Drupal

Acquia Engage 2017 keynote

Dries Buytaert - 31 October 2017 - 8:29am

This October, Acquia welcomed over 650 people to the fourth annual Acquia Engage conference. In my opening keynote, I talked about the evolution of Acquia's product strategy and the move from building websites to creating customer journeys. You can watch a recording of my keynote (30 minutes) or download a copy of my slides (54 MB).

I shared that a number of new technology trends have emerged, such as conversational interfaces, beacons, augmented reality, artificial intelligence and more. These trends give organizations the opportunity to re-imagine their customer experience. Existing customer experiences can be leapfrogged by taking advantage of more channels and more data (e.g. be more intelligent, be more personalized, and be more contextualized).

I gave an example of this in a blog post last week, which showed how augmented reality can improve the shopping experience and help customers make better choices. It's just one example of how these new technologies advance existing customer experiences and move our industry from website management to customer journey management.

This is actually good news for Drupal as organizations will have to create and manage even more content. This content will need to be optimized for different channels and audience segments. However, it puts more emphasis on content modeling, content workflows, media management and web service integrations.

I believe that the transition from web content management to data-driven customer journeys is full of opportunity, and it has become clear that customers and partners are excited to take advantage of these new technology trends. This year's Acquia Engage showed how our own transformation will empower organizations to take advantage of new technology and transform how they do business.

Categories: Drupal

Dries Buytaert: Acquia Engage 2017 keynote

Planet Drupal - 31 October 2017 - 8:29am

This October, Acquia welcomed over 650 people to the fourth annual Acquia Engage conference. In my opening keynote, I talked about the evolution of Acquia's product strategy and the move from building websites to creating customer journeys. You can watch a recording of my keynote (30 minutes) or download a copy of my slides (54 MB).

I shared that a number of new technology trends have emerged, such as conversational interfaces, beacons, augmented reality, artificial intelligence and more. These trends give organizations the opportunity to re-imagine their customer experience. Existing customer experiences can be leapfrogged by taking advantage of more channels and more data (e.g. be more intelligent, be more personalized, and be more contextualized).

I gave an example of this in a blog post last week, which showed how augmented reality can improve the shopping experience and help customers make better choices. It's just one example of how these new technologies advance existing customer experiences and move our industry from website management to customer journey management.

This is actually good news for Drupal as organizations will have to create and manage even more content. This content will need to be optimized for different channels and audience segments. However, it puts more emphasis on content modeling, content workflows, media management and web service integrations.

I believe that the transition from web content management to data-driven customer journeys is full of opportunity, and it has become clear that customers and partners are excited to take advantage of these new technology trends. This year's Acquia Engage showed how our own transformation will empower organizations to take advantage of new technology and transform how they do business.

Categories: Drupal

Annertech: #DrupalCampDublin 2017 - a retrospective

Planet Drupal - 31 October 2017 - 6:29am
#DrupalCampDublin 2017 - a retrospective

Over the past number of years, Drupal Camp Dublin was becoming more of a showcase/case study event where different speakers display work they had been doing on various websites. This year, we (the Drupal Ireland Association, of which I was chairperson) decided to "go back to our roots" and do two things: create a developer conference for developers, and engage more people from outside of Ireland.

Categories: Drupal

Next Previous Active Trial

New Drupal Modules - 31 October 2017 - 5:09am

This project covers navigation for all menu levels

Categories: Drupal

Valuebound: Configure Apache Solr with Drupal for better content search

Planet Drupal - 31 October 2017 - 4:20am

There have been times when clients are not very satisfied with the default Drupal search as quite a few times it is unable to meet their requirement especially when you need specific search control beyond core e.g. facets and related content. In order to resolve this issue and make search fast for end customers, we can use Apache Solr - an open source enterprise search platform - and configure it with our Drupal site.

In one of our previous blog post, we have discussed “How To Create Custom SOLR Search With Autocomplete In Drupal 7”. Note, before creating custom Solr search,…

Categories: Drupal

Multidomain Facebook Pixel

New Drupal Modules - 31 October 2017 - 2:31am
Categories: Drupal

Amazee Labs: Amazee Agile Agency Survey Results - Part 1

Planet Drupal - 31 October 2017 - 2:00am
Amazee Agile Agency Survey Results - Part 1

A few weeks ago I published a call for feedback on a project I've begun to assess agile practices in our industry (Take the Amazee Agile Agency Survey 2017). I would like to share a preliminary overview of the results I have received for the Amazee Agile Agency survey so far. Twenty-five individuals have completed the survey to date, so I have decided to extend the deadline a few more days, to November 5th, in order to gather more responses. Thanks to everyone who has participated so far! 

Josef Dabernig Tue, 10/31/2017 - 10:00 Initial Observations Popular Methodologies

Given the initial survey results, Scrum (or a Scrum hybrid or variant) is the most widespread development process used by agencies. Many teams consider it their top priority in order to deliver a successful project. Following Scrum as methods most use by agencies are Kanban or Waterfall.

ScrumBan (a hybrid of Scrum and Kanban) has not been widely adopted.  

In addition to those processes presented, Holocracy, Extreme Programming or DSDM have also been mentioned.

At Amazee, we began using Scrum to deliver projects a little over two years ago and have made great progress on it since then. In the last year, we also started a maintenance team which uses Kanban. Just recently, we began evaluating ScrumBan as a way of integrating our maintenance team with one of our project teams.

Project Teams 

Agencies ranging in sizes from 1-5 people to over 100 people have responded to the survey. Of those surveyed, the most common team size for project work are, in order from most common to least common:

  • three people or fewer
  • five people
  • four people
  • six people  

In terms of co-located or working remotely, team location varied wildly, but skewed towards 'mostly co-located' with some degree of remote. More than 50% of agencies form a new team with the launch of a new project, followed by stable teams which deliver multiple projects at the same time. Following multiple-project delivery are stable teams which deliver one project at a time.

At Amazee, we started out spinning up a new team with each new project, but soon realized that the constant starting and stopping of mid-sized projects was too disruptive. These days, we use stable teams to deliver multiple projects.

Sprints

Most teams surveyed deliver in two-week sprints. The remaining 33% of respondants deliver anywhere from single-day sprints to month-long sprints.

Team Integration

Frontend and backend developers are usually specialized but mostly work together on one team.

DevOps, QA/Testing, as well as the Scrum Master role, are shown in all variations of integrated or totally separate teams.

UX & Design are split, with this role either in a separate team (or external resource) or as part of a stable team. 

At Amazee, we try to hire T-shaped experts that can work across most disciplines on a team. For example, a Frontend developer may also have experience with backend tasks, which can help alleviate work silos and ticket bottlenecks. 

Staying Connected

Most agency teams rely on written communication to stay connected. This can take the form of tickets or via a chat tool such as Slack.

The majority of teams hold team meetings and 1-on-1 meetings, while fewer teams communicate mainly via blogs, wikis or even pull requests.

The majority of standups last fifteen minutes while some are only 5-10 minutes.

At Amazee, our hubs differ. Our Zurich office holds a company-wide standup that takes about ten minutes, followed by a team-specific standup that takes another ten minutes. Our Austin office holds a company-wide standup, which includes a client, which lasts about fifteen minutes. 

Splitting up the Work 

Many agencies vary in their approach to defininig, writing, reviewing, and estimating tasks and tickets. For most agencies, the project team is involved in each step of the ticket creation process. In others, creating tickets falls to the client, project manager, or product owner. In most cases, a technical lead is involved in the high-level ticket creation and the team is brought in for estimations. 

The most common approach to estimating ticket is time based (hours, days, weeks) followed by story points (t-shirt sizes, fibonacci sequence) 

Client Communication 

When it comes to meetings between the team and the client, the top mentioned options where 'less frequently' followed by 'more or once per week' and 'every two weeks'.

At Amazee, depending on the project size, our teams meet weekly or bi-weekly with the client. Clients are encouraged to talk directly with the team via Slack. We'd like to offer a daily standup with some clients, but haven't figured out how to do this easily as usually a team works on multiple projects at the same time. 

Delivery Practices

Most teams surveyed deliver rolling deployments, pushing code whenever necessary.

Peer reviews / code reviews have been named equally “somewhat in use” as well considered “very important”.

While the majority of agencies considers user testing very important, for automated testing the majority still tends only towards “somewhat in use”.

While a number of agencies have pair programming somewhat in use, Mob programming is mostly unknown.

The majority of teams consider automated deployments / continuous integration very important.

When it comes to story mapping, most agencies are unfamiliar. Those which do implement this tool, however, consider it very important.

At Amazee, peer review for every ticket is a normal part of our development flow. Our developers implement pair programming whenever necessary. This is an excellent practice for sharing knowledge and increasing the team's technical confidence. We are actively exploring story mapping. 

Take our Survey

This initial post is just a taste of the information I have collected, there is a lot more to be shared. Besides the numerical data, I am especially excited about the free-form responses which give valuable insights into the tangible, real-world decisions that are being taken in agencies to define daily agency life.

Before sharing a deeper analysis and the full, anonymous, survey results, I wanted to share this preliminary data to give an idea of what’s coming in. I hope this information is helpful in determining industry alignment or to find inspiration for what to try next.

Our Agile Agency survey will remain open until Sunday, November 5th at midnight UTC -7. After the survey closes, I will tabulate the results and prepare Part 2 of this series where I look forward to sharing my findings.  

Categories: Drupal

PayPal Promotions and Insights

New Drupal Modules - 31 October 2017 - 12:48am

Helps increase sales through the power of PayPal shopping data with targeted promotions

Categories: Drupal

ADCI Solutions: Cloud hosting platforms. Part one: Pantheon

Planet Drupal - 30 October 2017 - 11:52pm

The story of your life: you are searching for a hosting because you need to share code between teammates and show an intermediate result to a client. You don’t need too much: an SSH access, Git, and Drush. You also would like to have a simple and convenient administration panel and have isolated environments and technical domains.

 

We know what hostings do have all these features. Let's talk about Pantheon that allows you to start a new Drupal 7 or Drupal 8 project in a few clicks.

 

Observe Pantheon

 

Categories: Drupal

Mediacurrent: 7 Ways to Evaluate the Security and Stability of Drupal Contrib Modules

Planet Drupal - 30 October 2017 - 12:59pm

Keeping up with Drupal security updates is key to protecting your site, but assessing contrib module security before implementation is just as important. In a new guest post on the Pantheon blog, Mediacurrent Senior Drupal Developers David Younker and Joshua Boltz share a practical guide for sizing up the security of contrib modules.

Try this 7-Step Security Inspection 

To ensure a safe and solid foundation for your Drupal site, consider this 7-point assessment:

1. Has the module maintainer opted in to the security coverage?

Categories: Drupal

Aten Design Group: The Importance of an Accessible Website - Part 3: Make Your Drupal 8 Site More Accessible

Planet Drupal - 30 October 2017 - 10:09am

Accessibility should be part of the criteria for picking a CMS. Fortunately, many CMSs out there are getting that right. Building on the information from Part 1 and Part 2 of this series, I’m going to focus on leveraging Drupal 8’s accessibility features to enhance any user’s experience.

Drupal 8 Core

Drupal 8 makes it much easier to add accessibility features than previous versions. Some of the most significant improvements for accessibility within Drupal 8 core are:

  • Core code uses semantic HTML5 elements and the addition of aria landmarks, live regions, roles, and properties to improve the experience of screen readers.
  • Creating aural alerts for users who use audio features to navigate and understand a website are easy to implement using Drupal.announce().
  • Users have more control navigating through content with a keyboard using the new Tabbing Manager.
  • Hidden, invisible or on-focus options for all labels have been included so screen readers can give more context to content – without impacting design decisions for traditional screens.
  • Fieldsets have been added for radios and checkboxes in the Form API.
  • Alt text is now required for all image fields by default.
  • The default Bartik Theme is now underlining links so that it is much easier for people to identify links on the page.
  • D8 now includes an optional module to include form errors inline to easily associate errors with inputs when filling in a web form.
Theming

Out of the box, Drupal core is a great starting point for creating an accessible website. Usability issues tend to arise when designers and developers begin the theming process. In order to achieve a desired design or function, they inadvertently remove or alter a lot of Drupal’s accessible defaults. With knowledge gained from the previous posts and the following tips, you will be on your way to theming a more accessible site for everyone!

Links

Make sure pseudo :focus and :active styles are always included for users navigating by keyboard. This helps the user visually understand where they currently are on a page. This can be the default browser styling or something more brand specific.

You may include “read more” links on teasers, but make sure there is a visually hidden field to include what the user will be “reading more" about for aural users.

Display None vs Visually Hidden

Drupal 8 core now has this option for labels when creating content types and forms, but it also includes simple class names to hide content properly. A great example of this usage is fixing a “read more” link to something more descriptive for screen readers.

<a href="{{url}}">{{'Read more'|t}} <span class="visually-hidden"> {{'about'|t}} {{label}}</span></a> Anchor and Skip Links

Providing a way to skip links and navigation on a page can improve the usability of a keyboard or aural user on your site. This is a great addition to your site and easy to implement. As mentioned in the previous post, screen readers have the ability to skip and search your site by sections, headings, links, etc. Adding another way to skip various types of content gives the user an easier way of flowing through and skipping heavy or repetitive information on a page. Just remember that this should be visibly hidden and not display: none;!

Forms

Always include a button for users to submit their form information. Exposed forms within Drupal have the option for an “auto submit” setting, which automatically submits the form once an element is interacted with or changed. Having one action which invokes two outcomes can cause major confusion for users navigating with assistive technologies.

For Example: A user chooses an item within a select dropdown, and the form submits this change which modifies the content on the page. All of this happens just by selecting an item within a dropdown. Ideally, the user should be able to choose the item in the dropdown, and then press submit to search. Each item should only have one action.

Be careful that you are not reducing the accessibility of forms when using hook_form_alter and other techniques to modify forms. Following the basic form guidelines while implementing forms through this technique will ensure that your forms work well for everyone.

Final Thoughts

We have seen great improvements in Drupal’s core code over the past few years to accommodate everyone. Drupal 8 has a lot of accessibility features built in and as developers we need to take advantage of those features or at the very least, not remove them.

Categories: Drupal

Mediacurrent: Top 4 Takeaways from Acquia Engage

Planet Drupal - 30 October 2017 - 9:47am

This October, Mediacurrent was excited to participate in our 4th Acquia Engage conference in Boston. As returning sponsors we enjoyed connecting with friends, partners, customers and potential customers, all set to a backdrop of Boston Harbor. The sessions were interesting and the receptions boasted delicious local fare (hello lobster rolls!), but the real highlight was to listen in on the strategy behind Acquia’s latest product announcements.

If you were unable to attend, never fear because we have you covered with the biggest topics from this year’s event.

Categories: Drupal

Drop Guard: International PHP & JavaScript Conference - these guys sec you up!

Planet Drupal - 30 October 2017 - 6:30am
International PHP & JavaScript Conference - these guys sec you up!

Our CEO Manuel spoke at the IPC 2017 in Munich about DevSecOps automation. We took a look around and picked the two other security related sessions which struck our eyes.

 

Dip Your Toes in the Sea of Security - by James Titcumb

Drupal Planet Events Security Business
Categories: Drupal

Jacob Rockowitz: Organizing and Presenting Webform Training Materials

Planet Drupal - 30 October 2017 - 2:49am

Now that the post-DrupalCon Vienna events are in full swing and next year's pre-DrupalCon Nashville events are in the works, I’ve started organizing and creating next year’s Webform related presentations. I find presenting at DrupalCamps challenging and rewarding. The challenge is getting up in front of a large group of developers and talking about my work, but the reward is I get to meet people who use my work to build awesome forms.

Attending Drupal Camps & Events

In the past, I’ve managed to attend a bunch of events including DrupalCamp NJ, NYCCamp, DrupalCon Baltimore, Design4Drupal, and Drupal GovCon. My last camp of the year is going to be DrupalCamp Atlanta on November 2-4, 2017. I decided to go to DrupalCamp Atlanta because they are offering me the opportunity to do my first training session called Learn how to build awesome webforms and a keynote panel discussion. Yes, I am uncomfortable with public speaking, however I’ve committed myself to doing it for longer and in front of more people; this conference is pushing me to up my game. The hope is that it will prove to be a good thing for me, and hopefully will, in turn, be a good thing for others too.

Overcoming Challenges

One technique I’ve learned to overcome my weaknesses is to leverage my...Read More

Categories: Drupal

Roy Scholten: UX notes week 44

Planet Drupal - 30 October 2017 - 2:21am
30 Oct 2017 UX notes week 44

A selection of Drupal design topics and issues that are moving or should be :)

Small big win: status report pattern reuse in the migrate UI

A nice success from last week was closing a critical issue for Migrate UI. Particularly pleased that we were able to apply a new “summary” user interface element we recently introduced on the status report page.

Big one: redesign the administrative UI

There was a big interest in this over several meetings and workshops at Drupalcon Vienna and after. Seven theme hasn’t evolved much over the last years and it shows.

The right issues are not yet in place for this but I see and hear multiple people thinking about this. There’s multiple parts to this, of course:

  1. A visual update. What would the next version of this style guide look like?
  2. Improve the information architecture. Lots of solid thinking around this already.
  3. Introduce new interaction patterns. We still mostly rely on tables, select lists and other basic form elements. Experiments with JavaScript frameworks should help here but we should design these starting from user needs.
  4. Modernize the underlying theme architecture.
  5. Update and extend the user interface standards documentation.
Drupal core could use another usability test

The core feature set has grown considerably over the last couple of 8.x releases. On the one hand it would be smart if we found a way to do more smaller tests more often. On the other hand, since it’s been more than 2 years since the last big usability test we could do with one of those as well. Lets figure out what we can do. Check in here if you’re interested in helping with this.

Something to look forward to: Layout builder

The layouts-in-core team has been steadily working towards this. Looks like we are in great shape and on track to really honestly add a visual layout builder to core. There’s a patch going through the last stages of review and refine in https://www.drupal.org/node/2905922. One cool smart detail is that this will also introduce a dynamic way to dynamically generate icons for different types of layouts. Very nice indeed.

Permissions UI

Core and contrib modules often come with their own (set of) permissions. It’s how you can configure which roles get access to do what. This permissions UI is currently an ever growing sea of checkboxes. This does not scale, for user nor machine. The current model of a grid lists all available permissions in rows and all roles in columns needs a thorough rethink. Lets figure out a plan for how to do that.

Also,

& some more pointers to where you can go to find out what’s going on.

Enjoy your week!

Tags drupalplanet
Categories: Drupal

Agiledrop.com Blog: AGILEDROP: We are not here to replace your team

Planet Drupal - 30 October 2017 - 1:26am
The history and future There is this digital agency which has specialized itself in Drupal a couple of years ago. Let’s call it Gr8 Solutions. And the business is very good, they signed some fancy contracts with some of the biggest companies in the country over the years and thus built themselves a reputation for being professional and creative. And in the process of acquiring new clients and new projects they were steadily growing. This also resulted in hiring a few new developers, a designer, and a salesperson. Fast forward to very near future, nothing memorable happened in the meantime.… READ MORE
Categories: Drupal

qed42.com: Securing Cookie for 3rd Party Identity Management in Drupal

Planet Drupal - 30 October 2017 - 1:15am
Securing Cookie for 3rd Party Identity Management in Drupal Body

We are in an era where we see a lots of third party integrations being done in projects. In Drupal based projects, cookie management is done via Drupal itself to maintain session, whether it be a pure Drupal project or decoupled Drupal project,.

But what when we have a scenario where user’s information is being managed by a third party service and no user information is being saved on Drupal? And when the authentication is done via some other third party services? How can we manage cookie in this case to run our site session and also keep it secure?

One is way is to set and maintain cookie on our own. In this case, our user’s will be anonymous to Drupal. So, we keep session running based on cookies! The user information will be stored in cookie itself, which then can be validated when a request is made to Drupal.

We have a php function to set cookie called setCookie() , which we can use to create and destroy cookie. So, the flow will be that a user login request which is made to website is verified via a third party service and then we call setCookie function which sets the cookie containing user information. But, securing the cookie is must, so how do we do that?

For this, let’s refer to Bakery module to see how it does it. It contains functions for encrypting cookie, setting it and validating it.

To achieve this in Drupal 8, we will write a helper class let’s say “UserCookie.php” and place it in ‘{modulename}/src/Helper/’. Our cookie helper class will contain static methods for setting cookie and validating cookie. Static methods so that we will be able to call them from anywhere.

We will have to encrypt cookie before setting it so we will use openssl_encrypt() php function in following manner:

/** * Encrypts given cookie data. * * @param string $cookieData * Serialized Cookie data for encryption. * * @return string * Encrypted cookie. */ private static function encryptCookie($cookieData) { // Create a key using a string data. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Create an initialization vector to be used for encryption. $iv = openssl_random_pseudo_bytes(16); // Encrypt cookie data along with initialization vector so that initialization // vector can be used for decryption of this cookie. $encryptedCookie = openssl_encrypt($iv . $cookieData, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); // Add a signature to cookie. $signature = hash_hmac('sha256', $encryptedCookie, $key); // Encode signature and cookie. return base64_encode($signature . $encryptedCookie); }
  1. String parameter in openssl_digest can be replaced with any string you feel like that can be used as key. You can keep simple keyword too.
  2. Key used should be same while decryption of data.
  3. Same initialization vector will be needed while decrypting the data, so to retrieve it back we append this along with cookie data string.
  4. We also add a signature which is generate used the same key used above. We will verify this key while validating cookie.
  5. Finally, we encode both signature and encrypted cookie data together.

For setting cookie:
 

/** * Set cookie using user data. * * @param string $name * Name of cookie to store. * @param mixed $data * Data to store in cookie. */ public static function setCookie($name, $data) { $data = (is_array($data)) ? json_encode($data) : $data; $data = self::encrypt($data); setcookie($name, $cookieData,Settings::get('SOME_DEFAULT_COOKIE_EXPIRE_TIME'), '/'); }

Note: You can keep 'SOME_COOKIE_KEY' and 'SOME_DEFAULT_COOKIE_EXPIRE_TIME' in your settings.php. Settings::get() will fetch that for you.
Tip: You can also append and save expiration time of cookie in encrypted data itself so that you can also verify that at time of decryption. This will stop anyone from extending the session by setting cookie timing manually.

Congrats! We have successfully encrypted the user data and set it into a cookie.

Now let’s see how we can decrypt and validate the same cookie.

To decrypt cookie:

/** * Decrypts the given cookie data. * * @param string $cookieData * Encrypted cookie data. * * @return bool|mixed * False if retrieved signature doesn't matches * or data. */ public static function decryptCookie($cookieData) { // Create a key using a string data used while encryption. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Reverse base64 encryption of $cookieData. $cookieData = base64_decode($cookieData); // Extract signature from cookie data. $signature = substr($cookieData, 0, 64); // Extract data without signature. $encryptedData = substr($cookieData, 64); // Signature should match for verification of data. if ($signature !== hash_hmac('sha256', $encryptedData, $key)) { return FALSE; } // Extract initialization vector from data appended while encryption. $iv = substr($string, 64, 16); // Extract main encrypted string data which contains profile details. $encrypted = substr($string, 80); // Decrypt the data using key and // initialization vector extracted above. return openssl_decrypt($encrypted, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); }
  1. We generate the same key using same string parameter given while encryption.
  2. Then we reverse base64 encoding as we need extract signature to verify it.
  3. We generate same signature again as we have used the same key which was used to creating signature while encryption. If doesn’t signatures doesn’t matches, validation fails!
  4. Else, we extract initialization vector from the encrypted data and use to decrypt the data return to be utilized.
/** * Validates cookie. * * @param string $cookie * Name of cookie. * * @return boolean * True or False based on cookie validation. */ public static function validateCookie($cookie) { if (self::decryptCookie($cookieData)) { return TRUE; } return FALSE; }

We can verify cookie on requests made to website to maintain our session. You can implement function for expiring cookie for simulating user logout. We can also use decrypted user data out of cookie for serving user related pages.

navneet.singh Mon, 10/30/2017 - 13:45
Categories: Drupal

Pages

Subscribe to As If Productions aggregator - Drupal