Bezahlen mit dem Smartphone: Sparkassen kündigen eigene App an

heise online Newsticker - 29. Juni 2018 - 10:30
Bei Googles Bezahlsystem Google Pay wollen die deutschen Sparkassen nicht mitmachen. Sie setzen wie die Volks- und Raiffeisenbanken auf eine eigene App.

US-Marktforscher: Jeder fünfte iPhone-Neukunde nutzte vorher Android

heise online Newsticker - 29. Juni 2018 - 10:30
Unter Android-Umsteigern ist der Anteil der iPhone-Plus-Käufer deutlich höher, ermittelten Marktforscher. Am iPhone X haben die Switcher weniger Interesse.

Datenleck bei FastBooking: Hacker klauen Daten von über 124.000 Hotelgästen

heise online Newsticker - 29. Juni 2018 - 10:30
Hacker haben Daten vom Server eines Booking-Providers kopiert. Die Firma schweigt zum Ausmaß – eine Hotelkette warnte derweil fast 125.000 betroffene Gäste.

Alexa unterm Fernseher: Mini-Soundbar Sonos Beam im Hands-On

heise online Newsticker - 29. Juni 2018 - 10:00
Die Sonos-Familie erhält Zuwachs: Der Beam soll als Mini-Soundbar den Kinoabend bestreiten und auch als Musikspieler taugen. Alexa ist auch mit von der Partie.

Japanische Raumsonde erreicht den Asteroiden Ryugu

heise online Newsticker - 29. Juni 2018 - 10:00
Foto aus nächster Nähe: Die Raumsonde "Hayabusa2" ist bei dem Asteroiden Ryugu angekommen. Für Überraschung sorgt dessen ungewöhnliche Form.

Fünf Jahre Haft für NSA-Whistleblowerin Reality Winner

heise online Newsticker - 29. Juni 2018 - 10:00
Die 26-jährige Sprachwissenschaftlerin Reality Winner hat sich für schuldig bekannt, die Sicherheit der USA mit einem Dokument aufs Spiel gesetzt zu haben.

Microsoft Azure AD: Anmeldung bald nur noch mit Multi-Faktor-Authentifizierung

heise online Newsticker - 29. Juni 2018 - 9:00
Künftig sollen sich Azure-Admins nicht mehr nur mit ihrem Passwort anmelden können. Neue Tools und Mechanismen sollen Passwörter schützen.

Urteil: Google muss Ein-Sterne-Bewertung löschen

heise online Newsticker - 29. Juni 2018 - 8:30
Ein Arzt klagte, weil ihn ein Unbekannter bei Google schlecht bewertet hatte. Das Landgericht Lübeck entschied nun: Google muss die negative Bewertung löschen.

Serverless Computing London: Jetzt anmelden

heise online Newsticker - 29. Juni 2018 - 8:00
Die Konferenz für Entwickler von Anwendungen im Cloud-Native-Umfeld findet im November in London statt.

Spam-Mail-Welle: Vorsicht vor gefälschten Mails mit Rechnungen

heise online Newsticker - 29. Juni 2018 - 8:00
Das LKA Niedersachsen hat unzählige vermeintliche Rechnungsmails mit Malware im Anhang beobachtet.

Tabakkonzern Philip Morris sieht sein Heil in E-Zigaretten

heise online Newsticker - 29. Juni 2018 - 7:30
Der Marlboro-Hersteller will sich von der klassischen Zigarette verabschieden – und setzt nun auf die angeblich gesünderen, elektronischen Varianten.

Windows 10: Sonder-Update behebt Netzwerk-Probleme

heise online Newsticker - 29. Juni 2018 - 7:30
Wer in den vergangenen Tagen Netzwerkprobleme mit Windows 10 hatte, darf Hoffnung haben. Ein neues Update aus Redmond verspricht Besserung.

Deep Video Portraits erlauben nahezu perfekte Fake-Videos

heise online Newsticker - 29. Juni 2018 - 7:00
Ein auf der Siggraph 2018 vorgestelltes Verfahren vertauscht Gesichter so überzeugend, dass die meisten Menschen Original und Fake nicht unterscheiden können.

Dries Buytaert: Design 4 Drupal: The future of JavaScript in Drupal

Planet Drupal - 29. Juni 2018 - 1:44

Today, I gave a keynote presentation at the 10th annual Design 4 Drupal conference at MIT. I talked about the past, present and future of JavaScript, and how this evolution reinforces Drupal's commitment to be API-first, not API-only. I also included behind-the-scene insights into the Drupal community's administration UI and JavaScript modernization initiative, and why this approach presents an exciting future for JavaScript in Drupal.

If you are interested in viewing my keynote, you can download a copy of my slides (256 MB).

Thank you to Design 4 Drupal for having me and happy 10th anniversary!

Angie "webchick" Byron: An update on Drupal 8.6 pre-feature freeze

Planet Drupal - 28. Juni 2018 - 22:52

Greetings, folks! As we head into feature freeze for Drupal 8.6 (the week of July 18), here's a run-down of the various initiatives, and a hit-list of what they're trying to accomplish in the next two weeks. Patch reviews, testing, design, docs, and many more skills are very welcomed!

A couple of caveats here:

1) This is my own personal best understanding of where this stuff is all at, based on reading issue comments, attending meetings, overhearing things from other people who attended meetings, catching the odd Slack snippet of conversation, carrier piegon, etc. And therefore may not be 100% accurate, or even 80% accurate — there's a lot going on! (please clarify in the comments if you see any errors/omissions)
2) Just because something is listed here, there is absolutely no guarantee that it gets reviewed + (truly) RTBCed + committed in time for feature freeze and makes it into 8.6. As you can see, there are lots of issues in the list below, and we're all doing our best to stay on top of them. Worst-case, there's always 8.7. :)
3) This post gets into nitty-gritty "technical audience" details; if you're interested in a more broad overview of initiatives and their aims for 8.6 and beyond, there's the strategic initiatives overview on Drupal.org. I was also recently on a Lullbabot podcast to that effect.

OK, here we go! These are listed in alphabetical order.

Admin UI & JavaScript Modernization

This initiative has some lofty goals indeed, to redesign Drupal's admin experience, and modernize the underlying JavaScript code in Drupal to meet modern standards/best practices. While there's a ton of work actively going on in these areas right now, most of the fruit won't bear until 8.7 or later. If you're planning/able to go, come join the sprint next week at Drupal Developer Days Lisbon!

For 8.6, one of the big accomplishments of this initiative was introducing Nightwatch.js testing framework to core, which allows us to test JavaScript code with (wait for it)... JavaScript (what a concept!). This will be critical in ensuring that the React-ified components work as expected, and our existing JavaScript-rich functionality continues to work solidly as we expand on dynamic functionality in the UI.

Here are the issues this team has surfaced as important for 8.6:

Make Nightwatch testing more generally useful
  • Add login/logout commands to nightwatch [#2973879]
  • Create nightwatch command to install modules [#2974619]
Fix long-standing issues in the JavaScript system

Seriously, check out the five-digit node IDs on these bad boys! :P

  • ajax.js insert command sometimes wraps content in a div, potentially producing invalid HTML and other bugs [#736066]
  • Provide a common API for displaying JavaScript messages [#77245]
Bring JS code up to modern standards
  • Use Prettier for formatting core JavaScript [#2978964]
API-First

This team's 8.6 goals are two-fold: 1) stabilizing and filling gaps in the existing REST API, and 2) attempting to add JSON API to core.

TONS of work has been going on in the JSON API contributed module queue to fix a number of outstanding issues to make it core-worthy. So even if this module doesn't make it in time for 8.6, the entire ecosystem will benefit throughout 8.6's lifecycle by using a much more robust and well-tested contributed module. Additionally, a long-standing gap of file upload support has been added. Huzzah!

For the remainder of 8.6, the team would like to focus on the following:

Unblockers to API-First in general
  • Add DateTimeNormalizer+TimestampNormalizer, deprecate TimestampItemNormalizer: @DataType-level normalizers are reusable by JSON API [#2926508]
  • @DataType=map cannot be normalized, affects @FieldType=link, @FieldType=map [#2895532]
Unblockers to REST
  • EntityResource should add _entity_access requirement to REST routes [#2869426]
  • PATCHing entities validates the entire entity, also unmodified fields, so unmodified fields can throw validation errors [#2821077]
Unblockers to JSON API

These are all issues in the JSON API contrib module, which help unblock "Add experimental JSON API module [#2843147]" for core.

  • [PP-1] Work around core's ill-designed @FieldType-level TimestampItemNormalizer normalization until #2926508 lands [#2929932]
  • JSON API indicates it supports POST/PATCH/DELETE of config entity types, but that's impossible [#2887313]
  • Needs Issue: Module name conflict between contrib/core (what happens when we bring a same-named contrib module to core that sites are actively using?)
  • [>=8.5] Remove JSON API's "file URL" field work-around now that Drupal core 8.5 fixed it [#2926463] - Fixed!
Automatic Updates / Composer in Core

These two initiatives overlap in that we're aiming to build the automatic update functionality around improving core's underlying Composer support.

The Composer team has compiled an excellent plan of attack for how to provide Composer support without jeopardizing the site builder experience. Most of that work will take place in 8.7.

However, one of the pre-requisites for Composer to work well, is adding semantic versioning support for contrib. Support for this would also be tremendously helpful to contrib module authors and site builders, regardless if they use Composer to manage their dependencies or not.

Unblockers to semver for contrib
  • Core version key in module's .info.yml doesn't respect core semantic versioning [#2313917]
  • Module version dependency in .info.yml is ineffective for patch releases [#2641658]
Configuration Management 2.0

This team spent most of the 8.6 cycle forming, brainstorming a list of blockers to configuration awesomeness, and prioritizing those efforts. The hope is for a roadmap to get published after the sprint next week at Drupal Developer Days Lisbon.

One major win in 8.6 is the ability to Allow a site-specific profile to be installed from existing config, which is part of the aim to Allow a site to be installed from existing configuration (basically, moving the capabilities of the Config Installer module into core.)

Unblockers of install from existing configuration
  • Install a site from config if the config directory is set in settings.php [#2980670]
Documentation

The Documentation initiative has a lot on the go right now, from designing a top-level landing page for the new docs system, to taking a holistic look at the existing docs and how to refactor the IA around them, and finally creating a repository around "quick start" guides. None of these have a particular deadline around 8.6, because they're happening independently of core.

On the core side, there's work being done on a new experimental module for overhauling the in-app help system and this work has an 8.6 deadline.

New topic-based core help system
  • Refactor using a plugin system [#2961552]
  • Add experimental module for Help Topics [#2920309]
Extended Security Support

For the plan around this initiative to happen, we need to make several adjustments to core's Update Status module, which currently makes several hard-coded assumptions about the last minor release of Drupal expiring immediately once a new minor release is available.

Update Status Improvements
  • If the next minor version of core has a security release, status still says "Security update required!" even if the site is on an equivalent, secure release already [#2804155]
  • Status report should indicate next minor release date (needs issue)
  • (other issues TBD)
Layout

The Layout team has been hard at work improving upon the experimental Layout Builder functionality that was added to 8.5. The main goal of the team for 8.6 is to gather real-world testing feedback from end users, which they are accomplishing by adding Layout Builder to a new branch of the Lightning distribution. Doing this has uncovered a few holes in the implementation relative to what's possible in contrib right now, and filling those gaps is the focus of the remaining 8.6 time for the team.

Layout Builder gaps
  • Allow the inline creation of non-reusable Custom Blocks in the layout builder [#2957425]
  • Add a validation constraint to check if an entity has a field [#2976356]
  • Determine if Layout Builder should replace entity_view_display for all Entity Types [#2936358]
  • No ability to control "extra fields" with Layout Builder [#2953656]
  • Allow Custom blocks to be set as non-reusable adding access restriction based on where it was used. [#2976334]
Integration with other subsysytems/modules
  • [PP-1] LayoutBuilderEntityViewDisplay::getRuntimeSections() does not delegate to plugins [#2976148]
  • Add EntityContextDefinition for the 80% use case [#2932462]
  • [meta] Decide how Layout Builder should function with Content Moderation and Workspaces modules [#2973382]
  • Layout Builder does not respect translations [#2946333]
  • Track Layout override revisions on entities which support revisioning [#2937199]
Media

Media has made tremendous strides in 8.6, including remote video support and a newly designed media library.

Next, we need to integrate that media library into the node form, and ideally allow people to add from there as well in a more streamlined fashion.

Blockers to media awesomeness
  • Create a field widget for the Media library module [#2962525]
  • (needs issue) Mark Media Library as beta
  • [PP-1] Allow media to be uploaded with the Media Library field widget [#2938116]
  • Any AJAX call disregards machine name verification when AJAX is used and leads to a fatal error [#2557299]
Migrate

The goal of this initiative for 8.6 is to stabilize the migration system which means marking the experimental Migrate Drupal + Migrate UI modules stable. This was also the goal for 8.5. What's making it tricky is multilingual migrations, which are themselves tricky because there are a multitude of ways one might have set up multilingual functionality prior to it being included in core in Drupal 8, which introduces lots of edge cases around making IDs line up and whatnot.

The team is taking a two-pronged approach here:

1) Attempt to close all of the remaining i18n-related issues.
2) Worst-case, split off multilingual migrations to an experimental module, so that the rest of the system that works for 80%+ of sites can be marked stable.

Make Migrate Stable
  • [policy, no patch] Mark Migrate Drupal as stable [#2905736]
  • [policy, no patch] Mark Migrate Drupal UI as stable [#2905491]
  • [META] Multilingual migrations meta issue [#2208401]
  • Experimental migrate_drupal_multilingual module [#2953360]
Out-of-the-Box

The Umami profile was committed (albeit marked hidden) in 8.5, and major efforts have been going on to remove all of the "beta blockers" preventing it from being visible in the UI. The last of these—Install profile in settings.php and mismatch check makes re-installs of Drupal hard [#2975328]—just landed earlier this week!

From here to 8.6, the team is working on stability and accessibility improvements.

Umami awesomesaceness
  • Un-hide Umami in 8.5 to vastly improve Drupal's evaluator experience [#2957464]
  • Improve Umami demo's support for managing field display settings [#2980029]
  • Improve Umami Demo's header layout and responsive behaviour [#2980528]
  • Umami missing some Media "plumbing" found in Standard profile [#2939594]
Workflow

Last, but certainly not least, is the Workflow initiative, which aims to add the Workspace contributed module to core in 8.6 to facilitate content staging and full-site previews. The module was already committed to 8.6 awhile back, but must be brought up to "beta" level stability to remain in the tagged + shipped release.

Because Workspaces can only stage content that's revisionable, there's also a parallel effort to add revision-ability to more types of data in Drupal core.

Blockers to Workspaces Stability
  • WI: Workspace module roadmap [#2732071]
  • Add workspace UI in top dialog [#2949991]
  • Remove the automatic entity update system [#2976035]
MOAR revisionable thingies
  • Convert taxonomy terms to be revisionable [#2880149]
  • Convert custom menu links to be revisionable [#2880152]
  • Convert comments to be revisionable [#2880154]
Anything else?

Whew! That's QUITE a lot. Are there any issues out there that we're missing that you feel are mission-critical to get into Drupal 8.6? Feel free to suggest them, with the caveat that the longer the list is, the more distributed the community's and core committers' focus is.

Thanks for reading!

Tags: drupaldrupal 8drupal 8.6product manager hat

WeKnow: Creating a Custom Ajax Command in Drupal 8

Planet Drupal - 28. Juni 2018 - 21:37
Creating a Custom Ajax Command in Drupal 8

Drupal 8 provides the option to include an Ajax Callback within our applications using the Ajax Framework. There are some existing functions which can be used: Methods to hide/show elements in the html document, attach content to an element, redirect a page after a submit, and so on. Sometimes we need to implement something particular, or a custom JS code. In that case, those out-of-the-box functions are not enough. Fortunately, we can also create our own custom responses. So, let’s start creating a new ajax callback for a custom form submission.

mcastillo Thu, 06/28/2018 - 19:37

Adblock Plus: Mit Künstlicher Intelligenz gegen Werbung

heise online Newsticker - 28. Juni 2018 - 18:00
Die Kölner Firma Eyeo testet eine neue Technik zum Blockieren von Werbung. Nutzer sollen die Algorithmen mit Facebook-Screenshots füttern.

985 MByte/s, 128 TByte: neue Spezifikation für schnellere SD-Karten

heise online Newsticker - 28. Juni 2018 - 17:30
Die SD Association hat die Version 7 des SD-Standards vorgestellt. Die Schnittstellengeschwindigkeit steigt auf 985 MByte/s, die Kapazität auf 128 TByte.

OPTASY: What Are Some Quick and Easy Ways to Secure Drupal? 7-Step Security Checklist

Planet Drupal - 28. Juni 2018 - 17:16
What Are Some Quick and Easy Ways to Secure Drupal? 7-Step Security Checklist adriana.cacoveanu Thu, 06/28/2018 - 15:16

You have patched your Drupal website, haven't you? If so, then that critical 3-month-old security flaw Drupalgeddon2 can't get exploited on your site. Even so, with the menace of a cryptocurrency mining attack still lurking around the unpatched websites, you legitimately ask yourself: what are some quick and easy ways to secure Drupal?

“Which are the most basic steps to take and the simplest best practices to adopt to harden my Drupal site's security myself?”

Aquila: Facebook stampft Internet-Drohnen ein

heise online Newsticker - 28. Juni 2018 - 17:00
Facebook wollte mit Aquila-Drohnen Internet in entlegene Gebiete bringen – mit durchwachsenem Erfolg. Nun will Facebook keine eigenen Drohnen mehr bauen.