Previously we published 17 tips and trick for OpenLucius users which was well received by OpenLucius users, this sequel was inevitable.
The use of standard features in OpenLucius is usually readily apparent, for example: adding groups, members, tasks, messages, files, folders and book pages.
There are many useful functions in OpenLucius that make working in it more fun and easy, but are a little less obvious:
One of the key reasons that Drupal has been successful is because we always made big, forward-looking changes. As a result, Drupal is one of very few CMSes that has stayed relevant for 15+ years. The downside is that with every major release of Drupal, we've gone through a lot of pain adjusting to these changes. The learning curve and difficult upgrade path from one major version of Drupal to the next (e.g. from Drupal 7 to Drupal 8) has also held back Drupal's momentum. In an ideal world, we'd be able to innovate fast yet provide a smooth learning curve and upgrade path from Drupal 8 to Drupal 9. We believe we've found a way to do both!Upgrading from Drupal 8.2 to Drupal 8.3
Before we can talk about the upgrade path to Drupal 9, it's important to understand how we do releases in Drupal 8. With the release of Drupal 8, we moved Drupal core to use a continuous innovation model. Rather than having to wait for years to get new features, users now get sizeable advances in functionality every six months. Furthermore, we committed to providing a smooth upgrade for modules, themes, and distributions from one six-month release to the next.
This new approach is starting to work really well. With the 8.1 and 8.2 updates behind us and 8.3 close to release, we have added some stable improvements like BigPipe and a new status report page, as well as experimental improvements for outside-in, workflows, layouts, and more. We also plan to add important media improvements in 8.4.
Most importantly, upgrading from 8.2 to 8.3 for these new features is not much more complicated than simply updating for a bugfix or security release.Upgrading from Drupal 8 to Drupal 9
After a lot of discussion among the Drupal core committers and developers, and studying projects like Symfony, we believe that the advantages of Drupal's minor upgrade model (e.g. from Drupal 8.2 to Drupal 8.3) can be translated to major upgrades (e.g. from Drupal 8 to Drupal 9). We see a way to keep innovating while providing a smooth upgrade path and learning curve from Drupal 8 to Drupal 9.
Here is how we will accomplish this: we will continue to introduce new features and backwards-compatible changes in Drupal 8 releases. In the process, we sometimes have to deprecate the old systems. Instead of removing old systems, we will keep them in place and encourage module maintainers to update to the new systems. This means that modules and custom code will continue to work. The more we innovate, the more deprecated code there will be in Drupal 8. Over time, maintaining backwards compatibility will become increasingly complex. Eventually, we will reach a point where we simply have too much deprecated code in Drupal 8. At that point, we will choose to remove the deprecated systems and release that as Drupal 9.
This means that Drupal 9.0 should be almost identical to the last Drupal 8 release, minus the deprecated code. It means that when modules take advantage of the latest Drupal 8 APIs and avoid using deprecated code, they should work on Drupal 9. Updating from Drupal 8's latest version to Drupal 9.0.0 should be as easy as updating between minor versions of Drupal 8. It also means that Drupal 9 gives us a clean slate to start innovating more rapidly again.
Why would you upgrade to Drupal 9 then? For the great new features in 9.1. No more features will be added to Drupal 8 after Drupal 9.0. Instead, they will go into Drupal 9.1, 9.2, and so on.
To get the most out of this new approach, we need to make two more improvements. We need to change core so that the exact same module can work with Drupal 8 and 9 if the module developer uses the latest APIs. We also need to provide full data migration from Drupal 6, 7 and 8 to any future release. So long as we make these changes before Drupal 9 and contributed or custom modules take advantage of the latest Drupal 8 APIs, up-to-date sites and modules may just begin using 9.0.0 the day it is is released.What does this mean for Drupal 7 users?
If you are one of the more than a million sites successfully running on Drupal 7, you might only have one more big upgrade ahead of you.
If you are planning to migrate directly from Drupal 7 to Drupal 9, you should reconsider that approach. In this new model, it might be more beneficial to upgrade to Drupal 8. Once you’ve migrated your site to Drupal 8, subsequent upgrades will be much simpler.
We have more work to do to complete the Drupal 7 to Drupal 8 data migration, but the first Drupal 8 minor release that fully supports it could be 8.4.0, scheduled to be released in October 2017.What does this mean for Drupal developers?
If you are a module or theme developer, you can continually update to the latest APIs each minor release. Avoid using deprecated code and your module will be compatible with Drupal 9 the day Drupal 9 is released. We have plans to make it easy for developers to identify and update deprecated code.What does this mean for Drupal core contributors?
If you are a Drupal core contributor and want to introduce new improvements in Drupal core, Drupal 8 is the place to do it! With backwards compatibility layers, even pretty big changes are possible in Drupal 8.When will Drupal 9 will be released?
We don't know yet, but it shouldn't matter as much either. Innovative Drupal 8 releases will go out on schedule every six months and upgrading to Drupal 9 should become easy. I don't believe we will release Drupal 9 any time soon; we have plenty of features in the works for Drupal 8. Once we know more, we'll follow up with more details.Thank you
Congratulations to Ixis Developers Paul and Paul who passed the Acquia Certified Developer exam recently, and to Andy for passing the Zend Certified PHP Engineer exam.
Development Manager Paul Byrne said “Our developers taking the Acquia Certified Developer exam did so with little preparation (if you discount their combined Drupal experience of almost twenty years!). Taking the multiple-choice exam without ‘revision' time was a good exercise in determining whether our current skill levels were sufficient to be certified here and now. Both developers passed with high scores and are now considering the next tiers of Acquia certification”.
Not to be surpassed, Senior Developer Andy took the Zend Certified PHP Engineer qualification using part of his training budget and study time offered to Ixis employees. Andy locked himself in his local library for a week, away from scheduled projects and day-to-day responsibilities in order to focus and prepare for his exam. Andy emerged victorious and passed, stating “The study guide was a useful resource allowing me to concentrate efforts on subjects either unfamiliar or not commonly used at work”.
Comparing the two exams, one criticism emerged with Zend - Andy would have only received a Pass or Fail, and no feedback on which topics scored lowest. This would obviously be useful feedback for the continual improvement Ixis promotes. Conversely, the Acquia Certified Developer results were very transparent.
The Engineering Team provides support to many community members and everyone at the Association. Every day, the team helps people who are at different stages of the Drupal adoption journey. As part of our membership campaign, we're taking a close look at how the team makes an impact throughout this cycle through the work to support a few different Association programs.Industry Pages: convincing decision makers to adopt Drupal
The team played a key role in the Industry Pages project—from conception to execution. The industry pages help decision makers see how Drupal achieves the vision Dries' set forth when he described Drupal as the platform for ambitious digital experiences.
The first three industry pages for media and publishing, higher education, and government are now on Drupal.org. These pages tell stories of success with Drupal for three verticals with geo-targeted content to show our global audience the solutions that are most meaningful to them. We plan to learn from this project and to expand into new verticals. By highlighting what Drupal can do for you, and connecting decision makers to service providers and industry peers, the industry pages are a powerful tool for leading the way to wider adoption.Drupal Jobs: wider adoption leads to more career opportunities
The team is responsible for Drupal Jobs, the subsite dedicated to helping employers and job seekers connect for Drupal-related opportunities. Ever since Drupal Jobs launched in 2015, it has helped increase awareness of the Drupal project. As the pool of employers grows, so do the career opportunities. When more Drupal jobs are available, our ecosystem grows. Wider Drupal adoption becomes possible.DrupalCon: Events site brings us full circle
DrupalCon unites our global community and people who want to know more about the project. On the Events site, the engineering team supports everyone—event organizers who post content, speakers who submit sessions, and attendees who register using Drupal Commerce and CoD. With a great UX on con sites and fun theme implementation, we show users what Drupal can do for you.Around we go, thanks for coming along
As the adoption journey goes full circle and we see these efforts continue to help maintain and grow a strong ecosystem, we appreciate that you are coming along with us. To help sustain the work of the Drupal Association, join as a member. Thank you!
This year, the Business Summit is focusing on issues and challenges for organizations with 5 to 25 employees. You are invited to learn from and network with other Drupal company leadership for a day of candid discussion and knowledge sharing.
Usually I do a big rundown of Drupalcamp London, trying to tease out themes, talking about bigger pictures and patterns. This year, however:I spent much of the camp volunteering (which, incidentally, was an absolute lark—except once my sprained ankle swelled up), so I was sometimes room-monitoring and therefore not necessarily following my nose when it came to talks; and I've gone straight from the camp into a three-day onsite client meeting, meaning I can only spend so much time writing blogposts.
With both those limitations in mind, I'm afraid that this year you're just going to get a bullet-pointed list of thoughts I had during and since:
Two days back and I find myself still exhausted from an exhilarating DrupalCamp London 2017!
To me this felt like the best one so far, with a number of contributing factors - the new entrance and layout to the our host City University I believe was a major contributing factor with all but the keynotes on one subterranean floor which meant much less wandering from floor to floor between sessions and far more opportunities to chat with fellow attendees it being all in one space. Crowded at times for sure, but much better than spread over multiple areas - this is one thing I've learned about Drupal events, the more close together everything is the more interaction it creates.
With Drupal 8 development fully in swing and growing in functionality at a pace no previous versions experienced due to the adoption of semantic versioning (i.e. 8.1, 8.2 and 8.3 very close as we speak) there's also a lot to catch up on, and being from an OO background before my Drupal days I find the sessions far more interesting. Many of my camps of late I have spent in the sprint rooms or the BoF (Birds of a Feather) sessions, however this weekend I went to quite a few sessions which I'll provide summaries of below.Friday - CxO Day
Billed as an event primarily aimed at Drupal service providers I attended the first few CxO days however as the ticket price increased and as a veteran of many events I felt I knew most of the attendees already (I'm a networking junkie!) I had decided to skip last year's CxO Day and sprinted instead. This year though they had a much more affordable ticket price for freelancers and charitable foundations/NGOs (they may have had it previously too but I must've missed it) so I decided to attend as I thought the audience would also be a little more diverse with the new tickets. One of my current clients is an NGO, so thought it would be great to meet more as they do operate quite differently to for-profit businesses and it's good to understand where their needs differ.Organisational Stupidity
The day started off well with an inspiring session on the 'stupidity paradox' from City University Professor of Organisational Behaviour André Spicer where he outlined the trouble with organisations wanting to hire the best people but not providing the best environments for them to excel in. One of the examples he covered was the Ford Pinto issue they had where the petrol tank was badly placed and caused explosions. When it first happened an employee had a hunch there was something serious but due to peer pressure of other work colleagues saying did he really want to take it further up through all the management levels and so on, he had decided not to however of course it turned out there was and it caused untold amounts of mayhem.
Having been independent for the past 16 years I don't have much love for the corporate infrastructure so found these stories quite amusing and pondered what better ways there are to organise. I've been investigating cooperative infrastructures for the last few years and find they have many issues too, most seem to be around decision-making at scale. A third way - and the way Drupal works - is Commons-based Peer Production ('CBPP')where both individuals and organisations alike collaborate on products. This works well with the production of software, although does suffer from a few issues around influence however due to the openness of the framework the opportunity is there to make changes if you want to, and of course forking of projects as a last resort is always possible although not favoured, especially with a community the size of Drupal! CBPP is not perfect though, especially when it comes to issues around the 'Tragedy of the Commons' - something which I am trying to address by creating a 'Platform Coop' where community members can collaborate on initiatives and issues at a commercial level - hop on over to DrupalDynamics.com if you'd like to get involved.A tale of Drupal woes
We then moved on to the second session from Paul Reeves ('reevo') who took us through his Drupal journeys, focusing most on his time at mega-corp Viacom working on their various media sites, mostly the MTV UK ones. Paul seemed very nervous but I don't know why, he'd presented before at a CxO event and sure knows his Drupal stuff!
Paul detailed how over the years they had adapted Drupal for their needs and created a system they called 'NOAH' (Node Object Affinity Hub) as content they created went out to a number of different websites and systems, for example the text snippets of info you see appearing at the bottom of the screen when a song is playing.
When Paul presented previously in 2013 I asked whether they had collaborated with any industry peers on this functionality as to me it seemed something which was fairly generic and could be useful to others and of course would help share the workload of building and maintaining something of this size in terms of complexity and functionality. Paul said they hadn't but would like to - after all, it's Viacom/MTV's content that provides their competitive edge, not the code they use for their systems. Sony understood this years ago and that's why we have the Drupal Views module as they wanted functionality their non-technical people could use and decided to contribute the outcome back to the Drupal project, and views is now part of core as of Drupal 8.
Sadly it seems this sharing didn't happen and seems to be a major contributing factor as to why MTV UK and the other brands are now moving away from Drupal. I feel bad as I've said for many years we need to help people at the industry level to share more - it's only by sharing code that Drupal is what it is now, and to build and maintain such functionality as NOAH provided is not an easy task, especially with a team of four or five people as Paul had. Neither I or anyone else has successfully created a comfortable environment for sharing at the industry level yet. Acquia have their 'LSD - Large Scale Drupal' initiative however that's pretty closed so I don't know what goes on much there. There's also the Thunder Drupal distribution for publishers and a sprinkling of others including the interesting FarmOS however I do believe that with Drupal 8's more OO architecture and adoption of many tools to make distribution creation and maintenance easier such as composer, configuration management and continuous deployment, we have the opportunity to re-visit a re-address this area by creating more industry-specific distributions. Linux has various distributions, but Drupal's can be geared towards business functionality as that's where the value is with Drupal, it's built-in business experience from many years of real-world implementations as opposed to other systems where functionality is made in order to sell licence fees - most Drupal functionality is built because someone needed it.
I was a little disappointed as the session ended as I go to Drupal events to be uplifted about Drupal, not to be disappointed that we failed in a situation, and although it's good to present these retrospectives, perhaps it was the time slot being the first Drupal-related session and just after an inspirational session that made me feel like that. I also thought it wasn't a great intro to Drupal for anyone who had attended from 'outside' of the community, especially with the new tickets for charities and NGOs. I realise the event is billed for Drupal service providers, I do feel as it's on a Friday it's going to attract those interested in adopting Drupal and although the camp organisers said they'd changed the line-up due to feedback from previous years, the people providing the feedback aren't necessarily the 'customers' you want to follow the needs of 100% - a point which was covered in the next session.
When asked what he'd do differently if given the chance, Paul did point out collaboration as a key ingredient, as mentioned now we have better tooling hopefully we will be able to change these sorts of scenarios in the future. I still see a lot of duplication when it comes to areas like local councils - unfortunately the mix of business pressures in terms of competition and ability to sell hours of time, along with no independent bodies funding core Drupal initiatives it is not an easy nut to crack - again something I'm trying to address partially with DrupalDynamics - we will see. As economic pressures mount, hopefully the want to share and lower costs the idea will become more attractive to industries.What to build next?
The third and final session of the morning was by Ben Finn OBE, who gave a presentation on how he calculated which were the most important features to create for the music software that he created then sold for millions. I found much of the content very interesting, including the part I mentioned earlier with regards to who you listen to - often the loudest ones aren't the ones who actually make you money. I did find it a little hard to work out how to apply his methods of calculation to our Commons-based peer produced software where we are not selling licence fees - it is an entirely different minefield of a multitude of options and it would've been good to get his thoughts however I realise this is not his area of expertise. It did make me happy I'm no longer working in the proprietary software world and do have control over the features I want, although I left the session wondering what actual value the talk had to the Drupal world - I realise they wanted to make the talks more diverse, to me this was a little too diverse. Interesting nonetheless.A Trip Down Memory Lane
After eating the substantial lunch (food is *always* good at the CxO day!) I felt a little deflated and tired from the very early start so I decided to skip the afternoon and take a short walk down the road to Exmouth Market where I lived 17-odd years ago back in the dotcom days when I worked for a J2EE software company which basically did the same as Drupal but proprietary and in Java. We had the first modular web app software with modules covering content management, commerce and collaboration along with a web management interface where you could create your own content types... sounds familiar ;)
Exmouth Market is one of these little havens in the middle of a city which you wouldn't necessarily know but is a small community unto itself. I walked past my old flat (pictured, above the tattooist), which was next door to a blue plaque commemorating Joseph Grimaldi, the first 'clown' and visited my old local Cafe Kick, having a little giggle on the way at the sign next-door for 'Barber Streisand'. It was nice to see an old friend too as the Portuguese lady who runs the kitchen there is now approaching her 20th year of service. We remarked on how things had and hadn't changed, I sipped my drink, then went to check in at my hotel only to return to Cafe Kick later to meet up with my colleague so we could catch up on the next day's session we were running and on old times as although he lives in London it's been two years since we last met in person back at Drupal Developer Days Montpellier.
Happy hour at Cafe Kick is 4-7pm 7 days a week, so with £2.50 beers fun times ensued although I noticed a considerable difference in the clientele this time round with it mostly being students as opposed to city workers as it mostly was when I lived there, and the music was far more commercial then the cool tunes I had been used to in days of old - I'd discovered Manu Chao, St Germain and many others there!Saturday - The Main Event
After a disturbed night of sleep and a much needed Full English at the Thistle Barbican (the closest hotel to the venue, just a short 5 min walk - book on their site for a free breakfast!) the camp 'proper' kicked off with a keynote from Matt Glaman who works for CommerceGuys, creators of the awesome Commerce suite of modules and associated native e-commerce functionality for Drupal. I say awesome as, unlike some others, I believe native commerce is the way to go for Drupal so fully support their efforts - I prefer my clients to invest their budgets in virtualising their business models as opposed to continually paying for external integrations often into SAAS products which may change their APIs at any time or disappear off the face of the earth if their business model changes or doesn't work. Integrations may be more lucrative for the supplier but costly for the client in the long run - integrated is the way forward - IMHO of course and based on my previous experience with winning clients back in my J2EE days which not many also experienced so guess I see it from a different angle.
I was a little hesitant at first as this keynote was different than many others previous but I was extremely glad they did make this choice as Matt really hit the spot talking about his journey from delivering beer to delivering Drupal. Coding had been a hobby of his and something he didn't even think he could make a living out of, let alone one which enabled him to live anywhere he liked and travel the world in the process. It was a refreshing change from the 'normal' keynote we have at 'camps and 'cons and gave a really good insight into the Drupal community and how it can help people of all walks of life build a future doing something they enjoy. It's certainly helped me massively over the last thirteen years since I first encountered Drupal through the now-defunct ecademy.com business networking community which ran a heavily customised version of Drupal, and his talk provided a great intro to those who may have only just joined the community perhaps as part of their jobs. Too often people don't really understand the community and this was the perfect intro so a big thanks to all who made it happen, and of course to Matt for coming along and sharing his journey with us!The Future of Content and the Unknown Consumer
First session of the day for me was from Richard Jones whom I know well from the Drupal Brighton Group I'd set up many years ago when I first moved to Brighton. Richard always seems to be doing a talk somewhere on Drupal and has provided much support to the Brighton group over the years and I was interested to see his latest talk 'In Real Life'.
Richard covered the multitude of devices which now deliver content as opposed to just the website and how we can prepare and cope for these - mostly down to understanding that content is separate from design, something many from a print background need to understand more as you never know where or how your content is going to be consumed - by a talking box in your kitchen or as one interesting example he showed where a billboard in Piccadilly Circus showed a kid pointing at aeroplanes as they flew above, listing out the actual flight details as they went past, as seen in the video below:
Richard's talk was entertaining and informative, and anything which helps make people think twice and again about putting anything other than content in their content is a Good Thing in my books!The Empty BoF
In the coffee break between sessions I went along to a BoF session as it was entitled 'How we can help other projects' and being run by the organisers of the camp. As they had just become - and the first DrupalCamp to do so - a Premium Supporting Partner of the Drupal Association I thought I'd go along and see if they'd be able to help out with the DrupalDynamics Platform Coop I'm creating to support the community. There's many areas I'm going to need assistance with apart from just gathering members - all the operational sides of building a cooperative and advice on legal sides of things, and so on.
Sadly the BoF had been cancelled and removed from the whiteboard but not the website so I sat in an empty room for a while, but eventually caught up & understood with the hectic day it was just not possible to squeeze the BoF in too and we agreed to catch up in the future to chat about it.Change your life with Xdebug
Second session of the day for me was a practical session on getting Xdebug set up with Ed Crompton. Despite having spent many years previous to my Drupal days using debuggers, I've never managed to successfully get Xdebug working on my machine. I've been close many times but just didn't manage to get everything hooked together right so I was determined I wasn't going to leave the room until I did, not sure if Ed appreciated that but with his help and that of his colleague we finally figured it out so big thanks to Ed & co, now I don't have to keep all those variables in my head lol ;)More than a CMS: Native Drupal CRM & BPM
After lunch it was time for the session I had organised for my friends who've been building native CRM & BPM functionality in Drupal for 7 years now but have little coverage in the community for a number of reasons. They're not a VC-funded operation and although they've tried before to work closer with the community to incorporate their work they've been knocked back for various reasons unknown as what they've built could seriously place Drupal in a league of its own. Sure, Drupal provides content management functionality but it's a platform, and when it comes to CRM functionality it shines, especially with Views as they provide a great interface for creating reports. Again I guess I see many of the benefits due to my previous experience with integrated functionality - we used to win deals all the time as our competitors used to propose a number of different packages plus integration costs whereas we could provide a set of common modules and only charge for the business-specific functionality to be built on top, thus providing a complete 100% solution instead of having to maintain a number of different packages and relying on other people's business models for your core business model. The integrated approach IMHO is far better and enables clients to virtualise their core business models, then connect to any beneficial third party software as and when they so wish.
I believe Drupal trying to compete just in the CMS marketplace is not a winning formula in the long run and doesn't really market what Drupal does well, providing sovereignty over code and content, and a platform for functionality which is integral to the operation of today's web-based businesses. With integrated content management, commerce, and CRM/BPM, Drupal stands out in a league of its own. There are many far more polished CMS systems out there, but none which include the sort of functionality Drupal can provide organisations of all levels, and the more we support those integrated projects like the modules James and his team at FreelyGive have been working on, the better Drupal the product will become. That takes a bit of forward-thinking though, and many of the business people just go for what's already proven and easy to implement - to me that's never been the way Drupal the project works and as I'm in this for the long term I'm more than happy to provide what support I can to such efforts, hence organising this and a few previous sessions we've delivered.
Photo courtesy @wmortada
I provided a short introduction and James then gave his talk, which sadly had changed since I'd last seen it as he'd spend the previous day with his commercial manager (I had suggested his time would be better spent networking with the CxO attendees that day as many agencies were there who could be potential implementers but hey, I can only do my best to advise!) and to me seemed to be a bit OTT on the sales side saying how much money there is to be made providing this functionality to clients and not enough of the 'meat' of what it is they've actually built, with only a couple of screenshots at the end which, to be honest, aren't great as it's software developed by developers and lacks the more polished design of functionality that's out there in the community and being used by many people like many of the other CRM options there are in the Drupalsphere.
This was a shame as having now worked with James and his team on a number of commercial projects I've had nothing but amazing feedback from clients who much prefer the integrated nature as opposed to them having to fiddle around with often huge external CRM systems and not being able to get exactly the information they want, or having to go through often manual workflows of exporting data in CSVs, manipulating in spreadsheets then importing into other systems in order to gain the management insights they need. Instead with native CRM functionality the exact information you need is there, in realtime, when you need it, and Drupal's built-in functionality of content types, fields and views make it super-simple to customise to your exact requirements. They have implemented systems with over 200k contacts using this system and built an amazing event ticket system as many of their clients have particularly complicated needs where for example one person is in charge of organising the tickets and others pay deposits and so on. Due to the integrated nature those contacts who then later want to perhaps change their details can do so and the system will acquire the details and create full user accounts for them on the site.
In Drupal 7 they've had to do some pretty complicated code to create a 'userless user' but what they have built means you can build systems which simply cannot be created using the other CRM offerings as they all depend on a 'contact entity' as opposed to this system which uses the notion of a 'marker entity' which stores the data about contacts. James did detail a number of systems like this they've created, such as one where they have thousand of people camping and need to be able to organise which part of the camp people are going to be in based on a number of factors - a process which used to take two to three months which now only takes a couple of weeks with their system in place.
I've signed James up to do another talk on this at Drupal Developer Days Seville in a few weeks which as a previous attendee he knows is more developer-oriented so will bring out more of the 'meat' one would hope. I think I put it down to they're just really keen to get more people involved and it's hard to know how in the Free/Libre Open Source Software world without talking about how it can make them money. Drupal 8 will hopefully make things a lot easier as it provides a much easier architecture to work with, so they now have the Decoupled Auth project along with Contacts providing the base for their work. James has shared a google doc of the plans for a Drupal 8 MVP to make things more visible and easier to use for other community members so looks like it won't be long before things will move which is great.
Ever since I first met them a few years back when I recorded their Native Drupal CRM session at DrupalCamp Cambridge in 2012, then hosted their 36-hour BoF at our DrupalCamp Brighton I've been a big fan of their work - it's how Drupal should be built and is a shining example of the amazing things Drupal can achieve as a platform and so much more than just a CMS. Sadly it's not always the best technical solution that wins (I always cite the Atari Jaguar as an example of this - the first 64-bit games machine you've never heard of!) but the one which is marketed the most, the latter is where I've been trying to help, and hopefully my work with DrupalDynamics will also provide more support too in the long run.Native Drupal CRM BoF
The guys had booked a BoF session for the coffee break after the next session so I hung out with them for a debrief and although the feedback I had from a couple of people I knew was good, that's kinda what your friends are going to say. I guess the perfectionist in me is saying that - one person did turn up to the BoF, but of course it would've been nice to have a room full of people ;)
All in all I'm glad they did give the presentation - getting anything noticed in Drupal is not always an easy thing, especially when you're covering an area as big as CRM. It's also a continuous effort - you've got to keep at it and be present as much as possible. I've built a number of communities up over the years and it does take a huge amount of effort, but I believe it pays in the long term as the more people you have using your stuff, the better your product becomes and the more help you get.Freelancers BoF
To finish off the day I went to the Freelancers BoF Farez organised. These BoFs have become a regular thing and we generally discuss the same things but this time I took the opportunity to hand out sets of the profile cards I'd designed along with my awesome illustrator I met back in Brighton, Lucy Irving. I love her work and she seems to understand my ways of thinking, and more importantly puts up with my crazy rants (as you obviously do too if you've made it this far lol!) - I highly recommend her work if you need anything done!
I explained the four different characters and how they are associated with four different frequencies - Dynamo - Spring energy always asking the question 'What?' which I am, is all about the ideas, promoting other people's products and services, and good at starting things but not so good at finishing hence the need to work in flow with other profiles. Then there's Blaze - Summer energy who's all about connecting with people and is always asking the question 'Who?'. Tempo - Autumn energy and all about the 'When?' and 'Where?' and is concerned with the timing of things, very down to earth - total opposite of my Dynamo energy - my sense of timing is awful at best! Finally there's Steel - Winter energy and all about the system and the details.
I first discovered this system through ecademy.com which I mentioned previously was my first experience of a Drupal site where I met Roger Hamilton who has his system of 'Wealth Dynamics', essentially all based on the I Ching. There are numerous profiling tools out there, but this is the only one I've found which really lets people discover what their 'flow' is. For example, although I can code and have done for many years, I am definitely not the person you want sitting in your office all day coding. I thrive when I'm promoting other people's products and services, and whenever I do projects like this the result is always far greater than even I expect so that's why I'm continually working towards focusing on that as a business model, along with my 'core process' - another tool I discovered through my ecademy connections and came out as 'fostering connections', which totally described what I do both in terms of technology and people.
I believe this profiling is something essential to us being able to collaborate at scale with others around the world. When you work closely with people, perhaps even in the same office, in time you get to know what the person is like but with the disparate nature of our community we often don't get the chance to do that and this helps us discover quickly who we could be teaming up with in order to achieve results. Many in our community, especially freelancers, do *everything* whereas if we teamed up and stayed in our flow we could collaborate and be able to sustain our lifestyles without the usual thing that's happening that people end up giving up and going back to employment or long contracts because they can't survive on the feast and famine environment they create by trying to go it alone.
So anyway, I gave the cards out and explained about the DrupalDynamics project and how the previous incarnation worked well with matching skills tags (see this issue on GitLab for more background and forward thinking on that) and how we can promote our services and collaborate on products there but I'm not sure I managed to explain myself very well as people were still asking about how we could continue the conversations after the event - I guess we will see, I'm going to be continuing to build the system at pace now anyway! It happens at every freelancer BoF we have, also all the marketing meetings over the years. ATEOTD the *.drupal.org infrastructure is good for sharing code and is the reason Drupal is what it is today, but when it comes to collaborating at scale and having discussions of a less technical flavour it's really hard to get traction on there, so instead of just talking about it for years I'm going ahead and building it, but this time with a business model attached so I can sustain it!
If you want to find out your profile, register on the DrupalDynamics website and follow the one-time login link which will then show you a link to GeniusU where you can take a free test to find out which profile you are then paste your GeniusU profile link back into your DrupalDynamics link so we know which profile you are. The free test only takes a few minutes and I believe it can help anyone improve their life by knowing what their 'flow' is - many don't follow their flow as it doesn't seem like work when they do (like me typing now heh!). The GeniusU also has more products but you don't have to buy anything it's just I can't link the test up unless I pay loads of money which I haven't got for a partnership so I'm hoping in time we will have enough members to attract more interest from Roger's crew to build a partnership. These four profiles are only one part of the education, there's much more to it and I hope others will join me on my journey through it as I've learned a lot about how I'm going to build my legacy - I also think many of their members would benefit from Drupal systems so plenty of opportunities to be had on all counts! Their community reminds me much of Drupal - doing something good but often misunderstood, meets regularly offline and sits around tables collaborating on projects, and so on.
Finally on this topic I thought I'd explain why I decided to make these profiles a required field and thus a requirement. First, it's free so doesn't preclude anyone joining, and second to be honest I'm tired of trying to collaborate with people, wondering why things aren't moving as I had imagined, then finding out it's simply because I didn't know what frequency they are, for example a few days after I submitted the CRM session I finally managed to get James to do the test as he hadn't wanted to as I'm sure many others out there feel but seriously just do it. Turns out he's Steel energy and I watched Roger's video on 'Your Losing Formula' which I've embedded below where he says the last thing Steel wants to do is go out and meet everybody I just need to analyse everything! Also Steel is metal energy and chops down my Dynamo wood energy, so every time we brainstorm my ideas just get shot down every time. The worst thing about this is it's not personal - it's just the different energies, so whatever you think about this system just give it a go as I've as much belief in it as I have of Drupal and I've been in both communities for 13 years now but this is the first time I've brought them together. I've been to many Drupal events around the world and tried my hand at many different parts of Drupal wondering where I 'fit in' but it was only last year when I was looking back and realised this is where my life experiences fit in, bringing the WealthDynamics to Drupal, hence the name DrupalDynamics, so do join me on this journey of discovery!Sunday Sessions
After the big night out on Friday I didn't stay that long at the Saturday social so missed out on lots of singing and dancing I see, but was up bright and early for JAM's keynote. Jeffrey's a well recognised figure in the community having presented at seemingly every Drupal event there is so it's always good to see what his latest topic is about, this time it's diversification and raising the level of services you're providing clients. So not just talking about Drupal - in fact not necessarily mentioning Drupal at all - but the value you're providing for clients instead of just coding websites. He went through a number of examples like roomify.us which provides hotel booking systems all based on Drupal, and a QA tool probo.ci. The gist of the talk was to help raise what we talk about with clients so we're not just moving things around a page of a website which many can do, but focusing on what our specific areas of expertise are. It's the generic platform nature of Drupal and its ability to provide any number of solutions which enables us to do this, and fantastic as we are only on this earth once AFAIK so we might as well be the best we can. So thanks once again JAM for another interesting and inspiring talk, you rock the Drupalsphere!Configuration deployment in Drupal 8
Although I understand the concepts of the configuration management system, and indeed it's very similar to how we used to do things back in my Java days, I haven't used it that much yet in complicated scenarios so I went along to this session to find out more. Gabriele Maira took a great approach to splitting up the various use-cases of configuration and made sensible separations between different parts of configuration, for example often you'll want things on development but not in production, there's parts you don't want clients to be able to change, and so on. The slides for Configuration deployment in Drupal 8 are already online, however things are moving fast in this area as best practices are still being figured out so doesn't mention the new Configuration Filter module created recently as a result of Drupal MountainCamp, or another interesting effort by Andrew Larcombe - Environment Config, which both go to help the workflow in their own ways.Dependency Injection and Service Containers
Another session where I've used the functionality but don't feel I'm totally confident in it (although now I do!). When I was helping the Drupal Rules module upgrade some actions and conditions I learned a lot about dependency injection and a little about service containers so it was great to have a brush-up on these by Ashish Thakur, who gave a detailed walkthrough of the work he's been doing on this not only in Drupal 8 but also Drupal 7 as well - crazy stuff!
By far my most favourite part of Ashish's talk though was his introduction when he referenced the previous day's keynote and explained that he was from the mountains but now lives where he wants to near the beach, and it's Drupal that's enabled him to do that. Awesomesauce!Closing Keynote - Danese Cooper
After lunch the closing session was upon us where the organisers gave out some key stats like how much coffee we drunk, details of a £5k spend in the bar at the Saturday social, and the youngest attendee being only 5 months old!
Once the stats were done the final keynote was upon us and freshly flown-in from Frisco was Danese Cooper. I've had the pleasure of meeting Danese previously during my time back in 2012 as the first community-elected Director of the Drupal Association (if you're reading this before 18th March 2017 go vote in the latest round of the Drupal Association community elections now! when you've finished reading this!) and whilst I'm more of a fan of copyleft due to wanting to know what code is running inside of my body if I get implanted with tech in the future, I'm in total admiration of her stern work over the years moving the Open Source world forward.
A veteran of the Open Source industry, Danese presented an enlightening talk on the history of Open Source with a fleeting mention of the founder of the Free Software movement Richard Stallman, and asked us all to stop arguing about the difference between Free Software and Open Source as apparently it's all the same, upon which I was seemingly in a minority of one who didn't join in the round of applause from the audience. I'm not sure RMS would've joined either, and I do tend to agree that we all want to not confuse or alienate community members old new and forthcoming. With my love of copyleft licenses as I believe that's the way in which the organic world works where freedom is inferred as opposed to restricted if placed into other products ("here, you bee, you can take my honey but you other bee, no you can't") actually think my beliefs go further than the Free vs Open argument, something I call "organic software". That's a much nicer term, but a much longer conversation than this blog so I'll be ending it here and saving that can'o'worms for another lengthy post.Final Thoughts
Well if you've made it here then thanks for reading, I hope it's given you a little more insight into last weekend's proceedings and the things I'm working on at the moment, and I look forward to posting more updates soon!
Finally as always a massive thank you to all involved in organising, attending, speaking etc. at the weekend, your hard work is much appreciated and I look forward to catching up again next year, same time same place, right?!
Peace.Category Events Tags Drupal Planet DrupalCamp events Add new comment
This month we’ve made eight new eBooks available for Envato Tuts+ subscribers to download. Here’s a summary of those books and what you can learn from them.
Xamarin: Cross-Platform Mobile Application Development
Developing a mobile application for just one platform is becoming a thing of the past. Companies expect their apps to be supported on iOS, Android and Windows Phone, while leveraging the best native features on all three platforms. Xamarin's tools help ease this problem by giving developers a single toolset to target all three platforms. The main goal of this book is to equip you with knowledge to successfully analyze, develop, and manage Xamarin cross-platform projects using the most efficient, robust, and scalable implementation patterns.
Drupal 8 Theming With Twig
Asynchronous Android Programming: Second Edition
Asynchronous programming has acquired immense importance in Android programming, especially when we want to make use of the number of independent processing units (cores) available on the most recent Android devices. With this guide in your hands, you’ll be able to bring the power of asynchronous programming to your own projects, and make your Android apps more powerful than ever before!
Ionic Framework by Example
With Ionic, mobile development has never been so simple, so elegant and obvious. By helping developers to harness AngularJS and HTML5 for mobile development, it’s the perfect framework for anyone obsessed with performance, and anyone that understands just how important a great user experience really is. This book shows you how to get started with Ionic framework immediately. But it doesn’t just give you instructions and then expect you to follow them. Instead it demonstrates what Ionic is capable of through three practical projects you can follow and build yourself.
Sass and Compass Designer's Cookbook
Sass and Compass Designer's Cookbook helps you to get most out of CSS3 and harness its benefits to create engaging and receptive applications. This book will help you develop faster and reduce the maintenance time for your web development projects by using Sass and Compass. You will learn how to use with CSS frameworks such as Bootstrap and Foundation and understand how to use other libraries of pre-built mixins. You will also learn setting up a development environment with Gulp.
Android Sensor Programming by Example
Android phones available in today’s market have a wide variety of powerful and highly precise sensors. This book will give you the skills required to use sensors in your Android applications. It will walk you through all the fundamentals of sensors and will provide a thorough understanding of the Android Sensor Framework. By the end of the book, you will be well versed in the use of Android sensors and programming to build interactive applications.
The successor of Yii Framework 1.1, Yii2 is a complete rewrite of Yii Framework, one of the most popular PHP 5 frameworks for making modern web applications. This book has been written to enhance your skills and knowledge with Yii Framework 2. Starting with configuration and how to initialize new projects, you’ll learn how to configure, manage, and use every aspect of Yii2 from Gii, DAO, Query Builder, Active Record, and migrations, to asset manager. With this book by your side, you’ll have all the skills you need to quickly create rich modern web and console applications with Yii2.
Subscribe to Envato Tuts+ for access to our library of hundreds of eBooks. With a Yearly subscription, you can download up to five eBooks per month, while the Yearly Pro subscription gives you unlimited access.
You can also build on your newfound knowledge by using some of the fantastic code scripts and plugins on Envato Market.
This week: The Webform Module // Drupal 8 has more and more features available practically every day. Alongside module migrations and new projects, the Drupal community’s latest major release also offers new ways of solving common problems. Some functionality has moved to Drupal core and new modules have taken up the torch along the way. In this series, the Acquia Developer Center is profiling useful solutions--modules, themes, distros, and more--available for Drupal 8.Tags: acquia drupal planetwebformform buildersurveyYAML
Previously we have brought to your attention the main types of Drupal developers.
One of them is module developer. Today we are going to focus on the two main
types of modules, this type of developers is working on. Read further to know the
differences, the pros and cons of both to decide what modules to implement on your
This post is the first in a series about getting Drupal to run as a persistent server, responding to requests without bootstrapping each and every time.
This is how many other application frameworks and languages run: nodejs, Rails etc.
In those systems you start some instances of your application and then they do whatever bootstrapping they need to do and then they enter an endless loop waiting for requests.
I recently upgraded our internally hosted Redmine server to run on Ruby 2.3 and during that upgrade took a look at our NewRelic monitoring for the application. Some of the page requests had an average response time of 8ms. These were page requests for logged in users. That would be amazing performance for a Drupal page.
This weekend’s DrupalCamp London wasn’t my first Drupal event at all, I’ve been to 3 DrupalCon Europe, 4 DrupalCamp Dublin, and a few other DrupalCamps in Ireland and lots of meetups, but in this case I experienced a lot of ‘first times’ that I want to share.Sponsor perspective
This was the first time I’d attended a Drupal event representing a sponsor organisation, and as a result the way I experienced it was completely different.
Firstly, you focus more on your company’s goals, rather than your personal aims. In this case I was helping Capgemini UK to engage and recruit people for our open positions. This allowed me to socialise more and try to connect with people. We also had T-shirts so it was easier to attract people if you have something free for them. I was also able to have conversations with other sponsors to see why did they sponsor the event, some were also recruiting, but most of them were selling their solutions to prospective clients, Drupal developers and agencies.
The best of this experience was the people I found in other companies and the attendees approaching us for a T-shirt or a job opportunity.New member of Capgemini UK perspective
As a new joiner in the Capgemini UK Drupal team I attended this event when I wasn’t even a month old in the company, and I am glad I could attend this event at such short notice in my new position, I think this tells a lot about the focus on training and career development Capgemini has and how much they care about Drupal.
As a new employee of the company this event allowed me to meet more colleagues from different departments or teams and meet them in a non-working environment. Again the best of this experience was the people I met and the relations I made.New member of the local Drupal Community perspective
I joined Capgemini from Ireland, so I was also new to the London Drupal community, and the DrupalCamp gave me the opportunity to connect and create relationships with other members of the Drupal community. Of course they were busy organising this great event, but I was able to contact some of the members, and I have to say they were very friendly when I approached any of the crew or other local members attending the event. I am very happy to have met some friendly people and I am committed to help and volunteer my time in future events, so this was a very good starting point. And again the best were the people I met.Non-session perspective
As I had other duties I couldn’t attend all sessions. But I was able to attend some sessions and the Keynotes, with special mention to the Saturday keynote from Matt Glaman, it was very motivational and made me think anyone could evolve as a developer if they try and search the resources to get the knowledge. And the closing keynote from Danese Cooper was very inspirational as well about what Open Source is and what should be, and that we, the developers, have the power to make it happen. And we could also enjoy Malcom Young’s presentation about Code Reviews.Conclusion
Closing this article I would like to come back to the best part of the DrupalCamp for me this year, which was the people. They are always the best part of the social events. I was able to catch up with old friends from Ireland, engage with people considering a position at Capgemini and introduce myself to the London Drupal community, so overall I am very happy with this DrupalCamp London and I will be happy to return next year. In the meantime I will be attending some Drupal meetups and trying to get involve in the community, so don’t hesitate to contact me if you have any question or you need my help.
As part of our ongoing Drupal Commerce module walkthrough, I'm going to show you how to create custom Products. The Commerce Custom Products module allows the creation of custom line items on Products for customer input. Custom line items for Products are essential when the customer must define something about the Product that they're adding to the cart. A few examples of how you may use Commerce Customizable Products includes:
In the modern world of web / application development, using package managers to pull in dependencies has become a de-facto standard. In fact, if you are developing enterprise software and you aren’t leveraging package managers I would go as far to say that you are doing it wrong (I’ll elaborate on this point later in the post).Read more...
Voting is now open for the 2017 At-Large Board positions for the Drupal Association! If you haven't yet, check out the candidate profiles including their short videos found on the profile pages. Get to know your candidates, and then get ready vote.
How does voting work? Voting is open to all individuals who have a Drupal.org account by the time nominations open and who have logged in at least once in the past year.
To vote, you will rank candidates in order of your preference (1st, 2nd, 3rd, etc.). The results will be calculated using an "instant runoff" method. For an accessible explanation of how instant runoff vote tabulation works, see videos linked in this discussion.
Elections will be held from 6 March, 2017 through 18 March, 2017. During this period, you can review and comment on the candidate profiles.
Have questions? Please contact me: Megan Sanicki
Drupal Modules: The One Percent: Drupal Modules: The One Percent — Realistic Dummy Content (video tutorial)
Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll consider at Realistic Dummy Content, a module which rewrites node titles and replaces Devel's auto-generated placeholder images and profile pictures with freely licensed stock photos or portraits.
HTTPS Everywhere: Deep Dive Into Making the Switch
In the previous articles, HTTPS Everywhere: Security is Not Just for Banks and HTTPS Everywhere: Quick Start With CloudFlare, I talked about why it’s important to serve even small websites using the secure HTTPS protocol, and provided a quick and easy how-to for sites where you don’t control the server. This article is going to provide a deep dive into SSL terminology and options. Even if you are offloading the work to a service like Cloudflare, it’s good to understand what’s going on behind the scenes. And if you have more control over the server you’ll need a basic understanding of what you need to accomplish and how to go about it.
At a high level, there are a few steps required to set up a website to be served securely over HTTPS:
- Decide what type of certificate to use.
- Install a signed certificate on the server.
- Configure the server to use SSL.
- Review your site for mixed content and other validation issues.
- Redirect all traffic to HTTPS.
- Monitor the certificate expiration date and renew it when it expires.
Your options are dependent on the type of certificate you want and your level of control over the website. If you self-host, you have unlimited choices, but you’ll have to do the work yourself. If you are using a shared host service, you’ll have to see what SSL options your host offers and how they recommend setting it up. Another option is to set up SSL on a proxy service like the Cloudflare CDN, which stands between your website and the rest of the web.
I’m going to go through these steps in detail.Decide Which Certificate to Use
Every distinct domain needs certificates, so if you are serving content at www.example.com and blog.example.com, both domains need to be certified. Certificates are provided by a Certificate Authority (CA). There are numerous CAs that will sell you a certificate, including DigiCert, VeriSign, GlobalSign, and Comodo. There are also CAs that provide free SSL certificates, like LetsEncrypt.
Validation Levels There are several certificate validation levels available.
Domain Validation (DV) degree certificate indicates that the applicant has control over the specified DNS domain. DV certificates do not assure that any particular legal entity is connected to the certificate, even if the domain name may imply that. The name of the organization will not appear next to the lock in the browser since the controlling organization is not validated. DV certificates are relatively inexpensive, or even free. It’s a low level of authentication but provides assurance that the user is not on a spoofed copy of a legitimate site.
Organization Validation (OV) OV certificates verify that the applicant is a legitimate business. Before issuing the SSL certificate, the CA performs a rigorous validation procedure, including checking the applicant's business credentials (such as the Articles of Incorporation) and verifying the accuracy of its physical and Web addresses.
Extended Validation (EV) Extended Validation certificates are the newest type of certificate. They provide more validation than the OV validation level and adhere to industry-wide certification guidelines established by leading Web browser vendors and Certificate Authorities. To clarify the degree of validation, the name of the verified legal identity is displayed in the browser, in green, next to the lock. EV certificates are more expensive than DV or OV certificates because of the extra work they require from the CA. EV certificates convey more trust than the other alternatives, so are appropriate for financial and commerce sites, but they are useful on any site where trust is important.
In addition to the validation levels, there are several types of certificates available.
Single Domain Certificate An individual certificate is issued for a single domain. It can be either DV, OV or EV.
Wildcard Certificate A wildcard certificate will automatically secure any sub-domains that a business adds in the future. They also reduce the number of certificates that need to be tracked. A wildcard domain would be something like *.example.com, which would include www.example.com, blog.example.com, help.example.com, etc. Wildcards work only with DV and OV certificates. EV certificates cannot be provided as wildcard certificates, since every domain must be specifically identified in an EV certificate.
Multi-Domain Subject Alternative Name (SAN) A multi-domain SAN certificate secures multiple domain names on a single certificate. Unlike a wildcard certificate, the domain names can be totally unrelated. It can be used by services like Cloudflare that combine a number of domains into a single certificate. All domains are covered by the same certificate, so they have the same level of credentials. A SAN certificate is often used to provide multiple domains with DV level certification, but EV SAN certificates are also available.Install a Signed Certificate
The process of installing a SSL certificate is initiated on the server where the website is hosted by creating a 2048-bit RSA public/private key pair, then generating a Certificate Signing Request (CSR). The CSR is a block of encoded text that contains information that will be included in the certificate, like the organization name and location, along with the server’s public key. The CA then uses the CSR and the public key to create a signed SSL certificate, or a Certificate Chain. A certificate chain consists of multiple certificates where each certificate vouches for the next. This signed certificate or certificate chain is then installed on the original server. The public key is used to encrypt messages, and they can only be decrypted with the corresponding private key, making it possible for the user and the website to communicate privately with each other.
Obviously, this process is something that only works if you have shell access or a control panel UI to the server. If your site is hosted by a third party, it will be up to the host to determine, how, if at all, they will allow their hosted sites to be served over HTTPS. Most major hosts offer HTTPS, but specific instructions and procedures vary from host to host.
As an alternative, there are services, like Cloudflare, that provide HTTPS for any site, no matter where it is hosted. I discussed this in more detail in my previous article, HTTPS Everywhere: Quick Start With CloudFlare.Configure the Server to Use SSL
The next step is to make sure the website server is configured to use SSL. If a third party manages your servers, like a shared host or CDN, this is handled by the third party and you don’t need to do anything other than determine that it is being handled correctly. If you are managing your own server, you might find Mozilla's handy configuration generator and documentation about Server Side TLS useful.
One important consideration is that the server and its keys should be configured for PFS, an abbreviation for either Perfect Forward Security or Perfect Forward Secrecy. Prior to the implementation of PFS, an attacker could record encrypted traffic over time and store it. If they got access to the private key later, they could then decrypt all that historic data with the private key. Security around the private key might be relaxed once the certificate expires, so this is a genuine issue. PFS ensures that even if the private key gets disclosed later, it can’t be used to decrypt prior encrypted traffic. An example of why this is important is the Heartbleed bug, where PFS would have prevented some of the damage caused by Heartbleed. If you’re using a third-party service for SSL, be sure it uses PFS. Cloudflare does, for instance.
Normally SSL certificates have a one-to-one relationship to the IP address of their domains. Server Name Indication (SNI) is an extension of TLS that provides a way to manage multiple certificates on the same IP address. SNI-compatible browsers (most modern browsers are SNI-compatible) can communicate with the server to retrieve the correct certificate for the domain they are trying to reach, which allows multiple HTTPS sites to be served from a single IP address.
Test the server’s configuration with Qualys' handy SSL Server Test. You can use this test even on servers you don’t control! It will run a battery of tests and give the server a security score for any HTTPS domain.Review Your Site for HTTPS Problems
Once a certificate has been installed, it’s time to scrutinize the site to be sure it is totally valid using HTTPS. This is one of the most important, and potentially time-consuming, steps in switching a site to HTTPS.
To review your site for HTTPS validation, visit it by switching the HTTP in the address to HTTPS and scan the page source. Do this after a certificate has been installed, otherwise, the validation error from the lack of a certificate may prevent other validation errors from even appearing.
There used to be a recommendation to use protocol-relative links, such as //example.com instead of http://example.com, but now the recommendation is to just always use HTTPS, if available since a HTTPS resource works fine under either protocol.
Absolute internal links should not conflate HTTP and HTTPS references. Ideally, all internal links should be relative links anyway, so they will work correctly under either HTTP or HTTPS. There are lots of other benefits of relative links, and few reasons not to use them.
For the most part, stock Drupal websites already use relative links wherever possible. In Drupal, some common sources of mixed content problems include:
- Hard-coded HTTP links in custom block content.
- Hard-coded HTTP links added by content authors in body, text, and link fields.
- Hard-coded HTTP links in custom menu links.
- Hard-coded HTTP links in templates and template functions.
- Contributed modules that hard-code HTTP links in templates or theme functions.
Once you’ve assured yourself that your website passes SSL validation, it’s time to be sure that all traffic goes over HTTPS instead of HTTP. You need 301 redirects from your HTTP pages to HTTPS, especially when switching from HTTP to HTTPS. If a website was already in production on HTTP, search engines have already indexed your pages. The 301 redirect ensures that search engines understand the new pages are a replacement for the old pages.
If you haven’t already, you need to determine whether you prefer the bare domain or the www version, example.com vs www.example.com. You should already be redirecting traffic away from one to the other for good SEO. When you include the HTTP and HTTPS protocols, at a minimum you will have four potential addresses to consider: http://example.com, https://example.com, https://example.com, and https://www.example.com. One of those should survive as your preferred address. You’ll need to set up redirects to reroute traffic away from all the others to that preferred location.
Specific details about how to handle redirects on the website server will vary depending on the operating system and configuration on the server. Shared hosts like Acquia Cloud and Pantheon provide detailed HTTPS redirection instructions that work on their specific configurations. Those instructions could provide useful clues to someone configuring a self-hosted website server as well.HTTP Strict Transport Security (HSTS)
The final level of assurance that all traffic uses HTTPS is to implement the HTTP Strict Transport Security (HSTS) header on the secured site. The HSTS header creates a browser policy to always use HTTPS for the specified domain. Redirects are good, but there is still the potential for a Man-in-the-Middle to intercept the HTTP communication before it gets redirected to HTTPS. With HSTS, after the first communication with a domain, that browser will always initiate communication with HTTPS. The HSTS header contains a max-age when the policy expires, but the max-age is reset every time the user visits the domain. The policy will never expire if the user visits the site regularly, only if they fail to visit within the max-age period.
If you’re using Cloudflare’s SSL, as in my previous article, you can set the HSTS header in Cloudflare’s dashboard. It’s a configuration setting under the “Crypto” tab.Local, Dev, and Stage Environments
A final consideration is whether or not to use HTTPS on all environments, including local, dev, and stage environments. That is truly HTTPS everywhere! If the live site uses HTTPS, it makes sense to use HTTPS in all environments for consistency.HTTPS Is Important
Hopefully, this series of articles provides convincing evidence that it's important for sites of all sizes to start using the HTTPS protocol, and some ideas of how to make that happen. HTTPS Everywhere is a worthy initiative!