GrayKey: iPhone-Entsperr-Tool knackt sechsstellige PIN in 11 Stunden

heise online Newsticker - 18. April 2018 - 16:00
Apples aktuelle iOS-Geräte enthalten laut Sicherheitsforschern eine Lücke, die sich mit einem relativ günstigen Gerät von Polizeibehörden oder Geheimdiensten ausnutzen lässt. Viel Zeit müssen die nicht mitbringen. Es gibt allerdings Abhilfe.

Python: Neue Repository-Software für PyPI ist fertig

heise online Newsticker - 18. April 2018 - 16:00
Ab sofort läuft der Python Package Index mit der frischen Warehouse-Software auf der neuen Adresse, und am 30. April erfolgt die Abschaltung der alten Codebasis. Außerdem ist eine neue Version des Paketverwaltungsprogramm pip erschienen.

Autoelektronik: Bosch baut 100-Millionen-Euro-Werk in Mexiko

heise online Newsticker - 18. April 2018 - 16:00
Bosch will in Mexiko ein neues Werk für Autoelektronikkomponenten bauen. Bedenken wegen möglicher Verschlechterungen beim Nordamerikanischen Freihandelsabkommen hat das Unternehmen nicht und setzt auf steigende Nachfrage.

Spielfiguren mit KI bringen sich selbst Kung-Fu bei

heise online Newsticker - 18. April 2018 - 15:30
Die computergenerierten Charaktere in Video-Spielen und Filmen mögen realitätsnah aussehen, sind aber kaum mehr als digitale Marionetten. Mit einem neuen Verfahren sollen sie eigenständiger werden.

Rundfunkkommission der Länder erhöht Spardruck auf ARD und ZDF

heise online Newsticker - 18. April 2018 - 15:30
Die öffentlich-rechtlichen Fernsehsender sollen weiter sparen, fordert die Rundfunkkommission der Länder. Doch ARD und ZDF wehren sich: Neue Einsparungen seien derzeit nicht realistisch, es müssten zunächst die vorgelegten Reformpläne umgesetzt werden.

Acquia Developer Center Blog: Experience Express in Nashville: Decoupled in the Spotlight at DrupalCon

Planet Drupal - 18. April 2018 - 15:23

As the weather heated up last week in Nashville and the city's eponymous hot chicken incinerated tongues left and right, something else was burning in the spotlight at DrupalCon Nashville: decoupled Drupal.

Tags: acquia drupal planet

InternetDevels: The Masquerade module: see your Drupal site through each user’s eyes!

Planet Drupal - 18. April 2018 - 15:10

Let us invite you to an exciting masquerade! Its mission is to check what each user can see or do on your website. Drupal has an awesomely flexible system of user roles and permissions, as well as opportunities for fine-grained user access. These are the keystones of Drupal security, smooth user experiences, and cool features. You can make the most out of them, and then test the result for different users with the help of the Masquerade module.

Read more

EU-Justizkommissarin Jourová für eine "schlaue Regulierung" von Facebook

heise online Newsticker - 18. April 2018 - 15:01
Angesichts des Datenskandals um Facebook spricht sich die EU-Justizkommissarin für eine Regulierung aus, die die Risiken herausfiltert, das Internet aber nicht weiter beeinflusst. Außerdem denke die Kommission über den Umgang mit Algorithmen nach.

Android fürs Internet der Dinge: Die APIs von Android Things sind fertig

heise online Newsticker - 18. April 2018 - 15:01
Der erste Release Candidate von Android Things bringt wenige Ergänzungen beim SDK, das nun als stabil gilt. Auch die Integration des Berechtigungsmodells in die Developer-Konsole bereitet auf das 1.0-Release vor.

TEN7 Blog's Drupal Posts: Episode 026: Chris Weber, Software Engineer

Planet Drupal - 18. April 2018 - 15:00
Chris Weber, software engineer at The Nerdery in Minneapolis, discusses his Drupal origins, as well as other related issues.

Lullabot: Decoupled Drupal Summit at DrupalCon Nashville

Planet Drupal - 18. April 2018 - 14:59

This first-ever Decoupled Summit at DrupalCon Nashville was a huge hit. Not only did it sell out but the room was packed to the gills, literally standing room only. Decoupled Drupal is a hot topic these days. The decoupled summit was an opportunity to look at the state of decoupled Drupal, analyze pros and cons of decoupling, and look at decoupling strategies and examples. There is lots of interest in decoupling, but there are still many hard problems to solve, and it isn’t the right solution for every situation. This summit was an opportunity to assess the state of best practices.

The summit was organized by Lullabot's Sally Young and Mediacurrent's Matt Davis, two of the innovators in this space.

What is “decoupled Drupal”? 

First, a quick explanation of what “decoupled Drupal” means, in case you haven’t caught the fever yet. Historically, Drupal is used to deliver all the components of a website, an approach that can be called “traditional,” “monolithic,” or “full stack” Drupal. In this scenario, Drupal provides the mechanism to create and store structured data, includes an editorial interface that allows editors to add and edit content and set configuration, and takes responsibility for creating the front-end markup that users see in their browsers. Drupal does it all.

“Decoupled”, or “headless” Drupal is where a site separates these website functions across multiple web frameworks and environments. That could mean managing data creation and storage in a traditional Drupal installation, but using React and Node.js to create the page markup. It could also mean using a React app as an editorial interface to a traditional Drupal site. 

Drupal tools and activity

Drupal core is enabling this activity through a couple of core initiatives:

Drupal and the Drupal community have numerous tools available to assist in creating a decoupled site:

  • Contenta, a pre-configured decoupled Drupal distribution.
  • Waterwheel, an emerging ecosystem of software development kits (SDKs) built by the Drupal community.
  • JSON API, an API that allows consumers to request exactly the data they need, rather than being limited to pre-configured REST endpoints.
  • GraphQL, another API that allows consumers to request only the data they want while combining multiple round-trip requests into one.

There’s lots of activity in headless CMSes. But the competitors are proprietary. Drupal and WordPress are the only end-to-end open source contenders. The others only open source the SDKs.

Highlights of the summit

The summit included several speakers, a business panel, and some demonstrations of decoupled applications. Participants brought up lots of interesting questions and observations. I jotted down several quotes, but it wasn't always possible to give attribution with such an open discussion, so my apologies in advance. Some general reflections from my notes:

Why decouple?
  • More and more sites are delivering content to multiple consumers, mobile apps, TV, etc. In this situation, the website can become just another consumer of the data.
  • It’s easier to find generalist JavaScript developers than expert Drupal developers. Decoupling is one way to ensure the front-end team doesn't have to know anything about Drupal.
  • If you have large teams, a decoupled site allows you to have a clean separation of duties, so the front and back end can work rapidly in parallel to build the site.
  • A modern JavaScript front-end can be fast—although several participants pointed out that a decoupled site is not automatically faster. You still need to pay attention to performance issues.
  • Content is expensive to create; decoupling is a way to re-use it, not just across platforms, but also from redesign to redesign.
  • You could launch a brand new design without making any changes to the back end, assuming you have a well-designed API (meaning an API that doesn't include any assumptions about what the front end looks like). As one participant said, “One day, React won't be cool anymore, we'll need to be ready for the next big thing.”
What are some of the complications?
  • It often or always costs more to decouple than to build a traditional site. There’s additional infrastructure, the need to create new solutions for things that traditional Drupal already does, and the fact that we’re still as a community figuring out the best practices.
  • If you only need a website, decoupling is a convoluted way to accomplish it. Decoupling makes sense when you are building an API to serve multiple consumers.
  • You don’t have to decouple to support other applications. Drupal can be a full-featured website, and also the source of APIs.
  • Some tasks are particularly tricky in a decoupled environment, like previewing content before publishing it. Although some participants pointed out that in a truly decoupled environment preview makes no sense anyway. “We have a bias that a node is a page, but that’s not true in a decoupled context. There is no concept of a page on a smartphone. Preview is complicated because of that.”
  • Many businesses have page-centric assumptions embedded deep into their content and processes. It might be difficult to shift to a model where editors create content that might be deployed in many different combinations and environments. One participant discussed a client that "used all the decoupled technology at their disposal to build a highly coupled CMS." On the other hand, some clients are pure Drupal top to bottom, but they have a good content model and are effectively already "decoupling" their content from its eventual display.
  • Another quote, “Clients trying to unify multiple properties have a special problem; they have to swallow that there will have to be a unified content model in order to decouple. Otherwise, you're building numerous decoupled systems.”
  • Once you are decoupled, you may not even know who is consuming the APIs or how they're being used. If you make changes, you may break things outside of your website. You need to be aware of the dependency you created by serving an API.
Speakers and Panelists

The following is a list of speakers and panelists. These are people and companies you could talk to if you have more questions about decoupling:

  • Sally Young (Lullabot)
  • Matt Davis (Mediacurrent)
  • Jeff Eaton (Lullabot)
  • Preston So (Acquia)
  • Matt Grill (Acquia)
  • Daniel Wehner (TES)
  • Wes Ruvalcaba (Lullabot)
  • Mateu Aguiló Bosch (Lullabot)
  • Suzi Arnold (Comcast)
  • Jason Oscar (Comcast)
  • Jeremy Dickens (
  • Nichole Davison (Edutopia)
  • Baddy Breidert (1xinternet)
  • Christoph Breidert (1xinternet)
  • Patrick Coffey (Four Kitchens)
  • Greg Amaroso (Softvision)
  • Eric Hestenes(Edutopia)
  • David Hwang (DocuSign)
  • Shellie Hutchens (Mediacurrent)
  • Karen Stevenson (Lullabot)

It was a worthwhile summit, I learned a lot, and I imagine others did as well. Several people mentioned that Decoupled Drupal Days will be taking place August 17-19, 2018 in New York City (there is a link to last year's event). The organizers say it will be “brutally honest, not a cheerleading session.” And they’re also looking for sponsors. I’d highly recommend marking those days on your calendar if you’re interested in this topic!

Netflix: Steigende Nutzerzahlen und hoher Gewinn

heise online Newsticker - 18. April 2018 - 14:00
Für den Streaming-Dienst Netflix läuft es rund. Die aktuellen Quartalszahlen bescheinigen dem US-Unternehmen einen fetten Gewinn bei steigenden Nutzerzahlen.

Android-Verteilung: Oreo 8.1 überholt Gingerbread

heise online Newsticker - 18. April 2018 - 14:00
Android 7 bleibt die stärkste Android-Version und am stärksten wächst der Anteil von Android Oreo. Wobei: Android 8.1 überholt so gerade mal das 2010 vorgestellte Android 2.2.3...

USA und Großbritannien warnen vor globaler russischer Cyberattacke

heise online Newsticker - 18. April 2018 - 14:00
Schon wieder Russland? Die USA und Großbritannien werfen Moskau vor, in großem Umfang Netzwerkinfrastrukturen zu infiltrieren. Ein Sprecher des Weißen Hauses spricht von einer "gewaltigen Waffe". Betroffen ist demnach einmal mehr Ciscos Smart Install.

Hacking Humanity: "Nur Maschinen können Maschinen regulieren"

heise online Newsticker - 18. April 2018 - 14:00
Ramzi Rizk, Mitgründer der Foto-Plattform EyeEm, hält technische Entwicklungen wie Künstliche Intelligenz für so komplex, dass der Mensch ihnen kein enges Regelkorsett vorschreiben sollte. Die letzte Verantwortung liege trotzdem bei den Programmierern.

Umsatzschwund bei kleinen stationären Einzelhändlern, Online-Handel weiter im Aufwind

heise online Newsticker - 18. April 2018 - 12:30
Keine guten Nachrichten für kleine stationäre Einzelhändler: Einer Branchenumfrage des Handelsverbands Deutschland zufolge rechnen sie 2018 mehrheitlich mit einem Umsatzrückgang. Der Online-Handel boomt dagegen.

Leistungssprung in der Akku-Technik: Silizium-Anoden für BMW-Elektroautos

heise online Newsticker - 18. April 2018 - 12:30
Materialforscher suchen intensiv nach Möglichkeiten, die Leistung von Akkus zu erhöhen. Mit als Erstes könnten Anoden auf der Basis spezieller Silizium-Partikel den Weg in die Praxis finden – unter anderem bei BMW.

Bitcoin-Fork: Online-Wallet-Inhaber gehen leer aus

heise online Newsticker - 18. April 2018 - 12:00
Beim kombinierten Hard-Fork von Bitcoin und Z-Classic zu Bitcoin Private bekamen Besitzer beider Währungen ihr aktuelles Guthaben als Bitcoin Private geschenkt. Wer jedoch sein Kryptogeld in Online-Wallets aufbewahrt, geht meist leer aus.

Werkstattberichte: Neues aus den Fablabs und der Makerszene

heise online Newsticker - 18. April 2018 - 12:00
Wo enstehen gerade neue Makerspaces, welche Termine stehen an und was ist sonst noch los in den Fablabs? Die Werkstattberichte dieses Mal mit Aktionstagen vom Arduino bis zu Nachhaltigkeit.

Neue Sicherheitsfunktionen für Intel-Prozessoren

heise online Newsticker - 18. April 2018 - 12:00
Threat Detection Technology spannt den integrierten Grafikprozessor in RAM-Scans ein, Security Essentials vereinheitlichen Schutzfunktionen verschiedener CPU-Familien.