Skip to Content

Drupal

Annertech: Welcome to 2015, the European Year for Development

Planet Drupal - 30 January 2015 - 4:48am
Welcome to 2015, the European Year for Development

Last Thursday - Jan 22nd - President Michael D. Higgins launched the European Year for Development at Dublin Castle, saying that "2015 is a seminal year for the future of human development".

Categories: Drupal

Jonathan Brown: Using Bitcoin dust transactions to prevent website spam

Planet Drupal - 30 January 2015 - 3:49am

Previously: Ensuring security of funds and preserving anonymity when using Bitcoin for e-commerce

I quite often use Mollom to prevent spam submissions on contact and comment forms. It works pretty well, but some spam still gets through.

An alternative anti-spam technique is to require a Bitcoin dust transaction before an unprivileged user can POST a form. The value of such a transaction would only be about $0.001 USD. For a non-spammer this cost is fine, but for a spammer this is enough to make it totally uneconomical as they need to send out millions of posts.

I created a Spam Filter sub-module in my Coin Tools project for Drupal. It can be used to require a Bitcoin payment on any form on a Drupal website.

Coin Tools already has a Bitcoin payments system. When viewing a form, a new payment is created for the minimum amount possible. In the latest Bitcoin reference implementation the smallest output is 546 satoshis. However, many wallets still use the old value of 5460 so that is what is used.

The form's submit button is hidden with CSS (it still needs to be in the DOM for the form to function correctly) and a clickable QR code for the payment is put in its place. Coin Tools payments are BIP 70 compatible so a payment can either be satisfied by a direct POST from the wallet to the Drupal website, or the wallet can broadcast the transaction through the Bitcoin network (slightly slower).

Once Coin Tools has determined that the payment has been completed it will POST the form via JavaScript. If there are any validation errors the form will reload in the normal Drupal way. In this case, the submit button is no longer replaced by a QR code as it is recorded in the form state that the payment has been made.

When the form is submitted it is also verified on the server that the payment has been completed.

Here is a video of it in action.

Of course, this technique requires that the user has a small amount of bitcoin. For a website not targeting the Bitcoin community it would not only prevent spammers it would actually prevent everyone from posting. As Bitcoin usage increases this technique will be able to become more commonplace.

Browser integration

It has been proposed before that web browsers should have Bitcoin SPV wallets built-in, e.g. for paywalls. If a payment is required an "HTTP 402 Payment Required" response would be generated. In that situation it would make sense for the browser to prompt the user before a payment is made. For the spam filter this could just happen automatically. The transaction could actually just be included as part of the POST to submit the form.

Burning Coins

Because the transactions are for such a small amount it may not be economic to spend the received funds as large miner fees would be required. It might be simpler to just generate a random Bitcoin address for each payment. This means that you don't have to have a wallet on the server and could just use Chain to check if the payment has completed.

Double-spends

If a double-spend on a comment submission was detected after it had been accepted, the post could be deleted. For email submissions, they could be delayed a few seconds to be sure there is not a contradictory transaction floating around.

Even without implementing these protections, double-spending wouldn't make sense for a spammer.

Could a spammer double spend and avoid paying the dust amount? No - double spending is extremely expensive so it would be even worse value for money than just paying the dust amount.

Could a spammer simultaneously broadcast many transactions that spend the same outputs to many different forms and websites? In theory this might be possible and some of the forms would accept the POST before realising the transaction is a double spend. Spamming multiple forms on the same website simultaneously would be impossible because the website would be connected to just one Bitcoin node. If this did become an issue the fee required to POST could just be increased to make it uneconomic.

Greater amount?

Of course, it may be desirable to actually charge a larger fee for the purpose of generating revenue. The admin interface could be extended to allow a configurable amount.

Categories: Drupal

Lullabot: Drush and Composer

Planet Drupal - 30 January 2015 - 3:29am

In this week's episode Addison Berry hosts Greg Anderson, one of the Drush maintainers, and Juampy Novillo Requena to discuss Drush. We start off by explaining why Drush exists and some cool things about it. One of the big hangups people have with Drush is installation, so we talk a bit about that, and how it is easier now with Composer.

Categories: Drupal

Code Enigma: My first year as a Sysadmin

Planet Drupal - 30 January 2015 - 3:24am
My first year as a Sysadmin Language English My first year as a Sysadmin

This blog post is a short story of how I started working for a Drupal company, some of the things I've achieved during my first year in the industry and my impressions of working with a Drupal agency as a sysadmin.

30th January 2015By emlyn Introduction

Before I pelt you with details of my first year as a sysadmin, I think I should give you a little information about myself. I’m Emlyn, 23 years young and based in the UK...the West Midlands to be a little more precise.

I graduated from Coventry University with a 2:1 in Games Technology with the hope of becoming a games programmer. However, after graduating, I noticed my portfolio fell far short of other students on my course, and, I’ll be honest, that bummed me out.

That was when I was approached by my cousin, Jamie, who works as a Systems Manager for Code Enigma, with the prospect of training to become a Junior Sysadmin. I gave it some thought; I had always been interested in Linux systems and wanted to know more about them. In fact, one of my modules at University was Operating Systems Security and I thoroughly enjoyed the assignment we were given where we had to create a shell script that provided the ability to display working processes, navigate a directory, list online users, amongst a few other things. So, I accepted the offer of a three month internship, which started in October 2013, which then turned into a permanent position in January 2014, and I really haven’t looked back since!

Training

As with every new job in a new field, training is required. For me, this was two weeks in Cardiff with Jamie, trying to learn as much as possible before working from home by myself. It was daunting, I’ll be honest. I knew there was so much to learn in a very short space of time. Perhaps I put too much pressure on myself; no one expected me to become an expert in just two weeks!

On the very first day of my internship, I was given the task of ‘building’ a new server which would serve as an internal server. So, my first lesson was in Puppet and how to use it to provision a new server semi-manually. This blew my mind! A few simple-ish (well, now I think they’re simple-ish) steps and Git pushes later and a new, usable server was up and running. Let me go back on myself, my first lesson was in Puppet and Git. One interlinked the other, and vice versa.

In a sense, I was thrown in at the deep end, given tickets to work on myself. Jamie pointed me in the right direction and gave me hints and tips that aided me in my work. In all honesty, his method of training me was brilliant, perfect. I’d try the work assigned to me first, and ask for help when I needed it.

Over the course of the two weeks, Jamie never showed any impatience or annoyance at what I was doing, even if I did something completely wrong or didn’t understand what had to be done. He taught me an important part of being a sysadmin: patience, especially patience towards clients. I had to understand that the client may not know as much as me, even though I’d only been in the industry for two weeks myself!

Over the course of my three month internship, and in fact the following nine months, my training never really stopped. I was learning new things every single day, all the while fine-tuning my newly acquired skills. Another important lesson I learnt during my first year as a system administrator was that I will never know everything there is to know in being a sysadmin, there will always be something new to learn.

Working from home

Being given the chance to pursue a totally new career and develop new skills was fantastic and an opportunity I couldn’t turn down, but what put the icing on the cake was that I’d be working from the comfort of my own home. However, I realised that I was going to have to be very disciplined, even more so than I normally would. It dawned on me that my fellow colleagues would be trusting me to work efficiently and I did not want to let them down by being slack just because I was working from home.

Working from home has its advantages, as you can imagine. No suit and tie and no long commute to work every morning. So there’s not a mad rush in the morning and I don’t have a busy office environment around me to distract me from my work. However, I am alone (as are my colleagues), which means not being able to walk up to them should I have a question or concern and not being able to go for a drink or food after work. But, these disadvantages, I feel, are out weighed by the advantages of working from home.

Running a distributed company can be quite challenging. My boss, Greg, is currently working on a series of blog posts in which he goes into detail about being Spread About. It's well worth a read.

What was I expecting?

I’ll be honest, I didn’t know what the job was going to be like! All I knew was that I was going to be learning a lot in a short space of time. From the email conversation I had with Jamie before starting, I had a feeling it was going to be all hands on deck. A lot of the time, I’ve been kept busy all day dealing with several different clients, all wanting different things done. Other days, it’s been a little less busy and I’ve been able to spend a bit more time on each task.

Surprises! Of all kinds of variety

I’d be lying if I said I hadn’t been surprised by anything. I think what surprised me the most in my first year, and what still baffles my mind today, is the sheer number of tools and software available to a system administrator. For example, we use Percona as our database of choice, but we could use MongoDB, or MariaDB. Then there are multiple database caching systems to choose from, numerous HTTP accelerators, web servers and continuous integration tools! My point is there isn’t a short supply of tools available; in hindsight, I’m not sure why that surprised me, but it did.

Top five things I’ve learnt

A year ago, I knew very little to nothing about being a system administrator. I could be very lazy and just list the top five things I’ve learnt in my job, but I’ll try and be a bit more descriptive. In no particular order of importance:

  1. Patience is actually a virtue! I’ve learnt that when dealing with a task, be it for a client or a personal task, to be patient with it. Getting frustrated and angry (perhaps covertly when dealing with a client) will only make matters worse and lengthen the time it takes to solve the problem. Clients who are not as technically knowledgeable appreciate patience; as I described above, Jamie was incredibly patient with me during my training, which helped me to understand the problem at hand more easily.

  2. Security is important. Very important. I deal with client data on a daily basis, so being proactive in keeping my workstation and computer secure at all times is important. I’ve learnt to be vigilant when transferring data to a client or a colleague; rather than send them a sensitive document over plain text email, I’ll upload it to a server the recipient has access to so they can grab it from there themselves. I’d GPG encrypt an email to them, but ever since the people who make the GPGTools plugin for the OSX mail app have started charging for the service (shakes fist), I’ve opted to use other means. We at Code Enigma like FOSS! Over the last year, Code Enigma have become ISO 27001:2013 certified, which meant I had to learn and understand how to handle data and documents properly.

  3. Workflow is also important. I learnt about the simple, yet very effective, workflow used by Code Enigma in the first couple of weeks of joining the company. It’s as straightforward as this: master -> stage -> production. Push changes to the master branch first, then merge them through to stage after some initial testing. Once the client is happy and has signed off the changes, push them through to production for deployment to the live site. Simples! However, before I joined CE, I didn’t know or think like this. When I ran an online game with my brother (not in Drupal), I’d make changes to the code locally, with no local setup running, and FTP (ew) the updated files directly to the server, which affected the live site. Horrendous. Now, when I start work on a personal project, I have an exact workflow I want to follow.

  4. Drupal...well, a small amount. A very small amount. Primarily, I’m a sysadmin, so I do a lot regarding setting up Drupal sites and debugging server issues relating to Drupal. I did a small amount of Drupal development at the start of my employment, so learnt a little bit about it which has fared me in good stead when it comes to dealing with simpler Drupal issues.

  5. Linux. Well, obviously not all of it, but I have learnt a lot in my first year. Obviously there are some things I’ve learnt that I need to improve on, but that’s a given with most operating systems, especially Linux. I knew a little bit about Linux before joining CE, but only rudimentary stuff from using Ubuntu as my main OS for a little while. During my first year, I picked up some really useful tips and tricks, learnt of different command line tools and how to use them, such as Drush and learnt how to read system and access/error logs. That’s just to name a few Linuxy things I’ve learnt.
What I hope to do/learn in the next year

There’s so much out there to learn that appeals to me, I could probably write a separate blog post just about that! But what I really want to learn, that I think will benefit me as an individual and my role in Code Enigma, will both be time consuming and difficult: MySQL multi-master replication and DRBD, to assist our Australian sysadmin with server cluster issues, and Drupal 8. I’ve a head start (ish) on Drupal 8 in that I know a bit about PHP, but I’ve been made aware the PHP I know and have programmed in is archaic and old-fashioned. It’s time to delve into Object-oriented programming!

It would be great (for me at least) to get a text-based, role-playing game up and running in Drupal, be it 7 or 8. But seeing as I want to develop my D8 skills, it makes sense to develop the game using the latter of the two. As I previously mentioned, I used to run an online text-based game with my brother, which used a very poorly written engine now that I look back on it. I’ve not seen many, if any, games of the sort created using Drupal. Even if no one plays the game, it’ll still be an achievement in my eyes as I’ll have improved my Drupal knowledge.

MySQL multi-master replication will be an important concept to understand and know how to use because we have a handful of clients that have a high availability layout setup with us, which include two application servers and two database servers, at least. If there’s a blip in the network, replication between the servers can be affected, which requires manual intervention to put right. If this happens, our Australian sysadmin is woken up through the use of his batsignal, but if I could solve any replication issues and save him being woken up in the early hours of the morning, then it’s a win-win for both of us; I’ll have bolstered my knowledge and Mig won’t be woken up abruptly.

What are my impressions after my first year?

My impressions after my first year as a system administrator for a Drupal agency are very high; the other sysadmins in our team are incredibly knowledgeable and can adapt to every situation and issue thrown at them. This has given me inspiration to develop my skills and knowledge to reach their level and some day leave the same kind of impressions on a future junior sysadmin.

My impressions for working for a Drupal agency are just as high. My colleagues are all very clued up in their area of expertise, from Drupal magic to content strategy to finance management. Everyone does their part for the company, be it providing bespoke tools for a website (such as the ones used for this very site) or by providing top level training to new, or old, Drupal agencies. It's an honour to be part of such a fantastic team!

Main image by Wendy Seltzer, released under the Creative Commons Attribution 2.0 Generic license.

 

Very Slick Site MapsBlog New Toy: Asus EEE PC 901Blog Still doubting the reliability of Open Source solutions?Blog A Step Closer: Views In ParisBlog
Categories: Drupal

Palantir: Explaining Panels: Why I use Panels

Planet Drupal - 29 January 2015 - 2:00pm

In my last blog post I explained what the Panels Suite is and does. I explained how Panels itself is a User Interface on top of hook_theme() and theme(). That technical explanation of Panels underlines what I think is its main conceptual virtue:

Panels encourages a mental model of pulling data into a specific design component

At Palantir we're working with Design Components that are created in static prototypes. Design Components are the reusable pieces of front-end code that compose a design system. Design Components should not know about Drupal's internal implementation details. We're not alone in this thinking. (Inside the Drupal community, and outside of it).

The task of "theming a node" is now "print this node so that it renders as this design component." Unfortunately Drupal core does not have <code>hook_design_component()</code>. It has <code>hook_theme()</code>. Some of the entries in <code>hook_theme()</code> from core are essentially design components.

Entries like <code>‘item_list'</code> and <code>'table'</code> are design components. They are conceptually based around their HTML rendering. They make sense independent of Drupal. To use them as a Drupal Developer you need to get your data organized before you call <code>theme()</code> (directly or otherwise).

On the other hand, much of the Drupal core usage of <code>hook_theme()</code> is not at all design component minded. <code>'node'</code>, <code>'user'</code>, <code>'comment'</code> all have entries in <code>hook_theme()<code>. In these elements you don't have to organize your data before calling <code>theme()</code>. You can give <code>theme()</code> a node object and after that <code>template_preprocesss_node()</code> has to do a ton of work before hitting the template.

It's no coincidence that the design component-ish <code>hook_theme()</code> entries have minimal preprocessing or no preprocessing whatsoever. The design component-ish entries like </code>‘item_list'<code> know what the HTML will look like but have no idea what your data is other than you were able to get it into a list. The non-design component entries like node know exactly what the Drupal-meaning of the data is but know very little about the markup they will produce on most production sites.

Panels unites the two mindsets. It knows what the incoming data is (A node context, a user context, etc) and it knows what design component it will print as (the layout plugins.) If you put a debug statement inside of </code>panels_theme()</code> you will see the names of layouts and style plugins. These </code>hook_theme()</code> entries are more of the design components-ish <code>hook_theme()</code> entries. They know what their markup will be. And the part of Panels most people pay attention to, the drag-and-drop interface, is where you control how the data of a node is going to prepare itself for the design component.

And here is where the admin UI of Panels might set up a confusing mental model.

How it looks in the Panels admin UI

But at execution time it is

Or the way I think of it

Drupal Data → transforming Drupal data into printable variables → design components for those variables to print in

The next time I get into a discussion about Panels at a meetup, DrupalCamp, or DrupalCon, think I'll first ask, "Does Panels let you think about building websites the way you want to think about building websites?" I like to think about passing variables into encapsulated configuration associated with a specific design component. I prefer that mental model to the "show and hide based on globals" mental model of Core's Blocks or the "just call theme() on a node and figure out the overrides later" mental model encouraged by node--[content-type].tpl.php. As the Drupal community asks itself again how it wants to do rendering, let's also ask "how do we want to think about rendering?"

The rise of design component thinking in the wider Wweb development world is not turning back. Web Components and modern front end MVC frameworks encapsulate design components. They do not care about every single implementation detail and layer of a node object. They care about getting variables ready for printing and updating. Panels module may fall out of the picture once Web Components fully mature. Until then, Panels allows for us to think in ways we will need to think for Web Components to work with Drupal.

Categories: Drupal

Retrofit

New Drupal Modules - 29 January 2015 - 12:23pm

I'm working with the creator of https://github.com/tebru/retrofit-php to see if we can integrate it with Drupal 8.

Categories: Drupal

Field lock multi values

New Drupal Modules - 29 January 2015 - 11:58am

This module:
- allow disable edit previous field values
- allow disable field values reorder

Categories: Drupal

Drupal Watchdog: Touring Drupal

Planet Drupal - 29 January 2015 - 10:51am
Article

Drupal 8 has been all about pushing the boundaries, so why should help content be any different?

With the release of Drupal 8, we will also ship with tools to complement hook_help() entries: if you, the developer, are providing a documentation page for your module, why not also provide an interactive step by step guide on how your module works as well?

The idea of Tour isn’t a new one; it has been maturing over the past two years. It all began after the release of Drupal 7 when we decided to move the help passage from the front page to the help page. This meant that users new to Drupal would not see this text, and would have to struggle through with no guidance.

In light of that issue, the below was suggested;

How about creating a “Welcome” message that pops up in an overlay with that same information that continues to appear until either the user checks a box on the overlay saying to dismiss it or the user creates a piece of content on the site?
- Vegantriathlete, August 10, 2011

With tour.module committed to Drupal 8 core, we now have context-sensitive guided tours for Drupal’s complex interfaces, and developers have a new way to communicate with the user. It doesn’t stop at core either: contrib modules can ship with tours to describe how users can take full advantage of their modules. Distributions can also ship with tours on how to get started. Imagine a tour in the Commerce distribution that took the user through setting up products: That would be amazing! It would enable users to discover the pages they are looking for and take the guesswork out of finding pages.

Categories: Drupal

OpenLucius: Why the Bootstrap HTML framework in Drupal & OpenLucius

Planet Drupal - 29 January 2015 - 9:58am

The Bootstrap HTML framework in Drupal, we love it. That's why we build the front-end of Drupal distribution OpenLucius with it. So we love it, but why is that?

There are alternatives to integrate in Drupal websites. Below we will give you a few reasons why we currently prefer the Bootstrap framework.

Why a HTML framework

First of all, why should you use a HTML framework? These possibilities also exist:

Categories: Drupal

Pushbullet API

New Drupal Modules - 29 January 2015 - 9:31am

Simple YouTube demo | Official Website

Pushbullet API provides tools to work with the same service Pushbullet.

This module provide full realisation of Pushbullet HTTP API and integrated with Rules module.

With this module you can send pushes (notifications) to:

Categories: Drupal

InternetDevels: Drupal tourists in Ternopil

Planet Drupal - 29 January 2015 - 3:31am

Nothing keeps Drupal tourists from spreading the word! We are passionate for Drupal and IT, so enjoy meeting like-minded people very much! Despite the cold winter weather, Ternopil welcomed us with warmth and friendliness. How was it? Our blog post will tell.

We were getting ourselves ready for the ride for almost a month. Our brandy Drupal van wanted to make nice impression too, that’s why the journey hit off from the car wash :)

Read more
Categories: Drupal

TouchSlide

New Drupal Modules - 28 January 2015 - 11:11pm

superslide's brother.

Demo Site

Categories: Drupal
Syndicate content


Google+
about seo