted for the easy route interpretation of the standard.

Version 3.0 ended the confusion entirely. Now hosted payment pages and direct post solutions fall into a new category (SAQ A-EP), which includes over 139 security controls that cover everything from anti-virus to password policy requirements. What used to be trivial (SAQ A) for most websites to achieve has become very challenging. No longer are shared hosting solutions viable. No longer can a website lag behind on updating Drupal core and contrib modules when security updates are available. No longer is it acceptable to enable php filter, allow authenticated users to use the full HTML filter, or manage a site through a shared FTP login.

In short, this is a big damn deal for the Drupal eCommerce community. Without readily available "turnkey" solutions (such as PCI Level 1 managed hosting), many smaller eCommerce sites may not be able to meet the requirements and may be forced to seek non-Drupal based alternatives. In fact, the cost of achieving and maintaining SAQ A-EP could easily fall within the $10,000-$100,000 price range, which is likely to exceed the entire budget of most Drupal eCommerce sites!

Learning More

Covering all the ins and outs of PCI compliance is difficult to do in a single blog post (trust me, I tried with the excessively long article titled Let's Talk About PCI Compliance for Ubercart and Drupal Commerce. Therefore, I'll close with this final recommendation (or plea): if you build, maintain, operate, or own an eCommerce website, then you should absolutely read the new version of the Drupal PCI Compliance White Paper. And if you have any comments, questions, or concerns, please submit an issue in the github issue queue.

Catégories: Elsewhere

PreviousNext: Using Mink for web testing

Planet Drupal - mar, 15/07/2014 - 01:00

PreviousNext have been using Behat to test Drupal 7 sites for some time now. More recently, there has been a big push to introduce Behat tests in Drupal 8. So what is it all about?

In this post, I'll be taking a look at the Mink layer behind Behat and using it for web scraping and functional testing and what this means for the future of Drupal testing.

Catégories: Elsewhere

Károly Négyesi: Drupal 8 progress from my / MongoDB perspective: update #27

Planet Drupal - mar, 15/07/2014 - 00:53

There hasn't been an update for some time now; things have quieted down a bit, I am mostly just writing drivers now (and coach people on migrate). MongoDB module caught up with the latest config changes and so the module works again. Migrate bugfixing moves along steadily with more and more people actually trying it and fixing bugs, hurray! Blocks now get placed more sensibly, there's steady progress on D6->D8 CCK Single On/Off Checkbox, Checkboxes/Radio buttons, and Select formatters, also node authors in more interesting cases are broken (In Drupal 6, the node.uid and the node_revision.uid can be different). The first step for migration groups is ready. This is the stepping stone for Drupal 7 migrations because quite a few migration will need to be in both the Drupal 6 and the Drupal 7 group. It is also quite important for contrib -- now contrib will be able to just add in a migration YAML that this migration belongs to the Drupal 6 group and it'll run along with core, as easy as that.

Our favorite meta issue convert SQL queries to entitity queries issue is almost finished, opens the door for multilingual / performance enhancements and of course MongoDB :)

I have discussed with Crell how to define a standard mechanism for backend-aware service overrides. As usual, this is good for core because it allows MySQL and PostgreSQL specific drivers but also at the same time it will help MongoDB as well: currently the MongoDB module handles the service overrides but it's an all-or-nothing thing. With this issue, you'll be able to mix various storage backends as you want in a standard fashion.

Finally, even if it's not directly MongoDB related, the issue to switch on twig autoescape is almost done too -- this will make Drupal 8 more secure, even custom modules and custom themes will be easier to write in a secure fashion. Hopefully this will make Drupal 8 an even more appealing offer.

Catégories: Elsewhere

Drupal Association News: Drupal Association Board Meeting Summary

Planet Drupal - mar, 15/07/2014 - 00:22

We held our July Drupal Association Board Meeting last Wednesday. Halfway through the year, we took the opportunity to review our metrics for the year thus far, discuss some possible changes to our governance model, and tackle a couple of housekeeping issues in executive session. If you somehow managed to miss us during the live session, never fear! We've got a recording, the meeting materials, and the minutes available for your perusal, as well as this summary:

DrupalCons

DrupalCon Austin is now behind us, but it's not forgotten! We're thrilled to have helped host an event that was so successful in so many ways. We were able to beat our Portland attendance numbers, though we did fail to meet our stretch goal of 4,000 attendees. At this point, we are sifting through all the registration, financials, and evaluation data to pull together a summary report (with comparisons to Portland) for the August board meeting.

Next up is DrupalCon Amsterdam. Registration for Amsterdam is strong and we're particularly excited that we had a record number of session submission - over 500! The sessions are now set, and we have a great line up, covering some of the most relevant topics for our community. There will be fun as well, of course. What's more fun than a bicycle? Apparently nothing, because many of our attendees are purchasing the bike package as part of their registration! And of course, there's Tour de Drupal

DrupalCon Latin America is the first DrupalCon scheduled for 2015. The site is scheduled to be up in mid-August for session submissions. We are also working on determining how we will handle languge and translation at DrupalCon Latin America. Working with the local team, we are discussing options for content translation so that we can serve both English and Spanish speakers. 

Drupal.org

We were able to create a lot of momentum for Drupal.org at DrupalCon Austin. Staff and Working group members conducted several user research interviews for the User Research Project led by Whitney Hess. And, in the weeks following DrupalCon, our staff were able to deploy over 30 patches to Drupal.org that came out of the sprints in Austin. 

In addition, we also recently deployed a CDN service for Drupal.org. The CDN allows us to reduce strain on our infrastructure, increase our security, and most importantly should increase performance for users, especially those outside of the United States. We want to thank Narayan Newton (nnewton) and the rest of the Drupal.org Infrastructure Working Group for their direction and help.

Finally, there is a new way for you to keep on top of change notifications for Drupal.org. We've standardized the reporting and, in addition to posting them online at Drupal.org, you can now subscribe to an email list to receive notifications right in your inbox.

Board Governance

At the June board retreat in Austin, each of the board committees met to discuss current issues. The Governance Committee met with the aim of exploring ideas that would increase the diversity of candidates for our elected candidates, possible term limits for board members, and how to improve committee performance on the board. Based on that conversation, the committee presented several ideas for the board to discuss. No decisions were made at this time, but the Governence Committee did receive good feedback to incorporate into future proposals. 

Next Meeting

Want more board news? Get it live! Join us at one of our upcoming board meetings

Flickr photo: Kristen Pol

Catégories: Elsewhere

Deeson Online: Deeson Online and DrupalCon Amsterdam: From rockstar speakers to world-class sessions

Planet Drupal - lun, 14/07/2014 - 21:12
Deeson Online and DrupalCon Amsterdam: From rockstar speakers to world-class sessionsBy Lizzie Hodgson | 14th July 2014Look alive! DrupalCon Amsterdam is going to be here in no time, and Deeson Online are once again a proud Silver Sponsor of what is shaping up to be a rather spectacular event.

Possibily the most significant date in the European Drupal community diary, DrupalCon Amsterdam will not only offer all the usual mix of community summit, sessions, BOFs and sprints, it also has some very impressive keynotes, including co-editor of Boing Boing, Cory Doctorow.

Photo credit: Jonathan Worth CC Attribution-Share Alike 2.0 Generic license

A regular contributor to The Guardian, the New York Times, Publishers Weekly and Wired, Doctorow is formerly the Director of European Affairs for the Electronic Frontier Foundation, as well as a renowned advocate of freedom in technology law, policy, standards and treaties. Nice.

Deeson Online are getting involved too!

We'll share our BOFs in the next few weeks, but Deeson Online MD, Tim Deeson, is going to be running a session with Vesa Palmu from Wunderkraut, Paul Johnson from CTI Digital and Jeff Walpole of Phase2 – all chaired by Robert Douglass from Commerce Guys.

About the session

Entitled 'Life in the fast lane - achieving sustainable growth' the panel will explain how they built their world-class Drupal businesses.

From growing pains to scaling to meet demand, the audience can quiz each panellist on how they've broken through various barriers to get to where they are as a company.

Key topics will include:
  • How do you differentiate your business in the market?
  • Describe a defining moment which changed your business
  • To service larger clients, what specialisms have you needed to deliver in-house?
  • How does your business plan to sustain growth ie VC, Acquisition, JV?
  • What is the most challenging aspect of delivering larger projects?
  • How do you mitigate risk?
  • What is the biggest challenge your business foresees?
  • How should large Drupal shops contribute to the sustainability of the project?
So if you want to learn from leaders of four of the world's most accomplished Drupal businesses, this session is for you!
Catégories: Elsewhere

Lullabot: Module Monday: Honeypot

Planet Drupal - lun, 14/07/2014 - 20:00

Fighting spam is an ongoing cat and mouse game as site owners come up with protections against spam, and spammers come up with increasingly impressive ways to bypass those protections. Solutions like Mollom have been popular in recent years, however Mollom is tied to an external service and only works while that service is running smoothly. Additionally, it costs money if your site has a lot of traffic. CAPTCHA challenges are also a popular solution, but they have accessibility problems -- and automated tools are getting increasingly successful at bypassing them.

Catégories: Elsewhere

Acquia: The Open Source Value Proposition

Planet Drupal - lun, 14/07/2014 - 16:36

Every so often, advocates and vendors of proprietary/closed source software attempt a FUD (Fear, Uncertainty & Doubt) campaign of comment and link-baiting in order to reframe the conversation around Open Source. The arguments brought up in these discussions are predictable and generally straw man arguments that hold little water, so I wanted to take time to break these down and show the real value proposition of Open Source platforms, web content management systems generally, and Drupal specifically.

Catégories: Elsewhere

Pages

Subscribe to jfhovinne agrégateur - Elsewhere