Devs can now peruse the talks and data from Twitch's inaugural Dev Day

Social/Online Games - Gamasutra - 30 October 2017 - 3:58pm

This month Twitch took a swing at hosting a Developer Day ahead of its annual TwitchCon event, and now the fruits of that labor are available online for curious devs to peruse at their leisure. ...

Categories: Game Theory & Design

Dog Might Games Announces Countdown: Action Edition

Tabletop Gaming News - 30 October 2017 - 3:00pm
I love a good ’80s action flick. They’re just so over-the-top crazy, you simply have to smile, even if the plots are strange, the clothing odd, and the one-liners could often use some work. Countdown: Action Edition looks to bring everything you love about 80s action movies and put it on your tabletop. There’s a […]
Categories: Game Theory & Design

Mediacurrent: 7 Ways to Evaluate the Security and Stability of Drupal Contrib Modules

Planet Drupal - 30 October 2017 - 12:59pm

Keeping up with Drupal security updates is key to protecting your site, but assessing contrib module security before implementation is just as important. In a new guest post on the Pantheon blog, Mediacurrent Senior Drupal Developers David Younker and Joshua Boltz share a practical guide for sizing up the security of contrib modules.

Try this 7-Step Security Inspection 

To ensure a safe and solid foundation for your Drupal site, consider this 7-point assessment:

1. Has the module maintainer opted in to the security coverage?

Categories: Drupal

Aten Design Group: The Importance of an Accessible Website - Part 3: Make Your Drupal 8 Site More Accessible

Planet Drupal - 30 October 2017 - 10:09am

Accessibility should be part of the criteria for picking a CMS. Fortunately, many CMSs out there are getting that right. Building on the information from Part 1 and Part 2 of this series, I’m going to focus on leveraging Drupal 8’s accessibility features to enhance any user’s experience.

Drupal 8 Core

Drupal 8 makes it much easier to add accessibility features than previous versions. Some of the most significant improvements for accessibility within Drupal 8 core are:

  • Core code uses semantic HTML5 elements and the addition of aria landmarks, live regions, roles, and properties to improve the experience of screen readers.
  • Creating aural alerts for users who use audio features to navigate and understand a website are easy to implement using Drupal.announce().
  • Users have more control navigating through content with a keyboard using the new Tabbing Manager.
  • Hidden, invisible or on-focus options for all labels have been included so screen readers can give more context to content – without impacting design decisions for traditional screens.
  • Fieldsets have been added for radios and checkboxes in the Form API.
  • Alt text is now required for all image fields by default.
  • The default Bartik Theme is now underlining links so that it is much easier for people to identify links on the page.
  • D8 now includes an optional module to include form errors inline to easily associate errors with inputs when filling in a web form.

Out of the box, Drupal core is a great starting point for creating an accessible website. Usability issues tend to arise when designers and developers begin the theming process. In order to achieve a desired design or function, they inadvertently remove or alter a lot of Drupal’s accessible defaults. With knowledge gained from the previous posts and the following tips, you will be on your way to theming a more accessible site for everyone!


Make sure pseudo :focus and :active styles are always included for users navigating by keyboard. This helps the user visually understand where they currently are on a page. This can be the default browser styling or something more brand specific.

You may include “read more” links on teasers, but make sure there is a visually hidden field to include what the user will be “reading more" about for aural users.

Display None vs Visually Hidden

Drupal 8 core now has this option for labels when creating content types and forms, but it also includes simple class names to hide content properly. A great example of this usage is fixing a “read more” link to something more descriptive for screen readers.

<a href="{{url}}">{{'Read more'|t}} <span class="visually-hidden"> {{'about'|t}} {{label}}</span></a> Anchor and Skip Links

Providing a way to skip links and navigation on a page can improve the usability of a keyboard or aural user on your site. This is a great addition to your site and easy to implement. As mentioned in the previous post, screen readers have the ability to skip and search your site by sections, headings, links, etc. Adding another way to skip various types of content gives the user an easier way of flowing through and skipping heavy or repetitive information on a page. Just remember that this should be visibly hidden and not display: none;!


Always include a button for users to submit their form information. Exposed forms within Drupal have the option for an “auto submit” setting, which automatically submits the form once an element is interacted with or changed. Having one action which invokes two outcomes can cause major confusion for users navigating with assistive technologies.

For Example: A user chooses an item within a select dropdown, and the form submits this change which modifies the content on the page. All of this happens just by selecting an item within a dropdown. Ideally, the user should be able to choose the item in the dropdown, and then press submit to search. Each item should only have one action.

Be careful that you are not reducing the accessibility of forms when using hook_form_alter and other techniques to modify forms. Following the basic form guidelines while implementing forms through this technique will ensure that your forms work well for everyone.

Final Thoughts

We have seen great improvements in Drupal’s core code over the past few years to accommodate everyone. Drupal 8 has a lot of accessibility features built in and as developers we need to take advantage of those features or at the very least, not remove them.

Categories: Drupal

Mediacurrent: Top 4 Takeaways from Acquia Engage

Planet Drupal - 30 October 2017 - 9:47am

This October, Mediacurrent was excited to participate in our 4th Acquia Engage conference in Boston. As returning sponsors we enjoyed connecting with friends, partners, customers and potential customers, all set to a backdrop of Boston Harbor. The sessions were interesting and the receptions boasted delicious local fare (hello lobster rolls!), but the real highlight was to listen in on the strategy behind Acquia’s latest product announcements.

If you were unable to attend, never fear because we have you covered with the biggest topics from this year’s event.

Categories: Drupal

Drop Guard: International PHP & JavaScript Conference - these guys sec you up!

Planet Drupal - 30 October 2017 - 6:30am
International PHP & JavaScript Conference - these guys sec you up!

Our CEO Manuel spoke at the IPC 2017 in Munich about DevSecOps automation. We took a look around and picked the two other security related sessions which struck our eyes.


Dip Your Toes in the Sea of Security - by James Titcumb

Drupal Planet Events Security Business
Categories: Drupal

Jacob Rockowitz: Organizing and Presenting Webform Training Materials

Planet Drupal - 30 October 2017 - 2:49am

Now that the post-DrupalCon Vienna events are in full swing and next year's pre-DrupalCon Nashville events are in the works, I’ve started organizing and creating next year’s Webform related presentations. I find presenting at DrupalCamps challenging and rewarding. The challenge is getting up in front of a large group of developers and talking about my work, but the reward is I get to meet people who use my work to build awesome forms.

Attending Drupal Camps & Events

In the past, I’ve managed to attend a bunch of events including DrupalCamp NJ, NYCCamp, DrupalCon Baltimore, Design4Drupal, and Drupal GovCon. My last camp of the year is going to be DrupalCamp Atlanta on November 2-4, 2017. I decided to go to DrupalCamp Atlanta because they are offering me the opportunity to do my first training session called Learn how to build awesome webforms and a keynote panel discussion. Yes, I am uncomfortable with public speaking, however I’ve committed myself to doing it for longer and in front of more people; this conference is pushing me to up my game. The hope is that it will prove to be a good thing for me, and hopefully will, in turn, be a good thing for others too.

Overcoming Challenges

One technique I’ve learned to overcome my weaknesses is to leverage my...Read More

Categories: Drupal

Roy Scholten: UX notes week 44

Planet Drupal - 30 October 2017 - 2:21am
30 Oct 2017 UX notes week 44

A selection of Drupal design topics and issues that are moving or should be :)

Small big win: status report pattern reuse in the migrate UI

A nice success from last week was closing a critical issue for Migrate UI. Particularly pleased that we were able to apply a new “summary” user interface element we recently introduced on the status report page.

Big one: redesign the administrative UI

There was a big interest in this over several meetings and workshops at Drupalcon Vienna and after. Seven theme hasn’t evolved much over the last years and it shows.

The right issues are not yet in place for this but I see and hear multiple people thinking about this. There’s multiple parts to this, of course:

  1. A visual update. What would the next version of this style guide look like?
  2. Improve the information architecture. Lots of solid thinking around this already.
  3. Introduce new interaction patterns. We still mostly rely on tables, select lists and other basic form elements. Experiments with JavaScript frameworks should help here but we should design these starting from user needs.
  4. Modernize the underlying theme architecture.
  5. Update and extend the user interface standards documentation.
Drupal core could use another usability test

The core feature set has grown considerably over the last couple of 8.x releases. On the one hand it would be smart if we found a way to do more smaller tests more often. On the other hand, since it’s been more than 2 years since the last big usability test we could do with one of those as well. Lets figure out what we can do. Check in here if you’re interested in helping with this.

Something to look forward to: Layout builder

The layouts-in-core team has been steadily working towards this. Looks like we are in great shape and on track to really honestly add a visual layout builder to core. There’s a patch going through the last stages of review and refine in One cool smart detail is that this will also introduce a dynamic way to dynamically generate icons for different types of layouts. Very nice indeed.

Permissions UI

Core and contrib modules often come with their own (set of) permissions. It’s how you can configure which roles get access to do what. This permissions UI is currently an ever growing sea of checkboxes. This does not scale, for user nor machine. The current model of a grid lists all available permissions in rows and all roles in columns needs a thorough rethink. Lets figure out a plan for how to do that.


& some more pointers to where you can go to find out what’s going on.

Enjoy your week!

Tags drupalplanet
Categories: Drupal Blog: AGILEDROP: We are not here to replace your team

Planet Drupal - 30 October 2017 - 1:26am
The history and future There is this digital agency which has specialized itself in Drupal a couple of years ago. Let’s call it Gr8 Solutions. And the business is very good, they signed some fancy contracts with some of the biggest companies in the country over the years and thus built themselves a reputation for being professional and creative. And in the process of acquiring new clients and new projects they were steadily growing. This also resulted in hiring a few new developers, a designer, and a salesperson. Fast forward to very near future, nothing memorable happened in the meantime.… READ MORE
Categories: Drupal Securing Cookie for 3rd Party Identity Management in Drupal

Planet Drupal - 30 October 2017 - 1:15am
Securing Cookie for 3rd Party Identity Management in Drupal Body

We are in an era where we see a lots of third party integrations being done in projects. In Drupal based projects, cookie management is done via Drupal itself to maintain session, whether it be a pure Drupal project or decoupled Drupal project,.

But what when we have a scenario where user’s information is being managed by a third party service and no user information is being saved on Drupal? And when the authentication is done via some other third party services? How can we manage cookie in this case to run our site session and also keep it secure?

One is way is to set and maintain cookie on our own. In this case, our user’s will be anonymous to Drupal. So, we keep session running based on cookies! The user information will be stored in cookie itself, which then can be validated when a request is made to Drupal.

We have a php function to set cookie called setCookie() , which we can use to create and destroy cookie. So, the flow will be that a user login request which is made to website is verified via a third party service and then we call setCookie function which sets the cookie containing user information. But, securing the cookie is must, so how do we do that?

For this, let’s refer to Bakery module to see how it does it. It contains functions for encrypting cookie, setting it and validating it.

To achieve this in Drupal 8, we will write a helper class let’s say “UserCookie.php” and place it in ‘{modulename}/src/Helper/’. Our cookie helper class will contain static methods for setting cookie and validating cookie. Static methods so that we will be able to call them from anywhere.

We will have to encrypt cookie before setting it so we will use openssl_encrypt() php function in following manner:

/** * Encrypts given cookie data. * * @param string $cookieData * Serialized Cookie data for encryption. * * @return string * Encrypted cookie. */ private static function encryptCookie($cookieData) { // Create a key using a string data. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Create an initialization vector to be used for encryption. $iv = openssl_random_pseudo_bytes(16); // Encrypt cookie data along with initialization vector so that initialization // vector can be used for decryption of this cookie. $encryptedCookie = openssl_encrypt($iv . $cookieData, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); // Add a signature to cookie. $signature = hash_hmac('sha256', $encryptedCookie, $key); // Encode signature and cookie. return base64_encode($signature . $encryptedCookie); }
  1. String parameter in openssl_digest can be replaced with any string you feel like that can be used as key. You can keep simple keyword too.
  2. Key used should be same while decryption of data.
  3. Same initialization vector will be needed while decrypting the data, so to retrieve it back we append this along with cookie data string.
  4. We also add a signature which is generate used the same key used above. We will verify this key while validating cookie.
  5. Finally, we encode both signature and encrypted cookie data together.

For setting cookie:

/** * Set cookie using user data. * * @param string $name * Name of cookie to store. * @param mixed $data * Data to store in cookie. */ public static function setCookie($name, $data) { $data = (is_array($data)) ? json_encode($data) : $data; $data = self::encrypt($data); setcookie($name, $cookieData,Settings::get('SOME_DEFAULT_COOKIE_EXPIRE_TIME'), '/'); }

Note: You can keep 'SOME_COOKIE_KEY' and 'SOME_DEFAULT_COOKIE_EXPIRE_TIME' in your settings.php. Settings::get() will fetch that for you.
Tip: You can also append and save expiration time of cookie in encrypted data itself so that you can also verify that at time of decryption. This will stop anyone from extending the session by setting cookie timing manually.

Congrats! We have successfully encrypted the user data and set it into a cookie.

Now let’s see how we can decrypt and validate the same cookie.

To decrypt cookie:

/** * Decrypts the given cookie data. * * @param string $cookieData * Encrypted cookie data. * * @return bool|mixed * False if retrieved signature doesn't matches * or data. */ public static function decryptCookie($cookieData) { // Create a key using a string data used while encryption. $key = openssl_digest(Settings::get('SOME_COOKIE_KEY'), 'sha256'); // Reverse base64 encryption of $cookieData. $cookieData = base64_decode($cookieData); // Extract signature from cookie data. $signature = substr($cookieData, 0, 64); // Extract data without signature. $encryptedData = substr($cookieData, 64); // Signature should match for verification of data. if ($signature !== hash_hmac('sha256', $encryptedData, $key)) { return FALSE; } // Extract initialization vector from data appended while encryption. $iv = substr($string, 64, 16); // Extract main encrypted string data which contains profile details. $encrypted = substr($string, 80); // Decrypt the data using key and // initialization vector extracted above. return openssl_decrypt($encrypted, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); }
  1. We generate the same key using same string parameter given while encryption.
  2. Then we reverse base64 encoding as we need extract signature to verify it.
  3. We generate same signature again as we have used the same key which was used to creating signature while encryption. If doesn’t signatures doesn’t matches, validation fails!
  4. Else, we extract initialization vector from the encrypted data and use to decrypt the data return to be utilized.
/** * Validates cookie. * * @param string $cookie * Name of cookie. * * @return boolean * True or False based on cookie validation. */ public static function validateCookie($cookie) { if (self::decryptCookie($cookieData)) { return TRUE; } return FALSE; }

We can verify cookie on requests made to website to maintain our session. You can implement function for expiring cookie for simulating user logout. We can also use decrypted user data out of cookie for serving user related pages.

navneet.singh Mon, 10/30/2017 - 13:45
Categories: Drupal

An object at rest

Adventures in Interactive FIction - 17 May 2008 - 2:03pm

So obviously, the pendulum of progress stopped swinging on my game.  As much as I tried to prevent it, pressing obligations just wouldn’t take a back seat (nor would the burglars who, a few weeks ago, stole 90% of my wardrobe and who last week stole my monitor).  So after a string of hectic weekends and even crazier weeks, this weekend has been pretty wide open for doing whatever I want to do.  And not a moment too soon!

So after doing all the other things I try to do with my weekends, I finally loaded up the ol’ Inform 7 IDE and started working on my game.  To get me back in the swing of things, so to speak, I started reading through what I’d already written.  It was an interesting experience.

Strangely, what impressed me most was stuff I had done that I have since forgotten I learned how to do.  Silly little things, like actions I defined that actually worked, that had I tried to write them today, probably would have had me stumped for a while.  Go me!  Except, erm, I seem to have forgotten more than I’ve retained.

I also realized the importance of commenting my own code.  For instance, there’s this snippet:

A thing can be attached or unattached. A thing is usually unattached. A thing that is a part of something is attached.

The problem is, I have no idea why I put it in there – it doesn’t seem relevant to anything already in the game, so I can only imagine that I had some stroke of genius that told me I was going to need it “shortly” (I probably figured I’d be writing the code the next night).  So now, there’s that lonely little line, just waiting for its purpose.  I’m sure I’ll come across it some day; for now, I’ve stuck in a comment to remind myself to stick in a comment when I do remember.

It reminds me of all the writing I did when I was younger.  I was just bursting with creativity when I was a kid, constantly writing the first few pages of what I was sure was going to be a killer story.  And then I’d misplace the notebook or get sidetracked by something else, or do any of the million other things that my easily distracted self tends to do.  Some time later, I’d come across the notebook, read the stuff I’d written and think, “Wow, this is great stuff!  Now… where was I going with it?”  And I’d never remember, or I’d remember and re-forget.  Either way, in my mother’s attic there are piles and piles of notebooks with half-formed thoughts that teem with potential never to be fulfilled.

This situation – that of wanting to resume progress but fumbling to pick up the threads of where I left off –  has me scouring my memory for a term I read in Jack London’s Call of the Wild.  There was a part in the book where Buck’s owner (it’s late, his name has escaped me) has been challenged to some sort of competition to see if Buck can get the sled moving from a dead stop.  I seem to remember that the runners were frozen to the ground.  I thought the term was “fast break” or “break fast” or something to that effect, but diligent (does 45 seconds count as diligent?) searching has not confirmed this or provided me with the right term.  Anyway, that’s how it feels tonight – I feel as if I’m trying to heave a frozen sled free from its moorings.

The upside is, I am still pleased with what I have so far.  That’s good because it means I’m very likely to continue, rather than scrap it altogether and pretend that I’ll come up with a new idea tomorrow.  In the meantime, I’ll be looking for some SnoMelt and a trusty St. Bernard to get things moving again.


Time enough (to write) at last…

Adventures in Interactive FIction - 14 April 2008 - 3:24pm

So I didn’t get as much coding done over the weekend as I had hoped, mainly because the telephone company *finally* installed my DSL line, which meant I was up til 5:30 Saturday am catching up on the new episodes of Lost.  That, in turn, meant that most of the weekend was spent wishing I hadn’t stayed up until such an ungodly hour, and concentration just wasn’t in the cards.

However, I did get some stuff done, which is good.  Even the tiniest bit of progress counts as momentum, which is crucial for me.  If the pendulum stops swinging, it will be very hard for me to get it moving again.

So the other day, as I was going over the blog (which really is as much a tool for me as it is a way for me to share my thoughts with others), I realized I had overlooked a very basic thing when coding the whole “automatically return the frog to the fuschia” bit…

As the code stood, if the player managed to carry the frog to another room before searching it, the frog would get magically returned to the fuschia.  This was fairly simple to resolve, in the end – I just coded it so that the game moves (and reports) the frog back to fuschia before leaving the room.  I also decided to add in a different way of getting the key out of the frog – in essence, rewarding different approaches to the same problem with success.

Which brings me to the main thrust of today’s post.  I have such exacting standards for the games I play.  I love thorough implementation.  My favorite games are those that build me a cool gameworld and let me tinker and explore, poking at the shadows and pulling on the edges to see how well it holds up.  A sign of a good game is one that I will reopen not to actually play through again, but to just wander around the world, taking in my surroundings.  I’ve long lamented the fact that relatively few games make this a rewarding experience – even in the best games, even slight digging tends to turn up empty, unimplemented spots.

What I am coming to appreciate is just how much work is involved in the kind of implementation I look for.  Every time I pass through a room’s description, or add in scenery objects, I realize just how easy it is to find things to drill down into.  Where there’s a hanging plant, there’s a pot, dirt, leaves, stems, wires to hang from, hooks to hang on, etc.  Obviously, unless I had all the time in the world, I couldn’t implement each of these separately, so I take what I believe to be the accepted approach and have all of the refer to the same thing.  Which, in my opinion, is fine.  I don’t mind if a game has the same responses for the stems as it does for the plant as a whole, as long as it has some sort of relevant response.  Even so, this takes a lot of work.  It might be the obsessive part of me, but I can’t help but think “What else would a person think of when looking at a hanging plant?”

Or, as I’ve come to think of it:  WWBTD?

What Would Beta Testers Do?

I’ve taken to looking at a “fully” implemented room and wondering what a player might reasonably (and in some cases unreasonably) be expected to do.  This is a bit of a challenging process for me – I already know how my mind works, so trying to step outside of my viewpoint and see it from a blind eye is hard.   I should stop for a second to note that I fully intend to have my game beta tested once it reaches that point, but the fewer obvious things there are for testers to trip over, the more time and energy they’ll have for really digging in and trying to expose the weaknesses I can’t think of.

I’ve found one resource that is both entertaining and highly informative to me:  ClubFloyd transcripts.  ClubFloyd, for the uninitiated (a group among which I count myself, of course) is a sort of cooperative gaming experience — if anyone who knows better reads this and cares to correct what may well be a horrible description, by all means!– where people get together on the IFMud and play through an IF title.  The transcripts are both amusing and revealing.  I recently read the Lost Pig transcript and it was quite interesting.  The things people will attempt to do are both astonishing and eye-opening.  In the case of Lost Pig (which, fortunately, I had already played before reading the transcript), what was even more amazing was the depth of the game itself.  I mean, people were doing some crazy ass stuff – eating the pole, lighting pants on fire, and so on.  And it *worked*.  Not only did it work, it was reversible.  You obviously need the pole, so there’s a way to get it back if, in a fit of orc-like passion, you decide to shove it in down Grunk’s throat.

Anyway, my point is, the transcripts gave me a unique perspective on the things people will try, whether in an effort to actually play the game, to amuse themselves, or to amuse others.  Definitely good stuff to keep in mind when trying to decide, say, the different ways people will try to interact with my little porcelain frog.

Other Stuff I Accomplished

So I coded in an alternate way to deal with the frog that didn’t conflict with the “standard” approach.  I also implemented a few more scenery objects.  Over the course of the next few days, I’m going to try to at least finish the descriptions of the remaining rooms so that I can wander around a bit and start really getting to the meat of it all.  I also want to work on revising the intro text a bit.  In an effort to avoid the infodumps that I so passionately hate, I think I went a little too far and came away with something a bit too terse and uninformative.  But that’s the really fun part of all of this – writing and re-writing, polishing the prose and making it all come together.

Whattaya know.  Midnight again.  I think I’m picking up on a trend here.


Day Nothing – *shakes fist at real life*

Adventures in Interactive FIction - 8 April 2008 - 12:13pm

Grrr… I’ve been so bogged down in work and client emergencies that progress on the game is at a temporary (no, really!  Only temporary) standstill.  I’ve managed to flesh out a few more room and scenery descriptions, but have not accomplished anything noteworthy in a few days.  Hopefully after this week most of the fires on the work front will be extinguished, and I’ll have time to dive into the game this weekend.

(She says to no one, since there’s been one hit on this blog since… it started.)



Subscribe to As If Productions aggregator