Skip to Content

Newsfeeds

Why this cartoon game is PEGI-18 - by Michael Bowerman

Gamasutra.com Blogs - 27 August 2015 - 9:51am
I take RememBear through the App Store and Google Play's content rating questionnaires and find some surprising differences.
Categories: Game Theory & Design

Drupal Watchdog: When Howard Met Ronnie

Planet Drupal - 27 August 2015 - 9:40am

As it says on the t-shirt, I’M NOT HIM.

Okay, I know I look a lot like Howard Stern.

And yes, I spent a pleasant hour chatting with him and Robin on his show that one time. (The video is somewhere on YouTube, but don’t ask.)

And yes, I auditioned for America’s Got Talent. (Three thumbs-up votes, one thumbs-down.)

And okay, yes, I’ve obligingly posed for thousands of selfies with Stern-fans.

But I’M NOT HIM! I’m not leading a double-life as Drupal Watchdog editor and the King of All Media.

Yes, but what if...?

So here’s a spoof Bob Williams and I made during DrupalCon Los Angeles. Yeah, I know, the audio on the elevator kinda sucks, but the acting!

The acting – and Ronnie Ray’s Drupal expertise.

(Photo by Myles Brawer)

Images:  Video: 
Categories: Drupal

Acquia Developer Center Blog: 10 Ways Drupal 8 Will Be More Secure

Planet Drupal - 27 August 2015 - 9:20am

Security is very hard to bolt on to any software or product after it has been built. Building it into the core of the code helps to avoid mistakes, and thus the upcoming release of Drupal 8 tries to build in more security by default, while still being usable for developers and site builders. This list of 10 security improvements is not exhaustive - some are just a line or two to handle an edge case, and there are others I may have overlooked. I've contributed to a number of these improvements, but they reflect overall the community consensus as well as reactions to problems that required security releases for Drupal core or contributed modules in the past. For each point I've tried to include a link or two, such as the Drupal core change record, a documentation page, or a presentation that provides more information. Some of these may also be possible to back-port to Drupal 7, to benefit you even sooner. A "7.x back-port" link indicates that.

For context on why these 10 improvements are important, I looked at past security advisories (SAs) as well as considering the kind of questions we get here at Acquia from companies considering adopting Drupal. In terms of past SAs, cross-site scripting (XSS) is the most commonly found vulnerability in Drupal core and contributed modules and themes.

  1. Twig templates used for html generation

    This is probably first on the list of anyone you ask about Drupal 8 security. This is also one of the most popular features with themers.



    One security gain from this is that it enforces much stricter separation of business logic and presentation – this makes it easier to validate 3rd party themes or delegate pure presentation work. You can't run SQL queries or access the Drupal API from Twig. 




    

In addition, Drupal 8 enables Twig auto-escaping, which means that any string that has not specifically flagged as safe will be escaped using the PHP function htmlspecialchars() (e.g. the same as Drupal 7 check_plain()). Auto-escaping of variables will prevent many XSS vulnerabilities that are accidentally introduced in custom site themes and custom and contributed modules. That fact is why I ranked this as number one. XSS is the most frequent security vulnerability found in Drupal code. We don't have a lot of hard data, but based on past site audits we generally assume that 90% of site-specific vulnerabilities are in the custom theme.


    To see why themers love Twig, compare the Drupal 7 block.tpl.php code to the Drupal 8 Twig version.

    Drupal 7 block.tpl.php:

    Drupal 8 block.html.twig:

  2. Removed PHP input filter and the use of PHP as a configuration import format

    OK, maybe this should have been number one. Drupal 8 does not include the PHP input format in core. In addition to encouraging best practices (managing code in a revision control system like git), this means that Drupal no longer makes it trivial to escalate an administrator login to being able to execute arbitrary PHP code or shell commands on the server. 


    For Drupal 7, importing something like a View required importing executable PHP code, and for certain custom block visibility settings, etc. you would need to enter a PHP snippet. These uses of evaluated PHP (exposing possible code execution vulnerabilities) are all gone – see the next point about configuration management.


    Now that we have covered the top two, the rest of the 10 are in rather arbitrary order.

  3. Site configuration exportable, manageable as code, and versionable

    The Configuration Management Initiative (CMI) transformed how Drupal 8 manages things that would have been represented in Drupal 7 as PHP code. Things like Drupal variables or ctools exportables (e.g. exported Views).



    CMI uses YAML as the export and import format and the YAML files can be managed together with your code and checked into a revision control system (like git). 


    Why is this a security enhancement? Well, in addition to removing the use of PHP code as an import format (and hence possible code execution vulnerability), tracking configuration in code makes it much easier to have an auditable history of configuration changes. This will make Drupal more appealing and suitable for enterprises that need strict controls on configuration changes in place. In addition, configuration can be fully tested in development and then exactly replicated to production at the same time as any corresponding code changes (avoiding mistakes during manual configuration).
 Finally, it is possible to completely block configuration changes in production to force deployment of changes as code.


  4. User content entry and filtering improved

    While the integration of a WYSIWYG editor with Drupal core is a big usability improvement, extra care was taken that to mitigate poor practices that adding a WYSIWYG editor encouraged in past Drupal versions. In particular, users with access to the editor were often granted access to the full html text format, which effectively allowed them to execute XSS attacks on any other site user.



    To encourage the best practice of only allowing the use of the filtered HTML format, the Drupal 8 WYSIWYG editor configuration is integrated with the corresponding text filter. When a button is added to the active configuration, the corresponding HTML tag is added to the allowed list for the text filter.


    Drag a new button from the available to enabled section in the editor configuration:

    The corresponding HTML tag (the U tag) is added to the allowed list:

    An additional security improvement is that the core text filtering supports limiting users to using only images local to the site which helps prevent cross-site request forgery (CSRF) and other attacks or abuses using images.

  5. Hardened user session and session ID handling

    There are three distinct improvements to session and session cookie handling.

    First, the security of session IDs has been greatly improved against exposure via database backups or SQL injection (7.x back-port ). Previously in Drupal, the session ID is stored and checked directly against the incoming session cookie from the browser. The risk from this is that the value from the database can be used to populate the cookie in the browser and thus assume the session and identity of any user who has a valid session in the database. In Drupal 8, the ID is hashed before storage, which prevents the database value from being used to assume a user's session, but the incoming value from the value is simply hashed in order to verify the value.


    Next, mixed-mode SSL session support was added to core to support sites that, for example, used contributed modules to serve the login page over SSL while other pages unencrypted. You will have to replace the session handling service if you really need this. This encourages serving your entire site over SSL (which is also a search engine ranking boost).



    The final change is that the leading “www.” is no longer stripped from the session cookie domain since that causes the session cookie to be sent to all subdomains (7.x back-port)

  6. Automated CSRF token protection in route definitions

    Links (GET requests) that cause some destructive action or configuration change need to be protected from CSRF, usually with a user-specific token in the query string that is checked before carrying out the action.

    

This change improves the developer experience and security by automating a process frequently forgotten or done incorrectly in contributed modules. In addition, centralizing the code makes it easier to audit and provide test coverage.

    Drupal 8 makes it easy. A developer merely needs to specify that a route (a system path in Drupal 7 terms) require a CSRF token. Here is an example of the YAML route definition for a protected link in Drupal 8 entity.

    entity.shortcut.link_delete_inline: path: '/admin/config/user-interface/shortcut/link/{shortcut}/delete-inline' defaults: _controller: 'Drupal\shortcut\Controller\ShortcutController::deleteShortcutLinkInline' requirements: _entity_access: 'shortcut.delete' _csrf_token: 'TRUE'

    Only the one line in the requirements: section needs to be added to protect shortcut deletion from CSRF.

    Shortcut inline delete link and corresponding URL with a token in the query string:

  7. Trusted host patterns enforced for requests

    Many Drupal sites will respond to a page request using an arbitrary host header sent to the correct IP address. This can lead to cache poisoning, bogus site emails, bogus password recovery links, and other problems with security implications.

    For earlier versions of Drupal, it can be a challenge to correctly configure the webserver for a single site that uses sites/default as its site directory to prevent these host header spoofing attacks. Drupal 8 ships with a simple facility to configure expected host patterns in settings.php and warns you in the site status report if it's not configured.

  8. PDO MySQL limited to executing single statements

    If available, Drupal 8 will set a flag that limits PHP to sending only a single SQL statement at a time when using MySQL. This change would have reduced the severity of SA-CORE-2014-005 (a SQL injection vulnerability that was easily exploited by anonymous users) (7.x back-port)
. Getting this change into Drupal 8 meant I first had to contribute a small upstream change to the PHP language itself, and to the PDO MySQL library that is available in PHP versions 5.5.21 or 5.6.5 and greater.

    There is also a patch in progress to try to enforce this protection regardless of which specific database driver is being used.

  9. Clickjacking protection enabled by default

    A small change, but Drupal 8 sends the X-Frame-Options: SAMEORIGIN header in all responses by default. This header is respected by most browsers and prevents the site from being served inside an iframe on another domain. This blocks so-called click-jacking attacks (e.g. forms or links on the site being presented in a disguised fashion on an attacker's site inside an iframe), as well as blocking the unauthorized re-use of site content via iframes. (7.x back-port).

  10. Core JavaScript API Compatible with CSP

    Support for inline JavaScript was removed from the #attached property in the Drupal render API. In addition, the Drupal javascript settings variables are now added to the page as JSON data and loaded into a variable instead of being rendered as inline JavaScript. This was the last use of inline JavaScript by Drupal 8 core, and means that site builders can much more easily enable a strict content security policy (CSP) – a new web standard for communicating per-site restrictions to browsers and mitigating XSS and other vulnerabilities.

A final note of caution: The substantial code reorganization and refactoring in Drupal 8 as well as the dependence on third party PHP components does present a certain added risk. The code reorganization may have introduced bugs that were missed by the existing core tests. The third party components themselves may have security vulnerabilities that affect Drupal, and at the very least, we need to track and stay up to date with them and fix our integration for any corresponding API changes. In order to try to mitigate the risk, the Drupal Association has been conducting the first Drupal security bug bounty that has been run for any version of Drupal core. This has uncovered several security bugs and means they will be fixed before Drupal 8 is released.

I am excited that we've added more “security by default” to Drupal 8, and I hope you download and try it out so you are ready to start using it for new projects as soon as it's released.

Blog series: Drupal 8Workflow: PublishedFeatured: NoTags: acquia drupal planetSecurityDrupal 8 related: YesAuthor: Peter Wolanin
Categories: Drupal

Palantir: The True Value of Certification

Planet Drupal - 27 August 2015 - 9:15am

Drupal project lead and Acquia co-founder Dries Buytaert recently blogged about the one-year anniversary of Acquia’s certification program, which seeks to validate skills and knowledge that focus on open source Web development and Acquia products and services.

The topic of certification has long been a controversial one within the Drupal community. As an open source project that primarily measures achievement by one's contributions, some have questioned the need for developers with an established track record in the community to prove themselves through certification. Others are skeptical that the quality or skills of a developer can be judged by the results of a sixty-question multiple choice test.

Those arguments, while completely valid, miss the larger point.

Over the last few years, Drupal has become one of the leading content management platforms for high-traffic sites, powering nearly 15% of the top ten thousand CMS-backed sites on the Web. Large companies and organizations are increasingly evaluating Drupal against commercial and proprietary options like Adobe Experience Manager and SiteCore.

And for those enterprise evaluators, as well as influential research analysts like Forrester and Gartner, the presence of a robust commercial ecosystem surrounding a software platform is a strong indicator of its strength. One of the ways that those ecosystems are evaluated is by the presence of well-regarded and widely adopted certification programs, like the one that Acquia is working to build.

Those of us who have been involved with the Drupal project and community for years understand that the strength of open source software has less to do with its commercial ecosystem than it does with the level of engagement of its contributor community. We know this because we work with and alongside those contributors every single day. But that’s not the experience that most of our customers have; their perspective is more likely to be informed by the companies with whom they work.

And because Drupal is now increasingly competing against large commercial entities instead of other open source projects, those companies can no longer rely solely on their community experience and contributions to make the case for an open source solution. That experience can and should be an important factor in the evaluation process, but all too often other qualifications are necessary.

The value that open source software brings to the table isn't always apparent to those used to proprietary solutions. Acquia's certification program aims to surface that value by leveling the playing field and offering evaluators more of an apples-to-apples comparison. From that perspective, certification is less about the knowledge and skills of individual developers than it is about the investment made by companies into competing for large projects against other enterprise vendors.

Acquia's Certified Developer exam tests developers’ base level of familiarity with Drupal’s features and functionality, but in our experience that has little to do with their skills as developers, which is something that no multiple choice test can measure. Developers get better by working alongside other talented developers in an environment that promotes professional growth and development, which is what we try to build every day at Palantir. We demonstrate those skills to prospective customers both through our past experience and by demonstrating the approaches we take to solving our customers’ problems.

We don't need our developers to pass certification exams to know that they're awesome, and no matter how good a certification program might be, it’s still incumbent on evaluators to do their due diligence when picking who they want to work on their next project.

So if all that’s true, why have certified developers at all? The answer is going to be different for different people, but for us, it’s about making sure that customers understand that Palantir is willing and able to tackle large projects that might otherwise go to proprietary vendors by default. Some prospective customers have existing relationships with Acquia, and in addition to being an Acquia partner, having Acquia Certified developers on our team provides them with the justification they need to know that we're familiar with the products and services that they offer.

At the end of the day, the rise of certification programs like the one offered by Acquia are yet another example of Drupal’s growth as a project and as a community. Very few open source projects are strong enough to compete against proprietary enterprise solutions, but Drupal does it every day, delivering value to customers of all sizes and shapes. We're proud to be a part of it.

I’ll be talking more about Drupal certification and related topics next month in my DrupalCon Barcelona session, Architecting Drupal Business that are Built to Last. I’ve also proposed a session titled Building Tech Companies That Last for next year’s South by Southwest Interactive; voting is open through September 4.

Categories: Drupal

Palantir: D8FTW: Customizing your back-end

Planet Drupal - 27 August 2015 - 9:00am

In our last episode, we talked about the various ways of storing data in Drupal 8. One important point we noted was that "in the database" is not an option. All of Drupal's storage systems are abstractions above the actual data store. In fact, I will go as far as saying that if you ever write an SQL query yourself in Drupal 8, you're probably doing it wrong.

There are two key reasons for that stance. One, there's no reason that any of those storage systems, conceptually, need to be in SQL. In fact, for Configuration, Key/Value, and the Cache, it's not even the best tool available. Any of them could be backed by MongoDB, Cassandra or Redis, instead. In fact, many sites will use one of those tools instead of SQL for some (but not all) data storage systems. If your module is hard-coded to SQL, you've now hard-coded all of your users to SQL only. And there's a good chance you've also hard-coded a specific SQL server (generally MySQL) without even intending to.

The second reason is that as a module developer, you should be thinking at a higher level than rows and columns. Most of those systems offer a lot of automation and abstraction tools that provide more power with an easier syntax than SQL, and if you write your own SQL you are bypassing all of that. Most especially, if you have any module configuration not stored in the Configuration system it will not work with any staging and deployment tools. Don't do that to your users.

If for some reason you must write a custom query, say for performance, there is a supported, flexible way to do so. First, ensure that your query is contained within a service, and that service conforms to a declared interface. (You should be doing that anyway, but it's especially important here.) For example, let's say we're creating a service that finds nodes by some highly complex logic that normal Entity Queries don't support. We'll call the class DatabaseComplexNodeFinder, with a ComplexNodeFinderInterface. When we register that service in the container, we should also tag it as one that allows its backend to be overridden, like so:

mymodule.services.yml:

services:
mymodule.nodefinder:
  class: Drupal\mymodule\DatabaseComplexNodeFinder
  arguments: ['@database']
  tags:
   - { name: backend_overridable }

And then we use that service wherever we need to use that logic. The "backend_overridable" tag tells Drupal that there may be alternate implementations it should look for. By default, the class should be written to use generic, non-engine-specific SQL. (That is, no MySQL or PostgreSQL specific features.) It doesn't have to be fast, just work.

Now comes the fun part. We can also define another service named mysql.mymodule.nodefinder, which has the same interface but is very specific to MySQL. Similarly, we can have a service named pgsql.mymodule.nodefinder or mongodb.mymodule.nodefinder, which would be specific to PostgreSQL or MongoDB, respectively. Just registering those services in the container has virtually no cost if they're not used. Those alternate services can have whatever code in them they want, and any set of dependencies they want, as long as they follow ComplexNodeFinderInterface.

Now, in the sites/default/services.yml file, a site owner can specify an alternate default backend:

parameters:
default_backend: mysql

The default is mysql, which means that if Drupal finds a mysql version of any "backend_overridable" service, it will use that instead of the generic one. If it doesn't, it just uses whatever is registered by default. (Often times an SQL-database-specific version will be unnecessary, but the capability is there if you need it.) If your site is running on PostgreSQL, change that default_backend to "pgsql". If on MongoDB, set it to "mongodb". And so on. What if we want to use something other than the default? For instance, we're on a mostly-MySQL-based site but we want to use MongoDB for the State system? That's another simple toggle in the services.yml file. To change the backend for our nodefinder service, we would simply add this to the site-specific services.yml file:

services:
mymodule.nodefinder:
  alias: mongodb.mymodule.nodefinder

That tells the container to use the MongoDB-specific version of that service instead of whatever it was going to use.
There are two big advantages of this design:
1) As a module developer, you can optimize your module for MySQL, PostgreSQL, or MongoDB at the same time. Even if you don't, any other module is free to provide an alternate backend by just registering a service with the correct name.
2) As a site owner, you can mix and match what backend services you want to use. Want a mostly-MySQL-based site, but with Redis for the lock and caching systems? Go for it. Want to store your entities in SQL but everything else in MongoDB? You can do that. Any well-written module will keep on working just fine, because it's either using Drupal's higher-level abstractions or using swappable backends. And if the backend you're looking for isn't available for that service, there's only one class that needs to be written to make it available.
That's the power of dependency injection.

Categories: Drupal

Acquia Developer Center Blog: Securing Your Site’s Communications with SSL

Planet Drupal - 27 August 2015 - 9:00am
*/

These days, using SSL with your website isn’t just a good idea — it’s essentially a requirement. Encrypting the information that’s sent between visitors’ browsers and your website is the new price of doing business.

Fortunately, Acquia has a lot of experience helping to secure websites, and we’ve collected several of these tips into a best practices article on the Acquia Help Center.

Want to know about using Varnish with SSL (and you’re an Acquia Cloud user)?

It’s in there.

Want to ensure that all of your website’s assets are served to visitors using the HTTPS protocol?

It’s in there.

Want to set up your 301 redirects from your HTTP pages to HTTPS?

Surprise! It’s in there.

For more information on how best to use SSL with your website, visit the article and read for yourself.

And for even more information that you can use with your Drupal website, feel free to browse the articles and resources on the Acquia Help Center.

Workflow: PendingFeatured: NoTags: acquia drupal planetDrupal 8 related: NoAuthor: Lynette Miles
Categories: Drupal

Integration

New Drupal Modules - 27 August 2015 - 7:45am

This project allows a content Producer to share its content with multiple Consumers using a shared Backend.

The main repository is on GitHub, mirrored here for convenience.

Categories: Drupal

Outlook Events

New Drupal Modules - 27 August 2015 - 7:35am

This module is used to fetch Calendar events from Exchange outlook accounts.

Installation:

1. You should download https://github.com/jamesiarmes/php-ews library and place it in sites/all/libraries folder. So that all files inside it are listed under sites/all/libraries/php-ews.

Categories: Drupal

Mediacurrent: Mediacurrent Dropcast: Episode 10

Planet Drupal - 27 August 2015 - 4:40am

This episode we have Mario Hernandez, front end developer at Mediacurrent, to talk about his upcoming talks at DrupalCamp LA, and how to properly plan for giving a presentation. We talk about the smart_trim module in our Pro Project Pick, which is an awesome module. We talk about Drupal 8 news and as always, birthday boy Ryan, brings it home with the Final Bell. Also, Mark starts his run for President of these United States.

Categories: Drupal

How working on gross, violent games can mess with developers

Social/Online Games - Gamasutra - 27 August 2015 - 1:00am

We often hear about how playing violent or otherwise disquieting games affects people, but how does the process of working on these projects affect developers? Gamasutra chats with a few to find out. ...

Categories: Game Theory & Design

A Look at Titansgrave – Part 1

Gnome Stew - 27 August 2015 - 12:12am

Pretty damn slick logo.

Two years ago, I asked Wil Wheaton a question. Titansgrave: The Ashes of Valkana was the answer.

Okay, that’s a little more dramatic sounding than it actually was. On the last day of GenCon in 2013, I attended a TableTop Q&A hosted by Wheaton, the show’s personality, and Boyan Radakovich, the show’s producer. Even though TableTop was a huge hit (it was even presented with the Diana Jones Award that year), because it was a Sunday, there was a small enough crowd that it felt more like a hangout between a few friends. Anyone who wanted to ask a question pretty much got the chance.

When my turn to ask a question arrived, I asked about the lack of RPGs in the schedule for season two of TableTop. Though the show focuses on board games, my favorite episodes from the first season were the Fiasco and Dragon Age episodes. Wheaton said he was glad I asked that particular question and proceeded to swear the audience to secrecy. He excitedly announced that they were in the very, VERY early stages of planning an RPG spin-off show. There were no specifics to share at that time, but he wanted us to know that he had definitely not forgotten about RPGs. As you can imagine, I was more than a little psyched about this news.

Fast forward to Spring of 2014. TableTop announced a crowd funding campaign to finance a third season. There were other stretch goals beyond the bare minimum needed for the third season, but the super-secret RPG show was tacked on as the ultimate stretch goal. If they somehow reached $1 million, they would make the show. By the time the incredibly successful campaign was done, they had raised over $1.4 million. The RPG show was a go, but it would still be another year before we began to hear anything concrete about it.

At the beginning of April this year, the name of the show was finally announced as Titansgrave: The Ashes of Valkana. At first, the only information we received was that it would use the unreleased Fantasy AGE system from Green Ronin and would be a mix of science fiction and fantasy, similar to Thundarr the Barbarian from the early 80’s. By mid-May the cast of players was revealed to be Hank Green (DFTBA!), Laura Bailey, Yuri Lowenthal, and Alison Haislip. In Early June, the first episodes were released, and just after GenCon, the tenth and last episode was aired. Now it’s all available on YouTube.

So, was it good?

Lemley and Dr. Lobotomy

Overall, I highly enjoyed all ten (plus a prologue) episodes of the show. On a pure entertainment level, the story Wheaton and his players told drew me in, keeping me invested and eagerly looking forward to each episode as they were released. Just as TableTop is a good way to show people what board games are all about, Titansgrave could serve equally well in explaining to non-gamers what RPGs are all about. This rings true for so many things, from the way the players get immersed in the story, how they interact with each other, and all the way to how the dice can be perversely fickle in how they roll. Then there are the in-jokes that so easily spring up in gaming groups that are comfortable with one another. This time, though, we get to share in those jokes. There’s a reason people were already wearing ‘Five gold and a party!’ t-shirts at GenCon.

Interestingly, my one minor quibble with the show actually falls into the realm of GMing, that thing we tend to focus on here at the Stew. The show is great for showing what it’s like to play in a game, but doesn’t necessarily provide a good guidebook for new GMs on how to run a game. Wheaton, as the GM, keeps his decisions fairly close to the vest, making it difficult to see where his skill at running the game is actually coming into play. There were also a couple of occasions where it felt like the players were being told their characters’ reactions rather than being given the opportunity to react. To be fair, this probably comes from the editing needs of creating a cohesive story and editing a several hours of play time down to an entertaining, hour long show.

Aankia. All of the art done for the show and book is gorgeous.

The real treasure trove of GM inspiration is probably in the related books Green Ronin released at GenCon this year. Not only did they release their Fantasy AGE rulebook, but they also released the Titansgrave adventure series book. The second one is not a setting book, unfortunately, but it does detail everything the PCs did in the show. An all-star cast of game designers and writers contributed to the show, with many taking turns writing the adventures that drove the show. These authors include Chris Pramas, Will Hindmarch, Keith Baker, Nicole Lindroos, Leonard Balsera, and more. The interesting thing is that each adventure is presented in the book as it was written, not necessarily as it was played on the show. Right there that provides some insight into the things that the GM had to adjust or adapt for his players.

Since I actually had a little extra cash at GenCon this year, I was able to pick up both books. I am definitely a fan of the show, so I was curious about them, but I also thought it would make good review fodder. How well does the book prepare you to run a Fantasy AGE game set in Valkana? It was important to discuss the show itself first, because whatever the book has to offer, it will be difficult to divorce it from the show. So, part two will come after I’ve had a chance to dig into the books and formulate some thoughts on them.

In the mean time, have you had a chance to watch Titansgrave? Pick up the books? What did you think?



Categories: Game Theory & Design

Frederic Marand: Drupal 8 tip of the day: autoloaded code in a module install file

Planet Drupal - 26 August 2015 - 11:24pm

Autoloading in D8 is much more convenient that in previous versions, however, it still has limitations. One such issue is with hook_requirements(), which is supposed to be present in the module install file, not the module itself: when called at runtime for the site report page, the module is loaded and the PSR/4 autoloader works fine. However, when that hook is fired during install to ensure the module can indeed be enabled, the module is not yet enabled, and the autoloader is not yet able to find code from that module, meaning the hook_requirements('install') implementation cannot use namespaced classes from the module, as they will not be autoloadable. What are the solutions ?

read more

Categories: Drupal

Getting/Making Game Music that Fits - Comparative Music Series - Small vs Big - by Harry Mack

Gamasutra.com Blogs - 26 August 2015 - 10:00pm
Tips for new audio designers composing video game music out of their comfort zone. Useful for producers as well, looking to put together design directions for their audio designers. This entry focuses on composing techniques for small vs big games.
Categories: Game Theory & Design

Video: UX without UI — Creating User Experiences in Action Games - by Thomas Grove

Gamasutra.com Blogs - 26 August 2015 - 10:00pm
In this video presentation, dxSaigon founder Thomas Grové speaks about how game designers create user experiences in action games. The talk focuses on the importance of making controls ergonomic, responsive, and intuitive.
Categories: Game Theory & Design

The World's Greatest: Why Activision Needs to Acquire Glu and Ember Entertainment - by Joseph Kim

Gamasutra.com Blogs - 26 August 2015 - 10:00pm
Huge pent-up demand exists for Blizzard IP based mobile games. Activision Blizzard should acquire Glu Mobile and Ember Entertainment to create a world dominating mobile games powerhouse... to be the world's greatest. Read how and why!
Categories: Game Theory & Design

Kickstarter, Problem? - by Adrian Novell

Gamasutra.com Blogs - 26 August 2015 - 10:00pm
Is Kickstarter still the best option for Indies? In this analysis, MagicGuiso´s CEO, Adrián Novell, explains why he thinks it is not.
Categories: Game Theory & Design

Returnism: The Opposite of Escapism - by Steve Bailey

Gamasutra.com Blogs - 26 August 2015 - 10:00pm
I've never liked the word 'escapism'. It's always felt horribly loaded, and somewhat complicit in perpetuating the inaccurate stereotypes that obscure gaming's social nature.
Categories: Game Theory & Design

The important differences between first-person and third-person games - by Michel Sabbagh

Gamasutra.com Blogs - 26 August 2015 - 10:00pm
A design article explaining the presentational and gameplay differences between first-person and third-person games, and why it isn't just a matter of perspective.
Categories: Game Theory & Design

Monkey King’s important inspirations for overseas game companies aiming at China - by Karvin Sun

Gamasutra.com Blogs - 26 August 2015 - 10:00pm
Apart from “Journey to the West”, China still has countless undeveloped stories and figures. And their audiences are pretty similar to players of Supercell’s “Clash of Clans” and “Boom Beach” in China.
Categories: Game Theory & Design
Syndicate content


Google+
about seo