Drupal News

Drupal Association blog: Evolving Community Governance - Survey Results and a Call to Action

Planet Drupal -

These results and analysis were initially presented at the DrupalCon Vienna community summit on September 25, 2017.

Following numerous blog posts, official statements, community discussions, social media interactions, and Slack and IRC conversations over the last few months, there is a clear consensus that it is time for Drupal's community governance to evolve. We need to not only define what governance means to us as a community, but also clarify the roles and responsibilities of those within our community leadership and governance structures. We also need to draw clearer distinctions between the different forms of community, project, and technical governance, and make sure that everyone understands how they interact with and support each other.

Ultimately, this will need to be a collaborative process that involves all stakeholders, including Dries and the Drupal Association (especially where matters of legal and financial responsibility are concerned), but the first step is to create a framework so that the community can participate productively in the process. The question that remains to be answered is what that process will look like.

Results of the Governance Summit Survey

The Drupal Association, with help from Whitney Hess, conducted a Community Governance Summit survey in an effort to gain insight into how the community would like to proceed. 568 people responded to the survey, with most questions receiving between 200-250 responses. The Community Working Group (CWG) was given access to the raw results, which it in turn shared with David Hernandez, Nikki Stevens, and Adam Bergstein, who assisted with the writing of this blog post. We all agreed to keep any personally identifiable information from respondents confidential.

While none of the authors of this blog post were responsible for developing the survey or are trained statisticians, we did our best to analyze the results, which reflected a wide range of opinions and feelings about how the Drupal project and community is governed. While we did not feel the survey results pointed to any clear and actionable next steps, they were consistent with the feedback from the community discussions that were held this spring, which was that the process, in whatever form it takes, needs to be driven by the community.

To that end, we have worked with the Drupal Association to publish the survey data and, most importantly, make this call to action for a truly community-driven process. We are also making a sanitized version of the raw data available for download in OpenDocument format for anyone else to review and perform their own analysis. All comments and other free responses have been removed.

Selected Survey Highlights
  • 62% agreed that a governance summit is needed. Only 8% said definitely “no.”

  • 63% want the summit to be held online, so that members from all regions of our global community could participate.

  • 59% believe the summit should be overseen or facilitated by a professional governance expert, with the majority of write-ins requesting a neutral third-party facilitator not affiliated with the Drupal project or community.

  • Nearly 80% wanted the Drupal Association to provide financial support for the summit, with 36% indicating they would contribute to a crowdfunding campaign to help fund the summit.

  • About ¾ said that clarification of leadership roles and separation of project versus community governance roles should be prioritized at the summit. All of the options listed received the support of more than half of those who provided a response to this question:

    1. Clarification of leadership roles in the Drupal project (76%)

    2. Separation of project vs. community governance roles (73%)

    3. Update codes of conduct (63%)

    4. Overall community management (63%)

    5. More community-elected leadership positions throughout Drupal (60%)

    6. Clarify and update Community Working Group processes and policies (56%)

    7. Create core values statement (53%)

Percentages listed are of those who provided a response to that question, not of the total number of people who responded to the survey.

What’s Next: Getting Involved

Now is the time for people to get involved and drive the next steps in the process. We feel that as an open-source project, the governance of our community should be designed and implemented by members of that community in the most transparent and fair manner possible.

To that end, we feel that the best path forward is to create a volunteer working group that is representative of our global community, and for that group to take the lead in the process of evolving Drupal community governance, rather than any existing group or individual. While the Drupal Association, Community Working Group, and others in the project’s current governance structure are committed to providing whatever support they can to ensure the success of this working group, we feel that the community itself needs to own the process as much as possible.

We, the authors of this blog post, are not the leaders of the process, but as members of the community with interest and experience in various aspects of community governance, we are willing and able to help provide a framework for the group to self-organize and begin work to help improve the governance of our community. We stand ready to participate and help as needed, understanding that while this work will not be quick or easy, it is important and necessary for the long term sustainability of our project and community.

The next step for this is for you to get involved. Here's how to get started:

  • Join the #governance channel on Drupal Slack.

  • Attend a governance meeting in the #governance channel. Once a schedule has been determined we will publicize that information and pin it to the Slack channel. Each of the authors of this post will host at least one meeting and the entire meeting transcript will be made available after the meeting.

    • The goals of these meetings are to connect people who are interested in governance with each other, provide a forum for people to share their thoughts, and empower the community to determine the next steps.

    • We are committed to this being a community-driven process and will be present to facilitate, but not to dictate.

    • If there is interest, we can also host meetings in other forums. (IRC, video chat, etc.)

Other ways to get involved:

  • Write a blog post and share your ideas.

  • We know that people don’t always feel safe sharing their comments and feedback and we don’t yet have a long-term solution for this. In the interim, feel free to directly contact any of the writers of this post, or any member of the Community Working Group to share your thoughts.

We are at a unique inflection point in the history of the Drupal community. We have the opportunity to (once again) provide a shining example to other open source communities demonstrating our forward thinking; not only in technical decisions, but also community ones. Please join us.

Authors (listed alphabetically by Drupal.org username)

File attachments:  GovernanceSummitSanitized.ods

Janez Urevc: Slovenian Drupal community celebrated the release of Commerce 2.0

Planet Drupal -

Slovenian Drupal community celebrated the release of Commerce 2.0 slashrsm Mon, 25.09.2017 - 15:59

As you may already know the Commerce Guys team released the first stable Drupal 8 version of the truly flexible eCommerce suite last week. In order to celebrate this important event many parties were held all around the globe. Slovenian Drupal community definitely didn't want to miss that.

We gathered at the sprintaj.si headquarters in Izola, Slovenija. Sprintaj.si is not a classical "Drupal" business; they are a digital print shop. They are also a happy Drupal Commerce user and this was their way to show appreciation and give back to the community. Sprintaj.si was also one of the most interesting eCommerce projects I've been involved with. They support many different printed matters and their prices are always calculated on the fly based on the customer's needs. Their killer feature are custom formats and If you ever worked on an eCommerce project you can imagine that this results in some pretty hefty pricing rules.

At the party we had two sessions:

After the more educational part the more fun side of the event continued. Our hosts prepared a bunch of super tasty burgers and sponsored a small barrel of beer. OMG, we could easily repeat that!

Photos by: Aleš Rebec and Ben Rajnović

We would like to congratulate the Commerce team for this important milestone. You rock!

Roy Scholten: Core roadmap overview @ Drupalcon Vienna Business Summit

Planet Drupal -

25 Sep 2017 Core roadmap overview @ Drupalcon Vienna Business Summit

From organic to deliberate

At the Drupalcon Vienna Business Summit on monday I presented a quick overview of how the roadmap for Drupal core comes together. A short bit of context and then on to how the new 6-month release cycle creates room to evolve the core product faster.

Drupal 8.4 is done and just about to be released. Here’s the roadmap for Drupal 8.5 core the product management team put together. In short:

  1. Migrate
  2. Media
  3. API-First
  4. Layouts
  5. Workflow
  6. Outside-In
  7. Out-of-the-Box

Of course no talk is complete without a section about how you, yes you can help make it all happen:

  1. Help inform the roadmap priorities: share survey data, usability testing results, client feedback
  2. Help validate the roadmap: are we working on the right things? Does it help fill actual gaps?
  3. Help build, because process does not replace people: sponsor development by providing time, money, space for getting things done.
Drupal-core-roadmap-20170925.pdf Tags drupalplanet

Vardot: Essential Things To Know About Varbase

Planet Drupal -

Essential Things To Know About Varbase Dmitrii Susloparov Mon, 09/25/2017 - 15:20 Introduction

Varbase is a custom Drupal 8 base distribution developed by Vardot, a leading Drupal solution provider headquartered in Amman, Jordan with regional offices in Santa Clara, USA, and Cairo, Egypt. It is a software product embodying years of experience from building Drupal-based websites for high profile customers such as Al Jazeera, Georgetown University School of Foreign Service in Qatar, and the United Nations Relief and Works Agency (UNRWA).

 

Why Varbase?

Drupal is an industry-leading website building platform, renowned for its rich feature set and the ability for users to customize and extend core functionalities to satisfy their unique requirements. Its flexibility is due to its modular design, that is, Drupal functionalities are implemented in a large number of relatively small core and contributed modules, rather than in a single enormous blob object. One key element for a successful Drupal project is to start it off in the right way: namely, select and configure the best modules to do what you want, or as close to what you want in order to minimize the customization work. This can be a daunting task to most Drupal newcomers. For developers who have done this before, the task can quickly become a repetitive chore, as the same procedure is required at the beginning of each project.

 

Varbase offers Drupal site builders the important benefit of time saving. As a Drupal base distribution, Varbase makes available, in a single download, Drupal core modules as well as best-of-breed contributed modules, themes, and pre-defined configurations. Instead of starting from scratch, Varbase site builders leverage pre-installed and pre-configured industry-proven tools and modules. In addition to using the best modules that others had written, Vardot also contributed its own optimized modules to the distribution, for instance, Varbase SEO and Varbase Media. From now on you can start building and customizing your website right away, instead of wasting valuable resources in 'reinventing the wheel'.

 

The new distribution was the direct result after many hours of interaction between Vardot developers and web editors, specifically to find out how to make the editor's job easier and more efficient. Varbase users benefit from that editorial experience as the knowledge was subsequently codified into the design of Varbase modules.

 

Committing to a base distribution and a website building platform is a long-term investment by user organizations. To protect their investment, users look for a base distribution that is being actively developed and supported long-term by a quality organization. Varbase as a product is fully backed by Vardot, an award-winning enterprise web solution provider. Since 2011, Vardot has been applying its Drupal expertise to build enterprise websites spanning many industries, including corporate, non-profit, news/media, and higher education vertical industries. You can view the past history and the future roadmap of Varbase on-line. In addition to this, we've created a Slack channel where you can quickly get any information regarding the distribution or get our support in a timely manner.

 

 

Features Mobile ready

If a mobile visitor browses your website, only to find web pages served up using an oversized desktop resolution, it is very likely that the visitor (and potential customer) will bounce off and never return. Varbase prevents this event from happening by prepackaging custom responsive themes built using the industry-standard Bootstrap framework. The use of the carefully selected responsive themes guarantee that visitors will experience your website in a screen resolution that best fits the actual devices. The distribution also provides site editors with the ability to preview web pages on their mobile phones. As a result, editors can examine a page using the same screen resolution before releasing it to the target mobile user base.

High scalability

As your website gains readership over time, user experience of the site must not degrade because of the additional load on your Drupal platform. Specifically, the page load time must remain fast during peak hours in web traffic and also when your website experiences temporary spikes in traffic. Varbase is designed to be highly scalable in order to deliver the performance required to withstand a steady climb as well as a spike in web traffic.

Easy media management

 

The distribution offers optimized HTML5-compliant media management via the Varbase Media module. Support is built-in to upload, via drag-and-drop, photos, images, videos, and even documents to an on-line media library. Uploaded images and videos in the library can be assembled into sliders or carousels and displayed on your website. Varbase Media is designed to enhance both the aesthetic and the SEO performance of your media resources.

SEO ready

With a built-in SEO modules, search engine optimization is no longer hit-and-miss. Varbase provides a powerful SEO engine to grade the SEO readiness of your website, and to recommend on-page areas for improvement based on its vast SEO knowledge. Varbase enables the specification of metatags and markups to describe your web contents. Furthermore, to further increase the visibility of your web pages, Varbase supports the generation of XML sitemaps. If you are migrating your website to Drupal 8, Varbase can import all web pages from your legacy website, and set up page redirects from the old URLs to the new ones on the Drupal 8 platform.

Social media savvy

If visitors like your web content, you want to gently encourage them to share it with their social media contacts, essentially creating a viral effect. Varbase makes the integration of social media within your website as easy as just choosing the target social networks, which automatically enables the corresponding social media plugins. In addition, Varbase enables you to syndicate selected web contents to various social media networks, thereby maximizing their exposure and reach.

 

 

Summary & Conclusion

 

Varbase embodies the principle and practice of Don't Repeat Yourself (or DRY). It is a shortcut to developing your Drupal 8 website using out-of-the-box, best-of-breed modules, themes, and tools. Varbase is made available to the general Drupal community as a free and open-sourced software. Varbase users can download and modify the base software without incurring any licensing cost. For organizations that require professional services, note that Vardot offers full-cycle Drupal services ranging from implementation, customization, support, training, to hosted management. Please don’t hesitate to contact Vardot if you have any questions regarding our work!

Annertech: Annertechies coming to DrupalCon Vienna

Planet Drupal -

Annertechies coming to DrupalCon Vienna DrupalCon Vienna is starting this week and, as usual, most of the Annertechies will be there in force. This year we are once again delighted to be presenting five sessions at DrupalCon. Here's a quick roundup of our talks and why you won't want to miss them.

Appnovation Technologies: Appnovator Spotlight: Tim Kirby

Planet Drupal -

Appnovator Spotlight: Tim Kirby Who are you? What's your story? I'm Tim Kirby, I come from a creative arts background, and started in multimedia and web site builds in 1996. I worked full time in Macromedia's Director for a couple of years, before moving to hardware and software design a few years later - building interactive digital signage systems that would respond to the touch...

DrupalCon Vienna Preview

Lullabot -

Chris gets the skinny from a number of Lullabots and Drupalize.me team members on their upcoming sessions at DrupalCon Vienna.

Jeff Geerling's Blog: Drupal Camp St. Louis 2017 is a wrap!

Planet Drupal -

The St. Louis Drupal Users Group (STLDUG) just finished it's fourth Drupal Camp, held at UMSL yesterday. I had a great time meeting with everyone, and am excited for next year! Last year I had to miss the Camp due to unexpected surgery, but this year I was able to attend and even bring some of my photo gear, to take pictures (I love contributing to open source through means other than code!); here's the obligatory 'whole camp' photo:

You can view all my photos from the camp in an album on Flickr: Drupal Camp St. Louis 2017 photos by geerlingguy

drunomics: Things to do around Drupalcon Vienna

Planet Drupal -

While the Drupalcon webseite has a good few pointers to the well-known major tourist attractions, as locals we'd like to share our knowledge about some of our favourite places with you! So here a few recommendations:

Viennese Wine and Heurige

If you stay for the weekend after the Con, you can join the Vienna Wine Hiking day, which I can highly recommend. There are 3 possible easy hikes through the vineyards with lots of options to stop for tasting gorgeous wine directly from the producers. Furthermore you may enjoy great views of the city even if the wheather is not that great!

If you stay long enough, don't miss it! You can find details and options at https://www.wien.info/en/shopping-wining-dining/wine/wine-trail

If you cannot join the wine hiking day, be sure to visit some Viennese "Heurige" (wine taverns). Good options would be the Schreiberhaus or a little bit closer to the city-center Sissy-Huber.

Otto Wagner Buildings

The famous Viennese Jugendstil architect Otto Wagner (and friends) has left lots of traces back in the city. Apart from some of the subway stations (you won't be able to miss them) we'd recommend looking at the following buildings at least from the outside:

Cafés & Restaurants

Kaffee Alt Wien: An interesting mixture between a traditional Vienese Cafe and a "Beisl" (pub). The food can be recommended too, simple but authentice Viennese dishes, like Gulasch, Schnitzel and a variety of sausages. Although the Kaffee Alt Wien is mentioned in travel guides, it has not lost its athmosphere and is visited by tourists and locals alike.

Flatchers: Great steaks for a reasonable price. There are two restaurants in the same street: A French bistro with georgous French athmosphere and a larger one in American style.

Brunnenmarkt: A local market in one of the lesser known districts, lots of immigrants of south-eastern Europe and Turkey run market booths and Cafés around a nice plaza. You'll find great athmosphere and good food options: Kent, Cafe Ando, Cay Cafe am Yppenplatz

Barfly's: A cuban style cocktail bar with authentic athmosphere and music!

 

Dave Hall Consulting: Drupal Puppies

Planet Drupal -

Over the years Drupal distributions, or distros as they're more affectionately known, have evolved a lot. We started off passing around database dumps. Eventually we moved onto using installations profiles and features to share par-baked sites.

There are some signs that distros aren't working for people using them. Agencies often hack a distro to meet client requirements. This happens because it is often difficult to cleanly extend a distro. A content type might need extra fields or the logic in an alter hook may not be desired. This makes it difficult to maintain sites built on distros. Other times maintainers abandon their distributions. This leaves site owners with an unexpected maintenance burden.

We should recognise how people are using distros and try to cater to them better. My observations suggest there are 2 types of Drupal distributions; starter kits and targeted products.

Targeted products are easier to deal with. Increasingly monetising targeted distro products is done through a SaaS offering. The revenue can funds the ongoing development of the product. This can help ensure the project remains sustainable. There are signs that this is a viable way of building Drupal 8 based products. We should be encouraging companies to embrace a strategy built around open SaaS. Open Social is a great example of this approach. Releasing the distros demonstrates a commitment to the business model. Often the secret sauce isn't in the code, it is the team and services built around the product.

Many Drupal 7 based distros struggled to articulate their use case. It was difficult to know if they were a product, a demo or a community project that you extend. Open Atrium and Commerce Kickstart are examples of distros with an identity crisis. We need to reconceptualise most distros as "starter kits" or as I like to call them "puppies".

Why puppies? Once you take a puppy home it becomes your responsibility. Starter kits should be the same. You should never assume that a starter kit will offer an upgrade path from one release to the next. When you install a starter kit you are responsible for updating the modules yourself. You need to keep track of security releases. If your puppy leaves a mess on the carpet, no one else will clean it up.

Sites build on top of a starter kit should diverge from the original version. This shouldn't only be an expectation, it should be encouraged. Installing a starter kit is the starting point of building a unique fork.

Project pages should clearly state that users are buying a puppy. Prospective puppy owners should know if they're about to take home a little lap dog or one that will grow to the size of a pony that needs daily exercise. Puppy breeders (developers) should not feel compelled to do anything once releasing the puppy. That said, most users would like some documentation.

I know of several agencies and large organisations that are making use of starter kits. Let's support people who are adopting this approach. As a community we should acknowledge that distros aren't working. We should start working out how best to manage the transition to puppies.

A New API Binding: cloudflare-php

Cloudflare Blog -

Back in May last year, one of my colleagues blogged about the introduction of our Python binding for the Cloudflare API and drew reference to our other bindings in Go and Node. Today we are complimenting this range by introducing a new official binding, this time in PHP.

This binding is available via Packagist as cloudflare/sdk, you can install it using Composer simply by running composer require cloudflare/sdk. We have documented various use-cases in our "Cloudflare PHP API Binding" KB article to help you get started.

Alternatively should you wish to help contribute, or just give us a star on GitHub, feel free to browse to the cloudflare-php source code.

PHP is a controversial language, and there is no doubt there are elements of bad design within the language (as is the case with many other languages). However, love it or hate it, PHP is a language of high adoption; as of September 2017 W3Techs report that PHP is used by 82.8% of all the websites whose server-side programming language is known. In creating this binding the question clearly wasn't on the merits of PHP, but whether we wanted to help drive improvements to the developer experience for the sizeable number of developers integrating with us whilst using PHP.

In order to help those looking to contribute or build upon this library, I write this blog post to explain some of the design decisions made in putting this together.

Exclusively for PHP 7

PHP 5 initially introduced the ability for type hinting on the basis of classes and interfaces, this opened up (albeit seldom used) parametric polymorphic behaviour in PHP. Type hinting on the basis of interfaces made it easier for those developing in PHP to follow the Gang of Four's famous guidance: "Program to an 'interface', not an 'implementation'."

Type hinting has slowly developed in PHP, in PHP 7.0 the ability for Scalar Type Hinting was released after a few rounds of RFCs. Additionally PHP 7.0 introduced Return Type Declarations, allowing return values to be type hinted in a similar way to argument type hinting. In this library we extensively use Scalar Type Hinting and Return Type Declarations thereby restricting the backward compatibility that's available with PHP 5.

In order for backward compatibility to be available, these improvements to type hinting simply would not be implementable and the associated benefits would be lost. With Active Support no longer being offered to PHP 5.6 and Security Support little over a year away from disappearing for the entirety of PHP 5.x, we decided the additional coverage wasn't worth the cost.

Object Composition

What do we mean by a software architecture? To me the term architecture conveys a notion of the core elements of the system, the pieces that are difficult to change. A foundation on which the rest must be built. Martin Fowler

When getting started with this package, you'll notice there are 3 classes you'll need to instantiate:

$key = new \Cloudflare\API\Auth\APIKey('[email protected]', 'apiKey'); $adapter = new Cloudflare\API\Adapter\Guzzle($key); $user = new \Cloudflare\API\Endpoints\User($adapter); echo $user->getUserID();

The first class being instantiated is called APIKey (a few other classes for authentication are available). We then proceed to instantiate the Guzzle class and the APIKey object is then injected into the constructor of the Guzzle class. The Auth interface that the APIKey class implements is fairly simple:

namespace Cloudflare\API\Auth; interface Auth { public function getHeaders(): array; }

The Adapter interface (which the Guzzle class implements) makes explicit that an object built on the Auth interface is expected to be injected into the constructor:

namespace Cloudflare\API\Adapter; use Cloudflare\API\Auth\Auth; use Psr\Http\Message\ResponseInterface; interface Adapter { ... public function __construct(Auth $auth, String $baseURI); ... }

In doing so; we define that classes which implement the Adapter interface are to be composed using objects made from classes which implement the Auth interface.

So why am I explaining basic Dependency Injection here? It is critical to understand as the design of our API changes, the mechanisms for Authentication may vary independently of the HTTP Client or indeed API Endpoints themselves. Similarly the HTTP Client or the API Endpoints may vary independently of the other elements involved. Indeed, this package already contains three classes for the purpose of authentication (APIKey, UserServiceKey and None) which need to be interchangeably used. This package therefore considers the possibility for changes to different components in the API and seeks to allow these components to vary independently.

Dependency Injection is also used where the parameters for an API Endpoint become more complicated then what is permitted by simpler variables types; for example, this is done for defining the Target or Configuration when configuring a Page Rule:

require_once('vendor/autoload.php'); $key = new \Cloudflare\API\Auth\APIKey('[email protected]', 'apiKey'); $adapter = new Cloudflare\API\Adapter\Guzzle($key); $zones = new \Cloudflare\API\Endpoints\Zones($adapter); $zoneID = $zones->getZoneID("junade.com"); $pageRulesTarget = new \Cloudflare\API\Configurations\PageRulesTargets('https://junade.com/noCache/*'); $pageRulesConfig = new \Cloudflare\API\Configurations\PageRulesActions(); $pageRulesConfig->setCacheLevel('bypass'); $pageRules = new \Cloudflare\API\Endpoints\PageRules($adapter); $pageRules->createPageRule($zoneID, $pageRulesTarget, $pageRulesConfig, true, 6);

The structure of this project is overall based on simple object composition; this provides a far more simple object model for the long-term and a design that provides higher flexibility. For example; should we later want to create an Endpoint class which is a composite of other Endpoints, it becomes fairly trivial for us to build this by implementing the same interface as the other Endpoint classes. As more code is added, we are able to keep the design of the software relatively thinly layered.

Testing/Mocking HTTP Requests

If you're interesting in helping contribute to this repository; there are two key ways you can help:

  1. Building out coverage of endpoints on our API
  2. Building out test coverage of those endpoint classes

The PHP-FIG (PHP Framework Interop Group) put together a standard on how HTTP responses can be represented in an interface, this is described in the PSR-7 standard. This response interface is utilised by our HTTP Adapter interface in which responses to API requests are type hinted to this interface (Psr\Http\Message\ResponseInterface).

By using this standard, it's easier to add further abstractions for additional HTTP clients and mock HTTP responses for unit testing. Let's assume the JSON response is stored in the $response variable and we want to test the listIPs method in the IPs Endpoint class:

public function testListIPs() { $stream = GuzzleHttp\Psr7\stream_for($response); $response = new GuzzleHttp\Psr7\Response(200, ['Content-Type' => 'application/json'], $stream); $mock = $this->getMockBuilder(\Cloudflare\API\Adapter\Adapter::class)->getMock(); $mock->method('get')->willReturn($response); $mock->expects($this->once()) ->method('get') ->with($this->equalTo('ips'), $this->equalTo([]) ); $ips = new \Cloudflare\API\Endpoints\IPs($mock); $ips = $ips->listIPs(); $this->assertObjectHasAttribute("ipv4_cidrs", $ips); $this->assertObjectHasAttribute("ipv6_cidrs", $ips); }

We are able to build a simple mock of our Adapter interface by using the standardised PSR-7 response format, when we do so we are able to define what parameters PHPUnit expects to be passed to this mock. With a mock Adapter class in place we are able to test the IPs Endpoint class as any if it was using a real HTTP client.

Conclusions

Through building on modern versions of PHP, using good Object-Oriented Programming theory and allowing for effective testing we hope our PHP API binding provides a developer experience that is pleasant to build upon.

If you're interesting in helping improve the design of this codebase, I'd encourage you to take a look at the PHP API binding source code on GitHub (and optionally give us a star).

If you work with Go or PHP and you're interested in helping Cloudflare turn our high-traffic customer-facing API into an ever more modern service-oriented environment; we're hiring for Web Engineers in San Francisco, Austin and London.

Palantir: Drupal 8 is Great for Sustaining Innovation

Planet Drupal -

Drupal 8 is Great for Sustaining Innovation brandt Fri, 09/22/2017 - 17:17 Ken Rickard Sep 25, 2017

The #D8isGr8 blog series will focus on why we love Drupal 8 and how it provides solutions for our clients.

We want to make your project a success.

Let's Chat.

The first post in our series comes from Ken Rickard, Director of Professional Services.

I’ve been working with Drupal since version 4.5, starting in late 2004, working as an end user, product manager, developer, team lead, core contributor, sales engineer, and sales manager. Since its release in 2015, Palantir.net has been using Drupal 8 to provide solutions for ourselves and our clients.

In that time, we’ve started to identify the long-term benefits that really make Drupal 8 shine. While many of these benefits appear to be developer-centric, the story that they tell is how the platform helps organizations of all sizes to invest in sustained innovation.

From a business perspective, we can focus on three fundamental changes in Drupal 8.

The Release Cycle

Drupal 8 adopted a more standard semantic versioning that indicates the major version, API release, and feature release status of Drupal core. As of this writing, core stands at 8.3.7, and the 8.4.0 release is in beta testing.

Along with semantic versioning came a commitment to regular release cycles -- planned for every six months -- and a commitment to maintain backwards-compatibility. These changes make core releases more predictable, both for resourcing and implementation. We know when the next version is coming, what new features are included, and how any changes will affect our existing sites and code.

This predictability brings Drupal more in line with traditional software releases, and provides a huge benefit to contributors and customers alike.

Backwards Compatibility

With the new release cycle, the project finally has a proactive plan for dealing with backwards compatibility issues. Instead of major upgrades between versions, Drupal is prepared to offer incremental changes that foster long-term stability without sacrificing innovation.

We know in advance what elements have been marked as deprecated and when they are scheduled for removal. (Hint: largely when Drupal 9 development begins in earnest.)

Component Architecture

Perhaps even more than the first two features, the shift to using a library-based approach to code -- where essential components are integrated from external libraries -- gives organizations even more control over their innovations. Drupal now uses Composer and other modern PHP development practices, so we can decouple our code -- both front-end and back-end -- from Drupal specifics.

Since we can move large sections of Drupal code into standalone libraries, we can spend less time working through specifics of a Drupal implementation and focus instead on the technical and business problems that the software needs to solve.

Sustaining Innovation Through Open Source

Taken together, these three elements are powerful. Combined with the GPL open source license that allows anyone to use, improve, and share their code, we have an overall platform devoted to innovation. From a business standpoint, the long-term value of investment in Drupal 8 will be measured in years. Since the software is free to use, companies can invest in their teams and create an environment of sustained success through innovation.

We want to make your project a success.

Let's Chat.

Valuebound: How to secure your user’s private data from unauthorised access by enabling SSL on your web server

Planet Drupal -

As a member of development team, I used to develop web applications using Drupal CMS without worrying about HTTP or HTTPS as it has to be added by dev operational team in my organization. On the serious note “How the Secure Sockets Layer (SSL) prepended to the existing URL” and How does it make a huge difference? Why it is important to make your web URL prepend https instead of HTTP.

Today SSL has become an eye-glazing topic and people want to know more about it so that they can protect their data from unauthorized access. In this blog post, we will take a brief look at basics of SSL and discuss how to secure the website running on Apache with HTTPS. Don’t worry! It's not a rocket science and very simple to secure your site as well as private data. In between, we will also…

Behind the Screens with Joe Shindelar

Lullabot -

Chris goes behind the screens with Drupalize.me’s lead developer and trainer, Joe Shindelar. Joe and Chris discus topics such as: learning Drupal in order to teach it to others, how to prepare for a live presentation and what it’s like delivering a keynote presentation, and advice for new community members who want to get involved. Joe also takes us back in time to his first ever Drupal session, talks about what he would do if the internet went away, and has a special place in his heart for the Twin Cities Drupal Users Group. Bonus: Can you guess Joe’s spirit module?

ADCI Solutions: Meet ADCI Solutions at DrupalCon Vienna

Planet Drupal -

Hello, Drupal friends!

Our team want to make it big at DrupalCon. We prepared the session and two BoFs for you.

A LEADER OR A MANAGER? HOW TO DEFINE YOUR LEADERSHIP STAND

Our Head of Organizational development wil tell you how to define a leadership stand of yours. Knowing what you stand for in this life helps to get on your own feet and achieve outstanding results both in professional area and in self-realization.

Details

DRUPAL FOR A HIGHER EDUCATION

Our senior developer initiates the discussion on Drupal solutions for a higher education and science. The aim of this BoF is to gather Drupal experts and higher education representatives: that would allow us all to hear about the problems and the possible solutions from the first-person point of view. 

Details

MARKETING CHALLENGES IN THE DRUPAL WORLD

Another BoF is aimed at disclosing challenges we face while promoting and selling Drupal services, building the company image and communicating with a target audience. If we know the problems - we can find the solutions. 

Details

 

Drop a visit!

An HTML and JavaScript Client for Elasticsearch

Lullabot -

In my last article, Indexing Content from Drupal 8 using Elasticsearch, we saw how to configure a Drupal 8 site and an Elasticsearch server so content changes are pushed automatically. In this article, we will discover how to implement a very simple search engine that only requires HTML and JavaScript. It is intentionally as simple as possible so you can grab the key concepts and then adjust it to your project needs.

The demo in action

Here is a screenshot of the search demo, whose source code is available at this repository:

undefined

The above form contains a text input field that searches for a string among all full-text fields (in our case, the title and the body summary) and a filter by document type (articles or pages). When we click Search, the following query is submitted to Elasticsearch:

{ "size": 20, "query": { "bool": { "must": { "multi_match": { "query": "Melior Vereor", "fields": [ "title^2", "summary_processed" ] } }, "filter": { "term": { "type": "article" } } } } }

In the above query we are searching for the string Melior Vereor at the title and summary_processed fields, with a boost on the title so if the string is found there it shows first in the results. We are also filtering documents by article type.

The best way to discover the Query API in Elasticsearch is by installing Kibana, a web UI to browse, analyze, and perform requests. Here is a screenshot taken while I was building the above query before coding it into JavaScript:

undefined Configuring and securing Elasticsearch

While being able to perform client-side requests is great, it requires a few configurations and security settings in order to block access to the Elasticsearch server. Here are the things that you should do so that only the allowed applications can push content (i.e. a Drupal site) while every other application is only permitted to perform search requests.

For additional settings have a look at the Elasticsearch configuration reference, which is organized by module.

Setting up network access and CORS

Elasticsearch binds by default to the local interface, meaning that it can only be reached locally. If we want to allow external access, we need to adjust the following setting at /etc/elasticsearch/elasticsearch.yml:

# Set the bind address to a specific IP (IPv4 or IPv6):# network.host: [_local_, _eth0_]

_local_ is a special keyword that refers to the local host, while _eth0_ refers to the network interface whose identifier is eth0. I figured this out by executing ifconfig at the server where Elasticsearch is installed.

Next, we need to add the CORS settings so client-side applications like the one we saw above can perform requests from the browser. Here is a configuration set where we only allow the HTTP methods for performing search requests which should be appended to /etc/elasticsearch/elasticsearch.yml:

# CORS settings. http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-methods : OPTIONS, HEAD, GET, POST Locking the Elasticsearch server

There are a few ways to configure which applications are allowed to manage an Elasticsearch server:

  1. Installing and configuring the ReadOnly REST plugin.
  2. Use a web server that authorizes and proxies requests to Elasticsearch.
  3. Use a server-side application that acts as middleware, like a Node.js application.

This article covers the first two options, while the third one will be explained in an upcoming article.

Installing and configuring ReadOnly REST plugin

ReadOnly REST makes it easy to define the policy to manage an Elasticsearch server and is the option that we chose for this demo. We started by following the installation instructions from the plugin’s documentation and then we added the following configuration to  /etc/elasticsearch/elasticsearch.yml:

readonlyrest: access_control_rules: - name: "Accept all requests from localhost and Drupal" hosts: [127.0.0.1, the.drupal.IP.address] - name: "Everything else can only query the index." indices: ["elasticsearch_index_draco_elastic"] actions: ["indices:data/read/*"]

There are two policies above:

  1. Allow all requests coming from the local machine where Elasticsearch is installed. This allows us to manage indexes via the command line and lets Drupal push content changes to the index that we use in the demo.
  2. Everything else can only query the index. There we specify the index identifier and what actions other applications can perform. In this particular case, just searching.

With the above setup, applications trying to alter the Elasticsearch server will only be able to do so if they comply with the rules. Here is an example where I attempted to create an index against the Elasticsearch server via the command line:

[[email protected] ~/Dropbox/Projects/Turner]$ curl -i -XPUT 'https://elastic.some.site/foo?pretty' HTTP/1.1 403 Forbidden content-type: text/plain; charset=UTF-8 content-length: 0

As expected, the ReadOnly REST plugin blocked it.

Using a web server as a proxy to authorize requests

An alternative approach is to put Elasticsearch behind a web server that performs the authorization. If you need further control over the authorization process than what ReadOnly REST plugin provides, then this could be a good option. Here is an example that uses nginx as a proxy.

Go search!

You have now seen how to query Elasticsearch from the browser using just HTML and JavaScript, and how to configure and secure the Elasticsearch server. In the next article, we will take a look at how to use a Node.js application that presents a search form, processes the form submission by querying Elasticsearch, and prints the results on screen.

Acknowledgements

Matt Oliveira for introducing me to Kibana and for his editorial and technical review.

Pages

Subscribe to Cruiskeen Consulting LLC aggregator - Drupal News