Planet Drupal

Subscribe to Planet Drupal feed
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 10 hours 16 min ago

Acquia Developer Center Blog: 10 Reasons Why You Should Start Your New Project in Drupal 8 (instead of Drupal 7)

31 July 2018 - 11:02am

Sorry Drupal 7, it’s not you, but it’s time to move on... (to Drupal 8).

As developers, we sometimes forget that we live in a tech bubble. In our highly technical world we assume things that not everyone sees.

For example, there are still reasons that clients frequently cite to justify staying in an old version of Drupal, in this case Drupal 7, instead of starting a new project straight away in Drupal 8. This is true even when we are talking about starting a brand new project (as opposed to just migrating).

Tags: acquia drupal planet
Categories: Drupal

Drupal blog: Building digital backpacks for Syrian refugees

31 July 2018 - 8:41am

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

I recently heard a heart-warming story from the University of California, Davis. Last month, UC Davis used Drupal to launch Article 26 Backpack, a platform that helps Syrian Refugees document and share their educational credentials.

Over the course of the Syrian civil war, more than 12 million civilians have been displaced. Hundreds of thousands of these refugees are students, who now have to overcome the obstacle of re-entering the workforce or pursuing educational degrees away from home.

Article 26 Backpack addresses this challenge by offering refugees a secure way to share their educational credentials with admissions offices, scholarship agencies, and potentials employers. The program also includes face-to-face counseling to provide participants with academic advisory and career development.

The UC Davis team launched their Drupal 8 application for Article 26 Backpack in four months. On the site, students can securely store their educational data, such as diplomas, transcripts and resumes. The next phase of the project will be to leverage Drupal’s multilingual capabilities to offer the site in Arabic as well.

This is a great example of how organizations are using Drupal to prioritize impact. It’s always inspiring to hear stories of how Drupal is changing lives for the better. Thank you to the UC Davis team for sharing their story, and continue the good work!

Categories: Drupal

Web Wash: Create Dropdown Menus using Superfish in Drupal 8

31 July 2018 - 6:30am

The Superfish module allows you to create multi-level dropdown menus in Drupal 8. The module uses the JavaScript Superfish library to create and display a Superfish menu block for each menu available on your site.

With a few configuration options, you can control how it’ll behavior on mobile, turn multi-column menus, change the styling and more.

The module does come with a few styling options but you’ll have to style it yourself to match your theme. When you configure Superfish the first time the dropdown functionality will, however, it may not look good.

In this tutorial, you’ll learn how to install the module and how to configure it.

Categories: Drupal

OpenSense Labs: Going All Guns Blazing: Enforce Strong Password Policies with Drupal

31 July 2018 - 4:58am
Going All Guns Blazing: Enforce Strong Password Policies with Drupal Shankar Tue, 07/31/2018 - 17:28

Ali Baba and the Forty Thieves, invented in the 18th century by the French Orientalist Antoine Galland, portrays the literary history of the password. The invocation, “Open, Sesame!” which was used in this classic tale to open the magically sealed cave enjoys a broad currency as a catchphrase today.


With the rapidly evolving digital space, password security is even more crucial and needs the right kind of strategic perspective with strong policies. Drupal, being one of the most secure platforms among the leading content management systems, can help in enforcing password policies with its enormous security-oriented abilities. 

Password Policy: A Close Look

Password security was brought into the computing world through the invention of the Compatible Time-Sharing System and Unics (Unix) system.  This was developed at the Massachusetts Institute of Technology and Bell Laboratories in the 1960s. The concept of the password was developed so that the users could only have the access to specific files in their allotted time of computer usage.

Source: Digital Guardian

A password policy is a particular collection of rules that enables proper storage and utilisation of passwords, helps in the creation of dependable and secure passwords and enhances computer security. Commonly, it is part of the official regulations of an organisation and might be employed as a component of security awareness training.

On what basis can you formulate password policy? One of the best collection of guidelines for password policy comes from the National Institute of Standards and Technology (NIST) which is a part of the U.S. Department of Commerce. They have framed a set of Digital Identity Guidelines that provide a great basis on which password policy can be crafted.

The guidelines provided by NIST stresses on user-friendliness. It states that excessively onerous password policies often impacts negatively. For instance, if the users are forced to change their passwords every week, many of them would wind up choosing bad passwords.

Security has always been a compromise between allaying risk and convenience.

A research from Microsoft on password strategies suggests that simple passwords, which can be easily memorised, should be used for low-risk sites. Intricate passwords should be reserved for the sites where the security risks warrant huge repercussions. This suggestion is debatable but it illustrates the trade-off.

For instance, if your site involves users sharing fields of their pet dogs, you can have a lenient approach towards your password policy. Complex passwords may be used for sites where users access sensitive financial or healthcare-related data.    

Can Drupal modules and configurations be used for implementing strong password policies?

Drupal’s rich security features for enforcing strong password policies

By default, Drupal offers guidance on how to make your password stronger. But it does not enforce any password policy out-of-the-box. In order to do that, it comes with a huge library of modules that can help in the enforcement of firm password policies.

Setting restrictions on password

Password Policy, a Drupal module, allows you to lay a set of requirements on passwords that are created by the users. These requirements comprise of length, digits, case, punctuation etc. For instance, you can set what sort of characters and in what amount could be used in a password. It also comes with a password expiration feature.

Setting composition rules

The Password Policy lets you set up intricate composition rules for the passwords. But another Drupal module, Password Strength, offers a user-friendly alternative to prescriptive composition rules. It offers real-time password strength measurement and server-side enforcement.

NIST guidelines suggest that spaces are permitted in passwords which can contribute towards more user-friendly policies when it comes to passphrases. Drupal allows spaces in passwords out-of-the-box.

In case, you do not need any special locks, you can disable the password strength check using a Drupal module called Password Strength Disabler and allow users to feel at ease while creating passcodes.

Avoiding hints and reminders

In case, your website requires hints and reminders, you can add an additional lock to the doors by incorporating security questions while logging in and resetting passwords. Security Questions, a Drupal module, helps you in achieving this numerous configurable options.

However, NIST guidelines suggest that it is better to avoid hints and reminders. Security questions which are fairly easy to guess can be used to compromise user accounts.

But Drupal offers another very useful module called Username Enumeration Prevention which can make it difficult for website hackers to find the usernames and attempt any brute-force attacks.

Leveraging authentication procedure

In case, you need more than one lock, the Two-factor Authentication module can come in handy. It provides an extra layer of security to the authentication procedure. This can be one-time passwords (OTP), codes sent through SMS, or pre-generated codes. It also allows integration with third-party services like Authy, Duo etc.

An authentication and authorisation infrastructure system, Shibboleth is capable of granting individual users with safe, anywhere, anytime access to resources which are available online. Shibboleth authentication, Drupal module, offers user authentication with Shibboleth.

This confrontation in the so-called shibboleth incident in the 12th chapter of the biblical Book of Judges delineates the earlier forms of password security:

“ ‘Say now Shibboleth’; and he said ‘Sibboleth’; for he could not frame to pronounce it right; then they laid hold on him, and slew him at the fords of the Jordan.” Implementing rate-limiting

Drupal does rate-limiting out-of-the-box. But there is no particular UI which exposes configuration that can be tweaked. Flood control, a Drupal module, allows you to limit the number of login attempts by using a convenient admin interface.

To take rate-limiting a step further, Login security module can be beneficial. It helps in limiting the number of invalid login attempts before blocking accounts or denying access by IP address temporarily or even permanently.

To facilitate the login attempts limitation by blocking out the sources of malicious requests, Fail2ban Firewall Integration module offers an automated firewall tool.

Enhancing login features

If your website is available via both HTTP and HTTPS, Secure Login module can ensure that your user login forms or other pages are transmitted via HTTPS. This keeps the passwords hidden from the prying eyes of hackers.

It is always appreciated when the user is given the convenience of using an all-in-one login. OneAll Social Login module allows users to sign in on your website using their social network accounts like Facebook, LinkedIn Twitter, Instagram etc.

In case, an user types an email address incorrectly in a sign-up form, he will not get any confirmation emails which can be troublesome. Email Verify module verifies whether the email address typed by the user exists or not.

Doing away with passwords altogether

What if you do not want to enter a password at all? The Passwordless module gives a possibility of logging in without using a password at all. So if a user has to log in, only the email address would be required. A login link will be sent to that email address which will be valid for 24 hours.

Outlining best practices of password policy

While Drupal is very efficacious in enforcing strong password policies, it is imperative to understand the best practices that can be adopted for incorporating intelligent password policy.

Source: Dashlane
  • Adopting the 8 + 4 rule can be beneficial. You can use 8 characters with 1 upper-case and 1 lower-case, a special character like an asterisk and a number. Make it as random as possible. Also, make sure the numbers and symbols are spread out through the password to foil hackers.
  • Avoid using personal information like your birth date or last name etc.
  • Use different passwords for different accounts. This can be helpful if there are numerous computers in the same department.
  • Adopting passphrases in combination with symbols and numbers can be useful. For example, The Sun Will Rise Again Tomorrow. Also, keep the characters less in the passwords that are easier to remember.
  • You may consider not changing the passwords frequently and it is safer not to write them down anywhere.
  • Do not share the password over electronic media.
  • Add other barriers like two-factor authentication and multi-factor authentication.
  • Set a number that will lock the user out after few unsuccessful attempts.
Conclusion

Password security has evolved over the years in the digital arena. It is significant to have a strong set of rules while deploying password policies. They should not only assist users in avoiding bad passwords but aid in employing high entropy secure passwords. Drupal provides a superb platform to enforce strong password policies with its amazing set of modules.
 
Not only we aid in Drupal development, we also provide continuous support and maintenance services, Contact us at hello@opensenselabs.com to for the enforcement of strong password policies in your business environment.

blog banner blog image drupal security password password security password policy cyber security website security Drupal 8 Drupal module authentication two-factor authentication multi-factor authentication Security Modules Blog Type Articles Is it a good read ? On
Categories: Drupal

Agiledrop.com Blog: AGILEDROP: Rachel Lawson on the road with Drupal

31 July 2018 - 2:57am
Agiledrop is highlighting active Drupal community members through a series of interviews. Learn who are the people behind Drupal projects.  This week we talked with Rachel Lawson. Learn how did she first came across Drupal, what change she just saw that she was working on and on what contributors she is most proud of.   1. Please tell us a little about yourself. How do you participate in the Drupal community and what do you do professionally? Well, I did spend a few years as a Drupal site-builder and maybe-developer and got involved in core contribution and mentoring, but recently I took… READ MORE
Categories: Drupal

S. M. Bjørklund: PHP method chaining - Fluent interface

31 July 2018 - 2:36am

If you have used ever used Drupal or any other frameworks like Symfony, Laravel and so on have you probably come across code that look something like:

Categories: Drupal

Gizra.com: WebdriverIO Tests with Multiple Browsers

30 July 2018 - 10:00pm

Everything was working great… and then all the tests broke.

This is the story of how adding a single feature into an app can break all of your tests. And the lessons can be learned from it.

The Feature that Introduced the Chaos

We are working on a Drupal site that makes uses of a multisite approach. In this case, it means that different domains are pointed at the same web server and the site reacts differently depending on which domain you are referencing.

We have a lot of features covered by automatic tests in Webdriver IO – an end to end framework to tests things using a real browser. Everything was working great, but then we added a new feature: a content moderation system defined by the workflow module recently introduced in Drupal 8.

The Problem

When you add the Workflow Module to a site – depending on the configuration you choose – each node is no longer published by default until a moderator decides to publish it.

So as you can imagine, all of the tests that were expecting to see a node published after clicking the save button stopped working.

A Hacky Fix

To fix the failing test using Webdriver you could:

  1. Login as a user A.
  2. Fill in all the fields on your form.
  3. Submit the node form.
  4. Logout as user A.
  5. Login as user B.
  6. Visit the node page.
  7. Publish the node.
  8. Logout as user B.
  9. Login back as user A.
  10. And make the final assertions.

Here’s a simpler way to fix the failing test:

You maintain your current test that fills the node form and save it. Then, before you try to check if the result is published, you open another browser, login with a user that can publish the node, and then with the previous browser continue the rest of the test.

Multiremote Approach

To achieve this, Webdriver IO has a special mode called multiremote:

WebdriverIO allows you to run multiple Selenium sessions in a single test. This becomes handy when you need to test application features where multiple users are required (e.g. chat or WebRTC applications). Instead of creating a couple of remote instances where you need to execute common commands like init or url on each of those instances, you can simply create a multiremote instance and control all browser at the same time.

The first thing you need to do is change the configuration of your wdio.conf.js to use multiple browsers.

export.config = { // ... capabilities: { myChromeBrowser: { desiredCapabilities: { browserName: 'chrome' } }, myFirefoxBrowser: { desiredCapabilities: { browserName: 'firefox' } } } // ... };

With this config, every time you use the variable browser it will repeat the actions on each browser.

So, for example, this test:

var assert = require('assert'); describe('create article', function() { it('should be possible to create articles.', function() { browser.login('some user', 'password'); browser.url('http://example.com/node/add/article') browser.setValueSafe('#edit-title-0-value', 'My new article'); browser.setWysiwygValue('edit-body-0-value', 'My new article body text'); browser.click('#edit-submit'); browser.waitForVisible('.node-published'); }); });

will be executed multiple times with different browsers.

Each step of the test is executed for all the browsers defined.

Instead of using browser you can make use of the keys defined in the capabilities section of the wdio.conf.js file. Replacing browser with myFirefoxBrowser will execute the test only in the Firefox instance, allowing you to use the other browser for other types of actions.

Using the browser name, you can specify where to run each step of the test. The Custom Command Problem

If you take a deeper look at previous code, you will notice that there are three special commands that are not part of the WebdriverIO API. login, setValueSafe and setWysiwygValue are custom commands that we attach to the browser object.

You can see the code of some of those commands in the drupal-elm-starter code.

The problem is – as @amitai realized some time ago – that custom commands don’t play really well with the multiremote approach. A possible solution to keep the custom commands available in all of the browsers is to use some sort of class to wrap the browser object. Something similar to the PageObject pattern.

An example of the code is below:

class Page { constructor(browser = null) { this._browser = browser; } get browser() { if (this._browser) { return this._browser; } // Fallback to some browser. return myChromeBrowser; } visit(path) { this.browser.url(path); } setWysiwygValue(field_name, text) { this.browser.execute( 'CKEDITOR.instances["' + field_name + '"].insertText("' + text + '");' ); } login(user, password) { this.visit('/user/login'); this.browser.waitForVisible('#user-login-form'); this.browser.setValue('#edit-name', user); this.browser.setValue('#edit-pass', password); this.browser.submitForm('#user-login-form'); this.browser.waitForVisible('body.user-logged-in'); } } module.exports = Page;

So now, you have a wrapper class that you can use in your tests. You can create multiple instances of this class to access the different browsers while you are running a test.

var assert = require('assert'); var Page = require('../page_objects/page'); describe('create article', function() { it('should be possible to create articles.', function() { let chrome = new Page(myChromeBrowser); let firefox = new Page(myFirefoxBrowser); chrome.login('some user', 'password'); firefox.login('admin', 'admin'); chrome.visit('http://example.com/node/add/article') chrome.setValueSafe('#edit-title-0-value', 'My new article'); chrome.setWysiwygValue('edit-body-0-value', 'My new article body text'); chrome.browser.click('#edit-submit'); // Here is where the second browser start to work. // This clicks the publish button of the workflow module firefox.visit('/my-new-article'); firefox.browser.click('#edit-submit'); // Once the node was published by another user in another browser // you can run the final assertions. chrome.browser.waitForVisible('.node-published'); }); }); What About Automated Tests?

You may be also wondering, does this work seemlessly for automated tests? And the answer is: yes. We have only tried it using the same browser version in different instances. This means that we trigger several chrome browser instances that acts as independent browsers.

If you have limitations in how many cores you have availble to run tests, it should not limit how many browsers you can spawn. They will just wait their turn when a core becomes available. You can read more on how we configure travis to optimize resources.

As you can see, having multiple browsers available to run tests simplifies their structure. Even if you know that you will not need a multiremote approach at first, it may be a good idea to structure your tests using this browser wrapper, as you don’t know if you will need to refactor all of your tests to run things differently in the future.

This approach also can help to refactor the ideas provided by one of our prior posts. Using JSON API with WebdriverIO Tests so you don’t need to worry about login in with the right user to make the json requests.

Continue reading…

Categories: Drupal

Ben's SEO Blog: Topic Clusters Are Old News to Drupal SEO

30 July 2018 - 10:00pm

Topic clusters has been a hot topic in the SEO community lately. They move the emphasis in SEO away from individual keywords to broader categories. Instead of optimizing a page for a keyword like “reduced fat mozzarella cheese”, the goal is to create valuable content for a strategic category such as “cheese”. By focusing on multiple topics within categories and linking these pages to the main topic page, businesses gain authority and performance for the entire topic cluster.

I agree that it’s a great idea, I’m just not so sure that it’s a “new” one. Organizing by topic clusters is old news for Drupal; it has had this capability for years. If you have a Drupal website, you may be ahead of the trend and well positioned for changing SEO strategies. Even if you haven’t designed your... Read the full article: Topic Clusters Are Old News to Drupal SEO

Categories: Drupal

Promet Source: The Path to Migration

30 July 2018 - 6:12pm
When it’s time for a new site, the word “migration” is often dropped in conversations. Every organization looking at a migration in the future will have their own reasons for doing so, their own history, their own future goals. In this article, we will present the following topics as a means to empower you to recognize aspects of website migration you might otherwise overlook.
Categories: Drupal

Security public service announcements: Drupal 8 release on August 1st, 2018 - DRUPAL-PSA-2018-07-30

30 July 2018 - 8:23am

The Drupal Security Team will be coordinating a security release for Drupal 8 this week on Wednesday, August 1, 2018. (We are issuing this PSA in advance because the in the regular security release window schedule, August 1 would not typically be a core security window.)

The Drupal 8 core release will be made between noon and 3pm EDT. It is rated as moderately critical and will be an update to a vendor library only.

August 1 also remains a normal security release window for contributed projects.

Categories: Drupal

Dries Buytaert: Building digital backpacks for Syrian refugees

30 July 2018 - 8:16am

I recently heard a heart-warming story from the University of California, Davis. Last month, UC Davis used Drupal to launch Article 26 Backpack, a platform that helps Syrian Refugees document and share their educational credentials.

Over the course of the Syrian civil war, more than 12 million civilians have been displaced. Hundreds of thousands of these refugees are students, who now have to overcome the obstacle of re-entering the workforce or pursuing educational degrees away from home.

Article 26 Backpack addresses this challenge by offering refugees a secure way to share their educational credentials with admissions offices, scholarship agencies, and potentials employers. The program also includes face-to-face counseling to provide participants with academic advisory and career development.

The UC Davis team launched their Drupal 8 application for Article 26 Backpack in four months. On the site, students can securely store their educational data, such as diplomas, transcripts and resumes. The next phase of the project will be to leverage Drupal’s multilingual capabilities to offer the site in Arabic as well.

This is a great example of how organizations are using Drupal to prioritize impact. It’s always inspiring to hear stories of how Drupal is changing lives for the better. Thank you to the UC Davis team for sharing their story, and continue the good work!

Categories: Drupal

Acro Media: How to Choose the Right Point of Sale System for Your Business

30 July 2018 - 7:45am
Comparing Drupal POS, Shopify POS and Square POS


If you need to accept card payment in a physical location, you need a point of sale (POS) system. There are many different POS systems out there so knowing how to choose the right one for your business can be challenging. All systems claim to be everything you need, however this might not be the case for all businesses. Most POS systems are designed around “industry best practices,” meaning that they try to serve the majority of businesses based on the most common needs. Many systems start to fail when the requirements of the business break away from the norm.

How do you choose the right point of sale for your business? The best way I’ve found is to look at three or four different examples and do a direct comparison. Today I’ll compare 3 different web-based point of sales systems - Drupal POS, Shopify POS, and Square POS. I’ll look at features, costs, usability, integrations, and more. In the end, I’ll try to understand the strengths and weaknesses of each and ultimately determine what business types they work best with.

All of the POS systems I examine today are web-based (or cloud-based). This means that these systems are connected to the internet and all of the data is kept online. Web-based systems are increasingly becoming more popular because they are generally easier to setup and require less time and knowledge to maintain. They can also integrate with your eCommerce store. You can read more benefits here.

The point of sale systems

Here is an introduction to the three POS systems I’ll be comparing.

Drupal POS

Drupal POS is a free add-on to the popular Drupal content management system. Drupal is open-source and completely free to use. It’s known as a very developer-friendly platform to build a website on and has a massive community, over a million strong, helping to advance the software and keep it secure. The open-source eCommerce component for Drupal is called Drupal Commerce. While Drupal Commerce has a relatively small market share, the platform is very powerful and can be a very good choice for businesses that have demanding requirements or unique product offerings.

Shopify POS

Shopify POS integrates with the popular Shopify SaaS eCommerce platform. Unlike Drupal Commerce, Shopify is a standalone product and stores running on the platform pay a monthly subscription fee to use it. With that said, business owners are given a well developed tool out-of-the-box that has all of the bells and whistles most stores require to get up and running fast. Shopify aims to serve the common needs of most businesses, so very unique business requirements can be hard to achieve.

Square POS

Square POS is an add-on point of sale service for your business and is not really a platform for running your entire store, although it does now offer a basic eCommerce component. It can also integrate with many eCommerce platforms, including Drupal Commerce. Square aims to make the process of accepting card payment easy to do, without bulky equipment.

Service comparison

Below is a side-by-side comparison of each service (as of July, 2018). Note that some of the information below applies to stores who also have an eCommerce component. If you don’t need eCommerce, you can ignore those items.

Note for mobile viewers: Swipe the table side-to-side to see it all.

 

Drupal POS

Shopify POS

Square POS

Service philosophy

Open-source 

Proprietary Proprietary Service support Yes *
* via Drupal Commerce, in-house IT or third-party support  Yes *
* via Shopify or third-party support Yes *
* via Square Setup costs for basic service  $0 *
* The software doesn’t cost anything to use, however you may need to pay someone to set it up for you

$29 USD *
* Basic package pricing

$0 Ongoing costs for basic service $0 *
* The software doesn’t cost anything to use, however you may need to pay someone to apply occasional software updates. Third-party transactions fees may apply. Website domain and hosting also required $29/mth plus transaction fees and add-on product fees. Monthly fee increases with package Transaction fees and add-on product fees Payment gateways Third-party Shopify or third-party Square Accept cash payments Yes  Yes Yes  Accept card payments Yes Yes Yes Save cards (card on file) Yes  Yes  Yes Process recurring payments (i.e. subscriptions) Yes Yes *
* Third-party add-on required with separate monthly fees Yes Accept mobile payments Yes *
* Third-party hardware required Yes *
* Monthly fee for service hardware Yes *
* $59 USD one time price for service hardware Built in invoicing Yes *
* Using free add-on Yes Yes Apply discounts and promotions Yes Yes Yes Use with gift cards & coupon codes Yes Yes *
* Not available for basic plan  Yes  Printed gift cards provided by service  No *
* Add-on could be created to allow this functionality, but does not currently exist Yes *
* Additional fee for printing  Yes *
* Additional fee for printing Integrated taxes  Yes *
* Advanced taxes can be handled via third-party add-ons or configured directly within the platform Yes Yes *
* Third-party add-ons required
  Apply additional custom fees (i.e. environment fees, tipping, donations, etc.) Yes Yes Yes *
* Limited to tipping Built-in eCommerce Shop Yes *
* Drupal POS is an add-on for Drupal Commerce Yes *
* Shopify POS is an add-on for Shopify Yes *
* Basic Square store or integrate with third-party platforms Built-in website and blog Yes Yes  Yes  Multi-business (separate businesses using same platform or account) Yes No *
* Separate account required for each business No *
* Separate account required for each business/bank account Multi-store (multiple locations or stores of the same business) Yes  Yes  Yes  Number of products allowed Unlimited 2000-7000 *
* Number depends on device used to manage inventory Unlimited *
* Square eCommerce store only displays 1000 products. Third-party platform needed to run a larger store Number of product variations allowed Unlimited 4000-10,000 *
* Number depends on device used to manage inventory Unlimited * 
* Square eCommerce store only displays 1000 products. Third-party platform needed to run a larger store Number of registers allowed Unlimited Unlimited  Unlimited Number of cashiers accounts allowed Unlimited  2 *
* Number of accounts increase with service plan Unlimited  Access controls Yes Yes  Yes *
* Additional fee of $6/employee  Create new user roles for advanced access controls Yes No Yes *
* Grouped with additional fee above. Mobile POS (i.e. use at trade shows, markets, etc.) Yes Yes Yes Sync inventory between online and offline stores Yes Yes Yes *
* Third-party platforms may not be able to sync inventory  Sync user accounts between online and offline stores Yes Yes Yes Sync orders between online and offline stores Yes Yes Yes  Park & retrieve orders Yes  Yes  Yes  Abandoned cart recovery (eCommerce) Yes *
* Using free add-on or third-party solutions Yes Yes *
* Requires third-party solutions Generate product labels Yes Yes Yes Print receipt Yes  Yes  Yes  Email receipt Yes Yes Yes  Customize receipt information Yes Yes *
* No layout customization, only the information shown Yes *
* No layout customization, only the information shown Process returns Yes Yes Yes  Basic reporting Yes Yes *
* Not available for basic plan Yes  Advanced reporting Yes *
* Using free add-on Yes *
* Not available for basic or mid-tier plans Yes  Supported operating systems Any *
* Requires only a web browser to use  Android, iOS *
* Requires app. iPad recommended with limited support for iPhone and Android Android, iOS *
* Requires app Themable (i.e. brand the POS interface) Yes  No No Customer facing display Yes No No Integrate with accounting/bookkeeping services? Yes Yes  Yes Integrate with other eCommerce sales platforms (Amazon, Ebay, etc.)? Yes Yes Yes *
* Only if using third-party eCommerce platform that supports this Integrate with marketing services (MailChimp, HubSpot, etc.)? Yes Yes Yes *
* Only if using third-party eCommerce platform that supports this Integrate with shipping providers (FedEx, UPS, etc.)? Yes Yes Yes Third-party calculated shipping rates Yes Yes *
* Not available for basic or mid-tier plans No Generate shipping labels Yes Yes Yes *
* Integration with ShipStation adds this functionality for an extra monthly cost Custom integrations with third-party services Yes Yes Yes Use offline (and have your transactions sync once back online) No *
* This is a requested feature currently in discussion Yes *
* Can only accept cash or other manual payments Yes Personalized customer feedback/support Yes Yes Yes Hardware Requirements Cashier terminal Third-party *
* Can be anything that runs a web browser (computer, tablet, phone, etc.) Third-party *
* iPad recommended with limited support for iPhone and Android Third-party *
* Any device running Android or iOS Card reader Third-party Provided Provided  Contactless payment Third-party Third-party Proprietary only  Cash drawer Third-party Third-party  Third-party  Barcode scanner Third-party *
* Can be a traditional barcode scanner or anything with a camera (i.e. phone, tablet, webcam, etc.) Third-party Third-party  Receipt printer Third-party Third-party  Third-party  Barcode printer Third-party Third-party None  Customer facing display Third-party *
* Can be anything that runs a web browser (computer, tablet, phone, etc) None None Custom/DIY hardware Yes No No What business is best suited for each POS?

As you can see, all three options have most of the same features. Most businesses would probably be fine with any of them, but let’s see if we can distil down where each system fits best.

Drupal POS Who’s it for?

If you have a medium to large business with unique business requirements, Drupal POS could be the ideal platform for you to work with. For small business, Drupal POS and Drupal Commerce might not be for you. The initial cost to get a site built might be too high for your budget, however, if you look at the long term fees charged month by month from the other venders, this upfront cost will be saved in a matter of time. Also, if you have a really obscure need that no other platform will accomodate, Drupal Commerce can.

If you’re already running a Drupal Commerce store and now want to add point of sale to your physical locations, Drupal POS is probably a no-brainer. It’s built on-top of the existing Commerce architecture, so you know it will integrate properly in every way, and you can utilize your existing web development service provider to help you set it up.

Additional details:

If you’re not already using Drupal then you have some larger questions to consider. Do you already have an ecommerce website? Would you be willing to invest in replatforming? Since Drupal Commerce is an eCommerce platform, you would ideally be running your whole operation from Drupal Commerce. That’s not necessarily a bad thing though. Drupal can readily handle any business case you can throw at it. It can integrate with virtually any third-party service, it can provide you with a single location to manage all of your products, orders, customer accounts, etc., it’s built to scale with your business, and on top of all that it’s a powerful content management system that will run your blog and any other content need you might have.

From a support point of view, because Drupal is open-source, you don’t have a single source of support to contact. Instead, you would need to utilize your current web development service provider (if you have one), or work with one of the many Drupal agencies out there who are specialized in Drupal development. This means you can shop around and find the company will work best with you.

Another advantage to Drupal POS (and Drupal as a whole) is that because it’s free, open-source software, you don’t actually have any type of fee to use it. Not one cent. You can have as many stores, products, staff accounts, transactions, registers, etc. as you need, and the price is still $0. Instead of spending your hard earned money on platform fees, you can now redirect those funds to developing your website and POS to do whatever you need it to, or towards marketing, or staffing, or growing your business.

Shopify POS Who’s it for?

If you’re a small to medium sized business who is just getting started, you don’t have a large budget, and you want the best eCommerce site with POS capabilities, Shopify and Shopify POS is probably your best bet. Also, if you’re already running a Shopify site and happy with it, the Shopify POS is probably ideal for you.

For your business is growing or you run a large, enterprise level company, Shopify and Shopify POS probably won’t cut it with what you need. For one, the fees associated with this level of company can be significant. If you’re at that point, replatforming to something like Drupal Commerce can recuperate a lot of lost earnings and give you full control of your development path, without restrictions.

Additional details:

Shopify has built their business around being easy. Whether it’s opening up a new store or managing your inventory and customers, the Shopify interface is clean and straightforward. As mentioned earlier, it’s ideal for small and medium sized companies just getting started.

However, where Shopify starts to fail is when your business growth is strong and your requirements start to become more complicated. With Shopify, the number of products and product variations you’re allowed can limit your growth. As you start adding more staff, your costs go up. You can pretty quickly go from a $29/mth plan to a $300+/mth plan in short order. 

Another possible deal-breaker is if you product offerings have very unique requirements. Shopify is built to work around the most common business requirements. When your business breaks out of this mold, the platform isn’t designed to accommodate. However, if you can stay within the “typical” business requirements, Shopify probably has everything you need as long as you’re willing to pay for it.

Square POS Who’s it for?

Square POS is great for small businesses and food service businesses. It’s an easy to use, low-cost option that doesn’t really require anything more than your phone and the provided card reader. Their software interface is clean and easy to understand.

If you’re a medium to large business, or you have very high traffic, Square POS might not be for you. Square is mainly an add-on service to existing businesses, so don’t expect much from an eCommerce perspective. 

Additional details:

Square has become a pretty common sight around town these days, especially when you’re at small business such as cafes or walking around a farmers/artisan market. Square has been able to provide a very good product that allows people to jump in to card transactions easily. It fills this need.

When your business grows and you start having multiple stores and an eCommerce component, you may quickly grow beyond Square’s capabilities. Drupal POS and Shopify POS both have native eCommerce that they work with. This is important when you’re talking about inventory management and other integrations. While Square does have a basic eCommerce component and can integrate with various eCommerce platforms (Drupal Commerce being one of them), you may struggle to get some of the features that Drupal Commerce and Shopify have by default.

Your point of sale integrator

Acro Media is an open-source eCommerce development agency. Our experience in this area is vast and we would love to share it with you. If you have a project that you’d like to discuss, one of our friendly business developers are always available to have that discussion at no cost to you.

Categories: Drupal

Evolving Web: Why We Use Drupal

30 July 2018 - 5:58am

Choosing a content management system is like choosing a set of building materials: it has ramifications for what you'll be able to create, how much it will cost and how well it will turn out. Like many other web development companies, mine started off building WordPress sites. However, we soon found that WordPress couldn't always deliver the custom functionality our clients needed. We also built out some applications with Ruby on Rails but ran into the opposite problem: it was definitely flexible enough, but it was too expensive for many of our clients because it required a great deal of custom development. Finally, we tried Drupal, which proved to give us the best of both worlds: it provided a lot of functionality, but also allowed to us to fulfill our customers' specific needs.

Here are five of the reasons why I continue to recommend Drupal:

1.Flexibility and Modularity

As I've mentioned, Drupal allows you to craft exactly the website solution you need. It doesn't assume a particular use case out-of-the-box. Its flexibility comes from its modularity. There are thousands of modules available on Drupal.org, covering everything from event registrations to embedded videos to analytics. When necessary, you can also create your own custom modules.In general, Drupal modules are designed to do one thing or add one new feature to your site. Sometimes you need to add multiple modules that work together to get the functionality you want. This means they can be combined in flexible ways. You can think of them like a LEGO set: whereas other content-management systems might offer you a pre-assembled house or car or boat, Drupal provides the blocks to let you build whatever suits you best.

2.Active Community

It's supported by an active community. Drupal is more than just software: it's also the focal point of an open-source community of more than a million people. Developers, designers, trainers, translators, strategists and others all contribute to improving its core, developing new modules, sharing best practices, organizing events and supporting each other with troubleshooting advice, constructive feedback and tutorials.

Drupal's community is one of the reasons why it's trusted by the United Nationss,NASA, UNESCO and hundreds of other governmental bodies around the world. Security threats do arise---and this is inevitable no matter what system you're using---but with tens of thousands of people constantly reviewing the code, they are quickly reported to Drupal's dedicated security team and efficiently addressed.

3.Multilingual Features

It's thoroughly multilingual. Right from the get-go, Drupal lets you choose from 100 installation languages. Each member of your team can then choose their own preferred language for the administrative interface, which will help them feel comfortable and do their best work.

When it comes to user-facing elements, Drupal gives you the power to fine-tune your language strategy. For instance, do you need tailored information or page layouts for particular languages? What would you like to display if there's no translation available for a given page? Should user searches bring up content from all languages or just the selected one? The choice is yours.

Finally, the Drupal community itself is multilingual, which means you'll likely be able to ask questions and find resources in your chosen tongue. (Good news for Canadians: French is highly supported.)

4.API-First Architecture

It's a platform that can be used as a backend for front-end applications. The latest version of Drupal was created with today's mediascape in mind. It recognizes that people consume content not only on websites but also using mobile apps, email newsletters, social media, wearables and so on.

Drupal is an "API-first" system, meaning that it can help you easily create and manage your content in one central location, then display various front-end versions of it, each one adapted to a particular channel. There are plans to add JSON API support to Drupal 8.6, which will provide even better API support out- of-the-box.

5.Accessibility

It's accessible by default. Drupal is set up to build websites that can be used, edited and administered by people with visual, auditory, cognitive or mobility disabilities. In fact, internationally recognized accessibility standards---the World Wide Web Consortium's Web Content Accessibility Guidelines (WCAG 2.0) and Authoring Tool Accessibility Guidelines (ATAG 2.0)---are built right into Drupal's core code. Some organizations, especially government agencies, are required to meet these standards, and the rest still have every reason to improve their site's usability and reach in this way. As a nice bonus, accessible sites rank higher in search engines.

To discuss how Evolving Web could use Drupal to meet the needs of your web project, contact us. To try out Drupal for yourself, sign up for one of our training sessions.

+ more awesome articles by Evolving Web
Categories: Drupal

OpenSense Labs: Audience Segmentation: The Ultimate Need Of Web Personalisation

30 July 2018 - 5:55am
Audience Segmentation: The Ultimate Need Of Web Personalisation Shankar Mon, 07/30/2018 - 18:25

A stand-up comedian has this arduous task of presenting rib-tickling jokes to the audience but it involves proper strategy as well. He would talk about funny instances from the school life if the audience is packed with students. Or, he would talk about the patient-doctor relationship for an audience full of doctors. Business enterprises apply similar web personalisation strategy to tailor the content on the website for their audience.

 

Segmenting your visitors helps you identify who they are and frame web personalisation strategy accordingly.

To personalise the web experience, audience segmentation is one of the key prerequisites to be adhered to. Segmenting your visitors helps you identify who they are and frame web personalisation strategy accordingly. Drupal has amazing capabilities to enable personalisation on your website.

The Assortment of Audience Segmentation

What is the segmentation and how do you do it? The process of splitting your audience into distinguishable groups based on specific criteria, contexts and/or conditions comes under segmentation. With real-time personalisation, segments of the audience are based on criteria which can either be detected automatically or derived from previously compiled user data.

There are several different categories of criteria on which audience segmentation can be done. Broadly speaking, all these different criteria come under two groups

Implicit data

When the information is implied or assumed, it is referred to as implicit data. This gives you an idea of a user’s intentions or needs but is not plainly conveyed by the user. This data allows you to test a hypothesis, recommend content, or to inform a content experiment like A/B test.

When you derive the interests of a person on the basis of the pages they have visited, such information would come under implicit data.

Explicit data

This kind of data is clear and specific and leaves no room for any kind of doubt. Explicit data can be comprised of visitor attributes detected automatically or the data which a user chooses to provide like their personal information and preferences.

When you tailor your content on the basis of the user’s age, gender, location or the kind of device being used, it comes under explicit data.

Rules-based Personalisation vs Predictive Personalisation Rules-based personalisation Predictive personalisation Personalisation done on the basis of explicit data Personalisation done on the basis of implicit data

When the explicit data is used to personalise web experience, it is referred to as rules-based personalisation. Content is personalised when the specific rules and conditions are met.

Predictive personalisation leverages implicit data to tailor the content to the audience. It helps in customizing offers and communications precisely by predicting customer behaviour, needs, and wants. 

Predictive personalisation selects the most relevant content for the audience based on the best performing content variation like a landing page that has led to the most amount of conversions.

Segmentation Criteria

Both implicit and explicit data can be used together to an effect to optimise the user experience. Types of Segmentation Criteria used to personalise content on the basis of implicit and explicit data includes:

Demographics

The qualities or attributes of a specific group of people is what demographics refers to. Demographic criteria for the web personalisation is explicit as the data provided is mostly personal like information given by the visitor through sign-up, form fill or an account registration.

Personalised ad campaigns on the basis of demographic criteria on Facebook Business benefitted online retailer Matsmart

Demographic criteria constitutes:

  • Age
  • Gender
  • Salary
  • Occupation

Where can it be seen?

  • Online stores recommend clothes on the basis of gender.
  • Travel companies target promotional campaigns with Indian tour packages for senior citizens.
Geographic adherence

Geographic criteria is a type of demographic data which can be used to meet the needs of customers in a particular region.

Nikon, world leader in optics and imaging, uses geographic criteria as part of their web personalisation strategy.

Geographic criteria comprise of:

  • Specific location
  • General region like State/Province
  • Local time or weather

Where can it be seen?

  • A news television channel can automatically show news coverage relevant to the local region of the user.
  • An online retailer can dynamically determine the local weather patterns of the user and show personalised product recommendations. For instance, a sale on sun protection creams for online visitors on sunny days and sale on raincoats for users in rain-hit locations.
Behavioural patterns

The patterns shown in the behaviour of the audience can prove to be a determining user interest. Visitor behaviour mostly includes criteria detected automatically and implicit data delineating the current or past history of browsing sessions.

Amazon’s recommendations based on user’s behavioural patterns in terms of past purchases

Behavioural patterns include:

  • Content topics visited by the user the most
  • Specific content visited by the user the most
  • The click path or the order in which the visitor is viewing the content
  • New visitors vs. returning visitors
  • Past site downloads
  • Recent conversions or purchases

Where can it be seen?

  • A healthcare site can display listicle showing recommended blogs about a specific disease on the basis of other articles visited by the user.
  • A digital agency can show topical marketing messages on the website on the basis of white papers and ebooks downloaded by the user previously.
Session and other visitor metadata Demonstration showing Samsung Galaxy S6 and Galaxy S6 Plus devices as part of data collected on mobile data usage for personalised ad creation

Personalisation can also be done on the basis of explicit attributes of the browsing session. An Econsultancy report stated that O2, a leading digital communications company, used the data based on the mobile device usage and location to make their ‘tariff refresh’ ad more relevant and tailor the messaging to their consumers. The betterment of 128% was observed through personalised ads in terms of click-through-rate (CTR).

     

    Session attributes consist of:

    • Browser or Device type
    • Source or referral type
    • Authenticated users vs. Anonymous users

    Where can it be seen?

    • A mobile application company can automatically detect the kind of smartphone user is using and deliver personalised promotional campaigns for applications that are compatible with the user’s device.
    • The homepage of the website of a SaaS-based company can display relevant messaging depending on whether the user has arrived from a direct link, a search engine ad, a banner ad, an organic search engine result, or a partner/affiliate site.
    User Profile

    Previously gathered data constitutes user profile criteria. It can include account details from a CMS like Drupal, customer record in a CRM like Salesforce, or a personal information from a social media platform like Twitter.

    Netflix offers personalised movie recommendation to the Indian users

    User profile criteria include:

    • Demographic data
    • User preferences
    • Customer type or account history
    • Subscriber information

    Where can it be seen?

    • A newspaper website can show a personalised list of news articles based on topics that the subscriber has indicated he is interested in.
    • A customer at a basic level of service can be presented with a promotional offer to upgrade to premium version.
    • Promotional messages for a customer can be displayed to renew their membership based on account history data that shows that his or her membership is nearing expiry date.
    Segment vs Persona

    Market segmentation and buyer persona may seem similar as they both help in grouping together current and potential customers. But they provide separate use cases for the businesses. Both the tools come handy in depicting how a business should market the product to its customers. And once they have caught customer’s attention, they can also strategise how best to target them to meet their needs and wants.

    So we have already seen what segmentation is. Then what are buyer personas? They are fictitious characters created by a retailer to simulate a real customer. Personas are made on profiles that would include foundational information gathered from research done with real people. These profiles directly represent customer groups that share similar values, behaviours and goals.

    Personas add the emotional and behavioural component to the customer profiles thereby adding that extra layer of warm fuzzies. A persona template
    Source: Sailthru

    In addition to these basic profiles, personas are used to give names, faces, personalities, and families to delineate accurately what that person would want and need in real life. Thus, personas add the emotional and behavioural component to their customer profiles thereby adding that extra layer of warm fuzzies. Once done, it helps in determining the end goal for a particular customer to target them appropriately.

    Leveraging the best of Drupal for Web Personalisation Drupal provides an amazing platform to personalise the content on your website and enhance user engagement.

    Drupal module, Acquia Lift Connector allows an integration with Acquia Lift service to give true insights on what customers want and do not want which helps in serving personalised content. This helps digital marketers to get control over automation, testing and measurement of marketing activities.

    This module helps in the unification of content and the insight gathered from various sources about the customers for delivering in-context and personalised experiences across multiple channels.

    Features like drag-and-drop user interface for targeting messages, A/B testing, unifying customer profile, syndicating content, behavioural targeting and combining anonymous and known online visitor profiles make it a highly valuable tool to empower digital firms in delivering the most cohesive and personalised experience.

    Conclusion

    Web personalisation is a useful strategy that can determine an organisation’s engagement ratio with its audience. To meet the needs and wants of its audience, segmentation must be done to understand your customers and potential customers. Audience segmentation is an integral prerequisite of web personalisation which every digital firm must adhere to.

    Leveraging the flexibility that Drupal offers in personalising the site, it can prove to be a remarkable platform for businesses. We excel at Drupal services with Drupal Development as our numero uno service and can guide you in building a business website with personalised content.

    Send us your mail at hello@opensenselabs.com to enable web personalisation strategies for your Drupal site development.

    blog banner blog image audience segmentation web personalisation persona buyer persona rules-based personalisation predictive personalisation Blog Type Articles Is it a good read ? On
    Categories: Drupal

    Pages