Development News

The Drop Times: Top Drupal 9 Books to Read

Main Drupal Feed - Tue, 06/21/2022 - 01:11
You can use Drupal books to learn about module development, different types of frameworks and creations, marketing and more.

The Drop Times: Top Drupal 9 Books to Read

Main Drupal Feed - Tue, 06/21/2022 - 01:11
You can use Drupal books to learn about module development, different types of frameworks and creations, marketing and more.

Security public service announcements: Updated security policy for Drupal core Composer dependencies - PSA-2022-06-20

Main Drupal Feed - Mon, 06/20/2022 - 18:18
Date: 2022-June-20Description: In Drupal 9.4 and higher, drupal/core-recommended allows patch-level vendor updates

The drupal/core-recommended metapackage now allows patch-level updates for Composer dependencies. This means that site owners using drupal/core-recommended can now install most Composer dependency security updates themselves, without needing to wait for an upstream release of Drupal core that updates the affected package.

For example, in the future, a Guzzle vendor update like the recent Guzzle security release can be installed by running:

composer update guzzlehttp/guzzle

The change record on drupal/core-recommended and patch-level updates has more detailed information on how this change affects site dependency management.

Drupal security advisories and same-day releases for vendor updates will only be issued if Drupal core is known to be exploitable

It is the Drupal Security Team's policy to create new core releases and issue security advisories for third-party vendor libraries only if an exploit is possible in Drupal core. However, both the earlier version of the drupal/core-recommended metapackage and Drupal.org file archive downloads restrict sites to the exact Composer dependency versions used in Drupal core. Therefore, in practice, we have issued numerous security advisories (or same-day releases without security advisories) where only contributed or custom code might be vulnerable.

For Drupal 9.4.0 and higher, the Security Team plans to no longer issue these "just-in-case" security advisories for Composer dependency security updates. Instead, the dependency updates will be handled as public security hardenings, and will be included alongside other bugfixes in normal Drupal core patch releases. These security hardenings may be released within a few days as off-schedule bugfix releases if contributed projects are known to be vulnerable, or on the next scheduled monthly bugfix window for uncommon or theoretical vulnerabilities. (Keep in mind that Drupal core often already mitigates vulnerabilities present in its dependencies, so automated security scanners sometimes raise false positives when an upstream CVE is announced.)

Site owners are responsible for monitoring security announcements for third-party dependencies as well as for Drupal projects, and for installing dependency security updates when necessary.

Sites built using .tar.gz or .zip file downloads should convert to drupal/core-recommended for same-day dependency updates

Drupal 9.4 sites built with tarball or zip file archives will no longer receive the same level of security support for core dependencies. Going forward, if core is not known to be exploitable, the core file downloads' dependencies will be updated in normal bugfix releases within a few days (if contributed projects are known to be vulnerable) to a few weeks (if the vulnerability is uncommon or theoretical).

Sites built with tarball or zip files should convert to using drupal/core-recommended to apply security updates more promptly than the above timeframe.

Drupal 9.3 will receive prompt, best-effort updates until its end of life

Drupal 9.3 receives security coverage until the release of Drupal 9.5.0 in December 2022, and will not include the above improvement to drupal/core-recommended. Therefore, we will still try to provide prompt releases of Drupal 9.3 for vendor security updates when it is possible for us to do so.

Since normal bugfixes are no longer backported to Drupal 9.3, there will already be few to no other changes between its future releases, so dependency updates may be released as normal bugfix releases (rather than security-only releases). Security advisories for Drupal 9.3 vendor updates may still be issued depending on the nature of the vulnerability.

Drupal 7 is not affected by this change and Drupal 7 core file downloads remain fully covered by the Drupal Security Team

Drupal 7 core includes only limited use of third-party dependencies (in particular, the jQuery and jQuery UI JavaScript packages). Therefore, Drupal 7 is not affected by this policy change. Note that Drupal 7 sites that use third-party libraries with Drupal 7 contributed modules must still monitor and apply updates for those third-party libraries.

For press contacts, please email security-press@drupal.org.

Talking Drupal: Talking Drupal #352 - D7 to D9 Migration

Main Drupal Feed - Mon, 06/20/2022 - 18:00

Today we are talking about D7 to D9 Migration with Mauricio Dinarte.

www.talkingDrupal.com/352

Topics
  • Why are you passionate about migration
  • First thing to think about when migrating
  • Timeline
    • Factors
  • Tips and tricks
  • Helpful tools and migrations
  • Tricky things to migrate
  • Data structure inconsistencies
  • Embedded media
  • Data management
  • Source sets
    • CSV
    • Json
    • DB connection
  • Understanddrupal.com
  • Who is the audience
  • Any new content
Resources Guests

Mauricio Dinarte - understanddrupal.com - @dinarcon

Hosts

Nic Laflin - www.nLighteneddevelopment.com @nicxvan John Picozzi - www.epam.com @johnpicozzi Donna Bungard - @dbungard

MOTW

Event Platform The Event Platform is actually a set of modules, each of which provides functionality designed to satisfy the needs of anyone creating a site for a Drupal Camp or similar event.

Talking Drupal: Talking Drupal #352 - D7 to D9 Migration

Main Drupal Feed - Mon, 06/20/2022 - 18:00

Today we are talking about D7 to D9 Migration with Mauricio Dinarte.

www.talkingDrupal.com/352

Topics
  • Why are you passionate about migration
  • First thing to think about when migrating
  • Timeline
    • Factors
  • Tips and tricks
  • Helpful tools and migrations
  • Tricky things to migrate
  • Data structure inconsistencies
  • Embedded media
  • Data management
  • Source sets
    • CSV
    • Json
    • DB connection
  • Understanddrupal.com
  • Who is the audience
  • Any new content
Resources Guests

Mauricio Dinarte - understanddrupal.com - @dinarcon

Hosts

Nic Laflin - www.nLighteneddevelopment.com @nicxvan John Picozzi - www.epam.com @johnpicozzi Donna Bungard - @dbungard

MOTW

Event Platform The Event Platform is actually a set of modules, each of which provides functionality designed to satisfy the needs of anyone creating a site for a Drupal Camp or similar event.

Mike Herchel's Blog: Pitfalls (and fixes) when lazy-loading images in Drupal

Main Drupal Feed - Mon, 06/20/2022 - 16:00
Pitfalls (and fixes) when lazy-loading images in Drupal mherchel Mon, 06/20/2022 - 12:00

Mike Herchel's Blog: Pitfalls (and fixes) when lazy-loading images in Drupal

Main Drupal Feed - Mon, 06/20/2022 - 16:00
Pitfalls (and fixes) when lazy-loading images in Drupal mherchel Mon, 06/20/2022 - 12:00

Peoples BLOG: Usage of PHPCS on Github via Pull Request for Drupal Applications

Main Drupal Feed - Mon, 06/20/2022 - 14:30
In this article, we are going to see how some tools & libraries will make people's lives easier during the development & code review process. And to make developer life easier, developers look for tools or libraries which can automated code review and if needed make any corrections in the code automatically. Here comes the PHP codesniffer and Drupal coder module. If you are maintaini

#! code: Drupal 9: Removing Base64 Encoded Files From Content

Main Drupal Feed - Sun, 06/19/2022 - 19:07

Occasionally, I have come across Drupal sites that have base64 encoded images embedded into content fields. This is the approach of taking the binary data contained in a file and converting it into a string of characters. The original binary data can then be re-created using this string and the data is understood by lots of different technologies (including web browsers).

Whilst this is technically possible, it massively balloons the size of the database and can often slow down page load times due to the database being slow to respond to the request. Instead of fetching a few kilobytes of data from the table the database is forced to fetch many megabytes of data, which can create a bottleneck for other requests.

When you download a file from the web your browser can make a decision on whether to fetch that file a second time. By injecting files into the content you are forcing your users to download very large pages every time they want to request a page. It isn't possible for the browser to make that decision any more and that can lead to more slowdown for the user.

If you can't tell, I really dislike this method of image storage. Whilst it is technically possible, it creates more problems than it solves and even sites with a couple of thousand nodes can have databases of many gigabytes in size due to this issue. It can also put unnecessary strain on the database due to the increased time taken to return data.

Let's say that when you embed an image into some copy on a Drupal site using the normal media or file embed features. You might see an image element that looks like this.

In certain situations it is possible to embed images directly into content. The image element would look something like this.

Read more.

#! code: Drupal 9: Removing Base64 Encoded Files From Content

Main Drupal Feed - Sun, 06/19/2022 - 19:07

Occasionally, I have come across Drupal sites that have base64 encoded images embedded into content fields. This is the approach of taking the binary data contained in a file and converting it into a string of characters. The original binary data can then be re-created using this string and the data is understood by lots of different technologies (including web browsers).

Whilst this is technically possible, it massively balloons the size of the database and can often slow down page load times due to the database being slow to respond to the request. Instead of fetching a few kilobytes of data from the table the database is forced to fetch many megabytes of data, which can create a bottleneck for other requests.

When you download a file from the web your browser can make a decision on whether to fetch that file a second time. By injecting files into the content you are forcing your users to download very large pages every time they want to request a page. It isn't possible for the browser to make that decision any more and that can lead to more slowdown for the user.

If you can't tell, I really dislike this method of image storage. Whilst it is technically possible, it creates more problems than it solves and even sites with a couple of thousand nodes can have databases of many gigabytes in size due to this issue. It can also put unnecessary strain on the database due to the increased time taken to return data.

Let's say that when you embed an image into some copy on a Drupal site using the normal media or file embed features. You might see an image element that looks like this.

In certain situations it is possible to embed images directly into content. The image element would look something like this.

Read more.

Post Status: Flooding the zone

Wordpress Planet - Fri, 06/17/2022 - 23:35
Why not take a nice long bath instead?

Post Status: Today in WordCamp History

Wordpress Planet - Fri, 06/17/2022 - 22:34
Starting today and every day for the next year, I’ll be sharing 1-4 photos that appear on that day from the WP events I was at. I’ll tag the location and people there as well as I can. You can follow on Twitter @KitchensinkWP or at kitchensinkwp.com.

Post Status: Not Dead Yet! Just Mostly Dead?

Wordpress Planet - Fri, 06/17/2022 - 20:00
Gutenberg 13.4 • Learning FSE sooner rather than later • Gutenberg in Tumblr and Day One • WordCamps and the vitality of the WordPress community • AUS WordPress community only mostly dead? • Get SEO Schema graphs • Web font loading geek out • PHP is 28! • PHP namespaces and autoloaders • You can work anywhere... why not Cleveland? • North Commerce — faster than the rest? • and more...

Do The Woo Community: WooBits: WordCamp Europe Before, During and After

Wordpress Planet - Fri, 06/17/2022 - 16:58

I had an amazing time at WordCamp Europe in Porto, Portugal. Here are some highlight around and during the event.

>> The post WooBits: WordCamp Europe Before, During and After appeared first on Do the Woo - a WooCommerce Builder Community .

Post Status: Richard Midson on WordPress and the Future of Podcasting — Post Status Draft 116

Wordpress Planet - Fri, 06/17/2022 - 14:11
Richard Midson of Automattic on the future of podcasting and the opportunities for WordPress as a podcasting platform.

Agaric Collective: Drupal 9.4 installation with existing configuration fails because "unable to uninstall the MySQL module"!?

Main Drupal Feed - Fri, 06/17/2022 - 13:57

Here is how to deal with the surprising-to-impossible-seeming error "Unable to uninstall the MySQL module because: The module 'MySQL' is providing the database driver 'mysql'.."

Like, why is it trying to uninstall anything when you are installing? Well, it is because you are installing with existing configuration— and your configuration is out-of-date. This same problem will happen on configuration import on a Drupal website, too.

Really this error message is a strong reminder to always run database updates and then commit any resulting configuration changes after updating Drupal core or module code.

And so the solution is to roll back the code to Drupal 9.3, do your installation from configuration, and then run the database updates, export configuration, and commit the result.

For example:

git checkout composer install drush -y site:install drutopia --existing-config git checkout main composer install drush -y updb drush -y cex git commit -m "Apply configuration updates from Drupal 9.4 upgrade"

The system update enable_provider_database_driver is the post-update hook that is doing the work here to "Enable the modules that are providing the listed database drivers." Pretty cool feature and a strong reminder to always, always run database updates and commit any configuration changes immediately after any code updates!

Read more and discuss at agaric.coop.

Lullabot: Lullabot Podcast: The New Olivero Theme – Awesome to the Core

Main Drupal Feed - Fri, 06/17/2022 - 03:30

A group of Lullabots (and Former 'bot and podcast co-host Mike Herchel) get together to discuss the new Default theme in Drupal 9 and 10 that they helped build.

The theme called "Olivero" is as beautiful as it is flexible and accessible.

The team talks about the immense amount of work it took for a project of such high visibility in the Drupal community.

Event Organizers: Camp Debrief: Stanford WebCamp 2022

Main Drupal Feed - Fri, 06/17/2022 - 02:09

This is the first in a series of “Camp Debriefs” by the Drupal Event Organizer Working Group. In this debrief, Fei Lauren (feilauren) interviews Irina Zaks (irinaz) about Stanford WebCamp 2022. If you would like your Drupal event to be featured in a Camp Debrief, contact the EOWG.

Irina first got involved with Drupal around 2006. After attending BADcamp in 2007, she decided the South Bay Area needed their own camp and Stanford could be a host. “We have to have this [DrupalCamp] experience here without driving that far”. 

Still relatively new to the community, she started reaching out to people who could help put together a proposal to Stanford University. It was approved and the university agreed to provide the space at a minimal cost. Stanford Camp was born and appeared to the public on Jan 23, 2010. 

What is the biggest challenge involved in starting a new camp or event? 

“If you want to do this camp, do it for yourself… do it because you feel that it is important. For you. For your friends. For the people.” 

In spite of the enthusiasm people may have about helping, there will be times when they simply don’t or can’t show up. We can’t always expect others to have the same passion or inspiration that we have - but keep going, Irina says. Not because other people think it’s a good idea, do it because it’s important to you.

“And then getting the word out there. Outreach is the most challenging part - reaching out to people who are struggling to work with Drupal, and they aren’t even aware that they can come to the camp and get support.”

It’s important to keep momentum and meet regularly. An ideal format for organizers might be one smaller meeting in the fall to connect with other organizers, then starting regular meetings 2 - 3 months before the event to start working and planning.  

What have you learned about doing events in-person vs online? 

A huge obstacle has always been to find enough rooms. This is true in many cases - even for casual local meetups, finding an appropriate venue can be a challenge. But for a large camp, Irina warns, the difficulty and cost scales. 

In the wake of the worst of the pandemic, we understand that both remote and in-person events have value. On one hand, humans are deeply social creatures and we need to connect in person. But when sessions are broadcasted online, so many more can be reached for a fraction of the cost. So Irina and the other Stanford WebCamp organizers explored what aspects of each are most valuable and came to the conclusion that a hybrid event would be the most successful. 

Hybrid models are great in theory, but can feel isolating for remote attendees - how can we keep people engaged?


The Stanford WebCamp 2021 organizing team

Stanford WebCamp’s solution is remarkably simple: everyone joins sessions remotely. In person, there is a reception or a lunch so that people who can make it have an opportunity to network and socialize. But it’s not required - even if folks are in the same room, attendees for sessions are each on Zoom.

“We all have the same experience”, Irina says. 

What are some of the things that go wrong?

“There are things that go wrong - and that’s okay”.

She plainly points out that in many cases, people are reasonably patient and folks will work together to get things back on track. The Drupal community is all about collaboration, after all.

But something that helps is having multiple people ready to help keep things on track. For example, a moderator and a back up moderator. 

What can we do to push through the burnout and wrap everything up?

“Have joy in what you do”, she advises. 

But she also talks about how important it is to set ourselves up for success by ensuring we find meaning in our work, but also that we aren’t taking on more than we can sustain.

“Pick the mountain that’s right for you.”

Don’t reinvent wheels and make anything more difficult than it needs to be. Re-use wording for sessions that are similar, don’t rebuild the website, but most importantly - remember that it should be meaningful.

But even so, we can sometimes lose sight of what matters to us. We forget why we are doing the work. In this case, Irina goes back to the values she wrote in 2014 with Tori Lewis, Director of Projects, when she started Fibonacci Web Studio.

Okay - we are inspired. What’s next?

Well, Stanford WebCamp is free. I think it’s safe to say it’s worth checking out their website and signing up to get updates for next year’s event.

Learn more about the Event Organizer’s Working Group, join their monthly meetings, or read up on some of the steps you might want to take to organize a camp of your own.

Agaric Collective: Uniting Visions: Kicking off Thursday 3pm ET planning & building sessions for democratic conversation scaling platform, Visions Unite

Main Drupal Feed - Thu, 06/16/2022 - 16:28

Hi friends and collaborators, join us today at 3pm ET (or any subsequent Thursday at 3) as we kick off a series of research, planning, discussion, and building sessions for Visions Unite.

As our primary pro bono project, Agaric is working on Visions Unite, "where people seeking to make the world more whole can share ideas and information and gather the commitment and resources to build power to be the change we need", which a dozen projects have tried to do—what makes this different is sharing power via democratic mass communication.

Here are some initial user stories for Visions Unite.

Help plan and build the interface and underlying technology! (Drupal friends, we have been leaning against Drupal but might do it for the MVP— would love to hear your thoughts for or against.)

Connection info will always be up-to-date at agaric.coop/show (for these sessions we are taking over most of our Show & Tell hour, which is weekly on Thursdays 3pm Eastern).

Read more and discuss at agaric.coop.

Pages