Jul 11 2018
Jul 11

The American Disability Act (ADA), 1990 provides provisions to secure the rights of specially-abled people. Although, when first passed, it focussed primarily on physical properties, over time it has covered digital spaces too, which means people can take a complaint to the court for discriminating and violating the ADA act. 

Accessibility is a more accepted norm when it comes to physical infrastructure, however, when accessibility translates to the digital space, industries across the web are struggling to answer. Higher education is no exception.

Building entrance with people sitting on stairs and three Harvard flags tucked on four pillars

 

“The National Association of the Deaf in 2015 slapped Harvard University and Massachusetts Institute of Technology in Massachusetts federal court, accusing them of discriminating against deaf and hard-of-hearing people” 

An absence of hard and fast rules to adhere to in the higher education sector often lead institutes to ignore the web accessibility practices. 

Exploring the Issues in Higher Ed and the ADA Compliance

Lawsuits can be avoided by following WCAG 2.0. Since web accessibility guidelines and best practices are already clear through WCAG 2.0. 

The ADA Compliance

The ADA not only covers the general non-discriminatory guidelines but also encourages organizations, institutions, and businesses to provide accommodations to people with disabilities so they can have the same level of access to services as everyone else. 

The law was amended later in 2008 to fit the conditions of modern society and include the digital space while broadening the term “disability”.

Since, ADA conforms to other state laws, including section 508 of the Rehabilitation Act and existing WCAG 2.0 guidelines, hence the term - ADA Website Compliance. In January 2017, the federal government adopted the Web Content Accessibility Guidelines, (popular as WCAG 2.0) setting the standards with A and AA level for all websites. 

The Guiding Principles to Web Accessibility - POUR

The WCAG 2.0 consists of 12 guidelines with four arching principles of POUR. These guidelines relate to one simple question: can the users with varying degree of ability ingest the content on your site?

“Just as no ramps would exclude people with a wheelchair, videos without caption exclude people who are hard of hearing.”

Accessibility in higher education should not be restricted only to lectures and videos. In the case of a flash-based campus tour, there should be alt-text for visually impaired people. Accessing content should be intuitive. Making navigation easier needs to be part of the plan. 

Perceivable
Operable
Understandable
Robust

  • Perceivable

The content needs to be presented in different ways, including assistive technologies, without losing its meaning. The easiest way to do so is by providing alt-text for non-text content. The content should be easier to see and hear. 

By no means should the multimedia content be unattainable.  In the case of Harvard and Massachusetts Institute of Technology, the content was not perceivable for the deaf and hard-of-hearing people.

Story of Harvard: Harvard and M.I.T. have extensive free materials online, distributed across platforms like [email protected], MIT OpenCourseWare, YouTube, and iTunesU, edX which offers extensive massive open online courses (MOOCs), free to students around the world. 

The videos either did not include captions or were inaccurately captioned (read unintelligibly) making it inaccessible for people with hearing ability.

"Accessible" means fully and equally accessible to, and independently usable by, differently abled students and faculty members in a way that they can acquire the same information, engage in the same interactions, and enjoy the same services as sighted students and faculty with substantially equivalent ease of use.

This principle ensures that the content is easy to operate upon. Web accessibility issues are not synonymous with visibility issues, as is the popular myth. They are as much a problem for people with hearing disability as for a person with a neurological or cognitive disorder. 

The content on the website needs to be accessible with a keyboard for people with limited motor functions, people with color blindness, and avoiding the use of content and types that cause seizure. 

“People living with reflex epilepsy have seizures that occur in response to a specific stimulus, like flashing lights or by noises.” 
  • Understandable

Is the text readable for people with difference in visual ability? This principle ensures that the content appears and operates in a predictable way. This specifically focuses on the issues related to color contrast. 

Two bad examples of contrast on left with black on yellow vs two good contrast example with yellow on black on right

Accessing content should be intuitive and easy. To disable the pop-up button or going back need not be a time-consuming exercise.  

Atlantic Cape Community College in 2007 was dragged to court by a visually challenged student after the campus and curriculum proved to be a challenge for him. 

Any content - written or multimedia - should be future proof. Efforts should be made to maximize compatibility with current and future user tools. Before the dawn of the 21st century, screen readers were not as popular as they are 18 years later. A decade back even mobile phones were not as ubiquitous. 

Assistive technologies are advancing by leaps and bounds, and your site needs to adapt and step up with upcoming trends in hardware and software tools. In order to keep the content robust, higher ed institutes need to adhere to best practices or lose it the way University of California, Berkeley did.

“In a similar scenario in 2017, The University of California, Berkeley, in response to a Justice Department accessibility order, had two options:

1. Update existing content to comply with accessibility standards.
2. Remove more than 20,000 video and audio files from public view.

They chose the latter, the digital equivalent of boarding up the entrance to a building instead of installing a wheelchair accessible ramp.”

Checklist: Making Higher Ed Institutes ADA Compliant

In its defense, the Harvard University asked the court to propose rules “to provide much-needed guidance in this area”. This is one of the most infuriating aspects of accessibility compliance in higher education – there has been an absence of hard and fast rules to adhere to. Something that echoes the statement of Harvard. 

Logo of Massachusetts Institute of Technology on the top left, Harvard University on the top right, and edX on center bottom


Now that we understand the guiding principles, we are in a better position to deliver a better user experience to all. One thing worth highlighting is - accessibility issues are easier to address before they manifest on your site, not after. 

“It costs significantly less to make a site accessible than it does to procure the lawyer to protect you in an accessibility claim.” 

Under WCAG 2.0 priority levels are assigned to each checkpoint based on its impact on accessibility. These levels were the following:

Priority 1: Conforming to this level will make it possible for one or more groups to access the web content. This is level A.
Priority 2: Conforming to this level will make it easy for one or more groups to access the web content. This is level AA. 
Priority 3: Conforming to this level will make it easier for most of the groups to access the web content. This is level AAA.

Drupal has been powering higher education websites. In fact, it is one of the most-sought-after CMS for higher education institutes. Read Why Drupal Is Your Best Bet For Your Educational Site

Level A Conformance 

  • Provide web pages with titles that describe the topic or purpose of the page.
     
  • Make sure it is navigated in a meaningful manner while providing the options to bypass repeating blocks of content on multiple pages.
     
  • Make sure that the purpose of each link can be determined by the link text alone unless the purpose is ambiguous to all users.
     
  • In case of an input error made by the user, provide text information specifying the item in error and the error itself.
     
  • Provide labels, guidance and instructions, and text alternatives for all non-text content. Controls or input fields must have a name describing their purpose. 
     
  • Information must be accessible to different users in multiple ways, including through assistive technologies (such as screen readers) without losing information. 
     
  • Using colors that convey visual information, distinguishing visual components, indicating actions or prompting for a response.
     
  • Users must have the ability to fully operate the website through a keyboard interface, including the ability to pause and stop any presentation, audio or adjust the volume. 
     
  • Content must not cause seizures. Avoid designing content in a way that is known to cause seizures.
     
  • Compatibility with other user software, like the ones in assistive technologies.

Level AA Conformance - other than those in level A

  • Provide captions for all live audio content. And provide audio descriptions for all pre-recorded video content.
     
  • Text content and images of text must have a contrast ratio of 4.5:1. Content that serves only design purposes have no contrast requirements.
     
  • Enable the user to resize the text up to 200 percent without any assistive technology.
     
  • Use of text over images, whenever possible.
     
  • Provide multiple ways to locate web pages.
     
  • Ensure the keyboard focus indicator visibility through all interfaces.
     
  • Components with the same functionality must be identified consistently.
     
  • Ensure the security of legal and financial data transactions by making them reversible, and giving the user an opportunity to recheck the input data and the confirmation mechanism before finalizing submission.

Level AAA Conformance - other than those in level A and AA

  • Support all pre-recorded audio content with sign language interpretation and provide extended audio descriptions for all prerecorded video content where there’s no opportunity to pause the foreground audio and provide audio descriptions.
     
  • The contrast ratio between text and images must be 7:1. However, text or images which serve only design purposes do not require contrast or alt text.
     
  • Any pre-recorded audio content must provide users with context-sensitive help. In case the audio-content is not a CAPTCHA it should either:
    • must not contain any background sounds
    • or the background sounds can be turned off, 
    • or the background sounds should be at least 20 dB lower than the pre-recorded speech content. 
       
  • Provide users with a mechanism to choose foreground and background colors. With the width of blocks of content must not exceed 80 characters or glyphs.
     
  • Line spacing must be at least 1.5 spaces within paragraphs and paragraph spacing must be at least 1.5 times larger than the line spacing.
     
  • Ensure the text can be adjusted up to 200 percent without the use of assistive technologies. The user does not have to scroll horizontally to read a line of text.
     
  • Allow users to postpone or suppress interruptions, except in the case of emergency.
     
  • Ensure the users can continue their activity without much interference or loss of data after re-authentication in case the authenticated session expires. 
     
  • Include information on the user’s location within a set of pages. Provide supplementary content for identifying definitions of unusual words or phrases, including idioms, abbreviations, and jargon.
     
  • Provide additional content when users require a more advanced education level than lower secondary education (to 9th grade) to understand the content.
     
  • Changes of web content may only be initiated by the user or the user must be provided with a mechanism to turn off such changes.

It is worth noting that web accessibility compliance may not be realistic for all websites depending on the type of content. Drop a mail at [email protected] and connect with us if you are planning to build a user-friendly education website. 

Jun 20 2018
Jun 20
"In a virtual community we can go directly to the place where our favourite subjects are being discussed, then get acquainted with people who share our passions or who use words in a way we find attractive. Your chances of making friends are magnified by orders of magnitude over the old methods of finding a peer group."
- Howard Rheingold, The Virtual Community, 1994

Communities are important for the success of any multimedia information systems, today. Gaming is no exception, especially when it has become a part of our new media culture, entertaining people of all ages. The satisfaction of gaming community members can influence the success of a game and it is no secret why highest selling games have the largest communities. 

pokemon gif with money falling over on meow


To keep up the community and the platform with the latest trends, features, and functionalities, it is important that you choose the right technology for your platform. Drupal is an easy choice. But why are gaming communities increasingly opting for Drupal as the platform of their choice? 

“The famous augmented reality game, Pokemon, managed to give an unprecedented swiftness, leading to Nintendo’s stock value increasing dramatically and achieving $470 million in revenue in just 80 days.”

The Power Of Gaming: Why Gaming Industry Needs Community?

Not very often will we associate the word community with gaming. And yet, these community platforms are where the games really mature. In terms of engagement and shared values, a common cultural background plays an important role, which can be reflected by the spatiotemporal distribution of the gamers. 

What is a Gaming Community?

The community of gamers can be identified either as a whole or part of video game culture.
It comprises of people who play games and those are interested in watching and reading about it. 

Community support is important for both game development and community building. 

  • User Acquisition: A shared goal, interest provides the reason for being a part of the community. A community is what builds a game, and community is what drives the game beyond its niche success into the blockbuster — shaping the success of ROI for an engaged, excited community is off the charts.

    Intense interactions and strong ties are not only important for online multiplayer games, they enhance the intensity and user experience too.  

    Over 53% of US teenagers play online games with people they know in their offline lives (Pew Research, 2015). Community support allows integration of offline friend circles into online communities.  
     

  • User Retention: Gaming communities form a very crucial part in retaining the users as video games have grown into a subculture since their birth.

    Community services enhance competition within games, which builds up customer loyalty as a consequence. Games and gaming communities are strongly intertwined and experience permanent co-development. 

    Discussions on new features, problems they encounter at playing, advice about gaming strategies via forums is where the retention starts at. 

    The modern games provide direct in-game communication, which is not restricted to a simple message exchange, but also involves further service functionality. 

  • Improves Quality: Gaming communities are a place of intense interaction after all games are about shared experiences, rendered with extraordinarily interaction and ownership.  All successful games have communities. tracer over the shoulder victory poserThe infamous butt pose - Tracer' over the shoulder victory poseAnd this where the changes come from. Remember the infamous Tracer butt controversy from 2016? Well, it was after the community chose to put their outrage did the gaming giant Blizzard Entertainment had to pull down the post to show the accurate representation of the values.


Why are Gaming Communities Opting for Drupal?

What does Drupal offer to the gaming communities that they are opting for it? Here is a list of why Drupal is the choice for the community platforms.

  • Decoupled Drupal for Intuitive Game Live UI Experiences

Much like physical sports, video games demand a certain standard of ability where the player can enjoy from the very moment the game is started. Regardless of whether there is an explicit tutorial, players must instantly intuit what to do, what the basic rules are, what is good, what is bad, and how to go about doing the various things that can be accomplished.

The more the realism your game offers to the gamer, the longer they would want to play. 

With the decoupled experience in Drupal, you can create an interactive experience for the gamers by utilizing your site to completely control the useful in-program applications. While the front end can easily be coupled with other technologies such as jQuery, JavaScript, Node.js, and React.js. The backend in turn shifts to become the system of record, but the interaction happens real-time in the browser, back-and-forth. 

The headless site advancement can possibly release the imaginative influence of the diversion with intense gaming experience which is faster, more natural, intuitive and responsive at the gamers’ end. The end result is smoother and faster games played live. 

  • Gameplay based customizations

Games allow players to perceive themselves in alternate ways in their imagined worlds. Player identification – with Avatar and Character – helps build the interest while also improving the gameplay experience and is important to maintain the identity in the possible communities as well. 
 

Garen Avatar from the leagues of legends highlightedAvatars in the Leagues of Legend

An example of this could be the website of League of Legends – built on Drupal – which is a team-oriented strategy game where the goal is to work together and bring down the enemy nexus located in the middle of the game. 

Roles of assasin, fighter, mage, and marksmen offered in the Leagues of LegendRoles offered in the Leagues of Legend

Drupal has tools and services for building user profiles, fostering the creation of virtual sessions, allowing communication with third party serious games, and storing and processing the game analytics. This is important since it helps the gamer take the game more seriously and relate to it on a virtual level.

  • Scalability

Zynga – a leading developer of the world's most popular social games – website is built on Drupal. It claims to have 100 million monthly unique visitors, making it the largest online gaming destination on the web.

Scalability is Drupal’s middle name
Farmville 2 description on Zynga

Handling high volumes of visitors, content, and users is a tough job. But Drupal does it easily. As it is said, “scalability is Drupal’s middle name”. Some of the busiest sites across the world are built on Drupal. 

It is apt in handling sites that burst with humongous traffic, which means your gaming website can perform spectacularly even on the busiest of the days without breaking or bending. 

  • Multimedia support

Visit the famous StarWars The Old Republic (SWOTR) website and the background has video snippets playing from the game. Multimedia support is not new to the gaming industry. To keep the engagement high, you need to support multimedia features like scorecards, videos, photos, audios among others. 

gif from star wars games

Drupal is a highly versatile and customizable CMS. It has various modules available to support this need. The photo gallery module, media entity module, and easy to use templates to customize appearance are just a few from the list.   

Not just this the photo gallery module helps you customize images with templates, build you scorecards

  • Mobile Responsiveness

Video games have once again found themselves more widely played and accepted, thanks to the increasing smartphone reach. Add to it one more feature, your game needs to be device responsive too with easy and intuitive controls. 

Drupal 8 is device responsive out-of-the-box. Which means your content adjusts well from the big screen of your desktop to the little screen. Image size changes, menu items shift to drop-downs, other items are pushed around to make sense of content and size of the device. 

But games are not just about the squeezing to a different size thing. They need to offer the same experience as in the native web application without taking away the intuitive design. This can be sorted with the Hammer.js module in Drupal. Hammer.js helps you enhance the user experience by providing cross-browser support and taking away a lot of complexity when implementing touch and pointer gestures. Leveraging it in Drupal is easier than ever due to the Library API of Drupal 8.

  • Adding complex categories and catalogs

Gaming communities are a lot different from what the gaming websites offer. Since each game will have different sub-communities, it becomes a need to build those categories with design and category apt to the theme. 

screenshot from leagues of legends with various categories and catalogs

Drupal provides a powerful taxonomy engine, allowing gaming companies to support intricate designs and complex categories and catalogs, without much ado. The flexibility of adding different types of products and content is ensured by content creation kit (CCK). CCK allows you to add custom fields to any of the content types using a web interface

  • Discussions, Reviews, and News

Communities are all about discussing what is happening or happened. Therefore one of the primary community needs is for a easy content creation with different content types. The more the types, higher the engagement, more the users will interact. Blogs, events, FAQs, news are all important.

screenshot of leagues of legend with news sectionScreengrab from League of Legends
  • Quick Search 

Communities are a busy place with a lot of activities happening at the same time. Content that might interest a user can get lost in the myriad of content. In Drupal, Solr is used to get more accuracy within less time. 

search for new games and its results

Drupal has Solr integrated for a quicker search. Solr is a highly reliable, scalable and fault tolerant search application which provides distributed indexing, replication, and load-balanced querying with a centralized configuration. 

  • E-commerce Solution

Integrating commerce with the website is an old practice and most gaming companies leverage this opportunity to boost their sales. Klei – an Independent game studio – chose Drupal to create a seamless shopping experience for both mobile and desktop users.

According to The Jibe, "Klei needed a site and store that was as easy for them to manage as it was for their customers to buy: easy sorting, featured items, promo-code inputs, simple searching, and clear calls-to-action."

shopping cart with Klei

After integrating the online store with Drupal the team can easily add new products and games on the fly while also managing the promotions and highlighting featured items easily.

DrupalCommerce and Commerce Kickstart are two of the most popular solution that Drupal offers. With easy payment gateway integration, your online transactions are secure with Drupal.

Drupal vs. Wordpress 2018

Building a Community website

Building an online community, a network of people with shared interests and goals with target niche audience to be part of it with easy usability and navigation. 

Example: Pinterest Community

Winner: Drupal 8 

Why? For an extensive user management in your community, it would require custom fields, different content types, scalability, varied user roles and permissions among the others - all of which are easy to build in Drupal 8. In case you need a simple to-do community with limited features and functionalities, then maybe Wordpress will work. But then that format would be closer to a blog, anyway.

Building a Gaming Website

These are the sites featuring direct online gaming with single or multiplayer and can include games of any type from the different genre. 

Example: Zynga

Winner: Drupal 8 (Clearly)

Why? While you might think of Drupal as a preconfigured PHP framework, it is vastly more suited to developing an online game than Wordpress is. Drupal is fast, mobile responsive and scalable. It can handle as content as much as you want, as many people as you can think of - without crashing. 

And as far as WordPress is concerned, why would you want to choose a software built from a blogging background to create a game?

Building a Basic Gaming related Website

These are the types devoted to the world and culture of computer gaming. Will includes gaming news, magazines, FAQs, and resources. 

Winner: WordPress

Why? Although Drupal 8 more suited to handle the content, WordPress has a slight edge here. All the types mentioned here are related to publishing. Being a blogging platform (niche) WP can suit the needs better since its out-of-the-box configuration comes closer to your goals. 

Although in case there are varied features added like user login, reviews, managing multimedia content, and discussions then, Drupal is clearly the hero. 

Building a Media-Streaming Website

These are the sites that offer audio/video streaming services, such as podcast, television and film, sports, music, among others.

Example: AXN 

Winner: Drupal 8

Why? Drupal 8 can handle multimedia content much more flexible than WordPress. While WordPress can excellently handle content that's primary text, Drupal 8 makes all types of a media a first-class citizen. 

With clear taxonomy and easier role management, coupled with faster-load time, it won’t bend or break when streaming content live. 

Summing Up

Community platforms have become an easy measure to the success of any game since they serve a combination of purposes varying from technical to human factors. Further community satisfaction measures need to be considered in order to improve the product model and quality in future. 

Drupal mostly serves the needs of the gaming industry, is should be a no-brainer when opting for it. Drop a mail at [email protected] to connect with us if you are building your gaming website or community platform.

Jun 11 2018
Jun 11

Even though security remains one of the major concerns for an organization, the implication of new technologies has at the same time broadened and complicated the understanding of the term. 

Security is no more about working in isolation. 

Recent events such as Drupalgeddon 2 in March and other subsequent security releases in April – marked critical – have once again brought the question ‘Is Drupal Secure?’ to the center-table. Drupal is among those few open source projects popular for their security with a dedicated team working on to improve it. However, there are still sometimes when the security of your Drupal website is under the impression of threat. 

anonymous mask on a black background with a cctv on top left corner

Security is a vast area of expertise and it is quickly changing with time. No more is it about one person working in isolation or an expert who can understand all the aspects. 

While the list of do’s and don'ts is extensive and exhaustive to keep up with the threats, vulnerabilities and mitigation strategies, here are the top seven Drupal security practices to follow in order to keep up the health of your website. 

And Aristotle once said...

The aim of the wise is not to secure pleasure but, to avoid pain.

Seven Drupal 8 Security Practices

Securing the Server-side Hosting Environment

Before starting off with the general security hacks and tips, you need to secure your server-side hosting environment. Here are some points to keep in mind before moving to securing your core. 

  1. Protect the server: Only a limited number of users must be allowed to access your server. One of the key points is to add a basic layer by restricting the access to server login details. Once the authentication is set up, it is easier to monitor server access and restricting file access usage. This can help you detect unusual activities.
     
  2. Hide the server signature: Server Signature needs to be hidden as it reveals an important piece of information about the server and operating system. It can let a hacker know if you are using Apache or Linux - information which can be utilized as a vulnerability used to hack the server. In order to keep the server secure from possible vulnerabilities, you need to hide the server signature. 
     
  3. Enable port wise security - Since the applications use the port numbers, it is important to keep certain port numbers hidden from general access. 

Securing the Drupal Core

  • Keep your Core Updated
    A key practice, keeping the core updated will always be the first when listing healthy security practices. And this was the first lesson we learned from the Drupalgeddon2. Always look out for core updates (include the minor releases as well) unless security is not on your agenda. In all of its advisories, the Drupal Security Team asks for updating the core version of the system. 

    If you fall a long ways behind the latest update, you are opening yourself to vulnerabilities. Since history tells us that hackers target the older versions.

    Look out for core updates. Follow the Drupal security team @drupalsecurity on Twitter. Get quick updates and announcements from the team through the emails and security newsletter. You can also follow Security Group in order to contribute and stay part of the security discussions. 

    Another important point to note here is when updating the core - ALWAYS keep a backup of your site's database and codebase. We will discuss this security practice later in the article. 
     

  • Security by Design
    As a matter of fact, every stakeholder wants security to be a simple concept, sadly it isn’t. One of the biggest misconceptions here would be that investing a hefty sum post development would ensure a secure system. However, it is never the case. 

    The best practice to follow is at the architectural level when the website is being designed. 

    Security by Design ensures that designing the software up by the ground to be secured in order to minimize the impact of a vulnerability when discovered. Pacing up your security from the foundation - is the key. It implies following the best security practices at the architectural level instead after building the website. 

    When the foundation of the design remains secure regardless of a reasonable approach adopted later, you can tackle the issues easily. A uniform methodology needs to be adopted to protect the assets from the threats. 

    Once the requirements have been collected, the architecture can be laid out and other elements can be discussed later like trusted execution environment, secure boot, secure software update among others.

"The key to security is eternal vigilance"
  • But Use only Security Team Approved Modules 
    Your site probably uses a number of contributed modules, although that’s not an issue. Using the stable and approved modules is where the key lies. This is especially worth noting for contrib modules which are more susceptible to vulnerability. 

    Always look out for the green batch when downloading a contrib module. Rest, as the advisory reads, Use it at your own risk! module covered by security team with the green batchAn example of security team approved module with a green batch module not covered by security advisory with an orange batchAn example of a vulnerable module

Backing Up - In Case of a Mishappening

  • Keep Up your Backup
    Catastrophes never come invited. While all seems perfect, you might wake up to find out that your website has been taken down by some psychotic hacker. Although it is an unforeseen event, you can definitely arm up yourself.

    As an administrator, you have to be prepared for all of such uninvited events. They can be controlled and the damage minimized by strengthening security, frequent backups, installing updates in a timely manner.  

    We cannot stop disasters but we can arm ourselves with better security and backups. Hosting by Acquia cloud or Pantheon provide automated daily backups of your site’s database, files, and code plus single-click restoration if something goes wrong. 

    You can also use the Backup and Migrate Module or Demo Module because unlike life your Drupal website has the option to go back for some changes. 

User-Side Security

  • Follow a Standard Practice with a Strong Password Policy
    Passwords are used at both admin and user level, therefore strong and secure passwords are important for your website. When I say strong password should be used I have nothing against short and easy passwords. Easy should never imply less efficient. 

     A string like Mypassword123 will prove acceptable but is obviously weak and can easily be brute-forced.

    The best practice? Your password should provide realistic strength in terms of measurement and complexity. A password must only be allowed as long as it proves to be of high enough entropy with a combination of characters, alphabets - uppercase and lowercase, symbols, and numbers.

    Start checking passwords on explicit rules and amount of varying character types to be used (symbols, numbers, uppercase letters, etc). 

    Password Strength - a Drupal module - classifies the expected brute-force time for the summed entropy of common underlying patterns in the password. Patterns that can be detected in passwords include words that are found in a dictionary of common words, common first and last names or common passwords. 

Your password can make the difference between a vulnerable and a hard-to-hack Drupal site.

While there will always be some new thing to add to the list, you can be sure that this list comprises of the core practices which need to follow. The protocol for communication needs to be clear and well documented. Properly documented procedures are important, as third-party services can often be manipulated.

In need of a security update or services? Drop a mail at [email protected] and let us help you out. 

Site builders and developers need to keep an eye open for the possible when security releases are announced and apply them quickly, to ensure the site is not compromised. It is good to be consistent and have your reasoning documented so that it is clearly understood.

May 18 2018
May 18

Just like land, air, and water are meant for everyone, the web was designed to work for all people and expel any hindrance, irrespective of the surroundings and capabilities of people. But the effect of incapacity (of individuals) in the light of the fact that the web standards don’t include all in itself has become a barrier. Creating quite the paradox in the situation. 

graphics for web accessibility with an ear, brain, eye, mouth, and heart

Before completing this blog, my ignorance led me to believe that web accessibility was limited to ‘accessibility only for people with disability’. Another thing that I was coxed to believe was that it is almost synonymous with visibility issues. But it is as much for a person with auditory disabilities as it is for a person with cognitive or neurological disabilities. However, I realized I was not the only one associating such wrong notions with disabilities and web accessibility.

Lack of awareness and taboos associated with disabilities often mislead us.

Ensuring that people with disability have equal and inclusive access to the resources on the web, governments and agencies follow certain guidelines in order to establish equal accessibility for all without any bias. 

What are Web Accessibility Standards and why do they matter?

The Web Content Accessibility Guidelines (WCAG) explains how the web content be made more accessible to people. Here the word "content" refers to any and every kind of information in a web page, such as text (include heading and captions too), images, sounds, codes, markup - anything that defines the layout and framework.  

“WCAG is developed through the World Wide Web Consortium process with a goal of providing a single shared standard for web content accessibility that meets the needs of individuals, organizations, and governments internationally.”

Take examples of physical infrastructures like ramps and digital vision signboards, which can be used by anyone, in a similar fashion web accessibility is for everyone.

When you go out in the noon, the level of contrast can be an issue as much for a person with 6/6 vision as it can be for a person with visibility issues. Or say, older people (due to aging) face problems with changing abilities, as much as people with “temporary disabilities” such as a broken arm or lost glasses. Thus, not only web accessibility standards ensure justice for people with disability but, it is inclusive for all. 

According to the Convention on the Rights of Persons with Disabilities by the United Nations, enjoying equal human rights is a fundamental freedom. To ensure the dignity of people with disability is not a subject of ridicule, governments across the globe signed a treaty for easy web accessibility. 

How does Drupal help?

A person may face an issue either when building a website or when using it. The WCAG ensures that both the times the guidelines are followed. The World Wide Web Consortium (W3C) guidelines are then divided into two: ATAG 2.0 and WCAG 2.0. Authoring Tool Accessibility Guidelines (ATAG 2.0) addresses authoring tools and Web Content Accessibility Guidelines (WCAG 2.0) addresses Web content and is used by developers, authoring tools, and accessibility evaluation tools. 

Drupal conforms to both the guidelines. The initiative started with Drupal 7 accessibility and the community has been committed to ensuring that accessibility for all. 

What Drupal does...

The community has an accessibility team which works to identify the barriers both at the code level and the awareness level to resolve them. As a person using assistive technologies to browse the web, Drupal is built to encourage and support the semantic markup (which comes out-of-box in Drupal 8 now).

One can realize that the improvements are meant for both the visitor and administrator in the:

  • Color contrast and intensity
  • Drag and Drop functionality
  • Adding skip navigation to core themes
  • Image handling
  • Form labeling
  • Search engine form and presentation
  • Removing duplicate or null tags
  • Accessibility for Developers

Modules For Accessibility

Following are some of the Drupal modules which will assist you in keeping up with the accessibility standards. 

  1. Automatic Alt text
    The basic principle at work here is the idea of easy perceivability. Any and every information should be, thus, presented in such a way that is easily perceivable to the user. It is required for any non-text information like images and video to describe the content in the form of text for the screen readers to read it. 

    Logo of automatic alt text module by Microsoft

    The Automatic Alt text module automatically generates an alternative text for images when no alt text has been provided by the user. This module works great for the websites and portals with user-generated content where the users may even not be aware of the purpose and importance of the Alternative text. 

    It describes the content of the image in one sentence but it doesn’t provide face recognition. 
     

  2. Block ARIA Landmark Roles
    Inspired by Block Class, Block ARAI Landmark Roles adds additional elements to the block configuration forms that allow users to assign a ARIA landmark role to a block.
     
  3. CKEditor Abbreviation
    The CKEditor Abbreviation module adds a button to CKEditor which helps in inserting and editing abbreviations in a given text. If an existing abbr tag is selected, the context menu also contains a link to edit the abbreviation.

    Abbr tag defines the abbreviation or an acronym in the content. Marking up abbreviations can give useful information to browsers, translation systems, and help boost search-engines.
     

  4. CKEditor Accessibility Checker
    The CKEditor Accessibility Checker module enables the Accessibility Checker plugin in your WYSIWYG editor. A plugin, the module lets you inspect the accessibility level of content created and immediately solve any accessibility issues that are found.
     
  5. High Contrast
    On April 13, 2011, Joseph Dolson published an article "Web Accessibility: 10 Common Developer Mistakes" stating the most common mistakes related to web accessibility and quoted that most of the issues have "more to do with a failure to understand what constitutes accessible content than with a failure to understand the technology"

    In most of the surveys, poor contrast level is often cited as the most commonly overlooked feature by the developers.

    an example of Drupal high contrast

    High Contrast module, provides a quick solution to allow the user to switch between the active theme and a high contrast version of it helping them pull out of the problem.

  6. htmLawed
    According to the "Ten Common Accessibility Problems" an article by Roger Hudson, failure to use HTML header elements appropriately is one of the key accessibility issues. 

    The htmLawed module utilizes the htmLawed PHP library to limit and filter HTML for consistency with site administrator policy and standards and for security. Use of the htmLawed library allows for highly customizable control of HTML markup.

  7. Style Switcher
    The Style Switcher module takes the fuss out of creating themes or building sites with alternate stylesheets. Most of the accessibility issues have been confronted at the theming level. With this module, themers can provide a theme with alternate stylesheets. Site builder can add other alternate stylesheets right in the admin section to bring it under the right guidelines of accessibility. Allowing special styling of some part of the site, the module presents all those styles as a block with links. So any site user is able to choose the style of the site he/she prefers.

  8. Text Resize
    The handiest feature giving the end users just the right autonomy to resize the text as per their comfort of the eyesight. The Text Resize module provides the end-users with a block that can be used to quickly change the font size of text on your Drupal site. 

    an example of text resize block

    It includes two buttons that can increase and decrease the size of the printed text on the page.

  9. Accessibility
    A module for the developer, Accessibility module gives you a list of available Accessibility tests, (most of which are) aligned with one or more guidelines like WCAG 2.0 or Section 508. 

    It immediately informs the site maintainer about the missing an “alt” attribute in an image, or if the headers are used appropriately. Further, each test can be customized to fit your site’s specific challenges, and customize messages users see for each test so that you can provide tips on fixing accessibility problems within the context of your site’s editing environment.

Drupal 8 Features for Accessibility 

Other than the modules that can assist you to overcome web compatibility issues, here is a list of top Drupal 8 features for easier web accessibility. 

  1. Semantics in the Core
    When an assistive device scans a web page for information, it extracts the data about the Document Object Model (DOM), or the HTML structure of the page. No further information is read by the screen reader.

    Often these assistive devices only allow a user to select to read the headings on the page or only the links. It prioritizes according to the hierarchy in which the headings and links are presented making browsing easier for users of assistive devices. 

    Drupal 8 is based on HTML5. Presenting new and better semantic components HTML5 is, in fact, one of five major initiatives outlined in Drupal 8 development. It allows theme developers to control where to use the new semantic elements and opt out entirely if they so choose. 

    When we compose semantically correct HTML, we’re telling the browser and the assistive technology what type of content it is managing with and how that information relates to other content. By doing this, assistive technology is all the more effortlessly ready to carry out its activity since it has a structure that it can work with.
     
  2. Aural Alerts
    Often page updates are expressed visually through color changes and animations. But listening to a site is a very different experience from seeing it, therefore, Drupal provides a method called “Drupal.announce()”. This helps make page updates obvious in a non-visual manner. This method creates an aria-live element on the page.

    This also lets the user know of any alert box appearing along with providing instructions to screen reader users about the tone as well. Text attached to the page is read by the assistive technologies. Drupal.announce accepts a string to be read by an audio UA. 
     

  3. Controlled Tab Order
    The accessibility issues also crop when a user uses different mediums while navigating the web. Not every user uses a mouse to navigate the website. The TabbingManager, in Drupal, is an awesome medium to direct both non-visual and non-mouse users to access the prime elements on the page in a logical order. It, thus, permits more control when exploring complex UIs.

    The tabbing manager helps in defining explicit tab order. It also allows elements besides links and form to receive keyboard focus. Without breaking the tab order it places the elements in a logical navigation flow as if it were a link on the page.
     

  4. Accessible Inline Form Errors
    It is important to provide the necessary feedback to users about the results of their form submission. Both the times when successful and when not.  This incorporates an in-line feedback that is typically provided after form submission.

    Notifications have to be concise and clear. The error message, in particular, should be easy to understand and provide simple instructions on how the situation can be resolved. And in case of successful submission, a message to confirm would do. 

    Drupal forms have turned out to be impressively more open to the expansion of available inline form errors. It is now easier for everyone to identify what errors they might have made when filling in a web form.

  5. Fieldsets
    Fieldset labels are utilized as systems for gathering related segments of forms. Effectively implemented <fieldset> label gives a visual diagram around the shape field gathering. This can, to a great degree, be valuable for individuals with cognitive disabilities as it viably breaks the form into subsections, making it easier to understand.

    Drupal presently uses fieldsets for radios & checkboxes in the Form API. This helps towards additionally upgrading forms in Drupal.

Conclusion

However good the features Drupal offers, in the end, it is up to the organizations to strategize and build the websites and applications around the web accessibility.   

We ensure that our different teams and interaction work together in order to make the Web more accessible to people with disabilities. At OpenSense Labs we design and develop the web technologies to ensure universal accessibility. Connect with us at [email protected] to make the web a better place. 

May 17 2018
May 17

As an entrepreneur, you need a reliable, secure, and flexible platform to build your business on. Not only scalable it should be future-proof to sustain the content without hampering the performance of your website.

Leaders worldwide are using the power of open source to innovate their platforms and improve their business statistics. Selecting the right technology means working on the solutions that will support an active and growing business over the long-haul. Therefore, it requires careful consideration and foresight, when choosing the CMS for your enterprise.

Fulfilling the business requirements as well meeting the technical aspects, no wonder why Drupal is used 7 times the number of top sites as its next two competitors combined (BuiltWith.com)

Let's simplify the word enterprise 

An oft-repeated word in the world of business, “enterprise” covers organizations of all shapes and sizes. All such businesses cover individual organizational units with a distinct need to build their firm with a unique identity and reputation of its own kind.

Even though the meaning may vary considerably, when it comes to web development and technology, an enterprise website requires a particular set of abilities such as, accommodating a larger and varied content base, handle traffic, microsites, and of course provide tight security.

Who uses Drupal CMS for their enterprise?

Drupal is fostering billion dollar businesses under the aegis of its brand, a few well known are:

  • Puma
  • Tesla Motors
  • Grammy
  • Pfizer
  • Timex
  • The Economist
  • Whole Food
  • Honda (Brazil)
  • Johnson and Johnson
  • Shoretel
  • LOreal (India)

And a million more add to Drupal's credentials. Acknowledging that enterprise solutions often demand complex requirements, Drupal has it sorted for you.

Why Drupal For Your Enterprise?

Covering the enterprises using Drupal, below are some of the solid technical reasons which makes it an excellent candidate for any enterprise of any scale or vertical.

It is Easier To Build

As an online platform on which your business will be built, Drupal lets your need dictate the terms.

Providing easy-to-set-up solutions with distribution, the development time is cut by half.

Enabling companies to deploy core features and functionality rapidly, it allows easier customization as per their business requirements.

It is easier to choose the layout and themes for your Drupal website, as themes and appearances are just a click away. With features simplified to make non-developers comfortable around Drupal, the editorial capabilities have been made fluent and easy.

Drupal is Secure

Used by hundreds and thousands of websites, Drupal’s core, codes, and passwords are repeatedly encrypted and hashed to strengthen the life of your website. Supported by experts, and a large and continuously growing community, it has a dedicated security team to patch any probable security violation.

Frequent Updates

In case of any security update, the community ensures that you get notified the day patches are released. Security release windows are released every Wednesday for contributed projects, and the third Wednesday of every month for core, usually, for a fixed period of time.

Drupal security animation

Even though the release window does not necessarily mean that a release will actually be rolled out on that date, it exists for the site administrators to know in advance the days they should look out for a possible security release.

Security Modules

In addition to the proven security of core, numerous contributed modules can strengthen the security of your website. These modules extend the security by adding password complexity, login, and session controls, increasing cryptographic strength, and improving Drupal' logging and auditing functions. For a detailed research on security-related modules, check the list of must-have security modules.

Security Team and Working Group

The security team works closely with the Drupal Security Working Group (SecWG), comprising dozens of experts from around the world to validate and respond to security issues, aim being - to ensure that core and contributed project system provides world-class security and provide security practices to community developers.

Its core is designed to prevent any possible security breach. Vulnerabilities in the core are coordinated with branch maintainers and individual project maintainers respectively.

Drupal has proven to be a secure solution for enterprise needs and is used by top-tier enterprises.

Drupal is Scalable and Flexible

Another salient feature that makes it popular among businesses. When concerning web technology, enterprises require the ability to handle considerable traffic throughout - especially if it is a media and entertainment site.

It is built with core web technologies which have stood both the test of time and traffic spike.

Drupal’s ability to make the framework extensible via its modules and distributions is at the heart of much of its success. While it has enabled the core to sustain the bulk of the content, its way to streamline the demands of new industries by allowing them to address their needs in the form of custom modules and distributions has given it more satisfactory customer reviews.  

One matter that addresses the worries of enterprises is the cost of maintenance. Many government and non-government organizations have migrated to Drupal to avoid the licensing and maintenance cost of the proprietary systems.  

Excels at Responsive Development and Quick Loading Time

According to Google’s official statement, more than 50 percent of search queries globally now come from mobile devices. People want to be able to find answers as fast as possible and various studies have proved that people really do care about the loading speed.

And that is why a recent Google release says that page speed will be a ranking factor for mobile searches from July 2018. It’s high time that you take the combination of performance and mobile responsiveness as a serious factor for improving visibility and revenue from the web.

Drupal 8 is built for a mobile-first world. Everything in version 8 supports mobile responsive design. Its admin and default designs are responsive for both developers and content authors providing a responsive front-end theming framework.

Increasing the loading speed of your web page opens numerous doors for business. And when users can view your Drupal website the same way on a desktop and mobile devices you cannot be having second thoughts.

Mobile responsiveness helps you deliver the optimal mobile visitor experience. It supports the best responsive design practices and ensures that your users get a coherent experience anytime and every time.   

Supports Multi-site Functionalities

Given that your organization is running more than one site, the maintenance and management would require big bucks and time. But with the multi-site feature you can share one single Drupal installation (which includes core code, contributed modules, and themes) among other several sites.

Enterprises, this way, can handle complex requirements from a single Drupal installation which implies that less time and resources are required to build your network of websites.

One can manage any number of sites across their organization or brand, crossing geographies and campaigns from a single platform that allows swift and uncomplicated site creation and deployment.

This is particularly useful for managing the core code since each upgrade only needs to be done once. While each site will have its own database and configuration settings to manage their own content, the sites would be sharing one code base and web document root.

The multisite feature can be used for sites with same features and functionalities. But if you have different functionalities it is better to test each site independently.

For Every Enterprise

Realizing the needs of every industry is different, Drupal has something for everyone.

Media and entertainment

Editing and Scalability

Media and entertainment websites worldwide use Drupal for their online platforms for seamless editing and scalability. The list of over one million organizations includes The Economist, ET Online, MTV(UK), The Grammy, The Emmy, The Weather.com, The Beatles, and Warner Bros Music.

The Warner Brothers logo

Scalability is all about quantity - how many requests and amount of information you can handle at any given time without breaking or bending. Supporting some of the world’s most visited sites, Drupal is the other name of scalability.

Allowing easy content editing and management, which media and entertainment websites look for, it provides it all with WYSIWYG and CKEditor without another weighty feature.

SaaS

Community solutions:

SaaS enterprises are using Drupal to build the platform for their product as well as a community to engage with the clients and followers. It is easy to develop the platforms and then keep on adding the features in the later phase.

Given that community platforms are one of the key needs of SaaS organizations which allow the domain for the prospects and help the product and community to grow alike, distributions like OpenSocial offer great help.

Zoho is one of the SaaS products using Drupal for its community platforms.

E-commerce

E-commerce functionalities

Providing easy payment gateway to conduct online transactions, Drupal ensures the customer information passes seamlessly and remains safe.

Its core commerce payment module and distributions (Drupal commerce and Commerce KickStart) support the payment API, for a smooth payment collection procedure, through the check out form.

Supporting Paypal Express Checkout and Paypal Credit along with Amazon Pay, it lets you reach a wider audience by letting your shoppers complete the payment and shipping information stored on their Amazon accounts.

Tour and travel

For a potential traveler, your site shouldn’t look like just-another-information-brochure on the web. The need for an end-to-end solution to integrate all the minute details (from hotel booking to landing back) has never been greater.  

Booking Engine:

Providing two of the best booking solutions for your website:

  • EasyBooking - Distribution
  • BAT - Module

A complete solution for your vacation portal, BAT allows you to build an exclusive booking engine for a better customer relationship management. And EasyBooking gives a set of options to your visitors to make room reservations, contact hotel administration, or just sign-up for the hotel’s newsletter to be aware of the special offers and discounts.

FMCG

Theming

A design which resonates with your brand, interests and engages with your visitors is what you should indulge your resources in developing.

It’s the psychological effect which drives the visitor to make a transaction or to explore provided possibilities throughout the interface. Every landing page matters.

Regardless of your showcased products, Drupal themes provide sound navigation throughout the categories and sections with in-built hero banners’ section and pop-ups which are definitely customizable.

Additional modules can be further used to build an industry-specific theme. In order to cope up with varied demands, it provides more than two thousand easy and free to use themes on the go.

Government and Non-Government

Cost and Security:

In 2012 when the Georgian government shifted to Drupal, the first reason to dump its previous CMS (Vignette) was its rising maintenance costs. 

Running a total of 65 state websites on two different versions of this proprietary system proved to be costly in the long run

Another decisive factor for government websites, uncompromised security is why government organizations are opting for Drupal. Around 150 governments are already powered by it. Just like the Georgian government, costs have been a significant factor affecting the choice of government and non-government agencies.  

Higher Education

Distributions:

To quickly build your higher education website, distributions provide an easy opportunity to build the website halving the development time and providing quick features. Opigno and OpenEDU are two of the distributions used widely by the higher-ed websites.

Drupal is most widely used CMS in the education sector no wonder why top international universities like the Harvard, Brown, Yale, Pennsylvania, and Columbia rely on it.

HealthCare and Life Sciences

Content and User access control:

It can conform to any workflow that can be programmed with just a few configurations available. You can identify different types of content such as text, images, comments, file attachments, and any other information on your website for easy content integration and management.

Drupal As an Enterprise Management System

The need for an intranet system cannot be emphasized enough. For your business to grow by leaps and bounds, it is necessary to establish clear communication within your organization.

As your business expands, the need for an intranet system which can help in storage and sharing of data increases. ECMS is different from the web content management system in the way that the former is specifically designed for enterprise websites and is more dynamic.

Drupal allows building ECMS in two ways, either by using its modules and features or with the third party configuration. Its integration capabilities help the website to serve as a central content management system integrated with other necessary advancements.

Drupal Is Easier To Manage

Drupal isn’t hard to use, but it can be hard to learn how to use. Even though it requires more technical experience it is capable of producing exceptionally advanced sites. There is a WYSIWYG editor and drag-and-drop functionality to ease out the process and help you start straight away.

The release of version 8 has made the platform easier to use even for non-developers(and it includes content authors). Managing your website is easy as the community platform provides you with necessary documentation and answers in case you get stuck.

Summary

Being one of the leading technologies in the market, Drupal gives your enterprise the features and flexibility to innovate as per your visitor behavior and preferences.

We’d love to hear your thoughts. To get in touch, drop a mail at [email protected] and let us know how we can enhance your statistics with Drupal.

May 14 2018
May 14

A lot has been written in and around the EU’s new data privacy compliance - General Data Protection Regulation. As we near 25th May, the search around GDPR compliance is breaking the internet. 

In my previous blog What is GDPR? User Rights and Business Guidelines we covered a comprehensive guide on what GDPR is. Understanding in details the guiding principles and the data subject rights. In this blog, we will cover how EU GDPR will affect your business. And what can you do if your website is built on Drupal? 

In the later part, we would be answering the questions like ‘How does Drupal comply with GDPR?’ and most importantly - Is Drupal ready for GDPR compliance?

A Quick Recap on GDPR 

The EU General Data Protection Regulation (GDPR) would replace the 1995 EU Data Protection Directive (95/46/EC) and is devised to “harmonize” data privacy laws across Europe. GDPR is focused on the way the information is taken by the businesses and utilized thereafter. 

The regulation will come into force on 25th May 2018 and was adopted in April 2016 after first being proposed in January 2012. The two year period has given time to the businesses and public bodies to prepare for the coming change.

Its aim is to protect and most importantly empower all the EU citizens’ with a major focus on the consent of the user while being stringent on the data privacy and reshape the way organizations across the region approach data privacy.  

How Does it Affect My Business? 

The new data protection regulation puts the consumers in the driver’s seat and the errands of conforming fall on the businesses.

TL;DR

  1. Non-EU established organizations will also be subject to GDPR if their data subject is from EU.
  2. Every data collection step should involve the clear consent of the user.
  3. It affects SMEs too.
  4. Need to appoint a Data Protection Officer.
  5. It will affect the way the customer engagement and sales and marketing occur in your organization.
  6. The penalties are quite harsh.

Companies processing the personal data of data subjects residing in the Union, regardless of the company’s location also come under the scope of GDPR. This means that non-EU organizations not previously caught under the DPA for targeting an EU market or EU citizens will now be caught by the GDPR.

No more will the “we use cookies” message suffice. To comply with the new EU data privacy law, the website needs to put out a clear message as to where and how they will be using the information. They also need to give the user a clear way to opt out of it. 

mail from drupal.org regarding the update settings according to the GDPRUpdate notification from Drupal.org with an 'opt-out' option and how the information will be used

A lot of people think that GDPR will affect only the bigger organizations but GDPR will also apply to any business that processes the personal data, including those with fewer than 250 employees. However, it is acknowledged that SMEs have fewer resources or that the fact that they process lower volumes of both sensitive and non-sensitive data when compared. For this reason, an SME may be exempt from some of the more rigorous steps (such as the need to appoint a data protection officer). 
GDPR affects your marketing and customer engagement

Since a fair share of focus has been given to the “consent of the consumer” and transparency and so the conditions for obtaining consent are stricter. The individual must have the right to withdraw consent at any time and there is a presumption that consent will not be valid unless separate consents are obtained for different processing activities. 

The statistics shared below from Statista.com make it quite evident that a large number of agencies are preparing for the new regulation by changing the way they work. 

stistics from statista.com on how businesses are changing their way after gdpr

Simply put, non-EU established organizations will be subject to GDPR, if their data subjects are from EU.

While 44% agencies are updating their contracts and data protection policies, 26% have reviewed and changed their product/s. At the same time, 22% are altogether devising new marketing strategies and 15% changing the way they sell their product.

It wouldn’t be wrong to say that GDPR would be affecting the way the organizations work and market their products. 

Be GDPR compliant with Google Analytics

Under GDPR, using Google Analytics on your website makes you a data processor. Since you are in control of which data to be sent and which not. Google in its official statement declared its commitment to compliance with GDPR. Where it went on to explain that certain measures have been put in place relating to privacy and data processing. 

However, Google also encourages “data controllers” to be vigilant about how they collect and handle data. 

HowTo: Make Your Drupal Website GDPR Complaint?

The community is aimed at bringing people from all walks of life together and work as a team. Here are some of the modules that can help you out. Here are the following ways to make your Drupal site GDPR compliant.

  1. Drupal GDPR Compliance Team

    One of the best things about Drupal community is you don’t have to wait long to fight off an issue. The same goes for GDPR. Drupal GDPR Compliance team, is intended to serve as a locus for the Drupal community to discuss and coordinate efforts to improve Drupal's framework for GDPR compliance. 

    You can add to the work of other members by ensuring the duplicacy of efforts doesn’t happen, bring cooperation and help the agencies and businesses tackle the new EU data privacy law swiftly. A piece of warning which has been put up is - this module project will not produce any software tools. 

    Drupal has some awesome tools and modules aimed to help you achieve the aforementioned goals.  

  2. Module - General Data Protection Regulation
    The General Data Protection Regulation module aims to help site admins follow the guidelines and legislation set by the Union.

    Installing and using this module does not mean your site becomes GDPR compliant. Since GDPR affects the whole organization, this module aims to help understand its Drupal relations and (tries to) provides helper tools to make your site GDPR compliant.

    A Checklist for site admin is provided which includes automated content, module, configuration discovery (e.g. cookie consent, check if there is privacy policy page etc), along with the status line on the status report page.
    selecting sanitize name, pass, and mail in dump settings

    A GDPR consent submodule which allows setting up "agreements" and track the consent per user is also available. Currently, it is only for Drupal 8.

    A GDPR fields submodule (currently only for Drupal 8) to mark personal data on the field level is also available. This is for documentation purposes, handling of incoming requests. Say for deletion of data which will be handled by the upcoming GDPR tasks submodule.

    Drush command (drush gdpr-sql-dump) is used to obfuscate data. The primary goal here is to prevent developers from accessing user data.

    It also uses Hidden Author, a  module, which allows users with the proper permissions post nodes and comments (through NodeComment) without revealing their username. This is in sync with the guidelines and only users with permission "see original author" will access such information

  3. Module - General Data Protection Regulation Compliance 
    Since the responsibility of conforming with the regulations fall on companies, it is a great help if the businesses have a checklist ready without missing out on minor details. The General Data Protection Regulation Compliance module helps you comply with the regulation by giving you the following features:

    * Form checkboxes
    * Pop-up alert
    * Policy Page

    For a clear consent from the user, it is important that the user knows everything about the collection and processing of the data. For this, it is important that as an organization it is easy for you to change your form settings create user registration and login, add and edit contact form, and node add form, all so easily. 

    The module also complies with the eu_cookie_compliance and is easy to use with 
    * User / Guest display
    * With a translatable pop-up template

    Since the regulations define different conditions for a guest user and an authenticated user, it is important that each user has the best experience.  

    With this module, you can also create your own Policy Page or replace the link & clear cache, in case you don’t like it.
    form warning popup

  4. Module - GDPR Consent
    GDPR Consent Module lets you collect the GDPR Data processing consent from logged-in users using the site.
    However, the module is in beta version (not in final state) and applicable only for version 7.
     
  5. Module - Commerce GDPR
    The Commerce GDPR is available for only for version 7. It adds data anonymization features so the data will still be available for statistical and historical purposes but will not allow identifying a user and the store will comply with the GDPR directive.

Security by Design

Putting all the clauses and guidelines aside, GDPR is more than just data regulation. It’s a policy to secure the information giving the users a definitive edge. One of the core practices that should be followed regardless of any regulation is ‘Security by Design’. 

Security by Design implies designing the software up by the ground to be secured to minimize the impact when the security vulnerability is discovered. Pacing up your security from the start. It implies following the best security practices at the architectural level instead after building the website. 

This ensures that the design remains secure regardless of a reasonable approach adopted later to tackle the issue. A uniform methodology needs to be adopted to protect the assets from the threats. 

Once the requirements have been collected, the architecture can be laid out and other elements can be discussed later like trusted execution environment, secure boot, secure software update among others.

Some Data Protection Practices You Need to Follow
GDPR will affect almost all the site owners. The best you can do is keep every step from data collection to processing transparent. You can take following steps to comply with the new regulation

Make user consent your top priority: Article 12 of the official document says “The information shall be provided in writing, or by other means, including, where appropriate, by electronic means..” your Drupal website needs to provide one such form along with the cookies popup message. This should include the possible use of information and the opt-out message. 

Keep your communication transparent: Article 15 which covers rights of access by data subjects also states that the consent should be clear and this should include the possible use of information. The cookie consent form should also include where the information will be used. 

Keep the information transparent: A user has a right to manually request data erasure from the website as well as for data portability. Not only switch-off the account, but totally delete data from the database. Review your current privacy policy and mention clearly for making any necessary changes after the implementation of GDPR.  

Breach notification: Let the users know about the breach in 72 hours. Where you have to, as an organization, appoint a data protection officer who will be responsible for the security of the data.

Is Drupal ready for GDPR compliance?

Although the community is equipped to take on the big data privacy regulation, a sense of uncertainty still looms over not just the web development community at large but, for Europe as well. Until the regulation comes into practice, these are just the ideal scenarios where you can do what needs to be done. 

If you still have some doubts over the implementation let us know, we are here to assist you. Drop a mail at [email protected] so our Drupal experts can help and guide you. 

Jan 02 2018
Jan 02

Knowledge and reasoning have enabled machines to beat even humans while bringing new power to the web.

Inspired by complex human autonomy, Artificial Intelligence (AI) is the perfect mix of science and art. The application of machine learning has advanced to an extent that it can read, understand, analyze and process the language. Siri, Cortana, Echo, and the Google Assistant are all great examples.

Natural Language Processing, another application of machine learning, is already taking the web by storm. Its ability to understand and process even the sentiments of the content has brought a new dimension to the web technology. Browsing is simplified, and it is now easier to classify the content, understand the user behavior, and protect the website (from attacks and spambots).

Widening The Horizon With Drupal

Although the prospect of artificial intelligence, coupled with web development is vast. We will touch the areas of Natural Language Processing in this piece. 

NLP has the potential to read, understand and improvise the content. 

Content Classification 

The first step is content extraction where different types of notable entities from documents, as context, are extracted and analyzed. 

When combined with Drupal the information can be evenly organized. The additional semantic entities in Drupal can be used to categorize the elements.

Taxonomy Proposer by IBM fits the bill just right. It analyzes and then groups similar documents together. Using custom clustering algorithm, it helps you create a taxonomy for your own content: the division of content into a categorized body of documents.

Descriptive image for taxonomy proposer by IBM Watson; Categorizing the documents(Source: IBM Knowledge Centre)

Next comes content classification, where the machine learns and then inspects the given text for known entities such as nouns, adjectives, or a verb to classify the content.


Content classification with Drupal
    
A 'node' can be linked with any (relevant) taxonomy term, but it can be presented to the users only after a 'view' is created for each node.     

In case the numbers are small, the editor can memorize them.   
  
Otherwise, the node can be passed to the NLP engine to memorize words. Once it is done, the content can be added to the 'tags' field.     

Similarly, NLP can also be used to prepare the content summary which can be used in Meta tags.

Tagging 

Organizations which are burdened with tagging and publishing a huge number of articles on a daily basis can utilize NLP. It can memorize the words and their respective categories, after which manual tagging is not necessary. 

It also improves the algorithm of the system. The system can be fed with words from various tags under the category of your choice. 

The machine learns. Identifies. And saves it in the memory. If needed, you may even alter it along with time.

Remember, you are only teaching the machine. The results will improve after some time.

Sentiment analysis

It examines the content (texts, images, and videos) and identifies the emotional outlook within the content, to identify and classify the writer's attitude as positive, negative, or neutral. 

Extracting sentiment from different types of content

(tweets, blogs or a video byte) can provide us with valuable insights into the author's emotions and point of view. It is important to ascertain if the tone is positive, neutral or negative, and whether the text is subjective (if it is reflecting the author's opinion) or objective (if it is expressing a fact).  

It serves its purpose truly when the quantity of content published is beyond human potential.

Given below is a demo on how NLP helps in sentiment analysis. The below-mentioned screenshots are taken from IBM Watson. 

The famous speech of Martin Luther King Jr. ‘I have a dream’ is added to the 'text' section. 

Descriptive image of Sentiment analysis by IBM Watson; Martin Luther King Jr popular speech entered in the text (Source: IBM Watson)


The overall sentiment of the speech as analyzed by the API

Sentiment analysis of 'I have a Dream' by Martin Luther King Jr; Overall sentiment score as 0.08 positive(Source: IBM Watson)

 

The overall emotion summary of the speech, as analyzed by the API 

Emotion analysis of Martin Luther King Jr. by IBM Watson; 0.12 anger detected; 0.53 sadness detected; 0.65 joy detected; (Source: IBM Watson)

Auto Summarizer 

It examines the content, keeping the basics of grammar for reference. After analyzing the tone and sentiments of the content it is easy for the machine to summarize the content. 

With auto summarizer, the machine can easily analyze and write the summary from the passage keeping in mind the keywords, sentiments, and the gist of the content. 

E-commerce 

In the era of the digital world, nothing beats the idea of personalization. As tantalizing as the concept may look, it is equally important as any other strategy for your business.   

Not only it helps boost the sales but it increases the time spent by customers too. By analyzing the browsing history and shopping preference the NLP can learn about the choices of the user better and personalize the suggested content in a better way. 

Amazon.com home page; An example of personalisation by Amazon(Source: Invespcro.com)

User information collected by statistic module (in Drupal) can be used to improve the NLP engine, which then would suggest related content to the user under “You may like” or “Related products” category. 

Inspired by behavioral psychology, reinforcement learning can be used to boost returns.

NLP can read, classify and group the products. When a user visits a category of product repeatedly, all the products from the collected information are shown as ‘suggestions’.  

Image Screening and Tagging 

For websites where people can share content through text, images, and videos, it is not possible to manually filter images that do not match the standards (are obscene). For this, image screening helps the system by identifying common shapes, objects, and concepts of images and returns a list of tags along with a score of how confident the system is about the result. This score can be used to maintain standards.

An example of this is given below in the screenshot where the object is identified, recognized and then tagged as ‘cat’.

Descriptive image of image tagging by filestack.com; Image of cat; Tags for cat on the right(Source: Filestack.com)


Another example shows how the system identifies, marks the confidence scores and then passes the result.  

Example of image tagging by Aylien.com; Tags and confidence score by the machine(Source: Aylien.com)

By a huge margin, this can ease the process of allowing graphics which meet the set standards without any form of manual verification.  

How Can NLP Boost Growth?

Manually classifying and categorizing the text sources is a time-taking procedure, especially for those who deal with a lot of content on a daily basis.

Social Media Presence

It can crawl and index thousands of stories which are live and trending on top with the help of keyword analysis, creating a live data set of analyzed and filtered data. You can also access real-time news and important stories of your interest. It can also monitor and measure the social media reactions on each post, and compose the next post accordingly.

Enhanced SEO

The discovery of NLP has shifted the focus from an explicit keyword-based search to context and intent-based content. This has changed the way SEO works. From what Google standards tell us, the SEO strategies should include on-page optimizations, like page titles, meta descriptions, and meta tags.

These are still effective parameters for bringing out a user-friendly content, particularly for long tail topics. NLP helps you find effective keywords and add them to your content to improve the relevancy as well as the ranking of the content.

Editorial and Publishing Solution

Even if you don’t publish content the way publishing agencies do, it is very important that your content delivers the value and goals of the agencies. NLP can create production-ready custom content in way lesser time. 

Solutions with semantic technology

With NLP one can review the unstructured data, too, and check large amounts of varied content (text, image, tweet). Not only it can add the meta information of a page, it can do so after analyzing the SEO trends around the topic and important keywords.

To Sum up

Machine learning has added a new dimension to Artificial Intelligence. It has the potential to revamp content marketing across all verticals and dramatically improve the user experience.

A crucial question here is, to what extent will AI change the web? What effects can it have on the web technologies and the relation between the web and the society? Can the advancement in AI bring another revolution to the web? The way it is seen, the way it works, and the way it is understood.
 

Nov 29 2017
Nov 29

I wouldn’t be surprised if as a developer you believe SEO is not your job or why should you give a dime about SEO.

If your website isn't ranked on the first page, it wouldn’t be wrong to say that you are missing on many opportunities. You might be aware of the basics to start with but what hinders your growth and progress is your knowledge of SEO, as it has been a notorious child all these years. 

Your knowledge and proficiency in SEO will only ensure you don’t deteriorate the presence of your website. You are familiar with it but feasibility looks like a far cry.  

Already known as an SEO Friendly CMS, Drupal gives the added benefit of its robust architecture and security. With Drupal 8 you can optimize as well as make your website SEO friendly, way before you add content to it. It provides a hassle-free user experience when it comes to maintaining SEO norms.

Here is a step-by-step guide on how to pull-off your Drupal 8 website's SEO.

Optimization or Search Engine Optimization?
Often these words are used interchangeably used but they constitute things which have their respective impacts. While optimization deals with the speed and performance of your website, SEO deals with improving the flow and quality of traffic your website generates, organically. SEO can be done both by developers (optimizing, using modules, and utilizing features) and non-developers (analyzing trends, utilizing voluminous keywords, improving the content etc.).

Some Amazing Pros Of Drupal 8

Drupal 8 provides various services and modules which help you practice fair search engine optimization. Also, it is easy to make your website SEO friendly with Drupal.

  • Faster load time: Simply put - Drupal 8 is fast. Page speed has been a decisive factor in ranking the results. It has numerous modules which make your website light and easy to load post-implementation. 
  • Content-as-a-service: It allows content to be managed in a single place efficiently for several mediums without much fuss with its architecture. 
  • SEO friendly modules: Its various modules are devised to leave no stone unturned when it comes to search engines optimization.

How To Go About It With Your Drupal 8 Website?

Merely deploying the modules isn’t enough, it is important to configure them as well. And excellent if you know which module to introduce when, and how to implement them.

Below there is a list of some important SEO practices for your Drupal 8 website.

Using MetaData

Page title, tags, and description are one of the most important on-page ranking factors and should be highly prioritized.. Search engines use these tags and descriptions to access the relevancy of the results on search. Your meta title helps establish the relevancy of your content from its title. Similarly, Meta tags help search engines read important keywords and correlate whether the keywords are being requested for?example of SEO friendly meta description;

Also, providing meta descriptions allows users to have a sneak peek at what's inside. It helps them decide whether it will be fruitful for them to visit the page or not. 

The way to do it

By Installing the Metatag module all the MetaData can be defined for all page types.

Utilizing H1, H2 & H3 headings

These hierarchical headings help indicate the importance of the various topics on your page to the search engines. While it is equally important as a good meta-title and description, H1/H2 headings help define/index the topics of your page to search engines.

How to do it

Twig files can be used to alter the HTML of your website and insert heading tags. Accordingly, there are also modules such as views, panels, and paragraphs which can be used to wrap important text in HTML headings. Any person who adds content using the Content Creation Kit can use the full HTML mode to do the same.

Using Robots.txt

Robots.txt deals with page indexing. It is a standard used by websites to communicate with web crawlers and web robots. It informs the search engine/web bot about areas/pages to be indexed and the ones which shouldn’t be.

How to do it

Drupal provides Robots.txt (file) as one it's out-of-the-box solutions and it rarely needs to be manually altered.

Using SEO Friendly URL Structures

Utilizing an easy-to-decipher URL structure is one of the top guidelines listed in Google’s Search Engine Optimization Starter Guide. A clean and readable structure is not only search engine friendly but user-friendly too. Well-constructed URL also gives people a prior idea of what she is going to see before clicking the link. Poor URL structure, on the other hand, does not tell users or search engines anything about the content on that page.

How to do it

Drupal provides the option of defining URL alias for all the content added through its UI. In case there are a lot of URLs, Pathauto module can be used to define patterns for all kind of pages on the website.

Optimize Your Speed

Google, and now Facebook too, has a list of particulars that define the hierarchy of the search results. Speed is, of course, one of them. To keep up with the competition, it is important that your website is optimized and gets a score of at least 80.

How to do it

Advanced CSS and JS aggregation module can be used to generate GZIP for all kinds of CSS and JS files. By enabling this module, your user is served with a compressed version which prevents load lags and provides a smooth experience throughout.

Using Tools And Analytics

“Tactics flow from a superior position”, these lines stay true for the most part of the business (and life as well). One needs to stay ahead by analyzing and strategizing beforehand using the available tools. Using Analytics tools is one of the best possible options which can help you understand your vulnerable factors (factors in improvement).  

How to do it

With its third-party integration feature, Drupal makes it easy for you to integrate Google Analytics using its ‘Google Analytics module’. One only needs to set up an account and configure the module. This module can be used in the most admin-friendly and easiest way. 

Other Easy To Use Drupal SEO Modules

Below are some of the modules which can also be used for your Drupal 8 website.

  • PathAuto- It saves your time by automatically generating SEO friendly URL for your new content.

an example of adding URL through pathauto; auto-generating SEO friendly URL

  • Page title- With ‘Page title’ module your page titles are generated using pre-defined tokens.
  • Global redirect It checks your current URL for an alias and does a 301 redirect if it is not being used. It assigns a 301 redirect for the alias (created by a default URL).
  • SEO Checklist- This module helps you check if you have installed all the SEO related modules or not.
  • XML Sitemap/Simple Sitemap- It creates a sitemap to help search engines intelligently crawl your website.  
  • Search 404- It helps in redirecting the audience coming from an old URL. Also, it helps reduce the bounce rate and helps improve the experience for your user. Instead of showing “Error- page not found” it redirects your users to the page by intelligently assessing the URL.
  • Taxonomy Title- It helps you update the heading tag at the top of the taxonomy term page. It provides tokens which can instead be used with page titles and meta tags modules.
  • HTML Purifier- HTML Purifier is a HTML filter library. It will not only remove malicious codes but secure your website by setting permission.
  • ​​​​​​Menu Attributes- It lets you add additional information to menu items. With SEO it helps you by letting the search engine know about “no follow” link (affects your rank).   
  • Real-Time SEO For Drupal- It helps in management and optimization of your content and metadata. This helps you easily optimize title and the snippet preview in the search results. It also highlights specific keywords in the search result (in your snippet).

While search engines still seek unique and helpful content to push in the SERPs, your CMS can make a huge difference. Seek only expert advice when working on the SEO. 

Still insecure? We are here to get you through it, drop a word at [email protected] to know how you can improve the SEO of your website.  

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web