29 Nov 2015

feedDrupal.org aggregator

Drupal Easy: DrupalEasy Podcast 165 - Drupal Acht (Donna Benjamin - FOSS Funding)

Download Podcast 165

Donna Benjamin (kattekrab) joins Mike Anello, Andrew Riley, and Anna Kalata to talk about funding free and open-source software (FOSS), the D8 Accelerate Program, and the launch of Drupal 8!

read more

29 Nov 2015 2:18am GMT

28 Nov 2015

feedDrupal.org aggregator

Out & About On The Third Rock: Open Source and Cloud beyond tech – Keynote at DrupalCamp Bulgaria Nov 2015

The keynote at DrupalCamp Bulgaria was planned to be left field from the get go, however it went a little further out after Paris came under attack on the night of the 13th of November 2015. #JeSuiBaghdad #JeSuiParis #JeSuiBeirut #JeSuiChibok #JeSuiKarachi #JeSuiMadrid #JeSuiDamascus #JeSuiAnkara #JeSuiLondon #JeSuiMali the list goes on, but other than on the bench solidarity […]

28 Nov 2015 9:00am GMT

27 Nov 2015

feedDrupal.org aggregator

Dries Buytaert: BigPipe, no longer just for the top 50 websites

One thing that is exciting to me, is how much we appear to have gotten right in Drupal 8. The other day, for example, I stumbled upon a recent article from the LinkedIn Engineering team describing how they completely changed how their homepage is built. Their primary engineering objective was to deliver the fastest page load time possible, and one of the crucial ingredients was Facebook's BigPipe.

I discussed BigPipe on my blog before: first when I wrote about making Drupal 8 fly and later when I wrote about decoupled Drupal. Since then, Drupal 8 shipped with BigPipe support.

When a very high-profile, very high-traffic, highly personalized site like LinkedIn uses the same technique as Drupal 8, that solidifies my belief in Drupal 8.

LinkedIn supports both server-side and client-side rendering. While Drupal 8 does server-side rendering, we're still missing explicit support for client-side rendering. The advantage of client-side rendering versus server-side rendering is debatable. I've touched upon it in my blog post on progressive decoupling, but I'll address the topic of client-side rendering in a future blog post.

However, there is also something LinkedIn could learn from Drupal! Every component of a LinkedIn page that should be delivered via BigPipe needs to write BigPipe-specific code which is prone to errors and requires all engineers to be familiar with BigPipe. Drupal 8 on the other hand has a level of abstraction that allows BigPipe to work without the need for BigPipe-specific code. Thanks to Drupal's higher-level API, Drupal module developers don't have to understand BigPipe: Drupal 8 knows what page components are poorly cacheable or not cacheable at all, and what page components are renderable in isolation, and uses that information to automatically optimizes the delivery of page components using BigPipe.

Drupal's BigPipe support will benefit websites small and large. But it is exciting to see Drupal support the advanced techniques that were previously only within reach of the top 50 most visited sites of the world!

27 Nov 2015 3:27pm GMT

Faichi.com: Drupal 8 and Third Party Integrations

27 Nov 2015 2:41pm GMT

Wunderkraut blog: My work here is done

For the past six years I've run a company that takes good care of it's employees, has happy customers and has financials for sustainable profitable growth. Wunderkraut has grown approximately 1000% organically during the past five years and on top of this we've done mergers and acquisitions. Today the company is closer to 200 people and hundreds of happy customers all over Europe.

The future looks bright at the moment. All of our core digital markets in Europe look great, Drupal 8 is finally out, hiring is relatively easy and we've managed to grow even in the challenging markets of 2015. The company is in good shape to continue steady growth for the future years.
I've often said that the job of a CEO is to make sure he or she is not needed. My work here is done, everything works without me. This is the perfect moment for me to consider new challenges.
Wunderkraut will continue operating as a network of independent and cross functional teams working together to reach common goals. This structure makes the company very resilient and innovative, it combines many benefits of smaller startups with the scale of a larger company. It's truly self organising, the company really doesn't need a CEO at this point.
This means I'm able to take a look at new opportunities for the first time in a long time: Get more involved with startups, help professional services organisations to improve, help large organisations adopt agile management and improve their digital offerings, and so on.
I'm excited to have the opportunity to take the lessons learned in the past 20 years in the digital industry and put them to good use at a different setting. My future plans are still mostly open at this point, 2016 will be a great year to both myself and Wunderkraut!

27 Nov 2015 1:56pm GMT

Midwestern Mac, LLC: Upgrade an Apache Solr Search index from 1.4 to 3.6 (and later versions)

Recently I had to upgrade someone's Apache Solr installation from 1.4 to 5.x (the current latest version), and for the most part, a Solr upgrade is straightforward, especially if you're doing it for a Drupal site that uses the Search API or Solr Search modules, as the solr configuration files are already upgraded for you (you just need to switch them out when you do the upgrade, making any necessary customizations).

However, I ran into the following error when I tried loading the core running Apache Solr 4.x or 5.x:

org.apache.solr.common.SolrException:org.apache.solr.common.SolrException: org.apache.lucene.index.IndexFormatTooOldException: Format version is not supported (resource: MMapIndexInput(path="/var/solr/cores/[corename]/data/spellchecker2/_1m.cfx") [slice=_1m.fdx]): 1 (needs to be between 2 and 3). This version of Lucene only supports indexes created with release 3.0 and later.

27 Nov 2015 5:37am GMT

26 Nov 2015

feedDrupal.org aggregator

PreviousNext: High Availability Drupal 8 on Microsoft Azure

In this blog post we will take you though all the components required to provision a high availability Drupal 8 stack on Microsoft Azure. This is an extract from the demonstration given at Microsoft Ignite on the Gold Coast in November 2015.

26 Nov 2015 9:39pm GMT

DrupalOnWindows: How to choose the best Drupal Cloud Provider



More articles...

26 Nov 2015 2:45pm GMT

Drupal 8 Rules: Drupal 8 Rules M2 planned for March 2016

The #d8rules team is excited to welcome Acquia to our list of supporters. With their generous support of fully funding milestone 2, fago & klausi can plan dedicated time over the next months to focus on getting the MVP of Rules for Drupal 8 done.

Since finishing milestone 1 and DrupalCon Barcelona, we are basically in a developer preview state. The basic APIs of Rules 8 are pretty stable already, enabling contributed module porters starting work on their integrations.

Milestone 2

Milestone 2 now is all about getting a useable product to developers & end users of Drupal 8.

See what's planned for M2:

  • Completing Rules engine features (Metadata assertions, logging service)

  • Rules plug-ins part two (Events, Loops, caching, components API)

  • Configuration management system support (config entity, CMI support, integrity checks & config schema)

  • Generic rules integrations (Typed data & entity support)

  • Entity token support

  • Basically usable UI (Nothing fancy yet)
  • Basic API for embedding condition and action forms

The estimated, remaining 316 hours for M2 are fully funded by Acquia, drunomics and epiqo. Acquia is putting € 14.220,- in to help us work continuously over the next months. drunomics & epiqo are providing 50 % by a lowered rate of € 45 for fago and klausi to work on #d8rules during office hours.

We are expecting a release for M2 for beginning of March, 2016. This should allow the 25 % Drupal 7 sites which use the Rules module to start building for Drupal 8. Of course, we are also looking forward to see new adapters making use of flexible, UI-driven workflows.

Thanks again for everybody helping speeding up our work of porting Rules to Drupal 8. If you'd like to help out getting funding secured for Milestone 3, let's get in contact.

d8rules M2 thumbs up

26 Nov 2015 1:03pm GMT

OpenLucius: 18 Cool Drupal modules for site builders | November 2015

So.... Drupal 8 got released! Congrats everybody! The end of life of Drupal 6 is then final. In addition, the 16th of november it was announced that Drupal.org is now serving its content and files via Fastly; which is giving a significant performance boost, well done!

Furthermore, what I noticed last month on module updates:

1) Scroll to destination anchors

26 Nov 2015 10:16am GMT

25 Nov 2015

feedDrupal.org aggregator

Realityloop: DrupalCampMelbourne; 2015 and the future

26 Nov
Stuart Clark

This is the second year that DrupalCampMelbourne has been run in it's current form, and it's expected to be just as much fun as it was last year, but maybe just a bit bigger.

DrupalCampMelbourne is a two day event, with one day of sessions and one day of code sprints, but the way it's run is a little bit unique (as far as we know). Unlike a conventional Conference or Camp, the scheduling is 100% determined by the attendees on the day.

How does that work you ask?

It's relatively simple:

  1. First thing Friday morning all attendees get the opportunity to do a short lightning talk explaining the topic they wish to cover.
  2. During the lightning talks, all attendees will vote on the sessions they wish to see.
  3. Finally, after all lightning talks and voting is complete, the DrupalCampMelbourne website auto-magically builds the schedule based off the votes, number of sessions and room sizes.

We ran this approach for the first time last year and it worked superbly, and with a little tweaking to the algorithm this year we expect it to be just as good, if not better.

The major benefits of this approach are:

  1. Everyone gets an opportunity to have their say, both in submitting a session and in voting on what they'd like to see.
  2. No "committee" or "track chairs" are required to vet every talk and make the final decisions, reducing the organisational time of the event.
  3. SkyNet is one step closer to taking hold of us all… oh wait.

So if you are coming (you are coming right?), make sure to get their early and have your say. And remember, everyone has something worth saying and worth hearing, and there's nowhere better to start than a local community.

There are still some tickets left for the event, so if you haven't got yours, get it now: http://dcm2015.drupal.org.au

The future (a.k.a, SkyNet?)

The auto-magic scheduling of the talks is but the beginning, just as the day of session is just the beginning of DrupalCampMelbourne.

Day 2 of DrupalCampMelbourne is, as it was last year, a Code Sprint. This year, I will be running a sprint on the future of the DrupalCampMelbourne website in the hopes to make it even better; more autonomous, more usable and also more generic.

More autonomous

The "auto-magic" scheduling feature is a great help for running a DrupalCamp, it helps get Day 1 all sorted with minimal effort, but it's not the only part that can be automated and improved. A larger portion of the camp itself could be automated.

If, when setting up the next camp, one where to provide the site with the date of the event, the camp could set a schedule for the organisers (when to have venue booked by, when to contact sponsors, etc), it could transition through various states (register your interest, event information, signup, etc), it could manage the budget (venue cost + resource costs - sponsors - tickets = success) and much more.

The possibilities are endless.

More usable

There's no question that there have been some issues, certain information lacking, not enough communication, and other various management related issues; this is inevitable when the number of volunteers is in the low single digits and the time those volunteers have is equally lacking.

DrupalCampMelbourne is as open source as it can be at the moment, the source code is entirely available on GitHub.com (http://github.com/drupalmel/drupalcampmel) for anyone at all to contribute to. This year I want to push forward and get more people involved, let's ensure the site is more usable in the future, makes more information available and the site provides the missing communication it needs.

More generic

There is absolutely no reason that this project should be specific to DrupalCampMelbourne, nor even a DrupalCamp at all, it could apply to any type of Camp style event in any locale.

Genericising the existing work and building a new DrupalCamp/Camp Drupal distribution has been a goal from the very start, and with Drupal8 out it's the best time to do exactly that.

So come along to DrupalCampMelbourne 2015 on Saturday (and Friday) and get involved. This is only one of the various sprints that will be being run during the Code Sprint. And don't forget, a Code Sprint isn't just for developers, there's something for everyone, from novice to professional.

drupal planetdrupalcampmelbournedrupal

25 Nov 2015 11:25pm GMT

Paul Johnson: Celebrate Drupal 8 - how it was done

Photo by @pvishnuvijayan


As with many crazy ideas this all started in a bar. No ordinary bar, this was DrupalCon Barcelona Trivia Night. @BarisW said "so what are you going to do about Drupal 8's release, we're relying on you". I was phased, but it set my mind in motion.

I am one of those people who, when faced with a challenge, believe the impossible is possible. How do I reach every corner of the globe and spread the word of this amazing new Drupal 8 thing? This is the story of how Celebr8D8 came to be, and I didn't do it alone.

Photo: @pvishnuvijayan Bangalore Drupal 8 Release Party.

Why was so driven to this?

Simple. Whilst I have been very fortunate to have attended many DrupalCons, experienced the scale and diversity of the Drupal community first hand, many have not. Many never will. Few have any concept of the global movement which builds the software. It all happens behind closed doors. I wanted to show to the world there are people in every place across the globe involved in Drupal. Of every creed, colour and background. I wanted to to transcend geography, make everyone feel united.

Germinating the ideas

So I decided it would be a interesting project to try and persuade as many people as I could muster, from as broad backgrounds as I could get, to film themselves saying a script about Drupal 8. This could then be edited to feature each person in sequence. The inspiration came from these two pop videos. Cry and Band Aid.

Like most big ideas in Drupal this was going to need help. Enter Jeffrey A. "jam" McGuire, Robert Douglass and Campbell Vertesi. A few emails later we had a concept. Then out the blue Campbell suggested Celebr8D8. BOOM! I instantly knew this was the stroke of genius upon which to hand our idea from. Jam and I had skype chats, created obligatory google docs, sent dozens of persuasive emails. In less than 2 days between us we had a concept, script and list of 20+ people willing to take part.

Then out the blue Campbell suggested Celebr8D8. BOOM! I instantly knew this was the stroke of genius

But then I thought, wouldn't it be amazing to make a Drupal 8 site for this film to live on. And how about we secretly approach dozens of people to film themselves talking about what Drupal 8 meant to them. Using Jam's and my little black books we emailed a large number of Drupal friends and contacts sample videos inviting people to join in.

Meanwhile I twisted a few arms - Amy Leak (Designer), Matt Smith (Developer), Alison Hover (Themer), James Hall (Site Builder) all committed to creating the Drupal 8 site. They were amazing, literally a self managed team who made magic.

It was all coming together, or so I thought. Time was passing and I was becoming anxious. As social media lead for Drupal, I was one of the few people who knew down to the hour when Drupal 8 was coming out. 4 days to go and no crowd sourced videos. I stayed up until the early hours emailing people, persuading them to commit. Slowly the films started to trickle in, then a wave.

Meanwhile, the feature film submissions were coming in thick and fast. Enter Graham Brown (@vaccineMedia), producer of the film. Working into the early hours for several days with little direction he created the film we all saw watched on release day. And then Jam told us he'd had a call to go to Antwerp to meet Dries, with a film crew (thanks Acquia!). Suddenly we an exclusive, the big guy was in. Sometimes I think destiny has a part to play in life, this was one of those days.

And then Jam told us he'd had a call to go to Antwerp to meet Dries, with a film crew (thanks Acquia!). Suddenly we an exclusive, the big guy was in

But how do we get people to know about this site?

So we had an amazing film coming together, a site and dozens of community films flying in from around the globe. But how do we draw an audience? Well if there's one I've learnt in Drupal, if you can inspire the community into action amazing things happen. So I set about enabling another mad idea I had - "The social media Mexican wave".

I thought that if I could contact a person in every country where there is Drupal and ask them to retweet one tweet about our site, at a certain time in their local timezone, we could achieve something interesting. Chasing the sun around the globe, a steady rhythm of retweets would ripple across the world like the Mexican Waves in 1990's football crowds.

So I created a webform for people to volunteer, sent a couple of tweets linking to the form and went to bed. In the morning I had a tonne of retweets and more importantly 199 volunteers with a potential reach of 350000 people! Wow! So I emailed the volunteers and primed them with my plan so that come Drupal 8 release day they could support us on social media, give us a boost!

Another secret piece to my social media master plan was to ask people's Twitter username when they submitted films. Whilst moderating each film, I took a screenshot, added it to a scheduled tweet in Hootsuite with a link to the page on our site, and @mentioned the person in the tweet. Doing so would guarantee that person noticed, hopefully was flattered and duly retweeted. Each tweet was carefully primed to go out at the right time, when that person was awake, in their part of the world. Naturally most people retweeted and boosted our impact. (an export of these tweets is available to download below, with stats so you can copy my ideas)

The hashtag #Celebr8D8 was the icing on the cake. The Drupal Association contacted me and we asking what hashtag could be used for the 207 release parties happening around the world. They loved the one we had planned and asked if they could use it too. Well no one owns hashtags, I thought it would be fun and more effective to combine efforts.

So come 9am 19th November 2015 the first tweet announcing the site went out as I slept. Thanks Hootsuite (and many others to follow that day). In New Zealand Josh Waihi's short film launched the site with a humble tweet, and lit the touch paper of what became a 24 hr period which saw our campaign reach 250,000+ people. The Drupal community really got behind the idea, our films were watched thousands of times, a huge feeling of being connected was achieved.

We were very fortunate to have the full power of Platform.sh, provided for free (thanks Robert Douglass!), so we knew that no matter how busy the site got, it would stay up. I'm sure Platform hardly noticed, but I was pretty stoked when I noticed there were 386 visitors on the site at one moment.

Was it a success?

What started as an idea by one person and a few friends took flight and it felt like the whole world joined us. People from 115 countries in the world came to the site, watched our films. For the 7 hours between 10:00 and 17:00 GMT the site sustained over 200 concurrent users. We supported 7,396 sessions by 5,474 users and 22,061 page views. Not bad for an entirely volunteer team who had less than 2 weeks notice.


222.5K impressions in 3 days. The main announcement Tweet reached 48,042 people with 309 retweets.

We asked people what #Drupal8 means to them. Their response will delight you https://t.co/ptClMm5Wtj #celebr8d8 pic.twitter.com/UNEkblvhed

- Celebrate Drupal 8 (@celebr8d8) November 18, 2015

Celebr8 Drupal 8 the Film

Graham's headline film was watched 1596 times in 24 hours.

Who's were the most popular films

I know how the Drupal community are so competitive, so these are in popularity order.

  1. Dries and Jam Belgium and NZ
  2. MortendK Denmark
  3. Drupal Association USA
  4. StavrianaNathan
  5. Grienauer Austria
  6. Noah Australia
  7. Net Studio Greece
  8. Lewis and Emma UK
  9. Andrew McPhaerson UK
  10. Amazee Switzerland
  11. @shyam_raj
  12. Steve Purkiss UK
  13. Dave Hall Australia

Stats available below

You will see below more remarkable stats I've taken from Google Analytics, Twitter Analytics and Bitly. In the spirit of open source, there is also a spreadsheet with some of the top level stats and some PDF's you may use and distribute freely under Creative Commons Attribution-ShareAlike 3.0 license https://en.wikipedia.org/wiki/Wikipedia:Text_of_Creative_Commons_Attribu...

A huge thank you too ....

All of this makes me very happy. But it would not have been possible without some very special people. I'd like to close by saying a huge thanks to Jeffrey A. "jam" McGuire who spent for best part of two weeks helping me pull my mad plan together. Without Jam this would not have been possible, nor as amazing. And to Graham, Matt, Ali, James and Amy for tirelessly working on the film and site!

Let's do it again some time, but for now, can I have a rest?

In the meantime here are few of my favourite tweets from this very memorable day .....

Following are some of my favourite tweets

With so many to choose from, here are a selection from the tweets I favourited on Twitter.

Drupal Saudi Arabia

تشرفت اليوم بحضوراحتفالية #دروبال #الرياض #Celebr8D8 #Drupal8 #drupal شكر خاص@Raeda1 @DrupalAssoc @celebr8d8 @drupal pic.twitter.com/Jgb8RplsEf

- Essam Al-Qaie (@EssamAlQaie) November 19, 2015

Cerebr8ting Drupal8 in Munich! #Celebr8D8 pic.twitter.com/UI2gHYETPB

- Maria Blum (@BlumCodes) November 19, 2015

Join us next Thursday to #Celebr8D8 - https://t.co/O072sLoL8o - a piñata is in the forecast - pic.twitter.com/kjizdDSNGr

- Amazee Labs Austin (@amazeelabs_atx) November 12, 2015

The Moment We've All Been Waiting For: Drupal 8 is Here! https://t.co/EQIs4uXwDU #Celebr8D8! pic.twitter.com/6mDwWv1cXn

- Duo (@DuoConsulting) November 19, 2015

#celebr8d8 up up up. @drupalcamppune celebrating drupal 8 launch. Sky lanterns. #drupal pic.twitter.com/bzjSGQJTO8

- Prafful Nagwani (@nagwaniz) November 19, 2015

Drupal Nigeria

A little #Drupal8 release party happened last Friday, Eket, Nigeria. #Celebr8D8. Awesome!! pic.twitter.com/xFdg11r5Ax

- Aniebiet Udoh (@almaudoh) November 23, 2015

Drupal Bangalore

#celebr8d8 Bangalore Drupal 8 celebrations ! pic.twitter.com/FJB827QUaK

- pvishnuvijayan (@pvishnuvijayan) November 21, 2015

Welcoming the new baby in gang #Celebr8D8 #Drupal8 ##drupal pic.twitter.com/c7nYc6WTh0

- AddWebSolution (@AddWebSolution) November 21, 2015

and the party is still on ;) Celebrating @Drupal8ishere :D Are you celebrating? #Celebr8D8 #Drupal8 #Cyprus pic.twitter.com/c3AkcS17Tq

- OpiumWorks (@OpiumWorks) November 20, 2015

Looking for the #Celebr8D8 party in Melbourne? It's near these people! pic.twitter.com/kuESg4yfPt

- cafuego (@cafuego) November 20, 2015

"@manuelgil: If Google used Drupal, today they'd put a doodle like this ;) @Dries @Drupal8iscoming #Drupal8 pic.twitter.com/pVsuogHF3W"

- Manuel Alejandro Gil (@manuelgil) November 19, 2015

Setting up for the Portland #Celebr8D8 shin dig! pic.twitter.com/DrGjabi1bW

- Holly Ross (@drupalhross) November 20, 2015

Getting ready to party in Portland with @ryanaslett #celebr8d8 pic.twitter.com/epa1uOsZ5X

- Drupal Association (@DrupalAssoc) November 19, 2015

drupal 8 release party @Blisstering !!!! @DrupalMumbai @celebr8d8 @DrupalAssoc pic.twitter.com/eM0pAVZvhK

- Blisstering (@Blisstering) November 19, 2015

Consider this the start of a slow clap for all those #Celebr8D8 cakes. Delicious work, #Drupal, delicious work. pic.twitter.com/jrGG4O8wYc

- Amazee Labs Austin (@amazeelabs_atx) November 19, 2015

#Celebr8D8 coming to an end. Thanks @pdjohnson pic.twitter.com/iAlAG6SpKi

- Isabell Schulz (@murgeys) November 19, 2015

Analytics All Web Site Data Location 20151117-20151124-2.pdf
Analytics All Web Site Data Location by City.pdf

115 countries

Over 1500 cities

Over 1500 cities

Further information:
Campaign and site visitor stats - Google Doc

25 Nov 2015 11:10pm GMT

Promet Source: Tuning Drupal Site Performance with Load Storm and New Relic

When load testing, we simulate user interaction with a website, increase the frequency or the number of interactions and collect the results of system usage, then analyze them to aid system improvement towards desired results. The data will prove useful for creating benchmarks of site performance, which can be compared with earlier site's performance if a site is undergoing a migration.

25 Nov 2015 7:36pm GMT

Drupal core announcements: What's next for core patches after 8.0.0?

Last week, we released Drupal 8.0.0! This amazing milestone signals a new era in Drupal core development, with changes to the changes allowed in patches and a new release cycle with minor versions scheduled every six months.

Now that Drupal 8 is ready for building real sites, with contributed projects already available or being built, the immediate focus for Drupal 8 core will be fixing bugs to help those real sites, as well as fixing any issues in Drupal core that prevent contributed modules from being ported to Drupal 8. Another top priority is stabilizing and completing the core Migrate feature and its user interface, so that existing Drupal 7 and especially Drupal 6 sites can move to Drupal 8 reliably. Finally, a third priority is adding frontend and performance testing to help us make changes more safely. For the next six weeks, we will mainly be committing patches that move us toward these three goals.

Then, after January 6, 2016, we will begin a broader feature development phase for innovations in 8.1.x, 8.2.x, and beyond, so long as we are able to resolve critical issues consistently and keep 8.1.x stable for a reliable scheduled minor release. Read more about the proposed development, beta, and release candidate phases for minor versions.

Drupal 8 core branches and the core issue workflow

Starting today, all patches that are accepted to core according to the priorities above will be committed first to the 8.1.x git branch (even when they are filed against 8.0.x-dev in the core issue queue). Patches that are eligible for patch releases will typically be immediately committed to 8.0.x as well. If we are close to a bugfix release window, the issue may be marked "Patch (to be ported)" and committed just after the bugfix release, to give ample time to catch any regressions or followups before each change is deployed to production sites.

Some patches will only be committed to 8.1.x (for example, if they are too disruptive for a patch release or if they make additions that are only allowed in minor releases). Keep in mind that the open feature development phase for 8.1.x has not started yet, so plan to work on general feature additions and BC-compatible API improvements after it does.

Note that for the time being, patch-release-eligible issues are still filed against 8.0.x-dev in the core issue queue and most 8.1.x issues are still postponed pending the open feature development phase. Later, we will update the core issue metadata and processes as we move into more extensive minor version development.

25 Nov 2015 1:03am GMT

24 Nov 2015

feedDrupal.org aggregator

DrupalCon News: Sessions Announced for DrupalCon Asia

One of the most exciting aspects of preparing for a DrupalCon is selecting the sessions that will be presented. It's always incredibly cool and humbling to see all the great ideas that our community comes up with- and they're all so great that making the official selections is definitely not an easy process! This time, the Track Chairs had almost 350 sessions to read through to determine which 50 would be presented in Mumbai.

24 Nov 2015 10:19pm GMT

Drupal Watchdog: Black Box – White Hat


Photo Drupal has a pretty secure structure: a small, simple and stable core that can be extended with tons of modules and themes. From Drupal 7's initial release on January 5, 2011 until now, there were only 17 core security updates, which is quite a small number for a period lasting longer than four years.

But when it comes to third-party modules and themes, the picture is quite different. Although only modules with official releases are reviewed by the security team, or have security announcements issued, the majority of the 11,000+ third-party modules and themes for Drupal 7 get weekly reports for security issues.

And using custom modules is even more dangerous if they are not tested properly. Let's face it: no one uses Drupal without modules. That's why I will share with you some of the best open source tools to improve the security of your website.

Knowing your opponent's moves helps you better prepare your defenses. That's why we will try to attack with every known-at-the-moment method of testing vulnerability. All the tools I will show are easy to use without any knowledge of the source code. And the best part is, you can use this strategy indefinitely, if you keep these tools up-to-date. Remember: update first, then test.

Being Up-to-Date

I can't emphasize enough how important it is to keep all your stuff up-to-date, so let's start with that idea: If one tiny part of your website has a security breach, the whole system is corrupted. That's why you should check for updates for the core and the modules you are using. There are reports you can find on Drupal's official page; if you find that there is a security update available, immediately apply it.

Metasploit + Armitage = Hail Mary!

Start with Kali Linux: it's small, and has Metasploit and Armitage pre-installed. Armitage gives you a GUI, exploit recommendations, and use of the advanced features of Metasploit Framework's Meterpreter. (But remember to get updates every time you're about to run tests.)

Then, get an exact clone of the server; same machine, database, structure, OS version, etc.

NOTE: It is not recommended you use this technique on live websites because there is a chance the server will go down.

24 Nov 2015 6:51pm GMT