It ain't what people don't know that get's em in the most trouble, it's the things they know that ain't so.
The first time I spoke at a tech conference was about five years ago at the University of Southern California (USC), in Los Angeles. It was at an annual conference called Code Camp whose audience is mostly Microsoft developers. I didn’t know what to expect in that kind of setting. I selected a topic I was fairly comfortable with, Designing with CSS3. Not only was the topic well received but it quickly became the most popular session in the conference with over 140 attendees interested in it. Now I was really freaking out.
- Create your image field. (In most cases, you’ve probably already got this.)
- Download and install the HiRes Images module This module allows you to create an image style at 2x the desired pixel dimensions. If your desired maximum image width is 720 css pixels, your output image would be saved at 1440px.
- Download and install the Image Style Quality module This nifty module allows you to define specific image qualities on a per image style basis instead of using Drupal’s global image quality setting.
- Add a new image style (or alter an existing)
- Add your normal image style presets, like scale, crop etc. If you’re scaling, set your scale to be 2x your desired maximum output in pixels. So if you want an output of 720, set your scale to 1440px.
- Add the “Hi-Res (x2)”" effect. This will output you’re image element at half the scale amount above. So we get a max of 720px.
- Add the “Quality” effect and set it to something like 60%. This may take some experimenting to find a balance between image quality and file size. In my example, I went with 60% compression. This yielded an image that was still really sharp and a reasonable file size.
- Set your display mode to use this new (or altered) image style.
- Enjoy your beautiful, high resolution, performant image fields!
Hard to believe this works right? You’d think your retina version would look really crappy with that much compression, but it doesn’t. In fact, in some cases it will look just as sharp and be smaller than a 1x counterpart. See my screenshots below for proof:Side-by-side comparison:
So we end up with a high resolution version of our uploaded image that is actually smaller than the original version at 720px! Looks great on retina devices and doesn’t badly penalize users of standard definition displays. WIN!
For a detailed explanation of this technique in broader terms, see Retina Revolution by Daan Jobsis
I recently ran into an issue where drush vset was not setting a string variable (in this case, a time period that would be used in strtotime()) correctly:# Didn't work:
$ drush vset custom_past_time '-1 day'
Unknown options: --0, --w, --e, --k. See `drush help variable-set` [error]
for available options. To suppress this error, add the option
Using the --strict=0 option resulted in the variable being set to a value of "1".
After scratching my head a bit, trying different ways of escaping the string value, using single and double quotes, etc., I finally realized I could just use variable_set() with drush's php-eval command (shortcut ev):
- Human-readable payment destinations instead of Bitcoin addresses
- Resistance from man-in-the-middle attacks
- Payment received messages sent back to the wallet
- Refund addresses
I have implemented most of BIP 70 in the Coin Tools Drupal project. It contains a new Bitcoin payment entity class that contains all the specified fields in its base table. Bundles can be created to add additional fields to payments.
Payments can currently be created through an admin interface, although this would typically happen in an automated process on a real website.
When viewing an unfulfilled payment in the admin interface the QR code for the payment will be present. It decodes to a backward-compatible payment protocol URI.
Currently the module is unable to detect Bitcoin payments not sent using the payment protocol, i.e. the payment is sent to the address but the website is not notified. This will be quite easy to implement though.
For payments made using the new protocol, Coin Tools is able to complete the transaction and has been tested with both the original QT client and Andreas Schildbach's Android Wallet. Interestingly Andreas's wallet does not display the status message returned by the merchant.
The specification does not seem to have any method for the merchant to inform the app that the payment was not satisfactory, other than setting the human readable status message (the wallet would not know there was a problem), or returning an HTTP error code (resulting in unpleasant error message for customer).
Coin Tools will check the transactions provided by the wallet are sending enough bitcoins to the payment address. It then broadcasts the transactions via bitcoind. Currently Coin Tools is relying on bitcoind rejecting transactions that have not been signed correctly. This assumption needs to be verified.
The X.509 certificate part of the payment protocol specification has not yet been implemented in Coin Tools. This is a critical component.
The implementation of the payment protocol in Coin Tools only permits a single Bitcoin address per payment. The specification does support having more than one and in theory this could be used to increase payment anonymity by each address only being spent into by a single output in a single transaction. In practise this is not so effective as all the transactions would be broadcast simultaneously.
Coin Tools will also store a single refund address provided by the wallet making the payment. The wallet actually provides payment scripts, but Coin Tools will determine if the script is a standard payment and extract the address. Multiple refund addresses are also supported by the standard, but Coin Tools will only store one.
According to the specification the wallet can allow the customer to provide a note to the vendor. Coin Tools will store this note, however I do not know of any wallets that support this feature.
The HTTP responses for PaymentRequest and Payment need to be implemented as Symfony response handlers. Currently they are implemented in a simplistic manner setting their own HTTP headers and and calling exit().
It is currently only possible to make payments from the admin interface. A template needs to be provided so the payments can be made from elsewhere on a website, e.g. integration with Drupal Commerce.
For a standard ecommerce website that wants to accept bitcoins it may make more sense to use a provider such as BitPay or Coinbase. Accepting payments natively on a website means that a hacker could steal funds. One solution to this problem would be to use Hierarchical Deterministic Wallets so that private keys are only stored on backend systems.
For a project that is doing something more interesting than just accepting Bitcoin as a payment method and is already running bitcoind, it may be advantageous to have a native implementation on BIP 70 on the website rather than relying on a third-party provider.
No tests have yet been written for Coin Tools. It is essential that Payment and PaymentRequest routes are fully tested including the edge cases defined in the specification.
A few limitations of Drupal 8 have been encountered during the creation of this functionality. In Drupal 8 it is now possible to have fields in entity base tables. This is really great, but unfortunately when these fields are present in a view it is not possible to use their formatters. I discussed this with Daniel Wehner at Amsterdam and he didn't seem very optimistic about this being able to be fixed so some sort of workaround will need to be found as this functionality is critical to the module.
Date field is now in D8 core, but unfortunately it stores the date as a varchar in the database. This means that it is not possible to sort or filter on date - a major limitation. If core is not changed to use database-native date storage Coin Tools will have to use another date field.
About 18 months ago I wrote about how you could sell access to Organic Groups with Drupal Commerce with a configuration of fields and Rules.
With Commerce License and Commerce License OG selling access to Organic Groups you have a setup that is as easy to setup than the 'old' field+Rules way (if not easier) and you'll have great new functionality for revoking membership access.Step by Step instructions
You can find the step-by-step instruction on how to sell your Organic groups with Drupal Commerce based on Commerce Licenses at https://www.drupal.org/node/2366023. Just follow the 8 easy steps and you'll have it setup in no-time.How does it work?
Basically you'll be selling licenses to your Organic Group (content). These licenses can expire, or be forever. You can configure them the way you see fit. The license determines if a user has access to the Organic Group or not.
Commerce License is a framework for selling access to local or remote resources.
Read more about Commerce Licenses at https://www.drupal.org/node/2039687 under Basic Concepts -> License.Show me
If you follow the 8 steps in the instruction at https://www.drupal.org/node/2366023 you'll see that you can easily configure the products like this:
and users on the site will be given licenses like this
From Dev to Stable
commerce_license_og module is currently in dev state. It works fine for the most common usecase: users buying access to your site. However make sure it works the way you want it before you decide go 'all in' implementing this on a production site.
Currently there seems to be an issue with granting anonymous users access to Organic Groups (https://www.drupal.org/node/2366155).
Please add your input to https://www.drupal.org/project/issues/commerce_license_og to help developing this module to a stable release.Category: Drupal Planet Drupal Commerce Drupal Organic Groups
One of the most anticipated features in Drupal 8 is the integration of RESTful Web Services in Drupal core. Drupal devs are looking forward to being able to do things with core which they couldn't before, such as:
- Offering their site’s data up in an API for others to use and contribute to;
- Building better user interactions by adding and updating content in place instead of a full page submission;
- Developing iPhone and Android apps that can serve and manage content hosted in a Drupal site.
But what are RESTful Web Services? In this article, I will walk you through the different conceptions of what is RESTful and explain how the new modules in Drupal core address these different concepts.A Quick History of REST
Many developers have become aware of REST due to the rising popularity of APIs. These APIs enable developers to build on top of services such as Twitter and Netflix, and many of these APIs call themselves RESTful. Yet these APIs often work in extremely different ways. This is because there are many definitions of what it means to be RESTful, some more orthodox and others more popular.
The term REST was coined by Roy Fielding, one of the people working on one of the earliest Web standards, HTTP. He coined the term as a description of the general architecture of the Web and systems like it. Since the time he laid out the constraints of a RESTful system in his thesis, some parts have caught hold in developer communities, while others have only found small – but vocal – communities of advocates.
For a good explanation of the different levels of RESTful-ness, see Martin Fowler’s explanation of the Richardson Maturity Model.What is RESTful?
So what are the requirements for RESTfulness?
This has been an interesting couple of weeks for Drupal, and that platform as a whole has received a lot of press. With the release of Drupal 7.32, a major (I use this term lightly) security vulnerability was corrected. Drupal then announced this week that, despite there being no significant evidence of a large number of sites attacked, any site that wasn't patched within a 7 hours of the patch release should consider itself compromised. Hosts were reporting automated attacks beginning only hours after the patch announcement. The vulnerability was unprecedented for the Drupal community, but really it shows why Drupal is great, and isn't a black mark on Drupal in our eyes.
First lets look at the announcement by the Drupal Security Team this week, where they say that sites were beginning to be attacked within hours of the patch announcement. The biggest thing to take from this announcement is the words Drupal Security Team. Yep, Drupal has one. I did a search this morning using the following criteria "<popular CMS> security team", and I found the results quite interesting. When I added Drupal as the "popular CMS" I got a page full of Drupal Security team information, policies and procedures. For every other CMS I tried, I got nothing about a team of security people, but a lot of information stating that they are secure and if you find a problem here is how to report it. Drupal focuses on security, and the Security Team at Drupal is a prime example of how important this really is to the Drupal community.
The second thing to take away from this is that the patch really notified the world that there was a vulnerability, and there is no way to stop this from happening. We didn't have any mass attacks on Drupal sites prior to this release, and the damage here after the release seems to be primarily related to those who chose not to apply the updates as they were instructed to. This really emphasizes the importance of applying available updates. Sites where the update was applied quickly likely did not experience any negative effects of the vulnerability, and if they did it was very limited. Updates to Drupal are certainly optional, but they are necessary to avoid headaches down the road, and this is proof of exactly why.
So don't be discouraged by all of the bad looking press related to this. I still stand by the idea that Drupal is the most secure platform available, but it is only as secure as you allow it to be. If you aren't applying the updates as they are available, you are likely putting your self at risk to have your site compromised. The big difference I see between Drupal and the other CMS options is that Drupal works diligently to fix module and core vulnerabilities as a habit. Many others aren't as diligent.For more tips like these, follow us on social media or subscribe for free to our RSS feed and newsletter. You can also contact us directly or request a consultation.
Originally posted at: http://diehardgamefan.com/2014/10/30/tabletop-review-night-of-the-spirits-castles-crusades/
Night of the Spirits is a Halloween inspired adventure for Castles and Crusades, one of my favorite OSR style games. Of course, this Halloween is not your usual dressing up in costumes and getting treats or even a survival horror adventure heavily influenced by some Hollywood hack and slash flick. No, this adventure is based on the Celtic version of the holiday Samonios (or Samhain for the Celts amongst you). It lasted three nights and was a time when the worlds of mortals and monsters drew nigh and one could easily cross between them. This particular adventure will pit a team of PCs (Back cover says 4-8 between levels 4-6 but the inside cover says for 3-5 characters between Levels 4-6. There’s a typo somewhere!) against a Dark Druid who seeks to control the Wild Hunt into destroying his enemies. If successful, the Dark Druid will take control of the druidic order in the isles and turn it into something horrible. The players have the three nights of Samonios to uncover the conspiracy and save the village of Henlwyn.
Night of the Spirits can be ran as a direct sequel of To Kill a King which won our “Best Adventure” award in the 2014 Tabletop Gaming Awards. It can also be played as a one shot or shoved into Castles and Crusades campaigns. It’s that versatile. That said, it does have heavy Celtic roots and leanings, so you might want to be familiar with Celtic mythology or own/have read the Codex Celtarum sourcebook for Castles and Crusades. Night of the Spirits is also a VERY linear adventure, but it was purposely designed that way. After all, the adventure takes the characters through three nights of escalating horror and combat. There’s no way this piece could be made in an open world or sandbox style of adventure. Your characters can still totally investigate false leads and go in totally opposite directions as the adventure intends. That will always be true of any adventure. However since each night of the adventure is so fully planned out, the PCs and their players will have very little chance or opportunity to go off rails.
The first night of the adventure is pretty simple. It’s mostly setup, exploring a forest and there is only a single planned encounter with some bandits. The second night escalates things to include random encounters, exploring other villages, searching for missing people, a costume party of sorts, more bandits and some actual monsters. The final night is where things get big as hopefully you will have put together enough clues to figure out who is behind things and initiate the boss battle. Of course it is quite possible for the Dark Druid to succeed if the players aren’t clever enough to solve the mystery and if that occurs, your campaign will be radically altered. It’s a great piece that balances hack and slash combat with really testing the mental mettle of both the players and their characters. Most OSR adventures do revolve around dungeon crawling or straight combat, and that’s probably why I love Castles and Crusades so much – they never fail to create some highly original outside the box adventures for high fantasy.
Night of the Spirits is a pretty straightforward linear adventure that can be played in only one or two sessions. It has a fun thematic story, and it’s the perfect time of year to play or run this adventure. Best of all, it’s currently only ninety-nine cents, which means any gamer, even one that has never played Castles and Crusades should strongly consider picking this up. It’s highly compatible with any other OSR system, including Dungeons and Dragons itself. This means even if you own something like Swords and Wizardry you can convert Night of the Spirits to your preferred high fantasy game with little to no effort. Heck, you could even make this work with something like Dungeon World or Pathfinder. With Night of the Spirits costing less than a dollar, I can’t think of a reason why you wouldn’t pick this up unless you just hate tabletop RPG…and if that is the case, why are you reading this review? This is a great way to get an adventure for extremely cheap AND see why I’m such a big proponent of Castles and Crusades in the first place. It’s a well-balanced piece that exudes a fine Halloween atmosphere without being overly cheesy or hamfisting the theme into an adventure. No, Samhain is pivotal to the adventure and Night of the Spirits makes for an excellent adventure to play or run on Halloween. It’s not especially horrifying or Ravenloft-esque, but it is a fun fantasy affair that showcases what makes Castles and Crusades such a great system.
Responsive google map module allows to replace the interactive google map with the image on any devices.
Sometimes you scroll the page with the map and try to look what's under it but all you can scroll is the map. We found a solution of this usability problem on mobile devices. Our module allows you to replace the iframe with a static image map. User can always switch to the interactive map and back. The map will be opened in the popup, in a new window or in the same map area depending on what option you choose.
Users sometimes forget their usernames. Username Reminder provides a form for requesting a username reminder, which is linked from the user login block and the user page. A user who has forgotten their username can enter their e-mail address into the form, and if it matches an active account, the account username is e-mailed to the e-mail address.
Bluespark Labs: Follow the readiness of the top 100 modules for Drupal 8 with our automatically updated tool
With the first Drupal 8 beta having been released at Drupalcon Amsterdam, we thought this would be a good time to a look at the top 100 projects on drupal.org to see just how far along the line the process of preparing for Drupal 8 is. However, given that there's a lot of progress to be made and I don't feel like manually updating a long list of modules, I decided to make a small tool to get the status of these modules and keep the data up to date.
This turned out to be a fun little project, and slightly more involved than I anticipated at first. (Isn't it always the case!) However, at its heart it's a bone-simple Drupal project - one content type for the Drupal projects (and their metadata) we're interested in, and a few views to show them as a table and calculate simple statistics. The work of updating the metadata from drupal.org is handled in 85 lines of code, using hook_cron to add each project to a Queue to be processed. The queue callback borrows code from the update module and simply gets release data, parses it, and updates the metadata on the project nodes. In the end, the most work was doing the research to determine which projects are already in core, and adding notes about where to find D8 upgrade issues and so on.
So, how did it all turn out? Using the current top 100 projects based on the usage statistics on drupal.org, our tool tells us that as of today, out of the 100 most popular projects:
Thanks for reading, and be sure to keep an eye on the status page to see how the most used contrib modules are coming along!Tags: Drupal PlanetDrupal 8