Feed aggregator

ActiveLAMP: Shibboleth Authentication in Symfony 2.8+|3.0+

Drupal Planet -

We recently had the opportunity to work on a Symfony app for one of our Higher Ed clients that we recently built a Drupal distribution for. Drupal 8 moving to Symfony has enabled us to expand our service offering. We have found more opportunities building apps directly using Symfony when a CMS is not needed. This post is not about Drupal, but cross posting to Drupal Planet to demonstrate the value of getting off the island. Writing custom authentication schemes in Symfony used to be on the complicated side. But with the introduction of the Guard authentication component, it has gotten a lot easier.

Read more...

Japanese Company Develops a Solar Cell With Record-Breaking 26%+ Efficiency

Slashdot -

An anonymous reader quotes a report from Ars Technica: The silicon-based cells that make up a solar panel have a theoretical efficiency limit of 29 percent, but so far that number has proven elusive. Practical efficiency rates in the low-20-percent range have been considered very good for commercial solar panels. But researchers with Japanese chemical manufacturer Kaneka Corporation have built a solar cell with a photo conversion rate of 26.3 percent, breaking the previous record of 25.6 percent. Although it's just a 2.7 percent increase in efficiency, improvements in commercially viable solar cell technology are increasingly hard-won. Not only that, but the researchers noted in their paper that after they submitted their article to Nature Energy, they were able to further optimize their solar cell to achieve 26.6 percent efficiency. That result has been recognized by the National Renewable Energy Lab (NREL). In the Nature Energy paper, the researchers described building a 180.4 cm2 cell using high-quality thin-film heterojunction (HJ) -- that is, layering silicon within the cell to minimize band gaps where electron states can't exist. Controlling heterojunctions is a known technique among solar cell builders -- Panasonic uses it and will likely incorporate it into cells built for Tesla at the Solar City plant in Buffalo, and Kaneka has its own proprietary heterojunction techniques. For this record-breaking solar cell, the Kaneka researchers also placed low-resistance electrodes toward the rear of the cell, which maximized the number of photons that collected inside the cell from the front. And, as is common on many solar cells, they coated the front of the cell with a layer of amorphous silicon and an anti-reflective layer to protect the cell's components and collect photons more efficiently.

Read more of this story at Slashdot.

LastPass Bugs Allow Malicious Websites To Steal Passwords

Slashdot -

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.

Read more of this story at Slashdot.

W3C Erects DRM As Web Standard

Slashdot -

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

Read more of this story at Slashdot.

'Dig Once' Bill Could Bring Fiber Internet To Much of the US

Slashdot -

An anonymous reader quotes a report from Ars Technica: If the U.S. adopts a "dig once" policy, construction workers would install conduits just about any time they build new roads and sidewalks or upgrade existing ones. These conduits are plastic pipes that can house fiber cables. The conduits might be empty when installed, but their presence makes it a lot cheaper and easier to install fiber later, after the road construction is finished. The idea is an old one. U.S. Rep. Anna Eshoo (D-Calif.) has been proposing dig once legislation since 2009, and it has widespread support from broadband-focused consumer advocacy groups. It has never made it all the way through Congress, but it has bipartisan backing from lawmakers who often disagree on the most controversial broadband policy questions, such as net neutrality and municipal broadband. It even got a boost from Rep. Marsha Blackburn (R-Tenn.), who has frequently clashed with Democrats and consumer advocacy groups over broadband -- her "Internet Freedom Act" would wipe out the Federal Communications Commission's net neutrality rules, and she supports state laws that restrict growth of municipal broadband. Blackburn, chair of the House Communications and Technology Subcommittee, put Eshoo's dig once legislation on the agenda for a hearing she held yesterday on broadband deployment and infrastructure. Blackburn's opening statement (PDF) said that dig once is among the policies she's considering to "facilitate the deployment of communications infrastructure." But her statement did not specifically endorse Eshoo's dig once proposal, which was presented only as a discussion draft with no vote scheduled. The subcommittee also considered a discussion draft that would "creat[e] an inventory of federal assets that can be used to attach or install broadband infrastructure." Dig once legislation received specific support from Commerce Committee Chairman Greg Walden (R-Ore.), who said that he is "glad to see Ms. Eshoo's 'Dig Once' bill has made a return this Congress. I think that this is smart policy and will help spur broadband deployment across the country."

Read more of this story at Slashdot.

Jeff Geerling's Blog: Use a Drupal 8 BLT project with Drupal VM on Windows 7 or Windows 8

Drupal Planet -

Windows 10 is the only release Acquia's BLT officially supports. But there are still many people who use Windows 7 and 8, and most of these people don't have control over what version of Windows they use.

Drupal VM has supported Windows 7, 8, and 10 since I started building it a few years ago (at that time I was still running Windows 7), and using a little finesse, you can actually get an entire modern BLT-based Drupal 8 project running on Windows 7 or 8, as long as you do all the right things, as will be demonstrated in this blog post.

Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data

Slashdot -

A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.

Read more of this story at Slashdot.

GNOME 3.24 Released

Slashdot -

prisoninmate quotes a report from Softpedia: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard and Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release. The full release notes can be viewed here. Softpedia notes in conclusion: "As mentioned before, it will take at least a couple of weeks for the new GNOME 3.24 packages to land on the stable repositories of your favorite distro, which means that you'll most probably be able to upgrade from GNOME 3.22 when the first point release, GNOME 3.24.1, is out on April 12, 2017."

Read more of this story at Slashdot.

17,000 AT&T Workers Go On Strike In California and Nevada

Slashdot -

An anonymous reader quotes a report from Fortune: Approximately 17,000 workers in AT&T's traditional wired telephone business in California and Nevada walked out on strike on Wednesday, marking the most serious labor action against the carrier in years. The walkout -- formally known as a grievance strike -- occurred after AT&T changed the work assignments of some of the technicians and call center employees in the group, the Communications Workers of America union said. The union would not say how long the strike might last. A contract covering the group expired last year and there has been little progress in negotiations over sticking points like the outsourcing of call center jobs overseas, stagnant pay, and rising health care costs. The union said it planned to file an unfair labor charge with the National Labor Relations Board over the work assignment changes. "A walkout is not in anybody's best interest and it's unfortunate that the union chose to do that," an AT&T spokesman told Fortune. "We're engaged in discussion with the union to get these employees back to work as soon as possible."

Read more of this story at Slashdot.

Nintendo Is Repairing Left Joy-Cons With<nobr> <wbr></nobr>... a Piece of Foam?

Slashdot -

While Nintendo remains silent on the issue of some left Joy-Con controllers becoming desynced from the Switch console, it appears it has a solution for those affected. No, it's not avoidance of aquariums or all other wireless devices; instead, it's apparently as simple as a foam sticker placed in the right spot. From a report: Early reviews and, later, actual retail units of the Nintendo Switch highlighted an apparent hardware flaw in the design of the left Joy-Con controller. In certain scenarios -- like when played some distance from the console using the Joy-Con Grip -- some left Joy-Cons could lose sync and players would find themselves unable to accurately control what's happening on the screen. While a day one console update fixed this issue for some, it's remained for others and Nintendo has done little to assuage would-be consumers that it's solved the issue for good. But, a Joy-Con sent in for repair by CNET's Sean Hollister was returned with one small enhancement a week later and -- lo and behold -- it works. That enhancement: A small piece of conductive foam.

Read more of this story at Slashdot.

Sooper Drupal Themes: Are you ready for Drupal 8?

Drupal Planet -

Between the rush of product updates we're putting out lately, a moment of reflection...

Like many other Drupal shops and theme/product developers I've been taking it easy with major investment in D8. But times are changing. Now we are seeing a time where Google searches including Drupal 8 are more numerous than searches containing Drupal 7. This is by no means a guarantee that D8 is a clear winner but to me it is a sign of progress and it inspires enough confidence to push ahead with our Drupal 8 product upgrades. SooperThemes is on schedule to release our Drupal themes and modules on Drupal 8 soon and I'm sure it will be great for us and our customers.

2017 will be an interesting year for Drupal, a year in which Drupal 8 will really show whether it can be as popular as it's younger brother. The lines in the chart might be crossing but Drupal 8 some way to go before it is as popular as 7. Understanding that Drupal 8 is more geared towards developers one might say it never will, but I think that it's important for the open web that Drupal will stay competitive in the low end market. Start-ups like Tesla and SpaceX have demonstrated how Drupal can grow along with your business all the way towards IPO and beyond.

Is your business ready for Drupal 8?

Personally I think I will need a month or 2 before I can say I'm totally comfortable with shifting focus of development to Drupal 8. Most of my existing customers are on Drupal 7 and my Drupal 7 expertise and products will not be irrelevant any time soon. One thing that is holding me back is uncertainty about media library features in Drupal 8, I hope the D8media team will be successful with their awesome work that puts this critical feature set in core.

If you are a Drupal developer, themer, or business owner, how do you feel about Drupal 8? Are you getting more business for Drupal 8 than Drupal 7? How is your experience with training yourself or your staff to work with Drupal 8 and it's more object oriented code? 

Let me know in the comments if you have anything to share about what Drupal 8 means to you!

Plans For London-Paris Electric Flight in 'Next Decade' Unveiled

Slashdot -

A start-up has unveiled ambitious plans to offer an electric-powered commercial flight between London and Paris in the next ten years. From a report: Wright Electric believes the proposed low-emission electric plane would offer a cheaper alternative to jet fuel for airlines and consumers. However, the start-up's bid to revolutionize short-haul flights relies on the continued advancement of battery technology. The company, who pitched to investors this week, would be forced to switch to a hybrid of aviation fuel and electricity if the advances in battery technology fail to materialise.

Read more of this story at Slashdot.

Valuebound: How to send custom formatted HTML mail in Drupal 8 using hook_mail_alter()

Drupal Planet -

As you can understand from name itself it’s basically used to Alter an email created with drupal mail in D7/ MailManagerInterface->mail() in D8.  hook_mail_alter() allows modification of email messages which includes adding and/or changing message text, message fields, and message headers.

Email sent rather than drupal_mail() will not call hook_mail_alter(). All core modules use drupal_mail() & always a recommendation to use drupal_mail but it’s not mandatory.
 

Syntax: hook_mail_alter(&$message)

Parameters

$message: Array containing the message data. Below are the Keys in this array include:

  • 'id': The id of the message.
  • 'to': The…

GitLab 9.0 Released with Subgroups and Deploy Boards

LWN Headlines -

GitLab 9.0 has been released with many new features and improvements. "In the last several releases, GitLab has transformed how development teams get from idea to production. In just a few minutes, you can deploy GitLab to a container scheduler, add CI/CD with auto deployed review apps, utilize ChatOps, and analyze your cycle time. With 9.0 you can now watch your deploys with deploy boards and monitor application performance with Prometheus."

Ebay Asks Users To Downgrade Security

Slashdot -

Ebay has started to inform customers who use a hardware key fob when logging into the site to switch to receiving a one-time code sent via text message. The move from the company, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is "a downgrade to a less-secure option," say security reporter Brian Kerbs. He writes: In early 2007, PayPal (then part of the same company as Ebay) began offering its hardware token for a one-time $5 fee, and at the time the company was among very few that were pushing this second-factor (something you have) in addition to passwords for user authentication. I've still got the same hardware token I ordered when writing about that offering, and it's been working well for the past decade. Now, Ebay is asking me to switch from the key fob to text messages, the latter being a form of authentication that security experts say is less secure than other forms of two-factor authentication (2FA). The move by Ebay comes just months after the National Institute for Standards and Technology (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based two-factor authentication.

Read more of this story at Slashdot.

Hook 42: Stanford Drupal Camp 2017 - Ready, Git Set, Go!

Drupal Planet -

I fully embraced the motto “go big or go home” when I started to think about my first solo community presentation for Stanford Drupal Camp 2017. I wanted to force myself to learn a subject well enough that I could explain it to others. I like a challenge, so I set my eyes on understanding the fundamentals of Git. My presentation slides can be found here: https://legaudinier.github.io/Ready-Git-Set-Go/#.

'Extreme and Unusual' Climate Trends Continue After Record 2016

Slashdot -

From a report on BBC: In the atmosphere, the seas and around the poles, climate change is reaching disturbing new levels across the Earth. That's according to a detailed global analysis from the World Meteorological Organization (WMO). It says that 2016 was not only the warmest year on record, but it saw atmospheric CO2 rise to a new high, while Arctic sea ice recorded a new winter low. The "extreme and unusual" conditions have continued in 2017, it says. Reports earlier this year from major scientific bodies - including the UK's Met Office, Nasa and NOAA -- indicated that 2016 was the warmest year on record. The WMO's State of the Global Climate 2016 report builds on this research with information from 80 national weather services to provide a deeper and more complete picture of the year's climate data.

Read more of this story at Slashdot.

NTPsec Project announces 0.9.7

LWN Headlines -

The NTPsec Project has announced the 0.9.7 release of NTPsec, with assistance from the Mozilla Foundation's "Secure Open Source" initiative. NTPsec is an implementation of the Network Time Protocol (NTP). "NTPsec 0.9.7 incorporates significant improvements in security, accuracy, precision, visualization, and usability, with assistance, contributions, and audits provided by infosec researchers and other technical contributors. For this release, the NTPsec Project worked particularly closely with the Mozilla Foundation's "Secure Open Source" initiative, who funded an infosec audit, and with Cure53.de, who provided the audit."

Cord-Cutting Isn't Nearly as Significant as Cable Providers Make It Out To Be

Slashdot -

From a report on CNBC: Despite legacy media's anxieties about cord-cutting, data suggest that the phenomenon isn't nearly as significant as cable providers make it out to be. In its 11th annual "Digital Democracy Survey," Deloitte found that the percentage of American households that subscribe to paid television services has remained relatively stable since 2012, even as adoption of streaming services has accelerated. In its survey of 2,131 consumers, Deloitte said two-thirds of respondents reported they have kept their TV subscriptions because they're bundled with their internet plan. Kevin Westcott, vice chairman and U.S. media and entertainment leader at Deloitte, told CNBC that bundling seems to be a huge deterrent for cord cutting.

Read more of this story at Slashdot.

Pages

Subscribe to Heydon Consulting aggregator