Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough
Jul 14 2021
Jul 14

We are excited to announce the creation of Palantir.net's Fellowship program, a wonderful opportunity for us to provide qualifying candidates with the chance to attend DrupalEasy's Drupal Career Online (DCO). The first two fellowships will be awarded for the Fall 2021 session, and the second two will be awarded for the Spring 2022 session.

Fellowships At A Glance

  • Award: Full scholarship to cover the cost of Drupal Career Online and need-based support stipends. Paid internship/junior developer position with Palantir.net, dependent upon level of expertise and capabilities upon graduation
  • Eligibility: Available to candidates with diminished industry representation and/or who have been discriminated against and marginalized
  • Requirements: All candidates must meet the background requirements, apply to, and be accepted to Drupal Career Online. Recipients must commit to a paid internship and/or junior staff position with Palantir.net
  • Additional Perks: To celebrate your graduation, you'll receive additional stipends, professional mentoring, and an opportunity to work here with us

Think this is the perfect fit for you? Check out the application process!

You can also read more about the fellowship program and how DCO provides its participants with a clear pathway towards a successful Drupal career.

Our fellowships were created to provide the foundational tools and vital resources necessary for each of our recipients to become successful professionals who will bring valuable and unique perspectives to the Drupal community. 

As a company that believes in fostering, cultivating, and preserving diversity, equity, and inclusion makes us - and the world - a better place, this fellowship program is one part of our ongoing efforts to proactively identify and remove systemic barriers to equality. 

Here at Palantir.net, we're more than just a group of web professionals - we're curious, independent thinkers with exceptional passion, initiative, and talent. And if you're still curious about us, we invite you to learn more about our CultureTeam, and Work.

Or, better yet, reach out to me (Rachel Waddick) directly at [email protected]. As an extroverted communications person, I can guarantee that I'd love to hear from you! 

Jul 13 2021
Jul 13

Headless commerce is quickly becoming the gold standard in content management system architecture. In this article, Josh Miller delves into the capabilities of Drupal Commerce 2 for a headless setup.

Using Drupal Commerce 2 checkout for headless ecommerce

Drupal Commerce 2, like Drupal 9, was a big change from previous versions. The codebase is much different and it’s quite a learning curve when moving from older versions of Drupal, like 7 or 8. However, this is good. The new versions are modern and all-around better. I’ve had a number of revelations while working with Drupal Commerce 2 and Drupal 8 that made me smile. (If you haven’t upgraded to Drupal 9, check out my blog Drupal 8 to Drupal 9: The Easiest Major Upgrade in a Decade).

In this post, I’ll explore one revelation I had while working with Drupal Commerce 2’s checkout handling and how its forward-thinking development has paved the way (and encourages all new checkout panes to follow suit) for headless ecommerce using Drupal.

Drupal Commerce 2 checkout is not a form. Say what!?

Generally, when you think of checkout, you think of it as a sequence of events and one big final submission. This is further driven home by the idea that you can, and should, be able to go back and edit your checkout choices before the final submission. In Drupal Commerce 2, going back and forth between checkout steps is supported, but there is no final submission handler that saves everything.

Wait, what? That’s right, there’s no need to save all the data on the checkout form once checkout is completed. You see, all checkout panes (a step in the checkout process) have a submission event that gets called when it's time to save the data. So if you’re going to save data in a checkout pane, you have to do it after your customer has moved forward in the checkout process but before your customer is ready to commit to the checkout pane’s final value state (complete checkout). Submission is perceived to be at the end of checkout, not before.

On the surface that might make sense, in fact, this workflow being so obvious might even blind you to the implications. Since each pane is basically handling its own submission workflow, you can’t allow your form state to persist choices and not make a decision until the end. You’re probably, like me, thinking that saving data and reacting to data is the same thing. But this assumption is old, out-of-date, incompatible with best practices, and in checkout for Commerce 2, causes design problems.

Click to discover your ideal architecture with our analysis.

Explanation through an example: A checkout newsletter subscription

A common want is to include a little checkbox underneath a contact information email field where new or returning customers can opt-in to a newsletter. Sure, that’s no big deal, right?

Our customer expects that things in checkout aren’t real until they complete checkout (i.e. nothing is saved until they actually place the order). On the other hand, Drupal Commerce 2 expects all panes to save their data after a “continue to next-step” button gets clicked, submitting that pane.

Here’s how the checkbox would be made using our current form submission logic:

  1. Create a CheckoutPaneBase object that collects data through a checkbox.
  2. On the pane form submission, subscribe the customer to your newsletter.

Do you see the problem? If we react on pane submission (our only choice in our current way of thinking), we’ll subscribe the customer to our newsletter well before they are done with checkout. In fact, each time they see the first page of checkout and proceed to the second, they will be subscribed to our newsletter. Not only is this not what the customer would expect, but subscribing them multiple times is totally unnecessary and would likely cause problems. Subscribing the customer on pane form submission is the wrong approach.

This is where things get really trippy — and awesome and beautiful and wonderfully clever and great. You see, Drupal 8, which Commerce 2 is built around, has been designed to not require forms, form states and value persistence in order to trigger important actions. This is a whole new way of thinking and maybe the most important to our discussion. Previous to this, most Drupal 7 developers would have assumed that all forms require user-facing interfaces that would be submitted, but that is a pretty brutal assumption and has plagued a lot of Drupal installations over the years. If that was still the case, then form submissions are something that headless implementations of Drupal would never really trigger. There must be a better way.

Headless decoupling breeds better code using events.

If checkout was a single form with a final submission handler that submitted payment, subscribed users to newsletters, saved addresses to profiles, and did all the things you would expect all at once, then all the code that manages these things would have to react to a single form submission.

However, if we use Drupal's built-in event system instead, we suddenly have a much greater degree of control. But before we get into that, let’s first take a quick look at what events are and where they come from.

Drupal 8 made a big shift towards being object-oriented by adopting Symfony within its framework. Symfony provides a number of components useful in modern object-oriented programming, one of which is events. Events in Drupal 8 give developers a new way to extend and modify how interactions with core and other modules work. If you’re already familiar with Drupal 7, events are basically meant to replace hooks. Drupal 8’s event system documentation helps us to understand the basic concepts and components making up the event system.

  • Event Subscribers — Sometimes called "Listeners", are callable methods or functions that react to an event being propagated throughout the Event Registry.
  • Event Registry — Where event subscribers are collected and sorted.
  • Event Dispatcher — The mechanism in which an event is triggered, or "dispatched" throughout the system.
  • Event Context — Many events require a specific set of data that is important to the subscribers to an event. This can be as simple as a value passed to the Event Subscriber, or as complex as a specially created class that contains the relevant data.

Source: Drupal.org documentation, Subscribe to and dispatch events (link)

Getting back to our checkout scenario, if you use the events system and your checkout completion is simply a state transition from Draft to Completed, then other modules could subscribe to that transition event, take the saved data from the different pane submissions, and do whatever they want with it.

Do you see the beauty here? By forcing checkout panes to submit before the final submission, we (module builders, implementers, etc.) have a baked-in reason to store checkout decisions on the order so that order events can access them separately, giving us the ability to create orders with checkout decisions saved that can skip checkout completely and still have the events trigger the needed actions. This is quite powerful and opens up a whole new world of possibilities. Of course, since this is an implicit design choice, it’s up to the author of the module or code to see the reasons and embrace them.

Entity and event-based, instead of form-based

So to complete our newsletter subscription pane example using our new knowledge of events instead of form submissions, here’s what we would do:

  1. Create a CheckoutPaneBase object that collects data through a checkbox and saves it to the order (either through a field value or the ->setData typed data interface.
  2. Save this value on pane submission but don’t act on the value (i.e. don’t subscribe the user).
  3. Create an event subscriber and use the transition event you want to use as a trigger. Completing checkout makes the most sense.
  4. Treat the order value as a "request subscription to newsletter." Then, when the event fires and the event subscriber runs, it can look for the saved value and set the user to subscribed or not after it returns. This allows us to handle someone going through an event twice for some reason, like for multiple orders, etc.

Your customer gets subscribed to your newsletter when they, and you, expect them to. No forms are needed. ISN’T THAT AMAZING!

Thanks to the many authors of Drupal Commerce 2, including Bojan Živanović and Matt Glaman, who implemented this design choice years ago, many modules and implementations are simply technically better and likely ready for headless implementations now that headless is all-the-rage.

And best of all, from a developer standpoint, this also means the bulk of your most critical automated tests that interact with your code doesn’t have to access the checkout form. They simply have to have orders that get transitioned. This makes writing tests, which equates to better code, simpler.

Your Drupal Commerce experts

As a full-service Drupal agency, Acro Media has significant expertise in digital commerce architecture, ecommerce consulting and design, customer experience, Drupal development and hosting architecture. We would love the opportunity to work with you.

View Our Drupal Commerce Services

Editor’s note: This article was originally published on October 28, 2019, and has been updated for freshness, accuracy and comprehensiveness.

Jul 13 2021
Jul 13

Migrating data from any source to Drupal 8 is now made simple with various modules that allow easy data transfer. Migration in Drupal is a term for any process that moves data from an external source to the current Drupal site. You can migrate data that includes nodes, users, configuration, and any other components of the site. 

Drupal provides you many ways to migrate content. Depending on the website and source of the data, you can choose the best way to do it. However, migrating multilingual data can add a few more steps to your migration process. You will first need to migrate the base content and then migrate the translations. In this article, we will elaborate on these steps to help you get a better understanding of migrating multilingual content from CSV to Drupal 8.

CSV Import

Drupal 8 Migration Modules You Will Need

As mentioned earlier, Drupal offers tons of options and modules that can help you with an easy, hassle-free migration. For migrating multilingual content, you will need:

  1. Migrate: Provides a flexible framework for migrating content into Drupal from other sources.
  2. Migrate plus: Provides plugins for migrations like source plugins, process plugins, destination plugins and API extensions.
  3. Migrate Drupal: Provides support for migrating content and configurations.
  4. Migrate source CSV: Provides a plugin to import contents to Drupal from a CSV file.
  5. Migrate tools: This module gives UI tools and Drush commands used for migration.
  6. Configuration development module: This module converts script into configurations.

Step 1: Migrating the base content

To begin with migrating the base content, we will first need to create a custom module in Drupal 8.

Create Custom Module

Make sure that the info.yml has these keys and values.

You will need to create yaml files, which are known as migration scripts, and place it in the config/install directory of the custom module created. The config_devel/install key of info.yml should have all the yaml files written.

Yaml File

This is a sample yaml file for importing taxonomy terms. The migration script has 4 sections:

  1. Metadata: will have the id, label, and migration group id.
  2. Source: The source key should have the path to the CSV file.
  3. Process: The mapping between the fields and the CSV columns.
  4. Destination: The destination where the imported data is saved.

The yaml file node contents should be written similarly. The only difference being the destination. 

Entity Node

The destination plugin should be entity:node and the default_bundle will have the machine name of the content type to which the content is imported.

After creating all the yaml files, the IDs of the yaml should be included in the info.yml. Once everything is done, enable the custom module.

Use the Drush command drush cdi . Here the migration id is techx migration. This will convert the script into configurations.

After running the command go to admin>structure>migration. You will find the migration group you created by clicking on list migration. This will show you the list of the migration scripts created.

Operations

Clicking on execute tab will show the list of operations available:

Operations Available

Import is to pull the data from the source. 

Rollback will delete the data imported. 

The Stop is to interrupt the import or rollback process.

Sometimes a process gets stuck. To move the status to idle, Reset is used.

For a more detailed information on how to migrate the data of different entities like the user, paragraph, check CSV Import to Migrate Drupal 7 to 8 - A complete guide.

Step 2: Migrating the translations of the base content

If you already have enabled multilingual content on your Drupal 8 website, you can skip the first step. If you want to know how to create multilingual Drupal 8 websites (and why you might need one), check out this article.

1. Adding language to the Drupal website

To import translations, first we must make our website multilingual. Let us see how to download languages to the site.

  1. Enable the Language and Content translation module. These are core modules.
  2. Go to /admin/config/regional and language/language/add language.Add Language
  3. Clicking on the dropdown gives you a list of languages. Select the language you want on the site and click on Add language. This will download the language for your site.

2. Enabling translation for entities

Once we have installed the languages we need, we must enable the translations for the entities before importing or adding the translations to the content. For this, go to admin/config/regional/content translation. Select the entities to which you want to enable the translation and click on Save configurations.

In this example, I am importing the blog content type and thus I will enable translation for blog content type.

Language

3. Update the migration files

There are some changes that need be made on the yaml files to import the translations. Give the path of the CSV file of translated content as a base contents and translated contents are stored in different files. Changes in term translation.

tid

Add a new key tid in the process section of the script with the plugin as migration, source as id, and migration value should be the migration id of its base content migration script.

For node migration add a new key nid in the process section. Here the migration key will have the value of the migration id of its base content migration script.

Source Id

Another key should be added is translations with the value set to true. This should be added in the destination section of all the translation migration scripts irrespective of the entities.

Destination

Define the language to which the translation is imported using the langcode key. In this example I am importing Japanese translations, so the value will be ja.

Langcode

These changes tell the script to take the id of the content from the base content migration from which these contents are treated as translations rather than a new node.

Points to remember

  • The importing process should go in order. For example, if the terms are referred to in the node, the terms should be imported first before the node contents.
  • Enable the translation for the entities before importing the translations.
  • The order of translation contents in the CSV file should be the same as the base content. That is, the base content and its translations should be in the same line in the CSV file.
  • Import the base content first then the translation content. Else both will be treated as individual contents.
Jul 13 2021
Jul 13

https://www.drupal.org/project/editor_advanced_link

Credits & Thanks

Thank you to:

SEO Training Camp: https://moz.com/learn/seo/title-tag

About the Editor Advanced Link Module

The Editor Advanced link module allows you to define title, class, id, target, and rel for links in CKEditor. This helps your SEO by placing more text information about each link on the page.

Install and Enable the Editor Advanced Link module

  1. Install the Editor Advanced Link module on your server. (See this section for more instructions on installing modules.)

    editor advanced link module installation
     

  2. Go to the Extend page: Click Manage > Extend (Coffee: “extend”) or visit https://yourDrupalsite.dev/admin/modules  in your browser.
     
  3. Select the checkbox next to Advanced Link.
     
  4. Click the Install button at the bottom of the page.

There are no separate permissions required for the Editor Advanced link module.

Configure text formats to use Editor Advanced link module

  1. Go to the Manage > Configuration > Content Authoring > Text Formats and Editors (Coffee: “text”) or visit https://yourDrupalsite.dev/admin/config/content/formats in your browser.

    editor advanced link module configuration screen
     

  2. Click the Configure button next to the first text type listed. This will take you to the configuration options page for that content type.
     
  3. Scroll down to the bottom of the page and find the vertical tab called Limit allowed HTML tags and correct faulty HTML. If that tab is not there, skip to step 6.

    editor advanced link module allowed html tags
     

  4. In the field called Allowed HTML tags look for the tag.
     
  5. Put your cursor at the end of that tag within the field, and add “title class id target rel”. It will end up looking something like this but could vary:


     

  6. Click the Save configuration at the bottom of the page.
     
  7. Repeat steps 1-5 for each of the text formats.
     
  8. After completing all text formats, make sure to click the Save button at the bottom of the Text and Format Editors page.

Using the Editor Advanced link module when adding links to your nodes

  1. Open an existing node and click the Edit tab or create a new node.
     
  2. Select the text to be linked and click the link image button in the editor menu bar.

    editor advanced link module in action
     

  3. Open the Advanced drop-down section.

    editor advanced link module add link pop p window
     

  4. There will be fields to add a Title, CSS classes, ID and Relation information along with a checkbox that will open the link in a new window. Fill in the appropriate fields as needed.
     
  5. Click the Save button to create the link and make sure to save your content.

Did you like this walkthrough? Please tell your friends about it!

facebook icon twitter social icon linkedin social icon

Jul 13 2021
Jul 13

With digital accessibility getting more awareness lately, content management systems are also adapting to this by offering more and more features that enable marketers to produce content which is easily accessible to all.

Drupal is one of the best-known CMS solutions and it also holds the title as one of the most accessibility-focused ones, especially when it comes to open-source options. In this article, we’ll take a look at what makes Drupal such a great choice for accessibility needs.

Commitment to inclusivity

The Drupal community is one of the most diverse and inclusive tech communities in the world. Diversity and inclusion are not just essential values on paper; they’re also lived by leaders and members of the community.

This human-based approach also shines through when it comes to designing new core features, themes and modules, as well as all other activities related to the Drupal project. Both the core team and individual contributors are committed to contributing tools that can be used equally well by anyone, in the true spirit of Drupal’s commitment to accessibility.

A11y best practices baked into core design

As just stated under the previous point, the Drupal core team makes sure that contributed code follows accessibility standards and these best practices are then implemented in the core design of the Drupal framework. Its code uses well-structured, semantic HTML which uses ARIA (Accessible Rich Internet Applications) attributes and is WCAG 2.0 AA compliant.

Streamlined editorial features

One of Drupal’s biggest accessibility wins is how far its editorial interface has come. Drupal 8 already introduced massive improvements from version 7 with handy features for administrators and editors such as requiring alt text for uploaded images. Drupal 9, released just over a year ago, has streamlined the editorial experience even further.

  • Claro, the new admin theme: the modernized Claro back-end theme arrived in Drupal core with version 9. Not only is the theme sleeker and more user-friendly, it also takes care of some less obvious potential accessibility issues, for example by automatically generating some extra padding for images inserted in articles.
  • The Layout Builder: similarly, this Drupal 8 experimental module was moved into core with version 9. While comparable to the Gutenberg block editor in WordPress, Layout Builder was accessible right out of the box; in contrast, the block editor was initially infamously criticized for its accessibility failures (granted, WordPress was quick to start resolving these).

New and fresh front-end theme

While most brands will opt for a customized theme for their Drupal websites, having a strong and accessible default theme certainly doesn’t hurt. The new theme Olivero was shipped as an experimental theme with the release of Drupal 9.1 and it’s planned to be included as a default starter theme by version 10.

Not only does Olivero support the latest features of Drupal, it was also built with WCAG AA conformance top of mind right from the start, with the core Olivero team containing several accessibility experts.

Abundance of accessibility modules

If all the out-of-the-box features aren’t enough, there’s also a wide variety of accessibility-focused Drupal modules available to download and install, ranging from general to heavily specialized ones. You can read more about the top Drupal accessibility modules here

Open source

One of Drupal’s most compelling features is its open-source nature. This is particularly important for accessibility, since both Drupal core and contributed modules are literally accessible to everyone, free of charge (in contrast, the majority of the top WordPress plugins are paid plugins).

Moreover, due to the strong commitments to accessibility we’ve outlined in this article, Drupal is not only accessible to download, but also usable. Granted, the learning curve for less tech-savvy beginners is steep, but even that is primed for improvement with the new Easy out of the box initiative. 

Conclusion

Lightbulb with several crinkled pieces of paper scattered around

Drupal has made great strides towards becoming the number one accessibility-focused CMS in the past half a decade, and its future plans are to become even more people-centered and user-friendly.

If your company or organization is in need of powerful accessibility features, Drupal may just be your best bet, especially if you also benefit from some of its other strong suits, e.g. its advanced publishing workflows or its customizability. 

In case you do decide on Drupal and need some extra development capacity, our experienced Drupal developers will be happy to help you out. Get in touch with us or learn more about working with us.

Jul 13 2021
Jul 13

With Drupal 8 reaching its end-of-life on Nov 2, 2021, you must upgrade to Drupal 9 before November to keep your site secure. Let's have a look why migrating now is best option for your web platform.

Drupal is among the most robust CMS that is seeing increased use in complex websites. Like most CMSs, Drupal is upgraded regularly to add new features for a holistic visitor experience and added security features. Therefore, it is always helpful to have the CMS upgraded to the latest version. However, the impending end of support of Drupal 8 on 2nd November 2021 requires you to go for a Drupal 8 to 9 upgrade quickly.

Why must you Upgrade to Drupal 9?

Drupal 8 is Nearing the End-Of-Life

One of the prime reasons you need this upgrade is that Symfony 3 and Drupal 8 reach the end of life. It is happening even before Drupal 9.3.0 is released. It is also essential to know that the upgrade from Drupal 8 to Drupal 9 is more straightforward than the earlier versions. Once the support is lifted, there will be no bug fixes, security updates, or creation of new features or modules. It will be challenging to protect the website from cyberattacks or stay ahead of the competition. The Drupal 9 upgrade will provide you with support from the Drupal community.

drupal 8 end of life - upgrade to drupal 9

(Source: Drupal.org - How to prepare for Drupal 9)

Few Unique Features in Drupal 9

Let us learn about some of the critical features of Drupal 9 that will provide an impetus for a quick upgrade.

  • It is Backward Compatible

    Drupal 9 is compatible with its predecessor and can use the modules and configurations used in Drupal 8. It will ensure that the performance of the system will not be affected. Your website will operate faster and with clutter-free technology.
     

  • No Deprecated Code

    One of the issues of migration projects is the need for a cleaner codebase. No deprecated code will be supported and used in the Drupal setup. When you upgrade to Drupal 9, there will be a cleaner codebase and improved site performance.
     

  • New Versions of Symfony and Twig

    The older versions of these platforms will be removed, and you must upgrade to the newer versions. It helps to enhance website security and enhances the developer experience. For example, there will be an upgrade to Symfony 4 or 5, while there could be an upgrade to Twig 2.0.
     

  • Multi-Lingual Support

    Global corporations have websites in the language of the country where they are operating. It helps them to talk in the language of the audience. Drupal 9 allows multi-lingual support, and the editors can manage language versions conveniently.

Tips for Upgrading to Drupal 9

When you upgrade to Drupal 9, you must ensure that the version is updated. Are you aware that the upgrade from Drupal 8.9.0 to Drupal 9 would involve updating Symfony and Twig? It will also include the removal of the deprecated libraries and code.

As a first step, you must ensure that the site runs on a stable version of Drupal 8. The Upgrade Status module can help check the contributed module's compatibility and assess the system requirements. The custom modules must be checked for the use of APIs or deprecated libraries.

While you are still on Drupal 8, you must upgrade the contributed modules and the themes to the Drupal 9 compatible versions. You can use the Upgrade Status module to generate a report on the readiness of the modules for the proposed upgrade to Drupal 9.

If you are using custom themes or modules, always check if they are compatible with the new version of Drupal. You can scan using the Upgrade Status module and remove any deprecated APIs that may be present. Moreover, you must also check whether the PHP, MySQL, and the web server are running on compatible versions.

How can you upgrade to Drupal 9 from Drupal 8.7 or earlier?

You must migrate the Drupal 8 site to Drupal 9 to see the end of life in November this year. When you have decided to relocate, you must first update the Drupal 8 site with the most recent version of both the contributed and core themes and modules. In addition, the site must be upgraded to at least Drupal 8.8.0 as earlier modules are unlikely to be compatible with Drupal 9.

Before you plan the upgrade to Drupal 9, you must have an inventory of the contributed modules, custom modules, and themes.

Custom modules: You can install drupal-check running as a part of CI workflow or running on the development environment. You will understand the activities to be performed to have the custom code compatible with Drupal 9. You can note down the modules which have a compatibility issue. Check whether you need them anymore.

Contributed modules: The contributed modules can be segregated into groups that will show the amount of effort needed. First, check the modules that have a Drupal 9 release. Also, check whether these would be significant updates or would they be minor ones.
The latest releases of the contributed module can often support both the versions of Drupal 8 and 9. Thus, the effort needed will be the least, and you can start from here.

You must update to the latest version of the core to allow the database to be ready for migration. The contributed modules will also be prepared for the Drupal 9 upgrade. Once all the components are compatible, you must update the core to Drupal 9 and run the update.php program.

How can you upgrade from Drupal 8.8 or later?

The themes and the contributed modules must be updated. You can use the Update Status module to check the compatibility with the Drupal 8.8 site. You can check the module’s project pages for the Drupal 9 upgrade. If the website has themes or custom code, always ensure they are not using any code that was deprecated in 8.8 and must be removed. When all the components are compatible, you can update the core to Drupal 9 and run the update.php.

Conclusion

Drupal is increasingly getting popular with heavier and more complex websites. In keeping with the trend of periodically upgrading Drupal, the advent of upgrade to Drupal 9 comes with several benefits. You must upgrade from Drupal 8 to Drupal 9 as Drupal 8 will see the end of life by November this year.

Are you looking for experts for migrating your website to Drupal 9? We are happy to help and are just a phone call away or contact our experts to get started on your Drupal upgrade today!

Jul 13 2021
Jul 13

Accepting payments on a Drupal website

Drupal is a very good and secure content management system the website admin uses to upload text and images. However, to enable this website to do something more than just serve as a blogging platform, its functionality can be extended by integrating additional modules. The modules consist of a set of PHP, CSS, and JavaScript code that interacts with the system core and adds new capabilities. The modules and Commerce, Kickstart, and Ubercart distributives are what you need to enable your website to work with goods and cash transfers.

Though Commerce in itself doesn’t include the payment function, it offers a ready framework and an admin panel the function can be integrated into. The user should download the module for the Drupal Commerce platform, which is integrated with the selected payment system or gateway, and set it up in the admin panel. The list of EPSs and payment gateways compatible with Commerce includes both the world-known PayPal, Stripe, Braintree, Authorize.net and 100-plus small aggregators listed in the module documentation. If the payment gateway you wish to use on your website is missing from this list, Drupal Commerce framework allows developing the module on your own.

And what will happen if you neglect to perform integration with the payment gateway? We were approached by a client whose buyers, when trying to pay for the order, were pushed out to the bank website where the payment was to be carried out. The magic was unveiled and unnecessary steps were added to the payment procedure; as the result, the buyer was not happy. You’ll be lucky if the buyer finalizes the purchase, but the chances of the buyer returning reduce as there are more convenient stores. Based on programmers’ estimates, it may take tens of hours to develop a solution for Drupal Commerce integration into an unknown payment system. It’s expensive but look ahead — by saving on development now, you are likely to lose buyers and money later.

We talked about Commerce, Kickstart and Ubercart in our first post and provided the Commerce installation and setup guidelines in the same post. That’s why let’s use the remaining space for other aspects. For instance, we’ll describe an exceptional case you also can experience if you accept payments from a foreign bank.

The child health clinic "Under 16 years old" is one of our clients. To enable payment for services, we used the payment gateway of Sberbank (a major Russian bank). Some gaps were found in the bank documentation: nothing was said about the case when a payment made by a foreign bank card fails. This was the case the clinic’s customers faced when they tried to pay by cards issued by Kazakh banks. The problem was resolved only in personal consultation with the technical support of Sberbank. The moral and recommendation would be as follows: since it is not always the developers who are to blame for all acquiring issues, contact the support teams of all services involved in the process if you are going to have international transactions.

Data security

Who is responsible for data security? What is the site owner to do to protect the buyers’ payment data from leaking anywhere?

Usually, if you need to keep card details, you should select a payment system that allows doing this on its side (for example, Stripe). In this case, the online store website operates only with the identifiers needed to request data from the payment system. However, the data leak is still possible as the attacker might find some security gaps during setup of the web server or in the application itself and use the gaps to embed the code to collect personal data or can steal private keys for the aggregator integration.

To be on the safe side, it makes sense to maintain security updates for CMS and the modules, configure the web server and access rights correctly, and be mindful of the system functional testing to differentiate the access rights to ensure that anonymous users cannot access the orders or that buyers cannot view each other’s orders.

Costs

Surely, a third-party service also wants to earn money and charges business internet professionals a fee for some of its services. All providers of internet acquiring services are similar in that they charge a commission for each remittance. For instance, Stripe charges 2.9 % of the payment plus 30 cents and promises ‘no setup fees, monthly fees, or hidden fees’. Good client-oriented services are ready to offer you a special percentage rate based on your region, business type, and monthly revenue.

In addition to the remittance fee, payment services can charge fees for:

  • Monthly usage
  • Service setup
  • Chargebacks
  • International fund transfers

Read the tariff information of each payment service provider carefully.

An online shop offering search by products, filters, payment page, personal account, etc. will require a higher-performance server as compared with an online business card or a media outlet, which is why additional expenses will be needed for the online shop hosting.

Conclusion

Judging from experience, website owners can go very deep into the aspects relating to the differences between the payment systems, data security, and so on, but they are not always able to put this knowledge readily into practice. Remember the story about in-house development of the module that enables interaction with the payment gateway. As you might guess, this task requires some programming skills. We are writing this post because we want to share the same language with entrepreneurs but we suggest that you should delegate the tasks of the payment system implementation and setup to your contractor.

Jul 12 2021
Jul 12

This article was co-authored with Tim Lehnen, CTO of the Drupal Association, and cross-posted on Drupal.org.

Sustaining open-source projects is the challenge of this decade. Understanding how contributions are made—by volunteers, sponsored by an organization, or both—can create incentives for ongoing support. The Drupal project has measured contributions in Drupal.org issues since 2015 using an issue credit system that captures contributions—including code, documentation, speaking at events, security review, etc.—from both individuals and organizations. This insight is used to shape incentives for the business entities that participate in the Drupal ecosystem.

Issue trackers can explain what changes have occurred and why they are important. Version control systems such as Git track changes to a code repository, who changed what, and when. Drupal's issue credit system dramatically expands the kinds of questions that we can ask about an open source project to include questions such as, "How much do volunteers contribute to the project?" or "How many of the contributions to this project are sponsored?"

In this article, we will describe how Drupal's issue credit system works and why we would like to bring it to GitLab and other code collaboration platforms. We hope that other free/libre and open-source projects and organizations that want to understand their return on investment in open source can model their approach on this issue credit system and benefit from the insights we have learned in the Drupal community.

How It Works

Drupal's issue credit system provides an interface that allows a person to describe the circumstances that facilitated their contributions for each issue on Drupal.org. Each issue on Drupal.org can credit multiple people, and may pertain to a code contribution, Drupal initiative meetings, Drupal event planning, podcast, and more. For instance, for each meeting for the group of people working on Drupal's new front-end theme, Olivero, Matthew creates an issue that is tagged as "meetings," the meeting notes are posted in the issue, and each attendee for that meeting receives credit.

Use of the issue credit system is optional, and there are three potential aspects of each issue credit.

First, a Drupal.org user can optionally attribute their participation in a specific issue to a company that allotted time for them to work on the issue. This is typically an employer that pays that person's salary or wage. This organization must be directly tied to the contributor's user profile on Drupal.org as a current or past employer and the organization must have an organization profile on Drupal.org. For instance, in Drupal issues, Matthew can credit his employer, Lullabot, whereas Tim can credit his employer, the Drupal Association.

Second, in addition to attributing a contribution to an organization, the credit system also allows someone to attribute their work to a "customer" (client), which also must have an organization profile on Drupal.org. Thus, in addition to crediting Lullabot, Matthew could also give credit to Georgia Public Broadcasting (GPB) when he is doing work on their behalf, such as porting the NPR and PBS Media Manager modules to Drupal 8. Tim, who works for a nonprofit, does not usually do work on behalf of a "customer" and would not typically use this field.

Third, for each issue, someone can check a box that indicates they volunteered their own time to work on the issue. For instance, Matthew has a long history of working in public media, feels a deep connection to the mission of public media organizations, and often added features to the public media modules on his own time after work. He added features that were not necessarily useful for GPB, but that would allow other public media organizations to use the module. Therefore some of his work was on behalf of his employer, for a customer, and volunteer. These are the sort of contributions that are difficult to measure without Drupal's credit system.

Finally, because we don't want to overwhelm our contributors with "paperwork," the credit system remembers a user's attributions as the default for their next issue.

This shows how the UI works:

The project maintainer can then select which issue comments truly contributed to the resolution of the issue, and all of the individuals and organizations attributed in those comments will receive credit:

Why and how do we use this data?

We have been using the issue credit system in the Drupal project since 2015. We created the first analysis of the data in 2016 in a report titled Who Sponsors Drupal Development? that has been updated each year since.

Those reports contain answers to question such as:

  • What is the Drupal community working on?
  • Who is working on Drupal?
  • How much of the work is sponsored?
  • Who is sponsoring the work?
  • How diverse is Drupal?

The data are also used to determine the order of the organizations listed on Drupal's Marketplace page. In contrast to a simple alphabetical ranking, or even paid placement for marketplace ranking, using the credit system in combination with other factors allows us to promote organizations that are good open source citizens first — and thus incentivize that behavior from other organizations. In addition to considering data from issue credits, those lists use an algorithm that also considers factors about an organization such as the number of case studies, whether they financially support the Drupal Association, and the number of projects supported.

Why We Want to Share

Every free/libre and open source project adopts slightly different values. Some projects consist entirely of contributions from people who are all doing work for one employer and Drupal's issue credit system might not seem to be particularly useful to them. However, most organizations know that an open-source project with the support of just one company is a risk. For example, many of the open-source projects used in the financial sector were originally created by people working at a single company. However, the Fintech Open Source Foundation (FINOS), which works with companies in financial services, created a rubric to help organizations evaluate the health of open source projects, and one of their definitions of a healthy project is one that "is composed of individuals from 3+ organizations, ideally of 2+ org types, and including 1 bank." A tool like Drupal's issue credit system can help outsiders get a much better sense about the diversity of the contributors to a project.

Interestingly, FINOS also views it as a positive sign that "No requirement exists for developers to create a separate 'work' /corporate Github ID." They encourage organizations to pay their employees to work on open source projects. They want people to contribute as part of their jobs, with contributing written into their job descriptions and NOT something they do in their volunteer time.

In addition to the FINOS rubric, there are other metrics that specifically refer to volunteer and organizational support. Here are a few examples:

  • Internews created the BASICS program (Building Analytical and Support Infrastructure for Critical Security tools) that includes a rubric to help reporters and organizations determine which open source tools they can trust. Among the questions they ask include "Are the maintainers primarily volunteers, or are they employed by an organization or company specifically to work on the tool?"
  • The Apache Maturity Model considers if "contributors act as themselves as opposed to representatives of a corporation or organization."
  • The Community Health Analytics Open Source Software (CHAOSS) community, a Linux Foundation project focused on creating analytics and metrics to help define community health, suggests a wide variety of questions and considerations regarding "organizational diversity" such as, "What is the number of contributing organizations?" and a consideration of "ratio of contributors from a single company over all contributors." This issue credit system also could help outsiders understand the potential "elephant factor," which measures how dependent a project is on a small set of corporate contributors.

We've also seen end-user organizations begin to use Drupal's contribution data in their formal RFPs when seeking a vendor for work. Because this contribution recognition system acts as a proxy for good open source citizenship, both private and public sector organizations have found value in asking companies to provide their contribution history as part of their bids. This feeds a virtuous cycle of continuous contribution.

We would love for other organizations and projects to benefit from the kind of insight we've been able to gather in the Drupal community. But for Drupal's issue credit system to be useful to other organizations, it cannot only exist on Drupal.org, which is why we want to port our system to other development platforms, including GitLab, GitHub, and GNU Savannah. Drupal has already moved its code repository to GitLab and we have an open issue on GitLab to port Drupal's issue credit system.

Limitations

Drupal's issue credit system is clearly an improvement on previous systems that the Drupal community tried and later found insufficient, such as Certified to Rock (too opaque) or DrupalCores (only measures code contributions). However, the issue credit system is not without limitations.

When Dries Buytaert first proposed that the Drupal community adopt a method for giving credit to organizations that contribute code to open source he did so in order to "encourage more organizations to contribute to Drupal and hire core developers." Many of us who care about Drupal hoped this new system could be used to better recognize all aspects of contribution to the Drupal community. We saw people making a wide variety of useful contributions to the Drupal project and we wanted to give credit where it was due.

While there's a common belief that we can use metrics to increase the number of organizational and individual contributors, a great deal of research suggests that trying to use metrics to shape communities can lead to undesirable results. In fact, Goodhart's Law, named after British economist Charles Goodhart, states any measure used for control is unreliable. Indeed, we have found that Drupal's issue credit system, like any public metric, has encouraged some people to shift their focus from making useful contributions to "gaming the system." While some people have found ways to do the minimum amount of work in hopes of raising their profile or that of their employer, we encourage all contributors to break issues down into small parts so a large contribution doesn't count the same as a small one.

Drupal's credit system seems to avoid one of the pitfalls that Jerry Muller mentions in his book The Tyranny of Metrics: "measure output, not input." Rather than giving people credit simply for trying, Drupal's credit system captures committed changes to the Drupal codebase --- the output. However, this system has grown to include many other kinds of contributions, including conference presentations, initiative meeting attendance, accessibility reviews, and much more. Consequently, it could be argued that Drupal's issue credit system has grown to measure all sorts of inputs and the Drupal community has shifted focus toward one of the outputs of the issue credit system: the "leaderboard" on Drupal's Marketplace page.

In some instances, leaderboards positively motivate community members. But leaderboards can also demoralize people when a change to the algorithm lowers their company's rank on the Marketplace. For instance, a long-time Drupal contributor found a change to the algorithm that caused his company to drop down dozens of places on the Marketplace listing "incredibly demoralizing" and another well-known community member felt that his "contributions are now devalued."

For everyone who feels proud to see their company placed highly on the Marketplace page there are many others who are left out. This is consistent with research on leaderboards in other communities that found how such rankings discourage contribution when "leaderboards elevate the top ten or twenty-five participants in populations of tens of thousands" and the "vast majority of members ... perceive that they have no chance of making the list" (50).

This is an ongoing area of concern that requires careful attention for any community looking to implement such a system. For the Drupal community, we are careful to ensure that this contribution credit system is used to provide recognition for individuals, but not rank. We believe ranking individual contributors is an unhealthy model that doesn't account for the privilege of free time.

On the other hand, because presenting an ecosystem of Drupal service providers creates a defacto ranking system—it's in our best interest to choose one based on contribution behavior that promotes good open source citizenship, rather than something more capricious or arbitrary like a simple alphabetical or randomized list.

Start with a Goal, Not a Metric

The CHAOSS community recommends that free/libre and open-source communities adopt a Goal-Question-Metric format. In this format, a community first establishes goals. Then they need to establish questions that characterize the assessment or achievement of a specific goal. If the answer to the question does not matter, the community does not need information (metrics) and therefore does not need to measure.

Consequently, we view that Drupal's issue credit system is most well suited to organizations that have specific goals and that have questions pertaining to sponsorship, volunteerism, diversity, and related topics. In the Drupal community, many people who had been participating for a decade or more saw a clear shift in the community from being that of primarily hobbyists to that of professional developers. If nothing else, Drupal's issue credit system has shown us that organizations have played a significant, and growing, role in the development of Drupal. We can now state rather confidently that more and more contributions are sponsored, but volunteer contributions remain important to Drupal's success. We know that of the people using the issue credit system, 5% were "purely volunteer" compared to 69% that were "purely sponsored." We know that Drupal's contributors have become more diverse, but that we would still like to increase diversity.

Despite its limitations, we feel that Drupal's issue credit system offers significant value and we would like to see it adopted more widely. We are in the process of making individual and organizational credit an official metric of the CHAOSS project. We would like to see it adopted on GitLab, GitHub, GNU Savannah, and other platforms. Furthermore, if we standardize across these platforms, then the project health analytics researchers can study these attributes across all the projects and tooling ecosystems that support this data, and we can share the effort.

Would you like to know at a glance whether an open source project is primarily sustained by individuals or organizations?

Would you like to know who they are?

Would you like a window into good citizenship in your open source project?

Please join us! You can show your support by adding your own feedback on the issue to add the feature to GitLab.

Jul 12 2021
Jul 12

In this retrospective post, guest author Matthew Tift of Lullabot reflects on Drupal's contribution recognition system, how it has impacted open-source sustainability, and how it might be standardized and adopted by other open-source projects.

Matthew is a Lead Engineer at Lullabot. He has been involved in the Drupal project since 2010, helping to organize multiple Drupal core initiatives and writing extensively about the Drupal community.

Sustaining open-source projects is the challenge of this decade. Understanding how contributions are made—by volunteers, sponsored by an organization, or both—can create incentives for ongoing support. The Drupal project has measured contributions in Drupal.org issues since 2015 using an issue credit system that captures contributions—including code, documentation, speaking at events, security review, etc.—from both individuals and organizations. This insight is used to shape incentives for the business entities that participate in the Drupal ecosystem.

Issue trackers can explain what changes have occurred and why they are important. Version control systems such as Git track changes to a code repository, who changed what, and when. Drupal's issue credit system dramatically expands the kinds of questions that we can ask about an open-source project to include questions such as, "How much do volunteers contribute to the project?" or "How many of the contributions to this project are sponsored?"

In this article, we will describe how Drupal's issue credit system works and why we would like to bring it to GitLab and other code collaboration platforms. We hope that other free/libre and open-source projects and organizations that want to understand their return on investment in open source can model their approach on this issue credit system and benefit from the insights we have learned in the Drupal community.

How It Works

Drupal's issue credit system provides an interface that allows a person to describe the circumstances that facilitated their contributions for each issue on Drupal.org. Each issue on Drupal.org can credit multiple people, and may pertain to a code contribution, Drupal initiative meetings, Drupal event planning, podcast, and more. For instance, for each meeting for the group of people working on Drupal's new front-end theme, Olivero, Matthew creates an issue that is tagged as "meetings," the meeting notes are posted in the issue, and each attendee for that meeting receives credit.

Use of the issue credit system is optional, and there are three potential aspects of each issue credit.

First, a Drupal.org user can optionally attribute their participation in a specific issue to a company that allotted time for them to work on the issue. This is typically an employer that pays that person's salary or wage. This organization must be directly tied to the contributor's user profile on Drupal.org as a current or past employer and the organization must have an organization profile on Drupal.org. For instance, in Drupal issues, Matthew can credit his employer, Lullabot, whereas Tim can credit his employer, the Drupal Association.

Second, in addition to attributing a contribution to an organization, the credit system also allows someone to attribute their work to a "customer" (client), which also must have an organization profile on Drupal.org. Thus, in addition to crediting Lullabot, Matthew could also give credit to Georgia Public Broadcasting (GPB) when he is doing work on their behalf, such as porting the NPR and PBS Media Manager modules to Drupal 8. Tim, who works for a nonprofit, does not usually do work on behalf of a "customer" and would not typically use this field.

Third, for each issue, someone can check a box that indicates they volunteered their own time to work on the issue. For instance, Matthew has a long history of working in public media, feels a deep connection to the mission of public media organizations, and often added features to the public media modules on his own time after work. He added features that were not necessarily useful for GPB, but that would allow other public media organizations to use the module. Therefore some of his work was on behalf of his employer, for a customer, and volunteer. These are the sort of contributions that are difficult to measure without Drupal's credit system.

Finally, because we don't want to overwhelm our contributors with 'paperwork,' the credit system remembers a user's attributions as the default for their next issue.

This shows how the UI works:

Issue credit ui

The project maintainer can then select which issue comments truly contributed to the resolution of the issue, and all of the individuals and organizations attributed in those comments will receive credit: 

Maintainer credit ui

Why and how do we use this data?

We have been using the issue credit system in the Drupal project since 2015. We created the first analysis of the data in 2016 in a report titled Who Sponsors Drupal Development? that has been updated each year since: 2017 report, 2018 report, 2019 report, and the 2020 report. Those reports contain answers to questions such as:

  • What is the Drupal community working on?

  • Who is working on Drupal?

  • How much of the work is sponsored?

  • Who is sponsoring the work?

  • How diverse is Drupal?

The data are also used to determine the order of the organizations listed on Drupal's Marketplace page. In contrast to a simple alphabetical ranking, or even paid placement for marketplace ranking, using the credit system in combination with other factors allows us to promote organizations that are good open source citizens first -- and thus incentivize that behavior from other organizations. In addition to considering data from issue credits, those lists use an algorithm that also considers factors about an organization such as the number of case studies, whether they financially support the Drupal Association, and the number of projects supported.

Why We Want to Share

Every free/libre and open source project adopts slightly different values. Some projects consist entirely of contributions from people who are all doing work for one employer and Drupal's issue credit system might not seem to be particularly useful to them. However, most organizations know that an open-source project with the support of just one company is a risk. For example, many of the open-source projects used in the financial sector were originally created by people working at a single company. However, the Fintech Open Source Foundation (FINOS), which works with companies in financial services, created a rubric to help organizations evaluate the health of open-source projects, and one of their definitions of a healthy project is one that "is composed of individuals from 3+ organizations, ideally of 2+ org types, and including 1 bank." A tool like Drupal's issue credit system can help outsiders get a much better sense about the diversity of the contributors to a project.

Interestingly, FINOS also views it as a positive sign that "No requirement exists for developers to create a separate 'work' /corporate Github ID." They encourage organizations to pay their employees to work on open source projects. They want people to contribute as part of their jobs, with contributing written into their job descriptions and NOT something they do in their volunteer time.

In addition to the FINOS rubric, there are other metrics that specifically refer to volunteer and organizational support. Here are a few examples:

  • Internews created the BASICS program (Building Analytical and Support Infrastructure for Critical Security tools) that includes a rubric to help reporters and organizations determine which open source tools they can trust. Among the questions they ask include "Are the maintainers primarily volunteers, or are they employed by an organization or company specifically to work on the tool?"

  • The Apache Project Maturity Model considers if "contributors act as themselves as opposed to representatives of a corporation or organization."

  • The Community Health Analytics Open Source Software (CHAOSS) community, a Linux Foundation project focused on creating analytics and metrics to help define community health, suggests a wide variety of questions and considerations regarding "organizational diversity" such as, "What is the number of contributing organizations?" and a consideration of "ratio of contributors from a single company over all contributors." This issue credit system also could help outsiders understand the potential “elephant factor,” which measures how dependent a project is on a small set of corporate contributors.

We've also seen end-user organizations begin to use Drupal's contribution data in their formal RFPs when seeking a vendor for work. Because this contribution recognition system acts as a proxy for good open-source citizenship, both private and public sector organizations have found value in asking companies to provide their contribution history as part of their bids. This feeds a virtuous cycle of continuous contribution. 

We would love for other organizations and projects to benefit from the kind of insight we've been able to gather in the Drupal community. But for Drupal's issue credit system to be useful to other organizations, it cannot only exist on Drupal.org, which is why we want to port our system to other development platforms, including GitLab, GitHub, and GNU Savannah. Drupal has already moved its code repository to GitLab and we have an open issue on GitLab to port Drupal's issue credit system.

Limitations

Drupal's issue credit system is clearly an improvement on previous systems that the Drupal community tried and later found insufficient, such as Certified to Rock (too opaque) or DrupalCores (only measures code contributions). However, the issue credit system is not without limitations.

When Dries Buytaert first proposed that the Drupal community adopt a method for giving credit to organizations that contribute code to open source he did so in order to "encourage more organizations to contribute to Drupal and hire core developers." Many of us who care about Drupal hoped this new system could be used to better recognize all aspects of contribution to the Drupal community. We saw people making a wide variety of useful contributions to the Drupal project and we wanted to give credit where it was due.

While there's a common belief that we can use metrics to increase the number of organizational and individual contributors, a great deal of research suggests that trying to use metrics to shape communities can lead to undesirable results. In fact, Goodhart's Law, named after British economist Charles Goodhart, states any measure used for control is unreliable. Indeed, we have found that Drupal's issue credit system, like any public metric, has encouraged some people to shift their focus from making useful contributions to "gaming the system." While some people have found ways to do the minimum amount of work in hopes of raising their profile or that of their employer, we encourage all contributors to break issues down into small parts so a large contribution doesn't count the same as a small one.

Drupal's credit system seems to avoid one of the pitfalls that Jerry Muller mentions in his book The Tyranny of Metrics: "measure output, not input." Rather than giving people credit simply for trying, Drupal's credit system captures committed changes to the Drupal codebase — the output. However, this system has grown to include many other kinds of contributions, including conference presentations, initiative meeting attendance, accessibility reviews, and much more. Consequently, it could be argued that Drupal's issue credit system has grown to measure all sorts of inputs and the Drupal community has shifted focus toward one of the outputs of the issue credit system: the "leaderboard" on Drupal's Marketplace page.

In some instances, leaderboards positively motivate community members. But leaderboards can also demoralize people when a change to the algorithm lowers their company's rank on the Marketplace. For instance, a long-time Drupal contributor found a change to the algorithm that caused his company to drop down dozens of places on the Marketplace listing "incredibly demoralizing" and another well-known community member felt that his "contributions are now devalued." 

For everyone who feels proud to see their company placed highly on the Marketplace page there are many others who are left out. This is consistent with research on leaderboards in other communities that found how such rankings discourage contribution when "leaderboards elevate the top ten or twenty-five participants in populations of tens of thousands" and the "vast majority of members ... perceive that they have no chance of making the list" (50).

This is an ongoing area of concern that requires careful attention for any community looking to implement such a system. For the Drupal community, we are careful to ensure that this contribution credit system is used to provide recognition for individuals, but not rank. We believe ranking individual contributors is an unhealthy model that doesn't account for the privilege of free time.

On the other hand, because presenting an ecosystem of Drupal service providers creates a defacto ranking system--it's in our best interest to choose one based on contribution behavior that promotes good open-source citizenship, rather than something more capricious or arbitrary like a simple alphabetical or randomized list. 

Start with a Goal, Not a Metric

The CHAOSS community recommends that free/libre and open-source communities adopt a Goal-Question-Metric format. In this format, a community first establishes goals. Then they need to establish questions that characterize the assessment or achievement of a specific goal. If the answer to the question does not matter, the community does not need information (metrics) and therefore does not need to measure.

Consequently, we view that Drupal's issue credit system is most well suited to organizations that have specific goals and that have questions pertaining to sponsorship, volunteerism, diversity, and related topics. In the Drupal community, many people who had been participating for a decade or more saw a clear shift in the community from being that of primarily hobbyists to that of professional developers. If nothing else, Drupal's issue credit system has shown us that organizations have played a significant, and growing, role in the development of Drupal. We can now state rather confidently that more and more contributions are sponsored, but volunteer contributions remain important to Drupal's success. We know that of the people using the issue credit system, 5% were "purely volunteer" compared to 69% that were "purely sponsored." We know that Drupal's contributors have become more diverse, but that we would still like to increase diversity.

Despite its limitations, we feel that Drupal's issue credit system offers significant value and we would like to see it adopted more widely. We are in the process of making individual and organizational credit an official metric of the CHAOSS project. We would like to see it adopted on GitLab, GitHub, GNU Savannah, and other platforms. Furthermore, if we standardize across these platforms, then the project health analytics researchers can study these attributes across all the projects and tooling ecosystems that support this data, and we can share the effort. 

Would you like to know at a glance whether an open-source project is primarily sustained by individuals or organizations? 

Would you like to know who they are? 

Would you like a window into good citizenship in your open source project?

Please join us! You can show your support by adding your own feedback on the issue to add the feature GitLab

Jul 12 2021
Jul 12

In this second part of our team talk series on live load testing with Goose, we focus on demonstrating load testing using a Gaggle. A Gaggle is a distributed load test running Goose from one or more servers. Here, we’re testing with 20,000 users using ten Workers and a Manager process on services spun up using Terraform.

CEO Jeremy Andrews, the creator of Goose; Fabian Franz, VP of Software Engineering; CTO Narayan Newton, and Managing Director Michael Meyers demonstrate running a Goose Gaggle and discuss how variations on these load test change testing results, and what you can expect from a Gaggle. Our goal is to prove to you that Goose is both the most scalable load testing framework currently available, and the easiest to scale.

Narayan is a key member of the Drupal.org infrastructure team, responsible for ensuring the site stays up under load or attack. Load testing is a critical part of ensuring Drupal.org, or any website’s continued success.

[embedded content]

For more Goose content, see Goose Podcasts, Blogs, Presentations, & more!

For a transcript of this video, see Transcript: How to load test with Goose - part 2: Running a Gaggle.

Photo by Gary Bendig on Unsplash

Jul 12 2021
Jul 12

Digital transformation is the defining feature of this era. If you want your business enterprise to establish its online presence and take full advantage of the latest digital technology you need Drupal for your web development needs. Drupal is a content management system that provides the back-end framework for 13% of the top 10,000 websites worldwide and is extensively used by corporations, governments, and businesses looking to ensure a fast and smooth user experience on their websites for an enhanced and integrated user engagement experience.

Transform your Digital Presence with Drupal

Drupal is the go-to choice for corporations, educational institutes, governments, and many more entities looking to build their online presence. The ease of usage that is inherent to Drupal along with its remarkable CMS framework allows you to curate and manage all your content in one place while ensuring compatibility and accessibility to all platforms from mobile devices to information kiosks.

Drupal allows for the integration of web properties with your company software allowing you to seamlessly transition your content between them. You can rely on Drupal to take care of your content management needs with its strong front-end website support that translates into a faster loading time for the landing page and gives users an integrated experience. Drupal 9, the latest version, has done away with deprecated code and hence made the website lightning fast with faster loading times for modules and third-party integrations creating a unique user experience for your site visitors resulting in users staying longer and thus increasing the chances of converting clicks to actual customers.

Its multichannel capabilities allow you to control content over multiple platforms where once you have created content, it can be easily shared across platforms, and with the compatibility of your website for various platforms, it creates a comprehensive digital experience for the users without comprising the performance of the website.

How does Drupal Help you?

Drupal has been designed keeping in mind the global nature of business enterprises today and as such provides multilingual support to allow users to visit your website in their native language increasing user engagement. Drupal enables you to host multiple copies of your website from a single code all of which have their own databases and related framework. This shared code makes it so that you can modify all the websites in one go by simply modifying the source code.

This shared code multisite system allows for fast distribution and optimization of standardized features and modules across websites. You can manage multiple systems by signing in just once. Drupal reduces your costs as a single CMS allows you to author content for all your platforms thus reducing training costs. You have access to advanced media management and content hosting options that greatly improve the quality of your content and in turn, your website. You can change things immediately and manage your own sections with personalized content.

Another capability offered by Drupal is how easy it is to share content on multiple channels and platforms. Your content is automatically made compatible with mobile devices, apps, different websites, and even information kiosks making your reach truly universal. The API helps you to pull external content for specially designed front-end apps that further improve user experience. One of the biggest advantages that Drupal has is the decoupled CMS that separates the front-end framework from the back-end framework. The front-end communicates with the backend through an API and once any changes are made on the back-end the same is communicated through the API to the front-end. This results in much faster loading speeds and performance as instead of updating a “coupled” CMS wherein both the back-end and front-end are joint together the changes are only made to the back-end saving loading times. This approach is much more secure as the separation provides an added layer of security. This also allows for easier third-party integrations which are much less disruptive to web development.

Why should you Prefer Drupal Over other Platforms

Offers world-class web development options with continuous developer support, security patches, critical updates, and new modules that ensure that you always have the ability to improve user engagement on your website. The content management system is constantly evolving and providing you newer and better ways to manage and publish your content across multiple channels from a single platform. Some of the defining features of Drupal are listed below:

  • Drupal is a Free and Open Source software which means there is no licensing cost. It also means developers all over the world are constantly fixing bugs, posting modules, and providing easy third-party integration to make your website as accessible and integrated as possible. The platform is vendor-neutral and as such, there is no one organization that completely controls it and therefore, the platform even in the future remains free and community-driven making it one of the most secure CMS platforms out there. You also get access to a large number of community-developed modules that add functionality to your website and you can keep adding as many modules as you need to ensure the smooth performance of your website.
  • Drupal receives regular security updates and patches that ensure that your website and its integration with your company software ecosystem are always secure. You can easily find modules that are cleared by the security team to be used for web development and content creation.
  • Drupal provides easy scalability solutions for your business. You can build and maintain re-usable modules and other components and the available framework is highly scalable in nature.
  • Using Drupal for your websites will significantly bring down your overhead maintenance costs as a single source code can be used by your web developers to maintain and update all your websites.

Only the Best

In case you are still skeptical of whether Drupal is truly what you are looking for and whether it will be able to satisfy your digital technology needs, here are some case studies to help you make a decision.

  • Nestle Purina overhauled their entire web development and properties to Drupal 8. The Single Sign-On feature along with its e-Commerce integration capabilities has helped them integrate their web properties with their corporate software ecosystem.
  • Warner Music Group, home to some of the biggest music artists in the world, relies on Drupal to host multi-sites and moderate standard content throughout all its platforms and sites.
  • INSEAD uses Drupal as their preferred platform for integrating web properties on their website and web portal and enhances the user experience for all its departments.
  • The Government of Bhutan uses Drupal to create a multilingual and multisite platform that is used to create websites for its local bodies. The government is thus able to maintain all its multilingual websites as well as launch new ones without adding any maintenance costs.

In conclusion, Drupal has truly captured the modern needs of business enterprises, government bodies as well as corporations alike and provides digital technology features that can truly aid your digital transformation and make user engagement a much better experience.

References

[1].https://events.drupal.org/europe2020/news/how-your-organization-includin...

[2].https://customerthink.com/how-drupal-8-is-leading-the-digital-transforma...

[3].https://www.zyxware.com/articles/5979/on-to-drupal-9-for-your-digital-tr....

[4].https://www.tadigital.com/insights/perspectives/why-decoupled-drupal-key...

[5].https://medium.com/@drupaleurope/drupal-europe-2018-digital-transformati...

[6]https://medium.com/dataseries/leveraging-drupal-to-drive-digital-transfo...

[7].https://ixis.co.uk/drupal/development

Jul 09 2021
Jul 09

In June for the SC DUG meeting Will Jackson from Kanopi Studios gave a talk about using MQTT with Drupal to connect to local IoT devices. A fan of home automation, Will has created a Drupal 8/9 version of the MQTT module. He is hoping to encourage more people in the Drupal community to join the fun.

[embedded content]

If you would like to join us please check out our up coming events on MeetUp. You’ll find our meeting times and, once you RSVP, remote connection information.

We frequently use these presentations to practice new presentations, heavily revised versions, and test out new ideas with a friendly audience. So if some of the content of these videos seems a bit rough please understand that is some of the point. If you want to see a polished version checkout our group members’ talks at camps and cons.

If you are interested in giving a practice talk, leave me a comment here, contact me through Drupal.org, or find me on Drupal Slack. We’re excited to hear new voices and ideas. We want to support the community, and that means you.

Jul 09 2021
Jul 09

Thank you to Travis Carden for helping us get this module updated for Drupal 9!

The Drupal SEO Checklist module is sponsored by Volacci and was created in conjunction with Ben Finklea's SEO Books:

What does the Drupal SEO Checklist Module Do?

The Drupal SEO Checklist uses best practices to check your website for proper search engine optimization. It eliminates guesswork by creating a functional to-do list of modules and tasks that remain. Updated regularly with the latest techniques, it makes on-page Drupal search engine optimization hassle-free.

It breaks the tasks down into functional needs like Title Tags, Paths, Content and much more. Next to each task is a link to download the module from D.o and a link to the proper admin screen of your website so that you can configure the settings perfectly.

Drupal SEO Checklist also keeps track of what has already been done. It places a date and time stamp next to each item (when you click save). That provides a simple report that you can share with others showing what's been done.

Get the Drupal SEO Checklist Module

Download the module here: http://drupal.org/project/seo_checklist and follow these simple instructions for installing and using the module.

While this module is no replacement for proper Drupal SEO Consulting, it's a great start down the path for any Drupal website.

Jul 09 2021
Jul 09


Imagine there is a project that only has one person working on it. All the developments and challenges are going to be performed and overcome by him. Nobody can say that the project would not be successful, it very well can be.

Now compared to the previous project, think of a second one. This has a whole bunch of people working on it. The solutions aren’t coming from a single brain, but from loads of expert brains. 

So, if we had to judge the success rates of these two projects, on which would you place your bet on? For many of us the answer would be the second project with a massive team of experts, who’d be able to come up with more solutions and developments than a single person ever can.

And that is open source software for you. It is a platform wherein, one person creates a software, and other developers have an opportunity to read his source code, to use it, to modify it and redistribute it with the modifications. Open source software makes it possible for people to come together and work magic with their intellect and skills.

However, with that kind of liberty in development, there are often times when people after modifying an open source make it a proprietary software. Sometimes an open source developer wouldn’t mind it, but there is also the chance that he’ll feel misused. To overcome these scenarios, a solution was thought and that is what we are going to be discussing today. So, let’s begin.

How Open Source Licensing Came to Be?

A broad timeline is shown depicting the emergence and the current status of open source licensing.


You would be surprised to know that the origins of open source licensing can be traced back to a consent decree issued by the United States Government. Yup, you read it right. This was back in the late 60s and early 70s, when the Unix operating system was emerging, being the first general purpose operating system. 

The US government barred AT&T, the founders of Unix, from engaging in any commercial activity outside of their primary field of operations, which was telephone services. So, what did AT&T do? It did the next best thing, given the decree. 

Making Unix a commercial software was out of the question. So, AT&T gave away its source code to be modified and shared. Of course, this was done under a set of terms and guidelines, but computer scientists of that period didn’t mind that, nor would the computer scientists of today mind it. This open source code made Unix extremely popular. 

If we look at this scenario carefully, it is essentially an open source license by definition. Let’s see how.

So, what is an open source license?

Open source licensing is a system that dictates the terms and conditions of the use, modifications and distribution of the software code by people other than the originator of the software. It essentially includes the permissions and rights that would be required to use or repurpose the code for building newer applications with it or adding it into existing projects.

Now, can you possibly tell me that what Unix did was any different? I don’t think so. 

Open source software licenses indeed go back to the late 60s, however, its more formal use was witnessed in the 90s with the introduction the GNU project thanks to Richard Stallman. He later created the GNU GPL license. The terms of this license were that anyone could redistribute software, provided that the source code was open and not as secret.

Then with the advent and popularity of the Linux operating system and its adoption of the GNU GPL license, open source licensing became the norm.

According to the Open Source Initiative, today there are about 80 approved open source licenses. And you yourself can create one for your software, the Open Source Initiative would make you go through its license review process. You can very well do it, however, not many would recommend it.

So, in essence open source licenses are contracts for open source projects, which are as legal as they are binding, between the authors of the software and the people who would use its components.

To highlight the importance of an open source license, I’d say that it is these that actually make software development become aligned with open source. Without an open source license, the software cannot be used and redistributed by anyone, despite the fact that its source code is publicly available. And they are similar in cost as compared to OSS, so, when asking, are open source licenses free, the answer is yes, much like the software itself.

How are Open Source Licenses Distinguished?

Now that  the meaning of open source licenses is explained, let’s move further along. What started out as a single license by Stallman has become a standard practice in the open source community. I mentioned earlier that there are about 80 open source licenses available today, however, if these were to be categorised, you would only be able to get two. And these two mark the distinction in the form and application of the said licenses.

And here are the open source licenses by category:

The two categories of open source licenses are highlighted in a diagram.


Permissive Licenses 

Upon looking at the definition of the term permissive, you’d find words like liberal, excessive freedom, non-restrictive and my favourite, open--minded. And these words just about define the scope of these licenses. 

As their name implies, the permissive open source licenses provide more freedom to use, to modify and to redistribute software. You can do anything you want, even using the software for proprietary purposes is not off the table.

The only aspect on which these licenses have a restriction on the acknowledgement of the author. What this means is that you have to adhere to the copyright notice and keep that in place when you are distributing your own software. As long as you do that, anything goes here. Even if you do not want to share the source code of the modifications, it is totally alright.

Copyleft Licenses 

As far as free softwrae licenses go, copyleft license is at an 180 degree angle from permissive. If one is the North Pole, the other is the South Pole. 

Why?

It is because, while permissive licenses boast freedom and liberty, copyleft licenses are the epitome of restrictions. When a copyleft license is issued on a program, other developers can use it, modify it and redistribute it, however, the redistribution has to be aligned with the copyleft license terms. This means the modified program has to make the source code publicly available, just like the original program. And there is no going about it. 

The GNU GPL license, now on its third version, is the paradigm here. Stallman did not appreciate companies using his software and then closing it off as proprietary. And that is what this license prevents.

So, what happens when a proprietary software uses a program with a copyleft license in its source code? 

It would have to make it public and possibly release the entire software royalty-free, since it would be under the stringent terms of the copyleft license. The risk of exposing your intellectual property comes inherent in these licenses.

Furthermore, you cannot place any more restrictions on the licensee’s way of exercising his license. You could say that the phrase, anything goes, doesn’t come close to the definition of a copyleft license.

Let’s Look at Some of the Popular Open Source Licenses

After the categories of open source licenses, the next thing to know is the licenses that have been issued under them. I wouldn’t be talking about all 80 of the licenses approved by OSI, that would take ages for me to write and you’d get bored halfway through the read. So, I have a list of 9 of the most used open source licenses. 

So, let’s begin looking at open source license examples based on the category they fall under. 

Permissive licenses 

The examples of permissive licenses are shown in a diagram.


Apache 2.0

Being a liberal license, the Apache license 2.0 allows the freedom of using, modifying and distributing any of its products. The requirement here is to include the license notifications and copyrights on the distributed code or like a notice in the software itself or both. 

Under this license's terms of service, it is not mandatory to release its source code upon distribution, be it a derivative work, a larger project or basic modifications. All of these can carry different licensing terms. 

MIT

The simplest type of license of them all, named after the famous university, it’ll only take me a single sentence to explain it. MIT license is the license that allows you to do anything with the original code, with no restrictions on distributions, as long as you keep the original copyright and license notice in the distributed source code or software.

Berkeley Software Distribution

The BSD license, like the other two permissive licenses, lets you freely modify and distribute the software contingent upon you keeping the copyright notice, following the list of conditions along with the disclaimer. 

It has three categories to it; 

  • The 4-clause BSD was the original and first BSD license and had an advertising clause and a non-endorsement clause; 
  • The 3-clause BSD was the modified version without the advertising clause; 
  • And the 2-clause BSD, also known as FreeBSD, further removed the non-endorsement clause, making it almost similar to MIT in simplicity and use.

Copyleft licenses

The popular examples of copyleft licenses are shown in the image using a diagram.


GNU GPL 

GNU General Public License is by far one of the most popular open source licenses, being associated with the free software foundation, and pioneer of the copyleft licenses, being the first one to be OSI approved,. It was established to prevent your software from becoming proprietary. 

The GNU GPL license states that any software using a GPL component, despite its proportion of use, has to make its source code publicly available upon distributing. You are going to be passing on the same rights you received through the license to the person adopting your software, meaning if your source code is in the public domain, anyone using your component has to do the same. This makes the GPL license the strongest copyleft version.

At present, GPLv3 is the version that is being widely adopted.

Affero GPL

You would think that the GPL license must be full-proof without any loopholes, but there is one. The GNU GPL license only works when the software developed using a GPL component gets distributed. However, when the same is made available over a network, there aren’t going to be any red flags. 

To counter this predicament, the Affero GPL license comes in, it essentially monitors the distribution over networks, even remote ones, and sends the right alerts to the GPL license. This makes the AGPL quite important for many.

Lesser GPL 

The LGPL license is another variant of the GNU GPL license. There aren’t any more loopholes that it would cover up. It offers much the same license notifications and copyright protection. The only difference here is the size of a project can change the license terms. 

For explanation, a smaller project under a larger project would not have to comply with the larger project’s licensing terms. And a smaller project accessed as part of a larger project would not be asked to share the source code of the larger project. I’d say LGPL makes the GPL licenses seem a little liberal.

Mozilla Public License 

The MPL, maintained by the Mozilla Foundation, is as liberal a copyleft license as they come. The reason lies in its distribution protocol. As a copyleft license, the MPL does mandate that the modified code of its component be made public, however, this public sharing is only applicable to the modifications that have the licensed components and not the entire software. The stipulation is to store the MPL code in separate files and make that openly available.

The license is compatible with GNU GPL, given its enforced copyright notices and patent grants. Nonetheless, it is often considered to be a balance between permissive and copyleft licenses. 

Common Development and Distribution License

Often referred to as the cleaned up version of the MPL, CDDL has much the same attributes of the former. Given the fact that it was inspired by MPL, that comes as no surprise. 

Upon distributing the software in executable form, it is mandatory that you make the source code available. However, if your contributions aren’t part of the original software and are separate files, you are not required to make it public by releasing it under CDDL. A lot similar to MPL, right?

With this license, you will have the liberty to modify and distribute the original or derivative works of any CDDL software. The only stipulations are on changes to copyright, patent or trademark notices of the software along with keeping on the contributor acknowledgements and license notices.

Eclipse Public License 

Founded by the Eclipse Foundation, the EPL has certain requirements on the distribution of an EPL component. However, these vary given the circumstance of the modified code’s distribution patterns. 

  • Modifying and distributing an EPL component in the source code of your project mandates you to disclose the modified code under the EPL;
  • While modifying the and distributing the same in the form of object code would mandate you to make the code available upon request. Further, you would also be asked to disclose the way in which the source code can be requested. 

What is more is that individual program components, including EPL, non-EPL and proprietary code, can be clubbed together and sub-licensed. All you would have to do for that is ensure that the non-EPL elements are separate objects.

A Quick Look at Open Source License Example Through Drupal

Is Drupal free to use? Yes, it is.

Is Drupal free for commercial use? Yes, it is.

Why? 

Drupal is an open source CMS, that is why. And to call itself open source, it had to be registered under a license. And of course, it is. Drupal is licensed under GNU GPL Version 2 or later. All the contributed files that are hosted on Drupal.org are licensed under the same. 

The logo of Drupal 9 and GNU GPL can be seen on a dark background.


You can freely download, reuse, modify and redistribute any component of a Drupal.org project under the terms of the GPL license, that we talked about earlier. The core software on Drupal can also be run and licensed in combination with a version 2 or 3 compatible license. Saying that Drupal projects can very well depend on or be linked to GPL incompatible non-code assets, however this relies on the maintainer possessing the rights to distribute the non-code assets.

Let’s now look at the specific aspects of Drupal and how they are licensed. 

  • The files, be it PHP, JavaScript or images, being a part of a Drupal project are licensed under the license as Drupal.
  • The modules and themes are considered derivative works and so are to be distributed under the GPL version 2 or 3. 
  • The content, however, is licensed under the Creative Commons Attribution-ShareAlike 2.0.
  • The sample code follows the same GPL licensing terms.

Considering all of these, who would you guess holds the copyright of the code in Drupal?

The answer is its hundreds and thousands of contributors, who agree to release their code under the same license. However, if a contributor has created a patch, but isn’t willing to license it under the GPL, he should probably not submit it and the point of retaining a copyright on the same would be moot. 

Learn more about open source here:

Perks of being an open source contributor
Impact of large enterprises on open source
Open source leadership
How open source remains recession-free
Impact of open source during Covid-19 pandemic
Diversity, equity and inclusion in open source
Open source security

Conclusion 

When I started writing this blog, I considered the copyleft licenses to be rigid and unattractive. However, realising that its pioneer is the license behind Drupal made me change my perspective. Drupal has helped a community of close to a million come together and build and distribute their work and that would not have been possible or even beneficial, had the source code not been publicly available. 

So, open source licenses as per their meaning can be liberal and rigid, but I personally feel that the rigidness serves more purpose than the liberty ever could. 

Jul 09 2021
Jul 09

Drupal prioritizes community contributions and group collaborations which helps in evolving Drupal as one of the leading open-source projects, providing best services to its community. To add a significant contribution, the Drupal community members actively work on projects like Drupal Core and contribute modules, distributions, and themes respectively. It discovered a convenient way to progress in all its projects by creating community initiatives to focus upon some major tasks and goals. Therefore, Dries Buytaert, founder and project lead of the Drupal project, considers few initiatives as crucially important and identifies them as Strategic Initiatives. One of the major strategic initiatives, automatic updates plays a huge role in making Drupal more effective and relevant with the ever-changing web sphere. So, in this article, we will discuss how automatic updates finally made it to Drupal? 

Strategic initiatives behind Drupal’s success 

Drupal is seen largely focusing on executing its several recommended strategic initiatives and never-ending innovation. These strategic initiatives aim at solving issues that create hurdles for the users in receiving the maximum benefits from this free and open platform. They have contributed in producing some extraordinary developments driven by forces such as:

  • Creating an open-source digital platform experience
  • Usability studies and survey data availability
  • By improving editorial, developer, and customer experience, market relevance is increased
  • Cooperation with the core maintainers
  • The provision of validation by collaborations and larger community discussions 

To learn more on how Community initiatives are proposed and how Strategic initiatives come about, read here. Also, learn what’s happening with Drupal 10 readiness initiative and Decoupled menus initiative. Moving forward, we will now take a closer look at one of the most important strategic initiatives i.e. Automatic updates initiative in Drupal. 

Automatic updates: In Detail

Illustration with a rectangle describing security status in Drupal's Automatic UpdatesSource: Drupal.org

Updating a Drupal site manually can be expensive, time-consuming and extremely difficult. Therefore, to resolve this major concern, Drupal created the Automatic Updates Initiative that can help users to experience safe and convenient automatic updates for Drupal sites. 

The primary goal of Automatic Updates in Drupal

The prime goal of this initiative is to strategically implement a safe system for Drupal’s automatically installing updates, reducing Drupal site’s total maintenance costs, enhancing Drupal site’s security that further leads to good user experience and making an easy entry for the users to the Drupal community without any major concerns. A look at the roadmap of the automatic updates initiative

The target audience of Automatic Updates

Drupal Automatic updates are not a good fit for large-scale organizations as they have their own established roadmaps and exclusive pipelines. But such initiatives can be beneficial for small-to-medium website owners as they lack in building proper workflow and system.

Some organizations with progressive deployment work plans might prefer using the automatic updates initiatives at the last step before production, i.e. staging environment. To integrate verified updates into custom build work plans, this initiative also facilitates APIs.

Scope of Automatic Updates: Overview of what this scope includes and excludes

Scope includes

The minimum Drupal core implementation includes:

  • Availability of automatic updates for Drupal core patch and security releases.
  • For safe updates, site readiness checks are available.
  • Verification and code signing is accessible for updates from Drupal.org
  • Attainability of Composer integration.
  • A custom “A/B” bootloader helps in updating in a distinct location from the live site that allows switching over at the time of successful update, also providing rollbacks in case the update introduces regressions or fails. 

Scope excludes

The minimum implementation doesn’t support:

  • Major version updates and core minor.
  • The availability of contributed project updates.


Automatic Updates is an ongoing strategic initiative and it is still being developed for better outcomes. Here are some of the significant elements that need to be looked over.

  • This initiative is yet not in core. There is an initial prototype that is available as a contributed module. Although, the core solution shall be different from this module.
  • The first phase of the Automatic Updates module includes Public service announcements (PSAs), Readiness check features, and also apply In-place updates either on cron or manually. 

Here is a short video giving an update on Drupal 8’s Automated Updates Initiative. It provides a quick look into the features of automatic updates i.e. Public service announcements, Readiness check and In-place updates. Don’t miss it, take a look.

[embedded content]


A quick look into the key features of automatic updates:

Public service announcements (PSAs)

Infrequent announcements are done for extremely critical security releases regarding core and contrib modules. Once a PSA is released, site owners should review their sites so that they are well updated with the latest releases. The site should be in a good position to instantly update if any fixes are provided to the community.

Readiness check

It isn’t possible for all the sites to frequently go for updates. The readiness check can be termed as an automated method that helps in recognizing the capacity of a site for automatic updates after any new release is provided to the community. Here is an example, the sites having un-run database updates, working on read-only file systems, or do not have enough disk space for updating, will not be able to receive automatic updates. In case your site fails readiness check, meanwhile, a PSA is released, it is imperative to look after the readiness issue so that your site can be instantly updated.

In-place updates

  • If the PSA service notifies a Drupal site owner about a convenient update, followed by the readiness checks’ confirmation regarding the ability of a site to be updated, the service of automatic updates can then be applied. There is a possibility that a particular site or a hosting provider may offer additional DB handling options if required.  
  • Tarball-based installations are supported by this module and it doesn’t prefer some of the requirements for secure updating, rollback, etc that will be included under the core solution.
  • Contrib updates or composer-based site installations are not supported by this module. Work on composer integration is already started and is in progress. 

Understanding the phases of automatic updates 

The Automatic Updates is huge, as a result, the tasks are worked under phases. It consists of two phases that have different significant objectives. Below are the objectives of both phases.

Phase 1 Objectives

  • Facilitating a JSON feed of Drupal Public service announcements from Drupal.org.
  • Presenting  PSAs in the Drupal admin interface.
  • Availing an extensible update readiness check system.
  • Creating update packages from Drupal.org
  • Safeguarding the update packages with a signing system.
  • With roll-back, apply the updates either automatically or manually.

Phase 2 Objectives

  • Facilitating an A/B front-end controller for more robust testing/roll-back features
  • Provide support to contributed module automatic updates.
  • Giving support to composer-based site installations.

The most recent updates on Automatic updates initiatives were delivered in DrupalCon North America 2021. The keynotes and technical overview shared during the sessions talked about providing a secure system for automatic updates, lowering the cost of maintaining a Drupal site, and improving security. They also explained different areas where the new contributors can help as the initiative is still a work in progress. Check out sessions below:

[embedded content]


 

[embedded content]

 

[embedded content]

Conclusion

Drupal is taking a major responsibility in establishing a community where the users can take the maximum advantage in making their sites and software more secure and user friendly. There is a huge emphasis on community initiatives in Drupal. Therefore, strategic initiatives in Drupal are a practical step towards meeting the designed community goals and aspirations. Considered as one of the most significant initiatives, Automatic Updates allows users to encounter secure and suitable automatic updates for Drupal sites, encouraging everyone to opt for this leading open-source project.

Jul 09 2021
Jul 09

Originally published on 19th August 2019. Updated with current information on the modules’ compatibility with Drupal 9 and new Drupal 9 modules.

Making sure your digital experiences are accessible has become a necessity - and with all the right reasons. The web is for everyone and, as such, everyone should be able to use it effectively, no matter their physical ability. Sites that are inaccessible automatically prevent a large number of people from using them.

We’ve already written a series of blog posts on Drupal and accessibility - you can check them out here: part 1 & part 2. As you can probably glean from these two posts, Drupal offers a lot of accessibility features out-of-the-box, e.g. the requirement of alt text for images in Drupal 8 (another strong case, by the way, for migrating to Drupal 8 ASAP). 

The second part of the series also takes a look at a few contributed modules with which you can further improve the accessibility of a Drupal website. During the time since the blog post’s publication, however, there have been many more accessibility-focused modules contributed to the Drupal project - and these are what we’ll take a closer look at in this post. 

Drupal 9 update: Drupal has made significant improvements since the time that we originally published this article. While Drupal 8 and even Drupal 7 are still widely used, their end of life dates are approaching and many websites are now transitioning or have already upgraded to Drupal 9. 

To reflect this, we’ve updated the article with information about the modules’ D9 compatibility status, and we also included a few of the best newly released or recently refreshed Drupal 9 modules. 

Accessibility toolkit (& Accessibility)

While only available for Drupal 7, the Accessibility toolkit (the a11y module) is an invaluable resource for Drupal developers that are tasked with building user-friendly and accessible sites. It allows for: dyslexic font support, high contrast mode, inverted colors mode and text scaling. 

On top of that, it also provides support for simulating specific disabilities. Since it’s quite difficult for an able-bodied person to put themselves in the shoes of a disabled person, these simulations greatly help developers to feel empathy by reproducing the symptoms of certain disabilities such as dyslexia or colorblindness. 

If you’re looking for a module with similar capabilities that can also be used in Drupal 8, the Accessibility module is the one closest to the a11y module - it’s geared more towards content editors and site maintainers, though. It provides a set of available accessibility tests that check the content published by your editors and other users for any accessibility errors, such as a missing alt text (granted, with Drupal 8 this is already automatic). 

So, for a Drupal 7 site, these two modules can be employed in tandem: one is used for ensuring accessibility in development, while the other is used in the live environment to make sure that the content and design meet accessibility standards. Just a disclaimer, though: the Accessibility module is not covered by Drupal’s security advisory policy, since it uses the QUAIL jQuery plugin which is no longer supported.

A11y

Accessibility

Drupal 9 status: none of the modules are compatible with Drupal 9.

Accessibility Scanner

Accessibility Scanner is a relatively new module; the first development version was released in March, while the latest alpha version was released just about two months ago (June 20). With this module, you can use Drupal together with achecker to perform web accessibility scans directly in the Drupal admin interface. 

Accessibility Scanner

Drupal 9 status: the module is compatible with Drupal 9.

Style Switcher

The Style Switcher module provides incredibly useful functionality for visitors that suffer from color blindness. It allows themers to create themes with alternate stylesheets, and site builders to add other alternate stylesheets right in the admin section. 

A site visitor is then presented with all those styles as links in a block, and they can choose the one that they prefer, e.g. one with the optimal contrast for their specific type of color blindness.

Style Switcher

Drupal 9 status: the module is compatible with Drupal 9.

Dark silhouette of a head contrasted with brightly colored shades

Block ARIA Landmark Roles

This module was already mentioned in part 2 of our series on web accessibility in Drupal; it’s available for Drupal 7 and 8. It allows you to assign ARIA landmark roles and/or ARIA labels to a block, which makes it easier for screen readers and other assistive technologies to identify the type and purpose of a certain piece of content. This greatly simplifies site navigation for visitors using such technologies. 

Block ARIA Landmark Roles

Drupal 9 status: the module is compatible with Drupal 9.

Text Resize

While it’s quite easy to resize the text of a page using the keyboard (‘ctrl’ and either ‘+’ or ‘-’), not everyone browsing the web is aware of that. The Text Resize module, available for both Drupal 7 and Drupal 8, allows visitors to change the font size of a text through a special block. It also comes with a ‘reset’ option which has to be enabled from the admin page.

Text Resize

Drupal 9 status: the module is not compatible with Drupal 9.

Automatic Alternative Text

With this Drupal 8 module, you can automatically generate an alt text for an image for which the user hasn’t provided any. This is done using the Microsoft Azure Cognitive Services API.

It provides one or more descriptions of an image which are ordered according to their confidence. The default descriptions are in English, but it is also possible to translate them into other languages. 

Providing an alternative text is crucial for blind or visually impaired visitors using screen readers, as it is pretty much the only means for them to take in the full content of a page. On top of that, images with the provided alt text are more SEO-friendly and thus help with your site's search engine ranking.

Even though Drupal 8 demands alt text by default for content creators, content submitted by users should also include it, and this module enables just that.

Automatic Alternative Text

Drupal 9 status: the module is compatible with Drupal 9.

Fluidproject UI Options

The UI Options module by Fluid enables users to modify a page’s font size, line height, font style, contrast and link style according to their preferences. All changes made are retained thanks to cookies. 

The module does have some limitations, however. Bootstrap themes, for example, need some additional CSS for font-sizing and line heights to work as they should, and elements that use CSS gradients can’t have their contrast settings changed. 

Fluidproject UI Options

Drupal 9 status: the module is compatible with Drupal 9.

Keylock functioning as a door providing secure access, with bits in the background

htmLawed

This is a very useful module not just in the context of accessibility, but also security. It restricts and purifies HTML code so that it complies with the site administrator policy and standards and security best practices. 

Using this module, you’re able to autocorrect and beautify HTML markup as well as restrict HTML elements, attributes and URL protocols in the input. Moreover, it also balances tags and ensures that HTML elements are properly nested, transforms deprecated tags and attributes, etc. 

htmLawed

Drupal 9 status: the module is compatible with Drupal 9.

HTML Purifier

A very similar module to the just mentioned htmLawed, the HTML Purifier filter library is again perfect for meeting both security and accessibility requirements. It removes malicious code from your website while also ensuring W3C standards compliance. 

HTML Purifier is a great fit for Drupal as it works really well with WYSIWYG editors. With it, you get a lot of options, such as custom fonts, tables, inline styling, and many more.

HTML Purifier

Drupal 9 status: the module is compatible with Drupal 9.

Drupal 9 bonus: Editoria11y (& CKEditor Accessibility Auditor)

Editoria11y is an accessibility checker aimed at content creators and editors which runs automatically in the background. It provides a toggle which shows the number and type of issues discovered, as well as giving additional information and suggestions when clicked on. 

A similar module which also has a Drupal 9 compatible version is CKEditor Accessibility Auditor. The main difference is that this module functions by pressing a button which then runs HTML_CodeSniffer Accessibility Auditor. Additionally, as its name suggests, it works exclusively with the WYSIWYG CKEditor.

Editoria11y

CKEditor Accessibility Auditor

Conclusion

This was our list of Drupal modules that take care of different aspects of web accessibility. Depending on what security measures you’ve already implemented and what your team’s best practices are, you likely won’t need to employ every single module on this list.

Still, we wanted to give an overview of different options so that you can pick and choose the one that best fits your needs. These modules provide accessibility resources for both developers and content editors, as well as visitors using the site, so you’re sure to find a combination that works for you.

Wooden walkway in nature which provides access to the beach

If you're still experiencing accessibility issues or are in need of a complete accessibility overhaul, give us a shout out and let our experienced and proven developers help you make your site accessible to everyone.

Jul 08 2021
Jul 08

Lynette has been part of the Drupal community since Drupalcon Brussels in 2006. She comes from a technical support background, from front-line to developer liaison, giving her a strong understanding of the user experience. She took the next step by writing the majority of Drupal's Building Blocks, focused on some of the most popular Drupal modules at the time. From there, she moved on to working as a professional technical writer, spending seven years at Acquia, working with nearly every product offering. As a writer, her mantra is "Make your documentation so good your users never need to call you."

Lynette lives in San Jose, California where she is a knitter, occasionally a brewer, a newly-minted 3D printing enthusiast, and has too many other hobbies. She also homeschools her two children, and has three house cats, two porch cats, and two rabbits.

Jul 08 2021
Jul 08

Together with the contact page, the services page is one of the key parts of a website. It's also one of the basic elements of an effective business website. Presenting the scope of services is usually the main purpose of its existence. We'll show you step by step how to create a services page in Droopler - a Drupal distribution.

Pages created using ready-made components

Droopler is a website builder based on predefined components. Thanks to a set of ready-made parts, it's good for building company websites for organisations of all sizes. We can easily create with it a home page and each subpage. Depending on the needs and preferences, we can use photo and text components, a gallery, a contact form, emphasise some significant numbers or direct the users to other subpages with more detailed information, such as the offered services.

Building a services page from scratch

We'll start building a services page by creating a new subpage. To do this, after logging in, select Add content from the Content menu and then Content page.

Creating a services page from scratch in Droopler, a Drupal distribution

In the displayed view, we enter the title of the page. It'll be Services in our case. We also add "Teaser Image" and "Teaser text". In the options on the right, we select Provide a menu link, which will make the link to the new subpage appear in the top menu. We also enter the text that should appear as a link in the menu. It'll also be Services in our case. After filling in these fields, we deselect the Published checkbox so that our subpage isn't visible to visitors for this moment. We'll only publish it when it's finished.

Adding a title, teaser image, and teaser text for a new website in Droopler

Finally, we click Save and see this:

A view after creating a new services page in Droopler

 

Sidebar Image

Now we can start adding components. To access the library of available items, we click the "+" in a circle button. We'll see a menu with the available options. The first item we choose will be Sidebar Image.

The library of components available in Droopler

 

We select this paragraph and start filling in the fields. First, we enter the header (this will be the title of our subpage) and choose its type - H1.

Filling in the fields of the new paragraph Sidebar Image in Droopler

 

We add a photo and enter the text describing the subpage.

Adding a photo to a new services pageAdding a text describing a new services page

 

In the options found in the right tab, we choose which side the picture will be on. We select Right and click Save. The first component (section) of our services page is ready!

In the paragraph settings, we select where our image should be displayed on our services pageThe look of the ready Sidebar Image component

 

The next section will consist of links to individual services. To add this section, we'll start by selecting the Group of text blocks component.

Selecting the Group of text blocks component in Droopler

 

As in the case of the previous component, we enter the title and select the header type (this time it'll be H2).

Filing in the title and selecting the header type for the Group of text blocks

 

Below, we also enter the text that describes the given section:

The text describing a particular section of the Group of text blocks component in Droopler

 

The next step is adding the 4 tiles which are the links to individual subcategories of the subpage. In order to create them, we select the second Items tab and click Add single block text.

Adding the tiles which will serve as the links to the specific subcategories of the page

 

We enter the title of the tile and select the photo which will be its background.

Filing in the title of a tile which will be in the Group of text blocks paragraphChoosing a background for the tile from the Group of text blocks paragraph in Droopler

 

In the Call To Action subsection we enter the subpage which the tile should link to (in the format "/" plus "subpage name", e.g. /boats), as well as the link's text.

Filing in the URL address of a subpage to which a new tile has to link to, and a text which will be displayed on a link

 

We prepare the other 3 tiles in a similar way. When it's ready, we click Save and we see this:

The ready tiles in the Group of text blocks component in Droopler

 

Now it's time to embellish this section. Therefore we go to the paragraph's settings by clicking on the pencil button:

After clicking on the pencil button, we'll go to the Edit paragraph page

 

In the settings, we change a few fields:

Embellishing the Group of text blocks component

 

In the options for each of the tiles, we select:

Selecting the options for each of the tiles

 

We click Save and we have a ready section with subcategories for the services we offer.

The ready section with subcategories of an offer on a website built in Droopler

 

Group of counters

We move on to the next section of the page, that is a counter with interesting figures regarding the company. We'll use the Group of counters component.

Adding the Group of counters paragraph to the services page

 

Similarly to the previous sections, we choose the title, header type and background photo.

Setting the title, header type and the background photo for the Group of counters paragraph

 

In the Items tab, we add individual values by clicking Add single counter and entering a digit and a text. We create 4 such elements and click Save.

Adding individual values to the Group of counters component in Droopler

 

The finished section should look like this:

The ready section Group of counters on the services page

 

Text page

The last element that we'll add to the services page will be a call to action. We add this simple section using the Text page component.

Adding the Text page component to the website in Droopler

 

As in the case of the previous steps, we select the header, "long text" and define the button.

Defining the details of the button that will be in the Text page paragraph

 

A ready services page in Droopler

The services page is finished. We only have to select Published in the selection field in the main options of the subpage. Now everything is ready and available online for the visitors of our website.

Publishing of a new services page

The whole Services subpage should look like this:

The ready services page in Droopler

 

You can see the created subpage in the Droopler demo. We build other subpages in a similar way. We encourage you to experiment with the options and different components. The multitude of available possibilities allows for personalising the page in a simple and quick way, without the need for coding.

Jul 07 2021
Jul 07

(Transcript of the OSTips Video)

During this year's Drupalcon North America, Dries took to the stage at his DriesNote speech and mentioned that Drupal has never been more stable. The adoption rate for Drupal 9 is faster than any other version of Drupal ever and modules are ready for Drupal 9 faster than ever before. So of course, he went straight into Drupal 10...

Here we go again! The changes coming to Drupal 10! Let's dive in.

Welcome to OSTips from OSTraining.  

In this video, I want to talk about the major initiatives for Drupal 10. Now it's not released until 2022, but of course, it's hot news right now.  At the last Drupalcon, there were initiative tracks for each of the main initiatives, and they were terrific. I'm going to give you a resource here in just a moment, but at the DriesNote, Dries took some time to go through each of the major initiatives.

If you want to watch DriesNote, click here.  Honestly, there's a lot of stuff at the beginning, so just fast forward to about 30 minutes into the video, and you'll find the major initiatives.

Now what are they?Let's take a look at the list starting with Automatic Updates:
Here We Go Again! The Changes Coming To Drupal 10

I'm pretty excited about this. I know a lot of people aren't, but i think it's time. Updating Drupal core in the past has been a nightmare for beginners and site builders. Here at OSTraining, we've been working with beginner Drupalers for 10 years, and one of their constant frustrations has been updating Drupal.

With Drupal 9 it's a lot easier using Composer, but with Drupal 10, it's going to be automatic. As long as your installation of Drupal is compliant, then automatic updates are a no-brainer.

Next up is Decoupled Menus: Here We Go Again! The Changes Coming To Drupal 10This is for people who use Drupal in a decoupled way or "headless" way. A lot of people are pretty excited about this one. Drupal 10 is going to be released in 2022 and Drupal 8 end of life is November 2021, so this initiative is pretty important.

Next, we have Easy Out of the Box:

Here We Go Again! The Changes Coming To Drupal 10

This is the other initiative I'm pretty excited about, because we deal with a lot of beginner site builders who will really appreciate this easy out of the box feature. However, I wish it was going to go further, because there's a lot under the hood in this initiative that doesn't really impact site builders, and there's a lot of work that needs to go into Layout Builder to make it completely usable. Fortunately, there are a lot of additional contributed modules for Layout Builder that fill in a lot of those gaps.

While I would have liked to have seen this go further, I'm excited that Layout Builder and Media Manager specifically are going to get a lot of attention in Drupal 10. If you've seen my OSTips video on how to make Media Manager into a Digital Asset Management System, you know how much of a fan I am of Media Manager. I think it's the best of all three of the major Content Management Systems, and so the fact that it's going to get more attention, is really terrific.

The last part of this initiative is a brand new administration theme that's turned on by default named Claro.

Finally, the New Front-End Theme:
Here We Go Again! The Changes Coming To Drupal 10

Poor Bartik! We'll be saying goodbye, but there's a new front-end theme that's modern and beautiful called Oliveiro. It's going to be standard in Drupal 10. I think again that's a terrific update to the out of the box user experience.

That's the key for this entire Drupal 10 initiative; better out of the box experience, and I think that's going to be really helpful for Drupal in the long run.

Finally let me give you a terrific resource. Drupal.tv has every Drupalcon video including all of the major initiative trainings and keynotes. I highly recommend you go and take a look at it.  Of course the top one there is the DriesNote.

Thanks for tuning in today! For more information, visit Drupal's list of strategic initiatives here.  (The images used in this blog are from Drupal.org, & we appreciate them! )

[embedded content]


About the author

Rod holds two masters degrees and has been training people how to do "things" for over 25 years. Originally from Australia, he grew up in Canada and now resides just outside Cincinnati, Ohio.
Jul 07 2021
Jul 07

The Ecommerce industry has grown during the pandemic. As a result, there is more demand for eCommerce website development. What are the factors to consider? Lets check it out in this blog.

The Indian E-Commerce Industry has Grown Enormously

The eCommerce industry is growing by leaps and bounds. It is expected to cross the US market by 2034. As per the latest Indian E-commerce Industry Growth Analysis, the eCommerce market is expected to reach revenues of US$ 99 billion by 2024, with a CAGR of 27% since 2019. The growth will be driven mainly by groceries, consumer electronics, apparel, etc. The competition is fierce, with several local and foreign entities jostling for space.

Several businesses are selling their goods online. The online shopping industry is bound to expand further due to the government's impetus on the Digital India program. As the prospects of the industry increase, there is also the need for high-end eCommerce website development services. The ongoing COVID-19 pandemic has also led to customers ordering more goods online.

Growth of eCommerce during the COVID-19 Pandemic

The curbs on movement and the lockdowns have led to more customers doing online shopping. It has helped to push eCommerce sales to heights never seen before. In addition, the use of reliable broadband and smartphone penetration has ensured that customers have a seamless experience buying online.

The use of next-generation technologies has also led to an increase in this sector. It has helped customers make better choices. The changed shopping traits will continue even after the pandemic. During this time, several more businesses have taken the online route. While some of them have turned into affiliates of renowned brands, some others have their eCommerce website.

Few Points to Consider before Developing your eCommerce Website

Aligning the Business Goals

Before taking the plunge, you must have a robust plan in place for your eCommerce business. It should cover the goals and objectives you have in mind. It is necessary because you can design the website accordingly. In addition, you must understand your audience and design workflows that will ensure the visitors can view their products quickly.

You can depute eminent eCommerce website development to help you design websites that can appeal to your audience. You can assess their buying habits and formalize the best campaigns that can lead to increased revenues. Discuss and finalize the features you need on the website with the subject matter experts. If you have the budget, you can include some of the killer technologies on your website.

Finalizing the Platform

When you are planning to design a customized website, you must take time to finalize the platform. A lot of it will depend on your business goals and the features you wish to have on your website. The entire eCommerce website development process will depend on this activity. You can start by analyzing the elements you need on the site. Analyzing your competition can also be an ideal way to initiate this process.

The platform you choose must accommodate the features you need on the website. The website must run on a unified platform that can support all the modules necessary for an eCommerce website. In addition, it must allow excellent customer experiences along with on-the-fly marketing offers and on-time client servicing. You can be in touch with the best eCommerce website development services providers, who can provide expert advice on the ideal platform for your online shop.

Finalize the Website Design

You must use the help of experts to ascertain the project requirements and finalize the project plan accordingly. The features you wish to have on the website can also have an impact on the overall design. Also, keep your campaign strategy in mind and the buying behavior of your audience. The feature additions can be made in phases too.

While designing the site, you must also consider the SEO plan. If you plan to transition your earlier website, always have experts chalk out the transition plan. Your design must define the responsibilities of the different resources allocated to the project. Setting a realistic timeline can help to assess the incremental progress of the overall project.

Choosing the Template and Plugins

Once you finalize the design, you must choose the theme of the website. Then, you must take the services of a renowned eCommerce website development company that can help you select your website's theme. There are several options available, and you must consider the products offered and the overall branding of your online shop.

While selecting the template, you must keep in mind the design of the homepage and the navigational workflows that you prefer. The theme color and the use of images must gel with your branding guidelines. You must consult with an expert to finalize the UX design that would help your customers. Finally, based on the features chosen, you must select the plugins that you wish to have on the site. 

Additional Points to be Considered

The Competition

Your business plan will never be complete unless you assess your competition. So always have a comprehensive overview of your competition and constantly have a keen eye on their website workflows and campaigns. It will help you have an overview of the steps you must take to stay ahead of them.

Website Security

One of the critical sections of eCommerce website development is to ensure that it is secure. As the eCommerce website stores a vast amount of data, hackers are quick to target them. Always keep in mind that the SSL certificate is valid and renewed on time. Use the latest antivirus and firewalls to protect your data. It would be best to have security processes in place to prevent unauthorized access to your data centers. Ensure that your employees follow password best practices.

Maintenance and Support

You must have a renowned partner to maintain your website. It will need added features to stay ahead of the competition. Have regular support contracts with an adequate level of expertise. Ensure that the agreement covers technology upgrades, quality and security updates, etc.

How can PWA help in better eCommerce Website Development and Grab Mobile Audience?

As the eCommerce industry sees an unprecedented number of visitors, businesses must stay prepared to provide unique experiences to website visitors. A progressive web app (PWA) can help you provide app-level UX to visitors. By leveraging web APIs, it can offer a native mobile app experience. A study among developers shows that at least 46% of them believe progress web apps to be the way forward.

progressive ecommerce website development and application

The PWAs can cater to all users and are responsive enough to fit into any device screen. They can be accessed by a broader audience and can provide speedy page downloads too. They use modern web frameworks that lead to reduced development costs and timeframes. Due to a better user experience, they lead to improved conversions rates too. 

Websites must provide an excellent experience for mobile visitors. Search engines like Google give preference to the mobile experience. Moreover, Google has been supporting PWA since 2015. You can download a progressive web app on the mobile home screen for an improved experience. Push notifications can also be used to enhance the experience.

Conclusion

The ongoing COVID-19 pandemic has led to a shift in customer behavior, and more people are buying online. As a result, more companies are moving their business online and are experiencing increased revenues. It is also essential for them to engage a renowned eCommerce website development agency that can guide them in moving to a customer-friendly website and improve conversions.

We have discussed some of the points to consider before you can come up with the website. It will be helpful for you to beat the pandemic and see your revenues soar. Our experienced team of website developers can suggest various ways of developing a creative website for you. Reach out to us for more details.

Jul 07 2021
Jul 07

Once more, we have a selection of updates from across the Drupal community detailing the work they have been doing and ways in which you can contribute. This month, we speak with members of:

  • Promote Drupal
  • Easy out of the Box
  • Event Organizers Working Group
  • New Front-End Theme
  • Drupal Diversity & Inclusion
  • Drupal 10 Readiness

If you think you have something useful to add to any of these teams, please speak with the linked representative or the Drupal Association Community Liaison, Rachel Lawson.

What have been your priorities in the last three months?

Setting up committees to work on specific aspects of marketing Drupal.

And what has been your greatest success in the last three months?

We have three enthusiastic groups of volunteers meeting regularly to work on: the evaluator experience, promoting Drupal to developers outside the Drupal community and producing better marketing materials and campaigns around Drupal's strategic initiatives. Each group has defined a set of achievable goals and started the discovery phase of our work.

What has been your greatest challenge in the last three months?

It's a challenge to narrow down the work to be done because promoting Drupal is such a significant task. It's also a challenge to find iterative ways of improving Drupal.org given its scope and diverse audiences.

What have been your priorities in the last three months?

Since DrupalCon we have been actively recruiting contributors with the goal of having consistent contributors who can help on a regular basis. Having consistent contributors will really help move the issues forward.

And what has been your greatest success in the last three months?

Since DrupalCon, having Jessica Laila step in and create weekly meeting agendas and then facilitate the meetings in Slack has been huge. I have been promoting EOOTB to contribution day coordinators and as a result, we are going to have space at several upcoming camps to move issues along and introduce the initiative to more contributors.

What has been your greatest challenge in the last three months?

Time. Or the illusion of time.

We also have some issues that have little or nothing to do with code. There is a need for a wider demographic of contributors (designers, accessibility consultants, marketers). We would love to have some folks for ideation on some roadmaps, as well as some marketing folks to help us with promotion copy.

Do you have a "call to action" you want to make to the Drupal Community?

The first step would be to check out our weekly meeting in Slack. We meet in Slack on Mondays at 9am PT | Noon ET | 16:00 UTC.
The roadmap is located here: https://www.drupal.org/project/ideas/issues/3191533

Emilie Nouveau and I have the privilege of presenting a session detailing the initiative at DrupalCamp Colorado. If folks are not familiar with the EOOTB initiative they should check out the session and come to the contribution day to get onboarded.
DrupalCamp Colorado is August 6-8, with a contribution event that Sunday.
https://2021.drupalcampcolorado.org/

Event Organizers Working Group, by John Picozzi

What have been your priorities in the last three months?

Building awareness around the new events page on Drupal.org and prompting Event organizers to add their events. Our EOWG initiative leads have also been working to gain momentum on their specific initiatives. You can find out more about those at https://www.drupal.org/node/3200470

And what has been your greatest success in the last three months?

The improvements to https://www.drupal.org/community/events have been a great success and the group is working to keep the changes coming. We also have also made great progress with our On-boarding and Events website starter kit efforts.

What has been your greatest challenge in the last three months?

Time! The EOWG is a dedicated and talented group, however, all members have other (external) responsibilities that require their attention. These responsibilities prevent members from being able to devote as much time as they can to the EOWG.

Do you have a "call to action" you want to make to the Drupal Community?

Sure!

We're always open to new members, so if you're interested (and have time) please join our Slack and send us a message!

Also, to get involved folks can learn more about the work we are doing at https://www.drupal.org/node/3200470 and reach out to any of the EOWG members with questions.

What have been your priorities in the last three months?

Reaching stability and becoming the default.

And what has been your greatest success in the last three months?

We are SO close to becoming stable now. We have all known stable blocking accessibility issues (save for a number of auditing tasks), and all known stable-blocking bugs fixed. We're almost done with our technical debt issues, including getting some major work on automated tests committed just yesterday.

What has been your greatest challenge in the last three months?

We were hoping to reach stable by 9.2, but there were too many other things going on in core to make that happen. Automated testing was a real beast to get in, and had to be re-written more than once (special thanks to Brian Perry, and Matt Glaman for a lot of that work).

Do you have a "call to action" you want to make to the Drupal Community?

We're at the point now where we need a lot of testing. Please use the theme and let us know if you find issues :)

What have been your priorities in the last three months?

In April I became the new leader of the DDI initiative. While it's a great honor, it's a big change to transition from being a contributor and sideline supporter to being the lead! Thankfully, I've had plenty of support from members of the community and previous leaders in the initiative.

My main priority as DDI lead is to foster a stronger culture of collaboration, support, and problem-solving. Marginalized people in the Drupal community and those who support them face a variety of challenges, and I believe the best way to tackle those challenges is through sustainable practices, supportive systems, and reproducible procedures. We’re also taking a solutions-based approach to the feedback we receive and ask ourselves the following:

  • Are we the best entity to address this concern? Is there anyone who can assist with their resources and expertise?
  • How can we best address this issue? Do previous solutions exist?
  • Is there a way we can empower someone to bring about their own solution, with our help if needed?

As part of our efforts to have more sustainable practices, we've changed the cadence of our meetings, shifting to an every other Thursday format. This gives community contributors and leads time and space to work on initiative work before the next meeting while having an opportunity to check in on progress.

And what has been your greatest success in the last three months?

Our shift to a bi-weekly meeting cadence has given contributors a lot more breathing room and collaboration time than our previous pace, and we've seen an improvement to volunteer-life balance as a result. We’re able to spend more time working on solutions and forward progress. We’ve also been able to reschedule and launch the CFP and registration for DDI Camp -- the new dates will be 13-14 August!

What has been your greatest challenge in the last three months?

Many of our contributors have been going through life transitions, and while our new meeting pace has helped, it's still been rough at times. The team continues to be supportive of one another in our efforts and acknowledge that we are humans and volunteers and that caring for and taking time for yourself is often the best way to give back to your community. We’re in this together.

Do you have a "call to action" you want to make to the Drupal Community?

As mentioned earlier, Drupal Diversity & Inclusion Camp will now be held 13-14 August.

To learn more about DDI Camp, please visit https://www.drupaldiversity.com/initiatives/ddi-camp-2021
If you'd like to register for DDI camp, you can register at Eventbrite at https://bit.ly/ddi-camp
If you’re interested in speaking at DDI Camp, you can submit a session on Sessionize at https://sessionize.com/ddi-camp/

Please spread the word about this event! If you can, please nominate two people you know from marginalized or underrepresented backgrounds who would be great speakers for the event.

If you’d like to speak and you’re not sure, feel free to reach out to us! You can do both in the #ddi-session-help or #diversity-inclusion channels on the Drupal Slack

Finally, a big challenge we'd like to tackle is including more members of our international community in our efforts. We received feedback that at times the Drupal community (including us!) can come off as very US-centric, and we are doing our best to broaden our awareness and to do better. If you are a non-US-based member of the Drupal community and you have 5-10 hours a month to help us, please get in touch with us! We’d love your input.

Drupal 10 Readiness, by xjm

What have been your priorities in the last three months?

  1. We presented an Initiative Keynote on Drupal 10 to introduce the community to all the work that is underway.
  2. Our most critical priority remains the development of a CKEditor 5 integration module for Drupal core. We can’t release Drupal 10 without this upgrade, and CKEditor 4 is as different from CKEditor 5 as Drupal 7 is from Drupal 8. We are working closely with CKSource to make the upgrade possible.
  3. Drupal Rector has been very important for the Drupal 8 to 9 upgrade by covering the majority of changes to make to contributed projects and custom code. The tool was recently updated to the latest Rector library and work is underway to support Drupal 9. Soon work on covering APIs deprecated for removal in Drupal 10 can start.
  4. Upgrade Status now supports running on Drupal 9 and checks environment conditions against the proposed Drupal 10 platform requirements, alongside checking for deprecated API use. Drupal 10 readiness results of contributed projects is available on the Drupal 10 Deprecation Status Tracker.
  5. We continue to work on reducing our reliance on legacy jQuery code, especially for dependencies like jQuery UI, Joyride, and Backbone that are not actively maintained anymore. We're also building upon the Decoupled Menus Initiative's work on Standalone JavaScript Packages to provide modern replacements for legacy dependencies.

And what has been your greatest success in the last three months?

Drupal 9.2.0 has recently been released. Drupal 10 is being built in Drupal 9, just as Drupal 9 was built in Drupal 8, so there are many Drupal 10 compatibility improvements in Drupal 9.2. Some highlights:

We also added a new experimental Starterkit theme generator to Drupal core, although this is not available in 9.2 due to its alpha stability. The Starterkit theme generator will allow us to deprecate legacy base themes and will provide a better default experience for building Drupal themes in the future.

What has been your greatest challenge in the last three months?

We had really hoped to have a beta experimental version of the CKEditor 5 integration module in Drupal 9.2 to get wider testing, but we were unable to complete the requirements in time. Instead, we plan to create a beta-stability release of the CKEditor 5 contributed module so that it is available for testing earlier than Drupal 9.3.0.

Do you have a "call to action" you want to make to the Drupal Community?

We sure do! Test and give us feedback on the CKEditor 5 contributed module and the experimental Starterkit theme generator. We need your help to make sure these are on track to become stable in time for Drupal 9.3. Also, it is critically important to create Drupal-9-compatible releases of contributed modules so that sites can update to Drupal 9. Drupal 8 will be end-of-life in four months, and sites and modules can't be made forward-compatible with Drupal 10 if they're not compatible with Drupal 9! Join us in the #d10readiness channel in Drupal Slack. Initiative meetings are held every other Monday at 18:00 UTC, with threads open for 24 hours for contributors in all timezones.

Jul 06 2021
Jul 06
normal difficul

https://www.drupal.org/project/easy_breadcrumb

Credit & Thanks

Thank you to:

About the Easy Breadcrumb module

The Easy Breadcrumb module uses the current URL (path alias) and the current node title to automatically create navigable breadcrumbs.

Breadcrumbs are those essential navigational elements that show visitors where they are on a website. They look something like this:

drupal easy breadcrumbs module

Breadcrumbs help your SEO by revealing the hierarchy in your content. Google loves hierarchy because it helps them understand your content. Visitors love hierarchy, too, because it helps them figure out your site’s organizational structure.
 

Install and Enable the Easy Breadcrumb Module

  1. Install the Easy Breadcrumb module on your server. (See this section for more instructions on installing modules.)

    drupal easy breadcrumbs module install
     

  2. Go to the Extend page: Click Manage > Extend (Coffee: “extend”) or visit https://yourDrupal8site.dev/admin/modules in your browser.
     
  3. Select the checkbox next to “Easy Breadcrumb” and click the Install button at the bottom of the page.

There are no separate permissions required for the Easy Breadcrumb module.
 

Configure the Easy Breadcrumb module

  1. Click Configuration > User Interface > Easy Breadcrumb (Coffee: “breadcrumb”) or visit https://yourDrupal8site.dev/admin/config/user-interface/easy-breadcrumb in your browser.

    drupal easy breadcrumbs module configuration
     

  2. In the General Settings section, select the following check boxes:
    1. "Applies to administration pages"
    2. "Include the current page as a segment in the breadcrumb."
    3. "Remove repeated identical segments"
    4. "Include the front page as a segment in the breadcrumb."
    5. "Use the real page title when available"
       
  3. In the Title for the front page segment in the breadcrumb field, you may want to consider entering something more descriptive than “Home”. You could use your company name (or an abbreviation, if the name is very long) or experiment with using a keyword that describes your website, service, or product.
     
  4. Unless you have a reason to change them, leave all settings in the Advanced Settings section at their default.

    easy breadrumbs advanced settings screen
     

  5. Click the Save configuration button at the bottom of the page.

The Easy Breadcrumb module builds the breadcrumbs from the current page’s path. That is, each "/" becomes a part of the breadcrumb. The first breadcrumb comes from the Easy Breadcrumb configuration page while the title of the node becomes the last breadcrumb.

easy breadcrumb example

Did you like this walkthrough? Please tell your friends about it!

twiter social icon linkedin social icon pinterest social icon

Jul 06 2021
Jul 06

Configuration management is one of the greatest features introduced in Drupal. It enables developers to easily push configuration changes from their development environment to staging, and then to production environments. There are cases where certain configurations need to be enabled only on certain environments. For example, modules like Devel, Kint, Views UI, are enabled only on development environments, but we do not have these modules enabled on production. 

Fortunately, the Configuration Split module provides a means to accomplish all of these goals by keeping configurations into a separate directory so we can import it in a certain environment. And the Drupal 8 Configuration Split module is also supported in Drupal 9! In this article, you will learn how to split configurations across different websites using this amazing module.

Split Configuration

Setup and using the Configuration Split module

Installing the Drupal Configuration split module is like installing any other contributed module. Use composer to install it since it automatically installs all of the necessary dependencies. Open the terminal, within the project and enter the command.

$ composer require drupal/config_split

Create the split configuration

Once installed and enabled, we can create one or more "splits" to keep our configuration file in a separate folder.

  • Go to Admin > Configuration > Development > Configuration Split Settings
  • Click Add Configuration Split Setting
  • Enter a Label.
  • In the folder field, enter the folder name relative to the Docroot.
../config/dev_split

Make sure the machine name of your split is the same as the folder name.

Dev Split
  • Choose the module you want to split. In our case – the Devel Module.
  • Add your development modules setting files to the config split. In this case, we are going to completely split the configuration for Devel.
Complete Split
  • Click Save.

Activate a Split

Once the split is created, it needs to be activated in order to carry out a split. The Configuration Split module does not provide a UI for this purpose, but instead we can modify our settings.php file to activate the split:

$config['config_split.config_split.dev_split']['status'] = TRUE;

Where, dev_split is the machine name of the split we created earlier.

Now, export your configuration using drush cex. You should see that your development modules have been exported to the dev_split directory.

Dev Split
  • For our Development split, we need to have it activated in the development environment, but not in production. To do so, we add the following to our settings.php on our development environment.
$config['config_split.config_split.development']['status'] = TRUE;
  • For the Production site we won't add this code in the settings file, or we can also disable it explicitly by using below code:
config['config_split.config_split.development']['status'] = FALSE;
Jul 06 2021
Jul 06

As is our monthly tradition, we’ve compiled and recapped some of our favorite Drupal posts from last month. Enjoy the read!

Drupal 9.2.0 is available

One of the most notable Drupal updates from June was the release of Drupal 9.2.0. So, we’re kicking off this month’s recap with Gábor Hojtsy’s announcement of the release on drupal.org. 

Like with every new release, Gábor goes through what’s new in that particular version. Drupal 9.2.0 features optimizations to security and privacy, better default building blocks and fewer Drupal 10 compatibility issues, as well as other updates such as a simplified Drupal 7 migration path.

In addition, Gábor also provides a sneak peek of some of key upcoming features, before concluding with what the new version means for different Drupal stakeholders.

Read more about the Drupal 9.2.0 release

How Drupal can result in reduced Total Cost of Ownership

Next up, we have a blog post by Anthony Lindsay of Annertech discussing how the optimizations in the latest versions of Drupal result in lower total cost of ownership for modern Drupal websites, especially as compared to versions 7 and earlier.

While early versions of Drupal required a lot of custom development and cumbersome overhaul-like migrations when it came to updates, Drupal 8 and 9 have introduced huge improvements, with much smoother upgrade paths and more out-of-the-box features.

Taking all of this into account, Drupal 9 is truly a future-proof technology which can serve as your digital foundation for years to come.

Read more about the lower TCO in Drupal 8/9

Drupal 8 & 9 Theming: How to Render and Format JSON Data With PHP and Twig Using the JSON Field Module

In the third post we’d like to highlight, Danny Englander shows how to use Drupal’s JSON Field module to format and render data. He does this with a custom preprocess function and Twig template.

First, you need to set node definitions and check for the instance of a node, then check if the JSON field exists and is not empty with a PHP magic method. Next, use Xdebug to get the plain value of the field and convert the value into an array. To complete the preprocess function, create a template variable and then render it in the Twig template with a loop.

Read more about the JSON Field module

Speaking at Drupal Events: A Non-Code Way to Contribute to Drupal

We continue with a post by BounteousIrene Dobbs sharing her experience of presenting at a DrupalCon for the first time. She provides some key tips for getting through the speaker application process and talks about what helped her the most as a first-time speaker and new member to the Drupal community.

The topic of the presentation was the process of Bounteous’ rescuing the TB Mega Menu module, which they had customized to their own needs and decided to apply for ownership and salvaging the project. This way, they actually made a double contribution to the community: rescuing the module, and presenting about it at DrupalCon.

Read more about Bounteous’ DrupalCon session

Demystifying components integration with Drupal

Another great post from June comes from Mario Hernandez who describes his approach to integrating components into Drupal without the use of PHP. Mario works on the basis of an article by Evan Willhite of Four Kitchens, but shows how to achieve the same result by only using Twig and no PHP.

He’s able to do this by working directly with the node entity rather than with a Paragraph type. He creates a new Display view mode called Card and then integrates it with a Node template. Finally, he creates a view to display a collection of Card nodes, which uses this Card view mode instead of fields.

Read more about integrating components into Drupal

All You Need to Know About Drupal 10 Readiness

Moving on, we have a post by GOLEMS GABB about the release of Drupal 10 planned for next year and how to best prepare for it. They start off with the dates for the planned release and the two potential fallback dates, then continue with what will happen in terms of end of life for versions 7, 8 and 9.

The next part of the post focuses on Drupal 10, beginning with the expected new features: updated dependencies, easier out-of-the-box experience, automated updates, decoupled menus, a new front-end theme and a streamlined site builder experience. In the final part, GOLEMS show how to ensure that a Drupal website is ready for Drupal 10.

Read more about Drupal 10 readiness

Getting Started with Views in Drupal

This next post, written by WebWash, serves as a great guide for getting started with working with Drupal Views. Its first section shows how to create a simple View of published articles and explains the key parts of the Views configuration interface. 

The next few sections show additional things you can do with Views, such as customizing them, but also more advanced use cases, i.e. creating Drupal blocks or creating the admin page by using Views.

For those who prefer learning in video form, the post also includes a video in which WebWash’s Ivan Zugec goes through and presents all the article’s sections.

Read more about getting started with Drupal Views

Improve Your Users' Experience with Quicklink 2.0

In the final post that we’re including on our list for June, Lullabot’s Mike Herchel presents version 2.0 of the Drupal Quicklink module which provides Drupal integration with Google’s JavaScript library Quicklink. The new version enables better control over link prefetching, with the brand new features Request limit, Concurrency throttle and Idle timeout value.

Other new features include the option of ignoring configured selectors; auto-disabled JavaScript polyfill which used to provide support for the Intersection Observer API for older browsers; and better testing coverage. While the module is currently still in beta, Mike points out that they’re already using it at Lullabot and gives extra info on the next plans for it.

Read more about the Drupal Quicklink module

Couple having a view of bay during sunset

If you enjoy these monthly recaps and don’t want to miss future ones, follow us on Twitter and make sure you’re up to speed with all our latest updates.

Jul 06 2021
Jul 06

In a previous post, Dan Lemon wrote about the importance of upgrading from Drupal 8 to Drupal 9 and how we tackle each step in that process. With more client projects upgraded now, I want to share more benefits, some difficulties and tips from our journey. 

With the release of Drupal 9.2 in June 2021, it is a good time to insist that a Drupal 9 upgrade is not only about staying up-to-date, closing security gaps, and getting deprecations removed – but it also has new features such as increased performance or support for the WebP image format. All this, just by installing regular updates.
 

The Good


The days of long Drupal 7 to Drupal 8 migrations are over – now it is more a process of keeping the code up-to-date. This increases collaboration efforts within the community to get Drupal 9 compatible releases of the modules and themes installed in Drupal 8. We even had a very pleasant surprise with a module seeing a release with our changes included in less than 2 hours. It is great to see free open-source software in motion.

Updating projects to Drupal 9 has another positive effect, it allows an overview of ALL the modules on the site, so we can question whether we even need them in the current state of the project. If no longer necessary, we can remove them and, if needed, the way forward is to update them to a Drupal 9 compatible version. This is a great clean-up exercise that we don’t normally do for modules when we just update minor versions of Drupal core. Getting familiar with this process is crucial in preparation for what’s to come: Drupal 10 – the new major version of Drupal which will be available next year.

As time passes we see more and more modules with Drupal 9 releases and that makes it easy to upgrade a site. Remember that if you see an abandoned project you can always offer to take it over and give the code a new life. At Amazee Labs, we support a good number of modules so we are happy when we are given the chance of getting more projects updated.
 

The Bad and the Ugly


Although the upgrade status module is constantly getting better with updates and is the best tool to get the site ready for Drupal 9 (and Drupal 10), it is not a silver bullet and there are still code patterns that it won’t detect as deprecated. So we always set aside some hours to actually get the site to Drupal 9 on a non-production environment and perform some tests to confirm all is working as originally intended. Particularly, we found some usages of the now-deprecated EntityManagerInterface to require some investigation to change the code to one of the 11 classes it has been split into.
 

Tips and Tricks


As mentioned before, not all modules declare their compatibility with Drupal 9 but many of them are actually compatible. The main problem is that Composer will detect it as incompatible and will therefore not download the code – making patching, not an option. For that situation, we use Composer inline aliases that allow us to use a certain version of a package but declare another for compatibility purposes.

For example 

"drupal/core": "9.1.4 as 8.9991"

The composer.json file will get Drupal 9.1.4 installed, but all the modules that are only compatible with Drupal 8 will be happy with the situation and resolve all the dependencies successfully.

Talking about Composer, I can’t stress enough how beneficial it is,  during this kind of upgrade, to also update Composer to its latest version, especially if you are using any version older than Composer 2. I usually take around one hour to get a site ready for Composer 2, but the time saved in the long run makes it worthwhile very quickly.
 

Not only Drupal can be migrated to Drupal 9


Drupal can cover migrations from Drupal 6, 7 and 8, powered by a flexible API that can take many kinds of data formats and transform them into the native Drupal SQL table system. 

Do you want to talk with us about upgrades? Whether you’re operating on Drupal 7 or 8, or any other system – we’re ready to help. Get in touch with us and upgrade to Drupal 9 today!

Jul 05 2021
Jul 05

Drupal is an open-source CMS that helps websites have rich features that help to increase visitors. More than a million websites are on Drupal, but web admins are still worried about Drupal website security. Most websites request visitors for their personal information for various reasons. They also store their login information, while e-commerce sites also store the financial information of the visitors. Therefore, it becomes necessary to ensure the platform is secure to prevent a data breach.

  • Keeping the Modules Up to Date

    There are frequent updates in Drupal, and the upgrades plug the security gaps in the earlier versions. Like all other applications and CMS, you must always upgrade the website to the latest versions of Drupal. You can download the newest version over the Drupal repository, and they usually come with several new security features.

    You must always use only trusted modules and themes to ensure a secure Drupal website. The web admin can readily check for the available updates from the Drupal admin and download them. When you plan to update the Drupal website, always take a reliable backup of the site.
     

  • Have a Backup of the Website

    There could be an unforeseen event that may cause damage to the website. While such events cannot be foretold, web administrators must be prepared for them. The damage can be mitigated by taking frequent backup of the website. You can use the Backup and Migrate module for handling the backups, and it should be high on the Drupal security checklist.

    You can have both online and offline backups of the website. The default setting can allow you to have a download of the backup but can also make changes as per your needs. The Backup and Migrate module enables the transfer of the backup files to a pre-set address. After making the changes, you must click on “Backup now”.

    There are advanced backup options, including providing a timestamp to the file, encrypting the files, and changing the compression format. In addition, the Schedules tab can allow editing of the backup schedules as per the requirement. You can also use the CLI method for backup that can be done in two ways, viz.

  1. Using Crontab and Native Commands based on the backup
  2. Using Drush in combination with the Crontab
  • Follow a Strong Password Policy

    Strong passwords are the essence of website security. Your company must have a robust password policy that will ensure that the users use strong passwords for their access to the website. The passwords will be used by the web administrators and the users too. All of them must have strong passwords that follow global best practices.

    Always ensure that the passwords provide strength through complexity and combine characters and alphabets but not necessarily in a sequence. The Password Policy module can define the constraints that should be met before the changed password of a user can be accepted.
     

  • Login Security

    You must cap the number of login attempts at a time, and versions above Drupal 7 allow this feature. The Login Security module provides access control that can deny IP access to the entire website content. The administrator can also deny access to specific IP addresses permanently.

    Emails can also be sent to the administrator to know when password or account guessing is happening. Any unexpected login behavior can also be intimated. The Login Security module can also disable the login error messages of the Drupal core. There is an option whereby the users can see the last login along with the timestamp.

    A Flood Control module acts as an interface for the flood control variables. It allows the administrator to remove user IDs and IP addresses from the flood table. The automated logout feature allows the user to be logged out after a predetermined time of no activity. In addition, there is an ability to ensure role-based timeout or disabling timeouts based on assigned roles.
     

  • Setting up the Two-Factor Authentication (2FA)

    The two-factor authentication mechanism requires a physical device in your possession. As an additional security feature, the user must enter a code to log in. The code would be sent to the device selected by the user. It is easy to set up this additional feature using the 2 Factor Authentication module of Drupal.

    There are 15+ 2FA methods, including the Google Authenticator. The features include IP whitelisting, domain-based, role-based 2FA. Even if the registered device is lost, alternate login methods like OTP over email and security questions are supported.
     

  • Limit the Access to User Accounts

    One of the ideal Drupal security best practices is to limit access to the account. The users who have access to the back end add to the security risk of the website. The web admins must restrict the access to only the developers who need to access it, and that too for a specific time. The admins must check the user accounts and stay aware of who all have full access to the back end and whether they require the access anymore.

    Roles can be assigned to the users, and the setting can be customized. Apart from the administrator rights, you can allocate these rights to users too:

  1. Provide read-only access without the ability to change content
  2. Add content without any modification rights
  3. Modify or add content
  • Spam Protection

    To ensure a secure Drupal website, you must protect it from spam. Drupal has anti spam features that keep it safe. The Honeypot module prevents spam bots from completing forms on the site. It is effective against several different spambots and caters to all types of forms on the site.

    Antibot is another module that prevents form submission by bots. It can also prevent spam submissions and can protect the forms while continuing to cache the page. It does not require any integrations and works on mobile devices too.

    The use of captcha has long been the ideal way to block bots. The Captcha module prevents spam submission by bots and can be used by any user-facing web form. In addition, there are other spam filtering solutions like the Antispam module that can ensure Drupal website security using the Akismet antispam services.
     

  • Ensuring the Drupal Core is Secure

    The core should always be updated to the latest version. You can follow the Drupal Security team on social media channels for alerts on updates. A Security by Design framework allows designing the website such that the impact of any vulnerability is minimized. The security best practices must be followed at the architectural level.

    The Paranoia module in Drupal helps to prevent an attacker from gaining additional permissions on the Drupal site. It identifies the vulnerabilities and notifies the web admin when the hacker tries to evaluate the PHP through the web interface.
     

  • Database Security

    As a security precaution, you must block access to the critical files at the back end. You can change the table prefix to make it difficult for an intruder to guess and initiate SQL injections. The table prefix can be changed when installing Drupal.

    While setting up the database, click on the “Advanced Options”, you will come across the host, port number, and the Table name prefix fields. Insert the table prefix there. If you have named the database, change it, and make it more difficult to guess.

    The administrator must restrict access to the server while constantly monitoring the server access. The server signature must be hidden, too, and keep the port numbers hidden from public access. As a general feature, always keep the core updated to the latest version.

    Drupal also allows you to encrypt the database. You may encrypt parts of the database or the whole of it. The Drupal configuration can pass the encryption laws or privacy standards.
     

  • Install an SSL Certificate

    It is essential to install an SSL certificate to protect your website. Moving to the HTTPS protocol will ensure that the communication exchange with the visitor's browser is encrypted. No third party can have access to this information, and the source is authenticated too. It can prevent man-in-the-middle attacks and ensure that your website is safer. Moreover, it can also help in SEO and improve site performance.

Conclusion

There is a need to improve the security of your Drupal website. You can start by having stringent password policies and keeping Drupal up to date. You can also deploy security plugins and use an SSL certificate. We have discussed the ways you can keep the website secure. You may also reach out to us to initiate a discussion with our experts about how to secure your Drupal site. We will await your call!

Jul 05 2021
Jul 05

Ek_jitsi 2.0.0-rc1 release

EK_jitsi is an integration of Jitsi video conferencing solution.

By installing this module you can:

  • create block to access Jitsi videos from your site

  • join existing room based on room name

  • create room with random name in 2 clicks

  • insert Jitsi video field into content pages

The latest beta release includes the video content field. It can be added to content like basic page or article.Embed field start a video room automatically based on the page title or alias as jitsi video url. Multiple settings are available to set custom jitsi server, script or display options.

If combined with a timestamp field, you can set a video start date and the page will show a countdown before start. This feature can be used for instance to send invitation in advance to join a conference at a certain time.

timestamp video

Documentation is available in Drupal and an installed demo is available here (You may access 2 content pages that demonstrated the embed field, one with a timestamp feature that launches video on a future date and one with active video field).

Jul 03 2021
Jul 03

Drupal has scaled the heights of success through its community contributions and group collaborations. It additionally came up with some strategic initiatives that allowed its users to attain optimal benefits by securing their software and sites, making it user-friendly for all. One such primary initiative, Drupal 10 Readiness will be looked at closely in this article. 

How strategic initiatives significantly contribute to Drupal

Drupal majorly emphasizes implementing its numerous suggested strategic initiatives and endless innovation. The large architectural change in Drupal 8 and 9 that was brought by Drupal 7, is a good example of continuous innovation within the community. Dries Buytaert, the project lead and founder of the Drupal project believes that strategic initiatives play a significant role in the success of Drupal. After gaining support from community collaboration, these initiatives could produce exceptional developments driven by forces such as:

  • Market relevance was enhanced by improving editorial, developer, and customer experience. 
  • An idea of building an open-source digital platform experience.
  • Engaging with the core maintainers.
  • The opportunity of validation by community decisions and collaborations.
  • Usability studies and survey data availability.

Once these initiatives are suggested, they are put across to the planned initiative stage where every initiative is built up with plans and strategies in detail. After finishing this stage, the initiative finally moves towards the active initiatives stage. This is the process of how an initiative comes into place. To know more about how community initiatives are proposed and how strategic initiatives come about in Drupal, read here. Also, learn what’s happening with Decoupled menus initiative and Automatic updates initiative. Moving forward we will explore one of the most essential strategic initiatives of Drupal i.e. Drupal 10 Readiness which keeps us curious to know more about the future of Drupal 10. Before we move on, here's the complete guide on Drupal 9, the burning questions on Drupal 9, the Drupal 9 upgrade and migration particularsmust-have modules to start Drupal 9 project, configuration management strategies, and web development strategies that are specific to Drupal 9 project.

Familiarising with Drupal 10 Readiness

Illustration with a diagram describing Drupal 9 features that need to be updated before its end of lifeSource: Drupal.org

The Drupal 10 Readiness aims at providing an agenda to ensure that Drupal 10 gets released by 2022, also maintaining the security status along with keeping it up-to-date. This initiative provides the Drupal 10 roadmap and primarily focuses on:

  • To identify the tasks that are to be completed before the Drupal 10 release, emphasizing updating dependencies and eliminating deprecated APIs.
  • Support contributed module maintainers to move forward while also keeping modules updated. 
  • Plans to release Drupal 10 by the summer of 2022 or if not surely by December 22.

The Drupal 10 Readiness initiative was launched at the DrupalCon Global 2021 and has started putting down the plans into action. This further will help in ensuring the release of Drupal 10 in 2022 as per planned by the Drupal community. Although the exact Drupal 10 release date is yet not fixed, it is still planned to be released by June 2022. So, here are the Drupal 10 features. Take a quick look. 

Illustration showing multiple circles describing the Drupal 10 features proposed in Drupal 10 readiness initiative


Drupal 10 is built on Drupal 9. There is one major exception, the CKEditor 5 project is being built as a contributed module so that it can be easy to test it and also make it easier to collaborate upon. 

Both PHP 8 and Composer 2 support shipped in Drupal 9. Backporting of composer 2 was made to Drupal 8 but the same was not possible for PHP 8 compatibility. For Drupal 10, PHP 8 will be needed as PHP 7 to be ended by November 2022.

Symfony 5 is good but Symfony 6 will be better. Since Symfony 4, one of the two main drivers of the Drupal 10 timeline is to be ended by November 2022, so a plan has been made to be updated to Symfony 5.  The Symfony 5 compatibility issues are also resolved, which can be an added advantage. In the case of Drupal 10, Symfony 5 will be on the long-term supported 5.4 branches, which would "only" be security supported till November 2025, providing Drupal 10 a 2.5 year lifetime. The Drupal team is trying to update Symfony 6 at the same time, making an effort to resolve incompatibilities identified in Drupal 9. Since Symfony 6 development is not itself open yet, they are only able to work on things that are previously deprecated.

CKEditor 4 to 5 update needs more support. One of the motivations behind the Drupal 10 timeline is CKEditor 4 support lasting till 2023.  As of now, CKEditor 5 support is being worked on in a dedicated contributed module.  Drupal is actively collaborating with the CKSource team on runtime plugin support (Webpack DLLs), general HTML support (to avoid the loss of data while using CKEditor 5 on legacy content), etc. Some of the benefits of CKEditor 5 include optional collaborative editing functionality (using a paid server component).

Feedback needed for Starterkit theme prototype. It’s a Drupal-theming paradigm shift. Duplication can be avoided by inheriting from runtime base themes but at the same time, it can cause serious issues for innovation and make Drupal support old bugs not to break live sites. So, rather they try to provide built-in support for generating a theme in a core that is based on a prepared starterkit. 

The jQuery UI components have replacements prototyped, requiring reviews. All the jQuery UI components and numerous uses of Backbone. JS have replacements prototyped: dialog, toolbar, tabbing manager, autocomplete, tours, etc. They are in need of feedback. 

Internet Explorer 11 support to be dropped. An agreement is made to drop support for IE11 from Drupal 10. The official announcement will be made shortly. 

Some one-off feature modules might be removed. Drupal decided to deprecate the aggregator module in Drupal 9 and eradicate it in Drupal 10. There will be a removal of some other single-use core modules which lack momentum and maintainers. They are also taking the initiative to indicate individual module lifecycle states.

Now that we already know Drupal 10 is slated for a mid-2022 launch, more and more contributions will be paramount to the initiative’s success. Here are some recent updates on the initiatives shared in the DrupalCon Europe 2020 and DrupalCon North America 2021:

[embedded content]

[embedded content]

[embedded content]

 

[embedded content]

Conclusion

Drupal strategic initiatives are constantly making an effort to escalate the productivity level of the community leading to remarkable expected results and outcomes. Drupal 10 Readiness is such a strategic initiative that depicts the future of Drupal 10 for which we all are excitedly waiting. So, this article was written to prepare you for Drupal 10 and help you get the proper insights into its significant functionality. Hope you are now ready for a Drupal upgrade.

Jul 01 2021
Jul 01

On the surface, there’s not much about Drupal support and maintenance that seems compelling. 

The exciting part, of course, is the design, development, and launch of a new site -- this phase is full of promise, game-changing possibilities, and anticipation on many levels. 

If the fundamental difference between Open Source and proprietary or licensed software was not made abundantly clear at the outset of the engagement, there can be questions concerning why support is needed on a brand new site. Drupal site owners sometimes find themselves wanting to wing it when it comes to support -- or at least delay a support arrangement for the near term.

Spectrum of Drupal Support

As the Director of Support Services here at Promet Source, my team and I are passionate about great Drupal support relationships that add value on multiple levels. Drupal support is not a commodity. It’s a relationship that stands to set your site, and your entire organization up for success over the long haul.  

Committed to both the Drupal community and the success of our clients, while recognizing that the spectrum of Drupal support can range from so-so to stellar, we recently determined that the following six factors are what combine to create a Drupal support relationship that secures essential data, maintains a consistent user experience, creates confidence, fuels organizational growth, augments staff expertise, and ensures the site stays on the leading edge of what’s new, next, and needed. 
 


1. Get real about Open Source vs. proprietary software.

And make sure key stakeholders understand these distinctions, as well. Open Source software is freely available, the code base can be inspected, modified or enhanced, and there are no licensing fees associated with its use. Proprietary software, on the other hand, is owned and managed by an organization that holds exclusive rights to the source code. There are licensing fees associated with use of proprietary software, which covers ongoing upgrades and security fixes. 

The flipside of Open Source is that keeping the site secure and up to date requires ongoing maintenance and support. 

At Promet Source we are devotees of both Open Source and Drupal for a host of reasons that include greater security and functionality due to consistent and thorough vetting and review by the global community.  And while Open Source tends to be considerably more cost effective than proprietary solutions, it’s essential to keep the concept of “free” in perspective. Keeping an Open Source Drupal site secure and up to date requires ongoing support and maintenance. 
 

2. Get informed about the basics of your Drupal CMS.

Learn what versions of Drupal, PHP database software, and operating system you are currently running on. All four need to work together and the longer that an older version is operating without updates, the greater the security risk. If you do not have this information, it tends to be a standard component of a support audit, if one is performed. Be sure to document these critical stats and keep them top of mind. 

3. Elevate security to its rightful place. 

Security needs to appear at the top of the list of support relationship requirements. The essential question concerning security is no longer whether your site contains sensitive financial or medical data that needs to be protected. The question is whether and to what extent your organization would be disrupted if your site was compromised or disabled. Keep in mind, there are no shortage of bad actors at large for whom hijacking a site is a sport. Failure to update your site as needed can result in unnecessary exposure on many fronts. The most effective means to confidently guard against a potential security breach is a solid support relationship that includes security monitoring and regular system updates. 

Drupal Core security advisories can be released by Drupal at any time, however they are generally released on the third Wednesday of each month. Some months there isn't an update issued at all, historically, there tends to be four to six updates every year. 

The Drupal community also issues security updates for core that it categorizes as “minor,” as well as ongoing security updates for contributed modules -- all of which need to be addressed, fixed, and tested. 

Hosting stack security is another essential Drupal support factor. All hosting stacks for Drupal sites contain a minimum of four items: an operating system (Centos/Ubuntu/etc, a database (mySQL, SQL), PHP and Drupal. If your support partner does not manage your hosting relationship, they need to ensure that they are in sync with your hosting company’s system administrators to ensure ongoing and seamless integrations. 

4. Consider what else you want your support relationship to accomplish.

Beyond security, determine what specifically you want your support relationship to accomplish. This can include an audit of core and contributed modules; a cleanup of unused code, metrics concerning ADA web accessibility and SEO, and UX consultations, and insight into migration timetables.

While initial consultations with your support partner can help to clarify objectives, the better understanding you have of what you want your support partnership to look like, the better positioned you will be to choose your partner wisely.

5. Think big picture.

Drupal support can be narrowly defined and confined to a limited checkbox of services, or it can be built upon a relationship with a partner that has access to a depth and breadth of expertise to power your site to the next level as needed.
 

6. Move forward with confidence.

Having earned the trust of countless Drupal support clients, I can say that trust is a critical component of a productive support partnership. You absolutely need to:

  • Trust that your site is updated and secure, 
  • Trust that your support partner has your best interest at heart, 
  • Trust that your partner is proactively bringing solution and ideas to the table, and 
  • Trust that your support partner has the expertise and capacity to do what’s right.

Bottom line: If your Drupal support relationship is not defined by a high degree of confidence and trust, with a track record of exceeded expectations, then it’s time to look for a new Drupal support partner.

Partnering with Drupal support clients to ensure that their Drupal CMS remains a well-oiled machine that works as promised, evolves with the organization, and stands up to the expectations of clients, is a particular passion for us at Promet Source. Looking to start a conversation about what stellar support can look like? Let’s talk!


 


 

Jul 01 2021
Jul 01

Drupal's contribution recognition system leads the way in open source. We are the first community to allow contributors of all kinds to attribute their work as a volunteer, on behalf of an employer, or on behalf of one or more client organizations. This has given us a level of insight into our contribution ecosystem that helps us make better decisions about how to govern the project. Our system is now the basis for a proposal to adopt a new metric by the Community Health Analytics Open Source Software (CHAOSS) community, as well as by other organizations like IEEE and GitLab.

While we're excited to see this model adopted more widely - we're also continuing to expand our own systems for recognizing contribution.

Today Drupal primarily recognizes individual contribution activities in the form of issue activity on Drupal.org. This system works very well for traditional projects and issues centered around code, documentation, or even organizing initiative meetings. However, in addition to activity-centric contributions there is also role-centric contribution wherein an individual (often with the help of a sponsoring organization) holds a key position within the community.

This might include a Translation Group Manager, a Contribution Mentor, a Drupal Association Board member, a Drupal Camp organizer, or many, many other roles that people hold in the community.

Now recognizing: Contributor Roles

That's why we've introduced a system that allows every user on Drupal.org to identify the community roles they hold, and (where appropriate) provide attribution to any sponsoring organizations.

On your user profile, this looks like:

Contributor roles on user profile

And on a sponsoring organization profile, you'll see the list of contributor roles they sponsor: 

Contributor roles on organization profile

A note on how we use contribution data:

  • Contribution activity and roles held by individuals are collected and displayed to provide recognition—not to rank!— to individuals. We believe ranking individual contributors is an unhealthy model that doesn't account for the privilege of free time
  • On the other hand, where support for a community role is attributed to an organization, this contribution data allows us to provide both recognition and ranking of organizations in our ecosystem. It helps us promote the organizations that contribute the most to the  Drupal project - and to promote good citizenship to others. 

Next steps

Edit your Drupal.org profile to enter information about your past and present roles in the Drupal project (in the "Contributor roles" vertical tab of the profile edit page).

The list of roles to choose from is a work in progress. If you have contributed to the Drupal project in a way that is not yet covered by a role in the role browser, please create an issue and describe the role or roles that should be created.

Editing your contributor roles

In a few weeks time, we'll be updating the Marketplace ranking algorithm to recognize those organizations which have sponsored these key community roles. Organizations that have long sponsored people in these key community positions will likely see an increase in their marketplace rank.

P.S: Upcoming Tune-Ups to the current marketplace algorithm

In addition to the addition of these new contributor roles, we are also going to be tuning the weight of some of our existing contributions.

We have now passed the one-year mark from the Drupal Cares campaign, and will be expiring the temporary ranking boost we gave to contributing organizations.

We are also re-prioritizing the bonus for case studies. Previously, Drupal 8 case studies were worth a premium of contribution credit, because we needed great stories to tell. That bonus will be reduced in favor of a bonus for Drupal 9 case studies (and Drupal 10, upon release).

We will also soon be adding organizational credit for DrupalCon sponsorship level, and Discover Drupal program sponsorship.

In order to avoid disruption when these algorithm updates go live in a few week's time, now is the best time to make sure you've updated your recorded contributions.

For more general information about how contribution credit works, consult our contribution recognition landing page.

Jul 01 2021
Jul 01

https://www.drupal.org/project/google_tag

Credits & Thanks

Thank you to Jim Berry for creating and maintaining the Google Tag Manager.

About the Google Tag Manager Module

Even though installing Google Tag Manager (GTM) on your Drupal site adds a layer of complexity, it is far more flexible (and powerful) than Google Analytics (GA) alone:

  • GTM can be set up to track advanced analytics, like Scroll Depth, Link Clicks, & Video Playback information.
  • GTM makes it easy to install custom tracking, like LinkedIn Insights or Facebook Pixel, without developer help.
  • GTM makes it easier to track transaction data, like order amount, which is essential for ROI calculations for your ad campaigns.

While not difficult, it does take a little time and effort to complete. Below are the steps Volacci goes through to do a Google Tag Manager install on all our clients’ Drupal websites.
 

A NOTE OF CAUTION IF YOU ALREADY HAVE GOOGLE ANALYTICS INSTALLED

Except in very special cases, you do not want to have both the Google Analytics and Google Tag Manager modules (or embedded code snippets) enabled on your site at the same time -- it can skew your Analytics. We recommend coordinating the Google Tag Manager installation & configuration with disabling your Google Analytics module. Contact your developer if you have questions on how Google Analytics is currently installed on your website -- or if you have multiple GA codes deployed, which can complicate things further.

Google Account Sign Ups

While we offer top level instructions in this section, you may need to find additional resources on the exact steps for signing up for these accounts. Google tends to change things periodically, so it’s best to find their step by step instructions. We've included links to their current instructions in this section.

  1. If you don’t already have one, sign up for a free Google Account.
     
    This will include a gmail account. If your company already uses Gmail for email, then you can use that Google Account. You’ll use this account for all the sign ups that follow.
     
  2. Sign up for Google Analytics for your website. When you complete this process, you will have created a property for your website on the GA admin Tracking Info > Tracking Code page. There will be a tracking code there that looks something like this:
     google tracking id sample
    We recommend opening a text editor and copying and pasting this tracking ID so you have it handy for your GTM set up. You’ll be using this text document again later, so leave it open.
     
  3. Create a Google Search Console (GSC) account for your website. This account will track organic (search) traffic to your website and can also be integrated into your Google Analytics (GA) account.
     
    For information on integrating GSC into your GA account, go here for their detailed instructions.
     
  4. Set up your website’s Google Tag Manager account.
     google tag manager set up screen
     
  5. Fill out the Account Name and Container name fields with your organization’s and website’s information, and select “Web” under Target platform.
     
  6. Click Create, agree to the terms of service and GDPR rules, and you should be presented with a pop up window containing two different code snippets. The top one will look like this:
     google tag manager snippet example
     
  7. Highlight the GTM-XXXXXXX number as we have in the example above.
     
  8. Copy and paste that number into the same text editor you placed your Google Analytics tracking ID.
     
  9. Deploy Google Analytics using Google Tag Manager by following Google's instructions. NOTE: You’ll need the UA-XXXXXXX-1 number you pasted into your text document for this step.
     
  10. Submit your XML Sitemap to Google by following Google's instructions.
     

Install The Google Tag Manager Module

You may need to get help from your developer with this process. Contact them should you have any questions or issues. Sending along a link to this page could help speed things up.

  1. Make a backup of your website. If something goes wrong, you’ll need to restore your website from a backup.
     
  2. Install the Google Tag Manager module available here: https://www.drupal.org/project/google_tag

    NOTE: Drupal module installation instructions can be found here: https://www.drupal.org/docs/extending-drupal/installing-modules
     

  3. Once the module is installed, make sure it’s enabled by going to the Extend page of your website: Click Manage > Extend or visit https://yourdrupalwebsite.com/admin/modules.
     
  4. In the search box, enter “google tag” to find the Google Tag Manager module.
     google tag manager drupal module installation
    • If the check box next to the module is checked, then the module has been enabled and is ready for configuration. Move on to Configure The Google Tag Manager Module.
       
    • If the check box next to the module is not checked, it will need to be enabled.

      If you have permissions to enable a module, you can select the check box next to the module, and click the Install button at the bottom of the page.

      NOTE: If you do not have permissions to enable the module, you’ll need to contact your web developer to enable it and give you the appropriate permissions to install and configure the GTM module.


Configure The Google Tag Manager Module

Make sure you have that text document handy that contains the GTM container ID that was generated above.

  1. On your Drupal site, go to Manage > Configuration > System > Google Tag Manager or visit http:///admin/config/system/google-tag in your browser.
     
    This will take you to the Google Tag Manager containers page.
     google tag manager containers
     
  2. Click on the + Add container button. This will take you to the Add container page.Drupal google tag manager containers creation page
  3. Enter a relevant name in the Label field.
     
  4. In the Container ID field, enter the Container ID  (GTM-XXXXXXX) you copied from Google Tag Manager.
     
  5. Leave all other settings at their default.
     
  6. Click the Save button at the bottom of the page.
     

Testing Your Installation

We recommend testing to make sure your Google Tag Manager is properly installed and configured. Here at Volacci, we test in several different ways using the Chrome browser. If you use a different browser, some of these methods may not work.

  1. Go into the Google Tag Manager workspace for your website and follow Google's instructions for testing with Preview mode.
     
  2. Install Google Tag Assistant within your Chrome browser. 

    For additional information on how to use Google Tag Assistant for testing and troubleshooting your Google product installations, visit Google's support page
     

There you have it. You should be all set to gather Google Analytics data and make deployment of 3rd party scripts to your website much easier.

We always try to make sure our posts are as accurate and up to date as possible. If you find something is wrong, or you have a question, please feel free to contact us with any questions or feedback you might have.

And remember, Volacci stands ready to help you implement your Google Tag Manager and Google Analytics should you need us to.

Did you like this walkthrough? Please tell your friends about it!

twiter social icon linkedin social icon pinterest social icon

Jul 01 2021
Jul 01

We're Platinum Sponsors!

With our Gold Sponsorship and contributions at last year's event, we are excited to announce that we've taken the plunge and will be Platinum Sponsors this year!

We're busy getting our papers submitted and hope to have a number of very insightful sessions throughout the conference.

As usual, we will be preparing and writing questions for "Trivia night". The Trivia event has been one of the highlights of DrupalCon for many years, ever since the first one at DrupalCon Chicago 2011!

Watch this space for further announcements about Annertech's speaking engagements and other contributions for what is going to be an event not to be missed for all things Drupal.

Jul 01 2021
Jul 01

Drupal StewardAfter several years of hard work, the Drupal Association and the Drupal Security team are pleased to announce that Drupal Steward is now available to all.

What is Drupal Steward?

Drupal Steward is a web application firewall that bridges the gap between the time when a security release is announced and when your site is fully updated with the new security patch. This globally distributed service from the Drupal Security Team and the Drupal Association provides immediate, affordable protection for your website while giving your IT team the flexibility to implement site updates without disrupting other priorities.

How can Drupal Steward help me?

Drupal security releases happen on Wednesdays. Both the good actors, site owners like you, and bad actors, people trying to hack your site, learn about a vulnerability at the same time. Rare highly critical vulnerabilities could potentially be exploited within four hours of the release. Because of this, your teams must stay on alert during any security release window for a highly critical vulnerability to update your site as soon as possible. 

With Drupal Steward, you can update on your own time. 

In the event of a highly critical vulnerability, the Drupal security team publishes a notification(PSA) in advance to warn users. When you're protected, you *do not* have to be on red alert or pay staff overtime to be on call. You can schedule testing and implementation of the security update on a timeline that works for you.

Please note: Not every vulnerability can be protected by the Drupal Steward program, but it is ideally suited to help protect you from those that are mass exploitable. Drupal Steward can only apply to vulnerabilities that involve exploiting a request to the webserver, which may not apply to some security issues. Also, a zero-day vulnerability (one that is discovered and publicized without the security team's knowledge) is always possible.

How much does it cost, and how do I sign up?

We've worked very hard to supplement our pricing so that Drupal Steward is affordable to as many site owners as possible. Drupal Steward scales to the number of requests you receive, so check out the calculator on drupalsteward.org to estimate your pricing.

Signing up for the service is as simple as creating an account on drupalsteward.org, adding your domain names to be covered, and updating your DNS settings to route requests through the Drupal Steward service. 

Learn more      Sign up

Why isn't Drupal Steward free? How does Drupal Steward support the security team and the community?

Code is and always will be free in the Drupal project, but a service by its nature is not.

Drupal Steward requires a globally distributed infrastructure to ensure that the security layer doesn't increase latency and degrade the experience of users anywhere in the world. 

Funding from Drupal Steward directly supports the Drupal Association and our mission to help the community build Drupal. Furthermore, a portion of the funds are set aside specifically for proposals made by the Drupal Security Working Group on behalf of the Drupal Security team. 

Thank you to our Partners

We want to thank our founding partners, Acquia and Pantheon who have implemented Drupal Steward protection across their entire platforms so that any of their clients are already covered by this program. Their early support made it possible to bootstrap this community tier for all.

We also want to thank our Supporting Partners, who are able to offer Drupal Steward to their clients at the preferred pricing level through the Drupal Association community tier.

Jul 01 2021
Jul 01

Drupal StewardAfter several years of hard work, the Drupal Association and the Drupal Security team are pleased to announce that Drupal Steward is now available to all.

What is Drupal Steward?

Drupal Steward is a web application firewall that bridges the gap between the time when a security release is announced and when your site is fully updated with the new security patch. This globally distributed service from the Drupal Security Team and the Drupal Association provides immediate, affordable protection for your website while giving your IT team the flexibility to implement site updates without disrupting other priorities.

How can Drupal Steward help me?

Drupal security releases happen on Wednesdays. Both the good actors, site owners like you, and bad actors, people trying to hack your site, learn about a vulnerability at the same time. Rare highly critical vulnerabilities could potentially be exploited within four hours of the release. Because of this, your teams must stay on alert during any security release window for a highly critical vulnerability to update your site as soon as possible. 

With Drupal Steward, you can update on your own time. 

In the event of a highly critical vulnerability, the Drupal security team publishes a notification(PSA) in advance to warn users. When you're protected, you *do not* have to be on red alert or pay staff overtime to be on call. You can schedule testing and implementation of the security update on a timeline that works for you.

Please note: Not every vulnerability can be protected by the Drupal Steward program, but it is ideally suited to help protect you from those that are mass exploitable. Drupal Steward can only apply to vulnerabilities that involve exploiting a request to the webserver, which may not apply to some security issues. Also, a zero-day vulnerability (one that is discovered and publicized without the security team's knowledge) is always possible.

How much does it cost, and how do I sign up?

We've worked very hard to supplement our pricing so that Drupal Steward is affordable to as many site owners as possible. Drupal Steward scales to the number of requests you receive, so check out the calculator on drupalsteward.org to estimate your pricing.

Signing up for the service is as simple as creating an account on drupalsteward.org, adding your domain names to be covered, and updating your DNS settings to route requests through the Drupal Steward service. 

Learn more      Sign up

Why isn't Drupal Steward free? How does Drupal Steward support the security team and the community?

Code is and always will be free in the Drupal project, but a service by its nature is not.

Drupal Steward requires a globally distributed infrastructure to ensure that the security layer doesn't increase latency and degrade the experience of users anywhere in the world. 

Funding from Drupal Steward directly supports the Drupal Association and our mission to help the community build Drupal. Furthermore, a portion of the funds are set aside specifically for proposals made by the Drupal Security Working Group on behalf of the Drupal Security team. 

Thank you to our Partners

We want to thank our founding partners, Acquia and Pantheon who have implemented Drupal Steward protection across their entire platforms so that any of their clients are already covered by this program. Their early support made it possible to bootstrap this community tier for all.

We also want to thank our Supporting Partners, who are able to offer Drupal Steward to their clients at the preferred pricing level through the Drupal Association community tier.

Jun 30 2021
Jun 30

In honor of DesignHammer’s 20th Anniversary, we thought it would be neat to ask the DesignHammer team what they thought the DesignHammer logo represented. For this fun thought experiment, staff members were asked to analyze various parts of the logo including the block/box graphic, the name “DesignHammer”, and if they had any thoughts around the typography and brand colors that they’d like to share. 

Here's what the staff had to say about the DesignHammer "block":

“The DesignHammer logo has always reminded me to think outside the box. Why continue to stick to what you know when there's always so much more out there you can use to learn and grow? That's why DesignHammer has been able to stay in business for so long, they're all about growth and working outside the box.”

Madelyn Yonnetti, Graphic Designer

 

“It’s a stylized taco representing how good web development is a mix of many ingredients and tastes good.”

Taco Sketch

Jay Roberts, Lead Developer

 

“A closed box that is opening. The logo signified finding hidden answers inside the box.”

“In working with our clients, we are often asked to make a thing, “the box.” This may be a website, an app, or a more unique solution. Seldom have our clients already assembled the necessary information for anyone to correctly build the box they need. Some firms will simply look at the box on the surface and build what they can see. This risks missing the hidden depths of what the client actually needs. Using our repeatable process, we work with our clients to help open the box and learn what they really need and desire. Through this collaboration, we and our clients are successful.”

 

Stephen Pashby, Account Manager

 

“The smaller, foreground piece looks like a book or magazine that the figure behind (perhaps a person's head) is reading/studying; it kind-of suggests that DH is always learning and has their finger on the pulse of current tech and trends.”

DesignHammer logo

“As far as color goes, it hints that there are some Duke and Carolina fans/grads at DH (it's no surprise that this NCSU grad would notice the lack of red!). The tagline goes hand-in-hand with the company name in suggesting that we have the tools and skills to create great products. The logo graphic + name (entire logo) somewhat resembles a hammer (the graphic being the head of the hammer and the name being the handle), which is a neat touch.”

 

Tiffany Cissel, Developer

 

“Two things—one that we like to think outside of the box for our clients, and secondly that we realize that while the 'front page' is important and makes an impact for the client, it's the layers that live beyond that are truly important to the success of a site.”

Dave Shepley, Development Strategist

 

“From the opening of Stanley Kubrick's groundbreaking adaptation of Arthur C. Clarke's seminal 2001: A Space Odyssey, in which the alien Monolith appears before a group of australopithecus in Olduvai Gorge, through the radio burst directed at Jupiter (Saturn in the novel) by the lunar situated Tycho Magnetic Anomaly-1 (TMA-1), the near impossibly advanced "Firstborn" use advanced technology to steer human development, and literally lead us to the stars. DesignHammer's logo represents the partially excavated Tycho Magnetic Anomaly-1 buried in the lunar soil (from a reverse angle with the retaining wall in the foreground), ready to release a burst of advanced technology and creativity to propel our clients toward achieving their goals through overcoming their obstacles.”

Space Odessy

 

David Minton, Managing Partner

 

“I like the idea that one of our ‘guiding principles’ is openness in the development process, rather than taking a specification and handing back a product without any other communication. We certainly seem to invite a lot of client participation and discussion in the process. I think this helps us in a variety of ways, including delivering a final product more in line with client desires/needs, helping shape the client expectations in cases where their desires may not address their needs, giving client authority and responsibility for certain decisions, and allowing bidirectional flexibility when necessary.”

 

Michael Nicholson, Project Manager

 

“When I started at DesignHammer, my first impression of the DesignHammer box logo was that it must be related to thinking “outside of the box”, but that interpretation seems too easy for this question, particularly because boxes can represent so many things. In dreams, for example, boxes typically tend to symbolize concealment. Under this definition then the DesignHammer box may represent hidden secrets. The front of the box appearing to “open”, however, may mean we’re open to revealing our trade secrets and the hidden talents of our staff members to our clients. So, final answer, the DesignHammer "open box" logo symbolizes that we are ready to share our agency's collective knowledge with anyone who's willing to listen"

 

Hunter Deschepper, Account Manager

 

“It's cliché but I'm going with one of these: "thinking outside the box, thinking out of the box, thinking beyond the box, or thinking outside the square.”

 

Frank Yonnetti [Original Logo Designer], Partner & Lead Designer

Jun 30 2021
Jun 30

Lynette has been part of the Drupal community since Drupalcon Brussels in 2006. She comes from a technical support background, from front-line to developer liaison, giving her a strong understanding of the user experience. She took the next step by writing the majority of Drupal's Building Blocks, focused on some of the most popular Drupal modules at the time. From there, she moved on to working as a professional technical writer, spending seven years at Acquia, working with nearly every product offering. As a writer, her mantra is "Make your documentation so good your users never need to call you."

Lynette lives in San Jose, California where she is a knitter, occasionally a brewer, a newly-minted 3D printing enthusiast, and has too many other hobbies. She also homeschools her two children, and has three house cats, two porch cats, and two rabbits.

Jun 30 2021
Jun 30
[embedded content]

Don’t forget to subscribe to our YouTube channel to stay up-to-date.

Infinite scrolling is a technique used to show more content as the user scrolls down a page eliminating the need for the user to click to go to the next page. This is commonly implemented in popular social media apps.

This tutorial will demonstrate how to use the Views Infinite Scroll module to achieve this and also show options that can be used to customize the user interaction with the infinite scrolling behavior.

We will show you how to:

  • Install the module
  • Set up a simple view
  • Add the infinite scroll behavior
  • Customize the infinite scrolling behavior.

Drupal Views Series

Table of Contents

Getting Started

We can easily install Views Infinite Scroll using Composer:

composer require drupal/views_infinite_scroll

To enable you can use Drush:

drush en views_infinite_scroll -y

Step 1: Set up your View

For the purposes of this tutorial, we are assuming you already have a content type set up and have already generated enough content for it.

We are going to create a simple View that lists Articles (Title and Body fields).

Go to Structure -> Views -> Add view

Here is a screenshot of our simple View. There is nothing fancy. We are only listing published Articles and have created a Page display for it.

If you’re new to Views then check out our “Getting Started with Views” tutorial.

Step 2: Adding the Pager

In the Pager settings of your View, change the type to “Infinite Scroll” (leaving all the settings as default for now).

Also, in the Advanced section of your View, set “Use AJAX” to “yes”.

Here is how our View settings looks now:

Save your View and go to the URL of the View page to test out your Infinite Scroll. You should now see a “Load More” button in the pager section of your View page that looks like this:

And that’s it! You now have infinite scrolling for your View. However, there are more options that can be configured for your Infinite Scroll. These are all optional as we shall demonstrate them now.

Step 3 (Optional): Replace the button text

You can add tokens to your Infinite Scroll button to enhance the user’s experience.

In the pager section of your Views configuration page, open the settings of your Infinite Scroll pager as shown in the screenshot below:

Set the button text to “Load @next_page_count more (Total @total)” as shown in the screenshot below:

Now your Views Infinite Scroll Pager button text will look like this:

@next_page_count” and “@total” are called “tokens” in Drupal. The tokens are replaced with actual data automatically.

View Infinite Scroll supports the following tokens:

  • @next_page_count
  • @remaining_items_count
  • @total

Step 4 (Optional): Automatically Load Content

Currently, users would have to click on the “Load More” button to get the next set of content. The Views Infinite Scroll page has an option to automatically load content (without the need to click on the button).

Go to the settings of your Views Infinite Scroll pager and check the box “Automatically Load Content” and click on Apply.

Save your View and then test it. As you scroll to the bottom of your View, another set of content should automatically be loaded.

Warning: Enabling this setting means that the user never actually gets to the footer of your page until they have exhausted loading all of your content. For example, if you had 1000 articles, it would take a very long time to see the footer. This means that if you had important links in your Footer (like Privacy policy links etc), it’s almost unreachable.

Step 5 (Optional): Exposing Options to the User

Views Infinite Scroll allows you to expose settings to allow the user to control selected displays options. We will demonstrate by doing an example. In the Settings of your Views Infinite Scroll Pager, scroll to the “Expose Options” and check “Allow user to control the number of items displayed in this view”, then click on Apply and save your View.

This results in the following being added to the top of your View page:

This specific option will allow the user to select how many results are returned everytime they click on the “Load More” button.

Summary

Views Infinite Scroll is a neat module that allows you to add infinite scrolling behavior to your View. We have shown how you can use this module to achieve this infinite scrolling behavior and also demonstrated a few of its customizations along with one of it’s biggest pitfalls.

Jun 30 2021
Jun 30

Personal expectations exceeded

Regarding my three days working in the Tiny House office, I have to say: the actual experience exceeded even my wildest expectations. After a short settling-in period, during which I felt a bit like a fish in an aquarium, the special atmosphere of the Tiny House completely absorbed me. Even with the high temperatures (well over 30° Celsius), a pleasant breeze came inside through the large doors and I was able to work in a relaxed and concentrated manner. Of the many possibilities offered by the house, I could only use a limited amount, but what I was able to experience definitely left an impression.

I believe that Tiny Houses can definitely be an alternative to fixed offices and also the classic home office in the future. After all, they are very variable, can be used almost anywhere and can offer different professional groups a comfortable workplace. At the beautiful location in the heart of Rosenheim, directly in front of the city library, the Tiny House 35 Kubik Heimat is definitely worth a visit and for me a view of how cities should be in the future.

Certainly there will be further opportunities to use the Tiny House again as a workplace for me, but also for smaller events of undpaul. The very good conversations with the people in charge of the library made me want to do more.

Jun 29 2021
Jun 29

 Drupal AssociationUpdate 1: The deadline for letters of interest has been made open-ended.

Drupal.org is the home of the Drupal community. In its 20 year history, Drupal.org has always been the central source for downloading Drupal core and all the contributed extensions that are part of the ecosystem.

As the Drupal project has first moved to support Composer for php-based dependency management, and now looks to implement an automatic updates system - we intend to significantly strengthen the security of our central package delivery.

Successful completion of this project will include implementing the python-based The Update Framework (TUF) signing server in a reliable and scalable way on Drupal.org infrastructure. These TUF signatures will be validated by the new PHP-TUF client being built for inclusion in Drupal core. 

Scope

Project scope should include Discovery, Project Management, Development, Security Review, and Quality Assurance for the following key features:

  1. Implementation of server-side of The Update Framework (TUF): https://theupdateframework.io/overview/ - preferably based on the reference implementation in Python, but we are willing to consider another existing implementation of the specification if such exists.
  2. Confirmation that the implementation is compatible with the PHP-TUF client application
  3. Support in standing up this signing service on production infrastructure for Drupal.org, in collaboration with the Drupal Association staff. 

Technical constraints and additional requirements

The chosen solution must meet the following additional technical constraints and requirements: 

Vendor requirements

The Drupal Association will consider contracts from both individual developers and agencies.

An individual must: 

  • Be a member of the Drupal Association
  • Provide a portfolio of examples of package signing or other signature-based security implementations. 

An agency must: 

  • Active Supporting Partner of the Drupal Association that qualifies for any level of the new Drupal Certified Partner Program
  • Provide a portfolio of examples of prior package signing or other signature-based security implementations. 
  • Provide a statement or link that reflects your organization's commitment to Diversity, Equity, and Inclusion.

Other Considerations:

Please indicate if you’re willing to accept in-kind benefits if your bid comes in higher than our allocated budget. The cash portion of the budget should not exceed $30,000 USD.

The point person for this project at the Drupal Association is generally available between 4:00 PM - 11:00 PM UTC. We welcome global responses but we’d prefer meeting times to be within our standard business hours. We will make every effort to accommodate times outside of standard Pacific Time business hours.

Timeline

We would like the TUF package signing solution implemented no later than October 31st, 2021.

Individuals or Agencies who intend to participate should provide their bids and samples of portfolio work to the Drupal Association via email ([email protected]) no later than Friday, July 29th at 5pm U.S. Pacific. Respondents will be notified of the decision no later than August 20th.

Jun 29 2021
Jun 29

 Drupal AssociationUpdate 1: The deadline for letters of interest has been made open-ended.

Drupal.org is the home of the Drupal community. In its 20 year history, Drupal.org has always been the central source for downloading Drupal core and all the contributed extensions that are part of the ecosystem.

As the Drupal project has first moved to support Composer for php-based dependency management, and now looks to implement an automatic updates system - we intend to significantly strengthen the security of our central package delivery.

Successful completion of this project will include implementing the python-based The Update Framework (TUF) signing server in a reliable and scalable way on Drupal.org infrastructure. These TUF signatures will be validated by the new PHP-TUF client being built for inclusion in Drupal core. 

Scope

Project scope should include Discovery, Project Management, Development, Security Review, and Quality Assurance for the following key features:

  1. Implementation of server-side of The Update Framework (TUF): https://theupdateframework.io/overview/ - preferably based on the reference implementation in Python, but we are willing to consider another existing implementation of the specification if such exists.
  2. Confirmation that the implementation is compatible with the PHP-TUF client application
  3. Support in standing up this signing service on production infrastructure for Drupal.org, in collaboration with the Drupal Association staff. 

Technical constraints and additional requirements

The chosen solution must meet the following additional technical constraints and requirements: 

Vendor requirements

The Drupal Association will consider contracts from both individual developers and agencies.

An individual must: 

  • Be a member of the Drupal Association
  • Provide a portfolio of examples of package signing or other signature-based security implementations. 

An agency must: 

  • Active Supporting Partner of the Drupal Association that qualifies for any level of the new Drupal Certified Partner Program
  • Provide a portfolio of examples of prior package signing or other signature-based security implementations. 
  • Provide a statement or link that reflects your organization's commitment to Diversity, Equity, and Inclusion.

Other Considerations:

Please indicate if you’re willing to accept in-kind benefits if your bid comes in higher than our allocated budget. The cash portion of the budget should not exceed $30,000 USD.

The point person for this project at the Drupal Association is generally available between 4:00 PM - 11:00 PM UTC. We welcome global responses but we’d prefer meeting times to be within our standard business hours. We will make every effort to accommodate times outside of standard Pacific Time business hours.

Timeline

We would like the TUF package signing solution implemented no later than October 31st, 2021.

Individuals or Agencies who intend to participate should provide their bids and samples of portfolio work to the Drupal Association via email ([email protected]) no later than Friday, July 29th at 5pm U.S. Pacific. Respondents will be notified of the decision no later than August 20th.

Pages

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web