Oct 02 2019
Oct 02

DrupalCon Amsterdam 2019 is almost here and Amazee Labs has been busily preparing to share our most valuable practices at this year’s open source, community-driven event.

DrupalCon Amsterdam gathers more than 1,500 of the top digital minds that use Drupal for collaboration, knowledge sharing, friendship, and moving their projects forward. As proud sponsors, presenters, and attendees, we can’t wait to bask in so much shared expertise, to help create collaborative solutions, build more relationships, and shape the future of Drupal, open source and the world.

Check out the details on all our Amazee session and other must-see events:

Monday, 28 October

Felix Morgan will be presenting The Good, The Bad, and the Data: Marketing Strategies for Open Source Companies. She’ll discuss how marketing strategies that focus on leads are only addressing one aspect of successful positioning for companies promoting and using open source software. In this introductory session, Felix covers marketing best practices specifically for businesses that are creating, customizing, and contributing to open source software for their clients. Topics covered will include:

  • Personas and Stakeholders: beyond just the buyer.
  • Community and Narrative: the stories we tell are important.
  • Data: what to measure and when.

17:15-1800 in Room G102

Tuesday, 29 October

Jamie Hollern and Mattia Simonato will be presenting a session called Storybook and Drupal: Seamless frontend integration for decoupled sites. This session will explain how to use Twig with Storybook and Drupal to bring all the advantages of UI component libraries into a decoupled Drupal project, and how to build a component library for decoupled Drupal sites. 

16:40-17:00 Room G106

Social Events 

Make sure you join us for the official kickoff on Monday night! Located within the Exhibition Hall, the opening reception for DrupalCon promises to be a great time, followed by The International Splash Awards, celebrating the best Drupal projects in the world. 

On Wednesday, all women, trans* individuals, and those who identify outside of the gender binary are invited to Women in Drupal Luncheon to have lunch, mingle and meet Professor Sue Black and enjoy a small introduction before her Keynote speech: “If I can do it, so you can”.

Wednesday night, test out your Drupal knowledge! In the grand tradition of pub quizzes, capture the title of Drupal trivia champion and win small prizes to boot! You can even SUBMIT TRIVIA QUESTIONS here.

During the con, make sure you stop by Amazee Labs Lounge to kick back and charge up. We hope to see you in Amsterdam for all the passionate presentations and in-person, peer-to-peer discussions with Drupal Leaders.

Jul 29 2019
Jul 29

Decoupled Days is a conference for anyone who works with decoupled Drupal technology: developers, architects, executives, and even marketers like me. It’s been around since 2017 and focuses on sharing knowledge about back-end CMS development as a content service as well as front-end development for applications that consume that content.

Amazee Labs has specialized in innovative decoupled development for years, and we were excited to sponsor and speak at this annual event. Amazees travelled from all over the world to present, learn, share, and enjoy the chance to hang out face-to-face with coworkers we usually see only on computer screens. As a non-developer attendee, I was there to help man the booth, share what was happening on our blog and social media, and make sure our usually-distributed team got plenty of chances to enjoy the city and each other’s company. 

DD Team Working

After getting settled at our charming hotel in the middle of Manhattan, I met up with Amazees from all corners of the world for drinks at a rooftop bar with beautiful views of the city. I sat at a table with colleagues from Cape Town, Zürich, the UK, Taiwan, Spain, and even Upper Manhattan. We talked shop, of course, but also got to have some much needed social time. Amazee has such a rich distributed culture that I often forget I haven’t met certain team members in person until I’m surprised by how tall they are. On Zoom, I suppose, we’re all same height. 

DD Table

On the first day of the conference, we set up our table, featuring some cool swag including some custom headless horseman stickers we made specifically for the event. The Drupal community is unique in its tight-knit community and at every event, I’m struck by people’s passion and excitement to share their knowledge across companies and specialities. What a difference an open-source perspective makes. 

DD Jamie

DD Fran

DD Bryan

There were some great technical sessions over the course of the conference including Stew West’s Intro to GraphQL and Twig, Jamie Hollern’s presentation on Storybook and Drupal, Fran Garcia-Linares talking about GraphQL V4 and John Albin Wilkins presentation about Gatsby and GraphQL Schema Stitching.

From a business perspective, Pascal Kappeler and Stephanie Lüpold discussed an interesting case study and Bryan Greenburg talked about how to Decouple Your Team.

Michael Schmid shared two sessions from the amazee.io perspective, one was a look at best practices from over three years of building and hosting decoupled sites, and one about caching decoupled websites to improve speed.  

DD Amazee Ladies

It was a lot to cover in a couple of days, but everyone at the conference seemed energetic and excited to be there. On breaks, we got coffee and found cute lunch places to meet up with people we knew, or people we’d just met. For me, the highlight of the week was our team dinner, where we sat down as a group to eat, drink, and laugh together as an Amazee family. 

Jun 12 2019
Jun 12

Decoupled Days 2019 is almost here and Amazee Labs has been busy gathering the most valuable practices we’ve discovered since last year to share with the community.

Amazee Labs is proud to sponsor Decoupled Days, a conference for architects, developers, and business people involved in implementing decoupled CMS architectures. Since successfully debuting in 2017, its mission of sharing the experiences with both back-end CMS development as a content service and front-end development of non-CMS applications consuming CMS content (especially those in JavaScript) has been a success for everyone who’s chosen to be involved.

See what we’re sharing at this year’s conference:

Wednesday, 17 July

Jamie Hollern will be presenting a session called Storybook and Drupal: Seamless frontend integration for decoupled sites. This session will explain how to use Twig with Storybook and Drupal to bring all the advantages of UI component libraries into a decoupled Drupal project, and how to build a component library for decoupled Drupal sites. 

13:45 pm in Room 2 

Learn how to Decouple your teams using GraphQL with Bryan Gruneberg. In this lighting talk, he will present strategies to decouple your team by putting GraphQL at the centre.

16:30 pm in Room 3 

Pascal Kappeler and Stephanie Lüpold take on Shaping the future of decoupled Drupal: An unusual case study. This session they’ll show how an SME can drive technical innovation at scale, but that it is made possible with the help of a corporate partnership. If you are interested in getting a first-hand account of how two very different companies work together, in order to push technical boundaries, this is the right session for you.

15:45 pm in Room 2 

Join Fran Garcia-Linares who will delve into the question GraphQL V4: what's next? In this session, Fran will outline all the exciting new features that are (or will be) included in the 4th version of GraphQL module for Drupal and the new possibilities they open up for us/for those in the know -- like support for SDL based schemas!

16:00 pm in Room 2 

Thursday, 18 July

John Albin Wilkins will discuss Gatsby and GraphQL Schema Stitching with Drupal, the benefits of a universal GraphQL graph over traditional web services like REST and JSON:API, configuring Gatsby’s gatsby-source-graphql plugin and more. A demo website, including full Git repository, will be provided for attendees to try out.

11:15 am in Room 1 

Decoupled Drupal is the future, but learning an entirely new stack can be daunting. Stew West presents GraphQL and Twig, a beginner’s guide and demo on how to use GraphQL and demonstrate the advantages of changing the Drupal push model to a pull model by letting the template define its data requirements.  

16:15 pm in Room 1

You should also check out these sessions from amazee.io and Michael Schmid

In this session, Michael will demonstrate how Caching decoupled websites is hard, but freaking fast if done right and share his best practices around caching of decouple websites, things that work, things that didn't work and how we are running websites today.

18th Jul at 09:00 am in Room 1

Michael Schmid presents 3 Years Decoupled Website Building and Hosting - Our Learnings. In this session, he shares what we’ve learned as a business so far and what we envision for the future. Attendees will walk away with insights into how decoupled projects can affect everything from hiring and client relationships to profits, processes, maintenance and more. 

18 July at 11:15 am in Room 2

Catch up on a year’s worth of Amazee Labs’ best practices in just two days at Decoupled Days 2019.

Mar 27 2019
Mar 27

We’re excited to attend and present at DrupalCon Seattle this year. Here’s a breakdown of what we’re looking forward to day by day, and information about where you can see Amazee sessions throughout the week.

Monday, 8 April

Monday and Tuesday will be a time for summits, sprints, and BoFs. Be sure to check out Michael Schmid as part of the Performance and Scaling Summit. In the evening you can join the DrupalCon Monday Night Pub-Crawl for community and drinks.

Tuesday, 9 April

In addition to the many summits and sprints be sure to check out the First-time Attendee Networking Breakfast if you're new to DrupalCon. After hours you can join a group run or one of several parties.

Wednesday, 10 April

In the morning, don’t miss the annual DriesNote where you can hear about the current state of Drupal as well as what the future holds. In the evening, the prestigious Splash Awards will showcase the best of Drupal from 2018 in the inaugural global international edition of these awards.

Thursday, 11 April

Thursday will be a day full of Amazee sessions. First up, Maria Comas will host her session GraphQL 101: What, Why, How from 09:45 - 10:15 in Room: 606. Be sure to check it out to get a basic overview of GraphQL and how to get started using it.

Catch John Albin Wilkins and his session CSS-in-JS and Drupal sitting in a tree… from 10:45 - 11:15 in Room: 6B. John will discuss the learnings from Amazee Labs trying several different CSS-in-JS solutions and why we finally decided on using CSS Modules.

In the afternoon, Michael Schmid will present Best Practices: How We Run Decoupled Websites with 110 Million Hits per Month at 13:00 in Room: 6C.

Finally, you can finish out Thursday with the popular social event Trivia Night where you can test out your Drupal knowledge with a chance to win prizes or earn the title of Drupal trivia champions, and win small prizes to boot!

Friday, 12 April

On the final day of DrupalCon, the community comes together to make contributions before saying goodbye until next year. We can’t wait to see all of you at DrupalCon 2019!

Feb 12 2019
Feb 12

Amazee Labs is proud to sponsor Drupal Mountain Camp in Davos, Switzerland 7-10 March 2019.

Come by and see us in the exhibit area or at one of the social events, and be sure to check out these Amazee sessions: 

On Friday, from 14:40 till 15:00, join Maria Comas for GraphQL 101: What, Why, How. This session is aimed at anyone that might have heard or read about “GraphQL” and is curious to know more about it. The session will give a basic overview and try to answer questions like:

  • What is GraphQL?

  • Is GraphQL only for decoupled projects?

  • Advantages to using GraphQL with Drupal

  • Getting started with GraphQL

Follow this up on Friday from 15:00 till 16:00, with Daniel Lemon who will present Mob Programming: An interactive session. The basic concept of mob programming is simple: the entire team works as a team together on one task at the time. That is one team – one (active) keyboard – one screen (projector of course). It’s just like doing full-team pair programming. In this session you’ll learn:

  • What are the benefits to a team?

  • How could this be potentially integrated into your current workflow

  • The disadvantages to Mob Programming and why it might not work for certain types of companies (such as a web agency).

Additionally, don’t forget to check out this talk from Michael Schmid of amazee.io Best Practices: How We Run Decoupled Websites with 110 Million Hits per Month. This session will lift the curtain on the biggest Decoupled Websites run by amazee.io and will cover:

  • How the project is set up in terms of Infrastructure, Code, Platform and People

  • How it is hosted on AWS with Kubernetes, and what we specifically learned from hosting Decoupled within Docker & Kubernetes

  • Other things we learned running such a big website

Hope to see you in Davos soon! 

May 24 2018
May 24

Drupal is all about security  

The Drupal community is unique in many ways, and the Drupal Security Team is an example of this. They provide documentation about writing secure code and keeping your site secure. They work with the drupal.org infrastructure team and the maintainers of contributed modules, to look into and resolve security issues that have been reported.

When a security issue is reported, the Drupal Security Team mobilizes to investigate, understand, and resolve it as soon as possible. They use a Coordinated Disclosure policy, which means that all issues are kept private until a patch can be created and released. Public announcements are only made when the issue has a solution and a secure version is available to everyone. This communication is sent out through all of the channels possible so that everyone is made aware of what they need to do to keep their sites safe and secure.

This means that everyone finds out about the patches, and therefore the vulnerabilities, at the same time. This includes people who want to keep their sites secure, as well as those who want to exploit vulnerabilities. Security updates become a matter of speed, and the development teams at Amazee Labs, along with our hosting partner amazee.io, are always ready to make sure patches are implemented as quickly as possible.

Recent Drupal Security Releases

On March 28th 2018, the Drupal Security Team released SA-CORE-2018-002. This patch was a critical security vulnerability that needed to be implemented on every Drupal site in the world as quickly as possible. At the time of the patch release there were no publically known exploits or attacks using the vulnerability, which was present on Drupal versions 6.x, 7.x & 8.x and was caused by inadequate input sanitization on Form API (FAPI) AJAX requests.

On April 25th, 2018 SA-CORE-2018-004 was released as a follow up patch. This release fixed a remote code execution (RCE) bug that would affect any site with Drupal versions 7.x or 8.x. The vulnerability was critical, and both issues resulted from problems with how Drupal handles a “#” character in URLs.

What are the dangers?

There are a number of different kinds of attacks that could take advantage of vulnerabilities fixed in the recent security updates. One kind of attack that is becoming more common is the installation of cryptocurrency mining software. These attacks are both subtle and resilient and use the CPU of the site server to generate cryptocurrency for the attacker.

Amazee Labs is keeping your sites safe

The Amazee Labs team takes these security releases seriously and works quickly to prepare for these updates. We inform our clients as soon as possible about the upcoming release and organize the maintenance and development teams to be ready to run the updates at the time of the release. During these “patch parties” our global teams work together to solve problems and secure all sites by leveraging everyone’s expertise all at once.

Implementing these measures takes development time not alloted in our usual maintenance budgets. We will always let you know when additional work is needed, and keep the communication channels open to address any concerns.

An additional layer of security is provided to our clients who host with our partner amazee.io. As soon as the security patch is released, the amazee.io team work to put an infrastructure level mitigation in place. This means that all Drupal sites that they host are immediately secured against initial attacks. You can read a detailed breakdown of how they accomplished this here.

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web