Posts Tagged:drupal site

rfp-robotRFP ROBOT: Website Request for Proposal Generator

The time has come for a new website (or website redesign), which means you need to write a website request for proposal or web RFP. A Google search produces a few examples, but they vary wildly and don’t seem to speak really to your goals for developing or redesigning a new website. You need to write a website RFP that will clearly articulate your needs and generate responses from the best website designers and developers out there. But how?

Have no fear, RFP Robot is here. He will walk you through a step-by-step process to help you work through the details of your project and create a PDF formatted website design RFP that will provide the information vendors need to write an accurate bid. RFP Robot will tell you what info you should include, point out pitfalls, and give examples.


We made Drupal a lot easier to evaluate

Seven months ago, Matthew Grasmick published an article describing how hard it is to install Drupal. His article included the following measurements for creating a new application on his local machine, across four different PHP frameworks: Platform Clicks Time Drupal 20+ 15:00+ Symfony 3 1:55 WordPress 7 7:51 Laravel 3 17:28 The results from Matthew’s blog were clear: Drupal is too hard to install. It required more than 15 minutes and 20 clicks to create a simple site. Seeing these results prompted me to launch a number of initiatives to improve the evaluator experience at DrupalCon Nashville. Here is the slide from my DrupalCon Nashville presentation: A lot has happened between then and now: We improved the download page to improve the discovery experience on drupal.org We added an Evaluator Guide to Drupal.org We added a quick-start command to Drupal 8.6 We added the Umami demo profile to Drupal 8.6…

Read More →

Extended security coverage for Drupal 8 minor releases

Since the launch of Drupal 8.0, we have successfully launched a new minor release on schedule every six months. I’m very proud of the community for this achievement. Prior to Drupal 8, most significant new features were only added in major releases like Drupal 6 or Drupal 7. Thanks to our new release cadence we now consistently and predictably ship great new features twice a year in minor releases (e.g. Drupal 8.6 comes with many new features). However, only the most recent minor release has been actively supported for both bug fixes and security coverage. With the release of each new minor version, we gave a one-month window to upgrade to the new minor. In order to give site owners time to upgrade, we would not disclose security issues with the previous minor release during that one-month window. Illustration of the security policy since the launch of Drupal 8.0 for…

Read More →

Drupal 8.6.0 released

Last night, we shipped Drupal 8.6.0! I firmly believe this is the most significant Drupal 8 release to date. It is significant because we made a lot of progress on all twelve of Drupal 8 core’s strategic initiatives. As a result, Drupal 8.6 delivers a large number of improvements for content authors, evaluators, site builders and developers. What is new for content authors? For content authors, Drupal 8.6 adds support for “remote media types”. This means you can now easily embed YouTube or Vimeo videos in your content. The Media Library in Drupal 8.6Content authors want Drupal to be easy to use. We made incredible progress on a variety of features that will help to achieve that: we’ve delivered an experimental media library, added the Workspaces module as experimental, providing sophisticated content staging capabilities, and made great strides on the upcoming Layout Builder. The Layout Builder is shaping up to…

Read More →

Drupal 8.6.0 released

Last night, we shipped Drupal 8.6.0! I firmly believe this is the most significant Drupal 8 release to date. It is significant because we made a lot of progress on all twelve of Drupal 8 core’s strategic initiatives. As a result, Drupal 8.6 delivers a large number of improvements for content authors, evaluators, site builders and developers. What is new for content authors? For content authors, Drupal 8.6 adds support for “remote media types”. This means you can now easily embed YouTube or Vimeo videos in your content. The Media Library in Drupal 8.6Content authors want Drupal to be easy to use. We made incredible progress on a variety of features that will help to achieve that: we’ve delivered an experimental media library, added the Workspaces module as experimental, providing sophisticated content staging capabilities, and made great strides on the upcoming Layout Builder. The Layout Builder is shaping up to…

Read More →

5-Day Drupal 8 Training – Toronto

Start:  2018-10-01 09:00 – 2018-10-05 16:30 America/Toronto Organizers:  Meyzi Event type:  Training (free or commercial) https://evolvingweb.ca/training/5-day-drupal-8-training Learn how to build a website with Drupal from top to bottom. This week-long Drupal class is divided into three parts: site building, theming, and module development. You can register for all five days, or just the days of interest to you. Day 1: Drupal 8 Site Building & Architecture This course will give participants a thorough understanding of the Drupal site building process. You’ll get hands-on experience creating an information architecture for Drupal, and implementing advanced features with Drupal core and contributed modules. Planning and implementing content types Techniques for organizing content with Views Building layouts with configuration Structuring content with Paragraphs Setting up landing pages Selecting and installing contributed modules Site maintenance best practices Pre-launch checklist Days 2-3: Drupal 8 Theming You’ll learn how to build a responsive Drupal theme to customize…

Read More →

How Drupal continues to evolve towards an API-first platform

It’s been 12 months since my last progress report on Drupal core’s API-first initiative. Over the past year, we’ve made a lot of important progress, so I wanted to provide another update. Two and a half years ago, we shipped Drupal 8.0 with a built-in REST API. It marked the start of Drupal’s evolution to an API-first platform. Since then, each of the five new releases of Drupal 8 introduced significant web service API improvements. While I was an early advocate for adding web services to Drupal 8 five years ago, I’m even more certain about it today. Important market trends endorse this strategy, including integration with other technology solutions, the proliferation of new devices and digital channels, the growing adoption of JavaScript frameworks, and more. In fact, I believe that this functionality is so crucial to the success of Drupal, that for several years now, Acquia has sponsored one…

Read More →

An Update on Drupal's Evolution Towards an API-first Platform

When Drupal 8.0 was released two and a half years ago, with a built-in REST API, it signaled the start of Drupal’s evolution to an API-first platform. Since then, each of the five new releases of Drupal 8 introduced significant web service API improvements. Drupal 8.6, shipping in September, will also have a new bunch of API improvements. Recently Dries Buytaert, founder and project lead of Drupal (and co-founder, Chief Technology Officer, and Chairman of the Board of Acquia), published an update on Drupal’s continuing evolution towards an API-first platform. Definitely worth a read. Among the milestones, recent and forthcoming: A Drupal 8.6 improvement: the move of the API-first code to the individual modules, instead of the REST module providing it on their behalf. In the long term, all Drupal modules should ship with web service APIs rather than depending on a central API module to provide their APIs —…

Read More →

A plan for Drupal and Composer

At DrupalCon Nashville, we launched a strategic initiative to improve support for Composer in Drupal 8. To learn more, you can watch the recording of my DrupalCon Nashville keynote or read the Composer Initiative issue on Drupal.org. While Composer isn’t required when using Drupal core, many Drupal site builders use it as the preferred way of assembling websites (myself included). A growing number of contributed modules also require the use of Composer, which increases the need to make Composer easier to use with Drupal. The first step of the Composer Initiative was to develop a plan to simplify Drupal’s Composer experience. Since DrupalCon Nashville, Mixologic, Mile23, Bojanz, Webflo, and other Drupal community members have worked on this plan. I was excited to see that last week, they shared their proposal. The first phase of the proposal is focused on a series of changes in the main Drupal core repository. The…

Read More →

Virtual reality on campus with Drupal

One of the most stressful experiences for students is the process of choosing the right university. Researching various colleges and universities can be overwhelming, especially when students don’t have the luxury of visiting different campuses in person. At Acquia Labs, we wanted to remove some of the complexity and stress from this process, by making campus tours more accessible through virtual reality. During my presentation at Acquia Engage Europe yesterday, I shared how organizations can use virtual reality to build cross-channel experiences. People that attended Acquia Engage Europe asked if they could have a copy of my video, so I decided to share it on my blog. The demo video below features a high school student, Jordan, who is interested in learning more about Massachusetts State University (a fictional university). From the comfort of his couch, Jordan is able to take a virtual tour directly from the university’s website. After…

Read More →

Decoupling Drupal 8 with JSON API

In a previous installment of Experience Express, we explored how effective core REST out of the box can be for the purposes of consuming content retrieved from Drupal and manipulating said data as well. Furthermore, with the help of Views, any content listing can be easily converted into an API resource. As these features indicate, Drupal 8 is a powerful web services provider that can expose content to any consumer application on any channel. Nonetheless, sometimes our requirements far exceed the functionality available to us. As we saw in the previous post, core REST only allows for individual entities to be retrieved, and Views REST exports only permit the issuance of GET requests rather than unsafe methods as well. But application developers often need greater flexibility and control, such as the ability to fetch collections, sort and paginate them, and access related entities that are referenced. In this column, we’ll…

Read More →

How to Build a Drupal Site with Composer, as Seen at DrupalCon

Fellow Acquian Matthew Grasmick and I just presented How to build a Drupal site with Composer AND keep all of your hair at DrupalCon Nashville, and though the session wasn’t recorded, we posted the slides and hands-on guide to using Composer to manage your Drupal 8 sites to the linked session page. I wanted to dive into the session a little bit, because it was popular enough that many people couldn’t even get in since the room was so full! Matthew, in case you didn’t know, is the creator and a maintainer of Acquia BLT, a tool used to build, launch, and manage Drupal applications using all the best practices we’ve learned over years of Drupal experience at Acquia. And I’m the maintainer of Drupal VM, among other open source projects like an Ansible role for installing Composer. Both Matthew and I have a lot of experience with Composer, and…

Read More →

How Acquia Blocked 500,000 Attack Attempts

The Acquia blog has a fascinating and important post by Dries Buytaert and Cash Williams on the recent Drupal critical security vulnerability, and it’s aftermath: Acquia blocks 500,000 attack attempts for SA-CORE-2018-002. It’s worth checking out in its entirety, but here are a few take-aways if you haven’t gotten to it yet: When the Drupal Security Team made the security patch available, there were no publicly known exploits or attacks against SA-CORE-2018-002. But a subsequent article by a security research firm, and the posting of proof-of-concept code by another researcher spawned numerous exploits. Since then, Acquia has observed over 500,000 attacks from more than 3,000 different IP addresses across our fleet of servers and customer base. Fortunately, Acquia deployed a platform level mitigation for all Acquia Cloud customers one hour after the Drupal Security Team made the SA-CORE-2018-002 release available on March 28th. To the best of our knowledge, every…

Read More →

Acquia blocks 500,000 attack attempts for SA-CORE-2018-002

On March 28th, the Drupal Security Team released a bug fix for a critical security vulnerability, named SA-CORE-2018-002. Over the past week, various exploits have been identified, as attackers have attempted to compromise unpatched Drupal sites. Hackers continue to try to exploit this vulnerability, and Acquia’s own security team has observed more than 100,000 attacks a day. The SA-CORE-2018-002 security vulnerability is highly critical; it allows an unauthenticated attacker to perform remote code execution on most Drupal installations. When the Drupal Security Team made the security patch available, there were no publicly known exploits or attacks against SA-CORE-2018-002. That changed six days ago, after Checkpoint Research provided a detailed explanation of the SA-CORE-2018-002 security bug, in addition to step-by-step instructions that explain how to exploit the vulnerability. A few hours after Checkpoint Research’s blog post, Vitalii Rudnykh, a Russian security researcher, shared a proof-of-concept exploit on GitHub. Later that day,…

Read More →

Acquia blocks 500,000 attack attempts for SA-CORE-2018-002

On March 28th, the Drupal Security Team released a bug fix for a critical security vulnerability, named SA-CORE-2018-002. Over the past week, various exploits have been identified, as attackers have attempted to compromise unpatched Drupal sites. Hackers continue to try to exploit this vulnerability, and Acquia’s own security team has observed more than 100,000 attacks a day. The SA-CORE-2018-002 security vulnerability is highly critical; it allows an unauthenticated attacker to perform remote code execution on most Drupal installations. When the Drupal Security Team made the security patch available, there were no publicly known exploits or attacks against SA-CORE-2018-002. That changed six days ago, after Checkpoint Research provided a detailed explanation of the SA-CORE-2018-002 security bug, in addition to step-by-step instructions that explain how to exploit the vulnerability. A few hours after Checkpoint Research’s blog post, Vitalii Rudnykh, a Russian security researcher, shared a proof-of-concept exploit on GitHub. Later that day,…

Read More →

Decoupling Drupal 8 Core: Core REST, HAL, and Setting Up Drupal as a Web Services Provider

Perhaps the most critical piece of any decoupled CMS architecture is the API layer which exposes data in the back end for consumption by other applications. In Drupal’s case, the REST module (also known as the RESTful Web Services module) in Drupal 8 core fulfills this responsibility. The REST module contains important logic that drives the availability of data through formatted responses. Nevertheless, in many cases, what is provided in Drupal core might not be the most suited to your needs. For instance, the Hypertext Application Language (HAL) specification includes links to other resources, information that might be superfluous in a setting where payload size needs to be as minimal as possible. Fortunately, Drupal’s wider web services ecosystem, which I’ll discuss next week, incorporates API optionality across a diverse range of specifications like JSON API, GraphQL, and CouchDB. In this Experience Express column, we’re zeroing in on core REST because…

Read More →

Checking for Bad Passwords in Drupal to Avoid Site Compromise

Easy-to-guess passwords are all too often the means by which intruders gain unauthorised access. It’s useful to be able to audit the passwords in use on your site – especially for user accounts with administrative privileges. Ideally your Drupal site should have a robust (but user friendly) password policy (see my previous post: Password Policies and Drupal). However, this is not always possible. The problem with checking your users’ passwords is that Drupal doesn’t actually know what they are; rather than storing the plaintext password, a cryptographic (salted) hash is stored in the database. When a user logs in, Drupal runs the supplied password through its hashing algorithm and compares the result with the hash stored in the database. If they match, the user has successfully authenticated themselves. The idea is that even if the hashes stored in the database are compromised somehow, it should be very difficult (if not…

Read More →

How to Log Into Drupal Without the Login Block

This is actually quite a common question from our students. They start building their Drupal site. Then they go to work with their blocks or menus. Then they accidentally disable the “Log in” menu link. There is no “Log in” link displayed on the site anymore. Neither for them nor for their visitors. In this short tip, you will learn how to login to your Drupal admin page in such situation.  Source: https://www.ostraining.com/

Log Into Drupal Without the Login Block

This is actually quite a common question from our students. They start building their Drupal site. Then they go to work with their blocks or menus. Then they accidentally disable the “Log in” menu link. There is no “Log in” link displayed on the site anymore. Neither for them nor for their visitors. In this short tip, you will learn how to login to your Drupal admin page in such situation.  [[ This is a content summary only. Visit http://OSTraining.com for full links, other content, and more! ]] Source: https://www.ostraining.com/

SANDcamp: Introduction to Site Building

Start:  2018-03-23 09:00 – 17:00 America/Los_Angeles Organizers:  rainbreaw cstauffer Event type:  Training (free or commercial) https://www.sandcamp.org/introduction-drupal-8-site-building Description Learn the basics of building a CMS (content management system) based website using Drupal 8 — a completely customizable, flexible, and scalable open-source framework. This introduction will give you all of the essentials required to produce a straightforward site, customize your content and displays, and enough knowledge to find more targeted information for unique customizations as you progress through your Drupal site building adventures. This training is being offered by STAUFFER – www.stauffer.com – for free as part of the Drupal Global Training Days initiative. Training Agenda Morning: Part I Introduction: What is Drupal? Getting Set Up Quickly Basic Site Configuration Basic Content Creation Navigation / Structure: — The Menu System — Taxonomy Morning: Part II Going beyond OOTB (out of the box) Options — Changing functionality with Contributed Modules — Customizing your…

Read More →

Back to Top