All RPGs and Storygames by Tod Foley are now available at DrivethruRPG and RPGnow. Bring these games to your table!
Drupal Global Training Days had a great start in 2018. And it keeps that fast pace. The March wave of events featured 13 GTDs in such countries as Rwanda, China, Japan, Russia, Serbia, Spain, Mexico, the USA, Nicaragua. Some of the trainings were delivered online and were accessible for everyone from around the globe.Highlights from the organizers
We contacted several GTD organizers and asked them to share some insights on their events and local communities. Thank you Miriam, Suzanne, and Strahinja for participating. I share my story below too.Miriam Torres (mtorresn) from Monterrey, Mexico How did you get started with GTD?
In Mexico there is a lot of talent in the IT area, which is why we started to organize GTD in Monterrey, Mexico several years ago with the intention of both growing the Drupal community in Monterrey, and discovering talents to which we can offer job opportunities.Who helped to make your training happen?
Many talented people have supported this training and Accenture has been our sponsor for several years. However, Eduardo Santiago has been our main organizer, who has been present at all our events. In our March event, 8 speakers shared with us a little of their knowledge in very diverse subjects (Gerardo García, Omar González, Luis Nicanor (luisnicg), Reinaldo Araque, Omar Aguirre (omers), Aldo Velasco, Eduardo Santiago and Miriam Torres) and 6 staff members made our event possible (Magdalena Lozano, Adrián Briano, Ruth Medina, Karla González, Ricardo Bolio and Ramiro García). We also had the support of Tec Milenio University who gave us access to their campus and helped us spread the word about the event.How many attended your March 2018 event and what did they say they wanted?
In GTD of March 2018, we had a total of 49 attendees, most of whom wanted to learn a little more about frontend development, but we had people with special interest in backend development and testing in attendance too.What new knowledge did attendees receive from you?
On March 16, we held a meetup with 5 talks: "Reactive programming" (Gerardo García), "SCRUM: An agile framework" (Omar González), "Organizing Drupal Teams" (Luis Nicanor), "Docker + Drupal, Practical applications and its integration with Drupal" (Reinaldo Araque) and "Component-Driven design using Pattern Lab" (Omar Aguirre), and on March 17, our attendees took a training, choosing between 2 different topics: Site Building with Drupal 8 (Eduardo Santiago) and Angular + Drupal REST. (Aldo Velasco, Gerardo García and Miriam Torres)Suzanne Dergacheva (pixelite) from Montreal, Canada How did you get started with GTD?
We started our Drupal training program at Evolving Web in 2012 by giving a free training at DrupalCamp Montreal. Since then, we've been offering professional Drupal trainings on a wide range of topics as well as community trainings at camps. We regularly offer free trainings through Global Training Days, and have done both in-person and online trainings for GTD. Inspired by this, we're now offering a monthly free, online 'What is Drupal' session.Who helped to make your training happen?
I led the training at Evolving Web. The Drupal Association helped promote the event with emails and we had lots of re-tweets from others in the Drupal community which helped spread the word.How many attended your March 2018 event and what did they say they wanted to learn?
We had around 50 participants in our online video conference. Some of them were exploring Drupal and trying to see if it's a good fit for their projects, others were Drupal 7 users trying to figure out what's new in Drupal 8.What new knowledge did attendees receive from you?
We offer a 'What is Drupal?' Introductory course for the Global Training Days. It introduces participants to Drupal terminology and general concepts. Participants get to follow along with hands-on exercises and explore why they would use Drupal. They see what you get out-of-the-box with Drupal and what you can customize it to do. They see the role of themes and modules. The training also introduces participants to the Drupal community so that they can see the importance of community contributions and the value of open source.My story: Marina Paych (paych) from Omsk, Russia How did you get started with GTD?
Initially the Omsk Drupal Community emerged in 2013 from random meetups. The first GTD happened in 2014 and was aimed to engage more people with Drupal and involve them in the community’s life. Since that time, GTD has been being organized regularly and more and more people attend this event.Who helped to make your training happen?
The greatest help comes from the company ADCI Solutions. They sponsor all the expenses connected with the organization of GTDs and other Drupal Meetups in our city. Also, they provide a venue in their office called ADCI Events Hub.
The organizers of this event put many efforts in order to make an interesting event in a warm atmosphere. Anastasia Dubina (anastasiya-dubina) was responsible for an overall organizational process such as promoting the event, setting up logistics and equipment, preparing coffee breaks, etc. And I was responsible for agenda management and speakers preparation.
We had 8 amazing speakers who delivered plenty of useful information: Denis Usov (usdv), Tatiana Shulgina (tatiana-shulgina), Artyom Zenkovets (azenkovets), Alexander Kuznetsov (bikba), Maksim Lukyanchikov (max-luckianchikov), Dmitry Chuchin (choo_choo), Iuliia Gapunenko (iuliia_g), and Marina Kardopolova (mkardo).How many attended your March 2018 event and what did they say they wanted to learn?
There were 93 attendees at March GTD. The target audience of GTD in Omsk consists of students and recent graduates, therefore they wanted to learn about the whole web development process and how it is operated by a real company. Also, they wanted to try themselves in development. Around 60% of attendees were more interested in back end, and 40% -- in front end.What new knowledge did attendees receive from you?
On March, 17 attendees listened to 5 sessions aimed to explain the peculiarities of Drupal development. The agenda covered all the processes, and sessions were logically connected to each other in order to show to attendees a full idea of web development.
In the first session -- “How to create a web application architecture” -- Denis Usov narrated about each role in a web development team and how they work for a successful result. The second session “The role of a designer in an IT team” by Tatiana Shulgina clarified web designers’ responsibilities and tasks in a project. The third session “What is back end?” delivered by Artyom Zenkovets and Alexander Kuznetsov contained information about traditional and decoupled approaches and the specifics of back end in Drupal. The fourth session “How to become a front-end Jedi” by Maskim Lukyanchikov and Dmitry Chuchin included a list of tools and useful links that will help newcomers dive into the JS world.
The final session of the first day was dedicated to the Drupal Community and ways to get involved and was delivered by Iuliia Gapunenko. She also showed videos about how Drupal changed many people’s lives from her #DrupalChanges campaign.
On March, 18 there was a training where attendees could use their new knowledge in practice within a captivating coding competition. First, attendees were taught to build their first website and then - to code a custom module. The training was delivered by Marina Kardopolova.Strahinja Miljanovic (SixZeroNine) from Novi Sad, Serbia How did you get started with GTD?
Colleagues and I were discussing how many people they know who are using other CMS and they've never used Drupal. We heard that we have Global Training Day coming soon and we wanted to invite people to come, see, try and learn Drupal. So we created a Google Event Registration Form with questions that will help us to see how many people know about Drupal, are they more interested in Theming, Site Building or Developing custom modules.Who helped to make your training happen?
Vladimir Zdravkovic (botanic_spark), ramns, helped with sessions, Dragan Eror - with workshops. Radoslav Curcic (wingpaler) and Aleksandar Cvijovic (cvijo) contributed to both sessions and workshop. Miki Stojkovic (mikispeed) provided space, food, and refreshments. And I was an organizer of the event.How many attended your March 2018 event and what did they say they wanted to learn?
The number of people who applied to attend the event was 23. Almost everybody wanted to learn everything, but it was physically impossible to hold all sessions and workshops one at the time, so we merged Site Building and Module development. 90% of the people wanted to learn site-building and module development more than Theming.What new knowledge did attendees receive from you?
Attendees from Site Building learned how to create nodes, content types, block types, views (page, block, filtering, and sorting), taxonomies, fields and basic and most common hook examples.
Attendees from Developing Custom Modules learned how to create a module, how to enable it VIA interface, Drush, as dependency and hook_install. They also learned to create configuration forms and blocks programmatically and render input data from configuration form into a custom block.
Attendees from Drupal 8 Theming learned about general themes and twig, How to create a theme and subtheme, theme suggestion, regions, libraries, adding CSS and js files, adding custom classes and adding templates.Join the movement
That was a report on how March Global Training Days went. You still have a chance to join the movement, organize an outstanding GTD in June, September, or December, and get featured in an upcoming blog post.
You really want to upgrade that old site to Drupal 8. You’ve seen the improvements, the new features, and you even figured out how to pull off an upgrade. The only thing between you and sweet Drupal 8 goodness is your boss. They don’t see the need to upgrade and think it won’t be worth the time or money to make the jump. Maybe they do think Drupal 8 is a needed improvement, but aren’t convinced that it is ready for prime-time. Here is what you do.
At DrupalCon Nashville 2018, I became deeply interested in the realm of first-time Drupal experiences, specifically around technical evaluation, and how people would get their feet wet with Drupal. There were two great BoFs related to the topic which I attended, and which I hope will bear some fruits over the next year in making Drupal easier for newcomers:
There are a number of different tools people can use to run a new Drupal installation, but documentation and ease of use for beginners is all over the place. The intention of this project is to highlight the most stable, simple, and popular ways to get a Drupal site installed and running for testing or site building, and measure a few benchmarks to help determine which one(s) might be best for Drupal newcomers.
Website maintenance is needed to address any vulnerabilities identified in software over time.
Thanks to the collaborative nature of the open source communities of Drupal and WordPress, we get a heads up when new vulnerabilities are identified (Read more about why open source is great for business). When the fixes and security updates for those vulnerabilities are released, they need to get installed and tested as soon as possible.
There are benefits and drawbacks to fully automated website maintenance, just as there are for fully manual website maintenance. The best path is to do both.
A machine never forgets a step in a process. It just gets confused when it's presented with the unexpected. A person can introduce human error, but can create novel solutions to unexpected problems.Benefits of Automation Fast
Machines are much faster than people at reading code. Computers are fast and they can apply steps in a process much quicker than we can. They can also run multiple tests simultaneously, leading to even more time savings. There is an inherent, upfront time investment to program the scripts, but once that time investment is made, all subsequent processes are significantly faster.Accurate
A machine can repeat the exact same process, in the exact same way, thousands of times. It can also log processes, errors and results at every step, every time. A person couldn’t log the results of every single step, or, if they did, they would take significantly longer than usual to finish each test and there’d be many more opportunities for human error. This accuracy in repetition and recording means that we have a clearer picture of the test and its results available to us.Thorough
A machine checks everything within the scope you set for it and nothing outside of it. It doesn’t care if “this little change isn’t going to mess anything up”. It checks everything you set it to. That total adherence to process is key when testing a system with multiple, related, and moving parts, like a website.The Human Advantage We’re innovative
A machine never forgets a step, ever. It just gets confused when presented with the unexpected. People are needed to create novel solutions to those unexpected problems. A developer can invent new processes, fixes, and features and create new applications for existing ones.We can give human feedback
A machine won’t tell you if the final result looks professional and aesthetically appealing. It can only check if objects are rendered in specific predefined colors, object types appear in the correct spot on the screen and so on. A person can see if everything comes together and looks good. They can provide feedback on the branding of your site, give you unquantifiable assessments of how your site makes them feel as a person.We can do ad-hoc testing
Automated tests have to be developed, programmed and tested themselves before they can begin to test new features for your site. A person can run through some manual tests very quickly when there isn’t a need to develop a deeper test.How we put it into practice
Our system automatically creates a cloned copy of our clients' sites and applies updates. It then runs a battery of automated tests on the patched clone sites, out of public view, before notifying our developers to review the results.
Once the updates are confirmed to be working properly and that nothing untoward is going on, the developer pushes the site to live. If anything is off, the developer can dive right in and make any needed adjustments, again, behind the scenes. For anyone visiting a site during this process, it's business as usual.
Website maintenance solutions like this are critical to any business. Gone are the days (if ever they existed) of launch and forget websites. Websites vulnerabilities are identified over time as intruders' techniques become more sophisticated. You can't prevent 100% of all data breaches, just like you can't prevent every burglar from trying to break into your house. But you can fix the porch light when it gets broken, and tighten up the deadbolt if it gets loose. So long as you've got someone checking the lights and testing the doors.
Security public service announcements: Drupal Core - Highly Critical - Public Service announcement - PSA-2018-002
- Advisory ID: PSA-2018-002
- Project: Drupal core
- Version: 7.x, 8.x
- Date: 2018-April-13
- Security risk: 25/25 (Highly Critical) AC:None/A:None/CI:All/II:All/E:Exploit/TD:All
This Public Service Announcement is a follow-up to SA-CORE-2018-002 - Drupal core - RCE. This is not an announcement of a new vulnerability. If you have not updated your site as described in SA-CORE-2018-002 you should assume your site has been targeted and follow directions for remediation as described below.
The security team is now aware of automated attacks attempting to compromise Drupal 7 and 8 websites using the vulnerability reported in SA-CORE-2018-002. Due to this, the security team is increasing the security risk score of that issue to 25/25
Sites not patched by Wednesday, 2018-04-11 may be compromised. This is the date when evidence emerged of automated attack attempts. It is possible targeted attacks occurred before that.
Simply updating Drupal will not remove backdoors or fix compromised sites.
If you find that your site is already patched, but you didn’t do it, that can be a symptom that the site was compromised. Some attacks in the past have applied the patch as a way to guarantee that only that attacker is in control of the site.What to do if your site may be compromised
Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack.
Take a look at our help documentation, ”Your Drupal site got hacked, now what.”Recovery
Attackers may have created access points for themselves (sometimes called “backdoors”) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access.
Removing a compromised website’s backdoors is difficult because it is very difficult to be certain all backdoors have been found.
If you did not patch, you should restore from a backup. While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find. The recommendation is to restore from backup or rebuild from scratch. For more information please refer to this guide on hacked sites.Contact and More Information
We prepared a FAQ that was released when SA-CORE-2018-002 was published. Read more at FAQ on SA-CORE-2018-002.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Adaptive vs responsive design. Is there really a matter of “better vs worse”? What's the difference anyway?
For the boundaries sure look blurry enough. Especially since both types of web design provide you with a solution to the same challenge. The one you're facing as a web designer:A design that should cater to all screen sizes.
Now, instead of delving into this confusion even deeper, let's shed some light on:
This module allows to configure Import Feeds using migrate functionality in core.
Taking on a leadership position can be a very rewarding but also draining experience. I’d like to share some of the exciting things that stood out to me at DrupalCon in terms of leadership. In the last few years, I was able to take on a number different leadership positions such as CTO at Amazee Labs, running the #d8rules initiative or co-organizing camps in Austria and Switzerland. To me, it’s a deeply satisfying experience to be part of a team that works towards a common goal and see myself being able to help drive us to be successful. At the same time, leadership always felt very difficult to me. Why wasn’t I able to take decisions effectively? Why wouldn’t others follow my advice as I wanted them to?
Looking up to other leaders at work and in our community is really valuable to me. It allows me to feel inspired, keep improving, and relate my own struggle to the struggles of others. I’d like to share an overview of the things that inspired me during this DrupalCon Nashville.Josef Dabernig Fri, 04/13/2018 - 17:53 Leadership lessons at DrupalCon Nashville
The Diversity & Inclusion team ensured me that fighting for a common cause with a well structured approach can lead to great results. This DrupalCon featured 40% speakers who identified as part of an underrepresented group. This is an awesome achievement and I appreciate the group and the DrupalCon program team who made this possible. I also really like how D&I tries to lead by example as they extend their attribution system to credit for non-code contributions such as attending an initial meeting. Finally, Nikki Steven handed over initiative leadership to Fatima and they mentioned how helpful it can be to distribute ownership of an initiative to make sure the cause is more important than the actual person leading it.
The Community Working Group (CWG), together with Jordana & George, explained their approach to ensuring safety within the Drupal Community. I appreciate the hard work they put into such a thoughtful process that helps us deal with difficult situations. An important aspect of the communication is to always try to separate internet and impact. A person might have the best intentions when they do something, but it is also really important that they understand the impact their actions have on others. A lot of the work that the CWG does goes into the mediation process. This brings disagreeing parties together to reach an understanding their own actions and how others feel about it. Not every difficult situation can be solved in a mediation process so it was great to learn that the CWG also relies on a careful process that leads to taking action if needed.
On Tuesday I was able to attend a Leadership workshop that was organized by the CWG and facilitated by Adam Goodman, Chairman of the Drupal Association. Adam is Director for the Center of Leadership at Northwestern University and I really appreciated his thoughtful approach to this workshop. Together as a group of roughly 50 attendees, we used individual and group exercises to discuss our different perspectives on leadership. Adam was able to make sure that there was a balanced discussion, added plenty of valuable insights, and reassured us that leadership is not always an easy topic. There was also a controversial discussion about the boundaries of leadership and I would like to thank Donna Benjamin for writing her thoughts on it.
In his keynote, Dries took a good amount of time to reflect on the leadership of Drupal. In his section on fostering the community, Dries presented his version of Drupal’s values and principles. I think this is an exciting move forward for us as a community to being able to define and iterate on our values and principles definition. I like how Dries stressed that he put a lot of effort into working on those but at the same time, that he also recognizes that they by no means will be perfect from the beginning. We’ll need a good amount of feedback & collaboration to help make sure that the values & principles definition of the Drupal community, as diverse as it is, serves the purpose and needs of our extensive community.
Rachel Lawson, Community Liaison at the Drupal Association, shared her story at the beginning of Wednesday’s keynote. I appreciated finding out how her feeling welcomed enabled her to become a key contributor and leader within our community. Rachel’s open and candid approach has always been a refreshing experience for me. Over the years, Rachel has always provided an open ear for me to discuss leadership challenges. It’s great to know there are people available that will listen to you and that want to help you to become better at what you do.
Finally, in the keynote itself, Steve Francia shared his very inspiring journey leading various open source community projects. There were tears in my eyes when I found out that Steve had been struggling with the responsibility of being the lead of these big, successful projects, especially when he wasn’t aligned with the project's goals anymore. Steve realised he needed to step down in order to focus on what he wants to work on. I especially appreciated Steve’s honest approach to giving genuine feedback to himself and us as a Drupal community. Steve’s presentation was full of great feedback for us a Drupal community and how we have inspired him to develop the communities he is working with.Final thoughts
It’s awesome to look at what others do when it comes to leadership and get inspired by them. But without introspection, true leadership cannot really emerge. I’d like to conclude with my own notes from the leadership workshop:What is teamwork?
The work performed together as a group of individuals towards shared goals.What is leadership?
Everything that helps the teamwork such as leading by example, principles, coaching or being a servant leader.
How do people learn to become more effective team members, followers, and leaders?
When we learn to express our needs, feelings, and provide feedback. When we understand what our peers need and learn how to create safe spaces for interaction and collaboration. When we listen actively, take responsibility and are open to learning something new every day.What’s next?
Today is the most collaborative day for DrupalCon. At the sprints we all come together to work on Drupal initiatives. On my side, I’m looking forward to meeting the DrupalCon Europe team to discuss the program. If you are interested, check out the website to get your ticket or sign up as a volunteer.
I want to get better at enabling others. In that spirit, I am looking for a new #d8rules initiative coordinator. If you are interested in helping the Rules module to Drupal 8, this might be a great opportunity for me to learn how to coach you. Feel free to reach out to me.
Private content is a very simple node access module that gives each node a 'private' checkbox. If it's set, the node can only be seen by the node author, or users with the 'access private content' permission. The module is particularly recommended for simpler sites, for example to create a members-only area.
The module includes per-content type defaults, actions integration and views integration.
The Views Collapsible List module provides a new style plugin for Views that renders items in a list where you can expand and collapse additional information for an item. You can select multiple fields to be shown/hidden by this toggle. This allows you to present additional information to users if they want to see it without having too much clutter when the page initially loads.Credits