Feed aggregator

Drupal Association News: How Your Membership Gives Back to the Community

Drupal Planet - Wed, 2014-07-16 11:05

When people ask me, “What’s Drupal?” I find it a complex answer. Of course, in a technical sense, Drupal is a CMS— but to me, and to many others, it’s far more than that. It’s a community full of amazing people with inspiring leaders and huge hearts.

At DrupalCon Austin, I was able to share several stories about community members who really pushed the project further, all with the help of community cultivation grants selected and financed by the men and women who love Drupal. I want to thank Gabor, Sheng, and Tatiana for letting me share their stories and I'd like to share these stories with all of you.

Drupal Dev Days: A Week of Sprints in Szeged

Earlier this year, Gábor Hojtsy organized a dev days event that was a huge success. From March 24 to March 30 this year, three hundred people gathered in Szeged to sprint together on Drupal 8 core, Drupal 8 Search and Entity Field API, Documentation, Migration, MongoDB, REST and authentication, Rules for Drupal 8 and, of course, Drupal.org.

There was so much happening, they almost brought D.O to a halt— but fortunately, everything came out OK, and we had huge improvements to Drupal.org as a result.

There were big benefits to Drupal 8 at Szeged, too. Some of the things that our great sprinters accomplished were:

  •  115 core commits with 706 files changed, 10967 insertions(+), 6849 deletions(-)
  •  19 beta blocker and beta target issues fixed

It was the community that made Dev Days Szeged so great. By turning out and sprinting, they made big improvements to the project, while a community development grant funded part of the Internet fees. It's an important element of any sprint, but the real significance is that Drupal Association members who could not attend the sprints or are not in a role to contribute code were still able to help achieve this success by funding it through their membership.

DrupalCamp Shanghai

Sheng is the community leader of the Shanghai community, and as an ex-New Yorker, he knew firsthand how important Drupal meetups and camps are for networking and learning. After he moved to Shanghai, he decided that he wanted to share the valuable experience of face-to-face time with his new local community, which had skilled developers who were mostly disconnected from each other and the wider global community.

After building momentum through holding a number of meet ups, Sheng applied for grants in 2013 and 2014 to put on a Shanghai Drupal camp. With the funds, he flew in a Drupal Rock Star to come keynote each of the camps — Forest Mars and John Albin — and the camp doubled in size and there are now hundreds of people who come out to these camps.

While the investment of flying John Albin out to Shanghai from Taiwan was relatively small, the impact and ROI was huge both for the camps and for the greater Drupal community: camp attendees learned to contribute back to the larger global community, almost like a small R&D investment. It wouldn’t have been possible without a community grant.

DrupalCamp Donetsk

Tatiana of the Drupal Association worked with her colleagues in Donetsk to put together a DrupalCamp in Donetsk, in spite of the revolution. A lot of people came together and connected both to each other and to the global community, and used a grant to pay for the food and coffee— and for us at the Association, that grant stands as a sign of positive support from the greater Drupal community in spite of the strife that was going on in Donetsk.

In the end, lots of thanks needs to go around. First, I’d like to thank Gabor, Sheng and Tatiana and all community leaders for turning your vision into reality and for the time and passion you pour into Drupal. We are appreciate all that you do to unite and grow Drupal.

Secondly, none of this would be possible without the three community leaders who manage the volunteer program: Mike Anello, Amy Scarvada, and Thomas Turnbull. Your passion for growing the community is doing great things.

Finally, I want to issue a big thank you to our Drupal Association Members for making these stories a reality. If you want to be come a member and help more of these programs around the world come to life, please sign up today at https://assoc.drupal.org/membership.

Categories: Drupal

KDE Releases Plasma 5

Slashdot - Wed, 2014-07-16 10:08
KDE Community (3396057) writes "KDE proudly announces the immediate availability of Plasma 5.0, providing a visually updated core desktop experience that is easy to use and familiar to the user. Plasma 5.0 introduces a new major version of KDE's workspace offering. The new Breeze artwork concept introduces cleaner visuals and improved readability. Central work-flows have been streamlined, while well-known overarching interaction patterns are left intact. Plasma 5.0 improves support for high-DPI displays and ships a converged shell, able to switch between user experiences for different target devices. Changes under the hood include the migration to a new, fully hardware-accelerated graphics stack centered around an OpenGL(ES) scenegraph. Plasma is built using Qt 5 and Frameworks 5." sfcrazy reviewed the new desktop experience. It would appear the semantic desktop search features finally work even if you don't have an 8-core machine with an SSD.

Read more of this story at Slashdot.

Categories: Linux News

Acquia: Drupal for Digital Commerce – Bojan Živanović

Drupal Planet - Wed, 2014-07-16 08:49

Bojan and I chatted at Drupal Dev Days 2014 about one of the newest and most important weapons available in Drupal's eCommerce arsenal: recurring billing for digital commerce in Drupal Commerce.

Categories: Drupal

IXIS: Nippy EdgeCast Purging

Drupal Planet - Wed, 2014-07-16 05:27

Since we integrated the EdgeCast CDN for one of our clients, and released a related EdgeCast Drupal module we have been encouraging more and more clients to consider a CDN layer to accelerate performance to multiple geographic locations and maintain an excellent uptime even during site maintenance periods.

A recent international client who is running many domains with federated content using the Domain module needed to make use of the content delivery network to improve performance and resiliance for their sites.

read more

Categories: Drupal

Mogdesign: #D8Rules As a Proof that Drupal Community Is a Living Cell

Drupal Planet - Wed, 2014-07-16 05:03

When D8Rules project waiting in a Funding phase had just seven days left to be successfully funded, success didn’t seem likely. The project had raised just over 40% of its funding goal so far. The days shortened; the pressure rose.

Categories: Drupal

07/15 Zorin 9

Distrowatch - Tue, 2014-07-15 18:05
Categories: Distros

OpenWRT 14.07 RC1 Supports Native IPv6, Procd Init System

Slashdot - Tue, 2014-07-15 11:20
An anonymous reader writes Release Candidate One of OpenWRT 14.07 "Barrier Breaker" is released. Big for this tiny embedded Linux distribution for routers in 14.07 is native IPv6 support and the procd init system integration. The native IPv6 support is with the RA and DHCPv6+PD client and server support plus other changes. Procd is OpenWRT's new preinit, init, hotplug, and event system. Perhaps not too exciting is support for upgrading on devices with NAND, and file system snapshot/restore so you can experiment without fear of leaving your network broken. There's also experimental support for the musl standard C library.

Read more of this story at Slashdot.

Categories: Linux News

Acquia: Deliver digital faster with Drupal – Part 2

Drupal Planet - Tue, 2014-07-15 09:45

In Deliver digital faster with Drupal Part 1, I showed you some of the many examples of successful sites built rapidly thanks to Drupal’s modularity. To stay ahead of your competition, you need to be nimble and agile; Drupal helps you do this with reusable, transferable digital experiences that can be customised to suit various niches even within a single business enterprise. All, of course, without paying additional license fees or mandated limits on developers, environments, or copies.

Categories: Drupal

Liran Tal's Enginx: Migrate Drupal 7 to WordPress 3.9 – The Conclusion

Drupal Planet - Tue, 2014-07-15 09:35
This entry is part 2 of 2 in the series Drupal 7 to Wordpress 3.9 Migration

Migrate Drupal 7 to WordPress 3.9  - To recap, in a previous post on this series, I’ve set the background for my action to migrate  from Drupal 7 to WordPress 3.9. In this post, we will explore the process of making this migration happen.

If you’ve been on this search before to migrate from Drupal to WordPress, then you’ve realized that there aren’t a lot of resources, and that you may have some preferences in regards to the migration process. Some solutions that popped required to have both instances of Drupal and WordPress up and running for some reason, but that didn’t fit my requirements as I wanted to use the same domain and not needing to setup another one just for the migration process. Other solutions are of course professional support services which will perform the migration for you, but you’d have to say goodbye to a few hundred dollars to begin with (prices range from $750 to $3500 for a website migration)

Finding Drupal2Worpdress provided me a good start to get things rolling. As with most things on Github for me, I usually begin by forking a repository and Drupal2Wordpress was no exception. Quickly after I reviewed the code in the original repository I found out that the script is very small and focused, without requiring any special dependencies or extra configuration which was my primary goal – finding the most simple solution as possible. Now I’m ready to take a stub at it.


My Video Course - Step by Step Drupal 7 to WordPress 3.9 Migration

I created a Video course on Udemy.com to teach you the skills of migrating Drupal 7 to WordPress 3.9.

I’d appreciate if you leave a review after taking the quick course

Step-by-Step Drupal 7 to WordPress 3.9 Migration Learn how to migrate your content, users, and more from a Drupal 7 website to WordPress 3.9.




Getting to Business with Drupal2Wordpress

Drupal2Wordpress is essentially very simple. It only requires to edit the PHP code at the beginning, and set the connection information correctly for both WordPress and Drupal database. That already implies on the characteristics of this migration tool – it expects that both instances of Drupal and WordPress are available through a database connection and since this tool has to be accessible and run on the hosting account service  and be triggered from the web or from a cron job (because hosting accounts do not open their database servers to the public).

Some of my fixes to this tool began with importing any content type from Drupal, yet making sure they are imported into WordPress as eligble posts content type (as opposed to pages for example, which aren’t blog related). URL aliasing has also been fixed so that imported posts in the new WordPress install are just working good, as well as another fix to migrate only approved comments. New additions to the tool included the support for migrating users, and adding a default ‘Blog’ category on WordPress and relating all posts to it (as otherwise they are not displayed).

The tool has been tested and it only requires to get a fresh installation of WordPress 3.9 to migrate any Drupal 7 site to it. You’re welcome to fork out the repository or test it and comment so we can further improve upon it.

Drupal2Wordpress – the Github repository.


(adsbygoogle = window.adsbygoogle || []).push({});

The post Migrate Drupal 7 to WordPress 3.9 – The Conclusion appeared first on Liran Tal's Enginx.

Categories: Drupal

Drupalize.Me: Drupal 8 Plugins Explained

Drupal Planet - Tue, 2014-07-15 09:00

As you start down the road of learning Drupal 8 module development, one of the first new Drupalisms that you're likely to encounter are plugins. After writing a blog post about creating blocks, which uses the new plugin architecture, I thought it might be interesting to take a step back and talk a little bit more about plugins at a higher level. This blog post contains an introduction to the what and why of plugins to help Drupal 7 developers make the transition to Drupal 8.

Categories: Drupal

Nuvole: Packaging and reusing configuration in Drupal 8

Drupal Planet - Tue, 2014-07-15 09:00
Bringing "reusable features" to Drupal 8.

This is a preview of Nuvole's training at DrupalCon Amsterdam: An Effective Development Workflow in Drupal 8.

Configuration Management in Drupal 8 elegantly solves staging configuration between different environments addressing an issue that is still haunting even the most experienced Drupal 7 developer. In earlier posts we covered the new Configuration Management in Drupal 8, seeing how it compares to Drupal 7 and Features, and even investigated how to manually simulate Features in Drupal 8 last year. Recent developments and contrib modules can take us several steps closer.

Configuration Management can get quite streamlined when using Git and Drush 7 as explained below.

Step 1: Move staging configuration directory into a versionable location

By default Drupal 8 will place the staging directory under sites/default/files and it is considered a good practice to not version that location, but an alternative location can easily be specified in our settings.php:

$config_directories['staging'] = 'config/staging';

Done that, we must rebuild the Drupal cache:

$ drush cache-rebuild

Step 2: Export active configuration into staging directory via Drush

The Configuration Management system exposes a set of very handy Drush commands: in order to “dump” all active configuration into our newly set staging directory we can just run:

$ drush config-export
The current contents of your export directory (config/staging) will be deleted. (y/n): y
Configuration successfully exported to config/staging.                                                    

Step 3: Push configuration changes and import it on the staging environment

Since the staging directory is under version control we can simply git-add all its content and push it to the remote repository. After having set-up the staging environment as an exact replica of our development environment (this is actually required for the configuration staging to work) we can start profiting from the new Drupal 8 CM system. Imagine we have changed the site name on dev, after having exported, committed and pushed that change, on the staging site we will simply run:

$ git pull

$ drush config-import

Config               Operation               
system.site          update
Import the listed configuration changes? (y/n): y
The configuration was imported successfully.

For a more comprehensive overview of the Configuration Management system please refer to our previous blog post Configuration Management: Drupal 7 to Drupal 8.

Packaging configuration

For those developers familiar with code-driven development practices the three steps above might resemble what the Features module does in Drupal 7 with its features-update and features-revert Drush commands.

While Drupal 8 configuration staging capabilities are far more advanced than what Features could possibly provide, what the new Configuration Management system really lacks is the ability to package configuration.

Enter the Configuration development module

The Configuration development module, currently maintained by chx, serves two main purposes:

  • It automates the import of specified configuration files into the active storage.
  • It automates the export of specified configuration objects into files.

The module offers a simple, global UI interface where a Drupal developer can set which configuration is automatically exported and imported any time they hit the “Save” button on a configuration setting page.

In order to achieve a more modular configuration packaging it would be enough to set a specific module’s config/install directory as the actual export destination.

Nuvole contributed a patch to make that possible: instead of firing an auto-export every time a “Save” button is clicked the developer can, instead, specify in the module’s info file which configuration needs to be written back to that module’s install directory and run a simple Drush command to do that.

Reusable “features” in Drupal 8

One of the main advantages of having a standardized way of dealing with configuration means that modules can now stage configuration at installation time. In a way that’s something very close to what Features allowed us to do in Drupal 7.

Say we have our news section up and running on the site we are currently working on and we would like to package it into a custom module, together with some other custom code, and ship it over a new project. The patched Config development module will help us to do just that! Here it is how:

Step 1: Download, patch and enable Configuration development module

We need to download and enable the Configuration development module version 8.x-1.x-dev and apply the patch attached to this Drupal.org issue.

After rebuilding the cache, we will have the config-writeback Drush command available. Let's have a closer look at what it is meant to do:

$ drush help config-writeback

Write back configuration to a module's config/install directory. State which configuration settings you want to export in the module's info file by listing them under 'config_devel', as shown below:

  - entity.view_display.node.article.default
  - entity.view_display.node.article.teaser
  - field.instance.node.article.body

drush config-writeback MODULE_NAME        Write back configuration to the specified module, based on .info file.

module                                    Module machine name.

Aliases: cwb

Step 2: Find what configuration needs to be packaged

We now look for all configuration related to our site’s news section. In Drupal 8 most of the site configuration is namespaced with related components so, if we keep on using consistent naming conventions, we can easily list all news-related configuration by simply running:

$ drush config-list | grep news


Step 3: Package configuration

To package all the settings above we will create a module called custom_news and, in its info file, we will specify all the settings we want to export, listing them under the config_devel: directive, as follows:

$ cat modules/custom_news/custom_news.info.yml

name: Custom News
type: module
description: 'Custom news module.'
package: Custom
core: 8.x
  - entity.form_display.node.news.default
  - entity.view_display.node.news.default
  - entity.view_display.node.news.teaser
  - field.instance.node.news.body
  - image.style.news_medium
  - menu.entity.node.news
  - node.type.news

After enabling the module we will run:

$ drush config-writeback custom_news

And we will have all our settings exported into the module’s install directory:

$ tree -L 3 modules/custom_news/

├── config
│   └── install
│       ├── entity.view_display.node.news.default.yml
│       ├── entity.view_display.node.news.teaser.yml
│       ├── field.instance.node.news.body.yml
│       ├── image.style.news_medium.yml
│       ├── menu.entity.node.news.yml
│       └── node.type.news.yml
└── custom_news.info.yml

The Drush command above takes care of clearing all sensitive UUID values making sure that the module will stage the exported configuration cleanly, once enabled on a new Drupal 8 site.

To get the news section on another site we will just copy the module to the new site's ./modules/ directory and enable it:

$ drush en custom_news

The following extensions will be enabled: custom_news
Do you really want to continue? (y/n): y
custom_news was enabled successfully.      Final evaluation: Drupal 7 versus Drupal 8

One of the main differences between working in Drupal 7 and in Drupal 8 is represented by the new Configuration Management system.

While Features was proposing a one-stop solution for both configuration staging and packaging, Drupal 8 CM does a better job in keeping them separate, allowing developers in taking a greater control over these two different and, at the same time, complementary aspect of a solid Drupal development workflow.

By using the method described above we can upgrade our comparison table between Drupal 7 and Drupal 8 introduced in one of our previous posts as follows:

Functionality D7 Core D7 Core + Features D8 Core (current) D8 Core (current) + Patched Config Devel Export full site config (no content) NO NO YES YES Export selected config items NO YES YES YES Track config changes (full site) NO NO YES YES Track config changes (selected items) NO YES YES YES Stage configuration NO YES YES YES Package configuration NO YES NO YES Reuse configuration in other projects NO YES NO YES Collaborate on the same project NO YES NO NO

The last "NO" deserves a brief explanation: Configuration Management allows two developers to work simultaneously on different parts of the same project if they are very careful: but "merging" the work would have to be done by version control (GIT or similar), that doesn't know about YAML or Drupal.

Some open issues

Contributed modules seem to be the best way to enhance the core Configuration Management system, much like what happened with Drupal 7 and Features. There are still several issues that should be considered for an optimal workflow, to match and improve what we already have in Drupal 7:

  • Piping: the ability to relate configuration components based on both hard and logic dependencies, for example: I export a content type and, automatically, I get also its fields. If piping might have been too rigid, at times, it would be still useful to have in some configurable form.
  • Enhanced configuration diff: it might be useful to have the possibility to review what configuration is going to be installed before enabling a module, like it is now when importing staged configuration to the active storage.
  • Granularity: it is still impossible to export part of a configuration file, so we still depend on the core conventions for grouping configuration into files, and we can't export a single permission for example.
  • Ownership: we can't know if another module (or "feature") is tracking a component we wish to track; this could be useful in the perspective of maintaining several "modular" features.
  • Updates: we can reuse configuration by simply enabling a module, but this holds only for the initial installation; after a module is enabled, we don't have a clean way to import changes (say, to "upgrade" to a newer version of the feature) outside the standard workflow foreseen in Configuration Management.
Tags: Drupal 8, Drupal Planet, DrupalCon, Drush, Code Driven DevelopmentImage: 
Categories: Drupal

Kristian Polso: Password protect your Drupal site with Shield-module

Drupal Planet - Tue, 2014-07-15 03:26
From time to time, there might arise a situation where you want to password protect your Drupal site. Maybe the site is under development, or you just want it to be available to a selection of users. This is usually done with something called "HTTP Basic Auth", which allows you to password protect a site. This can be done in Apache by modifying the .htaccess file.  There are some great tutorials on how to do this, but this is not the correct way of doing it for couple of reasons.
Categories: Drupal

DrupalCon Amsterdam: Come for the Con, stay for the sprints! Plan your travel for weekend and Friday sprints in Amsterdam

Drupal Planet - Tue, 2014-07-15 02:10

Sprints are an important part of DrupalCon you will want to experience. Arrange your travel and hotel to take advantage of the extended sprints before DrupalCon on 27-28 September, the big sprint day on Friday, 3 October, and the extended sprints after DrupalCon on 4-5 October.

Stay for the sprints on Friday

Every DrupalCon, we cap off the week with a full day of Drupal sprints. DrupalCon Amsterdam's sprint day is Friday, 3 October, starting at 9:00 and going until 18:00. You will not want to leave early and miss any of it. So, book your departure very very late Friday, or even better, Saturday or Sunday!

Whether you are a site builder, designer, programmer, themer, technical writer, project manager, or usability specialist, if you have Drupal experience, this is your chance to contribute back to the Drupal community, meet other Drupal enthusiasts and interact with them building the future of Drupal.

Something for everyone

The sprint on Friday will include three separate events:

1. First-Time Sprinter Workshop
If you're new to Drupal contribution, you can attend the FREE mentored workshop on Friday from 9-noon. The hands-on workshop will cover the basics of contribution essentials like the Drupal.org issue queues, IRC, git, and optionally setting up Drupal 8 on your laptop.

2. Mentored Core Sprint
If you are already have all the tools, have used the issue queue, have a working Drupal 8 development environment on your laptop, would like to work with a mentor to contribute to Drupal core, and would like help finding an issue to work on, or if you're not quite sure where to start contributing, come to the Mentored Core Sprint. This sprint will run all day, with First-Time sprinter workshop attendees joining in the afternoon.

Sprint mentors will help you find a task for a Drupal core issue and then help you work on it. You can create patches for bugs, add documentation to issues, test patches, and more!

To get a head start, set up your Drupal 8 development environment before Friday. Attend the core office hours from home. Or, at the conference, we will have plenty of opportunities to help get you set up at any of our Get Involved BOFs (times and locations TBD), or you can come to the First-Time Sprinter Workshop Friday morning.

3. All the Sprints!
If you're an experienced Drupal contributor, you can head straight to one of the many other share your sprint initiative to do focused work on one particular area of Drupal, like Views, the Drupal 8 multilingual initiative, the Twig theming system, Migrate, Drupal.org, and more.

You will work directly with initiative leads and collaborate on issues. This is a great opportunity to make a difference for the Drupal project AND learn from peers how to solve problems!

Mentor new contributors

Are you already familiar with setting up a development environment or with the core contribution process? Want to help other contributors? We need about 35 mentors to work with our first-time contributors. Sign up early and secure your mentor t-shirt in the size of your choice.

Sign up to help mentor

Want to mentor, but also want to sprint yourself? Extended sprints to the rescue!

Extended Sprints are 27-28 September and 4-5 October

Take advantage of being able to work with others from around the world with extra days: extended sprint days! Read more details and sign up for extended sprints so we can make sure we have enough resources and room for you! We'll be sprinting around the clock at the Berlage in the heart of Amsterdam and seeing the sights and enjoying the city's great pubs and restaurants during breaks.

Make a difference

DrupalCon sprints are critically important to pushing the Drupal project forward, and are also a great opportunity to give back alongside the people who help bring the code to life. Join us DrupalCon Amsterdam and help make an impact!

Sponsor opportunities available

Friday sprints are sponsored by Werk21, extended sprint venue, coffee and catering thanks to the Drupal Association, Acquia Large Scale Drupal, Open8, and … YOU?

Contact us for more information or to sponsor.

Cathy Theys (YesCT)
DrupalCon Amsterdam sprint lead

Categories: Drupal

NEWMEDIA: Drupal PCI Compliance White Paper: Version 1.1 Released!

Drupal Planet - Mon, 2014-07-14 23:20
Drupal PCI Compliance White Paper: Version 1.1 Released!Version 3.0 of the PCI compliance standard becomes mandatory on January 1st, 2015 and will be a complete game changer for most Drupal eCommerce sites.Are you ready to meet the challenge?

For those wanting to dive right in, simply click this link to download the white paper.

Matt Kleve was spot on in his DrupalCon Denver 2013 presentation title PCI: a Four-Letter Word of eCommerce. Whenever I present on or discuss the subject matter with other members of the community, there is usually some level of disdain for the payment card industry (PCI) for creating the data security standard (DSS) that we all commonly know as PCI compliance. The complaints are many:

  • It's too confusing.
  • It's too difficult.
  • It's too expensive to deal with.
  • It's security theater.
  • It doesn't guarantee you'll never get hacked.

Once everyone has finished airing their grievances, there is always the unspoken question that you can see on everyone's face... Can't we just ignore this little nuisance of a requirement and get back to processing credit card transactions?

The reality is that we cannot pretend PCI compliance doesn't exist. The growth of the eCommerce market can only continue as long as users trust the process, and that can only happen if the end-to-end process remains secure. Oh—and any merchant agreement you sign will stipulate PCI compliance as a requirement (make sure to read all that fine print!). Therefore, if you want to accept credit or debit cards payments online (even through 3rd party) then you really have no other choice. Compliance is mandatory.

That's the bad news. The good news is that understanding where and how to get started for a Drupal site is much easier as a result of the Drupal PCI Compliance White Paper that was initially published a year ago (and a HUGE thanks to the many sponsors that helped make that happen). It's readable within an hour and can help everyone involved on a Drupal project make informed decisions and reduce their risk as much as possible.

The Standard Gets Stronger

As the volume of eCommerce transactions continues to grows, it becomes even more important to protect every component in the entire system handling the transaction. After all, a single point of failure was responsible for Target debacle, where the credit card records of 40+ million customers were compromised. This resulted in a huge financial loss for the company as well as a PR nightmare to deal with.

To minimize these types of attacks from growing in size and frequency, the security standard must keep up. The latest update to the PCC-DSS (version 3.0) was published in November, 2013 and will become mandatory of all eCommerce sites on January 1st, 2015.

What PCI-DSS 3.0 Means for Drupal

It's hard to understate the impact this will have on the Drupal community. In version 1.0 of the standard, there was a there was a very easy way out. Simply redirect the user to a hosted payment page on PayPal or Authorize.Net and you could outsource almost all of your responsibilities. This became the goto solution for many budget conscious eCommerce websites.

Version 2.0 of the standard introduced a gray area. The PCI council created a supplemental guide that stated the hosted payment pages, direct post, and iframe solutions all had vulnerabilities. Despite disclosing these attack vectors, the PCI council didn't directly come out and state that they must now meet a larger set of security controls. This didn't stop certain vendors (notably Braintree) from promising compliance within 15 minutes. The dilemma for someone interpreting version 2.0 of the standard was obvious: if there were ways to break in and steal cards, wouldn't that require one to fully lock down the LAMP stack and Drupal application layer? This gray area only led to additional confusion among the Drupal community, who (as a whole) simply opted for the easy route interpretation of the standard.

Version 3.0 ended the confusion entirely. Now hosted payment pages and direct post solutions fall into a new category (SAQ A-EP), which includes over 139 security controls that cover everything from anti-virus to password policy requirements. What used to be trivial (SAQ A) for most websites to achieve has become very challenging. No longer are shared hosting solutions viable. No longer can a website lag behind on updating Drupal core and contrib modules when security updates are available. No longer is it acceptable to enable php filter, allow authenticated users to use the full HTML filter, or manage a site through a shared FTP login.

In short, this is a big damn deal for the Drupal eCommerce community. Without readily available "turnkey" solutions (such as PCI Level 1 managed hosting), many smaller eCommerce sites may not be able to meet the requirements and may be forced to seek non-Drupal based alternatives. In fact, the cost of achieving and maintaining SAQ A-EP could easily fall within the $10,000-$100,000 price range, which is likely to exceed the entire budget of most Drupal eCommerce sites!

Learning More

Covering all the ins and outs of PCI compliance is difficult to do in a single blog post (trust me, I tried with the excessively long article titled Let's Talk About PCI Compliance for Ubercart and Drupal Commerce. Therefore, I'll close with this final recommendation (or plea): if you build, maintain, operate, or own an eCommerce website, then you should absolutely read the new version of the Drupal PCI Compliance White Paper. And if you have any comments, questions, or concerns, please submit an issue in the github issue queue.

Categories: Drupal

PreviousNext: Using Mink for web testing

Drupal Planet - Mon, 2014-07-14 19:00

PreviousNext have been using Behat to test Drupal 7 sites for some time now. More recently, there has been a big push to introduce Behat tests in Drupal 8. So what is it all about?

In this post, I'll be taking a look at the Mink layer behind Behat and using it for web scraping and functional testing and what this means for the future of Drupal testing.

Categories: Drupal

Károly Négyesi: Drupal 8 progress from my / MongoDB perspective: update #27

Drupal Planet - Mon, 2014-07-14 18:53

There hasn't been an update for some time now; things have quieted down a bit, I am mostly just writing drivers now (and coach people on migrate). MongoDB module caught up with the latest config changes and so the module works again. Migrate bugfixing moves along steadily with more and more people actually trying it and fixing bugs, hurray! Blocks now get placed more sensibly, there's steady progress on D6->D8 CCK Single On/Off Checkbox, Checkboxes/Radio buttons, and Select formatters, also node authors in more interesting cases are broken (In Drupal 6, the node.uid and the node_revision.uid can be different). The first step for migration groups is ready. This is the stepping stone for Drupal 7 migrations because quite a few migration will need to be in both the Drupal 6 and the Drupal 7 group. It is also quite important for contrib -- now contrib will be able to just add in a migration YAML that this migration belongs to the Drupal 6 group and it'll run along with core, as easy as that.

Our favorite meta issue convert SQL queries to entitity queries issue is almost finished, opens the door for multilingual / performance enhancements and of course MongoDB :)

I have discussed with Crell how to define a standard mechanism for backend-aware service overrides. As usual, this is good for core because it allows MySQL and PostgreSQL specific drivers but also at the same time it will help MongoDB as well: currently the MongoDB module handles the service overrides but it's an all-or-nothing thing. With this issue, you'll be able to mix various storage backends as you want in a standard fashion.

Finally, even if it's not directly MongoDB related, the issue to switch on twig autoescape is almost done too -- this will make Drupal 8 more secure, even custom modules and custom themes will be easier to write in a secure fashion. Hopefully this will make Drupal 8 an even more appealing offer.

Categories: Drupal

Drupal Association News: Drupal Association Board Meeting Summary

Drupal Planet - Mon, 2014-07-14 18:22

We held our July Drupal Association Board Meeting last Wednesday. Halfway through the year, we took the opportunity to review our metrics for the year thus far, discuss some possible changes to our governance model, and tackle a couple of housekeeping issues in executive session. If you somehow managed to miss us during the live session, never fear! We've got a recording, the meeting materials, and the minutes available for your perusal, as well as this summary:


DrupalCon Austin is now behind us, but it's not forgotten! We're thrilled to have helped host an event that was so successful in so many ways. We were able to beat our Portland attendance numbers, though we did fail to meet our stretch goal of 4,000 attendees. At this point, we are sifting through all the registration, financials, and evaluation data to pull together a summary report (with comparisons to Portland) for the August board meeting.

Next up is DrupalCon Amsterdam. Registration for Amsterdam is strong and we're particularly excited that we had a record number of session submission - over 500! The sessions are now set, and we have a great line up, covering some of the most relevant topics for our community. There will be fun as well, of course. What's more fun than a bicycle? Apparently nothing, because many of our attendees are purchasing the bike package as part of their registration! And of course, there's Tour de Drupal

DrupalCon Latin America is the first DrupalCon scheduled for 2015. The site is scheduled to be up in mid-August for session submissions. We are also working on determining how we will handle languge and translation at DrupalCon Latin America. Working with the local team, we are discussing options for content translation so that we can serve both English and Spanish speakers. 


We were able to create a lot of momentum for Drupal.org at DrupalCon Austin. Staff and Working group members conducted several user research interviews for the User Research Project led by Whitney Hess. And, in the weeks following DrupalCon, our staff were able to deploy over 30 patches to Drupal.org that came out of the sprints in Austin. 

In addition, we also recently deployed a CDN service for Drupal.org. The CDN allows us to reduce strain on our infrastructure, increase our security, and most importantly should increase performance for users, especially those outside of the United States. We want to thank Narayan Newton (nnewton) and the rest of the Drupal.org Infrastructure Working Group for their direction and help.

Finally, there is a new way for you to keep on top of change notifications for Drupal.org. We've standardized the reporting and, in addition to posting them online at Drupal.org, you can now subscribe to an email list to receive notifications right in your inbox.

Board Governance

At the June board retreat in Austin, each of the board committees met to discuss current issues. The Governance Committee met with the aim of exploring ideas that would increase the diversity of candidates for our elected candidates, possible term limits for board members, and how to improve committee performance on the board. Based on that conversation, the committee presented several ideas for the board to discuss. No decisions were made at this time, but the Governence Committee did receive good feedback to incorporate into future proposals. 

Next Meeting

Want more board news? Get it live! Join us at one of our upcoming board meetings

Flickr photo: Kristen Pol

Categories: Drupal

Deeson Online: Deeson Online and DrupalCon Amsterdam: From rockstar speakers to world-class sessions

Drupal Planet - Mon, 2014-07-14 15:12
Deeson Online and DrupalCon Amsterdam: From rockstar speakers to world-class sessionsBy Lizzie Hodgson | 14th July 2014Look alive! DrupalCon Amsterdam is going to be here in no time, and Deeson Online are once again a proud Silver Sponsor of what is shaping up to be a rather spectacular event.

Possibily the most significant date in the European Drupal community diary, DrupalCon Amsterdam will not only offer all the usual mix of community summit, sessions, BOFs and sprints, it also has some very impressive keynotes, including co-editor of Boing Boing, Cory Doctorow.

Photo credit: Jonathan Worth CC Attribution-Share Alike 2.0 Generic license

A regular contributor to The Guardian, the New York Times, Publishers Weekly and Wired, Doctorow is formerly the Director of European Affairs for the Electronic Frontier Foundation, as well as a renowned advocate of freedom in technology law, policy, standards and treaties. Nice.

Deeson Online are getting involved too!

We'll share our BOFs in the next few weeks, but Deeson Online MD, Tim Deeson, is going to be running a session with Vesa Palmu from Wunderkraut, Paul Johnson from CTI Digital and Jeff Walpole of Phase2 – all chaired by Robert Douglass from Commerce Guys.

About the session

Entitled 'Life in the fast lane - achieving sustainable growth' the panel will explain how they built their world-class Drupal businesses.

From growing pains to scaling to meet demand, the audience can quiz each panellist on how they've broken through various barriers to get to where they are as a company.

Key topics will include:
  • How do you differentiate your business in the market?
  • Describe a defining moment which changed your business
  • To service larger clients, what specialisms have you needed to deliver in-house?
  • How does your business plan to sustain growth ie VC, Acquisition, JV?
  • What is the most challenging aspect of delivering larger projects?
  • How do you mitigate risk?
  • What is the biggest challenge your business foresees?
  • How should large Drupal shops contribute to the sustainability of the project?
So if you want to learn from leaders of four of the world's most accomplished Drupal businesses, this session is for you!
Categories: Drupal

Lullabot: Module Monday: Honeypot

Drupal Planet - Mon, 2014-07-14 14:00

Fighting spam is an ongoing cat and mouse game as site owners come up with protections against spam, and spammers come up with increasingly impressive ways to bypass those protections. Solutions like Mollom have been popular in recent years, however Mollom is tied to an external service and only works while that service is running smoothly. Additionally, it costs money if your site has a lot of traffic. CAPTCHA challenges are also a popular solution, but they have accessibility problems -- and automated tools are getting increasingly successful at bypassing them.

Categories: Drupal


Subscribe to LinuxColumbus aggregator