fluffy.pro. Drupal Developer's blog: Drupal Camp Kyiv 2017

Planet Drupal - Sat, 2017/07/15 - 8:44pm

On 10-11 of June in Kyiv there was an annual all-Ukrainian event - Drupal Camp Kyiv 2017. This is a place where experienced back-end, front-end developers, DevOps and managers share their knowledge. Traditionally Drupal Camp took place in two days: a conference day which includes 5 streams of presentations and code sprint where passionate developers can work together for improving Drupal and developing community. A few interesting statistics about this year’s event: 403 attendees, 5 streams of lectures, 42 speaker, 10+ international speakers, 70+ code sprint participants and 100+ patches made during code sprint.
Read more »

Chapter Three: How to implement simple AMP support in Drupal 8

Planet Drupal - Sat, 2017/07/15 - 5:41am

Adding AMP support could be very tricky and complex depending on your project needs. In this blog post I won't be using AMP module. Instead I created something more simple and easier to use for simple AMP integration. The Simple AMP module is still using Lullabot's AMP PHP library. The module is a starter module and most likely won't be very useful out of the box, but it can get you going very fast. It is available for download here https://github.com/chapter-three/simple_amp.

First thing you need to do is to install composer require lullabot/amp, the module won't work without this library.

Once you install the module modify few lines of code in the module:


Valuebound: How to Schedule Automated Tasks in Drupal with Cron?

Planet Drupal - Fri, 2017/07/14 - 4:57pm

Cron, A daemon/background process that runs at periodic intervals of time. It can be run periodically at pre-decided times and intervals. To describe in real time, I have met with a case where i have to fetch the content from a site, where new content might be created everyday and create it on my site. To handle this, i have created a cron job, configured it to run everyday at specific time let’s say at 05.00 AM. So whenever the cron runs, I have written a script to fetch the content that is created on that day and creating on my site. All this is achieved using the cron in Drupal.

Cron is a utility which executes commands at set intervals known as "cron jobs".
According to drupal.org “A "cron job" is a time-triggered action that is usually (and most…


Anubavam Blog: 10 best practices for implementing the Drupal coding standards

Planet Drupal - Fri, 2017/07/14 - 3:18pm
10 best practices for implementing the Drupal coding standards

Learn about the Drupal community coding standards and best practices that every Drupal developer should care whenever writing the code for Drupal. If you are truly committed to Drupal, then you should guarantee the code you contribute back be standards compliant. Here are ten of the best practices for implementing Drupal coding standards:

1. Spacing and Tabbing

  • Use double space (not tab, yes both are different) for indentation 
  • Often, the IDE/Editor that we use for Drupal development aggravates this issue as most of the IDE is configured to use tab for every line-break.
  • Press ensure that it aligns the cursor to the same indent as previous line with tabbing that caused this indentation issue.

2. Code comments

  • Check this link below for Drupal comment standards (https://www.drupal.org/node/1354). Comments are generally defined and used to state what the following line of code or block of code is doing and why we are writing the logic that way if it needs explanation for any future Drupal developer.
  • Three types of comments can be used in Drupal, Single line commenting (starts with //), Multi-line commenting (starts with /*) and Doxygen commenting (starts with /**).
  • Single line commenting and Doxygen commenting has a wide following in Drupal. Even for the comments with more than a line, it is handled with repeat use of single line commenting. The following example shows the usage pattern:

         // The first line of the comment goes here.
        // Some other comment here.
        // Some more comments here.
        // This saves the $node object and creates/updates the node

  • Comments are strictly not to be used to invalidate the code, which means you can’t use the comments to comment-out some set of code that you think are not needed. 
  • If you think some block of code is not really needed, just remove them instead of commenting-it-out. 
  • Sometimes you might find, the block of code that may be needed in future but not needed right now. In such instances, you can invalidate the code by placing those unwanted code in the condition like mentioned below.

         if (0) {
         // Some big logic goes here
        // that are not needed in this release for production

  • The above code gets invalidated, that is will not be executed ever as the condition "if (0)" always returns "FALSE", So the block of code inside that condition will not be executed.

3. Naming the function and variables

  • PHP was just procedural at the time of initial Drupal release. So all the coding standard in Drupal follows as such. That means all the function and variables should follow snake  case structure (as of Drupal7), which means variable names should start with small-letter words and underscore should be used to connect the words if the variable is going to contain multiple words. ($snake_case)
  • With the release of Drupal 8, the naming of variables and functions can also be used using camelCase structure, which means variable names should start with small-letter words with uppercase initials for the connective words in case of multi-word variable. (Eg. $camelCase)
  • In either way, we need to follow only one case throughout the file.
  • What we forget is, we mix cases (camelCase and snake_case) sometimes. This should be avoided. Sometimes we define functions without grouping of the function name. In Drupal, all the functions inside a module should be prefixed with the module name, which is called grouping of the function. This helps in avoiding the name conflicts between modules.

4. Uppercase variables

  • According to Drupal coding standard, UPPERCASE variables are considered as constants whether it's PHP constants (TRUE, FALSE, NULL) or Drupal constants (Eg: LANGUAGE_NONE).
  • Sometimes in order to stress the importance of variables, we name the variables in uppercase. This should be avoided.

5. Operator and logical statements

  •  We often forget to leave a space before and after the usage of operator (Eg. if(arg(0)=='node')). According to the Drupal coding standards, all the operators should have single space before and after the operator (Eg. if (arg(0) == 'node')).
  •  Use single space before the start curly braces. The opening curly should be on the same line as the opening statement, guided by single space. The closing curly brace should be on the end of the block and indented to the same level as the opening statement.

6. Line length and Wrapping

  • In general, all lines of code should be no longer than 80 characters. However, there are exceptions to the character limit for the variable and function name that are quite longer when correctly indented.
  • We often wrap the condition of the control statement for readability. Drupal coding standard encourages us to split the multiple conditions and evaluate each complex conditions into a variable and use that in the control statement for better readability.

7. Module placement

As far as Drupal 7 is considered, all the contributed modules should be grouped under the directory called "contrib" in "/sites/all/modules", whereas the custom modules should go inside "/sites/all/modules/custom". In Drupal 8, the same can be followed or utilize the "/module" directory and use the same grouping of the  modules.

8. Writing Javascript

  • Always use Drupal behavior for your custom scripts which runs every time there is change in DOM elements unlike the traditional jQuery.ready which runs only once during the page execution when the DOM elements are ready.

9. Placeholders for translate function t()

  • Use the placeholders for dynamic strings used inside t() function.
  • Generally t() function is used to translate the given strings, sometimes we might use the dynamic strings inside t() function by concatenating the values, which is the not the best practice formulated by Drupal.


  • return t('@username, welcome to my website', array('@username' => $account->name));

10. Module file

  • Use the module file only for Drupal hooks and some commonly used custom functions that you need frequently. 
  • Use .inc file to define menu callbacks and other helper functions that are not needed to be defined in module file.

If we all code to standards, Drupal will be a stronger, more performant, more secure platform. Drupal will continue to grow and strengthen it’s community due to the quality of it’s codebase. Anubavam has been building Drupal sites and providing services such as Drupal 8 upgrade and migration services, Drupal E-commerce development services, and more. Anubavam is participating in Drupal core development since 2006 and has delivered 250+ projects to 100+ happy clients in 22 countries worldwide.

admin Fri, 07/14/2017 - 09:18 Drupal developer Drupal Application Development

Droptica: Droptica: How we made friends with Codeception and Drupal

Planet Drupal - Fri, 2017/07/14 - 1:26pm
Taking into consideration the fact that most of our products are based on Drupal, the tests should also naturally work best with such projects. This is why we decided to complement the standard functionality of Codeception with some new modules dedicated for Drupal. As in our previous article, all examples listed below will be based on a project based on docker-console, which is why we encourage everybody to read the previous articles first if you didn’t do so yet. If you already have your Codeception project and just want to slightly modify it so that it works better with Drupal, this article is also for you.

FFW Agency: A Shopping Cart is Not an eCommerce Solution

Planet Drupal - Fri, 2017/07/14 - 11:28am
A Shopping Cart is Not an eCommerce Solution Ray Saltini Fri, 07/14/2017 - 09:28

I teach Drupal. A lot. Often when I talk about Drupal I talk about how some people never leave their comfort zone to learn new things. Sometimes I make wise cracks about Flash or ColdFusion. Everyone gets the joke. Soon I'll be joking about standalone shopping carts. I think most people will get that joke too.

It's not that many shopping cart services aren't good. In fact, many are excellent. eCommerce is one of the more mature areas of the internet - after all - selling things is what catapulted the web into prominence and it all happened in the shopping cart. But eCommerce is much more challenging now and to be competitive in today's market businesses need much more than a tool that takes their client's money.

Businesses need to think in terms of Digital Experience Platforms or DXP's.

Questions and Answers

Why is eCommerce so much more complicated?

I once had the soon to be president of Black and Decker stress to me one of the most important questions in business: "What is our product and how do we bring it to market?" he said.

While those are still arguably the most important questions, we understand there are more that need to be asked and answered. Consider the following list.

How can we bring…

  • the right product or service…
  • to the right customers…
  • at the right time…
  • at the right place…
  • in the right condition…
  • in the right quantity…
  • at the right price?

To be competitive in today's retail environment you've got to be able to answer these questions for both online and walk-in customers.

Now answer these:

  • Does your shopping cart help you answer these questions?
  • Does your website help you answer these questions?
  • Do any of your sales channels help you answer these questions?

If you answered yes to any of them, congrats. Now ask:

  • How much are you paying for answers?
  • How much are you failing to earn because you don't have good answers?

Finally ask yourself this set of questions:

  • Do my tools help me flatten my business process or streamline my organization: this should include everything from your supply chain to your sales operations.
  • Do your tools just help you keep your head above water?
  • How much overhead do they add to your business process?
It's the Content, and the Experience

The good news is the answers to many of the market questions are out there for anyone who is able to generate high value content, collect data and turn it into useful information. While that is a huge complex equation it can be answered by the right tools and right decisions. The answers to the questions driving today's markets are in the content and the consumption of that content. The more, better, easily consumed, engaging, provocative content you make and manage the better your answers to your most critical market questions.

I think this simple smart observation about the importance of content published in Forbes by Melissa Pitts way back in 2012 still rings true.

With so much of our lives spent online, it's more important than ever to remember the wisdom expressed in Cluetrain. In case you've forgotten or never read it, it is is still some of the best, most common sense marketing truth out there today.

"Markets are conversations," the now famous line from the 1999 manifesto reads.

Newsflash: shopping carts don't manage content and they don't spark communities or conversations. Digital Experience Platforms start conversations. Think about how Facebook has evolved into an ecommerce powerhouse. Think about all the conversations going on within Amazon - 'Hello Alexa!'

Ask yourself one final question: Does my shopping cart spark conversations?

I have no clue why so many eRetailers still rely so heavily on such limited tools for supporting their eCommerce. I do know they risk being the butt of jokes soon enough.

Repeat after me: 'A Shopping Cart is Not an eCommerce Solution and an eCommerce Solution is not a Digital Experience Platform.'

If you and your organization understand these critical concepts then you are on the right track.

The Only Smart eCommerce Solution is a Digital Experience Solution

Implementing a full fledged DXP solution will help you answer these market questions and much more. Most eCommerce 'solutions' are just shopping carts with a few bells and whistles that fall far short of the DXP mark especially when they can cost you upwards of $15K per year just to access. Shopping cart solutions just don't deliver.

At FFW we work with Drupal extensively. We started working with it because it was a great CMS. With the release of Drupal 8 it's an even better application platform and we continue to work with Drupal and invest in its future because it can be used to build innovative, integrated solutions that drive adoption across organizations and affinities. Drupal helps our clients gather tremendous amounts of data and then turn it into useful information. Drupal helps us deliver content and then harvest information about the visitors that consume that content. That helps us make the right match between consumers, products and services. That is the essence of a great Digital Experience Platform. And that is what helps our clients start to answer the questions that begin with, 'How can we bring the right product or service to market.'

You don't have to take our word for it. Read what the analysts are saying.

In future installments of this blog I'll discuss how Drupal as a Digital Experience Platform can help you engage communities in conversations about their needs and interests and how your message about your product or service can be conveyed authentically. I'll also talk about how it supports critical established trends like omni channel marketing and commerce everywhere. We'll look at how you can use Drupal to flatten your business process and bring your sales team closer to customers.

For more on topics like this and other digital solutions take a look at FFW's special training programs that will give your organization the competitive edge it needs to compete.

Tagged with

Lullabot: Eight Reasons Why Security Matters for Distributed Agencies

Planet Drupal - Fri, 2017/07/14 - 2:08am

As I was doing my deep dive into an IoT camera, a question came up: why does it matter? Sure, any given device might not be secure, but how does that affect employees or our business?

I’m glad you asked!

1. Consumer Routers Are Mostly Garbage

Every home internet connection needs a router and some sort of WiFi network. Otherwise, you’re stuck connecting a single device directly to a cable or DSL modem. Unfortunately, most routers have poor security. The CIA has used home router exploits for at least the past 10 years, and odds are good that non-state actors have been too.

  1. In general, router security is not a selling point, and the lowest-cost routers are the bulk of the market.
  2. In order to reduce costs, routers usually use older hardware, WiFi chipsets, and ship with Linux. Since the WiFi drivers are often proprietary and out of the kernel tree, even new devices often ship with an ancient version of Linux. That means that your shiny new router (like the recently released Netgear Nighthawk X10) might ship with a kernel from half a decade ago (according to their GPL code release), missing security improvements since then [1].
  3. Very few routers offer automatic updates, so even if manufacturers provided comprehensive security updates they would be ignored by the majority of users.

Sometimes, ISPs give or require home users to use routers provided by them, but they have a poor security track record too. In one instance, a router’s DNS settings could be changed, which would let an attacker redirect traffic to servers of their choice.

Why does this matter? In the end, every single bit of internet traffic goes through your router. If an attacker wants to sniff unencrypted traffic, or attempt to downgrade an encrypted connection, this is the place to do it. Your router should be the most secure device on your network, and instead it’s likely the least secure.

Our security team recommends to our employees that their overall security starts with their router.

Try to find devices that offer some sort of automatic update and vendors with a good security record. Consider running an open-source router distribution like pfSense, OPNSense, or OpenWRT that makes it easier to keep up to date. Don’t trust your ISP’s equipment unless they’ve shown they are security conscious.

2. Home Networks Have Untrusted Devices

If you have a family at home, odds are you’ve given out your WiFi password. After all, you want kids or guests to be able to access WiFi when they need it. But, have you checked those devices to make sure they’re secure? What are the odds that the laptop your kid’s friend brought over to do homework on has some sort of virus on it? Or, that your babysitter’s old unpatched Galaxy phone is infected with a rootkit? You wouldn’t want these devices plugged in at work, and they shouldn’t be on the same network as your work devices either.

The easiest way to handle untrusted devices is to use the “guest network” functionality in your WiFi access point.

Usually, these networks limit traffic between devices, and only allow them to communicate out to the internet. Many access points allow multiple guest networks, so you could separate “mostly trusted” devices from “patient zero infection vector” devices [2].

3. Security Includes Privacy Too

Imagine that after reading the previous point, you go out and setup a perfectly secure and segmented network. Then, a grandparent gives your kids internet connected teddy bears. Great! You put them on the kid’s WiFi network, and rest knowing that your work data is secure.

Until you realize that they left the toy in your office, and you had conference calls with enterprise clients talking about unannounced products, and that the teddy bear was uploading all recorded audio to an unprotected database.

One of the best parts of working from home is being able to create your own space, or multiple spaces to work in. But, in sharing that home, you open yourself up to potential leaks and vulnerabilities. Of course, in the above hypothetical, the odds of an attacker combing through those voice recordings and finding something useful is small. Then again, what if your contracts require client notification in the case of a suspected breach? Even if the real risk is small, the impact on your reputation could be huge.

Treat your client data like your personal photo collection, your home budget, or your medical records.

Think not just about ways you can be directly hacked, but about ways data can be intercepted, and how you can limit those vulnerabilities.

4. IoT Devices Punch Holes By Design

What is it that every IoT device markets as being the most important feature? Usually, it’s some combination of “cloud,” “app,” and “integration.” If it’s a security camera, the marketing will almost always show some picture of a person out travelling, viewing their kids at home. Door locks alerting you when they are unlocked. A thermostat detecting you driving home, and starting to warm up the house.

In other words, these devices need to have a two-way connection to the Internet—they need to send statuses out to the cloud, and receive commands from your phone or the cloud. That means they’ve opened a hole through your router.

It might be a surprise, but while your home router is probably the most important security device on your network, they all include methods for devices and applications to open up your network to the Internet—without any sort of authorization or controls. uPNP and NAT-PMP are the most common protocols for this. STUN is also used as it works even if uPNP and NAT-PMP are disabled on the router.

No matter how they do it, IoT devices for the home place accessibility over security almost universally. That is a fundamental conflict with many agency (and customer!) priorities, making every single IoT device employees own a potential threat to your operations.

Prefer “smart” devices that work without an internet connection, or use a separate network entirely such as Zigbee.

As well, disable uPNP and NAT-PMP on your routers, and use a stateful firewall instead of relying on NAT to protect your home network.

5. Hacked Devices Put Private Networks At Risk

I’m sure many are thinking, “it’s OK, we require the use of a VPN for all of our work.” That’s fine, and certainly a good practice. It stops direct attacks on your private services from the broader Internet, and ensures employee’s connections can’t be sniffed by malicious devices at home.

Or… does it?

Ask yourself: how many VPNs do you have for client work that use self-signed SSL certificates? How many intranet sites require you to click through and ignore HTTPS warnings in your browser? How many of your critical domains use DNSSEC? How many client devices are validating DNSSEC signatures?

What prevents a hacked “smart” electrical plug from hacking a router in turn, and then redirecting traffic from there? How likely are you to notice that the self-signed VPN certificate has changed?

VPNs are great, but they’re only a start. The connection process is still vulnerable to attack by other devices on the network. Ignore best practices in but one layer of the system, and the whole thing becomes vulnerable. All because that WiFi thermostat was on sale for $29.99.

Don’t rely on VPNs as the sole method to protect your company.

Make sure all employees are aware of the risks that come with using work resources and VPNs at home, and that they understand the trust that comes with VPN access.

6. Agencies Are Great Targets

How many different clients do you work with today? How many have you worked with in the last year? How many access credentials do you have “on ice,” that are active, but not in daily use?

Imagine a hacker is trying to gain access to an enterprise’s network or data. What’s easier: hacking their well monitored and well-staffed corporate networks, or hacking a remote employee or agency protected by a mere consumer-grade router? And, if the target is not a specific company, but simply a company in a given vertical, agencies are perfect victims. At least, if the agency doesn’t consider security in a holistic and comprehensive manner.

Don’t fall into the “we’re too small to hack” trap.

Just as smart devices might be used as a vector to hack your laptop, your small agency might be used as a vector to hack a client.

7. Enterprises are Great Targets, Too

Ok, so agencies are great targets for hacks, and we should all just give up.

Well, enterprises don’t always have great security either. I’ve worked with companies with hundreds of thousands of employees, who don’t have SSL on a single intranet site. I’ve also seen companies with APIs that have zero authentication, allowing unauthenticated POST requests to modify business critical data. Or, AWS root keys left in cleartext on company wikis or source code.

As agencies, we’re often hired to set the standard for our client’s teams. That means, when we see an SSL certificate fail, we click cancel and call support instead of forcing it through. We use best practices for APIs like request signing instead of plaintext passwords. We change passwords we see posted in Slack, and remind the team to use something like LastPass or GnuPG instead.

But, to do this effectively, we need to have our own security house in order. We need to not just communicate the best practices, but live them ourselves, so we can know we aren’t leading clients towards an unusable and burdensome set of restrictions.

Bake good security practices into how you work with clients.

Follow the same security practices with your own teams, so when you make suggestions to clients you come from a place of experience.

8. The Internet Is A Community

In the Drupal world, we’re always telling our clients how being a part of the community is the best way to build sites efficiently. A hacked web server doesn’t just affect our client’s and their users—it affects other, innocent users online. A server taking part in a DDoS might not be noticeable at all to the server admins—but the other end of the attack is having a very bad day.

For digital agencies, our livelihoods depend on a functional and reliable internet. If we ignore security in the name of hitting our next deadline, we hurt the commons we all need to thrive.

Think about the downstream effects of a security breach.

Remember that the bulk of hacks these days aren’t about data exfiltration, but computing resources for DDoS attacks or spam. Be aware of the common resources your company has (hosting, email, domains, websites) that may be valuable to attackers in their own right simply because they can be used in other attacks.

Technical Notes

[1] I compared their source to the upstream LTS 3.10.105 release, which showed that CVE-2016-3070 was patched in August in commit af110cc4b24250faafd4f3b9879cf51e350d7799. It doesn’t appear that fix is shipped with the Netgear router. It’s possible the fix isn’t required for this hardware, but do we really trust that they’ve done their due diligence for every single patch? It’s a much better practice to apply all security patches, instead of selectively deploying them. Even if they’ve backported security patches, the Linux kernel itself has added significant security features since then, such as Live patching, write-only protection to data, and merges from the grsecurity project.

[2] Another solution is to implement multiple “virtual networks” or VLANs with firewall rules to control traffic. Combined with a managed switch and appropriate access points, you can “tag” traffic to different networks. For example, let’s say you have a Chromecast you want to be able to use from both your work laptop and from phones guests have. A VLAN would let you create three networks (devices, work, and guest), and add rules that allow traffic from “work” and “guest to send traffic to “devices”, but not the other way around. Likewise, “work” could open a connection to a “guest” device, but “guests” wouldn’t initiate a connection to a “work” device. Obviously this requires some learning to set up, but is great for flexibility if you have more than just the simple “guest” scenario.

Header image is Broken Rusty Lock: Security (grunge) by Nick Carter.


Mediacurrent: Introducing the YAML Content Module

Planet Drupal - Thu, 2017/07/13 - 3:52pm

I always look forward to DrupalCon each year for a number of reasons. One of the reasons chief among them is the refreshing excitement of being immersed in the community. I always enjoy the encouragement and guidance our community offers. A number of the conversations I had during DrupalCon offered this same encouragement and guidance to push forward with a public release of a module I've been working on and maintaining privately. Following up on this advice, I'd like to proudly introduce my new module: YAML Content.


Abhishek Lal | GSoC Blog: Examples for Developer #5 Week of Coding

Planet Drupal - Thu, 2017/07/13 - 2:40pm
Examples for Developer #5 Week of Coding Abhishek Lal B Thu, 07/13/2017 - 18:10

Agiledrop.com Blog: AGILEDROP: Travel and Holiday sites on Drupal

Planet Drupal - Thu, 2017/07/13 - 9:40am
As we like to point out, it is summer time and some of you will still go on a vacation. You will rest and gain more energy to later begin with new challenges. It's up to you to decide how you would like to spend your free time. Will you travel or just lay on the beach? Be it either way, you can help yourself with this holiday and travel sites, made on Drupal. There are many exotic places on earth to visit and one is definitely Fiji. It's true that all the flights to the island are long, with the closest one from New Zealand lasts three hours, but the island has a lot to offer. So in order… READ MORE

PreviousNext: Introduction to Drupal Patch Files

Planet Drupal - Thu, 2017/07/13 - 6:06am

I recently joined PreviousNext and was soon getting acquainted with contributing to Drupal core and contrib projects. A big part of the contribution workflow is working with patch files in the issue queue, so I wrote this post to help anyone who wants to know about patching in Drupal.


Boby Aloysius Johnson | GSoC Blog: Major Planning -- week 6

Planet Drupal - Thu, 2017/07/13 - 5:18am
Major Planning -- week 6 boaloysius Wed, 07/12/2017 - 23:18



It is the sixth week of Google Summer of Code 2017. We were engaged in creating an abstraction for using ml-engine with Drupal. The core functions like file upload, ml-engine training jobs, deployment and prediction services etc were created during the first month of GSoC. Please refer the link for the code. This week started with few basic lessons on tensorflow. I continued the search to find the official collection of pre-trained tensorflow models. It didn't find any new result. I have posted three questions in Stack Overflow. One to find the pre-trained models, streaming data to Google Cloud Storage, and the other to know if ml-engine supports all types of tensorflow models.

To use multiple ml-engine projects simultaneously, we need to create a content entity. We propose to store ml-engine configurations as entity base fields and Tensorflow python code inputs as bundle fields. In the below-shown figure, there are few base fields for training and deployment.



This is the sketch of ml-engine entity. It has three parts. Training part includes determining the fields required for tensorflow code and ml-engine configuration. Users are given the scope to select fields custom to their tensorflow code. Deployment part has base fields to set its configuration. Prediction part is for selecting the prediction output data type.
 figure 2 User creates their new projects through this interface. Each project is having its own set of training and deployment jobs.
 figure 3 

Fields can be created to match the input requirement of the tensorflow code. The referred Drupal View will be converted to corresponding CSV file. All referenced files will be uploaded to Google Cloud and will be replaced with the URL. This provides a great flexibility on data types by creating an abstraction layer for the input.


figure 4 

The output corresponding to each model can vary depending on the design of the model. To provide an abstraction, we provide the option to select the returned data types for each project. For example, the response will be encoded as an integer if the selected type is an integer. If it is an image, the returned binary will be written to a jpg file and added to Drupal. For classification, the user will be able to select class corresponding to each index. This can provide a good level of abstraction in handling the prediction output. If needed users extend this module to add more data types. 



figure 5:  

Finally, to do prediction we have to select its field types. Below we have two screenshots showing how we match data to these fields.


figure 6: To map data to a field, we have to go to the node settings and select the ml-engine project. Now go to field settings > edit. 


figure 7:

Select the ml-engine prediction input field and we are done. Similar to the option to match prediction input field, this page will have a checkbox to match the prediction output. If checked, predictions made are stored in this field when the node is saved.


In the coming week, we will be working on implementing this design.


Glassdimly tech Blog: .gitignore by branch

Planet Drupal - Wed, 2017/07/12 - 9:51pm

Have you ever wanted to .gitignore a file by branch?

The classic example for me here is versioning the generated styles.css file on master (which is deployed to production) but not on develop (which is used for pull requests).

Versioning the styles.css file can result in merge conflicts or PRs that are just messy.

Here's the script I used.

Read the comments for installation notes.


Drupal Association blog: Drupal Association and Project Lead Statement Regarding Larry Garfield

Planet Drupal - Wed, 2017/07/12 - 7:48pm

This blog includes two statements. One from Dries Buytaert, as Drupal Project Lead, and another from Megan Sanicki, as the Executive Director of the Drupal Association and the Drupal Association Board.

We recognize that events and conversations earlier this year surfaced many concerns and needs within the community. One in particular is related to Larry Garfield’s role within Drupal. After several conversations with Larry, and careful consideration, we can now provide an update to this situation, our decisions, and Larry’s role moving forward.

We thank you for your patience while we spent many hours meeting with Larry and outside experts to resolve this matter. We recognize that actions were taken quickly before, which resulted in poor communication, and we wanted to avoid this happening again. We made sure to provide the proper time and attention these conversations needed before releasing this follow-up post.

We know our poor communication in the past led to frustration with us and pain for others. For that, we are sorry. We want to learn from this and improve. We listened to the community’s request to provide more streamlined, clear, and easy-to-follow communication. So, this post includes a statement from Dries Buytaert, as Project Lead, followed by a statement from Megan Sanicki, Executive Director of the Drupal Association.

Statement from Dries Buytaert, as Drupal Project Lead

I know there are many people out there still uneasy about where things were left off with regards to Larry's status and uncertainty around why he was asked to leave. I would like to personally clear up these things.

The actions that led me to ask Larry to resign involve a woman who attended Drupal community events with Larry, and was "allowed" to contribute by him. I originally characterized these actions as 'beliefs,' which was inaccurate on my part. To be clear, potential legal and ethical questions were raised by various people, including the Drupal Association lawyers, that this person could be vulnerable and may have been subject to exploitation, which raised the risk of substantial damage to the project.

Based on the legal and ethical risks to the Drupal project caused by Larry’s actions, both the Drupal Association and I needed to take action.

In balancing these questions and this risk, with Larry’s stated desire for privacy, the most obvious solution at the time was to ask him to resign. This was difficult. Larry has been a longtime contributor and colleague, and given the gravity of this situation, I did not communicate as clearly as I should have. When Larry chose not to resign, I took no immediate action with Larry’s role in the community in order to allow more time to better understand the situation and for mediation to occur.

Instead of continuing a dialogue and working towards a solution, Larry chose to end our discussion and share parts of the information surrounding this situation publicly. I understand why Larry blogged, and I support Larry’s — and every community member’s — right to speak out constructively when they disagree with those of us in leadership roles. However Larry’s blogs led people to think that I, and the Drupal Association, doxxed, bullied, and discriminated against him, which we did not. His blog posts led many to think that people who are into kink are not welcome in our community, which is not true. Larry's posts created material disruption to the project and the Association based on incomplete and inaccurate information. Even though Larry saw the negative impact he further inflamed the situation with additional blog posts.

Our current governance model lays out numerous positions that can be held within the project and who has the ability to appoint or remove people from them. Larry’s various roles and who governs them are listed in the table below. Most of Larry’s leadership roles are associated with the Drupal Association, but as project lead, I am responsible for assigning technical leadership positions within the project. Part of my job is to appoint and replace maintainers, to make sure the team functions well; and to make sure the leadership team is effective setting the technical direction of the project as well as collaborating with other members of the Drupal community to achieve our technical vision.

After talking to Larry and consulting other key contributors, I remain steadfast in my decision that it is best for Drupal that Larry should not continue to hold a technical leadership role. I've therefore decided to remove Larry as a core subsystem maintainer and as the PHP-FIG representative for Drupal. Larry will maintain his individual contributor roles which means he can participate in the development of Drupal as a regular member of the community.

Statement from Megan Sanicki, Executive Director of the Drupal Association and the Drupal Association Board

As the Executive Director of the Drupal Association a key part of my job is to protect the Drupal Association and the project from risk and harm. The Drupal Association is the steward of two critical drivers for Drupal’s longevity: Drupal.org and DrupalCon. And we are charged with caring for those spaces. Should the sustainability of the Drupal Association’s be impacted, we would no longer be able to maintain Drupal.org, which would have devastating implications for the project.

As Larry stated in his blog post, he was in a relationship with a woman he describes as “acutely autistic” and “mentally handicapped”. They attended Drupal events together where, in Larry’s own words, he “allowed” her to contribute to Drupal. The Drupal Association Board and I learned about this information from other sources as well as from Larry himself before Larry’s blog post was issued.

I was concerned not only about this person’s well-being, but I also had legal concerns about her ability to give informed consent or whether she was being exploited. The Drupal Association recognizes that Larry did not use the accurate medical terms to describe this person and we also recognize that most vulnerable people have the ability to consent. However, in this case, given the information we received about this person, we were concerned that it was possible that she could not consent. I sought input from board members and from professional experts, including legal counsel, who expressed concern that Larry’s action in his leadership roles created possible legal risk to the organization.

I learned about these issues just as the DrupalCon Baltimore sessions were about to be announced, and in order to give myself time to evaluate the risks, I ended Larry’s role as track chair and removed his session for only DrupalCon Baltimore. Making a decision for just one event provided me the time to better understand the situation and how to address the risks and concerns with appropriate counsel and authorities. The Drupal Association can not and should not investigate or adjudicate legal matters. We referred the situation to our legal counsel and followed their advice by removing Larry from leadership roles and we referred the matter to authorities.

Larry's subsequent blog posts harmed the community and had a material impact on the Drupal Association. including membership cancellations from those who believed we doxed, bullied, and discriminated against Larry as well as significant staff disruption. Due to the harm caused, the Drupal Association is removing Larry Garfield from leadership roles that we are responsible for, effective today.

These roles include being a DrupalCon track chair, DrupalCon speaker, member of the Drupal Association Advisory Board, and a member of the Licensing Working Group. Larry will maintain his individual contributor roles that the Drupal Association governs, which includes attending DrupalCon and contributing on Drupal.org using his Drupal.org user profile. It is important to note that Dries recused himself from the Drupal Association board decisions on this matter to avoid as many conflicts of interests as possible.

As long as Larry does not harm or disrupt the project, he will continue to be a member of the community as an individual contributor. However, we reserve the right to remove Larry's individual contributor roles if that is not the case. Also, we recognize that situations can change over time, so the Drupal Association will revisit these decisions in two years.

I recognize that my communication to Larry and with the community did not provide transparency into this situation and I apologize for the pain and confusion that caused. Our advisors told us not to share these details in order to protect all parties pending evaluation from authorities. Also, when Larry shared these details during the appeal process, he asked us to keep them confidential. It is my hope that this statement provides the clarity that many have been requesting. 

What We Have Learned

Dries, Megan, and the Drupal Association Board of Directors hope that the community can stay focused on healing and the needed discussions about ways we can improve our community.

It is clear that we were unprepared for a challenge of this complexity. We struggled to move forward in a careful, timely, and clear fashion. We need to provide the community with clarity and understanding whenever possible. Many ideas are surfacing from the recent community discussions and we are looking at them to identify other ways to be better prepared for future challenges.

Another key take-away from this incident is that everyone in our community needs to be able to understand the answers to these questions:

  • What is expected of me by the community?
  • What can I expect from the community?
  • How is Drupal governed?
  • How can I participate in governance?

The best way for the community to get these answers is by working together to refine our community governance model. We support this work and we are eager to help the community achieve its vision.

We believe this community is a role model for the world on how to be a great open source community. Even at its messiest, we believe this community is strong and has much to share with other projects and communities. We consistently come together to solve hard problems. Even now, we are coming together to redefine our community governance and we are confident Drupal will become stronger because of it.

If you want to be part of creating a stronger and healthier community for the future, we encourage you to get involved in the discussions taking place on Drupal.org. Plus, you can go here to learn about the findings from the recent Community Discussions that were mediated by Whitney Hess along with the next steps that the community wants to take in evolving governance. We hope you will join this effort.

Governance of Roles

As mentioned in Dries' statement, these are Larry's roles and who governs each one.

Larry Garfield’s Role Role Type Who governs this role Technical Leader (Core Maintainer & PHP FIG) Leadership Role Project Lead DrupalCon Presenter Leadership Role Drupal Association DrupalCon Program Team / Track Chair Leadership Role Drupal Association Licensing Working Group Leadership Role Drupal Association Drupal Association Advisory Board Leadership Role Drupal Association DrupalCon Attendee Individual Contributor - subject to DrupalCon Code of Conduct Drupal Association Drupal.org user profile Individual Contributor - subject to Terms of Service Drupal Association

Drupal Association blog: Welcome to Piyush, and thanks to Srijan.

Planet Drupal - Wed, 2017/07/12 - 7:46pm

We are excited to share the news that we have a new addition to the Drupal Association team - thanks to Srijan.

Last year, we announced the reduction of our team size in order to make the Drupal Association more sustainable. In response, Srijan, a long time Drupal Association Supporter, hired Piyush Jain to work on marketing initiatives and has donated 100% of his time to the Drupal Association.

It’s an incredibly generous contribution and we are extremely grateful for Srijan’s support.

Welcome Piyush

So, please meet Piyush. (In all honesty, he’s been on our team since January, but we’ve been a little slow in our introduction.) He has several years experience in the Drupal community from working at Srijan as well as helping organize Drupal Camp Delhi. We are fortunate to have someone talented, who understands the Drupal culture and is familiar with our programs.

Piyush hit the ground running, helping us promote DrupalCon Baltimore. Now he is working on DrupalCon Vienna, Drupal.org case studies, and Drupal Jobs. Piyush offers a great new perspective and is a valuable addition to the team.

Thank you Srijan and welcome Piyush!


Chiranjeeb Mahanta | Blog: GSoC’17 Coding period | Week #6 | UC-Wishlist

Planet Drupal - Wed, 2017/07/12 - 7:28pm
GSoC’17 Coding period | Week #6 | UC-Wishlist chiranjeeb2410 Wed, 07/12/2017 - 13:28

Abhishek Lal | GSoC Blog: Examples for Developer #6 Week of Coding

Planet Drupal - Wed, 2017/07/12 - 4:33pm
Examples for Developer #6 Week of Coding Abhishek Lal B Wed, 07/12/2017 - 20:03

Himanshu Dixit | Blog: Week 6 : Creating Social Auth Implementers Using The Base Library Of TheLeagueoAuth

Planet Drupal - Wed, 2017/07/12 - 3:47pm
Week 6 : Creating Social Auth Implementers Using The Base Library Of TheLeagueoAuth himanshu-dixit Wed, 07/12/2017 - 19:17

miggle: my weekend at DrupalCamp Bristol 2017

Planet Drupal - Wed, 2017/07/12 - 1:58pm
my weekend at DrupalCamp Bristol 2017Alick Mighall Wed, 12/07/2017 - 12:58 Alick's thoughts on this year's DrupalCamp Bristol.

ADCI Solutions: Drupal 8 core and Symfony components

Planet Drupal - Wed, 2017/07/12 - 1:53pm

Drupal 8 chose a way of involving popular technologies, applying object-oriented methodologies, and adding the Symfony components to Drupal 8 had a huge impact on its development. Thus in this article we will focus on discussing the changes of the common core functionality which were caused by adding the Symfony components.

You will find the simplified code examples that would help you feel the difference between “clear” Symfony and Drupal 8 solutions. We will discuss in details three components which are the basis of Drupal core: DependencyInjection, EventDispatcher and Routing.

Maybe for some of you this will be the key point to a better understanding of the internal structure of Drupal 8 and its architecture.