Aug 30 2018
Aug 30


We all love Drupal's granular permission and access control system! And yet: its life-saving hierarchy of user roles and permission levels is strictly for creation/editing content. Since Drupal wrongly assumes that all site visitors should be able to visualize all published content, right? But what if this default assumption doesn't suit your specific use case? What if you need to restrict access to content in Drupal 8?

… to limit users' access to certain content on your website? So that not all visitors should be able to see all published nodes.

In this case, Drupal's typical access control system for creating and editing content is not precisely the functionality that you need.

But there's hope!

And it comes in the form of 6 Drupal 8 access control modules that enable you to give content access of different levels, ranging from “average” to “more refined”.
 

But First: An Overview of Drupal's Typical Access Control System 

Now, we can't just jump straight to the “more sophisticated” content access solutions in Drupal 8, not until we've understood how its basic access control system works, right?

As you can see, in the screenshot here below, the logic behind it is pretty straightforward:

Restrict Access to Content in Drupal 8- Typical Access Control in Drupal

  • while in your admin panel, you need to access the People menu > Permissions
  • and there, you just assign different user types (authenticated, admin or anonymous) with specific sets of permissions (to administer blocks, to post/edit comments, to modify menus on your Drupal site etc.)

As you can see, Drupal's typical access control system is not configured so as to enable you to restrict visitors' access to specific content on your website.

Or to limit user access to a more granular level other than the standard “logged in/not logged in user”.
 

If you're not looking for anything “too fancy”, just a straightforward functionality for controlling access to view/edit/delete content entities, then this module's THE one.

And here are 2 of its most common use cases:
 

  • you define some access-restricted premium content areas on your Drupal site, for “privileged” user roles only
  • you grant publish/edit permissions to certain groups on your website, having specific predefined user roles
     

Definitely a go-to module when you need to restrict access to content — to specific content types — in Drupal 8.

It enables you to:
 

  • set up specific access control roles
  • define custom granular restrictions based on different user permissions (you could, for instance, limit access to certain content on your website for non-authenticated users only...)
  • set up content types with restricted access 
     

Note: do bear in mind that, once you've enabled Content Access, you'll need to rebuild your entire “collection” of access content permissions. The module is going to alter the way they work, that's why.

Restrict Access to Content in Drupal 8- Rebuild Permissions when Using Content Access module

Tip: if you need to control access to content nodes on your Drupal 8 site, this module's built to help you “refine” your restriction; for that you'll just need to define some more detailed permissions in People menu >  Permissions tab.
 

A lightweight solution to restrict access to content in Drupal 8. One that enables you to set up access-restricted content sections on your website.

Now, what makes it stand out from the other 5 modules in my list here is:

The refined, taxonomy term-based restrictions that it allows you to create for specific nodes on your Drupal site.

You can limit access to these nodes to:
 

  • specific user roles
  • certain individual user accounts
     

Restrict Access to Content in Drupal 8- Permission by Term module

How do you set everything up?
 

  1. first, you enable the module
  2. then, on the term edit page, you define a specific role access for each taxonomy term 


And there's more to look forward to! 

Unlike Organic Groups and Group, the Permissions by Term module comes with very little overhead, in the form of light contributed code.

In other words: for the taxonomy terms-based access control that it enables you to set up, it adds a new field to your current content types. That's all!
 

When it comes to Drupal role-based access control (to content types or nodes) this module's simple, straightforward approach is exactly what you need.

Not as “sophisticated” as Content Acess, yet conveniently easy to configure and to maintain.

And also, the perfect choice if it's just a basic kind of content type access restriction that you need to set up.

Summing up its functionality now, what you should know is that Node View Permissions enables you to define 2 types of... permissions:
 

  • “View any content”
  • “View own content”
     

… for every content type listed on your Drupal site's Permissions page. 
 

5. Group         

It enables you, as the site admin, to structure content into... groups.

Different group types, with their own hierarchies of group roles:
 

  • anonymous
  • member
  • outsider (a logged in user, but not a group member)
  • other group roles that, as an administrator, you'll need to create
     

Needless to add that with Group you'll restrict access to content in Drupal 8 based precisely on these group roles that you'll set up.

Furthermore, it allows you to define:
 

  • the most suitable permissions (view/edit/delete) for specific content types
  • the most appropriate group roles
     

… per group type. 

And the best is yet to come:

All group types, group roles, group/content relationships are set up as entities. Meaning that they're fully fieldable, exportable, extendable!
 

It's a restricted access to nodes, based on taxonomy terms, users and roles, that you get to define using this module:

A user role-based access control...

Note: mind you don't forget that, in order to restrict access to viewing/editing nodes on your Drupal website, you'll first need to reconfigure the existing user permissions.


The END! 

A bit curious now: which one of these solutions, ranging from straightforwardly simple to most refined, would you for to restrict access to content in Drupal 8?

Aug 27 2018
Aug 27

You've put so much effort into crafting and polishing the content on your Drupal website and it just won't... rank? Why is it that search engines' web crawlers won't index its “juicy” content? Why they won't give your site a big push right to first-position rankings? As it clearly deserves... Could it be because you're making these 10 Drupal SEO mistakes? 

Knowingly or just recklessly...

And with the first 5 of them already exposed in the first part of this blog post, I'm keeping my promise and here I am now, with 5 more SEO mistakes that you don't want to make on your Drupal website, ranging from:
 

  • embarrassing gaffes
  • to faux pas
  • to catastrophes...
     

1. Underrating Meta Tags: One of (Too) Common, Yet Costly Drupal SEO Mistakes 

And let me just say it: forgetting (or choosing not to) to check those 3 on-page ranking factors:
 

  1. description
  2. page title
  3. tags
     

... is one rookie SEO mistake. 

And one costly neglect, too...

Why? Because by simply checking your meta tags, making sure that the content entered there:
 

  • contains all the relevant keywords
  • is user-friendly and engaging
     

you hit 2 birds with just one stone:
 

  1. search engines' crawlers will just know whether specific web pages on your site are relevant for specific search queries or not; whether the keywords that you will have added to your meta elements are precisely those that online visitors use
  2. users will get a “teaser” of what the page is about, helping them decide whether it matches their searches and expectations or not
     

Note: Drupal's got your back with a dedicated Metatag module that you should install even before you “release your website out into the wild.
 

2. Ignoring the Slow Page Loading Speed 

If it takes more than 2 seconds to load... then you'll lose them. Visitors on your Drupal site will lose all interest in accessing that given page.

And could you blame them? 

Instead, you'd better:
 

  • blame yourself for accepting this status quo and refusing (or just postponing or not putting enough effort into it) to optimize your site for high speed
  • rush to address this major UX issue risking to grow into a critical SEO issue
     

How? By:
 

  • compressing all JS and CSS files using a dedicated tool of your choice (and thank God there are plenty of those to choose from!)
  • compressing all overly large pages
  • reducing images, graphics, and videos to reasonable sizes
  • disabling all those Drupal modules that you haven't used in ages (or maybe never...)
  • turning on catching (and luckily there are Drupal cache modules — like Memcache, for instance — that can help you with that)
  • upgrading your server or even moving to a new hosting company
  • optimizing your site's current theme

See? Improving your Drupal site's load time is no rocket science and it doesn't require overly complex measures, either. They're no more than... “common sense” techniques.

Assess the resources that implementing them would require and... just do it:
 

  • the user experience on your Drupal website will improve significantly
  • search engines will “detect” this increase in user satisfaction on your Drupal site
  • … which will translates into a higher ranking 
     

3. Overlooking to Redirect From Its HTTP to Its Secure HTTPs Version

Migrating your Drupal site to HTTPS is a must these days. Just face it and deal with it or... be ready to face the consequences!

Yet, if you overlook to redirect your site to its new HTTPs version, thus sending its visitors out to... nowhere — to error pages — then... it's all but wasted effort and resources.

One of those SEO Drupal mistakes with long-term consequences on your website's ranking.
 

4. Broken Internal Images

Leaving broken internal images and missing ALT attributes behind is a clear sign of SEO sloppiness...

And now, here's what we would call a “broken image”:
 

  • an image that has an invalid file path
  • an image with a misspelled URL
     

The result(s)?
 

  1. first, a broken image has an impact on the overall user experience; your site visitor gets discouraged and quite the page in question
  2. next, search engines rate your site's content as “of poor quality”
  3. and finally, all these lead to an inevitable drop in Google search rankings
     

5. Underestimating (or Just Ignoring) the Importance of an XML Sitemap for SEO

Not generating an XML sitemap of your Drupal site is more than just one of those Drupal SEO mistakes that you should avoid: it's a missed opportunity! A huge one!

Here's why:
 

  • an XML sitemap would include all the URLs on your website
  • … as well as information about your site's infrastructure of web pages (via heading tags), for search engine crawlers to use
  • … “alerts” about which pages they should be indexing first
  • an XML sitemap provides an early index of your website
  • all the pages on your website get submitted to the search engine database even before they get indexed in their own database
     

Note: the sitemap.xml file not only that communicates with and informs search engines about the current content ecosystem on your Drupal site, but will “keep them posted” on any updates of your site's content, as well.

So, what an XML sitemap provides is a prioritized, conveniently detailed and easily crawlable map of your Drupal website meant to ease web crawlers' indexing job.

And the easier it gets for them to crawl through your site's content, the faster your site's indexing process will be.

In short: if the robots.txt file alerts search engines about those pages that they shouldn't crawl into, the sitemap.xml file lets them know what pages they should index first!

Tip: discouraged by the thought of manually building your site's sitemap? Well, why should you, when there are Drupal modules built especially for this?
 

From taxonomy terms, menu links, nodes, useful entities, to custom links, these modules will automatically generate all the entities that you'd need to include in a detailed sitemap of your Drupal site.

The END! 

Just face it now: you'll inevitably continue to make gaffes influencing your site's SEO, no matter how many precautions you might take...

Yet, these10 Drupal SEO mistakes here ranked from least to most damaging, are the ones that you should strive to avoid at all costs...

Aug 24 2018
Aug 24

You have made, are currently making and will continue to make various Drupal SEO mistakes. From those easy to overlook gaffes to (truly) dumb neglects, to critical mistakes severely impacting your site's ranking... 

Just face it and... fix it! 

And what better way of becoming aware of their impact on your site than by... getting them exposed, right? By bringing them into the spotlight...

Therefore, here are the 10 SEO mistakes you really don't want to make on your website: the “culprits” for your site's poor ranking.

Take note of them, assess their occurrence/risks for your Drupal site's SEO and strive to avoid them:
 

1. Overlooking or Misusing Header Tags

Do it for the crawlers or do it for your site visitors.

For whichever reason you decide to structure the content on your web pages using H1, H2, H3 tags, Google will take note of your efforts...

And it all comes down to setting up an SEO-valuable hierarchy on each page on your Drupal site. One that:
 

  • crawlers will painlessly scan through, which translates your website getting indexed more quickly
  • users will find conveniently “readable”, which bubbles up to the overall user experience
     

Note: one of the worst SEO gaffes that you could make —  one that would confuse the crawlers and intrigue the site users — would be to use multiple H1 tags on the very same page. 

It's one of those silly, yet harmful rookie Drupal SEO mistakes that you don't want to make!
 

2. Duplicate Content: It's Literally Killing Your SEO

Now, speaking of running the risk to confuse the crawlers in your Drupal site, duplicate content makes the "ultimate source of confusion” for search engines.

And how does this show on your site's SEO? 

Basically, since the crawler can't identify the right page to show for a specific query, it either:
 

  1. "refuses" to rank any of them
  2. or applies specific algorithms to recognize the "suitable" page for that search query
     

Needless to add that the second decision is discouragingly time-consuming, while the first is simply... disastrous for your site's ranking.

"But how did I end up with duplicate content on my website in the first place?" you might ask yourself.

Here are 3 of the most common causes:
 

  • HTTP vs HTTPS 
  • URL variants
  • WWW and non-www pages
     

Now, since an identified and acknowledged mistake is already a half-solved one, here's how you can get it fixed:
 

  • just set up a 301 redirect from that web page's primary URL to the new one
  • set up a rel=canonical attribute on the old URL, one that would let search engines know that they should handle the new URL as a duplicate of the original one
     

Note: It goes without saying that all metric records and all the links that search engines will have monitored on these two duplicate pages will then be automatically attributed to the original URL.
 

3. Optimizing for the Wrong Keywords

And this sure is one of the most frequent Drupal SEO mistakes, that goes back to:

Not investing enough resources (of time mostly) in a proper keyword research strategy.

And no, trying to rank for the prime keywords isn't a foolproof action plan!

The result(s)?
 

  • you end up targeting all the wrong keywords
  • you optimize your site's content for all the wrong terms, that your target audience isn't actually searching for
     

Wasted efforts for putting together non-targeted (or not properly targeted) content...

Instead, invest time in identifying and then ranking for the right search terms.

For yes, it will take longer to carry out a proper keyword process and for your site to start ranking for those keywords. But it won't be wasted time...
 

4. Having Pages with Duplicate Title Tags on Your Drupal Site

Here's another way of confusing crawlers even more:

Faced with two separate web pages having the same <title> tags, search engines won't know which one of them stands for a specific search query.

And their confusion only risks to lead to your Drupal site's getting banned...

Moreover, it's not just search engines that will get discouraged by the duplicate titles, but site visitors, too. They won't know which is the “right” page to access.

“OK, but how can I get it fixed?”
 

  • you install and turn the Metatag module on
  • you craft and give each page on your Drupal site a unique title 
     

5. Ignoring Robots.txt: One of the Common Drupal SEO Mistakes

Now, before answering your otherwise valid question:

“Why do I even need Robots.txt file on my Drupal website?”

… we'd better see what this protocol brings, right?

Take it as a standard that websites use to communicate with crawlers and web robots “in charge” with indexing their content. It's this file that points out what web pages should be crawled and indexed and which ones should be skipped.

Now, if it's a blog that you own, ignoring this protocol isn't one of the biggest Drupal SEO mistakes that you could do. But if it's a larger Drupal site, with a heavy infrastructure of web pages, that you're trying to optimize, then having Robots.txt file makes all the difference...

Tip: do consider installing the Robots.txt module for streamlining the efforts of making your site “crawling-friendly”.

END of Part 1! Stay tuned for I'll be back with 5 more Drupal SEO mistakes — ranking from seemingly harmless to critical — that you definitely don't want to make on your website.

Aug 24 2018
Aug 24

With the Drupalgeddon2 "trauma" still “haunting” us all — both Drupal developers and Drupal end-users — we've convinced ourselves that prevention is, indeed, (way) better than recovery. And, after we've put together, here on this blog, a basic security checklist for Drupal websites and revealed to you the 10 post-hack “emergency” steps to take, we've decided to dig a bit deeper. To answer a legitimate question: “What are some good ways to write secure Drupal code?”

For, in vain you:
 

  • build a “shield” of the best Drupal security modules and plugins around your website
  • enforce a rigid workplace security policy 
     

… if you leave its code vulnerable to various types of cyber attacks, right?

  • But how do I know how unsecured code looks like, to begin with?
  • What are the site configuration gotchas that I should pay attention to?
  • What are the most common vulnerabilities that I risk exposing my Drupal site to?
  • And how can I test it for security issues that might be lurking in its code?

But most of all: What top secure coding practices should I and my Drupal development team follow?

Now, let's get you some answers:
 

1. SQL Injection Vulnerabilities: How You Can Fix & Prevent Them 

SQL injections sure make one of the most “banal”, nonetheless dreadful types of attacks. Once such vulnerabilities are exploited, the attacker gets access to sensitive data on your Drupal site.
 

1.1. Prevent SQL Injection Attacks Using The Database Abstraction Layer

In other words: the proper use of a database layer makes the best shield against any SQL injection exploit attempts.

Now, let's talk... code.

For instance, linking together data right into the SQL queries does not stand for a secure coding practice:

db_query('SELECT foo FROM {table} t WHERE t.name = '. $_GET['user']);

In this case here, this is how you write secure Drupal code:

db_query("SELECT foo FROM {table} t WHERE t.name = :name", [':name' => $_GET['user']]);

Notice the usage of the proper argument substitution with db_query. The database abstraction layer uses a whole range of named placeholders and works on top of the PHP PDO.

Now, as for a scenario requesting a variable number of arguments, you can use either db_select() or an array of arguments:

$users = ['joe', 'poe', $_GET['user']];
db_query("SELECT t.s FROM {table} t WHERE t.field IN (:users)",  [':users' => $users]);
$users = ['joe', 'poe', $_GET['user']];
$result = db_select('table', 't')
  ->fields('t', ['s'])
  ->condition('t.field', $users, 'IN')
  ->execute();

1.2. Have You Detected an SQL Injection Vulnerability? Here's How You Can Fix It

There are some key Drupal security best practices to follow for addressing SQL injection issues:
 

  • always stick to the well-known Drupal database API
  • always filter the parameters that you get (be twice as vigilant and cautious about those who can type anything on your Drupal site)
  • always use placeholders: db_query with :placeholder
  • always check the queries in the code: db_like()
     

Tip: remember to follow these coding practices for addressing and preventing SQL injections on your contrib modules, as well.
 

2. How to Protect Your Drupal Site Against Cross-Site Scripting (XSS) Attacks

We could easily say that XSS attacks “rival” SQL injection attacks in “popularity”:

Drupal's highly vulnerable to cross-site scripting.

All it takes is some wrong settings — input, comment, full HTML — as you configure your website, to make it vulnerable to this type of attacks:

They make a convenient gateway into your website for remote attackers to use to inject HTML or arbitrary web.
 

2.1. Check Functions to Rely on for Sanitizing the User Input (in Drupal 7)

Securing your Drupal 7 site against cross-site scripting attacks always starts with:

Identifying the very “source” of that submitted data/text.

Now, if the “culprit” is a user-submitted piece of content, depending on its type you have several check functions at hand to use for sanitizing it:
 

  • check_url
  • check_plain (for plain text)
  • filter_xss (when dealing with pure HTML)
  • filter_xss_admin (if it's an admin user that entered the “trouble-making” text)
  • check_markup
     

Note: always remember never to enter the user input as-is into HTML!

Tip: a good way to write secure Drupal code is to use t() with % or @ placeholders for putting together translatable, safe strings.
 

2.3. Cross-Site Scripting In Drupal 8: Twig & 3 Useful Sanitization Methods

In Drupal 8, handling cross-site scripting attacks gets significantly easier.

Here's why:
 

  • you have TWIG, with its autoescaping and “sanitize all” HTML mechanism!!!
  • no SQL queries
  • no access to Drupal APIs
     

Now, besides Twig, you have 3 more sanitizing methods at hand for fixing cross-site scripting issues in Drupal 8:
 

  1. HTML: :escape(), for plain text
  2. Xss: :filterAdmin(), for admin-submitted content
  3. Xss: :filter(), where HTML can be used
     

2.4. Testing Your Code Against XSS

In order to check whether certain user inputs are vulnerable, all you need to do is:
 

  • take the “suspicious” user input as a field, as an input HTML
  • enter them both (or just one of them) in your test
     

Note: feel free to user Behat or another framework of choice to automate the whole process.

2 clear signs that you've detected an XSS vulnerability are:
 

  1. you get this pop up alert: <script>altert ('xss') </script>
  2. or this error message close to the IMG tag: img src="https://www.optasy.com/blog/what-are-some-good-ways-write-secure-drupal-..." onerror="alert ('title')"
     

3. Use Twig Templates: They Sanitize All Output...  Automatically 

Did you know that a lot of the Drupal security issues on your website occur precisely because you've skipped sanitizing the user-submitted content before displaying it?

And someone's neglect quickly turns into another one's opportunity...

By skipping to clean up that text beforehand, you lend the attacker a “helping hand” with exploiting your own Drupal site.

Now, getting back to why using Twig templates is one of the best ways to write secure Drupal code:
 

  • they sanitize the user input and output (all HTML, basically) by default; you can write your custom code without worrying about it risking to break up your website
  • you won't run the risk of having safe markup escaped


In short: securing your Drupal 8 website is also about having all HTML outputted from Twig templates.
 

4. How to Write Secure Drupal Code for Finding & Fixing Access Bypass Issues

One of Drupal's strongest “selling points” is precisely its granular permission system. Its whole infrastructure of user roles with different levels of permissions assigned to them.

Furthermore, there are all kinds of access controls that you can “juggle with”:
 

  • Node access system
  • field access
  • Views access control
  • Entity access
     

In short: you're free to empower users to access different sections/carry out different operations on your Drupal site.
 

4.1. How You Can Check for Access Bypass Issues

How do you know whether there are access bypass flaws on your website, that could be easily exploited?

It's easy:
 

  • you simply visit some nid/node and other URL on your site 
  • and just run your Behat automated tests
     

4.2. And How You Can Fix the Identified Access Bypass Issues

Do keep in mind that there are quite a few access callbacks to consider:
 

  • entity_access
  • user_access for  permissions
  • Squery – addTag ('node_access')
  • Menu definitions (make sure you set those correctly)
     
  • node_access

All you need to do is write automated tests to address any detected problems related to access bypass.
 

5. 3 Ways Deal to With Cross-Site Request Forgery (CSRF) in Drupal 

What does it take to write secure Drupal code? 

Writing it... strategically, so that it should prevent any possible cross-site request forgery attack...

Now, here are 3 ways to safeguard it from such exploits:
 

  1. sending and properly validating the token
  2. using Form API
  3. using the built-in csrf_token in Drupal 8
     

In conclusion: a trio of good practices keeps the CSRF attacks away...
 

6. 7 Best Contrib Security Modules to Back Up Your Coding With

Now, after we've gone through some of the best ways to write secure Drupal code, let's see which are the most reliable contrib security modules to strengthen your site's shield with:

  1. Hacked!      
  2. Permission report  
  3. Encrypt      
  4. Composer Security Checker        
  5. Security Review          
  6. Paranoia      
  7. Text Formats Report
     

The END! This is how your solid Drupal security “battle plan” could look like. In includes:
 

  • some of the most frequent types of attacks and security issues to pay attention to
  • most effective preventive measures
  • vulnerability detecting methods
  • post-attack emergency actions and sanitization mechanisms
     

What ways to write secure Drupal code would you have added or removed from this list?

Aug 21 2018
Aug 21

Let me guess: you're a Drupal developer (temporarily) turned into a... Drupal project manager! Or maybe a PM new to Drupal, facing the challenge of your first Drupal project management assignment?

Have I guessed it?

Now the questions roaming in your head right now must be:
 

  • What Drupal project-specific challenges should I expect?
  • How should I address them?
  • How should I approach the Drupal developers, site builders and themers involved?
  • What questions should I ask them at each phase of the project?
  • And which are the stages of a Drupal project management process more precisely?
  • How do I collect accurate and explicit requirements for my Drupal project?
     

“Spoiler alert”: managing a Drupal project the right way isn't so much about using the right project management modules and “heavy-lifting” tools. It's about:
 

  • understanding the specific challenges that Drupal projects pose
  • understanding the specific phases of the process
  • empowering the people in your team to capitalize on their Drupal expertise within the given time frames and according to your client's objectives
     

Now, here's an insight into the process of managing a Drupal project. One shaped as a list of predictable challenges and their most suitable solutions:
 

1. Proper Planning: Get The Whole Team Involved

In other words: defining objectives and setting up a final time frame with the client without getting your team, too, involved in the process is like:

Throwing spaghetti at a wall and hoping that it would just... stick somehow.

They're the Drupal experts, you know...

Therefore, getting the Drupal developers, themers and site builders engaged at this stage of the project is no more than... common sense.

They're the (only) ones able to:
 

  • give you an accurate time estimate for developing and implementing each functionality/feature
  • tell if certain of the requested features can't be delivered
  • identify interdependencies and conditions
  • provide you vital information about Drupal-specific architecture and the project-specific development process
  • … information on what components to take, whether new contrib modules need to be developed to support certain functionalities etc.
     

Get your Drupal team involved in the planning and preparation process and strike a balance between their valuable input, the client's objectives, and time frames.
 

2. Tempted to... Micromanage? Empower Your Team Instead

Yet, resisting temptation won't be easy. Especially if you're a former Drupal developer now turned into a Drupal project manager.

You'd just die to get your hands dirty with code, wouldn't you? To supervise, closely, how every single line of code is being written.

Refrain yourself from that...

Instead, do keep your focus on the bigger picture instead! And, moreover, empower each member of your team to... shine. To excel at what he/she's doing. 

That instead over obsessing over details, getting everyone on their nerves and making them doubt their own skills:

By focusing on each one of the small steering wheels you'd just lose sight of the larger mechanism that's a Drupal project.
 

3. To Tell or Not to Tell: Do Encourage Your Team Members to... Tell

Hiding the dirt under the carpet, from the stakeholders' eyes/ears, having members of your team remain silent over certain bottlenecks in the project, will only act as 2 “Trojan horses”.

And lead your project to... failure.

Instead:
 

  • dare be honest with the client and inform him/her if you run the risk of a delay 
  • encourage your team to be open with you and with their teammates when they hit sudden challenges, unexpected issues
     

By:
 

  • hiding
  • ignoring
  • “genuinely” underrating
     

... issues detected in the development process — instead of getting them “exposed” and dealt with —  you're only sabotaging the Drupal project.

And now speaking of encouraging good communication within your team, how about creating a dedicated open forum for them to use?

This could be the “place” where they'd share any issues that they will have detected in the project. Or the challenges they're facing and can't address by themselves.
 

4. Juggling with Resources, Timeline, and Unforeseen Events

I'm not going to lie to you about this one: keeping the balance between staying flexible and being capable to assess risks is not going to be easy...

Unplanned issues will strike, new requirements will come to “jeopardize” this balance, unexpected changes will need to be accommodated under the same time frame...

Should you keep yourself rigid and inflexible to all changes, sticking to the initial plan?

Or should you “assimilate” all the incoming requirements and additions to scope with the risk of a project delay?

And that of overburdening your team with unscheduled tasks.

Can't help you with a universal answer here, one that applies to all Drupal project management scenarios. It's you, together with your Drupal team, who should be able to estimate:
 

  • the changes' level of complexity
  • the project delay (if it's the case)
  • the chances for these additional tweaks to turn into contractual changes
     

5. Drupal Project Management Is 90% Good Time Management

And it all comes down to:

Breaking your Drupal project down into small, manageable tasks. 

Tasks that can be easily turned into goals and objectives:
 

  • daily objectives
  • weekly objectives
  • and so on...
     

Efficient Drupal project management, even if we're talking about truly complex ones, is all about making it... manageable.

About ensuring that the lists of tasks are logically structured and (most of all) time framed!

Needless to add that this strategy acts as a motivation-booster for your team: 

Just think about it: with every ticked off task, each team member can visualize the project's progress in... real-time. A progress that he/she, too, will have contributed to.

The END! These are the Drupal project-specific challenges that any project manager dealing with this CMS has to deal with, accompanied by their life(reputation)-saving solutions.
 

Jul 20 2018
Jul 20

So, you've installed your version of Drupal and you're now ready to actually start building your website. What essential tools should you keep close at hand, as a site builder? Which are those both flexible and powerful must-have modules to start building your Drupal site from scratch?

The ones guaranteeing you a website that:
 

  1. it integrates easily with all the most popular third-party services and apps
  2. is interactive and visually-appealing, irrespective of the user's device
  3. is a safe place for your users to hang on, interact with, shop on, network on...
  4. is conveniently easy for content managers and admins to handle
     

Luckily, there are plenty of modules, themes and plugins to overload your toolbox with:

Long gone are the code-centric webmaster's “glory days”! Nowadays, as a Drupal site builder, you have a whole array of tools at your disposal to just start building and getting a Drupal site up and running in no time.

Sometimes without the need to write a single line of code!

But, let's not beat around the bush any longer and have a close look at these 10 essential modules that you'll need for your “Drupal 8 site building” project:
 

Definitely a must-have module:

Just consider that Drupal accepts ANY user password, be it a... one-latter password!

So, in order to set up your own stricter and safer password policy, you need to install this module here.

Then, you can easily define:
 

  • the minimal (and maximal) no. of characters that any user password on your Drupal site should include
  • the no. of special characters that it has to include
  • specific restrictions Like: "one can't use his/her email address as his/her password"
     

Why should this module, too, be in your essential toolkit of modules to start building your Drupal site with?

Because it implements the functionality to get notified — you, the admin or content manager —  as soon as a user posts a comment on the website.

Note: you can get “alerts” about both the logged in and the anonymous visitors' comments.
 

3. Breakpoints, One of the Must-Have Modules to Start Building Your Drupal Site 

It goes without saying that one of the Drupal site building best practices is providing it with a responsive web design.

And this is precisely what this module here facilitates:

Setting the proper media queries, once you've defined your own breakpoints.
 

A module whose functionality bubbles up to the content manager's experience.

Whenever he/she will have to make a selection involving both categories and subcategories, this hierarchical type of selection will prove to be more than useful:

Practically, once you/they select the “main” option, a new drop-down menu/widget including the subcategories to select from pops up, as well. Like in the image here below:

Essential Modules to Start Building Your Drupal Site With: Simple Hierarchical Select

And complying with this EU notification is mandatory. 

So, this is why EU Cookie Compliance is another one of the essential modules to start building your Drupal site with:

It displays the given notification — providing visitors with the option to agree or/and to read more information about your cookie policy —  in the footer of your website.
 

6. Shield              

Any Drupal site building guide would advise you to install a module that shields your website from anonymous users and search engines when running your test environments.

And this is what Shield is built for:

To screen your site from the rest of the world —  except for you and the logged in users — when you deploy it in a test environment.

A more than convenient method, as compared to manually setting up a .htpasswd and then integrating it with .htaccess.
 

If you're not just another Drupal site builder, but a user experience-centric one, you must consider also those modules to build your Drupal site with that boost the level of user interactivity.

Like Beauty Tips here.

It displays balloon-help style tooltips whenever a user hovers over a certain text or page element on your website.

Pretty much like Bootstrap tooltip does.
 

Another one of the Drupal site building best practices is to turn it into a safe place for your users to be. 

In short: to protect their privacy.

And if you're building a website that's available on both HTTP and HTTPS, the Secure Login module comes in handy as it makes sure that:
 

  1. the user login form
  2. all the other fill-in forms that you'll configure for extra security
     

… get submitted via HTTPS.

It locks them down, enforcing secure authenticated session cookies, so that user passwords and other critical user data don't get exposed all over the internet.
 

It's another one of those essential modules to start building your Drupal site with if you're determined to provide the best user experience there.

What does it do?

It enables particular visitors on your site — those granted permission to edit and to add new menu items — to choose whether they open menu items in new windows or in the current ones.
 

A module that makes up for the “Remember me” feature that's missing from the user login screen in Drupal:

It comes to implement this missing option, one independent from the PHP session settings.

So, we're not talking about the conventional, too long “PHP session time” here, but about a more secure and user-friendly “Remember me” feature added to the login form.

Furthermore, the module enables you to define some extra security policies, too:
 

  • the no. of persistent sessions that a Drupal user can enjoy at the same time
  • specific pages where users still have to log in again
  • after how long the logged-in users will need to re-enter their credentials once again
     

And 2 “Extra” Modules to Consider When Building Your Drupal Site

By “extra” I mean that they're not really essential modules to start building your Drupal site with. Yet, they're the first 2 ones to consider right after you've put together your “survival” toolkit as a site builder:
 

1. Site Settings & Labels    

Take this common scenario:

You need to display a social network URL on multiples pages on your Drupal site. 

What do you do?
 

  1. you hard coding this single setting in the source
  2. you start building a custom Drupal module for handling this variable
  3. you install the Site Settings & Labels module and thus display a checkbox to render page elements through a template conditional
     

The “c” variant's undoubtedly the winner here. 

A win-win for you, in fact:
 

  1. you save the time you'd otherwise have spent coding
  2. you improve the user experience on your Drupal site
     

2. Slick/Slick Views/Slick Media          

It's actually a suite of modules to start building your Drupal site with. One “injecting” the needed functionality so that you can easily set up:
 

  • carousels
  • slideshows
     

… on your freshly built website.

Note!

I won't lie to you: setting up the library dependencies is not exactly a child's play. Yet, once you've succeeded it, configuring the modules in this suite, right in your Drupal admin, is piece of cake.

The END! These are the 10 must-have modules to start building your Drupal site from scratch with. Would you have added some more? 

Or maybe you wouldn't have included some of the modules listed here, as you don't consider them “essential”? A penny for your thoughts!

Jul 18 2018
Jul 18

Let's say that it's a WhatsApp-like, a decoupled, Drupal 8-backed, real-time chat platform that you're building. One using Node.js. In this case, implementing field autocomplete functionality becomes a must, doesn't it? But how do you add autocomplete to text fields in Drupal 8?

Needless to add that such otherwise "basic" functionality — implemented on fields such as node reference and user/tags — would instantly:
 

  1. improve the user experience 
  2. increase the level of user interactivity and engagement
     

Users would group around different "channels" and be able to easily add new members. The auto-complete text fields will make the whole “new member coopting” process conveniently easy:

Users would only need to start typing and an array of name suggestions (of the already existing team members) would spring up.

But let's see, specifically, what are the steps to take to implement autocomplete functionality in Drupal 8:
 

1. The Drupal Autocomplete Form Element: Adding Properties to the Text Field

The first basic step to take is to define your form element. The one that will enable your app's users, on the front-end, to select from the suggested team members' names. For this:
 

  1. navigate to “Form” (you'll find it under “Entity”)
  2. scroll the menu down to ”NewChannelForm.php”
     

Note: using “#autocomplete_route_name element” when defining your form element will let Drupal know that it should ignore your form element on the front-end.

And now, let's go ahead and assign specific properties to your form's text field! For this:
 

  1. define “#autocomplete_route_name”, so that the autocomplete JavaScript library uses the route name of callback URL
  2. define “#autocomplete_route_parameters”, so that an array of arguments gets passed to autocomplete handler
     
$form['name'] = array(
    '#type' => 'textfield',
    '#autocomplete_route_name' => 'my_module.autocomplete',
    '#autocomplete_route_parameters' => array('field_name' => 'name', 'count' => 5),
);


And this is how you add #autocomplete callback to your fill-in form's text field in Drupal 8!

Note: in certain cases — where you have additional data and or different response in JSON —  the core-provided routes might just not be enough. Then, you'll need to write an autocomplete callback using the “my_module. autocomplete“ route and the proper arguments (“name” for the field name and “5” as count, let's say).

And here's specifically how you write a custom route:
 

2. Add Autocomplete to Text Fields in Drupal 8: Define a Custom Route

How? By simply adding the reference to the route — where data will get retrieved from — to your “my_module.routing.yml file”:
 

my_module.autocomplete: path: '/my-module-autocomplete/{field_name}/{count}' defaults: _controller: '\Drupal\my_module\Controller\AutocompleteController::handleAutocomplete' _format: json requirements: _access: 'TRUE' 


Note: remember to use the same names in the curly braces (those that you inserted when you defined your “autocomplete_route_parameters”) when you pass parameters to the controller!
 

3. Add Controller with Custom Query Parameters

In the custom route that you will have defined, you'll have a custom controller AutocompleteController, with the handleAutocomplete method.
 
Well, it's precisely this method that makes sure that the proper data gets collected and properly formatted once served.

But let's delve deeper into details and see how precisely we can generate the specific JSON response for our text field element.

For this, we'll need to:
 

  • set up a AutoCompleteController class file under “my_module>src>Controller > AutocompleteController.php"
     
  • then, extend the ControllerBase class and set up our handle method (the one “responsible” for displaying the proper results)
     
  • it's the Request object and those arguments that you will have already defined in your routing.yml.file (“name” for the field name and “5” for the count, remember?) that will pass for your handler's parameters
     
  • the Request object will be the one returning the typed string from URL, whereas the “field_name” and the “count” route parameters will be the ones providing the results array.
     

Note: once you get to this step here, as you add autocomplete to text fields in Drupal 8, remember that you should be having data in “value” and“label” key-value, as well:

Next, you'll set up a new JsonResponse object and pass $results, thus generating a return JsonResponse.
 

Summing Up

That's pretty much all the “hocus pocus” that you need to do to add autocomplete to text fields in Drupal 8. Now the proper data results should be generated.

Just reload your app's form page and run a quick test:

Try to create a brand new channel in your app and to add some of the already existing team members.

Does the text field have autocomplete functionality added to?

Jul 04 2018
Jul 04

I'm a woman of my word, as you can see: here I am now, as promised in my previous post on the most effective ways to secure a Drupal website, ready to run a “magnifying glass” over the best Drupal security modules. To pinpoint their main characteristics and most powerful features and thus to reveal why they've made it to this list.

And why you should put them at the top of your own Drupal security checklist.

So, shall we dig in?
 

It's only but predictable that since the login page/form is the entry to your Drupal site, it is also the most vulnerable page there, as well.

Therefore, secure it!

In this respect, what this module enables site admins to do is :

  • define a certain number of login attempts; too many invalid authentication attempts will automatically block that account
  • block/limit access for specific IPs
     

Moreover, you get notified by email or via Nagios notifications when someone is just username/password guessing or using other kinds of brute force techniques to log into your Drupal site.

In short: the Login Security module, through its variety of options that it “spoils” you with, empowers you to set up a custom login policy on your site. To define your own restrictions and exceptions.

As already mentioned here, on this blog, when we've tackled the topic of Drupal security:

Keeping your Drupal core updated is that easily underrated, yet most powerful security measure that you could implement!

Now what this module here does is assisting you in keeping your Drupal codebase up to date: safely patched and having all the crucial upgrades.

And I don't need to remind you the security risk(s) that all those site owners ignoring the latest patches to Drupal core expose their websites to, right? 
 

Captcha is one of the best Drupal security modules since it's one of the most used ones.

And no wonder: could you imagine submission forms on your website with no Captcha? The age-old system is one of the handiest ways to keep spammers and spambots away.

So, having this module “plugged in”, providing you with the needed captcha support, becomes wisely convenient.
 

The module enables you, as your Drupal site's admin, to define specific rules for “wannabe users” to follow when they set up their account passwords.

From constraints related to:
 

  • special symbols that those passwords should include, to ramp up both the given account's and your own site's security
  • to uppercase letters
  • to numbers...
     

… once you plug in this Drupal security module in, it's you who gets to set up the policy for creating account passwords.
 

5. Security Review, One of the Best Drupal Security Modules

The Security Review module is that “Swiss knife” that you need for hardening your site's shield.

Meaning that it's an all-in-one tool. One that comes with its own Drupal security checklist that it regularly goes through and sets against your website, detecting any missing or improperly implemented security measures.

Moreover, it automates a whole series of tests for tracking down any signs of exploits and brute-force attacks:
 

  • arbitrary PHP execution
  • XSS exploits
  • SQL injection
  • suspicious PHP or JavaScript activity in content nodes
     

Once it identifies the vulnerabilities, it “alerts” you and gives you the best recommendations for mitigating those security risks. All you need to do is follow the suggestions.
 

Another module that “empowers” you to take full control over the security strategy on your Drupal site. To set up specific options for minimizing the chances of exploitable “cracks” showing up in its security shield:

For instance, it could recommend you to set up HTTP headers on your Drupal site.
 

Here's another one of those best Drupal security modules that's also one of the widely used ones.

Why is it a must-have on your own Drupal site? Because it enables you to set a limit to the number of simultaneous sessions per user, per role.

This way, you trim down the chances of suspicious activity being carried out on your site and eventually leading to brute-force attacks.
 

Another module that's a must on your Drupal site:

It basically enables you, the site admin, to define a policy that would log out users after a specified time period of inactivity. 
 

LinkedIn, Google, Twitter, Instagram, Facebook are just some of the big names that have adopted this user authentication method for security reasons. So, why shouldn't you, too?

Especially when you have a dedicated module at hand, Two Factor Authentication, to:
 

  • provide you with various methods to select from: pre-generated codes, time-based one-time PINS or passwords, codes sent via SMS etc.
  • give you full freedom in defining that two-factor authentication strategy that suits your site best
     

The principle is as simple for the user, as it is effective for your website, from a security standpoint:

The user gets a security code that he/she'll then need to use for logging into your Drupal site.
 

A command-line tool, with IDE support, that gives your codebase a deep scan and detects any drift from the coding standards and best practices.

Why has it made it to this exclusive list of 15 best Drupal security modules? Cause vulnerabilities might be lurking right in your Drupal code, not necessarily in your users' weak passwords or unpatched core modules.

Having a tool at hand that would identify and notify you of all those weak links in your code, where the best practices aren't being followed, is just... convenience at its best.
 

Another key module to add to your Drupal security checklist. 

For you do agree that email addresses are some of hackers' easiest ways to infiltrate into your website, don't you? 

Now what this module here does is obfuscate email addresses so that spambots can't collect them.

Note: a key strength of SpamSpan is that it uses JavaScript for this process, which enhances accessibility.
 

12. ACL      

“A set of APIs” This is how we could define this module here, which doesn't come with its own UI.

Its key role? To enable other Drupal modules on your website to set up a list of users that would get selective access to specific nodes on your site.
 

Why is Paranoia one of the best Drupal security modules?

Because it will end your “paranoia” — as its name suggests — that an ill-intentioned user might evaluate arbitrary code on your site.

The module practically identifies all those vulnerable areas where a potential attacker could exploit your site's code and blocks them.
 

Limiting or blocking access to key content types on your site is no more than a common-sense security measure to take, don't you agree?

Therefore, this module here's designed to assist you throughout this process:
 

  • as you define detailed permissions on your site: to view/edit/ delete specific content types
  • … by user role and by author 
     

Word of caution: do keep in mind that, since Content Access uses Drupal's node API, you shouldn't enable other modules using the same endpoints on your website!
 

A module that ramps up not just your site's security, but also its accessibility.

Just think about it:

Nowadays anyone has at least one Google account. Therefore, “anyone” can easily log into your website using his/her own Google account credentials.

Once, of course, you will have installed and turned this Drupal module on.

END of list! These are the 15 best Drupal security modules worth installing on your site. 

Scan them through, weigh their key features, set them against your site's specific security needs and make your selection!

Jun 28 2018
Jun 28

You have patched your Drupal website, haven't you? If so, then that critical 3-month-old security flaw, Drupalgeddon2, can't get exploited on your site. Even so, with the menace of a cryptocurrency mining attack still lurking around the unpatched websites, you legitimately ask yourself: what are some quick and easy ways to secure Drupal?

“Which are the most basic steps to take and the simplest best practices to adopt to harden my Drupal site's security myself?”

Now, using keywords such as “security measures”, “quick”, “easy” and “handy”, I've come up with a list of 7 basic steps that any Drupal site owner can (and should) take for locking down his/her website.

Here they are, in no particular order:
 

1. Keep Your Drupal Core and Modules Updated 

Not only is this one of the simplest ways to secure Drupal, but one of the most effective ones, as well.

Even so more now, with the Drupalgeddon2 Drupal security threat still fresh in our memory, ignoring the regularly released security updates for both Drupal core and its modules is just plain recklessness or... self-sabotage.

Keep your Drupal version updated: apply security patches as soon as they get released, avoiding to leave your site exposed and exploitable. As simple as that!

And where do you add that this is one of those Drupal security best practices that's the easiest to integrate into your routine. Since to run the latest updates you only need to:
 

  • sign in to your Admin panel
  • go to “Manage” 
  • scroll down to “Reports” → “Available Reports”
  • click on “Check manually”
  • if there are any critical security updates that you're advised to run, just click “Update”
     

This is all it takes for you to:

  1. seal any security loopholes in your Drupal core
  2. prevent any identified vulnerability from growing into a conveniently easy to access backdoor for hackers to get in
     

2. Install Drupal Security Modules 

Strengthening the shield around your Drupal site with some powerful Drupal security modules is another both handy and effective measure that you, yourself, can easily implement.

Luckily, you're definitely not out of options when it comes to good security modules in Drupal.

And I'm only going to run a short module inventory here, since I'm already preparing a blog post focused precisely on this topic. Therefore, I promise to delve deep into details about each one of the here-listed modules in my next post:
 

Downloading, installing security modules on your Drupal site is both:
 

  • quick and simple to do
  • highly effective 
     

And they serve a wide range of purposes, from:
 

  • enforcing strong password policies
  • to monitoring DNS changes
  • to locking down your site from security threats
  • to blocking malicious networks
  • to turning on a firewall on your site
     

As for their selection, it depends greatly on your list of priorities when it comes to improving your site's security. Take some time to weigh and to compare their features.
 

3. Remove Unused Modules: One of the Easiest Ways to Secure Drupal 

Being the “easiest” security measure to implement doesn't make it also “the most popular” among Drupal site owners.

Owners who more often than not:
 

  • underrate the importance of running a regular module usage audit on their sites
  • ignore the Drupal security threat that an outdated piece of code (or an unused module) could turn itself into, once exploited by an attacker
     

So, don't be one of those site owners! Are there modules on your site that you no longer use? 

That have grown outdated and that are just... lingering there, using your site's resources and risking to grow into an exploitable backdoor for hackers?

Identify them and remove them! It won't take more than just a few priceless minutes of your time.
 

4. Enforce a Strong Password Policy

Since it's not just the admin (you do have a smart username and password for logging into your admin dashboard, don't you?) that will log into your Drupal site, but users, too, implementing some strong user-side security measures is a must.

In this respect, creating a strong password policy — one that would enforce the creation of complex, “hard-nut-to-crack” type of login credentials — is one the best and the easiest ways to secure Drupal on the user's side.

Come up with a policy that defines specific requirements for setting up passwords of high enough entropy (letters, uppercase/lowercase, symbols, different characters combos).

And don't hesitate to rely on dedicated Drupal modules for enforcing those requirements defined in your policy:
 

5. Block Access to All Your Sensitive Files

I bet you don't want important folders, core files — upgrade.php., install.php, authorize.php, cron.php —  to be easily accessible to just... anyone, right?

So, how about limiting or blocking access to them?

And you can easily do that by configuring your .htaccess file —  it's the one containing details of crucial importance regarding your website access and credentials to specific parts and core files on your site:

Just specify the IP addresses allowed to access those core folders, files and subdomains.

Here's one “enlightening” example:

<FilesMatch "(authorize|cron|install|upgrade)\.php">
Order deny, allow
deny from all
Allow from 127.0.0.1
</FilesMatch>


Note!

Now speaking of limiting access, don't limit your restrictions to your core folders and files. Remember to restrict/block access to your web server, to your server login details, as well.

How? By adding a basic layer of authentication limiting server access and file access usage.

Also, do remember to cautiously manage access to certain port numbers that your site/app might be using.
 

6. Back Up, Back Up, then... Back Up Some More 

You can't anticipate brute-force attacks, but you sure can “land back on your feet” if the worst scenario ever happens.

And you can only do that if you have a clean and recent backup at hand to just rollback and restore your website.

In other words: back up regularly! 

And remember to always back up your files and MySQL database before any update that you run on your Drupal code and modules. It is one of those common sense Drupal security best practices that should be included in any basic security checklist!

Where do you add that you even have a dedicated Drupal module —  Backup and Migrate — to assist you with this process.

Some of the back up “burdens” that this module will take off your shoulders are:
 

  • backing up/restoring code and multiple MySQL databases
  • integrating Drush 
  • backing up files directory
  • setting up several backup schedules
  • AES encryption for backups


7. Review All User Roles and Grant the Minimum Permissions Necessary

How many user roles are there assigned on your Drupal site?

If you don't quite know the answer, then it's obvious:

You must give your entire user role system an audit!

And to stick to this habit, one of the simplest ways to secure Drupal, after all.

Review all the user roles and, most of all, review each one's set of permissions and make sure you trim them down to the minimum necessary for each role. 

This way, you'll also limit access to critical files for those users that shouldn't have the permission to download or visualize them.

And speaking of permission, do keep in mind to review all your file permissions, as well!

See which user roles are granted permission to access key directories or to read, write or modify certain files on your website and block/restrict access where necessary.

The END! Of course, this isn't even close to a complete list of ways to secure Drupal. If it had been an exhaustive one, it would have continued with more Drupal security best practices, such as:
 

  • getting the SSL Certificate
  • securing HTTP headers
  • using secure connections only
     

Etc. etc. I've only focused on some of the easiest and quickest measures that anyone, with little, close to no technical know-how at all, can implement. And I feel like stressing out the term “practice” here:

Securing your Drupal site is a constant process; a series of persistent efforts and not a one time thing. Remain vigillant and cautious and don't rely on just a one-time, multifaceted security hardening “marathon”.
 

Jun 25 2018
Jun 25

Oops! The worst has happened: your Drupal site has been hacked! Maybe it was precisely one of those critical vulnerabilities, that the Drupal security team has been drawing attention to these last months, that the attacker(s) exploited? 

Now what? What to do?

Should you be:
 

  1. rushing to restore your website to a healthy, good-working state (that, of course, if you do have a clean and recent backup available)?
  2. starting to rebuild it?
  3. investigating how your Drupal site got contaminated in the first place: where's the “open door” that the attackers used to get in?
  4. focusing on closing any backdoors that could make new attacks possible?
     

Now “tormenting” yourself with too many questions simultaneously will only distract you from what should be your main objective: cleaning up your website (and preventing further hacks I should add).

So, let's go about it methodically, step by step:
 

Step 1: Write Down Issues, Steps to Take, Preventive Measures to Apply

Keep your cool and go for a methodical approach to crisis management:

Just open up a document and start... documenting:
 

  • the issues and any suspicious activity that you identify on your site
  • all the steps that your strategy for removing malware and restoring your site should include
  • the preventive security measures you commit to taking for preventing such a scenario from happening again the future
     

Step 2: Make a Forensic Copy of Your Drupal Site 

Before you start running your “investigations” on the attack, on how your Drupal site has been hacked, and way before you get to rebuild anything:

Make a forensic copy of all your files, you database and your operating system environment!

Note: go with an external storage medium for these copies and store them offsite.

As you're scanning through your files, detecting viruses and malware and having them cleaned up, feel free to make new and new “working backups”. And to store them in a different directory (from your regular backup files, I mean).

“But why bother? When will these backups turn out particularly useful?”
 

  1. when you call out to a third party to assist you with the troubleshooting process; these “working” backups will then provide a clear picture of the site before you started “malware detecting” on your own
  2. when you try to fix the issues you detect, but instead you make them worse; then, you can easily roll back those changes 
     

Step 3: Scan Your Servers and PC for Malware, Malicious Code Injections, Viruses

Before you rush to change all the passwords on your site, pause for a moment to think through your next “move”:

What if the attack has been “programmed” so that the attacker should get notified once you change your password(s)? And what if it's precisely your PC or one of your servers that's got infected? Then storing a clean backup of your site precisely there would only make it even more vulnerable.

So, how do you prevent that? You give both your PC and your servers a deep scan before making any change.

And, thank God, you sure aren't nickel and dimed in anti-malware tools and anti-virus software: AVG, BitDefender, Malwarebytes, ESET, AV-Comparatives etc.
 

Step 4: Detect & Remove the Backdoors

One of the crucial steps to take, once you realize that your Drupal site has been hacked, is to “close” all the backdoors.

These could easily turn into hackers' access ticket into your site even after you've removed malware and restored it to its healthy state. But, for closing them you first need to... find them right?

So, where to look?

Here are a few key places on your site that you should focus your “searches” on:
 

  • access logs: while scanning them, be vigilant and look for PHP scrips and POST requests added to directories that have writable access
     
  • eCommerce set up: check all the payment methods, shipping addresses, credit card addresses, linked accounts, looking for any suspicious, newly added data
     
  • passwords: FTP passwords, admin passwords, control panel passwords
     
  • email rules and filters: check that the answers to the security questions are “legitimate”, that messages are being forwarded to correct email addresses etc.
     

Step 5: Consider Taking Your Site Offline

And your decision depends greatly on the nature of your site:

If it's a hacked eCommerce Drupal site that we're talking about here, then don't wait even one more minute: take your site down (along with the internal network and servers) and install a placeholder!

This way, you'll prevent:
 

  • malware from being further distributed
  • spam from being sent to your online store's customers
     

Note: do keep in mind that taking your site offline will instantly let the attackers know that you've detected the malware that they've “infiltrated” and that you are about to “take action”.

If you decide not to take your Drupal site offline at the web server level, ensure that you've got your clean forensic copy at hand before deleting all the sessions.

Note: have you detected suspicious changes of the passwords? If so, use this query here for updating them (Drupal 7):
 

update users set pass = concat('ZZZ', sha(concat(pass, md5(rand()))))

As for the users, they can easily use the reset password tool for updating their passwords.

Word of caution: mind you don't take "Drupal on maintenance mode” for “offline Drupal". They're 2 completely different things! Once your Drupal site has been hacked, the malware could be of such nature that it allows the attacker to infiltrate as long as the site's online.
 

Step 6: Notify Your Hosting Provider That Your Drupal Site Has Been Hacked 

They should be informed about the breach and about your site being taken offline (if it's the case) immediately.

The sooner the better, this way they can:
 

  • start scanning their own systems for incursions
  • get ready to assist you with your site recovery and securing process
     

Step 7: Handle Client Data with Extra Precaution 

And these are the specific scenarios where you'll need to take extra precautions when handling client information:
 

  1. your Drupal site stores client information on the web host
  2. … it leverages the data POST method for sending form data via e-mail
  3. … it doesn't integrate with a 3rd party payment gateway, but manages the payment processes itself
     

If one of these 3 scenarios suits your case, then here are some of these extra precautions that you need to make to ensure the private user data doesn't get exposed:
 

  • update your SSL certificate
  • re-check all logfiles (have any of the hosted client information been copied, updated or downloaded?)
  • implement AVS (address verification system) 
  • add CVV (card verification value)
  • encrypt connections to back-end services used for sending confidential user data 
     

Step 8: Investigate the Attack: Identify the Source(s) of Infection

No matter how much pressure you might find yourself under to get your site back online ASAP, don't let take control over your site's restoring process!

Not until you've detected the main source of contamination on your site. The key vulnerability that attackers exploited, the key reason why your Drupal site has been hacked in the first place.

That being said, make sure that:
 

  1. you first audit, on a staging server, that “clean” backup of your site that you're planning to get online; this way, you track down and remove infected files, unauthorized settings, malicious code 
  2. you compare pre- and post-hack files, looking for any suspicious changes
     

Now if you have a clean (and recent) backup at hand for running this comparison, the problem's almost solved. Just use the right tools to compare your files and track down discrepancies.

But if you don't have a backup at hand, then there's no other way but to:

Manually inspect your files and databases to identify any suspicious changes that have been made.

  • look for any suspicious iframe or JavaScript at the end of the files (if detected, save the code in an external file)
  • look for any sources of “Drupal site hacked redirect”; for links to external URLs
     

Now, as for the places that you should be running your investigations on, let me give you just a few clues:
 

  • .php files, .html files 
  • sessions table 
  • newly modified/created files
  • new/updated user accounts 
  • in writable directories and database 
     

Step 9: Do a Full Restore of Your Site 

So, you've noticed that your Drupal site has been hacked, you've assessed all the damage caused, removed malware and even detected the vulnerability that hackers exploited to get in, not it's only but logical to:

Try to repair your website, right?

Word of caution: never ever run your changes on your production site; instead, fix all detected issues on a staging site. Also, once you've cleaned it all up, remember to run the latest Drupal security updates, as well!

Now, getting back to repairing your site, you have 2 options at hand:
 

  1. you either restore a clean backup, if you know the date and time that your Drupal site has been hacked and you're also 100% sure that none of the system components, other than Drupal, got contaminated
  2. or you rebuild your Drupal site 
     

The latter method is, undoubtedly more cumbersome, yet a lot more cautious. Go for it if:
 

  • you do not know the precise date and time when your site's got contaminated
  • you do not have a clean (and recent) backup available to restore
  • you've evaluated the damages as being already too widespread  
     

Step 10: Give Your Restored Site a Full Check Before Going Live 

Do remember to give your newly recovered site a final audit before getting it back up:
 

  • remove all malicious code detected
  • suspicious files
  • unauthorized settings
     

And, most of all:

Close all the backdoors!
 

Final Word 

A pretty long, complex and discouragingly tedious recovery process, don't you think? 

So, why wouldn't you avoid all these steps that you need to go through once your Drupal site has been hacked?

Why not avoid the risk of finding yourself forced to take your website offsite for... God knows how long, risking to impact your site's reputation and to drive away users/online customers?

Don't you find it wiser to:
 

  • be prepared instead?
  • opt for ongoing Drupal maintenance and support services?
  • make a habit of regularly backing up your website?
  • keep your system and software up to date (and to install all the recommended patches)?
  • stop underrating the security advisories that the Drupal team makes?
     
Jun 11 2018
Jun 11

There's no way around it, not anymore: with Google's index now mobile-first, adopting a mobile-first approach when building a new Drupal site (or redesigning a legacy one) is… a must! It no longer depends on a specific project's needs or on the used technology. The need to develop a mobile-first content strategy has gone from particular to universal.

And facing the challenge of:
 

  1. (re)creating
  2. optimizing
  3. structuring
     

… content on your Drupal website means conforming to those specific patterns that mobile users have developed for reading content on their smartphones.

In short: developing a fully responsive Drupal site comes down to centering your mobile content strategy around the idea that:

It's for the smallest screen sizes that you should plan your content for, first things first … then scale it up from there.

Now, let's see precisely what it takes to develop a mobile-first content strategy. What focus points and must-have components to include:
 

1. Take the Smallest Screen Size as the Starting Point

In other words: think mobile-first!

And by “mobile” I do mean “smartphones” — the smaller the screen size, the better. 

This way, you'll be adjusting your content so that it makes the most of the smallest interface. Starting “small” is the best way to stick to the “keep it simple” approach:

Thinking through every content-related decision in the light of the viewport size challenge will constrain you to keep the truly essential content elements only.

Hence, this “spartan” way of eliminating the unnecessary will reflect on your site's desktop design, as well: 

It will turn out cleaner and lighter.
 

2. Use Visual Content Wisely: Weigh Your Choices of Images 

The golden rule when it comes to the imagery that you'll use on your responsive website is:

If an image doesn't enhance and complement your content, then you're better off without it!

And I know what you must be thinking:

“But people remember what they see far more easily than what they read.”

True, you need to keep in mind that visuals do come at a cost, though:

Those stunning, visually-arresting images on your website risk to divert your users' attention from the message itself.

And still, probably the most heavy-weighing reason why you should use images wisely when you develop a mobile-first content strategy is: weigh.

Visuals risk to take up valuable screen space and thus:
 

  • outshine your calls to action themselves
  • impact your site's overall performance (leading to frustration)
     

Now that doesn't mean that you should strip your content off ALL the visuals! Absolutely not!

Just to be cautious and weigh your every choice, think through your every decision involving the usage of an image. 

Once you've selected the truly essential ones, keep in mind:
 

  1. not to no resize them (or optimize them in any other way) before uploading them to your CMS: let Drupal do the heavy-lifting here 
  2. to leverage the Responsive Image module's (Drupal 8) capabilities for resizing them to fit the given screen sizes
     

3. Content Before Design

This is the right sequence to follow when you're designing (or re-designing) your Drupal site with mobile users in mind:

First, you create and strategically organize your content and upload it to your Drupal 8 CMS. It's only then that you focus on styling and developing a responsive and visually-striking web design.

If it's legacy content that you're dealing with, trying to convert it to mobile, the very first step to take when you develop a mobile-first content strategy is:

Removing all the design elements from your written content.
 

4. Create a Hierarchy of Your Calls to Action

Making the most of a small interface means also setting your priorities in terms of calls to action:

Pair each one with a corresponding objective, evaluate them all wisely, then select THE call to action that's most critical for you and place it — and it alone — above the fold.
 

5. Organize and Optimize Your Content for Mobile Devices

I'll briefly list all the key requirements that mobile-friendly content should meet — aspects to pay attention to when writing content for mobile devices — for I'm sure they're nothing new to you:

  • the phrases should be kept short and concise, thus eliminating the burden of “never-ending-scrolling”
  • the content should be sharp, targeted and skimmable, so users can easily “digest” it and modular, so that users can swiftly browse through it
  • “modular” meaning made either of multiple clear paragraphs — each one standing for one thought — or chunks of 3 paragraphs at most 
     

6. Optimize Media, too, When You Develop a Mobile-First Content Strategy

And there are a couple of essential steps that you mustn't overlook when it comes to mobile-optimizing your media:
 

  • always go for thumbnails instead of video players that your users would have to load and thus strain on your site's valuable resources
  • don't ever use autoplay on your audio and video content 
  • optimize your sound, image and video files both for large and small devices
     

7. Trim Down Your Navigation Menu

In other words: when you develop a mobile-first content strategy, consider simplifying your navigation to its truly essential links.

No user would gladly scan through a “beefy” navigation menu taking his device's entire screen:
 

  • flatten your navigation: stay away from the technique of piling up submenus, layers and navigation points
  • feel free to place the links that you'll remove on other places on your website (or even to turn them into calls to action)
     

8. Convert Your Legacy Content to Mobile-Friendly Content 

If it's a legacy Drupal website that you need to restructure and to adapt to your mobile users' specific patterns for browsing through and consuming content on their smartphones, then it's time you:
 

  • dug into your static HTML
  • … and cleaned it up
     

And by “cleaning it up” I do mean:
 

  • removing inline media
  • removing the fixed-width tables
  • eliminating floats with content 
  • breaking it down into skimmable chunks of content
     

… that can be easily structured into content fields.

The END! These are the 8 main aspects to focus on when you develop a mobile-first content strategy. 

Now time to test the “saying” that:

“Creativity strives under constraints.”

… and to make the most of those small interfaces.

May 29 2018
May 29


Content is a way too valuable asset not to handle it with utmost care — from its creation to its revision, all the way to its... distribution. And with utmost efficiency, as well! But how do you choose the business software to “orchestrate” your entire content workflow? Since, on one hand, you have the top enterprise content management systems in 2018 and, on the other hand, you have... Drupal?

And the dilemma that you're facing right now could be summed up like this:

Choosing between a complex ECM system with a load of powerful tools that comes at a cost and a feature-rich one — already famed for its robustness and customization options — with no price tag on...

Now to ease your decision-making process, let's compare these enterprise information management solutions, the top rated ones, to Drupal, by weighing their feature loads and costs.
 

1. But What Is an Enterprise Content Management System More Precisely?

First, let's try to define what we mean by “content” in relation to a content management software:

Content is all the written pieces of information entering and “moving about” your organization. It comes in the form of:

  • internal process documents
  • content for your company website (or blog)
  • sales-focused content
  • targeted, custom content available to paying cutomers only
  • ... and the list goes on.

As you can see, I've intentionally left out graphical and audio-visual content. And this because it's only text-based digital content that a CMS would handle.

Now, coming back to our initial question:

An enterprise content management system is a software geared at managing all the processes in your content's lyfecycle: creation, revision, publication, distribution to multiple channels, promotion etc.

Packed with different sets of tools designed to automate all your content-based processes, an ECM system is a... “Swiss knife” type of business software.

The one you'd use to streamline your content workflow(s).
 

2. M-Files, One of the Top Enterprise Content Management Systems in 2018

Introducing the enterprise-leveled information management solution of the year: M-files!

The promise that it makes? 

To break the “siloed information” pattern and enable users to access specific content from any buiness system, any device.

… to easily access it, but also to organize it, to manage it, to identify particular information/documents, to set up custom workflows and even to manage document reviews. 
 

Top features
 

  • version control 
  • automated workflows
  • pre-built search engine: you get to track documents by type, name, keywords; it provides within-text search features as well 
  • notifications: users get alerted whenever they'll need to review or approve changes made to documents
  • approval processing 
  • permission management and offline access 
  • integration capabilities: it easily integrates with Microsoft Dynamics, NetSuite, SAP, Salesforce 
  • document collaboration tools: co-authoring features and check-in/check-out tools 
     

Price


Mi-files is one of those enterprise content management vendors that leverage the quote-based method for pricing their services.

Basically, there are no standard prices, as there are no standard packages that they offer, only tailored content management solutions.
 

Cons

The great majority of negative user feedbacks revolve around the M-Files mobile app's limited functionality.
 

Another one of the top enterprise content management systems in 2018 is OnBase:

An all-in-one software coming “equipped” with:

  • business process management tools
  • integrated document management tools
  • records management tools

And before I “expose” to you its most heavy-weighing features, I feel that I should put the spotlight on its versatility feature first:

You get to easily configure your OnBase ECM system to fit any environment of choice.
 

Top Features 
 

  • approval process control
  • indexing
  • version control
  • built-in search engine
  • document management
     

Cons

Do expect a steep learning curve! So, be prepared to invest a significant amount of time in growing comfortable with using it.

In learning to “juggle” with all its apps and functionalities.
 

Price

You'll need to contact the OnBase team for a custom pricing plan.
 

Box is a cloud content management platform built to assist you with:
 

  • online sharing your files
  • storing your files
  • integrating content across your entire “infrastructure” of digital tools via open APIs
  • collaborating within your team
     

Top Features 
 

  • granular access permission
  • easy integration with other platforms 
  • advanced security capabilities: device trust, watermarking, data governance
  • easy integration with other platforms
  • collaboration tools: a document management system that enhances collaboration among end-users on various file types and devices; tools which also enable them to choose the right storage place, to set up metadata-driven content workflows etc.
     

Cons

Even top enterprise content management systems manage to collect their own “pile” of “bad reviews”. What users reproach OnBase here, for instance, is its user-based pricing model. 

In other words, if you have +100 people in your company, expect to get charged separately for each email domain... and thus to overstretch your budget over time.
 

Price

Box pricing plans start from €4.50 per user/month (we're talking about a starter business plan here) and can go up to $500 per month or more if it's a “build with BOX platform” plan that you'll select.
 

And now that we've put the top-rated ECM systems in 2018 into the spotlight, let's see what Drupal here has to offer. How it can counterbalance all these heavy loads of tools, features, and functionalities.
 

Drupal's Key Features 
 

  • advanced integration capabilities: Drupal “spoils” its end-users with conveniently accessible API, backed by a rich collection of modules built precisely for 3rd party integrations
  • no maintenance effort required: since it runs in Acquia Enterprise cloud, Drupal gets automatically updated; maintenance is already included in the Enterprise support costs plan
  • feature richness: and we're talking here about features, plug-ins (thousands of them) and content management tools that you get right out of the box
  • modular architecture: which goes hand in hand with the unlimited freedom of customization that you'll get to leverage
  • high performance: Drupal's already famed for its robustness and capabilities to withstand high influxes of traffic
  • unmatched scalability
  • a full toolbox (contributed modules here included) put at editors' disposal: Drupal's also won its reputation as a CMS that's been constantly improved to enrich the experience; all the in-built content-handling tools speak best of its “empower the content creator/end-user” philosophy
     

Price
 

  • license costs: unlike the top enterprise content management systems previously outlined, Drupal's open source; there are no license costs, only support costs associated with the Acquia Enterprise Platform 
  • vendor lock-in: all modules and plug-ins that you might select and mix and match to custom-tune your CMS are free
  • development costs: Drupal resources are available to anyone who wants to build and then to custom tune and scale up its CMS
     

In conclusion...

… Drupal comes feature-packed and, moreover, it “spoils” you with unlimited freedom of customization. And all this without putting a price tag on.

On the other hand, some of the top enterprise content management systems do tempt you with their feature richness, but at a cost. One that can go up precisely if you feel like customizing your ECM solution or scaling it up sometime in the future. 

In short: you do get your share of customization freedom... but not for free.

So, it's not really an “apples vs oranges” type of dilemma that you're facing, but rather an:

Apples vs Apples with a price tag on

Apr 24 2018
Apr 24

Whether you're "constrained" to migrate content to Drupal 8 or you're just eager to jump on the Drupal 8 bandwagon and harness its much-talked-about advanced features, the most important “warning/advice” to keep in mind is:

Don't migrate mindlessly!

Meaning that before you even get to the point of:
 

  • triggering the Migrate module's capabilities and adjusting them to your migration project's needs and requirements
  • selecting and combining all the needed contrib modules
  • writing down your YAML files for carrying out your content migration process
     

You'll need to think through every little aspect involved in/impacted by this process:
 

  • your goals
  • your growth plan
  • your current site visitors' complaints and suggestions
     

That being said, here's more of a “backbone” or summary of the migration workflow, one that highlights the:
 

  1. main phases to go through
  2. the right approach to the whole process
  3. Drupal-specific concepts and tools to use
     

Do NOT expect a very detailed, highly technical tutorial, though!

As for the Drupal concepts that you'll need to be already (more than) familiarized with once you launch your migration process, maybe you want to have a look at this guide here, on Understanding Drupal

And now, let's delve in:
 

1. The Migration Workflow: 4 Key Phases to Consider 

Here's the entire process in 4 steps (so you know what to expect):
 

  1. first, you'll need to migrate your data into the destination nodes, files and paragraphs on the newly built Drupal 8 site
  2. then you'll migrate data into date, image, taxonomy, address fields and file
  3. next, you'll move your precious data from JSON and CVS files
  4. and finally, you'll complete your migrations from the UI and the terminal
     

2. Are You Upgrading from Drupal 6 or 7 or Migrating From a Different System?

And here's what to expect depending on your answer to the above question:
 

  1. if you migrate content to Drupal 8 from an older version of Drupal (6 or 7), then you're quite “spoiled”: a lot of hard work has been done, by the Drupal community, for turning this migration process into the official path to Drupal 8; you could say that the solid framework has already been set up, so all there's left for you to do is to... take advantage of it!
  2. if it's from a whole different system that you're migrating your site (let's say WordPress or maybe Joomla), then... expect it to be a bit more challenging. Not impossible, yet more complex
     

3. Plan Everything in Detail: Think Everything Through!

Now with the risk of sounding awfully annoying and repetitive, I feel like stressing this out:

Don't migrate... mindlessly!

Plan everything in the smallest detail. Re-evaluate the content on your current site and its “load” of features. 

Take the time to define your clear goals and to put together your growth plan (if there's any).

Then, do lend ear to what your current site visitors have to say, filter through all their complaints and suggestions and tailor your final decisions accordingly.

It's only then that you can go ahead and set up your content architecture.
 

4. Start With the Structure: Build Your Drupal 8 Site First

“But I haven't picked a theme yet!” you might be thinking.

No need to! Not at this stage of the migration process.

You can still build your Drupal 8, from the ground up, even without a theme ready to be used. You can add it later on, once you have the final version of your content!

But the site itself, its solid structure, this is a “must do”. It's the very foundation of all your next operations included in your migration workflow!
 

5. Deep Clean & Declutter! Take Time to Audit Your Content

Don't underrate this very step! For moving over all that clutter, that heavy load of unused, outdated features and all those chaotic, crummy pages will only impact your Drupal 8 site's performance from the start.

So, now it's the right time to do some... deep cleaning!

Audit your content, your features, plugins and other functionalities included in your site's infrastructure and... trim it down by:
 

  1. relevance (are you using it?)
  2. quality: keyword-stuffed, unstructured pages (a heavy pile of them) will surely not give your new Drupal 8 site any significant jumpstart in rankings!
     

6. About the Migration Module Included in Drupal 8 Core

Using this dedicated module in Drupal core to migrate content to Drupal 8 comes down to implementing the:

Extract- Transform-Load process

Or simply: ETL.

In Drupal — as related to the Drupal migrate module — these 3 operations come under different names:
 

  • the source plugin stands for “extract”
  • the process plugin stands for “transform”
  • the destination plugin stands for “load”
     

7. Time to... Migrate Content to Drupal 8 Now!

Now it's time to put some order into that “pile” of content of yours! To neatly structure Google Sheets, XML files, CVS files etc.

And here's the whole “structuring process” summed up to the 3 above-mentioned plugins: source, process and destination.
 

Source: 

  • XML file
  • SQL database
  • Google Sheet
  • CVS file
  • JSON file
     

Process:

  • iterator
  • default_value
  • migration_lookup
  • concat
  • get 


Destination:

  • images
  • users
  • paragraphs
  • nodes
  • files

And here's a specific example of how to “glue” data for a neater and ideally structured content architecture:
 

Before the migration:

  • A: First Name- Kevin
  • B: Last Name: Thomson
  • C: Department- Commerce
     

After Migration: 

  • A: Name- Kevin Thomson
  • B: Department- Commerce
     

8. 4 Contrib Modules to Incorporate Into Your Migration Workflow

As already mentioned, the migrate content to Drupal 8 process also involves using a combination of contrib modules. 

Speaking of which, allow me to get them listed here:
 

  1. Migrate Tools          
  2. Migrate Source CVS    
  3. Migrate Spreadsheet 
  4. Migrate Plus 
                 

The END! This is the tutorial on how to migrate content to Drupal 8 trimmed down to its bare essentials.

To its core phases, key steps to take, main Drupal concepts to “joggle with”, right approach/mindset to adopt and best tools/modules to leverage for a smooth process!

Any questions?

Apr 06 2018
Apr 06

With popularity comes trouble... In this case here meaning: security vulnerabilities and risky over-exposure to cyber threats. And this can only mean that securing your website, that's running on the currently third most popular CMS in the world, calls for a set of Drupal security best practices for you to adopt.

And to stick to!

There's no other way around it: a set of strategically chosen security measures, backed by a prevention-focused mindset, pave the shortest path to top security.   

Stay assured: I've selected not just THE most effective best practices for you to consider adopting, but the easiest to implement ones, as well.

Quick note: before I go on and knee deep into this Drupal security checklist, I feel like highlighting that:
 

  • Drupal still has a low vulnerability percentage rate compared to its market share
  • the majority of Drupal's vulnerabilities (46%) are generated by cross-site scripting (XSS)
     

And now, here are the tips, techniques and resources for you to tap into and harden your Drupal site's security shield with.
 

1. The Proper Configuration Is Required to Secure Your Drupal Database 

Consider enforcing some security measures at your Drupal database level, as well.

It won't take you more than a few minutes and the security dangers that you'll be safeguarding it from are massive.

Here are some basic, yet effective measures you could implement:
 

  • go for a different table prefix; this will only make it trickier for an intruder to track it down, thus preventing possible SQL injection attacks
  • change its name to a less obvious, harder to guess one
     

Note: for changing your table prefix you can either navigate to phpMyAdmin, if you already have your Drupal site installed, or do it right on the setup screen (if it's just now that you're installing your website).
 

2. Always Run The Latest Version of Drupal on Your Website

And this is the least you could do, with a significant negative impact on your Drupal site if you undermine its importance. If you neglect your updating routine.

Do keep in mind that:
 

  1. it's older versions of Drupal that hackers usually target (since they're more vulnerable)
  2. the regularly released updates are precisely those bug fixes and new security hardening features that are crucial for patching your site's vulnerabilities.
     

Why should you leave it recklessly exposed? Running on an outdated Drupal version, packed with untrusted Drupal modules and themes?

Especially since keeping it up to date means nothing more than integrating 2 basic Drupal security best practices into your site securing “routine”:
 

  1. always download your themes and modules from the Drupal repository (or well-known companies)
  2. regularly check if there are any new updates for you to install: “Reports” → “Available Updates”→“Check manually” 
     

Drupal Security Best Practices: run the latest version of Drupal
 

3. Make a Habit of Backing Up Your Website

And here's another one of those underrated and too often neglected Drupal security best practices!

Why should you wait for a ransomware attack and realize its true importance... “the hard way”?

Instead, make a habit of regularly backing up your website since, as already mentioned:

There's no such thing as perfection when it comes to securing a Drupal site, there's only a hierarchy of different “security levels” that you can activate on your site

And backing up your site, constantly, sure stands for one of the most effective measures you could apply for hardening your Drupal website.

Now, here's how you do it:
 

  1. make use of Pantheon's “one-click backup” functionality
  2. test your updates locally using MAMP or XAMPP or another “kindred” software
  3. harness the Backup and Migrate module's power, currently available only for Drupal 7
  4. export your MySQL database and back up your files “the old way”... manually
     

There, now you can stay assured that, if/when trouble strikes, you always have your backup(s) to retrieve your data from and get back “on your feet” in no time!
 

4. Block Those Bots That You're Unwillingly Sharing Your Bandwidth With

No need to get all “altruist” when it comes to your bandwidth!

And to share it with all kinds of scrappers, bad bots, crawlers.

Instead, consider blocking their access to your bandwidth right from your server.

Here's how:

Add the following code to your .htacces file and block multiple user-agent files at once:

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(agent1|Wget|Catall Spider).*$ [NC]
RewriteRule .* - [F,L]

Or use the BrowserMatchNoCase directive as follows:

BrowserMatchNoCase “agent1” bots
BrowserMatchNoCase "Wget" bots
BrowserMatchNoCase "Catall Spider" bots

Order Allow,Deny
Allow from ALL
Deny from env=bots

Use the KeyCDN feature for preventing those malicious bots from stealing your bandwidth!



5. Use Strong Passwords Only: One of the Easiest to Implement Drupal Security Best Practices

More often than not “easy” doesn't mean “less efficient”. 

And in this particular case here, simply opting for a strong username (smarter than the standard “admin”) and password can make the difference between a vulnerable and a hard-to-hack Drupal site.

For this, just:

Manually change your credentials right from your admin dashboard:  “People” → “Edit”→ “Username” while relying on a strong password-generating program ( KeePassX or KeePass) 
 

6. Use an SSL Certificate: Secure All Sensitive Data and Login Credentials

Would you knowingly risk your users' sensitive data? Their card information let's say, if it's an e-commerce Drupal site that you own?

And how about your login credentials?

For this is what you'd be doing if — though you do recognize the importance of using an SSL certificate —  you'd still put this measure at the back of your list of Drupal security best practices.

In other words, running your site on HTTPs (preferably on HTTP/2, considering all the performance benefits that it comes packaged with) you'll be:
 

  • encrypting all sensitive data that's being passed on, back and forth, between the server and the client
  • encrypting login credentials, instead of just letting them get sent, in crystal-clear text, over the internet.
     

7. Use Drupal Security Modules to Harden Your Site's Shield

For they sure make your most reliable allies when it comes to tracking down loopholes in your site's code or preventing brutal cyber attacks.

From:
 

  • scanning vulnerabilities
  • to monitoring DNS changes
  • blocking malicious networks
  • identifying the files where changes have been applied
     

… and so on, these Drupal modules will be “in charge” of every single aspect of your site's security strategy.

And supercharging your site with some of the most powerful Drupal security modules is, again, the easiest, yet most effective measure you could possibly enforce.

Now speaking of these powerful modules, here's a short selection of the “must-have” ones:
 

  • Password Policy: enables you to enforce certain rules when it comes to setting up new passwords (you even get to define the frequency of password changes)
  • Coder : runs in-depth checks, setting your code against Drupal's best practices and coding standards
  • Automated Logout: as an admin, you get to define the time limit for a user's session; he/she will get automatically logged out when time expires
  • SpamSpan Filter: enables you to obfuscate email addresses, thus preventing spambots from “stealing” them
  • Login Security: deny access by ID address and limit the number of login attempts
  • Content Access: grant permission to certain content types by user roles and authors
  • Hacked!: provides an easy way for you to check whether any new changes have been applied to Drupal core/themes
  • Security Review Module: it will check your website for those easy-to-make mistakes that could easily turn into security vulnerabilities; here's a preview of this module “at work”
     

Drupal Security Best Practices: the Drupal Security Review Module
 

8. Implement HTTP Security Headers

Another one of those too-easy-to-implement, yet highly effective Drupal security best practices to add to your Drupal security checklist:

Implementing (and updating) HTTP security headers

“Why bother?”

Cause:
 

  1. first of all, their implementation requires nothing more than a configuration change at the web server level
  2. their key role is letting the browsers know just how to handle your site's content
  3. … thus reducing the risk of security vulnerabilities and brute force attacks
     

9. Properly Secure File Permissions

Ensure that your file permissions for:
 

  • opening
  • reading
  • modifying them
     

… aren't too dangerously loose.

Since such negligence could easily turn into an invitation for “evil-minded” intruders! 

And it's on Drupal.org's dedicated page that you can find more valuable info on this apparently insignificant, yet extremely effective security measure 
 

10. Restrict Access To Critical Files 

Told you this was going to be a list of exclusively easy-to-implement Drupal security best practices.

Blocking access to sensitive files on your website (the upgrade.php file, the install.php file, the authorize.php file etc.) won't take you more than a few minutes.

But the danger you'd avoid — having a malicious intruder risking to access core files on your Drupal site — is way too significant to overlook.
 

END of list! These are probably the easiest steps to take for securing your Drupal site.

How does your own list of Drupal security tips, techniques and resources to tap into look like?

Apr 05 2018
Apr 05

Who are your visitors? Where do they come from? And what do they do precisely during their visits on your Drupal site? How long are their visits? What content on your site do they linger on and what content do they “stubbornly” ignore? Needless to say that for getting your answers to all these questions you need to set up Google Analytics on your website.

Since:

“This data--aka analytics--is the lifeblood of the digital marketer.” (Jeffrey Mcguire, Acquia, Inc. Evangelist)

The good news is that integrating it is nothing but a quick and simple 3-step process. And the great news is that:

Drupal's got you covered with its dedicated Google Analytics module, geared at simplifying the otherwise tedious and time-consuming process.

So, shall we dive into the installation guide?
 

1. But First: Why Web Analytics? And Why Precisely Google Analytics?

In an UX-dominated digital reality, that takes personalization to a whole new level, user behavior data turns into... superpower.

And by “user behavior data”, I do mean web analytics.

Therefore, injecting a web analytics service into your Drupal site is like... injecting true power into its “veins”.

But why precisely Google Analytics?

Why set up Google Analytics on your Drupal site instead of another web analytics tracking tool? Is its popularity a strong enough reason for you to jump on the trend?

To answer your question, I do think that its own key features make the best answers:
 

  • audience demographic reporting: discover where your site visitors come from, their native languages, the devices and operating systems they use for accessing your website...
  • goal tracking: monitor conversion rates, downloads, sales and pretty much all stats showing how close (or far) you are to reaching the goals that you've set for your website
  • acquisition reporting: identify your site's traffic sources; where do your visitors come from exactly?
  • on-site reporting: gain a deep insight into the way visitors engage with specific pieces of content on your website, so you know how to adjust the experience your deliver them on your site/app to their specific needs 
  • event-tracking: tap into this feature for measuring all activities carried out on your Drupal site
     

And the list of features could go on and on. Providing you with a high-level dashboard and enabling you to go as deep as you need to with your “data digging”.

For Google Analytics is only as powerful as you “allow” it to be. It empowers you to dig up both surface and “in-depth data”.

Moreover (or better said: “thanks to...”), being such a feature-rich tracking tool, Google Analytics's highly versatile, too. From email marketing to social media marketing, to any type of marketing campaign that you plan to launch, it's built to fit in just perfectly.

To power all forms of marketing strategies.

And where do you add that it's been a while now since we've been having Google Analytics for mobile apps and the Google Analytics 360 suite, too! 2 more powerful GA tools to add to your web analytics “tracking arsenal”.
 

2. The Drupal Google Analytics Module and How It Will Make Your Life (So Much) Easier

Let me try a lucky guess: 

Your Drupal site has... X pages (have I guessed it?)

The “standard” way to add Google Analytics to your Drupal site would involve:

Copying the tracking ID that Google Analytics provides you with and pasting it on each and every page on your website.

A hair-pulling monotonous and time-consuming process, don't you think?

And it starts to look even more cumbersome if you think that you have the alternative to set up Google Analytics on your Drupal site using the dedicated module.

But how does it streamline... everything more exactly? 

You'll just need to paste that Google Analytics javascript snippet for tracking data right to this module's Configuration page and... that's it!

The module will take it from there! It will distribute it itself to all the pages on your website.

Less effort, less time wasted for carrying out in a tedious and repetitive activity. And more time left for customizing all those statistics features to perfectly suit your goals and your site's needs.

How to Set Up Google Analytics on Your Drupal Site: The Google Analytics Drupal Module

Luckily enough, the Drupal Google Analytics module puts an admin-friendly UI at your disposal precisely for that:
 

  • use it to track down key data 
  • use it for tailoring your web analytics-tracking activity to your needs: by user role, by pages etc.
     

3. Set Up Google Analytics on Your Drupal Site In Just 3 Simple Steps 

As promised, here's a “dead-simple 3-step guide on how to add Google Analytics to your Drupal site (“leveraging the power of the dedicated Drupal module here included”)
 

Step 1

The very first thing you'll need to do is sign up for a Google Analytics account if you don't have one already. And then to add your Drupal site (obviously!).

And here are the quick steps to take:
 

  1. go to www.google.com/analytics
  2. hit “sign in” (you'll find it in the top right corner) and select “Google Analytics” from the unfolding drop-down menu
  3. click “Sign Up” and just follow the given steps for setting up your new account
  4. next, follow the instructions for setting up web tracking
     

Now you should be able to see your Drupal site displayed under your account, on your admin page in Google Analytics.

And it's now that you should be able to retrieve your site's “Tracking ID”, as well. You'll find it in the “Property Setting” section.
 

Step 2

The next major step to take as you set up Google Analytics on your Drupal site is to actually go back to your site and... install THE module itself.

Since I've already praised its “superpowers” and how they “conspire” to make your life easier, I'm not going to point them out once again.

Instead, I'll go straight to the steps to take once you've enabled the module on your website:
 

  1. access its configuration page (you'll find the “Configuration” tab on top of the page, “flanked by” the “Modules” and the “Reports” tabs)
  2. there, right under the “General Setting” section, just enter your “Web Property ID”
  3. … which is precisely the Google Analytics tracking code that you've just retrieved at Step 1
     

And this is precisely the “magic trick” that's going to add the Google Analytics tracking system site-wide. A monotonous, multiple-step process turned into a one-step operation.

This thanks to the Drupal Google Analytics module!
 

Step 3

Here you are now, ready to save your settings and to officially harness the power of Google Analytics on your website!

Normally you should be just fine with the default settings that the service provides you with, right out-of-the-box.

Yet, if you need to “refine” your searches, your entire tracking activity, feel free to do that. To explore all the options stored in the “Tracking Scope” tabs for you.

Speaking of which, let me give you just a few examples of how deep you could narrow down your “investigations” and customize the modules:
 

  • roles: a setting which lets you define which user roles to track (and which roles the system should ignore)
  • domains: indicate whether it's a single or multiple domains that you need monitoring
  • privacy: it enables you to make visitors' IP addresses anonymous
  • pages: indicate precisely which pages on your website you need to track
  • messages: track and monitor the messages displayed to your site visitors
  • search and advertising: keep track of your internal site searches and AdSense advertisements; do keep in mind, though, that some additional settings might be needed!

And... more! You actually get even more power for configuring your JavaScript setting and adding custom variables.

The END! This is how you set up Google Analytics on your Drupal site in 3 dead-simple steps, a streamlined process powered by the dedicated Drupal module.

Mar 16 2018
Mar 16

And I'm back, as promised, with 5 more key differences meant to help you solve your Apache Solr vs Elasticsearch dilemma.

To help you properly evaluate the 2 open source search engines and, therefore, to identify the perfect fit for your own use case and your project's particular needs.
 

6. Node Discovery

Another aspect that clearly differentiates the 2 search engines is the way(s) they handle node discovery.That is, whenever a new node joins the cluster or when there's something wrong with one of them, immediate measures, following certain criteria, need to be taken.

The 2 technologies handle this node-discovery challenge differently:
 

  1. Apache Solr uses Apache Zookeeper — already a “veteran”, with plenty of projects in its “portfolio” —  requiring external Zookeper instances (minimum 3 for a fault-tolerant SolrCloud cluster).
  2. Elasticsearch relies on Zen for this, requiring 3 dedicated master nodes to properly carry out its discovery “mission”

 
7. Apache Solr vs Elasticsearch: Machine Learning

Machine learning has a way too powerful influence on the technological landscape these days not to take it into consideration in our Apache Solr vs Elasticsearch comparison here.

So, how do these 2 open source search engines support and leverage machine learning algorithms?
 

  1. Apache Solr, for instance, comes with a built-in dedicated contrib module, on top of streaming aggregations framework; this makes it easy for you to use machine-learning ranking models right on top of Solr
  2. Elasticsearch comes with its own X-Pack commercial plugin, along with the plugin for Kibana (supporting machine learning algorithms) geared at detecting anomalies and outlines in the time series data 
     

8. Full-Text Search Features 

In any Apache Solr vs Elasticsearch comparison, the first one's richness in full-text search related features is just... striking!

Its codebase's simply “overcrowded” with text-focused features, such as:
 

  • the functionality to correct user spelling mistakes
  • a heavy load of request parsers
  • configurable, extensive highlight support
  • a rich collection of request parsers
     

Even so, Elasticsearch “strikes back” with its own dedicated suggesters API. And what this feature does precisely is hiding implementation details from user sight, so that we can add our suggestions far more easily.

And, we can't leave out its highlighting functionality (both search engines rely on Lucene for this), which is less configurable than in Apache Solr.
 

9. Indexing & Searching: Text Searching vs Filtering & Grouping

As already mentioned in this post, any Apache Solr vs Elasticsearch debate is a:

Text-search oriented approach vs Filtering and grouping analytical queries type of contrast.

Therefore, the 2 technologies are built, from the ground up, so that they approach different, specific use cases:
 

  1. Solr is geared at text search
  2. Elasticsearch is always a far better fit for those apps where analytical type of queries, complex search-time aggregations need to be handled
     

Moreover, each one comes with its own “toolbox” of tokenizers and analyzers for tackling text, for breaking it down into several terms/tokens to be indexed.

Speaking of which (indexing), I should also point out that the two search engine “giants” handle it differently:
 

  1. Apache Solr has the single-shard join index “rule”; one that gets replicated across all nodes (to search inter-document relationships)
  2. Elasticsearch seems to be playing its “efficiency card” better, since it enables you to retrieve such documents using top_children and has_children queries
     

10. Shard Placement: Static by Nature vs Dynamic By Definition

Shard replacement: the last test that our two contestants here need to pass, so you can have your final answer to your “Apache Solr vs Elasticsearch” dilemma.

In this respect, Apache Solr is static, at least far more static than Elasticsearch. It calls for manual work for migrating shards whenever a Solr node joins or leaves the cluster. 

Nothing impossible, simply less convenient and slightly more cumbersome for you:
 

  • you'll need to create a replica 
  • wait till it synchronizes the data
  • remove the “outdated” node
     

Luckily for you, Elasticsearch is not just “more”, but “highly” dynamic and, therefore, far more independent.

It's capable to move around shards and indices, while you're being granted total control over shard placement:

  • by using awareness tags, you get to control where those shards should/shouldn't be placed
  • by using an API call you can guide Elasticsearch into moving shards around on demand

The END! Now if you come to think about it, my 10-point comparative overview here could be summed up to 2 key ideas worth remembering:
 

  1. go for ApacheSolr if it's a standard text-search focused app that you're planning to build; if you already have hands-on experience working with it and you're particularly drawn to the open-source philosophy
  2. go for Elasticsearch if it's a modern, real-time search application that you have in mind; one perfectly “equipped” to handle analytical queries. If your scenario calls for a distributed/cloud environment (since Elastic is built with out-of-the-ordinary scalability in mind)
     
Mar 16 2018
Mar 16

Apache Solr vs Elasticsearch, the 2 leading open-source search engines... What are the main differences between these technologies?

Which one's faster? And which one's more scalable? How about ease-of-use?

Which one should you choose? Which search engine's the perfect fit for your own:
 

  1. use case
  2. specific needs
  3. particular expectations?
     

Obviously, there's no universally applicable answer. Yet, there are certain parameters to use when evaluating these 2 technologies. 

And this is precisely what we've come up with: a list of 10 key criteria to evaluate the two search engines by, revealing both their main strengths and most discouraging weakness.

So you can compare, weight pros and cons and... draw your own conclusions.
 

But First, A Few Words About The Two “Contestants”

I find it only natural to start any Apache Solr vs Elasticsearch comparison by briefly shading some light on their common origins:

Both open source search engine “giants” are built on the Apache Lucene platform. And this is precisely why you're being challenged with a significant number of similar functionalities.
 

Apache Solr

Already a mature and versatile technology, with a broad user community (including some heavy-weighting names: Netflix, Amazon CloudSearch, Instagram), Apache Solr is an open source search platform built on Lucene, a Java library.

And no wonder why these internet giants have chosen Solr. Its indexing and searching multiple sites capabilities are completed by a full set of other powerful features, too:
 

  • dynamic clustering
  • faceted search 
  • NoSQL features & rich document handling
  • full-text search 
  • real-time indexing
     

Elasticsearch 

It's a (younger) distributed open source (RESTful) search engine built on top of Apache Lucene library.

Practically, it emerged as a solution to Solr's limitations in meeting those scalability requirements specific to modern cloud environments. Moreover, it's a:
 

  • multitenant-capable
  • distributed
  • full-text


...  search engine, with schema-free JSON documents and HTTP web interfaces, that it “spoils” its users with.

And here's how Elasticsearch works:

It includes multiple indices that can be easily divided into shards which, furthermore, can (each) have their own “clusters” of replicas.

Each Elasticsearch node can have multiple (or just a single one) shards and the search engine is the one “in charge” with passing over operations to the right shards.

Now, if I am to highlight some of its power features:
 

  • analytical search 
  • multi-tenancy
  • grouping & aggregation 
  • distributed search 
     

1. User and Developer Communities: Truly Open-Source vs Technically Open-Source

A contrast that we could define as:

“Community over code” philosophy vs Open codebase that anyone can contribute to, but that only “certified” committers can actually apply changes to.

And by “certified” I do mean Elasticsearch employees only.

So, you get the picture:

If it's a fully open-source technology that you're looking for, Apache Solr is the one. Its robust community of contributors and committers, coming from different well-known companies and its large user base make the best proof.

It provides a healthy project pipeline, everyone can contribute, so there's no one single company claiming the monopoly over its codebase.

One that would decide which changes make it to the code base and which don't.

Elasticsearch, on the other hand, is a single commercial entity-backed technology. Its code is right there, open and available to everyone on Github, and anyone can submit pull requests.

And yet: it's only Elasticsearch employees who can actually commit new code to Elastic.
 

2. What Specific Use Cases Do They Address?

As you can just guess it yourself:

There's a better or worse fit, in any Apache Solr vs Elasticsearch debate, depending exclusively on your use case.

So, let's see first what use cases are more appropriate for Apache Solr:
 

  • applications relying greatly on text-search functionality
  • complex scenarios with entire ecosystems of apps (microservices) using multiple search indexes, processing a heavy load of search-request operations
     

And now some (modern) use cases that call for Elasticsearch:
 

  • applications relying (besides the standard text-search functionality) on complex search-time aggregations, too
  • open-source log management use cases with many organizations indexing their logs in Elasticsearch in order to make them more searchable
  • use cases depending on high(er) query rates
  • data stores “supercharged” with capabilities for handling analytical type of queries (besides text searching)

… and pretty much any new project that you need to jump right onto, since Elasticsearch is much easier to get started with. You get to set up a cluster in no time.
 

3. Apache Solr vs Elastic Search: Which One's Best in Terms of Performance?

And a performance benchmark must be on top of your list when doing an Apache Solr vs Elasticsearch comparison, right?

Well, the truth is that, performance-wise, the two search engines are comparable. And this is mostly because they're both built on Lucene.

In short: there are specific use cases where one “scores” a better performance than the other.

Now, if you're interested in search speed, in terms of performance, you should know that:
 

  1. Solr scores best when handling static data (thanks to its capability to use an uninverted reader for sorting and faceting and thanks to its catches, as well)
  2. Elasticsearch, being “dynamic by nature”, performs better when used in... dynamic environments, such as log analysis use cases
     

4. Installation and Configuration

Elasticsearch is a clear winner at this test:

It's considerably easier to install, suitable even for a newbie, and lighter, too.

And yet (for there is a “yet”), this ease of deployment and use can easily turn against it/you. Particularly when the Elasticsearch cluster is not managed well.

For instance, if you need to add comments to every single configuration inside the file, then the JSON-based configuration, otherwise a surprisingly simple one, can turn into a problem.

In short, what you should keep in mind here is that:
 

  1. Elastricsearch makes the best option if you're already using JSON
  2. if not, then Apach Solr would make a better choice, thanks to its well-documented solrconfig.xml and schema.xml 
     

5. Which One Scales Better?

And Elasticsearch wins this Apache Solr vs Elasticsearch test, too.

As already mentioned here, it has been developed precisely as an answer to some of Apache Solr well-known scalability shortcomings.

It's true, though, that Apache Solr comes with SolrCloud, yet its younger “rival”:
 

  • comes with better built-in scalability
  • it's designed, from the ground up, with cloud environments in mind
     

And so, Elasticsearch can be scaled to accommodate very large clusters considerably easier than Apach Solr. This is what makes it a far better fit for cloud and distributed environments.

And this is the END of PART 1. Stay tuned for I have 5 more key aspects “in store” for you, 5 more “criteria” to consider when running an Apache Solr vs Elasticsearch comparison!

Still a bit curious: judging by these 5 first key features only, which search engine do you think that suits your project best?

Mar 15 2018
Mar 15

Contending with the... paradox of choice? With a handful of tempting options in terms of ecommerce services providers that seem to be fitting your project's needs entirely?

And choosing gets frustratingly challenging since they all “tempt” you with:
 

  • a visually-arresting design “backed up” by an ideally simple navigation structure
  • a team fluent in SEO, ready to propel your site right on the “highest peaks” of Google rankings
  • an impressive experience in implementing e-commerce-specific features and functionality
  • 24/7 assistance: both pre- and post-launch issues and nasty bugs stand no chance to escape their team's vigilance
  • module, theme, and plugin customization skills to suit your ever-growing needs
     

… and the list goes on

So, how do you decide when all your choices seem to be equally... promising? 

What's the proper evaluation system to use on all these “candidates”? How do you narrow down your own checklist of “must-have experience and expertise“ to the essentials?

And what are the essential things to look for in a potential e-commerce services provider anyway? Keep on reading...
 

1. Use This Checklist to Rate Other eCommerce Websites from Their Portfolio

Engage in some research work first, starting with the candidate's own portfolio.

Look for other ecommerce websites listed there and start evaluating the following aspects/site components:
 

  1. the overall design: as a first-time visitor on those websites, do you find them visually-appealing enough?
  2. navigation: it should be as simple and, therefore, intuitive, as possible; easily navigable inventories here included
  3. imagery and particularly product images: are they high-quality?
  4. is there any type of interactive chat system integrated, that users can use for dropping their questions?
  5. is there a review system implemented; are customer testimonials displayed and visible enough?
  6. checkout: the simpler the better; in this respect, the single-step checkouts, with visible “Add to cart” buttons, leading you straight to the payment page, make the surest “bet”
  7. is there a status bar informing customers know just how many more steps there are left till they complete the checkout process?
     

All these are crucial aspects to check off your preliminary checklist, so mind you give them due consideration. Track down all the above-mentioned elements (adding a “minus” to your evaluation list if they miss), then take your time to analyze and to rate them one by one!

The completed projects of an ecommerce services company are filled with valuable “hints” in regard to how your own project might end up looking/performing!
 

2. Does The Platform Suit Your Budget and Back-Office Administration Experience?

And you might want to start your conversation precisely with this question:

“What ecommerce website development platform would you use for my project?”

From WordPress to Magento commerce, to PrestaShop, to OpenCart, to Drupal Commerce, the range of possible answers to this key question is wide enough to get you thinking.

... to get you pondering on whether their platform suits:
 

  • your planned budget for this ecommerce project
  • the time you're planning to invest 
  • your team's skills and hands-on experience in back-office management
     

Do you want your online store to be up and running in no time? Conveniently easy-to-use and overall... simple? 

Or is it a big ecommerce website, with a large inventory, incorporating a whole infrastructure of complex ecommerce functionalities, that you have in mind?

There's a specific platform to go with for every type of need and goal that you might have. Make sure your potential ecommerce services provider has already built itself a reputation working with that particular platform that best suits you and your project!
 

3. Put SEO Expertise High on Your List When Choosing Your eCommerce Services Provider

Need I add more?

The expertise and time invested in building a visually-arresting, ideally easy-to-use website gets reduced to... wasted efforts if they're powered by an effective SEO strategy.

Now it's the perfect time to tackle specific SEO goals that your potential partner would have to meet:
 

  • putting together SEO-friendly URLs
  • integrating meta tags relevant to each page
  • achieving mobile responsiveness
  • using certain page load time optimization techniques
     

And the list of SEO-oriented goals and aspects to evaluate at this phase continues with the analytics tools that this ecommerce services company has in its toolbox.

In short: look for proofs that this company's proficient in turning key customer-behavior data and valuable stats into... actionable insights for you to leverage.
 

4. Carefully Consider Their Time Estimate: Do They Leave Any “Room” for Extensive Tests?

In other words: “fast” could also mean:
 

“Let's skip or reduce the pre-launch testing to bare minimum!”

It's a trap, don't fall for it!

Make sure that the time estimate that they'll give you:
 

  • complies with your own release schedule
  • does cover the pre-launch testing period, too
     

A time needed for them to do their own testing, for your own team to run theirs and, of course, for this partner team to get all the identified bugs and issues fixed.
 

5. Do They Commit to Crafting High-Converting Copy, too?

If so, look for relevant “samples” of copy they've already crafted for past clients.

Is their copy:
 

  • persuasive enough?
  • clear, concise, yet informative?
  • simple, yet engaging?
     

Does it efficiently outline/tell those products', those brands' unique features/stories?

Then, you might just have a “winner”.

Still, there still are 2 more essential aspects to check off your list before you can give your final “verdict”. Keep on reading...
 

6. Can They Meet Your Current and Future Customization Needs?

Maybe a standard turnkey solution doesn't suit your ecommerce project's specific needs. Maybe those plugins need some tuning work to meet your specific requirements.     

Or maybe you want that free Drupal 8 ecommerce theme that you like best to be perfectly adjusted to your own needs.

Is this ecommerce services company IN for customization, too? Or do they stick to assembling pieces provided by an open-source platform when putting together your ecommerce website?

Be skeptical when you're being offered “one size fits all” solutions! When you detect proofs of zero experience or total lack of enthusiasm at the perspective of having to custom-tune those:
 

  • ecommerce theme
  • plugins
  • modules
     

… to your project's particularities and to your own future goals.
 

7. How About Post Launch Support? What if You “Detect” New Issues Then?

Is it a “full-option” type of ecommerce services package that they'll provide you?

Will they be there, ready to intervene, if, after your website' launch, you detect any bugs that escaped the pre-launching testing phase? Or if new issues breakthrough?

Now it's the perfect time to let them know about all your expectations regarding post-launch assistance.
 
The END! Time to evaluate some “candidates” now and, with this evaluation system at hand, to choose the ecommerce services provider that makes the perfect fit for your project's needs!

Mar 10 2018
Mar 10

Price, level of expertise and estimated time! These are the 3 main criteria that any organization planning to have a mobile app built use to evaluate potential mobile app development services providers, right?

And yet, the cost of development sure isn't just about the money. Take time factor and commitment, for instance! They, too, get reflected in your bill. A suspiciously short time estimate might be a signal for you that they'll be skipping a crucial step or two from your app's development process.

Also, a “large” team might be a numerous team of enthusiastic and hard-working... junior developers only. 

So, how do you properly evaluate your potential mobile app development partner? How do you know for sure whether their services and level of expertise are enough to help them deliver you a mobile app that meets your requirements entirely?

Gaining in-depth knowledge about their team members and collecting reviews from former clients are just some of the key steps to take during your “investigation”. 

And since no other “evaluation method” could beat an open face-to-face talk, here are 9 essential questions to ask your potential provider:
 

1. "What's Your Specific Workflow?"

In other words: how do they usually approach their mobile app projects?

What's their work strategy? What key phases does it include (or exclude)?

Everyone's “boasting” with their adoption of the agile development these days, right? Make sure you go beyond the standard talk about the agile approach and ask them to name the specific phases included in their process flow. 

A good workflow would need to include at least these 5 crucial steps:
 

  1. preliminary research on the type of app to be built, along with all its particularities and specific functionalities to be implemented (analyzing the target audience here included)
  2. a feasibility study
  3. the prototyping phase
  4. the UI optimization phase
  5. the MVP building phase
     

Do dare raise an eyebrow if your potential “partner in crime” strives to convince you to go straight to MVP.

It's an alarming sign that they're not the professionals that you might want to handle your brilliant app idea.
 

2. "What Technologies Does Your Team Have a Deep Expertise In?"

Another crucial question to dare asking your potential app development services provider whether:
 

  1. you've already started working on your app and you're now just outsourcing some aspects of your project; it's vital that this team should be proficient in that particular technology that you're currently using in your project
     
  2. you haven't yet started your project and you haven't yet chosen the mobile app development technology(s) that will be powering it either; it's crucial to know then how easily this team of mobile app developers can adapt to a new technology along the way
     

3. "How Many “X Technology” Developers Are On Your Team? Juniors or Seniors?"

Expertise, hard to quantify, but crucial for ensuring that the resulting app will live up to your standards!

Therefore, once you've dug through their never-ending list of technologies that they have a hands-on experience of, go deeper with your “investigations”. Identify just how many developers are familiar with your required technology.

Are they mostly junior or experienced developers?

And, most of all, do dare to ask for some sort of proof of their seniority levels. Some “blind” CVs or even samples of older code would be perfect.
 

4. "What Would Be Your Time Estimation on My Project?"

And time sure is money!

Do keep in mind that the average time invested in a mobile app development process is of 4-6 months.
Compare the time estimate that this potential mobile app development services provider gives you with this “average time” for developing an... average mobile app.

Next, ponder on their estimate a bit:
 

  • if they commit themselves to delivering you your app faster than their competition, then you might want to put their offer on top of your list
  • if their shorter development time is counterbalanced by a higher price, don't rush to take them off your list!
     

A higher price might as well be a proof of the seniority level in their team. As well as of an efficiency-boosting workflow that they may be leveraging within the company.
 

5. "Does Your Portfolio Include Any App Development Projects Similar to Mine?"

And by “similar” I definitely do not mean “identical”. Are they familiar with your industry?

Have they implemented the same functionalities in some of their previous app development projects? Such as integrating a particular payment gateway, for instance?

Have they been working mostly with start-ups or enterprises? 
 

6. "Any Former Clients' References for Your Mobile App Development Services?"

Why should your “research” be any different than that of a potential customer? Someone looking to make a purchase, who usually conducts a multi-leveled research: forums, customer reviews etc.

Therefore, one of the key criteria when evaluating your mobile app development services provider is their former clients' references.

Dare to ask for such recommendations and read client reviews on research company sites, such as Clutch.co, for instance. They do a wonderful job combining multiple evaluative metrics for identifying the leading companies in various industries (interviewing former clients being their no.1 research technique)

 Ask questions about some of their past projects: the challenges they faced, solutions that they've come up with, time invested in those projects etc.
 

7. "How Much Will My Project Cost? And What Does The Price Tag Cover?"

For putting a price tag on is equally important as knowing from the very beginning precisely what services your “bill” would include.

Speaking of which, here are some of the fixed aspects that you should make sure that will get included in that price estimate:
 

  • research & preliminary consultancy
  • UX prototypes, mockups
  • design
  • mobile app development
  • project management
  • all infrastructure costs
  • guarantee
  • licenses
     

Also, a key parameter to use when you're “weighting” their cost estimate is the seniority level of the developers that will be assigned to your project. 

Since their proven experience and expertise would automatically influence the price.

If the given price is suspiciously low, you might want to question those developers' overall level of expertise. Which, in the end, might lead to longer development times.

So “cheaper” might turn out to be... more expensive actually.
 

8. "What Files Will I Be Given Access to During the Project?"

Transparency is a strong indicator that this might just be the mobile app development company that you want to partner with.

Don't hesitate to ask about the files that you can access during the project. Wanting to know what's going on, at every stage of your future app's development process, is only legitimate.

And speaking of the files that you should be entitled to have easy access to, let me mention just a few:
 

  • time reports
  • weekly updated staging and production environment
  • source code
  • test environments/demos
  • the project management's dashboard itself (whether it's Jira, Taiga or maybe Trello that they're using)
     

The more involved you'll be in the process, the quicker you'll detect issues that you dislike or simply specifications that you'd like to create. And the more chances will be for the final product to meet your requirements entirely!
 

9. "How Do You Communicate With Your Clients Throughout The Projects?"

And probably this is precisely the question that you should be starting your “interview” with.

Knowing what:
 

  1. communication tools they'll be using (Slack, Rocket)
  2. what project management boards
  3. what time you can contact them at, their overall availability and response times
  4. the calls' frequency' how often you'll be getting in touch with the team working on your project


… is vital. Zero or poor communication and timeliness risks to turn all expertise, efficiency-enhancing workflow, conveniently low price and short development times into... nothing but “details”.

What if you want to make some recommendations? Or to inform the team about some late scope changes?

What if the team itself needs further clarifications from you?

Now it's the perfect time to express your expectations when it comes to this part of your future collaboration: communication.

And also, to have your doubts if the potential app development services provider doesn't seem too open to implementing your suggestions. To committing itself to frequent calls and so on.
 

The END! These are the 9 crucial questions to ask or the 9 things to look for in a new mobile app developers company that you consider collaborating with.

Would you have added a few more? If so, what other questions?

What is your own criteria when you're evaluating potential development teams in order to assess if they're the right fit for your app project? 

Mar 05 2018
Mar 05

Here's where you probably stand now: you need to integrate all your on-premise systems or cloud (or both) applications and to automate them in a perfectly orchestrated infrastructure! And you're asking yourself: “Should I go with Mulesoft's capabilities?” “What if I evaluated other integration solutions, as well?” “What are my other options?” “Which are the Mulesoft alternatives?”

Since it's been a while since Mulesoft's Anypoint Platform's been competing with other technologies for users' preference in the enterprise integration software landscape.

And competition sure is fierce, and so is your paradox of choice:
 

  • each technology comes with its own type of infrastructure 
  • … geared at delivering integration as a service
  • each one's packed with specific capabilities, designed to meet particular integration needs
     

A comprehensive, yet succinct definition would go something like this:

MuleSoft provides companies with a next-generation integration platform (Mule ESB & CloudHub) for connecting all their systems (SaaS and enterprise apps) both in the cloud and on-premise.

“And how does it work?” “What can you achieve by using it?” You might then ask yourself.

Here's my three-version answer to your legitimate questions:
 

  1. MuleSoft manages and secures the continuous data flow between all the existing systems in your organization
  2. it provides your team with self-serve exiting APIs, thus supporting their innovative initiatives
  3. it practically unlocks data via APIs, “injecting” it in the indicated external apps and systems from your enterprise infrastructure
     

Now, if I am to briefly point out some of MuleSoft Anypoint Platform's biggest advantages:
 

  • it enables you/your team to deploy your application on cloud with utmost ease
  • it enables your team of developers to easily put together some truly complex orchestration flows: all it takes is some drag & drop on the user-friendly dashboard
  • the containers that it provides and its conveniently simple, user-friendly graphics can only streamline developers' workflow even more
  • it supports interaction with other platforms via web or REST services
  • it complies with all major connection and data representation standards
  • it enables simple and fast APIs exposure 
     

And by far one of the biggest edge that Mulesoft has over its competitors:

It's an integration platform that enables different existing apps and systems to connect with each other, acting as a bridge transporting data back and forth between them; and this data flow takes place within your enterprise or across the internet

Mule ESB still is one of the most easily (and widely) integrated applications.

And now, it would be only fair to point out some of MuleSoft's limitations, as well, right?
 

  1. it is particularly suitable for complex integration scenarios (since it supports Java code, as well)
  2. in short: you'll need to consider having an experienced Mulesoft developer (with some Java background) in your team
  3. you might want to be able to interact with MuleSoft support right from the design environment (which is not yet possible)
  4. when it comes to dataweave mapping, you'll need to ensure, yourself, that all the fields are mapped, by inserting the right names; you can't rely on some sort of control mechanism to double check that for you instead
  5. structuring a process hierarchy is not exactly “piece of cake”, since you'll have to set up flows and sub-flows in the very same XML configuration files
     

Apigee: One of The Most Popular MuleSoft Alternatives

And what makes it such a popular alternative (and implicitly one of MuleSoft's biggest competitors) is the fact that almost all components can be scaled horizontally!

But there's more! More reasons why many companies choose Apigee over MuleSoft when looking for the best integration software to “power” their own integration scenarios:
 

  1. it provides very good documentation (plus a blog), covering all the details of the most “popular” failures and valuable advice on error handling
  2. it empowers new users to get started right away, with very little guidance needed: they get to develop a Proxy and APIs right away
  3. a conveniently easy to use console
     

Another “rival” that the Anypoint Platform needs to share its worldwide fame with! 

Here are some of the strong points that make Tibco BusinessWorks the no.1 choice for plenty of enterprises looking to seamlessly and effectively interconnect all their systems:
 

  1. it comes “packed” with lots of integration options: you get to test and to troubleshoot the whole process within the designer, you can write (a file activity), then automate a process in just a few hours and to easily deploy it in the Tibco Administrator
  2. it's conveniently easy to monitor
  3. it handles data manipulation and integration of heterogeneous systems remarkably
  4. it makes transforming and analyzing data, as well as managing error cases, ideally quick and simple
  5. you get to enable communication between multiple different systems without the need to set up custom APIs
  6. short time to market
  7. it supports legacy system integration
  8. it supports REST services development
     

What is JitterBit's edge over Mulesoft? What convinced me to add it to this list of “MuleSoft alternatives”?

It's easy to use! It's a simple way for enterprises to connect all their apps, devices and critical data that they need to get “flowing” for running their business!

"Simplicity" and "ease of use" are the 2 keywords to describe this integration solution.

And here are some more reasons why JitterBit's on this list:
 

  1. it's easily customizable
  2. it's built to connect a lot of different sources and targets in the “data flow” circuit (SQL  DB, Salesforce, CSV, iSeries, IBM)
  3. it enables your team to set up operations (and to apply changes to, when needed) quick and easy, so you can leverage your entire infrastructure within minutes
  4. not only that it sync data collected from multiple different systems, but it uses multiple data formats, as well (both for intake and output), which takes the burden of writing custom ETL scrips off your back
  5. no steep learning curve
     

How can Zapier here, one of the Mulesoft alternatives, meet your integration needs? 

It empowers you to automate tasks performed between other online services: Gmail, Salesforce, Basecamp, 249 etc.

And here's how Zapier's “arsenal” of features and functionalities looks like; the ones that you get to tap into for connecting and automating all your apps nice and easy:
 

  • automated & connect applications
  • automated workflows
  • easy automation
  • developer platform
  • fast build processes 
     

You sure aren't nickel and dimed in choices when it comes to data integration tools!

Informatica Cloud Data Integration is yet another full-featured, complex solution to consider:
 

  • it comes with all the capabilities needed for connecting all your on-premise/cloud applications and make them share data
  • no matter what type of apps, since it supports NetSuite integration, Eloqua, Salesforce, Workday, Marketo, SAP, Oracle
  • it enables you to extract data from your ERP systems, to transform it and then to “inject” it into your operational data stores
     

As its name “divulges”: it's Oracle's cloud-based integration platform that we're putting into the spotlight here!

Similar to the Mule app since it, too, provides a data environment in exchange, Oracle ICS's “job” could be summarized as follows:

It provides a user-friendly web-based interface which makes possible for “citizen integrators” to peform basic mapping between the interconnected (cloud) applications.

But the 2 key features that turn it into one of the Mulesoft alternatives are:

  • unlike Mule, Oracle provides an enterprise information integration, too (EII)
  • it provides several different adapters, suitable for a wide range of cloud-based business applications

Practically, with just a few clicks, you can set up a connection to the Oracle Sales Cloud, SAP, RightNow, Salesforce, Oracle E-Business Suite and the list can go on...

And now to mention just a few more of Oracle's strengths:
 

  • it's easy to use (and I've just mentioned here its user-friendly web-based UI)
  • it takes just a few clicks to access your integration platform; no need to bring your own servers or software to the table
     

Not only that it “spoils” its users with an easy to use UI, drag and drop convenience for creating new processes and excellent support, but there's a whole “pile” of other features that make Dell Boomi one of the Mulesoft alternatives:
 

  • it provides a multi-purpose PaaS
  • integration cloud 
  • cloud-to-cloud integration
  • B2B integration
  • multiple tenant platform
  • SaaS-to-SaaS integration 
     

Furthermore, if I were to highlight its biggest strengths, I'd pick up 3 main benefits that you can reap from choosing it as your integration solution:
 

  • getting a simple integration up and running will only take you about a couple of hours
  • great visual interface that will speed up most of your team's tasks
  • you get out-of-the-box connectors to Taleo, Salesforce, plus many other popular SAAS
     

But (for there is, indeed, a “but”) there are also 2 discouraging drawbacks that I have to point out to you:
 

  1. the XML split does cause some irritating issues
  2. it's overly “picky” when it comes to the data format and the data type that it accepts
     

Now, if I am to sum up this “MuleSoft vs Dell Boomi” comparison in just one succinct, yet complete phrase, it would have to be the following:

While Dell Boomi's geared at providing you with comprehensive solutions for cloud integration, Mulesoft's “specialized” in API-based integration.

This is the key difference between the two integration solutions!
 

In Conclusion 

Determine and evaluate your integration needs first! It all boils down to this...

And that way before you jump to weighting each one of these integration technologies' strengths and limitations!

For it's only after you've defined your needs that you should start looking for the software capable to meet them.

Feb 24 2018
Feb 24

Simplify! This is the right way to go if you're “obsessing” over your productivity as an app developer. Declutter your toolbox and keep only the truly essential Android app development tools in there!  

But which are they?

What are the tools for developing Android applications that shouldn't miss from any developer's personal “arsenal”? 

The most effective ones when it comes to helping you:
 

  1. become (even) more efficient by improving your workflow and thus speeding up your development process
  2. develop higher-quality apps

And this is where this blog post here comes to “the rescue”! It's a selection of THE fundamental Android app development tools that you should keep at hand (take it as your productivity-boosting toolkit).

Ranging from:

  • IDEs
  • to emulators
  • to design tools
  • to game engines

… and geared at streamlining your debugging, your performance-checking, they make the best Android developer tools to rely on in 2018:

Stay vigilant and alert for detecting any memory leaks in your Android apps right on the spot! But mind this doesn't take too much of your valuable time!

Instead, rely on this powerful tool in your developer's toolbox for identifying them. It will take this time-consuming “burden” off your back and alert you any time it tracks down a memory issue threatening your app. 

Moreover, LeakCanary provides you with a full stack trace so you can have those memory leaks fixed right away, too.

You'll have a crush on this tool if:

  1. you're a beginner, struggling to get started with that innovative Android app idea of yours (and, hopefully, to turn it into the next big thing in terms of Android app development)
  2. you're planning to learn Java and Android SDK: it will practically enable you to follow your favourite tutorials with highlighted code and then to get them tested... in real-time, on the very same device!

In short: the irresistible advantage of AIDE and the very reason why it's got included in this selection of essential Android app development tools is that it runs on Android!

Just imagine it:

You get to develop your Android app on your device, nice and easy, then you get to test it... on that very same device! This is the true “superpower” that this development tool provides you with! 

Note: don't expect it to be free, for it isn't, nor to “spoil” you with a full load of features. 

The power that you'll unlock by including this tool in your smartphone application development process? It mirrors your real device on your PC.

And this does turn into a true power if you're one of those developers who hate building their apps on emulators, yet they crave the advantage of using one.

There's more! Vysor will even mirror your live app demos on projectors and big TV screens.

So, if you think that this functionality matches your own work style, that it streamlines your workflow and helps you create a better app with greater ease, go for it!

Debugging native Android apps will never be the same again!

That if you use this open-source platform wearing Facebook's signature here when you go “bugs hunting”. 

And not only that it makes your debugging work so much easier, but it's also geared at landing you a much needed helping hand with your:

  • inspecting the SQLite database
  • checking the View hierarchy
  • monitoring network operations

A debugging tool that shouldn't miss from your toolkit!

5. B4A, One of “Speed-Injecting” Android App Development Tools 

For “rapid development” is what you'll achieve by leveraging this tool's features.

And these are:

  • the ability to develop Android apps using the much simpler BASIC programming language 
  • a visual editor for manipulating your views to your liking
  • wireless debugging

In short, B4A (Basic for Android) makes such a convenient IDE and interpreter enabling you to create your app in a simpler procedural programming language.

Plus, it comes packed with other advanced features to speed up your development process (as above-mentioned).
 

The “Holy Grail” of all Android app development tools!

Officially it's the IDE for Android. 

But in reality, it's your own “Swiss knife” to use as an Android developer! Since it plays multiple roles crucial for your mobile app development workflow:

  1. it's a compiler that you get to leverage to create a file system for arranging your app project, to create multiple APK files
  2. it's an editor for the programming language that you'll decide to use in your app's development process (whether it's Java, Kotlin, C++...)
  3. it's an XML editor (providing you with a “design view”, as well, that will guide you in displaying your app's elements on the screen; crucial for keeping up with Google's Material design guidelines)
  4. it also includes the Android SDK itself (yet, the Java SDK needs to be downloaded separately)

In terms of pros and cons, do expect a steep learning curve for developing with Android SDK and Java. But once you've got through it, do expect to gain access to unlimited support, to a whole bundle of advanced features and to unmatched integration functionality.

From this standpoint, Android Studio is the “can't live without” tool-set for any developer! 

Does this scenario sound familiar to you?

You hit a dead end down your app development roadmap and you need to go over to Github or StackOverflow and have a quick look at some code examples!

Well, Codota enables you to do precisely that, but without having to leave your IDE.

Talking about speeding up your development process, right?
 

Far gone are the days when GenyMotion used to be “just” the developers' top choice whenever they wanted to create their apps using an Android emulator.

It has now grown into a complete platform whose powers you get to harness for:

  1. developing your app
  2. testing it
  3. deploying it

Do consider it as a “candidate” to be included in your own toolbox of Android app development tools essential in your work this year.

9. Visual Studio with Xamarin

These days you get Xamarin right out of the box with Visual Studio, Microsoft's IDE.

One supporting a whole wide set of languages: JavaScript, C#, VB.net, and others, too, via extensions.

And what's the “deal” with Xamarin? What makes it “essential” for your toolbox? 

  1. it enables you to develop cross-platform apps using C# (have you been “toying” with the thought of developing an app both for Android and iOS using the very same code?)
  2. … to test them on different devices that are connected to the cloud

A word of caution: accessing and working with Java libraries isn't really “a child's play”, do be prepared for that; also, you need to accept that you'll be losing some of Google's cool integrated features and support.

It makes any smartphone app developer's trump card making his work on Git as efficient as it can get!

Basically, this tool's aimed at making Git cleanly organized so you can visualize all your work there — commits, changes, branches — in the form of an easy-to-navigate-through structure. And all this without the need to use the command-line!

One that can only boost your productivity, as it helps you sweep through Git with great ease!

11. Fabric, One Those Powerful Android App Development Tools You Should Be Using

And its power lies in all the capabilities that it's been invested with. It provides you with a whole set of features designed to help you:

  1. develop
  2. deploy
  3. extend

… your Android apps' functionality fast and easily.
 

Once developers' very first choice when they started selecting the Android app development tools to build their toolboxes with.

This until it got “dethroned” by Android Studio!

And yet, Eclipse should still be part of your toolkit. It's an IDE that supports a wide range of programming languages after all (Java with the Android SDK here included).
 
Note: still, do not expect it to get you “spoiled” with out-of-the-box support, like Android Studio does, so be ready for some setting up work!

A tool that takes “bug hunting” to a new level!

Practically it empowers users to share video, audio recordings, screenshots, detailed logs whenever they detect anything suspicious in your app.

And these user-generated “signals” become priceless in your constant attempt to keep your app bugs-free!

If it's a cross-platform, feature-packed game app that you're planning to build, this game engine might turn out to be your best “ally”!

Here's why:

  1. it provides easy support for Android
  2. it's open source
  3. when it comes to graphics, it does have an advantage over its “rival”, Unity
     

Team up with Takt in your major lags and bugs detecting “adventure”! 

This library will help you check your app's FPS thoroughly and spot down bugs right in its development phase. 

For you don't want them to linger on in there once your app's being used in its production phase, now do you?

The END!

I know what you might think right now:

Each developer's toolbox depends solely on his/her preferences, goals and personal work style.

It's perfectly true and I've anticipated this “objection” myself. Therefore, I've grouped here only those truly essential Android app development tools that one should “carry” in his/her toolbox.

... irrespective of his work style and goals set for his/her app.

Feb 23 2018
Feb 23

When to use REST? What are some practical use cases of REST web services? How does it work? What's the “catch”, why has this new architecture for web services had such an impact on the industry? How is it any different/better than SOAP? Why use RESTful web services after all?

“Tormented” by all these questions related to the REST approach/alternative to building web services?

Relax now, you'll have your answers in a minute (or a few seconds)!

For here are the REST-related “enigmas” that I commit myself to solving in today's post:
 

  • What is REST and how does it work?
  • Which are the specific use cases for building web services using the REST architecture?
  • What's driving it? Why is this technology increasingly popular?
  • What sets REST apart from the traditional SOAP approach to web services?
  • When NOT to use RESTful web services?
     

And now... the answers that I promised you:
 

What Is REST and How Does It Work?

Here are some valid answers to all your “What?” questions: “What is REST?”, “What are web services”, “What are RESTful web services?
 

  • REST is the native API of web browsers
  • REST is how one creates web services
  • web services are... the future of everything: creating and publishing APIs that would do CRUD (create, read, update and delete)
  • … thus making machine-to-machine communication possible, making apps' functionality accessible to multiple users and external systems
  • RESTful web services are those resources on the web that can be tapped into for retrieving certain information
     

“And how does it work?”

First of all, we should get one thing straight: REST is not an official standard! It's more of an architectural style, the one organizing a network of systems, where the “systems” are basically servers and clients.

Here's how it works:

Clients make a request to the web servers; the latter process it and, in response, return the appropriate web pages. And in this request-and-response equation, RESTful web services are the very resources on the web that servers tap into for retrieving the requested data.

Does this definition shed any light on your RESTful web services-related questions? 
 

Why Use RESTful Web Services?

Here's the actual context where the RESTful web services technology emerged and “grew like a beanstalk”, with a huge impact on the industry:

The web “exploded” and, starting with web 2.0, the interaction between websites and client apps, between multiple sites, multiple devices, sites and databases, became increasingly intense. And more and more “demanding”, calling for a new technology that could handle and streamline this communication taking place on the web.

And here's where web services and REST, a new way of building them, emerged!

The REST architecture is designed to build:
 

  • maintainable
  • lightweight
  • scalable 
     

… web services, which make retrieving the data requested and “exposing” all that information far less cumbersome.

As compared to the conventional SOAP/XMLRPC web page-scrapping method.

Data's being passed on the web, from one website/app/device/database to another, faster than ever these days. Just think about all those websites incorporating Twitter and Facebook content!

Or of websites “capturing” data coming from multiple sources: financial information, sales data, online communities...

RESTful web services is the technology that streamlines all these intense data “harvesting” processes!

This is the answer to your “Why use RESTful web services?” question.
 

When Should You Use RESTful Web Services? 5 Practical Use Cases

There are specific use cases when you should go “the RESTful way”.

Adopt this approach to building web services if:
 

1. In your distributed app it's crucial to keep the coupling between client and server components to a minimum:
 

  • you'll need to be able to update your server frequently, without having to update the client software, as well
  • your server's going to be used by multiple clients, yet you don't want them to have control over it
     

Just make sure you follow all the REST constraints for achieving this kind of basic level of coupling. Maintaining a purely stateless connection will be challenging, but not impossible if you “follow the rules”.
 

2. It's a custom, on-demand digital product that you're developing

Such as an Ubercart or Drupal online store that you're putting together on a remote cloud server:
 

  • you set it up
  • create a suitable architecture that would scale the environment if/when this your custom product goes viral
     

3. You want your game's high scores and user community forums to be displayed both in-game and on the web

Let's say that you're a mobile/console game developer facing the above-mentioned “challenge”. 

In your practical use case you can:
 

  1. have your Drupal site publish an API, using Services (thus doing “CRUD” with the data that needs to be “harvested”)
  2. leverage a RESTful type of communication with the Drupal site in order to retrieve that data and have it displayed in-game, on mobile/console, too
     

4. You want to create a user alert system on your e-commerce website

One that would alert your customers, via your e-commerce mobile app, whenever a product that they visualized becomes available (or its price drops).

Also, you want those alerts to pop up in an iPhone app and on Facebook, too.

And the solution is:

Your Drupal site (for yes, it's a Drupal site that you own in this scenario) will use Services & a custom module to have the example.com/alerts/uid API published. And it's this specific API that the iPhone app and Facebook will use for manipulating that particular content to be shown in the user “alerting” message.
 

5. You want to provide (paid) access to commercially-controlled data

Such as movies, music, stock or trading data.

Imagine that you own an event venue and you publish a ticketing API. People (such as ticket brokers) will be charged for gaining access to it.

In short: RESTful web services for can be used for all kinds of commercial activities, as well.

Just use them to create and to publish the API that will do CRUD with precisely that commercially-controlled data that people are willing to pay for gaining access to!
 

What Sets REST Apart from the Traditional SOAP Approach to Web Services?

Of simply put: 

Why use RESTful web services instead of the traditional SOAP-based web services?

Here's a list of strong arguments:
 

  1. with REST, all that intense data interaction is more lightweight; it doesn't weight so heavy on your web server like a SOAP page-scrapping method would
  2. with REST, only the specifically requested information gets retrieved, instead of having whole web pages scrapped off the “target” content (like with the SOAP approach)
  3. the architecture is way simpler than the SOAP one and it leverages the standards (and protocols) of modern web
     

And what does this last argument even mean?

It means that heavy SOA (Service Oriented Architecture) is shifting to lightweight WOA (Web Oriented Architecture), since these days apps need to tap into a web that's “packed” with REST resources.

And so, instead of leveraging a few point SOA services, data gets collected and displayed via millions of granular REST resources. Developing arbitrary apps, that interact over the network, has become conveniently easier.

Complex things (systems) get simplified!
 

When not to Use REST Web Services?

There are — as I've just pointed out — use cases when the REST approach is the perfectly suitable one: business-to-consumer apps.

But there also are specific cases when RESTful web services don't work so well: B2B apps!

Take this practical example here:

A bookstore might find it a bit more challenging to make a volume purchase from an online vendor as compared to a regular customer. 

It would need to “juggle with” several apps to track shipment, sales, determine re-orders etc. And where do you add that one app might need to be re-entered into other apps, turning the entire process into an overly complex, hard-to-manage one.
 

The END! 

Have I managed to answer your “Why Use RESTful web services?” question or not quite? Or just partially? 

Do be honest and, if it's the case, share your other REST inquiries and dilemmas with me! Or point out those use case examples or explanations presented here that you'd like me to shed some more light on.

Feb 22 2018
Feb 22

So you've made up your mind: it's Magento “fuel” that will be powering your e-commerce website. And now you're facing challenge no. 2: Magento Enterprise vs Magento Community! 

Which one of the 2 Magento platform's editions is right for you? What are the key differences after all?

Which one's best suited to your current feature needs? And how about your daring goals and growth plans? Which one's scalable enough to accommodate your expansion plans?

The quickest/easiest/surest method to “find your match”: confronting your current requirements with each one of the 2 Magento editions' sets of features and functionalities.

Note: the method is the same if you're having a Magento vs Drupal Commerce "dilemma" instead, for instance.

Then draw the line and just do the math!

So, without further ado, let's dig up the:
 

  • Magento Enterprise features 
  • Magento Community features 
  • And draw the profile of the “ideal” online store for each one of the 2 Magento editions
     

1. Is Magento Free? Price Tag vs Value

With or without a price tag on.

This is the most rudimentary “Magento Enterprise vs Magento Community” comparison that one could make.The first one does come at a price, while the open source version is free to download off the internet and, implicitly, free to use.

And now the question that arises is: does the price tag come with added value, as well?

Without question!

The Magento Commerce edition —  merging, since June 2017, the Enterprise and the Magento Cloud Edition —  comes not with 1, but with 2 price tags on. Along with a heavy load of enterprise-level features and high-end functionalities.

And it's your own needs and goals that will tell you whether... it's worth it. Whether a free variant, with basic online selling capabilities or a bulky feature set, with a heftier price tag on, suits you best.
 

2. Top Magento Open Source Features 

The open-source community edition is Magento's downloadable version. And, as you can expect, it provides much of the same functionality, same basic performance and shares the core features with its enterprise counterpart.

And here are some of these core features that you can power your e-commerce business plans with and get your functional online store up and running in no time:
 

  • modern tech stack
  • regular updates
  • automated code merge
  • payment integrations
  • scalability
  • automated testing
  • flexibility (install the extensions of your choice to ramp up your site's functionality)
  • responsive layout
  • fast product import
  • integrated video & marketing tools integration
  • customizable & mobile-compatible admin dashboard
  • guest checkout
  • registered customers
     

A word of caution:

Determine your site's specific goals and needs right from its planning phases.This because implementing specific functionalities from your “wishlist” might require you to install additional plugins and to craft some custom code.  
 

3. Does Your e-Commerce Business Fit the CE Client Profile?

It does if your answer is “Yes” to most of the following questions:
 

  • Is it a small-scale e-commerce project that you're starting?
  • Are you planning to keep extension/plugins implementation to a minimum; can you already predict that there will be no need for custom modules in the future?
  • … no need for 3rd party design and web development teams to handle your not so complex site project?
  • Are you looking for an e-commerce platform that should provide you with the basic features needed for getting your store up and running?
  • On a shoestring budget?
  • No plans to grow from a small e-commerce site into an enterprise online store? Or to enter new markets?
  • Is it a versatile platform that you're looking for? One leveraging open source for delivering you a significant load of basic plugins and templates to custom-tune your store with?
  • … and to deliver rich experiences to your customers with?
     

In short: Magento's open source community edition (CE) is built, from the ground up, with the basic needs of small e-commerce business owners in mind.

It's a turnkey solution for small sites.

Note: having just a few products doesn't necessarily mean that your site's needs are basic. Therefore, this is no indicator that you should opt for Magento Open Source.
 

4. Magento Enterprise vs Magento Community: Do You Have Any Expansion Plans?

Just think these growth plans through and the sooner the better:
 

  • Would you like to enter new markets at some point in the future?
  • Would you like to ramp up and customize your site's current functionality at some point?
  • How much do you want it to grow? Is scalability a critical feature for you?
     

Do set up your e-commerce goals at this phase of the project!

For once you've got your site running on Magento Community (or Open Source), switching to Magento commerce will be more challenging than you expect:
 

  • the two editions' code bases are different
  • you'll need to give your website a full redesign
  • the Magento Open Source templates that you will have installed won't work in Magento Commerce
     

So, take some time to think about the future, your e-Commerce site's future...

Since “upgrading” it, later on, to Magento Enterprise, comes with inconveniences and compromises that you'll have to make (e.g. losing some of your team's hard work).
 

5. Top Magento Enterprise Features 

Magento Commerce — the 2-in-1 Enterprise & Cloud edition of the platform — provides you with enterprise-level features right out of the box. 

Along with the price tag comes the added value transposed into a set of online selling capabilities that you don't get with its open source counterpart. So, do consider this when you're having a Magento Enterprise vs Magento Community dilemma.

Capabilities geared at meeting your enterprise online store's complex demands from an e-Commerce platform.

And here are the enterprise edition's top features:
 

  • PCI compliance
  • MAP pricing
  • cloud hosting
  • 24/7 technical Magento support, including a dedicated account manager 
  • RMAs
  • visual merchandiser: drag & drop UI and sorting rules for easily organizing your product category pages by variables of your choice (best/newest products, by color etc.)
  • segmentation & targeted promotion features: personalize your customers' shopping experiences
  • full-page caching
  • improved UX: features such as wish lists and gift registry
  • advanced marketing features: it provides you with reward points that you can use for setting up your own customer loyalty programs
  • better performance: expect better page loading times as compared to Magento Open Souce
  • geo-targeting
  • B2B features: create custom catalogs and multiple payment options, set up multiple buyers, create several company accounts etc.
  • content staging
  • enhanced security out-of-the-box: PA-DSS payment bridge, credit card tokenization...
  • separate databases for Product data, Checkout, Order Management: a major performance boost
  • improved tax calculation functionality
     

In short: Magento Commerce offers you more out-of-the-box functionality as compared to Magento Community, where you'd need to engage in custom coding and extension implementation to have these features “injected” into your site)
 

6. Go With Magento Commerce If...

… you plan to launch a large, enterprise-sized online store or a small-scale one, but you're “nurturing” major expansion plans!

In this case, the Magento Enterprise vs Magento Community “dilemma” is an easy one: Magento Commerce (now including the enterprise version, as well) is perfect for you! 

For your big, “needy” website site, that you expect to:
 

  • accept non-standard forms of payments, too (e.g. check or cash in hand)
  • enrich your customers' shopping experiences with functionalities such as gift registries, wishlists, buy gift cards
  • provide you with advanced inventory management and detailed reporting functionalities, with no need to install any extensions (or to write custom code) for this
     

… definitely needs a more robust, premium-grade features-packed platform.

And Magento Commerce is the one. 
 
The END!

So, how about now? Do you find it any easier to decide for one of the 2 Magento editions? Do any of the eCommerce business needs and expectations that I've outlined here match your own?

If so, which of the 2 feature sets  —  Magento Enterprise's and Magento Community's — suits them best?      

Feb 17 2018
Feb 17

The future belongs to those that not only store their heavy load of documents in a conventionally digitized form, but also “maneuver” it with utmost efficiency: have instant access to it, track it, retrieve it, organize it. How? By leveraging the perfectly suited open source document management system!

Speaking of which, I'm sure you've already got your “feature wishlist” ready:
 

  • it should be easy to learn and to use 
  • it should provide you with version control
  • … with cloud access functionality
  • … with document workflow
  • … with document tagging
  • it should come be equipped with an intuitive, user-friendly interface
  • it should be free
     

But since it's open source document management software that I'll introduce you to in this post here, feel free to take this last “wish” off your list!

OK, so this is how the ideal, the one size-fits-all-contexts DMS looks like. But which one's the best for your own business?

The one that best meets your specific business needs'? Your organization's unique requirements?

For narrowing down your choices you should submit yourself to this quick questionnaire:
 

  1. What type of documents will you be storing though your future DMS?
  2. Where will you/your team need to access them? In a single office, across an entire infrastructure of offices scattered around the globe, on mobile devices?
  3. Is it a plug & play, a full-featured custom solution that you need or just the software to meet your needs? Which (your needs) are the “standard” ones, fitting into a particular market.
  4. What is your budget?
     

And while you're still pondering on some of your answers, let me narrow down your choices even more. To a list of 6 document management systems worth your attention:
 

1. Alfresco, On Top of The List of Any Organization Looking for The Right DMS

Geared, from the ground up, to meet the particular requirements of those enterprises having critical documents to store and manage.

What Open Source Document Management System to Choose- Alfresco

Therefore, the best answer to your “What Is Alfresco?” question would have to be:

"A robust enterprise open source document management system, fueled on open source, powerful enough to automate document-intensive processes within an organization"

And here are some of its most “tempting” features:
 

  • its complex user role system ensures effective collaboration across large teams/departments
  • robust content repository
  • freedom of customization: feel free to tailor custom workflows and content models to perfectly suit your specific needs
  • its collaboration web interface is geared at boosting team productivity
  • public source code: it leverages core open standards
  • access to a full set of add-ons and community-maintained extensions that you get to extend your DMS's functionality with
  • it seamlessly accommodates any productivity app \that you may want to integrate later on: Google Docs, Microsoft Office etc.
  • Alfresco mobile apps (for Android andiOS)
     

Should I also point out that NASA and the European Union, themselves, capitalize on Alfresco's:
 

  1. open standards
  2. unparalleled robustness in handling massive amounts of content
  3. convenient extensibility
  4. unmatched freedom of customization that it “spoils” its users with?
     

2. LogicalDOC Takes Open Source to a New Level

An open source document management system that comes in two flavors:
 

  1. Professional
  2. Community 
     

What Open Source Document Management System to Choose- LogicalDoc

A highly versatile one, that can be used in any web browser, perfectly “equipped” to:
 

  1. handle a significant load of documents
  2. boost the team's productivity while enhancing team collaboration, as well
     

Some of LogicalDoc's top features are:
 

  • quick & easy installation and intuitive use 
  • multilingual full-text indexing
  • task manager & events log
  • version control & document searching
  • local file system
  • reporting & statistics
  • task manager & events log
  • Web Services (SOAP & RESTful)
  • import from ZIP archives
     

And the list is literally an endless one! Do consider this feature-loaded, free open source document management software when looking for the right DMS to meet your requirements.
 

3. Seed DMS, A Powerful Open Source Document Management System

If for you “the best document management system” means “the most powerful one”, then you might want to take the Seed DMS for a test drive.

What Open Source Document Management System to Choose- Seed DMS

It's mature enough, so it's already built a strong reputation around it, and it's enterprise-ready. Built to store and to share huge loads of documents.

And now, here are its other strong points worth your full attention:
 

  • real-time collaboration
  • version control 
  • users & groups management
  • HTML documents editing
  • built-in metadata support (author, description, keywords)
  • document review & approval workflow
  • full-text search
  • functionality for creating online presentations 
  • multi-level content directory, which supports +32000 documents 
     

Should I go on? For, the deeper I delve into the pile of Seed DMS features, the more I find. Or even better: how about you give this open source document management system a chance and see whether these features do meet your organization's particular needs.
 

4. Feng Office: More Than “Just” a DMS 

Why “more”? Because you get so much more than just the “standard” document management and team productivity-enhancing features. 

What Open Source Document Management System to Choose- Feng Office

And these additional, beyond the “conventional” functionalities are:
 

  • Task management
  • Time tracking
  • Workspace management
  • Knowledge management
     

Its set of features also include:
 

  • automatic alerts & reminders
  • notes
  • calendar
  • timesheet
  • wiki & forum support
  • reports & tags
  • workflow processes
  • task templates
     

5. OpenKM, A Conveniently Extensible DMS

And extensibility, coming from its OpenKM plug-in architecture, is not its only “superpower”.

What Open Source Document Management System to Choose- OpenKM

Versatility comes right after, since it practically supports:
 

  • all web browsers
  • all major DBMS databases
  • all common file types (OpenOffice, PDF, Office, XML, HTML, JPEG etc.)
     

Moreover, it empowers teams to set their own rules (logic) for automating the documentation process. For example, imagine that you'll need to set up a rule specifically for moving a particular document to a new destination.

You can do that with OpenKM!

And now, the (almost) full list of features that this open source document management system has been supercharged with:
 

  • workflow
  • OpenMeetings integration
  • document encryption/decryption functionality
  • automatic key extraction
  • antivirus integration
  • web services API
  • OCR integration
  • HTML editor
  • a functionality to create new documents leveraging pre-built templates and forms
  • Dropbox integration
  • mobile interface & Google apps synchronization
  • metadata navigator (along with categories, thesaurus, keyword...)
     

6. Kimios, The Best Alternative to the Heavy Document Management Software

If it's an alternative to the robust, heavy “document managing machines” that you're looking for, lightweight Kimios makes the perfect fit for your needs.

What Open Source Document Management System to Choose- Kimios

And it's not just its lightness that convinced us to add it to this list of document management systems, but its entirely service-oriented architecture, too (among others).

This means that it follows the client-server model: Web client, Kimios for Office, Kimios Explorer and all the other supported third-parties are connected to the main Kimios server.

To its central server, “in change” with exposing the web service layer covering Kimio's features.

Speaking of which (this DMS's features):
 

  • repository customization using metadata
  • customizable search engine
  • document-centered functionalities: create, delete, update
  • check-in-/out feature
  • version control 
  • user rights management
  • bookmarks documents (along with creating bookmarks and advanced requests functionalities)
     

And it goes on and on... and on.

Note: Kimios does integrate with Microsoft and Windows Desktop environment, but only under commercial license!

The END! These are the top 6 open source document management systems that you should consider selecting the right one for you from. And this no matter how your own list of feature needs& specific requirements might look like. 

Feb 05 2018
Feb 05

That we're witnessing a major shift these days — from web apps' supremacy to mobile apps' domination — is definitely no news. It's been a while since it grew from a trifle into a (digital) world dominating... reality. And so, anticipating which of last year's trends will be growing into “megatrends” and which of the newly emerging ones will be the mobile app development trends in 2018 with the highest impact on the digital landscape

… becomes crucial for anyone in the mobile app industry.

Should you continue to bid on virtual reality and cloud technology? Is blockchain nothing but a bubble about to burst this year? What place should wearable apps and IoT have in your mobile app development strategy?

We've done our research, approached the experts and the authority figures in the mobile app development industry apps and here's what we've come up with:

An 8-point list including precisely those high-impact trends to keep an eye on in 2018:

1. Wearable Devices and IoT Are “Exploding”! And So Is Wearable App Development

And I'm sure you, yourself, anticipated this: that IoT devices and wearable apps will go from niche to mainstream.

With more and more industries adding up to the list of IoT adopters — education, smart health, automotive — and with Apple cutting off the price constraint, it's only reasonable to expect wearable devices/apps explode in 2018.

… to expect to see more apps for wearable devices (and not just watches) and an increasingly powerful impact of IoT on mobile app development.

Considering that smartphones are needed for controlling IoT devices...
 

2. Android Instant Apps, One of the Growing Mobile App Development Trends in 2018

It's a fact: Android Instant Apps will be one of those (not so) new trends in mobile app development to be growing like a beanstalk this year!

The reasons behind this anticipated growth have a too powerful impact on the users not to turn from a predicted scenario into a... reality of the digital realm:
 

  1. they're conveniently easy to use: no installation required and yet they're more on the native app's side and they work like websites
  2. they use fewer resources
  3. they can be accessed from anywhere (WITHOUT installation)
     

In other words: the border between the realm of apps and the landscape of websites gets even more... blurrier this year.
 

3. Accelerated Mobile Pages

A huge “hit” ever since its “debut”, in 2016, Google's AMP is definitely on the up and up in 2018, too.

And no wonder why this open-source initiative — accelerated mobile pages — still “runs the show” and continues to “seduce” mobile app developers:

  • it's a publishing technology (HTML's stripped-down version) geared at boosting mobile pages' performance
  • … practically it injects both sites (on mobile devices) and web apps with high speed
  • … keeping the bouncing rate to a minimum

Now, these are strong enough advantages for this trend to be one of the high-impact mobile app development trends in 2018.

4. Predictive Analytics Gains an Increasingly Powerful Influence on Mobile UI/UX

What do you think about joining the “gang” of tech giants in the mobile app industry (Google, IBM, Apple, Facebook) and jump on this trend in 2018?

Why bother? Well, because:

  1. we'll be witnessing a shift from mobile apps as “mere” utilities to apps as integral components of your workflow
  2. this advanced software is the “offspring” of AI and machine learning
  3. … with a major impact on your customer journey via your mobile app's UI/UX
  4. … since it provides valuable predictions related to your business (by leveraging the available data) for you to capitalize on (and to do what it takes to enhance your app users' experience)

5. On-Demand Apps Will Ride The Tide of Popularity

How could they not? After all, they're making people's lives easier by simplifying their day-to-day activities, such as:

  • looking for laundry services
  • ordering food
  • looking for cleaning services
  • looking for rideshare and taxi services

And not only that on-demand apps will be in... high-demand this year. They'll be one of those mobile app development trends in 2018 expected to “bloom” with new cool features and functionalities:

  • business bots
  • UI/UX enhancements
  • predictive analysis
  • m-commerce facilities

6. Blockchain: Newer Mobile App Development Trends in 2018 With Huge Potential

Blockchain has been intriguing, “seducing” and gaining so much good press, that it can't but continue to grow, as a trend, in 2018, too.

And it's no surprise why:

  • it provides companies with a shared, unalterable ledger storing their information (transaction histories or bitcoins) presented in the form of blocks
  • … “unalterable” meaning that the info can't be modified unless all the subsequent blocks get modified; which would automatically lead to the entire network's collision

A principle of “openness” that continues to “seduce” legit businesses. Businesses that do seize the huge potential of providing transparent access to the blockchain.

7. Dare to/Continue to Bid on Cloud Integration This Year

The future of mobile apps and their development is one where the benefits of cloud technology are being (finally) leveraged to their full potential.

And here I'm talking about benefits such as:

  • better storage
  • reduced costs in hosting and equipment
  • improved page loading times
  • streamlined operations
  • increased productivity and collaboration

And nonetheless: developing mobile apps over the cloud will enable them (the apps) to run seamlessly across multiple platforms.

Now that's superpower, don't you think? A huge “leap” into the future of mobile app development software!

8. AR/VR Will Have an Even Higher Impact on App Development Strategies

These 2 technologies are already too well rooted in the long-term future of mobile apps that they can't go anywhere else but... UP.

AR and VR continued to be developers' trump cards for creating jaw-dropping mobile app experiences. Even so more this year, with all the compatible hardware expected to invade the market.

And it's not just the gaming sector that will benefit from augmented reality graphics and videos presented in VR, but others will fall under its “spell”, as well.

Here I can only think of the huge potential that these 2 technologies have in the retail sector.

Speaking of which, are you think what I'm thinking? About Amazon Go and all the doors that it has opened for other similar apps to steal the spotlight this year?

End of list! 

These are, judging by the stats, forecasts and expert opinions that we've analyzed, the 8 high-impact mobile app development trends in 2018.

Also, judging by all the enhancements in hardware:

  • button-less mobile devices
  • more and more powerful chips

… and the emergence of a new level of digital speed — 5G — I can't but be certain that these 8 trends here will get turbocharged in 2018.

Jan 23 2018
Jan 23

Welcome to... Dockerland, a place of never-ending confusions! The most frustrating one of them all — for every novice planning to explore Docker — being the “Docker Image vs Container” dilemma.

“What, aren't they one and the same concept?”

But you know that this is a rhetorical question: you just sense that they're 2 distinct concepts...

Yet, you can't really identify the differences:

How are Docker containers and images different after all?

Now let's clear up the Docker Image vs Container confusion once and for all:

First Things First: What's a Docker Image?

A file (or file-like... thing) that gets built from a Dockerfile, by running a "build" command. 

Moreover — and this is particularly important in defining a Docker image and setting it apart from containers — it's an inert, immutable type of file. A template-like file (you could also imagine it as a snapshot of a container).

It's only when started, with the docker command, that a docker image starts producing a container.

And since images in Docker tend to grow quite large, they're built on a layered structure (multiple players of other images). This way, only a small “load” of data gets sent when loading images over the network.

Wrapping Up:
 

  1. you can take the docker image as an application that you'd like to run
  2. a docker image can't be “running” or be “started”; once the “docker run” command is... run (obviously!), the image grows into a docker container, so... mind the inevitable confusion
     

Which Leads Us to The Question: “What's a Docker Container Then?”

The not 100% accurate, yet generally accepted (even if halfheartedly) definition is: 

“A container is a running instance of an image”

Now, let me detail...

Practically, the very act of running a Docker image produces a Docker container. You won't find a more straightforward explanation than this one!

And containers are (or they should be) the very reason why “learning Docker” turned into one of your top resolutions for 2018 in the first place. For they're:
 

  • lightweight
  • using fewer resources
  • portable
  • easy-to-be-deployed
     

… ways of running and managing your applications.

If you're fond of analogies, here's one that will undoubtedly help you come up with a clear answer to your “Docker container vs image” dilemma:

If a Docker image was a class, then a Docker container would be an instance of a class (a runtime object). 

Wrapping up now:
 

  1. once you start an image in Docker (so once you use the “docker run” command) you basically have a running container of this image in question
     
  2. a container is created by adding a top writable layer to a Docker image and thus by initializing multiple settings (container name, ID, network ports etc.)
     
  3. and it's due to that very writable layer, storing all the changes applied, that you can have multiple containers running off the same image; each and every one of them preserving its own distinct data state
     

Docker Image vs Container: Key Difference Revealed

The most significant difference clearing up the confusion is the following:

There is a top writable layer setting Docker images and Docker containers apart

It's that very layer, storing all write operation corresponding to the containers in question, which:
 

  1. gets deleted along once/if the container, itself, gets deleted, while the underlying image remains intact
     
  2. enables multiple containers to share the very same underlying image
     

Now to better explain the key differences founding this dichotomy, let's reduce everything to a simple, clear-enough (hopefully) formula:

a docker image + a docker run command = a docker container (meaning a running instance of the docker image)

… a container equipped with its own writable layer and which can get listed via a "docker ps" command

Is everything any clearer and simpler to you now?
 

Or Maybe a Metaphor Example Suits You Best?

In addition to my “class vs instance of a class” analogy, let me try now explaining this tricky Docker dichotomy by using a metaphor... or two:
 

  1. Let's say you have a film and a VHS of (which stands for our “image” in Docker). Then, imagine you'd place that VHS into your “virtual” VCR. In this case, the VCR stands for your Docker container. Better?
     
  2. Or you could see the Docker image as an executable file on a disk (an app's file); once you run your application, it promptly creates an instance running in its memory. Now that very instance is our metaphorical Docker container.
     

Have I managed to clear up your confusion or just... deepen it instead?
 

Docker Image vs Dockerfile: How Do You Set Them Apart in “Dockerland”?

Now, let me rewind to the stage where we can't even be talking about containers (not just yet). Where not even Docker images are yet built: the Dockerfile stage.

You can take a Dockerfile as a... recipe for creating Docker images.

And here's how the “cooking of an image” takes place:
 

  1. a Docker command is run in that Dockerfile
  2. and so an image gets built
     

Clear as daylight: a Dockerfile is a... file that you create which, in return, creates a Docker image when you run a separate build command.
 

The END! Do be honest now: have I managed to clear up your “Docker Image vs Container” confusion?

If so, then “solving the puzzle” around this dichotomy will make a huge jump start on your Docker learning plan for 2018. Happy learning!            

Jan 18 2018
Jan 18

Ready to.... stare into your crystal ball? To turn your visionary "superpower" on and... get a glimpse of the future of ecommerce? Not the distant future, but the future of 2018. And hopefully, identify the 10 ecommerce trends in 2018 that you should integrate into your digital marketing strategy and start capitalizing on.

ASAP, needless to add! Way before they even grow into powerful trends and competition in the digital marketing arena becomes a... throat-cutting one.

No need actually! For I've already sneaked a peek into the near future for you (no need to take out your crystal ball anymore, you can jump straight to turning information into gold). And I've identified the trends in the ecommerce industry that will rule in 2018

Here are your “10 ecommerce commandments”:
 

1. Unlock Customer Reviews' Full Potential (Even the Negative Ones')

Not joking: pushing forward, right into the spotlight, exclusively the positive customer reviews will just lower users' trust in your brand (ironically enough).

Perfection generates suspicion, right?

So, always “bet on”... transparency.

Well, of course, it goes without saying that a significant “load” of honest high scores does have a huge impact on your conversion rate and on your brand's overall reputation. 

Now getting back to customer marketing as one of the huge ecommerce trends in 2018: it's a strong proof that you're valuing your users' feedback.

Which leads to recurrent shopping and attracts prospects like a magnet: you'll be regarded as a trustworthy, transparency-valuing brand, that does “give ear to” its own customers' feedback.

In other words: strive to encourage your customers to review their shopping experiences with you. For instance, a redeemable voucher/discount could make a powerful incentive, don't you think?
 

2. Add an Augmented Reality Dimension to the Shopping Experience  

From a shopping experience to... experiencing shopping. Seize the difference?

If the use of VR/AR technology for retail purposes ignited in 2017, it will simply... explode in 2018. It will continue to be one of the most influential ecommerce trends in 2018.

So you'd better join brands' “race” for coming up with innovative visual ways of showcasing their products. And, thus, make it possible for your customers to interact with your products while enjoying that true-to-life feeling that... might just turn them into buyers.

Whether it's:
 

  • a virtual tour of your brick and mortar store
  • a new AR feature integrated into your online store, rivaling Ikea's own “Place” app
  • any other functionality for turning your users' shopping experiences into virtual interactions
     

… you'd better hurry up and start brainstorming ideas
 

3. Influencer Marketing Will Only Get More... Influential in 2018

That's right, influencer marketing will continue to dominate the retail landscape this year. It's an increasingly valuable resource for you to tap into.

In 2018 even so more, since influencer marketing software comes to streamline your efforts in this direction:

it's built to point out to you — the online store owner/digital marketer — precisely the suitable methods to use depending on the specific leads that you're targeting. 

Now, this is gold!
 

4. Community-Led Marketing: One of the Rising Ecommerce Trends in 2018

Watch for the “community-lend brands”! Or, even, better: become one!

And it's customers themselves — communities of customers, that start seeing themselves as “brand representatives” — that will be pushing these newly emerging brands right in the very first line this year.

How can you, too, capitalize on community-led marketing? 

Here are a few sure strategies to turn your customers into your own brand's advocates. Into your marketing strategy's driving force:
 

  1. set up the perfect contexts on your social media channels for your customers to actually discuss your products
     
  2. encourage them to share their honest experiences after trying/using your products (user-generated content turned into an incentive for new prospects!)
     
  3. allow them to actually test your products and let them answer other prospects' questions on your Instagram or Facebook account
     

A customer-centric approach with a focus on user-generated content! Or valuing user feedback to such extent, that customers eagerly turn into your brand's advocates.

This is what community-led marketing comes down to, and this is precisely why it will turn into one of the most powerful online shopping trends in 2018!
 

5. Don't JUST Be Present on Multiple Channels: Be Consistent!

“About 85% of online shoppers start a purchase on one device and finish on another” (Google)

Need I add more? Your “cluster” of presences on multiple platforms should turn into ONE consistent presence on them all. Into one seamless visual and UI experience for your customers.

And how do you achieve consistency while going omnichannel, omni-device and after you've integrated all your presences on different channels?

Here are a few common sense tips and tricks:
 

  • from navigation
  • to payment gateways
  • to the design itself
  • to all the branding elements 
  • and social media content
     

… make sure you stick to the same self-imposed guidelines. It's one and the same entity that your customers should feel like they're interacting with, not one having... multiple personalities.
 

End of Part 1! Till we meet again to analyze together the other powerful trends identified for you, do take your time to ponder on these first 5 ecommerce trends in 2018. 

Have you anticipated them already? Are they relevant enough to your own ecommerce business? Do you find them powerful enough for “fueling” your online marketing strategy this year or are you still a bit skeptical that they're more than just buzzwords? 

Jan 12 2018
Jan 12

Native Apps: They're Not Going Anywhere... Not Anytime Soon

In other words, in the "progressive web apps vs native apps" competition PWAs make an alternative, not a replacement for native apps.

For native apps are here to stay and still offer plenty of advantages themselves, too, (while progressive web apps do have their own limitations to consider, as well) for companies and developers not to give them up anytime soon.

And here are just some of the key reasons why they continue to steal the spotlight. Reasons that might help you find your own answer to the “PWA or native app?” question:
 

  1. big brands, already having their own native apps running on their preferred platforms, don't feel the same pressure as low-budgeted companies to switch to PWAs; it's some sort of “inertia-driven stubbornness”
     
  2. app developers with a wide experience with IOS or Android don't feel like replacing their familiar work routines with a PWA-specific one, even if the latter is less complex
     
  3. let's admit it: the web-based app development does come with its own limitations that still need to be addressed 
     

Progressive Web Apps vs Native Apps: 6 Reasons to Go With a Native App

As PWAs exploit some of the native apps' drawbacks, so do the latter turn some of their “rivals'” limitations into their own strong points.

For instance:
 

  • PWAS might be widely adopted thanks to their universal compatibility, hassle-free user experience and short development time, yet they're not capable to interact with the devices that they run on
     
  • native apps can do that; moreover, they're perfectly adapted to leverage a mobile device's smart functionalities
     
  • also, PWAs run in web browsers, which, might turn into a disadvantage: it could slow them down 
     
  • … whereas native apps, being installed on the given devices, first things first, will inevitably load a lot faster; there's no longer a browser intermediating the process 
     

Now, let's dig out other strong reasons for... going native:
 

1. No Ifs and Buts: They're Faster

As previously mentioned: with the web browser acting as an intermediary, progressive web apps can't compete with their native “rivals” in terms of performance.

As opposed to PWAs, native apps are installed on the devices that they run on.

Therefore, not only that their code practically “lives” there, but it's platform-bound. Written with the requirements of that specific mobile operating system in mind.
 

2. They Come With Built-In NFC Support 

The “Near Field Communication” support is vital for certain businesses. So, do consider this native apps' advantage (or this PWAS' shortcoming, depending on how you want to put it) before you give a final answer to your “progressive web apps vs native apps” dilemma.

If it's of critical importance for you that your customers should be able to pay for your services with their phones, then you need to go native. There's no way around this!

PWAS can't yet interact with the NFC chip enabling this type of payment.
 

3. They Provide a Quality Control Guarantee 

All the app stores' “bureaucracy” might be discouraging enough, yet there are good intentions — resulting in a quality guarantee —  behind all those steps to take:

filling out forms, reading specific forums, following strict app development guidelines, waiting for your app's review process to be carried out etc., etc.

Instead of seeing them strictly as... highly restrictive, take them as multiple filters that clear your app of any malicious code.

As for PWAS, just think about it:

The easier it is for anyone to access your app by just visiting the web page hosting it, the easier it is for a hacker, as well, to exploit the vulnerabilities of that connection.
 

4. GEO-fencing: A Superpower Placed in Your Hands

And this is no exaggeration, especially if it's a retail app that you're planning to develop.

Just give it a moment of thought:

GEO-fencing will enable you (your marketing team) to define virtual “boundaries” in the real world; once a customer's mobile device enters or exits that defined area, a push notification gets triggered.

A powerful functionality to ponder on when you're facing a “progressive web apps vs native apps” decision-making challenge. A smart functionality that native apps can easily exploit, while PWAs can't.
 

5. They Can Leverage a Device's “Smart” Capabilities

And this is one of the major advantages of native apps over progressive web apps!

They interact with the mobile devices that they're installed on, meaning that they use their smart features to their full potential. Features such as:
 

  • proximity sensor
  • wave lock: you don't want your users' phone screens to go black right in the middle of a video you've inserted in your app, now do you?
  • ambient light
     

6. They Easily Interact With Other Apps

Take for instance this highly frequent scenario:

A user tries to set up his/her account within your app and he's given the option to enter his Facebook login details

It's the perfect example of native apps interacting with one another. And this is but just one example of inter-app communication that helps users save valuable time.
 

So, What Kind of App Should You Develop After All?

“ The one that best serves your needs.”

So, get them clearly defined first things first:
 

  1. Do you need to develop a basic customer service/retail app? And, moreover, you're both budget and time-limited, as well? Then a progressive web app might just be the perfect fit for your project's needs. 
     
  2. Is it a mobile app exploiting smartphones' advanced functionalities to the fullest that you need to build? Then you should consider opting for a native app: it's fast —  which will definitely impact the overall user experience — it integrates with multiple payment gateways and it harnesses the power of “smart” features (Geo-fencing, NFS, wave lock etc.)
     

Also, when trying to pick your winner in the “progressive web apps vs native apps” contest, consider the expected future advancements, as well:
 

  1. mobile devices will get injected with more and more advanced technologies, tilting the balance in native apps' favor 
     
  2. progressive web apps will continue to be constantly supercharged with new and new functionalities, that go beyond a web browser's standard ones (integration with Bluetooth, with NFC, with smart devices' hardware features)
     

That being said: the choice is yours to make! I've only pointed out the main criteria and the key benefits/limitations for you to weigh and to compare, so you can make a fully informed decision.

Jan 12 2018
Jan 12

The paradox of choice, right? Didn't it use to be so much easier back in the old days, when you had just one option at hand? "You wanted to go mobile, you just knew this meant “pumping” money into a native app." Clear as a day! But what do you now, when you're facing a "progressive web apps vs native apps" situation?

Which app development approach is the perfect fit for you? For the nature of your business and for your app project's specific needs?

PWAS seem to be “stealing the show” these days: first they intrigue, next they “seduce” with the hard-to-resist-to promise that they deliver:

Empowering small businesses to compete against the "giants" in the mobile app development arena!

And still: native apps won't be going anywhere anytime soon!

Moreover, they'll get even more robust and faster, as the devices that they run on get more and more advanced. And as they'll continue to leverage their great advantage over progressive web apps

Leveraging mobile devices' smart features and capabilities and thus delivering an enriched user experience.

Now, to put an end to your “turmoil”, I've come up with a sort of “inventory” listing the set of benefits that you can reap from choosing one type of app over the other.

Here it goes:
 

But First: What's a PWA? And How Is It Different from a Native App?

“An app running inside the user's web browser, that he/she doesn't need to download and install beforehand. And which, moreover, is injected with native app-like functionalities and wrapped in a seamless user interface.”

This should be a clarifying enough answer to your “What's a PWA?” question.

Bottom line, the key difference between PWAs and native apps is:

The first ones run inside web browsers, while the latter run on the mobile devices that they're installed on.

The concept behind this revolutionary approach to app development is both daring and ambitious:

Cutting down the overhead and the discouraging complexities usually associated with a native app's development process.

And thus:
 

  1. reducing time and costs
  2. eliminating the step where your users download it from an app store 
     

Progressive Web Apps vs Native Apps: Top 7 Benefits From Choosing a PWA

For it all comes down to benefits, right? What's in it for you if you choose one app development approach over the other?

The level popularity that one type of app has gained falls shortly behind the very set of benefits that you get.

Now here are the most valuable ones to consider when you're having a “PWA vs native app” dilemma:
 

1. You'll Reach Out to A Significantly Wider Audience, With Fewer Resources

As compared to developing an Android-focused or an IOS-focused native app, a PWA will practically grant you access to all platforms. It's a “develop once, run everywhere”, type of situation:

A PWA is a “platform-agnostic” type of app.

Needless to add that your progressive web app's extreme versatility will help you reach the widest audience way quicker and with minimal costs.
 

2. You'll Reduce The App Development Cycle Times 

And this is, undoubtedly, that heavy-weighting advantage tilting the “progressive web apps vs native apps” balance in PWAs' favor. The very reason why progressive web apps gained so much attention in the first place.

With native apps' development process “famous” for:
 

  1. all the headaches it causes
  2. all the complexities specific to any platform-bound solution
  3. all the time-consuming steps to take: crafting some eye-catching screenshots, writing down the description, identifying the right keywords and strategically sprinkle them across the description...
     

... PWAs emerged in a highly favorable context and they “exploited” precisely the overhead associated with a native app development cycle.

So, they managed to “lure” developers unsurprisingly easily by:
 

  1. eliminating most of those complexities from the app development process
  2. eliminating the need to build multiple platform-bound versions of the same app
     

Also, it goes without saying that reduced development times translate into reduced costs.
 

3. It's a Unified User Experience That Your App Will Deliver 

The advantage of being platform-agnostic bubbles up to the user experience itself.

Having a unique version of your PWA running on all platforms, accessible to all customers, it'll be easier for you to deliver the same user experience to your entire user-base.
 

4. A Hassle-Free User Experience Requiring the Minimum of Effort

Compare the 2 following scenarios:

a. a hypothetical user visits a certain app store, chooses an app, waits for it to download and then goes through all the steps required for installing it on his/her mobile device

b. a hypothetical user lands on a website and gets to use the app right there, almost instantly, with no prior installation; moreover, if he/she wishes, he can save the link as an icon on his device's home screen

Isn't it obvious why, in a "progressive web apps vs native apps" competition, the advantage of easy access will always outweigh most of the native apps' benefits?

In a few words: 
 

  1. you, as the app owner, get to deliver the content you wish to deliver with utmost ease
  2. while your users access it using the fewest numbers of steps
  3. … and high accessibility translates into a higher level of user engagement
     

A win-win situation!
 

5. Users No Longer Need to Install The Latest Updates Themselves

A major convenience both for you and for your apps' users:
 

  • you'll get to easily keep them up to date with all the changes that you might apply to your services
  • with no updates to run and no need to re-download the app, users always get the latest version of your app, upgraded with the most recent functionality features that you will have added to
     

6. Extended Compatibility: All It Takes Is a Modern Web Browser

That's right since PWAs run on HTML 5 — the standard for web content — a modern web browser on his/her mobile device is all that a hypothetical user needs for accessing your app.

Talking about maximizing your app's reach, right?
 

7. You'll Cut Down Costs For Building and Marketing Your App

You can get a progressive web app up and running (and marketed) in no time! With considerably fewer resources of time and money to invest.

So, if:
 

  1. you're facing a limited budget
  2. you're in the retail or hospitality business
     

… the benefit of bringing your customer service app to your customers quickly and in a cost-effective way is just... priceless.
 

The END! Well, not the end on my post on the progressive web apps vs native apps “competition”, but the end of the list of reasons why you should consider going with a PWA instead of a native app.

Stay tuned, for in the second part of this post I'll be:
 

  • putting the spotlight on mobile native apps
  • revealing to you all the benefits that you can enjoy from choosing this type of app development approach
Jan 03 2018
Jan 03

“Build the next big thing in terms of AR apps!” Is this goal on top of your New Year's resolutions list? Well, then right now you must be wondering: “With so many tempting augmented reality tools out there to choose from, which one's best for my own AR solution?"

A frustratingly ambiguous answer could be:

"The one that best serves your AR app development needs."

Meaning that whatever AR platform you'll be choosing, it should:

  1. meet your project's requirements
  2. serve the goals that you will have set up for it

And yet, this “matching” of the AR libraries at your disposal with your project's specific development needs is your “mission” and yours only.

Nevertheless, we can still help you streamline your selection process.

How? By shortlisting 6 of the most popular augmented reality development tools in 2017 with a great potential to grow even more influential in 2018. 

Here they come:

1. Kudan AR

An augmented reality SDK that “pioneered” the network intelligent vision (bringing together AI and IoT).

And which sets itself apart from the other augmented reality tools in our short list here due to its robust single-camera SLAM.

In other words: Kudan AR supports mapping tracking and simultaneous localisation.

Built for both iOS and Android-based apps, Kudan AR supports markerless tracking (meaning that it uses features such as edges, corners, and textures) and, moreover, it's designed to recognize an unlimited number of images.

Where do you add that it doesn't get “greedy” using too much of your app's memory to store its files and (big advantage!) it's significantly faster than other AR SDKs.

Summing up its key features and functionalities now:

  • 2D/3D Recognition in the same application
  • supports markerless tracking
  • supports Simultaneous localisation and mapping (SLAM) tracking technology

2. Vuforia, By Far One of the Most Popular Augmented Reality Tools

Call it a "complete tool" for developing AR apps!

It practically “empowers” you to create any kind of AR solution for any type of device, any platform! A visually arresting augmented reality app or game “packed” with cutting-edge functionality. 

Yet, it does have its own shortcomings, too, the most “discouraging” one being that its free version comes with Vuforia watermarks and limited functionality. 

Even so, the balance between great features and innovative capabilities and shortcomings is titled so that it favours the first ones. Let us detail:

  • it's supercharged with smart terrain functionality for reconstructing a terrain and therefore a whole 3D map of the environment in real-time 
     
  • the same, above-mentioned functionality, will empower you (or your app development team) to create some fully interactive user experiences where the app's elements interact with the physical world
     
  • it's extended tracking feature enables your future AR app to deliver a 100% realistic visual experience even when the target elements are out of view (in other words users will be able to simultaneously engage themselves in the gameplay and still visualize the vehicles for instance)
     

And now summing up Vuforia's most notable features:
 

  • it comes with virtual buttons, which allow you to switch between various surfaces, which play the roles of your true-to-life, natural-looking touch screens
     
  • mixed reality and eyewear support (that's right, Microsoft HoloLens here included)
     
  • cloud recognition (and on-device, as well), meaning that it's capable to use either a local or a cloud database during the image recognition process 
     
  • Vuforia Object Scanner
     
  • it comes with Vumarks (Vuforia barcodes), which act both as data encoders and as markers
     
  • it's built to recognize both 2D and 3D objects
     
  • text recognition: Vuforia's designed to recognize over 100.000 words (and, moreover, you're enabled to use your own custom vocabulary, as well)
     

3. Wikitude

The third augmented reality development kit on our list is actually an “all-in-one” platform in fact. One which brings together:

Instant tracking + 3D markerless technology + Geo-location + Object/Image recognition and tracking

And all these top-notch AR features bundled up in one single AR app development kit can only mean 2 things:
 

  1. you get to build both marker AR mobile apps
  2. ... and location-based ones
     

Available for iOS, Android and Glassware, Wikitude is one of those commercial augmented reality tools. It does come in a trial version, as well, but do expect it to “surprise” you with a series of limitations, such as its logo showing up in cam view.

And now, let's go through its attention-worthy features and functionalities:
 

  • it provides you with Wikitude Studio, which makes AR app development a breeze, literally, since it requires no programming skills whatsoever: just drag the elements onto the studio screen and... put together your app 
     
  • Wikitude SDK is currently available for Android, iOS and the Glassware platform
     
  • on-device and cloud recognition 
     
  • instant (3D) tracking (it will display virtual objects and map out environments without using markers)
     
  • extended tracking 
     
  • geolocation support: your AR mobile app can get enhanced with location-based services, as well 
     

4. ARToolKit

ARToolKit is, in fact, a group of augmented reality tools that you can use for building your app.

And its heavy-weighing pro, that helped it make it to our list here, is that it's... an open-source code! That's right, you gain free access to its library, so you'll be able to tailor its source code to your AR app's specific development needs.

Nevertheless, this comes with a drawback: limited documentation! So, do keep this in mind when you're on a lookout for the most appropriate AR platform for your app project.

And now, let's list its other “seductive” features besides its open source nature:
 

  • simultaneous tracking: basically you get to “empower” your AR apps to track multiple objects at the same time
  • both single and dual camera support 
  • integration with GPS (a vital feature if it's a location-based AR app that you're developing)
  • it supports various platforms, ranging from iOS and Android to Windows, macOS, Linux...
     

5. Apple ARkit, One of The Revolutionary AR Frameworks

And it was pretty much around the time when iOS 11 introduced ARKit in the digital arena that app developers' “mad race” to build their own next big thing started.

Did you start planning your own AR solution around the same time?

Running on Apple 9, Apple 10, and A11 processors, Apple ARkit empowers you to create and deliver augmented reality experiences to your users both on iPhone and iPad (obviously!).

Now let us highlight the top-notch functionalities that will empower your app development team to put together not “just” AR experiences, but some truly realistic, immersive ones:
 

  • VIO (Visual Inertial Odometry) combines core motion data with camera sensor data, enabling your future AR app to accurately track the environment 
     
  • it's capable to detect horizontal surfaces (e.g. floors and tables) and objects on smaller feature points 
     
  • it's equipped for plane, scale and ambient lighting estimation
     
  • fast motion tracking
     
  • it can be used with third-party tools such as Unreal Engine and Unity, with SceneKit and Metal
     

6. EasyAR 

Here's another SDK “overloaded” with cutting-edge functionalites on our augmented reality tools list here!

And even if you go with the free version of the EasyAR kit (which won't provide you with certain of its functionalities, such as SLAM, 3D tracking and screen recording), you still get an impressive load of features:
 

  • cloud recognition
  • 1000 on-device targets storage
  • unlimited recognition queries
     

And where do you add that getting it up and running is just a matter of registering your account and generating your Bundle ID's plugin key.

Its list of top features would have to include:
 

  • cloud recognition
  • app cloud packaging
  • 3D object recognition
  • environment tracking
     

The END! These are the 6 augmented reality tools that you should consider selecting from if you're decided to go ahead and build your first AR solution this year. Good luck checking them off your New Year's resolutions list!

Dec 08 2017
Dec 08

I know that one of the tips from my previous post was to start preparing for the event a month before or so. And yet: there's no such thing as “too early” preps for the Web Summit 2018

The future belongs to those who plan ahead, especially if you're a startup founder!

Nevertheless, irrespective of a company's size or for how long it's been on the market there's plenty of networking potential to be seized and to be leveraged at the conference. For everyone.

So, why not start your pre-conference preparation by going through my handful of valuable advice and top tips based on my experience there representing OPTASY? Tips on how to create your own networking opportunities and how to fully “exploit” them.

Hence, today I'll be sharing with you some of my experience at the Web Summit from a company's perspective, along with insights and advice from the standpoint of OPTASY's assignee there (me).
 

1. Do Your Pre-Conference Homework Like a Pro'

Plenty of research here included!

My advice, from the previous post on this topic, to take your time to properly prepare for the event applies, all the more, if you're attending the Web Summit 20918 as a company.

With so many big names and start-ups striving to maximize their opportunities to build connections and meet potential partners — before and while at the conference—  reaching out to people and scheduling meetings long time in advance becomes... common sense.

Read bios, make yourself a list of the people you'd love to “chat” with and... drop them a line. Make contact, schedule valuable meetings...
 

2. … and Do Show Up At Meetings With All Your Homework Properly Done

By “homework” I do mean 2 things:
 

  1. improvisation is definitely overrated; instead of relying solely on your personal charm and persuasion skills to win them over, try to collect (and to memorize) as much key information about the people (and their companies) you'll meet as possible: projects, shared values, success story, objectives, approach to disruptive technologies etc.
     
  2. don't deliver them just plain, rigid numbers and statistics, but tell a story, your company's unique story; in this respect, again, don't rely exclusively on your spontaneity, but craft and repeatedly polish your story long time in advance
     

3. Write Down Notes After Every Single Meeting: They Are True Lifesavers

“Specific” notes I should add. You can even write them down (the notes) right on the business cards that you'll receive.

OK, so you may not be interested, at first, in someone's plans to travel around the world or in his golden retriever's name, but, believe me:
 

These seemingly insignificant details will turn out to be powerful information once the summit ends and you go back to the office!
 

This is the kind of personal information that will “fuel” your follow-up emails to those people, helping you add that personal touch that's not to be underestimated.

Take these on-the-spot notes as the surest way to remember all those people that you'll chat with. To quickly put a face on each name written on a business card. 
 

4. Follow Up on The Very Same Day 

The best way to “carve” a meeting in your interlocutor's memory is to send him/her a follow-up email the very same day. One where you express, once again, your intention to help him/his company. 

Patience might be a virtue, but when it comes to fully exploiting your networking opportunities at the Web Summit 2018, quick reactions, real-time follow-ups, are a must.
 

5. Be Alert, Meet and Mingle

Once at the web summit: sharpen all your senses!

Keep your eyes “wide shut”, ready to:
 

  1. “detect” any “big” company/startup celebrity name on a badge
  2. listen to people chatting around you 
  3. mingle with the crowd
     

Networking opportunities are “floating” there, everywhere, the cafeteria here included!
 

6. Set Up a Goal and Never Lose Sight of It

Why do you plan to/will be attending the Web Summit 2018? What are you hoping to get out of your attendance to this major tech conference?

Is it for getting your company's name out there? Is it it for promoting your brilliant, innovative business idea? Is it for meeting potential clients/finding investors?

Or are you looking for an inspiring mentor maybe?

Just don't show up there without a goal! With nothing but pure... enthusiasm.

Define your main objective long time in advance and build your powerful strategy around it!
 

7. Try Out Different Networking Methods While at the Web Summit 2018

Remember: your time in the spotlight, when you get the chance to exhibit, lasts for just one day.

Therefore, it's crucial that you plan out the other 2 days left in detail. A highly effective approach to planning is to try a mix of different networking strategies:
 

  1. hand out fliers
     
  2. take a tour of all the booths there
     
  3. go to your scheduled meetings
     
  4. attend conferences and try reaching out to speakers after
     

And, most of all, as you “juggle” with all these networking methods, stay creative and you'll stand you! You'll get noticed!
 

8. Don't Formalize: Meet People Over a Drink

And speaking of “meeting and mingling”, don't hesitate to invite your interlocutors to chit-chat over a drink at one of those night events at the Web Summit 2018.

Turn the Pub Crawls, get togethers and, most of all, private dinner parties into some great (if not the very best) opportunities to make connections. 

Mingle with the crowd, a glass in your hand, and interact while trying to have some fun, too. To enjoy your experience there, as a (startup) company attendee!
 

And this is it! OPTASY's 8-step guide on how to network like a champ', how to seize and value all the opportunities of making new, valuable connections, as a company, at the Web Summit 2018. Good luck with that!

Dec 06 2017
Dec 06

My first time at the Web Summit! And it's been almost... “surreal”, I'm still having trouble believing that I did, indeed, attend it (has it been a month already?). 
    
You go over all the numbers (60000 names, 1200 speakers etc.), you scan through the overwhelmingly long list of participants (packed with awe-inspiring names) and you start to feel just like a... kid going to Disneyland for the first time:
 

  • Am I really going to attend these talks?
     
  • Be in the same room (even if in the very last row... these are just details) with all these... tech and business giants?
     
  • Get close to all these inspiring innovators (I know, I know: I start to sound like a fanatic)?
     
  • And last but definitely not least: get to immense myself in this astonishing city?
     

Of course, once you go through the list over and over again, you use the app day and night and you burst with over-excitement, you gradually... cool down and start doing your homework.

To properly prep for meeting all these influencers. For you do want to make the most of your staying there and not waste anyone's time.

But before I go on with my list of tips and advice on how to prepare for a Web Summit — whether you're a startup founder or a tech enthusiast — allow me to share with you some glimpses of my actual experience:
 

1. Got There Pumped Up for the Event and Left Head Over Heels in Love With... Lisbon!

For it's simply... breathtaking!

Lisbon lures you in to explore it, then it crawls into your heart and... gets stuck to it! 

The cosmopolitan city basking in the sun has been the host of “the best technology conference on the planet” for the second year in a row. And this after the conference had spent its “childhood” in Dublin and... well... got a bit... too much for the Irish capital city.

And organizers couldn't have picked a better “host”:
 

  • the city of Lisbon had the capacity to easily accommodate the heavy influx of participants
  • it took me about 40 minutes to get from the venue to the city centre, by subway
  • I got (thank God!) stable internet connection throughout my staying there
  • there were no discouragingly large crowds gathered around the exhibit stands
     

2. Attended Talks and Conferences: My Top Favorites

For even though some more experienced Web Summit participants might advise you to watch the speeches on YouTube —  and instead, while there, to network like there's no tomorrow (or a next web summit to attend) —  I stuck to my own schedule.

It would have been inconceivable for me not to attend the conferences and talks that I was so looking forward to.

And here's a short list of the ones that I loved best:
 

  1. Stephen's Hawking's Talk on Disruptive Technology, on how “Artificial intelligence comes, and this can become both a major success and the main failure of mankind “, that if it's not geared exclusively at SERVING humanity (and not the other way around)
     
  2. Bryan Johnson's (the CEO of Kernel) Talk on Prioritizing Humanity, above all, and the stringent need for people to learn to adapt to the newly emerging tasks that disruptive technologies assign to them
     
  3. Margrethe Vestager's, The European Union's Commissioner for Competition, Talk on Fair Play and Tech (filled with self-evident examples of invasive usages of technology and of tech giants engaging in tax invasion)
     
  4. Dana Settle's (Greycroft) and Jim Breyer's (Breyer Capital) Speech answering the legitimate “Where to Invest in 2018?” question: in core technologies, practical and simple apps, (e.g. virtual, personal health assistants) in AI, machine learning; a talk with a focus on China as the world's second largest AI development center
     

3. And Now: My Top Pre-Event Preparation Tips and Tricks 

Let me switch from what might look like me bragging about my experience at the Lisbon Web Summit 2017, to me sharing some practical tips with you.

Some advice on how to properly plan out your attendance and prepare like a pro' for the event:
 

  1. First of all: start your pre-conference preparations long time in advance (a month before or so)
     
  2. Next, download the Web Summit app; and this is a true power placed in your hands if you know just to harness its full potential
     
  3. Then, it's time you do your homework: delve deep into the wide list of participants (luckily you'll find them all right there, listed in the app), scan them through, read bios, do your research work and reach out to them (be perseverant), make connections, schedule meetings
     
  4. The event's app will be your most reliable ally thanks to its conveniently easy-to-use and time-saving filters: don't be afraid to use them
     
  5. Rely on keyword search, as well, and put together a list including ONLY those people whom you'd just die to meet and chat with, who inspire you, whose story you're fascinated with, who are most likely to provide you with information that's 100% relevant for your industry 
     
  6. Put together a schedule of meetings, for once you get there... you risk to be swept by the “whirlpool”. It will help you stay focused, stay organized and maximize all your networking opportunities once you're at the summit
     

In short: there's no easy way to properly prep for the Web Summit 2018; no quick trick or secret recipe to making connections and scheduling meetings so that you land in Lisbon with a solid strategy at hand, that you'll just need to... execute to perfection.

It's all about kneeing deep in the discouragingly rich database of participants, running a rigorous selection and reaching out to people. 
 

4. Web Summit 2018: My Advice on How to Make the Most of It

So, with your list of contacts plus your schedule of meetings in one pocket and your Web Summit app in the other one you... arrive in Lisbon.

Now what?

Here are a few tips and tricks on how to get the most out of your next/first web summit attendance:
 

  1. Schedule all the talks and conferences that you want to attend; in this respect, the recommendation feature and the event calendar —  2 of the app's key features —  make some really powerful tools
     
  2. Next, remember that people connect more easily outside conference halls and that networking at Web Summit doesn't end at sunset; be ready to attend some of the night events (parties here included!) scheduled for the Night Summit; pub-crawl, interact, make connections while you're having some well-deserved fun, as well, after a full, hectic day
     
  3. But probably the only really “strict” advice to follow while at the Web Summit is: Be creative! Don't be shy to reach out to people, you'll be surprised to discover that some of them are really willing to share their experiences/expertise (for that's why they go there after all, to network with people passionate about innovation, with disruptive technologies enthusiasts, like you, after all), to create your own networking opportunities

    My Experience at Web Summit 2017 : Night Summit

    And this is my (first) Web Summit experience in a few words and my tips for you if you're planning to hit the 2018's tech conference!

    Stay tuned! In our next post we'll be sharing with you a tried-and-tested step-by-step guide on how to network like rockstar — as a startup company — at Web Summit 2018!

Dec 05 2017
Dec 05

Long gone are the days when AR and VR used to be associated (strictly) to roller coaster simulations, the gaming industry or true-to-life aerial experiences. Today we can be talking about an ever-wider range of innovative use cases for augmented reality in enterprises. 

About a niche technology turning... mainstream and, moreover, going beyond purely entertainment purposes.

Moreover, AR's potential for improving performance, boosting efficiency and enriching customer experience has long ceased to be a “privilege” of the top most valuable brands.

And since it's ceased to be an “exclusive” technology, why not harness its potential? Why not capitalizing on AR's potential in your own organization, too?
 

“What specific use case best suits my particular business needs?”
 

... you might be wondering.

Here are some of the most interesting current uses of augmented reality in enterprises:
 

1. Remote Workforce Supercharged With AR Power 

Just take this scenario:
 

You have two teams working on the same project — an in-house one and a remote one — and you get to leverage AR's power to actually immerse your remote team in the project.
 

… to bring together all your employees, scattered around the globe, in a collaboration enhanced by that strong feeling of “being there” that AR instils.

Or you can go for the second scenario: use AR to easily monitor out of location employees.

And this feature gains a critical importance if we're considering 3 specific types of employees working “off-site”:
 

  • engineers on an oil-rig
  • medical first respondents
  • linesmen on power lines 


2. Step-By-Step Guidance Overlaid on Work Areas via AR Displays

Another one of those efficiency-boosting (translated into manufacturing error rate cut down by almost 90%) use cases for augmented reality in an enterprise is overlaying instructions.

Practically via an AR display the manufacturer — take one manufacturing an aeroplane wing or one assembling an automobile, for instance — gets hyper-explicit guidance overlaid precisely on his work area.

With instructions being conveniently visualized, overlaid right on the work area, the employee practically gets step-by-step guidance for carrying out his tasks of high precision with utmost accuracy.

Where human error possibility should be whipped out of the process, AR comes to bring out-of-this-world precision into the real world!
 

3. Using AR Geared at Improving Warehousing and Logistics Efficiency

A potential that DHL knew just how to exploit to their benefit: streamlining warehouse pick-and-place operations through the use of smart glasses which are pointing out the shorter routes for the employees to take; and implicitly cutting down the error rate, too.

An unbelievable efficiency booster that you, too, can leverage in your organization for cutting down costs on logistics and warehousing resources and reducing human error.
 

4. Enriching Your Design/Engineering Team's Experience 

By their powers combined, AR and VR will help you:
 

  1. enrich your customers' experiences by bringing design concepts to life; take a scenario where a family planning to renovate one of their bathrooms can walk right in its virtual replica and visualize precisely how it's going to look
     
  2. enrich your designers'/architects/engineers' experiences: 3D objects/environments represented on two-dimensional screens vs 3D representations in real size; practically engineers/architects/construction workers/designers get to visualize their work in progress and spot the areas that need adjustments with far more accuracy and in a timely manner
     

It's one of those use cases for augmented reality that will empower you to increase your team's performance and create richer, immersive customer experiences. 
 

5. Real-Time Data Vizualization

… at an enterprise level.

And this is one of those scenarios where you get to turn AR into a... superpower.

Just think about it:

Visualizing data in real-time and, moreover, projecting these data visualizations onto different surfaces will not only:
 

  1. enhance a more in-depth understanding of that specific data
     
  2. ... but even enable larger groups of managers to collaborate far more effectively and make data-driven decisions based on a shared understanding of that data
     

And this is one of those augmented reality business use cases that can go as far as projecting board-room-seized 3 D views of your business! There you can get an even more accurate view of your entire data infrastructure, with all its strong and “sore points” to focus your efforts on!
 

6. Augmented Reality Training: One of The Most Valuable Use Cases for Augmented Reality 

Will you join the AR revolution in staff training and professional development?

And since nothing beats practical examples, here are some current uses of AR as a powerful training tool:
 

  • using AR to quickly empower staff to get a grip on using highly complex equipment, machinery
     
  • using AR to enhance the learning of complex concepts
     
  • using AR to enhance collaboration during staff training via virtual, true-to-life presentations, field tests etc.
     
  • using AR to a supercharge a “learning by doing” type of training, where real-life situations would be too dangerous to (re)create: such as performing surgery or flying a plane
     
  • using AR to recreate specific environments/scenarios/reality augmented workplaces in order to improve your employee's “soft skills” (public speaking, dispute resolution, decision making under stress); you even get to tailor your AR training to each team member's profile 
     

To sum up: using AR in training processes helps you “unleash” all that potential of creativity and efficiency otherwise limited by the “conventional” type of trainings.

Take AR as far as your imagination takes it and create your own use cases for augmented reality suitable for:
 

  1. your team(s)' specific needs
  2. your organization's specific goals for maximizing your team's potential
     

Final Thoughts

Now guess what: all the above-mentioned use cases for augmented reality are not “lab experiments” or “projects about the far future to come”. They're being implemented, as we speak, in real-life workplaces.

AR technology is now commercially available and has become and is continuing to get even more accessible. And its potential for enhancing both the customer and the employee experience is huge.

… you just need to “power” it with content — your unique content — and to harness its potential in use cases of augmented reality perfectly suitable for your own organization!

Nov 29 2017
Nov 29

The date in the calendar can only confirm what you already know/feel: it's gonna get even chillier! So, what do you do? You get yourself a cup of coffee, get cosy and... defy the weather reading some great Drupal content. Speaking of which, we do have some recommendations of Drupal blog posts for you, pieces of content which have made some great reads for us this month.

Ready? Cosy enough? Let's delve in:
 

Easy to read, usable and therefore useful content...

The Vardot's blog post on Drupal distributions “keeps the promise” it makes in its headline. It answers those 2 key questions that any organization considering to power its Drupal project with a software distribution is asking:
 

  1. What is a Drupal distribution more precisely?
  2. Why should I even bother using one instead of building my Drupal website from the ground up, the “traditional” way?
     

The author, Mohammed J. Razem starts by defining Drupal distributions: installable packages including all the bare essentials:
 

Site/use case/industry-specific Drupal elements (Drupal core, modules, themes...) + Additional software components
 

Then, he goes on highlighting the most popular Drupal distributions.

Next, he ends his post by outlining the benefits that an organization can easily reap from opting for a pre-configured Drupal website over building one from scratch (and it does it remarkably, in a well-argued and well-pointed way).

… over having to scan through an overwhelmingly wide collection of Drupal modules for selecting precisely those suited for its specific Drupal project, relevant for its own use case/industry.
 

And these are not just “big words”. We are honestly:
 

  1. impressed with Karen Stevenson's discovery
  2. grateful for having shared it with us; the ones who have experienced this inconvenience and gradually accepted that there was no way to style Drupal 8's WYSIWYG editor to suit our needs/preferences
     

How could we have kept this valuable piece of content to ourselves and not share it with you by including it in our list of favourite Drupal blog posts from November?

She altruistically points out the 2 solutions — for not only that there IS, indeed, a solution to this “limitation”, but it even comes in 2 “flavours” — for styling the editor in Drupal 8.

And then goes on and even inserts that specific piece of code from her theme's info.yml file, thus “exposing” to the world exactly how the implemented solution (she opted for “injecting” ckeditor_stylesheets into her site theme's info.yml file) should look like in your own future code.

And there's more! 

LULLABOT's (the team behind one of the very best Drupal blogs our there) director of Technology ends her post with a friendly “warning”:
 

Applying this change to your theme's info.yml file is a must, even if it's the admin theme that you might be using on your node form!
 

Told you that we would be sharing with you only Drupal blog posts jam-packed exclusively with useful information!

Here's another great example, coming from EVOLVING WEB's PHP developer, Jigar Mehta: he practically "serves us”, on a silver plate, his team's groundbreaking discovery after struggling to improve a Drupal site's performance during a migration process.

The name of their brilliant solution? Blackfire! 

A code profiling tool for PHP whose “superpower” they harnessed in their attempt to drop individual migration processes' time to under 3 minutes. 

And they did reach their time performance objective goal! Here's how precisely:
 

  1. running Blackfire to analyze performance on their about-to-be-migrated-to-Drupal-8 website 
     
  2. … they did found the “culprit” negatively impacting the site's performance during migration: 50 “suspicious” SQL queries (one per row, which, surprise, surprise, weren't being recorded anywhere!) that were inevitably bogging down the website      
     
  3. … and they “confronted” it: they used statically caching on the total record pointed out by Blackfire 
     

Tada!

Blackfire saved the day and Evolving Web preserved their reputation as a team of professionals who are, moreover, proudly promoting open source and “sharing” the fruits of their works.

A big “Thank You”.
 

Blazej Owczarczyk, from AMAZEELABS.com, writes a post (part of a GraphQL on Drupal 8-dedicated series, in fact) where he:
 

  1. highlights the GraphQL's Drupal module's features (still in beta); we're talking about a “group of modules, in fact: GraphQL, graphQL_core and GraphQL_content (plus the auxiliary modules)
     
  2. gives an overview of 2 valuable tools (the Explorer and the Voyager) that integrate the powerful layer query language with Drupal right out-of-the-box
     

It isn't discouragingly lengthy and it's packed with useful and usable information only. Just the way we like the Drupal blog posts that we invest our valuable time in to be. 

A “tutorial flavoured”, case study-based piece of content that we strongly recommend you to add to your must-read Drupal blog posts list. For 3 strong reasons:
 

  1. it's short 
  2. it's perfectly structured and easy to read (small, information-loaded paragraphs alternating with “chunks” of “helpful” code... with a funny gif on top)
  3. it's true facts/challenge-based: the LUCIUS DIGITAL team's work (still in progress) on their real-time chat platform, Lus
     

It takes you through all the steps carried out for putting together an auto-complete field for their new app, one geared at enabling users to create new channels quick and easy.
 

And this is how our own list of top favourite Drupal blog posts from November looks like!

What about you? What pieces of content on Drupal development have caught your attention and probably even made it to your bookmarks this month?

Nov 14 2017
Nov 14

Create content for your customer FAQs... content for your website... next for your website's blog, as well... produce user-engaging content to upload on all social media channels... then go ahead and produce sopy for your flyers... A bit overwhelmed? Well, it's just getting started! Now you have to make sure your content gets delivered across “101” types of devices, as well. So, how about trying to create intelligent content instead?

How about... stepping into the future of content? 

A future where technology (e.g. AR) compliments and boosts human efforts of coping with the ever-growing content demands that an organization must meet:
 

  • create and then deploy custom content across a plethora of channels (voice assistants, chatbots and other newly emerged technologies here included)
  • deliver it (at the perfect time) across a myriad of devices (tablets, smartphones, smartwatches, desktop computers...)
  • … to multiple audiences
     

But let us delve into details about:
 

  • what intelligent content is
  • what type of content “qualifies” for being made more... intelligent
  • whether intelligent content marketing is suitable for your organization's specific content demands
  • why you should bother at all, what are the clear benefits you should expect to reap
  • where to start; what steps to take for setting up your own intelligent content strategy?
     

1. Intelligent Content: What Is It? Just Another Fancy Marketing Catchword?

Or better said: what makes it “intelligent”?

Let us give you some “clues”:
 

  • it results from an efficient use of the latest “wonders” of technology, human capabilities and content handling processes
     
  • it's ideally structured to enable retrieval and re-usage
     
  • it's content viewed as a business asset and managed as such
     
  • it's a modular approach to content: multiple fragments that you get to put together, adapting the result to any targeted device/channel's format (and specific audience) constraints
     
  • it's content customized at multiple levels: the user's, the channel's, the device's level 
     

A term coined by Ann Rockley, intelligence content is basically a scientific-like approach to content creation, management and delivery:
 

“Intelligent content combines the wonders of technology with human capability in a way that powerfully supports an organization’s goals.“ (What Is Intelligent Content)


And it's a two-way approach to content:
 

  1. creating the design-agnostic content itself and breaking it into component parts, that you then structure by adding metadata tags; tags which will enable you to put them (the content fragments) together in an assembly-line style depending on the channels that you'll deploy them on and on the audiences (and devices) who'll be “consuming” your content
     
  2. adopting a whole new mindset where you approach content as “genetically” structural; as soon as you start to “view” it as being modular, mixing and matching its components to suit a specific audience, a specific channel or device will come naturally to you...
     

In short: content with device & design-agnostic structure turns into an ideally versatile type of content in today's multi-channel, multi-device digital marketing landscape. Adopting this approach to the content that you produce will only grant you content that's:
 

  • neatly structured (via semantic tags) and consistently organized
  • reusable
  • highly adaptable and customizable
  • easily reconfigurable
  • semantically structured and, therefore, “semantically aware” (easily “identifiable”, where modern technologies, including AR and machine learning, can easily “identify” what the content is about)
  • free from constant “touch-ups” at every instance of use
  • delivered via a far more streamlined publishing process (since it's no longer formats-constrained)
     

2. What Type of Content “Qualifies” for Being Turned into Intelligent Content?

Any type of content, any content contexts or scenarios! 

From costumer-support content to marketing content, to technical documentation, to content delivered across multiple devices and multiple audiences, to content specific to different products etc. It can all be turned into intelligent content!

Both producing it, delivering it and monitoring its performance the “standard way” (how many hours does your team spend, each week, tracking down data in Google Analytics?) is time and budget-consuming.

Now imagine a world where all these content processes, ranging from scheduling the monthly blog post topics, to scheduling social shares, to setting up your content strategy and so on would be handled automatically? By a machine? Then, from (just) an overly complex content strategy it will turn into an efficient, intelligent content strategy.

Moreover, you'd be actually future-proofing your content, too! Structuring it as a series of component parts will make it easier to be deployed even across channels that haven't yet emerged into the digital marketing world.
 

3. Does It Suit Your Company's Specific Content Creation & Delivery Needs?

It depends greatly on your load of content. 

If it's a 40-pages Drupal site that we're talking about, carrying highly crafted content only, that doesn't require frequent updating, then the investment isn't worth it.

In other words: if your content demands within your organization are more than “reasonable”, we consider that structuring your content beyond its basic HTML structure isn't justified.

But if we're talking about:
 

  • a content-packed website
  • content that needs to be constantly updated
  • content that needs to be translated into multiple languages, sent to multiple audiences, adapted to each product line (along with the challenge of multiple audiences per product line)
     

… then you should definitely jump on the intelligent content “trend” and streamline your entire content workflow
 

4. Top Benefits of Moving to Intelligent Content

Although we've already outlined a couple of the high impact advantages of moving to a more intelligent content marketing strategy, allow us to enlist them all:
 

  • it cuts down costs (content production, reviewing, monitoring costs, even translation costs)
     
  • it improves and guarantees quality and consistency across the website and across your whole ecosystem of channels to be deployed on
     
  • it adapts to any channel's particularities and constrains and it can be customized to those channel-specific audiences with minimal tweaking or close to zero intervention of your marketing team
     
  • it helps you deliver the right piece of content, to its target audience, in precisely the right format across that particular channel, on that specific device and at the right time of their customer journeys
     

Cutting down costs + providing the best user experience + future-proofing your content! Thes are the 3 key benefits that should weigh heavily in your decision-making process: to move or not to move to intelligent content?
 

5. Where Do You Start Developing Your Intelligent Content Strategy?

OK, so you've decided to make content on your website “more intelligent” and, therefore, to adopt an intelligent content marketing strategy. What now? 

Here are the steps you could take for a great start:
 

  • adopt a new mindset: start viewing intelligent content as part of your whole content marketing strategy
     
  • run a small-scale test (targeting just the upper levels in your organization's hierarchy for a start)
     
  • identify your organization's “sore points” and business requirements
     
  • focus on a small project for now and create a content model
     
  • put all the needed tools and technologies in place (authoring tools, XML, content management systems etc.)
     
  • consider going for headless Drupal or a single CMS
     

Once all the preparations are made, switch to more in-depth steps in defining and implementing your new content strategy :

  1. get your content broken into multiple component parts, the very first “transformation” phase required for it to be turned into intelligent content
     
  2. remove all content formatting and add metadata tagging; this way, you'll make it discoverable, reusable, adaptable and keep adding on all the other features ending in “-able”) that set the difference between (just) content and intelligent content 
     
  3. move one step at a time; implementing an intelligent content strategy can be an overkill for your website if you're getting impatient and “greedy” and rush things
     
  4. make changes at the content processes and the organization's level (for instance appointing a team to have a look at each piece of content before it goes live)
     

Note: producing intelligent content means so much more than just appropriately structuring it and making it “semantically aware”. It also means anticipating and understanding the final form it will take. Once you visualize this, you'll know which component parts to select and to mix and match assembling them in the desired final form (while using the same source content, of course).

The END! Your immersion into the future of content (soon to become “present”) ends here! What do you think: does intelligent content stand any chance to become the new standard for delivering content in a multi-channel, multi-device digital marketing landscape or not?

Nov 11 2017
Nov 11

Your current scenario, as we see it:

You're facing an app building type of situation! An app that should streamline workflow within your company or that would help your team deliver an unparalleled customer experience. Backlogs are out of the picture and dependency on “power builders” as well. Should you go for a low code development platform or for a no code one?
 

Decisions, decisions...

How do you pick when they seem so very much alike? They both spoil you with most tempting conveniences such as:
 

  • minimal coding effort
  • minimal (to none) technical expertise
  • app building efficiency (you get to assemble your app in no time and benefit from faster time-to-value)
  • out-of-the-box UI components for you, the app builder, to mix and match and put together into an app
  • automated horizontal scalability
     

Now let us come to your aid with a “list” of criteria to help you differentiate these two seemingly identical app development platforms. A more like a list of questions meant to help you:
 

  • “draw” your own profile as an app builder/app building company
  • better define your own needs and goals
  • draw an “identikit” of your future business app
     

… and, most importantly, (help you) decide whether a low code development platform or a no-code app building experience best suits your project's needs!
 

A Low Code Development Platform: What Is It & Why Go for It?

What sprang up as auto-code generation tools has gradually grown into enterprise-level platforms for building large-scale apps.

Low code development platforms made their entrance a while ago (dominating the web in 2016 ) and seem to be here to stay since more and more companies are jumping on the “quick and easy” app building bandwagon.

By providing you, the app builder, with multiple low-code stages, these modern platforms speed up your whole app development and app delivery cycle.

But let's point out precisely those key aspects of an app delivery cycle that this type of platforms impacts dramatically:
 

  • all services (SOAP, CRM, databases, security, REST APIs etc.) benefit from the visual development approach; they get incorporated via conveniently intuitive visual interfaces
     
  • the time-consuming coding “ordeal” is replaced with a visual app building approach: your development team can now create the whole user experience right from the start by simply mixing and matching the UI components that a low code development platform puts at their disposal
     
  • app deployment and continuous integration get streamlined via one-click deployments
     
  • human error, risking to impact the coding process, is taken out of the equation: standardized best practices ensure that all tasks related to front-end, back-end, executable, configuration etc. get “error-proofed”
     
  • the needs for future scalability (as well as for continous maintenance) are anticipated: low code apps are highly scalable due to their easy to use, lightweight containers that development teams just need to “fill in”
     

A No Code Development Platform: How Is It Different from a Low Code One?

No code app development platforms are nothing more than low code platforms adapted to specific app building scenarios. And, therefore, equipped so they can serve specific development needs.

And these “special” scenarios are all those requiring a higher level of customization. Let's say that you need to leverage your company/industry-specific template design for one of your app's pages, for instance. 

This is where no code platforms excel at! They “spoil” you with more templates and more pre-built industry-specific or company-standardized components, that you can just drag and drop and use for assembling your app.

But let's talk... examples! Here are 3 of the most common scenarios where a low code development platform delivers you a no coding experience:
 

  1. when it offers you, right out-of-the-box, industry-specific components to just assemble; then, your industry-specific app's building cycle calls for almost no coding at all
     
  2. when drag-and-drop UI components get built, “in-house”, by your own technical team, following your company's specific standards and then “passed on” to your business-pass team; for the latter it will certainly feel like they're putting together apps with zero coding: they'll just need to drag and drop the already built-in components
     
  3. when standardized styling is used (fonts, colors etc.) and “template UI design” gets incorporated into the platform; design templates meant to match those of the third party software used within your enterprise; with all these pre-created components at hand, low coding seamlessly turns into a no coding app building experience
     

What Is Your Skill Set as an App Builder?

For it makes a whole lot of difference whether you have back-end scripting skills (you “swim through” JavaScript, Node.js, Ruby or VBScript code like a fish in the sea) or you're a line-of-business professional with a great idea of an app and Microsoft Excel expertise (only).

Here's why:
 

  • no-code app building platforms empower business professional to step into the shoes of “business app builders”; to have their desired apps up and running in no time, with no dependency on a team of IT professionals
     
  • delivering drag and drop pre-built UI components and point and click tools no code platforms give the whole app development process a dramatic boost (so, no need for coding expertise for getting apps built at high speed)
     
  • low code app building platforms provide you with highly intuitive, visual modeling tools for trimming down code, even if it's an architecturally complex app that you want to build way faster than via a traditional app development approach 
     
  • and as a general rule of thumb a low code development platform addresses “power builders” with an advanced processing modeling, back-end scripting and business analytics skill set; such “audience” is able to fully leverage this modern platform's capabilities, those that set it apart from a standard app building process
     

An On-Premise or a Cloud-Based Hosting Solution?

Here's a key question to be asking yourself when you're still investigating each one of the 2 app development platforms' pros and cons: Where will it be hosted? And also: by whom?

You should know that:
 

  • low-code platforms are web-based and on-premises hosting solutions
  • no-code platforms are cloud-based
     

And the benefits that you'll reap from using a cloud-based web hosting solution are more than obvious:
 

  • you'll place the burden of monitoring the whole infrastructure's overall health and level of security onto your service provider's shoulders
  • starting small and integrating new features/functionalities later on gets so much more streamlined than with an on-premise platform
  • you save valuable time that you could then invest in... creating brand new challenges-solving and daily workflow-optimizing apps  
     

What Type of App Are You Building? Who'll Be Using It?

Sketching your business app's identikit is crucial before/in order to choose the right app development platform for your project.

So, what kind of app are you planning to build?

Is it an app integrating well-defined processes and running on a complex infrastructure? One aimed at keeping a close track of core business processes?

Or is it an app that could run either as a standalone one or as one incorporated into your business system? An app with a lifespan ranging from a few months to... several years?

But let's make your decision-making challenge easier to respond to! Let us list both the low code and the no code apps' specific “profiles”:
 

Typical Low Code Apps:
 

  • large scale apps, dependent on high stability
  • CORE transaction processing & business management apps
  • long-term apps (with a 5+ years lifecycle)
  • architecturally complex apps (dependent on frequent updating)
  • apps having well-defined processes
     

In short: low code apps make a crucial component of your whole core business system and they result from taking the conventional app building approach and... streamlining it.
 

Typical No Code Apps:
 

  • apps which may or may not be invested with a mission of critical importance for your core business process 
  • apps with a shorter estimated lifecycle
  • apps integrating innovative (or company/industry specific) business processes
  • apps that you build either to integrate into your business system or to run as standalone business apps
  • apps used for business process tracking, reporting, processing etc.
     

In other words: no code apps allow you to come up with quick-to-implement app solutions to specific business challenges and all this irrespective of your level of technical expertise
 

In Conclusion

If you want it built fast, a no code app development platform might suit your project best. 

If you want:
 

  • it to feature custom UI elements and styling aspects following your company's predefined standards
  • to “grow independent” of a team of “professional coders”
     

… go with a no code platform
 

But if you:
 

  • don't want to trade freedom of decision-making for more convenience, for more pre-built components to just drag and drop
  • want to be in charge (or to invest your development team with such power/responsibility) with your future app's deployment and integration processes
  • want to speed up the traditional app building process by using visual development tools and less coding
     

… then a low code development platform might suit you and your app project best.
 

So, which one will it be?

Oct 19 2017
Oct 19

Each one of the two popular databases “lures” you with its own set of tempting features that the other one lacks. Yet, you need to go beyond the old “relational vs NoSQL” debate to find the answer to your “Which database should I choose for my web app?” question.

Therefore, it's more than a generic MySQL vs MongoDB comparison that we'll attempt to make in this post. It's not a well-founded answer to a question like “Which is the best database to use for web applications?” that we'll try to give.

Instead, we'll try helping you discover which is THE one that best fits YOUR own web app's use case.
 

It All Comes Down to One Key Question: “What Type of Web App?”

And just like a snowball rolling down a slope, once you've asked yourself this crucial question, expect it to “unleash” other key ones, as well:

  • What type of data will you be storing in your database? Is it relational data (e.g. social network-specific data, where each user has lots of associated photos, comments, groups etc.) or is it documents or analytical information that your web app's database will be storing?
     
  • Would you “trade” data protection guarantee (let's say... losing some of the stored data every dozen thousand transactions?) for really high data insert rate?
     
  • Would you store it in a relational schema guaranteeing you clear relationships between entities or would you go for a more flexible data storage format instead? One enabling you to perfectly store dynamic, unique items?
     
  • Do you expect your web app to grow any bigger? How big? Are we talking about a “very large” data volume? And this is probably the second most important question to ask yourself after the “Which database should I use for my web app?”
     
  • How many queries do you expect it to perform (per minute, hour, day)?
     
  • And which is your skills level (or your development team's skills level) in using various databases?
     
  • Will your database need to be perfectly equipped to support further and further joins?
     
  • What coding language/front-end framework will you be developing your web app in?

And you must surely agree that this is a never-ending list. There are so many aspects relevant for your specific use case, for your specific web app that you should take the time to determine.

And to focus on those which weight heavily in your database selection process.
 

“Which Database Should I Choose for My Web App?” Go With MongoDB If...

… it's a web app carrying a heavy write load that you're planning to develop.

MongoDB database's biggest advantage over a MySQL one is its capability to accommodate really large data volumes. Take the comments section of high trafficked websites (The New York Times or Craigslist) for instance. Loads and loads of content is being “pumped in”, at high speed, and MongoDB's perfectly equipped to assimilate it all.

Note: it might excel in terms of performance, yet it trades transaction safety to achieve that kind of performance. So, make sure you go with MongoDB only if it's not sensitive data that your web app's database will be storing. MongoDB does require a high level of risk tolerance, you know.

And there are plenty of other reasons why MongoDB might be a suitable replacement for MySQL for storing data. You should back your web app with a MongoDB database if:

  1. ... it's a small, a start-up business that you own. On open source document-oriented database, which doesn't pigeonhole your data in a rigidly structured schema (it simply stores all the values that you're inserting as documents), which is flexible, easy to set up, to manage, to deploy and to scale, is perfect for your own specific web app's needs.
     
  2. . … you dream big. This NoSQL database is built to scale (horizontally), to auto-shard (and to replicate) your data as it gets heavier.
     
  3. . … your web app doesn't require a complex data model and you're good to go with a simpler one. One with no further joins requests and much easier to deploy.
     
  4. .... it's a prototyping scenario that you're planning to use it in.

And Now: When Not to Use MongoDB?

For if it's best-suited for certain scenarios involving backing web apps, it certainly is ill-suited for others.

Here are some of them:

  • if you're looking for an easy way to join tables to your database... MongoDB is not IT
     
  • if you're planning to use it as the primary database system for... 1k machines, let's assume. It's not that stable.
     
  • if it's security-critical information that you're planning to store in your web app's database (e.g. critical customer information). MongoDB doesn't guarantee you the same level of data protection as MySQL
     
  • if it's relational data that you'll be storing (so if there are clear relationships between your entities, e.g. users and reviews)
     
  • if you're counting on transaction support

A MySQL Database Might Better Suit Your Web App If...

… it's a commercial/end-user app that you're developing, which depends on a strict hierarchy of relationships between various entities.

In this case, you can't expect a MongoDB, piling up your data in collections of separate documents, to meet your needs. It's a relational database like MySQL, which stores your data in “conventional” tables, made of rows, that you should back your app with.

And if this doesn't really answer your “Which database should I choose for my web app?” question, here are a few other use cases that might get you thinking:

  • it's not just a traditional RDBMS (relational database management system) that would meet your data storage needs, but a full-featured one. Luckily, MySQL is that “full-feathered” relational database that you need. Over the years it's been upgraded with views, cursors, clustering, triggers, query stored procedures etc.
     
  • real-time analytics is crucial for you 
     
  • you're not willing to trade high data protection standards (let's assume, for instance, that it's a live auction app that you're developing, which will store and retrieve data of critical importance) for... high data insert rate
     
  • you need transaction support, security assurance for all the transactions carried out on your app 

Also, to give you one more helping hand with your decision-making process, here's a short list of web apps where a MySQL database would work best as a back-end:
 

  • e-auctions
  • automated online assistants
  • online retailers
  • e-commerce
  • real-time big data analytics
  • dynamic pricing
     

When Not to Use MySQL? Which Are Its Key Limitations?

It's precisely those scenarios where MongoDB “shines” that MySQL doesn't.

Therefore, here are some more clues to help you find the answer to your “Which database should I choose for my web app: MySQL or MongoDB?”:
 

  • scaling is definitely not it's trump card; it can't possibly rival a MongoDB database when it comes to horizontal scaling
  • it can't handle high transaction loads so well; from a performance point of view, MySQL isn't built to cope with really big data volumes 
  • although it's been upgraded with replication and clustering features, their implementation isn't precisely a... no brainer
     

So, which one's going to be? Will you use MongoDB as a backing storage for your web app or MySQL instead?

Oct 17 2017
Oct 17

Building better websites and apps has just got easier! And by “better” we do mean user-friendly (a feature encompassing all the other aspects: UX design, various functionalities, written content, graphic content etc.).

How so? Incoming Feedback by Hotjar makes it ideally easy and convenient for your users to give you specific feedback for your site/app (on its copy structure, on its design elements etc.)

And right there, on-site, on-page, at precisely THAT moment in their user journeys.

For your site visitors it's nothing but a two-clicks process (so much more at hand than answering questions in a poll) and for you, the site/app's owner it's:
 

And now, let us briefly point out to you:
 

  1. The context that “called for” such a tool (and what makes it more efficient than conventional polls)
  2. How it works precisely
  3. How you get to collect, monitor and use all that data to “fuel” your future design/copy/functionality improving strategies
     

“But Why Incoming Feedback by Hotjar? I May As Well Grab User Feedback via Polls.”

Let's play devil's advocate: 

Why bother using this tool when you could easily use polls for collecting all the specific feedback you need?

Your users would simply (and kindly) answer all the questions in your poll and... voila: a fresh new “crop” of user feedback for you to leverage!

But what if:
 

  1. you ask your questions long time after the user will have actually been on that specific page or has completed that specific action?
  2. you risk misinterpreting the collected answers, due to... LACK OF CONTEXT?
     

And this is precisely where we wanted to get! This new tool by Hotjar, added to their whole suite of all-in-one analytics & feedback tools, brings CONTEXT to the equation.

For it's right THEN, right at that specific moment in your user's journey on your website/your app that you get to... pop up your question! Not a few pages after. Not a few hours or days after.

The feedback that he/she gives you precisely then is, by far, the most relevant one! Relevant due to:
 

  1. the context of that specific visited page/visualized designed element/tested functionality/read piece of content
  2. the impression that he/she gets about your target site element that very instant!
     

And How Does This Tool Work Actually?

Incoming Feedback by Hotjar is as easy for you to set up and to customize as it is easy for your visitors to use it.

1. You get to configure your widget's color, its position, its flow and, finally, enter your message. It will simply sit at the edge of your screen, looking like a tab.

2. The instant your users will want to give their feedback on the element of your site/app that you point out to in your widget, they instantly get a pop-up up to:
 

  1. evaluate your site/app on a “Love to Hate” scale
  2. enter a quick comment if they feel like putting their feedback into words
  3. even use the area selection tool to highlight specific elements on your page (and this gold!)
  4. eventually enter their email addresses allowing you to follow up
     

And there's more:
 

  • you get to create as many incoming feedback widgets as you need (since more likely than not it's multiple pages on your website/app that you'll like to get user feedback for)
  • the Incoming Feedback by Hotjar works on all devices
     

How Do I Centralize The Answers? How Do I Monitor Performance Over Time?

“By making a great use of your Incoming Feedback dashboard.”

It's a two-in-one dashboard, actually, that you get to use for:
 

  1. deep analyzing and drilling down the user answers that you will have collected (using various filters)
  2. monitoring your newly implemented enhancements' rates of success
     

Here are the two separate dashboards:
 

1. The responses dashboard 

This is the repository of all the user feedback given for the suggested aspects of your site/app. Here's where you can filter them, by various criteria such as:
 

  • liked/disliked or the expressed feedback type
  • time when the feedback was given
  • page URL
     

… so you can turn them from “just” responses into valuable, actionable insights!
 

2. The results dashboard 

This is where you get:
 

  • the full picture of the overall score resulting from your visitors' feedback
  • a breakdown of their feedback over time
     

It's on this dashboard that you can measure the real impact that your bug fixes, your implemented upgrades and other various improvements to your site/app have on your users.
 

Bottom Line 

Building user-friendly websites & apps has, indeed, just got easier!

With a tool like Incoming Feedback by Hotjar you get to:
 

  • collect specific user feedback (you get to target particular aspects of your site/app)
  • … instant, contextual type of feedback
  • … and use it to take the needed action for improving the content (both graphic and written) that they dislike 
     

Have you tried it? 

Oct 11 2017
Oct 11

Or simply put: “What can Hadoop possibly do that my data warehouse can't already?”

A predictable and legitimate question following the “Why should my company use Hadoop after all?”.

Our today's post is not aimed at convincing you that you should, indeed, replace your current data warehousing solution and move your data over to a Hadoop platform. That would just point out the“why it's best to go with Hadoop”.

Instead, we're ready to answer your specific question: “Why should my company use Hadoop as a data storing and data processing solution?”

We'll be:
 

  1. presenting you with specific use cases when Hadoop is, indeed, the best option
  2. outlining key advantages of using Hadoop over the traditional data warehousing 
     

When Should You Consider Replacing Your Data Warehouse With Hadoop?

One of the most popular sayings here, at our Toronto web design company, is: “if it ain't broken why fix it?”.

Therefore, let us point out to you just 2 specific situations where you should consider a massive data migration to Hadoop as your best option:
 

  1. you're dealing with a huge amount of data 
  2. you need built-in capabilities for processing raw and semi-structured data... in a scalable way, of course
     

Does any of these contexts ring a bell to you? If so, you're better off with Hadoop.
 

"Why Should My Company Use Hadoop?" 7 Advantages Over Traditional Data Warehousing 

For it all comes down to the benefits that your company will gain from such a transition.

In this respect, we've put together a list of 7 key reasons why Hadoop is a great asset for your company.

Analyze them, weight them, compare them to the benefits that you're currently “reaping” from using your current enterprise solution and... do the math yourself:
 

1. It's Cost Effective: it's free actually

No, no, we're not trying to brush under the carpet costs such as:
 

  • staff training investments that you should consider 
  • commodity hardware costs to take into account for storing impossibly large sets of data 
     

And yet, they are insignificant compared to the costs that legacy commercial vendors products' come along with:
 

  • annual support offered by the data warehouse's vendor (compared to Hadoop's open source support)
  • perpetual licenses
  • significant costs that each scaling process would call for (no wonder that companies used to get rid of loads of raw data since scaling their data warehouses to accommodate it all was cost prohibitive)
     

2. It's (so much) Easier to Use: skip formatting and “exploit” your data from day one

Here's an answer, which makes a strong argument itself, to your “Why should my company use Hadoop over my current data storage solution?”

Its ease of use feature will come as a major surprise to you once you've gone through a:
 

  • changing formats
  • complex preprocessing
  • establishing data models
     

… type of experience with your current enterprise solution. An entire “ordeal” to go through just to be able to finally leverage your own data!

With Hadoop it's just a “feed the data” process! That's all! No preliminary steps to take.

And where do you add that you get to use all your familiar tools, languages and even to test the newest methods for getting the most value out of our data!
 

3. It's Flexible: it can capture data from a plethora of data sources

And this is gold when you have an entire ecosystem of data sources ready to deliver you data if you just have the right tool to... tap into!

Hadoop's perfectly suited for the job: it will access and extract data and provide you with valuable insights from sources ranging from:
 

  • social media
  • email conversations
     

… and lots of other “repositories” of both structured and unstructured data. It will go and get this heterogeneous load of data to you.

Data that will then fuel your marketing campaigns, your fraud detection initiatives, your log processing actions etc.

Do giants such Marks & Spencer and Yahoo and their own use cases of Hadoop make convincing enough answers to your “Why should my company use Hadoop?” question?

They're using Hadoop to:
 

  • play the “personalization” card right
  • put together cross-functional teams (IT, marketing, e-commerce, finance...) thanks to Hadoop's capability to seamlessly process all types of data
  • gain a better understanding of their customers (this is where Predictive analytics comes into play) 
     

And this is what extracting value from your own data, that's just sitting there, waiting to be leveraged, really means.
 

4. It's Open Source Technology: bugs and feature development handled by multiple companies

Just try to compare bug fixing and new features development being handled by a single company (your commercial license vendor) to the same processes being carried out by hundreds of companies!

In other words: when choosing Hadoop as your data storage platform there's an entire community of contributing companies offering you support and continuously improving the platform.
 

5. It's Built With High Scalability in Mind: keep on adding more and more data clusters

How easily (or “costly”) is it to scale your current data warehouse to accommodate your increasing amounts of data?

Hadoop scales... organically, using low-cost hardware as a unique resource!

Here's how it works: 
 

  1. as you add new and new heavy nodes (clustering thousands of terabytes of data)
  2. Hadoop manages to seamlessly accommodate it all 
  3. … and to distribute it across hundreds of inexpensive servers that run in parallel
     

Scalability is, undoubtedly, one of Hadoop's “five-star” features, the one that traditional relational database systems (RDBMS) can't possibly compete with! 
 

6. It's Fast: data processing at high speed

When you're questioning yourself “Why should my company use Hadoop instead of sticking to its current data warehousing solution?”, you might be thinking, in fact:

“How much faster than my current data warehouse can Hadoop process data?”

A lot faster!

And this is exclusively thanks to its unique data storage method: the data mapping & the data processing happen on the same server where data is stored.

This way mapping and processing massive volumes of unstructured data is no challenge for Hadoop at all: it will map it no matter where it might be located in a cluster.

And so processing it (we're talking about petabytes of data here) turns into a matter of hours!
 

7. It's Equipped to Handle Fails Remarkably: say Hello to automatic data replication!

You can run, but there's no way of hiding/completely avoiding cluster fails!

But luckily Hadoop provides you with a great “safety net” type of capability: it automatically replicates data for you, sending it to other nodes.

So, when faults happen (and they will), you can stay reassured: Hadoop will always have copies of your data ready to be passed on to other, non-compromised locations of your data infrastructure.
 

Final Thoughts

Or “recommendations” if you prefer:
 

  • if it's small data that your company's “piled up” so far, if there are small files that you need to store and leverage, don't go for Hadoop
  • if you don't really need to access and to process your unstructured or semi-structured data, there's no real need to use Hadoop
     

Now getting back to the initial question, “Why should my company use Hadoop over its current data warehouse?”, our answer is:

“Because Hadoop is built and being constantly enhanced with impossibly large amounts of data in mind!"

Oct 05 2017
Oct 05

Is your enterprise “ecosystem” of apps, systems, and IT components getting overwhelmingly complex? Is managing it and leveraging it getting increasingly challenging? Then it's a fact: you need to get them organized in a more effective infrastructure. One that should bridge them all together and enable a continuous flow of data across the whole structure. You need to move away from the traditional point-to-point integration system and go for an ESB instead. "But why Mule ESB?"

A more than valid question. Here are 5 top reasons why it stands out from all the other ESB products. Why you should consider using it as your future integration platform:
 

But First: What Is an ESB More Precisely?

Take it as a set of principles rather than as a software on its own. A set of “rules” for building out your bus-like infrastructure where your disparate systems:
 

  • get bridged together
  • exchange data via the communication bus that this ESB system provides; and it's a two-way communication process that takes place: the systems share data among them and they all communicate with the bus individually, as well
  • are independent of one another
     

And it's this very last feature that what makes the ESB architecture such a big “leap” ahead from the traditional point-to-point integration system.

But how does this type of bus-like infrastructure for organizing your apps and systems benefit you precisely:
 

  • it speeds up marketing your new initiatives
  • it enhances productivity, translated into more apps developed within your organization
  • it allows you to leverage your existing systems during app development thanks to all the pre-built communication and transformation capabilities
     

Why Move Away From a Traditional Point-to-Point Integration?

Because in a point-to-point integration system your apps are tightly dependent on one another. And this “dependency relation” does interfere with the very principle of organizational agility, doesn't it?
 

What Is Mule ESB? What Sets It Apart from Other ESB Products?

To answer your first question: Mule Soft is a lightweight, highly scalable Java-based service bus (or integration platform, if you prefer) which:
 

  • enables developers to connect a whole ecosystem of Saas, on-premises apps and disparate systems quick and easy
  • … and to enhance communication between them, a continuous data flow alongside the infrastructure
     

“And what makes Mule as an ESB stand out from the crowd of other ESB products?”
 

Let's point out those key features that set Mule ESB apart from the its “competitors:

  1. it's, in fact, a component part of a larger structure of API design management capabilities
  2. it comes with a pre-built library of templates
  3. … and with out-of-the-box connectors enhancing the reusability of components (and this is big) 
  4. it comes with built-in agile software development methods and multiple toolchains boosting your developers' productivity
     

Why Mule ESB? Top 5 Reasons to Consider Using It as Your App Integration Technology

1. It Scales Effectively, Both Up and Down 

And this key feature translates into unlimited freedom for your teams to bridge together as many apps and systems as needed. Mule ESB will scale to efficiently incorporate them all!

In addition to being effectively scalable, Mule ESB's ideally embeddable, as well:
 

  • you can embed it into a single app, directly
  • or you can plug it into your app server (JBoss, WAS, Tomcat) instead
  • and even into a JUnit test case (for yes, it does come with built-in JUnit support, as well)
     

2. It Perfectly Integrates All Components, Irrespective of the Technology Used

And this is a strong argument to consider when you're asking yourself: “Why Mule ESB over another ESB product?”

It's definitely not a restrictive or “picky” ESB: it will incorporate all the existing systems regardless of the technologies that they might be running on: Web Services, JMS, HTTP, JDBC, you name it. 

… from a “POJO” to a component coming from a different framework!

Moreover, not only that it integrates them all under its “umbrella”, but it enhances communication across this infrastructure of various apps and multiple systems. It allows data flows between the bridged apps within your organization and across the web.
 

3. It's Highly Accessible, Supporting a Wide Variety of Code Languages

And this is great news for your Java developers! 

Since it:
 

  • comes with a set of widely used tools (Maven, Eclipse, Spring, JUnit) that your team's already familiar with
  • uses an XML transformation language for presenting logic layers
  • supports multiple code languages: JavaScript, Ruby, Java, Python...
     

In short: your development team will face no problems writing custom code.
 

4. It  Enables You to Reuse Your Components

Here's another reason that makes a great answer, alone, to your “Why Mule ESB?” question! Unlike other integration platforms out there, this one enables reusability!

Your team's empowered to reuse your infrastructure's components. Therefore, it enables them to run the existing ones since it doesn't call for Mule-specific code.
 

5. It's Ideally Lightweight

Mule ESB does, indeed, stand out from a “weight” point of view. Moreover, thanks to its modular design you get to make it even lighter by removing all the modules that you won't use.

While thanks to its configuration model you get to easily add, re-order and upgrade functionality sparing the time you'd otherwise invest in implementing changes to your existing integrations instead.
 

And this is THE list! The one including 5 key reasons why Mule ESB could make a great choice when you consider using an integration platform within your company.

Are there any other ESB products competing with it for your appreciation? Are these 5 reasons not convincing enough or have you already identified possible drawbacks balancing them? Do share your thoughts!

Pages

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web