Feed aggregator

myDropWizard.com: Most common Drupal site building pitfalls and how to avoid them! (Part 2 of 3)

Drupal Planet -

This is the second in a series of articles, in which I'd like to share the most common pitfalls we've seen, so that you can avoid making the same mistakes when building your sites!

myDropWizard offers support and maintenance for Drupal sites that we didn't build initially. We've learned the hard way which site building mistakes have the greatest potential for creating issues later.

And we've seen a lot of sites! Besides our clients, we also do a FREE in-depth site audit as the first step when talking to a potential client, so we've seen loads of additional sites that didn't become customers.

In the last article, we looked at security updates, badly installed module code and issues with patching modules, as well as specific strategies for addressing each of those problems. In this article, we'll look at how to do the most common Drupal customizations without patching!

NOTE: even though they might take a slightly different form depending on the version, most of these same pitfalls apply equally to Drupal 6, 7 and 8! It turns out that bad practices are quite compatible with multiple Drupal versions ;-)

Red Hat Enterprise Linux 6.9 released

LWN Headlines -

Red Hat has announced the release of Red Hat Enterprise Linux 6.9. "Red Hat Enterprise Linux 6.9 delivers new hardware support developed in collaboration with Red Hat partners which helps to provide a smooth transition of Red Hat Enterprise Linux 6 production deployments to Red Hat Enterprise Linux 7 environments. Additionally, Red Hat Enterprise Linux 6.9 adds updates to TLS 1.2 to further enhance secure communications and provide broader support for the latest PCI-DSS standards, better equipping enterprises to offer more secure online transactions."

Security updates for Tuesday

LWN Headlines -

Security updates have been issued by Debian (sitesummary), Fedora (jasper, knot-resolver, R, rkward, rpm-ostree, rpy, w3m, and xen), openSUSE (firefox), Red Hat (bash, coreutils, glibc, gnutls, kernel, libguestfs, ocaml, openssh, qemu-kvm, quagga, samba, samba4, subscription-manager, tigervnc, and wireshark), and Ubuntu (eglibc, glibc, firefox, freetype, gnutls26, NVIDIA graphics, and nvidia-graphics-drivers-375).

UK Flight Ban On Devices To Be Announced

Slashdot -

The UK is due to announce a cabin baggage ban on laptops, tablets and DVD players on certain passenger flights, after a similar US move. From a report on BBC: It is understood the UK restrictions may differ from the US Department of Homeland Security's ban, although details have not yet been released. Flights from 10 airports in eight Muslim-majority countries are subject to the US announcement. US officials said bombs could be hidden in a series of devices. BBC home affairs correspondent Daniel Sandford said the expected move was "obviously part of coordinated action with the US." The attempted downing of an airliner in Somalia last year was linked to a laptop device, and it appears the security precautions are an attempt to stop similar incidents, our correspondent added.

Read more of this story at Slashdot.

GitHub Now Lets Its Workers Keep the IP When They Use Company Resources For Personal Projects

Slashdot -

If it's on company time, it's the company's dime. That's the usual rule in the tech industry -- that if employees use company resources to work on projects unrelated to their jobs, their employer can claim ownership of any intellectual property (IP) they create. But GitHub is throwing that out the window. From a report on Quartz: Today the code-sharing platform announced a new policy, the Balanced Employee IP Agreement (BEIPA). This allows its employees to use company equipment to work on personal projects in their free time, which can occur during work hours, without fear of being sued for the IP. As long as the work isn't related to GitHub's own "existing or prospective" products and services, the employee owns it. Like all things related to tech IP, employee agreements are a contentious issue. In some US states, it's not uncommon for contracts to give companies full ownership of all work employees produce during their tenure, and sometimes even before and after their tenure, regardless of when or how they produce it. These restrictions have led to several horror stories, like the case of Alcatel vs. Evan Brown.

Read more of this story at Slashdot.

Google To Revamp Policies, Hire Staff After UK Ad Scandal

Slashdot -

Google vowed on Tuesday to police its websites better by ramping up staff numbers and overhauling its policies after several companies deserted the internet giant for failing to keep their adverts off hate-filled videos. From a report on Reuters: Google has found itself at the center of a British storm in recent days after major companies from supermarkets to banks and consumer groups pulled their adverts from its YouTube site after they appeared alongside videos carrying homophobic and anti-Semitic messages. Alphabet's Google launched a review of the problem on Friday, apologized on Monday and said on Tuesday it had revamped its policies to give advertisers more control.

Read more of this story at Slashdot.

Apple iPad is a Faster, Cheaper iPad Air 2

Slashdot -

Say good-bye to the iPad Air, it's just the iPad now. From a report on CNET: Apple announced on Tuesday morning that it will be dropping the price of the 9.7-inch iPad by $70. The tablet's A8X processor will be getting an upgrade too, jumping over to the A9 chip used in the iPad Pro. The upgrade will replace the iPad Air 2, but the iPad Mini 4 will live on, starting at $399. The updated pricing will start on Friday, at $329 for the 32GB model and $459 for the 32GB WiFi with cellular service model. It's Apple's cheapest iPad, after the company decided to replace the iPad Mini 2, which started at $269. Although Apple's iPad is leading the tablet market, it's still a tumbling one as demand takes a decline thanks to people holding onto their tablets longer.

Read more of this story at Slashdot.

John Goodenough's Colleagues Are Skeptical of His New Battery Technology

Slashdot -

Earlier this month, a research team led by John Goodenough announced that they had created a new fast charging solid-state battery that can operate in extreme temperatures and store five to ten times as much energy as current standard lithium-ion batteries. The announcement was big enough to have Google's Eric Schmidt tweeting about it. However, there are some skeptics, including other leading battery researchers. "For his invention to work as described, they say, it would probably have to abandon the laws of thermodynamics, which say perpetual motion is not possible," reports Quartz. "The law has been a fundamental of batteries for more than a century and a half." Quartz reports: Goodenough's long career has defined the modern battery industry. Researchers assume that his measurements are exact. But no one outside of Goodenough's own group appears to understand his new concept. The battery community is loath to openly challenge the paper, but some come close. "If anyone but Goodenough published this, I would be, well, it's hard to find a polite word," Daniel Steingart, a professor at Princeton, told Quartz. Goodenough did not respond to emails. But in a statement released by the University of Texas, where he holds an engineering chair, he said, "We believe our discovery solves many of the problems that are inherent in today's batteries. Cost, safety, energy density, rates of charge and discharge and cycle life are critical for battery-driven cars to be more widely adopted." In addition, Helena Braga, the paper's lead author, in an exchange of emails, insisted that the team's claims are valid. For almost four decades, Goodenough has dominated the world of advanced batteries. If anyone could finally make the breakthrough that allows for cheap, stored electricity in cars and on the grid, it would figure to be him. Goodenough invented the heart of the battery that is all but certainly powering the device on which you are reading this. It's the lithium-cobalt-oxide cathode, invented in 1980 and introduced for sale by Sony in 1991. Again and again, Goodenough's lab has emerged with dramatic discoveries confirming his genius. It's what is not stated in the paper that has some of the battery community stumped. How is Goodenough's new invention storing any energy at all? The known rules of physics state that, to derive energy, differing material must produce differing eletro-chemical reactions in the two opposing electrodes. That difference produces voltage, allowing energy to be stored. But Goodenough's battery has pure metallic lithium or sodium on both sides. Therefore, the voltage should be zero, with no energy produced, battery researchers told Quartz. Goodenough reports energy densities multiple times that of current lithium-ion batteries. Where does the energy come from, if not the electrode reactions? That goes unexplained in the paper.

Read more of this story at Slashdot.

[$] ZONE_DEVICE and the future of struct page

LWN Headlines -

The opening session of the 2017 Linux Storage, Filesystem, and Memory-Management Summit covered a familiar topic: how to represent (possibly massive) persistent-memory arrays to various subsystems in the kernel. This session, led by Dan Williams, focused in particular on the ZONE_DEVICE abstraction and whether the kernel should use page structures to represent persistent memory or not.

Tales from the Interview: That Lying First Impression

The Daily WTF -

Dima had just finished her Masters in electrical engineering, and was eagerly seeking out a job. She didn't feel any particular need to stick close to her alma mater, so she'd been applying to jobs all over the country.

When the phone rang during lunch hour, she was excited to learn it was a recruiter. After confirming he had the right person on the phone, he got right down to business: "We saw your resume this morning, and we're very impressed. We'd like you to come out for an on-site interview and tour. What's your availability next week?"

Dima agreed. It was only after she hung up that she realized he'd never given his name or company. Thankfully, he sent her an email within ten minutes with the information. It seemed he was representing DefCo, a major defense contractor with the US government. This would normally be worth a look; it was particularly interesting, however, because she'd only submitted her resume about an hour and a half prior.

They must be really impressed, she thought as she replied to confirm the travel arrangements. It'll be nice working someplace large that doesn't take forever to get things done.

A week later, Dima hopped out of the cab and made her way into the building. Wrinkle number one immediately presented itself: there were at least twenty other people standing around looking nervous and holding resumes.

I guess they interview in groups? she wondered. Well, they're clearly efficient.

As Dima waited to tour her first top-secret manufacturing plant, she made small talk with some of the other candidates, and hit wrinkle number two: they weren't all here for the same job. Several were business majors, others had only a high school diploma, while others were mathematicians and liberal arts majors.

Clearly they're consolidating the tour. Then we'll split up for interviews ...?

The tour guide, a reedy man with a nervous demeanor and a soft, timid voice, informed them that interviews would be conducted later in the day, after the tour. He walked them down the hallway.

Dima kept close to near the front so she could hear what he was saying. She needn't have bothered. As they passed the first closed door, he gestured to it and stammered out, "This might be a lab, I think? It could be one of the engineering labs, or perhaps one of the test facilities. They might even be writing software behind there. It's bound to be something exciting."

This went on for the better part of two hours. They passed locked door after locked door, with their guide only speculating on what might be inside as he fidgeted with his glasses and avoided eye contact. Finally, he declared, "And now, we'll tour the test facilities. Right this way to the warehouse, please. You're going to love this."

Wait, he didn't hedge his bets? We might actually see something today?! Dima knew better than to get her hopes up, but she couldn't help it. It wasn't as though they could get any lower.

They were let into the warehouse, and their guide took them straight toward one particular corner. As they crowded around what appeared to be an ordinary truck, their guide explained its significance in hushed, breath-taken tones: "This is the system upon which our new top-secret mobile Smart-SAM and cross-pulsed radar will be mounted. Soon, this will be one of the most advanced mobile platforms in the United States!"

And soon, it will be exciting, thought Dima in dismay. Right now, it's a truck.

"This concludes our tour," announced the guide, and it was all Dima could do not to groan. At least the interview is next. That can't be nearly as much of a let-down as the tour.

Dima was shown to a waiting area with the mathematician, while the others were spilt into their own separate areas. She was called back for her interview moments later. At least they're still punctual?

The interviewer introduced himself, and they shook hands. "Have you ever worked on a power supply, Dima?" he asked, which seemed like a logical question to begin the interview. She was just about to answer when he continued, "Just last week I was working on the supply for our cross-pulsed radar. That thing is huge, you wouldn't even believe it. Of course, it's not the biggest one I've ever built. Let's see now, that would've been back in '84 ..."

To her horror, he continued in this vein for fifteen minutes, discussing all the large power supplies he'd worked on. For the last five minutes of the interview he changed topics, discussing sound amplifiers you could run off those power supplies, and then which bands would make best use of them (Aerosmith? Metallica? Dima didn't care. She just kept nodding, no longer bothering to even smile). Finally, he thanked her for her time, and sent her on her way.

The next day, Dima was informed that she hadn't obtained the position. She breathed a sigh of relief and went on with her search.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Agiledrop.com Blog: AGILEDROP: Drupal Logos representing National Identities

Drupal Planet -

We are now very deep into our »Druplicon marathon«. After already presenting you Drupal Logos in Human and Superhuman forms, Drupal Logos as Fruits and Vegetables, Druplicons in the shapes of Animals and Drupal Logos taking part in the outdoor activities, it's now time to look at Drupal Logos representing the national identities. A sense of belonging to one nation can be very strong. National identities are therefore also present in various Druplicons. Latter mostly represent active or inactive Drupal Groups from the specific countries. These groups connect Drupalistas from that specific… READ MORE

New Technology Combines Lip Motion and Passwords For User Authentication

Slashdot -

An anonymous reader writes: "Scientists from the Hong Kong Baptist University (HKBU) have developed a new user authentication system that relies on reading lip motions while the user speaks a password out loud," reports BleepingComputer. Called "lip password" the system combines the best parts of classic password-based systems with the good parts of biometrics. The system relies on the uniqueness of someone's lips, such as shape, texture, and lip motions, but also allows someone to change the lip motion (password), in case the system ever gets compromised. Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised.

Read more of this story at Slashdot.

MD Systems blog: Drupal 8 security features: Cross site request forgery (XSRF)

Drupal Planet -

Recently, we had to create a security report for one of our clients about their Drupal 8 project. We described how Drupal 8 protects against most common vulnerabilities and added some project specific tests to secure as good as possible that it cannot be attacked. This resulted in a document that we thought is worth to be transferred into a series of blog posts.

Web Omelette: Storing user data such as preferences in Drupal 8 using the UserData service

Drupal Planet -

Have you ever needed to persist some irregular data relating with a user account? Things like user preferences or settings that are kinda configuration but not really? Storing them as configuration means having to export them, and that’s no option. Storing them in State is an option, but not a good one as you’d have to maintain a State value map with each of your users and who wants to deal with that…

In Drupal 7, if you remember way back when, we had this data column in the user table which meant that we could add to the $user->data array whatever we wanted and it would get serialised and saved in that column (if we saved the user object). So what is the equivalent of this in Drupal 8?

I’m happy to say we have the exact same thing, but of course much more flexible and properly handled. So not exactly the same. But close. We have the user.data service provided by the User module and the users_data table for storage. So how does this work?

First of all, it’s a service. So whenever we need to work with it, we have to get an instance like so:

/** @var UserDataInterface $userData */ $userData = \Drupal::service('user.data');

Of course, you should inject it wherever possible.

The resulting object (by default) will be UserData which implements UserDataInterface. And using this object we can store as many pieces of data or information for a given user as we want. Let’s explore this a bit to learn more.

The interface has 3 methods or handling data: get(), set(), delete(). But the power comes in the method arguments. This is how we can store some data for User 1:

$userData->set('my_module', 1, 'my_preference', 'this is my preference');

So as you can see, we have 4 arguments:

  • The module name we want this piece of data to be findable by
  • The user ID
  • The name of the piece of data
  • The value of the piece of data

This is very flexible. First, we can have module specific data. No more colluding with other modules for storing user preferences. Stay in your lane. Second, we can have multiple pieces of data per user, per module. And third, the value is automatically serialised for us so we are not restricted to simple strings.

Retrieving data can be done like so:

$data = $userData->get('my_module', 1, 'my_preference');

This will return exactly this is my preference (in our case). And deserialisation also happens automatically if your data got serialised on input.

Deleting data is just as easy:

$userData->delete('my_module', 1, 'my_preference');

Moreover, most of the arguments of the get() and delete() methods are optional. Meaning you can load/delete multiple pieces of data at once. Check out UserDataInterface to see how omitting some arguments can return/delete sets of records rather than individual ones.

And that is pretty much it. And in true Drupal 8 form, there’s nobody stopping you from overriding the service and using your own UserDataInterface implementation that has that little extra something you are missing. So no, you probably don’t have to create that custom table after all.

Norway Plans to Build the World's First Ship Tunnel

Slashdot -

Norway is planning to build the world's first ship tunnel through the country's Stad peninsula, which is home to harsh weather conditions that often delay shipments and cause dangerous conditions for ship crews. The proposed tunnel would enable ships to travel through the peninsula in safety. New Atlas recently interviewed Stad Ship Tunnel Project Manager Terje Andreassen about the project: NA: We'd usually expect a canal to be built for this kind of purpose, so why a tunnel? Because in this case we are crossing a hill which is more than 300 meters (384 ft) high. The only alternative is a tunnel. From a maritime point of view this is still a canal, but with a "roof." NA: How would you go about making such a large tunnel -- would you use a boring machine, for example, or explosives? First we will drill horizontally and use explosives to take out the roof part of the tunnel. Then all bolts and anchors to secure the roof rock before applying shotcrete. The rest of the tunnel will be done in the same way as in open mining. Vertical drilling and blasting with explosives down to the level of 12 m (42 ft) below the sea level. NA: How much rock will be removed, and how will you go about removing it? There will be 3 billion cubic meters (over 105 billion cubic ft) of solid rock removed. All transportation from the tunnel area will be done by large barges. NA: What, if any, are the unique challenges to building a ship tunnel when compared with a road tunnel? The challenge is the height of this tunnel. There is 50 m (164 ft) from bottom to the roof, so all secure works and shotcrete must be done in several levels. The tunnel will be made dry down to the bottom. We solve this by leaving some rock unblasted in each end of the tunnel to prevent water flowing in. Assuming it does indeed go ahead -- and with the Norwegian government having already set aside the money, this seems relatively likely -- the Stad Ship Tunnel will reach a length of 1.7 km (1.05 miles), and measure 37 m (121 ft) tall and 26.5 m (87 ft) wide. It's expected to cost NOK 2.3 billion (over US$272 million) to build and won't actually speed up travel times, but instead focuses on making the journey safer. Top-tier architecture and design firm Snohetta has designed the entrances, and the company's early plans include sculpted tunnel openings and adding LED lighting on the tunnel ceiling.

Read more of this story at Slashdot.

Most Teens Who Abuse Opioids First Got Them From a Doctor

Slashdot -

An anonymous reader quotes a report from Live Science: Most American teenagers who abuse opioid drugs first received the drugs from a doctor, a new study finds. Researchers looked at trends in the use of prescription opioids among U.S. adolescents from 1976 to 2015. They found a strong correlation between teens' taking the drugs for medical reasons and then later taking them for "non-medical" reasons, or in other words, abusing them, according to the study published today (March 20) in the journal Pediatrics. In 2015, the the most recent year of the study, 8 percent of adolescents reported abusing prescription opioids, and the majority of them had been prescribed opioids previously, the researchers found. The U.S. consumes about 80 percent of the world's prescription opioid supply. There has been consistent growth in the number of prescriptions written for opioids in the U.S., rising from 76 million prescriptions in 1991 to 207 million in 2013, according to the National Institute on Drug Abuse. However, the new study revealed that among teens, both medical and non-medical use of opioid medications has declined in recent years, starting in 2013. The decline may be due to careful prescribing practices, Sean McCabe, a research professor at the University of Michigan, said. There are several medical procedures that teens may undergo for which opioids are recommended for pain management. But doctors can be careful about the amount of these drugs they prescribe, and limit refills. Parents can make sure that any leftover pills are discarded. Another report was published today in the journal Pediatrics that analyzed data from the National Poison Data System. It found that of all 188,468 prescription opioid exposures reported for youth under 20 years old between 2000 and 2015, nearly all the exposures occurred at a home and were most common among children under 5, accounting for six of every 10 cases. According to NPR, those children were able to get their hands on the medication because it was improperly stored or was in a purse.

Read more of this story at Slashdot.

Pages

Subscribe to Heydon Consulting aggregator