Gemeinsame Codebasis: Office für Mac soll schneller zu Windows-Pendant aufschließen

heise online Newsticker - 22. Januar 2018 - 12:00
Microsoft liefert wichtige Funktionen wie die gemeinsame Bearbeitung von Dokumenten auf dem Mac nach. Eine zusammengeführte Codebasis soll sicherstellen, dass neue Office-Funktionen künftig umgehend auf andere Plattformen kommen.

Adblocker: Gute Chancen für Adblock Plus vor dem OLG Hamburg

heise online Newsticker - 22. Januar 2018 - 11:00
In einem weiteren Verfahren setzt sich der Anbieter Adblock Plus Eyeo voraussichtlich gegen Verlage durch. Die Richter sahen keinen Wettbewerbsverstoß durch den Werbeblocker.

Rocket Lab Electron bringt drei Satelliten in den Orbit

heise online Newsticker - 22. Januar 2018 - 10:00
Mit dem erfolgreichen Abschluss der Mission "Still Testing" hat die private US-Firma Rocket Lab mit eigenem Raumfahrtbahnhof in Neuseeland ein wichtiges Ziel erreicht.

"Textbombe" chaiOS: Apple stellt Abhilfe in Aussicht

heise online Newsticker - 22. Januar 2018 - 10:00
In der kommenden Woche will Apple per System-Update verhindern, dass sich iPhone, iPad und Mac allein durch den Empfang einer Nachricht zum Absturz bringen lassen. Ältere iOS-Versionen dürften verwundbar bleiben.

NSA-Befugnis zur Massenüberwachung: US-Senat segnet Verlängerung ab

heise online Newsticker - 22. Januar 2018 - 9:00
Dank vieler Stimmen aus dem Lager der Demokraten hat der Senat ein umstrittenes Überwachungsgesetz für weitere sechs Jahre verlängert. Lange war darüber diskutiert worden, ob US-Bürger besser geschützt werden müssen.

Menschenmengen lassen sich nur bedingt per WLAN messen

heise online Newsticker - 22. Januar 2018 - 8:30
Weil nur wenige Nutzer die WLAN-Funktionen ihrer Smartphones deaktivieren, kann man sie leicht aufspüren und zählen. Bei großen Menschenmengen funktioniert das aber nur bedingt.

Adblocker Admop geht vor Axel Springer in die Knie

heise online Newsticker - 22. Januar 2018 - 8:30
Sieg für Axel Springer: Der Hersteller des Werbeblockers Admop zieht sich nach einer Klage des Verlagshauses endgültig zurück. Ob der DOM-Baum einer Webseite urheberrechtlich geschützt ist, blieb ungeklärt.

PreviousNext: Managing Composer Github access with Personal Access Tokens

Planet Drupal - 22. Januar 2018 - 5:20

All PreviousNext Drupal 8 projects are now managed using Composer. This is a powerful tool, and allows our projects to define both public and private modules or libraries, and their dependencies, and bring them all together.

 

However, a if you require public or private modules which are hosted on GitHub you may run into the API Rate Limits. In order to overcome this, it is recommended to add a GitHub personal access token to your composer configuration.

 

In this blog post, I'll show how you can do this in a secure and manageable way.

by Kim Pepper / 22 January 2018

It's common practice when you encounter a Drupal project to see the following snippet in a composer.json file:

"config": { "github-oauth": { "github.com": "XXXXXXXXXXXXXXXXXXXXXX" } },

What this means is, everyone is sharing a single account's personal access token. While this may be convenient, it's also a major security risk should the token accidentally be made public, or a team member leaves the organisation, and still has read/write access to your repositories.

A better approach, is to have each team member have their own personal access token configure locally. This ensures that individuals can only access repositories they have read permissions for, and once they leave your organisation they can no longer access any private dependencies.

Step 1: Create a personal access token

Go to https://github.com/settings/tokens and generate a new token.

You will need to specify all repo scopes.

Finally, hit Generate Token to create the token.

Copy this, as well need it in the next step.

Step 2: Configure Composer to use your personal access token

Run the following from the command line:

composer config -g github-oauth.github.com XXXXXXXXXXXXXXXXXXXXXXX

You're all set! From now on, composer will use your own individual personal access token which is stored in $HOME/.composer/auth.json

What about Automated Testing Environments?

Fortunately, composer also accepts an environment variable COMPOSER_AUTH with a JSON-formatted string as an argument. For example:

COMPOSER_AUTH='{"github-oauth": {"github.com": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}}'

You can simply set this environment variable in your CI Environment (e.g. CircleCI, TravisCI, Jenkins) and have a personal access token specific to the CI environment.

Summary

By using Personal Access Tokens, you can now safely remove any tokens from the project's composer.json file, removing the risk this gets exposed. You can also know that by removing access for any ex-team members, they are no longer able to access your organisations repos using a token. Finally, in the event of a token being compromised, you have reduced the attack surface, and can more easily identify which user's token was used.

 

Tagged Composer, Security, Drupal Security

Agiledrop.com Blog: AGILEDROP: Drupal events in 1st quarter of the year

Planet Drupal - 22. Januar 2018 - 3:40
We've stepped into a beginning of a new year, and there will be many events organised by the Drupal community in the first couple of months. We've made a list of Drupal camps and summits that you can attend in the first quarter of the year. Drupal events are bringing together Drupal developers, site builder, themers, end users and those interested in learning more about Drupal. We are attending Drupal events because of, sessions and collaborative discussions. DrupalCamp NJ 2018 United States, Princeton, NJ The campus of Princeton University 3. February 2018 09:00-18:00 This will be the 7th… READ MORE

fluffy.pro. Drupal Developer's blog: Monolog: namespaced logger?

Planet Drupal - 21. Januar 2018 - 21:47
Using monolg library and monolog-cascade extension you can't configure the "namespaced" loggers. What does it mean? Imagine you have tons of classes and you need to log information from them into a log file. There is nothing special in this. Just define loggers with the needed handler(s) and instantiate them directly in a place where you want them to use with a help of monolog-cascade. It means in your monolog-cascade config file you have to define needed loggers in advance and you have to reference needed loggers by their names. But what if you need an additional logger (with absolutely different handlers/processors) for some of the classes? Will you go through all the classes and change logger names where you instantiate them? I think it doesn't look like a good idea when a small requirement (for instance, change the log file name for records from a bunch of classes) leads to edits in an application code. It's something that must be configurable and that's why I decided to write a tiny library called monolog-cascade-namespaced.
Read more »

DrupalEasy: Testing a local Drupal site emails with Lando and Mailhog

Planet Drupal - 21. Januar 2018 - 19:29

Over the past few months, I've been evaluating three Docker-based local development environments trying to figure out which is best not only for me, but also for students of our long-form Managing Professional Drupal Development Workflows with Pantheon (next semester starts February 17) and Drupal Career Online (March 26) classes.

I've been test driving Docksal (actually, I've been using it for over a year), DDEV Community, and Lando (I'm a recovering Kalabox user) trying to figure out where the "sweet spot" is for flexibility, ease of use, documentation, Windows-compatibility (we routinely have students on Windows machines), performance, and some other criteria.

I recently stumbled upon a cool open source project (thanks Brian!) called Mailhog that makes it dead easy to test outgoing emails from a local development environment. While I tested it on Lando, both Docksal and DDEV both support Mailhog and have supporting documentation here and here

The general idea of Mailhog is that it acts as a local STMP server that by default, doesn't send emails to the addressed recipients. Rather, it includes a clean UI that allows the developer to view outgoing emails. 

Getting Mailhog up-and-running in an existing Lando site is quite easy. Simply add the following to your .lando.yml

 

proxy:
  mailhog:
    - mail.lemp.lndo.site
services:
  mailhog:
    type: mailhog
    hogfrom:
      - appserver


Then, run "lando rebuild". Caution should be used when using this command, as while most services retain their data during a rebuild, some may not. So far, I can confirm that my databases come through just fine. 

After rebuilding, you're just about done. When you run "lando start" the next time, you'll see a new set of URLs for the local Mailhog UI (you can also get this information via "lando info").

 

 

On your local Drupal site, if you're using the SMTP module or another SMTP-based sending solution, be sure to disable it:

 

 

Then, sending an email from a local contact form (screenshot shows a local copy of DrupalEasy.com):

 

 

Results in this in the Mailhog UI:

 

 

Then, if you want to "release" a message to its intended recipient, Mailhog provides you the option to do that as well via a button when viewing an email:

 

 

The button leads to an SMTP settings form:

 

 

Summarizing, regardless of if you're using Lando, Docksal, DDEV, or another local development stack, Mailhog is a great tool to help you test sending emails from your local development environments. 

While the screenshots in the blog post demonstrate setting up Mailhog with Lando, I can confirm that the process is just as easy with Docksal using the documentation, as I was able to configure it for a local client site in about 5 minutes.

For more information about using Mailhog with Lando, see the official documentation page.  
 

Virtual Reality: Oculus legt Förderprogramm für Entwickler auf

heise online Newsticker - 21. Januar 2018 - 19:00
Entwickler von Virtual-Reality-Anwendungen können sich für das Förderprogramm der Facebook-Tochter bewerben, das ihnen unter anderem Developer Kits und eine Lizenz für Unity Plus oder Unreal verspricht.

Airbnb für Autos – US-Platzhirsch nimmt deutschen Markt ins Visier

heise online Newsticker - 21. Januar 2018 - 18:30
Es ist die Zukunft oder der schlimmste Alptraum – je nach dem Verhältnis zum Autos. Auf speziellen Plattformen im Internet können Privatleute ihre Fahrzeuge an Fremde vermieten. Der Marktführer aus den USA hat große Pläne für den deutschen Markt.

Steuerreform brockt IBM Verlust ein

heise online Newsticker - 21. Januar 2018 - 17:30
Vor allem dank boomender Cloud-Dienste konnte IBM den ersten Umsatztzuwachs seit 2012 erreichen. Die Steuerreform von Donald Trump brachte dem Konzern aber erst einmal eine hohe Sonderbelastung.

Missing Link: Von Maschinenethik und Datenschatz der Therapie- und Pflegeroboter

heise online Newsticker - 21. Januar 2018 - 16:30
"Wie groß wäre das Interesse an den Daten von Michael Schumacher!" Roboter in Pflege und Therapie stellen uns vor ganz neue Probleme, was die Ethik im Robotereinsatz und den Datenschutz angeht, meint der Wirtschaftsinformatiker und Ethiker Oliver Bendel.

Lesestoff: Die Kunst der Basic One Liner

heise online Newsticker - 21. Januar 2018 - 15:30
Früher war alles kürzer: Die Wartezeit in der Telekom-Hotline und die Länge der Computerprogramme. Eine beliebte Disziplin war, ein Basic-Programm in einer Zeile unterzubringen. Die Kunst wird immer noch gepflegt.

Hilfs-Roboter im Online-Supermarkt

heise online Newsticker - 21. Januar 2018 - 15:30
Der britische Internet-"Grocer" Ocado nutzt einen Hilfsroboter, um Mitarbeiter im Lager zu unterstützen.

Kommentar: Keine Zukunft mit der Cloud

heise online Newsticker - 21. Januar 2018 - 14:48
Beim Thema Cloud fürchten die meisten Nutzer den Verlust ihrer Daten. Doch für Administratoren wie Anatoli Kreyman geht es um nicht weniger als ihren Arbeitsplatz.

Hate Speech: Facebook, Twitter und YouTube steigern Löschquote

heise online Newsticker - 21. Januar 2018 - 14:30
Braucht es ein Gesetz wie in Deutschland, um das Problem von Hasskommentaren im Internet in den Griff zu bekommen? Die jüngsten Zahlen der EU-Kommission scheinen auf diese Frage eine klare Antwort zu geben.

Meltdown und Spectre im Überblick: Grundlagen, Auswirkungen und Praxistipps

heise online Newsticker - 21. Januar 2018 - 14:30
Der erste Pulverdampf hat sich verzogen: c't 3/2018 fasst die wichtigsten Informationen zu den schweren Sicherheitslücken aktueller Prozessoren zusammen, liefert Messergebnisse und bringt Praxistipps.