Matthew Tift: Drupal as an Ethical Base

Planet Drupal - Wed, 2021/06/02 - 5:30pm
Drupal as an Ethical Base Image mtift Wed, 06/02/2021 - 10:30

Last week, when I renewed my yoga teaching credentials through the Yoga Alliance, I was required to agree to an "Ethical Commitment" based on values intrinsic to the practice of yoga, such as ahiṃsā (nonviolence), satya (truthfulness), asteya (not stealing), aparigraha (non-possessiveness), and santoṣa (contentment). While it might seem like such an agreement would be limited to my role as a yoga teacher, these same principles inform decisions that I make in all aspects of my life, including how I build my website.

The page on this site titled "How I Built This Site" describes some of the technical choices I have made to represent myself online. This is the first article in a series of articles that will describe each of these choices in more detail.

This website is built using a content management system called Drupal. The Drupal community is one of the largest free software communities in the world, with more than 1,000,000 contributors working together. The values and principles of the Drupal community align well with the Ethical Commitment to which all yoga teachers certified by the Yoga Alliance must agree. While not all of the ethical commitments overlap, here are a few examples to support my claim:

While words and documents are important, I am more influenced by my lived experiences. In both communities I consistently interact with people and witness behaviors that align with my conception of an ethical life.

One significant difference is the Drupal community's commitment to free software that is difficult to find among yoga teachers. Yoga teachers rely heavily on "free" proprietary services that exploit their users, such as Instagram, Facebook, YouTube, etc. While I have accounts on all of those platforms, I avoid using them whenever possible.

Rather, my online presence relies heavily on Drupal. In this sense, Drupal functions as my "ethical base." Many of the methods I use to communicate with people online — newsletters, RSS feeds, forms, etc. — are provided by Drupal. Certainly there are many ethical alternatives to the tools used by "surveillance capitalists," but Drupal happens to be the one that I know well. I've been using Drupal for more than a decade and I personally know many of the people who contribute to Drupal.

Both yoga and Drupal have improved my life, and there is nothing magical about either of them. Drupal allows me to interact online in a way that feels consistent with my values. People who use Drupal are granted the "four essential freedoms" of free software. While it would certainly be easier to just use the tools provided by Big Tech, I cannot use those tools in good conscience. Drupal is not automatically ethical, and can be used for all sorts of purposes, both beneficial and harmful. In my case, I use Drupal because I wish to be nonviolent, truthful, and kind to all people. For more than a decade Drupal has provided a solid ethical foundation for my online presence.


Lucius Digital: How to set and get data with Drupal's 'tempstore' service | Example code

Planet Drupal - Wed, 2021/06/02 - 2:10pm

If you need a temporary buffer in Drupal to save data to, Drupal's tempstore service might come in handy. We used it for example in a webshop module, where users didn't have a saved address yet and also had to option to never save their address permanently (because of gdpr).

Categories: How to prefill a webform field based on the node/URL being viewed in Drupal 8 or Drupal 9

Planet Drupal - Wed, 2021/06/02 - 2:04pm
How to prefill a webform field based on the node/URL being viewed in Drupal 8 or Drupal 9

In this simple tutorial I will show you how you can fill a webform field with a value based on the node the visitor is viewing.

Robert Roose Wed, 06/02/2021 - 14:04

clemens-tolboom forked clemens-tolboom/godot-engine.easy-charts from fenix-hub/godot-engine.easy-charts

On github - Wed, 2021/06/02 - 1:20pm
clemens-tolboom forked clemens-tolboom/godot-engine.easy-charts from fenix-hub/godot-engine.easy-charts Jun 2, 2021 fenix-hub/godot-engine.easy-charts

A Godot Engine addon for plotting general purpose charts. A collection of Control, 2D and 3D Nodes to plot every chart possible.

GDScript 183 Updated May 21

rachel_norfolk: Would you like to come to my wedding?

Planet Drupal - Wed, 2021/06/02 - 1:18pm
Would you like to come to my wedding? Rachel Wed, 06/02/2021 - 12:18

“Would you like to come to my wedding?” I receive as a Slack message from a friend in the Drupal community.

“Sure! When is it? Where?”

“It’s in November, in Kota”

“Oh - wow - yeah, I’ll come if I can!”

At this point, it seemed like a good idea to look at a map - where on Earth is Kota????


Finalist Blog: Use multiple composer versions simultaneously

Planet Drupal - Wed, 2021/06/02 - 9:04am
Use multiple composer versions simultaneously. Introduction Composer 2 It has been six months since Composer 2 saw the light and I finally dared to deliver some Drupal projects entirely with Composer 2. Anyone who works with composer knows that after years of using `composer require`, you have learnt by now a second language, you can play a new musical instrument, or dive into the downward facing dog with convincing flexibility, as if you were an accomplished yogi. Time and again the upheaval was great when, after getting two cappuccinos, you found out that 'composer require' had…

undpaul: How assistants on websites not only help visitors

Planet Drupal - Wed, 2021/06/02 - 9:04am
Who hasn't browsed a website and didn't find the content they were actually looking by many clicks or even not at all? Until now there was no easy option for the CMS Drupal to use the functionalities of an assistant. So, we developed the Site Assistant module for Drupal and shared it with the Drupal community.

Danny Englander: Drupal 9 DevOps: a Recipe For Setting Up Xdebug 3 With Lando and PHPStorm

Planet Drupal - Wed, 2021/06/02 - 9:00am

For my local Drupal development environment over the past few years, I’ve been quite happy using Docksal for my projects. Recently, I onboarded to a new project that required me to use Lando, another popular local development server. In addition, I use PHPStorm for coding, an integrated development environment or IDE. When I am coding, I consider Xdebug to be of immense value for debugging and defining variables.

Xdebug is an extension for PHP, and provides a range of features to improve the PHP development experience. [It's] a way to step through your code in your IDE or editor while the script is executing.

Getting started: the basic setup

In this article I will share with you my basic setup to get up and running with Xdebug 3. The core of this tutorial requires Lando and PHPStorm to be running on your machine. You can head over to GitHub to grab the latest stable release of Lando. Installing Lando will also install Docker desktop, a containerized server environment. You'll also need PHPStorm to be installed as well. If you have any issues with getting Lando running, you can check their extensive documentation. You can spin up a Drupal 9 site using Lando but as of yet, there is no option that will set it up as a true composer based workflow. Therefore, you can use Composer itself composer create-project drupal/recommended-project to create a new Drupal 9 project and then initialize it with Lando. In this case, you'd need Composer 2 to be setup globally on your local machine but once Lando is up and running, you can then switch to using lando composer... Thereafter, be sure to install Drupal as well.

Configure the Lando recipe

Lando has the notion of "recipes" for specific server setups and you'll want to set up a basic Drupal 9 site running on Lando. The TL;DR for the one I am using is below. This code would go in your .lando.yml file in the root of your project. Noting that any time your change your ...


Mediacurrent: How to Survive Drupal 7 and 8 End of Life

Planet Drupal - Tue, 2021/06/01 - 10:48pm
Are you still on Drupal 7 or 8?

All software, even that of Drupal’s top world ranking open source community, comes with a shelf life.

Drupal 7 is now a decade old, with the advent of Drupal 8 falling just four years behind. These previous major Drupal versions weren’t left in the dust with the release of Drupal 9 in the summer of 2020. But that support has an expiration date coming soon. Both versions 7 and 8 have set “End of Life” dates which means they will no longer be supported by the official Drupal community.

Version 9: Drupal in its Prime

Organizations are moving to Drupal 9 to reap the benefits of fresh features and community-supported innovation. The pace of adoption is faster than ever. It took one month to go from 0 to 60,000 sites on Drupal 9 compared to taking 7 months to get 60,000 sites on Drupal 7. Although good progress is being made with organizations moving to Drupal 9, there are still thousands of Drupal 7 and 8 sites live. If you have a Drupal 7 or 8 site, you need to start planning immediately to ensure you are prepared for support ending.

So, what is Drupal 7 and 8 End of Life?

End of Life marks the date when the Drupal community officially stops supporting older versions of Drupal. The Drupal community has always supported the current and previous versions of Drupal but with the launch of Drupal 9 last year and Drupal 10 scheduled for June 2022, “End of Life” is quickly approaching for Drupal 8 and Drupal 7’s days are numbered as well.

State of Drupal presentation (April 2021)

It might come as a surprise (and seem a little odd) that Drupal 8’s End of Life occurs before Drupal 7’s. There are a couple reasons behind this. First, the transition from Drupal 8 to Drupal 9 is not a significant effort in most cases. Drupal 9 is not a reinvention of Drupal, with only two key differences; updated dependencies and deprecating APIs. The Drupal Association illustrates the transition from Drupal 8 to 9 as just a station on the same track (versus moving the train to a different track entirely for previous upgrades). The other reason is Drupal 8 is dependent on Symfony 3 and Symfony 3’s end of life is November 2021.

Source: Understanding How Drupal 9 Was Made,

For Drupal 7, the original end of life was set for November 2021 but due to the impact COVID-19 had on many organizations who are still on Drupal 7, no dependencies on Symfony 3, and the effort needed to upgrade from Drupal 7 to Drupal 9 (requiring a migration and site rebuild), the date was pushed out a year.

How does this impact you?

Drupal is an Open Source project with a uniquely robust security model:

  • Drupal has a dedicated team of Security professionals who proactively review core and contributed modules for vulnerabilities.
  • When a security vulnerability is identified, the Drupal Security Team is notified and code is quickly fixed to remove the vulnerability.
  • When a fix is available an announcement immediately goes out and a patch is released to the community. Drupal sites are also automatically notified that they need to upgrade.

When Drupal 7 and 8 support ends, there will be no more Drupal core updates to Drupal 7 and 8 - even for critical security issues. The contributed modules that power your site will also no longer be actively tested and reviewed, patches and security evaluation will depend on your internal resources.

A recent study indicates that nearly 12 million websites are currently hacked or infected. Ensuring you correctly handle the security implications of Drupal 7 and 8’s End of Life is essential.

What do YOU need to do?

Without taking active steps to protect your website, you are going to be vulnerable to a security breach. Drupal 7 and 8 are widely-used content management systems that have served as a platform for some of the world’s largest websites. It is public knowledge that support for it will be ending. It’s likely that hacking groups are waiting for official support to end to use security exploits that they have already discovered to increase the number of systems they can access before they're patched.

Mitigating this risk is much easier with an experienced partner. We advise our clients to take the following steps:

  1. Ensure your website will be secure after Community Support ends. You can do this by developing an internal plan to monitor future Drupal 7 or 8 security releases, or engaging with your Drupal hosting provider and agency to cover you while you plan and execute the move off of Drupal 7 or 8.
  2. If you’re on Drupal 7 or 8, it’s likely that the time is now for a reassessment of how you use the web. Partnering with an expert Drupal agency like Mediacurrent will help you to reassess your website plans, determine if your Digital Strategy is effective, and ensure your next platform serves your needs now and can adapt in the future.
  3. Once you have identified the correct platform, plan and execute your migration. By taking care of security first, and securing the right partner, you can take the time to correctly plan and build your next Digital Platform in Drupal.
Learn to love the upgrade

While Drupal 7 and 8 End of Life might mean more work for you, we view it as an opportunity. The way we consume information on the web has changed drastically since Drupal 7 and 8 launched, and if you are still on these versions and not planning on innovating, you are likely putting yourself at a serious competitive disadvantage.

In the longer term, sticking with Drupal 7 or 8 not only means you will be fighting a constant battle against security vulnerabilities, but also that you will be doing so with a dwindling number of allies. As time goes on, Drupal 7 and 8 sites will disappear. Fewer agencies will offer any sort of Drupal support for these versions. The talent pool of developers will dry up - anyone who learns Drupal today will be learning on newer releases.

Upgrading from Drupal 7 or 8 to Drupal 9 is the opportunity to revolutionize the way you think about the web as a business tool. If you have a Drupal 7 or 8 site, you have almost certainly had it for at least five years. How many little usability improvements have you considered in that time? Is your design dated? Does your site build reflect modern practices in SEO (Search Engine Optimization), accessibility, and user experience?

With Drupal 9, Upgrading is about more than just security

Out of the box, Drupal 9 offers a significantly more powerful feature set that allows you to build the modern digital experiences you need to compete on today’s web.

At this time, no new features are being added to Drupal 7 or 8. All the innovation is happening in Drupal 9!

Look at Drupal 9’s core features:

All the best of Drupal 8 - Drupal 8 came with many new features such as an improved authoring experience with Layout Builder, an API-first architecture that opens the door to a decoupled CMS, TWIG templating engine for improved design capabilities, and built-in web integrations to name a few. All of these features are carried over to Drupal 9.

Intuitive tools - Improving Drupal’s ease-of-use remains a top priority. Easy out of the box, a new front-end theme, and automatic updates are among the strategic initiatives for Drupal core.

Future upgrades - Upgrades will be seamless for future releases. You will no longer be forced to replatform as new versions are released.

Stay on the edge of innovation - Adopting Drupal 9 will give you access to the latest new feature releases, happening twice a year.

Powerful Distributions - If you’re planning a Drupal 9 project, you don’t have to start with a blank slate. Drupal distributions like Rain CMS can be used as the “starter” for your next Drupal project.

Prepare for an upgrade with a Drupal 9 Audit

Upgrading can certainly come with challenges. As you start planning for an upgrade, a good starting point is performing a readiness audit. An audit assesses the level of effort and provides recommendations for a smooth migration path to Drupal 9.

For more information on our Drupal 9 Readiness Audit, or to start the discussion about transitioning to Drupal 9, please visit our contact page or chat with us right now (see bottom right corner of the page). We would be happy to talk more about your project.

Categories: blog: Security Team Post-Mortem for SA-CORE-2021-003

Planet Drupal - Tue, 2021/06/01 - 6:44pm

The Drupal Core security release SA-CORE-2021-003 on May 26th, 2021 was delayed by a combination of infrastructure issues, causing the release to be delayed to outside the planned release window. This post-mortem blog explains the circumstances, and how the Drupal security team and Drupal Association are collaborating to improve the situation for the next release.

On 2021-05-25, the Drupal Security team published a PSA about an off-cycle release for Drupal Core. Typically, the Drupal security team will publish PSA's about releases under a few conditions:

  1. If the release is off-cycle (core security releases are on the 3rd Wednesday of the month
  2. If the release is highly critical, the security team will issue a PSA before the normal window.

For SA-CORE-2021-003 the release was off-cycle because it related to a 3rd party library, and so a PSA was issued.

At 1:30 eastern on 2021-05-26 the release process started. This normally takes 20-45min. The PSA had triggered a large amount of "bot" like traffic to our GitLab infrastructure.

Because of the nature of this particular commit as a change to the integration points of a 3rd party dependency, the diff was exceptionally large. As a result, each request to commit pages in the Drupal GitLab instance was significantly more resource-intensive than average.

The load on the GitLab infrastructure caused the systems that create the packages and update subtree splits to become unstable.

Key points
  • A PSA was sent in advance of the release because it was happening outside the normal core cycle.
  • This PSA resulted in large amounts of traffic to and to our GitLab installation, and in particular, a large number of people and scripts looking at the commit history for new commits - even before the release was published.
  • Because of the nature of this particular commit, the diff was exceptionally large, and each request to commit pages triggered a heavy syntax highlighting operation.
  • Once the commit was pushed to git, even before the packaged release was available, requests from CI systems and Composer increased dramatically.
  • These combined factors resulted in the release packaging process itself being blocked on 500 errors, unable to populate a key db table in the middle of the pipeline process.
  • We mitigated this by blocking the most aggressive automated traffic that was repeatedly attempting to gather commit information.
  • This allowed us to complete the packaging process, and get the packaged release out. 
  • In the meantime, the load on the GitLab instance itself remained high, resulting in slowdowns and 500 errors for several hours, as it gradually cleared. 
Future mitigations: 

We are still evaluating potential mitigations for future release windows, but they may include one or more of the following strategies:

  • Improving log collection from our GitLab servers for better diagnosis of issues.
  • Enforcing static archiving on GitLab commit pages, either temporarily or permanently.
  • Investigating the possibility of separating web traffic from Git traffic for our GitLab instance, or at least to reduce load spikes and provide dedicated git resources to the packaging job. 
  • Dividing read-only traffic between the GitLab primary and the replica, for which we have a plan.
  • Deliberately redirect all non-cached traffic until packaging completes.

These mitigations should help ensure that the full release process can be completed within the specified window.


The final aspect of this release that was disruptive was communication. We recognize that communication gets sparse whenever there is an unexpected delay, because the team is fully occupied trying to resolve any issues as quickly as possible. In future, we'll try to designate a person to handle communications, so that if we have to update the expected release time, we do so in a timely manner.

In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

You can also get RSS feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.

Finally, you can communicate with the security team and other community members in Drupal Slack, in the #security-questions channel.

As a long-term goal, we know our international community members would benefit from more peace of mind when updating sites. We hope a combination of the in-development Automatic Updates initiative and the Drupal Steward program for highly critical vulnerabilities can help these international teams. 


clemens-tolboom opened a pull request in coppolaemilio/dialogic

On github - Tue, 2021/06/01 - 3:36pm
clemens-tolboom opened a pull request in coppolaemilio/dialogic Jun 1, 2021 Inline anchors refs don't work #332

Ie this is not working due to the dash - I had to remove the ❤️ from credits to make it work. I also ma…

+6 -6

clemens-tolboom pushed to patch-1 in clemens-tolboom/dialogic

On github - Tue, 2021/06/01 - 3:34pm
clemens-tolboom pushed to patch-1 in clemens-tolboom/dialogic Jun 1, 2021 1 commit to patch-1
  • d5aadd2 Inline anchors refs don't work

clemens-tolboom forked clemens-tolboom/dialogic from coppolaemilio/dialogic

On github - Tue, 2021/06/01 - 2:37pm
clemens-tolboom forked clemens-tolboom/dialogic from coppolaemilio/dialogic Jun 1, 2021 coppolaemilio/dialogic

💬 Create dialogs, characters and scenes to display conversations in your Godot games.

GDScript 750 1 issue needs help Updated Jun 1

Golems GABB: Your definitive guide to creating a Drupal 9 theme

Planet Drupal - Tue, 2021/06/01 - 1:45pm
Your definitive guide to creating a Drupal 9 theme Editor Tue, 06/01/2021 - 14:45

A website’s theme does much more than define its layout, color scheme, or typography. Through all the technical elements, a theme fulfils its true mission, which is to create your brand’s identity and make your website a visually attractive and user-friendly place — the place your customers will love!

When it comes to website themes, Drupal 9 offers very flexible options. You can choose between using a core Drupal theme, installing a contributed one, or creating a Drupal 9 theme for your website based on specific requirements. The third option is the top choice for many websites because it allows developers to have no limits in customization. That’s why, the Golems team would like to share a guide to creating a Drupal 9 theme.


Specbee: Configuring your Drupal Project on CircleCI – An Introduction

Planet Drupal - Tue, 2021/06/01 - 12:19pm
Configuring your Drupal Project on CircleCI – An Introduction Mahananda Kawale 01 Jun, 2021 Top 10 best practices for designing a perfect UX for your mobile app

DevOps today is considered to be the most effective approach for software development and deployment.  Software service providers can now decrease development complexities, and continuously deliver top-quality, innovative software. Continuous Integration (CI), Continuous DElivery (CDE), and Continuous Deployment (CD) are some of the key processes that allow speedy deployment and delivery of software without compromising on quality.

CircleCI is one of the simplest continuous integration and continuous delivery (CI/CD) platforms that helps development teams release code rapidly and automate the build, test, and deploy process using Docker containers. It is a reliable platform that works well with languages like Php, Ruby, Python, NodeJS, Java, and Clojure. CircleCI provides built-in support for parallelism that can be accomplished across developer options. It is considered as a scalable option with a better UI.

In this article, we will discuss more about CircleCI, CI/CD and how you can configure your Drupal project on CircleCI.

But First, what is CI/CD?


Continuous Integration is a practice to merge all developers code into a shared central repository. CI is a coding philosophy and set of practices that drive the development team to implement the changes and check the code into the central repository frequently. Because most applications require the code in different platforms and tools, the team needs to integrate and validate its changes.

Whereas, Continuous Delivery is the ability to get changes of all types including new features, configuration changes, bug fixes, and experiments into production, or into the hands of users, safely and quickly in a sustainable way.

A CI/CD pipeline is a full set of processes that run when you trigger work on your projects or commit your changes on the central repository. Pipelines have your workflows, which coordinate your jobs, and this is all defined in your project configuration file.

Configure your first Drupal project in CircleCI

Step1: Create a repository in Bitbucket


Step2: Push your Drupal application code to the repository. Here are some git commands to help you to commit your changes in Bitbucket.

git init git remote add origin git add git status git commit -m "first commit" git push origin master

Step3: Login to the CircleCI using Bitbucket


Step 4: Set up your Drupal project


Step5: Setup .circleci/config.yml

CircleCI will find and run the config.yml and interact with the code to orchestrate your build, tests, security scans, approval steps, and deployment. CircleCI treats the configuration as code which is why it has been orchestrated through a single file.

Our current code structure looks like this:

Workflows Configuration

Workflows support several configurations, some of them are listed below:

  1. Sequential job execution 
  2. Parallel job execution 
  3. Fan-in/fan-out in a repo 
  4. Branch-level filtering for job execution

Fan-in/fan-out in a repo is ideal for a more complex build orchestration and for teams who want to run different test suites against commits to getting faster feedback. It allows you to run multiple jobs in parallel that lead up to a singular job and vice versa from a singular job to multiple jobs. 

See the following example of a Drupal startup kit:

Troubleshooting a failed pipeline job

You can access your build job via SSH in CircleCI very easily. You can run your failed job via SSH. You can debug your failed job and rerun only that failed job. No need to run the entire pipeline.

Check out the following example:

You can click the job and see the details of where it has failed and the reason for the failure.


You will then get the rerun option where you can rerun the pipeline from the failed job. Also, you can debug the same via SSH.


CircleCI provides an easy setup and maintenance platform to the developers. Developers can easily create tasks using .circleci/config.yml. It is a cloud-based platform so you don’t need to manage servers. It is also very easy to debug. CircleCI has built-in assistance for Docker in the workflow that can be reached by inserting in the services segment of the circle.YAML script. Need assistance with deploying your next Drupal project on CircleCI? Contact our Drupal experts today!

Drupal Development Drupal Planet Drupal Tutorial Shefali ShettyApr 05, 2017 Subscribe For Our Newsletter And Stay Updated Subscribe

Leave us a Comment

  Shefali ShettyApr 05, 2017 Recent Posts Image Configuring your Drupal Project on CircleCI – An Introduction Image Adding custom oEmbed providers to remote video media source with Drupal 9 & Drupal 8 oEmbed Providers module Image A Brief Guide to Software Testing - Standards and Processes Want to extract the maximum out of Drupal? TALK TO US Featured Success Stories

A Drupal powered multi-site, multi-lingual platform to enable a unified user experience at SEMI.


Discover how our technology enabled UX Magazine to cater to their massive audience and launch outreach programs.


Discover how a Drupal powered internal portal encouraged the sellers at Flipkart to obtain the latest insights with respect to a particular domain.



ARREA-Systems: Jitsi video integration

Planet Drupal - Tue, 2021/06/01 - 5:00am
Jitsi video integration Arrea Systems Tue, 06/01/2021 - 11:00 Ek_jitsi 8.x-1.0-beta4 release


EK_jitsi is an integration of Jitsi video conferencing solution.

By installing this module you can:


clemens-tolboom pushed to master in KennisnetwerkDataScience/Wifi-punten-in-Leeuwarden

On github - Mon, 2021/05/31 - 1:46pm
clemens-tolboom pushed to master in KennisnetwerkDataScience/Wifi-punten-in-Leeuwarden May 31, 2021 2 commits to master
  • 7aa0848 Merge pull request #15 from KennisnetwerkDataScience/dependabot/pip/G…
  • a4b99b4 Bump tensorflow from 2.4.0 to 2.5.0 in /Groep 5

clemens-tolboom merged a pull request in KennisnetwerkDataScience/Wifi-punten-in-Leeuwarden

On github - Mon, 2021/05/31 - 1:46pm
clemens-tolboom merged a pull request in KennisnetwerkDataScience/Wifi-punten-in-Leeuwarden May 31, 2021 Bump tensorflow from 2.4.0 to 2.5.0 in /Groep 5 #15

Bumps tensorflow from 2.4.0 to 2.5.0. Release notes Sourced from tensorflow's releases. TensorFlow 2.5.0 Release 2.5.0 Major Features and Improve…

+1 -1