planet-drupal | Modules Unraveled

122 The Drupal Security Team With Greg Knaddison and Michael Hess - Modules Unraveled Podcast

Photo of Greg Knaddison and Michael Hess

The Drupal Security Team

  • What type of people are on the Drupal Security Team?
    • https://security.drupal.org/team-members
    • Mostly coders, some project managers, core maintainers
  • What does the security team do?
    • We fix issues in drupal
    • Resolve reported security issues in a Security Advisory
    • Provide assistance for contributed module maintainers in resolving security issues
    • Provide documentation on how to write secure code
    • Provide documentation on securing your site
    • Help the infrastructure team to keep the drupal.org infrastructure secure
  • What doesn’t the security team do
    • projects without stable releases
    • Site support
    • Set policy around security with the security working group.
  • Is there a D7 security team and a D8 security team with different people? (What about Drupal 6)
  • How can others get involved?
  • What was the recent bug that was fixed

Questions from Twitter

  • Paulius Pazdrazdys
    How this latest security release is different from others? Do you have any information if this bug done any harm before release?
  • aboros
    The recent bug was über critical, still only 20/25. What would be a 25/25 bug?
  • aboros
    Do you notify any high value targets before SA is sent out? Is the list of those public? Can one be part of this privileged group?
  • Carie Fisher
    When the latest bug was found? is there a private drupal security group where this was discussed? could we have found out sooner?
  • David Hernandez
    What is the average time from discovery to announcement?
  • Damien McKenna
    @ModsUnraveled Are there existing stats on how long it takes from initial reporting, to maintainer response, to first patch & fix?
  • Heine Deelstra
    How was SA-CORE-005 (in hindsight) able to be public for so long in the public queue?
  • Mark Conroy
    I think the #drupal security team are great. Working extremely hard. (I know, that wasn't a question)
  • aboros
    Are there plans for some sort of bounty program run by DA maybe?
  • David Hernandez
    What kind of work does the security team do besides review code? What is the administrative overhead?

121 The Harmony Forum Project with Alli Price - Modules Unraveled Podcast

Photo of Alli Price

Harmony Forum

  • What is Harmony Core?
  • What prompted you to develop it over using the core forum module?
  • Did you take a look at the Advanced Forum module?
    • What didn’t you like about it?
  • So what are some of the features?
    • Kill switch
    • Entities
    • Revisions for Post entity, integration with Diff module
    • Views provides all listings including on a thread page
    • Flag action for "Like" of posts
    • At.js
  • Does this integrate with other community related module? ie: Organic Groups
  • What are some of the sub-modules, or add-on modules that enhance Harmony Core?
    • Harmony Access
    • Harmony Forum Access
    • Harmony Search
    • Harmony Moderation
    • Harmony Migrate

Use Cases

  • Who’s using Harmony now?
  • You mentioned some upcoming events what are those?
  • How can people get involved?
  • Where should people go to find out more?

Questions from Twitter

  • Scott Wilkinson
    What kind of moderation tools will Harmony have? Like pruning posts or users? Forum Moderators?

120 DrupalCon Latin America with Carlos Ospina - Modules Unraveled Podcast

DrupalCon Latin America

  • What’s your role with regards to this DrupalCon?
  • What is a DrupalCon? (I’d like to start out by getting a brief overview of what DrupalCon is for anyone that might be listening who hasn’t been to one. Maybe explain that there are sessions, BOFs, Day stage, vendors, pre-conference trainings, post-conference sprints etc.)
  • Where is the DrupalCon going to be?
  • Why Bogotá?
    • Central place, cosmopolitan city. Easy access for most Countries and a technology hub for the region.
  • When is it?
    • 10-12 February 2015
    • With sprints before and after
  • What will be the spoken languages? What percentage of talks will be each language?
    • The languages in Drupalcon Latin America will be English, Spanish and portuguese.
  • Do we know who any of the keynote speakers will be, and what will they talk about?
    • Dries And Larry Garfield
  • What track will be represented?
    • https://latinamerica2015.drupal.org/tracks
  • What events are happening, and where can people find out more about them?
    • We haven’t started planning these events, Something interesting happening on the weekend right after DrupalCon is the Barranquilla Carnival.
    • Trivia night (We hope)

Bogotá

  • What does the tech community look like there?
    The tech community is big in Colombia, the central government has a full ministry dedicated to promote and work with technology in several areas. Bogota is a technological Hub in Latin America and a place where companies like google, facebook and PayU Latam set their main offices for Latin America and the Caribbean.
  • What does the Drupal community look like?
    When we talk about the community we cannot talk about just Bogota or Colombia, this is Latin America opening their doors to everyone. The Latin American community is very active, matter of fact in the next 2 months we are having three big camps: Central America, Ecuador and Bolivia. Is a community that beside the local meetings does Summits from all latin America, being the last one Drupal Picchu in January this year. we also have Important camps in Mexico and other countries as mentioned before.
  • What’s the Drupal adoption look like in Bogotá?
    The local government in Bogota is moving or has moved all their webpages to Drupal. Several newspapers, including the biggest one, and the biggest Video on Demand service in Colombia are Drupal as well as many Universities, among others.
  • Who’s going to be the “boots on the ground” in Bogotá playing “host”?
    • Seed (http://www.seed.com.co/en) Is the company helping us locally in Bogota.
  • Where is the best place to eat?
    • Zona T, just by the venue is the zone with several fancy restaurants. Usaquen is another zone, 93th street park and the “pink Zone” which is party and bars hub in Bogota just blocks from the venue also.
  • Where is the best place to drink?
    • Coffee - Juan Valdez (better than Starbucks)
    • Beer - Bogota Beer Company. But Don;t forget Aguardiente.
  • What should anyone who’s not been before, make sure to do?
    • Go to the Carnival
    • Explore the city
    • Go to Zona G (http://www.bogotatravelguide.com/places-to-go-in-bogota/zona-g.php)
    • Go to the Salt Cathedral of Zipaquira.
    • Visit PANACA and the coffee zone (http://www.bogotatravelguide.com/tour-del-cafe-bogota.php)
    • There is too much to see and love about Colombia! http://www.bogotatravelguide.com/index_en.html

119 The Classy Base Theme for Drupal 8 with Scott Reeves and David Hernandez - Modules Unraveled Podcast

Photo of Scott Reeves and David Hernandez

Consensus Banana

  • How did this all get started? and where does the “banana” come from.
    • From Morten: 2 years ago at BadCamp John Albin was holding a plastic sword from the pirate fest the day before. It was known as the sword of consensus. At DrupalCon Austin Morten had a banana that he was using to point to people and ask “So can we agree on X?”. That is how it became the banana of consensus. It was basically a pointing stick.
  • Technically, what is the change.
    • Moving classes from core to a base theme called Classy.
    • Multi-phased approach.
    • Phase 1, move classes out of preprocess functions and into the core templates.
    • Create the Classy base theme.
    • Phase 2, copy the core template with classes to Classy, remove the classes from core.
  • Why do themers need this.
    • Better options
    • Not everyone wants the same markup (themer survey)
    • Avoiding php
    • No time wasted undoing core.
  • What work has been done, what is left.
    • Preprocess changes (phase 1) far along.
    • Classy is RTBC, waiting for Dries to approve.
    • Phase 2 to start at or just after Amsterdam (don’t need to wait until phase 1 is 100% complete)
  • Chance of failure?
    • Changes have to be in by RC1.
  • Who to thank?
    • joelpittet, mdrummond, crowdcg, lauriii, alexpott!
  • Are there any other theme layer changes to look forward to that have come about because of the banana consensus?
    • addClass/removeClass is in, what about setAttribute/removeAttribute? Similarities to jQuery make this (hopefully) more approachable for frontend developers.
  • Any other theming changes not related to banana?
    • Improved menu theming - menu.html.twig using a Twig macro

Use Cases

  • What it means for themers. What it means for developers.
    • Preprocess is still there so contrib can add classes if necessary - but is it necessary? Could it be done as a data- attribute?

118 Starting and Running a DrupalCamp in a Hobbiest Community with Adam Hill - Modules Unraveled Podcast

Photo of Adam Hill

Starting a local Drupal community

  • When did you start the DrupalCampNE meetups?
    • Started due to meeting a friend Richard at DrupalCons in Paris, Copenhagen and Denver and saying how crazy it was that we met at DrupalCons across the world but not in the North East where we’re both native. So we setup a meeting and promoted it on twitter and with some others we knew had at least dabbled with Drupal. We had 6 people at our first meeting and that happened in a pub which was to set the stage for the future meetups which have all been held in pubs.
  • I’ve thought about how cool it would be to start a local camp, but we don’t have a lot of people even coming to our meetups. What have you (or other organizers) done to get consistent attendance to events?
    • Consistency… Mixup of talks and social but always keep it social so expectations are not too high. For the camp we needed there to be a few people interested and then had backing from my company to allow us to dedicate time. Dedicated time has been vital.
  • How large is a typical meetup? What’s the average attendence?
    • We get anything from between 5 - 20 people attending but its really a mixup again, depends heavily on the day to some extend (holidays etc.) but also on if there is a talk. Our WP vs Drupal talk got a LOT of people :)
  • How far do people travel to get to your meetups?
    • We’ve had people doing a round trip of 100 miles before because there is no meetup in the North of the North West… but usually people come from Newcastle or there abouts. We lose a few people since its too far for them to come for sure.

DrupalCampNE

  • When did you start organizing a Drupal Camp for the North East of England?
    • August 2013 - started asking/checking about venue
    • Went to other camps in UK to promote and to share info
    • November 2013 - announced the date around DrupalCamp North West
  • What were some of the challenges you faced? Were there any unexpected ones that stick out to you?
    • Local attendees
    • Sponsors
    • Cancelled talks
    • Outsourcing - Venue
  • What went really well for you? How did you plan for it?
    • The feelings of collaborating - fresh eyes were really liberated.
    • The venue was loved
    • The talks by Morten and Holly Ross
  • What advice would you give to someone who’s planning a camp now? Or will be soon?
    • Plan really well in advance
    • Find a great venue and try to get it for free :)
    • Have the freedom to make decisions - keep a small team?
    • Get sponsors early!
    • Get speakers early!

117 The Drupal Project Application Process with Jeremy Rasmussen - Modules Unraveled Podcast

Photo of Jeremy Rasmussen

Project

It’s easier than you think to publish your module on Drupal.org. This is my experience going through the entire process. Sharing this experience I hope to convince you and others to do the same. Contributing back to the community that gives all of us so much, to many of us our livelihood.

  • When Doug first recommended that I talk to you about this, I wasn’t really thrilled. But, I took a look at your slides, and thought that it actually looked like really good information. So, what made you decide to put together a presentation on the project application process in the first place?
    1. My “Why”
      a. Finally published a module to help solve my own problem
      b. My project that took me through this process is Display Suite Extra Layouts (https://www.drupal.org/project/ds_extra_layouts)
      c. Projects don’t have to be the 100% perfect solve for everyone, everywhere
      d. It’s more about: Giving back, centralizing code, helping others make great projects too.
  • So what are the steps to getting a project reviewed and accepted?
    1. Where to start and basically the entire guide to submitting a module
      a. “Apply for permissions to create full projects” https://www.drupal.org/node/1011698
      b. Some things to know
      - One time process
      - Reviews are primarily by your peers
      - Learns/reiterates code standards and best practices
    2. Do your Research First
      a. Check if your idea exists already
      b. Combine efforts where you can
      c. Volunteer as a co-maintainer where needed
  • Okay, let’s get down to the nitty-gritty. What are the technical steps you need to follow to get your project approved?
    1. Setup Git Access
      a. Learn some Git basics
      - Google is your friend
      - Github & Code School’s tutorial http://try.github.io
      b. Setup your Git Access in your D.o profile
      - Basically just need to add an SSH key
      - Instructions here: https://www.drupal.org/node/1047190
    2. Sandboxes
      a. With Git access setup you can now create sandboxes or “experimental” projects
      - Instructions here: https://www.drupal.org/node/1011196
      b. Take advantage of these, having a commit history of changes is a good thing.
      c. Use sandboxes to get your code “production ready”
    3. The Checklist (Pre-Application)
      a. Before starting the application make sure you run through the checklist
      - Setup Readme, Git Branches, well commented, etc...
      - Link to checklist: https://www.drupal.org/node/1587704
      b. The process goes much much faster, many people skip it
    4. PA Review Bonus
      a. Part of the checklist asks you to run your sandbox through a bot.
      b. Catches the majority of problems.
      c. You can setup your own Review Bot
      - https://www.drupal.org/project/pareviewsh
      - http://pareview.sh/
      d. “Full Stop” - Took me a while to figure that out.
      e. You get a review bonus when everything is fixed.
    5. The Application
      a. https://www.drupal.org/project/issues/projectapplications
      - READ THE DIRECTIONS!
      - In the title include core version: [D7]
      b. Write a Clear Descriptions… can be the same as your project/sandbox page
      - Clear descriptions help people understand better the purpose of your project
      c. Provide links to your Sandbox, the Git clone command, and PA Review
      d. When you are ready set the status to “Needs Review”
  • I noticed when I looked through your slides that you mentioned reviewing other projects as a part of this. Why is that needed?
    1. Reviewing other projects
      a. You must review at least 3 other people’s projects
      b. Post a link to your reviews in your own project application
      c. It’s just like trying a new module.
      - Download it, enable it, try it
      - Report back your findings… good, bad, and suggestions
      d. I learned a lot from doing this
    2. Now you wait.
      a. Others will review your project and post feedback.
      - be prompt to fix issues
      b. Once all is well someone should mark your project “Reviewed and Tested by the Community”
      c. Then you wait for someone with the “Power” to grant you full project status
  • Once someone has approved your project, what’s involved with getting the official project page setup?
    1. Into the Wild!
      a. You can now create your project page
      - be mindful of your project URL, you can’t change it
      b. Create a new release on your project page and in Git
      - Creating a release: https://www.drupal.org/node/1068944
      - Tag Nameing Convention: https://www.drupal.org/node/1015226
    2. FIN.

Questions from Twitter

  • timani.co.zw
    Will this cover D.O vs github for projects? Pros & cons of staying with current design vs migrating to github?
  • Joshua Turton
    #MUP117 When are we going to see movement on the project application issue queue?
  • Joshua Turton
    #MUP117 process seems broken - have to apply... but once past "quality control" you can release any junk u want.
  • Joshua Turton
    #MUP117 Also: encouraged to review others to boost your app's priority, but why would we trust reviews from users who haven't passed through process? (speaking of high priority list/review bonuses)

116 What's new in D8 with Lee Rowlands - Modules Unraveled Podcast

Photo of Lee Rowlands

New stuff in Drupal 8

  • Twig autoescape
  • Security improvements
  • Cleanup around Entity
  • kerneltestbaseng
  • mink test base

DrupalUpgrade.info

  • What’s the story behind DrupalUpgrade.info?
  • What are the plans for drupalupgrade.info?
  • How can people get involved with this?

Drupal Module Upgrader

  • What is the Drupal Module Upgrader?
  • How does it work?
  • Is it perfect?

PatchADay

  • What is #PatchADay?

Questions from Twitter

  • Chris Weber asks:
    • What's your favorite way to get an autoloader working with Drupal 7?
    • Talk about Drupal 8 menu system.
    • Will it be possible to export/import content?

115 Drupal Core Gittip Team with Jennifer Hodgdon, Bojhan Somers Alex Pott and Cathy Theys - Modules Unraveled Podcast

Photo of Jennifer Hodgdon, Bojhan Somers Alex Pott and Cathy Theys

GitTip

  • What is GitTip? How does it work?

  • What is a GitTip team?

Drupal Core GitTip Team

  • How did the Drupal Core team come about? What prompted it’s genesis?

  • Who is the organizer of the Drupal Core team, and who is benefiting from it?
    19 members, Alex and Cathy are administering the group, a couple are on vacation.
    16 others are taking money.

  • On the GitTip page it says your goal is $5,000 US/week. What would that cover?
    Cathy: This week is the first week that we will not be able to fund the modest goal of giving people $64/week. The past few weeks we have been paying out $700. We have now eaten all our balance and have only $350 coming in this week.
    The $5k goal is what a guess at funding 6 people about ¼ time.

  • What have you all been working on lately as a result of this funding?
    Cathy: tips are for work already done, so… I'm not sure. Maybe it motivates future work, or planning to be able to do future work? Jen? Bojhan?
    What has this funding enabled you to do?

114 What PHPStorm brings to Drupal Developers with Maarten Balliauw - Modules Unraveled Podcast

Photo of Maarten Balliauw

PHPStorm

  • I’ve recently started using Sublime Text, how would you compare PHPStorm to other text editors?
  • What is an “IDE”?
  • What are some of stand out features of PHPStorm?
  • Where can people find out more about how to use the features of PHPStorm?
  • What is the pricing structure?

PHPStorm and Drupal
* What integrations does PHPStorm have with Drupal 7, right now?
* What will PhpStorm do for Drupal 8?

Questions from Twitter

  • Marc Drummond
    Really enjoy using @phpstorm. Always interested in learning how to get more out of my use of it.

113 - Updates on the WalkHub project with Kristof Van Tomme - Modules Unraveled Podcast

Photo of Kristof Van Tomme

Walkhub

  • You’ve been on the show before to talk about walkthrough.it, but some things have changed since then. So, can you give us an overview of what Walkhub is?
  • What are walkthroughs?
  • What is your pricing model on Walkhub?
  • You’re in the process of a second Indiegogo campaign, but what was the first one for?
    • How did your first Indiegogo campaign go?
  • What is the current Indiegogo camaipn for?
    • What’s the status on that?
  • Why are you doing another campaign? Why aren’t you out of BETA yet? What’s the story there?

AMA

  • You just did an AMA on Reddit yesterday. How did that go?
  • What were some common questions? Or ones that stuck out to you?

Pages