HTTPS-Verschlüsselung: Google verabschiedet sich vom Pinning

heise online Newsticker - 2. November 2017 - 7:30
Das Festnageln von Zertifikaten sollte gegen Missbrauch schützen. In der Praxis wurde es jedoch selten eingesetzt. Zu kompliziert und zu fehlerträchtig lautet nun das Verdikt; demnächst soll die Unterstützung aus Chrome wieder entfernt werden.

Honor 6C Pro: Solides Mittelklasse-Smartphone für unter 200 Euro

heise online Newsticker - 2. November 2017 - 7:30
Anfang November kommt die Huawei-Tochter mit einem weiteren Android-Smartphone auf den Markt. Im Dezember soll es dann noch eine größere Bescherung geben.

Sonderheft c't wissen Desinfec't 2017/18 jetzt am Kiosk

heise online Newsticker - 2. November 2017 - 7:00
Ab sofort ist das neue Sonderheft c't wissen Desinfec't 2017/18 mit Heft-DVD im Handel erhältlich. Auf dem Datenträger befindet sich das Live-System Desinfec't, mit dem Sie ein von Trojanern verseuchtes Windows säubern können.

Hook 42: October Accessibility (A11Y) Talks

Planet Drupal - 2. November 2017 - 3:18

This month we had Nicolas Steenhout joining us to talk about "Accessibility: Don't turn off that JavaScript just yet."

The year is 2017, and JavaScript has never been as ubiquitous. Long gone are the days when in order to be considered accessible, pages had to work flawlessly without scripting. Scripting has also come a long way, and developers are now even leveraging the powers of JavaScript to rewrite content in order to make it more accessible to assistive technologies.

Nextide Blog: Maestro D8 Concepts Part 4: Interactive Task Edit Options

Planet Drupal - 2. November 2017 - 3:04

This is part 4 of the Maestro for Drupal 8 blog series, defining and documenting the various aspects of the Maestro workflow engine.  Please see Part 1 for information on Maestro's Templates and Tasks, Part 2 for the Maestro's workflow engine internals and Part 3 for information on how Maestro handles logical loopback scenarios.

Freelock : Freelock Interviewed on Drupal and WordPress Expertise

Planet Drupal - 2. November 2017 - 1:42

In September, Freelock was recognized as a leading web development company in Seattle by Clutch. Not only were we thrilled to be featured in that report and ranked as one of the top three web developers in the area, but we are excited to share that as a result, Clutch interviewed us on our web development expertise.

Drupal PlanetSecurityDrupalWordPressDrupal 8CMS Drupal 6 security update for Autologout 6.x-4.x

Planet Drupal - 1. November 2017 - 22:16

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for the Autologout module to fix a Cross Site Scripting (XSS) vulnerability.

This module provides a site administrator the ability to log users out after a specified time of inactivity.

The module does not sufficiently filter user-supplied text that is shown when logging a user out. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer autologout".

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch.

NOTE: This only affects the Autologout 6.x-4.x branch -- the 6.x-2.x branch (which we also support) isn't vulnerable.

If you have a Drupal 6 site using the Autologout module, we recommend you update immediately.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on

Commerce Guys: Commerce Braintree integration adds PayPal Express Checkout and PayPal Credit support

Planet Drupal - 1. November 2017 - 20:13

Drupal Commerce is more than just a module project. As I laid out in my session at DrupalCon Vienna, it is an entire ecosystem supported by dozens of agencies and powering well over $1.5bn in online transactions annually. This makes Drupal Commerce one of the largest open source eCommerce projects in the world, and it's thanks in no small part to our Technology Partners (comprised primarily of payment providers) that we are able to invest as much of our time in it as we do.

Braintree is one such partner and a fantastic supporter of Commerce 2.x since last Summer. During our sprint to release a beta at DrupalCon Dublin, they sponsored Bojan's time for two weeks to expand and improve the core Payment API.

As a result, they also became the first integrated payment gateway and the test case for any payment provider following their integration pattern - individual iframes embedded into the checkout form for each payment field, making it easy to securely collect payment card data through your own checkout form.

For the initial release of the Commerce Braintree integration on Drupal 8, we targeted basic credit card payment support via their Hosted Fields API. As of this week, we've finalized patches that add support for PayPal Express Checkout and PayPal Credit alongside credit card payment through Braintree. They are a PayPal company, after all!

Customers can pay via credit card on-site or Express Checkout via a modal dialog.

You can test the new features end to end by grabbing the latest release of the Commerce Braintree module and configuring it to work through the Braintree sandbox. If you get stuck, you can find us in the #commerce channel in the Drupal Slack or open an issue in the queue if that's not possible.

Thanks again to Braintree for their support and development sponsorship. If you'd like to learn more about how Technology Partners benefit our ecosystem, consider joining me and Commerce Braintree's D7 co-maintainer Andy Giles this weekend at DrupalCamp Atlanta (Nov. 3-4). I'll present a longer version of my DrupalCon session, Marketing and Selling the Drupal Commerce Ecosystem, and naturally I'll tap Andy to help me answer all your hardest questions. ; )

Streit über Vorratsdatenspeicherung neu entflammt

heise online Newsticker - 1. November 2017 - 19:30
Ein breites Bündnis appelliert an FDP und Grüne, in Koalitionsverhandlungen mit CDU und CSU das Gesetz zur Vorratsdatenspeicherung offiziell zu beerdigen. Die Kriminalpolizei fordert genau das Gegenteil.

Junge deutsche Fotografie: Die Siegerbilder von "gute aussichten 2017/2018"

heise online Newsticker - 1. November 2017 - 19:00
Einmal im Jahr kürt eine Jury des Wettbewerbs „gute aussichten“ die besten Arbeiten von Hochschulabsolventen im Studiengang Fotografie.

Nvidia-Treiber GeForce 388.13 für Need for Speed Payback und Call of Duty WW2

heise online Newsticker - 1. November 2017 - 19:00
Nvidia legt nach: Mit dem Grafiktreiber GeForce 388.13 sollen die PC-Versionen der Spiele Call of Duty WW2 und Need for Speed Payback problemlos spielbar sein.

Vollständig quelloffen: Linux mit einem OpenPOWER-Server einsetzen

heise online Newsticker - 1. November 2017 - 18:30
OpenPOWER-Systeme eignet sich insbesondere für Datenbanken und die Virtualisierung. In Kombination mit Linux erhalten Unternehmen außerdem einen Server, der keine proprietären Komponenten verwendet.

Data Science: Anaconda 5.0 mit neuen Compilern

heise online Newsticker - 1. November 2017 - 18:00
Die quelloffene Distribution für Python und R verspricht höhere Leistung und mehr Sicherheit unter Mac OS X und Linux – dank komplett überarbeiteter Compiler.

Katalogisierungs-App Delicious Library: Amazon kappt API-Zugriff

heise online Newsticker - 1. November 2017 - 18:00
Die Mac-Software darf Daten und Bilder zu eingescannten Produkten nicht länger aus Amazons Datenbank abfragen – und wird so für Nutzer unkomfortabel. Amazon hat dem Hersteller den API-Zugriff nach dreizehn Jahren für viele Länder plötzlich untersagt.

Jetzt patchen: Kritische Schwachstelle in Oracles Identity Manager

heise online Newsticker - 1. November 2017 - 17:30
Mehrere Versionen der Fusion-Middleware-Komponente Identity Manager ermöglichen Angreifern die Systemübernahme per Default-Account. Ein bereitstehendes Update bannt die Gefahr.

Erstes Retina-iPad wird obsolet

heise online Newsticker - 1. November 2017 - 17:30
Apple setzt das kurzlebige iPad 3 einem Bericht zufolge zum Monatsende auf die Liste der "abgekündigten und Vintage-Produkte" – noch vor dem älteren iPad 2. Reparatur und Ersatzteile bietet der Hersteller dann nicht länger an.

Acro Media: Video: What to Expect Now That Drupal Commerce 2.0 is Live

Planet Drupal - 1. November 2017 - 17:12

Lots of live Commerce 2 sites were actively and successfully selling products to people long before the official launch on September 20th. We ourselves were among the early adopters taking advantage of the new functionality available in Drupal 8. But as with any new-and-not-fully-tested technology, there were the inevitable growing pains: missing functionality, bugs, etc. Fortunately, most of those issues are now in the past.

A few core modules that were buggy but are solid now:

  • Promotions and coupons
  • Taxes
  • Payments (supports 30+ payment gateways!)
  • Products
  • Orders

As an added bonus, the Commerce Shipping module that Acro Media helped develop received a full stable release alongside Commerce 2 (which is especially cool when you remember that Commerce 1 launched with no shipping functionality at all). Commerce Shipping features a much improved API and includes support for UPS and FedEx, with USPS to follow shortly.

Acro Media and other community members have been working on a few other associated modules to go along with the Commerce 2 launch. Here are the details:

  • Point of Sale is going to alpha release
  • Commerce Migrate is going to have a new release (likely not a stable release, however, as there is still work to be done migrating edge cases)

    Ubercart to Commerce 2 migrate is mostly done and includes all core stuff like products, customers, orders, taxes, etc.

    Commerce 1 to Commerce 2 migrate is a little rough but is still very usable; an improved version should be ready in October sometime

A cool new Composer based Commerce Kickstart installer is also available! It represents a great improvement over the original Commerce Kickstart and should be easier for everyone to use. You can find that here.

TLDR: The fully supported, stable release of Commerce 2 is live and has lots of cool stuff with it. If you were hesitant to use it to build sites before, you most certainly can go ahead now.

Verdi ruft an drei deutschen Amazon-Standorten zum Streik auf

heise online Newsticker - 1. November 2017 - 16:30
Der Reformationstag am 31. Oktober hat einen Brückentag spendiert und weil Menschen ihre dadurch gewonnene freie Zeit auch dem Online-Shopping widmen könnten, lässt Verdi in einigen Amazon-Logistikzentren streiken.

Nintendo: Kräftiger Gewinn- und Umsatzanstieg dank Nintendo Switch

heise online Newsticker - 1. November 2017 - 16:30
Nintendo fährt dank der Nintendo Switch und deren hochkarätigen Spielen wesentlich höhere Gewinne ein als im Vorjahreszeitraum.

OSTraining: Using the Focal Point Module for Images in Drupal 8

Planet Drupal - 1. November 2017 - 16:24

You most likely created image styles with Drupal's "Scale and crop" image effect. This style allows you to display large images on a smaller scale and save precious screen space.

There is one issue with such styling though. Often the most interesting point of the image gets chopped off. The "Focal Point" contrib module helps avoid this issue.

In this tutorial, you will learn to use this module to select the most important portion of the image you would like to show to your readers.