If you are getting ready to attend your first DrupalCon, here are a few ideas to help you prepare for an intense week of open source software community from @horncologne. Watch the interview video for more tips and inspiration from my Drupal friends.
In prep for DrupalCon Nashville, I was working on our Drupal Commerce demo sites that we'll be showing off. They have been running in silent mode for some time and recently received an overhaul so they use our demo and out of the box theme for Drupal Commerce, Belgrade.
Creating a duplicate of an entity is easily done via the entity API method Entity::createDuplicate(). This is a convenient method if the goal is to clone an entity into a new entity, as all identifiers of the previous entity get unset when using this method.
The Maestro module and it's use-case can be challenging to understand and we recognized there was a need to provide a better explanation and examples.
It's fair to say that every company and organization from small to large has business processes involving the movement of forms and or documents with varying degrees of complexity and number of participating internal and external users. Maestro was developed to help automate these processes with it's workflow editor and workflow engine.
If it can be flow-charted, then it can be automated with Maestro.
This is not a just a clever saying. It's true. With Maestro, the method to automate your process starts with our visual workflow editor with which you drag, drop and connect your workflow steps together. The maestro workflow editor can be used by business users to map out their business process.
I've collected a bunch of articles for you, where Drupal agencies describe their processes, workflows and experience with the Drupal update release PSA-2018-001.
Hard facts: The update was announced one week earlier and released on March 28th between 18:00 and 19:30 UTC. Due to the flood of site views and very motivated F5 finger exercises, Drupal.org was down for around an hour. Fortunately, the Drupal Community worldwide was prepared with snacks, pizza, and more pizza, remote hangman, and a lot of memes.
For detailed information, the Drupal Security Team provided this FAQ about SA-CORE-2018-002.Drupal Drupal Planet Business Update Automation
On Wednesday 21 March, the Drupal security team announced a that there would be an extremely important security release of Drupal (SA CORE 2018 002) which would fix a vulnerability in the core code. This vulnerability affected every single Drupal site, whether on 8, 7, 6 or even 5.
This is not a new phenomenon, and is testament to the efficiency and professionalism of the Drupal Security Team that these vulnerabilities are found, fixed, and the releases managed appropriately.
We have a bunch of sessions lined up on a variety of subjects... from DevOps to decoupled Drupal, technical TLAs to development tips, and even a case study about a Stanford project. We’ve got something for everyone, so we hope to see you there!
No, you should not. You should let us worry about them, and go back to your business.
Seriously, we're getting questions from all kinds of people about whether this matters. I'm a bit surprised that there is any question about that. Would you be concerned if your top salesperson was selling for somebody else? If your cashiers were jotting down credit card numbers when they charged a card? If your office became a well-known spot for illicit drug or gun dealers? If your office had a bunch of scammers squatting and running a pyramid scheme? If your confidential client information could be revealed as easily as using a bic pen on an old Kryptonite lock?Bic Pen vs Kryptonite Lock
We've seen some variation of every single one of those scenarios. And all of them are possible with a remote code execution flaw in a web application, like yesterday's Drupal security vulnerability.
And yet people stillDrupal Drupal Planet Security WordPress
This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.
We released new versions of Drupal 7 and Drupal 8 yesterday that fixed a highly critical security bug. All software has security bugs, and fortunately for Drupal, critical security bugs are rare. What matters is how you deal with security releases.
I have the utmost respect for how the Drupal Security Team manages a security release like this — from fixing the bug, testing the solution, providing advance notice, coordinating the release, to being available for press inquiries and more.
The amount of effort, care and dedication that the Drupal Security Team invests to keep Drupal secure is unparalleled, and makes Drupal's security best-in-class. Thank you!
It all started with an innocent tweet:
"Excited to announce our new open-source, Sass-driven pattern-library generator! Go design some systems!"Chris March 29, 2018
To test this just drag the frosted glass example in the top right of this page.
Ok, without wasting much of your time I’m going to jump straight into it.
The main components used for a classic frosted glass effect are:
- > The original content
- - - > The frosted glass container ( Exp. <div> )
- - - - - > Original content copy inside the glass container (the element that mimics the content on the page with a blur effect).
For a basic idea of how this works. Here is a simple example:
HTML structure:Read More
On March 21st 2018, the Drupal security team posted a public service announcement that Drupal core would be receiving a security release. The vulnerability affected Drupal 6, Drupal 7, all versions of Drupal 8, and Backdrop (a fork of Drupal during the rewrite to version 8.) On March 28th that security release landed, and the Drupal world went scrambling to apply updates. As maintainers of Commerce Kickstart we have to be conscious of Drupal core releases, especially security ones.
In preparation for the upcoming security release, we had patches ready to commit. Since there would be no other Drupal core releases before the security update, we could make our prepared changes ahead of time and push them once the releases landed. Within minutes of the security release dropping and the Git backend for drupal.org becoming available, the release tags were pushed.
For our Pantheon users, our first step was to merge in Pantheon’s Drupal 7 upstream and receive the Drupal core security fix. Once the packaging system of drupal.org built the Commerce Kickstart 2.53 release, we pushed that out as well.
All in all, by 3PM CDT the drupal.org releases for Commerce Kickstart 1.51 and 2.53 were out. We experienced some packaging issues due to a malicious attack hitting drupal.org during the security announcement and a backed up packaging queue. However, we monitored chat channels and communicated the process throughout.
Commerce Kickstart 1.51, 2.53 released. The @getpantheon upstream has been updated as well. GO AND GET YOUR SA-CORE-2018-002 FIXES NOW.
— Matt Glaman (@nmdmatt) March 28, 2018
Thanks to the Drupal Security and Infrastructure teams for handling this release and all the stress they endured.
Debugging a website (Drupal or otherwise) can be challenging. In this video, I go through a recent situation I faced where a client had reported their Drupal Commerce site completely slowing down every hour or so. I'll discuss the process I followed to figure out the problem and get it fixed.Here's a breakdown of what happened
- I first used New Relic to see where the slowdown was happening. It could be a database issue, a PHP issue, maybe an external service call, who knows? New Relic can help determine this and I was able to determine that it was a database load issue that I was facing.
- Then I checked the system logs. Every hour or so, there were a lot of database insertions happening on a number of tables. It seemed really out of place and initially I couldn't narrow down why. I checked the logs and found that system cron was running at the exactly same time as the slowdown. It was also running for a similar amount of time that the slowdown was taking place. Normally, system cron only takes 1-20 seconds, but here it was running for about 3 minutes!
- Now I can review cron's code to see what should be happening. I found that cron will generate a list of tables and flush out the expired cache. Generating the list is a very resource intensive process and on this particular site, the list being generated was very large and complicated. After the list is generated, it should get permanently cached in the database and therefor it doesn't become a resource issue later. However, for some reason it was being deleted every time. This ended up being the issue I needed to find out, what was deleting the list.
- Since I needed to determine why it was being deleted, I attached logging to the general function used for deleting cache. From here I was able to trace it back to Drush, but I still didn't understand why Drush would be deleting this list of tables. I had to dig further.
- Eventually, I discovered what was happening. It turned out that the version of Drush that was being used was doing a call to try and find the system logging. However, it couldn't find it and as a side effect it cleared the cached list that cron had generated. Cron, which ran every hour, then couldn't find the cached list and so need to build it again. It was a cycle that just kept repeating itself every hour. I now understood the problem!
- And now for the fix. I needed to know why Drush was doing this and if I could prevent it. I first looked around the Drush project issue queue on Drupal.og and talked to a Drush maintainer. I wanted to know if this was an issue others were also experiencing. It turns out that it WAS a known issue and that it was resolved in a later release! The version on the site that I was working on was a few major versions behind. I bought the site up to the latest release and the issue was fixed! Cron ran and took only about 5 seconds, the generated list of tables was being cached and staying cached, and Drush was not clearing it out.
The bug ended up being one that was with Drush, and not the website. The result, through an odd chain of events, ended up bringing the clients site to a standstill nearly every hour. Now that it's resolved, I can look back and see that it was a good exercise in debugging. Even though I didn't need to build the fix myself, it still took a lot of time and understanding to arrive at the fix, and it was great to have it resolved. Hopefully, if you find this because of a similar issue, maybe I can save you a little bit of time.We can help
If your experiencing issues with your Drupal Commerce website, the good news is that we can help! Contact us if you would like to discuss your options.
We are happy to announce that the highly important Drupal core security update “SA-CORE-2018-002” has been carried out successfully at Wunder: All our clients’ websites are patched and secure.Our secret? Excellent preparation.
Last Wednesday (21st March 2018), the Drupal Security Team shook the community when they announced that a major security update is to be rolled out on the evening of Wednesday 28th March. Some even started nicknaming the update “Drupalgeddon 2.0” due to the resemblance to a highly critical security update in 2014.
Our team of Wunderers in charge stayed calm and immediately went into preparation mode. An internal plan of action was released soon after to make sure that the update could be applied as fast as possible to provide maximum security to our clients. Several Wunderers along our dedicated security team took responsibility over services to make sure we get them updated quickly.Our team? Dedicated and fast.
So when update night rolled around, our team knew exactly what to do: Updating and applying hotfixes to our clients’ sites was executed in the smoothest way possible. To give you some numbers: More than 130 different websites were done in about 3 hours!Shoutout to the team: You rock!
None of this would have been possible without our exceptional team of Wunderers who worked tirelessly to ensure that all client projects received the security update as fast as possible. Huge thanks for your outstanding performance and excellent work!
Special thanks go to those members of our team who were part of the task force that kept our client's applications safe and sound yesterday:
Peeter Pratka (also organiser)
Tuomas Leppänen (also organiser)
Acquia Developer Center Blog: Decoupling Drupal 8 Core: Core REST, HAL, and Setting Up Drupal as a Web Services Provider
Perhaps the most critical piece of any decoupled CMS architecture is the API layer which exposes data in the back end for consumption by other applications. In Drupal's case, the REST module (also known as the RESTful Web Services module) in Drupal 8 core fulfills this responsibility. The REST module contains important logic that drives the availability of data through formatted responses.Tags: acquia drupal planet