Sicherheitslücken: Medizinische Geräte können gehackt werden

heise online Newsticker - 30. März 2018 - 9:00
Medizinische Geräte wie Herzschrittmacher oder Insulinpumpen können gehackt werden – auch wenn die Gefahr gering ist. Anfälliger ist eher die IT in Krankenhäusern, die ein Einfallstor für Hacker zu medizinischen Überwachungsgeräten sein kann.

Solarworld ist wieder pleite

heise online Newsticker - 30. März 2018 - 8:30
Schreckensbotschaft für die verbliebenen 600 Solarworld-Beschäftigten: Der Solarmodulhersteller ist acht Monate nach seinem Neustart schon wieder am Ende. Der Preisdruck aus China hat den Bonnern keine Chance gelassen.

Nate Haug: Site Upgraded to Backdrop 1.9.3

Planet Drupal - 30. März 2018 - 6:13
backdropDrupalSite News

Wow, has it really been over 3 years since Backdrop 1.0 came out? Quicksketch.org is now upgraded from Drupal 7 to Backdrop!

Despite having taken so long to get to it, the entire porting project (with a minor design refresh) still only took the span of 3 days. Though hourly it broke down to one plane ride and two days after work hours, around 12 hours total.

The initial upgrade took a few hours to get perfect. Backdrop updates from Drupal 7 via update.php, and while it worked right away, I had to make adjustments to my Drupal 7 site (such as upgrading Webform to the latest version) and then run the updates again. Updates coming from D7 to the current version of Backdrop still only take about 40 seconds for a small site like this. After upgrading, it took another 2 minutes to run the UTF8-MB4 update (allowing for emojis now ????).

The troubling thing though, is that it's still WAY too hard. 12 hours for a Drupal expert and Backdrop founder might be weeks for a typical developer.

Backdrop plans to maintain greater compatibility with previous versions, so I'm looking forward to this being the most difficult upgrade remaining. In order to even remotely compete with SaaS platforms, Backdrop needs to be a breeze to update. It's definitely a challenge, but one that Backdrop thus far has performed amazingly well. With nine feature-enhancing releases thus far and a complete upgrade path from D7 maintained through it all, the future for D7 users upgrading looks bright. ????

Hook 42: Hook 42 at Stanford Camp 2018

Planet Drupal - 30. März 2018 - 4:52

If DrupalCon is right around the corner, then Stanford Drupal Camp is right in front of us! We’re excited to spend a couple days almost in our own backyard at Stanford before heading to Nashville. 

We have a bunch of sessions lined up on a variety of subjects... from DevOps to decoupled Drupal, technical TLAs to development tips, and even a case study about a Stanford project. We’ve got something for everyone, so we hope to see you there!

Freelock : Drupalgeddon2: Should I worry about critical security updates?

Planet Drupal - 30. März 2018 - 2:00
Drupalgeddon2: Should I worry about critical security updates? John Locke Thu, 03/29/2018 - 18:00

No, you should not. You should let us worry about them, and go back to your business.

Seriously, we're getting questions from all kinds of people about whether this matters. I'm a bit surprised that there is any question about that. Would you be concerned if your top salesperson was selling for somebody else? If your cashiers were jotting down credit card numbers when they charged a card? If your office became a well-known spot for illicit drug or gun dealers? If your office had a bunch of scammers squatting and running a pyramid scheme? If your confidential client information could be revealed as easily as using a bic pen on an old Kryptonite lock?

Bic Pen vs Kryptonite Lock

We've seen some variation of every single one of those scenarios. And all of them are possible with a remote code execution flaw in a web application, like yesterday's Drupal security vulnerability.

And yet people still

Drupal Drupal Planet Security WordPress

Tandem's Drupal Blog: Migrating Drupal 7 Organic Groups to Drupal 8 Group

Planet Drupal - 30. März 2018 - 2:00
March 30, 2018 Migrating Drupal 7 Organic Groups to Drupal 8 Group takes a little bit of effort and migration elbow grease. Use Case for this Migration We are currently helping a university client migrate their intranet to Drupal 8. The intranet was built with Open Atrium in Drupal 7. Unfortunately there is no Open Atrium Drupal 8 version and ...

Autonome Autos: Waymo baut Elektroautos von Jaguar zu Robotaxis um

heise online Newsticker - 29. März 2018 - 22:00
Googles Roboauto-Tochter will ihren Fuhrpark erweitern. So will sie vielerorts einen Taxidienst anbieten können.

Drupal blog: Thanks to the Drupal Security Team for keeping us safe

Planet Drupal - 29. März 2018 - 20:06

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

We released new versions of Drupal 7 and Drupal 8 yesterday that fixed a highly critical security bug. All software has security bugs, and fortunately for Drupal, critical security bugs are rare. What matters is how you deal with security releases.

I have the utmost respect for how the Drupal Security Team manages a security release like this — from fixing the bug, testing the solution, providing advance notice, coordinating the release, to being available for press inquiries and more.

The amount of effort, care and dedication that the Drupal Security Team invests to keep Drupal secure is unparalleled, and makes Drupal's security best-in-class. Thank you!

Redfin Solutions: Getting Started with Herman: Living Style Guides and Pattern Libraries

Planet Drupal - 29. März 2018 - 19:55
Getting Started with Herman: Living Style Guides and Pattern Libraries

It all started with an innocent tweet:

https://twitter.com/mirisuzanne/status/948637526612324352

"Excited to announce our new open-source, Sass-driven pattern-library generator! Go design some systems!"

Chris March 29, 2018

Vor dem Börsengang: Hat Spotify das Zeug zum nächsten Netflix?

heise online Newsticker - 29. März 2018 - 19:00
Der Streamingdienst Spotify wächst, fährt dabei aber auch hohe Verluste ein. Nun geht das Unternehmen an die Börse und will es dem profitbalen Netflix gleichtun. Zumindest Zweifel sind angesagt, denn die Ausgangsposition von Spotify ist eine andere.

Texas Creative: Frosted Glass - HTML CSS TWEAKS

Planet Drupal - 29. März 2018 - 18:35

Creating a frosted glass effect using CSS is a better method than the old javascript hacks. Using CSS to create the frosted effect uses fewer resources from the site visitors computer by using the native browser rendering engine.

To test this just drag the frosted glass example in the top right of this page

Ok, without wasting much of your time I’m going to jump straight into it.

The main components used for a classic frosted glass effect are:

  • > The original content
  •  - - > The frosted glass container ( Exp. <div> )
  •  - - - - > Original content copy inside the glass container (the element that mimics the content on the page with a blur effect).

For a basic idea of how this works. Here is a simple example:

HTML structure:

Read More

#heiseshow, live ab 12 Uhr: Datenskandal um Cambridge Analytica – Was nun, Facebook?

heise online Newsticker - 29. März 2018 - 18:30
Der Skandal um 50 Millionen Facebook-Profile und ihren Einfluss auf die Wahl Donald Trumps zum Präsidenten entwickelt sich zum massiven Problem für das soziale Netzwerk. Warum das so ist und wie es nun weitergehen kann, besprechen wir in der #heiseshow.

Interne Untersuchung: FBI wollte Apple verfrüht zu iPhone-Entsperrung zwingen

heise online Newsticker - 29. März 2018 - 18:30
Die US-Bundespolizei hat einer Untersuchung zufolge nicht alle Optionen ausgeschöpft, das iPhone des Attentäters von San Bernardino zu entschlüsseln. Stattdessen wurde versucht, Apple zu zwingen, Schutzmechanismen in iOS außer Kraft zu setzen.

Tiangong 1: Chinesische Raumstation wird am Osterwochenende abstürzen

heise online Newsticker - 29. März 2018 - 18:30
Am 31. März oder am 1. April dürfte es so weit sein: Die chinesische Raumstation Tiangong 1 wird auf die Erde stürzen und dabei größtenteils verglühen. Einige Trümmer dürften dabei die Oberfläche erreichen. Die Gefahr für Menschen ist aber gering.

Kernel-Lücke Total Meltdown: Meltdown-Patch für Windows 7 verschlimmert die Lage dramatisch

heise online Newsticker - 29. März 2018 - 18:00
Sicherheitspatches gegen Meltdown haben eine neue, riesige Sicherheitslücke in Windows 7 aufgerissen. Am Patchday im März gab es das Gegenmittel.

Ferngesteuert fahren: Nur ein Zwischenschritt zum autonomen Auto?

heise online Newsticker - 29. März 2018 - 17:30
Bis autonome Autos völlig ohne menschliche Hilfe zurechtkommen, dürfte noch einige Zeit vergehen. Hersteller und Forscher interessieren sich deshalb zunehmend für einen wichtigen Schritt davor: Die Fernsteuerung.

Commerce Guys: Commerce Kickstart Covered for SA-CORE-2018-002

Planet Drupal - 29. März 2018 - 17:06

On March 21st 2018, the Drupal security team posted a public service announcement that Drupal core would be receiving a security release. The vulnerability affected Drupal 6, Drupal 7, all versions of Drupal 8, and Backdrop (a fork of Drupal during the rewrite to version 8.) On March 28th that security release landed, and the Drupal world went scrambling to apply updates. As maintainers of Commerce Kickstart we have to be conscious of Drupal core releases, especially security ones.

In preparation for the upcoming security release, we had patches ready to commit. Since there would be no other Drupal core releases before the security update, we could make our prepared changes ahead of time and push them once the releases landed. Within minutes of the security release dropping and the Git backend for drupal.org becoming available, the release tags were pushed.

For our Pantheon users, our first step was to merge in Pantheon’s Drupal 7 upstream and receive the Drupal core security fix. Once the packaging system of drupal.org built the Commerce Kickstart 2.53 release, we pushed that out as well.

All in all, by 3PM CDT the drupal.org releases for Commerce Kickstart 1.51 and 2.53 were out. We experienced some packaging issues due to a malicious attack hitting drupal.org during the security announcement and a backed up packaging queue. However, we monitored chat channels and communicated the process throughout.

Commerce Kickstart 1.51, 2.53 released. The @getpantheon upstream has been updated as well. GO AND GET YOUR SA-CORE-2018-002 FIXES NOW.

— Matt Glaman (@nmdmatt) March 28, 2018

Thanks to the Drupal Security and Infrastructure teams for handling this release and all the stress they endured.

Neue Nvidia-Profigrafikkarte Quadro GV100 bringt Raytracing in Echtzeit

heise online Newsticker - 29. März 2018 - 17:00
Raytracing für Workstations verspricht Nvidias Quadro GV100 Grafikkarte. Sie unterstützt Nvidia RTX-Raytracing und Microsoft DirectX Raytracing und lässt sich mit einer weiteren GV100-Grafikkarte kombinieren, um die Leistung zu verdoppeln.

Acro Media: Drupal Website Debugging and Site Performance

Planet Drupal - 29. März 2018 - 17:00

Debugging a website (Drupal or otherwise) can be challenging. In this video, I go through a recent situation I faced where a client had reported their Drupal Commerce site completely slowing down every hour or so. I'll discuss the process I followed to figure out the problem and get it fixed.

Here's a breakdown of what happened
  1. I first used New Relic to see where the slowdown was happening. It could be a database issue, a PHP issue, maybe an external service call, who knows? New Relic can help determine this and I was able to determine that it was a database load issue that I was facing.

  2. Then I checked the system logs. Every hour or so, there were a lot of database insertions happening on a number of tables. It seemed really out of place and initially I couldn't narrow down why. I checked the logs and found that system cron was running at the exactly same time as the slowdown. It was also running for a similar amount of time that the slowdown was taking place. Normally, system cron only takes 1-20 seconds, but here it was running for about 3 minutes!
  3. Now I can review cron's code to see what should be happening. I found that cron will generate a list of tables and flush out the expired cache. Generating the list is a very resource intensive process and on this particular site, the list being generated was very large and complicated. After the list is generated, it should get permanently cached in the database and therefor it doesn't become a resource issue later. However, for some reason it was being deleted every time. This ended up being the issue I needed to find out, what was deleting the list.

  4. Since I needed to determine why it was being deleted, I attached logging to the general function used for deleting cache. From here I was able to trace it back to Drush, but I still didn't understand why Drush would be deleting this list of tables. I had to dig further.

  5. Eventually, I discovered what was happening. It turned out that the version of Drush that was being used was doing a call to try and find the system logging. However, it couldn't find it and as a side effect it cleared the cached list that cron had generated. Cron, which ran every hour, then couldn't find the cached list and so need to build it again. It was a cycle that just kept repeating itself every hour. I now understood the problem!

  6. And now for the fix. I needed to know why Drush was doing this and if I could prevent it. I first looked around the Drush project issue queue on Drupal.og and talked to a Drush maintainer. I wanted to know if this was an issue others were also experiencing. It turns out that it WAS a known issue and that it was resolved in a later release! The version on the site that I was working on was a few major versions behind. I bought the site up to the latest release and the issue was fixed! Cron ran and took only about 5 seconds, the generated list of tables was being cached and staying cached, and Drush was not clearing it out.
A good debugging exercise

The bug ended up being one that was with Drush, and not the website. The result, through an odd chain of events, ended up bringing the clients site to a standstill nearly every hour. Now that it's resolved, I can look back and see that it was a good exercise in debugging. Even though I didn't need to build the fix myself, it still took a lot of time and understanding to arrive at the fix, and it was great to have it resolved. Hopefully, if you find this because of a similar issue, maybe I can save you a little bit of time.

We can help

If your experiencing issues with your Drupal Commerce website, the good news is that we can help! Contact us if you would like to discuss your options.

Related Links

Adobe killt Webdesign-Tool Muse – Fan startet Petition

heise online Newsticker - 29. März 2018 - 16:30
Muse CC hat sein letztes Update erhalten, Adobe will das Webdesign-Tool künftig nicht mehr weiterentwickeln. Eine Online-Petition fordert nun: Rettet Muse!