Category: drupal

since I saw Dave going in to the titanium/mobile app session, I thought I’d check out this.

“world adult kickball association”? and that’s the site he works on. kickball.com, 60k visitors/day.

going to be high level. [would like the front lights to be low so I can actually see his slides] – not going to talk about what to do once it’s in drupal, or about geodata, or about twitter or facebook connect, or about D6 or D8.

two options: migration – moving the data from whatever into Drupal, which is a habit in the Drupal community – or reading & leaving the data where it is.

do you have access to the database? if not, then more likely to be *reading* vs migrating.

is the data a moving target? if often changing, leave it outside. otherwise can add a lot of overhead.

quantity of data?

is the data “drupally”?

[and I start to appreciate where Dave’s at, even if he’s not always great at explaining how he got to that POV.]

migrating: two “and a half” options –

1) Feeds module. Lots of formats, UI-driven. (o look, it’s Dave Reid.) Altho I’ll admit that I still find the Feeds module somewhat baffling. Someday…. Huh: Feeds Tamper. Cleaning up data, breaking apart fields, etc. Feeds Image Grabber, downloads & attaches images in data pulled by Feeds. Feeds Readability Parser, tries to work out the title of the page and the content, stripping ads & navigation, etc. Lots more parsers!

2) Migrate! “there are a lot of times when you need a sledgehammer” – slide with link to denver presentation “migrate workflow” – has lots of options. (oh, is that the one I used to use to grab spreadsheets of stuff? (branches, mortgage staff, business members, etc)) Migrate Extras, covers a lot of major modules.

deciding: non-sql data, you’ll probably prefer Feeds. more complex the data, more likely to want Migrate. [no, wait, I was using Node Import, which I loved to pieces, and for which there will not be a D7 version. it was so SIMPLE.]

[also: HUNGRY. Should have had breakfast.]

If you’re thinking about custom code, just extend Migrate instead.

Exposing data to Views.

(which makes me think Forena is just an insane idea altogether.)

Views API is well documented.

hook_views_api — array with the version.

some weird stuff if you’re trying to read D6 data on a D7 site.

hook_views_data

“you’re not going to have a good time”

set up the database info in settings.php

defining the node table programmatically, so it doesn’t flip out about it not being a nodes table? ok, I think I hit the point where I don’t actually know enough. but damn this is just so much more DRUPAL. the only question is how to get this to a UI that admin computing doesn’t freak out about. all that code is about getting around namespace collisions when having one drupal get data from another drupal.

create in the UI or in code? I still don’t really understand what he’s actually doing.

It would be interesting to write a Banner Views module. He does talk about if you have non-Drupal external data, then you’ll need to write external code…which I guess is where Forena comes in.

discussion about getting users from external sources, which is something I don’t need to worry about, since we have that CAS module. also: not my problem.

all the code is at github.com/abelb/drupal_styletiles/ (works with education clients!)

funnymonkey, does distros for education.

interior designer mood boards…all the way to pinterest.

styletil.es

need to ask Susan if she wants me or Justin to do this for OARS.

adjectives technique didn’t work with stakeholders on one of her projects.

Foundation – a frame work – SASS.

Again: SASS or LESS?

grids, with modular scale typography. also responsive layout stuff. she likes it for prototyping. there’s a theme that uses foundation. Twitter Bootstrap : Less :: Zurb Foundation : SASS?

style guide module. ORLY.

First email on Monday: Amy G, Erik, Justin, Dave: SASS or Less? Pros and cons? Any dependencies? WP templates or Drupal themes?

She likes the D7 Zen theme.

Oh, that grid class system is actually easy to read and understand, ie “five columns offset-by-two” — I’m impressed.

[What frameworks, if any, use em-based grids?]

she’s using sublime text 2. (how do these tools work for coda 2?) oh, the color declarations in the scss show with the actual color in the background. nice touch. damn, I need to get better w/keyboard shortcuts in coda & oxygen.

I wonder if it would be possible to describe our existing site as a style tile setup. (Clunky as it is.) And then in theory we could gradually change them. Same deal with my.e.e.

She’s just awesome…kinda fun to watch her work through ideas & opinions as she talks.

I would really like to find some decent developer tools for this tablet. Never did find a code editor that I really really liked.

typecast app for doing typography in the browser. send to Justin ASAP.

“I tried to thank the guy on Twitter, but he doesn’t tweet at all.”

sassy buttons – jaredhardy.com/sassy-buttons/ — cute!

csshat.com for turning photoshop layer styles to css3. daaaamn. ($30)

question about mixins degrading gracefully? pretty standard? sounds like it does all the combos to get as close as possible.

Sass vs. LESS

I have plots & daydreams….

This room is about packed. Huh.

Sort of a vendor presentation from ImageX Media, their major emphasis is higher ed.

OpenEDU – not a ready-to-go product. (OpenScholar? OpenAcademy?) its features can be added on to other distributions, or can be used as a framework. (Portland State is their flagship client, met one of their devs this morning.) Multi-site: can do in a variety of ways, will come back to that. It can be used ala carte or as a set.

framework/features that “complement marketing initiatives” — “enroll, engage, retain” — ah, so they get that!

(fwiw, looks like OpenAcademy is focused on a department website model, which totally doesn’t work for us.)

“surfing the tension between control and freedom”

maintaining core brand while allowing unique identity of individual units.

multisite with full template customization, or a flexible site-wide theme with consistent elements, configurable options. options they can pick while working on a page.

it sort of looks like the panel layout picker. I like that A LOT.

content sharing options. (we could move all the non-academic users from WP into Drupal) — created a stand-alone syndication server for that sharing. innnnteresting. gets at the “picker” idea that I’ve been worrying over with embedding offering descriptions, news, events, profiles.

single sign-on – integrates with CAS. nice. is that related to the one that Dave works on? can then apply additional roles/permissions and have that spread out among other sites, and also granularity site-to-site.

oh, this is a very talky presentation. getting restless. time for knitting?

is this only available through them, with their services? (as the guy next to me has in his notes: “giant sales pitch…but not a bad one”)

modules they’ve released or are releasing: single sign-on, openedu helper, programs & courses, link block

they’re working on getting a shareable enhanced administration toolset. which is good, because that is what I see as the biggest stumbling block.

alfresco document management — plays nicely with drupal?

probably should not be trying to learn a new technique (knitting) while in a presentation. I just got restless. :\

their syndication setup is based on Services module. innnnteresting. loads images from the syndication server/site, not locally to the client (dept, whatever) site. clever clever clever.

I bet it would be crazy spendy to have them come get us switched over to Drupal. wonder what all our options are.

looking at the afternoon’s sessions. might see what the BoFs are for the first two after lunch; I know what I want for the last one.

Yep, back to this again. Conference blogging! Pacific Northwest Drupal Summit, this time, which long-time readers will know that I have been to this event several times…technically every time. It’s back in Seattle again, which is nice because it’s technically commute-able from my house, although a loooong commute. Last night I actually came up early & visited with Kat, who I haven’t seen in ages. (So long that both of our old kitties have died since the last time we saw each other.)

But now I’m here, and already I’ve seen a bunch of people I know, which is lovely.

First up, a presentation on responsive web design in Drupal, by a guy on the Omega theme team.

To be covered, pitfalls dealing with: images, menus, layouts (will this work?), CSS (not too much detail, but some high-level stuff), performance.

(Wifi is being weird here….)

max-width 100% on images, keeps everything from going outside of its containing box, even if width is set bigger than screen.

Adaptive Image Module? doesn’t use it. Sets a cookie with browser width, to get the right size image. which does weird things when rotating screen, apparently.

high dpi screens of various sorts.1px = 4 retina pixels. (wtf?) large but optimized is still large. retina.js – lazy load of high resolution images, only if high res screen. prefers using css3 to draw stuff instead of images: the obvious stuff, gradients, transparencies, borders, etc. (buttons!) ok, he’s sorta talking about the REALLY obvious stuff.

some weird snobby moments about browsers.

responsive as a moment for rethinking menus and how to get people to the info they need.

oh, superfish. I’ve used superfish about a zillion times. and now superfish can tell if you’re touch or hover. I think I’m in love.

he does two menus: one for desktop, one for mobile. (altho i was really frustrated with the pnwds summit site’s mobile menu, because I couldn’t find schedule link IN THE MENU. hrm.) but the js for how it was done in this case will be in the notes.

jquery “slidetoggle”?

display suite module. includes block as a field? ood for more complex sites. define gridsets. advanced layout stuff.

breakpoint selection… I still think that we might get something interesting with ems, better than all this pixels stuff. I think he’s on the wrong track with the px stuff. but yes, use floats creatively. (again, that’s some of the wildly obvious stuff.)

damn I just want to completely redesign my.e.e. Or at least borrow Justin’s brain for a week to get started.

“.tpls”? template files.

work with, not against, designer — then again, happily, our designer is all about the mobile. 🙂

Sass. “broke all my bad habits” (would that help with trying to keep track of css in cascade? and what about Less? which one did Amy G want to get into?)

grid classes in display suite? something to look into.

mediaquery.js – change layout completely, moving the actual html around. (huh.)

sleepy.

performance.

aaaaand the browser on my tablet is being crashy. #ironyalert

know your audience. [PLEASE STOP SAYING UTILIZE.]

background images/image sprites. someone else suggests using svg, not image sprites. and then the issue of printing, and what happens when all the images disappear? :\

display suite vs delta module in omega? (well, for one thing, delta is going away) whoooosh, that went right over my head.

omega 4 is a complete rewrite. well. focused on performance. all sass, all the time. have to learn that if you want to use omega.

[hungry. sleepy. should’ve gotten coffee & pastry or something.]

I wonder if we could leverage sass into some of the weird forena stuff. also, Dave said something about trying to integrate Views & Forena. which might allow for some interesting directions.

[twitter bootstrap is Less? if Erik’s expertise is with bootstrap, then we might be leaning Less. is there another theme system that’s more Less-friendly?]

Here’s a list, in order from my PNW Drupal Summit notes, of some things I’d like to do/learn/try:

answer 1 support request a day (in install support forum?).

make progress on one issue per day. (views or another module you know well) mark duplicate, answer support request, etc.

when you learn something new, document it as you go.

/contribute – places to jump in. but she prefers /community-initiatives. highlights things that are important.

irc

git

try D7, possibly for the feedreader pet project

documentation patches, “novice” tag

look into D7 multigroup issues

themekey: re-read code of the alternate themes, also just try reinstalling at next update.

review ALL the tips in the server optimization notes.

try yslow

idea: create map/app of walking tour brochure. experiment with map of recreation facilities (see maps notes, also http://github.com/tylor/quickmaps)

create a personal/site issue queue: view ads ctr counting, quickrates loan issue, ecard

write blog post about drupal/enterprise and/or “year with drupal” (see JK keynote notes)

upgrade to webforms 3 [notes]; write bolt-on module to connect with campaign monitor. if ENA goes to Drupal use webform for membership signup.

drush.

try login_security

look at role_delegation for intranet?

“scrum” meetings in our department: what you did, what you will do, what’s blocking you – under 15 mins total meeting

features & context, for real this time.

web widget for rates?

about.opengardenproj.org

research tools that they would like to make

putting technological & non-tech people.

alphabet as organizing projects

alphabet garden: a real garden, someone who works for civic actions. blogging about the garden by letter, then starting over after Z, facilitating community storytelling – aha! give people prompts to get themselves going.

command line = chef knife (I would love to be able to take a command line 101 class)

codelandstorytimecollective.org

she’s a museum person! background in explaining science – how can that be done with technology?

explaining memory links & garbage collection using bunnies. inspired by commoncraft videos

resource sharing technologies

mapping!

vozmob

fun games with git, “cubby holes” – “nobody wants to waste their time learning something useless”

human internet game – using real people to act out aspects of the internet. “what’s going on behind the beachball” (oh, freegeek chicago)

web-based irc – and using chat, skype, etc to talk about what was going on with irc.

chach is very enthusiastic, but this is a little drifty.

“spot-check” on individual learning projects.

jing – free cross-platform for making screencasts – free is 5 mins/200mb only, but that’s actually a plus, makes you condense. takes 1-2 hrs to make a really good 2-5 mins vid.

“lab hours”

she just jumped past the concept of “neutral space” – wonder what’s that about.

I wonder if we should have “scrum” meetings in our department: what you did, what you will do, what’s blocking you – under 15 mins total meeting.

to be honest, I think I got more out of the conversation we had hanging out in the lobby.

web widgets module – embed drupal content on another site – gives you a script to use on wordpress, etc, tho not facebook

http://garden.localbiology.org/

about 50 people involved – 10 learners – plus mentors, etc. just about the right size for a single main teacher.

where from here:

she’s delightful but rambly!

http://www.drumbeat.org/festival

http://github.com/chachasikes/opengarden

evil robots, scripts.

wow, unfiltered xss put site in maint mode, changed password, locked out of site.

48% of security advisories for drupal are XSS (core & contrib)

[note to self for webform/campaign monitor integration: suggestion from prev presenter to create submodule based on webformphp]

71% of sites tested by whitehat have xss vulnerabilities.

a month of bugs…only 1 was really severe, about half were xss, more moderate.

changing the default input format. (done. actually, I think my default is a plain text version.) better formats module, which I’m using, and like a lot. html purifier module for use w/wysiwyg.

unsafe: script, object, embed, style, iframe, img (maybe: can be used as a vector for other attacks; don’t use for anon users) – but other tags can run into problems, whitelist is better.

dangerous permissions: administer… filters, users, permissions, content types, site configuration, views. “least privilege” side benefit: makes the interface much simpler for those users.

devel module – anon permission to execute php. (an actual live .edu site. jeez.) “I swear it was that way when I found it”

same criteria you’d use to evaluate the quality of a module can be used to evaluate security of the module. indirect & subjective, but a good starting place.

University of Pennsylvania “drupal approved modules” – staff who have audited the code, no guarantees, but has been reviewed.

coder module will give information about use of coding standards, another way of judging attention to detail. someone’s working on an add-on “secure code review”

xsrf – request forgery – anytime where visiting a page does something…potential flaw – if you see big crazy number (token) at the end, that’s good. (same sort of thing happens in ob.)

test for access bypass, with a variety of roles and permissions: what features still work if logged out? a flaw in code may allow inappropriate access: node access control + filefield – private node files could still be accessed as if public.

securepages – oh, our apache config is already set up for that (redirect to ssl version) – but has some maintenance issues

password_policy or password_strength

role_delegation – moderator can give moderator access to others, w/out full admin users permission

video_filter – safe way to post youtube, etc. w/out allowing script. difference from mfield?

adminrole – which I’m using and really like. (I turn the admin user off most of the time.)

always test updates before going live. drush pm-update. all updates w/single command – time-saver! read the advisories: not all issues apply to everybody.

crackingdrupal.com, owasp.org

discussion of password security, expiration, enforcing strong passwords. greggles talked about false sense of security about strong passwords, better to work on detecting brute force attacks. (there’s a module for the latter, login_security)

webform 3

“now more abusable than ever!”

oh, he’s one of the using drupal co-authors. (get book signed? 🙂 )

pnwsummit coupon code thru next week. (might have to talk to matt abt that)

doesn’t use entities in D7 – database tables issue. nor fields (ie CCK)

trying to remember what my really weird webforms use-case was. chat survey?

was looking bleak about a year ago: more than 650 open issues, but all better now! scaled back the scope of webform 3. still lots of people on webform 2.

conditional fields! yay. “choose your own adventure”

save draft of form and resume later. (works for anon, but that disables caching for that user; interesting discussion of edge/use cases)

can multiple have webform-enabled content types

“basic” views support – eg, listing of submissions – but not yet listings of submitted data, patch has it working. (I think the latter is what I had trouble with, and had to write some custom php for.)

better data integrity, harder to break by end users. oh, like the problem with changing values of locations for holidays.

form builder integration did NOT happen, there’s a project – visual interface – too much work, but may include backwards (????)

lots of API stuff. include ability to create dynamic select lists.

was it webform that I wrote custom stuff for to talk to campaign monitor?

options moved to step 2, so as to not stuff everything into regular node form.

email config is in its own tab – who gets the email. includes template options for the actual email text. handy. template option not yet fully developed.

and then a separate tab for all those options.

(what about upgrading existing forms?)

CSV doesn’t support UTF-8? huh. nice: Excel format is just TSV with .xls extension. 🙂

separate receipt template for multiple recipients

mimemail module – can send html email & attachments. oh, so then webform can email attachments!

webform will automatically use date popup module if it’s turned on. lots of other modules that if you turn them on, more options automatically appear in webform.

page breaks. conditional logic. and conditional logic WITH page breaks. whee!

“select or other” module – that works too. (all this stuff is listed on the module page)

integration between pay module and webform – example of a donation form. very cool. way easier than doing something with ubercart.

ah, someone else who ran into “oh, hey, canada is a different country!” problem.

what’s up with the “losing your hair” theme?

the theme also of “playing together”

graph of technology adoption.

“the enterprise” – long terms, have tech staff, have existing tech that they’re committed to keeping. risk-averse. concerned with downtime, bugs, security. and all the enterprise sites he just showed are all drupal.

case study, but can’t tell some specifics…including the name of the company. 22 content types, 16 modules, etc., etc. (we have 29 content types, altho a couple aren’t actually used.)

have a plan! (imagine that.) views, blocks, menus, etc. – being consistent with what to use where. pick naming conventions, do it consistently. (damn straight.) export as much as possible – features, core exportables. config in code, which gets into maintainability. have to use version control. hudson/selenium (testing tools? lost track for a sec) aegir, drush. need to figure out drush.

“make the robots do the f’ng work” using code instead of ui.

scaling. no longer a crazy unknown thing.

project mgmt, biggest challenge.

able to fund drupal improvements via enterprise client. panels inplace editor. interesting. hmmmm. (actually, that’s EXACTLY what C has been talking about wanting to do with a site.)

hurdles: sales, and interestingly acquia is helping with this because they have a sales staff; scope creep, esp because may not know what’s easy & what’s hard; multiple stakeholders, don’t know who’s the boss, dealing with issues that have nothing to do with you/the project. Platform requirements, moving outside your comfort zone, esp mentions MS issues. “The Pager” – uptime requirements, someone avail as emergency contact.

“this is already a big thing for them” minimize other newness.

human challenges > technical challenges. (all problems are social.)

tool: hudson, automated testing (java), selenium for browsing testing, coder.module. (also goes with one of my other pet theories: let the computers do the part they’re good at.)

aegirproject.org – automated building.

his new thing: pantheon, platform, high performance, best practice git – “trying to build the robots” http://getpantheon.com/ (I’m wondering if I should use something like this or Drupal Gardens to build out my test intranet. Way easier than what I’ve been trying to do!)

I think I have a blog post in me about this stuff, being in a (smallish) enterprise.

warning about only talking to the people that you know “uid ain’t nothin’ but a number” – most intelligent creative people may have just walked into the room; continue to be welcoming.

bring our ideals into the enterprise.

oh, or I might do a post about a year with Drupal. (not unlike my “year with Xtracycle” post!)

Q&A

“going to agile is as big a change as going with drupal” – “do one new thing at a time on a project” – but doing agile (or whatever) internally, with him as the interface with the customer in their process.