Drupal Planet

Subscribe to canal de noticias Drupal Planet
Drupal.org - aggregated feeds in category Planet Drupal
Actualizado: hace 2 horas 53 mins

Drupal Association blog: Meet the Drupal Association 2018 At-Large Board Member Candidates

Mié, 06/13/2018 - 09:24

Did you know you have a say in who is on the Drupal Association Board? Each year, the Drupal community votes in a member who serves two years on the board. It’s your chance to decide which community voice you want to represent you in discussions that set the strategic direction for the Drupal Association. Go here for more details.

Voting takes place from July 2 until July 13. Anyone who has a Drupal.org profile page and has logged in to their account in the last year is eligible to vote. This year, there are candidates from around the world. Now it’s time for you to meet them.

Meet The Candidates

We just concluded the phase where nine candidates nominated themselves from six different continents for the board seat. From now through July 2, we encourage you to check out each person’s candidate profile, where they explain which board discussion topics they are most passionate about and what perspectives they will bring to the board.

This year, we asked candidates to include a short video - a statement of candidacy - that summarizes why you should vote for them. Be sure to check them out. Videos are found in the candidate’s profile as well as here:

What To Consider

When reviewing the candidates, it is helpful to know what the board is focusing on over the next year or two, so you can decide who can best represent you.

Here are the key topics the board will focus on.

  • Strengthening Drupal Association’s sustainability. The board discusses how the Association can improve its financial health while expanding its mission work.

  • Understanding what the Project needs to move forward and determine how the Association can help meet those needs through Drupal.org and DrupalCon.

  • Growing Drupal adoption through our own channels and partner channels.

  • Developing the strategic direction for DrupalCon and Drupal.org.

There are certain duties that a candidate must be able to perform as a board member. The three legal obligations are duty of care, duty of loyalty, and duty of obedience. In addition to these legal obligations, there is a lot of practical work that the board undertakes. These generally fall under the fiduciary responsibilities and include:

  • overseeing Financial Performance

  • setting Strategy

  • setting and Reviewing Legal Policies

  • fundraising

  • managing the Executive Director

Hopefully providing this context gives you a helpful way to assess the candidates as you decide how to vote From July 2 until July 13.

We encourage you to ask the candidates questions. Use comments to leave a question on their candidate profile page.

Agiledrop.com Blog: AGILEDROP: Our blog posts from May

Mié, 06/13/2018 - 07:22
You have already seen what Drupal blogs were trending in the previous month, and now it is time to look at all our blog post we wrote. Here are the blog topics we covered in May.   The first blog post was How to Integrate Google Analytics with Drupal 8. It’s really important to keep track of the statistics of your websites. One tool that stands out and probably beats all others in terms of popularity when it comes to website analytics is Google Analytics. In this blog posts, we looked at how you can integrate Google Analytics with Drupal, specifically with Drupal 8.    The second was a … READ MORE

Droptica: Droptica: Effective software delivery? Remote SCRUM team

Mié, 06/13/2018 - 06:05
The deadline is today. A remote development team have worked for several weeks on your software. You obtain the long-awaited access to the system. You check it and you are not satisfied with the achieved results. All that was needed to avoid this problem is a team with experience in technology and working using SCRUM. What is SCRUM Wikipedia defines SCRUM as an agile framework for managing work. It is an approach used in many companies to develop software. Full definition can be found here https://en.wikipedia.org/wiki/Scrum SCRUM solves most of the problems arising during software development This is my opinion and many people agree with it. I have been developing commercial projects since 2008. I started as a programmer. Currently, I am supervising high-level projects.

Freelock : Freelock Named Top Web Developer in Seattle on Clutch & The Manifest!

Mar, 06/12/2018 - 16:30
Freelock Named Top Web Developer in Seattle on Clutch & The Manifest! Submitted by Don Dill on Tue, 06/12/2018 - 13:30

Here at Freelock, we are all in for web development. Truly, what could be more important for our clients in today's climate than a properly functioning and safe website? We are pleased to share that our expertise has paid off as we have been identified again an industry leader by Clutch. 

Agile Awards Business Client Drupal Planet feedback Project Management Quality Assurance Results

Specbee: Why We Love Web Accessibility With Drupal 8 : Why You Should Care Too

Mar, 06/12/2018 - 10:03
Why We Love Web Accessibility With Drupal 8 : Why You Should Care Too
  • By : Ganesh
  • Date :12-06-2018

Amazee Labs: Zurich Drupal Meetup - June

Mar, 06/12/2018 - 09:37
Zurich Drupal Meetup - June

Join us on Wednesday, at Gridonic, for the upcoming Zurich Drupal user group meetup.

Anli de Jager Tue, 06/12/2018 - 14:37

The gathering is dedicated to all those interested in Drupal. Everyone, from beginners to experts, are more than welcome.

Hope to see you there!

Date and time: Wednesday, June 13, 2018, from 6:30 PM to 9:00 PM

Venue: Gridonic - Ernastrasse 22, Zürich

Vardot: 6 Reasons Why Leading News and Media Networks are Using Drupal 8

Mar, 06/12/2018 - 08:03
Ahmed Jarrar June 12, 2018

The world’s top news and media networks operate different sites to targeting a wide audience. They know that the only thing better than playing to a niche market is playing to all the niche markets --by running multiple websites tailor-made to fit the preferences of their different market segments, they play to win.

This kind of business model takes effort. Their content has to be distributed in multiple languages and reworked to fit different cultures. Naturally, it takes the right CMS to be able to pull this off while still managing to be user-friendly (after all, new content pops up every hour of a given day).

This article will cover the reasons why leading news and media outlets opt for Drupal 8, choosing the framework for all other alternatives in the market. Read on to find out why Drupal is trusted by 73% of the top news and media networks (including Al Jazeera, the Walt Disney Company, Time Inc., The Economist, Twenty-First Century, CBS, and Viacom) are using it.

 

Drupal 8 is Optimized for a 24 Hour News Cycle

 

The news cycle is both the greatest and worst thing to ever happen to news media. On one hand, it guarantees a steady stream of content, and therefore opportunities to earn from subscriptions and ad space. On the other hand, news media practitioners are almost always on the clock.

The freshness of a news item is time-sensitive and highly dependent on presentation (nobody wants to read a poorly-presented article, for instance). This is why a CMS like Drupal 8, which offers core features straight out of the box, is preferred among newsmen. For example, Drupal offers a rich media editor for the content creation stage of editorial work.

Drupal’s functionality also extends beyond the newsroom, with offerings such as monetization tools, social media integration, and near-universal 3rd party integration.

 

Drupal 8 is Easy to Personalize and Localize

 

Personalization is the key to engaging with an audience. Users want to see content that appeals to their interests and challenges them to discover new information. Naturally, timing is also a major factor; a news site that is aware of their readers’ most active times can take full advantage of things like push notifications, and special offers to exclusive content.

Beyond this, news agencies need to be able to push content that appeals to a person’s sense of locality --people are naturally drawn to things that might have an impact on their lives directly. While there’s no contesting the average person’s curiosity about distant happenings, top news and media networks know how to tap into the power of the parochial mindset.

Drupal enables personalization through a suite of powerful tools designed by its large community of developers. The platform makes it easy to connect readers to the kinds of content that align with their interests. Likewise, localizing content is a necessity made accessible through the platform --nurturing a loyal following is easier with Drupal 8, which allows your content to be relevant to events that take place in their immediate surroundings.

 

Drupal 8 Allows for Convenient Multi-Site Management

 

Running multiple websites is easy with Drupal. The platform allows businesses to run multiple websites grounded in the same code base. In plain English, you don’t need to build websites from scratch every time you want to expand your base of captive niches, and you can apply the same brand of aesthetic and experiential quality to your different digital holdings.

Drupal offers a multi-site management solution, complete with tutorials, that makes the job of expanding a news empire about as accessible designing a blog. Put this together with Drupal’s offer of news and media distribution solutions straight from the box, and sprawling online presences for news agencies can grow virtually overnight.

Drupal 8 is Secure

Security is a natural concern for any organization, and news companies are no exception. Nobody wants to lose credibility in the face of a cyber attack, or worse, have their subscribers’ data leaked.
One of the pivotal reasons why the media prefers Drupal is the long tradition of security that surrounds the platform. Between the swarms of developers working to close every loophole and patch over every possible entry point and the dedicated team of security specialists attached to Drupal, the framework does an excellent job of guaranteeing its users’ security.

 

Case Study: Uber Publisher & Al Jazeera

 

We mentioned Al Jazeera among the list of news agencies that rely on Drupal for their CMS needs. They were generous enough to agree to serve as an extensive case study on the official Drupal website, and some of the major takeaways do a good job of proving how the platform is a good fit for the industry.

The case study banks on the news agency’s growth after their tie-in with Drupal. It also describes how the agency met their myriad goals, including the unification of AJMN’s digital assets and workflows into a single interface. All told, the decision to opt for Drupal was a success for Al Jazeera.

Now, what the case study didn’t cover was Al Jazeera’s decision to opt for one Drupal-based solution in particular: Uber Publisher, a sub-profile of Varbase. Uber Publisher is a Drupal distribution that contains over a thousand out-of-the-box features and is continuously funded, supported, and improved by Vardot --and likely a contributing factor to Al Jazeera’s digital success. Its features for media marketing, automated tagging, easy authoring, and SEO make it a potent tool in the hands of a business of any size.

 

Conclusion

Drupal 8 is an optimal solution for news and media networks, regardless of their size. It’s affordable, convenient, and easy to both implement and maintain over the lifespan of a media agency. A good network would do well to tap into the functionality that Drupal has to offer, and a great one would scan the market for tools such like Vardot’s Uber Publisher; with any luck, they’ll meet the same digital success as Al Jazeera and its cohort (or exceed it).

Appnovation Technologies: Phases of Team Performance

Lun, 06/11/2018 - 22:54
Phases of Team Performance We should be aware that adding or removing resources on projects have a tendency to interrupt and impact the overall performance of a team. Certainly with the higher numbers represented within a team, switching of members would likely not feel a huge impact. But we can all see more often than not, when it’s in smaller groups, where any member represents ...

Drupal.org blog: What’s new on Drupal.org? - May 2018

Lun, 06/11/2018 - 19:39

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Announcements Change your git remote configuration

We will be deprecating the git remote format @git.drupal.org/project/;.git in favor of git@git.drupal.org/project/<yourproject>.git in preparation for changes to our developer tooling stack. If you used the <username>@ format for your git remotes, you should change your remote to the git@ format. You can use $ git remote set-url to make this change for existing repositories you have cloned.

We have updated the version control instructions on Drupal.org to reflect this change, and will be updating the git daemon to warn developers who are using the deprecated remote format.

Proposal: Improving Core's Relationship with Composer

In May, Mixologic from the Drupal Association engineering team worked with community members Mile23, Bojanz, Webflo, and others in the community to develop a proposal for improving Drupal Core's relationship with Composer.

In its simplest form, the proposal is to: Conceptually separate Drupal, the product, from Drupal's git repository, and provide a mechanism that creates a composer ready Drupal installation.

Going into early June, we've been circulating this proposal to the Core Committers, the Auto-Updates Initiative team, Contrib maintainers, Distribution maintainers etc.

Credit for non-code projects on Drupal.org

We're excited to announce that we've created a 'Community Projects' section in the Drupal.org issue queues. This section exists to record all the tremendous community labor exercised to promote the Drupal project in ways other than code. This format was pioneered by the Drupal Diversity and Inclusion group, who started recording their meeting minutes in the issue queues so they could provide contribution credit for attendees. This same model can be used by initiative coordinators, camp organizers, or any other Drupal community group that would like a place to recognize their work with the official contribution credit system.

The Contribution Credit system is one of the Drupal projects most successful innovations in the way that open source projects are managed, and it will continue to evolve and grow as time goes on.

Updates for GDPR

Are the words "We've updated our privacy policy" burned into your laptop screen yet? Well in May we did the same.  In particular, we've updated our Terms of Service, Privacy Policy, Digital Advertising Policy, and Git Contributor Agreement to clarify our compliance with the EU's GDPR. We also initiated a re-consent campaign for our marketing lists. If you have not re-consented to communications we strongly encourage you to do so

Launched the Customer Supporter program

Have you built great relationships with your Drupal customers? Help them contribute back to the project by becoming part of our Customer Supporter program.

Drupal.org Updates Self-nominations for the Drupal Association board are live

Each year one of the two community-held seats on the Drupal Association board comes up for election. We opened the self-nomination process for this year, and some passionate and dedicated members of the community have already stepped forward with their candidacy.

To learn more, you can view our portal for the 2018 Elections Process. Key dates to remember:

  • Self nominations: 1-11 June, 2018
  • Meet the candidates: 12-29 June 2018
  • Voting: 2-13 July, 2018
  • Votes ratified, Winner announced: 25 July, 2018
Better landing pages for Drupal's strategic initiatives

Did you know there are 12 active Drupal strategic initiatives right now?

To help the initiative coordinators promote this work, and recruit more open source contributors to the cause, we've given initiative coordinators new landing page tools. Check out the first initiative to use this landing page: the Admin UI and Javascript Modernization Initiative.

These tools are the first step in improving the project management tools available to initiative coordinators to help move the Drupal project forward.

Historical user and organization contribution data is now available.

Drupal.org user profiles show the last year's worth of contributions by users. We chose the one year window deliberately, to promote the importance of a user's more recent activity. However, seeing a user's complete contribution history can be valuable as well. We've recently added a link to the bottom of this view to display that history.

Similarly, organization profiles have shown the last 90 days of contributions by organization. Again, we chose this very deliberately to emphasize the  importance of recent and ongoing contribution. However, as with user accounts, these profiles now also include a link to the organization's complete contribution history. You can see an example of where to find this link below:

Expanded spam protections

After the sunsetting of Mollom in March of this year, we've been implementing a new set of tools to mitigate spam on Drupal.org. We expanded these protections in May, using a combination of bot detection, content analysis, rate limiting, and more to try and reduce the impact of spam attacks on Drupal.org. The less time the community spends wading through spam, the greater the velocity of the Drupal project.

And a Thank You

We'd also like to give a special shout out to contributor Wim Leers, for his incredibly kind 'Ode to the Drupal Association' about our work on the testing infrastructure. The nature of software engineering has a tendency to draw our attention to things that are broken, buggy, or unoptimized, and so when things are working well that success can sometimes feel invisible.

Fortunately, the Drupal community puts people first, and celebrates our collective success, and Wim's words are a tremendous example of that ethos.

Thank you, Wim - and thank you to everyone who takes the time to recognize the hard work and dedication of your fellow contributors.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who make it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Jacob Rockowitz: Project Management + Estimation + Mentorship = Sustainability

Lun, 06/11/2018 - 14:55

These are some of the ingredients that can make open source sustainable

The title of this blog post, "Project Management + Estimation + Mentorship = Sustainability" does not represent an exact formula for solving the challenges of open source sustainability. It establishes what I feel are the ingredients to a recipe that could significantly improve the sustainability of open source projects. To discover the right recipe for sustainability, it is key to define sustainability.

Defining open source sustainability

The above description could sound like a standard cooperative or partnership agreement except that the General Public License (GPL), attached to most open source projects, makes the product of this arrangement entirely free for anyone to use and alter. This is the challenge of open source sustainability: the result of our labor, aka the product, is absolutely free. There is no doubt that people and organizations have found incredible value in open source software. But what is the value of the labor?

Personally, I am passionate about maintaining my project the Webform module for Drupal 8, because it is my baby. The reality is that our kids grow up and we need to make sure they are independent and healthy. We put in the time and effort because we consider it worthwhile and because we care. This parent/child analogy helps clarify the simple but key notion that everyone who contributes and is involved in open source cares about their project and community. People and organizations contribute a considerable amount of time to build and maintain their open source projects. It’s time and energy that could equate to money.

Time = Value = Money

Let's accept the reality that when a developer contributes to open source, they are typically taking time away for their paying jobs (and family) to...Read More

OPTASY: What Does It Take to Develop a Mobile-First Content Strategy for Your Drupal Website?

Lun, 06/11/2018 - 11:47
What Does It Take to Develop a Mobile-First Content Strategy for Your Drupal Website? adriana.cacoveanu Mon, 06/11/2018 - 14:47

There's definitely no way around it, not anymore: with Google's index now mobile-first, adopting a mobile-first approach when building a new Drupal site (or redesigning a legacy one) is… a must! It no longer depends on a specific project's needs or on the used technology. The need to develop a mobile-first content strategy has gone from particular to universal.

And facing the challenge of:
 

  1. (re)creating
  2. optimizing
  3. structuring
     

… content on your Drupal website means conforming to those specific patterns that mobile users have developed for reading content on their smartphones.

ComputerMinds.co.uk: Rebranding ComputerMinds - Part 6: Migration

Lun, 06/11/2018 - 10:03

I volunteered to carry out the migration for the new ComputerMinds site as migration was one of the very few areas of Drupal that I hadn’t delved into thus far. With Drupal 8 becoming more and more popular, now was a great opportunity to learn the migration ropes. Luckily, Drupal 8’s migration has greatly improved since Drupal 7 so my life was made somewhat a little “easier”!

This article will be aimed at some of my finds and processes, rather than a “How to do a D8 migration”.

Since our new site was very different to our old one in terms of content, we had to be quite choosey in exactly what was needed. We decided that we only really needed the articles; pretty much everything else was a fresh start. We would be manually carrying over users; as that would be too little work to warrant writing a migration for.

In order for us to get our articles over from the old site, we would need to migrate the current taxonomy terms, URL aliases (this would come back to bite me hard!), files and last but not least, the article nodes themselves. Migrating just a node seemed simple enough, but you quickly forget that it is more than just a node. All the stuff attached to the node has to be carried over.

Modules like Migrate plus and Migrate tools are great additions to the migration family and I can highly recommend them; they make life so much easier! Migrate plus “basically” writes the migration for you :)

With Migrate plus doing the bulk of the work for me, the only PHP code I needed to write was to map our old User ID’s to the new ones, so original authors would be retained. Otherwise I could take all the credit for every single article ComputerMinds has ever written in the past (mwahah!). This can be easily achieved using a simple process plugin.

/** * This plugin will tie a piece of content with an existing user. * * @migrateProcessPlugin( * id = "user_id_mapper" * ) */ class UserIdMapper extends ProcessPluginBase { /** * {@inheritdoc} */ public function transform($value, MigrateExecutableInterface $migrate_executable, Row $row, $destination_property) { $mapping = [ 'oldID' => 'newID', ]; if (!empty($value)) { $value = $mapping[$value]; } return $value; } }

We had some term reference fields, and like Drupal 7, Drupal 8 will reduce your potential workload - it creates taxonomy terms for you if those terms are missing from your new site. Nice and easy.

The biggest remaining hitch was extracting the three components from a body field. These are value, summary and format. Summary and format were fairly straight forward, but attaining the value component was a real pain (the code below will show you otherwise). Straight away you’ll notice inconsistencies with the “keys”. I would have expected the format to have been body/value, body/summary and body/format, but alas this was not the case.

body: body body/summary: source: teaser body/0/format: plugin: static_map source: body/0/format map: markdown: markdown full_html: basic_html filtered_html: restricted_html

This took a few painful hours to debug and figure out, to this day I still do not know why! At least this being documented here can save others some pain and time.

With all migration finished and the site ready to be shipped out, what came apparent is that (as mentioned very briefly earlier) I had not accounted for some URL aliases (I had used a process plugin to pinch only the aliases we needed). I’d assumed, yes assumed (naughty developer), that ALL articles had the SAME URL path auto pattern. Big, big boo boo. What I didn’t know was that some articles on our old side had been migrated from an even older site and these article URLs came in all shapes and sizes; shapes and sizes that do not match our current path auto pattern. I’ve been fixing redirects and 404’s since :)

Lesson of the day

Do not ASSUME everything is the same. Do go check everything is how you expect it to be before migrating content.

John Svensson: How to dynamically create image styles derivatives - Part 1

Lun, 06/11/2018 - 09:45

Three months ago I wrote an article on how to Create Image Styles and Effects programmatically and today we're following up on that article but introducing on how we can do that dynamically.

So, essentially what we would like to do is that we display an image, where we can adjust the way the image is outputted, given a height, width or aspect ratio etc.

Please bear in mind that all code provided in this article are experimental and does not yet cover things like access control, etc in this part.

Let's take a look at the service Unsplash.com. Its basically a free image bank with high quality images submitted by awesome freelancers and professionals that you can use for free.

Image by Eric Ward

The URL for the image above is the following:

https://images.unsplash.com/photo-1499365094259-713ae26508c5?ixlib=rb-0.3.5&ixid=eyJhcHBfaWQiOjEyMDd9&s=26d4766855746c603e3d42aaec633144&auto=format&fit=crop&w=500&q=60

The parts we're actually interested in are: &auto=format&fit=crop&w=500&q=60 we can adjust them as we like and the image is displayed differently, i.e. changing the width of the earlier image to a smaller one:

Alright, that's what we would like to do in Drupal 8. This article will be very iteratively, we'll rewrite the same code over and over until we get what we want. We'll notice issues and problems that we will deal with through out the article.

Prepare an environment to work in

We'll use a fresh Drupal 8.6.x installation.

To quickly scaffold some boilerplate code I'm going to use Drupal Console.

First let's create a custom module where we can put our code and logic in:

$ vendor/bin/drupal generate:module

I'll name the module dynamic_image_viewer

dynamic_image_viewer.info.yml

name: 'Dynamic Image Viewer' type: module description: 'View an image dynamically' core: 8.x package: 'Custom'

Next we need some images to work with, we'll use the core Media module for that. So let's enable that module:

vendor/bin/drupal module:install media

Now we can add some images. Go to Content >> Media >> Add media.

Implementing a Controller to display the image

The first step is to create a controller that will render the Media image to the browser. Again we'll use Drupal Console for a controller scaffold: vendor/bin/drupal generate:controller

We'll create a route on /image/{media} where Media will accept an media ID that due to Drupals parameter upcasting will give us a media instance in the controller method arguments. Doing this, if a invalid media ID is passed in the URL a 404 page is shown for us. Neat!

So we'll modify the generated controller slightly to this:

src/Controller/ImageController.php

<?php namespace Drupal\dynamic_image_viewer\Controller; use Drupal\Core\Controller\ControllerBase; use Drupal\media\MediaInterface; /** * Class ImageController. */ class ImageController extends ControllerBase { /** * Show an image. * * @param MediaInterface $media * * @return array */ public function show(MediaInterface $media) { return [ '#type' => 'markup', '#markup' => $media->id(), ]; } }

And the routing file looks like this: dynamic_image_viewer.routing.yml

dynamic_image_viewer.image_controller_show: path: '/image/{media}' defaults: _controller: '\Drupal\dynamic_image_viewer\Controller\ImageController::show' _title: 'show' requirements: _permission: 'access content'

If we install the module, vendor/bin/drupal module:install dynamic_image_viewer and hit the URL /image/1 we should see a page with the ID being outputted.

Render the original image

Ok. Currently nothing is rendered, so what we'll do is that we render the uploaded original image first.

To serve the file we'll use BinaryFileResponse. So let's update the ImageController::show method.

We'll also import the class in the top of the file:

use Symfony\Component\HttpFoundation\BinaryFileResponse;

/** * Show an image. * * @param MediaInterface $media * * @return BinaryFileResponse */ public function show(MediaInterface $media) { $file = $media->field_media_image->entity; $uri = $file->getFileUri(); $headers = file_get_content_headers($file); $response = new BinaryFileResponse($uri, 200, $headers); return $response; }

So what we do here is that we grab the File entity from the field_media_image field on the Media image bundle. We get the URI and, using the file_get_content_headers we get the proper headers. Finally we serve the file back with the proper headers to the viewer.

And if we hit the URL again:

Before we continue, we should note some things that we'll get back to later:

  • What if the media ID is not a Media image?
  • The user can still access the media even if its unpublished.
  • What about cache?
Let's make a hard-coded image derivative

To modify the image, we'll create a new instance of ImageStyle and add an image effect.

Let's update the ImageController::show method again:

/** * Show an image. * * @param MediaInterface $media * * @return BinaryFileResponse */ public function show(MediaInterface $media) { $file = $media->field_media_image->entity; $image_uri = $file->getFileUri(); $image_style = ImageStyle::create([ 'name' => uniqid(), // @TODO This will create a new image derivative on each request. ]); $image_style->addImageEffect([ 'id' => 'image_scale_and_crop', 'weight' => 0, 'data' => [ 'width' => 600, 'height' => 500, ], ]); $derivative_uri = $image_style->buildUri($image_uri); $success = file_exists($derivative_uri) || $image_style->createDerivative($image_uri, $derivative_uri); $response = new BinaryFileResponse($derivative_uri, 200); return $response; }

So what we do here is that we create a new ImageStyle entity, but we don't save it. We give it a unique name (but we'll change that soon) and then add we add an image effect that scale and crops the image to a width of 600 and height 500.
And then we build the derivate uri and if the file exists already, we'll serve it and if not we'll create a derivative of it.

There is one big problem here. Since we use a unique id as name of the image style we'll generate a new derivative on each request which means that the same image will be re-generated over and over. To solve it for now, we could just change the

$image_style = ImageStyle::create([ 'name' => uniqid(), // @TODO This will create a new image derivative on each request.

to a constant value, but I left it for that reason intentionally. The reason is that I want to explicitily tell us that we need to do something about that and here is how:

If we look back at the URI from Unsplash earlier &auto=format&fit=crop&w=500&q=60, these different keys are telling the code to derive the image in a certain way.

We'll use the provided keys and combine them some how in to a fitting name for the image style. For instance, we could just take the values and join them with a underscore.

Like so:

format_crop_500_60 and we'll have a unique string. If the user enters the same URL with the same parameters we'll be able to find the already existing derivative or if its another image, we'll create a derivative for it.

You'll also notice that I removed the $headers = file_get_content_headers($file); it is because those headers are not the correct ones for ur derivatives, we'll add them back soon.

Dynamic width and height values

On our second iteration of the code we'll now add the width and height parameters, and we'll also change the name of the image style to be dynamic.

Again, we'll update ImageController::show

We'll also import a class by adding use Symfony\Component\HttpFoundation\Request; in the top of the file.

/** * Show an image. * * @param Request $request * @param MediaInterface $media * * @return BinaryFileResponse */ public function show(Request $request, MediaInterface $media) { $query = $request->query; $width = (int) $query->get('width', 500); $height = (int) $query->get('height', 500); // We'll create the image style name from the provided values. $image_style_id = sprintf('%d_%d', $width, $height); $file = $media->field_media_image->entity; $image_uri = $file->getFileUri(); $image_style = ImageStyle::create([ 'name' => $image_style_id, ]); $image_style->addImageEffect([ 'id' => 'image_scale_and_crop', 'weight' => 0, 'data' => [ 'width' => $width, 'height' => $height, ], ]); // ... Rest of code

First we updated the method signature and injected the current request. Next, we'll get the width and height parameters if they exist and if not we fallback to something. We'll build an image style name of these dynamic values. With this we updated the name of the ImageStyle instance we create which makes sure that we can load the same derivative if the user hits the same URL. Finally we updated the width and height in the image effect.

Let's add the proper headers back

Here is the updated ImageController::show and current file:

src/Controller/ImageController.php

<?php namespace Drupal\dynamic_image_viewer\Controller; use Drupal\Core\Controller\ControllerBase; use Drupal\media\MediaInterface; use Symfony\Component\HttpFoundation\BinaryFileResponse; use Drupal\image\Entity\ImageStyle; use Symfony\Component\HttpFoundation\Request; use Drupal\Core\Image\ImageFactory; use Symfony\Component\DependencyInjection\ContainerInterface; /** * Class ImageController. */ class ImageController extends ControllerBase { /** * The image factory. * * @var \Drupal\Core\Image\ImageFactory */ protected $imageFactory; /** * Constructs a ImageController object. * * @param \Drupal\Core\Image\ImageFactory $image_factory * The image factory. */ public function __construct(ImageFactory $image_factory) { $this->imageFactory = $image_factory; } /** * {@inheritdoc} */ public static function create(ContainerInterface $container) { return new static( $container->get('image.factory') ); } /** * Show an image. * * @param Request $request * @param MediaInterface $media * * @return BinaryFileResponse */ public function show(Request $request, MediaInterface $media) { $query = $request->query; $width = (int) $query->get('width', 500); $height = (int) $query->get('height', 500); $image_style_id = sprintf('%d_%d', $width, $height); $file = $media->field_media_image->entity; $image_uri = $file->getFileUri(); $image_style = ImageStyle::create([ 'name' => $image_style_id, ]); $image_style->addImageEffect([ 'id' => 'image_scale_and_crop', 'weight' => 0, 'data' => [ 'width' => $width, 'height' => $height, ], ]); $derivative_uri = $image_style->buildUri($image_uri); $success = file_exists($derivative_uri) || $image_style->createDerivative($image_uri, $derivative_uri); $headers = []; $image = $this->imageFactory->get($derivative_uri); $uri = $image->getSource(); $headers += [ 'Content-Type' => $image->getMimeType(), 'Content-Length' => $image->getFileSize(), ]; $response = new BinaryFileResponse($uri, 200, $headers); return $response; } }

First we added a new dependency to our controller \Drupal\Core\Image\ImageFactory which allows us to construct an Image instance, where we can get meta data from the image, but also gives us a unified interface to apply things to our image. For instance, we could desaturate the image by doing $image->desaturate(); and then resave the file. Fow now we're only using it to retrieve the meta data. We'll take advantage of that in the next part, when we refactor some of the written code and add more flexibility to what we can dynamically output.

If we hit the url and add both the width and height parameters we'll get something like this:

In the up coming article we'll take a better look at what we have, what we miss (access control, what if a user hits the same URL at the same time), adding more effects, and exploring the use of the Image and toolkit APIs more in depth.

We'll most likely remove adding image effects through ImageStyles and only use the image style for creating derivates that we can we can later apply changes with the toolkit API.

If you want to continue on your own, take a look at ImageStyleDownloadController.php file in core which contains a lot of code that we can re-use.

OpenSense Labs: Best Drupal 8 Security Practices to Follow

Lun, 06/11/2018 - 08:38
Best Drupal 8 Security Practices to Follow Akshita Mon, 06/11/2018 - 17:08

Even though security remains one of the major concerns for an organization, the implication of new technologies has at the same time broadened and complicated the understanding of the term. 

Security is no more about working in isolation. 

Recent events such as Drupalgeddon 2 in March and other subsequent security releases in April – marked critical – have once again brought the question ‘Is Drupal Secure?’ to the center-table. Drupal is among those few open source projects popular for their security with a dedicated team working on to improve it. However, there are still sometimes when the security of your Drupal website is under the impression of threat. 

Security is a vast area of expertise and it is quickly changing with time. No more is it about one person working in isolation or an expert who can understand all the aspects. 

While the list of do’s and don'ts is extensive and exhaustive to keep up with the threats, vulnerabilities and mitigation strategies, here are the top seven Drupal security practices to follow in order to keep up the health of your website. 

And Aristotle once said...

The aim of the wise is not to secure pleasure but, to avoid pain. Seven Drupal 8 Security Practices Securing the Server-side Hosting Environment

Before starting off with the general security hacks and tips, you need to secure your server-side hosting environment. Here are some points to keep in mind before moving to securing your core. 

  1. Protect the server: Only a limited number of users must be allowed to access your server. One of the key points is to add a basic layer by restricting the access to server login details. Once the authentication is set up, it is easier to monitor server access and restricting file access usage. This can help you detect unusual activities.
     
  2. Hide the server signature: Server Signature needs to be hidden as it reveals an important piece of information about the server and operating system. It can let a hacker know if you are using Apache or Linux - information which can be utilized as a vulnerability used to hack the server. In order to keep the server secure from possible vulnerabilities, you need to hide the server signature. 
     
  3. Enable port wise security - Since the applications use the port numbers, it is important to keep certain port numbers hidden from general access. 
Securing the Drupal Core
  • Keep your Core Updated
    A key practice, keeping the core updated will always be the first when listing healthy security practices. And this was the first lesson we learned from the Drupalgeddon2. Always look out for core updates (include the minor releases as well) unless security is not on your agenda. In all of its advisories, the Drupal Security Team asks for updating the core version of the system. 

    If you fall a long ways behind the latest update, you are opening yourself to vulnerabilities. Since history tells us that hackers target the older versions.

    Look out for core updates. Follow the Drupal security team @drupalsecurity on Twitter. Get quick updates and announcements from the team through the emails and security newsletter. You can also follow Security Group in order to contribute and stay part of the security discussions. 

    Another important point to note here is when updating the core - ALWAYS keep a backup of your site's database and codebase. We will discuss this security practice later in the article. 
     
  • Security by Design
    As a matter of fact, every stakeholder wants security to be a simple concept, sadly it isn’t. One of the biggest misconceptions here would be that investing a hefty sum post development would ensure a secure system. However, it is never the case. 

    The best practice to follow is at the architectural level when the website is being designed. 

    Security by Design ensures that designing the software up by the ground to be secured in order to minimize the impact of a vulnerability when discovered. Pacing up your security from the foundation - is the key. It implies following the best security practices at the architectural level instead after building the website. 

    When the foundation of the design remains secure regardless of a reasonable approach adopted later, you can tackle the issues easily. A uniform methodology needs to be adopted to protect the assets from the threats. 

    Once the requirements have been collected, the architecture can be laid out and other elements can be discussed later like trusted execution environment, secure boot, secure software update among others.
"The key to security is eternal vigilance"
  • Use Additional Security Module
    When covering security, there is nothing as better than equipping yourself with more and more. To keep the walls up high, you can use the additional security modules like security kit, captcha, and paranoia. Drupal Security Review can be used as a checklist to test and check for many of the easy-to-make mistakes making your site vulnerable.  

    You can also look out for a List of Must Have Security Modules to prevent you from becoming the next victim of a potential cyber attack. 
     
    • Security kit
      SecKit provides Drupal with various security-hardening options. This lets you mitigate the risks of exploitation of different web application vulnerabilities such as cross-site scripting (XSS), Cross-site request forgery, SSL, Clickjacking and other. 
       
    • Captcha
      A CAPTCHA is a reaction test put in the web structures to eliminate entry by robots. It helps in protecting your website’s contact and sign up forms asking you to prove your credibility as a human with a bizarre sequence of characters, symbols, numbers and sometimes images.

      Often they thwart you from accessing the content. Quite the irony, their purpose is contrary to what we reckon about them.

    • Paranoia 
      Paranoia helps you identify all the vulnerable issues/ places from where a potential leak is possible. It alerts the admin when an attacker tries to evaluate the PHP script via the website interface. 

      It helps in blocking the permission for the user to grant PHP visibility and creation of input formats that use PHP filter.

      It also prevents the website to grant risky permission, mostly the ones that involve leaking the script information.  

    • But Use only Security Team Approved Modules 
      Your site probably uses a number of contributed modules, although that’s not an issue. Using the stable and approved modules is where the key lies. This is especially worth noting for contrib modules which are more susceptible to vulnerability. 

      Always look out for the green batch when downloading a contrib module. Rest, as the advisory reads, Use it at your own risk! An example of security team approved module with a green batch An example of a vulnerable module
    Backing Up - In Case of a Mishappening
    • Keep Up your Backup
      Catastrophes never come invited. While all seems perfect, you might wake up to find out that your website has been taken down by some psychotic hacker. Although it is an unforeseen event, you can definitely arm up yourself.

      As an administrator, you have to be prepared for all of such uninvited events. They can be controlled and the damage minimized by strengthening security, frequent backups, installing updates in a timely manner.  

      We cannot stop disasters but we can arm ourselves with better security and backups. Hosting by Acquia cloud or Pantheon provide automated daily backups of your site’s database, files, and code plus single-click restoration if something goes wrong. 

      You can also use the Backup and Migrate Module or Demo Module because unlike life your Drupal website has the option to go back for some changes. 
    User-Side Security
    • Follow a Standard Practice with a Strong Password Policy
      Passwords are used at both admin and user level, therefore strong and secure passwords are important for your website. When I say strong password should be used I have nothing against short and easy passwords. Easy should never imply less efficient

       A string like Mypassword123 will prove acceptable but is obviously weak and can easily be brute-forced.

      The best practice? Your password should provide realistic strength in terms of measurement and complexity. A password must only be allowed as long as it proves to be of high enough entropy with a combination of characters, alphabets - uppercase and lowercase, symbols, and numbers.

      Start checking passwords on explicit rules and amount of varying character types to be used (symbols, numbers, uppercase letters, etc). 

      Password Strength - a Drupal module - classifies the expected brute-force time for the summed entropy of common underlying patterns in the password. Patterns that can be detected in passwords include words that are found in a dictionary of common words, common first and last names or common passwords. 
    Your password can make the difference between a vulnerable and a hard-to-hack Drupal site.

    While there will always be some new thing to add to the list, you can be sure that this list comprises of the core practices which need to follow. The protocol for communication needs to be clear and well documented. Properly documented procedures are important, as third-party services can often be manipulated.

    In need of a security update or services? Drop a mail at hello@opensenselabs.com and let us help you out. 

    Site builders and developers need to keep an eye open for the possible when security releases are announced and apply them quickly, to ensure the site is not compromised. It is good to be consistent and have your reasoning documented so that it is clearly understood.

    blog banner blog image Blog Type Articles Is it a good read ? On

    Valuebound: How to highlight search results in Search API Solr View in Drupal 8

    Lun, 06/11/2018 - 06:15

    In Search API, there is a field for a search excerpt that you can use on field views to highlight search results. In this article, I’m going to show you how to enable excerpt and set it using views. Here I’m assuming that you have already set the Search API module and has a Search API Solr view.

    Follow the steps:

    Go to Manage -> Configuration -> Search and Metadata -> Search API.

    In your search API index ‘processors’ tab, enable Highlight Processor as shown below.

    Roy Scholten: Implementing IndieWeb on your personal Drupal site, part 1

    Dom, 06/10/2018 - 18:53
    Sub title

    Laying the foundations for POSSE

    /sites/default/files/styles/large/public/20180610-indieweb.png?itok=KzjgwAsG

    This is my version of the steps you need to take to make your site part of the indie web community. Swentel helped me getting it all setup on this here Drupal site using his indieweb module. It’s all a bit complicated still, so this is mostly me trying to retroactively understand what’s going on.

    As it says on the site, the IndieWeb is a people-focused alternative to the corporate web. Its main tenets:

    1. Ownership – your content is yours, it should not belong to a corporation.
    2. Connection – starting from your own site you can share your content to all other services.
    3. Control – post what you want, in the format you prefer, using your own URLs that you keep permanent.

    While 1 and 3 are essential and relatively easy to achieve (use your own domain and post your content there), it’s number 2 that is the most alluring.

    Owning your stuff and being able to share it across multiple platforms combines ownershop with reach. This is what “POSSE” is all about: Publish (on your) Own Site, Syndicate Elsewhere. Drupal lead Dries Buytaert has written several posts outlining his POSSE plan.

    Getting started

    This “Connection” part of indieweb publishing is also the most complicated. There are quite a few moving parts to getting it all up and running.

    For Drupal sites, the setup for the community/sharing/syndication parts of indieweb publishing has gotten much more accessible with the release of the IndieWeb module created by swentel. It doesn’t necessarily reduce the number of things to set up, but it provides a centralized UI for all of them: Webmentions, Microformats, Feeds, Micropub, IndieAuth and Microsub.

    Before going over the details of configuring the indieweb module itself, we have to take care of some basics first.

    Introduce yourself (right on)

    To own your content on the web, you have to establish that you are in fact, you. That’s why IndieWeb starts with having your own domain and posting some initial content there. Important part of this initial content is a specific bit of HTML that establishes you as the author and owner of things published on this particular domain:

    Roy Scholten

    The specific part here is that “h-card” class added to the anchor tag. This “h-card” is one of a collection of so-called microformats. With microformats you give more structure and semantics to information presented in HTML. In this case, h-card is the microformat to use for publishing information about people or organisations. We’ll need to add other microformats to (blog) posts you publish on the site, but that’s for later.

    To do in Drupal

    The indieweb module does not (yet?) handle adding this information to your site. Add your version of the HTML snippet above to a (new or existing) Drupal block. Place that block to be visible on your homepage. The site footer or maybe a sidebar are obvious places you can put it. Mine’s in the footer below.

    You can check if all is fine with https://indiewebify.me/validate-h-card/. Enter your domain name there and it will report back with what it found and suggest additional elements you could add to enhance your h-card.

    Even without posting any other content to your own site, you now have your own space on the indie web and setup your identity in a way that you own and control.

    Next: add links to your existing social media accounts

    You’ve seen those signup forms that let you create an account by using your existing Google, Facebook or Twitter account details. In this step, you configure your own domain to be your IndieAuth identity. This lets you use your own domain to sign in to other sites and services.

    There are not many sites outside the indieweb circles itself that offer this, I think. It’s still useful to do this though. You’ll likely want to use some of these indieweb services, especially to automatically share (links to) your content on other platforms like Twitter or Facebook.

    To do in Drupal

    Detailed instructions are here. In short:

    Add links to your other profiles and add the rel="me" attribute. Might as well add this to that h-card block you created in the first step. For example:

    @royscholten on Twitter

    If you have a Github account, that’s also a good one to add.

    To do on the external sites you link to

    Link back to your homepage from your profile page on these services. The indieweb wiki has direct links to edit your Twitter and Github profile.

    Then, try logging in to indieweb.org to see if it all works.

    So far, so good,

    So what? By establishing your identity on your own domain you stake out your own spot on the internet that you control. With this set up, you have created an environment for publishing on your own site and syndicating elsewhere.

    Next time: configuring the indieweb module to start sending and receiving webmentions, the indieweb catch-all term for comments, likes, reposts and the like.

    Tags indieweb posse drupalplanet

    James Oakley: Moving from Piwik to Matomo on Drupal

    Sáb, 06/09/2018 - 07:37

    I'm a big fan of Piwik, an open source analytics suite. Think Google Analytics, StatCounter, Sitemeter, etc. … only self-hosted an open source. There are many benefits of using it:

    Blog Category: Drupal Planet

    Ashday's Digital Ecosystem and Development Tips: Decoupled Drupal: Ashday has gone React!

    Vie, 06/08/2018 - 16:00
    Decoupled Deschmupled

    Like many folks in the Drupal space we've been closely following the Decoupled Drupal conversation for the past few years, and occasionally a part of it.  And, again like many folks in the Drupal space, until recently we had felt that it was somewhat in its infancy and a lot of tough questions still remained as to whether it was even a good idea. The SEO implications have not been entirely clear, the impact on estimation has also been very hard to nail down, which decoupled framework to go with has not at all been a consensus, and what Drupal’s exact role is in the decoupled site has not been clear either. 

    Axelerant Blog: Women at Axelerant: Chapter Three

    Vie, 06/08/2018 - 10:12


    I sat down to speak with the amazing women of Axelerant, and they each shared their unique perspectives about what it's like being professionals in their field. In this chapter, Swati, Hetal, Priyasha, and Aliya expound on this—and in their own words.

    Páginas