Since last month a lot of Drupalists were busy preparing for and traveling to DrupalCon, we wanted to give everyone a chance to catch up with important news and goings-on in the Drupalverse. To this end, here’s a recap of our favorite Drupal-related posts from last month.
VideoDrupal.org: A new site of Drupal videos tutorials
The first post from April we want to highlight is Karim Boudjema’s introduction of VideoDrupal.org, a new resource for the Drupal community to easily find videos from various Drupal events. The idea for the website was born out of Karim’s desire to give something back to the community who is doing so much, but often has no lasting value to show for it.
VideoDrupal.org is essentially a curated collection of videos found on YouTube that aim at either promoting or educating people on Drupal. To be as helpful as possible both to beginners as well as more seasoned Drupal developers, the site is divided into two sections: one that focuses on the basics of Drupal theming and site building, and one that’s dedicated to more specific topics.
A Series Of Unfortunate Images: Drupal 1-click To Rce Exploit Chain Detailed
This next post, written by Zero Day Initiative’s Vincent Lee, relates the discovery of a set of bugs in the recent critical patches for supported versions of Drupal 7.x and 8.x. These two bugs enable remote code execution through uploading three malicious files to the target server and then persuading the admin to click on a crafted link.
While the exploit is not exactly smooth and involves the attacker(s) having to set up a profile on the site (which means that any site which doesn’t allow visitors to create accounts is automatically safe), it is still interesting and useful to be aware that the possibility of such an attack exists.
(By the way, the song in the video of the two bugs in action is really great - if anyone knows what it is, please let us know!)
The privilege of free time in Open Source
In the third post on this month’s list, Dries touches upon the problematic of open source contribution of underrepresented and less privileged groups. Because of their social and/or economic status, e.g. women must dedicate a lot of time to childcare and housework, these groups don’t have as much time to do unpaid work on open source.
In contrast, privileged groups have much more time to contribute, which results in a lack of diversity in tech and open source in particular. But time constraints are not the only issue here; people from underrepresented groups are often subject to hostility and discrimination, which makes them that much more reluctant to continue contributing to open source.
So, as individuals, we need to be more welcoming and not succumb to our biases. As for organizations, sponsoring your employees’ work on open source so that they don’t have to do it in their limited free time can really go a long way.
State of Drupal presentation (April 2019)
Next up, we have another post written by Dries, this one essentially a recap of his annual State of Drupal presentation which he gave at DrupalCon Seattle. The post actually opens with the topic of the previous post mentioned here, that is, fostering diversity and inclusion in open source by giving underrepresented groups better opportunities to contribute. At this year’s ‘Con, nearly 50% of the speakers were from such groups, which shows that we’re on the right track.
The rest of Dries’ keynote was dedicated to Drupal’s (at the time) upcoming release, the preparation for Drupal 9 and Drupal 7’s end of life. Drupal 8.7, released on May 1st, brought important updates such as a stable Layout Builder and JSON:API in core. With Drupal 9 just a little over a year away, it’s wise to start preparing for the upgrade now - one of the first things you can do, if you haven’t yet, is to upgrade from Drupal 7 to 8.
A Proposed Drupal privacy initiative and the Cross CMS privacy group.
With privacy becoming a key concern in software development, it’s important for Drupal as well as other CMS to focus on privacy. For this purpose, members of the Drupal, WordPress, Joomla! and Umbraco communities have formed a Cross-CMS privacy group whose goal is to establish a common set of principles that all these technologies can rely on.
In this blog post, Jamie Abrahams of Freely Give discusses the work of the Cross-CMS privacy group, listing a number of the group’s achievements since its formation last year, as well as some points on privacy not just as a legal, but an ethical obligation. Finally, he enumerates the goals of a proposed Drupal privacy initiative and concludes the post with next steps for the Cross-CMS privacy group to take.
Enabling headless Drupal Commerce while improving its core
In the next post on our list, Matt Glaman of Centarro (formerly Commerce Guys) writes about decoupling Drupal Commerce and how this can actually improve Drupal’s core. The basis for this post is the recent trend of decoupling, or “going headless”, which has been particularly talked about in the Drupal community.
As Matt points out, the work on the API-first initiative and decoupled Drupal is very beneficial to the modules in question and Drupal in general. He gives a few examples, such as a smooth coupon redemption via the Cart API module.
This post, then, shows how a decoupled architecture and ecommerce can work perfectly well together. It finishes with some examples of successful uses of decoupled commerce, such as 1xINTERNET’s React-based solution which they presented at DrupalCon Seattle.
Learn to Theme with Hands-On Exercises
Since part of our mission at Agiledrop is spreading Drupal awareness and training new generations of Drupalists (we just held our second free Drupal course of the year this weekend), we also make it a point to promote other endeavors of educating people on Drupal.
In this respect, we wanted to highlight this post by Amber Matz introducing Drupalize.Me’s new hands-on workshop for learning Drupal 8 theming. This is a 7-week course perfect for Drupal beginners who want to get practical experience with theming. At the end of each week, participants test their newly acquired skills through hands-on exercises accompanied by helpful videos.
Another important novelty is Drupalize.me’s partnership with Stack Starter, which enables web-based development environments and consequently allows participants to focus on learning rather than having to set up their own local environment.
Drupal Association appoints Executive Director
We conclude April’s list with some important news for Drupal and its community. At the very end of April, Interim Executive Director Tim Lehnen announced in a blog post that the Board of Directors of the Drupal Association have appointed Heather Rocker the new Executive Director of the Association.
As a former executive director of the Women in Technology foundation and CEO of Girls Incorporated of Greater Atlanta, as well as due to her experience in robotics and other fields, Heather is the ideal choice for leading the organization that aims to increase Drupal adoption and unite a diverse community of Drupalists.
We’d like to give a warm welcome to Heather and join Dries and the entire community in the excitement of beginning the next chapter of Drupal under her guidance!
We hope you enjoyed our selection and were able to either revisit some of last month’s blog posts or learn something you may have missed. Tune in next month for an overview of the top Drupal posts from May!