Drupal News

This is all about Drupal

  • Drupal Planet

    Web Wash: Generate Twitter Card Meta Tags using Metatag in Drupal

    1 day 10 hours ago

    When someone tweets a link from your website, Twitter can use Twitter Cards to attach rich photos, videos and media to Tweets.

    By doing some minimal configuration changes on your Drupal site using the Metatag Module and the Twitter Cards submodule, users can see a “Card” added below the tweet that contains neatly formatted information coming from your website, as shown in Image 1 below.

    The cards are generated using HTML markup in the HEAD region of your Drupal site; that’s why the Metatag module is used.

    Twitter will scrape your site and generate the card using the HTML meta tags.

    OpenSense Labs: The Open Source Security Manual

    1 day 12 hours ago
    The Open Source Security Manual Gurpreet Kaur Tue, 06/15/2021 - 16:42

    Imagine you created something and that something is a software. You wanted your creation to be used by as many people as possible, you wanted to make it universally accessible. So, you did just that, you made the software source code accessible so that anyone could inspect it, modify it and enhance its capabilities.

    This is the scenario that makes an open source software what it is; a publicly accessible tool that is all for the community. It honours open exchanges, collaborations, transparency and perpetual development that is community-centric. These principles have made open source software become immensely popular today. And here is proof of that. 

    Source: Github

    Many of the public repositories, like PHP, Java and .NET, use open source software and in heavy numbers. If we look at the revenue open source software is deriving, the numbers are again quite impressive.

    Source: Statista 

    All these numbers speak volumes to the efficiency of open source software. However, if there is one aspect of open source software that needs some kind of assurance, I’d say it’s open source security. The reason is probably the fact that OSS is completely open for everyone, so it is assumed that something with this level of openness cannot be secure. 

    In this blog, we’ll try to find an answer to the question, ‘what is open source security’ and see whether it is actually secure or not.

    What Is Open Source Security?

    Today, businesses try to leverage multiple software in their efforts to move forward in technology and open source is one software that is omnipresent in these efforts, be it just for its code. 

    Source: Synopsys

    The reasons for this elevated usage of open source components are plenty. 

    The fact that you get to try the software before you buy it; 
    The fact that support is free; 
    The fact that there would be fewer bugs to deal with and faster fixes; 
    The fact that software security would improve; 

    To know more about the power of open source, read about the perks of being an open source contributor, leadership in open source, why are large enterprises investing in open source, why is open source recession-free, impact of open source during Covid-19 pandemic, and the significance of diversity, equity and inclusion in open source.

    All of these account for open source to become a software that is quite pleasing to the eye. The last point that I mentioned may be the most pleasing factor of them all. But why? What is open source security? Is open source insecure? Let’s understand just that.

    Like any other software out there, the OSS also goes through two main stages, the development and the production. And open source security works in both of them, managing and securing the OSS at all times by using certain tools and processes; all of this usually done through automation. 

    Talking about the Software Development Lifecycle, open source security has three main responsibilities;  

    • It identifies open source dependencies in your applications; 
    • It provides critical versioning and usage information; 
    • And it detects and warns about any policy violations and its consequent risks. 

    Moving on to the production phase, open source security continues to work diligently. Its main duties at this point are to focus on any and all open source vulnerabilities. It does so by; 

    • Monitoring vulnerability attacks; 
    • Blocking vulnerability attacks, if possible; 
    • And most importantly, alerting you for the same, thus making you ready to take action against them.

    Be it a community driven open source or a commercial one, open source security works in much the same way. 

    Delving a little deeper in open source security, is there an initiative or a body that is accountable for it. This was one question that I found myself asking while researching about this piece. And there is, it is The Open Source Security Foundation. It helps organisations relying on open source software to understand their responsibilities in terms of user and organisational security and verify it. 

    The initiative focuses on aspects like vulnerability disclosure, security tooling and best practices, identification of threats and even digital identity attestation. All of these only aid in securing your projects, critical and otherwise, in a much better and efficient manner.

    Is Open Source Good for Security?

    The answer to the question ‘How does open source security work?’ is not a linear one. But if I had to answer it, I’d say open source security is nothing at all like Microsoft, which should provide a lot of clarity to you and instill a sense of faith in OSS.

    According to Snyk’s The State of Open Source Security 2020 report, 

    Open source ecosystems have expanded by a third in 2019; 
    Open source security culture is focusing on shared responsibility; 
    Open source vulnerabilities have reduced by a fifth.

    Source: Snyk

    On top of this, the vulnerabilities that were found in open source as most reported weren’t high impact on software projects. 

    These facts were enough for me to believe in the capability of open source security. However, for you, I am going to provide four more reasons.

    Security that is transparent

    The main benefit of open source security is that it is transparent. What I mean by transparent is that its source code is open. You can get information about the code base and potential bugs.

    People can sift through the source code of any open source project and improve any imperfections, which would not have been possible if the source code wasn’t open. This further means that there won’t be any surprises as the chances of any malicious functionality would be quite slim with this level of scrutiny. 

    Security that is reliable 

    This advantage is relatable to the previous one. OSS openness has made it possible for its code to be continually tested. 

    The online community, which is responsible for developing the code, is behind these tests, making the software more reliable and trusted. The software developed on such trust would most likely never crash and fail.

    Security that provides quick catches and fixes 

    After transparency and reliance comes the benefit of quick fixes. The open source community is again to be thanked for this. The many contributors of open source make it possible to detect any bugs and flaws and quickly patch and fix them, without any elongated downtime for your applications. 

    Security that is sustainable 

    Open source software isn’t going to go anywhere and would open source security become antiquated. The reason would be its growing community that would continue to expand indefinitely. Therefore, the platform would continue to improve and you would have the assurance of better security means as time continues to move ahead.

    At the heart of every benefit of open source security is its openness and community. Is open source a security risk? Not really. Is it a full-proof solution? Again not really. Yes, open source security cannot provide you the guarantee of being full-proof at all times, but the fact that the open source security at least provides a better chance of being secure is enough to make it advantageous for us; after all, are there really any guarantees in life?

    Are There Challenges That You Need To Overcome?

    Moving on from the pretty picture of open source security, let’s focus on the dark side of the concept. Open source security isn’t always full of the joys of spring, there are certainly challenges that need to be overcome. Since open source has become prevalent in every business sector, so have the open source security vulnerabilities. 

    Open source vulnerabilities by business sectors | Source: Synopsys

    Ironically, most of the challenges coincide with the openness of an OSS, so the benefits become the drawbacks. Let’s take a look at them.

    The openness isn’t without vulnerabilities

    Much like any software out there, open source also comes with some vulnerabilities. Yes, the open source community aids in the remediation of these flaws, but they tend to widen the difference between open source safety and open source attacks.

    Vulnerabilities reported in OSS | Source: WhiteSource Software  

    Yes, open source security issues come with their fair share of vulnerabilities, from XSS to information exposure, there is everything and these vulnerabilities keep on changing year after year. 

    However, there is a silver lining in this challenge and that is the impact of these vulnerabilities. 

    Source: Snyk

    XSS is one of the most reported vulnerabilities, however, it only impacts a low number of projects. This can be considered as a positive outcome of this particular challenge.

    The openness lures attackers

    The OSS code is open for everyone and so its vulnerabilities; and we certainly know that everyone includes people with malicious intent as well. So, open source vulnerabilities become an easy target for attackers.

    The National Vulnerability Database, which is a platform providing information about the open source vulnerabilities that too publicly isn’t helping this challenge much. Don’t get me wrong, such platforms are indeed helpful in identifying the problems, but considering they are public and open, the attackers get their arsenal for the next target.

    You may think that the known vulnerabilities should get fixed before the attackers are lured in by them. But that is easier said than done. The problem here is that the open source vulnerabilities are published at multiple platforms, thus tracking them becomes difficult. Even if they have been located, updating, patching or fixing can require some time and during that phase, you’d be at risk.

    The openness might overlook quality 

    There are a number of people who contribute to open source security and you cannot be sure that all of them would be security experts. Everyone in the community will not have the same level of skills and expertise. Therefore, the way they would create a piece of code would be different. This makes quality assurance a task that could almost be impossible to take on. Furthermore, the fact that there are no set standards for the quality of open source code makes it all more convenient to overlook quality.. 
     
    All of this means that the quality might be overlooked and even compromised. The fact that only 8% of the WhiteSource survey respondents were concerned about the quality is a testament to this challenge.

    The openness comes with licensing risks 

    OSS may be free to use, but it does come with a number of licenses that need compliance; 110 licenses to be exact, according to the Open Source Initiative. These act as the guidelines for OSS source to be used.

    With these many licenses, there is bound to be a risk of compatibility. Let’s understand this, some licenses are compatible, this means you can use them together. However, some aren’t, which means that using them together would put you at risk, like the Apache 2.0 and GPL v2 license.

    What’s more is that, if you do not comply with the licensing guidelines of open source, you’d be making yourself open to a lawsuit. While I know this isn’t the kind of security concern we've been talking about so far, it is a security concern all the same.

    Can You Overcome the Security Challenges?

    The major challenge in open source security are the vulnerabilities. Detecting them and resolving them has to be the priority, if you want to overcome the challenges. Given the fact that open source vulnerabilities have risen in 2020, you need to be sure that you are not at an elevated level of risk.

    Source: WhiteSource Software 

    Let’s see how these vulnerabilities can be caught in time, so that they do not affect your business by implementing some of these open source best practices.

    Prioritising security, always 

    The first part in overcoming open source vulnerabilities is to always prioritise security. This starts with the choice, whenever you choose an open source component to work with, security has to be one of the considerations in the choice. 

    Usually, functionality comes as the main reason for choosing an OSS. However, just focusing on that can put you at a disadvantage. Think of it this way, an open source component that does not require any integrations with your codebase would remove any and all security risks, along with reducing the complexity of your source code.

    Prioritising automation as a means to detect and monitor vulnerabilities 

    Next comes the detection of the security vulnerabilities and automation comes quite handy here. Organisations, especially large ones, have a pretty massive codebase and going through it would be a mammoth task, if not automated. Detecting susceptibilities is already quite a lengthy process, even with automation.

    You have to identify which packages are being used; 
    You have to pinpoint the vulnerable functionality in your code; 
    You have to map out the way that particular vulnerability is impacting; 
    And then you have to work on rectifying the findings.

    Such a process may only include four steps, however, it isn’t a trivial task.

    One of the problems in overcoming the vulnerability challenge is that organisations, sometimes, have no clue that they are actually susceptible. The fact that the open source community has an extensive amount of data means that the vulnerabilities would be spread across that expansiveness. So, running automated scans for identifying vulnerabilities would never let them go unidentified.

    Taking help of automation tools would not only help you get to the problem areas faster, but also keep doing it continuously. When you enforce automated tools to continually monitor security problems, you come closer to protecting your project and taking control over the open source components you are using.

    Prioritising the involvement of the team in security

    The last point to cover in order to overcome the open source challenges involves your team. There is a high likelihood that your developers would not be experts in security. And the people you may have in security would be lost in the developers’ realm. Since open source vulnerabilities require you to be efficient at both development and security, there has to be some training involved.

    Source: Snyk

    Such a response for detecting open source dependencies is not ideal. So, aim for cross training your staff, the developers should be able to at least identify certain security vulnerabilities and the security team should have some understanding of the development process. 

    If you think that isn’t a possibility, you can hire outside help to assist you in overcoming the challenges posed by the open source components. 

    The Verdict 

    OSS is on the rise and it will continue to grow in the future, there isn't any doubt about it. Along with that open source security will also strive to improve. Yes, there are issues that surround open source security, it isn’t perfect. I think that’s a good thing, because perfection cannot be improved upon and that means open source security has a lot of strides to make. 

    Open source security operates on visibility and openness, and it also teaches its adoptive organisations to preach the same. Aiming for visibility in your source code would always keep you ahead of the vulnerabilities you might have. It would also provide you with knowledge of your dependencies and a clear understanding of your code. 

    So, in that sense, open source software would be a great low cost addition to your project and open source security isn’t something that would ever hold you back. With the amount of open source security tools available today, that’s almost a guarantee.

    blog banner blog image open source security Open Source Software Open Source Community Blog Type Articles Is it a good read ? On

    Oomph Insights: The New Rules for Company Intranets: Why You Need to Go Beyond the Desktop

    1 day 23 hours ago
    Not long ago, company intranets were little more than a repository for shared files, general announcements, and the all-important list of holiday office closures. Today, the humble intranet has evolved as a way to enhance internal communication and employee engagement, and to help workers do their jobs. While organizations tend to have more content- and feature-rich intranets these days, many are missing one crucial element: a mobile-optimized version. As a result, they can exclude a large proportion of workers—including the 80% of people who make up today’s Deskless Workforce. Top “deskless…

    Centarro: Understanding the Drupal Commerce 2.x Address Book

    2 days 2 hours ago

    Drupal Commerce 2.x includes address book functionality for both customers (from their account pages and checkout form) and administrators (from order edit pages). This article provides a quick summary of the address book architecture to help you understand how customer addresses are modeled / saved to your database and what you need to take into consideration when writing custom code / data migration processes for orders and customer profiles.

    Commerce Core uses our Address module to add address fields to various entities, including stores and customer profiles. Address fields are not added directly to orders, payment methods, or shipments - the things for which we might typically expect an address to be selected from an address book. Those entities instead reference profiles with addresses that represent billing and shipping addresses.

    As a result, a user’s address book is basically just a collection of profiles with the same uid as the user. These profiles are created in various ways:

    Read more

    ComputerMinds.co.uk: Entity Extra Field module: display blocks & views amongst fields

    2 days 14 hours ago

    I'm a fan of configuring things for display through Drupal's admin UI. It gives site builders confidence and power. What if you want to place blocks or views listings in amongst fields on pages of content? For example, to display:

    • A listing (view) of related content, such as accessories for a product
    • A standard contact block, advert, or some other calls to action in the middle of the content, exactly where the user is best 'caught' in their journey, rather than having to stick those in sidebars or after all the content fields.
    • Some specific value(s) pulled from fields on some indirectly related entity, through a token, such as details from a taxonomy term representing the 'section' that a page is in.
    • Consistent relevant links on user profiles to take people to common destinations

    Drupal's usual blocks system allows you to put these in sidebars or above/below the usual node fields, but not between them. You could use a 'heavyweight' system like Layout Builder, Panels, or Display Suite, but those tend to entirely change the way you configure or edit your content. You could get a developer to override twig templates or write custom PHP. But is there a middle ground?

    Well, of course! You might have noticed some modules already allow their page additions to be moved around amongst the usual fields on content. See these rows without widget or format settings in this following screenshot, which aren't for ordinary fields at all? Wouldn't it be great to be able to add your own?

    This is where the Entity Extra Field module (entity_extra_field) comes in. It supports embedding blocks, views or values to be replaced via tokens. So a site builder can set these up to be managed just like ordinary fields on the page (whether it's a node, term, paragraph, or any other type of content). Each one would act as a sort of 'pseudo-field', rendered as part of a display mode amongst the ordinary fields. It also works for form modes - so you can display useful content beside existing field widgets, perhaps displaying relevant related data to editors in the places that they would be entering content about that data.

    Entity Extra Field supports visibility conditions (just like blocks, but for views & tokens too) and passing & selecting contexts for blocks. These give it quite a lot of power - for example, to conditionally hide a field rather than just using Drupal's ordinary display settings for it. So I believe this module does a better job than the older EVA module (for views), and my own similar EBA module (for blocks) did. In fact, I recommend that anyone using my EBA module in D7 should use Entity Extra Field in its place when moving to Drupal 9. Here are some screenshots of its interface - first for selecting a view to add to content:

    And for choosing a block to display - in this case, a custom one that requires a context:

    Each 'Extra field' gets shown on all entities of the type/bundle they are configured on. So there's no need to constantly remember to add a common block or view every time you create/edit a page. If you do want to have different ones on different pages, then you should use Views Reference or Block Field. These modules provide true fields for editors to choose which view/block to display on each individual page.

    The code inside Entity Extra Field uses hook_entity_extra_field_info(), which acts just like its Drupal 7 predecessor, hook_field_extra_fields(), which I've written about before. So you could write code using that to add your own page additions too - but given that blocks, views, and content accessible via tokens are possibly the most common things to embed, that suddenly feels unnecessary. Even as a developer, I'm glad to avoid writing code that would need maintaining anyway.

    I've been privileged to be able to contribute fixes & functionality to the Entity Extra Field project, resulting in a recent new release. My time for that was essentially sponsored by ComputerMinds and one of our clients who would use this site-building capability, especially around block contexts. So thanks to them! And of course a big thank you goes to Travis Tomka (droath) for making the module, and accepting my many issues & patches!

     

    Photo by Y. Peyankov on Unsplash

    Sergiu Nagailic (Nikro) Blog: Drupal Redirects in Gatsby.JS

    3 days 9 hours ago

    If you’re running Drupal + Gatsby.JS website, you’ll inevitably change the URLs of some of these articles (i.e. by changing the title) → and this will change the slug (URL) →and this will cause 404s (i.e. break all Social Media posts, etc). There’s a way to fix it.

    The Reason

    This depends on the case, in my case (and many other examples I’ve seen) - the slugs are generated by using Drupal's path aliases. And Drupal’s paths depend (usually) on the node’s title.

    This has unforeseen consequences, once you change the title, the path is changed too and on the next build, Gatsby will stop recognizing the old paths, resulting in 404s. This happened to me - when I wanted to rename the initial article as “Part 1” (because I’ve written a “Part 2” later), all my social-media posts were broken and Goo...

    Read the Full Article

    OpenSense Labs: The Ins and Outs of Project Ownership Transfer

    5 days 12 hours ago
    The Ins and Outs of Project Ownership Transfer Gurpreet Kaur Fri, 06/11/2021 - 16:15

    Is it possible for us to finish everything we start? Is it possible for us to achieve every milestone that we set for ourselves and stick to every new year’s resolution we make? In a perfect world it would be, but sadly we do not live in a perfect world. 

    And it’s not necessarily a bad thing to take a step back from a project you know you won’t be able to finish. I started painting my room when the pandemic began as a way to waive off the boredom, and half-way through I realised painting wasn’t for me. It was too exhausting and I wasn’t even good at it and most importantly it made me lose focus from my actual paying job. You can write a lot when you have paint all over your work desk, trust me. 

    So, these unfinished projects have to be taken on by someone else, right? You can’t leave the room half painted, that would be a look the 21st century isn’t ready for. So what happens? Do you hand over the paint and the brush to the person taking over and forget about it? Not exactly. 

    There are a whole bunch of things that you have to relay during the handover and keep a diligent eye on the new person to ensure that he is taking the project into the desired direction. You have to have the room painted as you had initially planned, you can’t expect a subtle lavender theme to turn out to be a neon orange at the end; that’d be a catastrophe of the highest order.

    Now, we won’t be talking about painting rooms throughout this article. No, what we will be talking about is the way project managers handover business projects that are work-in-progress. What are aspects they focus on during the transition of duties, so that they do not affect the project’s completion? And does the transfer actually become fruitful for the project? Finally, I’ll share some instances from OpenSense Labs, wherein our project manager had to handover a project. So, let’s start.

    The Handover Begins With Knowing the Company

    If we look at project handovers, there are two scenarios that basically decide how much work it is going to take from the project manager himself. 

    • One of them is when a project is being transferred to a PM who is already a part of the organisation. 
    • And second is when a new project manager is hired within the organisation to take over an already in-progress project.

    The first step we are going to discuss isn’t really necessary for the first scenario, but quite crucial for the second. And that is the knowledge of the company, its mission, its way-of-conduct and its overall cultural dimension.

    Someone who has been a part of the organisation, even if it is for a little while, would already be familiar with it; however transferring project ownership to someone new would have to go through an acclimation process and that is what this step of project ownership transfer is all about.

    Why is this acclimation important?

    Because it provides perspective 

    Being familiar with the organisation’s vision gives a perspective on things for the PM that he otherwise may not get. This perspective is important for things to sail smoothly throughout the remaining life of the project since it’d provide you with a purpose along with an overview.

    Because it helps in communication 

    Every organisation has its own culture. At OpenSense Labs, we follow the opposite of a traditional work culture with stringent rules and regulations that limit the scope of projects and employees. Liberty, openness and equality are some adjectives that would describe OSL’s office regime. This culture is directly related to how communications go down the hierarchy. Being familiar with it helps new PMs to fit in with the team and take things forward in a way it is used to.

    Because it helps in decision making 

    When you study the company you are going to take a project from, it would help you make better and more informed decisions without any disruptions.

    Source: Toptal

    The above image talks about some of the daily decisions a PM has to make, and knowing how to make them would make his/her work a lot easier.

    Familiarising Yourself With the Nuances of the Actual Project Is Next

    Now, you know the company, but do you know the project and what place it has in the company’s revenue stream? Knowing that is the next stage of project ownership transfer. This is also referred to as the knowledge transfer or at least its beginning.

    Your organisation is going to have a number of projects running at all times, they could be about helping small entrepreneurs become more successful, however, all of these projects cannot be at an equal level of prominence. Some would be high priority and some would be on low. Identifying the significance of your project is what you would need to do first.

    Once you have done that, you can start looking at your own project with a fine tooth comb. You would need to know everything about it to ensure that the outcome is what is expected. Start with the generic nature of the project. 

    What is the project type, in-house or external?
    What does the target audience look like?
    What is the marketing strategy?
    What are the competitors providing?

    An answer to all of these questions will help you get a better understanding of the project. When you have that, then you have to dig deeper into the transition and learn about the change, everything preceding it and everything that has to follow.

    What kind of progress has been made in the project?
    Which aspects of the project are outstanding?
    What tools and processes were being followed?
    What are the restrictions and blockers holding that project back?

    These questions are extremely important to ask as they would help you in knowing the deadlines and reaching them on time. Being familiar with all the issues hindering the project completion, be it about the team or client communication, won’t let you get blindsided, which can happen after a takeover.

    Then You Get Acquainted With the Stakeholders and the Team 

    In every project transfer, there are people who play a significant role in its completion. These are the people who are essentially responsible for all the work that goes into the project and its consequent success. As the new project manager, you ought to become acquainted with them from the very first day of the ownership transition because acclimating to people is the most difficult task of any process.

    The Stakeholders

    Starting with the stakeholders, these people are the ones who are going to directly benefit from the success of the in-progress project. It can be the client and his organisation and it can be people within your organisation, if it’s an in-house project affecting them.

    Talking about the client, the focus is to make him comfortable with you and you being comfortable with him. During the entire transition, the client has to be kept in loop. Even if the previous PM had been fired, the client has the right to know. 

    At OSL, we introduce the new PM to the client in phases. After some time, the new PM is involved more by making him prepare meeting agendas and answering client questions.

    At OSL, we introduce the new PM to the client in phases. We ensure that once the former introduction has been completed, the new PM is always present in client calls even if he/she is not contributing anything. Even without the contributions, they’d be learning and that is what the transition is all about. After some time, the interaction is made more frequent and the new PM is involved more by making him prepare meeting agendas and answering client questions. During this time, the old PM is always there to handle any mishaps. Once those mishaps are no longer happening, it means the comfort is achieved and the new PM is given the command.

    For an in-house project, the stakeholders would be the people using the end-product. Because they need it they’ll become your project’s advocates and in turn yours too. You have to capitalise on that. You should make yourself acquainted with them and get their feedback on the project you are delivering by testing an early version of the project on them as an option. 

    Every stakeholder of the project would always want it to be successful and it is up to you to get them involved to improve your chances of success.

    The Team 

    Then come the people whom you would complete the project with. There are three things you have to be mindful of. 

    • One is the team’s structure and hierarchy, if there is any. You should know how they operate and what is the working dimension, remote or co-located or both. 
    • Second is to dig a little history and know about any grievances they might have had with the previous manager or even among themselves.
    • Finally, you need to know whether the team you have is of the right size, you could be understaffed or overstaffed.

    These help you become one of them and make everyone feel included by eliminating any kind of friction between you and them. Having the old PM with you during the transition can help make the acquaintance process go by faster because you’d know the kind of authority and system the team is used to making the transition easier for them. Of course, if the PM has already been fired or there was no PM at all, it might be a possibility.

    Understand how human psychology works in the project management here.

    Knowing Exactly What Is Required of You 

    Now comes the part you will play in the project. Of course, you are going to be handling it, but where would you start delivering?

    Here the first important thing to know is the reason you are taking over. The previous manager could have left the organisation or he could have been made to leave. The former scenario doesn’t really have any relation to the project itself, but the latter could and you ought to know that. If a PM was removed or fired, there has to be a reason, right? He may not have done the job in the appropriate manner or he may have mismanaged the project and even the team, whatever the case, learn about it and start rectifying from the get go. Trust me that is the first plan of action expected from you.

    You can only do that once you know what exactly the role of a PM is in the organisation. By this, I mean a few things.

    • You need to be aware of the way you are going the handle the client and the team;
    • You need to be aware of the extent of your duties and whether they go beyond the scales of the project;
    • You need to be aware of the procurement process as well as vendor selection as you may have to do it at some point;
    • You also need to be aware of the way your performance is going to be evaluated, how and who is going to review it.

    A knowledge of all these aspects will only help you perform your duties better and get the project completed without any impediments.

    Read our blog ‘Feature Prioritisation in Projects: How It's Done Right?’ to know more about project management and the feature prioritisation that goes in it.

    The Final Handoff 

    The above mentioned project handover necessities actually sum up the entire process and usually most of it is mentioned in the handover plan or document, which the old PM goes over with the new PM in due diligence. 

    And it doesn’t happen overnight, it takes from a couple of weeks to a month, the gradual nature of the handover is what makes it fruitful for the project. Taking a few steps a day by breaking the transition into pieces that are easy to comprehend at a time is essential. Another aspect that is essential is you being shadowed, be it by the old PM or the team, that is what’ll help you learn the ropes faster.

    You wouldn’t take the reins at once, it would come in increments of each step we discussed. 
    You won’t be expected to answer the client worries from the get go;
    You won’t have to deal with the developers from day 1;
    You wouldn’t be expected to make a low performing project turn around at once. 

    Everything would happen gradually. Once you have the apprehension of the company’s vision, the project itself, the stakeholders and the team along with everything that is expected of you, you’ll be ready to wear the PM hat and take the project on yourself. And the final handoff would be complete.

    The Other Side of the Handover: OSL Handover Manual  

    OpenSense Labs have successfully completed many projects in its life, however, sometimes these projects have been the rewards of more than a single project manager. There isn’t a particular reason for that. Sometimes the project manager had to hand over their work because he was leaving the organisation and sometimes it was because he was overburdened and couldn’t give his complete attention to the project. 

    While researching this blog I talked to two of our project managers, Yash Marwaha and Abhijeet Sinha, to get a better understanding of project handover. Project handovers are a two way street, up until now we have discussed the side of the PM who will take the project forward, now let’s look at the other side and delve into the project transferer’s perspective.

    Yash and His Handover Precision 

    Yash is all precision and accuracy with a set system to make the handover as smooth as possible. The first thing he does is identify the type of project, which could be a long term engagement or support and maintenance. For him, this identification decides the timeline of the transition.

    The steps that he follows usually go like this.

    • Creating a handover document and going over it with the new PM; 
    • Informing the client; 
    • Planning induction sessions with a handson walkthrough; 
    • Introducing the new PM to the client; 
    • Being available on calls between the new PM and the client until a comfort level is reached;
    • Finally changing the ownership when that happens.

    This is a great system to follow for a handover, yet Yash has had to take over a project even after the handover has been completed. The reason was the new PM not being comfortable with the client. Even after doing everything by the book, things can still not go as smoothly as you may have wanted. You cannot control all the variables, let’s learn that from Yash.

    Abhijeet and His Handover Diligence 

    While Abhijeet follows much the same steps as Yash, he doesn’t focus too much on the time, rather he focuses on diligence. What I mean is he doesn’t feel that a handover has to be confined to a specific timeline. A similar project could have been handed over in a week, but that doesn’t mean that the current ownership would go the same way. For him, when you rush things, diligence goes out the window and chaos ensues.

    He has two project transfers to prove his point. 

    • He had to hand over a project, redressal of a major tourism website in Kansas City, to Yash. The handover happened within 3-4 days, pretty quick, right? The reason was that Yash was already in contact with the client making the transition as smooth as smooth could be.
    • Then there was Earth Journalism, wherein an all new PM had to be assigned the ownership. He kept her in the loop for the client and the developers. He helped in removing the friction between the new PM and the developers, which happens in every transition, at the same time he ensured that she knew the contextual needs of the project. This transition took about a month. Learn more about the work done on Earth Journalism Network by OpenSense Labs here.

    Project transfers can be a tricky business. There are a lot of parties involved and all may not welcome the change. As the project transferer, you have to be patient with everyone. You have to ensure that everyone involved is in favour of the new person, if not the final handover would not be the end of it. 

    There is another thing that the OSL team shared with me and that is never ever transfer ownership of a three-month project mid-way. If you are to do it, do it in the beginning itself. There is no point in bringing a new PM after two months, it’s not going to benefit anyone.

    Whether you are taking up a new project or getting a handover of an ongoing one, learning through Drupal website projects can be very handy. Learn what are the infinity stones of Drupal development, how to start the Drupal project the right way, how to manage your development workflow for Drupal project, and why product mindset should be preferred over project mindset.

    Conclusion

    In the end, all I want to say is that people have a tendency to take time to learn things and perform them in an efficient manner. Rome wasn’t built in a day, right? So, what needs to be done during a project handover is valuing the learning curve. It’s going to take time and patience to make it fly. The kind of details an on-going project can have are quite diverse and making the new project manager get a hang of them is what matters. And that requires time from the organisation given to the new PM and his efforts in making that time worth it. 

    blog banner blog image Project Ownership Transfer Project Handover Project Management Project Managers Blog Type Articles Is it a good read ? On

    Talking Drupal: Talking Drupal #298 - Solving and Sharing w/ Matthieu Scarset

    6 days 4 hours ago

    Today we are chatting with Matthieu Scarset about two modules he created to solve common Drupal problems.

    www.talkingdrupal.com/298

    Topics
    • Stephen - Moonlander Keyboard
    • John - 300th Show call for videos
    • Nic - Seeing friends again
    • Jason - Launching 4 sites tomorrow for RI eCMS
    • Matthieu - Moving back to Spain from France
    • Menu Manipulator
    • Solves language issue in core
    • Hides non translated content
    • Entity Media Usage
    • No DB tables
    • Essentially a view to show media or other entities on content type
    • Can easily be disabled
    • Approach to creating small modules that overlap with larger modules
    • Prolific module creator
      • User Info Block
      • Twitter API Block Flag Rating
    • Drupal version tag
    Resources

    https://www.zsa.io/moonlander

    https://drupal.org/project/menu_manipulator

    https://drupal.org/project/entity_media_usage

    https://www.drupal.org/project/drupal/issues/2466553

    https://www.drupal.org/project/entity_usage

    Guests

    Matthieu Scarset @MatthieuScarset

    Hosts

    Stephen Cross - www.stephencross.com @stephencross

    Nic Laflin - www.nLighteneddevelopment.com @nicxvan

    John Picozzi - www.oomphinc.com @johnpicozzi

    Jason Pamental - rwt.io @jpamental

    Palantir: Creating a More Equitable and Agile Hiring Process

    6 days 11 hours ago

    How we’re evolving the way we screen and interview applicants

    As a company that believes that the best outcomes are achieved when people are able to create and collaborate in open, diverse, and inclusive environments, we’ve spent the last few years strengthening Palantir’s commitment to being an equitable and just organization. We have evolved our compensation, performance, and reporting structures in an attempt to proactively identify and remove systemic barriers to equality, becoming less hierarchical and more agile. To date, these efforts have included:

    • Establishing an equitable compensation structure with defined salary levels that provide equal pay for equal responsibilities.
    • Instead of reporting to a manager, each person now has a P.O.D. (Professional and Organizational Development) team that provides facilitation and coaching in performance, growth, and development.
    • Creating a career grid that’s supported with a role-based structure that demonstrates what opportunities exist for advancement and articulates the skills and expectations for each level so that individuals and P.O.D.s are orienting learning and growth conversations around a standard for promotions and opportunities.

    We know, based on our experience with the Drupal open source community, that diverse teams drive innovation and improve quality. As Drupal’s Values and Principles state, “the people who work on the Drupal project should reflect the diversity of people who use and work with the software.” We agree. And while Palantir is already one of the more diverse and representative teams in our industry, we are not yet where we want to be. We are committed to doing the work necessary to build a team that incorporates diverse experiences and strengths where everyone can bring their best selves to their work and make space for others to do so as well.  

    Ironically, the tumultuous pandemic year brought tremendous stability to the Palantir team itself. Our internal commitment (which we nicknamed CODENAME Armadillo) ensured that there were no layoffs or salary reductions in 2020, which gave us individually and collectively the space to focus on what we needed to be healthy. We invested in our existing team’s ability to build the resolve and resilience we would need to reimagine and redesign what we wanted our next normal to be. 

    Now as we re-emerge, we have begun adding to the Palantir team and this allowed us to examine what has and hasn’t worked for us in our hiring process. Adding several positions in succession has given us the chance to experiment with this process as we seek to redesign a more effective, equitable and agile process. 

    The Challenges: 

    • Workplace inequality often has its roots in hiring processes that prioritize privilege and connections over potential. Qualified candidates can be passed over if they don’t fit into patterns of what the company or those in a position to hire might have seen work previously.
      How might we create opportunities for truly interested candidates to demonstrate how they would be “culture adds”, rather than just looking for “culture fits”? 
    • In the past, Palantir’s hiring process was most successful if a candidate was already familiar with the company (and was even better if the candidate knew one of us well).  
      How might we create a scalable, equitable environment that allows everyone to experience the advantages of insider access to a Palantiri?
    • Palantir’s hiring process could be long, with three rounds of interviews (screener, team and CEO) all conducted by in-house team members with other primary responsibilities. That long duration created an unintentional slant toward those who already had jobs (as those who didn’t often took other positions while our process was still unfolding). 
      How might we accelerate the process, without compromising our ability to manage hiring in-house and involve the team?

    Thinking about these questions, we have spent the last few months conducting a series of experiments designed to reduce bias in our hiring process. Here are some of the approaches we have found most successful in addressing the questions above in the initial gates of the process: the application and the initial screening conversation.

    Anonymous Applications

    Our efforts begin with the application stage. Our job postings include a salary range and are reviewed for gendered or biased language. When we receive resumes and cover letters, a team member who isn’t involved in the hiring decision anonymizes them, removing names, addresses, and education information that shouldn’t influence our hiring decisions. (There is software that will do this automatically for larger firms, but it doesn’t seem available to small firms and our HRIS system doesn’t yet offer this feature.)

    Knowing that our process (and indeed our company!) is a little different and can ask a lot of our applications, we want to make sure that we’re making the process informative and valuable for them as well. To that end, we host a webinar that candidates can attend or submit questions for and watch afterward, if they cannot attend. During this webinar, they have the opportunity to learn more about Palantir and the position and may anonymously ask questions.. Our hope is that this is a very safe and welcoming environment where they can begin to see what it might be like to work at Palantir.

    A Conversation, not a Challenge

    After the webinar, if a candidate chooses to continue pursuing the open position and Palantir chooses to invite them, they are invited to a video interview with our Employee Experience Manager and another team member. Prior to that interview, candidates are asked to share something that demonstrates a required skill for the position. 

    For technical positions, they are provided with some sample code from a variety of languages and frameworks. The code samples we use are drawn from public code repositories and aren’t written by one of our team members. 

    During the technical interview, the candidates are asked to choose one of the code samples and share any observations, experiences, or thoughts they may have about it. Unlike in a coding challenge, we don’t ask candidates to author code on a whiteboard, and there are no planted bugs or tricky logic to uncover in the samples we provide. The questions are scripted in advance and asked in the same order and same way for each candidate. 

    The point of this exercise is to demonstrate the candidate's ability to abstract from the code level to talk about functionality, purpose, and risks. As consultants, we often need to talk about our work with both technical and non-technical audiences. 

    For non-engineering candidates, we ask that they record a presentation on a topic about which they are knowledgeable and passionate, or that the candidate write, draw, or record a video about which Palantir value resonates for them. As we continue to hire people for additional roles, we will find ways for them to demonstrate their unique skills and point-of-view. 

    During the first interview, the candidate can also ask questions and learn more about Palantir. If the candidate and Palantir both choose to move forward, the next interview is a team interview, followed by an interview with one of our CEOs prior to an offer being made. (Those interviews are largely unchanged from the previous hiring process.)

    Preliminary Results

    Our focus in this round of iteration has been on those candidate gating decision points where  we are able to leverage antiracist, bias interruption research. As we engage in this process, we solicit feedback from the candidates about their experience and monitor the data at each stage (how many applications advance, are dropped or self-select out at each stage, etc.). Following each hiring cycle, we get together as a team to reflect on what we’ve learned and what experiments we might try in the next hiring cycle. 

    So far, we have increased the number of applicants who were previously unknown to us (and vice versa). At each stage in the process, we have ended up with just about the expected number of candidates and overall candidate quality has been very high. The feedback we’ve received is that it is certainly an unusual process, but one that gives applicants (especially those unfamiliar with Palantir) a much better sense of us and our culture. 

    Image "Scrabble - Resume" by Flazingo Photos licensed under CC BY-SA 2.0.

    Community Culture Drupal People

    Oomph Insights: Platform Metrics: Using Measurement to Optimize Performance

    6 days 23 hours ago
    If you can’t measure it, you can’t improve it. It’s true for your business, and it’s true for your digital platform. Yet we’ve seen organizations from startups to enterprises neglect to incorporate measurement into their platform strategy. Data shows you what is and isn’t working in your platform. And, unlike most websites, platforms provide detailed information about known users across specific touchpoints — accurate, first-party data that doesn’t rely on cookies or fuzzy analytics. Actionable insights await; you just have to know what you’re measuring for. Here’s how to take a strategic…

    Lullabot: Understanding Create Once Publish Everywhere (COPE)

    1 week ago

    Do you ever stop to think about how many "things" make up the internet? 

    Not necessarily websites and social media networks, but instead the individual pieces of information. Every button. Every callout. Every image. Every teeny-tiny item description in your shopping cart.

    A long time ago, if you wanted to write about something on the internet, you had to create it and publish it. And if you wanted to write about it again somewhere else, you had to create it again and publish it again. 

    Axelerant Blog: Upgrade Drupal to PHP 8: Compiling extensions

    1 week ago

    In the last article, we discussed the changes required to get Drupal 9.1 running on PHP 8. At that time, we got the Drupal 9.1 dev release working on PHP 8.0.0 RC4 with a few patches. Since then, a lot has changed with many of those patches being committed and Drupal 9.2 dev open for development. But we’ll talk about all of that at a later date. Today, let’s look at getting some of the common PHP extensions and configure it to run with Drupal.

    We left off at a point where we have plain Drupal 9.1 running on a plain PHP 8 RC4 setup. Drupal doesn’t require any extensions, not in PHP core, and that means we only had to enable extensions like gd, MySQL, and others to have Drupal 9.1 running. With that, we were able to install Umami and use the site without any problems at all. To enable those extensions, we only needed our docker-php-ext-enable script, which is part of the PHP base Docker imageSee the Dockerfile in the reference repository for the source code (lines 41-52). Installing other extensions that are not part of the PHP core is not quite that simple. Think of it this way: if a module is present in Drupal core, you can install it right after downloading Drupal. But if it is a contrib module, you have to download and install it separately. It’s the same thing with PHP extensions.

    Why test with extensions?

    Just as you probably wouldn’t have a Drupal site with at least one contrib module, you probably wouldn’t have a PHP installation without a few of the common extensions. Drupal core utilizes some of these extensions when they are available (such as APCu and YAML), which yields better performance. This means that even though the extensions are not technically required, you would most likely have them.

    Axelerant Blog: Drupal 9.1 Is Here: Are You Ready to Upgrade?

    1 week ago

    As expected, Drupal 9.1 was released on schedule at the closure of 2020. We have already talked about the Drupal 9 release and how it’s a testament to the predictable and reliable nature of the Drupal release cycle. Drupal 9.1 takes a step forward by adding more features and releasing them as predicted.

    In this blog, we will be discussing the new improvements and more that will follow. 

    Is it worth upgrading?

    The Drupal 9.1 stable release was out as expected on Dec 2nd, 2020. We previously advocated that if you are on Drupal 8.9, you needn’t hurry to upgrade to Drupal 9.0 as you would not see many new features. But that’s changed.

    Drupal 9.1 adds exciting features and updates along with support for PHP 8 (we have previously written about making Drupal 9 compatible with PHP 8).

    It’s also worth upgrading as Drupal 9.1 brings significant changes in the user interface for both sighted users and assistive technology.

    Axelerant Blog: Developing a custom CSV validator in Drupal 8

    1 week ago

    In our recent project, we had a requirement from one of our clients where we need to validate data in CSV files based on custom requirements. This validated CSV would need to be imported into Drupal 8 into various content types.  

    In this article, we will look at the requirement, the library, the architecture of the custom module, the different components of the module with some code samples and finally adding some ideas on how this module can be made more reusable and even contributed.

    Introduction

    Our client is a well known international NGO with offices worldwide, each with different types of data management systems and frameworks. They wanted a centralized system to manage the data from each of these offices. Having concluded that Drupal 8 was the ideal solution to implement that centralized system, the challenge was to set up a migration pipeline to bring in data from all of the offices and their varying frameworks. Consequently, the files generated by these systems needed to be validated for specific constraints before being imported into our Drupal system.

    Axelerant Blog: Axelerant Celebrates Drupal By Giving Back

    1 week ago

    Open-source has the power to change the world, but, as we depend on it for democratic innovation, open-source also depends on us to thrive. At Axelerant, we know and own this; hence we’re constantly engaging in different open web communities, including Drupal’s.

    Why are we writing this? First of all, we are always keen to shine a light on our team members because our people-first culture makes Axelerant succeed. Second, in a knowledge sharing spirit, we are willing to put out what has worked for us (and what we struggle with) regarding contributing and our community involvement.

    We are celebrating Drupal’s 20th Anniversary, and we are proud of being part of that history for over a decade. What better way to celebrate than recognizing and sharing the stories of the people involved, the makers that keep the ball rolling.  

    Celebrating our people and the community has been among our values since the beginning. Drupal’s 20th anniversary is one of those occasions where both of these values come together in demonstrating Axelerant’s commitment to be a productive part of the amazing Drupal community through its team.

    Here, we want to share a few stories from team members who recently contributed and inspired us with their Drupal journey.

    Checked
    12 hours 27 minutes ago
    Drupal.org - aggregated feeds in category Planet Drupal
    Subscribe to Drupal Planet feed
    Category
  • Dries

    Join the first Drupal Project Browser Initiative meeting

    3 weeks 6 days ago

    When I ask people why they fell in love with Drupal, most often they talk about feeling empowered to build ambitious websites with little or no code. In fact, the journey of many Drupalists started with Drupal's low-code approach to site building.

    With that in mind, I proposed a new Project Browser initiative in my DrupalCon North America keynote. A Project Browser makes it easy for site builders to find and install modules. You shouldn't need to use the command line!

    Making module discovery and module installation easier is long overdue. It's time to kick off this initiative! I will host the first meeting on May 24th between 14:30 UTC and 15:15 UTC. We'll share a Zoom-link on the Project Browser Slack channel before the meeting starts. Join our Slack channel and mark your calendars.

    We'll start the meeting with high-level planning, and we need people with all kinds of skills. For example, we'll need help defining requirements, help designing and prototyping the user experience, and much more.

    Dries
    Checked
    12 hours 27 minutes ago
    Subscribe to Dries feed
    Category