(Disclaimer: Dries did not ask/order/suggest/request me to post this neither to make any changes whatsoever.)
Those who know me will be well aware that I am both a passionate cyclist. Last June I wrote a blog about cycling. It told the dreadfully sad tale of a cyclist who died close to my home following a road traffic incident. In just 24 hours the post had over 10,000 reads. This triggered me to take positive action, the result of which is my campaign "BeyondACyclist", which has backing and support from CyclingUK.
A totally volunteer effort (entirely inspired by my work with Drupal) BeyondACyclist has a groundswell of support and active participation from the likes of Three Degrees West film company, Cheshire Fire Service, Cheshire East Council, West Midlands Police, Christie Hospital, composer Brian Lane, script writer Craig Roderick (Southpaw Agency) and Phil Jones MBE Managing Director - Brother UK to name but a few. Plans are in advanced stages to produce an ambitious cinema quality short film, supporting studio portraits and action photography, social media campaign and distribution across a variety of mediums.Why I am reaching out to you the Drupal community
Within the next few months we will have the film completed. But there is a final missing link. I need a website designed, built and themed to drive traffic towards. A site to serve as central focal point for all campaign activity. The place where all traffic will arrive be that from TV news, print media, social or offline. I cannot do all of this alone. I already have a lot on my plate!
I'm hoping someone in the Drupal community will be reading right now and feel this is a cause they would like to get involved with. Obviously Drupal 8, it will be high traffic as I have built excellent relations with media outlets including TV, print and social. And this is a global issue. In Ireland, across USA, Australia there are currently hot news stories about cycle safety and sadly more deaths. So don't think being outside the UK is a blocker, no.
I anticipate needing 2-3 individuals to complete the task - Designer, Site builder or Site builder and Themer (as separate roles). If you would like to discuss the idea further or are just plain interested in getting involved please use my contact form to reach me. And thank you in advance. Paul.
The Hook 42 team is on their way to the historic city of Baltimore. Its early days helped shape the narrative of America. This year it hosts DrupalCon North America and perhaps it will share a role in shaping the future of Drupal.
The team is excited to share what they are looking forward to, not only at DrupalCon, but also what the city might have in store for them during their down time.
At Platform.sh, we believe that all websites deserve to be secure, fast, and feature-rich, and that it should be easy to have all three. Secure has always meant that a site is encrypted using SSL, which is why we’ve never charged for an SSL certificate. Fast means using HTTP/2, which we added support for earlier this year, but most browsers only support HTTP/2 over SSL. And feature-rich means allowing the full range of newer web functionality such as geolocation, access to media devices, or notifications, many of which browsers are now only permitting over SSL connections. You know what? The modern web only works properly with SSL so let’s cut out the middleman. Let’s Encrypt everything.
We’re happy to announce automatic support for Let’s Encrypt SSL certificates on every production site on Platform.sh Professional, at no charge.
Starting today for all new projects, on every deploy we will automatically provision and install an SSL certificate for you using the free Let’s Encrypt service. You don’t have to do anything. It will just be there.
For existing projects, we're bringing that functionality online in batches to avoid overwhelming the Let's Encrypt servers. We expect to finish getting through them all within the next few weeks. If you're about to bring a site live and want to make sure you get Let's Encrypt functionality before that, just file a support ticket and we'll bump you to the front of the line.Wait, what does this mean for my site?
If you currently just have HTTP routes defined in your
routes.yaml file, then as of your next deploy HTTPS requests will be served as HTTPS requests rather than being redirected to HTTP. Both will “just work”.
If you want to serve your entire site over HTTPS all the time (and yes, you do), simply change all
http:// routes in your routing file to be
https://. That will automatically redirect HTTP requests to HTTPS going forward.
See the Routes section of the documentation for more details, but really, there’s not many details beyond that. It just works.What about Platform.sh Enterprise?
Most Platform.sh Enterprise sites are served through a Content Delivery Network already, in which case the SSL certificate is handled by the CDN. This change has no impact on Platform.sh Enterprise customers.Neat! So what should I do?
You don’t have to do anything. HTTPS just works now. As above, you can configure your site to use HTTPS exclusively by adding the letter "s" to your
routes.yaml file in a few places. (We told you it was easy.)
Of course, now that you know your site will use SSL, you also know it will be using HTTP/2. All SSL-protected sites on Platform.sh use HTTP/2. HTTP/2 is supported by nearly 80% of web browsers in the world. That makes it safe, and a good investment, to start optimizing your site for HTTP/2, layering in HTTP/2-specific capabilities like server push, and so forth.
Secure, fast, feature-rich, and easy. Welcome to Platform.sh!Larry Garfield 20 Apr, 2017
As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!
Today, there is a Moderately Critical security release for the CCK module to fix an Access Bypass vulnerability.
CCK allows you to add custom fields to any content type.
The Node Reference sub-module had a bug where it could list the node titles of nodes that the user doesn't have access to.
Here you can download the Drupal 6 patch.
If you have a Drupal 6 site using the CCK module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)
If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.
Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).
Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.
The Drupal Association team is gearing up for DrupalCon Baltimore. We're excited to see you there and we'll presenting a panel giving an update on our work since Dublin, and our plans for the coming months.Drupal.org updates
Project application revamp
As we announced in mid-March, new contributors on Drupal.org can now create full projects and releases! Contributors no longer have to wait in the project application queue for a manual review before they are able to contribute projects.
This is a very significant change in the Drupal contribution landscape, and it's something we approached carefully and will continue to monitor over the coming months. Drupal has always had a reputation for a high quality code, and we want to make sure that reputation is preserved with good security signals, project quality signals, and continued incentives for peer code review.
That said, we're very excited to see how this change opens up Drupal to a wider audience of contributors.
Please note that the removal of project applications to create full projects and releases means a change in the security advisory policy (see below for details).
Security Advisory Opt-in and new Security Signals for Projects
Are you responsible for the security of your clients' Drupal sites?
Please note that Drupal's security advisory coverage policy has changed. Security advisory coverage for contributed projects is now only available for projects that have both opted in to receive coverage and made a stable release. You can see which projects have opted in by checking their project pages. If you have questions, please contact firstname.lastname@example.org.
Because users may now create full projects and releases without opting in to security advisory coverage, it's critically important that we provide good security signals to users evaluating projects on Drupal.org. This is why we've added a security coverage warning to projects that aren't opted in to coverage.
- Opened up the opt-in process, allowing any maintainer of a project (not just the node author) to opt in to receive security advisory coverage
- Added a confirmation step when a user goes to make a stable release - this encourages users to be sure the project is ready for a release, and to opt-in to coverage if they haven't already
- Blocked security advisory opt-in if a project has an open, public security issue
- Started displaying info about public security issues on project pages that haven't opted into advisory coverage
- Added a filter to project browsing pages to make it easier to find projects with supported stable releases
2017 Community Elections Update
The 2017 elections for the community-at-large seat on the board were held successfully in March. Drupal Association community board elections are conducted with the Instant Runoff Voting system. This voting methodology requires that voters rank their preferred candidates on their ballot, and we've heard that this system has been somewhat unwieldy in the past.
Each year we try to improve the voter experience and so this year we deployed a new drag-and-drop ballot.
Finally, we want to congratulate our newest board member Ryan Szrama!
Better international datetime support throughout Drupal.org
Drupal.org has grown organically over the course of more than a decade, and as features have been built out they were not always consistent in their display of datetime information. While it sometimes makes sense to have a few different formats for displaying date and time, many of the formats in use were simply arbitrary historical decisions.
As a quality of life improvement, especially for users outside of the USA, we've standardized the datetime format used on Drupal.org. That format is: DD MMM YYYY - hh:mm (UTC±h). For example: 11 Aug 2016 - 16:42 (UTC+8)DrupalCI
CSS Lint check style results
When we implemented coding standards testing in DrupalCI in February we were not able to add CSS Lint testing until the CSSLint configuration file in core was fixed. That issue was fixed in late February and so we added CSSLint to support coding standards testing for CSS at the beginning of March.
Cleaning up coding standards results
The addition of coding standards results to DrupalCI means that Drupal.org is now storing even more test data about the code we test on Drupal.org. Our initial implementation of coding standards testing did not include clean up of older results, and so to preserve database space and testing resources, we implemented some clean-up routines in March. In particular we are now:
- Cleaning up all results for closed issues
- For custom one-off tests, keeping results for 30 days to match what is shown on project’s automated testing tab
- For tests triggered on a schedule or commit, keeping the most recent per-environment per-branch, and keeping anything less than 24h old
Protecting Git services
We experienced some minor Git outages in March, due to malicious authentication attempts. To mitigate these issues in the future, we've implemented fail2ban rules to protect Git authentication. This should improve the stability and uptime of Git services for all developers on Drupal.org.
We want to thank Drupal.org infrastructure volunteer mlhess for his assistance with this.Community Initiatives
Contrib Documentation Migration
New tools for Documentation have been available on Drupal.org for more than half a year. While most of the core documentation has been migrated to the new system, we are still encouraging Contrib maintainers to migrate their docs.
To make it easier for contrib project maintainers to migrate their documentation to the new documentation tools, we've made two improvements:
- Maintainers may now attach Documentation guides directly to their project pages.
- The Documentation Guides that a user maintains are now listed on their user profile.
As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:
- CivicActions - *NEW* Supporting Partner
- HS2 Solutions - *NEW* Supporting Partner
- Cheeky Monkey Media - Renewing Supporting Partner
- Cybage Software - Renewing Supporting Partner
- Digital Circus - Renewing Supporting Partner
- Message Agency - Renewing Supporting Partner
- QED42 - Renewing Supporting Partner
- Srijan Technologies - Renewing Supporting Partner
- Evolving Web - Renewing Supporting Partner
- Brightcove - *NEW* Technology Supporter Partner
- SiteGround - Renewing Hosting Supporter Partner
- Smartling - *NEW* Technology Supporter Partner
- Sevaa Group - *NEW* Technology Supporter Partner
If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.
The engineers at Acquia recently launched Acquia Cloud CD, a set of developer tools to automatically and continuously assure the quality of Drupal applications on Acquia Cloud.
To help you get started with these powerful tools, Acquia Learning Services has created a task-oriented, hands-on tutorial, to walk you through implementing continuous integration for your Drupal application.Tags: acquia drupal planet
A week at DrupalCon is a fantastic way to level up your skills and bring new knowledge back to your work. We have had such high interest in these training courses, that many have sold out! We know there are still people out there who want to learn these valuable skills, and we want to be sure you have that chance, even if it's not at DrupalCon.
There’s been a lot said and written about the most recent drama in the Drupal community, quite a few people have asked me why I care. This is hard to answer without sounding flippant in 140 characters, so I’ve taken the time to write another blog post about the topic. This one a little less angry and more reasoned than the first.mikl Tue, 2017-04-18 - 18:23 Tags Drupal Drupal Planet
The Open Y is an open-source customer experience (CX) platform and Drupal 8 distribution specifically built for YMCAs to fuel the Y movement. It was founded by some of the largest YMCA associations in North America including YMCA of Greater Twin Cities, YMCA of Greater Seattle and YMCA of Greater Houston.
In the modern environment where customer experience often starts, and ends online, the YMCAs were constrained by aging proprietary content management systems (CMS). Their systems were difficult to use, cost prohibitive, and limited The Y’s ability to innovate digitally. The team team understood that they weren’t the only YMCA facing this situation, either, and decided to make their solution available to any other YMCA to use or improve upon by creating the digital initiative within the Y movement.
While working on a presentation for DrupalCon Baltimore, I was brainstorming various tactics and proposals for removing components and modules from Drupal core. The act of deleting something from core can, at first glance, seem simple, but it brings up a more interesting discussion.
First, some background
Earlier this year Dries Buytaert announced a change to the future backwards compatibility support for Drupal core. You can read more about the policy change in his post. To summarize, Drupal core will continue adding enhancements, marking replaced APIs as deprecated along the way. The next major version update of Drupal will simply be the removal of all the deprecated components.
Less than a month before this he also wrote about the opportunities prepackaged distributions present for Drupal 8. The new world of Composer-based dependency management is great for developers, but will become a new barrier to entry for beginners. The predefined packaging of distributions may be an important tool for combating this problem.
A clash of concerns
The real historical problem that has made the decision to add or remove components in Drupal core difficult is the dichotomy between Drupal as a framework and Drupal as a product. Framework advocates want a small, agile core focused on robust APIs that can advance at a faster pace. We’ve traditionally called this “small core.” Product advocates are focused on Drupal being a complete product for website building; with sensible defaults, out-of-the-box content modeling tools, and a plethora of features.
Let them eat cake, and have it, too
Is there a way to focus on the framework, but still provide the product-level utility that beginners, site builders, evaluators, and the like all need? Maybe.
Let’s give the small core crowd what they want and reduce Drupal core down to its core components and APIs. All the things subsystems need for Drupal to function, and only modules that the vast majority of sites will use and are fairly integrated into core; node, block, menu, field, views, etc. Everything removed will be put back into the contrib space, but maintained by the core commit team and component maintainers with the same high standards as core.
We then create an official, standard distribution that is prepackaged by drupal.org and pulls in all those additional components from the contrib space; themes, toolbar, forum, etc. This distribution would be maintained along with small core and be available on Drupal’s download page. (With small core available for download on its own.) The end result should be transparent to anyone downloading Drupal. The initial distribution would look exactly like Drupal 8 does right now.
Let small core focus on developer needs, and free up the distribution to focus on site builder and evaluator needs.
Here are some potential benefits I’ve been thinking about, most of which fall in line with the current direction of Drupal core:
- Focus core on APIs
- Allow developers that want to contribute to focus on those APIs, not product decisions.
- Reduce some of the maintenance burden on core itself, or at least better segment it.
- Moving most modules back to contrib would give component maintainers commit access to their modules and allow them to iterate and experiment.
- Creating an official distribution separate from small core would let product managers, designers, and UX specialists focus entirely on Drupal the product; what modules and themes are included, default features, user testing, etc. (Something like the default content initiative would go right into the distribution, and never clutter core.)
- Experimental modules/themes can be created in contrib first, and then when stable, added to the distribution via its composer file.
- Small core would provide a small, vanilla starting point increasing the diversity and experimentation we might see with distributions; effectively removing all the unneeded components so builders can focus on what they want to add, not what they need to remove. The end result could be a wide range of Drupal “flavors” that look very different, but have the same core.
If you’d like to talk about this and the general topic of removing components from Drupal core, come to the Core Conversation session Peter Wolanin and I are having at DrupalCon Baltimore - Less is More - What Modules, Features, or APIs Should We Cut From Core?Tagged with Comments Comment Yes please! Thank you for your efforts here. Core should be a finely tuned masterpiece of software engineering, smallcore is the only way this will ever have a chance of happening. Different speeds for different needs.
Steve Purkiss (not verified)Wed, 04/19/2017 - 08:00
Attendees to Baltimore's DrupalCon 2017 should check out Xeno Media Strategist Jim Birch's presentation, Bootstrap Paragraphs, on April 26 at 10:45am.
In it, you will learn how to combine the power of the world's most popular front end framework, Bootstrap with Drupal Paragraphs, the powerful module that allows content creators to build layouts and structured pages.
Using the Bootstrap Paragraphs Drupal 8 module, you'll be able to create Bootstrap features like Accordions, Carousels, Modals, Tabs, and Multi-column layouts. We'll also demonstrate how to harness the power of Drupal referencing Text, Images, Contact Forms, Blocks, and even Views! We will also review how the module adds different widths and backgrounds which can be modified in the Drupal theme layer.This presentation will review:
- Why use the Bootstrap framework?
- Why use the Paragraphs module?
- What goes into the different types of bundles?
- How we add width and background options
- How to override, and build on top of the defaults
Attendees will come away learning how to build a site using the Bootstrap Paragraphs module, how to customize it in their own themes, and how to use the module as a baseline to develop their own Paragraphs bundle types.
Update a project installed via composer_manager or drush to a CI based Composer template under Drupal VM
If you have to go for a Drupal core update from a previous install based on composer_manager or drush (both deprecated), consider installing something robust, Composer friendly, that also enables CI tools like Phing, Behat, PHPUnit, ...
If you don't have already Drupal VM installed, head to the documentation.
A custom block is made of two entities, one for the placement and one for the actual content. Only the actual placement can be exported with cim. The content can not. Therefore this will result in "Block description Broken/Missing" error on site where the config is imported. And since there is no option to disable custom blocks from being exported through Configuration management, this will break the functionality.
Steps to reproduce
On Site A:
Create custom block
Assign this custom block to any region
Export configuration of the site
On Site B:
Import configuration from site A…
Let's connect at DrupalCon Baltimore, April 24 - 28, 2017.In this post we will cover...
- Sessions we'll be presenting at DrupalCon
- A fun movie trailer for PM: The Musical!
- An opportunity for you to sign up to meet with us
We want to speak with you at DrupalCon!Schedule a Time
Heavily borrowing from “The Raven” by Baltimore’s own Edgar Allen Poe.
Once upon a laptop dreary, with its glow so blue and eerie,
Viewing travel sites where I could shop the online store —
While I purchased, looked at mapping, suddenly there came a tapping,
As of someone gently rapping, rapping at my office door.
“’Tis my colleague,” I muttered, “tapping at my office door —
Helping plan for Baltimore.”
DrupalCon! It is upon us! This conference of such colossus;
3,000 strong will be among us on the conference floor.
Many coming from Palantir to learn and join in Drupal’s cheer
Coming to learn and share with those of similar rapport,
Descending upon a convention center on this eastern shore.
Arriving to explore.
Palantir will have a presence: Booth 109 — and we’ll have presents:
Swag to give all those who visit our spot upon the floor.
A photo booth will offer chances to give our visitors some glances
Of how they look with props and hats of variety galore.
They can tweet and share photos beyond that building’s door.
Posterity forever more!
Three talks will come from Palantiri, who worked hard on each topic’s theory.
The first is 2:15 on Tuesday, and has a musical score:
“Project Management: The Musical” . . . could be slightly Seussical!
Allison and Joe will sing and dance on running scrums and more.
There’s much to learn! Don’t be fooled by the use of songs of yore.
Room 307 – Acquia in Baltimore.
The next are April 27. First at noon . . . is it hell or heaven?
Can separate teams together be something to desire or deplore?
“Successfully Integrating Teams” is the stuff of engineer dreams.
Mixing teams with thoughtful prep can much success ensure.
The tips to do this seamlessly Megh Plunkett will underscore.
Room 319 – Platform.sh in Baltimore.
The last is in the afternoon, and shows that no site is immune
From website content that has been continuously ignored.
“Content Before Code: A D8 Case Study” at 2:45. Grab a buddy!
So you too can learn how to gather content in ways to make all sure.
“Get your content ready for launch!” Michelle and Bec implore.
Room 307 – Acquia in Baltimore.
Palantir will host the fun at Trivia Night, where everyone
Can try for fame by answering questions about Core.
Doors will open right at 8, so hurry there and don’t be late!
Test your skills against your friends to gain the highest score.
Baltimore Soundstage is the place where we shall host the lore.
124 Market Place in Baltimore.
Our wish to see you there grows stronger; hesitating then no longer,
Please know we’d love to see you at our booth or on the floor.
Since we know that time can be fleeting, you can even set up a meeting.
To discuss how we can help your project take wing, and then to soar!
Contact us so we can meet that week in Baltimore.
We want to speak with you at DrupalCon!Schedule a Time
This year, don't take home the DrupalFlu along with your swag and business cards - here are some tips for staying healthy at a huge conference.
Come see Project Management: The Musical! at DrupalCon Baltimore. April 25th at 2:15pm.In this presentation we will cover...
- How to get your project organized
- What analytics and KPIs to review
- How to handle scope creep
- ...and many more facets of project management
We want to make your project a success.Let's Chat.
Additional information about this session can be found on the DrupalCon site.
Stay connected with the latest news on web strategy, design, and development.Sign up for our newsletter.