> nook
That word. I do not think it means what you think it means...
It is a lovely open-plan living space!
Here you can see SJWs successfully convincing coders to drop master/slave terminology, switching instead to primary/replica. It all goes downhill after this comment, which most people seem to agree with:
>This is an opportunity for Drupal to promote inclusiveness, to be a part of a charge that demonstrates that amongst the plethora of stories about tech discrimination, we listen, and we react, and we try to change to make everybody feel welcome.
So, to be affected by this you'd have to:
If all of the above is true, an attacker could gain access to your site.
Yes, it's plausible, and yes, we should at least switch Drupal core to use https and make sure certs are checked when pulling update XML, but no, it's nowhere near (not even in the same league as) Drupageddon.
See also: https://www.drupal.org/node/1538118
Your guess is as good as mine, the DA board is about as transparent as a concrete wall. They don't even publish the meeting minutes any more.
Since mortendk was kicked off the board (with some silly pretense), I haven't heard of anyone calling Dries and the other executives on their bullshit. You could get the impression that the board mostly serves as a big rubber stamp that only serves to make DA leadership feel a bit more democratic and open.
> että nuo pollit ovat yleensäkin rikki.
Joo, noilla on käytössä joku susipaska äänestyspalikka josta muutkin valittelee samaa. Tuo selittää ainakin, miksi noi prosentit on ihan mitä sattuu. Se, että jakauma on muuttunut noin radikaalisti toiseen suuntaan tuskin on mikään Helsingin Uutisten salaliitto, vaan siellä käy internet retardit sotaa keskenään noista äänestystuloksista ja joku on keksinyt tuoda botin paikalle. Normaali päivä internetissä.
Just recently, chx... and now Crell... Where does it stop, Dries?
There is a pathological witchhunt roaming drupal's corridors - apparently OK, as we don't - and probably won't see - the privacy intruding witchhunters, ousted.
Drupal went far beyond enterprise and into corporate, privacy invading conspiracies - all too well presented in nicely finessed corporate lingo - well done.
Morbus Iff went bazooka with dignity https://www.drupal.org/node/2863181 and a few other ladies and gents said their piece, here and on other sites.
This act by the drupal powers wont bode positively with the PHP and Symfony communities — the undesired side-effect.
This shit-storm will hit the fan, big time, in hard to anticipate ways.
In short, here are the reasons why I created a new library:
You can read https://www.drupal.org/project/drupal/issues/1333730#comment-9301135 to learn more from the author of HTMLPurifer himself :) .
Literal groans in the office when this started going around.
I'm not mad about it, and really appreciate the forewarning from the security so I can make a hole in my time for this. They (or we, if you're contrib-minded) really gotta work on getting auto security updates in place though https://www.drupal.org/project/drupal/issues/2367319 . Or at least come up with some better management tooling.
Obligatory:
https://www.drupal.org/node/2275877
https://github.com/django/django/pull/2692
http://knowyourmeme.com/memes/events/donglegate-adria-richards
There are plenty of people, and what hurts most, people who understand how the technology works and use it to build their career, that are trying to "make their mark" by changing terminology.
These are people desperate for attention and are trying to disrupt very well-established and well-working terminology because they cannot create something big themselves, so they jump on existing projects and try to shoehorn their imbecile ideology.
We as an industry have a mission to not let political correctness and bureaucracy hinder what we do. The web is running reasonably smoothly while being constantly attacked, and we don't need the grief.
Instead of messing with yaml directly you can use https://www.drupal.org/project/restui and capture the config of it, way easier.
Also check your permissions under People -> Permissions, ensure that the user has permissions for the endpoint you're trying to use.
And last, be sure to visit /session/token to fetch a token for the call. When you do a POST you'll for sure need to set HTTP header X-Csrf-Token to the token value for it to work.
It is kind of a pain, but isn't pretty much anything that involves users / permissions like that?
Drupal isn't fading away it's just becoming an enterprise CMS. As a reflection of that usually the best place to get support these days is the Drupal slack channel: https://www.drupal.org/slack
I mean, Drupal is just Symfony at this point. It provides a framework of helpful classes and functions that reduces redundancy when developing webapps. I say webapps because very few organizations actually use Drupal on the front end, instead they lean on Drupal providing the JSON or components that can be pushed out to Android, iOs, or web applications.
Outside of tooling your own framework, Drupal is still probably the best and most flexible CMS for publishers with large amounts of different types content.
edit: wrong link.
On 24 March 2017 I posted:
> Whatever has happened I expect it was very serious or the DA is very much in the wrong. > >Drupal Association, please restore some safety to the community and make a concrete statement.
Having followed every post & comment since then, up to and including Larry Garfield's latest statement, I'm personally beginning to feel certain that the DA is very much in the wrong.
I'm having trouble imagining anything that is simultaneously so dangerous that it requires removing Larry from the project but harmless enough it is acceptable to sweep it under the rug.
I see a call for healing but no recognition that Dries and the DA's exercise of power is the cause of the harm. Please [DA & Dries] make concrete assurances that you will be more careful with your power in the future. Please try to relieve the harm you've caused. Please put the safety and health of the community above whatever forced your recent decisions so we can start to heal.
Vagrant boxes give you an environment that can be as close a match as possible to your eventual production environment. Immediate benefits:
All server side software is isolated there: Apache, nginx, mysql, php etc.
You can pollute that server environment with all sorts of experimental configurations and still easily return to a default state (e.g. try out using memcache)
Communities have created complex configurations that get you easily started with a new technology. (e.g. https://www.drupal.org/project/vdd provides a complete environment for drupal development all race ready)
Because the environment is easily rebuilt from a recipe, you can use lots of default user/pass for things like mysql etc...
Vagrant Share or ngrok will allow you to share a link to your VM to the outside world. Now you can share your work in progress with anyone without exposing a local setup (apache installed on your machine)
You share a directory with the vagrant box so that you can use phpStorm on your Mac (or whatever) and the vagrant box serves that directory from the VM
WordPress licence page says "There is some legal grey area regarding what is considered a derivative work, but we feel strongly that plugins and themes are derivative work and thus inherit the GPL license."
The Drupal page says "If I write a module or theme, do I have to license it under the GPL? Yes. Drupal modules and themes are a derivative work of Drupal. If you distribute them, you must do so under the terms of the GPL version 2 or later. You are not required to distribute them at all, however." (point 7)
So if you want to be sure, contact a lawyer.
~~While the security risk score is slightly lower than last time,~~ everybody should upgrade their Drupal sites ASAP. The security risk now has been bumped up to Highly Critical.
Update: If you are using the Media module, update that as well: https://www.drupal.org/sa-contrib-2018-020
TL;DR: Larry is into BDSM in his spare time, someone else went on a witchhunt about it, it got back to Dries, and he got kicked out of the Drupal project because of it?
Meh.
(I was so looking forward to the "Fifty Shades of Grey" BoF at DrupalCon Baltimore...)
Edited to add: I'm not into BDSM, I've never met Larry IRL and probably have never run into him online that much either, but having read all three posts on the matter, if my TL;DR is at all close to the truth, then this is a very not-good thing that Dries et al. have done.
> Over-stepping your authority and making threats of banning/unpublishing actions against other contributors: https://www.drupal.org/node/2391219
There's literally NOTHING I can interpret like so in his 6 or so comments in that thread. Can anybody help? I went through every issue linked and wasn't able to find anything toxic or offensive.
If anyone wants a quick and dirty find + fix script. Did the job on about 600 installs for me today.
#!/bin/bash curl https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch > /tmp/drupal.patch for x in $(egrep -l "define.*VERSION.*7." $(locate includes/bootstrap.inc)); do db=$(echo $x | sed "s,bootstrap.inc,database/database.inc,"); patch -p0 --dry-run $db < /tmp/drupal.patch if [[ $? -eq 0 ]]; then patch -p0 $db < /tmp/drupal.patch fi; done;
Arin: Oh, I need the lantern. I'm going to buy one.
Me: Wait, what? I don't remember seeing a lantern in the shop...
Arin: Okay, buying lanterns!
Me: No. Arin. That is oil.
Arin: Got 20 lanterns!
Me: Arin...
Arin: Walking back to the gross mouth!
Me: Arin, please...
Arin: Okay, now I'm in the gross mouth, time to use the lantern! Oh wait, it's just oil.
Me: https://www.drupal.org/files/project-images/headdesk.jpg
I'd be lying if I said I didn't find it funny however.
Looking at the usage graph:
https://www.drupal.org/project/usage/drupal
Drupal 8 has been a pretty monumental failure in terms of usage, when they EOL Drupal 7 in 2021, unless they can turn things around and make Drupal 9 appealing in a way that 8 isn't. I don't fancy their chances.
It feels like the direction Drupal is going in is designed soley to keep Acquia ticking over with big enterprise clients, as a smaller site-builder I'm no longer recommending Drupal, which is a shame as i have 6 years of experience with it in various forms that i don't really want to lose, but so little of that is transferable to D8 it's just as easy to switch something else as it would be to learn D8/9.
Add to this the Drupal orgs rather poor handling of various things, such as the weird trademark situation which benefits Dries more than the community, their cancelling of the official europe con, downsizing of drupal org itself by firing some long time staffers, the critial security updates that are always at stupid o'clock for europeans...
> We received one side of the story, from one perspective
We've also heard from the DA, CWG, and Dries.
> At the same time, though, I feel we have a wall for a reason.
I'm not as faithful in the decision making process.
> I didn't see a ban hammer which removed him from Drupal.org.. just some of the leadership
No, Dries removed him from the community. From Dries' blog post, " I made the decision to ask Larry not to participate in the Drupal project"
> why is everyone so hung up on Dries and the DA?
It's not the DA, it's that Dries controls the DA. He is the president, and has the authority to tell Megan exactly what to do.
> If we feel we are the community and own it, then do so.
The DA (and therefore Dries) control Drupal.org and Drupalcon. We cannot own it without that unless we fork the project (which is a horrible idea IMO).
We recently launched our first D8 Webshop using Commerce 2. It took a little while to get used to the Commerce 2, but in the end we're really happy, we chose D8 instead of 7. Just today we started working on the next Shop using D8 Commerce 2.
If we'd known the D7 EOL when the decision for D8 was made, we would probably have chosen D7. Even tho none of the really important modules is missing, many payment providers are not supplying a Drupal 8 version of their payment modules yet, which is the only drawback I can see.
But in the end we figured, if our client really wants to use a payment provider that does not supply a D8 module, we'd at least have a good reason to write our own payment module and would probably also get funding for it.
Edit: Whenever I posted problems in the Commerce 2 issue queue on drupal.org, I got a useful answer within a few days. Some guys over there, especially bojanz, are really doing a great job, answering questions and helping out with problems.
> Drupal removing Garfield.
Which doesn't involve the Contributor Covenant, as Drupal has its own code of conduct. Furthermore, while communication was definitely lacking, I have a hard time saying he was removed for shady reasons. In case people are interested, here's a press release from Drupal about that.
> Most of the time you won't be hearing anything because when you get blocked from a project you will just silently stop contributing.
Would you though? If I were removed from a project and I thought my removal to be unreasonable, I'd be making as much of a stink about it as possible (much as Larry Garfield did), so to me this statement doesn't hold water.
Please make honest arguments based on fact and respond to what people are actually saying rather than trying to move the goalposts.
Where this becomes the largest issue for me is when people have decided that technical terms are now offensive (see master/slave).
If a project has come to a point where it was considered ok to be an asshat and to discriminate against people then they are in need of a lot more than just a CoC and one will not help them.
There is a reason that companies have this shit, it is because of the lawsuits they open themselves up to and by having the handbooks (essentially the enterprise CoC) they can protect themselves. However when I am donating my time and effort to a project and I have to start worrying about how I name functions or comment code then the enjoyment I get out of contributing to open source is being replaced by the feeling of... work.
I get that extremely large project have huge numbers of people and not all will get along and some will feel they are offended by something (anyone remember the spiceworks "frying up the bacon" issue?), but those that are leading the project need to be able to step up and nip it in the ass for those few times it happens. When they don't you get people demanding shit like CoC's because they feel offended.
Github is doing this because they are no longer the open-source grass roots company they once were, they are trying to become a large corporation which means you will see 5 others pop up in the near future that start taking some of their userbase and the community as a whole will be better for it.
Probably the migrate module.
You should seriously consider going straight from D6 to D8 as the migration will be about the same difficulty, unless you have lots of custom modules.
Hi gang, this is the first post I've made in the forum (I think?). Well if it isn't my first then I don't remember any others.
I've known Larry ever since getting involved in Drupal a decade ago. He's always been argumentative but respectful. Even when arguments get heated and the adrenaline amps up, he states his points / opinions and gives others the opportunity to state theirs. That's the thing I've come to expect from him, respect.
It doesn't sound like Larry was given a real opportunity defend his position. In Dries post:http://buytaert.net/tag/living-our-values and the Drupal Associations' response : https://www.drupal.org/association/blog/a-statement-from-the-executive-director , it sounds like a board of directors decided to exclude Larry from being in a leadership position (but not full excommunication from the community) and then allowed Larry to appeal the decision. But Larry asserts that he never got to speak for his case or respond to questions from the board. It's also not clear if Larry was presented all the evidence they have accumulated against him.
As someone who has invested over a decade of their professional life in this community, BECAUSE of how inclusive the community has been to me and others who have come in because it is so welcoming, it shocks me to learn there are limits.
I'm left with either hoping that the evidence they say they have and that they say they won't share was strong enough for this firm decision. Because otherwise I just witnessed a friend tell another friend "You're dead to me" because of something they won't talk about.
I guess I'm in stage one: Grief.
I don't pretend to be "the" trail blazer. I don't pretend to be the Come follow me!! figure. I look at people like Christopher Dorner and Michael Hastings and, of course, am not in a super rush to jump headlong into "fighting the power" all by myself and ending up like them.
I'm totally okay with ending up like them in the face of moving forward in a group that might have a real chance of changing things, but the idea of moving forward individually seems naturally foolhardy and pretty overtly not recommended.
I have joined groups moving forward and discussing ideas that may be considered very different from what the establishment works with, I have taken part in various demonstrations and marches that have occurred, and in "grass roots" community help programs that have gone forward, but...well, it's obviously not been enough, and many of us are simply still idle (including myself sometimes).
There is significant PTB resistance to our collectively coming out of our stupor as a citizenry, however. I feel it, I think many feel it, and this seems to keep a lot of us stagnant.
We've recently started using Angular in our small shop.
From a front-end dev/designer's POV, it has been awesome.
It has allowed us to totally divorce view from content. We are now able to easily theme a large number of CMSs using API-First development.
Basically, get your CMS to spit out JSON. (https://www.drupal.org/project/services). Tell angular to pick up that JSON. Make your templates using node/angular-ish markup, and you've got total control over all front end coding.
No more learning the weird templating quirks of Drupal, or wondering where this bit of markup is generated from.
Allows us to easily throw our sites into phonegap builds and get ios and android apps out of it. All the while, we only need to maintain one source of data, markup and style. To use a buzzword, it is "device agnostic".
If you're going to have custom content types that are likely to be used in different sites I'd recommend creating a custom module that contains the yml files for the content types. You can do the same with views, view modes, menus, roles, etc.
If you think there will be a lot of overlap in functionality and configuration, you may want to make a profile to store your custom/contrib modules and themes.
You use the word "force" here a couple times. That's really an interesting point. I was about to note that this could all be voluntary and simply "encouraged" by the community, but I have to admit that the places where I've seen cathedral dev most successful (for example, Drupal), it is, in fact, forced.
I don't like that word, but at the same time, Drupal seems to have thousands of high quality "contrib" modules. Would they have more if they allowed more possesive licenses? Hard to say. I know people would be more hesitant to become dependant upon those modules.
EDIT: Added a link.
Was discussing some custom functionality that I had on my site with someone else in the community and decided to attempt open sourcing it and after a couple late nights released the initial version yesterday! It allows site administrators to set fields to required on publish and, internally, has allowed our editors to be able to focus on content creation first and then proper tagging or SEO information right before the content is ready to be published. I'm sure there are edge cases that I haven't tested yet but hopefully someone finds it useful!
I've been brought in to cleaned a few sites now from this, hate to say it, but you're going to need to do more. The scripted attacks get deeper than just file drops, they open up admin access to the system, so you'll need to clean beyond what you've done.
The process I've been using:
Finally - if the site allowed people to log in, or stored sensitive data. Notify your users of a complete breach.
Official Drupal docs on handling this, with lots more details and suggestions are here: https://www.drupal.org/node/2365547
I'm going to say that it's the website not your phone. I have a 950XL and yes, the menus don't work. But as a software and web developer, I regularly test sites in many different hardware and software combinations. So I tested the site on different hardware/browsers combinations I have here.
The ausopen.com site doesn't work in Edge for the desktop either. If you shrink the browser horizontally until the menu switches to the mobile version (most sites detect widths to switch menus).
If I remember correctly,
Rendering Engines:
Windows Edge uses Microsoft's EdgeHTML
Apple uses WebKit
Chrome and Opera use Blink
Firefox uses Gecko
It's the site developer's fault not Edge. I checked their site's code and they are using Drupal as their content management system. Drupal has a long standing issue with dropdown menus.
Here's a link to a thread on Drupal's site with the fix. I sent an email to the Open's web site. Let's see if they fix it.
https://www.drupal.org/project/bootstrap_business/issues/2220211
> The only people claiming that this has anything whatsoever to do with Larry's kink are Larry himself and his defenders.
That's preposterous. If you've seen any of the material being passed around to smear Larry, you'll notice it's all related to Gor, and in their latest statement, the DA refer to “information from one or more members-only sites”, which pretty much confirms what Larry was saying about the closed forum frequented by Goreans.
> It looks like a self-important obsession - totally immature and delusional.
Ah, insults, always the weapon of choice of someone who's lost the argument.
Can we please cut down on the Drupal 8 hype? Half the posts on this sub-reddit are pushing the benefits of software that won't be usable for most people until 2016.
We've been hyping and discussing Drupal since 2010 now: https://www.drupal.org/node/963832
"But now, in 2010, there is a lot of momentum behind using HTML5. Shall we switch to HTML5 in Drupal 8?"
"if Drupal 8 is going to be released before 2013..."
I posted a link to this bug on one of yesterday's mindless threads. Looks quite close based on the description.
If true (and I'm speculating again), then they should have patched this 6 months ago.
We do know the "Common Web Platform" uses Drupal 7 and Solr search - that detail is embedded in the search results HTML.
Your guy needs to Level up. D6 is basically obsolete
"On February 24th 2016, Drupal 6 will reach end of life and no longer be supported."
See: Automatic Updates initiative. It’s a pretty big issue, highlighted by Dries in two DrupalCon keynotes now, and the community has been working on finding the best way forward. Unfortunately, for a CMS like Drupal, this is not an easy or simple problem to solve, at least if we want to do it in a more secure way than what Wordpress currently does.
Drupal lists service providers for different locations or specialities: https://www.drupal.org/drupal-services
They're ranked by factors including how many Drupal modules they support and how many issues their employees helped resolve for Drupal core or contributed modules in the last 90 days.
Statement from the Drupal Association Executive Director saying she made the final decision: https://www.drupal.org/association/blog/a-statement-from-the-executive-director
Statement from the CWG which confirms that they found no Code of Conduct violation, but "some of the issues raised were outside the scope of its charter and it was appropriate for the matter to be escalated to Dries" https://docs.google.com/document/d/1tcwuuip9qAMtGNir7_aD1zhWubEkisNnkG3n7CHFPbM/edit
Statement from the Drupal Association Executive Director saying she made the final decision: https://www.drupal.org/association/blog/a-statement-from-the-executive-director
Statement from the CWG which confirms that they found no Code of Conduct violation, but "some of the issues raised were outside the scope of its charter and that it was appropriate for the matter to be escalated to Dries": https://docs.google.com/document/d/1tcwuuip9qAMtGNir7_aD1zhWubEkisNnkG3n7CHFPbM/edit
The terminology can be very confusing, particularly in meetings with non-drupalers, because people use the word template so loosely that it covers pretty much anything. But, in Drupal, a "Theme" is a collection of templates, css, javascript, images, etc. If you look at what a theme is composed of, you'll notice that there are templates embedded in templates, an inception of templates. Almost every object in Drupal has a template file that can be overridden or modified to meet the requirements of your markup. This help page gives a pretty good example of the structure. It's for D7, but the idea still holds in d8. https://www.drupal.org/docs/7/theming/overview-of-theme-files
Zen is a decent "blank" theme to start with https://www.drupal.org/project/zen that doesn't require tons of CSS overrides to get the site into the shape you want.
What you want to do is to override zen in a custom sub-theme https://www.drupal.org/node/225125
In your info file for your custom theme you will add your own CSS and JS files (paths relative to the .info file).
If you want to change the basic HTML of something, make a directory in your theme called "templates" and then copy existing templates from zen/templates into your own custom templates dir and hack away.
Whatever you do, don't hack existing Drupal themes or modules, figure out some way to override!
Edit: oh and forgot to mention. If you add and or remove templates, or you read about some trick to put inside yourtheme/template.php, flush the cache afterwards. If your changes ever don't look like they got applied immediately, go to Configuration -> Development -> Performance and hit the clear cache button.
Devs want a designer to put a site on Drupal?
First, Drupal has a learning curve. It's going to take some patience, and that's putting it mildly, so try not to get frustrated. The head devs should A.) know better and B.) offer you some personal guidance and mentoring, especially if you have no previous familiarity. You can do very cool things once you learn to wield the code, but it's unwieldy code.
> Does anyone have any experience with this and can push me in the right direction?
Yes. Install the Zen theme (If you have to do it manually, copy the code into your sites/all/themes folder). Inside that code there are Readmes on how to create a sub theme. Essentially, you'll copy a folder called "Starterkit" (or something like that) into your very own child theme of Zen. Your new theme contains all kinds of nicely commented code to help you make sense of everything, and a series of files which you can start manipulating to get your own results.
Similarly, there is the Examples project, which is a module setup specifically to provide examples on how to make your things. This probably won't come into play too much if you stick to the design side, but you never know.
Maybe it would be better for her to change her approach to detecting bots? Hidden Captcha is a very effective Drupal module, for example.
Otherwise, she's going to have to start finding questions for Australians, Kiwis, and many other visitors who may not be from English-speaking countries at all.
That's why you subscribe to the security announcements newsletter. The vulnerability was disclosed several days before this happened on a big scale. If you run any kind of CMS, the first thing you do is to subscribe to its security newsletter. https://www.drupal.org/security
Only give them access to what they need to maintain their site. Provide them with a regular, day-to-day login with access to nothing more that what they need. As the site owner, also supply them with the admin account - but this should not be for regular use - only in case they switch developers or you get hit by a bus.
I typically create Content Admin, Site Admin and Store Admin (for ecommerce) roles. Content admins can create and edit site content . Site Admins can view reports, create users, etc.
I never give the regular user account access to Views admin. There is a great module View UI Basic Settings that allows you to configure the site so a user can edit a View's header and footer without having to give them full access.
TIP: Make sure all of your Admin roles have access to "View Administration Theme".
Facets https://www.drupal.org/project/facets
Honestly, for me anyway, modules such as custom breadcrumbs and Rules etc. always seem heavy handed when it's really easy to write your own custom breadcrumb that is specific to what you're building. hook_preprocess_breadcrumbs is often all you would need.
Of course if you're more of a site builder than developer, I guess this doesn't help.
Same with Rules. It's a highly complex module that provides far more than what you probably need and can usually write in a custom module in far fewer lines of code.
Anyway, that's my thoughts on such modules!
Check out the contrib module scheduler: https://www.drupal.org/project/scheduler
Allows you to schedule the publishing (or unpublishing) a post at a specific date/time. Works great. As I recall, you just install the module then edit the content type you want to be able to schedule to allow it. Finally, when you actually create a post, you can set the schedule time in the add/edit form.
You probably want to integrate with an ad server. The buyers are going to have more and more requests, reporting requirements, etc. Drupal isn't the best place to manage all that.
Sign up for a free Google Doubleclick For Publishers account, then use the Drupal DFP module to create placable blocks for your ad units.
Once you set up the ad units on your pages, create a campaign in DFP by creating a "New Order" and limit the impressions to 50,000. You can then say "Only one" under "Display creatives" to limit the campaign to only show one ad per page.
I realize this isn't an easy path, but the up-front work you put into this will pay dividends in the long term if you're really going to be selling ads.
There are numerous security issues dating back to your version of Drupal, including the dreaded "Drupalgeddon" vulnerability. Drupalgeddon was so bad that the Drupal security team said that unless you patched it within 5 hours, your site was probably compromised.
My advice would be to assume the website has already been compromised, and to start fresh in a new hosting location. Anything else, and you will never be sure that your site's integrity is whole.
That said, going forward, my advice is to only use stable-release modules (no betas, alphas, dev releases, etc), and to patch everything as frequently as possible. Drupal Security Team issues patches every Wednesday, so you should be able to plan for them and update as needed.
Edit: I'm not a Drupal developer, I am a security analyst who works at a location with numerous Drupal websites under our purview. It's my job to make sure our Drupal installations are secure.
Hi Roger! Thank you for all that you have done for the Bitcoin community. In 2015, there is no need to spend that kind of money to get a website built, in my opinion. There are bunch of open source content management systems (OSCMS) that are essentially already a pre-built website. All of the heavy lifting has been done: all that you have to do is to pay someone to "skin" it to your preferences. Drupal, Joomla, and Wordpress are very popular examples. You can find web development companies that specialize in OSCMS development. A reputable company will have lots of examples of websites that they have done before. If I were you, I would find such a reputable company, and post links to some of their previous work here. The community could help you decide if this is a company that would give us (the Bitcoin community) good results. You'd be surprised, some of us would probably offer to help fund this if you found a good reputable developer. If we could find a developer who accepts Bitcoin, I would definitely contribute. Probably the most notable website built on an open source content management system is http://whitehouse.gov/ It is built on Drupal: https://www.drupal.org/
Drupal 8 is going to be released soon, and we could build a phenomenal Bitcoin.com on the Drupal platform.
I know this may be nothing to many but as a site builder that can't write a single line if php, get to know the Rules module. You can pretty much do anything with it. I know hardcore devs may scoff as it is not as performant and would prefer to roll their own custom code. But creating custom workflows or actions with rules means no custom code to keep on top of and you can have more control over your site. Rules might seem overwhelming at first but stick with it. Combine it with Rules scheduler, flag and VBO and you can do some pretty nifty backend admin features for your clients as well. See the learn rules video series from nodeone/wunderkrout. I would link to it but it appears that their site is down at this time.
In Drupal 7.33+, if I'm wrangling template suggestions, this is like replacing a candle with a floodlight when fumbling around in a dark room...
$conf['theme_debug'] = true;
Like /u/ganjamensch said, contrib modules often don't have the best documentation. People who do work on contrib modules often do it for fun in their spare time, and writing documentation isn't fun, so it's tougher to get people to do it when they aren't getting paid for it.
The good thing is that people like you and me have the ability to improve that. Figure out what you need by digging through the code and asking questions on http://drupal.stackexchange.com or in IRC, and then add a new child page to https://www.drupal.org/documentation/modules/path-redirect with the information that you find, so the next person doesn't have to do the same thing that you did.
You Need to build your own module! Once you get the hang of it, it would take you about 15 minutes to integrate already existing code, but I recommend understanding the module and hook system first. https://www.drupal.org/developing/modules
Download and enable admin_menu module. If you are using drush, just type:
drush pm-download -y admin_menu drush pm-enable -y admin_menu
edit: formating
Baaaaaaaaaaaaaaaaaaaaaaait. But fine, I'll bite.
You might be interested in the CMS Kickstart distro. It's a fairly new one that seems to be ambitiously trying to make Drupal 7 as WordPress-ish as possible. And yes, as others have said, D8 will have further UX improvements for "normal people," though most of the improvements are just bringing into core things that were developed in the D7 contrib space.
That being said, you seem to have a fixation on WYSIWYG editors (and you're not alone on this). Let me tell you, on ever D8 site I build, I'm going to be disabling that bullsheezy (or, more precisely, not enabling it in the first place, since I never use the standard install profile anymore). Using WYSIWYG is the wrong solution for almost every use case, and is the quickest way to get sites with purple italicized and underlined 36-point Times New Roman text on a site that otherwise uses Verdana. And then you want to give them the ability to upload arbitrary files to the editor too?
Yes, ugliness can be reduced by locking down what people can do with the editor, but it's still better to just give them a separate header image field or a separate subtitle field or whatever and enforce consistency that way. If they must have inline links or titles, then they can learn Markdown or HTML, or use BUEditor if they refuse to.
I fight clients that want a WYSIWYG editor, because it's usually in their best interest to not have one. And usually, after explaining how we can achieve the desired effect with proper fields and theming, I can win.
You should never be able to see a users passwords, this is a huge security no go. Quick google result about the basics: https://thisinterestsme.com/secure-passwords-with-php/
You are looking for a way to impersonate a user, you can try this module: https://www.drupal.org/project/masquerade
I just updated a couple of D7 and D8 sites. Everything worked fine, no problems so far.
D8 sites were updated using composer (drupal-composer/drupal-project template), D7 sites updated with drush.
When you're using rabbit_hole, make sure to upgrade to drupal/rabbit_hole 1.0.0-beta6 or you'll get a WSOD.
The Entity Links translation bug is still not fixed in 8.7.1. Patch #88 from the issue queue is still working well, even though automatic tests failed on it. But there are also some newer patches addressing 8.7.x. and 8.8.x.
Most of the above mention webform related modules are no longer needed.
@see What Drupal 7 Webform related projects have been incorporated into the Webform module for Drupal 8
​
> With 8 and 7 having the same end of life date, I would think twice about the benefits of the upgrade.
One of the primary goals for the upgrade from 8 -> 9 is for it to have a minimal impact. It does not look like they will be attempting to add major features but mostly just addressing the symphony 3 EoL:
https://www.drupal.org/project/drupal/issues/2608496
> The Drupal 8 to Drupal 9 upgrade path is expected to be similar to an upgrade path between minor Drupal 8 releases, because we will only drop backwards compatibility layers, not make new significant API breaks in 9.0.0.
I'm afraid I'll have to pull that dreaded "let me not answer your question and instead tell you it is the wrong question" response here.
If you need significantly different markup then rather than have one template with an if/else check of the content-type in, you can create another template node__content-type.tpl.php
which via theme hook suggestions will automatically be used instead of the generic node.tpl.php
.
Ideally the container/wrapper would in both cases be in this node level tpl but if it has to be in the page.tpl you can force a content-type-based variant theme hook at the page level too - ctrl+f for "Add a page.tpl.php depending on content type" on that theme hook suggestions link.
If you are only needed to change a class or two then you might be ok with just one template. Still, you will want to avoid direct checking of content types and if/else branches in your tpl as much as possible. You can use a preprocess hook to change the classes at the render array stage.
I've used Owl Carousel on one website years ago. It was alright, but if I update the module everything breaks.
I've been using Slick Carousel for the last couple years and I really like it:
The upgrade wasn't simply to fix a bug, there was a major security problem. More info here: https://www.drupal.org/sa-core-2018-004
But from the sounds of it, the site has been compromised. Best bet is to restore from a backup from before the vulnerability was announced.
I know Campbell but it was https://www.drupal.org/u/g%C3%A1bor-hojtsy and it was this http://phpconf.hu/roadshow/2004/dunaujvaros/program.php/Drupal presentation. (Also note Campbell is a newbie compared to Gabor and me, only 12.5 years on drupal.org, Gabor has two years more, me one and a half.)
It is just a refresh of the calculation of the security risk: https://www.drupal.org/drupal-security-team/security-risk-levels-defined
Now that that it is no longer theoretically but bots searching for vulnerable sites, the score gets higher.
Drupal is used by many huge media platforms. I was interviewed for a job at an agency developing media platforms for newspapers - and they spend a lot of time thinking about the best platform for them. They ended up choosing Drupal, because of the huge community of developers (before, they used Django, but threw away months of work, when the Django developer quit and no one could take over).
Very first paragraph of the Release Notes:
>Versions of Drush earlier than 8.1.12 will not work with Drupal 8.4.x. Update Drush to 8.1.12 or higher before using it to update to Drupal core 8.4.x or you will encounter fatal errors that prevent updates from running.
Sure! This can be done fairly easily.
I recommend getting the Conditional Rules Module to help with this.
1.) Create a new View that displays content of the "Events" type. (Does not need a Page or Block. Can be done within the Master view.)
2.) By default, the View will likely only show about 10 results per page. Change this to display all items
3.) Add a "Bulk Operations: Content" field
4.) Create a new Rule and have it activate on a Drupal Cron Job (Or you can use the Scheduler or Rules Once per Day if every Cron Job is too often)
5.) Create an Action to Load a List of Entity Objects from a VBO View and then select the View you created in Step 1. (Let's say that you name the list "event_list")
6.) Create a Loop and select "event-list". (Let's say that you name each item "current_event")
7.) Within the loop, add a "Conditional"
8.) Within the Conditional, add an "If" for if "Content is of Type" and then select "Event" (This gives us access to the Date field you are using)
9.) Within the Conditional, add an "If" for Data Comparison
10.) Under Data to Compare, select the date field's end date
11.) Under Data value, be sure you are in Direct Input mode and type "30 days ago" Note: If you need more info, check out PHP Relative time.
12.) Within that Conditional, add an Action
13.) Select "Unpublish Content" and for the node, select "current-event"
14.) After that, you should be done! Run the Drupal Cron and the old Event nodes should be unpublished.
Pretty much what it is doing is this: - On every Cron Run, Rules grabs every Event node via VBO - Rules checks to see if any Event Nodes ended 30 days ago - If an Event Node has its end date end 30 days ago, it is unpublished.
Please let me know if you have any questions!
It's not the first time they've had this issue, here's the patch where they argue over and agree to remove "master/slave" terminology from their database module. I guess that's karma.
> the Code of Conduct which establishes the values
The DCoC does not establish values. it does establish how to treat others.
Read it for yourself at https://www.drupal.org/dcoc. It's pretty short.
I bought a set of seven colors of interference pigments from TKB trading, 6g ((SIX GRAMS, SON)) each ((EEEEAAACHH)) for something like $21. It's kept me from buying the moonchild palette as well as the kvd alchemist or anything similar because I can just use them on my face or eyes or layer them over whatever I want. There's no glitter or color pigment, just a beautiful colorful sheen whenever the light hits it. EVERYTHING IS DUOCHROME NOW.
I wiiilll say they need a little something to stick to and they show up grayish if I put too much on. I did have to get some little pots to put small amounts of them into because they come in lil baggies. I also kind of wish the "red" was actually red, not pink. So they can be a little finicky.
BUT
my face is ALL THE COLORS and I didn't spend a lot of money on what I think is basically the same shit.
> a single-entry, multi-output
If you keep all your data in a spreadsheet, then to me this does scream Drupal.
Views is now part of Drupal 8 Core too, so nothing needed there.
The basic process here is you can run a simple import of your sheet whenever you like. That will either update content, or create new content. Then you can use Views to display at as you like. Should be a pretty simple process.
As for searching and categorization, you can look into Taxonomy (Core) and possibly Facet API to help narrow down items based on multiple categories.
Honestly, this is the perfect opportunity to dive into Drupal. It might seem easier to do it in Wordpress if that is all that you have worked in before, but once you're done. You'll realize Drupal was the best option. (Or you'll want to throw yourself off a cliff, either way)
Drupal will do this with the Organic Groups module.
You can create groups that users can join, and the access to the content is restricted to the users in that group. Is that what you're looking for?
Django pull request, replacing master/slave with "leader" and "follower" because master/slave was offensive.
And here's a similar one for Drupal.
This is just the beginning.
edit: updated drupal link
Drupal.org has implemented almost all of the Advanced CSS/JS Aggregation module recommendations for it. The result of all this work is that slower connections display drupal.org faster. The slower the connection, the better the improvement.
The most improved is for a mobile edge (240 kbps[down] / 200 kbps[up] - 840 ms RTT[ping]) connection. The start rendering metric went from 14.888 seconds down to 7.690 seconds; almost cutting the time in half. The start rendering metric is important, it's when the browser starts to display what it has; before this point it's a white screen. My tweet's pictures shows a couple of connection types and the improvement made in graphical form https://twitter.com/mcarper/status/627262269131350016
No, but frankly, if Ubercart and Drupal Commerce are too complex for the people who talk to you, they might as well just run a lemonade stand on the sidewalk -- other ecommerce platforms are just as complex, if not more so.
If you are setting up Drupal Commerce, be sure to install the Commerce Backoffice module (https://www.drupal.org/project/commerce_backoffice) -- it simplifies some of the more unorthodox DC administration stuff and makes it less difficult to use.
This is a very generic question. It sounds like you need to read up on Drupal theming in general. There could be several ways to do what you want, but cannot recommend a solution with such an open-ended question.
In fact, the bug was reported back in November 2013: https://www.drupal.org/node/2146839 and marked as Major in March 2014 because of its security implications. Anyone monitoring the reported issues list would have seen it. (Here's a thought, what are the odds that there are other similar reports in the issues list?)
Omega 4 has indeed changed radically since Omega 3. From the Omega project page:
>Omega 4.x is a base theme framework aimed at themers who want to gain full control over the theme through code, rather than a user interface. If you depend on the user interface you can continue using Omega 3.x.
And from the Omega 4 docs:
>Do you rely on the user interface for building layouts, or are you comfortable defining layouts in code in a tpl.php file? Omega 4.x does not include the elaborate layout definition UI that was a hallmark of Omega 3.x
Other's have mentioned groups which would help you do the subreddits. There's other useful bits:
https://www.drupal.org/project/vote_up_down for voting
https://www.drupal.org/project/radioactivity - if you sorted by raw number of votes then very popular posts would stick at the top of lists forever. this module has a score value you can customize that decays over time so if you sort by this instead of raw votes eventually newer stuff overtakes popular older stuff.
It's Drupal 7 and Solr. Far more likely that one of the many holes were used. Or maybe they were just sloppy and hadn't buttoned everything down.
We'll never know until the Treasury "web editor" comes out from hiding under his desk.
But seriously, if it turns out they trusted the security of their public CMS to protect sensitive time-embargoed information then heads should roll.
There's a module for that! The Rabbit Hole module allows you to prevent access to hitting nodes directly, and what you'd like to do instead (redirect, page not found, etc).
Seems her resume has some strange entries. Very CIAish IMO.
Ex: Internships in 1977 but didn't graduate HS until 1980? No 4year level college listed? Pre-Med at a Community College?
resume: https://drive.google.com/file/d/0BxZQeV01N5twYm1uMzBMOVY5bXc/view
Drupal: https://www.drupal.org/ The Drupal project is open source software. Anyone can download, use, work on, and share it with others. It's built on principles like collaboration, globalism, and innovation. It's distributed under the terms of the GNU General Public License (GPL). There are no licensing fees, ever. Drupal will always be free.
Drupal's the content management system behind many of the digital experiences you love. And it will always be free.
Tweet
Made possible by a global community
The Drupal community is one of the largest open source communities in the world. We're more than 1,000,000 passionate developers, designers, trainers, strategists, coordinators, editors, and sponsors working together. We build Drupal, provide support, create documentation, share networking opportunities, and more. Our shared commitment to the open source spirit pushes the Drupal project forward. New members are always welcome.
>tickets for everything
So much this. I was stuck as a solo position for a few years until, thanks to some good advice, I started creating tickets for everything. Leadership could then see with hard data that work was consistently coming in faster than it was being completed. Give them the tools they need to make the case to the ceo / board of directors / stock holders.
First of all, ALWAYS BACKUP! No matter if it's WordPress, Drupal or any other system you are updating.
Second, if the version difference isn't too large, eg. upgrading from 7.52, you should be fine. However, all versions before 7.59 have a big security bug (https://www.drupal.org/sa-core-2018-004). So chances are that site has been hacked ... You'll need to clean your site first if that's the case.
> What do you like and/or dislike about Drupal? > What are Drupal's strengths and weaknesses?
I liked the Drupal's flexibility - it is also a strength. Drupal is not just a CMS, it is also a framework. You can use Drupal to create a simple personal blog site, to an enterprise application.
I liked the architecture and environment (PHP environment considered here) shift in Drupal 8 from Drupal 7. Drupal 8 is now more aligned to the modern PHP frameworks. You can easily use a third-party Composer package in 8, which was hard (and not built-in) in 7.
The ease of managing site configurations is much smoother and easy in 8. Compared to 7 - using features
module.
Drupal has a steep learning curve. I would not say that is a weakness, but it is a challenge and a blocker for newcomers. While working in Drupal 8 I also felt that the documentations/tutorials need improvement, and you might have to dig into the module code to do some custom work. Community has already taken initiatives 1, 2 to improve the docs. +1 on that.
> How does it compare with other CMS platforms you have used in the past?
I worked on Wordpress for a short term. I found Drupal more sophisticated than Wordpress - considering the code and architecture. This was ~4 years back, I don't know the current state of Wordpress.
> What is your overall development experience?
8/10
+1 for the friendly Drupal community.
You'd probably be interested in reading @lauriii's response here: https://www.drupal.org/project/ideas/issues/2913628#comment-12289381
You can subscribe to alerts directly from the security team. From the PSA
he announcement will be made public at https://www.drupal.org/security, over Twitter, and in email for those who have subscribed to our email list. To subscribe to the email list: login on Drupal.org, go to your user profile page, and subscribe to the security newsletter on the Edit » My newsletters tab.
First of all, if you are running Drupal 7.56 instead of Drupal 7.58 you probably want to run, not walk, over to SA-CORE-2018-002 because we've been seeing live attacks that work on Drupal <7.58 since April 13 (on our sites). You might want to grep for element_parents in your webserver logs.
Drupal core already has facility for doing what you want with block caching.
If you go to Administration / Configuration / Performance you will see several caching controls. You should check "Cache blocks" if you want blocks to be cached. If you are running MySQL/MariaDB as your backend that means that cached blocks will be stored in the cache_block table the first time an anonymous user sees them, and they will be quickly served from here instead of rebuilt on each subsequent anonymous request. A real performance boost.
Also on the Performance page you will see something called "Minimum cache lifetime". If you have this set to None it means that if you were to add a page, when you click the Save button block caches will be cleared. A minimum cache lifetime of None says to Drupal, "when there is new content created please clear the block cache immediately".
If you were to set the Minimum cache lifetime to 1 min, the block caches would be recreated on the first anonymous request that occurs more than one minute after you have created your new content.
There is no reason to do a massive cache clear on everything in order to clear the block cache.
If you do have a more complicated site where you have custom modules messing around with caches you can always implement a hook to clear the block cache only with cache_clear_all('*', 'cache_block', TRUE).
It appears to be a patch for part of the Drupal CMS that checks for the strength of a password: https://www.drupal.org/project/drupal/issues/1497290
Not sure what your father has anything to do with it, but perhaps his name is a common word?
Webform for Drupal 8 is still in beta because it is a completely new code base.
> Even though the Webform module is still under active development with regular beta releases, all existing configuration, and submission data will be maintained and updated between releases. APIs can and will be changing while this module moves from beta releases to a final release candidate. > > Simply put, if you install and use the Webform module out of the box AS-IS, you should be okay. Once you start extending webforms with plugins, altering hooks, and overriding templates, you will need to read each release's notes and assume that things will be changing. > From: https://www.drupal.org/node/2834423
The most ironic thing might be your client ran into this issue about Remote post error handling which could cause leads to be silently lost.
Enterprise clients like pharmaceuticals need to get more involved in the Open Source community.
Still, I agree with the overall sentiment that the contrib modules (including Webform) for Drupal 8 is going through some growing/support pains. We all need to collaborate and fix these problems.
often 0x0 will be an Out of Page (OOP) Interstitial DFP creative https://www.drupal.org/node/2038965
However, I have also heard of publishers using a 0x0 ad slot to call anysize creative that they intend on serving into their "fluid" ad slots. Essentially, the creative, which has top-level access to the document will be loaded into a 0x0 DFP ad slot and placed onto the page in a flexible div or container allowing the creative to absorb 100% of the viewport width and whatever the scheduled ad height is. (think IAB flex ads format 1:1, 5:1, 8:1 where a flexible container will render a sizeless creative_0x0).
Alternately, if the publisher is using DFP programmatic in combination with "Native styles" then it would be logical for them to call the ad size 0x0 since their page structure will end up controlling the downstream creative render, ad size, placement, and styling. https://support.google.com/dfp_premium/answer/6366845?hl=en
If you like that, there's a thing in web development where you can ruin a troll's experience instead of banning them. It stops them creating new accounts.
Eg. https://www.drupal.org/project/misery
Delay: Create a random-length delay, giving the appearance of a slow connection. (by default this happens 40% of the time)
White screen: Present the user with a white-screen. (by default this happens 10% of the time)
Wrong page: Redirect to a random URL in a predefined list. (by default this happens 0% of the time)
Random node: Redirect to a random node accessible by the user. (by default this happens 10% of the time)
403 Access Denied: Present the user with an "Access Denied" error. (by default this happens 10% of the time)
404 Not Found: Present the user with a "Not Found" error. (by default this happens 10% of the time)
Forms don't submit: Redirect back to the form during validation to prevent submission. (by default this happens 60% of the time) Note: Occasionally certain forms validate based on which button was pressed, this won't work in those cases.
Crash IE6: If the user is using Internet Explorer 6, this will crash their browser. (by default this happens 0% of the time)
Spam: Replace node content with a set word. (by default this happens 10% of the time)
Logout: Log the user out. (by default this happens 10% of the time)
Totally irrelevant but I love it.
> I disagree. Part of Drupal 7's best utility was that once it was set up properly, code rarely needed to be deployed.
Honestly, and I blame acquia and community leaders for this, that ship has sailed. Drupal 8 is probably the most complex CMS I've ever used.
Yes it's very powerful for content admins, and even 'power admins' who get into things like views. But the simple coding/setup is gone. I'd never recommend D8 to an individual without a php dev on staff or on retainer.
I think that decision was made a long time ago (for good reasons) but the conversation about it wasn't honest. Yes people who use the gui will be fine but those that want to poke and prod and do simple tweaks? Sorry, not the product for you anymore. I don't mean this in a mean way at all, I just think it's the reality. Your seeing it with the move away from feeds to migration. A developer first tool.
edit: for what it's worth after looking at the https://www.drupal.org/project/migrate_source_csv page and reading the link showing how to set up a csv migration, I'm doubling down on this opinion. If you can't complete some due diligence and read the article showing literally a 40 line yml file and basically spelling it out for them, they are not going to appreciate drupal 8. https://www.mtech-llc.com/blog/lucas-hedding/migrating-using-csv
While I don't want to contradict the "no CMS" guys here I'd suggest to maybe look into a CMS like Drupal which seems to have already what you want (via the extension Bat - but be aware that Drupal has a quite steep learning curve and might be a bit of an overhead for your necessities - it's great at managing permissions tho.
> it is important to note that this has been a careful, and deliberate process that has been going on since October 2016