Mass.gov Digital Services: Join our growing team at Massachusetts Digital Services

1 day 12 hours ago

Today, more than 80% of people’s interactions with government take place online. Whether it’s starting a business or filing for unemployment, too many of these experiences are slow, confusing, or frustrating. That’s why, one year ago, the Commonwealth of Massachusetts created Digital Services in the Executive Office of Technology and Security Services. Digital Services is at the forefront of the state’s digital transformation. Its mission is to leverage the best technology and information available to make people’s interactions with state government fast, easy, and wicked awesome. There’s a lot of work to do, but we’re making quick progress.

In 2017, Digital Services launched the new Mass.gov. In 2018, the team rolled out the first-ever statewide web analytics platform to use data and verbatim user feedback to guide ongoing product development. Now our researchers and designers are hard at work creating a modern design system that can be reused across the state’s websites and conducting the end-to-end research projects to create user journey maps to improve service design.

If you want to work in a fast-paced agile environment, with a good work life balance, solving hard problems, working with cutting-edge technology, and making a difference in people’s lives, you should join Massachusetts Digital Services.

Check out some of our current postings here:

Digital Strategist

Digital Project Manager

Web Analytics Business Analyst

Didn’t see a good fit for you? Check out more about hiring at the Executive Office of Technology and Security Services and submit your resume in order to be informed on roles as they become available.

Coming soon…

Senior Drupal Developer

Director of Technology

Creative Director

Senior UI/UX Designer

https://medium.com/media/22630d8c2d462af2cdd2ec5109f6e2b5/href

Join our growing team at Massachusetts Digital Services was originally published in MA Digital Services on Medium, where people are continuing the conversation by highlighting and responding to this story.

OpenSense Labs: Drupal as a part of Content as a Service Strategy

1 day 14 hours ago
Drupal as a part of Content as a Service Strategy Shankar Fri, 10/19/2018 - 21:09

Digitisation has altered the game for content providers. Customers - whether businesses or consumers - look for bite-sized pieces of content delivered to their chosen interface anywhere and anytime. Content creators continuously need to rethink and rewire how they disseminate content across channels due to the proliferation of digital platforms, the variety, and granularity of media, and the ever-shorter attention spans of customers. And so arises the need for a Content as a Service (CaaS) solution.


The democratisation of content and the entry of social media and the technology giants into the content business are erasing the divide between media and entertainment market segments. This is building a new ecosystem that will be driven by content-as-a-service delivery models. Drupal can offer a magnificent CaaS solution for the organisations looking to distribute content on screens, websites, mobile apps, IoT devices and beyond.

A Peek at CaaS Source: Bloomreach

CaaS is an architectural pattern that completely decouples the content authoring process from how it is used. Traditional CMS offers a single software to separate the data layer from the presentation of said data. Even though the presentation of the data is separated, it is still attached to the technology, delivery channels, and the capabilities supported by the software. CaaS comprises of a backend CMS that provides content authoring capabilities with APIs for delivering content to external systems.

CaaS is an architectural pattern that completely decouples the content authoring process from how it is used.

An efficacious content-as-a-service model enables enterprises to store content in a form and with the sort of detail which makes it easier to discover, repurpose, transform, and transmit. Today, service providers can leverage their application programming interfaces (APIs) as platforms for disseminating content.

Simultaneously, organisations must consider the level of granularity that is needed to store and expose units of content in the most effective manner. They should track the business costs generated by individual units of content so that their content supply can be refined and new business models can be developed. Even though technology constraints must be duly assessed, content providers should understand their content’s ‘lowest common monetisation denominator’ (LCMD) and the returns on content assets.

Executing content as a service

CaaS is a paradigm for delivering the right amount of content to the right kind of customer at the right time via the right channel. That is:

  • Content is enough to meet the demands of the customers
  • Content is personalised
  • Content is delivered accurately when the customer needs it. Updates are done in real-time.
  • Content is delivered on the platform of choice at the right time and then swiftly and endlessly transferred from one platform/ device to another.

A perfect CaaS model is integrated with numerous services that connect to a customer-facing platform and expose units of content on demand. These can constitute music on Apple Music, books and magazines on Amazon Kindle, or shows on Netflix. The ubiquitous nature of the IoT is expected to make CaaS indispensable as all types of data are gathered by big data platforms and made available to application developers.

APIs are the drivers for most “X-as-a-service” ecosystems and content-as-a-service is no exception to this Source: Bloomreach

With the increase in platforms, formats, devices, languages and locations for exposing content, the ease, speed, and efficacy of governing and delivering it must also increase. APIs can transmit data to and from any destination faster and with cost-effective ways. In the API economy, APIs are developed like products for supporting new business models. An API strategy is a collaborative effort among product and technology teams to keep a digital business strategy on track. APIs are the drivers for most “X-as-a-service” ecosystems and content-as-a-service is no exception to this.

The value of CaaS Source: Cognizant

The ability to precisely identify the smallest unit of content that can be stored autonomously and delivered profitably is the foundation of any CaaS model. This can be referred to as the lowest common monetisable denominator (LCMD) of content which can be tracked, tagged and reused. Through taxonomy and semantics, enterprises can store content at the LCMD level and develop an aggregate or smaller levels of the data on demand.

So once the organisation identifies the LCMD of content the evaluation can be done on the returns from pieces of content created at that granularity, that is, returns on a content asset (RoCA).

When can you use CaaS?

Following are the scenarios where you can utilise the capabilities of CaaS:

  • Mobile applications: Alterations to mobile applications, most often than not, needs the application to be resubmitted to a digital distribution platform vendor like Google or Apple for the approval. CaaS system enables businesses to alter the content in these applications without having to change the application.
  • Multiple channels: CaaS enables business users to deploy the same content to several delivery channels via a singular system rather than having to maintain different systems for different channels.
  • UX flexibility: Being independent of the presentation layer, designers can freely use any technology to develop their UX and are not tied to technologies or components supported by the CMS. Javascript frameworks, that evolve at their own pace, provides developers with greater UX flexibility.
  • AI-based application: Leveraging chatbots and other AI-based applications, it is easier for robots to consume content via an API.
Drupal as Content as a Service Source: Dries Buytaert’s blog

If you want to enable your frontend developers to create engrossing customer experiences, Drupal’s content-as-a-service approach allows you to think outside the page-based mentality. Drupal’s CaaS solution helps in delivering reusable, future-proof content seamlessly by decoupling the back and front ends where needed.

Moreover, frontend developers can develop better experiences with Drupal’s presentation-neutral content and RESTful API and leverage tools like Angular, Ember, Backbone and many more. Ingestion of content from third-party content, for example, from aggregators and syndicators, to bring content into your Drupal environment can be done which can be disseminated to any channel. With Drupal’s CaaS capability, content is easily consumed by other websites and application that you choose.

It has all been possible because of the amazing work that is going on in the Drupal Community’s API-first initiative. It is actively working to advance existing and new web services web services efforts thereby making Drupal an excellent CaaS and optimal for developers. Through web services like JSON API and GraphQL or the tooling that accelerates headless application development like the Waterwheel ecosystem, Drupal as a content-as-a-service is great for developers.

Drupal is stupendous for both editors and developers

Drupal is stupendous for both editors and developers. The biggest advantage that Drupal has over its headless competitors is that it can be an amazing CMS for content editors to give them control over the presentation of their content and a rich headless CMS for enabling developers in building huge content ecosystems in a single package.
 
With Drupal perpetually powering more and more websites, it is also being extracted to its full potential in order to serve content to other backend systems, native applications, single page applications, and even conversational interfaces simultaneously.

Conclusion

As digital transformation accelerates, content providers are altering the nuts and bolts of their content activities. As more content is delivered as a service through a myriad of APIs, more data will get generated thereby assisting content providers in creating more precise business models.
 
Content as a service is like a treat for the developers giving them maximum flexibility in their pursuits of digital innovation. Drupal as a CaaS has been offering a great digital experience to both content editors and developers alike.
 
Drupal experts at Opensense Labs have been powering digital transformation of businesses through Drupal development.
 
Contact us at hello@opensenselabs.com to build great digital experiences using Drupal as Content as a Service.
 

blog banner blog image CaaS Content as a Service Drupal CaaS Drupal Content as a Service Drupal Drupal 8 Drupal CMS API Web API API-first API-first Drupal Decoupled Drupal Headless Drupal Decoupled CMS Headless CMS Blog Type Articles Is it a good read ? On

Acquia Developer Center Blog: Decoupling in Drupal, all the questions you had, answered by internet

1 day 14 hours ago

Question: Decoupling Drupal… Wait, what? why? when?

 

In a few words/points, decouple is good because:

  • Unleash of cutting edge frontend technologies
  • frontend technologies which are constantly accelerating and with which CMS’es can’t keep pace
  • Lots of front end work that does not necessarily need to change when upgrading the CMS
  • Which means also less friction between frontend and backend

 

Question: What is all this hype about

 

Tags: acquia drupal planet

mark.ie: Can I Stop PatternLab Variants from Inheriting Data from their Parent Component

1 day 17 hours ago
Can I Stop PatternLab Variants from Inheriting Data from their Parent Component

I have a card component with a title, image, text, and link. How come all my card variants are inheriting all the values from the default one? Short answer, you don't. It's a feature, not a bug.

markconroy Fri, 10/19/2018 - 13:01

Where this really becomes frustrating is when you have a pattern that lists a number of items in an array. In that case, all variants will have (at least) that many items, even though you may want fewer.

For illustration:

list.twig has something like this:

{% for list_item in list_items %}
  {{ list_item }}
{% endfor %}

Then list.yml has something like this:

list_items:
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  - join():
    -- loads of more teasers for the main listing page

Now you want to create a variant of list such as list~related-articles, but with only 2 items. You'd expect this would work
list_items:
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser

But, no. This will still render as many items as were in the parent component. That's the beauty (a feature, not a bug) of PatternLab's inheritance system. To stop it you need to do something like this:

list_items:
  - join():
    - include():
        pattern: content-teaser
  - join():
    - include():
        pattern: content-teaser
  -
  -
  - and so on, so each extra one is basically set to 'false'

When we do this with a component such as a card, we might also want to have variants such as card~no-image, card~no-text, etc. In this case, we'd have a card.yml like so:

card_title: 'My Card Title'
card_image: ''
card_text: 'The text of the card will go here'

However, if we create variants, each of the items in card will be inherited to the variant. You'll notice this if you try to create one super mega component for all variants of a hero component for example (hero title, pre-title, sub-title, image, alignment, cta buttons, etc).

In this case, what I do is create a default component card.yml or hero.yml and give it only values for items that will more than likely be in all variants (basically whatever you are going to mark as a required field in Drupal (or whatever CMS you are using)), then set all others to 'false' in the component. Now when I create variants I only need to override the specifics for that variant, since everything else that is being inherited is already set to false. I also create a 'Kitchen Sink' version of the component which shows every item in action but DO NOT create this as the default/reference component.

My default card.yml might look like this:

card_title: 'My Card Title'
card_image: false
card_text: false

Now my variants can look as simple as:

card~with-image.yml
card_image: ''

And card~long-title will be just one line:

card_title: 'This is a long title on a card just to illustrate what happens when it wraps to more than one line'

And that is why this is a feature, not a bug - it allows us to write variants very simply and quickly. Is there a better way of doing this? I'm not aware of one. If you are, drop it in the comments. Thanks.

Matt Glaman: Running Drupal's Nightwatch test suite on DDEV

2 days 3 hours ago
Running Drupal's Nightwatch test suite on DDEV Thursday 18, October 2018 mglaman

This is the third, and final post in my series on running Drupal’s various test suites using the DDEV local development stack. Previously I covered running Drupal’s Unit, Kernel, and Functional tests and then running Chromedriver to execute the FunctionalJavascript test suite. In this post, I will talk about running the newly introduced Nightwatch.js test framework.

Promet Source: Empower the Content Author in Drupal

2 days 10 hours ago
A web page in Drupal is made up of several parts. For instance, you have the header and navigation that appears on each page. You have the main content region that holds your articles or the details associated with your events. On either side on the content, you might have sidebars with blocks suggesting related content or a call to action. 

Acquia Developer Center Blog: GraphQL in Drupal: An Exclusive Excerpt from the Forthcoming Book, Decoupled Drupal in Practice

2 days 10 hours ago

Over the last few years, I have had the privilege of sharing insights and tutorials on decoupled Drupal, which was originally unknown territory with shifting sands but today is a widely adopted approach, including by some of Acquia's most influential customers. Nonetheless, the relative unavailability of developer-focused resources that are both authoritative and current has hindered architects' and developers' ability to evaluate and explore decoupled Drupal for themselves.

Luckily, next month, my new book Decoupled Drupal in Practice will be officially on the market.

Tags: acquia drupal planet

OpenSense Labs: Better lives with Drupal-powered healthcare technologies

2 days 13 hours ago
Better lives with Drupal-powered healthcare technologies Shankar Thu, 10/18/2018 - 21:53

You run, you fall and you rise again with your ambitious endeavours of attaining supreme fitness. With so much going around in your own life, when you have to take care of your grandmother and monitor whether her insulin intake is right on track or not, it can prove to be a formidable task. Healthcare technologies have advanced to a whole new level and something like a smart wearable equipped to perform automated monitoring of diabetes can be of immense help.


As the pace of change accelerates, how can the healthcare industry move ahead and stay relevant with the changing demands? No matter what their size is, healthcare organisations find it a strategic imperative to answer this question. The velocity and scope of technological advancements are blurring the lines between healthcare and technology thereby redefining traditional MedTech and fundamentally altering business models.

With more healthcare technologies offering a new perspective for the organisations, Drupal’s stupendous web content management and its flexibility in integrating with healthcare technologies make it a remarkably meritorious choice for your digital innovation plans. So, what are some of the healthcare technologies doing rounds in recent times?

Healthcare technology trends Technological innovation is giving different dimensions to what healthcare organisations can achieve

Whether it is the business and administrative side of things or the direct patient care, technological innovation is giving different dimensions to what healthcare organisations can achieve. Here are some of the trends in the healthcare industry that are making a humungous impact:

IT security

Healthcare enterprises are often the targets of sophisticated, well-coordinated cyber attacks because of the depth of information stored by healthcare providers. A study by Beazley Group states that 45% of the ransomware attacks in 2017 targeted healthcare organisations.


This has created a pressing need for better IT security. Healthcare enterprises are responding by investing in advanced security technologies like advanced data encryption, better data backups, and real-time security platforms leveraging Artificial Intelligence (AI) to detect and curb threats before they start posing serious issues.

Advanced Training Tools

Advanced healthcare training supplies are fast spreading in the marketplace to prepare students, residents and other inexperienced healthcare professionals with safe and efficacious environments to learn. These comprise of things like ECG simulators, live AED units, and bleeding control training kits.

Telehealth

Telehealth and telemedicine are becoming a significant part of the digital health transformation. For instance, Digital health lets the elderly to age and live in their own homes using technology like fall-detection monitors. Tele-mental and Tele-behavioural health services are another healthcare technology innovations that are blooming.

Artificial Intelligence

AI has the ability to completely metamorphose the healthcare industry in the coming years. It can streamline tasks like scheduling, timesheet entry, paperwork, Electronic Health Records (EHR), accounting and the diagnosis of patients.
 
For instance, chatbots can prove to be a great application point. These AI-powered software mechanisms can assist healthcare providers to cut down on the time-intensive nature of patient communication and simplify any tasks that do not require direct human intervention. Advanced chatbots, which are also referred to as conversational chatbots, can discuss in-depth health issues with patients to offer the best possible treatments that are available. For example, IBM Watson is helping doctors in providing advanced treatments.


Internet of things

A study by Rock Health states that a staggering amount of $3.5 billion was invested into 188 digital health enterprises in the first quarter of 2017 and the number of smart wearables is going to reach 34 million by 2022.

Medical wearable devices are one of the most promising IoT devices that have the potential of offering healthcare teams with valuable data around the clock no matter if the patient is at home or outside of the practitioner’s direct care. Some of the exciting application constitutes cardiac monitoring, infant monitoring, fitness tracking, and pain management.

Big data and EHR

One of the most vital things in recent times is an Electronic Health Record which leverages the merits of Big Data. EHR stores all the health information of the patients electronically in the digital format that can be used by other information systems. It provides an option to the customer and the physician to have a permanent access to client data like cardiac waveforms, chronic diseases, diagnostic and previous prescriptions.
 
An EHR can improve the interaction between doctor and patient for more productive delivery of care. EHR minimises the number of papers that would be needed when visiting physicians.

Augmented reality and Virtual reality

The arrival of virtual reality and augmented reality solutions have also benefitted the healthcare technologies. From educating new students to planning procedures, the field of AR and VR has a lot to offer.
 
For instance, AR can allow medical students to interact in a really intuitive way with a 3D representation of the body. Another example is the AR app which was developed by Pixelbug that gave a better understanding of medical devices and their mechanisms for the physicians.
 

 

Also, Maplewood Senior Living in Connecticut has utilised VR headsets to work with individuals to address concerns ranging from dementia to cognitive impairments.


Coming together of Drupal and Healthcare technologies

Drupal, being an open source CMS, powers healthcare organisations in controlling costs and provides deeper patient and consumer engagement with information thereby improving people’s lives.

Drupal helps in safeguarding patient data with its security-focused framework

Drupal gives the extensibility to healthcare organisations by enabling them to integrate platforms and also help in the addition of new functionality with third-party technology. It helps in safeguarding patient data with its security-focused framework. You can customise the user experience to deepen patient engagement and alleviate provider satisfaction.

Some of the applications that show the capabilities of Drupal integration with healthcare technologies are given below:

Smart Wearables

DrupalCon Nashville 2018: Driesnote had a conversational session between Rebecca Pilcher / RyeBurd (Director of Marketing at Drupal Association) and Dries Buytaert (Project lead of Drupal). Rebecca shared an interesting story that threw light on how a smart wearable powered by Drupal helped to control Diabetes and track the intake of insulin levels.


When Rebecca was being diagnosed with Type 1 Diabetes, an Omnipod insulin pump and a CGM (Continuous Glucose Monitor) helped her handling diabetes. A CGM tracks blood sugar patterns and an Omnipod insulin pump gives more flexibility in her insulin intake routine.

So how does Drupal come into play here? Dexcom, which is the brand of CGM, has one of its platforms powered by Drupal and Omnipod’s website is built on Drupal as well.

Source: Rebecca Pilcher's Blog | MediumDrupal and EHR Integration

Integration of Drupal with the EHR system can help in creating an excellent system with an astounding web content management capabilities coupled with the innate strength of EHR for patients’ documents management.

A digital agency showed that Drupal has the capabilities to layer on top of several EHR systems within a medical group and compile the data into one physician portal. Drupal’s extensibility enables it to take on sophisticated integrations through numerous feeds from API calls, XML or JSON feeds and RESTful APIs.

Most current EHRs output data in HL7 (Health Level 7) delimited text files. HL7 has upgraded to a new protocol Fast Healthcare Interoperability Resources (FHIR) which leverages RESTful APIs and can make clinical modelling and system integrations less intricate.

Through integration between Drupal data-layer and an EHR via RESTful API connection, interoperability can be improved thereby empowering your staff to make use of critical data. Breaking down the data silos lets the healthcare delivery systems to evolve from a reactive diagnostic model to a proactive preventative model.

With the help of secure access management, Drupal can be configured at granular levels to data security and simultaneously access can be provided to a user based on role. Leveraging role-based provisioning, Drupal can surface a focussed view of critical data that dwells behind a firewall in a HIPAA secure environment.

Using specific EHR authorisation requirement, Drupal can be configured to tap into the database through web services integration and at the same following strict user access permission controls. Thus, this helps in protecting the data at all the times.

Genetic Information Management Source: bio.logis

Bio.logis offers Genetic Information Management Suite (GIMS) which helps in managing human genetics information for making genetic code accessible and usable. It gives genetic data to allow decision making with a medical value. GIMS comprises of a web-based authoring and content management system based on Drupal which is globally connecting expert knowledge in addition to genetic reports engine.

GIMS is based on Drupal and is globally connecting expert knowledge in addition to genetic reports engine

A multilingual portal and mobile applications offer access to medial-ready knowledge for physicians, patients and healthy clients for supporting distribution and scaling of genetics advice. The ‘pharma.sensor’ online application offers notions about adjusting drug therapies to individual genetic makeup.

Conclusion

With technological advances, healthcare technologies have had a massive makeover. Digital health services are leveraging emerging technologies and this has benefitted healthcare industries. Drupal has been pioneering digital innovation strategies in the healthcare with its enormous capabilities to integrate with disrupting technologies.

Providing ambitious digital experiences to the partners has always been the objective of the Drupal experts at Opensense Labs and we have been doing that through a suite of services that we offer.

Ping us at hello@opensenselabs.com to build great digital solutions through the integration of Drupal and the healthcare technologies.

blog banner blog image Healthcare Healthcare technologies Drupal 8 Drupal Drupal CMS Drupal and Healthcare Drupal healthcare Telehealth Artificial Intelligence Augmented Reality Virtual reality Internet of things AR VR IoT big data EHR Electronic Health Record Smart wearable Blog Type Articles Is it a good read ? On

Drupal Association blog: Helping visitors find their home - a refreshed /community

2 days 13 hours ago

As one of the largest and longest running open source projects of all, Drupal has an incredible community.

To help new visitors, and returning visitors looking for a new challenge, we are making some changes to the /community section of Drupal.org. This will happen in a number of phases, the first of which is already at a “beta” stage.

Phase 1

We are rebuilding the Community home page to reflect the activities and groups that visitors might be looking to find out about. It’s not enough to say “Yeah, there’s a group of people out there and you might find them on Groups.drupal.org, Slack, IRC, Drupalchat.me, etc.” - we need instead to find out what somebody is trying to achieve and then direct them to the actual places on these systems, whilst also giving some context of the overall governance of the activities.

At DrupalEurope, the Splash Awards handed out a prize to a website project that caught my attention, boip.int. It provided a great model for directing visitors based on activity, as you can see:

So we are working, in conjunction with many in the community, to recreate this experience in Drupal.org. You can see that drupal.org/community/beta had the first iteration of this already and will very soon become the default /community homepage:

You’ll also notice that each of the sections has a link to an issue in the community project, https://www.drupal.org/project/drupal_org_community - you are actively encouraged to help us improve the content, propose new sections, etc.

You’ll also notice one other thing I have been repeatedly asked about…

The slogan, “Come for the Software, Stay for the Community” is back! 🎉

Phase 2

One of the most significant challenges I and others creating the page above have noticed is finding the canonical locations to find all the various people involved in each activity. Some people hang out almost entirely in Slack and have their own external website, some have a presence on Groups.drupal.org and other groups have fixed locations, such as the Core Initiatives section.

I would very much like to see a place where groups, both chartered/official ones like the Community Working Group or the Promote Drupal Initiative, and less formal but long-term groups, like Core Mentoring, can have a canonical place to say who they are and provide updates of what they are up to.

So, under /community, we will also be offering groups the ability to create their own section, which they will maintain. That section will, at a minimum require:

  • An introduction to what the purpose of the group is
  • An explanation of how the group organises itself
  • An introduction to the people who organise the group
  • An explanation of how to get involved
  • A blog so that the group can update the community on their activities.

I am listening out for which groups would like such a place. Please create an issue in the project with the details. If you wish to discuss first, please contact me.

ComputerMinds.co.uk: Quickly update Drupal core

2 days 18 hours ago

If you've got a Drupal site, which you need to update quickly (for example, to address last night's security advisory!), here's a tip. Run this from the command line:

curl 'https://github.com/drupal/drupal/compare/7.59..7.60.patch' | patch -p1

This assumes your codebase was on Drupal 7.59 and you're currently in Drupal's root directory. If you're currently on a different version, adjust the numbers in the patch URL accordingly.

Don't forget to still run database updates via /update.php or drush updatedb !

The Drupal repo on github is a verbatim mirror of the official Drupal repo from git.drupal.org. Github supports comparing arbitrary git references, with the /ORGANIZATION/REPO/compare/GITREF..GITREF URL, where the reference can be a tag, branch or revision. Adding '.patch' to the end of a github URL formats the page as a patch. So I've made use of these three things to give me an exact patch of the changes needed to update Drupal core's code.

We normally use Composer (especially for Drupal 8) or Drush make to manage our codebases, including core, which is definitely the ideal, but sometimes projects aren't organised this way for whatever reason. A simple patch like this avoids the need for drush, or even potential mistakes that can be made when running drush pm-updatecode (such as removing any customisations within core directories).

This method is even compatible with any core patches you already have in place, which normally have to be to re-applied when upgrading core by other methods. If you have any existing changes to core that are incompatible, you'll get errors about not being able to apply anyway, which you can then resolve manually.
(Any patches/hacks you make to core should be documented clearly somewhere, so drush make or composer-patches would be better in that scenario though!)

You can use this method to patch from github even if your core codebase is not in version control. But if it is... always check your diffs before committing! :-)

myDropWizard.com: Drupal 6 security update for Search Autocomplete module

3 days ago

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Search Autocomplete module to fix a Cross Site Scripting (XSS) vulnerability.

This Search Autocomplete module enables you to autocomplete textfield using data from your website.

The module doesn't sufficiently filter user-entered text among the autocompletion items leading to an XSS vulnerability.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch.

Note: We only support the 6.x-2.x branch (we don't have any customers on the 6.x-4.x branch), so that's the only one we're going to do.

If you have a Drupal 6 site using the Search Autocomplete module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Bay Area Drupal Camp: Only a Few More Sleeps Until BADCamp 2018 💥💥

3 days 5 hours ago
Only a Few More Sleeps Until BADCamp 2018 💥💥 Drupal Planet rob.thorne Wed, 10/17/2018 - 23:53 🎡🎡 Only One Week Until BADCamp 2018!!! 💥💥

 

🎪🎪🎪🎪🎪🎪🎪🎪

BADCamp is just a week away. Make sure you're prepared by following our checklist below.

🎪🎪🎪🎪🎪🎪🎪🎪

 

1. Volunteer for BADCamp!

BADCamp is 100% free because of our amazing volunteers. Help us keep it that way by signing up for a volunteer shift.

We are still looking for a few volunteers to help staff registration, summits and sessions. Remember, when you volunteer, mentor or speak you'll get Drupal credit on your Drupal.org profile as well.

AND... volunteers that sign-up as room monitors can get access to sessions that are otherwise full. There are lots of perks, so don't wait!

Signing up is simple and it's easy to find slots that work with your schedule.

Sign-up to Volunteer

2. Make Sure You Are Registered!

While BADCamp is both awesome and free, signing up for BADCamp helps us plan and ensures you receive event specific information.

 

3. Want to be Trained? You Need to Sign Up for Training

A few last-minute cancellations mean a we have a couple of seats still available. Sign up now to reserve your spot!

 

4. Want to Attend a Summit? You Should Sign-up Today!

Wednesday and Thursday, we are hosting great summits that facilitate conversations and connections with people in specific industries or with specific skills. Come dive deep into the issues that matter and collaborate freely. Sign-up today.

 

5. Don't Miss Out. Organize Your BADCamp with a Schedule?

With so many awesome activities it may be hard to remember where you should be. Make your schedule in advance so you can maximize your time and follow along on your mobile device! Start your schedule.

6. Join us at the Contribution Lounge for Coffee, Community and Code!

This is a great chance to help make Drupal bigger and better. This year, the BADCamp Contribution Lounge will be located at the Martin Luther King, Jr. Student Union Building on Wednesday/Thursday and the Alumni House - Bechtel Conference Room on Friday/Saturday.

The Lounge has internet access and an ample supply of coffee and water. Come participate!

Check the schedule for time and location details.

 

7. Thursday Events

Thirsty for good conversation and great beers? Join the inaugural BADCamp Pub Crawl. Register today and watch Jason's Twitter handle for information as the night progresses.

AND....

BADCamp 2018 Games Night: Get together with other BADCampers for board games and other entertainments at Victory Point Cafe in downtown Berkeley. So we can figure out how many tables we need, register here if you want to do this! Gaming will start around 7pm.

8. Friday Parties (Yes! More Than One!)

Come to the Big BADCamp Party at The Marsh Theatre on Friday night 8pm to 11pm generously sponsored by Platform.sh.

You will have drink tickets burning a hole in our pocket, so come early and be prepared for a good time. There will be great music, and ample space on the Dance Floor along with rooftop views. There will also be tables and quiet areas to chat.

The fun won't stop there! Free buses will be leaving the Marsh for a Late Night Party that includes unique pizzas, glow in the dark juggling performances, weird absinthe drinks, and all things circus disco.

Get details here.

 

 

Sponsors

A BIG thanks Platform.sh, Pantheon & DDEV and all our sponsors who have committed early. Without them this magical event wouldn’t be possible. We are also looking for MORE sponsors to help keep BADCamp free and awesome. Interested in sponsoring BADCamp? Contact matt@badcamp.net or anne@badcamp.net.

Would you have been willing to pay for your ticket?  If so, then you can give back to the camp by purchasing an individual sponsorship at the level most comfortable for you. As our thanks, we will be handing out some awesome BADCamp swag as our thanks.

    See You At BADCamp!!

myDropWizard.com: Drupal 6 core security update for SA-CORE-2018-006 (and mimemail and htmlmail)

3 days 6 hours ago

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix multiple vulnerabilities. You can learn more in the security advisory:

Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-006

The following vulnerabilities mentioned in the security advisory also affect Drupal 6:

  • External URL injection through URL aliases - Moderately Critical - Open Redirect

  • Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

The first vulnerability is in Drupal 6 core, however, the 2nd is only present in the contrib modules: htmlmail, and mimemail. If you don't use those modules, you're not affected by the 2nd vulnerability.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Jacob Rockowitz: Acknowledging individuals contributing to Drupal

3 days 9 hours ago

In my last blog post, I explained, "Why I am one of the top contributors to Drupal?" and examined my ongoing contribution to the Webform module for Drupal 8. My post was inspired by Dries Buytaert's annual who sponsors Drupal development post. Now I want to dig into that list of who’s and acknowledge other individuals contributing to Drupal.

I am deliberately limiting the discussed contributors to people that I have had minimal or no direct interaction with online or in-person. I want to explore their contributions based on their online presence versus directly interviewing them.

The Drunken Monkey

I genuinely value Drunken Monkey's contribution to Drupal's Search API module.

We rarely appreciate an API module until we have to start using them and diving into the code. The Search API module for Drupal 8 is a magnificent example of great code which conquers one of the hardest challenges in programming: naming things.

For a recent project, I was diving into Search API's code, and Drunkey Monkey helped me out when I discovered Issue #2907518: Breakup tracking of content entities into smaller chunks to prevent memory limit issue. For the developers out there, if you read through the issue to the final patch, you will notice that Drunken Monkey manages to even improve some APIs while fixing the problem.

The Search API Guy

The first place to understand who is who in the Drupal community is people's user profiles. The most immediate thing that stands out about Drunkey Monkey is that he is…

This statement is something I can relate to because I...Read More

Security advisories: Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

3 days 13 hours ago
  • Advisory ID: DRUPAL-SA-CONTRIB-2018-006
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2018-October-17
Description

Content moderation - Moderately critical - Access bypass - Drupal 8

In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.

In order to fix this issue, the following changes have been made to content moderation which may have implications for backwards compatibility:

ModerationStateConstraintValidator
Two additional services have been injected into this service. Anyone subclassing this service must ensure these additional dependencies are passed to the constructor, if the constructor has been overridden.
StateTransitionValidationInterface
An additional method has been added to this interface. Implementations of this interface which do not extend the StateTransitionValidation should implement this method.

Implementations which do extend from the StateTransitionValidation should ensure any behavioural changes they have made are also reflected in this new method.

User permissions
Previously users who didn't have access to use any content moderation transitions were granted implicit access to update content provided the state of the content did not change. Now access to an associated transition will be validated for all users in scenarios where the state of content does not change between revisions.

Reported by

Fixed by

External URL injection through URL aliases - Moderately Critical - Open Redirect - Drupal 7 and Drupal 8

The path module allows users with the 'administer paths' to create pretty URLs for content.

In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.

The issue is mitigated by the fact that the user needs the administer paths permission to exploit.

Reported by

Fixed by

Anonymous Open Redirect - Moderately Critical - Open Redirect - Drupal 8

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.

This vulnerability has been publicly documented.

RedirectResponseSubscriber event handler removal

As part of the fix, \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination has been removed, although this is a public function, it is not considered an API as per our API policy for event subscribers.
If you have extended that class or are calling that method, you should review your implementation in line with the changes in the patch. The existing function has been removed to prevent a false sense of security.

Reported by

Fixed by

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution - Drupal 7 and Drupal 8

When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution.

Reported by

Fixed by

Contextual Links validation - Critical - Remote Code Execution - Drupal 8

The Contextual Links module doesn't sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".

Reported by

Fixed by

Solution

Upgrade to the most recent version of Drupal 7 or 8 core.

Minor versions of Drupal 8 prior to 8.5.x are not supported and do not receive security coverage, so sites running older versions should update to the above 8.5.x release immediately. 8.5.x will receive security coverage until May 2019.

TEN7 Blog's Drupal Posts: Episode 041: Steve Persch

3 days 16 hours ago
It is our pleasure to welcome to the TEN7 podcast Steve Persch, lead developer advocate at Pantheon. Here's what we're discussing in this podcast: Steve's background; Celebrating a Drupal birthday; Theater background and blogging; WordPress experience; Improv comedy and Comedy Sports gaining self confidence; Experience at Palantir in Chicago; Contributing to Workbench; Discovering Git; Teaching WordPress' Guttenberg editor; What the WordPress & Drupal communities can learn from each other; The 2018 Twin Cities Open Source CMS Unconference; WordPress, Drupal & Joomla; Supporting Backdrop; Alexander Hamilton; Steve Vector (alias)

Hook 42: September Accessibility (A11Y) Talks - Love thy Keyboard

4 days 4 hours ago

Keyboard accessibility is vital, as many assistive devices emulate the keyboard. Using semantic HTML one can achieve an accessible User Interface (UI) with less code than non-semantic markup.

By managing and guiding focus with semantic HTML, developing an accessible UI is rather easy. Semantic HTML plays an important role in not only accessibility but SEO (Search Engine Optimization) as well. Although we are aware of it, it's often overlooked.

In September’s accessibility talk, Sarbbottam Bandyopadhyay shared the trade-offs of using semantic vs non-semantic markup with an everyday example. He also shared how to manage and guide focus. It was a brief presentation emphasizing the various aspects of keyboard accessibility. He concluded with a brief introduction to WAI-ARIA.

Sarbbottam is a frontend engineer, with more than 14 years experience. He currently works at LinkedIn. He is part of LinkedIn's core accessibility team, focusing primarily on web accessibility. He’s been involved with web accessibility since his Yahoo days.

Checked
22 hours 13 minutes ago
Drupal.org - aggregated feeds in category Planet Drupal
Subscribe to Drupal Planet feed