Newsfeeds

Steamforged Previews Veteran Honour and New Box

Tabletop Gaming News - 25 April 2018 - 2:00pm
The last of the Exiles is Veteran Honour. While not part of the Union in Chains storyline specifically, she was on the losing side of a bit of a coup within the Mason’s Guild which led to her leg being hurt and her moving on to become coach of the Farmer’s Guild. We get a […]
Categories: Game Theory & Design

Beacon

New Drupal Modules - 25 April 2018 - 1:22pm
Categories: Drupal

Lullabot: The Blue Drop and the Red Pill

Planet Drupal - 25 April 2018 - 1:20pm
In this episode, Matthew Tift discusses DrupalCon Nashville, the movie *The Matrix*, and various ways to understand the Drupal community. He plays clips from the Driesnote and Steve Francia's keynote, describes some of his experiences at DrupalCon, and offers ideas for what it might mean to understand "the real" Drupal.
Categories: Drupal

Fantasy Flight Previews Snowtrooper Expansion for Star Wars: Legion

Tabletop Gaming News - 25 April 2018 - 1:00pm
The Empire is filled with all manner of worlds, each one with their own, unique environments and ecosystems. On planets like Hoth, the temperatures can reach extreme levels of cold, meaning anyone living, working, or fighting there needs to bundle up for warmth. The Ice Troopers are ready to head there and make sure the […]
Categories: Game Theory & Design

343 clarifies Halo modding policy as fan-led Halo Online revival gets the axe

Social/Online Games - Gamasutra - 25 April 2018 - 12:09pm

Halo developer 343 Industries has put the kibosh on a fan project that sought to revive a canceled Russia-only game called Halo Online. ...

Categories: Game Theory & Design

Abducted Cow Card Game Up On Kickstarter

Tabletop Gaming News - 25 April 2018 - 12:00pm
Aliens. Cows. Apparently, there’s just something about the bovine critters that aliens just can’t get enough of. And in Abducted Cow, it’s your job as an alien to kidnap, steal, and defend your cows from other aliens. The card game is up on Kickstarter now. From the campaign: You are an Alien controlling a UFO. […]
Categories: Game Theory & Design

roomify.us: Tutorial: using BEE for Tours, Classes and Appointments

Planet Drupal - 25 April 2018 - 11:33am
BEE makes it easy to quickly implement all kinds of booking & reservation use cases. We've created a new video that walks you through setting up reservations for classes using BEE and Drupal 8.
Categories: Drupal

Valuebound: Visualising Drupal Security Advisory Data

Planet Drupal - 25 April 2018 - 11:30am
Drupalgeddon 2.0 brought a lot of focus on the Drupal security initiative and its practices. The way the security team was proactive with respect to disclosure,  the way it was communicated to the developers, community and press was commendable. In addition to all these the communication was continuous.

The vulnerability which started off with a risk score of 21/25 on March 28th was upgraded to 22/25 on April 13th and was finally marked as 24/25 on April 14th. If you are interested in what changed across these days for the score to vary you can checkout the revisions and…

Categories: Drupal

Midweek Snippets

Tabletop Gaming News - 25 April 2018 - 11:00am
Wow, Wednesday already? This week’s just rolling by. Not that I mind that, of course. I’ve got some D&D coming up this weekend, so you know that I’m stoked. So, here’s to hoping that the rest of the week jogs by quickly, too. But if we’re gonna be jogging, we’re gonna be burning up energy. […]
Categories: Game Theory & Design

Platform.sh: Another Drupal security update: We've still got you covered

Planet Drupal - 25 April 2018 - 10:54am
Another Drupal security update: We've still got you covered Crell Wed, 04/25/2018 - 17:54 Blog

The Drupal project today released another security update to Drupal 7 and 8 core, SA-CORE-20108-004. It is largely a refinement of the previous fix released for SA-CORE-2018-002 a few weeks ago, which introduced a Drupal-specific firewall to filter incoming requests. The new patch tightens the firewall further, preventing newly-discovered ways of getting around the filters, as well as correcting some deeper issues in Drupal itself.

We previously added the same logic to our own network-wide WAF to address SA-CORE-2018-002. With the latest release we've updated out WAF rules to match Drupal's updates, and the new code is rolling out to all projects and regions as we speak.

The upshot?

  1. You really need to update Drupal to 7.59 or 8.5.3 as soon as possible. We believe that some of the attack vectors fixed in the latest patch cannot be blocked by a WAF. See our earlier post for quick and easy instructions to update your Drupal 7 or 8 sites on Platform.sh in just a few minutes.

  2. Still, most of the attack vectors fixed in the latest release are covered by the WAF. That should help keep your site safe from most attacks until you can update. But please, update early and often.

Stay safe out there on the Internet!

Larry Garfield 25 Apr, 2018
Categories: Drupal

Battle Star: Trek Wars RPG Available Now

Tabletop Gaming News - 25 April 2018 - 10:00am
There’s a lot of sci-fi RPGs that treat it all as “very serious business.” They portray everything as dark and gritty, full of men with beards and slime-coated aliens ready to rip you in half. But what about things like Space Balls and Futurama and Galaxy Quest? Where’s the RPG for those types of sci-fi […]
Categories: Game Theory & Design

myDropWizard.com: Critical Drupal core security update for SA-CORE-2018-004 (including Drupal 6!)

Planet Drupal - 25 April 2018 - 9:53am

Today, there is a Critical security release for Drupal core to fix a Remote Code Execution (RCE) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004

This issue also affects Drupal 6 (although, less severely than Drupal 7 or 8). So, we're also making a Drupal 6 Long-Term Support (D6LTS) release of Drupal core and the Filefield module.

Drupal 6 core security update

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

This fix is both for Drupal 6 core and the Filefield module. This is because the Drupal 7 & 8 fixes include changes to the core 'file' module, which isn't in Drupal 6 core, but an equivalent fix applies to the Filefield module.

Here you can download:

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install security updates for contrib modules (even though they won't necessarily have a release on Drupal.org).

Categories: Drupal

Lullabot: Should you Decouple?

Planet Drupal - 25 April 2018 - 9:44am

One of the major topics of discussion in the Drupal community has been decoupled (or headless) Drupal. Depending on who you ask, it’s either the best way to build break-through user experiences, or nothing short of a pandemic. But what exactly is a decoupled architecture?

A decoupled content store splits the content of a website from how it is displayed into multiple independent systems. Decoupled sites are the logical evolution of splitting content from templates in current CMSs. Decoupled architectures started to become mainstream with the publication of NPR’s Create Once, Publish Everywhere (COPE) series of articles. Other media organizations including Netflix have seen great benefits from a decoupled approach to content.

Like many other solutions in computer science, decoupling is simply adding a layer of technical abstraction between what content producers create and what content consumers see.

Technical decision makers face an important choice when evaluating Drupal 8. When an existing site is upgraded to Drupal 8, how do we decide if we should decouple the site or not? Before we decide to work on a decoupled implementation, it’s critical that everyone, from developers and project managers, to content editors and business leaders, understand what decoupling is and how to ensure a decoupled effort is worth the technical risk.

Why Decouple?

I’ve seen many people jump to the conclusion that decoupling will solve problems unrelated to a decoupled architecture. Decoupling doesn’t mean a website will have a cleaner content model or a responsive design. Those are separate (though relevant) solutions for separate problem sets.

These are the specific advantages of a decoupled architecture for a large organization:

  • Clean APIs for mobile apps: Since the website front-end is consuming the same APIs as mobile apps, app developers know that they aren’t a second-tier audience.
  • Independent upgrades: When the content API is decoupled from the front-end, the visual design of a website can be completely rebuilt without back-end changes. Likewise, the back-end systems can be rebuilt without requiring any front-end changes. This is a significant advantage in reducing the risk of replatforming projects, but requires strict attention to be paid to the design of the content APIs.
  • APIs can grow to multiple, independent consumers: New mobile apps can be created without requiring deep access to the back-end content stores. APIs can be documented and made available to third parties or the public at large with little effort.
  • Less reliance on Drupal specialists: Drupal is a unique system in that front-end developers need to have relatively deep understanding of the back-end architecture to be effective. By defining a clear line between back-end and front-end programming, we broaden our pool of potential developers.
  • Abstraction and constraints reduce individual responsibilities while promoting content reuse: Content producers are freed from needing to worry about exact presentation on every single front-end that consumes content. Style and layout tweaks are solely the responsibility of each front-end. Meanwhile, front-end developers can trust the semantics of content fields and the relationships between content as determined by the content experts themselves.
Here Be Dragons

At the beginning of a decoupled project, the implementation will seem simple and straight-forward. But don’t be fooled! Decoupled architectures enable flexibility at the cost of simplicity. They aren’t without risk.

  • One system becomes a web of systems: A decoupled architecture is more complex to understand and debug. Figuring out why something is broken isn’t just solving the bug, but sorting out whether the problem lies in the request or in the API itself.
  • Strict separation of concerns is required to gain tangible benefits: As front-end applications grow and change, care has to be taken to ensure that front-end display logic isn’t encoded in the API. Otherwise, decoupled systems can slowly create circular dependencies. This leads to systems with all of the overhead of a decoupled architecture and none of the benefits.
  • Drupal out-of-the-box functionality only works for the back-end: Many contributed modules provide pre-built functionality we rely on for Drupal site builds. For example, the Google Analytics module provides deep integration with Drupal users and permissions, "page not found" tracking, and link tracking. In a decoupled architecture, this functionality must be rewritten. Site preview (or even authenticated viewing of content) has to be built from scratch in every front-end, instead of using the features we get for free with Drupal. Need UI localization? Get ready for some custom code. Drupal has solved a lot of problems over the course of its evolution so you don’t have to—unless you decouple.
  • The minimum team size is higher for efficient development: A Drupal site with a small development team is not a good candidate for decoupling unless content is feeding a large number of other applications. In general, decoupling allows larger teams to work concurrently and more efficiently, but doesn't reduce the total implementation effort.
  • Abstraction and constraints affect the whole business: The wider web publishing industry still has the legacy of the "webmaster". Editors are used to being able to tweak content with snippets of CSS or JavaScript. Product stakeholders often view products as a unified front-end and back-end, so getting the funding to invest in building excellent content APIs is an uphill battle. Post-launch support of decoupled products can lead to short-term fixes that are tightly coupled, negating the original investment in the first place.
The Heuristic

To help identify when decoupling is a good fit for a client, Lullabot uses the following guidelines.

Decoupled architectures may be appropriate when:

  1. The front-end teams require full freedom to structure and display the data.
  2. The front-end team does not have Drupal expertise.
  3. More than one content consumer (such as a website and multiple mobile apps) is live at the same time.
  4. Display front-ends combine data from multiple distinct API sources like CMSs, video management systems, and social media.
  5. A project consists of multiple development teams.

If a project meets some of these criteria, then we’ll begin a deep-dive into what decoupling would require.

  • Does decoupling also require a complete content rewrite, such as when migrating from legacy "full-page" CMS’s? We’ve encountered sites that haven’t made the move to structured data yet and still consist primarily of HTML “blobs.” This scenario presents a significant hurdle to decoupling, though it’s a separate problem from decoupling.
  • Does the development team have the time needed to build and document a content API with something like Swagger? Or is using Drupal as a site building (but coupled) development framework a better fit?
  • Does the web team consist primarily of Drupal developers, and will those developers continue to support the website in the future? Would the front-end team be better served by Views, Panels and the theme layer, or by a pure front-end solution like React or Angular?
  • Is there enough value in decoupling that the business is willing to change how they work to see it’s benefits?

Decoupled architectures are a great solution - but they’re not the only solution. Some of the best websites are built with a completely coupled Drupal implementation. It’s up to us as technical leaders and consultants to ensure we don’t let our excitement over an updated architecture get in between us and what a client truly needs.

Header image by Daniel Schwen CC BY-SA 4.0, from Wikimedia Commons

Categories: Drupal

Security advisories: Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004

Planet Drupal - 25 April 2018 - 9:13am
Project: Drupal coreDate: 2018-April-25Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: 

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. While SA-CORE-2018-002 is being exploited in the wild, this vulnerability is not known to be in active exploitation as of this release.

Solution: 

Upgrade to the most recent version of Drupal 7 or 8 core.

  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.
  • If you are running 8.4.x, upgrade to Drupal 8.4.8. (Drupal 8.4.x is no longer supported and we don't normally provide security releases for unsupported minor releases. However, we are providing this 8.4.x release so that sites can update as quickly as possible. You should update to 8.4.8 immediately, then update to 8.5.3 or the latest secure release as soon as possible.)

If you are unable to update immediately, or if you are running a Drupal distribution that does not yet include this security release, you can attempt to apply the patch below to fix the vulnerability until you are able to update completely:

These patches will only work if your site already has the fix from SA-CORE-2018-002 applied. (If your site does not have that fix, it may already be compromised.)

Reported By: Fixed By: 
Categories: Drupal

Move over Tupac! Life-size holograms set to revolutionize videoconferencing

Virtual Reality - Science Daily - 25 April 2018 - 9:02am
TeleHuman 2 -- the world's first truly holographic videoconferencing system -- is being unveiled. TeleHuman2 allows people in different locations to appear before one another in life-size 3-D -- as if they were in the same room.
Categories: Virtual Reality

2nd Edition of DIG and Expansion Up On Kickstarter

Tabletop Gaming News - 25 April 2018 - 9:00am
Dig in the dark is a gas. Baby, can you dig it? Mining has been around since just about the dawn of civilization. There’s many great resources to be found underground, along with many shiny rocks. But the deeper you go, the more dangerous it gets. The ground is home to all sorts of menaces […]
Categories: Game Theory & Design

Web Wash: Easily Link to Content using Linkit in Drupal 8

Planet Drupal - 25 April 2018 - 8:11am

The Linkit module allow site editors to work in a more comfortable way when linking to internal entities (i.e. content, users, taxonomy terms, files, comments, etc.) and when linking to external content as well.

The benefit of the module is that your editors won’t have to copy and paste URLs of content they're linking to, instead the module provides an autocomplete field, which they can use to search for content.

Linkit works based on a profile system. You can choose as many or as few plugins (linking options) for each profile and then assign each profile to a particular text format. This provides an extra layer of granularity, because the linking permissions are granted in the text editor and not within Linkit. That way you can add multiple roles or just one role to a Linkit profile.

Categories: Drupal

Exploriana Board Game Up On Kickstarter

Tabletop Gaming News - 25 April 2018 - 8:00am
It’s the age of exploration as ships head out all over the world, filled with intrepid explorers, looking to add to the ever-growing knowledge of the Earth. But there’s all sorts of dangers out there, along with the excitement. It’s best to not just go charging off into the brush. But exploring is in your […]
Categories: Game Theory & Design

Entity Sanitizer

New Drupal Modules - 25 April 2018 - 7:19am

The Entity Sanitizer module provides the Drush entity-sanitize command. It creates (SQL) Database queries to replace all values for all fields with a standardized message. This allows you to safely reuse content structures from production databases without exposing production user content.

Categories: Drupal

Space Base Dice Game Now Available From AEG

Tabletop Gaming News - 25 April 2018 - 7:00am
Man, I wish I could go out into space. You know, head to distant planets. Take control of huge space stations. Build fleets of ships to help get and trade resources. That kind of thing. Sadly, at the moment, you can only get to space if you’re an astronaut or ridiculously wealthy. Being neither of […]
Categories: Game Theory & Design

Pages

Subscribe to As If Productions aggregator