Uni Hannover eröffnet "Roboterfabrik" zur Nachwuchsförderung

heise online Newsticker - 26. Oktober 2017 - 9:30
Mit der nun eröffneten "Roboterfabrik" will die Leibniz Universität Hannover Schüler, Azubis und Studenten an die Robotik heranführen. Sie soll anderen Standorten als Vorbild dienen.

AOC Q3279VWF: 31,5-Zoll-Display mit WQHD und 10-Bit-Farben für 270 Euro

heise online Newsticker - 26. Oktober 2017 - 9:30
Der AOC Q3279VWF zeigt 1,07 Milliarden Farben, bietet eine große Bildfläche und eine laut AOC gute Blickwinkelstabilität.

#BadRabbit: Wohl immer mehr Ziele von neuem Kryptotrojaner getroffen

heise online Newsticker - 26. Oktober 2017 - 9:00
Die russische Nachrichtenagentur Interfax ist am Dienstag durch einen Hackerangriff lahmgelegt worden. Fast alle Server seien betroffen, sagte der stellvertretende Generaldirektor Alexej Gorschkow. Es sei unklar, wann das Problem behoben werden könne.

Sonderheft c't wissen Desinfec't 2017/18 vorbestellbar

heise online Newsticker - 26. Oktober 2017 - 9:00
In der aktuellen Ausgabe von c't wissen dreht sich fast alles um das Sicherheitstool der c't-Redaktion: Desinfec't 2017/18. Das komplett überarbeitete Tool bootet direkt von der Heft-DVD und kann Windows-Computer von Trojanern befreien.

Bitcoin Gold: Weitere Kryptowährung spaltet sich vom Bitcoin ab

heise online Newsticker - 26. Oktober 2017 - 9:00
Schon wieder trennt sich ein neues Kryptogeld-Projekt vom Urvater Bitcoin – Bitcoin Gold will das Mining mit Grafikkarte wieder möglich machen. Zum Start gab es einen DDoS-Angriff auf die Seite des Projekts.

Computer-Gesichtserkennung im Bahnhof – Proteste abgeflaut

heise online Newsticker - 26. Oktober 2017 - 9:00
Vor Beginn des sechsmonatigen Testlaufs war der Protest laut. Überwachungskameras, die Gesichter erkennen – das sorgte bei Datenschützern für Sorgenfalten. Nun sind knapp drei Monate verstrichen. Von Widerstand ist nicht mehr viel zu bemerken.

iPhone X: Apple nennt Details zu Vorbestellung und Verkaufsstart

heise online Newsticker - 26. Oktober 2017 - 9:00
Am Freitag, den 3. November kommt das iPhone X in 55 Ländern in den Handel. Die hauseigenen Ladengeschäfte öffnen früher als gewöhnlich und sollen Geräte verfügbar haben – wenn man sich früh anstellt.

Appnovation Technologies: Meet the Appnovation Fall 2017 Co-ops

Planet Drupal - 26. Oktober 2017 - 9:00
Meet the Appnovation Fall 2017 Co-ops Get to know Appnovation's Fall 2017 cohort of post-secondary co-op students. This September 2017 has been both busy and exciting here at Appnovation! We've relocated to a brand new office in the Railtown area of Vancouver, BC, we've hopped into a brand new fiscal year, and we've hired a super cool group of co-op students to help break in the n...

Facebook startet zweiten Newsfeed

heise online Newsticker - 26. Oktober 2017 - 8:00
Still und leise hat Facebook den "Explore Feed" eingeführt, der Nutzer zu Content außerhalb ihres Freundeskreises führen soll. In einigen Regionen testet der Konzern aber andere Optionen, die dieser Feed ermöglichen kann.

Actions on Google: Apps für den Assistant

heise online Newsticker - 26. Oktober 2017 - 8:00
Mit "Actions on Google" erweitert man den Google Assistant, wie man es von den Skills für Amazons Alexa kennt. Seit heute stehen die ersten Erweiterungen für Googles Sprachassistenten zur Verfügung.

Gericht untersagt Verbreitung von Aufnahmen aus dem Kölner Dom zu politischen Zwecken

heise online Newsticker - 26. Oktober 2017 - 6:30
Nach einem Urteil des Landgerichts Köln kann die katholische Kirche die kommerzielle und politische Nutzung von Fotos und Filmen aus dem Kölner Dom verbieten.

AMD Ryzen: Prozessor-Preise sinken

heise online Newsticker - 26. Oktober 2017 - 6:30
Obwohl Intel die Core-i-8000-Sechskerner für Desktop-PCs noch immer nicht liefern kann, sind die Preise einiger AMD-Ryzen-Prozessoren deutlich gesunken.

Celebgate: Dritter Mann wegen illegalen Zugriffs auf Promi-iCloud-Accounts belangt

heise online Newsticker - 26. Oktober 2017 - 6:00
Ein 32-jähriger Amerikaner will sich dazu schuldig bekennen, per Phishing Zugriff auf über 550 iCloud- und Gmail-Accounts erlangt zu haben. Die Verbreitung von Nacktfotos konnte ihm nicht nachgewiesen werden.

Flattr-Neuauflage bezahlt Content-Ersteller automatisch

heise online Newsticker - 26. Oktober 2017 - 6:00
Mit der neuen Version des Mikro-Bezahldienstes soll es Nutzern einfacher machen, die Ersteller ihres Lieblings-Contents zu belohnen. Die neuen Eigentümer haben hochgesetzte Pläne.

PreviousNext: Lightning talk: Database Deadlocks & Render caching - A case study

Planet Drupal - 26. Oktober 2017 - 4:46
Share:

In this week's Lightning talk, I go through a case study on an investigation into Deadlocks and Render caching and why cache contexts are so important to get right. Check out the video below to find out how we were able to withstand 10x the throughput with smarter caching.

by Adam Bramley / 26 October 2017 Tagged Cache Contexts, Drupal 8

Posted by Adam Bramley
Senior Drupal Developer

Dated 26 October 2017

Add new comment

Agiledrop.com Blog: AGILEDROP: History of the Druplicon, the famous Drupal symbol

Planet Drupal - 26. Oktober 2017 - 3:54
Does everybody know a story how the Drupal was created? It's quite interesting. Dries Buytaert and Hans Snijder were students at the University of Antwerp back in 2000. Back then a broadband internet connection was a luxury, so Hans and Dries set up a wireless bridge among the student dorms to share Hans’s ADSL modem connection among eight students. Dries made an online forum, where they shared news like where they were meeting, having dinner, etc. This software was nameless for a while. Then Dries graduated and left the dorm. They wanted to stay in touch so the internal site had to go… READ MORE

Lullabot: Decoupled Drupal Hard Problems: Image Styles

Planet Drupal - 26. Oktober 2017 - 0:52

As part of the API-First Drupal initiative, and the Contenta CMS community effort, we have come up with a solution for using Drupal image styles in a decoupled setup. Here is an overview of the problems we sought to solve:

  • Image styles are tied to the designs of the consumer, therefore belonging to the front-end. However, there are technical limitations in the front-end that make it impossible to handle them there.
  • Our HTTP API serves an unknown number of consumers, but we don't want to expose all image styles to all consumers for all images. Therefore, consumers need to declare their needs when making API requests.
  • The Consumers and Consumer Image Styles modules can solve these issues, but it requires some configuration from the consumer development team.
Image Styles Are Great

Drupal developers are used to the concept of image styles (aka image derivatives, image cache, resized images, etc.). We use them all the time because they are a way to optimize performance on our Drupal-rendered web pages. At the theme layer, the render system will detect the configuration on the image size and will crop it appropriately if the design requires it. We can do this because the back-end is informed of how the image is presented.

In addition to this, Drupal adds a token to the image style URLs. With that token, the Drupal server is saying I know your design needs this image style, so I approve the use of it. This is needed to avoid a malicious user to fill up our disk by manually requesting all the combinations of images and image styles. With this protection, only the combinations that are in our designs will be possible because Drupal is giving a seal of approval. This is transparent to us so our server is protected without even realizing this was a risk.

The monolithic architecture allows us to have the back-end informed about the design. We can take advantage of that situation to provide advanced features.

The Problem

In a decoupled application your back-end service and your front-end consumer are separated. Your back-end serves your content, and your front-end consumer displays and modifies it. Back-end and front-end live in different stacks and are independent of each other. In fact, you may be running a back-end that exposes a public API without knowing which consumers are using that content or how they are using it.

In this situation, we can see how our back-end doesn't know anything about the front-end(s) design(s). Therefore we cannot take advantage of the situation like we could in the monolithic solution.

The most intuitive solution would be to output all the image styles available when requesting images via JSON API (or REST core). This will only work if we have a small set of consumers of our API and we can know the designs for those. Imagine that our API serves to three, and only three, consumers A, B and C. If we did that, then when requesting an image from consumer A we would output all the variations for all the image styles for all the consumers. If each consumer has 10 - 15 image styles, that means 30 - 45 image styles URLs, where only one will be used.

undefined

This situation is not ideal because a malicious user can still generate 45 images in our disk for each image available in our content. Additionally, if we consider adding more consumers to our digital experience we risk making this problem worse. Moreover, we don't want the presentation from one consumer sipping through another consumer. Finally, if we can't know the designs for all our consumers, then this solution is not even on the table because we don't know what image styles we need to add to our back-end.

On top of all these problems regarding the separation of concerns of front-end and back-end, there are several technical limitations to overcome. In the particular case of image styles, if we were to process the raw images in the consumer we would need:

  • An application runner able to do these operations. The browser is capable of this, but other more challenged devices won't.
  • A powerful hardware to compute image manipulations. APIs often serve content to hardware with low resources.
  • A high bandwidth environment. We would need to serve a very high-resolution image every time, even if the consumer will resize it to 100 x 100 pixels.

Given all these, we decided that this task was best suited for a server-side technology.

In order to solve this problem as part of the API-First initiative, we want a generic solution that works even in the worst case scenario. This scenario is an API served by Drupal that serves an unknown number of 3rd party applications over which we don't have any control.

How We Solved It

After some research about how other systems tackle this, we established that we need a way for consumers to declare their presentation dependencies. In particular, we want to provide a way to express the image styles that consumer developers want for their application. The requests issued by an iOS application will carry a token that identifies the consumer where the HTTP request originated. That way the back-end server knows to select the image styles associated with that consumer.

undefined

For this solution, we developed two different contributed modules: Consumers, and Consumer Image Styles.

The Consumers Project

Imagine for a moment that we are running Facebook's back-end. We defined the data model, we have created a web service to expose the information, and now we are ready to expose that API to the world. The intention is that any developer can join Facebook and register an application. In that application record, the developer does some configuration and tweaks some features so the back-end service can interact optimally with the registered application. As the manager of Facebook's web services, we are not to take special request from any of the possible applications. In fact, we don't even know which applications integrate with our service.

The Consumers module aims to replicate this feature. It is a centralized place where other modules can require information about the consumers. The front-end development teams of each consumer are responsible for providing that information.

This module adds an entity type called Consumer. Other modules can add fields to this entity type with the information they want to gather about the consumer. For instance:

  • The Consumer Image Styles module adds a field that allows consumer developers to list all the image styles their application needs.
  • Other modules could add fields related to authentication, like OAuth 2.0.
  • Other could gather information for analytic purposes.
  • Maybe even configuration to integrate with other 3rd party platforms, etc.
The Consumer Image Styles Project

Internally, the Consumers module takes a request containing the consumer ID and returns the consumer entity. That entity contains the list of image styles needed by that consumer. Using that list of image styles Consumer Image Styles integrates with the JSON API module and adds the URLs for the image after applying those styles. These URLs are added to the response, in the meta section of the file resource. The Consumers project page describes how to provide the consumer ID in your request.

{ "data": { "type": "files", "id": "3802d937-d4e9-429a-a524-85993a84c3ed" "attributes": { … }, "relationships": { … }, "links": { … }, "meta": { "derivatives": { "200x200": "https://cms.contentacms.io/sites/default/files/styles/200x200/public/boyFYUN8.png?itok=Pbmn7Tyt", "800x600": "https://cms.contentacms.io/sites/default/files/styles/800x600/public/boyFYUN8.png?itok=Pbmn7Tyt" } } } }

To do that, Consumer Image Styles adds an additional normalizer for the image files. This normalizer adds the meta section with the image style URLs.

Conclusion

We recommend having a strict separation between the back-end and the front-end in a decoupled architecture. However, there are some specific problems, like image styles, where the server needs to have some knowledge about the consumer. In these very few occasions the server should not implement special logic for any particular consumer. Instead, we should have the consumers add their configuration to the server.

The Consumers project will help you provide a unified way for app developers to include this information in the server. Consumer Image Styles and OAuth 2.0 are good examples where that is necessary, and examples on how to implement it.

Further Your Understanding

If you are interested in alternative ways to deal with image derivatives in a decoupled architecture. There are other alternatives that may incur extra costs, but still worth checking: Cloudinary, Akamai Image Converter, and Origami.

Hero Image by Sadman Sakib

Drupal Commerce: Beta release for Commerce Discount 7.x-1.0

Planet Drupal - 25. Oktober 2017 - 23:30

Commerce Discount improves Commerce 1.x by providing a custom entity type for managing Product and Order level discounts, including more complicated discounts like free shipping upgrades and BOGO offers. The module makes it easier for merchants to create promotions that would otherwise require the use of the Rules UI or even custom code, tasks that are similarly beyond the reach of most casual Drupal users.

Even as we've worked to improve the user experience even further in Commerce 2.x by making Promotions a core module, we continue to work to do to improve the experience for 1.x users. Today, after a month of focused contrib time at Commerce Guys team and review from end users like Thomas Jonas at the University of Minnesota, we're proud to announce the release of a long overdue beta version for the module.

Mediacurrent: DrupalCamp Atlanta 2017 Highlights

Planet Drupal - 25. Oktober 2017 - 22:32

It's official: the countdown to DrupalCamp Atlanta is on. In just two weeks (November 2 - November 4), Mediacurrent will proudly sponsor another great camp in Buckhead, the tech center of ATL. Known for being a top Drupal event in the southeast, DCATL isn't one to miss. It's not too late to register!

Bay Area Drupal Camp: BADCamp videos now available on the website!

Planet Drupal - 25. Oktober 2017 - 22:25
BADCamp videos now available on the website! Grace Lovelace Wed, 10/25/2017 - 1:25pm

Thank you! We had so much fun with all of you at BADCamp that we're already excited for next year!

Review what you learned and see what you missed!

Are there sessions you weren't able to attend at BADCamp this year? Or maybe you're back at work ready to apply what you learned and wishing you had better notes? Never fear! We took video of the slides from each presentation at BADCamp that includes audio from our expert speakers! Just visit our event schedule and click on the sessions you'd like to view. Videos are posted at the top of each session page. 

Share your feedback.

Please take a moment to let us know what you thought about BADCamp—it's just a few questions and will help us improve our future events.

Send Your Feedback

Join us at next year's BADCamp, October 24th through 27th, 2018! 

BADCamp Organizing Collective

Drupal Planet