Commerce Guys: Commerce Kickstart Covered for SA-CORE-2018-002

Planet Drupal - 29 March 2018 - 8:06am

On March 21st 2018, the Drupal security team posted a public service announcement that Drupal core would be receiving a security release. The vulnerability affected Drupal 6, Drupal 7, all versions of Drupal 8, and Backdrop (a fork of Drupal during the rewrite to version 8.) On March 28th that security release landed, and the Drupal world went scrambling to apply updates. As maintainers of Commerce Kickstart we have to be conscious of Drupal core releases, especially security ones.

In preparation for the upcoming security release, we had patches ready to commit. Since there would be no other Drupal core releases before the security update, we could make our prepared changes ahead of time and push them once the releases landed. Within minutes of the security release dropping and the Git backend for becoming available, the release tags were pushed.

For our Pantheon users, our first step was to merge in Pantheon’s Drupal 7 upstream and receive the Drupal core security fix. Once the packaging system of built the Commerce Kickstart 2.53 release, we pushed that out as well.

All in all, by 3PM CDT the releases for Commerce Kickstart 1.51 and 2.53 were out. We experienced some packaging issues due to a malicious attack hitting during the security announcement and a backed up packaging queue. However, we monitored chat channels and communicated the process throughout.

Commerce Kickstart 1.51, 2.53 released. The @getpantheon upstream has been updated as well. GO AND GET YOUR SA-CORE-2018-002 FIXES NOW.

— Matt Glaman (@nmdmatt) March 28, 2018

Thanks to the Drupal Security and Infrastructure teams for handling this release and all the stress they endured.

Categories: Drupal

Dark.Net Now Available From WizKids

Tabletop Gaming News - 29 March 2018 - 8:00am
In a not-too-distant future, four giant corporations have taken over every aspect of life. Those that live in this dystopian world can choose to either just go and work for one of them, or live life out on the edge. There, reputation is everything and information is the most valuable currency. In Dark.Net, players find […]
Categories: Game Theory & Design

Acro Media: Drupal Website Debugging and Site Performance

Planet Drupal - 29 March 2018 - 8:00am

Debugging a website (Drupal or otherwise) can be challenging. In this video, I go through a recent situation I faced where a client had reported their Drupal Commerce site completely slowing down every hour or so. I'll discuss the process I followed to figure out the problem and get it fixed.

Here's a breakdown of what happened
  1. I first used New Relic to see where the slowdown was happening. It could be a database issue, a PHP issue, maybe an external service call, who knows? New Relic can help determine this and I was able to determine that it was a database load issue that I was facing.

  2. Then I checked the system logs. Every hour or so, there were a lot of database insertions happening on a number of tables. It seemed really out of place and initially I couldn't narrow down why. I checked the logs and found that system cron was running at the exactly same time as the slowdown. It was also running for a similar amount of time that the slowdown was taking place. Normally, system cron only takes 1-20 seconds, but here it was running for about 3 minutes!
  3. Now I can review cron's code to see what should be happening. I found that cron will generate a list of tables and flush out the expired cache. Generating the list is a very resource intensive process and on this particular site, the list being generated was very large and complicated. After the list is generated, it should get permanently cached in the database and therefor it doesn't become a resource issue later. However, for some reason it was being deleted every time. This ended up being the issue I needed to find out, what was deleting the list.

  4. Since I needed to determine why it was being deleted, I attached logging to the general function used for deleting cache. From here I was able to trace it back to Drush, but I still didn't understand why Drush would be deleting this list of tables. I had to dig further.

  5. Eventually, I discovered what was happening. It turned out that the version of Drush that was being used was doing a call to try and find the system logging. However, it couldn't find it and as a side effect it cleared the cached list that cron had generated. Cron, which ran every hour, then couldn't find the cached list and so need to build it again. It was a cycle that just kept repeating itself every hour. I now understood the problem!

  6. And now for the fix. I needed to know why Drush was doing this and if I could prevent it. I first looked around the Drush project issue queue on Drupal.og and talked to a Drush maintainer. I wanted to know if this was an issue others were also experiencing. It turns out that it WAS a known issue and that it was resolved in a later release! The version on the site that I was working on was a few major versions behind. I bought the site up to the latest release and the issue was fixed! Cron ran and took only about 5 seconds, the generated list of tables was being cached and staying cached, and Drush was not clearing it out.
A good debugging exercise

The bug ended up being one that was with Drush, and not the website. The result, through an odd chain of events, ended up bringing the clients site to a standstill nearly every hour. Now that it's resolved, I can look back and see that it was a good exercise in debugging. Even though I didn't need to build the fix myself, it still took a lot of time and understanding to arrive at the fix, and it was great to have it resolved. Hopefully, if you find this because of a similar issue, maybe I can save you a little bit of time.

We can help

If your experiencing issues with your Drupal Commerce website, the good news is that we can help! Contact us if you would like to discuss your options.

Related Links
Categories: Drupal

Static root page

New Drupal Modules - 29 March 2018 - 7:49am

This module provides a static root page for multilingual websites with no
prefered language.

Categories: Drupal

CE 9 - Both Foul and Deep

New RPG Product Reviews - 29 March 2018 - 7:45am
Publisher: Purple Duck Games
Rating: 5
An review

This DCC-toolkit clocks in at 53 pages, 1 page front cover, 2 pages SRD, leaving us with a massive 50 pages of content, though these are formatted for 6’’ by 9’’ digest size (A5), which means you can fit multiple pages on one sheet of paper.

This review was moved up in my reviewing queue at the request of my patreons.

So, first things first, in case you’re new to the series: The Campaign Elements-series is basically a collection of set-pieces supplemented with rules, intended to be dropped as is into an ongoing campaign…or to be used as a scavenging ground. As such, this sits squarely on the line between modules and setting supplements – while it can be used as written, it is just as useful as a file to supplement other modules; take e.g. “The Jeweler that dealt in Stardust” – the module assumes that the smartest way for the PCs to enter the locale would be via the sewers, but there isn’t much going on there. This is where an enterprising judge can employ this supplement, as we get a ton of material for sewers.

Wait. I know. Sewer levels/environments have a bad reputation. I can name, at the top of my head, a ton of modules that take place in sewers. Among these, 10%, at most, are worthwhile. But what if you want/need to run such a module? Well, this pdf pretty much helps dealing with that issue. We begin with a summary of different hooks to get the PCs down into the sewers. From there, we move on to general terrain features, the first thing a lot of modules in sewers fail to properly take into account. So yes, falling into sewage is a BAD idea – 6 different diseases can be found herein, ranging from mites and parasitic worms and scarlet rash. The second component many sewer-scenarios get wrong is that they depict, ironically, I might add, sewers as a mechanically sterile environment – this pdf does help here quite a bit: We get a d30 random encounter table, which brings me to one of the main components of this pdf.

You see, we not only get the usual people of the sewers (including secret taverns, cultists, etc.), but also a bunch of components we usually don’t see: Filthlarks, for example, the scavengers of the filthy places, gentlemen clubbers going to a clandestine meeting…and there are resurrection men; basically grave robbers in the name of science. Beyond those, we also get what amounts to a pretty massive bestiary section: We get albino alligators, aliens rats from another world, blood slugs, centipedes that seek to burrow into your flesh, carrion moths that spread hallucinogenic powder via their wings…even cooler: What about the cessceada? These swarming insects can cause the skin of those infected to slough off. There are beetles that can be sold to the dyer’s guild for profit, particularly agile drain runner foes, disgusting oozes, filth elementals… Have I mentioned the globlins that split by fission? Hellspore fungi and lamprey swarms are cool, and in the dark recesses, there also is the terrifying loathly one; there are phantom gentlemen…and more. This bestiary section is really cool, with each of the entries breathing some form of truly intriguing and captivating idea, in spite of the sometimes down to earth theme.

The pdf also provides the patron Squallas, mistress of the night soil rivers, but we only get the invoke patron table here – no custom spells, patron taint or spellburn, but all right. This would btw. be as well a place as any, there are quite a few really nice full-color illustrations throughout the pdf – particularly the sewer troll image is nice.

At this point, it should be noted that judges with an extensive library of books may find some nice easter eggs here and there – in the case of the troll, for example, a nod to the upcoming, Angels, Daemons and Beings Between II by Shinobi 27 Press. These nods are unobtrusive enough to not impede your enjoyment of the content, but certainly should be fun for quite a few judges…and they provide obscure and potentially easily ignored links you can further develop…but I digress.

Now, so far, I have mainly commented on the toolbox-y aspects of this pdf, but it is also an adventure locale. We get a solid b/w-map of the sewer-area depicted AND a player-friendly iteration, which is a huge plus, as far as I’m concerned. Now, the keyed encounter areas provided for the judge come with well-written read-aloud text (we have come to expect nothing less from Daniel J. Bishop!), but also feature unique hazards and creatures beyond the ones already mentioned – some are obviously intended as plot-threads for the judge to further develop, while others are just amazing; the image of a massive spider that carries its brood on its back is great, and just let it be known that just because corpses move doesn’t mean that they’re necessarily undead…which can result in a rather cool scene. Oh, and the line from the core book? Yes, there is a means to learn a spell from the mouth of a dead man…and how that phrase is twisted is really cool. I could explain all of the 9 keyed encounters here, but I’d frankly do the book a disservice.

You see, the series has traditionally a “squeezing it dry”-section, wherein you can find further suggestions to get the maximum amount of mileage out of the book – considering how strongly the toolbox/bestiary aspect is emphasized here, I can most definitely see judges employ this pdf’s contents far beyond the exploration of the sewers presented here.


Editing and formatting re very good, I noticed no serious glitches. Layout adheres to a 1-column b/w-standard that is pretty printer-friendly. The full-color artworks are captivating, cool and deserve a big shout-out. The cartography featuring a player-friendly map is really cool. The pdf comes fully bookmarked with detailed, nested bookmarks, making navigation comfortable.

Daniel J. Bishop’s name on a book is, for the most part, a great indicator that it will rock – in fact, even if you do not play DCC, both new school and old school games can get something out of his offerings. There is a crisp quality to his prose, an overarching vision that not only gets the peculiarities of DCC, but, more importantly, really understands the tone and what makes it stand out. There is always an aspect of the weird here, one that feels like it was drawn straight from the greats. In fact, much like Leiber or Howard, he is adept at using precious few words to inspire; his fantasy, infused with a little dose of gonzo and the soul of sword and sorcery, has a distinct tone that is both grounded and wondrous, that retains this strange, captivating sense of plausibility. This booklet brings this aesthetic to sewers, perhaps the most maligned of adventuring locales, and elevates them. In short, this little booklet is one of the very few supplements/modules dealing with sewers that I’d consider superb – the monsters are so cool and interesting that quite a few may well warrant conversion. DCC judges, the primary audience of this book, should consider this a must-purchase anyway. My final verdict will clock in at 5 stars + seal of approval.

Endzeitgeist out.
Categories: Game Theory & Design

Wunder blog: Drupal security update: Wunder clients safe and sound

Planet Drupal - 29 March 2018 - 7:11am
Drupal security update: Wunder clients safe and sound peeter.pratka Thu, 29/03/2018 - 15:11

We are happy to announce that the highly important Drupal core security update “SA-CORE-2018-002” has been carried out successfully at Wunder: All our clients’ websites are patched and secure.

Our secret? Excellent preparation.

Last Wednesday (21st March 2018), the Drupal Security Team shook the community when they announced that a major security update is to be rolled out on the evening of Wednesday 28th March. Some even started nicknaming the update “Drupalgeddon 2.0” due to the resemblance to a highly critical security update in 2014.

Our team of Wunderers in charge stayed calm and immediately went into preparation mode. An internal plan of action was released soon after to make sure that the update could be applied as fast as possible to provide maximum security to our clients. Several Wunderers along our dedicated security team took responsibility over services to make sure we get them updated quickly.

Our team? Dedicated and fast.

So when update night rolled around, our team knew exactly what to do: Updating and applying hotfixes to our clients’ sites was executed in the smoothest way possible. To give you some numbers: More than 130 different websites were done in about 3 hours!

Shoutout to the team: You rock!

None of this would have been possible without our exceptional team of Wunderers who worked tirelessly to ensure that all client projects received the security update as fast as possible. Huge thanks for your outstanding performance and excellent work!

Special thanks go to those members of our team who were part of the task force that kept our client's applications safe and sound yesterday:

Agnis Mateuss
Aleksi Johansson
Annina Järvenpää
Artis Krumins
Arturs Vilkajs
Fredrik Lassen
Gatis Rudins
Gints Erglis
Hannes Kirsman
Ilmari Oranen
Jan Lindström
Janne Koponen
Joao Ventura
Karlis Daugavietis
Karlis Kalnins
Lauris Igaunis
Marc Galang
Maris Abols
Martins Bertins
Matti Hernesniemi
Mikael Kundert
Mikelis Zalais
Mikk Miggur
Nikita Izotov
Olli Erinko
Pasi Kauraniemi
Pauli Huhtiniemi
Peeter Pratka (also organiser)
Raimonds Kalnins
Saimons Jegers
Santeri Lindgren
Timo Kirkkala
Tomi Mikola
Toni Sinisalo
Tormi Tabor
Tuomas Leppänen (also organiser)
Viljami Salmi

Drupal Drupal Planet Drupal8 Security
Categories: Drupal

Dragon Ball Z: Perfect Cell Now Available

Tabletop Gaming News - 29 March 2018 - 7:00am
Cell is supposedly the perfect fighting machine. The Dragon Ball crew, on the other hand, disagree, and they’ve come to the Cell Games to prove it (and to keep Cell from blowing up the Earth, too. There is that part to consider). In Dragon Ball Z: Perfect Cell, players will take on the role of […]
Categories: Game Theory & Design

Acquia Developer Center Blog: Decoupling Drupal 8 Core: Core REST, HAL, and Setting Up Drupal as a Web Services Provider

Planet Drupal - 29 March 2018 - 6:38am

Perhaps the most critical piece of any decoupled CMS architecture is the API layer which exposes data in the back end for consumption by other applications. In Drupal's case, the REST module (also known as the RESTful Web Services module) in Drupal 8 core fulfills this responsibility. The REST module contains important logic that drives the availability of data through formatted responses.

Tags: acquia drupal planet
Categories: Drupal

Opportunities widget from

New Drupal Modules - 29 March 2018 - 6:12am

This widget allows you to incorporate smart self-updating list of academic conferences, scholarships or vacancies into your web-site.

You can configure and display these types of opportunities:
-- academic conferences; you can specify scientific area
-- grants/scholarships; you can select their type
-- scientific vacancies; you can choose their area

Additionally you can configure the language and the quantity of opportunities being displayed.

Categories: Drupal

Brazilian Address Field

New Drupal Modules - 29 March 2018 - 6:09am

This defines a new field type to store brazilian postal adresses according to
recommendations of the brazilian postal service company, Correios. The address
consists of the following fields:

* Thoroughfare (Logradouro): type and name of the thoroughfare
* Number (Número): the number of thoroughfare
* Complement (Complemento): apartment number and/or another info
* Neighborhood (Bairro)
* City (Cidade)
* State (Estado)
* Postal code (CEP)

Categories: Drupal

Steamforged Previews Veteran Decimate For Guild Ball

Tabletop Gaming News - 29 March 2018 - 6:00am
The Union in Chains event for Guild Ball saw the Union players spread out among the other Guilds. In the case of Decimate, she’s ended up with the Brewer’s Guild. Her knowledge with the sword is no longer employed with a foil or rapier, but a broadsword. So, what sort of changes does that mean […]
Categories: Game Theory & Design

An Open Letter About Making Gaming Work for You (and building your strengths through role play)

Gnome Stew - 29 March 2018 - 5:00am
This week at the Stew, some of us were inspired by a series of disparate recent events to send some love and sentiments out to young gamers, especially those who are marginalized. We wrote these letters to our younger selves, because in you, we see ourselves, and we hope that we can give you the […]
Categories: Game Theory & Design

bootstrap simple carousel

New Drupal Modules - 29 March 2018 - 3:41am

The module provides the carousel block. It uses the bootstrap carousel with all the features of bootstrap script.
All the info and available settings yon can see on the bootstrap page.


The bootstrap carousel module:

Categories: Drupal

Thanks to the Drupal Security Team for keeping us safe

Dries Buytaert - 29 March 2018 - 12:36am

We released new versions of Drupal 7 and Drupal 8 yesterday that fixed a highly critical security bug. All software has security bugs, and fortunately for Drupal, critical security bugs are rare. What matters is how you deal with security releases.

I have the utmost respect for how the Drupal Security Team manages a security release like this — from fixing the bug, testing the solution, providing advance notice, coordinating the release, to being available for press inquiries and more.

The amount of effort, care and dedication that the Drupal Security Team invests to keep Drupal secure is unparalleled, and makes Drupal's security best-in-class. Thank you!

Categories: Drupal

Dries Buytaert: Thanks to the Drupal Security Team for keeping us safe

Planet Drupal - 29 March 2018 - 12:36am

We released new versions of Drupal 7 and Drupal 8 yesterday that fixed a highly critical security bug. All software has security bugs, and fortunately for Drupal, critical security bugs are rare. What matters is how you deal with security releases.

I have the utmost respect for how the Drupal Security Team manages a security release like this — from fixing the bug, testing the solution, providing advance notice, coordinating the release, to being available for press inquiries and more.

The amount of effort, care and dedication that the Drupal Security Team invests to keep Drupal secure is unparalleled, and makes Drupal's security best-in-class. Thank you!

Categories: Drupal

OSTraining: Learn Drupal 8 Layout and Theming By Taking the Class

Planet Drupal - 29 March 2018 - 12:16am

One of the most frequently asked questions among our Drupal students is "How to control layouts?"

If you really would like to be in control of layouts, you need to learn theming.

We created a brilliant "Drupal 8 Theming and Layout" video class to help you. In this post, you will take a look at the class modules and what you can learn while taking them.

Categories: Drupal

Words on a Screen: Accounting is Fun

RPGNet - 29 March 2018 - 12:00am
Information tracking in PbPs.
Categories: Game Theory & Design The continuing importance of the Drupal 6 Long-Term Support program

Planet Drupal - 28 March 2018 - 10:02pm

Drupal 6 reached End-of-Life over 2 years ago, so you might be forgiven for thinking that Drupal 6 and its Long-Term Support (D6LTS) no longer matter.

However, yesterday (March 28th, 2018), there was a HIGHLY CRITICAL security vulnerability announced that affected Drupal 6, 7 & 8 (and even Backdrop).

This wasn't the first Drupal 6 LTS core release (did anyone notice that one?) and it probably won't be the last. And there are still ~65,000 sites running Drupal 6 according to, which were affected by this issue, and could be affected by future issues.

Luckily, the Drupal 6 LTS program is still going, and we got a patch and release out immediately!

But the D6LTS program won't go on forever... at least without users of Drupal 6 continuing to buy support from the D6LTS vendors.

I think this is a good time to remind everyone what the D6LTS program is and why it's still important to the Drupal community...

Categories: Drupal

Weixin Payment / WeChat Payment(微信支付)

New Drupal Modules - 28 March 2018 - 5:31pm

Weixin Payment is a popular thrid-party online payment solution in China, founded by Tencent Holdings Limited (HK0700).

This module integrate Weixin Payment with your Drupal website, support QR pay, H5 pay and Subscribtion pay(扫码支付、H5支付、公众号支付).

Please install Libraries API and download the PHP version SDK from Weixin developer center, unzip it under sites/all/libraries

Categories: Drupal

Weixin Payment/WeChat Payment(微信支付)

New Drupal Modules - 28 March 2018 - 4:45pm
This module has been moved to Weixin Payment for a new short name 'wxpay'

Weixin Payment is a popular thrid-party online payment solution in China, founded by Tencent Holdings Limited (HK0700).

This module integrate Weixin Payment with your Drupal website, support QR pay, H5 pay and Subscribtion pay(扫码支付、H5支付、公众号支付).

Categories: Drupal


Subscribe to As If Productions aggregator