Acquia U week one highlights
The group had a really busy week. Everyone from the Services department was on hands at Acquia - So they got a chance to meet with Dries, Peter Guagenti (VP Services) as well as Bryan house (VP Marketing) and many others.
In addition, as the group was cramming to get their work done, we got iced by the PS team.
With all that extra-curricular activity, they were crammed to get their assignment in. The assignment was simple:
- Build a Drupal Gardens site as a portfolio of your work.
- Interview 5 Acquians (selected at random).
- Publish their interviews / photos on your site.
- Build a view with list and tabular displays that can filter by department.
- Make a block which showed a random Acquian.
The results where absolutely impressive. A few of these people (including Andrew - the first one below) were using Drupal for the first time! The group has since moved on, their portfolios have been moved to Acquia hosting.
Here's a few screenshots and links - check it out and get to know some Acquians and how the Ubies did on their first assignments.
Please show the Ubies some love and comment on their blogs / follow them on twitter.
http://andrew.u.acquia.com/interviews
http://paradise.drupalgardens.com/acquian-list
http://erica.u.acquia.com/projects/getting-know-you
http://water.drupalgardens.com/acquia-staff-list
http://mark.u.acquia.com/Interviews
http://sam.u.acquia.com/interview-list
http://madhura.u.acquia.com/interviews
http://checo.u.acquia.com/interviews
Tags: acquiadrupalplanetacquiautrainingicedmm_t:Looking at Acquia Dev Cloud and Pantheon
Until recently i was hosting my site on the AWS free-tier micro instance. This is a fully self-managed stack and I didn't mind this, it's nice to keep my system administration skills fresh (or a little less rusty). I've gotten busy recently, and wanted an opportunity to look at both Acquia Dev Cloud and Pantheon for Drupal hosting. The following is far less of a comparison than it is a brief synopsis of my experience with each.
The one thing I will say up front is that the pricing page for each service has serious accessibility problems. This raised flags for me initially. Neither of the services UIs is horrible for accessibility (from a screen-reader user's perspective) and other than what is mentioned below I didn't run into anything that I simply could not do on either service.
*** Spoiler alert ***
I chose Pantheon.
*** End spoiler alert ***
Acquia Dev CloudI was impressed initially with Acquia dev cloud's sign-up, that there is a free 30 day trial, with no credit card information required. If you're choosing the $99 / month Developer Acquia network subscription this also includes $44 off your first month with Drupalize.me, making it only $1. Along with the Acquia network subscription you need to choose a hardware (AWS EC2) configuration, I chose the minimum option, at $65 / month.
The dashboard was a bit daunting at first, but that is to be expected with a new environment. One annoyance that I experience was that the link to switch from svn to git was completely inaccessible to me using the JAWS 13 screen-reader with Firefox 9, I had to have someone else find and click it for me.
The experience was pretty smooth other than the fact that I had troubles getting a database dump. I don't know if there is a dashboard option for this, if so it isn't accessible. I tried to use drush sql-dump, and it gave errors. After professional and timely support from Acquia I was informed that the problem was reproducible. A little while later support got back to me and told me that it was that my version of drush 7.x-4.5 does not support remote sql-dump. After doing a git checkout master in my drush directory the remote sql-dump worked without a problem.
PantheonIt was a little harder to get signed up with Pantheon than Acquia Dev Cloud. Sign up was free, but it required an invitation code. I had a code from back in August, but the account had expired and I needed to request another. It came pretty quickly, but this could have been because I had a prior code, your milage may vary.
I tried... and tried... and tried... to import my site into Pantheon using their dashboard / UI, it failed... and failed... and failed. After filing a support ticket and getting, what I would again consider to be, a timely response I was told that the UI doesn't always get to the end where the import wizard is, and I was provided a direct URL for this (hint: append /configure to your site's dashboard URL). *** Note creating a new site or importing a site through the /configure URL will destroy all data. Things were relatively smooth after this, and getting the second (client) site imported was a snap... or maybe a few snaps. The database import on the second site didn't seem to work the first time around, but it was possible to do this after the fact using the dashboard and using drush.
I decided to make my site 'live', which requires paying for hosting. I was presented with only one option, $50 / month for the first 6 months, this is half off the standard Professional rate of $100 / month. This is a great discount, but I really wanted the $25 Personal rate. I was told by someone who could see the pricing page that this is greyed out, i.e. not currently available. I bit the bullet and launched at the Professional rate.
The final step of making the site live was setting up the domain name. I added the domain names zufelt.ca and www.zufelt.ca to the 'live' section of my site's dashboard, and it told me to set the CNAME for each to edge.live.getpantheon.com. This seemed a bit tricky to me as I didn't believe it to be possible to set a CNAME on zufelt.ca, but I tried. I logged into my DNS service provider, dyn.com, and tried to set a CNAME for zufelt.ca, it wasn't possible. Apparently some DNS service providers believe that you shouldn't allow CNAME records on a second-level domain. Reading http://help.getpantheon.com/pantheon/topics/configuring_dns
I foundthat Google Apps Hosting will also fail if you use a CNAME on your second-level domain, luckily the page also provides the IP address for edge.live.getpantheon.com, with a commitment that users will be notified if the address changes in the future. It also states that Pantheon will be offering static IPs and managed DNS as add-ons in the future.
In the end I chose to go with Pantheon, I prefer their per-site pricing, and the fact that the dashboard UI was a bit more streamlined. I have nothing negative to say about Acquia Dev Cloud, it just wasn't the right solution for me.
Tags:
When you have a civicrm, everything looks like a nail (or a finger)
Hi,
So as every consultant, there is a bit of new projects, maintenance, stuff you do for free for the community, new ideas, meetings, pre-sales, funky developments & the dreaded admin part (invoicing/timesheet).
As any consultants, we are trying to get an overview on what are the issues, where we spend the time, who's involved and what has to be invoiced. For what I've seen for the past 20 years, the choice seems to be between separate tools that work well but don't talk to each other and one big ERP that tries to do everything but does it badly and that no one uses without cursing.
As all our contacts are in civi and that it also can track activities, was wondering if some of you are already using it as part of that combination and hopefully not turned it into a clunky 'ERP'?
We have started with Andreas, Tamsin, Julian & Cristel with some civi/drupal tools and Civi, but are in the middle of the road and wanted to brainstorm with you, see how/if we can get something that make sense. I was discussing it with michal and some other consultants, thought might be useful to put it in one place.
Logging issues & discussions
For each project, they are tasks/issues and discussion about them. This is usually done by email (with an empty subject line and a body "The page on the site doesn't work.").
For each project, we have a organic group and with og_mailinglist we have an email "projectA@my.org". Each new email starts a new issue, each reply is a comment. It mostly work, beside the odd new task "So, what's going on about the things of last week".
The views are usually good enough to see what's going on for any project or our workload across them.
Activities & Cases
The Civi way would be to have a case per project and one activity by task. As it matches the project/issues, we have written a module that creates a case for each new project and a new activity (type task) for each issue. We don't create comments in civi, as they are mosly discussions are not useful to get the bigger pictures (knowing how many times you have been asked to increase the size of the logo is better kept in the comments ;)
It works, but doesn't bring a lot of new features to the chain by itself, beside linking it to the contacts (that might be useful when you have lots of people involved on a project), but that's the needed part to make civi more integrated and....
Timelog
Logging time on a website has always been a weak point. The interface is not user friendly enough, needs to re-enter info about the clients & projects & tasks that are already elsewhere... and you might be working offline or with a flacky internet connection.
Lately, we have been using hamster, a timetracker that integrates well and is easy enough to use. It is able to understand some commands so "writing the blog about civiproject @civi" would create a new task (or update an existing one) in the project civi.
Andreas has coded a tool that takes the timelog (the complete db) that you can upload to the server and match to the tasks/issues.
It mostly works, but right now that's done by uploading the sqlite db hamster uses. To make it really practical, it would be needed to automatically create the projects & issues on hamster when they are added on the web.
(shouldn't be complicated, a local script using the api), and upload the timesheet using the API too.
Right now, we are storing it on separate tables, but if we were to use civi, each worked timeslot could stored as a sub activity of civi.
Reporting & Invoicing
In our cases, the reporting is either internal (to see where we are on a project) or for the customer (on maintenance/per hour). the reporting functions of hamster are good but the export isn't, and anyway you'd want to be able to easily mix hours spent by various people. This part is still too manual and involves excel, csv, sql commands and in general is not a pleasant experience.
We have all/most of the data on our server, but we aren't sure if we should develop reportings outside of civi (using views) or try to integrate them into civi & use it for reporting.
What's missing
That's very likely that we won't all use the same tool to track time and that it should be eas(ish) to import from a lot of various formats (eg meetings from a calendar, logs from the PBX, timesheets generated from various providers...). Right now, matching the different ways people name the same task/project is painful, not quite sure how to create a common taxonomy or tools to easily convert my project "Civi" with the project "civicrm" or the project "civicrm 4.0".
The next step would be to be able to add categories to the tasks, and see how much of the project is spend on pre-sale, brainstorm, coding, debuging, specification, testing... and let my inner data nerd have fun with that and do nice data visualisation.
Personally, I'm very keen on pushing our civibot (miss moneypenny) -that allows me already to interract to civi via my chat client- a bit further so I can chat "punchin writing the blog about civiproject @civi" that would create the tasks directly, with the added benefit of having the bot keeping a timelog already of when I'm online/away. This is another discussion probably ;)
How are you using it?
Are you already using civi for your project? How do you track time and what are your tools of choice? Do you think it makes sense to use civi to manage a consultancy shop?
My brain is not a stopwatch
While surely time clocks worked well for an assembly line worker, I have always found the push to clock my hours similarly rather annoying and this puncher makes me froth with rage. It's all sorts of wrong to force a creative person to work on an hourly basis. First, if I am able to solve something quicker, am I to earn less...? Worse, if I take a long time, perhaps even miss a deadline then you are to pay me more??
CDNs made simple fast and cheap
Drupal Usability Study at Google livestreamed to 100+
I am excited to announce what a huge success the Drupal usability studies were last week! We livestreamed 8 usability sessions using both Google+ Hangouts on Air and Livestream.com and had over 115 people watching live! The exciting conversations taking place in the #drupal-usability IRC channel proved how powerful live events are; the community truly came together through a process of collaborative brainstorming and experiencing the struggles of new users collectively as they happened.
Our usability lab setup was flawless thanks to the masterful help of my friend and coworker Garen Checkley. Jen Lampton from Chapter Three served as the help desk support for study participants during the session. I moderated the sessions and walked participants through different tasks that we created along with the help of Bojhan Somers and Angie Byron.
We divided our study participants into 2 groups to study; one using vanilla Drupal 7 to observe where new users had trouble understanding the the basic system, and one working with a custom Drupal 7 install that already had specific contrib-modules installed and enabled to gain insight into usability issues with specific interfaces, especially the hugely popular module Views."
Currently we are beginning the process of turning our findings into actionable items that we can put into issue queues. The Drupal Usability group will work hard to act on the results of this study to improve Drupal. Recorded videos of the sessions can now be viewed on our YouTube playlist.
Additionally, I have posted a video of my presentation “User Experience for You and Drupal too!” with Jen Lampton from Drupal Camp San Diego (SANDCamp) in an article on my blog. Be sure to check out the video for an overview of fundamental principles of user experience and how UX has evolved in the Drupal community.
When our findings and results from the study become more refined, Garen will write another blog post on this blog to share our findings and some more links. Until then, make sure to get involved with the Drupal Usability group if you are interested in helping to act on the findings of these studies and continue to make Drupal better!
By Becky Gessler, Google Search Quality team
Your DrupalCon Social Life Needs Attention Too
Making the Switch: Drupal 4 Developers
To follow up on our post about the Security Training we're running in Denver, we now introduce you to our second training course - "Making the Switch: For Experienced Developers Moving to Drupal" taught by Jeff Beeman, Joshua Brauer, and Chris Porter.
Check out the (very amateur) video below with Jeff Beeman and Erik Webb. Jeff is leading this years course, and Erik taught this course with Jeff in London & Chicago. They have some fun doing a "fireside" chat and covering the outline of the course. Watch for Jeff's watch... ;)
New Redesign of GRAMMY.com Just In Time for 54th Awards
When the 54th GRAMMYs begin this Sunday evening, millions of people will be glued to their televisions -- and a large number of them will also simultaneously be on their computers and smartphones to catch up with the online-only behind-the-scenes action. This type of web traffic calls for a responsive and robust site to handle it all.
Lullabot recently launched a new design for GRAMMY.com. The new site carries over all the functionality from the previous iteration, while adding all the responsive web design goodness users have come to expect from high-profile sites.
The Recording Academy's Kevin Colligan explains the importance of a responsive design for GRAMMY.com:
This responsive approach isn’t just cool, it’s vitally important because more and more people are surfing the web on smartphones and tablets. Over the past 30 days, about 17% of our visitors were on mobile devices. And we expect that percentage to rise steadily.
The GRAMMYs site provided many challenging scenarios in building a responsive design. The media-heavy nature of GRAMMY.com means that we had to work with not only resizing images, but also restructuring the page to fit appropriate advertising, Facebook comments, inline YouTube videos, and various positions of embedded Ooyala videos. Besides simply responding to the size of the screen, all video content also has to be HTML5 compatible of course, to help mobile devices that don't support Flash, such as iOS devices or the new Chrome for Android browser.
Building custom widgets
The Social Media and Widgets modules have become pretty popular in the months since they launched. The feature request queues have been filling up. Mostly with requests to customize widgets or add new ones.
Nuvole expands its Brussels office
Nuvole is going to add a couple of international projects and some advanced Open Atrium customization services for non-profit organizations to its portfolio in the coming months. And if you are a skilled Drupal Developer you can be involved too!
Our upcoming projects will require a stronger presence in Brussels, the place to be for every international organization in Europe. So, while still keeping our Italian headquarters and office unchanged, we've just expanded our Belgian office. The new office is located in ICAB, a modern business centre in Brussels close to the Flemish university: a place with a vibrant international student community, equipped with a gym, a swimming pool and pubs.
The new Brussels office was officially inaugurated with a reception last week (pictures below) and it will be the place where we meet with international clients and we develop the EU-funded projects Nuvole participates in, like:
- Alfa Puentes (2011-2013): a three-year project for international cooperation between Latin America and Europe on educational matters.
- Open Sounds: a Leonardo da Vinci project (2012-2013) for transnational cooperation in music production.
- Higher Education Experts (2012-2013): a renewed version of our customized Open Atrium portal for European experts in Higher education.
Want to be involved? We welcome applications: if you are a skilled Drupal 6 and 7 developer, just see our job post and apply!
An Interview with Jurriaan Roelofs
I recently had a chance to discuss responsive web design with a Drupal developer at the vanguard of this emerging standard, Jurriaan Roelofs.
Jurriaan, based in Utrecht, Netherlands, is the author of the responsive base theme Arctica and its companion theme extender, Tundra.
Here's Jurriaan on responsive theme design, the challenges facing Drupal and what he thinks the future has in store.
Q: When did you first get into responsive design and decide to use it in a Drupal theme?
I'm not really sure when exactly I learned about responsive design, but it must have been around the time the technique was covered by AListApart. From that time on the technique had a place in my mind but for long I didn't do anything with it.
I think I started playing with media queries in the summer, and then decided I should start implementing it on my premium Drupal themes. That's when I started evaluating the status quo.
I looked at AdaptiveTheme, but decided it did not give me enough flexibility. I looked at Omega, and I just didn't agree with the architecture. I need something that makes my life easier, not more complicated. I think Omega tries to do too much and as a result of this it also put a performance penalty on your site. I recently did some testing and Omega made my test setups ~10% slower while most base themes were only around 5% less performant than Stark. (Stark is the baseline test).
Image: screenshot of Arctica-based theme, Respondr
For these reasons I decided to come up with a new system that meets all my requirements:
- Makes the difficult task of responsive design easy, by providing intuitive interfaces for block and layout management.
- Provide a lightweight solution. This is why I have Tundra, the base theme extender, in a separate project. No need to load all those features in a base theme.
- Provide a platform that is easy to extend with features, so that the project can respond rapidly to changes in the environment.
- Respects a design's grid system by supporting fixed, responsive gutters.
I reckoned this project was absolutely necessary for my premium themes business to keep existing in 2012, so I worked full time on it for a span of about 2 months. Then more time was spent testing the framework with some real themes, and facing new responsive problems.
Arctica now automatically takes care of a lot of responsive design problems like how it's cleverly using box-model:border-box to allows images with borders and padding to fit in a responsive grid system. Or making jQuery cycle compatible with a flexible container. It's still Wild West in the responsive design field and there's still a lot of new ground to be covered.
Q: Can you talk a bit about the relationship between Arctica and Tundra? How do they complement each other?
This one is difficult to explain. It's kind of unlike any other base theme. I'll try to define the 2 themes and explain their roles:
Arctica base theme role:
- To provide a framework for future-friendly, mobile friendly website development.
- To save theme developers time by providing proper HTML(5) markup and a full CSS Reset, including optional removal of Drupal core styles. Also, to optionally save even more time by having a set of optional style kits for elements that don't always need a unique design, like tabs, breadcrumbs, pagers, messages, forms etc. ie the Arctica visual bootstrap, which is inspired by Twitter bootstrap.
- To make the theme developer's life easy by providing a framework that makes it possible to use CSS3 styling like gradients and box-shadows in internet explorer. This is perfectly demonstrated by the TouchPro theme, which uses CSS3 for nearly all its visual effects.
- To provide a graphical user interface to themers and site builders, for managing the overall layout, the placement of blocks, the handling of responsive media queries and more.
In summary, Arctica operates mostly as a theme engine, it provides infrastructure for themers. It's a lean and fast platform to build on.
Tundra's base theme extender role is to provide integration with 3rd party libraries that are part of the theming layer like jQuery cycle, FlexSlider, Sooperfish Dropdown menus, Google Fonts, etcetera. Tundra not only seamlessly integrates these libraries with the theme, it also provides a GUI to their options and features inside the Arctica configurator (the theme settings form).
In summary, Tundra is a package you can optionally use to extend Arctica with awesome jQuery features and integrating custom typography. Of course you can also hand-code these features in your Arctica sub-theme but it's all about saving time.
Image: screenshot of Arctica-based theme, Touch Pro
So if you just need to build a sub theme that's simple, clean, lean and mean, download Arctica and use Arctica as your base theme. If you want a sub-theme with the jQuery features that Tundra offers, download both Arctica and Tundra and declare Tundra as your base theme. Tundra will automatically load Arctica and your sub theme will get the cumulative power of both projects.
Q: Arctica depends on the Skinr module and like a lot of other contributed modules, Skinr has lagged a bit behind the release of Drupal 7. In fact, it's still an alpha release. How has that impacted work on Arctica?
Fortunately when I started working on Arctica, Skinr was already kind of working. It didn't have a release yet but it seemed to work OK. When I came to the point I had to think about layout management in Arctica I found out that the Fusion team had forked Skinr and included it into their "proprietary" module Fusion Apply. I don't think this was a good move. This means that Skinr users don't directly benefit of the work that's put in Fusion apply and vice versa.
Therefore I started talking to Chris of Gravitek Labs about their plans with the module. He told me the Fusion guys never even talked to him and I think he was also displeased about the fork. Chris assured me that he and Bala would collaborate with me on getting a release out for the Skinr module and they were prepared to help me get some ideas into the module that were necessary for making Skinr media query-aware through integration with the theme settings.
In the end this worked out fine and together we got a release out. By together I mean that I spent a lot of time writing a big patch with the functionality I needed and then their awesome backend developer Bala proposed a different patch that was only like 10 lines of code and did the job better than my 100 lines of code.
Q: Moving away from themes for a bit, what is the biggest issue you see facing the Drupal community over the next year or so?
Probably the next year Drupal will have few worries because it's rise in popularity seems to be unstoppable for now. I think we need to worry about the next 5 years though. With the upgrade from D5 to 6, upgrading was pretty easy. D6 to D7 was messy. I upgraded sooperthemes.com recently and it was a big mess, mostly because the changes in tokens meant I couldn't use Pathauto and Taxonomy exactly the same way as in D6. And some modules aren't updated yet so I lost some functionality.
However, with what we're doing in Drupal 8 the upgrade path will be far more difficult, for themes and modules alike. The community will really be put to the test. Other software projects make backward compatibility a priority but we chose the opposite: sacrifice backward compatibility for agility of the projects core. I'm in favor of this approach, it makes Drupal the powerful application that it is today, but I also see problems.
Modules don't get updated, code isn't portable to the next major Drupal version and updating themes can be a lot of work. Drupal 6 has some awesome distributions, I personally use Open Atrium and Acquia Commons. Neither of these projects can be updated to Drupal 7 now because it's just so much work to port all the code over. I'm worried what will happen to the Drupal 7 distros, modules and themes we build in the next years. when Drupal 8 comes out they will be even harder to port.
Q: What's on your wish list for Drupal 8?
As a themer I have my hopes up for Drupal 8. We're going to make Drupal 8 an HTML5 application. This doesn't just mean we get new tags, it means the whole theming system needs to get analyzed and adjusted to produce a correct HTML5 DOM outline.
This means we have the opportunity to improve all markup and generally clean up the code. It also means we're going to make all Drupal output semantically correct; something that I bet is on the wish list of many front end-minded Drupal developers.
The Mobile initiative looks great as well, admin_menu doesn't really work well on my iPhone. I saw Lewis is working on some mock-ups that look much easier to use, although maybe not quiet as fast as admin_menu.
I'm also excited about Jeff's core initiative that I'm in, although we're kind of lagging behind on schedule.
So apart from that front end stuff I'm also expecting a lot from the configuration management initiative. Configuration management is something we really need . Being able to do 1-step builds in multiple environments is something that big software companies take for granted but we often have to do manual stuff to stage new features or new content. Or write really complicated build scripts, thus defeating the purpose of building a build script (saving time).
A Final Word...I want to thank Jurriaan for taking the time to share his thoughts on responsive theme design and what's happening in the Drupal community. I highly recommend you check out Jurriaan's work on Arctica and if you're looking for a commercial solution, sooperthemes.com is where you can check out some of the great options he has available.
Using mixed HTTP(S) sessions securely and without loss of session data
[NOTE: This post corrects my errors in phrasing the security vulnerability in the use of Secure Pages and Secure Pages Hijack Prevention modules.]
Mixed sessions refers to providing, with respect to a user visiting a site, some content over an insecure (HTTP) connection and other content over a secure (HTTPS) connection. A quick online search reveals the widespread problem of supporting mixed sessions. For example, simply redirecting to a secure connection does not eliminate the possibility of session hijacking. To avoid the issues, some sites have gone to all HTTPS sessions (e.g. github). Others have implemented a mixed environment with varying degrees of success. In the Drupal world, Drupal 7 does a better job of addressing these concerns than earlier versions. If you have a Drupal 6 site that wants to implement mixed sessions, what are your options?
Client situationI have a Drupal 6 client situation involving an online shop that allows you to buy products without having to register for an account. The usage preferences are for:
- visitors to shop (i.e. browse products and add products to the cart) in insecure mode
- visitors to switch to secure mode for checkout
- site administrators to access the backend in secure mode
To complicate matters, the client:
- sponsors three commerce sites with shared product content (using the domain module)
- provides shopping cart features on two of the three sites
From a technical standpoint, we want to:
- retain session data when switching between security modes (i.e. between HTTP and HTTPS connections)
- avoid session hijacking
Several modules are available for Drupal 6 that make it easy to switch between security modes. These include:
These modules provide various configuration settings to indicate which pages to serve up over HTTP or HTTPS. The Secure Pages and UC SSL modules simply redirect to secure mode, but provides no protection against session hijacking. The Secure Pages Hijack Prevention module attempts to address the problem of session hijacking with Secure Pages (by creating a second session cookie with the "secure" flag set so it is only transmitted to SSL-protected pages). However, this cookie is only created for authenticated users and only checked while logged in. (In its README file, the Hijack Prevention module frowns on enabling the PHP "session.cookie_secure" setting as this "would defeat the purpose of this module." This seems to go against best practices and is contrary to the approach under Drupal 7 and 8.) Because these modules use a single session name, there is only one record for a user in the sessions table. Thus, session data is not lost on a step up to secure mode. However, the protection is incomplete for any user with Secure Pages alone and also for an anonymous user even with the companion Hijack Prevention module.
The 443 Session module attempts to improve on the Secure Pages combination, including utilizing the PHP "session.cookie_secure" setting and providing better support for anonymous users. However, enabling the "session.cookie_secure" setting has an unhelpful side effect. When a request comes in using HTTPS, Drupal core creates a second session record for the user in the "sessions" table of the database. This second session knows nothing about the first session. For example, if there is "data" associated with the first session, this is unknown to the secure session. During the switch (or "step up") from insecure to secure mode, this module (in conjunction with Drupal core) does not preserve the session data. Thus, the visitors to your site can add products to their cart over HTTP sessions, but their cart information is lost when they go to checkout using the new HTTPS session. They are greeted with a message like "There are no products in your shopping cart."
For the use case presented above, none of these modules (in conjunction with Drupal core) provides a solution.
Drupal 7 and 8 approachIn Drupal 7, the dual session situation is handled with two session IDs on a single record in the sessions table, one ID each for the insecure and secure sessions. Inherent to this design, the session data is automatically shared between the sessions. The cookie for the secure ID is only transmitted over a secure connection. To further address the problem of session hijacking, the session IDs are regenerated when the visitor switches to secure mode (referred to as a "step up").
However, even the Drupal 7 and 8 implementation has some flaws such as:
- after a user switches several times between HTTP and HTTPS, they end with "multiple" entries in the sessions table
- does not address security concerns with a step down from HTTPS to HTTP
These concerns are discussed in these issues:
A Drupal 6 solutionOut of all this, I created the Mixed Session module for Drupal 6 that:
- (AFAIK) securely implements mixed sessions
- regenerates session IDs on step up and step down
- preserves session data between session modes
- provides configurable rules for redirecting page requests to secure or insecure mode
- provides a configuration switch to stay secure once having entered secure mode
This module:
- includes a core patch to back-port the Drupal 7 dual session ID approach
- incorporates concepts mentioned in the issues referenced above
- transmits the secure ID only when in secure mode
- regenerates the insecure session ID when switching to of from secure mode
- implements four types of redirect rules to enter and exit secure mode
Redirect rules are available for:
- overall: never redirect, always redirect, or redirect based on rules below
- content: if the page includes a particular form (e.g. a login block)
- path: the request URL
- user state: anonymous or authenticated
The module also declares two API hooks through which a developer can incorporate more complex redirect rules.
With this module you can easily handle the client situation mentioned at the outset. You can also handle other configurations, such as:
- redirecting site administrators to view all site content in secure mode using HTTPS connections
- redirecting authenticated shoppers to secure mode when viewing their account pages.
DrupalCon Training: Site Building and More
In "Site Building and More," new and experienced Drupal users can learn from the innovative mentored, hands-on training presented by the Buildamodule.com team. Students will be guided through the process of creating a fully functional Drupal web site, and more experienced Drupal users and developers can still attend and learn more advanced material. Here are some benefits of the training:
- Learn from 9 talented Drupal developers, trainers, information architects and themers
- Tons of one-on-one time to help you with specific problems
- Learn at your own pace
- The structure will help you stay focused and engaged, allowing you to learn more.
- Get a free 3-month membership ($87 value)
If you will be attending DrupalCon, this training will be a great way to kickstart the week and let you to get much more out of the sessions and other events you'll be taking part in. The cost is discounted for anyone who registers for the conference, and for $350 you get an entire day of excellent training with highly experienced trainers, plus a free 3-month membership.
Learn more about the DrupalCon trainings and register now - visit our Training program page.
Drupal 6: Adding color support to your theme
We spent a few hours trying to figure out how to use Color to make our custom Drupal 6 theme configurable. Color rewrites your CSS to include the user-configured colours, and adds the resulting stylesheet link to your header.
The first trick was to get the colour picker to show up on the theme settings page. The documentation wasn’t clear, but the easiest way to get started seems to be to copy the color/ directory from the Garland theme into a subdirectory of your theme, and then customize it from there. You will also need to follow the Drupal 6 or Drupal 7-specific instructions for calling the Color module when preprocessing pages.
Color searches your style.css (and imported stylesheets or other stylesheets defined by the ‘css’ part of your $info array) for colour definitions. Any colour that exactly matches one of the colours defined in the default scheme is replaced by the colour in the selected scheme, with the caveat that the base colour should not appear in the stylesheet. If the base colour is found in the stylesheet, it will be replaced by an empty string. In your stylesheet, make sure your base colour uses the shortened version (ex: replace #cccccc with #ccc) or use a very similar colour instead (ex: #cbcbcb).
So, the easy way to colourize your theme:
- Enable Color, if you haven’t yet.
- Copy the color directory from the Garland theme into your theme
Color will attempt to figure out unspecified colours based on those colours’ relationship with the base colour. This can lead to interesting combinations. If there are colours you do not want Color to change, put them in a section after a comment like this:
/******************************************************************* * Color Module: Don't touch * *******************************************************************/
All colours specified after that comment will not be rewritten.
Some gotchas to watch out for:
- It’s probably a good idea to add a comment to your style.css reminding developers to resubmit the colour settings after making changes to the stylesheet. Color rewrites the stylesheet, so changes aren’t picked up until the stylesheet is regenerated.
- The Color preview appears to use hardcoded HTML. The gradient is created by color.js, and there doesn’t seem to be a way around it. Our workaround is to use CSS to hide both the preview and the header above it. Unfortunately, there is no div that encloses both the header and the preview.
Read the original or check out the comments on: Drupal 6: Adding color support to your theme (Sacha Chua's blog)
ELMS for Drupal, Drupal for ELMS
ELMS Alpha 6 was released yesterday and in keeping with our releases I wanted to do a recap of developments with the project and why it's important for the Drupal community at large. Download ELMS btopro drupal.org profile
A Responsive Drupal theme in 0 lines of code
Following this great article from Howard Tyson @Zivtech, I felt I must demonstrate how easy it would be to build the exact same responsive grid with Sasson.
What we're doing is configuring a responsive layout based on 960 grid system using Sass, that means that instead of applying the grid classes to our markup, we're applying them to our element IDs thus keeping a clean and semantic markup and separating content from style.
Now, enough with the geek talk and let's see how simple that is. Basically all you need to do is to set the desired values in this form:
And if you want to set different break points you may configure them on this tab:
So with this minimal effort we have set a grid based layout which is responsive and will adapt to the device it is viewed on.
As a matter of fact, even this little effort is optional. in case the default values that ship with Sasson suites your needs, all you have to do is download and enable it, done.
So why use a base theme ? because it does all this for you, because you don't want to do this again and again every time you start a project, because it keeps you up-to-date with latest technologies and sometimes it can even teach you a thing or two.
Happy sub-theming :)
Call for Action - Drupal Business Days Europe
Hello Business Leaders!
we plan the Drupal Business Days in Vienna to become a very powerful event that allows you to get your Drupal business further!
On May 3th - 5th we will have three days of business discussions, keynotes, products, startups, pitches, fun and more fun!
Register at: www.drupalbusiness.org - We have several actions for you that give you the perfect possibility to get involved...
- Sessions - Tell us your idea, whom you want to see, or propose your presentation!
- Sponsors - Do you want to position your company as a business leader? Or you know someone who should do so?
- Media Partners - you want to be a media partner, write about or advertise the Drupal Business Days and get some attention in return?
- Drupal Business Associate - You want to be part of the organizational team and help make this event big?
If one of these points concerns you - get in touch with us via the contact form or at office { a } drupalbusiness.org !
More Info here: www.drupalbusiness.org
January edition... in February - Modules Unraveled Updates
I know it's late, but here's what happened in January.
The Modules Unraveled Podcast is going strong!Most of my January was consumed with starting a new podcast. Check it out on my website or subscribe in iTunes, and let me know what you think.
So far, I've talked with:
- Lin Clark about the Microdata module
- Jeff Linwood about building native iPhone and Android apps with Drupal. *See below about a FREE webinar with Jeff about PhoneGap.
- Jess about core office hours
- Mike Carper about front-end performance modules.
- Mike Carper about back-end performance modules.
- Khalid Baheyeldin about his consulting on Drupal performance.
- Khalid Baheyeldin about the User Points module.
Upcoming episodes will include:
- Tim Plunkett talking about the FullCalendar module.
- Larry Garfield about WSCCI
- Sascha Grossenbacher about the future of the User Points module
- And more...
If you are interested in attending a FREE live webinar with Jeff Linwood to learn more (and ask live questions) about building native iPhone and Android apps, sign up for the "Building Mobile Apps With Dupal" webinar notification list. This does not commit you to the event, it just enables you get updates as they come out. If you're not familiar with PhoneGap and how it integrates with Drupal, check out the podcast episode I did with Jeff.
NTC Drupal Day for Nonprofit IT Professionals
ThinkShout is proud to announce that we are facilitating the first ever Drupal Day for Nonprofit IT Professionals event at this year's Nonprofit Technology Conference (NTC) April 3rd, 2012, at the Hilton Union Square in San Francisco.
The content of this full-day event will be geared toward IT decision-makers who either currently manage, or are considering, the Drupal content management system. With this focus, this event will be applicable to Drupal professional service providers specializing in the nonprofit sector, in-house nonprofit software developers, Drupal power-users, and executive nonprofit staff responsible for managing website and web application procurement and maintenance.
This event will not a training on “How to build a website with Drupal,” nor will it be a Drupal vendor or product spotlight. Rather, this is a hands-on opportunity for Drupal users in the NTEN community to:
- Increase dialog within the national community of Drupal professionals and IT decision-makers serving the nonprofit sector;
- Make connections between nonprofit IT professionals interested in different technical and process conversations that are active in the wider Drupal community;
- Expose the nonprofit IT community to the latest techniques, tools, and trends in Drupal development and site management; and,
- As one of the opening events at the NTC, start the conference off right!!!
If you happened to have attended the incredible Drupal Nonprofit Summit at the 2011 BADCamp, the format and structure of the event will be familiar:
- 9:30-10:00 am: An optional "Introduction to Drupal Terminology and concepts for IT professionals new to Drupal."
- 10-10:15 am: Full-group welcome, intros and agenda review.
- 10:15-10:45 am: Full-group "Making Connections" exercise.
- 10:45-11am: Break.
- 11-12 pm: Two 30-minute case studies with break-outs.
- 12-1 pm: Drupal BOF sessions during a working lunch.
- 1-1:05 pm: Quick introduction to the Drupal Association.
- 1:05-2:35 pm: Three 30-minute case studies with break-outs.
- 2:35-3:00 pm: Full-group wrap-up.
Of course, this event would not be possible without our hosts - the Nonprofit Technology Network. If you are not familiar with NTEN or the NTC, definitely check them out. Having attended the last 2 conferences, I can say with confidence that the NTC will be one of the best national tech gatherings of the year. We're also every excited to have the sponsorship and planning support of individuals such as Johanna Bates and organizational partners including Drupal Association, CivicActions, OpenSourcery, and Jackson River.
If you're interested in helping out with case studies or other planning/facilitation opportunities as part of the Drupal Day for Nonprofits, give us a shout! We're hoping that the event will pull together the leading minds in Drupal development for the nonprofit sector from around the country.
Tags: Drupal Planetnon-profit tech
