DrupalCon Global Day 3

Well, day 3 of DrupalCon Global delivered again. It’s been a whirlwind 3 days full of good content and meeting lots of people new and old. Blake captured the general feeling of this ‘Con:

I was very skeptical of a virtual DrupalCon (especially as someone who didn’t attend at all last year). Although I missed the first day, I’m really glad I had the time and opportunity to engage with the event. Seeing so many new faces presenting was also wonderful. DrupalCon Global was a great way to reconnect with folks in the community, and still be able to have dinner with my family in the evenings. Two thumbs up, would attend again.

Contribution Day

While sessions are over, don’t forget that today, Friday, is the traditional contribution day. You’ll need to sign up on the DrupalCon Global Contributions Room site, and it’s open to everyone—no DrupalCon ticket required. There are many different kinds of groups that require a wide range of skills, with plenty of space for non-coders. If you’re not sure how to get started, there is a page that explains how to take part in Mentored Contribution, which will walk you through the whole process.

Sessions

Although we were definitely starting to feel some day 3 brain overload, there were some really good ones on this last day of the session schedule. Our teammates Amber Matz and Joe Shindelar also presented on Thursday, so make sure to check those out when the videos come up.

Amber’s session: Deep dive: state of Drupal (Link to slides with presenter notes)

Joe’s session: Altering, extending, and enhancing Drupal (Link to session resources)

Here are the random notes and summaries from the sessions we attended yesterday.

The Olivero theme: Turning a wild idea into a core initiative

  • Drupal core ideas is a great place to find collaborators, and share ideas for potential projects
  • Documentation, identifying stakeholders, and having diverse skillsets on the team were key to the project's success.
  • Building a static POC on Netlify, and using Tugboat allowed folks to get involved and contribute earlier than if they had gone straight to a Drupal theme.
  • Drawing the line between must haves and nice to haves was important to maintain project momentum and contributors’ mental health

Designing for Chaos: The design process behind Olivero

  • The main motivation for Olivero: to create a better first impression with Drupal
  • The team named the theme in honor of Rachel Olivero, who worked at the National Federation of the Blind, and who was committed to making tech accessible to all people
  • Validating the design: “The first draft of anything is shit”- Ernest Hemingway
  • The flaw of averages: If you want to design something for an individual human being, the average is completely useless. We learned how the designers worked to avoid it.
  • Spectrum analysis that was used to establish voice and tone (formal, bright, approachable, high contrast)
  • In order to be able to iterate more quickly, the team defined a core set of stakeholders to help with initial designs before showing it to the general community. This helped eliminate low hanging fruit issues (e.g. broken accessibility) that would have been blockers, no matter what. It also allowed the broader community to keep the discussion focused on the bigger picture.
  • Cool use of Invision app to allow stakeholders to rank things on a scale. They created an image with lines and good ---------------- bad and then people could leave comments in Invision somewhere along the line. Since comments show as little red circles you could clearly see ranking. And discussions could take place in the comment threads.

(Philippa) As a non-tech person, what I liked about both Olivero presentations was how they laid out the thought processes linking the idea to the core initiative, and how they advocated for the idea that led to the new default front-end theme for Drupal 9.

Intermission: Desk yoga with Gabrielle Rickman

Sooo good. While some people on the team opted for a breakfast intermission, others got a very nice break of stretches to do from the chair. Useful for any conference, but extra refreshing at an online event.

Driving today's CMS with tomorrow's artificial intelligence

  • Machine learning is a subset of artificial intelligence and isn't smart enough to evolve itself.
  • Uses in business:
    • Advanced automated interaction with customers
    • Identifying patterns in behavior
  • Where can Drupal use this?
    • Content moderation
    • Analyze customer mood
    • SEO
    • Chatbots
    • Personalization
    • Visual search
  • How do you do this? Are you ready? Do you have a plan for this in your org?
  • APIs to use
    • Azure Cognitive Services API (multiple APIs: vision, speech, etc.)
    • Google Vision API (this is much bigger than the Azure Vision API)
    • Drupal modules exist for these APIs
  • Really neat to see examples of how this can be used for content management. Nice live demo and some really cool things you can help automate.

Open source belongs in school—Let's put it there!

A presentation by a teacher and his students, The Penguin Corps, about how they are using Open Source. Led by the students.

Software for a diverse community starts with a diverse team

Highly recommended. Really great session that addresses a lot of questions about diversity AND inclusion, and looks at how to create inclusive work agreements with clients and vendors.

MagMutual.com: On the JAMStack with Gatsby and Drupal 8

  • Decoupled architecture
    • volatility based decomposition of feature requirements
    • Drupal (CMS) / Gatsby (Website) / Serverless (AWS Deployment) / Bus. Logic (Lambda) / Apollo GraphQL (User Data) / ElasticSearch (Search) / Auth0 (User Identity)
    • Briefly walked through the features and benefits of each of these components
    • (notes for our potential future use: Drupal Elasticsearch AWS connector module, AWS lambda rate limiting, Gatsby searchkit plugin)
    • Serverless framework: not really used on live code, but helped with (by allowing folks to avoid using AWS console)
      • deployment
      • mocking
      • testing
      • logging
      • local development
      • project structure
    • Living with it - ongoing support
      • harder to debug integration points, more things to support, onboarding
      • Apollo GraphQL is a huge win (helps set up data structure schema, and force thinking about it), improved performance, adding new design assets is faster

Shift Left: Addressing Digital Inequity for the Black Community

Another highly recommended session. We'll be watching this again when the video goes up.

  • Designing tech for people without a detailed and rigorous study of people makes the kinds of tech designs that we see come at the expense of people of color and women (rough quote from Algorithms of Oppression)
  • Understanding the effects of systematic dehumanization of Black individuals
    • Sylvia Wynter (No Humans Involved)
    • Aimé Césaire (Discourse on Colonialism)
  • Hegemony’s role determines which products are created, and which problems are prioritized
  • The continued exclusion of Black people from technical creation
    • Blackness as an afterthought (film)
    • Black input is consistently missing from product development (2.5% of employees at Google 2018, 3.3% of technical employees at Microsoft 2019)
    • Double Consciousness
  • The Digital Divide
    • Having less access to technical skill development enhances the divide, and makes being part of solving the problem through product creation more difficult
    • Beware software, PredPol algorithmic biases & flawed training data in machine learning systems leading to systemic injustices
  • How can we move forward?
    • Reframe perspectives (equitable and fair predictive algorithms)
    • Actually address the issues
    • Intentionally carve space - tokenism and quick fixes won’t solve lack of equity

Hacking live! A realtime look at website security

  • Don’t trust user input, even admin form input.
  • Use Form API. It provides XSS cleanup on output by default. (Drupalize.Me tutorials: Forms (Form API))
  • Avoid using the raw filter in Twig. (Twig auto-escapes strings and the raw filter removes that safety net.) (Drupalize.Me tutorials: Twig Filters and Functions)
  • XSS exploits can be stored both in cache and database. (Sanitize output that is coming from a cache.)
  • DDOS (Distributed Denial of Service). Hitting a page with a slow function at a large scale (relatively speaking) can take the site down.
    • Limit form submissions to prevent flooding.
    • Move slow functions to asynchronous queues.
  • Access Bypass
    • Check your permissions. (What permission(s) does your module require?)
    • https://www.theverge.com/2018/8/22/17716622/sec-business-wire-hack-stolen-press-release-fraud-ukraine
    • Drupalize.Me tutorial Define Permissions for a Module
  • Use PHP CodeSniffer to Find Errors.
    • Highlights syntax errors and help you write better code
    • Visualize insecure code
    • https://www.drupal.org/docs/develop/development-tools/configuring-visual-studio-code/
    • Note: don’t rely on automated tools alone to find security flaws in your code. Manual code review is essential.
  • Module plug from the chat: Content-Security-Policy
  • Dries attended the session and he shared this link to his site: HTTP Headers Analyzer

Altering, extending, and enhancing Drupal

  • Check out Joe’s resources
  • Don’t hack core. (Alter and extend instead!)
  • Let others change your module, without hacking it. (This is super powerful!)
  • Ways to alter, extend Drupal:
    • Respond to an event (a user is logging in)
    • Drupal wants to a question (does anyone have a block they want to add to this list?)
    • Add code that adds new functionality
    • Make a change to existing functionality (change fields on a login form, for example)
  • Don’t hack core. Instead use one of these systems.
    • hooks
    • plugins
    • services
    • events

Adapting your DE&I efforts to the reality of the crisis

Importance of creating safe spaces for people on your team to talk about their struggles and/or to get to know one another better. This could be through one-on-ones or regular online social events. (Physical distancing, not social distancing.)

Inclusive content strategy

“People want to be seen as equal participants and not afterthoughts.”

  • (Philippa) LOVE that she called out hiring language that speaks to whether people are a good “culture fit” in businesses and organizations - because people shouldn’t have to conform culturally - and how content that communicates aligned values is a great alternative.
  • Some of what inclusive content means:
    • Predictable structure, (like nesting and heading orders) for easy navigation
    • Color contrast/font/distinguishable links
    • Short sentences (9th grade reading level) and plain, jargon-free language
    • Bullets and number lists
    • Imagery with captions, subtitles, text alternatives (which also helps those with poor internet connections)
    • Closed or open captions - which also helps those whose first language isn’t English
    • Minimizing or avoiding emoticons, which are hard for screen readers

Next week, we’ll be posting a wrap-up of our overall DrupalCon experience, including today’s contribution day. We hope you’ve had a great ‘Con and hope to see you at the contribution day. If you see anyone from our team, please say hi!

About us

Drupalize.Me is the best resource for learning Drupal online. We have an extensive library covering multiple versions of Drupal and we are the most accurate and up-to-date Drupal resource. Learn more