Übersicht

Vorschläge max.2 pro Tag

Platz für Vorschläge, Fragen, Anderes

Wenn sie Antworten erhalten wollen tragen sie hier Kontaktdaten wie email-Adresse oder Telefonnummer oder Postanschrift ein

CAPTCHA
Sicherheitscheck: Tragen sie die abgebildeten Buchstaben und/oder Zahlen hier unter in das freie Feld ein.
Image CAPTCHA
Enter the characters shown in the image.

Linux - here we go

Umfrage

Wie gefällt euch/ihnen diese Seite:

Vorschläge und Wünsche bitte an: support@webjoke.de.

Benutzeranmeldung

CAPTCHA
Sicherheitscheck: Tragen sie die abgebildeten Buchstaben und/oder Zahlen hier unter in das freie Feld ein.
Image CAPTCHA
Enter the characters shown in the image.

Community Working Group posts: 2019 Aaron Winborn Award Winner: Leslie Glynn

Drupal News - Fr, 04/19/2019 - 22:54

During the opening plenary at DrupalCon Seattle, the members of the Drupal Community Working Group announced the winner of the 2019 Aaron Winborn Award, Leslie Glynn (leslieg).

The award is named after a long-time Drupal contributor who lost his battle with ALS in 2015. This award recognizes an individual who, like Aaron, demonstrates personal integrity, kindness, and an above-and-beyond commitment to the Drupal project and community. Previous winners of the award are Cathy Theys, Gabór Hojtsy, Nikki Stevens, and Kevin Thull. Current CWG members, along with previous winners, selected the winner based on nominations submitted by Drupal community members.

This year, there were 18 individuals nominated for the award. In the coming weeks, the CWG will be contacting all nominees to let them know of their nomination and thank them for their continued work in the community.

In addition to the physical award presented to Leslie during the announcement, Leslie was also provided with a free ticket to DrupalCon Seattle as well as travel expenses. 

Leslie has over 30 years experience in the software development field and has been working with Drupal since 2011. She has been involved in Drupal project management, site building, and client support. She has organized and mentored Drupal sprints, has offered trainings at Drupal camps and DrupalCons, and has volunteered at - as well as help organize - many camps across the United States especially in New England.

Multiple people nominated Leslie for this award. One of them wrote, “If you have ever attended a North American Drupalcon, BADCamp, NYCCamp, NEDCamp, Design4Drupal, or any other major North American Drupal event, then you have seen Leslie. She is a constant inspiration of how our community, and each one of us, should work and act."

Another one of her nominators wrote, “Leslie is a dependable, passionate, kind, and giving individual and the Drupal community is extremely fortunate to have her."

Nominations for the 2020 award will open in early 2020.

Kategorien: Drupal News

Mass.gov Digital Services: Our DrupalCon 2019 Recap

Drupal News - Fr, 04/19/2019 - 22:01
DrupalCon 2019 RecapWhat we learned from our fellow Drupalists

On April 7th, our team packed up our bags and headed off to Seattle for one of the bigger can’t miss learning events of the year, DrupalCon.

“Whether you’re C-level, a developer, a content strategist, or a marketer — there’s something for you at DrupalCon.” -https://events.drupal.org/

As you may have read in one of our more recent posts, we had a lot of sessions that we couldn’t wait to attend! We were very excited to find new ideas that we could bring back to improve our services for constituents or the agencies we work with to make digital interactions with government fast, easy, and wicked awesome. DrupalCon surpassed our already high expectations.

GovSummit

At the Government Summit, we were excited to speak with other state employees who are interested in sharing knowledge, including collaborating on open-source projects. We wanted to see how other states are working on problems we’ve tried to solve and to learn from their solutions to improve constituents’ digital interactions with government.

One of the best outcomes of the Government Summit was an amazing “birds of a feather” (BOF) talk later in the week. North Carolina’s Digital Services Director Billy Hylton led the charge for digital teams across state governments to choose a concrete next step toward collaboration. At the BOF, more than a dozen Massachusetts, North Carolina, Georgia, Texas, and Arizona digital team members discussed, debated, and chose a content type (“event”) to explore. Even better, we left with a meeting date to discuss specific next steps on what collaborating together could do for our constituents.

Session Highlights

The learning experience did not stop at the GovSummit. Together, our team members attended dozens of sessions. For example, I attended a session called “Stanford and FFW — Defaulting to Open” since we are starting to explore what open-sourcing will look like for Mass.gov. The Stanford team’s main takeaway was the tremendous value they’ve found in building with and contributing to Drupal. Quirky fact: their team discovered during user testing among high-school students that “FAQ” is completely mysterious to younger people: they expect the much more straightforward “Questions” or “Help.”

Another session I really enjoyed was called “Pattern Lab: The Definitive How-to.” It was exciting to hear that Pattern Lab, a tool for creating design systems, has officially merged its two separate cores into a single one that supports all existing rendering engines. This means simplifying the technical foundation to allow more focus on extending Pattern Lab in new and useful ways (and less just keeping it up and running). We used Pattern Lab to build Mayflower, the design system created for the Commonwealth of Massachusetts and implemented first on Mass.gov. We are now looking at the best ways to offer the benefits of Mayflower — user-centeredness, accessibility, and consistent look and feel — to more Commonwealth digital properties. Some team members had a chance to talk later to Evan Lovely, the speaker and one of the maintainers of Pattern Lab, and were excited by the possibility of further collaboration to implement Mayflower in more places.

There were a variety of other informative topics. Here are some that my peers and I enjoyed, just to name a few:

A Day in the Exhibit HallOur exhibit hall booth at DrupalCon 2019Talking to fellow Drupalists at our booth

On Thursday we started bright and early to unfurl our Massachusetts Digital Service banner and prepare to greet fellow Drupalists at our booth! We couldn’t have done it without our designer, who put all of our signs together for our first time exhibiting at DrupalCon (Thanks Eva!)

It was remarkable to be able to talk with so many bright minds in one day. Our one-on-one conversations took us on several deep dives into the work other organizations are doing to improve their digital assets. Meeting so many brilliant Drupalists made us all the more excited to share some opportunities we currently have to work with them, such as the ITS74 contract to work with us as a vendor, or our job opening for a technical architect.

We left our table briefly to attend Mass.gov: A Guide to Data-Informed Content Optimization, where team members Julia Gutierrez and Nathan James shared how government agencies in Massachusetts are now making data-driven content decisions. Watch their presentation to learn:

  1. How we define wicked awesome content
  2. How we translate indicators into actionable metrics
  3. The technology stack we use to empower content authors
The Splash Awards

To cap it off, Mass.gov, with partners Last Call Media and Mediacurrent, won Best Theme for our custom admin theme at the first-ever Global Splash awards (established to “recognize the best Drupal projects on the web”)! An admin theme is the look and feel that users see when they log in. The success of Mass.gov rests in the hands of all of its 600+ authors and editors. We’ve known from the start of the project that making it easy and efficient to add or edit content in Mass.gov was key to the ultimate goal: a site that serves constituents as well as possible. To accomplish this, we decided to create a custom admin theme, launched in May 2018.

A before-and-after view of our admin theme

Our goal was not just a nicer looker and feel (though it is that!), but a more usable experience. For example, we wanted authors to see help text before filling out a field, so we brought it up above the input box. And we wanted to help them keep their place when navigating complicated page types with multiple levels of nested information, so we added vertical lines to tie together items at each level.

Last Call Media founder Kelly Albrecht crosses the stage to accept the Splash award for Best Theme on behalf of the Mass.gov Team.All the Splash award winners!

It was a truly enriching experience to attend DrupalCon and learn from the work of other great minds. Our team has already started brainstorming how we can improve our products and services for our partner agencies and constituents. Come back to our blog weekly to check out updates on how we are putting our DrupalCon lessons to use for the Commonwealth of Massachusetts!

Interested in a career in civic tech? Find job openings at Digital Service.
Follow us on Twitter | Collaborate with us on GitHub | Visit our site

Our DrupalCon 2019 Recap was originally published in Massachusetts Digital Service on Medium, where people are continuing the conversation by highlighting and responding to this story.

Kategorien: Drupal News

Unix System virtualisieren

Virtualisierungen - Fr, 04/19/2019 - 21:19
Frage: Hallo Zusammen,Ich möchte gerne eine Virtualisierungs-Software auf meinem kleinen ML Server installieren um einige Unix Systeme zu virtualisieren. Darunter Ubuntu, CentOs, ...Später möchte ich dann per Remote (VNC oder Remote Desktop) auf die einzelnen VMs zugreifen.Welches Virtualisierungs System könnt ihr hierbei empfehlen? Gibt es da eine kostenlose Lösung?Liebe Grüsse und danke im Voraus :). 8 Kommentare, 225 mal gelesen.
Kategorien: Anleitungen

Phase2: TL;DR—DrupalCon Seattle Recap

Drupal News - Fr, 04/19/2019 - 20:06

We snagged this photo on our second day in the pacific northwest.

Kategorien: Drupal News

Specbee: Is Drupal 8 the secret weapon for your Multilingual Website?

Drupal News - Fr, 04/19/2019 - 09:14
As the internet continues to grow, more people around the world are getting familiar with it, and this means just one thing. If you need to internationalize your business for better revenue, you need to go multilingual! For most of the CMS tools, non CMS languages and frameworks, creating a multilingual website is a challenging task with numerous pain points. However, thankfully, this is not the case with Drupal CMS. 
Kategorien: Drupal News

Lullabot: Lullabot Podcast: DrupalCon Seattle Recap

Drupal News - Fr, 04/19/2019 - 02:51

Mike and Matt gather a random group of Drupalers in Seattle, drag them back to a hotel room, and record a podcast. 

Kategorien: Drupal News

KVM - Bridge Interface , kein VM Zugriff

Virtualisierungen - Do, 04/18/2019 - 21:04
Frage: HAllo zusammen,ich jage leider ein kleinen Rätsel nach.Folgendes: Nachdem bei mienem Dedi Server der Raid Controller kaputt gegangen ist lief erstmal nichts mehr.MEin PRovider hat mir dann ein Ersatz System zur verfügung gestellt.Der Server lief bisher immer auf Ubuntu 16.04 LTS.Also dachte ich mir, warum nicht gleich auf 18.04 gehen. Das war ein Fehler... Dachte ich.ICh habe den Host installiert und eine neue Brücke gebaut. Das lief nicht sauber, da Netplan irgendwie voller Bugs ist.Manuell deinstalliert und Ifupdown installiert lief dann auch die Brücke.MEine zweite IP Adresse habe ... 4 Kommentare, 148 mal gelesen.
Kategorien: Anleitungen

Duo Consulting: Accessibility Lessons from DrupalCon Seattle

Drupal News - Do, 04/18/2019 - 19:57

In the Drupal community, the annual DrupalCon show is the biggest event of the year. Held in a different city each year, the event brings Drupal users together for a week of sessions and networking.

With so many people and agencies committed to Drupal in attendance, DrupalCon is the perfect opportunity to provide training and guidance. This year’s show, DrupalCon Seattle, dedicated its first two days to community summits and full-day training sessions. One of these summits tackled one of the most prevalent issues of the year for Drupal: Accessibility. Through a combination of keynotes, panels and breakout sessions, the summit’s organizers gave attendees actionable insights and new perspectives on front-end accessibility.

The day kicked off with a keynote from OpenConcept’s Mike Gifford, who spoke about his agency’s work with the Canadian National Institute of the Blind (CNIB). For the organization’s 100-year anniversary, the CNIB sought a rebrand and redesign with an emphasis on making their site’s content more accessible. As OpenConcept learned, creating an accessible platform is easier said than done. To illustrate how difficult the process can be, Gifford wryly offered this Donald Rumsfeld quote:

There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don't know we don't know.

In the context of web development, accessibility is often an “unknown unknown.” Without extensive testing, programmers won’t know that any given element won’t limit access for certain users. As such, one of the major lessons that Gifford shared was the importance of manual testing.

“Automated accessibility testing will only get you 25 percent of the way there,” Gifford said. “Manual testing is essential, and this mostly comes down to getting rid of your mouse and tabbing through a site."

As Gifford and speakers from subsequent panels noted, the best method for testing a site’s accessibility is to actually use it. While a lot of problems can be found by, as Gifford said, unplugging your mouse and using the “tab” key to navigate, this approach can still miss blind spots that able-bodied users wouldn’t consider. Alternatively, hiring disabled users to perform QA testing on a given site is often the best solution. 

This ethos is especially true when building mobile sites. Another keynote speaker, Gian Wild of AccessibilityOz, covered the mobile accessibility testing process in detail. Manual testing on real devices can root out common traps, like if a site’s buttons are too small to be navigated with a finger or if links aren’t underlined. For more common errors, Wild’s slide deck can be found here.

As important as manual testing is, though, automated accessibility tools are a vital element of the accessible design arsenal. Though pervasive and subtle errors still require hands-on QA testing, automated solutions will identify many more thousands of minor issues in a fraction of the time. As such, using these tools in coordination with manual testing will ensure that your site is as accessible as can be.

During the final breakout session of the summit, attendees shared which tools they think work best for rooting out accessibility issues, many of which conveniently come in the form of browser extensions. Some commonly mentioned tools included:

We’ve previously profiled several accessibility tools, and you see which one is best for you here.

As challenging as accessibility testing can be, the reward of expanding your audience is well worth it. Fortunately, the Drupal platform helps ensure out-of-the-box accessibility features. During his keynote, Gifford pointed out that Drupal design patterns have already been tested, known bugs are listed transparently, and the development community actually cares about the issue. In fact, OpenConcept’s work for CNIB produced several fixes and modules that can now be utilized by any Drupal user. These contributions and further info about the CNIB redesign can be found on Gifford’s slide deck here

With a senior-level team of designer and developers, Duo can apply these lessons to sites across industries. Our commitment to accessibility means that every site we build will be open to all users. To learn more about our process and values, reach out to our team today!

Kategorien: Drupal News

Chaosbeseitigung in Domainlandschaft

Virtualisierungen - Do, 04/18/2019 - 18:14
Frage: Hallo zusammen,ich hätte gerne mal ein paar praktische Tipps oder Hinweise.Derzeit haben wir einen NAS als Fileserver und einen Domaincontroller mit 2012R2 die 25 Workstations heißen alle irgendwie, mal mit fester IP mal DHCPdie Nutzernamen haben System, die Gruppen eher nicht.ich habe vor kurzem dort angefangen und mich jetzt allmählich eingearbeitet.Mein Plan sieht einen Hyper-V Host vor mit einem FileServer und einem DCHardwaretechnisch ist das auch schon geklärt.Braucht man für den Hyper-V Host auch eine Server Lizenz oder wäre das ratsam?Der Fileserver soll eine neue "systematische" Ordnerstruktur erhalten.Nun hängen ... 10 Kommentare, 524 mal gelesen.
Kategorien: Anleitungen

ESXI hebt Registrierung von Masschinen auf

Virtualisierungen - Do, 04/18/2019 - 09:54
Frage: Hallo,nutze seit einiger Zeit für meine IT Projekte einen alten HP G7 Server mit ESXi 6.5 und einem Custom Image. Da die Kiste nur sporadisch läuft ist mir seit dem Letzen Start aufgefallen, dass die VMs die Registrierung verlieren.Also nach dem Start sind die VMs einfach nicht mehr registriert und tümpeln als Leichen in der Liste der virutellen Maschinen herum. Hebt man dann die Registrierung auf und registriert die Maschine als vorhandene neu funktinieren die auch problemlos, bis zum nächsten neustart dann sind sie wieder verweißt.2 der 3 Maschinen ... 12 Kommentare, 517 mal gelesen.
Kategorien: Anleitungen

Richtige Einstellungen beim ESXI 6.5 in Sachen CPU Zuweisung bei einer VM

Virtualisierungen - Do, 04/18/2019 - 08:00
Frage: Hallo Zusammen,heute wollte ich mal fragen, wie ich eine VM die richtige Anzahl der von CPUs zuweise. Bin da ein wenig irritiert. Mein kleiner ESXI hat: image 3de87fedb029bab7f164b0fd903f5494 Wenn ich das richtig gelesen habe, ist das eine Multi-CPU mit 6 Kerne, wo bei jeder Kern zwei Thread kann. Ist es jetzt bei ESXI besser, nur echte Kerne als CPU zu zuweisen oder inkl. Threds? Was macht es aus, ob ich einem Win-10 / 2016 12 CPUs inkl. Thread zuweise oder nur 6 echte Kerne?Zur Auswahl habe ich die auf jeden Fall: image ... 14 Kommentare, 441 mal gelesen.
Kategorien: Anleitungen

OpenSense Labs: Changing Businesses Using Artificial Intelligence and Drupal

Drupal News - Do, 04/18/2019 - 03:47
Changing Businesses Using Artificial Intelligence and Drupal Shankar Thu, 04/18/2019 - 07:17

Advancements in artificial intelligence (AI) are opening up a plenitude of possibilities in different industries. Efforts like Robotics at Google, for instance, are showing the world the way forward. Google is working on machines that may not be as eye-catching as humanoid robots but will have subtly more advanced technology inside them. The idea is to let them learn skills on their own and sort through a bin of unfamiliar objects or navigate a warehouse that is filled with unexpected obstacles. And in the healthcare sector, while the doctors are already using AI for diagnosing and treating medical conditions, Dr. Eric Topol, in his book called Deep Medicine, says that AI can do much more than that. AI can save doctors from performing tasks like jotting down notes and reading scans and allow them to spend more time connecting with their patients. The AI’s influence in different fields will make for an endless list.


It is true that AI is growing at a fast clip. But, currently, it is still dependable on human intelligence. Nevertheless, AI is here to stay and will only get better with time.

In the web landscape, too, AI has the provision for a superabundance of use cases. Drupal, as one of the leading content management frameworks, has been a pioneer when it comes to giving a push to digital innovation. Drupal, replete with modules for implementing AI, can lay the groundwork for a more AI-centric future for your digital business.

Unwrapping artificial intelligence

The term ‘Artificial Intelligence’ was coined by Dartmouth professor John McCarthy in the summer of 1956 when he invited a small group to spend some weeks musing on how to enable machines to do things like use language. He pinned high hopes on the breakthrough of human-level machines. Since then, artificial intelligence has come a long way and will undergo a lot of research and development in the coming years.

AI can emulate human performance by learning from it.

Gartner states that “AI applies advanced analysis and logic-based techniques, including machine learning, to interpret events, support and automate decisions, and take actions”. Commonly, definitions of AI emphasise on automation. But AI can emulate human performance by learning from it. This can come very handy as it gives a plethora of opportunities to IT and business leaders.

Adopting AI in businesses

When it comes to adoption of AI in the business workflow, organisations need a well-planned strategy to measure their firm against the AI maturity model, states Gartner.

Source: Gartner

AI maturity model can help in identifying where your firm is on the potential growth curve and decide what steps should be taken by discussing it with the management. Some organisations can be doing conversations about AI and are in an Awareness stage. There can be firms in the Active stage who may be including AI in proofs of concept and pilot projects. Organisations can be termed to be in the Operational stage when at least one of their AI projects has moved to production. Business organisations can be said to be in the Systematic stage when they, at least, start considering AI for all of their new digital projects. Once you figure out what stage you are in, you can aim for reaching the Transformational stage and make AI a part of your DNA with the help of top-notch, adaptive strategy and by giving more room for experimentation.
 
As you start implementing AI in your business, it is important to identify the right use cases i.e. the key business hurdles that can be resolved by the capabilities of AI. And there is no dearth of what AI has to offer as can be seen in the figure below.


A combo of AI and Drupal

AI has made its foray into different industries and has opened up new opportunities for improving business workflow. Web development is one of the areas where artificial intelligence can be leveraged to a great extent. Some of the examples of how Drupal can be of great use to leverage artificial intelligence are:

Chatbots

Artificial intelligence can be of great help in imbibing cognitive computing abilities, that simulates human thought processes in a computerised model, in a website. This can be done in the form of chatbots. Drupal’s Chatbot API module can offer fantastic conversational experiences. Chatbot API gives you a common flexible additional layer that comes in between Drupal, your Natural Language Processing (NLP) and your several chatbots and personal assistants thereby making your website chatbot-friendly. This assists in avoiding the need for writing new code whenever you have to translate conversational experience from one interface to another.

Web personalisation

Personalisation of the web content is done on the basis of a person’s digital persona. Content can be recommended to the users based on their profile or past activities. For instance, if they are searching for a blue shirt, something like this would work - “Here are more blue shirts”. Or, if a user is reading about futuristic technologies, then something like this may work - “Read more articles like this”. Artificial intelligence can improve even further.


A session at DrupalCon Baltimore 2017 talked about personalising web content using machine learning (a subset of AI). They demonstrated Deep Feeling, a proof-of-concept project, that leverages machine learning techniques to enhance content recommendations to the users. They utilised Instagram API for accessing a user’s stream-of-consciousness and filtered their feeds via a computer vision API. This was, then, used to detect and learn subtle themes about the user’s predilections. On getting a notion about the sort of experiences the user thinks are worth sharing, user’s characteristics were matched against their own databases. The proof-of-concept involved Acquia lift service and Drupal 8.

Multilingual platform

“In keeping with our deep integrations to Web Content Management, Content Management Systems, and Marketing Automation platforms, our Drupal 8 connector is the latest example of Cloudwords building integrations that speed and scale a company’s global marketing engagements with personalized experiences in any language”, said Richard Harpham, former CEO at Cloudwords Inc.
 
Cloudwords for Multilingual Drupal module offers a superfast and efficacious way of governing the process of making your site multilingual. On installing this module, your content can be served in multiple languages to the market. Its powerful workflow automation and project management capabilities enable you to choose the content that you want to localise and the rest of the process is taken care of by Cloudwords. Its CAT tool utilises artificial intelligence and machine learning for enhancing productivity.

Deriving insights from your images

Google’s artificial intelligence capabilities can be applied for solving the obstacles of content management at scale. A session held at Badcamp 2018 exhibited how can content editors keep up with reviews during a continuous stream of content submissions.


For this, Google Cloud Vision API was utilised. Google Vision API offers image labelling as it detects an object automatically and even provides data about objects such as its position within the image. It can also detect text within the images. It can assess your image and identify if it contains adult content, violence and so on. Google Cloud Vision API can be configured with Drupal via the Drupal module. This enables you o automatically add metadata to uploaded media and allow explicit content detection on image fields.

Conclusion

We can do so much with artificial intelligence just as there is much that we have done with the wheel. But to consider AI as an outright replacement for human intelligence is not the right thing to do. AI can improve our lives and it is important to figure how to leverage it for our betterment.
 
Drupal, a catalyst giving importance to digital innovation and emerging technologies, can be used in combination with AI to build futuristic solutions.
 
We have been working towards the provision of better digital experience and offer a suite of services. Let us know at hello@opensenselabs.com how you want us to be part of your digital transformation endeavours.

blog banner blog image Blog Type Articles Is it a good read ? On
Kategorien: Drupal News

Tandem's Drupal Blog: Transparency in Picking a Digital Partner

Drupal News - Do, 04/18/2019 - 02:00
April 18, 2019 Why we use services like Clutch.co to help you pick a digital partner faster. Picking a digital partner is hard. What firm can understand your strategy, translate that into conversion-increasing design, and then develop a website on your chosen technology platform? After reading multiple proposals and sifting through digital agenc...
Kategorien: Drupal News

myDropWizard.com: Drupal 6 core security update for SA-CORE-2019-006

Drupal News - Mi, 04/17/2019 - 23:00

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for Drupal core to fix a vulnerability in jQuery. You can learn more in the security advisory:

Drupal core - Moderately Critical - Third-party Libraries - SA-CORE-2019-006

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there was another Drupal core security release made today (SA-CORE-2019-005) but that one doesn't affect Drupal 6, because Drupal 6 doesn't depend on Symfony.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Kategorien: Drupal News

Security advisories: Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006

Drupal News - Mi, 04/17/2019 - 22:30
Project: Drupal coreDate: 2019-April-17Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescription: 

The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes:

jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.

It's possible that this vulnerability is exploitable with some Drupal modules. As a precaution, this Drupal security release backports the fix to jQuery.extend(), without making any other changes to the jQuery version that is included in Drupal core (3.2.1 for Drupal 8 and 1.4.4 for Drupal 7) or running on the site via some other module such as jQuery Update.

Solution: 

Install the latest version:

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

Also see the Drupal core project page.

Additional information

All advisories released today:

Updating to the latest Drupal core release will apply the fixes for all the above advisories.

Reported By: Fixed By: 
Kategorien: Drupal News

Security advisories: Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005

Drupal News - Mi, 04/17/2019 - 22:29
Project: Drupal coreDate: 2019-April-17Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Multiple Vulnerabilities Description: 

This security release fixes third-party dependencies included in or required by Drupal core.

  • CVE-2019-10909: Escape validation messages in the PHP templating engine. From that advisory:

    Validation messages were not escaped when using the form theme of the PHP templating engine which, when validation messages may contain user input, could result in an XSS.

  • CVE-2019-10910: Check service IDs are valid. From that advisory:

    Service IDs derived from unfiltered user input could result in the execution of any arbitrary code, resulting in possible remote code execution.

  • CVE-2019-10911: Add a separator in the remember me cookie hash. From that advisory:

    This fixes situations where part of an expiry time in a cookie could be considered part of the username, or part of the username could be considered part of the expiry time. An attacker could modify the remember me cookie and authenticate as a different user. This attack is only possible if remember me functionality is enabled and the two users share a password hash or the password hashes (e.g. UserInterface::getPassword()) are null for all users (which is valid if passwords are checked by an external system, e.g. an SSO).

Solution: 

Install the latest version:

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

Also see the Drupal core project page.

Additional information

All advisories released today:

Updating to the latest Drupal core release will apply the fixes for all the above advisories.

Reported By: Fixed By: 
Kategorien: Drupal News

Lullabot: Rocket Ship Fast Jobs in CircleCI by Preinstalling the Database

Drupal News - Mi, 04/17/2019 - 20:00

CircleCI is great at enabling developers defining a set of images to spin up an environment for testing. When dealing with a website with a database, the usual build process involves downloading a database dump, installing it, and then performing tests. Here is a sample job that follows this approach. Notice where the majority of the time is allocated:

Kategorien: Drupal News

WeKnow: Drupalcon Seattle 2019 Recap

Drupal News - Mi, 04/17/2019 - 19:42
Drupalcon Seattle 2019 Recap

DrupalCon Seattle 2019 was my second Drupal Conference. Everybody enjoys travel, and everybody should enjoy learning while at it! This year I had the opportunity to do both, taking benefit of the Professional Development Program that weKnow offers as well as taking my family on vacation.

The Washington State Convention Center

 

In my first hours in Seattle, I joined my teammates, got my credentials and the full information about the event... I was surprised by the variety of sessions available! One difference compared to Nashville 2018, this year there were only 2 days for room conferences, but the quantity looks similar. In fact, I did attend more sessions this year than in 2018.

dsabolo Wed, 04/17/2019 - 17:42
Kategorien: Drupal News

Aten Design Group: Placing Components with Drupal's Extra Fields

Drupal News - Mi, 04/17/2019 - 19:17

One of the challenges front-end developers face is adding new components to entity templates that exist outside of what is defined in the Field API; or in other words, adding dynamic components that aren’t really fields. Often this can be easily done by throwing the custom markup in a .html.twig file and calling it a day. But if you’re working on something that needs to be reusable, or if you’re collaborating with a site builder who doesn’t write code, the custom template route can be limiting.

Enter hook_entity_extra_field_info().

Content Moderation: A “Pseudo-Field” in Core

Drupal’s documentation says this hook “exposes ‘pseudo-field’ components on content entities.” You can see this hook in action with the Content Moderation module in core. All moderation-enabled entities can have an option box, placed via that entity’s Manage Display page, that contains a widget to update an entity’s moderation state in place rather than clicking through to the edit page.

The moderation option isn’t a real field. Rather, it’s what Drupal calls a “Pseudo Field.” But by using hook_entity_extra_field_info(), you wouldn’t know the difference. The moderation option can be moved around and configured for various display modes, just like “real” fields.

Using hook_entity_extra_field_info in a Custom Module

On a recent project, we needed to integrate a newer commenting service called Coral Talk. After searching, we learned that no module existed to integrate this service in Drupal. This presented a perfect use case for an Extra Field, and only needed two hooks for the bulk of the work:

/** * Implements hook_entity_extra_field_info(). */ function coral_talk_entity_extra_field_info() { // Load commenting configuration. $config = \Drupal::config(coral_talk.settings'); $extra = [];   // Loop over the content types configured to have comments // and get their bundle name. foreach ($config->get('content_types') as $bundle) { if ($bundle) { // Add info for Extra Field to nodes only, specific to configured // content types. This determines what shows on Manage Display. $extra['node'][$bundle]['display'][‘coral_talk_comments'] = [ 'label' => t(‘Coral Talk Comments'), 'description' => t('Place commenting on the page.'), 'weight' => 100, 'visible' => TRUE, ]; } }   // Return our new extra field. return $extra; }

After a cache clear, this new field will appear on the configured content types’ Manage Display page and can be placed on the content type along with the other fields for that content type. Now that the field is defined, it needs some info for what should be rendered to the page. This is handled by Drupal’s hook_ENTITY_TYPE_view() hook.

/** * Implements hook_ENTITY_TYPE_view(). */ function coral_talk_node_view( array &$build, \Drupal\Core\Entity\EntityInterface $entity, \Drupal\Core\Entity\Display\EntityViewDisplayInterface $display, $view_mode ) { // 1. Check to see if our new field should be rendered on the entity display. // 2. Determine whether the user has permission to add comments. $condition = ( $display->getComponent(‘coral_talk_comments') && \Drupal::currentUser()->hasPermission('create coral comment') );   if ($condition) { $config = \Drupal::config(coral_talk.settings');   // Add the new field to the $build array with a call to a custom theme // hook to render the comments. Pass necessary config into comment // settings. $build[‘coral_talk_comments'] = [ '#theme' => 'coral_talk_comments', '#domain' => $config->get('domain') ?? '', ]; } }

After another cache clear, we’ll now see our comments being rendered to our content types in whichever view mode they’re enabled on. The moves setup of comments outside of code and into a place that’s more accessible and flexible for various users.

This approach is great for simple scenarios. One drawback, however, is that it’s not possible to define any custom configuration options for these pseudo fields. Each extra field is identical, and any configuration has to be hard coded in these hooks. This presents challenges for site builders, who might want to configure comments differently per content type however. Fortunately, there is a solution in contrib that changes how Extra Fields are defined and allows for developers to add configuration to each field. In the next post, we’ll explore the Extra Field Settings Provider module.

Kategorien: Drupal News