Oct 08 2019
Oct 08

Identifying “Top Tasks”

The biggest negative factor of the previous ETF site’s user experience was its confusing menus. The site presented too many options and pathways for people to find information such as which health insurance plan they belong to or how to apply for retirement benefits, and the pathways often led to different pages about the same topic. Frequently, people would give up or call customer support, which is only open during typical business hours.

Palantir knew the redesign would have the most impact if the site was restructured to fit the needs of ETF’s customers. In order to guarantee we were addressing customers’ most important needs, we used the Top Task Identification methodology developed by customer experience researcher and advocate Gerry McGovern.

Through the use of this method, we organized ETF’s content by the tasks site users deemed most important, with multiple paths to get to content through their homepage, site and organic search, and related content.

Oct 08 2019
Oct 08

Open source looks very different now compared to 20 years ago, and with such a vast community of developers, it is difficult to define the exact role of a “good” open source citizen.

Palantir is thrilled to be participating in Keeping Open Source Open -- a panel including CEO, Tiffany Farriss for a spirited discussion on open source strategy and the future of open source.

Other panelists include Zaheda Bhorat (Amazon Web Services) and Matt Asay (Adobe). The panel will air some of the strongest opinions on Twitter.

  • Time: 1:30 PM - 2:20 PM
  • Location: F150/151
Oct 08 2019
Oct 08

Our team is so enthusiastic to participate in the third iteration of Decoupled Days. Palantir is excited to sponsor this year’s event and continue to share our insights into Content Management Systems.

Join Senior Engineer and Technical Architect Dan Montgomery for a session on content modeling. He’ll break down:

  • How a master content model can enable scalable growth
  • How to create a standardized structure for content
  • How Drupal can function as a content repository that serves other products

You’ll walk away with an understanding of how to develop architecture and structures that are scalable for future, unknown endpoints.

  • Date: Thursday, July 18
  • Time: 9:00am
  • Location: Room 
Oct 08 2019
Oct 08

Design System artifacts go by many names - Living Style Guides, Pattern Libraries, UI Libraries, and just plain Design Systems. The core idea is to give digital teams greater flexibility and control over their website. Instead of having to decide exactly what all pages should look like in one big redesign and then sticking with those templates until the next redesign, a design system gives you a “lego box” of components the team can use to create consistent, beautiful interfaces. Component-based design is how you SCALE.

At Palantir we build content management systems, so we’ve named our design system artifact a “style guide” in a nod to the editorial space.

Our style guides are organized into three sections:

  1. 'Design Elements' which are the very basic building blocks for the website.
  2. 'Components' which combine design elements into working pieces of code that serve a defined purpose.
  3. 'Page Templates' which combine the elements and components into page templates that are used to display the content at destination URLs.

But how do we help our clients determine what the list of elements, components and page templates should be?

How to Identify Elements for Your Design System

In this post I’ll walk through how we worked with the University of Miami Health System to create a style guide that enabled the marketing team to build a consistent, branded experience for a system with 1,200 doctors and scientists, three primary locations, and multiple local clinics.

1. Start by generating a list of your most important types of content.

Why are people coming to your site? What content helps them complete the task they are there to do? This content list is ground zero for component ideation: how can design support and elevate the information your site delivers?

Table of content types

The list of content serving user needs is your starting point for components. In addition, we can use this list to identify a few page templates right off the bat:

  • Home page
  • Treatment landing page
  • Search page
  • Listing page: Search results, news, classes
  • Clinical trials landing page
  • Clinical trial detail page
  • Location landing page
  • Appointment landing page
  • Appointment detail page
  • Basic page (About us, contact us, general information)

This is just the start of the UHealth style guide; we ultimately created about 80 components and 17 page templates. But it gives you a sense of how we tackled the challenge!

2. Sort your list of important types of content into groups by similarities.

Visitors should be able to scan your website for the information they need, and distinctive component designs help them differentiate content without having to read every word. In addition, being rigorous about consistently using components for specific kinds of information creates predictable interfaces, and predictable interfaces are easy for your visitors to use.

In this step, you should audit the design and photo assets you have available now, and assess your capacity to create them going forward. If, for example, you have a limited photo library and no graphic artist on staff, you’ll want to choose a set of components that don’t heavily rely on photos and graphics.

Component example for UHealth site

In this example, we have three component types: News, Events/Classes, and a Simple Success story.

  1. News Component: This component has no images. This is largely about content management; UHealth publishes a lot of news, and they didn’t want to create a bottleneck in their publishing schedule by requiring each story to have a digital-ready photo.
  2. Events/Classes Component: This component has an option for images or a pattern. Because UHealth wants visitors to take action on this content by signing up, we wanted these to have an eye-catching image. Requiring a photo introduces a potential bottleneck in publishing, so we also gave them the option to make the image a pattern or graphic.
  3. Simple success story: This is the most visually complex component because successful health narratives are an important element of UHealth’s content strategy. We were able to create a complex component here because there’s a smaller number of success stories compared to news stories or classes and events. That means the marketing team can dedicate significant time and resources to making the content for this component as effective as possible.

3. Now that you’ve sorted your list by content, do a cross-check for functionality.

Unlike paper publications, websites are built to enable actions like searching, subscribing, and making appointments. Your component set should include interfaces for your functionality.

Some simple and common functions for the UHealth site included searching for a treatment by letter, map blocks, and step forms.

In a more complex example, the Sylvester Cancer Center included a dynamic “Find a lab” functionality that was powered by a database. We designed the template around the limitations of the data set powering the feature, rather than ideating the ideal interface. Search is another feature that benefits from planning during the design phase.

For example, these components for a side bar location search and a full screen location search require carefully structured databases to support them. The design and technical teams must be in alignment on the capacity and limits of the functionality underlying the interface.

4. Differentiate components by brand.

UHealth is an enormous health care system, and there are several centers of excellence within the system that have their own logos and distinct content strategies. As a result, we created several components that were differentiated by brand.

UHealth navigation bars

In this example, you see navigation interfaces that are different by brand and language. Incorporating the differentiated logos for the core UHealth system and the Centers of Excellence is fairly straightforward. But as you can see the Sylvester Center also has three additional top nav options: Cancer treatments, Research, and For Healthcare Professionals.

That content change necessitated a different nav bar - you can see that it’s longer. We also created a component for the nav in Spanish, because sometimes in other languages you find that the menu labels are different lengths and need to be adjusted for. In this case, they didn’t, but we kept it as a reference for the site builders.

5. Review the list: can you combine any components?

Your overall goal should be creating the smallest possible set of components. Depending on the complexity and variety of your content and functionality, this might be a set of 100 components or it might be just 20. The UHealth Design System has about 80 components, and another 17 page templates.

The key is that each of the components does a specific job and is visually differentiated from components that do different jobs. You want clear visual differences that signal clear content differences to your audience, and you don’t want your web team spending time trying to parse minor differences - that’s not how you scale!

In my experience, the biggest stumbling block to creating a streamlined list of components is stakeholders asking for maximum flexibility and control. I’ve found the best way to manage this challenge is to provide stakeholders with the option to differentiate their fiefdoms through content rather than components.

UHealth component examples

In this example, we have the exact same component featuring different images, which allows for two widely different experiences. You can also enable minor differentiation within a component: maybe you can leave off a sub-head, or allow for two buttons instead of one.

6. Start building your design system and stay flexible.

The list you generated here will get you 80% of the way there, but as you proceed with designing and building your design system, you will almost certainly uncover new component needs. When you do, first double check that you can’t use an existing component. This can be a little tricky, because of course content can essentially be displayed any way you want.

At Palantir, we solve for this challenge by building our Style Guide components with real content. This approach solves for a few key challenges with building a design system:

  1. Showing the “why” of a component. Each component is designed for a specific type of content - news, classes, header, testimonial, directory, etc. This consistency is critical for scaling design: the goal is to create consistent interfaces to create ease of use for your visitors. By building our Style Guides with real content, we document the thought process behind creating a specific component.
  2. Consistency. Digital teams change and grow. We use content in our Style Guide to show your digital team how each component should be used, even if they weren’t a part of the original design process.
  3. Capturing User Testing. Some of our components, like menus, are heavily user-tested to ensure that we’re creating intuitive interfaces. By building the components with the tested content in place, we’re capturing that research and ensuring it goes forward in the design.
  4. Identifying gaps. If you’ve got a piece of content or functionality that you think needs a new component, you can check your assumptions against the Style Guide. Does the content you’re working with actually fit within an existing pattern, or is it really new? If it is, add it to the project backlog!


The most important takeaway here is that design systems let your web team scale. Through the use of design systems, your digital team can generate gorgeous, consistent and branded pages as new needs arise.

But don’t take our word for it! Tauffyt Aguilar, the Executive Director of Digital Solutions for Miller School of Medicine and UHealth, describes the impact of their new design system:

“One of the major improvements is Marketing’s ability to maintain and grow their site moving forward. Previously each page was designed and developed individually. The ability to create or edit pages using various elements and components of the Design System is a significant improvement in the turnaround time and efficiency for the Marketing department.”

My favorite example of a new page constructed with the UHealth design system is this gorgeous interface for the Sports Medicine Institute.

Sports Medicine homepage

The Sports Medicine audience has unique needs and interests: they are professional and amateur athletes who need to get back in the game. The UHealth team used basic components plus an attention-grabbing image to create this interface for finding experts by issue.

And ultimately, that’s Palantir’s goal: your digital team should have the tools to create gorgeous, effective websites.

Oct 08 2019
Oct 08

Palantir recently partnered with a patient engagement solutions company that specializes in delivering patient and physician education to deliver improved health outcomes and an enhanced patient experience. They have an extensive library of patient education content that they use to build education playlists which are delivered to more than 51,000 physician offices, 1,000 hospitals, and 140,000 healthcare providers - and they are still growing.

The company is in the process of completely overhauling their technical stack so that they can rapidly scale up the number of products they use to deliver their patient education library. Currently, every piece of content needs to be entered separately for each product it can be delivered on, which forces the content teams to work in silos. In addition, because they use a dozen different taxonomies and doing so correctly requires a high level of context and nuance, any tagging of content can only be done at the manager level or above. The company partnered with Palantir.net to remove these bottlenecks and plan for future scalability.

Oct 08 2019
Oct 08

Facilitating design workshops with key stakeholders allows them to have insight into the process of "how the sausage is made" and provides the product team buy-in from the get-go.

Join Palantir's Director of UX Operations, Lesley Guthrie, for a session on design workshops. She'll go over:

  • How to choose the right exercises 
  • How to play to the team skill sets
  • Ways to adjust the workshop to fit the needs of the project 

You'll learn how to sell it the idea of the design workshop to stakeholders and collaborate with them on a solution that can be tested and validated with real users.

Oct 07 2019
Oct 07
Screenshot of LSS Home Page

Becoming Their Go-To Drupal Experts

Lutheran Social Service of Minnesota (LSS) is one of the state’s largest private nonprofit social service organizations, providing a vast array of services in all 87 Minnesota counties for children and families, older adults and people with disabilities.

Our Assignment: Audit LSS Sites and Take Them On as a TEN7Care Support Client

LSS hired us to support and maintain their flagship website (lssmn.org) and seven smaller websites. Minnesotans find and interact with LSS services through their websites (over 1,200 pages), including performing time-sensitive tasks like submitting timesheets and payments, so it’s crucial the websites perform optimally with very little downtime. The sites were already well-organized, designed and written to meet the organization’s needs—a testament to hard work done previously. LSS just needed help maintaining the technology and continuing to enhance the site.

TEN7Audit & TEN7Improve

Before TEN7 takes on any support client, we take them through our comprehensive onboarding process to get an overall lay of the land and identify any lurking security or performance issues. As a result of the TEN7Audit, we implemented best practices to update the LSS sites and keep them backed up and as secure as we could possibly make them:

  • Updates: Updated Drupal core, Drupal modules and PHP to current official versions (including disabling non-essential and performance-intensive Drupal modules).
  • Security: Ensured there were no security vulnerabilities.
  • Site backups: We recommend (and LSS wanted) offsite backups, something their current host didn’t provide. We set up redundant offsite backups using Tractorbeam at Amazon’s AWS and in Google Cloud. 
  • Update Code: Replaced custom code with Drupal core functionality or Drupal modules.
  • Caching: Implemented HTTP caching, database query caching, and Drupal caching to provide a faster site experience for site visitors.


In the TEN7Care phase, we focus on adding new features and optimizing the site and the processes that surround it.

  • Issue backlog: In the support and maintenance phase, new clients usually bring us a small task backlog. But the super-prepared client of the year award goes to Tom Lany, Online Marketing Manager at LSS, who started the TEN7Care process with a list of 60 backlogged tasks compiled from stakeholder feedback, prioritized and categorized in a spreadsheet we could feed directly into our issue tracking program. Thanks to Tom’s great organization, we assigned and blew through many of those tasks in short order!
  • Deployment process: We discovered the website deployment process was a pain point. Various features (like menus) would frequently break during deploys. We fixed the root cause of the menu issue and implemented some of our software development best practices around deploys: greater reliance on issue tracking and version control, and a deploy schedule that mirrored the sprint schedule. At end-of-sprint meetings, we review candidates for release, and then do a release after that meeting. LSS now has confidence in and connection to a predictable and testable deployment process.

We’re Now Caring for Lutheran Social Service’s Sites

Lutheran Social Service of Minnesota is now an official TEN7Care support client. We’ll continue to update, optimize, and secure their sites, and add new features as needed. We look forward to a long and fruitful relationship.

“TEN7 helps us solve technical challenges that we can’t solve ourselves within Drupal, and they keep our systems updated and secure. TEN7’s extensive expertise with Drupal means we get answers quickly, and that we don’t have to worry about missing security and stability updates, because their team carefully tracks all of this.“ —Tom Lany, Online Marketing Manager, Lutheran Social Service of Minnesota

Oct 07 2019
Oct 07

Recently, I nudged governments to get more involved in fixing accessibility issues in Open Source projects. Getting governments to do anything can feel like a monumental challenge. Maybe we need to build better alliances and then collectively lobby the governments to change how they approach Open Source.

Dries Buytaert, the founder of Drupal, recently published a blog post titled, "Balancing Makers and Takers to sustain and scale Open Source," and while reading it I wondered, “Are we approaching the problem of sustainability too much as developers? Should we step back and look at the challenge of sustainability from a business and political perspective?”

Is changing an Open Source project's license going to change how other organizations contribute to Open Source? Changing the licensing is a different approach. The recent "Open-source licensing war" felt like a few individual companies are trying to make a significant shift in Open Source, however lacking a unified front. If Open Source companies are going to take on Amazon, they are going to have to do it together by building alliances.

The definition of alliance sounds very much like what happens in Open Source communities.

An alliance is a relationship among people, groups, or states that have joined together for mutual benefit or to achieve some common purpose, whether or not explicit agreement has been worked out among them.

-- https://en.wikipedia.org/wiki/Alliance

Political alliances (a.k.a. parties) are what powers most governments. The scale of some open source projects has required better governance. In Dries' blog post, he spends time exploring how organizations use Open Source (a.k.a. Takers) without helping to build the software or community (a.k.a. Makers). His post ends with three valuable suggestions that are focused on appealing to organizations and rethinking how the Open Source software is shared. Maybe we need to rethink how Open Source communities and organizations work together.

"Working better together" is a mantra in Open Source. In the Drupal community, we work together to build the 'software' and the Drupal Association is supporting the infrastructure.

Are there other opportunities to work together?

Deciding and maintaining a local development environment is a challenge for every developer. In the Drupal community, each hosting company is developing its own Docker-based local develop environment. Wouldn't everyone benefit from one collaborative Drupal-specific local develop environment? Competitors can work together for the common good, primarily when everyone benefits from the collaboration.

The Drupal community does work well together - we know this. A few years ago, Drupal got off its island and started leveraging other Open Source projects including Symfony. There is even an implementation for WordPress' Gutenberg page builder available for Drupal.

Besides sharing code across Open Source communities, we need to start collaborating to improve sustainability.


Open Source is about collaboration. The problem of Open Source sustainability is going to be best solved by improving and rethinking how we collaborate.

We need to collaborate to get the organizations that rely on Open Source to contribute more.

Onboarding new contributors to Open Source is a critical process of building sustainable Open Source communities. Aside from emphasizing the importance of onboarding individual contributors, we need to also look at how we onboard new organizations and encourage their collective effort to help sustain the software they need.

Drupal's Getting Involved Guide targets individual contributors. For example, nowhere on the Events page does it say, "Organizations can get involved by sponsoring an event." If the Drupal community wants bigger contributions and a more sustainable ecosystem, we need to target organizations. If one fortune 500 company decides that content moderation and workflows are essential for the future of their organization's business and contributes this code back to the Drupal community; this makes a huge difference.

For the past twenty years, Open Source advocates had to be evangelists preaching the value of Open Source. Open Source is here to stay, and most evangelists are now preaching to the choir. Even this type of blog post is preaching to the choir of people who care about Open Source and sustainability. I am not ready to state that Open Source needs to go on a crusade to solve the challenge of sustainability. Dries' blog post explores how Open Source has become a public and common good with different types of governance for Open Source. Maybe we need to embrace the inevitability that governments gradually have to get involved in some aspects of Open Source.

The scale at which Open Source software is impacting our society leads to governments needing to get more involved in coordinating and supporting. As I stated in my blog post governments should take responsibility for the accessibility for the Open Source projects that their constituents rely on. Similarly, the usage and success of self-driving automobiles is not going to take-off until a centralized shared open network of information and software is created to coordinate millions of self-driving cars, trucks, boats, and planes. The misconception in my blog post's statement that "governments should do this or that" misses the reality that governments need to be pushed and lobbied to take action and make changes.

Lobbying is not a word commonly found in Open Source. 

Lobbying, persuasion, or interest representation is the act of attempting to influence the actions, policies, or decisions of officials, most often legislators or members of regulatory agencies

-- https://en.wikipedia.org/wiki/Lobbying

Lobbying is not an entirely new concept for Open Source. Julia Reda and the Free and Open Source Software Audit (FOSSA) project successfully persuaded the EU to offer bug bounties. These bug bounties helped address security issues in many Open Source projects, including Drupal.

Security and accessibility in Open Source are two big digital concerns for governments that they should help support and address. Governments want to build secure and accessible digital experiences; they need guidance on how to properly do it. For example, the U.S. government's Healthcare.gov website faced numerous issues during its launch and it needed a lot of help getting it right. The same administration also passed a policy demanding 20 percent of federal code be open source. Maybe the next administration should pass a policy or create a department to address accessibility and security in Open Source software. Most governments understand the value of Open Source, and they need help becoming better members of the Open Communities.

Who should persuade and help the government to contribute more to Open Source?


I chose not to title this post, "Drupal, WordPress, and GitHub should lobby the government" because it’s not realistic to expect an Open Source community to lobby governments. Open Source communities are still working through the challenges of self-governess. I chose to call-out three companies, Acquia, Automattic, and Microsoft, because they are all major contributors and drivers to Open Source projects in different ways. Acquia supports Drupal, a Content Management System (CMS) used to build enterprise digital experiences. Automattic supports Wordpress; the most popular CMS and blogging platform used by 33.5% of all the websites. Finally, Microsoft is the largest contributor to GitHub and now they own GitHub. It is also important to note that Microsoft knows how to lobby the government. Microsoft could pave the way in convincing the government of the importance of contribution.

All three companies are paying teams of developers to help contribute, build, and maintain Open Source projects. I see in the Drupal community an assumption that Acquia is or should be doing most of the heavy work within the Drupal community. An Open Source project is not going to be sustainable, assuming one company can keep hiring full-time developers. At the same time, of course, these companies need to continue to invest in their respective Open Source software and community.

As I have written about Open Source sustainability, I keep returning to the proverb.

"Give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime."

Companies like Acquia, Automattic, and Microsoft, which are valuing and contributing to Open Source should step-back and teach (or nudge) other organizations to start contributing to or to contribute more back to Open Source. Secondarily, businesses and Open Source leaders need to collaborate to make all off Open Source more sustainable.

Open Source began with evangelists converting developers building proprietary software to share and collaborate their ideas and passion.

Open Source evangelists may need to become lobbyist who persuades the 'Takers' of Open Source to contribute something back help sustainable Open source software.


Generally, I don't directly want to ask someone to take action in the Open Source community. However, I am invested in its continued growth and I know from experience we have amazing resources within our existing (and growing) community. Frankly, everyone in Open Source, including the leadership, has contributed more than their fair share. I am nudging the leaders of Open Source projects to look at the challenges they are facing in their community, to approach the problem differently, and take a different action. Maybe working together to lobby governments to fix accessibility issues in Open Source would be an excellent place to start to improve Open Source sustainability.

When I watch the below video, it is clear that the project leads for Drupal and WordPress are passionate and committed to Open Source. They share a common ground and would be able to work together - I am confident of this.

Microsoft may seem like the odd-man out. Years ago, Microsoft even lobbied against Open Source. Microsoft decided to change their approach and invest in Open Source. Now, Open Source communities and their leaders need to change their approach and collaborate to make Open Source sustainable.

Everyone understands why organizations should contribute to Open Source. The question is how can we persuade (a.k.a. lobby) organizations to contribute. Together, I know we’ll find the answers.

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!


Oct 07 2019
Oct 07

Missed some of our blog posts last month? Don’t worry - here’s a recap of all our posts from September. Check it out and make sure you’re all caught up!

Interview with Suzanne Dergacheva of Evolving Web: The sky's the limit with Drupal

Our first post from last month is another one of our Drupal Community interviews. In it, Suzanne Dergacheva, co-founder of Evolving Web and member of the Drupal Association Board of Directors, talks about how she first discovered and started using Drupal, her most memorable Drupal moments, the projects and initiatives that she finds the most exciting, and her brand new hobby. 

One of Suzanne’s favorite things about Drupal is helping others to get over its steep learning curve and empowering them to benefit from all of its powerful features. She has conducted several studies on Drupal’s content editing user experience and is one of the initiative leads of Promote Drupal

She believes Drupal will continue evolving and finding new use cases. The main drives for this will be the evolution and standardization of “decoupled” Drupal, and the progress of the community and its events towards more and more diverse and inclusive. 

Read more

Let's talk about localization

It is kind of a general misconception that translating your site’s content is all that’s needed to launch the platform in another language and/or market. This next post, written by our developer Jernej, shows that there’s more to the story by explaining localization, how it differs from translation, and showing some best practices for localization. 

In order to successfully implement localization, you need to be mindful of the target audience’s culture - specifically, their habits when browsing the web, but also more general things such as the meanings of specific colors etc. This may require you to significantly change both the layout and content of your localized site.

Thankfully, there is one website aspect that needs no localizing. Good website performance is something that’s desired across all cultures, so, you need to make sure your website loads fast and doesn’t frustrate the user. One of the smoothest ways to speed up your loading times is image optimization. 

Read more

Must-see Business, Marketing & Industry sessions at DrupalCon Amsterdam 2019

The European edition of the biggest annual Drupal event is just around the corner and, with the diverse selection of tracks featuring an abundance of available sessions, it makes sense to do some planning prior to the event and reserve the time slots for your must-see ones.

We wanted to make these decisions at least a little bit easier and to this end made a list of our favorite sessions to attend from the Business + Marketing and the Industry tracks. We tried to cover as many different aspects as possible: mentoring, accessibility, ecommerce, contribution to open source, etc.

There were too many intriguing sessions from other tracks to cover all of these, and this is why we decided to focus exclusively on these two tracks. Hopefully, this blog post will arm you with the right information to get the most out of your time in Amsterdam. 

Read more

Interview with Lullabot’s Cristina Chumillas, co-organizer of the Drupal Admin UI and JavaScript Modernization initiative

We finish September’s list with another interview - this one with Cristina Chumillas, designer and front-end developer, and co-organizer of the Admin UI and JavaScript Modernization initiative in Drupal. 

In our interview, Cristina recalls how she started getting actively involved in the community and highlights the people who helped her along this journey. She points out that this early contact with community members helped her significantly in her professional career. She has just started her new job at Lullabot and loves the super welcoming attitude of her new colleagues. 

She enjoys enabling people to get involved in the Admin UI initiative. She is especially pleased with seeing so many non-developers help out - content creators, for example - and points out that the initiative needs any help they can get from diverse perspectives. She invites everyone who wants to help out to join the #admin-ui Slack channel and get involved.

Read more

This was it for our overview of the posts we wrote last month. We hope you enjoyed the read, and we wish everyone a smooth transition into the colder half of the year!

Oct 07 2019
Oct 07

Mark your calendars: The deadline for Proposals and applying for Grants & Scholarships is now Wednesday, December 4.

Oct 04 2019
Oct 04

The Drupal community is one of the largest open source communities in the world. Each year, we meet at Drupal Camps, meet-ups, and other events organized around the world. 

But the biggest event, DrupalCon, happens twice every year. It is a platform where developers, designers, and marketers come together to explore the most ambitious and cutting edge case studies. It offers prospective users, a glimpse into “the art of the possible” when you choose Drupal. It is a collaborative event where anyone can learn to use Drupal to make the Internet a better place. 

This year, OpenSense Labs is a silver sponsor of DrupalCon Europe 2019 to be held in Amsterdam, Netherlands.

Join us for the Sessions
Session 1 details on content marketing

What you will learn?

  • How to divide the right content strategy for your agency 
  • Which form of content works best?
  • How do you measure the success of your content strategy
  • Creating the right lean team for helping you achieve the content goals?
  • Which channel should you use, to market your content?

Session 2 on Drupal 8 theming

Theming Drupal 8 is a challenging job and not many are aware of how to smartly theme the e-commerce sites. Here are some major components which we will focus on in this session:

  • Product pages
  • Product-level field variables 
  • product variation level variables 
  • Checkout flows 
  • Creating flow as per requirement 
  • Customizing checkout progress 

Be in touch!

We can’t wait to talk to you about the amazing offers our team has for you. Ask us about our Agency++ programs to scale higher and discover more about higher-ed and e-learning systems. We have loads to unveil at DrupalCon Amsterdam!
So, swing by our booth and our team would love to meet and connect with you.

You can register now to be a part of the event.

Oct 04 2019
Oct 04

For DrupalCon Amsterdam, we’ve curated keynote speakers who are engaging presenters — and add value to the gathering as a whole. Enhance your professional life by hearing more about differing experiences in tech and open source. These keynotes are only for conference attendees, so we invite you to join us by registering.  

Oct 04 2019
Oct 04

Content authors and content editors always look out for a seamless, easy-to-use experience when it comes to page building. Drag-and-drop and WYSIWYG tools are something they expect when they want to create and design pages. Drupal Layout Builder offers this exact experience with its easy-to-use page building capability, in Drupal core. 

Drupal Layout Builder is unique and provides a powerful visual design tool to let content authors change the way content is presented. Introduced in Drupal core in its latest version, Layout Builder in Drupal 8 allows you to add/remove sections to display the content using different layouts, and customizing your pages based on the requirements. The Layout Builder Module in Drupal 8 also allows you to combine these sections and create a truly customized page. 

Layout Builder in Drupal 8 can be used in two different ways. It can be used to create a layout for each content type on the website, and also to create a layout for an individual piece of content.

Introducing Layout Builder in Drupal 8

The Layout Builder module allows you to customize the design of the entities such as content types, taxonomy, users etc. It provides an easy-to-use drag and drop option for site builders to place blocks, fields etc.

The layout builder module in Drupal 8 makes it easier to build your layouts by offering a preview of the changes made while building your layouts. Instead of having to save every small change made in the layout and then looking it up on the front-end, layout builder in Drupal allows previews of the changes made for a seamless layout building experience. 

Installing and setting up the Layout Builder module in Drupal 

In order to install/setup the layout builder module in Drupal 8, navigate to Extend and enable both Layout Builder and Layout Discovery module.

Installinf and setting up the layout builder

Note: Layout Builder was introduced as a stable module in Drupal 8.7. So, make sure you’re using the latest version. In older versions of Drupal, it was an experimental module.

1. Use Drupal Layout Builder to Customize Content-Type and Taxonomy

1. Once you have installed the module, navigate to Structure, Content types and click on “Manage display” for any content type , For now we will use the “article” content type.

layout builder module

2. Scroll to the bottom and click on Layout options and select “Use Layout Builder”, then click on Save.

Layout builder module in drupal 8

3. Once you’ve enabled Layout Builder on the view mode, you can see a “Manage layout” option instead of field formatters. You can use Layout Builder for any of the view modes present.

Manage Display

4. When you click on “Manage layout”, you’ll be redirected to article content type layout.

edit layout builder

2. Add Sections to Layout

1. First, remove the default section. Click on the close icon (as depicted in the below screenshot). Further, you will be provided with an option to the right side of your screen to remove the default section. Click on “Remove”.

add sections to layout builder

2. Let us add a few sections to our layout by clicking on the “Add Section” option. Further, you will be provided with options to choose a layout of your choice for your section, on the right side of the screen. For now, let us select the “Two Column Section”.

edit layout

3. You will have an option to choose the width for your “Two Column Layout”. Let us select a “50%/50%” for now. Then click on “Add section”.

Two column layout

Once added, you should be able to see an “Add Block” link for each section region.


3. Add Blocks to Section Regions

After choosing your section for the layout, you can add blocks into your section. To add a block just click on “Add Block” and the “Choose a block” option will slide out from the right.

add blocks to section regions

1.Choosing a Block
Blocks can be chosen from the right by just clicking on them. You can even find blocks by filtering them out by their name using the “Filter by block name” text field. 
We will select “Authored on” content field  for now.

choosing a block

When you click on the block you want to add, you’ll be able to adjust the field formatter. Once you’ve configured the formatter, click on “Add Block”.


The “Authored On” content field will be placed on the left side of the block.


After placing the “Authored On” field , you need to save your changes. Save all the changes you have made to your section by clicking on “Save Layout” option at the top of the layout page

layout builder

Let us try adding some more fields into our layout


So, after saving this layout, if you visit an article content type page, you will be able to see a preview of the layout which you just built..


4.Override Default Layout

The layout which we just built will be applicable for all the articles. If you want to build a customized layout for a particular article, we have to enable some options provided by Drupal for the same. You can do it by selecting “Allow each content item to have its layout customized.”


After enabling this option, if you go to an article, you should see a Layout tab button.

Layout builder

You can now modify the layout using the same interface. However, this will only change the layout on this specific piece of content.

Layout builder
Oct 04 2019
Oct 04

Over the years I have benefited greatly from the generosity of the Drupal Community. In 2011 people sponsored me to write lines of code to get me to DrupalCon Chicago.

Today Dave Hall Consulting is a very successful small business. We have contributed code, time and content to Drupal. It is time for us to give back in more concrete terms.

We want to help someone from an under represented group take their career to the next level. This year we will provide a Diversity Scholarship for one person to attend DrupalSouth, our 2 day Gettin’ Git training course and 5 nights at the conference hotel. This will allow this person to attend the premier Drupal event in the region while also learning everything there is to know about git.

To apply for the scholarship, fill out the form by 23:59 AEST 19 October 2019 to be considered. (Extended from 12 October)

Share this post

Oct 03 2019
Oct 03

The Drupal Association collaborated on Automatic Updates, one of the Drupal Core Strategic Initiatives that was funded by the European Commission. We are excited to partner with MTech, Tag1 Consulting, and the European Commission FOSSA program on this new initiative and share information with you about its features.

Automatic Updates has three components.

Public safety messaging

This feature pulls a feed of alerts from Drupal.org directly into Drupal's administrative interface. This helps ensure that critical Public service announcements (PSA) or Security Advisories (SA) from the Drupal security team will be seen directly by site owners. 

  • This provides yet another communication mechanism before an update so site owners can verify they are ready for an upcoming update, before it lands.

  • The feed of alerts comes directly from the feed of PSAs and SAs that the security team and release managers are already producing. 

  • This will vastly increase the ability of the Drupal project to get the word out about critical and highly critical updates - ensuring the community can respond fast. 

Readiness checks, or “Pre-flight” checks

These automated and extensible readiness checks are built into the Automatic Updates system to verify that a site doesn't have any blockers that would prevent it from being updated.

  • These checks are slated to run at least every 6 hours on a site via Drupal Cron and will inform site owners if they are ready to auto update their site.

  • Examples of the readiness checks include:

    • Is the site is running on a read-only file system?

    • Have any files included in the update been modified from what they should be? 

    • Does the site still need to run database updates, etc.? 

There’s about 8 or 9 of these readiness checks and some are warnings (Cron isn’t running frequently enough to automatically update the site in a timely manner) and some are errors (the file system is read-only). Warnings won’t stop automatic updates, but errors will.

In place updates

Finally, the key pillar of the automatic updates feature is the update itself. Drupal.org generates a signed and secure package of files which can be overlaid atop the existing site files in order to apply the update. 

  • This update package is downloaded as a signed zip file from Drupal.org. The automatic updates module on the site then compares the signature of the zip file using drupal/php-signify, which is based on BSD’s Signify and libsodium to verify the package.

  • It then proceeds to backup the files about to be updated and updates the site.

  • If all goes well, the site is upgraded. If something fails, the backup is restored.

  • Many workflows are supported and you can customize how the updates are performed. Updates can flow through your CI/CD system, be staged for review and approval, and or automatically go live.

In the past few weeks, the Drupal Association has been invited to participate in TagTeamTalks, a new recorded talk series about various tech projects supporting the Drupal project. This bi-weekly format provides real-time shared collaboration and informative discussions. 

TagTeamTalk launched its webinar focused on Automatic Updates this week. The group dives deep into the nuts and bolts of Drupal's groundbreaking Automatic Updates feature, and the strategic initiative sponsored by the Drupal Association, MTech, Tag1 Consulting, and the European Commission. Guests include Preston So (prestonso), Contributing Editor at Tag1 and Moderator of the TagTeamTalks; Michael Meyers (michalemeyers), Managing Director of Tag1; Lucas Hedding (heddn), Senior Architect and Data and Application Migration Expert at Tag1; Fabian Franz (Fabianx), Senior Technical Architect and Performance Lead at Tag1; and Tim Lehnen (hestenet) CTO at the Drupal Association. Read the TagTeamTalks blog.

“Content marketing is one of the most effective ways to promote your brand and capabilities - it has been a really powerful approach for the organizations that I’ve worked for,” said Michael. “The goal is to give our team an opportunity to talk about the cool things they’re working on and excited about and to share it with people. It helps get the word out about the latest developments in the open source communities we contribute to, and it promotes Tag1’s expertise - it helps us recruit new hires, and drives new business.” 

Meyers is the Managing Director of Tag1, and has been involved with the Drupal community for over 15 years. He was Founder and CTO of the first venture backed drupal based startup, CTO of the first Top 100 website on Drupal, and VP of Developer Relations at Acquia before joining Tag1.  “The great thing about TagTeamTalks is that it doesn’t take a tremendous amount of effort or energy. Our engineers are subject matter experts. We decide on a topic for the week, spend 15 minutes brainstorming a rough outline as a guide, and then record the talk. We don’t want to be rehearsed. The conversation is what makes it dynamic and enjoyable for us to do, and for people to listen to. And, the team loves it because they want to talk about what they are working on, and this format doesn’t take a lot of time away from what they enjoy doing most - writing code.” 

Hedding is one of the top 20 most active contributors to Drupal 8, and is also the Drupal Core Migrate Sub-system Maintainer, a core contribution mentor, and a D.O. project application reviewer. “Auto Updates has long been one of the most requested Drupal features, it is a capability the platform really needs that will help everyone using Drupal. Now that the alpha is available, we need to early adopters to start using it, we need feedback so we can continue to improve it. We also need to get more people involved in development, and we need to raise more money from organizations to support the project - it might sound like a simple feature, but it is actually really complex and requires a lot of effort. TagTeamTalks are a great way to get the word out and to enlist support from the Drupal community.”

Lucas added, “The European Commission provided generous funding for this initiative. The focus has been exclusively or largely around the European Commission’s features and functionality. The funding is running out very soon. There is a need for other people to help continue to build Automatic Updates by adding the features they need with their developers or by providing funding.”  

“It is critical for us to spread the message and make that call to action; that this is a community-driven effort and that without continued community support, it is not going to be as successful or as robust in the timeframe that we would like,” said Meyers.

The first year of funding from the European Commission provided for readiness checking, delivery of update 'quasi-patches,’ and a robust package signing system. The focus of this first phase of the Automatic Updates initiative has been on support for security updates in particular. 

In the second phase, as yet unfunded, we hope to extend this foundational work in the following ways:

  • Provide more robust composer support. The first phase of the automatic updates project should be compatible with composer-ready sites, but as the site’s composer.json file and vendor directory of a site change from the default, then more controls and though need to be implemented. 

  • Create an A/B front-end controller for the site being updated to further increase our confidence in the success of the update, allow for additional post-update testing and provide an easy mechanism to roll-back the update. This is also when updates will be able to move into Drupal core from the contrib project.

  • Expand to more types of updates (particularly further support for contrib updates), and also handle multiple updates in a row, for sites that are several versions behind. 

To accomplish all of this, we will continue to seek more funding and more partners. 

“I’m looking forward to seeing where this goes now that we have the first release out, ” said Hedding. “ There’s a larger community needed to get this initiative completed.”

The initial alpha version of the Automatic Updates module can be tested by the community right now. The plan is to: demonstrate Automatic Updates at DrupalCon Amsterdam this month, complete the scope of the funded work by the European Commission by the end of this year, and stabilize Automatic Updates by DrupalCon Minneapolis in May 2020. 

“The Automatic Updates initiative is designed to reduce the friction in keeping a Drupal site secure and up-to-date. The team behind the initiative is architecting a robust system, secure by design, and building components that can be shared with the broader PHP community,” said Tim Lehnen.

Many thanks to MTech, Tag1 Consulting, and the European Commission FOSSA program for funding this initiative. The Drupal Association is proud to be a part of this initiative.

Oct 03 2019
Oct 03

The Drupal Association collaborated on Automatic Updates, one of the Drupal Core Strategic Initiatives that was funded by the European Commission. We are excited to partner with MTech, Tag1 Consulting, and the European Commission FOSSA program on this new initiative and share information with you about its features.

Automatic Updates has three components.

Public safety messaging

This feature pulls a feed of alerts from Drupal.org directly into Drupal's administrative interface. This helps ensure that critical Public service announcements (PSA) or Security Advisories (SA) from the Drupal security team will be seen directly by site owners. 

  • This provides yet another communication mechanism before an update so site owners can verify they are ready for an upcoming update, before it lands.

  • The feed of alerts comes directly from the feed of PSAs and SAs that the security team and release managers are already producing. 

  • This will vastly increase the ability of the Drupal project to get the word out about critical and highly critical updates - ensuring the community can respond fast. 

Readiness checks, or “Pre-flight” checks

These automated and extensible readiness checks are built into the Automatic Updates system to verify that a site doesn't have any blockers that would prevent it from being updated.

  • These checks are slated to run at least every 6 hours on a site via Drupal Cron and will inform site owners if they are ready to auto update their site.

  • Examples of the readiness checks include:

    • Is the site is running on a read-only file system?

    • Have any files included in the update been modified from what they should be? 

    • Does the site still need to run database updates, etc.? 

There’s about 8 or 9 of these readiness checks and some are warnings (Cron isn’t running frequently enough to automatically update the site in a timely manner) and some are errors (the file system is read-only). Warnings won’t stop automatic updates, but errors will.

In place updates

Finally, the key pillar of the automatic updates feature is the update itself. Drupal.org generates a signed and secure package of files which can be overlaid atop the existing site files in order to apply the update. 

  • This update package is downloaded as a signed zip file from Drupal.org. The automatic updates module on the site then compares the signature of the zip file using drupal/php-signify, which is based on BSD’s Signify and libsodium to verify the package.

  • It then proceeds to backup the files about to be updated and updates the site.

  • If all goes well, the site is upgraded. If something fails, the backup is restored.

  • Many workflows are supported and you can customize how the updates are performed. Updates can flow through your CI/CD system, be staged for review and approval, and or automatically go live.

In the past few weeks, the Drupal Association has been invited to participate in TagTeamTalks, a new recorded talk series about various tech projects supporting the Drupal project. This bi-weekly format provides real-time shared collaboration and informative discussions. 

TagTeamTalk launched its webinar focused on Automatic Updates this week. The group dives deep into the nuts and bolts of Drupal's groundbreaking Automatic Updates feature, and the strategic initiative sponsored by the Drupal Association, MTech, Tag1 Consulting, and the European Commission. Guests include Preston So (prestonso), Contributing Editor at Tag1 and Moderator of the TagTeamTalks; Michael Meyers (michalemeyers), Managing Director of Tag1; Lucas Hedding (heddn), Senior Architect and Data and Application Migration Expert at Tag1; Fabian Franz (Fabianx), Senior Technical Architect and Performance Lead at Tag1; and Tim Lehnen (hestenet) CTO at the Drupal Association. Read the TagTeamTalks blog.

“Content marketing is one of the most effective ways to promote your brand and capabilities - it has been a really powerful approach for the organizations that I’ve worked for,” said Michael. “The goal is to give our team an opportunity to talk about the cool things they’re working on and excited about and to share it with people. It helps get the word out about the latest developments in the open source communities we contribute to, and it promotes Tag1’s expertise - it helps us recruit new hires, and drives new business.” 

Meyers is the Managing Director of Tag1, and has been involved with the Drupal community for over 15 years. He was Founder and CTO of the first venture backed drupal based startup, CTO of the first Top 100 website on Drupal, and VP of Developer Relations at Acquia before joining Tag1.  “The great thing about TagTeamTalks is that it doesn’t take a tremendous amount of effort or energy. Our engineers are subject matter experts. We decide on a topic for the week, spend 15 minutes brainstorming a rough outline as a guide, and then record the talk. We don’t want to be rehearsed. The conversation is what makes it dynamic and enjoyable for us to do, and for people to listen to. And, the team loves it because they want to talk about what they are working on, and this format doesn’t take a lot of time away from what they enjoy doing most - writing code.” 

Hedding is one of the top 20 most active contributors to Drupal 8, and is also the Drupal Core Migrate Sub-system Maintainer, a core contribution mentor, and a D.O. project application reviewer. “Auto Updates has long been one of the most requested Drupal features, it is a capability the platform really needs that will help everyone using Drupal. Now that the alpha is available, we need to early adopters to start using it, we need feedback so we can continue to improve it. We also need to get more people involved in development, and we need to raise more money from organizations to support the project - it might sound like a simple feature, but it is actually really complex and requires a lot of effort. TagTeamTalks are a great way to get the word out and to enlist support from the Drupal community.”

Lucas added, “The European Commission provided generous funding for this initiative. The focus has been exclusively or largely around the European Commission’s features and functionality. The funding is running out very soon. There is a need for other people to help continue to build Automatic Updates by adding the features they need with their developers or by providing funding.”  

“It is critical for us to spread the message and make that call to action; that this is a community-driven effort and that without continued community support, it is not going to be as successful or as robust in the timeframe that we would like,” said Meyers.

The first year of funding from the European Commission provided for readiness checking, delivery of update 'quasi-patches,’ and a robust package signing system. The focus of this first phase of the Automatic Updates initiative has been on support for security updates in particular. 

In the second phase, as yet unfunded, we hope to extend this foundational work in the following ways:

  • Provide more robust composer support. The first phase of the automatic updates project should be compatible with composer-ready sites, but as the site’s composer.json file and vendor directory of a site change from the default, then more controls and though need to be implemented. 

  • Create an A/B front-end controller for the site being updated to further increase our confidence in the success of the update, allow for additional post-update testing and provide an easy mechanism to roll-back the update. This is also when updates will be able to move into Drupal core from the contrib project.

  • Expand to more types of updates (particularly further support for contrib updates), and also handle multiple updates in a row, for sites that are several versions behind. 

To accomplish all of this, we will continue to seek more funding and more partners. 

“I’m looking forward to seeing where this goes now that we have the first release out, ” said Hedding. “ There’s a larger community needed to get this initiative completed.”

The initial alpha version of the Automatic Updates module can be tested by the community right now. The plan is to: demonstrate Automatic Updates at DrupalCon Amsterdam this month, complete the scope of the funded work by the European Commission by the end of this year, and stabilize Automatic Updates by DrupalCon Minneapolis in May 2020. 

“The Automatic Updates initiative is designed to reduce the friction in keeping a Drupal site secure and up-to-date. The team behind the initiative is architecting a robust system, secure by design, and building components that can be shared with the broader PHP community,” said Tim Lehnen.

Many thanks to MTech, Tag1 Consulting, and the European Commission FOSSA program for funding this initiative. The Drupal Association is proud to be a part of this initiative.

Oct 03 2019
Oct 03

Your website’s pages live in the World Wide Web. However, not all of them and not always should be displayed to users just as they are. There are plenty of reasons to control how they are accessed and displayed. 

In this post, we explain why, as well as describe how your website can benefit from one of the most interesting Drupal 8 modules for user access and page display control — the Rabbit Hole.

Why is page access control important?

There are slight nuances of page access control, some of which may not be obvious at first glance. Let’s look at a few.

  • Website page access control enhances your website’s security by prohibiting the views of restricted pages. They may contain sensitive or personal information that should not be seen.
  • Being able to control page access allows you to create interesting access-based functionality (like subscription content).
Paid subscription page in Drupal 8
  • This takes care of your website’s attractive look. Sometimes there are “building blocks” of a page layout that should not be seen by users because, for example, they are not properly themed.
  • For similar reasons, some pages should be hidden from from indexing by the search engines, so page access control also helps your SEO. 

All these and many other tasks can be entrusted to the Rabbit Hole module in Drupal 8. You can always rely on our Drupal team for installing and configuring it on your website and taking care of all page access nuances. In the meantime, let’s take a tour at how the module works. 

The essence of the Rabbit Hole module in Drupal

The Rabbit Hole module in Drupal really stands out from other modules by offering interesting options of what happens when someone is viewing a particular Drupal page (or entity). 

Instead of displaying the Drupal entity, the module can:

  • redirect the user to another page (with the possible use of tokens)
  • show “Page not found”
  • show “Access denied”

This Drupal module’s name might remind you of Alice in Wonderland's story or the concept of parallel universes. The expression “go down the rabbit hole” often means getting into a surreal situation. All this makes sense — with the Rabbit Hole module, your Drupal entities exist but their display is different. 

A few common scenarios (now exactly from the Drupal point of view):

  • You want to grant or deny user access to entity types or specific Drupal entities based on user roles — for example, to display paid content to users with a subscription. Special user roles can be allowed to bypass the Rabbit Hole action.
  • You want to hide the full display of nodes that only serve as building blocks for a Views slideshow or other Drupal page. They also should not be indexed by Google.

So let’s take a closer look at its work and go down the rabbit hole a little bit.

How the Rabbit Hole module in Drupal 8 works

Rabbit Hole module installation

The Rabbit Hole is a complex Drupal module that works with different types of entities — nodes, taxonomy terms, users, etc. 

So, when installed, it offers a bunch of submodules to be enabled alongside the main module. For most common situations, i.e. for working with content, we need the “Rabbit Hole nodes” submodule enabled. However, it depends on the task.

Being able to control page access allows you to create interesting access-based functionality (like subscription content).

Intalling the Rabbit Hole module in Drupal 8

Rabbit Hole module configuration

Rabbit hole settings for an entity type

The module’s page display and user access control settings are found in the entity type’s “Edit” page. You can set the behavior as:

  • Page redirect
  • Display the page
  • Page not found
  • Access denied

After selecting the behavior and clicking “Save,” you can check the result by opening the node page in an incognito window. You cannot see the result as admin, because the admin has the default permission to bypass the Rabbit Hole action. 

Rabbit Hole module options in Drupal 8

The special “Page redirect” option

If the “Page redirect” option is selected, we can enter the redirect path or use available tokens. For the latter case, the Token Drupal module also needs to be installed. 

Using page redirect, we can, for example:

  • redirect the users to the specially created subscription page asking them to subscribe to view the content
  • use one of the tokens like [site:login-url] that will take the user to the login page showing them they need to register to view the content
  • redirect the users from the individual nodes that are part of the slideshow to the slideshow page itself or the homepage.
Rabbit Hole module page redirects in Drupal 8

Rabbit hole settings for an individual entity

On the same dashboard, you can also check or uncheck “Allow these settings to be overridden for individual entities.” 

With this enabled, Drupal Rabbit Hole settings are also found on the particular entity’s “Edit” page.

Drupal 8 Rabbit Hole settings for an individual entity

Rabbit Hole permissions

To give permissions for particular roles to bypass Rabbit Hole action or to administer its settings, go to People — Permissions.

For example, you can create the VIP user role who will be able to view the specific content type, while others will see “Access denied,” be redirected to a subscription page, or login page.

Rabbit Hole module permissions in Drupal 8

Use the best options for access control in Drupal 8 

There are no limits to how deep this rabbit hole goes. The most fine-grained scenarios of page display and user access control in Drupal 8 are possible with the Rabbit Hole module. 

Just ask our Drupal team to create them for you, configure the module, or develop custom modules for your specific ideas!

Oct 03 2019
Oct 03

Someone asked in Slack today how to print the URL of the node that a paragraph is on. I was up to the challenge.

First off, you can do this with php in your .theme file quite easily, but I like to keep my template items in my templates.

Here's the code I used to first get the node id, then the node title, and then create a link from these two pieces of information.

  1. <ul>

  2. Node Id: {{ parent.nid.value }}
  3. </ul>

What this does is:

  1. Set a variable called parent - note is uses parent twice and then entity

    You won't see parent or entity in your kint/dpm/dd output, which is a pity because entity is great - load the entity you want to get information from.

  2. Use parent to then get the node id value and title value parent.nid.value and parent.title.value.
  3. Create a link using this variables.

It's quite simple really. You can now use this approach to get other fields/data from your host node.

Oct 03 2019
Oct 03

The proper use of internal linking can turn any website into a powerful marketing tool. It is a vital part of effective content writing strategies. In this post, we explore why it is so, as well as review a helpful module for smart content linking in Drupal 8 — D8 Editor Advanced Link. Let’s go.

What is internal linking on websites?

Internal linking is known as the practice of placing hyperlinks inside content leading to the other relevant pages within the same domain. Internal links to content often use the keyword-rich anchor phrases. 

Why is internal linking important?

  • It boosts SEO rankings by helping the search engines understand what your pages are about, offering them multiple entry points to crawl your websites, as well as increasing page authority.
  • Session duration grows — users visit more pages per session, which, among other things, is an important search ranking factor.
  • Internal linking enhances user engagement by offering them more and more relevant content. They simply cannot leave!
  • The conversion rate potentially grows because users are kept interested. They get closer and closer to making the desired conversion.

Internal linking in Drupal 8

Content links should be handy both for content editors to create and for website readers to navigate through. Of course, it’s possible with Drupal 8! 

First, creating links in Drupal 8 is handy for anyone by default — thanks to the built-in CKEditor with a link icon on its dashboard.

Standard link creation in Drupal 8's CKEditor

Second, there are also tools for creating links in Drupal 8 CKEditor that further extend the standard functionality. They are meant for more advanced internal and, of course, external linking as well. Let’s look at how this job is performed by one of them — the D8 Editor Advanced Link module.

The D8 Editor Advanced Link module

The Drupal module D8 Editor Advanced Link increases the website’s usability both for the content creators and readers in the following ways:

  • Content editors and SEO managers can control more precisely from the CKEditor panel how the content links are displayed. 
  • Content readers can enjoy rich links and more convenient navigation.

These content linking capabilities include:

  • linking directly to exact phrases or even words on the page
  • adding CSS classes
  • making links open in a new or the same window
  • displaying the link’s title on mouseover
  • adding relationships between the linked and the source page

“This is a super simple module that serves a very cool little purpose,” said Thomas Shean, a famous Drupal contributor, in the video tutorial about the D8 Editor Advanced Link.

The principle of the D8 Editor Advanced Link module’s work

The module provides advanced link creation by offering more attributes to be added to them. Let’s compare. The classic Drupal CKEditor has just one field for the URL during content linking:

Standard link adding form in Drupal 8's CKEditor

Everything is different with the D8 Editor Advanced Link module installed. It enriches the Drupal 
CKEditor’s content linking menu with advanced attributes such as: 

  • title
  • class
  • id 
  • target 
  • rel
D8 Editor Advanced Link module's capabilities

The difference is amazing. More details will be discussed in the “Installation and configuration” part.

Installation and configuration of the D8 Editor Advanced Link

Installing and enabling the module

First, we need to install and enable the D8 Editor Advanced Link module on the Drupal 8 website. 

Enabling D8 Editor Advanced Link module in Drupal 8

Preparing the text formats

Next, we go to Administration — Configuration — Content authoring — Text formats and editors and open the “Full HTML” format.

Text formats in Drupal 8

We make sure we have the “link” buttons on the active toolbar. If not, we need to drag them there. We will need them, as well as the “source” button.

Configuring Drupal 8's CKEditor dashboard for adding links

We should also look at the "Limit allowed HTML tags and correct faulty HTML" filter. 

  • If it is unchecked, there is nothing else to do, since there are no restrictions in tags. 
  • If it is checked, you can add more allowed HTML tags manually (such as "title", "class", "id", "target", and "rel").
Configuring allowed html tags in Drupal 8

Using the content linking attributes

When we have prepared everything, we can go ahead with our Drupal content linking. When selecting the part of the text that needs to be linked and clicking on the “link” button, we will see a form with advanced attributes that just need to be unfolded. 

Advanced link attributes in CKEditor Advanced Link module for Drupal 8
  • URL. This is the URL of the destination page.
  • Title: This is the text that is shown as a tooltip when the mouse hovers over the link.

Advanced section:

  • CSS classes. This is the place to add CSS classes. Multiple ones are supported, which should be separated by spaces.
  • ID. This allows you to use URL fragments and lead users to a specific portion of the page. For example, you list “ID2” at the end of the URL tag after the “#” symbol. Then you should mark where the “ID2” fragment begins inside in the source code of the destination page. Like this: <p id="ID2">.
Using URL fragments in Drupal 8
  • Target. This is a simple check/uncheck option as to whether the links should or not open in a new window.
  • Relation (rel). This is for adding relationships between the source and the destination document (e.g. “nofollow,” “noreferrer,” etc.).

Make your internal linking in Drupal 8 more advanced!

With Drupal, there are always more opportunities than you could imagine. Make your content workflows much smarter by installing the D8 Editor Advanced Link module or other modules for internal linking in Drupal. 

Our Drupal team is always there for module selection, installation, configuration, or creation from scratch!

Oct 03 2019
Oct 03

Drupal 8.8.0-alpha1 will be released the week of October 14th

In preparation for the minor release, Drupal 8.8.x will enter the alpha phase the week of October 14th, 2019. Core developers should plan to complete changes that are only allowed in minor releases prior to the alpha release. The 8.8.0-alpha1 deadline for most core patches is October 11. (More information on alpha and beta releases.)

  • Developers and site owners can begin testing the alpha after its release.
  • The 8.9.x and 9.0.x branches of core will be created, and future feature and API additions will be targeted against that branch instead of 8.8.x. All outstanding issues filed against 8.8.x will be automatically migrated to 8.9.x.
  • Once 8.9.x is branched, new alpha experimental modules will be removed from the 8.8.x codebase (so their development will continue in 8.9.x only). The Help Topics and Config Environment modules are new alpha stability modules in 8.8.x.
  • All issues filed against 8.7.x will then be migrated to 8.8.x, and subsequent bug reports should be targeted against the 8.8.x branch.
  • During the alpha phase, core issues will be committed according to the following policy:
    1. Most issues that are allowed for patch releases will be committed to 8.8.x, 8.9.x, and 9.0.x.
    2. Most issues that are only allowed in minor releases will be committed to 8.9.x and 9.0.x only. A few strategic issues may be backported to 8.8.x, but only at committer discretion after the issue is fixed in 8.9.x (so leave them set to 8.9.x unless you are a committer), and only up until the beta deadline.

Drupal 8.8.0-beta1 will be released the week of November 4th

Roughly two weeks after the alpha release, the first beta release will be created. All the restrictions of the alpha release apply to beta releases as well. The release of the first beta is a firm deadline for all feature and API additions. Even if an issue is pending in the Reviewed & Tested by the Community (RTBC) queue when the commit freeze for the beta begins, it will be committed to the next minor release only.

The release candidate phase will begin the week of November 18th, and we will post further details at that time. See the summarized key dates in the release cycle, allowed changes during the Drupal 8 release cycle, and Drupal 8 backwards compatibility and internal API policy for more information.

Bugfixes and security support of Drupal 8.6.x and 8.7.x

Drupal 8 core provides security coverage for the previous minor release as well as the newest minor release. Accordingly, security releases for Drupal 8.7.x will be made available until June 4th when Drupal 8.9.0 is released. Bugfixes that are not security-related will only be committed until Drupal 8.7.x's final bugfix window on November 6th.
Normal bugfix support for Drupal 8.6.x ended in May 2019. However security support is provided for 8.6.x until the release of Drupal 8.8.0 on December 4th, 2019.

Note: June 4, 2020 is both the scheduled release date of 8.9.0 and also the target release date for Drupal 9.0.0. If 9.0.0 misses the June window, its fallback release date is December 2, 2020. Support and security coverage for 8.7.x, 8.8.x, and 8.9.x will remain the same in either scenario.

Oct 03 2019
Oct 03

You will need to download and install the Drupal 8 Build Hooks module just like you would with any other Drupal module.

composer require drupal/build_hooks

Enable the Build Hooks and Build Hooks for Netlify modules.

Build Hooks Modules

There are some permissions that can be set for Build Hooks to determine who can manage the frontend environments and who can trigger deployments. For now we will just keep it for administrators.

Build Hooks Permissions

Go to Admin > Configuration > Build Hooks > Build Hooks Settings. On this page you can configure what entities should be logged. This is important as these “loggable” entities are the entity types that can trigger a rebuild on your Gatsby site. Leaving it at the default will work for our site, but this could vary depending on your needs and if you have other entity types that your Gatsby site uses for content.

Build Hooks Settings

Go to Admin > Configuration > Build Hooks > Frontend Environments and click the Add frontend environment button. In the Netlify section, click the Add new environment button. You now need information from your Netlify site.

Go to the Netlify website and log into your Netlify account. Select your Gatsby site and take note of your Gatsby URL (you will need that for the Drupal form). Click on Settings and under the Build & Deploy section find Build Hooks.

Click the Add Build Hook button.

Add Build Hook

You can give the build hook any name you want, in this example I just called in Content Rebuild. Set it to rebuild your Master branch. Click the Save button.

Build Hooks Configuration

Now take this Build hook URL and the URL for your Netlify site and drop it into the Drupal form. You can set the Label to whatever you want. Copy the API ID from your Netlify site (in the General Settings > Site details) section and drop that in the Drupal form as well. For the Branch name, enter master. For now you can leave the Deployment strategy as Manually only, however, this option is what would allow you to trigger rebuilds on cron run or when content is updated on the site.

Build Hooks Frontend Environment

Now go to an Article and change something. I will just change the title and image of the most recent article, but you could create additional articles or make any changes you want. Once your changes are ready, notice the Frontend environment is listed in your admin menu.

Build Hooks Admin Menu

If you click on the deploy environment you can click the Start a new deployment button.

Build Hooks start Deployment

If you go back to your Netlify site, you will see that a new deploy has been added and the site is rebuilding.

Netlify Build Status

Once it’s finished you can check out your updated Gatsby site!

Note: You don’t have to configure the oauth settings for the Netlify Build Hooks module in order to get this to work. If you want to make your Netlify logs private, then you will need to set up and configure the access token. This is available in the oauth settings on your Netlify account under the Access Token section.

Oct 02 2019
Oct 02

This left me looking for something else to step in as our Swiss Army knife that could help satisfy random functional requirements. After some googling and unsuccessful attempts with other modules I stumbled upon Business Rules. While still a fairly young module, it is already quite powerful and stable. To put it through its paces, I set out to try building a couple of rules in Drupal 8 that we used often in 7.  

Although the workflow is a little different than you may be used to in Rules the concepts and language are pretty much the same. At its’ core you have “Rules” that are the events that will trigger “Actions” when a specific set of “Conditions” and contexts are met. At any point in the process we can use “Variables” to dynamically add values to separate components of the rule. 

Unlike Rules, this module uses different sets of reusable configuration that you can mix and match to create your rule. Here’s a list and a brief rundown of the various parts.

Rule - Rules are the event types, this is where you’ll choose what you want to react on and bring all your other pieces of config together to trigger the desired action.

Condition - Conditions are used to evaluate an expression such as a data comparison, logical AND/OR, etc.

Action - Actions are where you’ll execute your desired functionality, actions can be placed within other actions or be part of conditions or rules. 

Variable - Variables store values for use within conditions and actions and can act as tokens to load in dynamic content where it is needed. 

If you’re a little confused by any of those descriptions I’ve created a little tutorial based on a rule we have used often in the past. It takes advantage of some neat functionality within the module to achieve the end result. 

Tutorial time!

What we’re going to do is create a rule that upon saving a new node of type “Page” it will send out a notification email to all users of a specified role. This is something that was a fairly simple action that could be fulfilled easily with Rules in D7 but is currently absent in the D8 variant without the use of a bunch of patches, one of which unfortunately is to core. You will notice though, that how we’re going to build it using Business Rules opens up the ability to create a list of email recipients from any arbitrary set of filters rather than just role. 

So I’m going to build this in a way that might seem a little out of order if you’re used to the Rules workflow. Trust me, it’ll make sense when it starts to come together. First we’re going to start by building a simple view. Select show “Users” and click save and edit. The only thing you’ll want to do is change the pager settings to “display all items” and add the filter “user:roles” filtered to the role you’d like to send the email to. You’ll then add “user:mail” as the only field, click save and you’re done with views config!

Views Configuration

Now that we’ve created the source of our user list we’ll head over to /admin/config/workflow/business_rules/collection First thing we’ll do in here is click the “Variables” tab and add a new variable. The type will be “View result variable” click continue and give it a label, description and select the view we just created.

Variable Configuration

Variable Configuration


Now that we have our variable setup we can start creating some actions. First we’re going to work a bit backwards and create the send mail action. Click over to the “Actions” tab and add a new action, select type “Send email” and click continue. Most of this form is fairly straightforward, add a label and description. When you get to the “To” field you’ll want to scroll down to the “Available Variable for This Context” fieldset and find the variable you setup. There will be a link that says “click here to see the view fields”, click that and grab the token for the “user:mail” field you setup earlier. Pop that token into the “To” field, fill out a subject and body and you should be good to save.

Action Configuration

Action Configuration

Next we’ll create another action this is where it gets fun, we’re going create and action that will loop through our views variable and perform our send mail action for each result. Click “add action” and choose “Loop through a view result variable” and click continue. On the next page select the variable you setup and then under “Items to execute during the loop” click “add action”. Here we will add our send email action we setup earlier and save. Now we’ve created an action that will loop through our user list and perform our send mail action on each result.

Action Configuration

Action Configuration

The last bit of config to tie this all together will be our rule, so head over to the “Rules” tab and click “add rule”. We’ll select “Entity insert’ for our “reacts on event” and continue. Fill out the usual fields and select “Content” for “Target entity type” and select your desired content type for “Target bundle”. We’ll then add our loop action we just completed under the “Items”  fieldset. We now have a fully functioning rule and as a bonus we get a nifty flowchart at the bottom so we can visualize the order of operations.

Rule Configuration

Rule Configuration

This just scratches the surface of what can be achieved with the module, more custom variables can be created to grab content from the node for use in the email body and logic statements and data comparisons can be used to run multiple branching actions on one event. So far everything I’ve tried to create has worked exactly how i was expecting it to. It’s a worthy replacement for rules which seems to have fizzled out at the moment. I’m looking forward to seeing what we’ll be able to do with it in the future, so get in there, try it out and help get it to it’s 1.0 release.

Oct 02 2019
Oct 02

DrupalCon Amsterdam 2019 is almost here and Amazee Labs has been busily preparing to share our most valuable practices at this year’s open source, community-driven event.

DrupalCon Amsterdam gathers more than 1,500 of the top digital minds that use Drupal for collaboration, knowledge sharing, friendship, and moving their projects forward. As proud sponsors, presenters, and attendees, we can’t wait to bask in so much shared expertise, to help create collaborative solutions, build more relationships, and shape the future of Drupal, open source and the world.

Check out the details on all our Amazee session and other must-see events:

Monday, 28 October

Felix Morgan will be presenting The Good, The Bad, and the Data: Marketing Strategies for Open Source Companies. She’ll discuss how marketing strategies that focus on leads are only addressing one aspect of successful positioning for companies promoting and using open source software. In this introductory session, Felix covers marketing best practices specifically for businesses that are creating, customizing, and contributing to open source software for their clients. Topics covered will include:

  • Personas and Stakeholders: beyond just the buyer.
  • Community and Narrative: the stories we tell are important.
  • Data: what to measure and when.

17:15-1800 in Room G102

Tuesday, 29 October

Jamie Hollern and Mattia Simonato will be presenting a session called Storybook and Drupal: Seamless frontend integration for decoupled sites. This session will explain how to use Twig with Storybook and Drupal to bring all the advantages of UI component libraries into a decoupled Drupal project, and how to build a component library for decoupled Drupal sites. 

16:40-17:00 Room G106

Social Events 

Make sure you join us for the official kickoff on Monday night! Located within the Exhibition Hall, the opening reception for DrupalCon promises to be a great time, followed by The International Splash Awards, celebrating the best Drupal projects in the world. 

On Wednesday, all women, trans* individuals, and those who identify outside of the gender binary are invited to Women in Drupal Luncheon to have lunch, mingle and meet Professor Sue Black and enjoy a small introduction before her Keynote speech: “If I can do it, so you can”.

Wednesday night, test out your Drupal knowledge! In the grand tradition of pub quizzes, capture the title of Drupal trivia champion and win small prizes to boot! You can even SUBMIT TRIVIA QUESTIONS here.

During the con, make sure you stop by Amazee Labs Lounge to kick back and charge up. We hope to see you in Amsterdam for all the passionate presentations and in-person, peer-to-peer discussions with Drupal Leaders.

Oct 02 2019
Oct 02

With its open source software and proven technology, Drupal is the first choice for many business owners when it comes to deciding a framework for their digital commerce business. After all, it’s a great CMS and ecommerce can be added to it through custom-built development (although custom might not be best, more on that later).

So, how about your business? Are you using Drupal and have an integrated or custom ecommerce component? Or, maybe you’re still deciding on which way to go to add ecommerce functionality? If so, let’s talk about the features that you probably wish to have in your website:

  • Are you looking for limitless product presentation and customization options?
  • Do you have plans to set up multichannel marketing and automation for your website?
  • Are you planning to integrate third party systems or run custom social media campaigns?
  • Do you need the flexibility to scale your website with endless options?

If you replied “yes” to any of the above questions, I would say custom-built ecommerce probably isn’t your best option. Nor do I think you need a pre-packaged SaaS solution, either. Before I suggest what you might want to do, let’s first look specifically at why custom ecommerce can present its own difficult challenges you definitely want to avoid.

5 challenges of a custom ecommerce system

Depending upon the complexity of requirements, it can take anywhere from months to years to set up a proper ecommerce site, no joke. Let’s say you’ve decided on building custom ecommerce functionality into your Drupal site. You’ve hired a developer, or maybe an agency or an internal team, to build it and have been able to get the ecommerce functionality that your business needed to get started. Great!

Now, after a year or so, you start thinking of scaling it by adding more features and functionality. This is where you may start running into challenges. Let me outline some of the more critical challenges you may face.

1. Handcuffed to an internal development team or outside agency

This can be a touchy subject but is probably the biggest liability for a company using custom development, so let’s start here. Ideally you’d still want to use that original development team who has all the knowledge of how your ecommerce component was made. But what if you can’t get the same developers or what if you have a falling-out with the agency who built it? Imagine how difficult it might be to onboard new developers when you yourself don’t know the code. Without a predefined standard or framework, how your ecommerce was built is anyone's guess. Significant cost will be added just to get any new developers up-to-speed.

2. Slow to implement new features and/or functionality

If you’re constantly feeling like you are reacting to the market rather than being a proactive innovator, this can be a direct cause of custom development. Simply put, everything you add to your website needs to be built and nothing is ready-made that you can just plug in. There is no time saving options that you can take advantage of to speed things up.

3. Inability to integrate with desired third party platforms

Integrations are one of the biggest benefits of an open source platform so it can be a real problem if you’re not able to integrate quickly and effectively.

Consider the cost that you have to bear when you are introducing something as simple as a new payment system or a new tax rule. Something that should be easy might take far too much time than it’s worth because you don’t have access to an underlying framework that was made specifically to make building these integrations faster.

Or maybe a robust new marketing tool comes in to the market and if you want to take advantage of it by integrating it with your ecommerce site. Let peace be upon you… this larger integration could be a monumental task. Every integration you require means more custom development, more cost, and lengthy timelines to completion.

4. Sacrificing the front-end customer experience

Custom development is built by developers first and so the actual look and presentation is often sacrificed for functionality. This isn’t meant to be a knock on developers, but the simple truth of the matter is that building code and building layout and design are two entirely different specialties. It’s very rare that you find someone with both skill sets. Without good UX and design, your customers will not get the front-end experience they expect which could impact your business performance.

If the makeup of your team includes designers and frontend developers, great! This would alleviate presentation issues, but these extra specialists will add additional expense to your custom build.

5. Unable to take advantage of the community

If all you have is custom functionality, you could be spending a lot of time and money developing features and/or integrations that potentially already would have existed if you had gone a different route. If you think about it, one of the great things about Drupal in general is all of the community-made modules that you have access to for extending your site’s functionality. While you’ll still be able to use them with your Drupal site, the custom ecommerce side of things doesn’t have that benefit. Everything you need must be built and probably only your team of developers can do it.

If not custom development, then what?

So what do you choose when custom development is a hassle and I’ve already mentioned that I’m not pushing you towards a SaaS solution. Well, my suggestion is that you should consider using the Drupal-native ecommerce module, Drupal Commerce. I mean, why marry off your Drupal site with someone else when we have fully compatible Drupal Commerce with us. It has been a proven ecommerce framework since 2011 (view usage stats) and lets you build a secure, scalable, SEO and mobile friendly ecommerce site in whatever way your business needs! It’s framework has been made for extending. It’s documented and has a large community centered around it (which Acro Media is a part of). Maybe you’ve heard negative rumblings about it in the past, and if so, I think you should look again.

Here’s how I justify my view, or rather, how Drupal Commerce can help you fulfill your ecommerce requirements.

Top 7 reasons why you should use Drupal Commerce

Below are the top 7 reasons why you should be selecting Drupal Commerce over any custom or off-the-shelf hosted solutions out there.

1. Commerce and content will easily get along

When we use Drupal Commerce with Drupal, it will let you manage your content strategy right within your ecommerce platform. You can easily manage complex relationship between products and other contents in the site. The CMS part will let you create custom landing pages to attract the attention of users while flexibility in the ecommerce part will make it easier for a site owner to manage new products and its workflow.

2. Requires less development effort

When you need a content site as well as an ecommerce site, With out-of-the-box modules and pre-configured distributions, a Drupal Commerce store can be easily setup without much hassle. Plus, when custom development is required, Drupal’s strict code standards ensure that any competent Drupal developer can easily jump-in and understand what’s going on. You’re not stuck with just a single developer or agency to manage your project. You have the freedom to shop around.

3. Highly customizable and scalable

Unlike most SaaS systems, Drupal and Drupal Commerce can be customized according to the business’s needs. Even though Drupal and Drupal Commerce are architected to be extended limitlessly, all the extensions follow a general standard. This makes sure that when the next person with knowledge in Drupal Commerce comes along, either from a development or administrator standpoint, this person can handle the software easily. New features or integrations can be performed faster which takes the system scalable to the next level.

From a performance perspective, Drupal and Drupal Commerce are more than capable of scaling to meet the needs of small business all the way to enterprise. Need proof, we’ve tested their performance and you can see the results here.

4. Integration with external systems

This is the core strength of Drupal. Drupal modules have been built so that they can interact with one another easily. If you need to connect your ecommerce to payment gateways, marketplaces, CRMs, analytics tools, SEO tools, shipping providers, the list goes on, they can be done as quickly as within a few hours (integration depending, of course). Drupal takes an API first approach which is what you want for integrations now and in the future.

5. Free and open source

Unlike proprietary ecommerce systems, Drupal Commerce is open source and there is no licensing cost or usage limits. Unlike other open source solutions, there are no paid modules within the Drupal community. You have access to it all and can extend and customize it in whatever you like. By saving money on the software, you can instead invest that money in your Drupal based platform and your own business needs.

6. Community support

Drupal has an immensely large community with thousands of active users helping to build and maintain the core software and its extensions. The features you require for your site could be already created by someone else and available on Drupal.org, waiting for you to take advantage of. Various IRC channels, blogs, forums, agencies, etc. will help you in case you are blocked or need advice on almost anything related to Drupal.

7. Solid future version support

With the release of Drupal 8, we are quite clear on how migrations to the next version will happen. If your site is already using Drupal 8, then you don’t have to worry about Drupal 8 being unsupported by community because you will easily be able to migrate your site to Drupal 9 (and future versions) when the time comes.

It doesn’t mean that your Drupal 7 site will be isolated either. The stable Migrate module in Drupal 8 will make a migration of your Drupal 7 site to Drupal 8 easier than ever before, saving time and money when adopting the newer version.

Demo Drupal Commerce today! View our demo site.View a Drupal Commerce demo

To help show you what a Drupal Commerce ecommerce solution looks like, check out our fully functional Drupal Commerce demo site, Urban Hipster.

Here you can click around and “buy” products just like you would using any real ecommerce site. You will see content pages, a best-practice product catalog, a variety of product types, and more. This feature rich demo was made to give you an idea of what your Drupal Commerce site could do, but of course this is just one example. The possibilities are endless.

Plan your move to Drupal Commerce

Leave custom development and integrated ecommerce frameworks behind by starting your move to Drupal Commerce today. Acro Media is an ecommerce consulting and development company that specializes in open source and Drupal Commerce. Take a look at our Drupal Commerce solutions today and let us know if you have any questions. We’d love to help you understand if Drupal Commerce is a good fit for your business.

Oct 02 2019
Oct 02

Mediacurrent works with a variety of customers across many verticals to build secure Drupal applications. We sometimes encounter strict hosting policies, including on-premise requirements.

One of the great benefits of decoupling Drupal from the web frontend is the ability to move Drupal’s CMS to a secured environment that is only accessible from a VPN or private network. Statically generated frontends like Gatsby further reduce vulnerabilities to provide a robust security architecture overall.

This article will outline three options for securing Drupal, two of which include hosting the CMS behind a Firewall only accessible by a user on a secured network. The third option is the more common alternative that provides some security but does not completely lock down the CMS.

 All options provide added security benefits over a traditional hosted Drupal application. Let’s weigh the pros and cons of each approach. 

Option 1 - Self-hosted

self-hosted option with Gatsby, Jenkins, Gitlab, Drupal

The first option runs completely on self-hosted hardware, which could be stood up on-premise if so desired. While this type of approach is becoming increasingly rare, there are still contracts in the government and financial space that require all self-hosted applications. 

This method will keep Drupal locked down on a web server behind a firewall that only privileged CMS users can access. GitLab is a great choice when Git repositories need to be self-managed but still require robust features that GitHub, BitBucket and GitLab’s cloud offerings provide. 

A Jenkins server can be stood up to handle the automation of Gatsby builds. This includes compiling the artifacts that will be deployed to the public web server on the right-hand side. For deployments, a read-only Git deploy key is a secure way of grabbing the latest Gatsby release.


  • Ability to completely lock down the CMS environment and Git repositories


  • Must maintain web servers, Gitlab server, and automation (Jenkins)
  • Most expensive solution to stand up and maintain

Why you would use this solution:

  • Strict security requirements
  • On-premise requirements for servers

Option 2 - Self-hosted + Cloud

self-hosted Drupal setup with cloud

The second option keeps the CMS web server behind a firewall while leveraging Cloud services for the rest of the architecture. As with the first solution, only privileged users will be able to access the CMS server. In this scenario, a Cloud Git service like GitHub will host the Gatsby source files and Netlify’s static host will run the compiled website. Netlify’s CLI can be used by the webserver behind the file server to rebuild artifacts when content is updated. A Jenkins server is a good way to handle the automation of Gatsby builds.


  • Relatively straightforward to set up
  • An easier solution to maintain than completely self-hosted
  • Saves cost over a self-hosted solution
  • Leverage great features from Netlify (High availability, A/B testing, etc.)


Why you would use this solution:

  • Balance security while leveraging Cloud
  • A desire for CMS to be completely locked down from outside access

Option 3 - Private with Cloud

private hosting with cloud

The last solution will not use a Firewall but instead obscure access to the webserver and in some cases add basic auth for additional protections. A CDN is recommended for inline images so that media is server from a service like Cloudfront instead of directly from the server. This method will leverage a Drupal managed host provider like Acquia or Pantheon.


  • Able to use image CDN for inline Media
  • Can add light protections like basic auth
  • No server maintenance
  • Managed host providers provide enterprise support and features


  • Server is still publicly accessible, so less secure than solution behind firewall

Why you would use this solution:

  • CMS does not need to be locked down
  • Security through obscurity, CMS server not indexed which shields from most attacks

Inline Images

One challenge with Gatsby is that it won’t automatically handle inline images coming from Drupal’s CMS. Gatsby does convert images that are served from Drupal’s JSON:API but it does not do anything with image paths that exist in say the body Wysiwyg HTML for any particular page. 

One option is to use the TUI Editor module that converts these images to Gatsby image assets: https://www.drupal.org/project/tui_editor

Another option would be to integrate the Drupal Amazon S3 module. This can be combined with Amazon Cloudfront to serve inline images from a secure server. Whenever a file gets saved it would be pushed up to Amazon S3 through an API and then made publicly available by Cloudfront. The AmazonS3 module allows developers to rewrite image URLs to the publicly accessible URLs that will be served by Gatsby.

Your Feedback

We hope that you have found this article helpful. Want to know more? Talk to our team of experts to discuss a solution that works for your organization.

Comments or questions? Hit me up at @drupalninja

Oct 02 2019
Oct 02

September was another exciting month for the Drupal community, with quite a lot of important pieces of news. Our recap of the top Drupal blog posts from last month covers these, as well as some interesting posts by Drupalers concerning the future of Drupal and open source in general. Enjoy!

Drupal Association Announces Newly Appointed Board Members

We kick off September’s recap with a blog post written by the recently appointed Director of Marketing and Outreach at the Drupal Association, Carole Bernard. In the post, she announces the newly appointed board members and welcomes them into the Drupal association. 

These new members are: Grace Francisco, Lo Li, Owen Lansbury, Ryan Szrama and Leslie Glynn who was selected by Drupal community members for the community-at-large seat. The post includes more information about each of them, as well as personal statements where each of them relates what joining the Association means to them. It concludes with a list of other board members and some general information about Drupal and the DA. 

Read more

Balancing Makers and Takers to scale and sustain Open Source

The next post we wanted to highlight is a truly excellent post by Dries - and, according to him, also the longest one he’s ever written. In it, he addresses the challenge of successfully scaling and sustaining open source. 

The post begins with some background, then Dries opens the discussion by defining the “Makers” and the “Takers” in open source. “Makers” are those organizations that contribute meaningfully to an open-source project, while “Takers” only benefit from the open-source code without really giving back.

To bridge this gap between Makers and Takers and balance them out, Dries suggests three ways of scaling and sustaining open source: appealing to organizations’ fairness principle; encouraging end users to offer benefits to Makers; and experimenting with new licenses.

Read more

Healthy Open Source Maintenance

Published on the same day as the previous post, this one by Lullabot’s Mateu Aguiló Bosch touches the same problematic as Dries’ one - healthy open source maintenance, as the title clearly states. 

The success and growth of an open source project relies on a lot of people contributing to it. But, while a lot of them may be sponsored, there’s a huge number of those who are giving their free time without getting anything in return. Yet they are still expected to put in as much effort and deliver the same quality as the sponsored contributors.

Mateu proposes that we implement a “Healthy Maintainer Manifesto” which would allow individual maintainers to specify to what extent and/or in what way they maintain the project. This would take a lot of pressure off maintainers and enable them to continue contributing in a sustainable way.

Read more

Acquia Acquires Cohesion: Enabling The Fastest Drupal Site-Building

We continue with an important piece of news for Acquia and Drupal - Acquia’s acquisition of Cohesion, creators of the low-code DX8 platform. DX8 enables those with little or no coding skills, such as marketers and site builders, to more easily and quickly create immersive digital experiences. This frees up developer capacity and allows developers to focus their attention on more advanced projects.

The acquisition is perfectly in line with Acquia’s goal of empowering their clients by providing them with a diverse set of tools they’ll need in the constantly shifting digital economy. Since a good customer and user experience are crucial to a business’ success, the ability to more easily provide personalized and relevant experiences will be extremely important for any brand.

Read more

Making Sense of the Vista Investment in Acquia for the Future of Drupal

In the fifth post on this month’s list, Phase2’s CEO Jeff Walpole shares his thoughts on another major piece of news for Drupal and Acquia - namely, the $1B Vista investment in Acquia - and what this means for Drupal going forward. 

He speculates on what both Vista and Acquia are planning to get out of this. For Acquia, the investment will allow it to better position itself on the market of DXP (digital experience platforms) as a worthy competitor to leaders in the field such as Adobe and Sitecore.

For Drupal and open source in general, this means more Drupal and Mautic events; increased contribution to open source code; and an improvement to diversity in our communities. 

Read more

How Content Editors Use the Drupal Layout Builder

The Layout Builder is a recently stable and extremely powerful feature of Drupal that allows for easy creation of pages with a drag-and-drop interface. Suzanne Dergacheva of Evolving Web has conducted a study together with her team to find out how intuitive and user-friendly the module actually is to content editors. 

Participants were tasked with creating and editing blocks, as well as editing the layout and sections, with the Layout Builder. They also performed the same task by using the Paragraphs module and WordPress’ Gutenberg editor, respectively. Paragraphs turned out to be less flexible than the Layout Builder, while Gutenberg was quite similar to it. 

Some of the most common problems that several participants encountered were unintuitive terminology, e.g. they would expect to have the option to “edit” rather than “configure”, and the misleading nature of the “Add Block/Section”. Luckily, there’s a lot of work being done on the Layout Builder, so we can expect the interface to just keep getting better. 

Read more

Commerce 2.14 adds Address Book to core

Next up, we have a blog post by Bojan Živanović of Centarro (formerly Commerce Guys), the creators and maintainers of Drupal Commerce. One of the most highly desired features has been storing and accessing customer information in an address book, something that was possible in Drupal 7 thanks to the Commerce Addressbook module.

In Drupal 8, address book is now a core feature of Drupal Commerce. Bojan’s post discusses the features of the address book’s UX, e.g. an “Address book” tab added to user pages and the ability to turn off the collection of billing information. The new interface is more smoothly navigable and easier to use than that of Commerce Addressbook.

Read more

A Partner for European Digital Agencies

We finish with an interesting post by Dropsolid’s Dominique De Cooman in which he explains their vision for Drupal to improve digital experiences by enabling teams and agencies to better connect. He also emphasizes the need for a foundational European agency to serve as a basis and help other European agencies.

Due to their active involvement in Drupal and the many tools they offer, he proposes Dropsolid as this agency and invites everyone to meet up at DrupalCon Amsterdam and partner up. He concludes the post by listing Dropsolid’s sessions for the upcoming ‘Con, each of which is aimed at helping attendees provide better digital experiences to their customers.

Read more

This was our selection of the top Drupal blog posts from September. We have some cool blog posts planned for this month, so, if you enjoy reading our blog, make sure to check back and make sure you don’t miss any of them! 

Oct 02 2019
Oct 02

Start by going to your Gatsby site on the command line and committing all your changes to the Git repo. If you are using command line git, the following commands should get you where you need to be:

git add .
git commit -m “Create base site that pulls content from Drupal”

Now head on over to Github (you could also use Gitlab or Bitbucket), log in, and create a new repository. You will want to add this new repo as an origin for your local Git repository. Something like the following command (replace the Git repo URL with your correct URL).

git remote add origin [email protected]:smthomas/gatsby-tutorial.git
git push -u origin master

Now head over to Netlify.com and create an account if you don’t already have one. You will need to use your Github, Gitlab, or Bitbucket account so it can pull in your Git repository you just created.

Once you are logged in, click the New site from Git button.

New Site from Git button

Select your Git provider

Select Git Provider

Select the team and branch you want to deploy to Netlify. The basic build settings should be able to be left at the default. You can use the Advanced build settings section to create environment variables. An example of this would be to pass in the Drupal username and password that can be used to authenticate with your Drupal site (this would require changes to your gatsby-cofig.js file). Once you are ready, click the Deploy site button.

Deploy settings

By default it will give your site an interesting and occasionally funny name. This name will be part of the domain name your site will be accessible at. Don’t worry, you can use your own custom domain if you want. It will take a few minutes for your site to build. This will depend on the size of your site.

Note: You will need to make sure your Drupal site is publicly available in order for your website to build. If you wanted to use a local copy of your Drupal site then using the Git deployment method will not work.

New Netlify Site

You can now follow the steps to set up a custom domain or click the created url to view your new live Gatsby site!

Oct 01 2019
Oct 01

Meet Gatsby, an open source React-based framework for building super fast websites and apps. 

In this episode, we talk with Jason Lengstorf to discuss the GatsbyJS project and what it solves.

Audio Download Link

Project Pick:



  • What's your role at Gatsby, when did you start?
  • How did you get involved in the project? 
  • What did you do before Gatsby?
  • What is Gatsby?
  • How do you feel about the response from the community about Gatsby?
  • Did you think it would take off as it has?
  • Why should an org choose it over a traditional CMS?
  • What separates Gatsby from other static site generators?
  • What features is the team currently working on?
  • Closing comments


Oct 01 2019
Oct 01

If ADA compliance was not on your radar screen at the time your website was developed, you are in good company.

But in the current environment, accessibility of your digital assets may be an ADA-mandated fact of life. A recent flood of lawsuits is driving home this reality and the fact is, sometimes the search for fast fixes can lead to unintended consequences. Of course, your objective is to get your website into conformance as efficiently and cost-effectively as possible. 

Even though the time and resources associated with making your website and apps accessible is something that you might prefer to not have to deal with, at Promet Source we’ve discovered that expanding digital accessibility actually provides an incredible opportunity to gain a more expansive, empathetic, and inclusive view of customers and constituents. 

[embedded content]

Your Partner in Accessibility

Interested in learning more about the advantages of both automated and manual accessibility testing and website remediation to help ensure your website is compliant with accessibility standards? With Promet Source, you get a strategically sound, sustainable solution -- the advantage of an accessibility partner who guides you through the process of actually getting your underlying code into conformance with accessibility guidelines. 

Our process reflects the specific recommendations of current Web Content Accessibility Guidelines and the expectations of the ADA.

I look forward to speaking with you about an accessibility solution that incorporates a range of advantages.

Click here to let me know how we can help.

Oct 01 2019
Oct 01

Drupal Modules: The One Percent — Views Send (video tutorial)

[embedded content]

Episode 54

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Views Send, a module which permits you to execute personalized mass mailings to recipients referenced in a view.

Oct 01 2019
Oct 01

“Do I really need Drupal support and maintenance services for my website?” 
If this is the question that you have, you probably think that your quest for a public-facing and a customer-attracting tool ends with the development and deployment. Is content updating enough to stay current and relevant? How important is it really to have a support and maintenance plan for your Drupal website? Let me give you five of the most important reasons why you may want to think about Drupal support services–

1. Continuous Safeguarding 

No doubt Drupal is one of the most secure CMS’s today but only if your Drupal website is updated with security upgrades and patches regularly. The Drupal community and the Drupal security team work hard towards building security patches, fixes and upgrades that all add up to building a sustainable ecosystem. These security fixes and upgrades need to be performed immediately to avoid trouble. If you’re still on Drupal 7 (or Drupal 6), migrating to Drupal 8 is crucial to keep your website secure. Drupal 7 support for security will be provided by the community till November 2021. To ensure complete security of your website, you need regular Drupal support and maintenance services.

2. Fixes and repairs

No bug is a small bug. Even the smallest bug/error when ignored, could cost you a customer. Bugs and errors can emerge out of nowhere for multiple reasons. It could be because of a hurried up coding and deployment, insufficient testing, miscommunication, lack of expertise, untrusted third-party tools and more. Some of them are critical and might need immediate attention while some could just lie there unnoticed (which can come to light at wrong times!). Nonetheless, neither of them can be overlooked for a customer focused Drupal website. 

3. Up-to-date

From Drupal 8 onwards, upgrades and minor versions are released more frequently to avoid long waiting times for updates and enhanced features. While Drupal 6 has already reached End-of-life (no security fixes/enhancements), Drupal 7 will continue to only receive security support till November 2021. If you still need Drupal 7 support after that, you will need to contact a vendor who provides Long Term support (like the LTS plan for Drupal 6 support). However, if you need to stay updated and leverage Drupal 8’s new and powerful features, it is about time to upgrade to Drupal 8. Staying up-to-date with Drupal’s latest version will allow you to provide your customers with compelling and fresh digital experiences.

4. On top of things

Growing and scaling up your business calls for proactive and future-proof solutions. If you want to gain an edge over your competition, you have to stay on top of things. Things you will need for this? Frequent content updates and enhanced features. Of course, with Drupal, updating content is easy enough and does not need a technical background. Nonetheless, to remain competitive, you have to add new features and enhancements that can improve your user experience and customer journey. User behaviour is never constant, which is why your website needs to stay fresh and align with your user’s needs and business goals. 

5. Focus on your business goals

An intelligent businessman had once said, “Focus on what you do really well. Let others help you with what you are not good at.”  Making sure that your website needs security updates, fixes, enhancements, updates, etc. needs a lot of time and attention. Businesses are most successful when they focus on what they are best at. Unloading your Drupal support and Drupal maintenance job to a technology partner who is does it day-in and day-out is your best bet.                                                                                                                                     
If your Drupal website is critical to your business, here are a few more reasons you may want to go for professional Drupal support and maintenance: Improve and maintain your Search Engine Optimization (SEO) ranking, Third-party API updates, Drupal core module updates, contributed module updates, scaling your website/application, website performing reporting, Drupal interface improvements, and more.

drupal maintenance

Now that we have established a few strong reasons on why you need Drupal support and Drupal maintenance services, here are a few things you need to know before you choose a technology partner to help you with it.

  • Website Audit – Your Drupal support and maintenance service partners should perform a comprehensive audit of your website. This audit should be able to give you a clear picture of where your website stands in terms of performance, security issues, bugs and SEO status. Your Drupal website’s support and maintenance plan should be based on these factors. 
  • Levels of Support – Different types of websites will need different levels of support. Some of them include-
  • Drupal Security Update Support – Security updates, upgrades and applying patches.
  • Drupal Module Upgrades Support – Module upgrading to leverage better features and/or to remain compatible.
  • Migration Support – Ensuring smooth transition and uptime during migrations, migration bug fixes, content migration support, database migration support, etc.
  • Code Reviews – Reviewing code for structure, quality, logic, performance, testing, design, usability, readability, functionality, etc. 
  • Performance testing and tuning Support – Check and support for performance on website’s expected workload, response time, speed, robustness and scalability.
  • Integration Assistance – Support of existing integrations and during new integrations with third-party applications and APIs.
  • Drupal 6 Support – Long Term Support plan (LTS) and Drupal maintenance
  • Drupal 7 Support – LTS after Nov 2021, Drupal 7 module support
  • Turn-around times – Turnaround and response times for your website depends on the type of an issue/support needed. For emergency issues like a serious bug or a security loophole, the turn-around time should not exceed 24-48 hours. While support for new Drupal features or enhancements or customizations can range from 2 weeks to more depending on the complexity of the task.
  • Dedicated VS Shared Support – As the names suggest, with dedicated support you get a Drupal expert/team of Drupal experts who will exclusively support your website(s). You can pay a monthly fee to carry out Drupal support and maintenance tasks continuously and as and when they arise. This ensures that your website is customized and well looked-after both proactively and on-demand. Most support service providers also offer to utilize your unused support hours into the development of a new feature or enhancing exciting features. 
    You could also opt for shared support where you will be sharing resources with other companies as well. Works best when your website is not very complex does not include customizations and does not require continuous monitoring.
  • Update Release Schedule - Drupal 8 is not just a build-up upon Drupal 7. It has been re-architectured to improve adoption among businesses and Drupal developers by adopting more futurist frameworks (Symfony, Twig, PHP 7+, BigPipe caching, etc.). To be able to stay secure and compatible with the other building blocks, Drupal 8 has adopted a continuous innovation model and releases frequent minor version updates (every 6 months). Your Drupal support and maintenance service partners should ensure regular scheduled updates of Drupal’s version releases, bug fixes, and security releases.
Oct 01 2019
Oct 01

Drupal accessibility is vital for your website

It is vital to create accessible content on your website. Among your audience, people with impairments will also be included. On top of that, the website itself will become more user-friendly and you will better meet the Drupal accessibility standards that exist today. In this blog post, we will go over 20 tips that will improve your content and website accessibility, then I'm going to make a brief description of W3C and the WCAG guidelines and finally, I'm going to suggest 5 Drupal modules that will aid you in your quest to improve your Drupal accessibility. Let's get started.

1. Incorporate a Site Map

Drupal accessibility map

A site map is a beneficial tool that lets a user of your website assess the logical structure of your website. This, in turn, will make it easier for the user to be able to overview the content of your website. On top of that, it makes the content on your website easier to be accessed and increases your Drupal accessibility. 

2. ALT attributes to describe pictures

Alt attributes are a very important part of enabling your website to have accessible content. The main purpose of ALT attributes is that is going to help the search engines and website better be able to describe and understand what the picture is all about. This can be very helpful for people who can’t see and receive their image descriptions through audio feedback. Probably your website was built from the start with alt attributes in the content, but you need to train your writers and site maintainers to not skip over the alt attributes when updating the website.

3. Clean and distraction-free content

Drupal accessibility clutter

Another paramount point to make your content more accessible is to host your content on a clutter-free website. This will enable easier access to the content on your website. Which in turn will make it less frustrating for impaired people to navigate your website and to get to the important parts of it.

4. Clear and simple language

Language is another factor that has to be taken into account if you want to make accessible content. It’s important to adapt your language to be able to be understood by a wide range of people. That is why, even in writing, it’s important for the language level to remain conversational. That means no fancy words that can make it more difficult for the screen reader to do its job. If you install the Yoast SEO Drupal module you'll get a real-time score of how easy-to-read your content is! 

5. Meaningful link text

It is important that the link text is as clear as possible. Link texts like “click here” or “read here” are not descriptive enough. Instead, try to link a sentence or group of words that are describing what the link is about. This will lead to a decrease in frustration for users that are unable to see and use a reader.

6. Ensure keyboard accessibility

People that have motor disabilities, visual impairment or are amputees, often have trouble using a keyboard or any device that requires a high degree of motor coordination. That’s why keyboard accessibility is so important. The main point of keyboard accessibility is to make every element or link be selectable by using the TAB key. In order to test if your website has this functionality, just press TAB and see if every element will be able to be selected. This way, you will greatly reduce the struggles of impaired people.

7.Provide videos and audios with transcripts or captions

In order to make accessible content, video and audio should have transcripts or captions. This is a crucial step in making the content on your website accessible. With this, screen readers will be able to aid the visually impaired by reading the text, while the deaf will be able to read the text. 

8. Support screen readers

Drupal accessibility keyboard

Screen reader support is the most important piece for improving your Drupal accessibility. With this kind of software support, your website will be able to read out loud the text that it’s being displayed on your website. Basically, it lets blind people hear the text from your website. On top of that, paired with captions and translations, the screen reader can also read what is happening in a multimedia video. Also, the screen reader gives two types of feedback, either through speech or through braille. A general awareness of how screenreaders work is a great first step in training your writers on accessibility.

9. Don’t use automated media

What is automated media? Automated media is the media that starts automatically after a website is accessed. It either can be an ad or a video. In both cases, it can be annoying for somebody with an impairment to have to find and mute or close the media windows. This is why automated media should be turned off on your website.

10. Review your website using automated accessibility assessment tools

It’s always a good idea to assess your website's Drupal accessibility with an automated testing tool for accessible content. This tool will automatically scan and see how compliant your website is. After this, you can see the areas of your website were your doing great and the areas were you could still improve on your accessibility.

11. Make your website seizure proof

Drupal accessibility brain

It’s really important to make sure that your website is not causing some unwanted seizures in your audience. For example, someone that suffers from epilepsy can have it triggered by rapid flashing animations. A simple rule to avoid such an unfortunate event is to not have content that flashes for more than 3 times per second. This way you will make sure that you’re not going to trigger any photosensitive seizures.

12. Content that has to be input by the user has clear instructions

If a website requires its users to input content, then instructions have to be crystal clear in order to avoid confusion. The easy way to do this is to provide labels for every form control. Examples of such control are drop-down menus, text fields, and checboxes. On top of that, the labels have to describe the function and purpose of the control. This will make sure that the assistive technology will refer to the correct form, increasing your Drupal accessibility.

13. Character key shortcuts

Drupal accessibility characters

If a website supports keyboard shortcut that consists of numbers, letters, punctuation or symbols, then it should have the option to be able to be turned off. This will make sure that people will not trigger accidentally a shortcut in by pressing on the wrong button.

14. Users are allowed to turn animations off

Another important feature that your website has to have in order to be more inclusive and accessible has to be the function to turn animations off. It’s important to have this feature because animations can be distracting and can make the navigation on your website harder.

15. Pointer gestures

Complex actions such as pinching for zooming or swiping should also be able to be done through other means. This will ensure that the people of your audience that cannot perform for various reasons, will not be left out. This is a vital point for your Drupal accessibility.

16. Motion actuation

The interaction that can be used by moving your phone, for example shaking it, should also be able to be done through the interface, without the need of physically doing the interaction. This will increase the Drupal accessibility, inclusiveness, and user-friendliness of your website.

17. No time limits

Drupal accessibility hourglass

Having no time limits is really important. Imposing time limits on your website can make people with motor, visual or hearing disabilities have a hard time reaching their goal in a timely manner on your website. This, in turn, can lead to an increase in user frustration. In order to avoid that, disabling time limits is the way to go.

18. Text resizability

Another important aspect of improving your Drupal accessibility is text resizability. Basically, your website has to allow its users to zoom to up to 200% from the original size. This will ensure that even with some sort of visual impairment might be able to read the text or view your photos.

19. Visual presentation

This is another important criteria when you are considering making your website more inclusive. Adhering to this guideline will give our end users the ability to choose how to visualize your website. This includes the colors, the line spacing, and sizes. This will give your users the freedom to choose the visual representation of your website however it suits him best. 

20. Bypass Blocks

Drupal accessibility stop sign

Another tip to make your website more inclusive and user-friendly is to create the opportunity for the users to be able to bypass blocks. This is important because a screen reader will read all the navigation links, header links and all sorts of repetitive content that is present on a website, regardless of how long the links are. Now, you can imagine how frustrating it can be for a person to have to sit and listen to a high number of links, that may be irrelevant for them, before actually getting to see or hear the content that they were originally searching for. This may lead to a lot of your visitors becoming frustrated and leaving your page. So, in order to avoid this situation, the easiest way is to provide a skip to content link in your header. With this, you create better Drupal accessibility for your website.

WCAG Guidelines


WCAG was developed by the W3C (World Wide Web Consortium) as a set of regulations that help make digital content accessible to all users, including those with disabilities.


There are 3 versions of these regulations. These are WCAG 1.0, WCAG 2.0 and WCAG 2.1. The latter two have at their core four basic principles that have to be met in order for a website to be compliant. These principles are as follows: 

  • Perceivable: The information and user interface has to be presented to the user in a way that can be perceived.

  • Robust: The content has to be robust enough to be able to be interpreted by many types of users, including assistive technology and future technology.

  • Operable: Navigation and user interface components have to be operable.

  • Understandable: Information and user interface have to be understandable.


On top of that, each guideline has a level of compliance that is assigned to it. The levels of compliance are as follows:

  • A: This level of compliance usually has the highest priority and is the easiest to achieve out of them all.

  • AA: This is a more extensive guideline. It is usually regarded as the standard to meet.

  • AAA: This is the most extensive design standards to meet. It is also more strict, thus it is the one that is the least common to meet.


Currently, most laws require websites to be WCAG 2.0 compliant. Only if the laws in your country explicitly state that your website should comply with the standards of WCAG 2.1, then you should adopt that. However, the W3C does suggest that the new website should be built in compliance with the WCAG 2.1 since they tend to be more inclusive and user-friendly.

Drupal Modules that help with your Content accessibility

Drupal accessibility disability

Now that you have an idea of the compliance levels for accessibility, it’s time to see a list of Drupal modules that can help you improve the Drupal accessibility of your website and become more user-friendly and inclusive.

Automatic alternative text

This Drupal module makes it easy for the images on your website to have an alternative text, even if there is none specified by the user. This module uses Microsoft's Azure Cognitive Services API. It basically identifies what the image is about and makes a description or more based on the confidence level.

Text resize

This module allows the text on your website to be adjusted to the needs of your user. This module is available for both Drupal 7 and 8. 

Style Switcher

This module provides a high degree of functionality for the users that are suffering from colorblindness. It gives the ability for themers to create themes with alternative stylesheets. This, in turn, gives the ability for the user to select the right color scheme for their particular type of colorblindness.

Accessibility Scanner

This module allows you to perform website accessibility assessments in order to see where your website can be improved. This module has to be used in conjunction with achecker. On top of that, the websites that can be asses are both local and remote.

Fluidproject UI Options

This module provides the user with the ability to control and modify a page’s font size, font style, height, contrast and link style. On top of that, those preferences are remembered on the website by using cookies. A perfect module to ensure a higher degree of customizability for all its users.


Hopefully, now that you find out those tips and have a better understanding of the WCAG guidelines imposed by the W3C, you can put your newfound knowledge into practice and use the suggested Drupal modules to make the most amazing, inclusive and user-friendly website that you can make. These will get the Drupal accessibility of your website to new heights!

Oct 01 2019
Oct 01

We have witnessed rapid developments around voice assistants over the past few years. With mobile users increasing exponentially every passing day it would be fair to assume that voice searches will rise simultaneously. Fiction has transformed into reality, one can pose questions to a device and get human-like reactions, stunning isn't it? This is what millions of users are doing every day with Alexa, Apple pod, Google assistant, etc. User interfaces have changed over time, and with each new user interface, a bundle of new difficulties has emerged. 

Alexa Multi-turn conversation


Conventional user interfaces are displayed as controls in an application (text boxes, buttons) or web pages. They are vigorously utilized and have been demonstrated to be sufficiently effective for human-machine interaction. 

| The question persists, why build voice assistants? What are the advantages of having voice assistants? 

  1. The magic of conversational interfaces is that users don’t have to learn how to use them. Alexa skill (android app) should leverage the power of natural language understanding to adapt to the user’s word choices, instead of forcing them to memorize a set of commands. 
  2. As someone said, “Don’t play the odds, play the man”. The voice assistant will be able to do that as voice search keywords are normally longer than text search which is why they are more conversational. 
  3. One of the significant benefits of voice assistants is their machine learning capabilities. The more we interact with these devices, the more the assistants grasp. After a period, they can return highly customized outcomes.
  4. With voice assistants, you can take into account the customer based on who they are and not simply their behavior. While it's still early for personalization of the customer experience through voice assistants, this is tremendous for businesses.
  5. Conversations are classified into two types, single-turn, and multi-turn dialogs.

| Single-turn Vs Multi-turn Dialog with Drupal

Single turn: Dialogs where the conversation ends with one question and one response in return. For example: Asking Alexa to set an alarm, a reminder, play a song, adjust the volume, is not a technical conversation. This is called a single-turn conversation.

Alexa Multi-turn

Let’s consider an example in context with the Drupal and Alexa module. Here we have created Alexa skill which provides information related to Drupal. The user asks Alexa ‘who is the founder of Drupal?’ she responds ‘Dries’. But when you ask her “Which year it open-sourced?”. Alexa fails to determine the context of the question i.e “Drupal” and treats it as a brand new query. 

A few questions cannot be answered in a single turn. A user may pose a question that should be filtered or refined to determine the correct answer. That is where Multi-turn conversations come in to picture.

Multi-turn conversation with Alexa


| Dialog Management

Genuine conversations are dynamic, moving among topics and thoughts smoothly. To make conversational Alexa skills, structure for adaptability and responsiveness. Skills ought to have the capacity to deal with varieties of discussion, contingent gathering of information, and switching context mid-discussion. Dialog management makes these regular communications conceivable. - Definition from Alexa docs

| How do you make this work?

Create an Alexa skill: 

  • Amazon Alexa skills are equivalent to Android apps. You have to create a custom Alexa skill using the Alexa skill kit (ASK) on the Amazon developer console. 
  • You define an interaction model and point it to your Drupal site.

Interaction model: 

  • With the Alexa Skills Kit, you can create skills with a custom interaction model. 
  • You implement the logic for the skill, and also define the voice interface through which users interact with the skill. 
  • To define the voice interface, you map users' spoken input to the intents your cloud-based service can handle.

Components for Alexa custom skill:

  • Use an invocation name to start a conversation with a particular custom skill. For example, if the invocation name is "Drucom", the users can say “Alexa, open Drucom”.  
  • An invocation name can be called to get things going or you can combine invocation name with intent such as “Alexa, open Drucom, order wine”.
  • Each intent corresponds to something that the Alexa skill is capable of doing. Intent can capture the things that your users want to do. You might design intents to capture the details. Each intent in the Alexa skill contains the following:
  1. Intent name
  2. Utterances
  3. Slot (optional)
  • Utterances are nothing but an invocation phrase for intents. Users can express the same intent using different statements. For example, if we were building a help intent, there are different ways one can express that he/she requires help:
  1. I need help
  2. Help me
  3. Alexa, can you help me?
  • The way Alexa works is, it will parse what the user says. It will not just send the raw sentence but it will pass the intent that’s being triggered too. 
  • The utterances you provide to an intent do not have to be perfect which covers all the cases and scenarios, it is training data for Alexa to figure out what the intent here is.

Let's start with implementing the interaction model for the Add to cart functionality.

Step 1:  Create a new skill with Drucom as the skill name

Custom skill for Alexa

Step 2: Set an invocation name



Step 3: Create an intent

For our interaction model, we will create an intent called AddToCartIntent, which will be responsible for handling the utterances for adding items to the cart. Adding utterances: When users interact with our skill, they may express additional things that indicate what they want to order.


Looking at the above utterances we can say that the AddTocartIntent will only be invoked when the user tries to add Red Wine to cart but it will not invoke if a user tries to add some other product and that's where custom slot types come to the rescue. 

Step 4: Create slot types and using them in AddToCartIntent

  • Glancing through the utterances above, we can identify the two slots that we have to catch i.e productName and quantity.
  • We have to create one custom slot type for productName and will use one built-in slot type AMAZON.number for quantity.
  • Custom slot types are a list of possible values for a slot. They are utilized for a list of things that are not secured by the built-in slot types provided by Amazon.

Once we have set up the slot types, it’s time to apply them in our intent. Once you are done with the changes our intent will look something like this:



Step 5: Activating Dialog management

To activate the dialog, you will have to mark at least one slot as ‘required’.

Slot form - you need to provide the sample prompts which Alexa will use while asking questions to the user,  along with these sample utterances the user might also add a slot value. Now our interaction model for AddToCartIntent is ready.


I have covered what single-turn and multi-turn conversations are, and how multi-turn conversations with Alexa and Drupal are vital. I have also described the steps to create a custom Alexa Skill. In my next blog, we will learn more about Configuring a Drupal site.

Sep 30 2019
Sep 30
[embedded content]

Automatic updates are coming to Drupal at the end of October! Long one of the most commonly requested features in the Drupal community, Drupal 7 and D8 will soon have an automatic updater that will allow Drupal installations to stay up-to-date more easily. How does Drupal's new auto updater work, and what do you need to know about it? In this Tag1 Team Talk, we dive into not only Drupal's new automatic updates feature itself but also its architecture, components, and roadmap, as well as why it's such an important part of Drupal's Core Strategic Initiatives.

Join moderator Preston So (Contributing Editor, Tag1 Consulting) and guests Lucas Hedding (Senior Architect and Data and Application Migration Expert, Tag1), Tim Lehnen (CTO, Drupal Association), Fabian Franz (Senior Technical Architect and Performance Lead, Tag1), and Michael Meyers (Managing Director, Tag1) for a deep dive into the nuts and bolts of Drupal's groundbreaking automatic updates feature, directly from the module maintainer, and the strategic initiative sponsors including the Drupal Association, MTech, Tag1, and the European Commission.

Further reading

Automatic Update - Module

Automatic Updates - D7 and D8 Documentation Pages

Automatic Updates - Issue Queue
To provide your feedback on this first generation of the Automatic Updates module, create an issue in the Automatic Updates issue queue

Drupal Core Strategic Initiative

More information about the PSA.json feed can be found in this issue: https://www.drupal.org/project/drupalorg/issues/3068539

Drupal.org uses a package hashing and signing architecture based on the BSD Signify project

Drupal contributors created a php implementation of signify: https://github.com/drupal/php-signify

Sponsors & Supporting organizations:
Drupal Association, Funding & Direction http://association.drupal.org
European Commission, Funding https://ec.europa.eu/
Tag1 Consulting, Development http://tag1.com
MTech, Development https://www.mtech-llc.com/

Text Transcript

[Preston So] - Hello, and welcome once again to the Tag Team Talks series. Today I'm joined by several guests from all around the world and talking about a subject that is very near and dear to my heart, I'm very excited to hear about this topic, Drupal's new automatic update feature. This is part of a Drupal core strategic initiative happening as part of the Drupal core roadmap. And today we're gonna talk with the maintainer of the project, as well as several special guests, about what it is, why it's important, and how you can get started with it right away and help us report any bugs or any issues you might encounter. But before we get started I just want to remind everyone who's joining us today, don't forget to check out our previous Tag Team Talks at tag1.com/tagteamtalks. We've done several amazing webinars and sessions with guests from all around the world about realtime collaborative editing, rich text editors, and of course, our work, working with a top 50 Fortune company in all of these issues. If you do like this session, if you enjoyed this conversation today, please remember to upvote, subscribe, and share it with all your friends and colleagues at your team. So, first thing I wanna do today is introduce myself. My name is Preston So. I'm a contributing editor at Tag1 Consulting, moderator here at Tag Team Talks. Joined by my friend Michael Meyers, managing director of Tag1, located here in New York City. Both of us are separate places here in New York. We're joined today by Lucas Hedding from Leon, Nicaragua, the senior architect and data and application migration expert at Tag1. Lucas is one of the top 20 most active contributors to Drupal 8. He's also the Drupal core Migrate subsystem maintainer, a core contribution mentor, a drupal.org project application reviewer, and the maintainer for the thing we're talking about today, Automatic Updates. We're also joined today by Fabian Franz in Switzerland, senior technical architect and performance lead at Tag1. Fabian is one of the five Drupal 7 core branch maintainers. Here's also one of the top 50 contributors to Drupal 8 and maintainer for several Drupal 8 core subsystems, including BigPipe, Dynamic Page Cache, and Theme API, all very important systems in Drupal. We're also joined today by Tim Lehnen, located in Portland, Oregon, the CTO at the Drupal Association. Tim has been leading the Drupal Association engineering team for a number of years now, it's a great success, overseeing amazing initiatives to support Drupal development in the community. This includes the contribution credit system, the recent move to GitLab, and he's taken point on managing the relationship with the European Commission as well as they sponsor this wonderful initiative here. So, just to kick things off I wanna turn over the mic to Mike Meyers to talk briefly about Tag1 and why it is that we're talking about Automatic Updates, which is, once again, one of the most incredible topics, I think, that we can talk about in this series. [Michael Meyers]- Awesome. Thanks, Preston. Happy to be here. Tag1 is the second all-time leading contributor to Drupal. We have the largest concentration of core maintainers, and our team maintains over a dozen core systems like User and Views. We do a lot of our business based on Drupal, and auto uploader is key to keeping your sites up to date. So I'm excited to hear how this great new feature is gonna help end users, agency partners, platform companies, better manage their Drupal sites. [Preston]- Absolutely. And automatic update, this whole notion of auto update is, it's been something that's in the back burner of Drupal for a long time. It's also part of a very interesting aspect of the Drupal community which I think is very important to call out, which are the 10 or so currently ongoing Drupal core strategic initiatives. Before we jump into the technology itself let's just step back for a bird's eye view for a moment. What is a strategic initiative in the Drupal community, and what are some of the past and current ones? How did this whole initiative come to be? [Tim Lehnen]- I think that's a great question, and I'd be happy to speak to it a little bit. This is Tim with the DA. The strategic initiatives for Drupal are laid out on maybe an annual basis, maybe a little bit longer than that in terms of horizon, frequently in Dries' keynotes at DrupalCon, where he talks about key priorities for the Drupal project that he's discussed together with the whole core maintainer team and prioritized and settled on as the major efforts that he wants to rally the community around, and certainly the core developers around, in terms of moving the Drupal project forward. In the past, these have been things like adding Composer support to the Drupal project along with the release of Drupal 8. Things like updating the Migrate system, things like providing the API-first features in Drupal, and a number of things like that. And so, it was, I think in 2017 or 2018 when Dries first called attention to the need for automatic updates as a sort of foundational feature for Drupal, pointing out that this is something that a lot of commercial and proprietary software already does, and does well, and even some other open source projects are doing it. And it really makes a big difference to the total cost of ownership of people who run Drupal sites. [Preston]- Let's talk a little bit more about that angle, Tim. I think there's a lot of folks on this session here today who are really interested in learning more about what you just mentioned, the TCO, total cost of ownerships. What exactly is the benefit of auto update to these small and medium-sized businesses? You mentioned agencies as well. What sorts of use cases are we supporting with this? [Tim]- Yeah, it's a great question. Let me paint a picture first for what happens right now around updates, and particularly the time period that's, I think, the most time intensive and critical for most people who maintain sites, whether they're agencies maintaining on behalf of clients or the end users themselves. So, that's security updates. Security updates are, of course, something that are very important, something that people need to keep up with as quickly as they can. And so there's sort of this culture and community within the Drupal community of everybody getting together during a core security release window on Wednesdays, hanging out in Slack, talking to each other, and waiting for that security release to drop. Now, while we have these security release windows, sometimes they come out right on time, sometimes they take several hours, but that window is sort of U.S.-centric because that's where a lot of Security Team members are. And so what that means is teams all over the world are up on high alert whatever time it might be locally waiting for this critically important patch to drop so they can update sites and make sure they're secure. And so, this is something that takes a lot of time that people can't really plan for, so much. They have to be there in that window, and they don't really have much of a choice. And so this is a situation that can be expensive in terms of just keeping your developers on call, paying overtime if you're outside of the timezone that these windows happen, all those sorts of things. And there's a lot of anxiety around them. That was one of the first elements that we wanted to address is making the security update process in particular easier, something you don't have to be so worried about, and then expanding on that to other use cases. [Fabian]- One question I had because it's pretty fascinating for me is for years, the Drupal community has said, we need auto updates, we need auto updates, we need auto updates. And it was always like, hey, but it's not possible in all. So, how come this direction change that now we are thinking it's possible finally? [Tim]- That's a really good question. I think there's a few factors that all came into play. And I think Lucas can speak to this a little bit more than I can. But just from an overall view, I think just various things came together. The architecture of Drupal 8 had changed, starting to do things like support Composer workflows, but also incorporating other elements like those, Symfony as a core element, all those kinds of things. But also we began observing just in the open source world other people doing this. So, for example, WordPress has an auto update system. Some other projects have an auto update system. So I think people have been thinking about how we're gonna architect something that would work in a Drupal context, for quite a while. Lucas, do you wanna maybe speak to what came together to make it more possible to consider? I think we lost your audio, Lucas.

- [Fabian] Lucas, you're on mute. Can you hear us? [Lucas Hedding]- Hello, can you hear me?

- [Fabian] Yes, much better. [Lucas]- Ah great. I think it's a bit of a myth that we had bought into. We had said to ourselves, we can't do this, and we said it to ourselves long enough that we had convinced ourselves. But then as we started seeing the competition in WordPress and others doing in-place updates or auto updates of some form we said, well, let's see if we can solve this tough problem. And we're close. We've spent a lot of time architecting this. We're still not 100% there, but I think we can see the light at the end of the tunnel. I think it's gonna be a pretty good success as we get to the finish of this first part of the initiative. [Fabian]- Now I'm really curious. How did you split up this mega task of getting even started with this tough problem? [Lucas]- Well, I mean... Let's see, we did a lot of architectural thinking, a lot of discussions at various camps and DrupalCons. [Tim]- Yeah, I think one of the... It was a confluence of a few factors that came together and made it work well. We had a meeting of minds between some key contributors in the core team at Midwest Drupal Summit in 2018 and did a lot of architectural work, and at the same time, with these conversations with the European Commission had started, and they were talking about how Drupal was a critical part of their infrastructure and they wanted to find something to support. And so we put two and two together and said, hey, we can do this. But yeah, scope is always a problem. It's a huge project. And so, what we said was, okay, well, if we wanna do some sort of phased scenario, what's the most important thing to start with, what has the biggest impact on people, and what simplifies the task a little bit? And that's where we came to security updates in particular as being the focus of this first phase because it both lets us focus on just patch releases that shouldn't be destructive in terms of what's being changed in those patches, and also fixes a critical need that a lot of the community has.

[Fabian]- That's really great. [Michael Meyers]- Maybe before we jump into the underlying architecture and how all this comes together, can you give us a background on how this works? Is this gonna update my production website in the background? Is this something I can do on my development environment and put through a CICD system? How does this work at a high level?

[Lucas]- I think the answer is yes to all of those questions. It's supposedly flexible. At least that's how we're designing it. I think it's gonna be a little bit like the configuration management system in that there was an original intent for how we do this. And I think the original intent, at this point, is that you'd be a small site owner and you'd wanna in-place update on a live site, so definitely we're trying to make that as stable as possible. But if you've got a continuous integration system setup, there's nothing stopping you as a site owner from wiring into that. And then we'll iterate. This is an initiative that has multiple phases planned out already.

[Fabian]- So it could be possible for me as... I mean, if I had 100 Drupal sites or something like that it could be possible for me to just get, instead of waiting for many, many hours on this Wednesday I would just get the package pushed to me, just as potential scenario, and then once the patch arrives then I can distribute it, test it, if my basic tests are working, distribute it automatically, basically.

[Lucas]- Yeah, I mean... Well, some of the initial conversations I had was at MidCamp with folks from Pantheon and from, at the time, it was Drupal Commerce. They've renamed themselves to... I'm gonna butcher their name.

[Tim]- Centarro is the name.

[Lucas]- Centarro, right. So, we've got different folks in the room, and we're all just chatting about this idea of auto update, and everyone, Pantheon has its upstreams. There's nothing stopping any of these, even infrastructure owners, from certifying things and updating the URLs where you pull down files so that it's from a vetted source of thing where they've already done QA and added their secret sauce to this. I'm not saying that that's what's gonna happen because I don't know the future. But we're definitely trying to build this as flexibly as possibly so that even the hosting providers and your service providers can add their own secret sauce. Some of this might or might not play real well with what we're doing around the hashing and cryptographic signing of some of the resources. But at the very least, there's flexibility in the base architecture.

- [Preston] Sorry, go ahead, Fabian.

- [Fabian]- I'm really curious as a Drupal 7 maintainer. Is this only for Drupal 8, or would Drupal 7, where we still have probably a million sites out there, also be? [Lucas]- Because of the source of our funding here we're in an interesting place where the backport policy for Drupal is you have to do it in Drupal 8. Eventually it'll be Drupal 9 and then we backport from there. But the funding and the interest from the European Commission has really been Drupal 7. So we're playing to two camps here. We've gotta fulfill our contracts with the European Commission and so all of the goodness of Drupal 8 is getting backported as we go along. And at this point, essentially everything that's in there for 8 has already been built out for 7.

- [Preston]- Very interesting. And I wanna get back to what you just mentioned, Lucas, about flexibility and some of the really interesting elements there. But first, we've established that this is gonna be for both Drupal 7 and Drupal 8 which is, I'm sure, music to everyone's ears listening right now. I'm curious though, because this is such an ambitious project as both you, and Tim, and Fabian, have all mentioned, where are we right now in the life cycle? I know, by the way, you have a full roadmap already outlined. There's gonna be a link, by the way, in the description of this video if you wanna check out the full roadmap for auto updates. But what's currently part of the initial outflow as of right now?

- [Lucas]- So, we did an alpha one, I don't know, three or four weeks ago. And we did that because we now have something of value. There's this concept that we're building into the auto updates called PSAs, or public safety alerts, announcements. So when these Drupalgeddon type events happen, when these majorly critical things are coming down the pipe, we can now have another channel, yet another channel, to alert even small site owners that their site is now out of date. We're doing yet another channel because we've already got the existing, hey, you've got security updates, hey, we've got Twitter, hey, we've got Slack. That only alerts and notifies folks if they're following the Twitter feed. And we already send out the emails about your site has updates available for it for everything already, so it's a little bit like the boy calling wolf every other week. So this is just another channel, but it's going to be used with great care. It's gonna be used once or twice a year. And then we'll be able to send out these alerts to folks, and we have that now for both 7 and 8.

-[Fabian]- Just to clarify for me, so, I'm one of those, probably not, but just imagine I'm one of those that always clicks away this message, oh, there's updates available. Yes, I know, I haven't updated this module in a while, or there's security updates, oh, but this module I can't, and so I'm missing a crucial core update. But instead of that message, this generic message, and many also disable Update module because it makes things slower at some parts, the thing is, instead of that, I would be getting the message, on Wednesday, the date, there's a critical security update, please pay attention, or something so that it's more direct communication to... [Lucas]- Direct communication, it'll happen in the days preceding to the Wednesday as well. So, whenever the Security Team decides that, hey, this is important, they send out the emails a day or so in advance. This would also be part of their process. So the other part of what we've got built in in this alpha is what's called readiness checks, or preflight checks if you wanna put it another way.

-[Preston]- Sorry, go ahead.

-[Lucas]- The readiness checks just basically go out and say, are you ready? If you got an update tomorrow, or tonight, in 10 minutes would you be ready to update using this technology? And then we spent a lot of time thinking, well, how do we go about this? We even renamed it from preflight checks because with our non-English speaking community we thought it doesn't have as much meaning as a readiness check. Readiness checking goes and out sees, hey, is your site hacked? And I'll get into that in a second. Do you have enough disk space? If we were to apply an update, do you have two megabytes of disk space and you're gonna fail? There's about eight of these things that we decided. And some of them are errors, some of them are warnings. As an example, we'll warn you if you're not running cron on your site frequently enough. If you're not running it frequently enough we know that you're not gonna automatically update your site in the next couple hours. But that's a warning. We're not gonna block you. But if your site is mounted on a read-only hard drive for reasons of security, you can't really go out and update a read-only hard drive. That's just gonna fail. And that would be an error. So we've got this whole concept around readiness checks. It's a plugin, part of the Drupal 8 plugin system. Drupal 7 we've done something similar to that, not plugins, but the same business logic is in there. Can we update you quickly? And both of these things at this point are now available in the 7 and 8 alphas.

- [Fabian]- We can download this?

- [Lucas] Yeah, right now.

- [Preston]- That's amazing. We've already spent a great deal of time talking about readiness checks, and I wanna get more into the features of the Automatic Updates module. But first I wanna move into a very interesting subject for our audience, because this has been a very uniquely challenging problem for Drupal for a very long time. How did you all manage to architect this into the right solution? And also one that could potentially be expanded out to other PHP projects, like WordPress, for example.

- [Lucas]- I don't know that I was involved in the early, early conversations. But since the beginning of 2019 I've been involved. Tim, you wanna bring up some of the early conversations?

- [Tim]- I can get into some of the early architectural discussions. I think the concern has to do... As Lucas was saying earlier, we have this myth that Drupal use cases and Drupal sites were so varied and so complex that that meant there wasn't a good way to have a set of standards for doing an auto update process. And we just really started interrogating those things in the last two years or so and said, well, is that really true? And what it came down to be is that the concerns were all about confidence. They were all about that ability to understand, hey, can we really be confident that these updates will apply cleanly, that they're not gonna break folks' sites, what do we do if we miss something and it does break folks' sites. So we spent a lot of this time saying, okay, what kind of architecture can we create to give us the maximum confidence so that whether you're running this as an attended or even unattended auto update you'll be able to feel like it's not gonna break your site. And so, that meant that we needed to architect these readiness checks, we needed to talk about something that's coming in the second phase which is this notion of having an A/B version of your codebase so that you can run an update, but if something fails flip back to the known good version, almost like a bootloader concept is what we were inspired by. Then we had thought about, okay, well, what else is involved? Well, we need to make sure that we can generate something that is the equivalent of a patch. Not literally the patch that's just been released but a quasi-patch, as Lucas termed it, that will apply all these changes cleanly to sites. And then finally we need to give people confidence in what's being delivered. So that means having a good way to secure the package delivery system that comes from drupal.org, ensure that it's signed and verifiable so that people know that what they're installing is in fact coming from a trusted source. All of these concerns are about confidence and integrity of the system, and so that's kind of what we built into it. And then once we realized, hey, you know, there's ways to solve each of these problems, there's ways to solve confidence that the update will apply before you do it, there's ways to solve confidence in being able to roll back if you need it, there's ways to solve the confidence in the trusted source of the package, then we realized it's almost significantly simpler. If you assume that we've solved those problems we're just applying patches and a couple processes to make sure those things apply clearly. And from there we got into the real weeds of the architecture which I think Lucas could probably speak to more. [Lucas]- It's interesting that you say it's simple because the patch that we've built right now for this service to auto update your site, it's a service. Half of this patch is testing. Actually, probably more of the patch is testing. It's like 500 lines, 400 lines of code, to update your site. Seriously, it's a really small amount of code to grab an artifact off of drupal.org, download it, and overlay that, I'm calling it a quasi-patch because it's not a full patch, it's not a regular patch. It's all the files that would be touched in a version between 8.73 and 8.74, as an example. If there's 10 files, we grab all those 10 files, put them in this patch. That way we don't have to worry about git apply, or patchutils, or anything on the server. We just have to deal with what's already built into PHP, copy and paste. And we do the copy and paste, and we do all of this... I'm gonna credit Nate Lampton here. His vision here was do it all in the same HTTP request. If you do it all in the same HTTP request and you roll back in the same HTTP request, the site can't actually go down. Well, knock on wood. It still probably could in very rare edge cases. It's about, I don't know, 200 or 300, 400, 500 lines of code, depending on if you start counting some of our tests in there as well. [Preston]- Very interesting. I think the way that you've solved this problem with obviously these quasi-patches and just the thinking that's gone into this really reflects, I think, the amazing commitment that you all have shown to making this a really successful feature. I wanna dig into some of the features now. We've already delved a little bit into some of the public safety messaging and the readiness checks. But just for our readers, and our listeners, and all the folks in the audience today, I wanna define just very clearly what those three major components of auto updates are. The first is public safety messaging, which we talked about briefly already. The second is readiness checks, or preflight checks, which really indicate when a site is ready to go. And then finally, I think the most compelling of all of these, which are the actual in-place updates that occur. What can we learn... Lucas, you mentioned earlier about Drupalgeddon and some of the ways in which, for example, every time I get a security advisory tweet or see that pop up, sometimes just the urgency of it doesn't really register with me, or things of that nature. I know Fabian also mentioned that as well. So I'm curious what sorts of other aspects of public safety messaging did your team consider during this whole effort? And what other components are involved in that?

-[Lucas]- Well, I really wish there was more folks on this call because it's not just the folks here on this call that have really contributed. It's been a whole team in the auto updates channel in Slack, and folks at different camps and conferences. So, what have we... I mean, there is other thoughts around just doing figuring out what is on the site already, and calling home to drupal.org and sending information. But there's security and privacy concerns around that, and so for the scope of what we're doing right now we're trying to keep it simple for messaging.
- [Tim]- Yeah, I would add to that, basically, we coordinated very closely with the Security Team, naturally, because this first focus was on the security side of Automatic Updates. And so, the main thing that we did was say, look, they already have their security advisory content type architecture on drupal.org, which is the basis of how the regular, standard, canonical announcements roll out. So what we asked ourselves was, okay, what are the requirements to changing that to provide a feed that could be consumed, a JSON feed that could be consumed by this auto update system, and then how do we put policy restrictions in place to say, hey, look, this is gonna be a more prominent message appearing in people's admin interface, but we don't want to cry wolf, as people have said, we don't want to overuse it, so what controls do we put in place. And mostly that will be at the discretion of the Security Team to say when is it worthwhile to put out this message about those additional updates.

- [Preston]- I think the interesting thing here is that we're really trying to reduce the burden on the user through this JSON feed, through the way in which we're gonna be able to get this alert directly to the audience. Now, just to move into more of the way that the user experience, or the way that the site owner experience is really improving here. These readiness checks, these preflight checks, that run on every six hours, or via cron jobs, how do they really play into this whole feature and this whole notion of automatic updates?

- [Tim]- I was just gonna add before Lucas runs into the architecture. From my two cents, what Lucas and others have architected is really great because it's an extensible system. New kinds of readiness checks can be created as time goes on. And what's been developed so far has been the result of core contributors, and the Security Team, and just other general contributors, coming together and saying, okay, what are those scenarios and use cases that are gonna be most important to determining whether or not an end user can actually run this auto update process? What's gonna block them from taking advantage of this new system that will make things easier? And so building this in so these currently eight or so different categories of readiness checks run on a regular basis and then provide their results reports so the site owner knows, oh, hey, if I fix this read-only directory, or if I fix whatever these warnings are or errors are in advance of this next round of updates going on, it's gonna be much more of a breeze for me. I just think those elements are gonna be really valuable. They're already valuable. They're already some things that I think people should be taking advantage of if they wanna try out the alpha. But I think the underlying message is they're only gonna become more valuable. As people test the alpha and as we move into the first phase stable release and things like that, we're only gonna learn more from contact with the world about other things that we could be checking, other things that we could be creating warnings, or errors, or messages for in order to help people be ready to take full advantage of the system.

- [Fabian]- Quick question to the readiness checks, because really interesting. As I've understood, it's plugin based?

- [Lucas]- It's plugin based indeed.

- [Fabian]- So as the site owner or, for example, a hosting provider, I could add my own readiness checks, as a site owner I could add my own readiness checks so if I need something more, like for example running some very basic tests or something that my homepage is still reachable, or whatever I wanted, I could just do that with a plugin.

- [Lucas]- Yeah, you could. We tried to come up with the basic ones that are very reusable. Most of these readiness checks are somewhere in the range, of real code, of about five to 10 lines. Can we write to a file on your hard drive? You know, I mean, that doesn't take that long to figure out that you can't do that. It's really simple. You tag a plugin with the right tags, look at an example, and now as an agency or even as a large company, if you have some specific rules around, hey, we need to make sure that the moon is in the third phase right now, you can do that. There's nothing stopping you.

- [Tim]- I would add...

- [Fabian]- That's really cool. And I have a question. If I have hacked core, and as a core maintainer I sometimes have to do that, can I still use the auto updates in that? I mean, is it preventing me from that, especially if a file is updated that I never hacked?

- [Lucas]- We're not blocking you from updating core, or any contrib module, if you have a file that's modified. Remember we're using a quasi-patch approach here. So, if you are about to update something... For the readiness check, if you've got a modified, patched file in core, we will warn you, saying there's some uncertainty here. Because what happens if a patch, a quasi-patch between 8-dot-something and 8-dot-something else comes out tomorrow? Well, you can look at what's been modified. If it's in Book module and you don't even use the Book module on your site, or the Book module hasn't been modified in six years or something... If you can look at it and you say, well, I've patched this thing and it's rarely patched, or there's no security issues in it that have come out for many years then you have greater confidence that you'd probably be okay. That said, when we go to apply that update we're gonna take that specific one and we're gonna say, no, no, no, no, you can't override a file if it's been modified.

- [Tim]- So any of your unchanged files, as long as you check from the warnings and you think it's otherwise okay, any of your files that are unchanged from what the architecture has, when it does its comparison, then yeah, those can still apply.

- [Lucas]- I wanna go into a little bit about this how are we figuring out if files have changed. Because I think that's a really interesting component to all of this, one that I wish I had had more... I wish I could say that I had more thought into it, but it's really the community. There's this whole concept, though, that makes sense after it was explained to me the first time about doing a file hash. Just do an MD5 sum, well, not an MD5 sum. A SHA-256 or a SHA-512 sum. We do that of every single file in all of core, all of contrib. The Drupal Association has really helped us out a lot here. They're gonna provide an official feed for hashes for all of these things. This is the type of stuff that if you look at the Linux distributions out there in the world they've been doing this for a super long time. If you try to download Composer, even, there's a SHA sum there. And you grab that SHA sum and you're supposed to do SHA sum to compare and to make sure that what you just downloaded is actually what was provided on the website. That's the type of technology we're building into. We're doing it not only to see is your site been modified, we're also doing it to have greater certainty assurance that these quasi-patch archives that we're downloading haven't been hacked or modified by a man-in-the-middle attack, or some other attack. And we'll link this if you're really wanting to look into it. There's a whole project that the Drupal community has now provided to the world on GitHub called PHP Signify. And it's using chain signatures. We've been going through it, trying to figure out... But you know what it is? It's following a pattern that BSD is using. BSD Linux has used the same thing. We're just standing on their shoulders. The current concerns about, well, did you write this hashing and verification system yourself? No, we didn't. And we also have some super, super smart people in the community contribute to this at the Midwest Developer Summit this summer. [Preston]- Very interesting, and I think this just indicates the amount of thought that went into this. And the notion of actually introducing your own readiness checks is something very interesting. We mentioned what phase the moon is in. I can see this being useful if you have, for example, a decoupled Drupal implementation and you have to wait on other code that you're working with to be ready before starting an automatic update, such as your decoupled application or frontend. So, now with these, the third feature we just named was in-place updates. Which, as you mentioned, Lucas, just now, you wanna be very secure. You wanna make sure that potentially these ZIPs that are being downloaded are not in any way affected by man-in-the-middle attacks. How do you look at that from the standpoint of the in-place update feature? What's going on in there in the actual Drupal site itself now that you've got those updates ready to go?

- [Lucas]- So, the mechanics of this small patch that we've got right now is that we download a ZIP file. The ZIP file has six files in it. Bootstrap.include is one of them, as in my example here. But another file that we have in here is this signature file that's called CSIG. It's using the same format that BSD Linux is using. The project that we're using is called PHP Signify. It's standing on the shoulders of libsodium which is baked into PHP as of 7.0 or 7.1. Someone will comment in the feed here and correct us. Which also has backwards compatibility shims all the way back to PHP 5.3. So if you're still on a Drupal 7 site and you're on an old version of PHP, you could still have this stuff work for you. It's doing a hash and it's using things like SHA to hash these files, compare the hash to a publicly signed and privately signed key pair of things. We're even talking about, not talking, we're doing, the Drupal Association is in the process of acquiring and installing an HSM so that we can do this in a very, very secure manner. And the HSM will then be taken offline. You can't get more secure than this. Is Drupal really a target? Someone, a conspiracy theory might say that it is. But even if it isn't a target, or even if it is, we're doing this in the most secure manner that we can.

- [Tim]- Sorry, just to add to that a little bit, I think it's really interesting and robust the way it's architected. Drupal.org delivers these hashed and signed files with the quasi-patch plus all of the appropriate signature files with the relevant metadata to verify all that. And then, again, as Lucas said, anyone using the auto update system, as long as they're on even a very old version of PHP with these shims in place, the PHP process can do the verification of the signatures, and the hashing, and all of that, and then we know that it's not an interrupted package that's been modified in flight, there wasn't a man-in-the-middle attack, or anything like that. And then on our side using an HSM we're able to do secure key rotations on a regular basis, we're able to validate, hey, you know, when was the last time this was checked, is it within a valid window of being signed, all this kind of stuff. So it's a really, really robust system. And I have to say, we're sort of, we have the advantage... It took us a while to get here, but we have the advantage of being able to look at the example of other projects, whether that's a BSD system that a lot of this is based on, but also look at, say, WordPress or other projects that have started implementing their own systems and say, these are the impressive things they've done but they may be missing this piece in terms of the signatures and man-in-the-middle protection, or maybe they're missing this other piece, and how do we get a lot of that right from the start. And part of this is only possible because Drupal has maintained its status as kind of a centralized project. Drupal.org is the home of most, but not all, code related to the Drupal project and that helps us be able to sign and deliver all the relevant packages. And with our move to GitLab, I think some other folks who aren't here are probably coming back as well.

- [Fabian]- And I'm very glad that you're doing that, especially with an HSM, because the recent Webmin hack showed how bad is this if you deliver hacked software to your users.

- [Preston]- Oh, absolutely. And I think a lot of our audience is very concerned about that just given the amount of risk that's possible here. So, I have one question for you both, Tim and Lucas. One of the things that I know a lot of our audience is curious about is, well, you have these archives, it makes sense. But what happens if we're using Composer? I use Composer. I've got Drupal 8.8. What exactly is planned for Composer? Or does it already work for sites that use Composer?

- [Lucas]- So, when you go to 8.8.0, when that gets launched in October, you will have Composer whether you know it or not. The Composer initiative has been really rolling and rocking quite quickly here in the last few months and a lot of things have come together such that when you upgrade to 8.8.8, 8.8.0, you're gonna have Composer just by installing and upgrading to 8.8. So that does open up the question. Because when this whole initiative of auto update started we said, well, we don't have any official Composer support in core. Remember, the funding is coming from European Commission. That funding will dry up here shortly. Let's focus on the needs of tarball. So we have spent a lot of time on tarball because of pragmatic reasons. But none of that means... None of that, though, means that we've not thought about Composer. And we have thought about it. And there's two or three different scenarios that we've considered with Composer. And the first two of them, you're fine. You're not gonna have an issue. Let me talk about those. The first one is you're on a site that's been using tarball since day one. And again, let me pause there. This is really an issue in Drupal 8. When we go back to Drupal 7, the number of sites that are using Composer are very minimal. So you can do it, I guess. I've never done it. Drupal 8 though, it is an issue. If you've been doing tarballs and you're still running before 8.8, let's just make it simple. You're not gonna have any issues at all. 8.8 comes around, you've upgraded to that because you're being a good boy or girl. Now you've got Composer. You're still okay because we're just overlaying files. The problem that comes in is when you start using the capabilities of Composer and you do a Composer require, and your Composer JSON and your Composer lock file start to get modified. In the case of that, you're gonna have some additional considerations. Again, if it's just an overlay of files you still will probably work in nine out of 10 times. Nothing that we've done will have an issue for your site. If you're wanting to patch, say, Token module, that's one of the more popular modules out there, and security release comes out for Token and it's been managed through Composer, we'll do that, that's not a problem. It's when you're dealing with a thing like... I'm gonna pick on Commerce. Commerce has a lot of vendor dependencies as well. If you want to update Commerce with this in phase one, and I wanna be clear, phase one, there are lots more plans in the future, you might have it a little bit more tricky. If it's just one file in Commerce, again, you still probably won't have a problem. But if it's a file... I've got this all written down in an issue on drupal.org. We'll link to it because this gets tricky. If it's a file that isn't in a vendor folder then you're fine. But if you start dealing with modified Composer JSON, vendors... But again, if think about the audience here, it's for folks that probably wouldn't have been doing composer update, composer require, up til now because they were on tarball. And so I think at least for version 1.0 of this module, we're gonna learn so much. So all that to say, Composer is thought of. There's more to come with it. And we'll make it better with time. We're gonna beef up that support. [Preston]- Absolutely. And I wanna ask just the other elephant in the room here that I know a lot of people have on their minds. Is this gonna be a part of Drupal core? Is all of this going into core? At what point do we see this being in Drupal core?

- [Lucas]- We've been working with the core contributors, and we even have Fabian on the call today. We've been working with core contributors from day one. This is an initiative out of the Drupal Association and this is not done in a vacuum. The simple answer is all of this will go into Drupal core. We're gonna incubate it in contrib. That said, some of the actual implementations of how we're doing this are not gonna go into core. We're not gonna do this whole overlaying of files thing on the live site, or at least not unless something changes, because there's too much risk there. Even though it's still very low risk, the core maintainers and release managers are still feeling that that's too much. So we've got plans for phase two, unfunded plans. I'm gonna put a request out there for funds. We need more funds for this A/B controller where you've got a live site on A and over on B you've got the about to be updated site and we're gonna flip back and forth between A and B, and if B has a problem we switch it back to A. And then we just keep doing that. And as we do that we can also start doing things more with Composer perhaps, beefing up that support. The simple answer is all of this will go into core.

- [Fabian]- What's the roadmap for the public safety announcements? Because there doesn't seem that much to it besides that needing to be a secure channel that I could commit that to Drupal 7, kind of right now. So what are the plans from the 8 maintainers there when we could get this in?

- [Lucas]- We're still in discussions with you guys, Fabian. Because we wanna figure out when's the most ideal time to take these features over. We've really been focusing on the end of the year deadline. But if someone were to grab the code, roll a patch, and throw it up there, there's no stopping anyone from RTBCing that, reviewing, testing, and getting that into core now because it's pretty stable. I say that, but I also say we've gotta learn a lot. This whole thing, we need to learn more. More information needs to be gathered. I was hoping that we would have a little bit of a chance to have several hundred sites, thousand sites, with the contrib module installed with this on there, figure out the right wording for this messaging so that we don't annoy people to death, but we don't do it too infrequently either, and iterate and improve on it in contrib where the gates are a little bit lower, the stakes are a little bit lower. And then when it's ready, move it into core.

- [Fabian]- Yeah, I mean, you could always start with a simple experimental module. has worked very well. And just one real quick question to the Composer thing, just if I got this right. So, the problem with comments is, for example, that a security patch might itself depend on a vendor library update and then I've got problems because then I can't know what kind of inner library's in there. Is that where the problems go into?

- [Lucas]- Yeah. I really probably should link it, and I feel like I did a poor description. But yeah, like, some of our more recent Drupal 8 updates worked for with a far file and we've got a vendor file in here. If someone has run composer update at some point and they've already updated to a newer version, and in the midst of all of this they got a newer version of Symfony and some other components, it could get really messy. I think what we're hoping to do is just release this so that folks can give us that feedback, is this gonna blow up on me. There's gonna be a few folks that are gonna be like, I don't care. Just give me the updated site. And those are gonna be the risky folks. Those are the guys who go down the black diamond ski slopes without any protection and half kill themselves. We need those guys out there to do this because they're gonna report, and probably get upset, that they broke their site. But we need those people to give us feedback. But if they don't give us feedback, if we give the folks the flexibility to hang themselves and there's silence, well that also tells us a lot too. It says, well, maybe we can relax some of our... Relax some of what we're doing here, and even maybe promote some of these more risky adventures.

- [Fabian]- One quick question for Composer itself. Have you thought about, the idea came out originally two years ago or something like that, to just run Composer inside of that process with a virtual file system?

- [Lucas]- Composer right now takes too much memory. And on shared hosting where you're capped out at 512 megabytes, or 256 if you've got other processes, it becomes cumbersome. But a lot of the same folks that have been in these rooms have been thinking about this for a while. So, more to come on that. I think we've got some ideas to drop that in phase two as funding comes available for the community. We might have some more surprises in the wings.

- [Fabian] Sounds great.

- [Lucas]- Tim, you know more about the future. Do you wanna talk about where you see this going?

- [Tim]- Why don't we talk a little bit, yeah, just about phase two and what's going on, and just move into a discussion of the future. As we've said several times, the European Commission, because they rely on Drupal and they have a commitment to all the open source technologies that they're a part of as part of their FOSSA program, approached us before the beginning of the year and said that they wanted to set something up, and generously they've been supporting the work so far to do this phase one of the project. But as we said, that's gonna run out. Then in the next phase when we wanna have better Composer support and this A/B system so that it can be actually brought into core, those are really, I think, probably the two most major priorities, we're going to really need to figure out how we create a sustainable funding model for that. For folks who are out there who may be at large end user organizations who rely on Composer in your workflows but are also interested in the possibilities of Automatic Updates, it'd be great to hear from you. You can reach out to me at the Drupal Association. And that phase two we're gonna try and really plant a flag around that A/B controller and more robust Composer support and see who we can bring to the table to help us make that happen. It's really important to us that we move this forward. It's a huge priority for the project, of course, but it's also, it's not been an easy problem to solve. As people have mentioned, we've been talking about this in the Drupal community for probably five plus years and are only now beginning to make some real progress. But it's taken work. As we've alluded to before, there's a huge group of people involved. Staff on the Drupal Association side. People like Tag1 who've been working with us closely to actually do implementation, Lucas in particular. The Security Team, all the volunteers in the auto updates channel. Just a huge amount of people. The core maintainers have all been involved. And without funding, we might make a little bit of progress but I don't wanna go another five years without really delivering an even more robust system that we're capable of doing. [Preston]- Yeah, I think this definitely shows the amount of support and backing from the community but also from these sponsors that have really contributed a lot to make this a success. Obviously we mentioned the Drupal Association, MTech, Tag1 Consulting, the European Commission and their Free and Open Source program. I know that you all are looking for more sponsors. Tim, just to be very clear, to reach out to you they can go to [email protected].

- [Tim]- That's right. You can reach me there directly.

- [Preston]- Absolutely. I just wanna mention briefly that this is a very important initiative for the future of Drupal and for the ability for site owners to really have people, or to have that governance and maintenance that they've been used to all along with so many of these projects. And so Tim, just to jump back into the notion of sponsorship and looking for contributions. Why should folks look at sponsoring this project? We've talked about obviously the benefits technically, but are there other benefits also to this?
- [Tim]- Yeah, I mean, in addition to the technical benefits and the benefits of just being a part of good citizens of an open source community and raising the tide for all ships, there's also, because this is a strategic initiative for core, there's a lot of visibility into this project. There's opportunity for marketing and awareness campaigns around your support of this initiative if you choose to get involved. Cross-promotional activities that can be done with the Drupal Association. There's also opportunities for recruiting some of the best talent in the Drupal community if your organization is looking to recruit some more key talent. A lot of the contributors who've been involved, whether on a volunteer basis or a contract basis with this initiative are some of the most talented folks in the whole community, and you could recruit those people to your team. And then also, this is something that gets talked about on stage during the keynote at DrupalCon. If, for example, we managed to get someone on board before DrupalCon Amsterdam, I'm sure we would be thrilled to announce that partnership with another organization. Moving forward into the next year during the keynote, during Dries' keynote, we're certainly gonna be talking about the progress on this initiative and all the organizations who've been involved in the first phase so far.

- [Preston]- Wonderful, and I'm looking forward to hearing a lot more about this at DrupalCon Amsterdam. Before we close things up here, though, I just wanna ask, are there any other things that we wanted to mention about where this project is headed, or any other things that the audience might be interested in?

- [Tim]- I would just reiterate something that we said before, which is, there's an alpha available now. It's been out for several weeks. So if you're in a position to try it out, to test it out and provide feedback, that would be wonderful. If you're interested in being involved in the initiative there's a lot of activity in the auto updates channel in Drupal Slack as well as in the drupal.org/projects/autoupdates so you can get involved there and help out. And yeah, certainly feel free to reach out to myself or others involved if you have questions.

- [Fabian]- Awesome work.

- [Preston] Yes, this is fantastic. [Lucas]- I mentioned it before but this has been the work of many, many people, and we've only got five or six on this call which is a poor representation of the larger community. So my shout out to Drupal and the Drupal community. [Preston]- Absolutely. All righty, well, we have run out of time here at the Tag1 Team Talk. So, just to remind the audience here today, thanks again for joining. It was a really amazing conversation about Automatic Updates coming to Drupal. A really amazing thing. I'm looking forward to hearing about it in Amsterdam and Minneapolis. Just for your information, we post all of these, by the way, at tag1.com/tagteamtalks. All the links are gonna be available alongside this video and audio recording. If you like this talk, if you like what you heard today, please remember to upvote, subscribe, and share it with all your colleagues, your parents, your friends, your grandparents too. And as always, please, if you have any topics you wanna hear about, if Automatic Updates is interesting to you, you wanna bring Lucas and Tim back into the fray here, please write to us at [email protected]. I wanna say a big thank you to Lucas, a big thank you to Tim, and to Fabian, and to Michael as well, for joining us today for yet another Tag Team Talk. Thank you all, and goodbye.

Sep 30 2019
Sep 30

All about Drupal development and the people behind.

More and more businesses look for Drupal developers as the market has been skyrocketing for the past decade. Drupal has emerged to be an enterprise-level content management system compared to rivals Wordpress and Joomla.  

As Drupal development involves various segments, there is always a scope of confusion regarding skill sets and responsibilities. We, at OpenSense Labs, comprise of Drupal Developers, Architects, Themers and Back-end experts. All of us lay the foundation for any project we pursue. 

Welcome to our first of the three series articles on Drupal developers. Let’s dive in and understand the distinct categories and their skills which make Drupal development a success. 

illustration image showing blur drupal icon and and multi colour icons on white background

The entire development process in Drupal comprises of various segments which contribute equally to the overall well-being of the website. From laying the foundation of the website to providing it a UX-friendly design, it is collaboration at its peak. Let us decode every single role here:

Drupal Site Builder 

illustration image showing a person on stairs building a site layout in multiple colours

Site building is the core Drupal competency which is much needed for the site creation. It includes, getting Drupal up and running, and configuring the options to build a full-fledged functional website.

One of the most rewarding features of site-building is that a Drupal site builder approaches building sites with the only point and click on the admin UI (user interface), without writing a single line of custom code.  Site Builders are known to lay the foundation of any Drupal website. 

Meaning, they build the taxonomy, content types, image presets, lists with views, layouts, menus, rules and setting up roles and permissions.

By understanding, a completely functional Drupal website is curated with a lot of  Drupal core and contributed modules (such as References, Scheduler, and Automatic Nodetitles). A site builder has a sound experience of these core and contributed modules.

They have the skills to play with a combination of modules, along with the limitations which might result in resolving a respective problem or a set of problems. Every module in itself is grounded to some capabilities which the site builders understand. Except for the earlier mentioned, the site builders also have:

  • The general understanding of the working of the web, installation of dynamic web applications are the important prerequisites for Drupal site-building. In addition to that, familiarity with HTML, CSS with a code understanding is an aid.
  • Can install and setup Drupal manually or by using an application or a service, configure core, add new features and evaluate the contributed modules.
  • Capable to test out the configuration changes before deploying or configuring them on a live website.

Drupal Themer

illustration image showing two screens showing colour combinations in blue orange and white colours

A Drupal themer, also known as a Front-end developer has a seat in between the designer and the developer. They are the specialist in front-end designing and development and are responsible for maintaining the implementation of the client-facing architecture of an application or a website. Along with HTML, CSS expertise, they know:

  • Front-end technologies like Javascript, JQuery and AngularJS.
  • Basic theming skills like installing themes, creating sub-themes, and tweaking sub-themes with CSS and custom template files. They use some PHP in template files and in Drupal 8, Twig is used for templating.
  • They have expertise in the Drupal theme layer. They ought to have the capacity to take a design and transform it into a functional issue like implementing responsive design.
  • The expert front-end developers create "glue code" modules or functions in PHP that expose configuration options to site builders. 

Drupal Backend Developer

A click on the front-end is of no-use if there is no functionality implementation in the backend. A backend developer writes the code that hooks distinct sections altogether for the proper functioning of an application as a whole.

Also known as the Drupal Module Developer, they are proficient coders who write a lot of code in PHP and other server-side languages. The backend developers in Drupal are fully aware of the basic site building architectures and best practices. In addition to that they are:

  • Well versed in creating and executing the new modules. They are also adequately equipped to customize and extend the existing Drupal modules.
  • Involved in the advanced side of theme layers, automated tests, consume web services, automated deployment, etc.
  • Along with the knowledge of HTML, CSS, JS/JQuery and JavaScript, a clear and in-depth understanding of back-end tools like PHP and MySQL.
  • For D8, they know the concepts related to architecture and planning, development of custom modules and D8 performance and security concerns. 

Drupal Architect

Drupal architect has an understanding of complete project architecture and they provide the direction to the project path. A lead role in the Drupal development process, a Drupal architect performs backend development, various front-end tasks and theming in the project. Following is the must-have skills for a Drupal architect:

  • Strong understanding of front-end and back-end development tools and other web development aspects.
  • Well-versed with the optimization of Drupal.
  • Highly proficient in languages such as PHP, SQL, JQuery, and CSS.
  • Well versed with the implementing tools like Varnish, GeoIP, Commerce, Ubercart, Solr, and CRM integration, to name a few.

Drupal DevOps/Sysadmin Engineer

DevOps is known with a variety of definitions as a culture, trends, perspective, etc. A Drupal DevOps Engineer wields the tasks of both software development and information technology operations. They run the live stack and deploy Drupal websites from the development environment to the live server environment. Additionally, a DevOps Engineer handles performance-related hurdles that might interrupt business operations or cause any sort of harm, such as setting up Varnish, CDN, and Memcache, etc. 

Following are the skills of a Drupal Sysadmin that every Drupal ecosystem requires:

  • Linux is a mandate for a Drupal DevOps engineer, that includes proficiency in managing the Linux servers, an expert in internals and Linux Kernel working.
  • Bash Scripting, Continuous Integration (CI) so as to automate the time-consuming and repetitive tasks in the application development process, like deployment on the server, backups, restores, refreshes of the databases, etc. 
  • Hands-on in automation technologies such as Chef, Puppet, Ansible, etc. for configuration management and deployment.
  • A DevOps Engineer needs to be capable of performing multifaceted roles, such as Site Reliability Engineer (SRE), Build Engineer (BE), System Operations Engineer (SOE), Database Administrators (DBA).
  • Solid understanding of Infrastructure as Code (IAC) in order to manage the networks, virtual machines, load balancers, and connection topology in a descriptive model for source code versioning.

Drupal QA Engineer

The profile which imitates as an end-user and has the skills of a developer is a Drupal QA engineer. This profile ensures the quality of product deliveries. They run the manual as well as automated tests to meet quality thresholds. 

To ensure quality delivery of projects, a Drupal QA engineer develops corrective action programs as a part of the Quality Assurance process. Following are the must-have skills for a Drupal QA engineer:

  • Sound understanding of the product or industry-specific requirements.
  • Experience in testing web technologies. 
  • Well versed with Drupal 7 and higher.
  • Strong command in various programming languages, such as HTML, CSS, and JS. 
  • Ability to document test cases, capture the test result details, setting up an automated test environment, etc.  

Drupal Project Manager/Scrum Master

Also known as the Scrum Master who ensures agile practices in the entire term of the project. They manage and run scrum teams, take responsibility for daily progress in the project to meet project delivery timelines. A quality project manager who acts as a central node between the client and the team while ensuring transparency for both ends. Following are the must-have skills of a Drupal project manager:

  • Skilled in client servicing domain, plus sufficient technical expertise to regulate the workload of the team. 
  • Capable to forecast/foretell potential risks and mold the project plan accordingly. 
  • Well versed with the content strategy, implementation and other existing, emerging technologies in order to integrate it with the Drupal CMS. 
  • Knowledge of SEO and reporting tools like Google Analytics to check how the content is performing across the web.

Drupal Designer

A Drupal designer accelerates the process of user experience (UX) and user interface (UI ), so as to create the best experience for end-users. They know what the technology stack is capable of, thus delivering to design requirements and win over stakeholders before development kicks off. Following are the must-have skills of a Drupal Designer:

  • Knowledge of the capabilities of Twig is imperative for the upcoming Drupal versions.
  • Knowledge of HTML, CSS and Javascript.
  • A clear understanding of the basics of theme creation and site-building.

Drupal Product Owner

Most of the time, product owners are the clients who have the final sign off of all the project changes. But they can be the people from the drupal development team too. A product owner (PO) comes up with the requirements of a project and has extensive experience in various industrial domains. They work in close coordination with the project managers to prioritize the backlogs. Following are the must-have skills of a Drupal product owner:

  • They should be capable of seeing how things integrate and work together to decide the future or usability of the project.  A clear vision and commitment of a product owner will set up a strong base for a Drupal project.
  • Also known as the organizers of the project, they should have excellent communication skills to deliver their message across the application development teams.
  • Excellent reporting and record-keeping capabilities to measure the current state of the project. 
  • With excellent decision-making skills and the power of managing the business feedback, product owners should be capable enough to drive projects towards its successful completion. 

Content Marketer 

How to market the content so that it delivers the maximum output is the major concern of a content marketer. They own the complete content publishing process and ensures that the content matches with the latest search engine optimization (SEO) and search engine marketing (SEM) practices.  Following are the must-have skills for a content marketer:

  • Well versed with the latest Drupal versions.
  • Knowledge of administration functions and perform changes that don’t require any coding related upgradations in the project. 

So we saw, similar to other web development life cycles, projects developed under the Drupal roof requires a range of roles streamlining the seamless process of building and support of the Drupal website and applications. 

Stay tuned for more!


Drupal has brought a major paradigm shift by being a leading content management system for enterprise-level organizations. A successful Drupal website is powered by a list of different roles having substantial knowledge and skills of the platform. 

Want to join the Drupal league? There are seemingly unlimited opportunities for a person who is crazy about Drupal. With over 15+ years of experience in the Drupal community, we at OpenSense Labs are the growth-bound team of architects, developers, designers, themers and more.

We love contributing to resolve community hurdles and help escalate the potential of Drupal as an Enterprise Content Management System. Let's speak for your enterprise needs at [email protected]

Or you can connect with us on our social media channels: Facebook, LinkedIn, and Twitter.

Sep 27 2019
Sep 27

Search engine optimization (SEO) is the chief ingredient in preparing the recipe of top ranking on Google. SEO assist websites in acquiring traffic from organic, natural, or editorial search engine results. There are several other factors also that affects the ranking of the website, such as quality of content, site loading time, backlinks, and responsive designs.

Further, Drupal being a robust and highly customizable website content management system is considered as the most SEO friendly platform. Its unconventional architecture encourages site-builders to implement ethical SEO practices in their workflows, just to name a few, from correct tagging of content, and SEO-friendly naming conventions, to make your site search-engine friendly and user-friendly. 

Thus, with targeted content, properly coded website and theme, and installation of SEO modules can help organizations to make a success story seamlessly.

Integrate These Drupal SEO Modules For Better Visibility & Ranking

Text written horizontally and vertically inside box
Following is a Drupal SEO-friendly modules checklist that you can get ahold of to highlight your site-

  1. Pathauto

One of the most essential modules of Drupal is the Patghauto. It saves your valuable time, which you devote to create the path/URL aliases. It does so by automatically creating URL /path aliases for the contents (nodes, taxonomy, terms, users) based on configurable patterns.

For instance, we configure our blog entry as blog-entry/[node:title]. And this blog post is published with the title, “Embracing Drupal SEO modules”, Pathauto will instantly generate an SEO friendly URL as “Blog/Embracing-Drupal-SEO-Modules” instead of “node/92”. 

2. SEO Checklist

If you are aware of the SEO basics and manage multiple websites at a time, then this module is perfectly suitable for you. With SEO Checklist, you can keep your SEO practices in check. 

It eliminates guesswork by creating a functional to-do list of modules and tasks that remain pending. The regular updates of this module make on-page search engine friendly without any hassle.


Two boxes interconnected with each other                                                                  Source: Drupal.org

It makes work simpler by breaking down the tasks into functional needs like Title Tags, Paths, Content, and much more. Next to each tas is a link mentioned to download the module and a link to the proper admin screen of your website so that you can optimize the settings perfectly. It also places a date and time stamp next to each item when a task has been finished. This, in turn, provides a simple report that you can share with others showing what’s been done.

3. Metatag

This module allows you to automatically provide structured metadata, i.e., “meta tags”, about a website. In context with SEO, when people refer to meta tags, they usually mean referring to the meta description tag and the meta keywords tag that may help enhance the visibility and rankings on the search engine results.

4. XML Sitemap

Drupal XML sitemap module once installed will provide your website a sitemap itself and make it searchable by search engines. This, as a result, will help search engines in understanding the hierarchy of your website and accordingly crawl in a tree sort of manner.

The best part of having this module is the flexibility to include or exclude certain pages from the sitemap of your website. This means that you don’t need to get those pages indexed which you are not using anymore.

5. Google Analytics

The Google Analytics Module helps in tracing the footprints and general behavior of users concerning their interaction with the landing pages and the content present on the website. Not only this, but it also provides insights into your visitors including demographics, where they found you online, what keywords they used to find you and a lot more.

Further, it also eliminates the tracking of in-house employees who might be visiting the website very often and could be counted as visitors and unique sessions. 

6. Real-time SEO For Drupal

The real-time SEO module for Drupal relieves you from the tedious task of optimizing content by including keywords in a fast & natural way.

It works best in combination with the Metatag module. How?

It checks whether your posts are long enough to secure a place in SERPs, the meta tag is included with the high-ranking keyword present in it if there are subheadings in the post or not, etc.

This evaluation makes sure that you don’t miss out on a single opportunity even to increase organic traffic and hence improve your ranking.

7. Search 404

The search 404 module rescues your website by controlling the bounce rate, which search engines use as a criterion to rank websites’ quality. Whenever users come across some pages showing 404, this module automatically redirects them to the internal site search with the related term in the URL.

Besides, it helps you in retaining visitors coming in from old URLs linked from other sites or search indices.

8. Alinks

Alinks module automatically replaces keywords with links in the content body with a list of links. You can set the content type on which this should work by simply setting up the phrases and links through the administration interface. And from here onwards, the module will take over and replace the keyword phrases in the body field with links to the pages to specify.

9. SEO Compliance Checker

The SEO Compliance Checker analyzes the node content on search engine optimization whenever it is created or modified. Whenever a publisher saves or previews a node, the module performs audits and gives the user feedback on the compliance of the rules in the form of a result table to the editor. 

This can help SEO beginners immensely as they will get to know about the areas where they need to optimize content more accurately.

This comprises of scanning of alt tags in the image, usage of keywords in the node titles, keyword density on the body, etc. 

10. Schema.org Metatag

It maintains structured data and tags so that you can add them to your HTML to improve the way search engines read and represent your pages on SERPs.

11. Taxonomy Title

Taxonomy title modules let you edit the heading tag (H1) of the taxonomy page. The importance of H1 tag can’t be neglected and overlooked for it forms a crucial element in SEO and helps in achieving rank on the top page of SERPs. 

People interested in SEO may prefer to add more user-friendly, keyword-rich, and descriptive words to this heading element.

This is the only module that lets you control that title individually for every term. 

12. Menu Breadcrumbs

As per its name, it appends a breadcrumb menu line to the top of the website. It also provides substantial benefits for both users and search engines. Well, first it lets the user know where he is in the navigation hierarchy, and secondly, there is an anchor text in the breadcrumb, which internally links it to the appropriate URL.

13. Power Tagging

The PowerTagging module evaluates content from Drupal nodes and the associated file attachments. It interprets content and concepts automatically through thesaurus or taxonomy even if synonyms are used. Users can consolidate all suggested tags or index the bunch of Drupal content nodes automatically, leading to the formation of a semantic index. This practice makes search comfy than ever before.


  • Customizable entity’ tags with manual tags combined with an auto-completion of tags already used.
  • Multilingual tagging is supported
  • All content can be tagged automatically in one go with Bulk-tagging


Learn How To Use Taxonomy to Tag Content in 9 Steps


14. Similar By Terms

Similar by terms module tends to provide a framework for content items by showcasing a view block with links to other analogous content. The similarity is based on the taxonomy terms assigned to content. Views are available based on similarity within each of the defined vocabularies for a site as well as similarity within all vocabularies.

15. Footnotes

Footnotes module can be utilized for creating automatically tallied footnote references into an article or post, for instance, to add a reference to a URL.

16. Require on Publish

This module comes handy when fields to be required the only option is to be filled at the time of publishing content or if it is already live. This can be used when you have fields available such as tags or SEO information on your content that editors generally don’t need to fill up until the content is going live.

17. Auto Recommend Content Tags (Thru Apache Stanbol)

This module uses Apache Stanbol via a web socket to recommend real-time tags, or even find keywords while the editor is writing, editing, or creating a new piece of content.

18. Drupal SEO Tools

This is an all-inclusive SEO suite. This module offers a dashboard which encapsulates a plethora of SEO functions for the sites, from keywords, titles, tags, paths, redirects, sitemaps to Google analytics, webmaster tool, etc.

However, it has some prerequisites that must be met to make full use of the suite. 

19. Redirect

Redirect module lets you rechannel an existing URL to another one. Additionally, it keeps the two links on your website without delivering a 404 not found error. It also works wonder in case you want to handle duplicate content.

Watch this video further to understand more about Drupal 8 SEO-

[embedded content]

20. Global Redirect

The problem with the alias system in Drupal is that the default URL is still present, i.e., there are still 2 URLs pointing to the same content on your website. The search engine bot can identify the duplicate content easily, and so it can put an impact on your website ranking.

Global Redirect module cures this problem by checking if there is an alias for the existing URL and if it is, then it redirects to the alias URL.

Besides, it exhibits other features like removing the trailing slash in the URL, cross-checking that clean URLs are being implemented correctly and checking permission and access to nodes, URLs.

21.Content Optimizer

Content optimizer module improves your website’s search engine ranking by refining the on-page optimization factors and ensuring that your content meets all the requisites listed under Drupal SEO best practices. It instantly audits your website content through SEO analyzer and guides as per the content stats obtained to improve search engine rankings.

22. Site Verification

Search engines rank your website when they are able to properly navigate through your website and also index it. Now, to know if your site is crawlable you need to verify it. This site verification module helps in the same by either uploading an HTML file or adding meta tags. It supports search engines like Google, Yahoo, & Bing. 

You can use this in combination with XML sitemap to let search engines index your up-to-date website content appropriately.

23. Links Checker

Broken things are considered unlucky and so as is the case with broken links for your website ranking. Broken links put a bad impression on search engines. Hence, Links Checker module can help specify the failed results which you can rectify easily.

24. Menu Attributes

The Menu attributes module facilitates the admin to point out specific attributes comprising of id, name, class, styles and rel.

This module is helpful in your SEO strategy especially when you want to “nofollow” certain menu items to mold the flow of PageRank through your site.

Are You The One Who Is Offending Search Engines? --- Follow These 5 Tips To Avoid Common SEO Mistakes

“To err is human, to forgive is divine”- Alexander Pope

After all, we, being humans, can also flub in achieving our goals. However, if not rectified on time, can result in heavy loss. And here by heavy loss means, your site won’t show up on top pages of the search engine results.

Notebook, phone and glasses kept near a man

Perhaps, you can prevent it from happening by following these 5 simple tips and tricks-

  1. Include top-ranking keywords in your content

The primary task to be SEO-friendly is to focus on the keyword strategy for your website. Use various keyword tools, like Google Keyword Planner or SEMrush to find out the high ranking keywords that you can use in your website content ( landing pages, blogs, and other information pages) to secure top rank on the search results of the search engine.

2. Ensure that your URLs are search-engine friendly

Another important factor in our SEO checklist is to URL structure. Yes, it does matter! Search engines like Google, Bing put a lot of stress on the use of user-friendly URLs. Such clean URLs make the content more readable and also give a clear picture of what the page is about. Example of an unambiguous URL for a service page of a site would be something like this-www.example.com/services.

As discussed above, the Pathauto module is an excellent Drupal module which makes this process a whole lot easier by converting complicated URLs to clean and clear URLs.

3. Don’t underestimate the power of metatag

Metatags are those micro-sized text pieces that you (should) place in the header part of your website to make search engines aware of what the web page is about. 

In case you don’t include metatags in your content, the search engines are forced to guess what the page contains and trust us, this could seriously piss off search engines, and eventually, your SEO ranking will suffer!

Fortunately, you don’t need to indulge yourself into the code of your Drupal site’s web pages to implement meta tags since Drupal already has a solution (module) for it- Metatag module

With the metatag module, you can automate the process of placing meta tags and HTML title tags in the header of your webpage.

4. Indulge Users With Your Mobile-friendly Website

The changing technology scenario has brought everyone together with the advent of mobile phones, especially millennials, who use their smartphones to access the internet for every small detail.

Having said that, Google now prefers those websites who offer users mobile-friendly interface. Therefore, it’s high time that companies optimize their Drupal website well to adapt to the screen size of different devices. Enterprises can use content-as-a-service (CaaS) to push their content via APIs on their Drupal website. CaaS automatically adjusts the size and format of the content, increasing the feel of the content.

That’s why Drupal 8 is considered as an out-of-the-box solution for driving the SEO compatibility of the website effortlessly.

5. Keep Drupal updated

Drupal, being open-source software, and managed by a huge community of developers is regularly updated to incorporate new features and fix bugs and errors to keep potential security risks at a dead end. 

This has two benefits, one- your website will be safe from any cyber-attacks and second, search engines list those sites on top which keep vulnerabilities at bay. 

Hence, keeping your website updated is an important factor in your Drupal SEO journey. Make sure that you keep on updating your Drupal site as soon as an update is rolled out to keep website ranking high on SERPs.

Final Words

Confining yourself to just creating a website and pushing content on it is never enough to get your website on the top search results of search engine pages especially when there is a slew of websites present on the world wide web.

Search engine optimization for Drupal is a homogeneous practice that evolves as you keep investing time on it. The more you practice, the more is the visibility! Integrate these modules onto your website and also follow the mentioned Drupal SEO guide religiously to witness a significant boost on your website’s ranking on search engines. After all, it’s worth a try!

Sep 27 2019
Sep 27

Agiledrop is highlighting active Drupal community members through a series of interviews. Now you get a chance to learn more about the people behind Drupal projects.

For our latest interview, we chatted with Cristina Chumillas, front-end developer at Lullabot, designer, and one of the coordinators of Drupal's Admin UI and JavaScript Modernization initiative. Give it a read to learn more about Cristina, the supportive and welcoming attitude of her colleagues at Lullabot, and her work on modernizing Drupal's administration UI.

1. Please tell us a little about yourself. How do you participate in the Drupal community and what do you do professionally?

I am both designer and front-end developer, and in the Drupal community right now I’m a core usability maintainer and co-organizer of the Drupal Admin UI and JavaScript Modernization initiative. Apart from that, I’m helping in the local community here in Barcelona; professionally, I work for a Drupal agency as a front-end developer, and then on the admin UI I’m mainly helping out as a designer and managing a little bit.

I actually just started a job at Lullabot about three weeks ago. I previously worked at Ymbra, one of the oldest Drupal companies here in Spain, but now I’ve moved over to Lullabot. I’m really enjoying the kinds of projects and learning how we do everything. I’d been at the same company for 5 years, so any change that I wanted to see I had to do by myself. 

So, right now, it’s really great seeing how other teams get organized; Lullabot is a distributed company, so it’s great to see how they’re super used to these kinds of situations where you don’t really get to get in real contact with people. They have a lot of alternatives to make you feel welcome and to help you get to know other people on the team. 

I have to say that before joining Lullabot I already knew some members of the team, and I knew that they’re very nice people. But now that I started I have to say that most of the people there really take into account that you’re a little bit lost when you’re starting out, so everybody’s super nice. They know how you feel and how to act because they have been in the same situation before. 

2. When did you first come across Drupal? What convinced you to stay, the software or the community, and why?

I started doing Drupal because I’d been working for a design agency. When I started as a freelancer, I wanted to do my own things - I wanted to do websites as well, and if I was doing the design I had to know how to actually make the website, and as a freelancer I had to do everything by myself.

So I learned how to make websites with Drupal and then after a while I got in contact with the local community; during that time they were organizing Drupal DevDays in Barcelona, it was 2012 I think. It was at that point that I got in contact with the community, I helped organizing the Drupal DevDays just a few months after getting to know people from the community.

And that’s why I stayed, I really liked the community and I just kept moving forward, helping with more things and, after some years, ending up at the company I mentioned before, Ymbra. After that I got in contact with the international community and, thanks to that, I ended up at Lullabot. So, getting in contact with the community has helped me a lot on the professional side.

3. What impact has Drupal made on you? Is there a particular moment you remember?

One of the people with whom I worked most closely during the aforementioned Drupal DevDays was Pedro Cambra; he was actually one of the people that put me in contact with the Drupal Association when DrupalCon Barcelona was going to happen. They asked him to be the local contact for the community, but since he was moving to - I think - London at that time, he put me in contact with them. 

Thanks to that, I helped first Stephanie, then later Amanda to come up with some things around Barcelona, helping them find locals and places to have parties, these kinds of things - essentially helping with the organization. I would say that DrupalCon Barcelona is one of the happier moments or one of the moments that I remember the most, because Pedro came and also helped during the ‘Con, and after a full year of working with Amanda I finally got to know her. 

Fun fact here: I was talking with her in English and my English at that time was really bad. Before getting to know her in person, I was growing nervous, thinking “Oh my God, this is going to be the moment that I have to speak in English”, but when I got to meet her, she said “Hola Cristina!” - she was speaking in Spanish! At that moment I realized I had been talking in English for a full year with someone that I could have otherwise understood perfectly. So, in a way, she totally helped me take my English to the next level.

4. How do you explain what Drupal is to other, non-Drupal people?

It depends if they’re technical people or if they aren’t in the tech industry. If they are, I just say “an open source CMS” and that’s all. When they don’t know what I’m talking about I usually say “just like WordPress but on a different level”. 

If I’m talking with someone that has no idea about that, I usually say “I make websites, but not the websites for the bar around the corner, bigger websites”, I don’t try to explain more than that. Because you can see websites that take a team of, let’s say, 5 or 10 people working full-time one or two years to complete, and then you have the small websites, e.g. for a small local business. Both are websites - how do you explain that difference to people who aren’t in tech?

5. How did you see Drupal evolving over the years? What do you think the future will bring?

Looking back to when I started out, I would say Drupal has evolved into something more professional, more high-level or more enterprise (that’s the word!). I actually wouldn’t be able to start with Drupal if I had to take the same path right now. So that’s actually one of the big differences today, the way people start with Drupal, it’s not like freelancing anymore.

And about Drupal’s future, I think just like everything is different today than it was 8, 10 years ago in the website industry, we have a lot of different levels right now that we didn’t have some years ago. 

I see the future of Drupal having to choose which of these next levels we’re going to focus on, because we’re seeing a lot of new technologies and trends; a lot of projects are decoupled right now, the internet of things is something that’s going to be here in no time, and a lot of people expect to have the content everywhere.

So, Drupal will need to put itself in a place that can actually give access to that content everywhere; where exactly is going to be Drupal’s place in this situation, I don’t know. But that’s the need that we’re going to have in the future, so Drupal will have to quickly evolve to make that possible.

I think there are a lot of smart people working towards these features, these needs, e.g. everybody working on the API initiative and other related initiatives. There are a lot of smart people that know how to do these things and I’m pretty sure that if there are such people investing their time, it can happen. It’s just that if we forget about pushing Drupal forward in order to solve these needs, it’s going to be risky as Drupal may start stagnating.

6. What are some of the contributions to open source code or to the community that you are most proud of?

I’m really happy with the Admin UI initiative and, although I’m not doing everything, I’m helping others getting involved. So, everything I’ve done there from designing to actually helping others getting involved and contributing by themselves, as well as all the UX studies that happened there where I mostly managed rather than did all the work.

I would say getting so many diverse people helping on the Admin UI, that’s something I’m really proud of and happy with. Because most of my time working on the Admin UI is not dedicated to actually getting things done, but helping others getting things done, so I’m happy about that.

7. Is there an initiative or a project in Drupal space that you would like to promote or highlight?

The Admin UI, of course. The admin UI is actually something that I think is really important for Drupal, I think the current admin UI was great at the moment it started, but it’s been many years since then and it actually needs a refresh. I think a lot of people, especially end-users, are expecting that, so I think it really can have a huge impact.

And it’s also a kind of contribution that can be done by people who aren’t specifically back-end developers, but also front-end developers, designers, project managers … We’ve actually even had some users that were content creators helping with the tests that we did at the beginning.

So, we’ve also had a diverse group of people doing user tests, e.g. people from the usability perspective; I think the project has so many professionals involved and so many skills needed that almost everyone that wants to help is welcome. If you’re interested, you can join the #admin-ui channel on Slack, that’s the place where everything is organized. 

8. Is there anything else that excites you beyond Drupal? Either a new technology or a personal endeavor. 

I like to get involved with other communities and I try to help others. E.g. I’m trying to organize things for DrupalCon, but if I can, I get involved in other local stuff that can actually help others get improved - for example, I’m trying to organize an event to promote open source among women in Barcelona. So, these kinds of things, where I can actually use my skills to help others, it’s something that I really like, getting involved and helping with organizing things. 

Sep 27 2019
Sep 27

Recording my experiences of Drupal Camp Pune before they fade away. If you are connected with me on twitter, you must have seen a spike in my tweets over the weekend of 14th-15th September 2019. 

I was privileged to attend this 2-day event and want to admit that my experience of co-presenting a workshop, attending several amazing sessions, meeting old friends and new was great. Had the chance to meet a lot of people from the Drupal community, who were earlier only familiar to me via their usernames. The diversity of the sessions was really impressive. #DCP19 contained sessions for Backend, Frontend Devs, Quality Analysts, Managers, Students, Community, etc. ranging from Beginners to Experts levels.

Being a co-organizer of a Drupal event earlier, I knew how important it was to get the audience on the day of the event. The attendance was more than what was expected for both the days. This was a good sign for the event organizers.

| Keynote

Undoubtedly, the star of the event was none other than Mr. Preston So. It was great to interact with him. I had initially expected his keynote to be around Gatsby. Instead, his topic was a broader one, he highlighted the transition from Content Management systems to Content Management Stack.

DCP19 Keynote Preston So (Gatsby)


He also showed how modern applications are being developed and the role of Drupal & Gatsby in it. His keynote sparked a thought in my head around how applications can be developed and what is the way forward. I would like to share a couple of non-technical highlights of his prenote:

  • Preston started his keynote in Hindi and everyone in the auditorium was in awe. He truly is a master of languages.
  • He gave references to the Bollywood movie “Sui Dhaaga” for explaining the challenges developers face in our day-to-day lives.
  • He gave away 2 copies of his book “Decoupled Drupal in practice”.
  • Preston also shared his love for India, especially Mumbai.

Post the Keynote, Preston was surrounded by people and he was busy answering dozens of questions (I was a part of that group). Questions ranged from technical aspects of Drupal, Gatsby, to him learning so many languages, etc.

| Drupal India Association

DCP19 Drupal India Association (DIA)


The Drupal India Association board members addressed the audience, where they showcased brand new the DIA logo designed by QED42’s design team! For more updates around DIA follow their twitter handle - @india_drupal

| Drupal in a Day

A massive part of my role at #DCP19 was to co-present a 5 hour  “Drupal in a Day” workshop for the students. I co-presented with Nitesh Sethia & Meena Bisht, training and educating students who hadn’t heard of Drupal, around concepts like Opensource, Drupal, community, etc. Students gained hands-on experience with Drupal through:  

  • Familiarization of Drupal concepts 
  • Installing all prerequisites and Drupal itself
  • Introduction to the basic building blocks of Drupal like Content Types, Fields, Blocks, Menus, Views, etc.

We also spoke about the Drupal Campus Ambassador Programme which aims to bridge the gap between students and the Industry.

DCP19 Drupal in a Day


One of my favourite moments from the workshop was the attendee’s reactions when they witnessed the power of Views. They were amazed at how Views can be used to fetch data we want from the database and display it according to our needs. The responses and students eagerness to learn more new topics was a really satisfying experience.

| Sponsors

Sponsors are one of the building blocks in making DrupalCamps successful! This year we had 6 sponsors. 

DCP19 QED42 Platinum Sponsors


QED42 was the platinum sponsor for DrupalCamp Pune 2019. We were not only the sponsors but were also the organizers for the event. QED42’s booth, vibrant standees, Quizzes around Drupal, JavaScript, Machine Learning, and Hackathon appealed to the students and event attendees. We also carried out an internship drive for students. QED42 is known in the Drupal community for its designs and goodies, this year we had T-shirts, stickers, notepads, and designed quiz cards as giveaways.  

| After-Party!

Day one was tiring and about to get over, and we received an update regarding the After-party from the @drupalcamppune twitter handle!  

The after-party was one of the memorable moments of #DCP19 wherein I had numerous great conversations. I met a lot of people informally and got to know the jolly side of their life. I was so engaged in the conversations that I totally missed the dance floor. We reminisced memories from our past Drupal events, the current event and discussed future events too. Sharing a few snaps from the party at the end of this blog. Since I was caught up with “Drupal in a Day” workshop on the first day, I missed most of the sessions presented on that day. You can find out more about the sessions here - http://camp2019.drupalpune.com/accepted-sessions. However, I was lucky to attend sessions on the second day. Here are some sessions I loved: 

1. Multi-turn conversations with Alexa” — Anand Toshniwal

DCP19 - Alexa Multi-turn session Anand Toshniwal


The demo amazed the audience and received loud applause. Anand had set up a Drupal e-commerce store and he showcased how he could place an order with Alexa via a Multi-turn dialog. PS: Reach out to me for the recorded video of the demo! 

2. “Pixel Perfect Web” — Kiran Kadam

DCP19 Pixel perfect web session - Kiran Kadam QED42


Filled with Frontend enthusiasts, Kiran Kadam spoke passionately about what pixel-perfect web is and how to achieve it. 

3. “Effective storytelling with Clients and Teams” — Nikhil Anant

DCP19 Effective Story telling with clients and teams - Nikhil Anant


Nikhil shared his experience of visiting Manali and the challenges it brought with it, describing how things can be explained in the form of stories for effective team communication.

4. “Making Front-end Testing Easier using Visual Regression” — Ambuj Gupta and Kanchan Patil

DCP19 Visual Regression session


Automation is my favorite part in Quality Assurance process, and these guys took it to the next level. 

5. Good UX = Accessible UI design - Nikita Aswani and Asmita Wagh

DCP19 Good UX = Accessible UI Design QED42


The best thing about the session was the fact that not only QAs but also Developers who were equally interested in implementing A11Y and considered it to be an inseparable part of their web-development practices. 

| DrupalCamp Pune Closing Session

Overall, it was a great event put up by the organizers of #DCP19. The closing session was hosted by Sushyl & Ajit, where we acknowledged the organizing team’s efforts and thanked them for making DrupalCamp Pune a huge success. Right from the swag-kits, keynotes, sessions, speakers, venue, food, after-party, and countless important items, the organizers deserve a huge round of applause. 

DCP19 Closing Session

Next year, I am looking forward to being a part of the organizing team and experience the excitement of planning DrupalCamp Pune! 

I have collected some pictures from the event and would like to share them with you. 

DCP19 Memories


| Conclusion

I really appreciate and thank you for taking out time for reading this post. Hope we cross paths at the next Drupal event. #DrupalThanks

Sep 27 2019
Sep 27

First, we need to add our Gatsby Site to Gatsby Cloud. To do this, go to the root directory of your Gatsby project and use git to commit all your recent changes. You will need to be able to push your git repository to Github so make sure you have a repo created in your Github account for this Gatsby project (the repository can be private or public).

cd [gatsby-project-folder]
git add .
git commit -m “Adding recent changes”
git push

Next, go to Gatsbyjs.com and click on the Gatsby Preview link to get started. Click the 14-day free trial and sign in with your Github account.

Once you are logged in, click the purple Create Site button.

Gatsby Create Site Button

Select the option to Add my own site.

Gatsby Add Site

Select the correct Github repository from the list and click the Next button. You don’t need to add any integrations so click Next. Note the preview URL as we will need that on our Drupal site.

Now it’s time to open up your Drupal site. We need to download and install the Gatsby Drupal module.

composer require drupal/gatsby

Once the module is installed, go to the Gatsby configuration page which is located under Admin > Configuration > System > Gatsby Live Preview settings.

Add the preview URL from your Gatsby Cloud account and click save. That’s it! You can now start editing content on your site and it will be sent to the Gatsby Live Preview server.

If it is not working, double check you are passing only the id into your page templates on your Gatsby site and building your pages by pulling all the data from a graphql page query in your page component. Go through the previous lessons for more information on how to correctly set up your Gatsby site to work with Live preview.

Sep 27 2019
Sep 27

The Layout Builder is one of the most exciting new features in Drupal 8. It's a site building tool that makes it easier to configure how your content is displayed in Drupal. You can use a drag-and-drop interface to combine fields, nodes, and other content, and actually control the layout used to contain that content.

You can also use it to build landing pages from the ground up: creating custom content blocks and placing them where you want in a layout. I was curious about how content editors would react to the Layout Builder interface, and if they would be able to easily build a landing page in this way. I did a short user test at DrupalCon Seattle and the test subject (an experienced Drupal content editor with a lot of patience) had a hard time figuring out where to start.

That's how this comparative study came about. The goal was to see how content editors use the Layout Builder, in the context of creating landing pages. My colleague Annika Oeser created a script and conducted the user testing, my colleagues Michiel Huiskens and Jigar Mehta set up the configuration in Drupal, and Sean Conner at Charles Shwab helped us recruit volunteers for the study.

A lot of work has gone into the Layout Builder already, and the user interface is undergoing constant improvement. This study specifically addresses the use case of content editors creating landing pages using the Layout Builder.

Layout builder demoUsing the Layout Builder to add a custom block

The Setup

To organize the study, we created a mockup of a simple landing page design. Our main instruction was open-ended: asking participants to create the landing page following the design we provided, and then move some of the content to the top of the page.

We had all the study participants do the task using Drupal with the Layout Builder and, as time allowed, also tested how they used WordPress with Gutenberg and Drupal with Paragraphs to give us some benchmarking.

We created three demos sites:

  • Drupal with the Layout Builder: we configured a landing page content type that has no fields, and the Layout Builder enabled on a per-node basis. The site includes block types to model the content components that appear on the landing page: text, image, call to action.
  • Drupal with Paragraphs: we configured a landing page content type and Paragraph types for the content components, as well as nested paragraph types like "2-column wrapper" to allow the content editors to build the layout
  • WordPress Gutenberg: No custom configuration

Landing Page MockupThe design for the sample landing page

First Impressions

As one participant said, "the biggest question is: 'Where do I create content?'"

Although at first, many participants asked themselves what the difference between a Block and a Section is, they were all able to quickly figure out the model of adding Sections. And they found that selecting the layout for a Section was easy.

Add blocksInterface for adding sections and blocks

Adding Blocks

Clicking the "Add block" link was obvious to all the participants, and once they found the "Add custom block" link, they had no trouble using this to populate their layout with content. However, along the way, they found a few aspects of the UI confusing:

  • All the participants observed that "When you go to add [a block], it's confusing to have all these options." The "Add custom block" link gets lost, even though it's at the top of the list.
  • Once the user selects "Add custom block", they can guess which block type to use, but it would be nice to have a way to explain the difference between the types. Block type names like "Text", "Call to Action", or "Basic Block" are abstract and hard to differentiate.
  • After adding several custom blocks through the Layout Builder, one user looked for a "Block Library", because he wanted to reuse one of the blocks he had just created.

List of options when adding a blockThe list of available block types when adding a block through the Layout Builder.

Editing Blocks

The most common complaint we heard about the block editing interface was about the word "Configure" when editing the content of a block. Content editors look for the word "Edit".

Another thing that content editors found confusing was the "Display title" checkbox next to the title field. Many participants asked "What is [the title] used for if it's not displayed?" In the case of adding custom blocks through the Layout Builder, it seems like the content editor shouldn't have to make this decision. And it would be nice if there was a clear way to indicate to the user what the purpose of this field is if it's not displayed.

Other feedback included:

  • When editing a block, there's no "Cancel" button, only an "Update" button.
  • "When I [double-]click on the content of a block, I feel like it should go into edit mode, like MailChimp."
  • Using this method of having custom block types to construct a landing page, the onus is still on the site builder to configure the fields that are well-labelled and easy for content editors to populate. So we heard feedback like "I would like for the default [text format] to be Full HTML."

Interface for editing a custom blockInterface for editing a custom block through the Layout Builder

Editing the Layout and Sections

Learning how to use the Layout Builder involves learning new terminology, and how to manipulate the Blocks and Sections. We heard several observations about this experience:

  • One feedback we heard many times was that the links to "Add section" and "Add block" should look more like buttons. This could be helpful because when the participants tried to drag-and-drop blocks on the page, they tried to move blocks into the "Add section" areas, because these look like part of the layout.
  • One user noticed that the "Add section" links "interfered" with her layout. Another user said "'Add section' feels intuitively like a place I should be able to put something."
  • Once a Section is created, it's hard to tell that it's a section, which can add to the initial confusion about the difference between a Block and a Section.
  • Also, when trying to move content from the bottom to the top of a layout, one participant said "It looks like the sections are movable. But I don't know how to select an entire section."

Findings About the Overall UI

Configuring the permissions for content editors to limit what they can do will be key to making the overall interface less distracting and easier to use. Some specific observations about the overall UI:

  • One participant clicked on the "Edit the template for all Landing Page content items instead" link. The interfaces are so similar that it wasn't clear to her what had happened and she continued editing as if she were editing a single landing page node.
  • Having the publishing status more visible on the "Layout" page would be helpful.
  • Having the "Save" link at the bottom of the "Edit" page, and the "Save Layout" link at the top of the "Layout" page seemed disorienting.
  • The fact that your default Layout can't be empty means that you have to have one block in the layout when the content editor first clicks on the "Layout" tab. This block prompted some questions and mild confusion from the content editors.

Comparison with Paragraphs and WordPress Gutenberg

When trying to create the same landing page layout with Paragraphs, participants found:

  • The nested-Paragraphs interface we provided for creating the two-column layout was more confusing and less flexible than the Layout Builder.
  • The Paragraphs interface is more familiar for someone who is used to working with the Drupal fields. Using Paragraphs was faster for creating and editing content.
  • One participant observed that "Paragraphs works well if you have simple content, but once the content and layout is complex, then it gets bloated. I would be curious to see how the Layout Builder handles complex content like that."

Comparing WordPress Gutenberg and the Layout Builder:

  • Participants observed that the two interfaces offer similar features and work in a similar way.
  • With Gutenberg, some of the styling options are hidden, in order to make the interface more sleek, and this can make it harder to find content editing options.
  • Gutenberg provides the flexibility of adding a wide variety of types of content to a landing page, while the Layout Builder allows (and requires) the site builder to pre-define the set of block types that can be added.

What Did We Learn?

One of the most interesting things we learned in the study was the workflow that content editors use. One said "I would like to be able to preview my layout before I start adding content to it. Just like a blank template [that I can send as a preview to my colleagues]." I noticed that some participants created the landing page in two rounds: first adding the content, and then doing another round of work to try and get it styled correctly by using the WYSIWYG and changing block types.

By the end of the testing sessions, all the participants were able to easily add/edit blocks. But getting used to the layout tools and figuring out where to go to add custom blocks in the first place was difficult for all of them. I know that controlling the list of available blocks is on the roadmap for the Layout Builder, and I think this will help immensely.

Although all the editors were able to figure out how to use the "Layout" tab, orienting the whole content editing process around the "Layout" tab would be helpful for editors. As one participant observed: "My habit is to go to the "Edit" tab, but all the useful things are in the "Layout" tab."

Terminology is hard to get right, and even harder to change. I think it's hard because what we call things change depending on what role we play. One very observant participant said "the word 'Block' is throwing me. To me, it should be content. When I have my content editor hat on, I'm looking for a link to add content." Likewise, content editors look for the word "Edit" instead of "Configure".

I hope these findings are useful for understanding how content editors think, and will be helpful for improving the UI of the Layout Builder for this use case. I also hope that site builders and developers can use this input create better configuration and documentation as we start to use the Layout Builder on our projects. As one content editor exclaimed at the end of the testing session "I'm excited about this new feature!"


About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web