Practical theming in Drupal 8 (part of Drupal Global Training Day)

Start: 
2019-12-13 09:30 - 12:00 Australia/Brisbane

Organizers: 

VladimirAus

Event type: 

Training (free or commercial)

https://www.tomato-elephant-studio.com/events/2019-12-13

Introductory 2.5 hour workshop "Practical theming in Drupal 8" is coming to Brisbane as part of Drupal Global Training Day.
WORKSHOPS
Date: Brisbane :: Fri, 13 Dec 2019 :: 09:30-12:00
Location: Brisbane Square Library
SCHEDULE
09:30-12:00 :: Introduction & Training. Module 1
AGENDA
Introduction to Bootstrap 4 frontend library
Using bootstrap 4 components with Drupal 8
Additional helper Drupal 8 modules
Styling Drupal website via user interface
REQUIREMENTS
Limited seats are available. Register here.
PROVIDED
Wifi, powerpoints
Refreshments
SPONSORS
Tomato Elephant Studio :: training sponsor
Drupal Brisbane :: partner
Drupal Gold Coast :: partner
For sponsorship and other enquiries contact training@tomato-elephant-studio.com
LET OTHERS KNOW YOU ARE ATTENDING:
Share on social media. Use hashtag #drupalGTD
Drupal Groups: https://groups.drupal.org/node/535501
meetup.com: https://www.meetup.com/Drupal-Brisbane/events/266193262/
UNABLE TO ATTEND?
If you are unable to attend, please let us know as soon as possible by replying to training@tomato-elephant-studio.com.

Source: https://groups.drupal.org/node/512931/feed


Our wedding in Tuscany

It's been quiet on my blog but for good reason: I got married!

We had an amazing two-day wedding in the heart of Tuscany. The wedding took place in a renovated Italian villa from the 11th century, surrounded by vineyards and olive groves. A magical place to celebrate with family and friends who flew in from all over the world.

Many people emailed and texted asking for some wedding photos. It will take our wedding photographer a few months to deliver the photos, but they shared some preview photos today.

The photos capture the love, energy and picturesque location of our wedding quite well!


Source: Dries Buytaert www.buytaert.net


Creating webforms in Drupal 8 (part of Drupal Global Training Day)

Start: 
2019-09-06 09:30 - 12:00 Australia/Brisbane

Organizers: 

VladimirAus

Event type: 

User group meeting

https://www.tomato-elephant-studio.com/events/2019-09-06

Introductory 2.5 hour workshop "Creating webforms in Drupal 8" is coming to Brisbane as part of Drupal Global Training Day.
WORKSHOPS
Date: Brisbane :: Fri, 06 Sep 2018 :: 09:30-12:00
Location: Brisbane Square Library
SCHEDULE
09:30-12:00 :: Introduction & Training. Module 1
AGENDA
Drupal 8 form examples
Building RSVP form
Building waiting list
Building online calculator
REQUIREMENTS
Limited seats are available. Register here.
PROVIDED
Wifi, powerpoints
Refreshments
SPONSORS
Tomato Elephant Studio :: training sponsor
Drupal Brisbane :: partner
Drupal Gold Coast :: partner
For sponsorship and other enquiries contact training@tomato-elephant-studio.com
LET OTHERS KNOW YOU ARE ATTENDING:
Share on social media. Use hashtag #drupalGTD
Drupal Groups: https://groups.drupal.org/node/535220
meetup.com: https://www.meetup.com/Drupal-Brisbane/events/262991729/
UNABLE TO ATTEND?
If you are unable to attend, please let us know as soon as possible by replying to training@tomato-elephant-studio.com.

Source: https://groups.drupal.org/node/512931/feed


Drupal for content editors (Introductory course) [Brisbane]

Start: 
2019-06-28 09:30 - 12:00 Australia/Brisbane

Organizers: 

VladimirAus

Event type: 

Training (free or commercial)

https://www.tomato-elephant-studio.com/events/2019-06-28

Introductory 2.5 hour workshop "Drupal for content editors" is coming to Brisbane and Sydney as part of Drupal Global Training Day.
WORKSHOPS
Date: Brisbane :: Fri, 28 Jun 2018 :: 09:30-12:00
Location: Brisbane Square Library
SCHEDULE
09:30-12:00 :: Introduction & Training. Module 1
AGENDA
Drupal 8 examples
Drupal content editing: blocks, pages, layouts
Media library
Introduction to editorial workflow
REQUIREMENTS
Limited seats are available. Register here.
PROVIDED
Wifi, powerpoints
Refreshments
SPONSORS
Tomato Elephant Studio :: training sponsor
Drupal Brisbane :: partner
Drupal Gold Coast :: partner
Drupal Sydney :: partner
For sponsorship and other enquiries contact training@tomato-elephant-studio.com
LET OTHERS KNOW YOU ARE ATTENDING:
Share on social media. Use hashtag #drupalGTD
Drupal Groups: https://groups.drupal.org/node/535006
meetup.com: https://www.meetup.com/Drupal-Brisbane/events/260723398/
UNABLE TO ATTEND?
If you are unable to attend, please let us know as soon as possible by replying to training@tomato-elephant-studio.com.

Source: https://groups.drupal.org/node/512931/feed


Drupal helps rescue ultra marathon runner

I'm frequently sent examples of how Drupal has changed the lives of developers, business owners and end users. Recently, I received a very different story of how Drupal had helped in a rescue operation that saved a man's life.

The Snowdonia Ultra Marathon website

In early 2018, Race Director Mike Jones was looking to build a new website for the Ultra-Trail Snowdonia ultra marathon. He reached out to a good friend and developer, Rob Edwards, to lead the development of the website.

© Ultra-trail Snowdonia and No Limits Photography

Rob chose Drupal for its flexibility and extensibility. As an organization supported heavily by volunteers, open source also fit the Snowdonia team's belief in community.

The resulting website, https://apexrunning.co/, included a custom-built timing module. This module allowed volunteers to register each runner and their time at every aid stop.

A runner goes missing

Rob attended the first day of Ultra-Trail Snowdonia to ensure the website ran smoothly. He also monitored the runners at the end of the race to certify they were all accounted for.

Monitoring the system into the early hours of the morning, Rob noticed one runner, after successfully completing checkpoints one and two, hadn't passed through the third checkpoint.

© Ultra-trail Snowdonia and No Limits Photography

Each runner carried a mobile phone with them for emergencies. Mike attempted to make contact with the runner via phone to ensure he was safe. However, this specific area was known for its poor signal and the connection was too weak to get through.

After some more time eagerly watching the live updates, it was clear the runner hadn't reached checkpoint four and more likely hadn't ever made it past checkpoint three. The Ogwen Mountain Rescue were called to action.

Due to the terrain and temperature, searching for the lost runner on foot would be too slow. Instead, the mountain rescue volunteers used a helicopter to scan the area and locate the runner.

How Drupal came to rescue

The area covered by runners in an ultra marathon like this one is vast. The custom-built timing module helped rescuers narrow down the search area; they knew the runner passed the second checkpoint but never made it to the third.

After following the fluorescent orange markers in the area pinpointed by the Drupal website, the team quickly found the individual. He had fallen and become too injured to carry on. A mild case of hypothermia had set in. The runner was airlifted to the hospital for appropriate care. The good news: the runner survived.

Without Drupal, it might have taken much longer to notify anyone that a runner had gone missing, and there would have been no way to tell when he had dropped off.

NFC and GPS devices are now being explored for these ultra marathon runners to carry with them to provide location data as an extra safety precaution. The Drupal system will be used alongside these devices for more accurate time readings, and Rob is looking into an API to pull this additional data into the Drupal website.

Stories about Drupal having an impact on organizations and individuals, or even helping out in emergencies, drive my sense of purpose. Feel free to keep sending them my way!

Special thanks to Rob Edwards, Poppy Heap (CTI Digital) and Paul Johnson (CTI Digital) for their help with this blog post.
Source: Dries Buytaert www.buytaert.net


5-Day Drupal 8 Training Washington DC

Start: 
2019-02-25 09:00 - 2019-03-01 16:30 America/New_York

Organizers: 

pixelite

erika.d

Event type: 

Training (free or commercial)

https://evolvingweb.ca/training/5-day-drupal-8-training

Learn how to build a website with Drupal from top to bottom. This is a week-long Drupal class divided into three parts: site building, theming, and module development. You can register for all five days, or for each part individually, depending on your learning needs.
Day 1: Drupal 8 Site Building
The Drupal content management system is known for its flexibility. Drupal can be used for many types of websites, from media portals to e-commerce sites, to community forums. Site builders have the task of customizing Drupal depending on the content and feature-set they want to provide. This section of the course will give participants a thorough understanding of the Drupal site building process. You'll get hands-on experience implementing advanced features with Drupal core and contributed modules. Understanding of basic Drupal concepts (or having taken an introduction to Drupal course) is required.
Days 2-3: Drupal 8 Theming
Learn techniques for customizing the look of a Drupal site by creating a custom theme. This section of the course will cover Twig templating, creating layouts, and best practices for organizing your theme. We'll also cover responsive techniques and sub-theming. Familiarity with HTML and CSS is required.
Days 4-5: Drupal 8 Module Development
While Drupal 8 core and contributed modules provide a lot of powerful features, you might have some situations where you need to develop custom functionality for your website. In this section of the course, you'll learn how to create Drupal 8 modules from scratch. Some programming background required.
For a full course outline, see the training description on our website.
Location: Downtown Washington (Exact Location TBD)
Registration: https://evolvingweb.ca/training/5-day-drupal-8-training or https://www.eventbrite.ca/e/5-day-drupal-8-training-in-washington-dc-tic...
FAQ
What's provided? Lunch, snacks, and a training manual. Lots of one-on-one help as you go through the course.
Should I bring a laptop? Yes, please bring a laptop for the course.
Can I pay with a cheque? Yes, contact us and we can issue you an invoice for the training.
What are the pre-requisites? Understanding of basic Drupal concepts for Day 1, Familiarity with HTML and CSS required for Days 2-3, Programming experience required for Days 4-5
Do you offer discounts? Yes, we provide discounts for students, freelancers, and non-profit organizations. Please contact us for details.
Source: https://groups.drupal.org/node/512931/feed


Drupal Global Training Day December 2018

Start: 
2018-12-01 11:30 - 16:00 Asia/Riyadh

Organizers: 

bilal.alhallak

rak2008

drpl

samaphp

3ssom

Event type: 

Training (free or commercial)

https://www.meetup.com/drupal-sa/events/247571805/

We are thrilled to announce the Drupal Training Day that will be held on Saturday, December 1, 2018 in MCIT training hall. The training will start 12pm - 4pm. Registration will start 11:30am.
- Free training in Arabic language.
- Trainer: https://www.drupal.org/u/bilalalhallak
- Registration URL: https://drupaltraining.typeform.com/to/KGn7YP
- Location: https://goo.gl/maps/m4afHBzCmqn
- Meetup: https://www.meetup.com/drupal-sa/events/247571805/
Source: https://groups.drupal.org/node/512931/feed


Redesigning a website using CSS Grid and Flexbox

For the last 15 years, I've been using floats for laying out a web pages on dri.es. This approach to layout involves a lot of trial and error, including hours of fiddling with widths, max-widths, margins, absolute positioning, and the occasional calc() function.

I recently decided it was time to redesign my site, and decided to go all-in on CSS Grid and Flexbox. I had never used them before but was surprised by how easy they were to use. After all these years, we finally have a good CSS layout system that eliminates all the trial-and-error.

I don't usually post tutorials on my blog, but decided to make an exception.

What is our basic design?

The overall layout of the homepage for dri.es is shown below. The page consists of two sections: a header and a main content area. For the header, I use CSS Flexbox to position the site name next to the navigation. For the main content area, I use CSS Grid Layout to lay out the article across 7 columns.

Creating a basic responsive header with Flexbox

Flexbox stands for the Flexible Box Module and allows you to manage "one-dimensional layouts". Let me further explain that by using an real example.

Defining a flex container

First, we define a simple page header in HTML:

Site title
Navigation

To turn this in to a Flexbox layout, simply give the container the following CSS property:

#header {
display: flex;
}

By setting the display property to flex, the #header element becomes a flex container, and its direct children become flex items.

Setting the flex container's flow

The flex container can now determine how the items are laid out:

#header {
display: flex;
flex-direction: row;
}

flex-direction: row; will place all the elements in a single row:

And flex-direction: column; will place all the elements in a single column:

This is what we mean with a "one-dimensional layout". We can lay things out horizontally (row) or vertically (column), but not both at the same time.

Aligning a flex item

#header {
display: flex;
flex-direction: row;
justify-content: space-between;
}

Finally, the justify-content property is used to horizontally align or distribute the Flexbox items in their flex container. Different values exist but justify-content: space-between will maximize the space between the site name and navigation. Different values exist such as flex-start, space-between, center, and more.

Making a Flexbox container responsive

Thanks to Flexbox, making the navigation responsive is easy. We can change the flow of the items in the container using only a single line of CSS. To make the items flow differently, all we need to do is change or overwrite the flex-direction property.

To stack the navigation below the site name on a smaller device, simply change the direction of the flex container using a media query:

@media all and (max-width: 900px) {
#header {
flex-direction: column;
}
}

On devices that are less than 900 pixels wide, the menu will be rendered as follows:

Flexbox make it really easy to build responsive layouts. I hope you can see why I prefer using it over floats.

Laying out articles with CSS Grid

Flexbox deals with layouts in one dimension at the time ― either as a row or as a column. This is in contrast to CSS Grid Layout, which allows you to use rows and columns at the same time. In this next section, I'll explain how I use CSS Grid to make the layout of my articles more interesting.

For our example, we'll use the following HTML code:

Lorem ipsum dolor sit amet
Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.

Some meta data
Some meta data
Some meta data

Simply put, CSS Grid Layout allows you to define columns and rows. Those columns and rows make up a grid, much like an Excel spreadsheet or an HTML table. Elements can be placed onto the grid. You can place an element in a specific cell, or an element can span multiple cells across different rows and different columns.

We apply a grid layout to the entire article and give it 7 columns:

article {
display: grid;
grid-template-columns: 1fr 200px 10px minmax(320px, 640px) 10px 200px 1fr;
}

The first statement, display: grid, sets the article to be a grid container.

The second statement grid-template-columns defines the different columns in our grid. In our example, we define a grid with seven columns. The middle column is defined as minmax(320px, 640px), and will hold the main content of the article. minmax(320px, 640px) means that the column can stretch from 320 pixels to 640 pixels, which helps to make it responsive.

On each side of the main content section there are three columns. Column 3 and column 5 provide a 10 pixel padding. Column 2 and columns 6 are defined to be 200 pixels wide and can be used for metadata or for allowing an image to extend beyond the width of the main content.

The outer columns are defined as 1fr, and act as margins as well. 1fr stands for fraction or fractional unit. The width of the factional units is computed by the browser. The browser will take the space that is left after what is taken by the fixed-width columns and divide it by the number of fractional units. In this case we defined two fractional units, one for each of the two outer columns. The two outer columns will be equal in size and make sure that the article is centered on the page. If the browser is 1440 pixels wide, the fixed columns will take up 1020 pixels (640 + 10 + 10 + 180 + 180). This means there is 420 pixels left (1440 - 1020). Because we defined two fractional units, column 1 and column 2 should be 210 pixels wide each (420 divided by 2).

While we have to explicitly declare the columns, we don't have to define the rows. The CSS Grid Layout system will automatically create a row for each direct sibling of our grid container article.

Now we have the grid defined, we have to assign content elements to their location in the grid. By default, the CSS Grid Layout system has a flow model; it will automatically assign content to the next open grid cell. Most likely, you'll want to explicitly define where the content goes:

article > * {
grid-column: 4 / -4;
}

The code snippet above makes sure that all elements that are a direct sibling of article start at the 4th column line of the grid and end at the 4th column line from the end. To understand that syntax, I have to explain you the concept of column lines or grid lines:

By using grid-column: 4 / -4, all elements will be displayed in the "main column" between column line 4 and -4. However, we want to overwrite that default for some of the content elements. For example, we might want to show metadata next to the content or we might want images to be wider. This is where CSS Grid Layout really shines.

To make our image take up the entire width we’ll just tell it span from the first to the last column line:

article > figure {
grid-column: 1 / -1;
}

To put the metadata left from the main content, we write:

#main article > footer {
grid-column: 2 / 3;
grid-row: 2 / 4;
}

I hope you enjoyed reading this tutorial and that you are encouraged to give Flexbox and Grid Layouts a try in your next project.
Source: Dries Buytaert www.buytaert.net


What is Drupal? An Introduction to Drupal 8

Start: 
2018-06-14 09:00 - 16:00 America/Toronto

Organizers: 

pixelite

Event type: 

Training (free or commercial)

http://drupalcampmontreal.com/en/program/training

This half-day training will be offered twice:
9:00am - 12:00am (French)
1:00pm - 4:00pm (English)
Drupal is a popular, open source content management system. It powers websites for governments, NGOs, communities, and businesses around the world.
If you're considering a platform for your next web development project, this half-day training session is a great opportunity to learn more about what Drupal has to offer.
This session is designed for project managers, decision makers, site builders and developers who are new to Drupal and want to learn the basics. Evolving Web also offers more advanced trainings on a variety of Drupal topics.
Location: D3 Center at Concordia University
Source: https://groups.drupal.org/node/512931/feed


Acquia blocks 500,000 attack attempts for SA-CORE-2018-002

On March 28th, the Drupal Security Team released a bug fix for a critical security vulnerability, named SA-CORE-2018-002. Over the past week, various exploits have been identified, as attackers have attempted to compromise unpatched Drupal sites. Hackers continue to try to exploit this vulnerability, and
Acquia's own security team has observed more than 100,000 attacks a day.

The SA-CORE-2018-002 security vulnerability is highly critical; it allows an unauthenticated attacker to perform remote code execution on most Drupal installations. When the Drupal Security Team made the security patch available, there were no publicly known exploits or attacks against SA-CORE-2018-002.

That changed six days ago, after Checkpoint Research provided a detailed explanation of the SA-CORE-2018-002 security bug, in addition to step-by-step instructions that explain how to exploit the vulnerability. A few hours after Checkpoint Research's blog post, Vitalii Rudnykh, a Russian security researcher, shared a proof-of-concept exploit on GitHub. Later that day, Acquia's own security team began to witness attempted attacks.

The article by Checkpoint Research and Rudnykh's proof-of-concept code have spawned numerous exploits, which are written in different programming languages such as Ruby, Bash, Python and more. As a result, the number of attacks have grown significantly over the past few days.

Fortunately, Acquia deployed a platform level mitigation for all Acquia Cloud customers one hour after the Drupal Security Team made the SA-CORE-2018-002 release available on March 28th. Over the past week, Acquia has observed over 500,000 attacks from more than 3,000 different IP addresses across our fleet of servers and customer base. To the best of our knowledge, every attempted exploitation of an Acquia customer has failed.The scale and the severity of this attack suggests that if you failed to upgrade your Drupal sites, or your site is not supported by Acquia Cloud or another trusted vendor that provides platform level fixes, the chances of your site being hacked are very high. If you haven't upgraded your site yet and you are not on a protected platform then assume your site is compromised. Rebuild your host, reinstall Drupal from a backup taken before the vulnerability was announced and upgrade before putting the site back online. (Update: restoring a Drupal site from backup may not be sufficient as some of the exploits reinstall themselves from crontab. You should assume the whole host is compromised.)

Drupal's responsible disclosure policy

It's important to keep in mind that all software has security bugs, and fortunately for Drupal, critical security bugs are rare. It's been nearly four years since the Drupal Security Team published a security release for Drupal core that is this critical.

What matters is how software projects or software vendors deal with security bugs. The Drupal Security Team follows a "coordinated disclosure policy": issues remain private until there is a published fix. A public announcement is made when the threat has been addressed and a secure version of Drupal core is also available. Even when a bug fix is made available, the Drupal Security Team is very thoughtful with its communication. The team is careful to withhold as many details about the vulnerability as possible to make it difficult for hackers to create an exploit, and to buy Drupal site owners as much time as possible to upgrade. In this case, Drupal site owners had two weeks before the first public exploits appeared.

Historically, many proprietary CMS vendors have executed a different approach, and don't always disclose security bugs. Instead, they often fix bugs silently. In this scenario, secrecy might sound like a good idea; it prevents sites from being hacked and it avoids bad PR. However, hiding vulnerabilities provides a false sense of security, which can make matters much worse. This approach also functions under the assumption that hackers can't find security problems on their own. They can, and when they do, even more sites are at risk of being compromised.

Drupal's approach to security is best-in-class — from fixing the bug, testing the solution, providing advance notice, coordinating the release, being thoughtful not to over communicate too many details, being available for press inquiries, and repeatedly reminding everyone to upgrade.

Acquia's platform level fix

In addition to the Drupal Security Team's responsible disclosure policy, Acquia's own security team has been closely monitoring attempted attacks on our infrastructure. Following the release of the Checkpoint Research article, Acquia has tracked the origin of the 500,000 attempted attacks:

This image captures the geographic distribution of SA-CORE-2018-002 attacks against Acquia's customers. The number denoted in each bubble is the total number of attacks that came from that location.To date, over 50 percent of the attempted attacks Acquia has witnessed originate from the Ukraine:

At Acquia, we provide customers with automatic security patching of both infrastructure and Drupal code, in addition to platform level fixes for security bugs. Our commitment to keeping our customers safe is reflected in our push to release a platform level fix one hour after the Drupal Security Team made SA-CORE-2018-002 available. This mitigation covered all customers with Acquia Cloud Free, Acquia Cloud Professional, Acquia Cloud Enterprise, and Acquia Cloud Site Factory applications; giving our customers peace of mind while they upgraded their Drupal sites, with or without our help. This means that when attempted exploits and attacks first appeared in the wild, Acquia's customers were safe. As a best practice, Acquia always recommends that customers upgrade to the latest secure version of Drupal core, in addition to platform mitigations.

This blog post was co-authored by Dries Buytaert and Cash Williams.
Source: Dries Buytaert www.buytaert.net


Acquia blocks 500,000 attack attempts for SA-CORE-2018-002

On March 28th, the Drupal Security Team released a bug fix for a critical security vulnerability, named SA-CORE-2018-002. Over the past week, various exploits have been identified, as attackers have attempted to compromise unpatched Drupal sites. Hackers continue to try to exploit this vulnerability, and
Acquia's own security team has observed more than 100,000 attacks a day.

The SA-CORE-2018-002 security vulnerability is highly critical; it allows an unauthenticated attacker to perform remote code execution on most Drupal installations. When the Drupal Security Team made the security patch available, there were no publicly known exploits or attacks against SA-CORE-2018-002.

That changed six days ago, after Checkpoint Research provided a detailed explanation of the SA-CORE-2018-002 security bug, in addition to step-by-step instructions that explain how to exploit the vulnerability. A few hours after Checkpoint Research's blog post, Vitalii Rudnykh, a Russian security researcher, shared a proof-of-concept exploit on GitHub. Later that day, Acquia's own security team began to witness attempted attacks.

The article by Checkpoint Research and Rudnykh's proof-of-concept code have spawned numerous exploits, which are written in different programming languages such as Ruby, Bash, Python and more. As a result, the number of attacks have grown significantly over the past few days.

Fortunately, Acquia deployed a platform level mitigation for all Acquia Cloud customers one hour after the Drupal Security Team made the SA-CORE-2018-002 release available on March 28th. Over the past week, Acquia has observed over 500,000 attacks from more than 3,000 different IP addresses across our fleet of servers and customer base. To the best of our knowledge, every attempted exploitation of an Acquia customer has failed.The scale and the severity of this attack suggests that if you failed to upgrade your Drupal sites, or your site is not supported by Acquia Cloud or another trusted vendor that provides platform level fixes, the chances of your site being hacked are very high. If you haven't upgraded your site yet and you are not on a protected platform then assume your site is compromised. Restore from a backup taken before the vulnerability was announced and upgrade before putting the site back online.

Drupal's responsible disclosure policy

It's important to keep in mind that all software has security bugs, and fortunately for Drupal, critical security bugs are rare. It's been nearly four years since the Drupal Security Team published a security release for Drupal core that is this critical.

What matters is how software projects or software vendors deal with security bugs. The Drupal Security Team follows a "coordinated disclosure policy": issues remain private until there is a published fix. A public announcement is made when the threat has been addressed and a secure version of Drupal core is also available. Even when a bug fix is made available, the Drupal Security Team is very thoughtful with its communication. The team is careful to withhold as many details about the vulnerability as possible to make it difficult for hackers to create an exploit, and to buy Drupal site owners as much time as possible to upgrade. In this case, Drupal site owners had two weeks before the first public exploits appeared.

Historically, many proprietary CMS vendors have executed a different approach, and don't always disclose security bugs. Instead, they often fix bugs silently. In this scenario, secrecy might sound like a good idea; it prevents sites from being hacked and it avoids bad PR. However, hiding vulnerabilities provides a false sense of security, which can make matters much worse. This approach also functions under the assumption that hackers can't find security problems on their own. They can, and when they do, even more sites are at risk of being compromised.

Drupal's approach to security is best-in-class — from fixing the bug, testing the solution, providing advance notice, coordinating the release, being thoughtful not to over communicate too many details, being available for press inquiries, and repeatedly reminding everyone to upgrade.

Acquia's platform level fix

In addition to the Drupal Security Team's responsible disclosure policy, Acquia's own security team has been closely monitoring attempted attacks on our infrastructure. Following the release of the Checkpoint Research article, Acquia has tracked the origin of the 500,000 attempted attacks:

This image captures the geographic distribution of SA-CORE-2018-002 attacks against Acquia's customers. The number denoted in each bubble is the total number of attacks that came from that location.To date, over 50 percent of the attempted attacks Acquia has witnessed originate from the Ukraine:

At Acquia, we provide customers with automatic security patching of both infrastructure and Drupal code, in addition to platform level fixes for security bugs. Our commitment to keeping our customers safe is reflected in our push to release a platform level fix one hour after the Drupal Security Team made SA-CORE-2018-002 available. This mitigation covered all customers with Acquia Cloud Free, Acquia Cloud Professional, Acquia Cloud Enterprise, and Acquia Cloud Site Factory applications; giving our customers peace of mind while they upgraded their Drupal sites, with or without our help. This means that when attempted exploits and attacks first appeared in the wild, Acquia's customers were safe. As a best practice, Acquia always recommends that customers upgrade to the latest secure version of Drupal core, in addition to platform mitigations.

This blog post was co-authored by Dries Buytaert and Cash Williams.
Source: Dries Buytaert www.buytaert.net


CSS Basics: The Second “S” in CSS

CSS is an abbreviation for Cascading Style Sheets.
While most of the discussion about CSS on the web (or even here on CSS-Tricks) is centered around writing styles and how the cascade affects them, what we don't talk a whole lot about is the sheet part of the language. So let's give that lonely second "S" a little bit of the spotlight and understand what we mean when we say CSS is a style sheet.

The Sheet Contains the Styles
The cascade describes how styles interact with one another. The styles make up the actual code. Then there's the sheet that contains that code. Like a sheet of paper that we write on, the "sheet" of CSS is the digital file where styles are coded.
If we were to illustrate this, the relationship between the three sort of forms a cascade:
The sheet holds the styles.
There can be multiple sheets all continuing multiple styles all associated with one HTML document. The combination of those and the processes of figuring out what styles take precedence to style what elements is called the cascade (That first "C" in CSS).
The Sheet is a Digital File
The sheet is such a special thing that it's been given its own file extension: .css. You have the power to create these files on your own. Creating a CSS file can be done in any text editor. They are literally text files. Not "rich text" documents or Word documents, but plain ol' text.
If you're on Mac, then you can fire up TextEdit to start writing CSS. Just make sure it's in "Plain Text" mode.

If you're on Windows, the default Notepad app is the equivalent. Heck, you can type styles in just about any plain text editor to write CSS, even if that's not what it says it was designed to do.
Whatever tool you use, the key is to save your document as a .css file. This can usually be done by simply add that to your file name when saving. Here's how that looks in TextEdit:

Seriously, the choice of which text editor to use for writing CSS is totally up to you. There are many, many to choose from, but here are a few popular ones:

Sublime Text
Atom
VIM
PhpStorm
Coda
Dreamweaver

You might reach for one of those because they'll do handy things for you like syntax highlight the code (colorize different parts to help it be easier to understand what is what).
Hey look I made some files completely from scratch with my text editor:

Those files are 100% valid in any web browser, new or old. We've quite literally just made a website.
The Sheet is Linked Up to the HTML
We do need to connect the HTML and CSS though. As in make sure the styles we wrote in our sheet get loaded onto the web page.
A webpage without CSS is pretty barebones:
See the Pen Style-less Webpage by Geoff Graham (@geoffgraham) on CodePen.
Once we link up the CSS file, voila!
See the Pen Webpage With Styles by Geoff Graham (@geoffgraham) on CodePen.
How did that happen? if you look at the top of any webpage, there's going to be a <head> tag that contains information about the HTML document:
<!DOCTYPE html>
<html>
<head>
<!-- a bunch of other stuff -->
</head>

<body>
<!-- the page content -->
</body>

</html>
Even though the code inside the <head> might look odd, there is typically one line (or more, if we're using multiple stylesheets) that references the sheet. It looks something like this:
<head>
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
This line tells the web browser as it reads this HTML file:

I'd like to link up a style sheet
Here's where it is located

You can name the sheet whatever you want:

styles.css
global.css
seriously-whatever-you-want.css

The important thing is to give the correct location of the CSS file, whether that's on your web server, a CDN or some other server altogether.
Here are a few examples:
<head>
<!-- CSS on my server in the top level directory -->
<link rel="stylesheet" type="text/css" href="styles.css">

<!-- CSS on my server in another directory -->
<link rel="stylesheet" type="text/css" href="/css/styles.css">

<!-- CSS on another server -->
<link rel="stylesheet" type="text/css" href="https://some-other-site/path/to/styles.css">
</head>
The Sheet is Not Required for HTML
You saw the example of a barebones web page above. No web page is required to use a stylesheet.
Also, we can technically write CSS directly in the HTML using the HTML style attribute. This is called inline styling and it goes a little something like this if you imagine you're looking at the code of an HTML file:
<h1 style="font-size: 24px; line-height: 36px; color: #333333">A Headline</h1>
<p style="font-size: 16px; line-height: 24px; color: #000000;">Some paragraph content.</p>
<!-- and so on -->
While that's possible, there are three serious strikes against writing styles this way:

If you decide to use a stylesheet later, it is extremely difficult to override inline styles with the styles in the HTML. Inline styles take priority over styles in a sheet.
Maintaining all of those styles is tough if you need to make a "quick" change and it makes the HTML hard to read.
There's something weird about saying we're writing CSS inline when there really is no cascade or sheet. All we're really writing are styles.

There is a second way to write CSS in the HTML and that's directly in the <head> in a <style> block:
<head>
<style>
h1 {
color: #333;
font-size: 24px;
line-height: 36px;
}

p {
color: #000;
font-size: 16px;
line-height: 24px;
}
</style>
</head>
That does indeed make the HTML easier to read, already making it better than inline styling. Still, it's hard to manage all styles this way because it has to be managed on each and every webpage of a site, meaning one "quick" change might have to be done several times, depending on how many pages we're dealing with.
An external sheet that can be called once in the <head> is usually your best bet.
The Sheet is Important
I hope that you're starting to see the importance of the sheet by this point. It's a core part of writing CSS. Without it, styles would be difficult to manage, HTML would get cluttered, and the cascade would be nonexistent in at least one case.
The sheet is the core component of CSS. Sure, it often appears to play second fiddle to the first "S" but perhaps that's because we all have an quiet understanding of its importance.
Leveling Up
Now that you're equipped with information about stylesheets, here are more resources you jump into to get a deeper understanding for how CSS behaves:

Specifics on Specificity - The cascade is a confusing concept and this article breaks down the concept of specificity, which is a method for how to manage it.
The latest ways to deal with the cascade, inheritance and specificity - That's a lot of words, but the this article provides pro tips on how to manage the cascade, including some ideas that may be possible in the future.
Override Inline Styles with CSS - This is an oldie, but goodie. While the technique is probably not best practice today, it's a good illustration of how to override those inline styles we mentioned earlier.
When Using !important is The Right Choice - This article is a perfect call-and-response to the previous article about why that method may not be best practice.

CSS Basics: The Second “S” in CSS is a post from CSS-Tricks
Source: CssTricks


Cultivating an Inclusive Culture


The honest introspection and continuous work for a better teamReconsider DiversityThe typical approach to diversity in corporate environments can usually be summed up in two ways: lazy and superficial.To be fair, diversity is a difficult word to put into action. Most attempts to do so will probably end up feeling superficial. For example, companies often ironically state that they’re “committed to diversity” when the word itself is pretty noncommittal. The ambiguous nature of diversity means it can be interpreted in a number of different ways.That laxity is an allowance for laziness. Initiatives based on diversity are notorious for having vague, or non-existent, standards and accountability. Diversity has become a clichéd ideal versus an agent for change.Diversity is a difficult word to put into action.Attempts to execute diversity in a more specific way can also be problematic. Companies confronted with unfavorable demographic numbers and public pressure to do better find it easy to reach for tokenism as a quick-fix reaction to being called out and as a way to gain brownie points. The addition of individuals from minority and underrepresented groups has become the preferred way for organizations to portray improvement.When someone is perceived as a diversity hire, that label and perception of them as other (i.e. not like me) will be a difficult roadblock for everyone involved to overcome in order to work effectively as a team. Inevitably, the burden is placed on that individual to demonstrate their sameness, perpetuating the common expectation that individuals fall in line and assimilate in order to belong. So instead of an organization evolving from the unique contributions each person can offer, things remain essentially the same.#WOCinTechIn the article Stopping the Exodus of Women in Science, the Harvard Business Review describes the science, technology, and engineering fields as the “Alamo — a last holdout of redoubled intensity” when it comes to machismo in corporate settings. If that statement seems hyperbolic, consider that over half of highly-qualified women in STEM positions — 56 percent— eventually leave the industry. The top reasons cited for their exit? Inhospitable work cultures and isolation.Despite statistics like this and well-documented personal accounts that indicate an environment of intolerance and aggression, tech companies commonly describe their culture as the complete opposite — open and accepting.In Carlos Buenos’ observation of tech’s startup culture, Inside the Mirrortocracy, he offers an explanation for why there’s often such a disparity between a group’s perception of itself and the realities experienced by those that exist there:The problem with gathering a bunch of logically-oriented young males together and encouraging them to construct a Culture gauntlet has nothing to do with their logic, youth, or maleness. The problem is that all cliques are self-reinforcing. There is no way to recalibrate once the insiders have convinced themselves of their greatness.After adopting the abstract ideal of diversity as a value, a group can get the premature satisfaction that their awareness also equals progress. The pursuit to “increase diversity” usually shifts the focus outward for a solution and encourages the mindset that we should eventually arrive at a certain point of achievement. Both of those popular approaches makes it too easy for companies to continue avoiding the real issue.They aren’t forced to confront the biased ways of thinking and behaving ingrained in their culture that have created and sustained such a monolithic environment.If a company truly wants to be a place that includes people that aren’t all alike, they’ll need to create an inclusive culture. That will require an honest look inside themselves to identify the parts of their culture that prevent inclusivity.Recently, companies have seemed comfortable tackling unconscious bias in hiring. On the other hand, they seem unwilling to acknowledge the presence of that very same bias in their everyday operation.There is no known way to avoid unconscious or implicit bias.In fact, it thrives because you’re unaware that it’s happening. That’s why relying on just the good intentions of treating everyone in an inclusive way will always fall short. You will need to make specific plans to combat biased behavior.The work of inclusivity, like our persistent biases, should be constant and never-ending. Your entire team will need to become invested in doing the day-in and day-out work.Inclusivity: We Want You HereBeing inclusive means being consistent about communicating the value of every person participating with our actions. The foundation of those actions should be built on a collective mindset that goes beyond tolerating differences, to truly appreciating them. That appreciation is fostered with the recognition and treatment of differences as the asset they are to a team.When differences are celebrated, everyone on the team will feel safe, supported, and valued being themselves. The freedom of no longer needing to be a certain way in order to be accepted is a major key. Communication is open and honest, instead of guarded. Interactions with each other are earnest and real, instead of strategic. This kind of communication will elevate your work. Here are the actions you can take to make it clear that each person is welcome to participate and their contributions are valued.Safety to Speak UpEveryone on your team should feel safe voicing their concerns and questions. As with other parts of life, rules or guidelines aren’t enough to produce a safe environment. An open door policy in your employee handbook won’t cut it.True safety begins when we take steps to protect what we value. If you value hearing everyone’s voices, start by genuinely supporting one another when an issue is raised. Support isn’t about coddling or other empty gestures. It’s simply meeting someone’s voice with respect and thoughtful consideration.Beyond supporting those that speak up, everyone has the responsibility of being diligent stewards of the environment. Sometimes that means stepping up to advocate for someone else and that requires us to stop being silent.Violent responses to someone speaking up is what makes an environment unsafe. Common responses include intimidation, retaliation, or shaming. Reasons like self-preservation, obliviousness, or agreement with the offending party make it easy to do nothing when someone’s safety to speak up is threatened with violent communication.Silence reinforces fear to everyone, including yourself, and perpetuates avoidance. That can lead to disastrous outcomes when there’s a glaring problem no one feels comfortable addressing.It shouldn’t feel like an act of bravery for a teammate to say when something doesn’t feel right. It should feel like everyone’s expected duty.Gain New PerspectivesMaking speaking up a healthy and normal part of your culture is just the start. Listening is paramount. It’s no good encouraging people to speak, if we aren’t willing to listen.If you’re quick to dismiss or invalidate thoughts and experiences that don’t mirror your own, you’re depreciating the value of your team.Diverse teams perform better because of their access to an abundant and varied supply of thoughts, ideas, and approaches. Recognize and utilize the invaluable resources found in each other!Go into conversations with lots of curiosity and the intention to discover something you hadn’t considered before. During the course of that discussion, you can decide on the best way to move forward as a group. In every discussion you have as a team, don’t just say that questions and differing viewpoints are appreciated. Watch out for exclusion and bias within those discussions as well. Women often report that what they say needs to be repeated or affirmed by someone else in order for it to be heard.The point of discussions like these isn’t about changing minds or determining who’s right. You’re gaining a new perspective, not sacrificing your own.Make Information Easily AccessibleIn an effort to avoid red tape, tech companies in particular can be averse to written policies or guidelines for operations. That approach allows bias to go unchecked. It makes inequitable treatment more likely to occur and harder to point out and defend against.That’s especially true when it comes to how performance is measured. In the absence of clear and consistent standards, success at a meritocracy becomes an uncertainty that’s dependent upon judgement.Documenting your processes not only keeps you objective, it keeps your team empowered and well-educated.Sharing what you know with everyone is a step toward being transparent with one another. Sometimes, information just naturally stays within the confines of a certain team, group of people, or person. Documentation makes any holes in your process obvious when it may not have been otherwise. It helps dissolve information barriers opens the flow of information.That flow of information inevitably leads to a greater level of connectedness. Connecting and building relationships across workplace boundaries, for example, with someone from another team, location, or seniority level, is a great way to counteract exclusivity within an organization.Internal mentorship and sponsorship initiatives are credited with reducing the likelihood of burnout and increasing employee engagement and retention.Illustration: Ashley BoweWe Make Each Other BetterFocusing on inclusivity will force your team to evaluate if your actions honor the existence of everyone there. That question can’t be answered with words or by a single person.It can only be answered in the mindfulness reflected in our actions every day.Yes, it is constant work that requires taking the time to be generous with empathy and thoughtfulness. That work doesn’t hinder productivity, though — it drives it.When your differences are no longer points of contention, they become a celebrated strength. When you choose to uplift each other with respect and support, it elevates your interactions and, as a result, your work.It emphasizes one of the best parts of belonging on a team: We’re all in this together.I’d love to hear your thoughts! What steps have your company or organization taken to be more inclusive? Let me know on Twitter or in the comments below.Cultivating an Inclusive Culture was originally published in Signal v. Noise on Medium, where people are continuing the conversation by highlighting and responding to this story.


Source: 37signals


The Changing Face of Web Design in 2018


Inspired Magazine
Inspired Magazine - creativity & inspiration daily
One of the interesting recent developments in web design trends is actually the trend away from trends… or in other word what is happening is a kind of regression to simpler ways, at least from those in the know.
On the other side of the coin, there’s a big shift happening in certain types of corporate sites, especially some British and American media sites, where there’s a tendency to overload pages with so much extraneous content that it can severely impact on the ability of the user to see the content they actually arrived to see.
If the first two paragraphs sound hopeless tangled, well that’s a very succinct allegory for the state of web integrationin 2018… tangled. It’s a problem we need to sort out, because it won’t be good for anyone if web standards continue to slip.
We’ll return to this topic of overloading later on in the article, because it’s quite a big topic. What I’d just like to briefly do before we get into that is to focus attention on some of the problems we’ll see being solved before that more serious problem is dealt with, and also some of the good things we’ll be seeing happening on the web design front in 2018.

Carousels are finished
There’s a place for carousels, but the abuse of them is going to end, simply because it’s been so overdone that people are tired of them.
Unfortunately on some sites they’re being replaced by something even more obnoxious, which is an autoplay video banner, but this can be expected to die out naturally as developers finally figure out that too many users are on mobile connections and slow broadband for this to be a practical idea.
Carousel abuse, by the way, is simply a situation where they’re used for no other reason than to use them, serving no real purpose to better inform or entertain the viewer.

Death of the 1-3-1-6 layout
This layout pattern was at some point decided as what should be the future of web design, because at the time it was first used, it looked kind of cool. As with many overused fashions, however, people have started to find it irritating.
The layout also is flawed from the point of view that it’s not well suited to good responsive design (even if it can be made to work in responsive design), and encourages overloading with unnecessary elements.
Again, it is a problem of including elements just so they’ll fit the layout and not because they add value to the user experience.
Increase in true responsive design
Designers are better informed now about the need for responsive design, and they’re getting a lot better at implementing it. We should expect to see a lot more sites getting responsive design right, and that can only be a net gain for the users.
As a designer what you’ll want to be conscious of is that the focus on responsive design (which is a good thing) doesn’t result in a lacklustre desktop browser experience (which would be a bad thing). We need to think about how we’re using space to make sure it is efficient and always delivering a quality user experience.

gif image courtesy of Gal Shir
Rise of the narrative theme
More commercial marketing agencies are going to realize the value of building proper relationships with users, and so we should see an increase in narrative themes, ones that draw us in with a story and informative text, instead of just presenting a wall of products for us to choose and buy.
That doesn’t mean we should go crazy with text and video, it just means we should dial down the commercial focus, instead focusing on building trust, and then convert that trust into sales.

illustration courtesy of Folio Illustration Agency
Huge problems ahead with Internet nanny state
Browsers and ISPs continue to take a hardline stance in terms of trying to protect users from their own lack of savvy, and this in turn is punishing honest developers and small business sites who can’t don’t need security certificates and can’t afford the extra cost.
What we really need is for the Internet users to become more savvy, implementing their own safeguards, instead of technology providers stepping in to do it for them.

illustration courtesy of Ben Stafford
The problem this nannying creates is that it assumes every site to be malicious until proven otherwise, ignores the fact that malicious sites routinely do things by the book to masquerade as non-malicious sites, and that truly malicious sites are a minority.
There’s also the fact that users should take responsibility for their own security, plus the equally important fact that the majority should not be punished (or restricted) because of the actions of a malignant minority.
Geolocation triggered CDN will fall out of fashion
At first it’s going to rise, then people are finally going to figure out it doesn’t work the way it is supposed to, and then (if there’s any sense left in the world) people will stop using this extremely bad idea.
What is meant to happen is the site looks at the IP address and then attempts to fetch CDN resources from the CDN server closest to the client. It would be fine except some sites try to get too fancy. They also look at the client locale and try to serve location-specific content to the client.
This inevitably leads to DNS resolution conflicts, causing even major sites such as Google and Facebook to malfunction on some client machines. It has become an issue because designers have forgotten that people travel.
Travelers don’t always reset the locale on their devices when they travel, and there can be many reasons for this. The conflict between the device locale and the IP location (unless a VPN is used) seems to cause routing problems with many sites.

image courtesy of Alexander Zinchenko
The scourge of overloaded pages
An overloaded page is one that contains a ridiculous amount of external resources, especially JavaScript, where the external resources contribute nothing positive to the user experience. These resources are included solely for the benefit of the site owner, either for making money, collecting information, or just because the designer is a plug-in junky.
Overloaded pages can be annoying for anyone, but they’re especially annoying for mobile users, users running older hardware, and users with slow connections.
It’s the kind of thing that in the past we’d expect to see on trash sites, but lately it has become a problem on many different kind of sites, including mainstream media sites.
Let’s check out an example:

What we’re looking at here is not meant to single out this particular site. It is typical of just about any UK mainstream media site these days, and some American sites are just as overloaded, if not even more so. This doesn’t look overloaded at first glance, but take a closer look.
With JavaScript enabled, a normal Internet connection, and anything less than the latest hardware, the page loading time will be spectacularly unimpressive. At least part of the reason is that the page tries to load scripts from all these domains:

Remember, if even one of these scripts fails to load, it can introduce delays and malfunctions for the rest of the page load.
Most of the news sites are adding these unprofessional click-bait ads at the bottom of their articles. These have no business on a business site. It’s amazing that they’ve been so universally adopted, and what should be a major concern is that these ads can sometimes be offensive or just annoyingly insensitive, which can lead to a backlash against your site.

Plus of course loading all these resources (including all the scripts, images, videos, and other things), puts a strain on the client machine. CPU and memory are consumed with each item loaded, and in a multi-tab browsing environment, when most browsers are still plagued with bugs, it all ads up to a potentially frustrating time for users.
You know who the users are going to blame when their browser (and maybe entire OS session) crashes? They’re going to blame you. When they do, it’s unlikely you’ll ever get that user back, or they’ll come back grudgingly, expecting problems.
It’s understandable some sites need to raise money through advertising, but there’s no way to justify connecting to 39 different domains in order to do so. It’s just going too far, when it’s not necessary. You could serve less ads, and serve them all from one place, and the results would be better.
Another advantage of avoiding overloading is fewer privacy invasions, raising the trust level of your site. Users don’t hate ads, they hate ads that get in the way of what they’re doing and which invade their privacy, even to the point of spying on them and following them around.
Let’s stop doing that, and make money honestly with clean sites the way nature intended. It can only result in more profits for your company and a better user experience for those visiting your site.
header image courtesy of Ksenia Shokorova
This post The Changing Face of Web Design in 2018 was written by Inspired Mag Team and first appearedon Inspired Magazine.
Source: inspiredm.com


DrupalCoin Blockchain Web Developer - KSN Technologies, Inc. - Madison, WI

DrupalCoin Blockchain Web Developer Location:. JavaScript based responsive HTML5 applicationsWorking knowledge with web portals and portlets5+ years’ experience in web...
From Dice - Tue, 05 Dec 2017 05:20:39 GMT - View all Madison, WI jobs
Source: http://rss.indeed.com/rss?q=DrupalCoin Blockchain+Developer


Getting Ready for Web Video

Inspired Magazine
Inspired Magazine - creativity & inspiration daily
Video is one of those really contentious points about web design. There are some people who feel like web pages should not have embedded video at all. These people are wrong.
Like any technology, however, we should respect it and not abuse it. The two worst things you can do are:

AutoPlay videos, without express consent from the user
Embed too many videos in one page

Both of these things are likely to cause annoyance to users and should be avoided unless you have a very good reason.
Knowing what not to do will only get you so far. The rest of your online video success story will depend on knowing the things you ought to do, which is what we’ll cover in the rest of this article.
Video categories
There are six different types of videos that are commonly used on sites. These are:

Regular video – you point a camera at something and record it
Live stream – you point a camera at something and don’t record it
Slide show – composed from a series of still images, often with voice over plus added descriptive text
Animation – various methods, but more commonly 3D rendered animations made with Maya3D or Blender.
Screencast – software records images from your computer, normally used for tutorials, usually with text overlays and voice narration.
Hybrid screencast – a screen cast with regular video segments, and possibly also slideshow segments.

Knowing which type of video you want to produce is a good start. Actually that brings us neatly to the next topic.
Plan your video
Good video doesn’t normally happen by accident. Meticulous planning pays off, and that means you know what kind of video you’re going to produce, how you’re going to produce it, and (very importantly) why.
Don’t fail to plan. For a start, your video should be scripted. This is true even if there is no dialog or narration. The script gives you a clear impression of how the video is supposed to unfold. You can also optionally story board the video, but a crew that can’t work straight from a script is not a very visionary crew.
If you’re making a bigger production, you’ll also benefit from budget planning, scene breakdown, shooting sequence (shot list), location scouting, etc. The more time you invest into planning, the better your video is likely to be. Professional preparation leads to professional results.
Software that can help you with script writing and planning includes Trelby and CeltX.

Invest in quality equipment
The equipment you use will have a big impact on the result. It may be difficult to believe, but the camera is not the most important part of your equipment investment.
That’s because for web video (in 2018, at least) it’s rarely sensible to shoot video above normal HD (1920px wide), and in fact it’s better to shoot in SD (1280px wide) or lower, and the aspect ratio should always be 16:9.
One source of confusion with these resolutions, by the way, is the slightly misleading standard names used, which references the vertical height (720p / 1080p) rather than the width, which is the most natural thing people think about.
In thinking about this, bear in mind that a video with a frame height of 720px will not fit on the screen real estate of most users, so it is easy to see why shooting above 720p will not give superior results for web video.
The larger your video frame is, the more resources it will hog on the user’s device, including in some cases failing to play at all, or playing very poorly. Your goal really should be to get the highest image quality and the lowest file size (in bytes).
The reason all this is mentioned is because cameras up to HD will be quite inexpensive compared to cameras that can shoot at higher resolutions, and you’ll just be wasting your money if you invest in them, because most users in 2018:

Do not have screens large enough to support the enormous frame size
Do not have connections fast enough to stream anything above HD smoothly
Do not have connections able to stream anything above SD smoothly either
Are not overly concerned about quality as long as it is reasonable

Quality of your content is the more important thing. So cameras for web video are cheap. What matters a lot more is the audio, and that is where you should invest sensibly.
Cheap audio solutions are likely to result in poor results, so avoid cheap audio and invest in quality. What you save on your camera can be reinvested into sound. Literally what you’d regard as a sound investment.

The main microphone types are shotgun, boom, and wireless. The top brands include Rode, Senheiser, Shure, and Audio-Technica.
Shotgun microphones will do the job if the camera is reasonably near and there is no wind. A boom mic can be made from a shotgun mic mounted on a pole with an extension cable. Wireless is the most expensive and the most likely to give you trouble.
You should invest in a good quality tripod as well, with the generally accepted best brand on the market being Manfrotto. What you should invest in lighting depends on the location. Other items you’ll need could include reflectors and shaders.
Completely optional items that can be useful include sliders, dollies, jibs, and lens filters. Don’t invest in these items unless your production warrants their purchase.
Set the scene
The best idea with online video is to keep it short whenever possible, and when it’s not possible, break it down into segments. This is far better than one long continuous narrative, and makes your video look more professional.
For each segment, think about what will be in the frame. If the camera will pan, track, or otherwise follow your movement between two or more points, think about what will be in the frame at each point. Rehearse it and mark the spots where you will stand if you’re in an on-camera role.

How you can mark ground spots is with chalk, tape, small bean bags, or stones. The camera operator should use a tripod or Steadicam for best results. Shaky video is truly horrible.
For screen casts and slideshows, think about how well the user can see what you’re showing. Zoom in on key elements if necessary, and be willing to switch betweeen different zoomed and unzoomed views, as the situation requires.
Make your own green screen
If you are presenting from behind a desk, a green screen can be a big improvement to your presentation. Simply get yourself a large, flat, solid surface, which should be smooth and unblemished, and paint it a bright shade of green.

For ultimate compatibility, also create magenta and cyan screens that can be swapped in if you need to show anything green colored in your frame.
With a green screen (or magenta, or cyan) you can use a technology called chroma key to replace the solid color with any image, including another video.
Obviously there’s not much point in making a video if nobody wants to watch it, so try to keep things interesting. Beware, however, not to be insincere or act out of character, because poor acting is worse than no acting at all.
Humor can be powerful if it is done well, and used only where it is appropriate. Likewise solemn, somber, and scandalous tones can also create interest when used appropriately.
Product videos and testimonials should be delivered enthusiastically and highlight the best features, however product reviews should be brutally honest in order to boost your credibility and win the trust of your viewers. Nothing is more valuable than trust.
Editing
Editing your video is the biggest task of all. For this, you’ll need software, and that software must be a nonlinear video editor (NLE). With this you can put mix and match the various clips you’ve shot to make a coherent narrative.

Not all editing software is equal. The best video editors are Cinlerra, Adobe Premiere Pro, Blender, and Sony Vegas Pro.
Rendering
Rendering is usually done, at least on the first pass, by the video editing software. When rendering for DVD, your goal is to get maximum video quality, regardless of the file size. Rendering for the web is a whole different thing.
The only formats worth considering are MP4 and WEBM, and while the latter will give you a better file size, it is not currently universally supported by all browsers. It is worth keeping in mind for the future.
Although your sound capture needs to be first rate, your rendered audio definitely should not be. In fact this is where most people go wrong, leaving their sound at ridiculously high fidelity when it’s not necessary. Reducing the audio quality will go a long way towards reducing file size while not noticeably affecting the outcome.

Codecs are a hotly debated topic, but the general consensus of professionals is to use the H.264 codec (or equivalent), because this will ensure maximum compatibility and a good balance between quality and file size.
Finally, consider shrinking the physical dimensions of the video if it is going to be viewed within a pre-defined space, and the user would not be expected to view it in full screen mode (doing so will work, but results in pixelation… their problem, not yours).
You can also use video transcoders such as Handbrake for your final render to fine tune the resulting file and ensure maximum compatibility. In some regions ISPs have restricted access to Handbrake downloads, but that’s just a testament to how good it is.
Captioning
Don’t under-estimate the power of captioning. Investing the time to create proper closed captions (subtitles) for your video production will be a very good investment. At the very least, allow auto-captions, but creating your own, especially if you allow a choice of languages, is always a good idea except when your video contains no speech.
Hosting
Considering how many mobile users there are and the prevalence of 3G connections, with 4G still being a (slowly growing) minority, HD video is not the best of ideas, and since Vimeo’s support for captioning is not on a par with Google’s, this makes Google the better choice for online video hosting at present.

Notice, however, that it was Google, not YouTube, that got the mention there. For numerous reasons, YouTube is not the best way to host your video, however there is nothing to prevent you uploading multiple versions of your video, one you host on a private Google account and one you host on YouTube.
The version embedded on your site should be the version hosted on your Google account.
The one exception to the rule is if you’re producing feature content, where you are showing off your film making prowess. In this case, Vimeo may have the edge.
For low bandwidth sites (those that attract less traffic than the bandwidth they have available), you could consider hosting the video on your own server. This can provide some advantages, especially in terms of loading time.
This post Getting Ready for Web Video was written by Inspired Mag Team and first appearedon Inspired Magazine.
Source: inspiredm.com


Can You Sell Water? Part 2

Abraham Celio and Maria Mendez own Yolis Tamales on Chicago’s Southwest Side.Some of the tech industry’s most vaunted companies revel in their origins as mavericks or rule-breakers, having flouted regulations in the name of disruption. That kind of risk-taking is celebrated in Silicon Valley but punished in other places, most notably minority communities.body[data-twttr-rendered="true"] {background-color: transparent;}.twitter-tweet {margin: auto !important;}Undercover @usparkpolicepio handcuffing kids on @NationalMallNPS for selling water. — @timkreppfunction notifyResize(height) {height = height ? height : document.documentElement.offsetHeight; var resized = false; if (window.donkey && donkey.resize) {donkey.resize(height); resized = true;}if (parent && parent._resizeIframe) {var obj = {iframe: window.frameElement, height: height}; parent._resizeIframe(obj); resized = true;}if (window.location && window.location.hash === "#amp=1" && window.parent && window.parent.postMessage) {window.parent.postMessage({sentinel: "amp", type: "embed-size", height: height}, "*");}if (window.webkit && window.webkit.messageHandlers && window.webkit.messageHandlers.resize) {window.webkit.messageHandlers.resize.postMessage(height); resized = true;}return resized;}twttr.events.bind('rendered', function (event) {notifyResize();}); twttr.events.bind('resize', function (event) {notifyResize();});if (parent && parent._resizeIframe) {var maxWidth = parseInt(window.frameElement.getAttribute("width")); if ( 500 < maxWidth) {window.frameElement.setAttribute("width", "500");}}In this episode of the Rework podcast: A legal advocate for low-income entrepreneurs talks about the hurdles her clients face, and a husband-and-wife team of street food vendors share what they’ve learned making the transition from the informal to the formal economy.https://medium.com/media/3e703962df4d7daf3f36bf621a9cf227/hrefCan You Sell Water? Part 2 was originally published in Signal v. Noise on Medium, where people are continuing the conversation by highlighting and responding to this story.


Source: 37signals


Google Maps Improves Location Discovery by Color Coding Points of Interest by @MattGSouthern

Google Maps will soon be rolling out an update that will improve location discovery in two distinct ways.The post Google Maps Improves Location Discovery by Color Coding Points of Interest by @MattGSouthern appeared first on Search Engine Journal.
Source: https://www.searchenginejournal.com/feed/


Google’s Job Search Will Now Estimate Salaries For All Job Positions by @MattGSouthern

Google is adding some requested features to its job search experience that was introduced earlier this year. Job seekers will now be able to access salary information directly in search results, which is something Google says is missing from 85% of job postings in the US. When actual salary information is not available, Google will display estimated salary ranges based on job title, location, and employer. In order to provide estimated salaries, Google will be sourcing information from sites like Glassdoor, PayScale, and LinkedIn. It’s possible that Google’s enhancements to job searches will further empower candidates. For jobs that have […]The post Google’s Job Search Will Now Estimate Salaries For All Job Positions by @MattGSouthern appeared first on Search Engine Journal.
Source: https://www.searchenginejournal.com/feed/


Move Slowly and Fix Things

Synoptic Table of Physiognomic TraitsRuminations on the heavy weight of software design in the 21st century.Recently I took a monthlong sabbatical from my job as a designer at Basecamp. (Basecamp is an incredible company that gives us a paid month off every 3 years.)When you take 30 days away from work, you have a lot of time and headspace that’s normally used up. Inevitably you start to reflect on your life.And so, I pondered what the hell I’m doing with mine. What does it mean to be a software designer in 2018, compared to when I first began my weird career in the early 2000s?The answer is weighing on me.As software continues to invade our lives in surreptitious ways, the social and ethical implications are increasingly significant.Our work is HEAVY and it’s getting heavier all the time. I think a lot of designers haven’t deeply considered this, and they don’t appreciate the real-life effects of the work they’re doing.Here’s a little example. About 10 years ago, Twitter looked like so:Twitter circa 2007How cute was that? If you weren’t paying attention back then, Twitter was kind of a joke. It was a silly viral app where people wrote about their dog or their ham sandwich.Today, things are a wee bit different. Twitter is now the megaphone for the leader of the free world, who uses it to broadcast his every whim. It’s also the world’s best source for real-time news, and it’s full of terrible abuse problems.That’s a massive sea change! And it all happened in only 10 years.Do you think the creators of that little 2007 status-sharing concept had any clue this is where they’d end up, just a decade later?Seems like they didn’t:People can’t decide whether Twitter is the next YouTube, or the digital equivalent of a hula hoop. To those who think it’s frivolous, Evan Williams responds: “Whoever said that things have to be useful?”Twitter: Is Brevity The Next Big Thing? (Newsweek, April 2007)Considering these shallow beginnings, is it any surprise that Twitter has continually struggled at running a massive, serious global communications platform, which now affects the world order?That’s not what they originally built. It grew into a Frankenstein’s monster, and now they’re not quite sure how to handle it.I’m not picking on Twitter in particular, but its trajectory illustrates a systemic problem.Designers and programmers are great at inventing software. We obsess over every aspect of that process: the tech we use, our methodology, the way it looks, and how it performs.Unfortunately we’re not nearly as obsessed with what happens after that, when people integrate our products into the real world. They use our stuff and it takes on a life of its own. Then we move on to making the next thing. We’re builders, not sociologists.This approach wasn’t a problem when apps were mostly isolated tools people used to manage spreadsheets or send emails. Small products with small impacts.But now most software is so much more than that. It listens to us. It goes everywhere we go. It tracks everything we do. It has our fingerprints. Our heart rate. Our money. Our location. Our face. It’s the primary way we communicate our thoughts and feelings to our friends and family.It’s deeply personal and ingrained into every aspect of our lives. It commands our gaze more and more every day.We’ve rapidly ceded an enormous amount of trust to software, under the hazy guise of forward progress and personal convenience. And since software is constantly evolving—one small point release at a time—each new breach of trust or privacy feels relatively small and easy to justify.Oh, they’ll just have my location. Oh, they’ll just have my identity. Oh, they’ll just have an always-on microphone in the room.Most software products are owned and operated by corporations, whose business interests often contradict their users’ interests. Even small, harmless-looking apps might be harvesting data about you and selling it.And that’s not even counting the army of machine learning bots that will soon be unleashed to make decisions for us.It all sounds like an Orwellian dystopia when you write it out like this, but this is not fiction. It’s the real truth.A scene from WALL-E, or the actual software industry in 2018?See what I mean by HEAVY? Is this what we signed up for, when we embarked on a career in tech?15 years ago, it was a slightly different story. The Internet was a nascent and bizarre wild west, and it had an egalitarian vibe. It was exciting and aspirational — you’d get paid to make cool things in a fast-moving industry, paired with the hippie notion that design can change the world.Well, that motto was right on the money. There’s just one part we forgot: change can have a dark side too.If you’re a designer, ask yourself this question…Is your work helpful or harmful?You might have optimistically deluded yourself into believing it’s always helpful because you’re a nice person, and design is a noble-seeming endeavor, and you have good intentions.But let’s be brutally honest for a minute.If you’re designing sticky features that are meant to maximize the time people spend using your product instead of doing something else in their life, is that helpful?If you’re trying to desperately inflate the number of people on your platform so you can report corporate growth to your shareholders, is that helpful?If your business model depends on using dark patterns or deceptive marketing to con users into clicking on advertising, is that helpful?If you’re trying to replace meaningful human culture with automated tech, is that helpful?If your business collects and sells personal data about people, is that helpful?If your company is striving to dominate an industry by any means necessary, is that helpful?If you do those things…Are you even a Designer at all?Or are you a glorified Huckster—a puffed-up propaganda artist with a fancy job title in an open-plan office?Whether we choose to recognize it or not, designers have both the authority and the responsibility to prevent our products from becoming needlessly invasive, addictive, dishonest, or harmful. We can continue to pretend this is someone else’s job, but it’s not. It’s our job.We’re the first line of defense to protect people’s privacy, safety, and sanity. In many, many cases we’re failing at that right now.If the past 20 years of tech represent the Move Fast and Break Things era, now it’s time to slow down and take stock of what’s broken.At Basecamp, we’re leading the charge by running an unusually supportive company, pushing back on ugly practices in the industry, and giving a shit about our customers. We design our product to improve people’s work, and to stop their work from spilling over into their personal lives. We intentionally leave out features that might keep people hooked on Basecamp all day, in favor of giving them peace and freedom from constant interruptions. And we skip doing promotional things that might grow the business, if they feel gross and violate our values.We know we have a big responsibility on our hands, and we take it seriously.You should too. The world needs as much care and conscience as we can muster. Defend your users against anti-patterns and shady business practices. Raise your hand and object to harmful design ideas. Call out bad stuff when you see it. Thoughtfully reflect on what you’re sending out into the world every day.The stakes are high and they’ll keep getting higher. Grab those sociology and ethics textbooks and get to work.If you like this post, hit the 👏 below or send me a message about your ham sandwich on Twitter.Move Slowly and Fix Things was originally published in Signal v. Noise on Medium, where people are continuing the conversation by highlighting and responding to this story.


Source: 37signals