Internships and Fellowships

In this fourth part of a four-part series, Yang talks about her background, the projects she's worked on, and the vision for her professional future

There is no one way to change a career path. Palantir.net’s four most recent fellows - Paak, Tessa, Travis, and Yang - all joined us through the DrupalEasy program. With their different professional backgrounds and experiences, each offers a unique perspective into what interested them in Drupal and their journey to becoming integral members of Palantir.net.

In each of their written entries they share, among other insights, how they have each adjusted to a fully-remote workplace, how their own skills supported their success as a Fellow, and the importance of Palantir.net’s culture which encourages asking questions, remaining curious, and reaching out for help.

Here's Yang's story.
 

Where I Started

I was looking for a career change.

I was in the process of getting a nursing degree, but I wasn’t sure that’s what I wanted to do. A couple of years ago, a friend of mine suggested I learn to code.

When the COVID pandemic started, I had a lot of extra time at home (like many people!), and I started watching coding tutorials on YouTube. I found that I was fascinated by the idea of coding, so I took the initiative to learn HTML and CSS on Codecademy. Slowly - but surely - I went on to complete even more web development courses on Udemy. I had learned a lot but still found I didn’t have the confidence in my skill set to apply for any jobs in the field.

Earlier this year, my friend sent me a link about the Palantir.net Fellowship program to attend DrupalEasy. I wasn’t sure that I was qualified for the opportunity, but she encouraged me to apply. So I did.

And now, here I am!

The adventure of learning Drupal is like riding a roller coaster: I felt great one moment, but the next thing I knew, I was banging my head against the railing. Then, rinse and repeat. 

After 12 weeks of DrupalEasy, I had the opportunity to improve and apply my what I learned during my Fellowship at Palantir.net.

The Fellowship program is run by our talented Palantir.net colleagues, with a professional structure and many great resources that accelerate and support our Drupal learning. I also love Palantir.net’s culture, which is very transparent, collaborative, and co-creative. I have learned and continue to learn new things everyday from my coworkers. 

For me, the most important aspect of working here are the people. Everyone contributes, shares, and helps others develop their current skills and learn new ones. When I don’t know something, I feel free to ask questions. I learn from others and feel confident experimenting and making mistakes, learning and growing as I go. 

I’ll be honest: learning Drupal is harder than I thought, but the end result is incredibly rewarding. My advice to others who might be feeling daunted by learning Drupal or to code would be, don’t give up! Keep going! You can do this. 
 

Where I am Now

I know that every great programmer was once a beginner, and that is exactly where I am now.

In the future, I hope to be a great programmer and to pass my own knowledge to the very same community that helped me get where I am today.

There are a lot of talented, welcoming, and fun people at Palantir.net, and my goal right now is to learn as much as I can from others to become a full-stack developer. I am currently beginning to develop my personal skill set. I’ll be taking another PHP course in the near future to gain additional back-end knowledge. 

I know I still have a long way to go, but I look forward to learning new skills every day and applying them to real projects. In my opinion, consistency is the key to learning anything new and, over time, I am confident I will reach each goal I set for myself. I’m unsure whether my future holds being a full-stack developer, project leader, or something else. But the door to opportunity is wide open, and the only real way to get there is by doing the work. 

Fortunately, I am on the right path with the right people.

Community Culture Drupal People

Drupal is known for its robust security features, making it a popular choice for websites that handle sensitive information. Drupal's security architecture includes multiple layers of protection, including secure coding practices, access controls, and input validation. However, even with these built-in security features, it's always a good idea to take extra precautions when it comes to website security.

One of the ways to improve Drupal's security is by installing security modules. These modules provide additional layers of protection and can help mitigate potential vulnerabilities in your site. While it's important to note that no website can be 100% secure, installing security modules can help make your Drupal site even more secure.

Drupal's security architecture is built around the principle of defense in depth, which means that it uses multiple layers of protection to guard against potential threats. For example, Drupal employs secure coding practices to minimize the risk of vulnerabilities in its core codebase. It also uses access controls to ensure that only authorized users can access sensitive parts of the site. Additionally, Drupal has built-in input validation to prevent malicious code from being injected into your site.

Despite Drupal's robust security architecture, there are still potential vulnerabilities that can be exploited by attackers. You know what they say - no software is 100% secure. Installing security modules can help mitigate these risks and provide an additional layer of protection. Some of the most popular security modules for Drupal include Security Kit, Password Policy, and Two-Factor Authentication. Each of these modules provides unique benefits that can help enhance the security of your site.

In conclusion, while Drupal is already a secure CMS, installing security modules can provide an additional layer of protection and help mitigate potential vulnerabilities. By taking proactive steps to improve your site's security, you can help ensure that your sensitive information remains safe and secure. Here I'll be listing seven modules I think you really should consider installing and setting up.

The listed modules are all recently updated and work with Drupal 9 and 10.

1. Password Policy

Password Policy is a module that allows you to enforce strong password policies for your Drupal site. With this module, you can set rules for password complexity, length, and expiration. Password Policy helps reduce the risk of unauthorized access to your site by ensuring that users are using strong and secure passwords.

If you build sites for other, then this is a must. If you build sites for yourself, then I hope that you set strong passwords for yourself.

2. Two-Factor Authentication

Two-Factor Authentication is a module that adds an extra layer of security to your Drupal site. With this module, users are required to provide a second form of authentication, such as a token or SMS code, when logging in. Two-Factor Authentication helps protect your site against brute-force attacks and ensures that only authorized users can access your site.

There is also the module Two Factor Authentication - 2FA / Passwordless Login, which has a recently released version, but I haven't tried that one.

3. Login Security

Login Security is a module that helps prevent brute-force login attacks on your Drupal site. This module limits the number of failed login attempts from a given IP address or user account. You can also configure Login Security to lock out user accounts for a specified period of time after a certain number of failed login attempts. By enabling Login Security, you can reduce the risk of unauthorized access to your site.

4. Automated Logout

Automated Logout is a module that logs users out of your Drupal site after a specified period of inactivity. This module helps reduce the risk of unauthorized access to user accounts by automatically logging out users who have left their sessions open. By enabling Automated Logout, you can enhance the security of your Drupal site and protect your user's data.

Good if you have a lot of users, if you are the only user then it can be quite annoying when having to log in now and then.

5. Honeypot

Honeypot is a module that helps protect your Drupal site against spam bots. This module works by adding hidden fields to your forms that are invisible to users but detectable by bots. When a bot fills out these fields, the submission is blocked, and the bot is prevented from accessing your site. By enabling Honeypot, you can reduce the risk of spam and protect your site's performance.

I have used this module for at least a decade, and no site with forms are complete without it. It really whips the spammer's ass, to paraphrase the old Wimamp slogan. 

6. Content Security Policy

Content Security Policy is a module that helps protect your Drupal site against cross-site scripting (XSS) attacks. This module allows you to specify which sources of content are allowed to be loaded on your site. By setting strict policies for content sources, you can reduce the risk of XSS attacks and ensure that your site's content is safe and secure.

7. Security Kit

Security Kit is a comprehensive security module that provides a suite of security hardening options for Drupal. This module helps protect your site against common security threats such as XSS, clickjacking, and CSRF. Security Kit also provides input filtering options, session security, and helps prevent the injection of malicious code into your site. With Security Kit, you can easily enhance the security of your Drupal site and reduce the risk of vulnerabilities.

When it comes to strengthening your Drupal site, backend-wise, this is the go-to module, IMHO.

So, there you have it. My seven recommendations for strengthening your site's security, in various ways. Let me know in the comments if you think these are good modules to install, or if you have other ways of improving the security of your Drupal site.

The Popular "Become a Drupal Architect Series" Course Starts Soon What is the Architect Series?

Debug Academy created the Drupal Architect Series, a set of five 2.5 hour classes, because we know there are many ways to build a functional website, but not all ways are created equal. And making the wrong choice can lead to long-term headaches when faced with performance, security, caching, or data structure issues.

And it's not your fault. The options are many and can be overwhelming.

PHP. 7.4 is coming to an end of life on October 2022. You have a few options to keep your application secure.

Stephen Pashby's presentation to the Association Executives of North Carolina members about reaching member’s mailboxesinstead of hitting the SPAM filter.

DrupalCon Pittsburgh 2023 is approaching fast! If you haven’t been to a DrupalCon before, Pittsburgh will be a great opportunity to experience the event. You will have the opportunity to connect with other developers, designers, content creators, and business leaders who use Drupal to build websites and digital experiences. DrupalCon offers a range of sessions, including hands-on workshops, technical talks, business case studies, panel discussions, and Birds of a Feather sessions providing attendees with the latest information and best practices for using Drupal to build some of the world's most innovative digital experiences.

What are Birds of a Feature (BoF) sessions?

"Birds of a Feather" (BoF) sessions are formal roundtables or informal gatherings of attendees who share a common interest or topic. They are usually organized during conferences and provide a space for attendees to network, discuss, and exchange ideas and experiences on a specific subject. Unlike normal sessions, BoFs are not typically led by a speaker or panel. They are more of an open discussion among participants. At DrupalCon, BoF sessions can cover a wide range of topics related to Drupal, including technical issues, business challenges, community initiatives, and more.

Why should you attend BoF sessions?

Attending Birds of a Feather (BoF) sessions at DrupalCon is a great way to enhance your conference experience. They provide opportunities to learn and engage with other attendees at the conference. They provide a relaxed and informal setting for attendees to connect, learn, and grow. As an attendee, here are four ways BOF sessions can benefit you at DrupalCon Pittsburgh 2023:

1. Networking: BoFs provide a platform for attendees to network with others who share similar interests and challenges, creating opportunities for building new relationships and collaborations.
2. Knowledge sharing: BoFs allow attendees to exchange ideas, experiences, and best practices on specific topics, providing a deeper understanding of the subject and helping attendees to stay up-to-date with the latest developments.
3. Community building: BoFs contribute to the sense of community at a conference and help to foster a supportive and inclusive environment for attendees.
4. Personal growth: Attending BoFs can help attendees expand their knowledge and skills, and also provide new perspectives on their work and challenges.

When will BoF sessions happen at DrupalCon Pittsburgh?

Birds of Feather sessions happen all day every day of the conference and sessions often run concurrently with other programming. There are designated areas where the BOF sessions are held and a schedule is usually posted outside of the area for sign-ups.

How do I find out about BoF sessions?

In previous years, Birds of a Feather sessions were organized organically at the conference, and they provided ad-hoc meeting areas for informal sessions. This year at DrupalCon Pittsburgh, the Drupal Association is taking session submissions for BOFs to provide more visibility into topics and spread awareness. The Birds of a Feather schedule will be posted one month prior to the conference on the DrupalCon Pittsburgh website, and there will be write-in slots available on-site for ad hoc BoF sessions.

Birds of a Feather sessions are a great way for attendees to take advantage of networking and learning opportunities to make new connections and strengthen existing relationships within the Drupal community. Have a session you are interested in submitting? Submissions are open until the slots are filled! Submit your Birds of a Feather session today.

Introduction

A digital accessibility audit evaluates how well a website or other digital assets follow the Web Content Accessibility Guidelines (WCAG). It also refers to being compliant with each country's related laws or acts, including the Americans with Disabilities Act (ADA), Section 508, Section 504, and the European Accessibility Act (EAA).

clemens-tolboom commented on codatproduction/Procedural-Low-Poly-Trees#4 · February 23, 2023 09:12 clemens-tolboom commented Feb 23, 2023

The smooting is now disabled. I guess the noise is somewhat harder/bumpier. And 4.0-RC3 shadowing on mobile is bad. The project settings is Forward+.

clemens-tolboom commented on godotengine/godot-docs#6801 · February 23, 2023 09:03 clemens-tolboom commented Feb 23, 2023

Its parent class does https://docs.godotengine.org/en/latest/classes/class_noise.html#class-noise

Every iteration of Drupal brings a multitude of security improvements, accessibility improvements, and a host of new features created by the Drupal community.

clemens-tolboom commented on godotengine/godot-docs#6801 · February 22, 2023 20:01 clemens-tolboom commented Feb 22, 2023

And done in 4-0-alpha-6. Noise: Add more noise types, noise color ramp, replace OpenSimplexNoise with FastNoiseLite (GH-56718).

clemens-tolboom commented on godotengine/godot-docs#6802 · February 22, 2023 19:56 clemens-tolboom commented Feb 22, 2023

@raulsntos thanks. Fixed

clemens-tolboom pushed to patch-2 in clemens-tolboom/godot-docs · February 22, 2023 19:55 1 commit to patch-2

• 4b16379 Fix bad C# code

As you may have read in our previous blog post, the Drupal Association is pleased to be hosting Young African Leader Initiative (YALI) Fellow Denaya Dennis! The Mandela Washington Fellowship, YALI’s flagship program, empowers young African leaders. We invite you to get to know Denaya and learn more about his background!

Meet Denaya Dennis

Denaya Dennis is South Sudanese and is passionate about digital education, peace, and people’s development. In 2019, Denaya was a Mandela Washington Fellow at the University of Notre Dame. A graduate of IT, Denaya volunteers as a teaching assistant at the University of Juba, School of Computing, with majors in Business applications and information systems. In 2017 he co-founded Alela Technologies Ltd, a tech company providing ICT services to private, corporate, and public institutions in South Sudan.

Denaya is the founder and Executive of Koneta Hub. This innovation-driven organization uses the approaches of Human-centered design in providing community-driven solutions with an emphasis on digital literacy and rights, business incubation, tech 4 peace, and innovations on the SDGs. Denaya believes in the power of innovation as a driving force for sustainable development!

Within his community, Denaya is also an ICT trainer and mentors young people to learn new skills that are important in today’s job market. As a startup trainer, he strongly believes in the power of Design Thinking in providing long-lasting people and community-driven solutions. Within East Africa, Denaya has volunteered with many organizations in supporting startups as a mentor and innovation challenges judge. His experiences are helping to shape the South Sudan startup ecosystem.

Outside of tech, Denaya is a recording artist singing Christian contemporary songs in the Star Eagles Music, which he co-founded with Tony Manas. Denaya got married to Teddy Grace in December 2022.

I got to know about Drupal when I attended the CMS Africa Summit in 2016 in Kampala, and since then, I have loved everything about Content Management Systems. My desire to use the CMS platforms grew, and I was able to create business opportunities for myself. One thing I am confident about in life is that you can do anything, provided you are committed to it.

- Denaya Dennis

The Drupal Association is thrilled to have Denaya on our team until 2 March 2023!

Introduction

A few months ago, Aaron Crosman posted What I Brought from Drupal to Salesforce. While I've done a lot of CMS/CRM integration work, I've only been integrating Drupal with Salesforce and its related services for a few years. I still consider myself new to Salesforce development and I'm still learning about the open source side of Salesforce at events like Salesforce Community Sprints.

If I do get something wrong, please let me know and I'll update the posts.

Another reason for writing a series highlighting some of the similarities between Salesforce and Drupal is to respond to a recent post by Jacob Rockowitz questioning whether his Blueprint project that leverages Schema.org had a future.

I briefly mentioned Blueprints in a presentation at BADCamp, but I wanted to dive in deeper into Blueprint as well as some of the other features starting to mature in "modern Drupal" where I've seen similar approaches working well in Salesforce.

To keep myself sane, I'm breaking this up into 3 parts;

• Project Browsing - Project Browser and AppExchange
• Schema Management - Blueprint and Educational Data Architecture
• Advanced Configuration Management - Config Patch GitLab API and GearSet

Project Browser and AppExchange

The UI in the work coming out of the Drupal Association's Project Browser Initiative is very similar to Salesforce's AppExchange (and MetaDeploy, AppExchange for open source and Commons supported Salesforce packages).

Visually, the UX of the Project Browser and AppExchange are very similar.

Out of the box, Project Browser isn't really that exciting for developers.

So I can search for modules inside the application I'm building and then go to Composer to composer require drupal/[PROJECT NAME]? Why would anyone get excited about this?

The exciting part of Project Browser isn't using it to browse the same projects on Drupal.org in a different UX, it's being able to customize that experience for a specific use case or infrastructure. A feature that gives users a list of projects they can install directly on a test/sandbox version of their site is a game changer in a higher ed use case.

How do I know?

On the CMS side, we wrote something similar to Project Browser the University of Colorado in Drupal 7 we called Profile Module Manager. While the colorado.edu sites are now run from a monorepo/custom upstream approach on Pantheon, the original on-prem infrastructure paired Profile Module Manager with a custom devops solution to add a "bundle" of code to a site's codebase. The user experience of Profile Module Manager within Web Express in D7 and Project Browser with a customized project feed in D10 will be very similar.

Project Browser won't really be exciting until it can be combined with the Auto Update Initiative work. That work requires Composer 2.3.5 or later which many hosts (including Pantheon) do not support yet.

On the CRM side, when browsing packages and clicking Get It Now of free packages will bring up a prompt asking you where to install the package based on instances you have registered with the account you are authenticated with... or to spin up a new sandbox to test just this package.

While Drupal's Project Browser UX is designed to be used with the CMS instance you are planning to install the package on, it's not hard to imagine large, Drupal centric hosts like Acquia or Pantheon offering customized Project Browser feeds that list platform friendly/approved modules.

Modern Drupal still has to define a way to install front end dependencies required by PHP projects. Salesforce solves this to a certain extent with Lightning Web Components, their open source Web Component foundation.

While there is some traction around #2873160 to use NodeJS installer for Composer and #3340712 to get single directory components into Core, this is still going to be a challenge.

It is also important to acknowledge that most packages you can install through the different Salesforce project browsing services are NOT free or open source. Between the AppExchange and MetaInstall services, you'll find 4 different types of packages.

• Free, Open and Transparently Maintained on GitHub - The Summit Events package maintained primarily by staff from the University of St. Thomas at https://github.com/SFDO-Community/Summit-Events-App is a good example code maintained openly with BSD license.
• Free, maintain by Salesforce - The Educational Data Architecture (EDA) is a good example of this. I'll write more about EDA in Part 2.
• Free, Closed Source - You'll find a mix of free loss leader products, feature limited version with a paid upgrade, and free package that requires a service subscription, but the source of these packages cannot be modified.
• Paid, Closed Source - 75% of packages charge. Most use a per licensed user/per month model. Some offer free trials.

Paid plugins are more common in the WordPress ecosystem, but the underlying plugin code is considered a derivative of WordPress where distribution triggers the GPL-2.0 or later licensing requirement.

Where I think this is going to get interesting is the potential for more commercial Drupal packages in SaaS offerings. We've already seen some large hosts charge for value added services for sites hosted on their infrastructure like Acquia Site Studio. We may see more groups exploit the GPL SaaS Loophole enabling customers to install commercial modules and themes from customized Project Browsers.

As long as the end-user is interacting with your software over a network and you control the hardware / infrastructure the software is running on, that is not considered distribution.

While different than traditional, pure GPL Drupal sites, after seeing the quality in competing packages in Salesforce, I personally think a tier of commercial, closed source modules would be good for Drupal.

clemens-tolboom opened godotengine/godot-docs#6802 · February 22, 2023 15:02 Make more explicit there are noise_types. #6802

It helped me to convert https://docs.godotengine.org/en/stable/classes/class_opensimplexnoise.html to know of types in this example.

+2 -0

clemens-tolboom opened godotengine/godot-docs#6801 · February 22, 2023 15:01 There is no 4D noise in base Noise #6801

+1 -1

clemens-tolboom pushed to patch-3 in clemens-tolboom/godot-docs · February 22, 2023 15:00 1 commit to patch-3

• 34712bb There is no 4D noise in base Noise

clemens-tolboom pushed to patch-2 in clemens-tolboom/godot-docs · February 22, 2023 14:59 1 commit to patch-2

• f26dc08 Make more explicit there are noise_types.

clemens-tolboom pushed to godot-4 in clemens-tolboom/Procedural-Low-Poly-Trees · February 22, 2023 12:14 2 commits to godot-4

• 72d4655 Fix smoothing triangles.
• a6818c7 Whitespace.