Feed aggregator

Microsoft Confirms Outlook Issues

Slashdot -

Microsoft has confirmed that some users of its email service Outlook are unable to send email or access their accounts. From a report: Hundreds from around Europe have commented on the website Downdetector that they have been affected by the problem -- many since Monday morning. One common issue seems to be that sent emails remain in the drafts folder and are not being delivered to recipients. On its website, Microsoft says the service dropped "unexpectedly" and it is working on a fix. Not all account holders are affected. "Intermittent connectivity is affecting customers in some European countries, which we are working to resolve as soon as possible," said a Microsoft representative.

Read more of this story at Slashdot.

Bay Area Drupal Camp: Summit Registration is Now Open!

Drupal Planet -

Summit Registration is Now Open! Grace Lovelace Mon, 09/18/2017 - 10:54am BADCamp Drupal Summits

Summits are one-day events focused around specific topics and areas of practice that gather people in specific industries or with specific skills to dive deep into the issues that matter and collaborate freely.

 

Sign Up for a Summit Today!

 

Nonprofit Summit (Wed)

The BADCamp Nonprofit Summit (NPS) is back in Berkeley for 2017 with even more opportunities for nonprofits and developers to collaborate, learn, and grow! We’ve got a full day of case studies, presentations, and small-group breakout sessions, all led by nonprofit tech experts. Come discover new tools and strategies, learn how to use them, and make contacts with other members of the Drupal nonprofit community!

Higher Ed Summit (Thurs)

The Higher Education Summit is a unique opportunity for site owners, IT managers, developers, content creators, and agencies dedicated to supporting and advancing the use of Drupal in academia to share, learn, and strengthen our community of practice. Through panels, talks, and ample breakout sessions, participants share and learn from one another’s victories and challenges, and build momentum in cross-institutional initiatives. Drupal behind the login. This year's theme is using Drupal as a collaboration tool (intranets, research sites, data sharing, administrative tasks, portals, etc.).

Front End Summit (Thursday)

Perhaps more than any other discipline, front-end development has been rapidly evolving over the past several years to accommodate an ever-changing variety of workflows, toolsets, best practices, and technologies. As BADCamp turns 10, let us acknowledge the past, assess current trends, and discuss the future of front-end development at the Frontend Summit.

Backdrop Summit (Wed)

Backdrop CMS is a content management system based on the Drupal you know and love, but with a new mission that aims to decrease the cost of long-term website ownership. The goal of this Drupal fork is to empower more people to do more things on the web. At the Backdrop Summit you'll learn about the Backdrop software and its differences from the Drupal CMS.

DevOps Summit (Thurs)

Want to accelerate development at your organization? The DevOps Summit is about inspiring people (aka YOU) with new processes and tools to help transform ideas into working web applications. We’ll be discussing topics like automated testing, continuous integration, local development, ChatOps, and more. Along the way you’ll have a chance to pick the brains of leading DevOps professionals in the Drupal community. Anyone who is looking to work with happier development teams while saving time and money should attend.

  Do you think BADCamp is awesome?

Would you have been willing to pay for your ticket?  If so, then you can give back to the camp by purchasing an individual sponsorship at the level most comfortable for you. As our thanks, we will be handing out some awesome BADCamp swag as our thanks.

We need your help!

BADCamp is 100% volunteer driven and we need your hands! We need stout hearts to volunteer and help set up, tear down, give directions and so much more!  If you are local and can help us, please sign up on our Volunteer Form.

Sponsors

A BIG thanks to our sponsors who have committed early. Without them this magical event wouldn’t be possible. Interested in sponsoring BADCamp? Contact [email protected] or [email protected]


Thank you to Pantheon & Acquia for sponsoring at the Core level to help keep BADCamp free and awesome.

Drupal Planet

Colan Schwartz: Client-side encryption options now available in Drupal

Drupal Planet -

Topics: 

After the success of last year's GSOC project with Drupal, I thought it would be a great idea to see if we could take what we did there (server-side encryption) and do something similar on the client side. The benefit of this approach is that unencrypted content/data is never seen by the hosting server. So it's not necessary to trust it to the same degree. This has been a requested feature for some time, and become very popular within the instant-messaging space.

I posted the idea, but wasn't sure how much traction there would be given the additional complexity. Before long, there were two interested students, Marcin Czarnecki and Tameesh Biswas, who were interested in the project given their interest in cryptography. They both wrote very good proposals, which we in the Drupal community accepted.

With the help of Adam Bergstein (my co-mentor from last year) and Talha Paracha (last year's student), we were able to mentor both students in working towards completing their projects, even with the added complexity. Unlike last year, users' passwords couldn't be used to encrypt anything because the site has access to these. An out-of-band mechanism was necessary to perform the encryption, public-key cryptography. It needed to be in the hands of users themselves instead of being handled implicitly by the server.

I'm delighted to report that both students passed. The community can now take their projects and build upon them. Please review the new Drupal modules at Client-side content encryption (overview) and Client Side File Crypto (overview). If there are any issues, please open tickets in the respective queues.

This article, Client-side encryption options now available in Drupal, appeared first on the Colan Schwartz Consulting Services blog.

Meet the Font Detectives Who Ferret Out Fakery

Slashdot -

New submitter rgh02 writes: Earlier this year, the former prime minister of Pakistan and his family came under scrutiny thanks to revelations in the Panama Papers. The smoking gun in the case of a forged document was none other than a font -- Calibri, which, as it turned out, wasn't even available until after the document had allegedly been signed and dated. This is not the first or the last time typography helped crack a case, and often with help from experts appropriately referred to as the 'font detectives.' At Backchannel, Glenn Fleishman dives into the adventures of the experts ferreting out fakery with their knowledge of fonts and the high-profile cases they've found themselves involved in.

Read more of this story at Slashdot.

Google's New Payment App For India Transfers Money Via Ultrasound

Slashdot -

Pranav Dixit, writing for BuzzFeed News: Google's goal for the brand-new payments app it launched in India on Monday is simple yet ambitious: to get in on the action each time someone sends or receives money in its largest market outside the United States. The app is called Tez -- Hindi for "fast" -- and it lets users do three things: send money to people in their phones' address books, make payments to businesses (both online as well as in real-world mom-and-pop stores), and zap cash to anyone around them -- all without knowing bank account numbers or personal details. Tez is powered by UPI, short for Unified Payments Interface, a Indian government-backed payments standard that lets users transfer money directly into each other's bank accounts using just their mobile numbers, or a bank-issued payment ID that looks like an email address. It works a lot like Venmo does in the US, except that anyone can build their own payments app on top of UPI. Once you hit Pay or Receive, Tez detects other Tez users around you with a proprietary technology called Audio QR based on ultrasound, and pairs with their phones. Once a sender puts in the amount and authenticates with a preset PIN to confirm who they're sending money to, a transaction happens in seconds.

Read more of this story at Slashdot.

Deeson: Where to find Deeson at DrupalCon Vienna 2017

Drupal Planet -

It’s official: Deeson is in the top 30 of companies contributing to Drupal globally! As huge proponents of open source we’re proud to be playing a key role in supporting the health of the project, and this is testament to the hard work of our development team.

Next week we’re heading to DrupalCon Vienna 2017. We’re pleased to sponsor the Women in Drupal event again this year, and in the spirit of sharing what we’ve learned we’ll also be delivering several sessions throughout the event. Here’s a taste of what to expect:

Component driven front-end development

John Ennew. 26th September, 2.15pm in Lehar 2.

Pages are dead - long live components.

With a component based approach your development team can maintain a catalogue of templates independent of the backend CMS.

When the backend work starts, these components will then be integrated into Drupal. This talk will describe a method for doing this which does not cause complex themes or copying pieces of template code out of the front-end prototypes.

This talk will cover:

  • The general approach to component based development
  • A method for developing components independent of the backend system which will be used
  • How to integrate the components with Drupal 8
  • An overview of the advantages of this approach
Building social websites with Group and Open Social

Kristiaan Van den Eynde. 27th September, 10.45am in Lehar 1.

A lot of Drupal sites are run by only a handful of people. A few power users receive the rights to administer other user accounts, some others can post and publish content and everyone else can just view content and “use” the site. It’s when this scenario doesn’t suit your needs that you might want to have a look at the Group module.

Group allows you to give people similar permissions like those above but only for smaller subsections of a website. Say you run a school website and you want students to be able to only see the courses that are available for them to enroll in, but nothing else. Or you want to run a social network where users can post content, but only within their sandboxed area on the website. Group’s got you covered.

This session will be a brief description of the Group module by its author Kristiaan Van den Eynde (Deeson) and explain its key concepts. We will demo how to configure it and then show you how Group is used in the wonderful Open Social distribution.

Joining us for the second part of the presentation, Jochem van Nieuwenhuijsen (GoalGorilla / Open Social) will explain how Group enabled a team of talented developers to build a social network using Drupal 8. He will list some of the challenges and show you some of the cool stuff they built on top of the Group module.

This session is suitable for developers with some experience with Drupal 8 site building, but most of the presentation should be easy to digest for even the most junior site builders.

Birds of a Feather sessions

Drupal recently announced that Vienna will be the last European conference for the foreseeable future, and that they will host BoFs at the event for the community to discuss the future. 

If you’re not familiar with the BoF format, DrupalCon describes them as “informal gatherings of like-minded individuals who wish to discuss a certain topic without a pre-planned agenda”. This year, Deeson team members are delivering five BoF sessions:

Facilitating happy, high performing distributed teams

Tim Deeson. 26th September, 10.45am in Galerie 11-12. 

An opportunity to share tips and tools for what you've found works or problems you want help with.

At Deeson we've found a mix of tools, processes and relationship building is key. And that sharing what works for us and learning from others is invaluable.

  • Are there tools that you find that really make a difference?
  • Any team events or activities that help people get to know each other?
  • How do you spot if someone isn't happy or engaged?
  • What methods works or doesn't work for different types of personalities?
  • Is always-on Slack a blessing or a curse?
  • Do in-person events matter or can everything be done online?
  • Do you have a structured way of supporting the team to get know each other well?

Bookmark this session

Agile and agencies

John Ennew. 27th September, 1pm in Galerie 15-16. 

The are many ways to run an Agile project.

Much of the written support for working with Agile is based on an internal team which doesn't always support to how the client and agency relationship works.

Agencies have a variety of mechanisms for running an Agile project from simply embedding the ceremonies of Agile to actually ensuring the project team, client and contract are Agile from the start. 

Come along and share your experiences (highs and lows), your tips and your best practices for making Agile work in an Agency.

Bookmark this session

Creating technical excellence in the tech team

John Ennew. 28th September, 2.15pm in Galerie 11-12.

Are you a technical lead?

Come and meet like minded people to share your experiences in managing your team members and ensuring technical excellence.

Bookmark this session

The road ahead for Group: New features and future development

Kristiaan Van den Eynde. 27th September, 3.45pm in Galerie 15-16.

This BoF is intended for site builders who are actively using Group for Drupal 8 and are wondering what's currently planned for development or for site builders who think there is a key feature missing from Group 8 right now. The goal is to either learn about what's coming or to actually add something to the roadmap, provided it would be useful to a larger audience.

Bookmark this session

Reinventing the entity access layer (Node access for all entities)

Kristiaan Van den Eynde. 28th September, 12pm in Galerie 13-14.

This BoF is intended for those involved in https://www.drupal.org/node/777578 and all those who wish to participate by writing a proof of concept or by brainstorming over possible approaches.

Bookmark this session

Heading to DrupalCon Vienna 2017? We’d love to meet you! Drop us a line on Twitter if you want to chat to us or email [email protected].

Security updates for Monday

LWN Headlines -

Security updates have been issued by Arch Linux (ffmpeg, lib32-libgcrypt, libgcrypt, linux-zen, and newsbeuter), Debian (emacs25, freexl, and tomcat8), Fedora (cyrus-imapd, FlightGear, freexl, gdm, kernel, LibRaw, ruby, and xen), Gentoo (binutils, chkrootkit, curl, gdk-pixbuf, gimps, git, kpathsea, mod_gnutls, perl, squirrelmail, subversion, supervisor, and webkit-gtk), Mageia (389-ds-base, kernel, kernel-linus, kernel-tmb, and mpg123), openSUSE (ffmpeg, ffmpeg2, qemu, and xen), Slackware (kernel), SUSE (xen), and Ubuntu (gdk-pixbuf).

Apple Officially Bans Scammy Antivirus Apps From iOS App Store

Slashdot -

Fake "virus scanning" apps have plagued the iOS App Store for a while, and Apple seems to finally be banning them once and for all in updated developer guidelines it published last week. From a report: The updated developer guidelines, compiled by Paul Hudson over at Hacking With Swift, now includes a ban on apps that claim to "including content or services that it does not actually offer" -- something that includes any iOS virus scanning apps, seeing as it wasn't possible to scan for viruses on iOS with third party apps, since iOS's sandboxing prevents applications from directly interacting with each other or the core of the iOS operating system.

Read more of this story at Slashdot.

Ask Slashdot: What Would Happen If a Hyperloop Train Failed?

Slashdot -

dryriver writes: I've been following Elon Musk's Hyperloop initiative with great interest. The idea of getting from one city to another at 700 MPH without having to suffer through an airport and all that jazz is revolutionary. I'm glad that somebody is trying to innovate in the area of land travel. My question though: When conventional trains going at much slower speeds derail or crash, the result is often serious injuries or deaths. What happens if something goes wrong with a 700 MPH Hyperloop train/pod or with part of the track? Would a Hyperloop accident at that speed even be survivable?

Read more of this story at Slashdot.

Avast's CCleaner Free Windows Application Infected With Malware

Slashdot -

Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.

Read more of this story at Slashdot.

Drop Guard: Drop Guard is cutting costs by 40% - facts and figures

Drupal Planet -

Drop Guard is cutting costs by 40% - facts and figures

While working with other NGOs and agencies during the last 1,5 years, we collected more and more information about the time and money that Drop Guard will save your agency. On our website, we claim that Drop Guard will cut your update costs by 40%. CTOs and COOs want to challenge numbers like this and ask how exactly this ROI is calculated. That’s why I want to share the detailed information in this blog post with you.

Security updates are released every Wednesday. If you work in a Drupal shop that cares about security, you have to apply updates for every site every Wednesday or at least Thursday.

Drupal Business Drupal Planet

Appnovation Technologies: Appnovator Spotlight: Richard Hales

Drupal Planet -

Appnovator Spotlight: Richard Hales Who are you? What's your story?  Richard Hales - "Talent Acquisition". With 13 years in recruitment, working with some top global brands, hiring some of the best talent. I now use that experience and those connections to find the very best people for Appnovation What's your role at Appnovation?  Working in the UK, I am ideally placed to serv...

Americans Plan Massive 'Net Neutrality' Protest Next Week

Slashdot -

An anonymous reader quotes the Guardian: A coalition of activists, consumer groups and writers are calling on supporters to attend the next meeting of the Federal Communications Commission on September 26 in Washington DC. The next day, the protest will move to Capitol Hill, where people will meet legislators to express their concerns about an FCC proposal to rewrite the rules governing the internet... The activist groups are encouraging internet users to meet their lawmakers and tell them how a free and open internet is vital to their lives and their livelihoods... "The FCC seems dead set on killing net neutrality, but they have to answer to Congress, and Congress has to answer to us, their constituents," said Evan Greer, campaign director for Fight for the Future, one of the protest's organisers. "With this day of advocacy, we're harnessing the power of the web to make it possible for ordinary internet users to meet directly with their senators and representatives to tell their stories, and make sure that lawmakers hear from the public, not just lobbyists for AT&T and Verizon," she said. Monday Mozilla and the Internet Archive are also inviting the public to a free panel discussion featuring former FCC Chairman Tom Wheeler on ways the American public can act to preserve net neutrality.

Read more of this story at Slashdot.

Vardot: What Is A Chatbot, And Why Is It Important For Your Business?

Drupal Planet -

What Is A Chatbot, And Why Is It Important For Your Business? Dmitrii Susloparov Mon, 09/18/2017 - 14:06

There is a great deal of enthusiasm surrounding chatbots in the Internet technology world today. Fanning the flames was the news that the White House had created a Facebook chatbot using Drupal. This post explains what a chatbot is, its current status, and how it can benefit business enterprises.

What is a chatbot?

Chatbots are software agents which communicate and collaborate with human users through text messaging using a natural language, say English, to accomplish specific tasks. Examples of common tasks in a business context are product inquiries, ordering, and troubleshooting.

 

Chatbots holds the promise of being the next generation of technology that people use to interact online with business enterprises. From a historical perspective, the first generation of customer contact technology involves websites. Users opens the company website within their browser, navigate web pages to get the information they want and to trigger various e-commerce transactions, such as ordering a product. Next up are mobile apps which users can download on their smartphones or tablets. The problem with apps is that people have to manually download and learn to use each of them. Chatbots lead the way for the next wave of technology. With chatbots, there are no new apps to download. This is because most users already have at least 1 instant messaging application installed on their communication devices, e.g., SMS, Facebook Messenger, Slack, Telegram, Kik, etc. Another advantage for chatbots is that, because chatbots communicate using a natural language, users don't need to learn yet another new website interface and to get comfortable with the unavoidable quirks.

 

The chatbot interface is powered by Artificial Intelligence (AI) technologies. AI is tasked to understand the text that users enter and pass on the knowledge to the backend for processing. Another benefit of using AI is that the chatbot will learn over time to better understand user preferences and as a result, deliver better and faster services.

Why are chatbots important to enterprises?

It was reported that, in 2016, for the first time in Internet history, there were more people using messaging apps than social media. It follows that chat has outpaced social media to become the de facto standard in how mobile users want to make contact. Mobile users are known to be an impatient bunch, ready to abandon any website en masse if they are made to wait for mere seconds after their initial request. Is your business staffed properly to handle this 24x7 onslaught of customer product queries, sales orders, and support requests?

 

Image Source: Business Insider

 

Chatbots can be programmed to monitor and respond to those chat sessions that fall within their domain expertise, such as troubleshooting, return merchandise authorization (RMA), sales inquiry, etc. For chatbots to do their job, enterprises first need to capture the aforementioned domain knowledge in a knowledge base. Once the knowledge becomes accessible, chatbots can staff the all-important corporate functions 24x7.

 

By deploying chatbots, a business can save money by easing the staff head count while guaranteeing good service response time. Besides its always-on feature, another major advantage of using chatbots is the consistency in how your business processes are applied: chatbots will execute the business logic consistently in all customer contacts.

 

Chatbots, advanced that it is, is not the panacea of all enterprise customer service problems, nor does it completely replace the entire human work force. Human agents are still required to solve the more complex problems that are beyond the ability of chatbots. While chatbots can resolve the most basic troubleshooting tasks, second-level support technicians are still required to tackle the complicated product issues.

State of the union

The chatbot technology is still an emerging technology. There are many components that have to work together to make chatbots work. As of today, the technology stack is not standardized, and a clear market leader has not yet manifested itself.

 

Just as there are many messaging apps, there are as many, if not more, chatbot building platforms, each designed to work with a subset of specific messaging apps. Some messaging app vendors, such as Facebook and Telegram, also provide their own official chatbot building platforms. Besides those, there are other third-party chatbot platforms that support multiple messaging apps. For instance, Chatfuel is a chatbot platform that supports both Facebook and Telegram. The Microsoft Bot Framework supports Facebook Messenger, Slack, and SMS.

 

Most chatbot building platforms claim that chatbots can be developed in minutes with no coding required. While creating a chatbot may take only minutes, making it do something useful involves customization including configuring the AI front-end engine, the e-commerce and payment processor backend, etc. Given the myriad technical choices and possibilities, it is best to leverage professional help to guide the development of chatbots for your business enterprise.

Chatbots and Drupal

Many businesses have already crafted their online presence in the form of a website using an enterprise-class CMS technology, for instance, Drupal. The good news is that you can add chatbot technology to your existing technology infrastructure, rather than starting from scratch.

 

If you have already built an enterprise-class Drupal website, you are a one-step ahead of everyone else. The Drupal infrastructure is essentially a portal that captures your business logic, including the backend portion that interfaces with your e-commerce and other back office systems. Adding chatbots to your overall technology stack involves adding the proper middleware to connect your chatbot frontend with your Drupal-based business logic backend.

 

As stated in the previous section, chatbots itself is an emerging technology that may be outside the scope for most in-house development expertise. Adding the middleware to join together chatbots and your Drupal backend is an extra level of software complexity. This middleware framework is available from the Drupal community, but is currently in a very early stage for commercialization. To ensure success for your chatbot project, professional consulting is highly recommended.

 

If you require professional services, whether to build from scratch an enterprise-class Drupal website with chatbot integration, or to add chatbot capabilities to your existing Drupal platform, Vardot is pleased to offer such services from its Jordanian headquarters or its American and Egyptian regional offices. Contact us now for more details regarding your project!

Deeson: Component driven front-end development

Drupal Planet -

At Deeson we’ve been working on ways to develop our front-end independently from any back-end application.

Our front-end team has developed web applications using decoupled JavaScript frameworks including Angular and React but we’ve found that for many website projects a full web application is overkill and the traditional HTML templating approach is still the most efficient.

Our back-end application is usually Drupal but we’re increasingly using other frameworks such as Laravel or Symfony and would like to be able to use a consistent approach for our front-end teams. 

We’ve developed a system for this that allows modern build tools, practices Component Driven Development, allows the generation of living style guides and is agnostic to the back-end.

Component Driven Development 

A component, for us, is a collection of HTML, CSS and JS that goes together to form some display element. Consider this against a more traditional approach where HTML, CSS and JS are stored in separate global files, for example, in a global style.css and app.js files.

By grouping code together into components, we separate our application by the domain language, rather than arbitrarily by file extension. This isolates components and makes them easier to develop and maintain.

Components get named based on the domain language of the project and client. Components are not defined for the designer by the limitations and modeling of the application. This provides a common language for the designers, developers and client and reduces the chances of misunderstanding when it comes to the development of functionality.

Using the BEM approach to structuring CSS we isolate much of our CSS to specific components rather than continuously generalising CSS in the way a CSS framework like Bootstrap does. This isolates much of the CSS to a specific component giving us high cohesion and low coupling allowing for confident maintenance, removing much of the fear of wondering what effect changing a piece of CSS is will have on the whole site.

This better matches the way that we work where the complexity of our challenging designs mean rapid delivery using a CSS framework isn’t possible.

Living style guides

The output of our front-end development will include a style guide which will render each of our components into static pages.

Style guides are useful as they demonstrate the components independently of the specific implementation. This allows more rapid front-end development as front-end developers can work without having to worry about how the back-end will integrate.

Over time, however, these style guides move out of sync with the applications they were developed to provide styling information for. An application developer's job is to integrate the HTML provided by the style guide into the finished site. This has meant copying and pasting code out of the style guide templates and into the application’s templating system.

At this point we have duplication of code and the ability to maintain a strict style guide is lost. When the style guide is updated, all the application templates affected must be identified and updated as well.

Our approach makes the style guide a living style guide. The front-end templates we produce for our components get referenced directly from the target applications theme system. This means that our front-end templates are the exact same ones that the application will be using within the theme.

Front-end developers can make changes to it knowing that those changes will flow through into the application without need for a second step.

For Drupal developers this means either providing new theme functions for the front-end templates or referencing our front-end templates from within Drupal templates.

Modern build tools, agnostic to the back-end

Freed from the constraints of a specific application’s templating system we can select the most appropriate tools for the job of front-end development.

Our front-end tooling uses the latest standards and tools. We’re using yarn for package management, and webpack to bundle the static assets. 

Very little knowledge of the back-end is assumed or needed in this approach. You can confidently bring new front-end developers onto your team who are used to using the latest tools without having to spend the first few weeks teaching them the specific theming language and quirks of your back-end application such as the Drupal theme layer.

A real example 

We’ve got an exemplar project to showcase this way of working. If you clone the project at https://github.com/teamdeeson/cdd-demo and follow the instructions in the README you’ll get a Drupal 8 project up and running with a theme that uses this process. You’ll see we’ve developed a componentised version of the Bartik theme for this.

If you are intrigued by this and would like to hear more, you’ll enjoy my talk on the subject at DrupalCon Vienna on 26th September.

In summary

Component driven front-end development has worked well for us at Deeson, allowing rapid independent development of our front-end code. Our designers are freed from the previous constraints of designing for a Drupal website and our developers get to use the latest tools and get onboarded quicker.

Like the sound of the way we do things? We're currently hiring a Senior Front-end Developer.

CodeSOD: Mutex.js

The Daily WTF -

Just last week, I was teaching a group of back-end developers how to use Angular to develop front ends. One question that came up, which did suprise me a bit, was how to deal with race conditions and concurrency in JavaScript.

I’m glad they asked, because it’s a good question that never occurred to me. The JavaScript runtime, of course, is single-threaded. You might use Web Workers to get multiple threads, but they use an Actor model, so there’s no shared state, and thus no need for any sort of locking.

Chris R’s team did have a need for locking. Specifically, their .NET backend needed to run a long-ish bulk operation against their SqlServer. It would be triggered by an HTTP request from the client-side, AJAX-style, but only one user should be able to run it at a time.

Someone, for some reason, decided that they would implement this lock in front-end JavaScript, since that’s where the AJAX calls were coming from..

var myMutex = true; //global (as in page wide, global) variable function onClickHandler(element) { if (myMutex == true) { myMutex = false; // snip... if ($(element).hasClass("addButton") == true) { $(element).removeClass("addButton").addClass("removeButton"); // snip... $.get(url).done(function (r) { // snip... this code is almost identical to the branch below setTimeout("myMutex = true;", 100); }); } else { if ($(element).hasClass("removeButton") == true) { $(element).removeClass("removeButton").addClass("addButton"); // snip... $.get(url).done(function (r) { // snip... this code is almost identical to the branch above setTimeout("myMutex = true;", 100); }); } } } }

You may be shocked to learn that this solution didn’t work, and the developer responsible never actually tested it with multiple users. Obviously, a client side variable isn’t going to work as a back-end lock. Honestly, I’m not certain that’s the worst thing about this code.

First, they reinvented the mutex badly. They seem to be using CSS classes to hold application state. They have (in the snipped code) duplicate branches of code that vary only by a handful of flags. They aren’t handling errors on the request- which, when this code started failing, made it that much harder to figure out why.

But it’s the setTimeout("myMutex = true;", 100); that really gets me. Why? Why the 100ms lag? What purpose does that serve?

Chris threw this code away and put a mutex in the backend service.

hljs.initHighlightingOnLoad(); [Advertisement] High availability, Load-balanced or Basic – design your own Universal Package Manager, allow the enterprise to scale as you grow. Download and see for yourself!

Illinois Tests A Blockchain-Based Birth Registry/ID System

Slashdot -

An anonymous reader quotes Government Technology: The state of Illinois, which has six blockchain pilots underway, will partner with Utah-based Evernym for a birth registry pilot meant to individualize and secure identities... The endeavor, one of six distinct blockchain explorations Illinois began last summer with a working group, is expected to utilize the Sovrin Foundation's publicly available distributed identity ledger and expand upon accomplishments of the W3C Verifiable Claims Task Force, the state said... Recognizing that identity -- and, now, digital identity -- begin at birth, the state will explore using these technologies to create "a secure 'self-sovereign' identity for Illinois citizens during the birth registration process," it said in the announcement. More from the Illinois Blockchain Initiative site: Self-sovereign identity refers to a digital identity that remains entirely under the individual's control. A self-sovereign identity can be efficiently and securely validated by entities who require it, free from reliance on a centralized repository. Jennifer O'Rourke, Blockchain Business Liaison for the Illinois Blockchain Initiative commented, "To structurally address the many issues surrounding digital identity, we felt it was important to develop a framework that examines identity from its inception at child birth... Identity is not only foundational to nearly every government service, but is the basis for trust and legitimacy in the public sector." In the proposed framework, government agencies will verify birth registration information and then cryptographically sign identity attributes such as legal name, date of birth, sex or blood type, creating what are called "verifiable claims" or attributes. Permission to view or share each of these government-verified claims is stored on the tamper-proof distributed ledger protocol in the form of a decentralized identifier... This minimizes the need for entities to establish, maintain and rely upon their own proprietary databases of identity information. Evernym's "Chief Trust Officer" sees the program as "a major contribution to the larger effort of solving the online identity problem."

Read more of this story at Slashdot.

Can An Individual Still Resist The Spread of Technology?

Slashdot -

schwit1 shares a column from the Chicago Tribune: When cellphones first appeared, they gave people one more means of communication, which they could accept or reject. But before long, most of us began to feel naked and panicky anytime we left home without one. To do without a cellphone -- and soon, if not already, a smartphone -- means estranging oneself from normal society. We went from "you can have a portable communication device" to "you must have a portable communication device" practically overnight... Today most people are expected to be instantly reachable at all times. These devices have gone from servants to masters... Few of us would be willing to give up modern shelter, food, clothing, medicine, entertainment or transportation. Most of us would say the trade-offs are more than worth it. But they happen whether they are worth it or not, and the individual has little power to resist. Technological innovation is a one-way street. Once you enter it, you are obligated to proceed, even if it leads someplace you would not have chosen to go. The column argues "the iPhone X proves the Unabomber was right," citing this passage from the 1996 manifesto of the anti-technology terrorist. "Once a technical innovation has been introduced, people usually become dependent on it, so that they can never again do without it, unless it is replaced by some still more advanced innovation. Not only do people become dependent as individuals on a new item of technology, but, even more, the system as a whole becomes dependent on it."

Read more of this story at Slashdot.

Kids Praised for Being Smart are More Likely to Cheat

Slashdot -

An anonymous reader quotes the University of California: An international team of researchers reports that when children are praised for being smart not only are they quicker to give up in the face of obstacles, they are also more likely to be dishonest and cheat. Kids as young as age 3 appear to behave differently when told "You are so smart" vs. "You did very well this time"... The research builds on well-known work by Stanford's Carol Dweck, author of "Mindset," who has shown that praising a child's innate ability instead of the child's effort or a specific behavior has the unintended consequence of reducing their motivation to learn and their ability to deal with setbacks... In another study, published recently in Developmental Science, the same co-authors show that the consequences are similar even when children are not directly praised for their smarts but are merely told that they have a reputation for being smart. Then again, another study found that students also performed better in school if you paid them to get good grades.

Read more of this story at Slashdot.

Pages

Subscribe to Heydon Consulting aggregator