Vaadin 10: Neue Plattform auf Basis von WebComponents

heise online Newsticker - 28. Juni 2018 - 8:00
Die Vaadin-Entwickler vollziehen einen großen Sprung, sowohl bei der Versionsnummer als auch vom GWT-Framework zur Plattform.

Google Pay startet in Deutschland: Bezahlen mit dem Android-Handy

heise online Newsticker - 28. Juni 2018 - 7:30
Mit dem Android-Handy im Supermarkt bezahlen: Das geht ab heute mit Google Pay in Deutschland. Bislang werden allerdings erst wenige Banken unterstützt.

myDropWizard.com: CiviCRM secrets for Drupalers: Fundraising Campaigns

Planet Drupal - 28. Juni 2018 - 6:38

We're Drupalers who only recently started digging deep into CiviCRM and we're finding some really cool things! This series of videos is meant to share those secrets with other Drupalers, in case they come across a project that could use them. :-)

In the screencast below, I'll show how how you can set-up a new Campaign in Roundearth's CiviCRM! The thing about campaigns is that until there is activity, there isn't much to see, but we have to start somewhere! So, here we setup a campaign.

Watch the screencast to see how to use a Campaign with Roundearth:

Video of CiviCRM secrets for Drupalers: Fundraising Campaigns

Some highlights from the video:

  • Set-up a new Campaign Type
  • Set-up a new Campaign
  • Send a Mailing attached to a Campaign!

Please leave a comment below!

Boom Library: Auf der Suche nach Geräuschen für Filme und Computerspiele

heise online Newsticker - 28. Juni 2018 - 6:30
Geräusche sorgen in Filmen und Computerspielen für die richtige Atmosphäre. Doch wo kommen die Sounds eigentlich her? Auch aus Mainz.

Mehr Power durch Quanten

heise online Newsticker - 28. Juni 2018 - 6:00
Mit Hilfe der Quantenthermodynamik wollen Forscher bisher als absolut geltende Grenzen der Physik überwinden – zumindest in der Mikrowelt.

myDropWizard.com: Drupal 6 security update for Generate Password!

Planet Drupal - 27. Juni 2018 - 21:06

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Less Critical security release for the Generate Password module to fix an Insecure Randomness vulnerability.

The Generate Password modules allows administrators to create a new user account without setting a password, allowing the system to automatically generate one. The module doesn't use a strong source of randomness, creating weak and predictable passwords.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch.

If you have a Drupal 6 site using the Generate Password module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Lullabot: The Hidden Costs of Decoupling

Planet Drupal - 27. Juni 2018 - 21:00

Note: This article was originally published on August 23, 2017. Following DrupalCon Nashville, we are republishing some of our key articles on decoupled or "headless" Drupal as the community as a whole continues to explore this approach further. Comments from the original will appear unmodified.

Decoupled Drupal has been well understood at a technical level for many years now. While the implementation details vary, most Drupal teams can handle working on decoupled projects. However, we’ve heard the following from many of our clients:

  1. We want a decoupled site. Why is this web project so expensive compared to sites I worked on in the past?
  2. Why do our decoupled projects seem so unpredictable?
  3. If we decide to invest in decoupled technologies, what can we expect in return?

Let’s dive into these questions.

Why Can Decoupled Sites Cost More?

Before getting too much into the details of decoupled versus full-stack, I like to ask stakeholders:

“What does your website need to do today that it didn't 5 years ago?”

Often, the answer is quite a lot! Live video, authenticated traffic, multiple mobile apps, and additional advertising deals all add to more requirements, more code, and more complexity. In many cases, the costs that are unique to decoupling are quite small compared to the costs imposed by the real business requirements.

However, I have worked on some projects where the shift to a decoupled architecture is fundamentally a technology shift to enable future improvements, but the initial build is very similar to the existing site. In those cases, there are some very specific costs of decoupled architectures.

Decoupling means forgoing Drupal functionality

Many contributed modules provide the pre-built functionality we rely on for Drupal site builds. For example, the Quickedit module enables in-place editing of content. In a decoupled architecture, prepare to rewrite this functionality. Website preview (or even authenticated viewing of content) has to be built into every front-end, instead of using the features we get for free with Drupal. Need UI localization? Content translation? Get ready for some custom code. Drupal has solved a lot of problems over the course of its evolution, so you don’t have to—unless you decouple.

Decoupling is shorthand for Service Oriented Architectures

For many organizations, a decoupled website is their first foray into Service Oriented Architectures. Most full-stack Drupal sites are a single application, with constrained integration points. In contrast, a decoupled Drupal site is best conceived of as a “content service,” accessed by many disparate consumers.

I’ve found that the “black-boxing” of a decoupled Drupal site is a common stumbling block for organizations and a driver behind the increased costs of decoupling. To properly abstract a system requires up-front systems design and development that doesn’t always fit within the time and budget constraints of a web project. Instead, internal details end up being encoded into the APIs Drupal exposes, or visual design is reflected in data structures, making future upgrades and redesigns much more expensive. Writing good APIs is hard! To do it well, you need a team who is capable of handling the responsibility—and those developers are harder to find and cost more.

Scalable systems and network effects

Once your team dives into decoupling Drupal, they are going to want to build more than just a single Drupal site and a single JavaScript application. For example, lullabot.com actually consists of five systems in production:

  1. Drupal for content management
  2. A CouchDB application to serve content over an API
  3. A second CouchDB application to support internal content preview
  4. A React app for the site front-end
  5. Disqus for commenting

Compared to the sites our clients need, lullabot.com is a simple site. In other words, as you build, expect to be building a web of systems, and not just a “decoupled” website. It’s possible to have a consumer request Drupal content directly, especially in Drupal 8, but expect your tech teams to push for smaller “micro” services as they get used to decoupling.

Building and testing a network of systems requires a lot of focus and discipline. For example, I’ve worked with APIs that expose internal traces of exceptions instead of returning something usable to API consumers. Writing that error handling code on the service is important, but takes time! Is your team going to have the bandwidth to focus on building a robust API, or are they going to be focusing on the front-end features your stakeholders prioritize?

I’ve also seen decoupled systems end up requiring a ton of human intervention in day-to-day use. For example, I’ve worked with systems where not only is an API account created manually, but manual configuration is required on the API end to work properly. The API consumer is supposed to be abstracted from these details, but in the end, simple API calls are tightly coupled to the behind-the-scenes configuration. A manual set up might be OK for small numbers of clients, but try setting up 30 new clients at once, and a bottleneck forms around a few overworked developers.

Another common mistake is not to allow API consumers to test their integrations in “production.” Think about Amazon’s web services—even if your application is working from a QA instance, as far as Amazon is concerned there are only production API calls available. Forcing other teams to use your QA or sandbox instance means that they won’t be testing with production constraints, and they will have production-only bugs. It’s more difficult to think about clients creating test content in production—but if the API doesn't have a good way to support that (such as with multiple accounts), then you’re missing a key set of functionality.

It’s also important to think about error conditions in a self-serve context. Any error returned by an API must make clear if the error is due to an error in the API, or the request made of the API. Server-side errors should be wired up to reporting and monitoring by the API team. I worked with one team where client-side errors triggered alerts and SMS notifications. This stopped the client-side QA team from doing any testing where users entered bad data beyond very specific cases. If the API had been built to validate inbound requests (instead of passing untrusted data through its whole application), this wouldn't have been a problem.

There's a lot to think about when it comes to decoupled Drupal sites, but it’s the only way to build decoupled architectures that are scalable and lead to faster development. Otherwise, decoupling is going to be more expensive and slower, leaving your stakeholders unsatisfied.

Why are decoupled projects unpredictable?

When clients are struggling with decoupled projects, we’ve often found it’s not due to the technology at all. Instead, poor team structure and discipline lead to communication breakdowns that are compounded by decoupled architectures.

The team must be strong developers and testers

Building decoupled sites means teams have to be self-driving in terms of automated testing, documentation, and REST best practices. QA team members need to be familiar with testing outside of the browser if they are going to test APIs. If any of these components are missing, then sprints will start to become unpredictable. The riskiest scenario is where these best practices are known, but ignored due to stakeholders prioritizing “features.” Unlike one-off, full-stack architectures, there is little room to ignore these foundational techniques. If they’re ignored, expect the team to be more and more consumed by technical debt and hacking code instead of solving the actual difficult business problems of your project.

The organizational culture must prioritize reliable systems over human interactions

The real value in decoupled architectures comes not in the technology, but in the effects on how teams interact with each other. Ask yourself: when a new team wants to consume an API, where do they get their information? Is it primarily from project managers and lead developers, or documentation and code examples? Is your team focused on providing “exactly perfect” APIs for individual consumers, or a single reusable API? Are you beholden to a single knowledge holder?

This is often a struggle for teams, as it significantly redefines the role of project managers. Instead of knowing the who of different systems the organization provides, it refocuses on the what - documentation, SDKs, and examples. Contacting a person and scheduling a meeting becomes a last resort, not a first step. Remember, there’s no value in decoupling Drupal if you’ve just coupled yourself to a lead developer on another team.

Hosting complexity

One of the most common technological reasons driving a decoupled project is a desire to use Node.js, React, or other JavaScript technologies. Of course, this brings in an entire parallel stack of infrastructure that a team needs to support, including:

  • HTTP servers
  • Databases
  • Deployment scripts
  • Testing and automation tools
  • Caching and other performance tools
  • Monitoring
  • Local development for all of the above

On the Drupal side, we’ve seen many clients want to host with an application-specific host like Acquia or Pantheon, but neither of those support running JavaScript server-side. JavaScript-oriented hosts likewise don’t support PHP or Drupal well or at all. It can lead to some messy and fragile infrastructure setups.

All of this means that it’s very difficult for a team to estimate how long it will take to build out such an infrastructure, and maintenance after a launch can be unpredictable as well. Having strong DevOps expertise on hand (and not outsourced) is critical here.

Decoupled often means “use a bunch of new Node.js / JavaScript frameworks”

While server-side JavaScript seems to be settling down towards maturity nicely, the JavaScript ecosystem for building websites is reinventing itself every six months. React of today is not the same React of 18 months ago, especially when you start considering some of the tertiary libraries that fill in the gaps you need to make a real application. That’s fine, especially if your project is expected to take less than 6 months! However, if your timeline is closer to 12-18 months, it can be frustrating to stakeholders to see a rework of components they thought were “done,” simply because some library is no longer supported.

What’s important here is to remember that this instability isn't due to decoupling—it’s due to front-end architecture decisions. There’s nothing that stops a team from building a decoupled front-end in PHP with Twig, as another Drupal site, or anything else.

If we invest in Decoupled Drupal, what’s the payoff?

It’s not all doom and decoupled gloom. I’ve recommended and enjoyed working on decoupled projects in the past, and I continue to recommend them in discoveries with clients. Before you start decoupling, you need to know what your goals are.

A JavaScript front-end?

If your only goal is to decouple Drupal so you can build a completely JavaScript-driven website front-end, then simply doing the work will give you what you want. Infrastructure and JavaScript framework churns are most common stumbling blocks and not much else. If your team makes mistakes in the content API, it’s not like you have dozens of apps relying on it. Decouple and be happy!

Faster development?

To have faster site development in a decoupled context, a team needs to have enough developers so they can be experts in an area. Sure, the best JavaScript developers can work with PHP and Drupal but are they the most efficient at it? If your team is small and a set of “full-stack” developers, decoupling is going to add abstraction that slows everything down. I’ve found teams need to have at least 3 full-time developers to get efficiency improvements from decoupling. If your team is this size or larger, you can significantly reduce the time to launch new features, assuming everyone understands and follows best development practices.

Multichannel publishing?

Many teams I’ve worked with have approached decoupled Drupal, not so much to use fancy JavaScript tools, but to “push” the website front-end to be equal to all other apps consuming the same content. This is especially important when your CMS is driving not just a website and a single app, but multiple apps such as set-top TV boxes, game consoles, and even apps developed completely externally.

With full-stack Drupal, it’s easy to create and show content that is impossible to view on mobile or set-tops apps. By decoupling the Drupal front-end, and using the same APIs as every other app, it forces CMS teams to develop with an API-first mentality. It puts all consumers on an equal playing field, simplifying the development effort in adding a new app or platform. That, on its own, might be a win for your organization.

Scaling large teams?

Most large Drupal sites, even enterprise sites, have somewhere between 5-10 active developers at a time. What if your team has the budget to grow to 30 or 50 developers?

In that case, decoupled Drupal is almost the only solution to keep individuals working smoothly. However, decoupled Drupal isn’t enough. Your team will need to completely adopt an SOA approach to building software. Otherwise, you’ll end up paying developers to build a feature that takes them months instead of days.

Decoupling with your eyes open

The most successful decoupled projects are those where everyone is on board—developers, QA, editorial, and stakeholders. It’s the attitude towards decoupling that can really push teams to the next level of capability. Decoupling is a technical architecture that doesn't work well when the business isn't buying in as well. It’s worth thinking about your competitors too—because if they are tech companies, odds are they are already investing in their teams and systems to fully embrace decoupling.

Drupal Association blog: Where your money goes - DrupalCI tests

Planet Drupal - 27. Juni 2018 - 18:52

During this month's membership campaign, we mention that the average cost of a DrupalCI core test is $0.24-$0.36. Every time a contribution to the Drupal project needs to be tested, DrupalCI spins up a testbot on AWS to test those changes. DrupalCI runs about 5,000 core tests, and 13,000 contrib tests in an average month.  

The test runs on Drupal.org are paid for by our generous partners and members. This is just one of the services provided by the Drupal Association as part of our commitment to maintain Drupal.org so you can focus on Drupal development and community building.

You can help sustain the work of the Drupal Association by joining as a member. Thank you!

Want to hear more about the work of the team? Check out the Drupal.org panel session recording at DrupalCon Nashville.

Microsoft will Bildungsoffensive für Kinder mit Behinderungen starten

heise online Newsticker - 27. Juni 2018 - 18:30
Kindern mit Behinderungen sollen einfacher Programmieren lernen. Microsoft will spezielle Lernangebote im Rahmen der "Code your Life"-Initiative entwickeln.

Drupal blog: Working together to promote Drupal

Planet Drupal - 27. Juni 2018 - 17:57

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

The Drupal community has done an amazing job organizing thousands of developers around the world. We've built collaboration tools and engineering processes to streamline how our community of developers work together to collectively build Drupal. This collaboration has led to amazing results. Today, more than 1 in 40 of the top one million websites use Drupal. It's inspiring to see how many organizations depend on Drupal to deliver their missions.

What is equally incredible is that historically, we haven't collaborated around the marketing of Drupal. Different organizations have marketed Drupal in their own way without central coordination or collaboration.

In my DrupalCon Nashville keynote, I shared that it's time to make a serious and focused effort to amplify Drupal success stories in the marketplace. Imagine what could happen if we enabled hundreds of marketers to collaborate on the promotion of Drupal, much like we have enabled thousands of developers to collaborate on the development of Drupal.

Accelerating Drupal adoption with business decision makers

To focus Drupal's marketing efforts, we launched the Promote Drupal Initiative. The goal of the Promote Drupal Initiative is to do what we do best: to work together to collectively grow Drupal. In this case, we want to collaborate to raise awareness with business and non-technical decision makers. We need to hone Drupal's strategic messaging, amplify success stories and public relation resources in the marketplace, provide agencies and community groups with sales and marketing tools, and improve the Drupal.org evaluator experience.

To make Promote Drupal sustainable, Rebecca Pilcher, Director of MarComm at the Drupal Association, will be leading the initiative. Rebecca will oversee volunteers with marketing and business skills that can help move these efforts forward.

Promote Drupal Fund: 75% to goal

At DrupalCon Nashville, we set a goal of fundraising $100,000 to support the Promote Drupal Initiative. These funds will help to secure staffing to backfill Rebecca's previous work (someone has to market DrupalCon!), produce critical marketing resources, and sponsor marketing sprints. The faster we reach this goal, the faster we can get to work.

I'm excited to announce that we have already reached 75% of our goal, thanks to many generous organizations and individuals around the world. I wanted to extend a big thank you to the following companies for contributing $1,000 or more to the Promote Drupal Initiative:

If you can, please help us reach our total goal of $100,000! By raising a final $25,000, we can build a program that will introduce Drupal to an emerging audience of business decision makers. Together, we can make a big impact on Drupal.

Acquia Developer Center Blog: Experience Express in Alicante: Analytics, Security, and Horizons at DrupalCamp Spain

Planet Drupal - 27. Juni 2018 - 17:10

Atop the Castle of Saint Barbara in Alicante, time sometimes seems to slow down, and words that once held grand meaning seem inadequate. I had a similar feeling both during and on the heels of DrupalCamp Spain, organized by the Spanish Drupal Association and held this year at Las Cigarreras cultural center in a seaside city that is one of the crown jewels of not only the Valencian Community but also of Spain.

Tags: acquia drupal planet

Kryptowährungen: Investitionen in Initial Coin Offerings bringen enorme Renditen

heise online Newsticker - 27. Juni 2018 - 17:00
Für manche sind ICOs kaum mehr als moderne Abzocke. Bislang aber ließ sich laut einer umfassenden Auswertung gutes Geld damit verdienen.

Anhörung zu neuem Flottenverbrauch im Bundestag – NGO-Experten warnen vor Lücken

heise online Newsticker - 27. Juni 2018 - 17:00
Anhörung im Bundestag: Welche Lücken in der CO2-Flottenregulierung für 2025 und 2030 könnte die Lobby nutzen, dass Autos 2030 mehr verbrauchen dürfen als 2021?

Ende der Grafikkarten-Ära: 8000 ASIC-Miner für Zcash, Bitcoin Gold & Co.

heise online Newsticker - 27. Juni 2018 - 16:30
Bitmain hat die ersten ASIC-Miner für Equihash ausgeliefert, Grafikkarten sind nun chancenlos. Das erleichtert Angriffe, wie sie auf Bitcoin Gold stattfanden.

Facebook: Daten von Europäern gingen wohl nicht an Cambridge Analytica

heise online Newsticker - 27. Juni 2018 - 16:00
Bei einer weiteren Anhörung im EU-Parlament hat ein Facebook-Manager bekräftigt, dass keine Daten von Nutzern aus Europa von dem Skandal betroffen sein dürften.

InternetDevels: InternetDevels at DrupalCamp Kyiv 2018: how it was

Planet Drupal - 27. Juni 2018 - 15:36

Dear reader, we would like to invite you to follow us. Where? On an exciting virtual journey to DrupalCamp Kyiv 2018! The 10th anniversary of drupalers’ meetup was amazing, and unusual moments added some spicy flavor to it. A mysterious bearded man in a pilot’s helmet, bikes on the speakers’ stage, the phantom of Drupal 9, and much more is coming right now. Ready? Follow us! ;)

Read more

Qualcomm Snapdragon 1000 für Notebooks mit Windows 10

heise online Newsticker - 27. Juni 2018 - 15:00
Noch sind Notebooks mit dem Snapdragon 850 nicht auf dem Markt, da schießen Spekulationen über einen Snapdragon 1000 ins Kraut.

Abgas-Skandal: VWs Milliarden-Bußgeld soll den Breitbandausbau fördern

heise online Newsticker - 27. Juni 2018 - 15:00
Die Entscheidung über die Verwendung der VW-Milliarde ist gefallen: Niedersachsen will schnelles Internet ausbauen und die Unikliniken unterstützen.

In eigener Sache: Nvidia-NDA als Maulkorb für Journalisten

heise online Newsticker - 27. Juni 2018 - 14:00
Nvidia verlangt vor der Übermittlung von Informationen zu künftigen Produkten die Unterzeichnung einer sehr weitgehenden Vertraulichkeitsvereinbarung.

Aufgepasst: Phishing-Mails schüren WannaCry-Panik

heise online Newsticker - 27. Juni 2018 - 14:00
Aktuell gehen E-Mails um, die behaupten, der Rechner des Empfängers sei mit einem Verschlüsselungstrojaner infiziert.