Drupal Planet

mark.ie: Adding {{ attributes }} to a Drupal PatternLab Theme

3 months 3 weeks ago
Adding {{ attributes }} to a Drupal PatternLab Theme

Ever gotten this error: User error: “attributes” is an invalid render array key? Here's what I do to get around it. If you've a better solution, let me know.

markconroy Mon, 04/16/2018 - 19:52

When building PatternLab-based Drupal themes, I try to get the Twig in PatternLab to match what I expect from Drupal. So, if I know Drupal has a line like this in its node.html.twig:

I want to be able to put the same thing into my PatternLab template - even though I am not going to use the {{ attributes }} in PatternLab. This means then I can simply let the Drupal template extend from the PatternLab one and not need to worry about anything.

However, when you do this, you will often get an error to say "attributes” is an invalid render array key. How do I get that error message to go away? Simple - I just add attributes to my Pattern's .yml file, like so:

attributes:
  Attribute():
    class:

The data.json File

You can do this for each individual pattern, but then you might get an error somewhere else talking about "title_attributes” is an invalid render array key. To get around all these errors, I simply add these items globally to the default data.json file, like so:

  "attributes": {
    "Attribute()": {
      "class": []
    }
  },
  "content_attributes": {
    "Attribute()": {
      "class": []
    }
  },
  "title_attributes": {
    "Attribute()": {
      "class": []
    }
  },
  "rows": {
    "Attribute()": {
      "class": []
    }
  },
  "teaser": {
    "Attribute()": {
      "class": []
    }
  }

The PatternLab Teaser Twig File

Taking the teaser view mode as an example, here's what my PatternLab twig file looks like:

{%
set classes = [
  'node',
  'node--type-' ~ node.bundle|clean_class,
  node.isPromoted ? 'node--promoted',
  node.isSticky ? 'node--sticky',
  not node.isPublished ? 'node--unpublished',
  view_mode ? 'node--view-mode-' ~ view_mode|clean_class,
]
%}

  {% if display_submitted %}
   
      Published: {{ node.created.value|date("D d M Y") }}
   
  {% endif %}

  {{ title_prefix }}
   
      {{ label }}
   
  {{ title_suffix }}

  {{ content.field_intro }}

The PatternLab yml (or json) File

Here's the corresponding .yml (or .json) file:

node:
  bundle: article
  isPublished: true
  created:
    value: 1511941986
  changed:
    value: 1512127363

view_mode: teaser

display_submitted: true

label: 'A Blog Post by Mark Conroy, all about PatternLab and Drupal'

content:
  field_intro:

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis. Maecenas faucibus mollis interdum.

The Rendered HTML in PatternLab

This will then print our html like so (notice, no attributes):

     
      Published: Wed 29 Nov 2017
   
 
 
   
      A Blog Post by Mark Conroy, all about PatternLab and Drupal
   

 

 

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis. Maecenas faucibus mollis interdum.

The Drupal Template File

Next, my node--teaser.html.twig file is as follows (just one line):

{% extends '@content/01-display-types/teaser/teaser.twig' %}

The Rendered Drupal HTML

And that renders html like so (notice, we have attributes that Drupal will use):

      ...

Full disclosure, I came up with this idea about a year ago after seeing something similar in the Bear Skin theme.

You can see this in action on my PatternLab's teaser pattern.

OSTraining: What's in the Drupal 8 Roadmap?

3 months 3 weeks ago

Every year we go to DrupalCon (this time it was in Nashville).

Every year, it's an excellent event.

Every year, Dries Buytaert gives his keynote address, known as the "Driesnote".

However, something was different this year.

OPTASY: What Is the Best WYSIWYG Website Builder in 2018? A Top 5 List

3 months 3 weeks ago
What Is the Best WYSIWYG Website Builder in 2018? A Top 5 List silviu.serdaru Mon, 04/16/2018 - 17:22

“Empower... anyone who wants to build his own website!” This is how modern web builders' “motto” could sound like. And how could you not embrace this kind of “liberalization” in web development? Yet, the question that arises now is: with so many options, how do you choose the best WYSIWYG website builder for you?

… for your own:
 

DigitProfessionals Blog: Messages from DrupalCon Nashville via Youtube

3 months 3 weeks ago
Messages from DrupalCon Nashville via Youtube Webmaster Mon, 04/16/2018 - 17:10

I have just spent several days watching most of the videos of presentations form DrupalCon Nashville 2018. It is no substitute for attending, when you learn a lot from BoF sessions and private conversations. Nevertheless, having heard more sessions than would have been possible in person (since several sessions take place simultaneously), it seemed worth sharing a few thoughts and takeaways from my particular perspective.

Phase2: CX: Create the Experience. Deliver the Results.

3 months 3 weeks ago

There’s no doubt that the digital landscape looks very different these days. When we talk about an organization's digital presence we are talking about a whole lot more than websites or content management systems.  


At Drupalcon Nashville, we got down to business with our Drupal community, partners and clients to discuss where Drupal fits into this new digital ecosystem, customer experience trends, Drupal 8 best practices, and how to maintain a competitive digital experience platform in this fast-moving, ever-changing market.

Mediacurrent: DrupalCon Nashville 2018: Executive Summary

3 months 3 weeks ago

Drupalcon 2018 is officially done! Mediacurrent was well represented with 37 teammates converging to Nashville for learning, networking, camaraderie, and professional growth. 

In the coming weeks, we will be providing a cross-section of feedback from people who perform different roles. Our goal is to give you some insight around "what you missed." 

Drupalcon Nashville 2018 (by the numbers):
  • Approximately 3000 attendees from around the globe and 150 sessions.
  • Hundreds of informal birds of feather (BoFs) meetings where like minded peers gathered, custom training sessions, Summits, and code sprints were held in conjunction with the conference.
  • Over 20,000 Drupal 8 sites are now being launched per month.
  • 81% more of Drupal 8's modules are now considered fully stable compared to this time last year.
  • Some of the biggest logos in the world that have adopted Drupal were well represented in Nashville.

​​

The Surgence of Marketing & Strategy: 

There was a common theme throughout the conference around how Drupal can provide a more holistic digital experience. Lauren Vaccarello, VP of Marketing at Box captured many of these points.  While there are a myriad of marketing tools and campaign options available, executives must not lose sight of the obvious - your company's web presence is the singular most important digital asset in your organization. Marketers and editors are demanding more though. They want a content management platform and a best of class partner to:

1.  Really lean in and understand their role and where Drupal solves problems for them.
2.  Take the time to learn about goals, success factors, KPIs and the vision of not just the project or department, but company as a whole.
3.  Show a simpler and easier editorial experience workflow.
4.  Leverage data analytics to make more informed decisions.
5.  Execute at a consistent, predicable level, but also provide insight and exposure to how other organizations are utilizing Drupal in creative ways.

These items are resonating. Megan Saniki, Executive Director of the Drupal Association (DA), talked about how the DA will be working hard to serve the needs of everyone involved in a company's digital experience, especially those who would consider themselves "non-technical."  For example, there will now be a new content and editorial track at Drupalcon, more case studies, and a newly redesigned home page was announced for drupal.org.

Vision of Drupal:

Dries Buytaert, the founder of Drupal, gave a powerful keynote presentation. He mentioned what an exciting time and huge opportunity there is "to grab" for everyone who has been involved with Drupal the past 17 years. After listening to a cross-section of stakeholders, Dries articulated what Drupal's 4 most critical priorities will be to drive the community forward. They include:

1. Improving the evaluation process to help increase adoption - this includes the number of clicks and steps to download Drupal.
2. Improving the content creator experience (people want Drupal to act more like social media tools they already use on a daily basis).
3. Improving the site builder experience - this could include making the version update path easier (note: 8.5 is the newest release of Drupal).
4. Promote Drupal to non-technical decision makers.  In general, this should entail more collaboration for those who have a vested interest in marketing Drupal. This includes a "Promote Drupal Fund" drive that was announced to collect $100,000 to among other things hire an extra, full-time employee for the Drupal Association. 

Recommended Sessions:

Top Drupal 8 Modules: A tour through the best of Drupal in 2018
A Farewell to Twig 
WordPress vs Drupal: How the website industry is evolving

Looking to the future:

Let's continue the conversation. Please do not hesitate to reach out and schedule a follow-up meeting with myself or a Mediacurrent expert if you have any questions about Drupalcon Nashville or your next digital project.

Sooper Drupal Themes: 8 Days To Drupal 8 | Day 1: Media Management In Drupal 8

3 months 3 weeks ago

We're counting down the days to the official SooperThemes Drupal 8 Release! Count with us as we will be writing a Drupal 8 related blog post every day for the next 8 days.

Media management is one of the areas where Drupal was lagging compared to competing systems, like WordPress. In Drupal 8 Media management has improved greatly! With the Entity Browser you can create highly customized user experiences to manage your creative assets. In the early times of Drupal 8 it was difficult to set up the Entity Browser but in the meanwhile turn-key solutions have become available that do the tedious configuration work for you. 

Entity Browser Meet File Entity Browser

If you're using SooperThemes Drupal themes you have the option to use our demo content installation profiles. This is a real time-saver because the demo profiles do not only contain demo content; they come with a complete configuration of all the Drupal features you need. We chose to include the File Entity Browser in Glazed CMS for it's beautiful masonry grid and extended features. This module configures and extends the Entity Browser modules with media library views, mass upload with drag and drop support, and a useful image-preview feature that lets you check the quality your assets while browsing the library.

view on sooperthemes.com if you can't see the video

The preview tool even has an option to preview images in all your image styles, allowing you to decide the right compression/quality trade-off for your creatives!

Media Management In Glazed Builder 8.x

In Drupal 7 our Glazed Builder Drupal page builder module integrates with the Media module. The Media module integrates seamlessly with Glazed Builder, offering all creative assets in Glazed Builder that you have uploaded elsewhere in your Drupal site. Of course any images you upload in the Glazed Builder interface are also available in the media library elsewhere in your Drupal site. 

We achieved the same feat in Drupal 8. Getting there was not easy: the Media module in Drupal 7 offered an API to integrate media library in your frontend application but there is no such API in Entity Browser

Of course we don't let that stop us from building exactly what we want, and we achieved the same seamless integration with Entity Browser that we have with the Media module. 

SooperThemes Open Source Contributions For Entity Browser

In order to get the media management experience up to our standards we made some improvements to the experience and functionality. We contributed several patches to Entity Browser and File Entity Browser.

Supporting field cardinality in File Entity Browser and visual cues for media selection limits

Out of the box Entity Browser does not limit the number of files you can select based on field cardinality. On a single-image field you can select more than one image. Our patch doesn't just limit the number of files you can select based on the field settings but also adds a layer of visual cues that let the user know when he cannot select more images. The patch is unfortunately not committed at the time of writing this blog because there is uncertainty about whether this functionlity beling in Entity Browser core or in the File Entity Browser add-on module.

Check out this video to see how the patched version of File Entity Browser handles fields with unlimited, multi-value, and single-value cardinality:

view on sooperthemes.com if you can't see the video

OPTASY: What Is Business Process Consulting? 5 Reasons Why You Should Use These Services

3 months 4 weeks ago
What Is Business Process Consulting? 5 Reasons Why You Should Use These Services adriana.cacoveanu Sat, 04/14/2018 - 06:33

Has that time come yet? The “time” when you realize that your once a start-up business, involving just a few processes and people, has gradually grown into a hard to manage infrastructure? One having plenty of... “holes” to be plugged for better efficiency? Then it's a fact: you need to look for a business process consultant! But what is business process consulting anyway?

And this is just one of the questions that I'll do my best to answer in today's post. Besides this, I'll be:
 

Drupal Association blog: An overview of March Global Training Days

3 months 4 weeks ago

Drupal Global Training Days had a great start in 2018. And it keeps that fast pace. The March wave of events featured 13 GTDs in such countries as Rwanda, China, Japan, Russia, Serbia, Spain, Mexico, the USA, Nicaragua. Some of the trainings were delivered online and were accessible for everyone from around the globe.

Highlights from the organizers

We contacted several GTD organizers and asked them to share some insights on their events and local communities. Thank you Miriam, Suzanne, and Strahinja for participating. I share my story below too.

Miriam Torres (mtorresn) from Monterrey, Mexico How did you get started with GTD?

In Mexico there is a lot of talent in the IT area, which is why we started to organize GTD in Monterrey, Mexico several years ago with the intention of both growing the Drupal community in Monterrey, and discovering talents to which we can offer job opportunities.

Who helped to make your training happen?

Many talented people have supported this training and Accenture has been our sponsor for several years. However, Eduardo Santiago has been our main organizer, who has been present at all our events. In our March event, 8 speakers shared with us a little of their knowledge in very diverse subjects (Gerardo García, Omar González, Luis Nicanor (luisnicg), Reinaldo Araque, Omar Aguirre (omers), Aldo Velasco, Eduardo Santiago and Miriam Torres) and 6 staff members made our event possible (Magdalena Lozano, Adrián Briano, Ruth Medina, Karla González, Ricardo Bolio and Ramiro García). We also had the support of Tec Milenio University who gave us access to their campus and helped us spread the word about the event.

How many attended your March 2018 event and what did they say they wanted?

In GTD of March 2018, we had a total of 49 attendees, most of whom wanted to learn a little more about frontend development, but we had people with special interest in backend development and testing in attendance too.

What new knowledge did attendees receive from you?

On March 16, we held a meetup with 5 talks: "Reactive programming" (Gerardo García), "SCRUM: An agile framework" (Omar González), "Organizing Drupal Teams" (Luis Nicanor), "Docker + Drupal, Practical applications and its integration with Drupal" (Reinaldo Araque) and "Component-Driven design using Pattern Lab" (Omar Aguirre), and on March 17, our attendees took a training, choosing between 2 different topics: Site Building with Drupal 8 (Eduardo Santiago) and Angular + Drupal REST. (Aldo Velasco, Gerardo García and Miriam Torres)

Suzanne Dergacheva (pixelite) from Montreal, Canada How did you get started with GTD?

We started our Drupal training program at Evolving Web in 2012 by giving a free training at DrupalCamp Montreal. Since then, we've been offering professional Drupal trainings on a wide range of topics as well as community trainings at camps. We regularly offer free trainings through Global Training Days, and have done both in-person and online trainings for GTD. Inspired by this, we're now offering a monthly free, online 'What is Drupal' session.

Who helped to make your training happen?

I led the training at Evolving Web. The Drupal Association helped promote the event with emails and we had lots of re-tweets from others in the Drupal community which helped spread the word.

How many attended your March 2018 event and what did they say they wanted to learn?

We had around 50 participants in our online video conference. Some of them were exploring Drupal and trying to see if it's a good fit for their projects, others were Drupal 7 users trying to figure out what's new in Drupal 8.

What new knowledge did attendees receive from you?

We offer a 'What is Drupal?' Introductory course for the Global Training Days. It introduces participants to Drupal terminology and general concepts. Participants get to follow along with hands-on exercises and explore why they would use Drupal. They see what you get out-of-the-box with Drupal and what you can customize it to do. They see the role of themes and modules. The training also introduces participants to the Drupal community so that they can see the importance of community contributions and the value of open source.

My story: Marina Paych (paych) from Omsk, Russia How did you get started with GTD?

Initially the Omsk Drupal Community emerged in 2013 from random meetups. The first GTD happened in 2014 and was aimed to engage more people with Drupal and involve them in the community’s life. Since that time, GTD has been being organized regularly and more and more people attend this event.

Who helped to make your training happen?

The greatest help comes from the company ADCI Solutions. They sponsor all the expenses connected with the organization of GTDs and other Drupal Meetups in our city. Also, they provide a venue in their office called ADCI Events Hub.

The organizers of this event put many efforts in order to make an interesting event in a warm atmosphere. Anastasia Dubina (anastasiya-dubina) was responsible for an overall organizational process such as promoting the event, setting up logistics and equipment, preparing coffee breaks, etc. And I was responsible for agenda management and speakers preparation.

We had 8 amazing speakers who delivered plenty of useful information: Denis Usov (usdv), Tatiana Shulgina (tatiana-shulgina), Artyom Zenkovets (azenkovets), Alexander Kuznetsov (bikba), Maksim Lukyanchikov (max-luckianchikov), Dmitry Chuchin (choo_choo), Iuliia Gapunenko (iuliia_g), and Marina Kardopolova (mkardo).

How many attended your March 2018 event and what did they say they wanted to learn?

There were 93 attendees at March GTD. The target audience of GTD in Omsk consists of students and recent graduates, therefore they wanted to learn about the whole web development process and how it is operated by a real company. Also, they wanted to try themselves in development. Around 60% of attendees were more interested in back end, and 40% -- in front end.

What new knowledge did attendees receive from you?

On March, 17 attendees listened to 5 sessions aimed to explain the peculiarities of Drupal development. The agenda covered all the processes, and sessions were logically connected to each other in order to show to attendees a full idea of web development.

In the first session -- “How to create a web application architecture” -- Denis Usov narrated about each role in a web development team and how they work for a successful result. The second session “The role of a designer in an IT team” by Tatiana Shulgina clarified web designers’ responsibilities and tasks in a project. The third session “What is back end?” delivered by Artyom Zenkovets and Alexander Kuznetsov contained information about traditional and decoupled approaches and the specifics of back end in Drupal. The fourth session “How to become a front-end Jedi” by Maskim Lukyanchikov and Dmitry Chuchin included a list of tools and useful links that will help newcomers dive into the JS world.
The final session of the first day was dedicated to the Drupal Community and ways to get involved and was delivered by Iuliia Gapunenko. She also showed videos about how Drupal changed many people’s lives from her #DrupalChanges campaign.

On March, 18 there was a training where attendees could use their new knowledge in practice within a captivating coding competition. First, attendees were taught to build their first website and then - to code a custom module. The training was delivered by Marina Kardopolova.

Strahinja Miljanovic (SixZeroNine) from Novi Sad, Serbia How did you get started with GTD?

Colleagues and I were discussing how many people they know who are using other CMS and they've never used Drupal. We heard that we have Global Training Day coming soon and we wanted to invite people to come, see, try and learn Drupal. So we created a Google Event Registration Form with questions that will help us to see how many people know about Drupal, are they more interested in Theming, Site Building or Developing custom modules.

Who helped to make your training happen?

Vladimir Zdravkovic (botanic_spark), ramns, helped with sessions, Dragan Eror - with workshops. Radoslav Curcic (wingpaler) and Aleksandar Cvijovic (cvijo) contributed to both sessions and workshop. Miki Stojkovic (mikispeed) provided space, food, and refreshments. And I was an organizer of the event.

How many attended your March 2018 event and what did they say they wanted to learn?

The number of people who applied to attend the event was 23. Almost everybody wanted to learn everything, but it was physically impossible to hold all sessions and workshops one at the time, so we merged Site Building and Module development. 90% of the people wanted to learn site-building and module development more than Theming.

What new knowledge did attendees receive from you?

Attendees from Site Building learned how to create nodes, content types, block types, views (page, block, filtering, and sorting), taxonomies, fields and basic and most common hook examples.

Attendees from Developing Custom Modules learned how to create a module, how to enable it VIA interface, Drush, as dependency and hook_install. They also learned to create configuration forms and blocks programmatically and render input data from configuration form into a custom block.

Attendees from Drupal 8 Theming learned about general themes and twig, How to create a theme and subtheme, theme suggestion, regions, libraries, adding CSS and js files, adding custom classes and adding templates.

Join the movement

That was a report on how March Global Training Days went. You still have a chance to join the movement, organize an outstanding GTD in June, September, or December, and get featured in an upcoming blog post.

If you are in doubt about whether to organize a GTD event or not, check out the GTD group where you can find the GTD Working Group if you need help. Also, follow @DrupalGTD on Twitter to stay tuned.

Ashday's Digital Ecosystem and Development Tips: How to Convince Your Boss to Upgrade to Drupal 8

4 months ago

You really want to upgrade that old site to Drupal 8. You’ve seen the improvements, the new features, and you even figured out how to pull off an upgrade. The only thing between you and sweet Drupal 8 goodness is your boss. They don’t see the need to upgrade and think it won’t be worth the time or money to make the jump. Maybe they do think Drupal 8 is a needed improvement, but aren’t convinced that it is ready for prime-time. Here is what you do.

Jeff Geerling's Blog: Drupal, the Fastest - Improving the evaluator experience

4 months ago

At DrupalCon Nashville 2018, I became deeply interested in the realm of first-time Drupal experiences, specifically around technical evaluation, and how people would get their feet wet with Drupal. There were two great BoFs related to the topic which I attended, and which I hope will bear some fruits over the next year in making Drupal easier for newcomers:

There are a number of different tools people can use to run a new Drupal installation, but documentation and ease of use for beginners is all over the place. The intention of this project is to highlight the most stable, simple, and popular ways to get a Drupal site installed and running for testing or site building, and measure a few benchmarks to help determine which one(s) might be best for Drupal newcomers.

Xeno Media: Faster, Smarter Web Maintenance through (Semi) Automation

4 months ago

Website maintenance is needed to address any vulnerabilities identified in software over time.

Thanks to the collaborative nature of the open source communities of Drupal and WordPress, we get a heads up when new vulnerabilities are identified (Read more about why open source is great for business). When the fixes and security updates for those vulnerabilities are released, they need to get installed and tested as soon as possible.

There are benefits and drawbacks to fully automated website maintenance, just as there are for fully manual website maintenance. The best path is to do both.

A machine never forgets a step in a process. It just gets confused when it's presented with the unexpected. A person can introduce human error, but can create novel solutions to unexpected problems.

Benefits of Automation Fast

Machines are much faster than people at reading code. Computers are fast and they can apply steps in a process much quicker than we can. They can also run multiple tests simultaneously, leading to even more time savings. There is an inherent, upfront time investment to program the scripts, but once that time investment is made, all subsequent processes are significantly faster.

Accurate

A machine can repeat the exact same process, in the exact same way, thousands of times. It can also log processes, errors and results at every step, every time. A person couldn’t log the results of every single step, or, if they did, they would take significantly longer than usual to finish each test and there’d be many more opportunities for human error. This accuracy in repetition and recording means that we have a clearer picture of the test and its results available to us.

Thorough

A machine checks everything within the scope you set for it and nothing outside of it. It doesn’t care if “this little change isn’t going to mess anything up”. It checks everything you set it to. That total adherence to process is key when testing a system with multiple, related, and moving parts, like a website.

The Human Advantage We’re innovative

A machine never forgets a step, ever. It just gets confused when presented with the unexpected. People are needed to create novel solutions to those unexpected problems. A developer can invent new processes, fixes, and features and create new applications for existing ones. 

We can give human feedback

A machine won’t tell you if the final result looks professional and aesthetically appealing. It can only check if objects are rendered in specific predefined colors, object types appear in the correct spot on the screen and so on.  A person can see if everything comes together and looks good. They can provide feedback on the branding of your site, give you unquantifiable assessments of how your site makes them feel as a person.

We can do ad-hoc testing

Automated tests have to be developed, programmed and tested themselves before they can begin to test new features for your site. A person can run through some manual tests very quickly when there isn’t a need to develop a deeper test.

How we put it into practice

Our system automatically creates a cloned copy of our clients' sites and applies updates. It then runs a battery of automated tests on the patched clone sites, out of public view, before notifying our developers to review the results. 

Once the updates are confirmed to be working properly and that nothing untoward is going on, the developer pushes the site to live. If anything is off, the developer can dive right in and make any needed adjustments, again, behind the scenes. For anyone visiting a site during this process, it's business as usual.

Website maintenance solutions like this are critical to any business. Gone are the days (if ever they existed) of launch and forget websites. Websites vulnerabilities are identified over time as intruders' techniques become more sophisticated. You can't prevent 100% of all data breaches, just like you can't prevent every burglar from trying to break into your house. But you can fix the porch light when it gets broken, and tighten up the deadbolt if it gets loose. So long as you've got someone checking the lights and testing the doors.

 

Keep up your Website's Performance with Website Maintenance!

 

 

Security public service announcements: Drupal Core - Highly Critical - Public Service announcement - PSA-2018-002

4 months ago
Description

This Public Service Announcement is a follow-up to SA-CORE-2018-002 - Drupal core - RCE. This is not an announcement of a new vulnerability. If you have not updated your site as described in SA-CORE-2018-002 you should assume your site has been targeted and follow directions for remediation as described below.

The security team is now aware of automated attacks attempting to compromise Drupal 7 and 8 websites using the vulnerability reported in SA-CORE-2018-002. Due to this, the security team is increasing the security risk score of that issue to 25/25

Sites not patched by Wednesday, 2018-04-11 may be compromised. This is the date when evidence emerged of automated attack attempts. It is possible targeted attacks occurred before that.

Simply updating Drupal will not remove backdoors or fix compromised sites.

If you find that your site is already patched, but you didn’t do it, that can be a symptom that the site was compromised. Some attacks in the past have applied the patch as a way to guarantee that only that attacker is in control of the site.

What to do if your site may be compromised

Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack.

Take a look at our help documentation, ”Your Drupal site got hacked, now what.”

Recovery

Attackers may have created access points for themselves (sometimes called “backdoors”) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access.

Removing a compromised website’s backdoors is difficult because it is very difficult to be certain all backdoors have been found.

If you did not patch, you should restore from a backup. While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find. The recommendation is to restore from backup or rebuild from scratch. For more information please refer to this guide on hacked sites.

Contact and More Information

We prepared a FAQ that was released when SA-CORE-2018-002 was published. Read more at FAQ on SA-CORE-2018-002.

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

OPTASY: Adaptive vs Responsive Design: What Is the Difference? Which One Is Better for You?

4 months ago
Adaptive vs Responsive Design: What Is the Difference? Which One Is Better for You? silviu.serdaru Fri, 04/13/2018 - 16:40

Adaptive vs responsive design. Is there really a matter of “better vs worse”? What's the difference anyway?

For the boundaries sure look blurry enough. Especially since both types of web design provide you with a solution to the same challenge. The one you're facing as a web designer:

A design that should cater to all screen sizes.

Now, instead of delving into this confusion even deeper, let's shed some light on:
 

Amazee Labs: Lessons In Leadership From DrupalCon Nashville

4 months ago
Lessons In Leadership From DrupalCon Nashville

Taking on a leadership position can be a very rewarding but also draining experience. I’d like to share some of the exciting things that stood out to me at DrupalCon in terms of leadership. In the last few years, I was able to take on a number different leadership positions such as CTO at Amazee Labs, running the #d8rules initiative or co-organizing camps in Austria and Switzerland. To me, it’s a deeply satisfying experience to be part of a team that works towards a common goal and see myself being able to help drive us to be successful. At the same time, leadership always felt very difficult to me. Why wasn’t I able to take decisions effectively? Why wouldn’t others follow my advice as I wanted them to?

Looking up to other leaders at work and in our community is really valuable to me. It allows me to feel inspired, keep improving, and relate my own struggle to the struggles of others. I’d like to share an overview of the things that inspired me during this DrupalCon Nashville.

Josef Dabernig Fri, 04/13/2018 - 17:53 Leadership lessons at DrupalCon Nashville

The Diversity & Inclusion team ensured me that fighting for a common cause with a well structured approach can lead to great results. This DrupalCon featured 40% speakers who identified as part of an underrepresented group. This is an awesome achievement and I appreciate the group and the DrupalCon program team who made this possible. I also really like how D&I tries to lead by example as they extend their attribution system to credit for non-code contributions such as attending an initial meeting. Finally, Nikki Steven handed over initiative leadership to Fatima and they mentioned how helpful it can be to distribute ownership of an initiative to make sure the cause is more important than the actual person leading it.

The Community Working Group (CWG), together with Jordana & George, explained their approach to ensuring safety within the Drupal Community. I appreciate the hard work they put into such a thoughtful process that helps us deal with difficult situations. An important aspect of the communication is to always try to separate internet and impact. A person might have the best intentions when they do something, but it is also really important that they understand the impact their actions have on others. A lot of the work that the CWG does goes into the mediation process. This brings disagreeing parties together to reach an understanding their own actions and how others feel about it. Not every difficult situation can be solved in a mediation process so it was great to learn that the CWG also relies on a careful process that leads to taking action if needed.

On Tuesday I was able to attend a Leadership workshop that was organized by the CWG and facilitated by Adam Goodman, Chairman of the Drupal Association. Adam is Director for the Center of Leadership at Northwestern University and I really appreciated his thoughtful approach to this workshop. Together as a group of roughly 50 attendees, we used individual and group exercises to discuss our different perspectives on leadership. Adam was able to make sure that there was a balanced discussion, added plenty of valuable insights, and reassured us that leadership is not always an easy topic. There was also a controversial discussion about the boundaries of leadership and I would like to thank Donna Benjamin for writing her thoughts on it.

In his keynote, Dries took a good amount of time to reflect on the leadership of Drupal. In his section on fostering the community, Dries presented his version of Drupal’s values and principles. I think this is an exciting move forward for us as a community to being able to define and iterate on our values and principles definition. I like how Dries stressed that he put a lot of effort into working on those but at the same time, that he also recognizes that they by no means will be perfect from the beginning. We’ll need a good amount of feedback & collaboration to help make sure that the values & principles definition of the Drupal community, as diverse as it is, serves the purpose and needs of our extensive community.

Rachel Lawson, Community Liaison at the Drupal Association, shared her story at the beginning of Wednesday’s keynote. I appreciated finding out how her feeling welcomed enabled her to become a key contributor and leader within our community. Rachel’s open and candid approach has always been a refreshing experience for me. Over the years, Rachel has always provided an open ear for me to discuss leadership challenges. It’s great to know there are people available that will listen to you and that want to help you to become better at what you do.

Finally, in the keynote itself, Steve Francia shared his very inspiring journey leading various open source community projects. There were tears in my eyes when I found out that Steve had been struggling with the responsibility of being the lead of these big, successful projects, especially when he wasn’t aligned with the project's goals anymore. Steve realised he needed to step down in order to focus on what he wants to work on. I especially appreciated Steve’s honest approach to giving genuine feedback to himself and us as a Drupal community. Steve’s presentation was full of great feedback for us a Drupal community and how we have inspired him to develop the communities he is working with.

Final thoughts

It’s awesome to look at what others do when it comes to leadership and get inspired by them. But without introspection, true leadership cannot really emerge. I’d like to conclude with my own notes from the leadership workshop:

What is teamwork?

The work performed together as a group of individuals towards shared goals.

What is leadership?

Everything that helps the teamwork such as leading by example, principles, coaching or being a servant leader.

How do people learn to become more effective team members, followers, and leaders?

When we learn to express our needs, feelings, and provide feedback. When we understand what our peers need and learn how to create safe spaces for interaction and collaboration. When we listen actively, take responsibility and are open to learning something new every day.

What’s next?

Today is the most collaborative day for DrupalCon. At the sprints we all come together to work on Drupal initiatives. On my side, I’m looking forward to meeting the DrupalCon Europe team to discuss the program. If you are interested, check out the website to get your ticket or sign up as a volunteer.

I want to get better at enabling others. In that spirit, I am looking for a new #d8rules initiative coordinator. If you are interested in helping the Rules module to Drupal 8, this might be a great opportunity for me to learn how to coach you. Feel free to reach out to me.

CU Boulder - Webcentral: Change My View: D8 isn't the best upgrade path for 1000 D7 EDU sites

4 months ago

Like many other Drupallers, I'm in Nashville this week. Unlike previous DrupalCons, I'm less excited about being here than previous year. While my team at the University of Colorado Boulder currently manages 1000 D7 sites, it looks increasingly less likely that we'll be upgrading to D8.

Angela “Herder of Cats” Byron recently tweeted...

OK, time for our semi-annual poll/group therapy session. ;)

What are the 5 top things you or your clients run into problems with on #Drupal 8?

— webcsillag (@webchick) March 9, 2018

The last time she tweeted this, we responded with a few specific issues we had at the time. After maintaining a handful of D8 sites in production for a few months and meeting with 20+ developers and designers from teams at all campuses in the University of Colorado system earlier this year, we now have a more comprehensive list to answer the question of why the University of Colorado Boulder isn't moving forward with updating the Express install profile to D8.

We've already written and presented about some of these, but my goal at DrupalCon is to find people who will convince me that we're wrong or point out what we're missing. I can't emphasize this enough that we really want to be proven wrong and pointed in the right direction about some of these so we can stop evaluating options other than D8:

  • When running 1000 sites, D8 requires much more CPU and memory resources to render the same HTML output as D7. Because D8's core can't be run from symlinks, it doesn't support atomic deployments or efficient opcode caching when running 1000 copies of the same codebase. This leaves traditional multisite or containers as options. Multisite's limitations are well known. Containers add complexity and require more resources that provide little benefit when running Drupal as a service.
  • D8 seems slower than D7 or other PHP alternatives. Everything from updating with Composer, menu routing, and editing pages. While this isn't as much of an issue for users browsing the sites since the output is cached and served by Varnish, the slow renders are very noticeable to editors and developers.
  • Install profile inheritance is still unstable. Despite 6 years of development, being included in popular D8 distributions like Lightning, and Dries blogging about it, it is unclear this core patch will ever be committed. Acquia drove the patch in a different direction for over a year trying to make a base profile's dependencies optional. When we suggested making the Umami demo a sub-profile of Standard, it became clear how few members of the core team knew anything about profile inheritance or supported updating core to support it.
  • Our experience with highly promoted D8 "successes" like Webform wasn’t great. The D7 version of Webform reports more than > 440K installs. The D8 version, ~32K reported installs. This isn't a criticism of @jrockowitz or the Webform code. He is doing amazing work, but we felt the lack of a larger base of developers contributing fixes and extending Webform when working with Webform and Views.
  • The lack of license compatibility with 2 of the 3 most popular licenses off the island (Apache-2.0 and GPL-3.0) is a dead end. This is related to @jrockowitz's repeated attempts to find away to give work away while earning a living developing for Drupal. Drupal's strict GPL policies now seem to stifle development vs. encouraging it when compared to the more balanced approach taken by projects like WordPress.
  • D8’s Layout Initiative isn’t a good match for how we currently manage Drupal as a service. Now that the dust has settled on 8.5.0, we'll post more on this soon.
  • We're finding fewer well-maintained contrib projects. While using contrib projects can be golden handcuffs that only get you 80% of a solution with options and assumptions you end up fighting against in the end, we've mastered the embrace and customized/extend/contribute back approach. We rely heavily on contrib and actively contribute back. We maintain or co-maintain projects used by more than 100K D7 sites. When we find fewer D8 contributions to meet even 80% or our needs, it makes less sense to develop our own solutions for Drupal than a leaner, faster framework.
  • The "let's throw everything in core" approach results in an increase in critical security releases for code we aren't using. This is an issue in environments with distributed development, systems, networking and security teams, where a security team is periodically scanning for known vulnerabilities with tools like Qualys, Arachni or Nessus. With something like sa-core-2018-001, these scans don't care that the Comments module is disabled or even deleted. They scan the code looking for anything less than Drupal 8.4.3 and report that the entire code base is a security issue. We can respond to the issue by explaining that it is mitigated by X, but that fact remains that more code in core will likely translate to more staff time applying security updates to 1000+ sites. Ideas like what @davidhernandez suggested package Drupal both framework (essential core) and product (core) aren't getting the same attention from the DA as demos and other improvements to attract non-technical users to Drupal. LTS support services offered for D6 aren't really enough since they aren't altering the code fingerprint that the security scans are looking for.

I wish moving from D7 to D8 was an obvious move for us. It would make my job much easier. After watching the normal stability requirements ignored to sneak Umami into 8.5 and realizing that the initiatives DA was promoting for core (automatic updates, project browser, telemetry and in site announcements from the DA) are NOT features we'd use in our service, it's becoming increasingly clear our needs no longer align with what is driving the priorities of the Drupal project. When I evaluate D8 through the Umami demo, it's clear that we aren't even the target audience for what the project wants to highlight to people evaluating it. When we evaluate a framework, product or service, part of what we evaluate is the cost to maintain. When fatal errors are acceptable in a demo after a core update, we question whether we'll be able to easily apply upgrades if the developers most familiar with this framework can't upgrade the demo?

The Express install profile we've developed and use at multiple campuses is the 5th most popular D7 distribution on Drupal.org.

It's not that the entire University of Colorado system is against D8 either. Both the University of Colorado Colorado Springs (UCCS) and Auraria Library are both using D8, but for very different use cases than the Web Express service we offer for free on the Boulder campus.

UCCS is moving from Ingeniux to D8. For those of you who aren’t familiar with Ingeniux, it is a XML/XLST static site generator with limited features for dynamic content.  UCCS initial D8 offering has similar limitations to Ingeniux, but they are leveraging Migrate to move sites from Ingeniux to Drupal very quickly.  They are also hosting their Drupal 8 sites themselves on the most advanced server architecture within the CU system which well set them up well to add new features in the future.

Auraria Library is another high profile D8 site.  This site has more features and functionality than the UCCS sites, but it also has a small development team supporting a small group of content editors and is hosted on Pantheon.

While D8 makes sense for both of these use case, neither of these groups had insights on how we could overcome what we think are D8's short comings for the ~1000 sites we manage for the University of Colorado Boulder.

While I'd prefer to continue maintaining D7 sites while developing new projects in D8, the lack of clarity from the DA around the EOL of D7 is forcing us to invest time in evaluating alternatives now. When I read that Symfony 4.1's router is now the fastest PHP router, I get both excited and terrified. I'm excited since, in some ways, this would prove everyone that pushed to get off the island and collaborate with the larger PHP community right. I'm terrified because I realize that Drupal going from Symfony 3 to Symfony 4 most likely means D8 to D9. If D9 means the end of support for D7 and quarterly justification for running software our security team views as insecure, we have to go all in on a direction other than D8 soon.

We've spent some time trying to answer the question, "if not Drupal, then what?" If we can't figure out how to make D8 work for us, I'll post more about what we found when evaluating alternatives to D8. This week, I'm focused on trying to make D8 work well when hosting Drupal as a Service in higher ed.

If you see me at DrupalCon, PLEASE change my view. I won't be hard to spot.

I've started a thread on r/drupal/ for everyone who's not at DrupalCon.

Developer Blog
Checked
1 week 5 days ago
Drupal.org - aggregated feeds in category Planet Drupal
Subscribe to Drupal Planet feed