Meeting Notes 6/10/2013

Events happening in the community are now at Drupal community events on www.drupal.org.
themusician's picture
Posted by themusician on June 11, 2013 at 5:12am

Summary

Hi everyone, here are my notes from the Con as well as the notes I took during the meeting. They are broken out into Session Notes, Questions and Answers, and Possible Next Meeting topics.

Please contribute your notes if you have them.

Thank you everyone for coming to the meeting. It was great. Hope to see you all next month!

Drupal Con Session Notes

Max Bronsema

PHP Code Complexity and Improvements
http://portland2013.drupal.org/session/development-numbers

Anthony Ferrara
@ircmaxell
ircmaxell@php.net
blog.ircmaxell.com
anthony.ferrara@nbcuni.com

A very interesting discussion of code weight and complexity. Anthony shared several tools he uses to evaluate code. It got a bit heavy on pure computer science but there are good daily use cases for consideration.

Linux System Security Tunables
http://portland2013.drupal.org/session/linux-system-security-tunables

Kees (Case) Cook
http://outflux.net/slides/2013/drupal/tunables.pdf

Authentication hygiene: Any proving credentials, like SSH keys.
Keep away from devices with remote access
Store the encrypted, and tie it to specific devices
Use passwords with your keys, not ssh "no passwords"

DAC (Discretionary Access Control)
- Personal accounts which has no direct access
- Web services cannot change execution mode of itself
- Service maintainers have no access to personal acct, limited system access
- System admin

Pay attention to file system permissions and make clear lines between data and execution
It is really useful for logging and seeing who elevates privileges

MAC (Mandatory Access Control) - AppArmor, SELinux, SMACK, etc...
- Confine a service to explicit things it can do and can access

Add a physical token to password routine.
- HID
- RSA token
- yubi-key
- duo-unix
- google-authenticator

  • randomize_va_space should really be 2 by now, if not, fix that
    net.ipv4.tcp_syncookies = 1 is a dynamic response to Denail of Service attacks
    kernel.yama.ptrace_scope = 1

  • vm.mmap_min_addr =65536 also really needs to be set as well or somebody needs to fix it now
    kernel.kptr_restrict=1
    kernel.dmesg_restrict=1
    fs.protected_symlinks =1 (Might help alleviate the Aegir user concern, need to look into this more and tied with MAC)
    fs.protected_hardlinks =1
    kernel.modules_disabled =1

    Start today!

Scalable and Modular Aritechture for CSS (SMACSS)
http://portland2013.drupal.org/node/478

Jonathon Snook

  • Multiple teams and multiple projects
  • Reuse code as much as possible
    (look at 4gifs.com for fun)
  • Categorization
    • Base styles, what html looks like without classes or id's
    • Layout, major containers and structure, not the content
    • Modules (Selectors, widgets, actions, buttons, things that repeat)
    • States, the state of the modules that are buttons, widgets, etc... anything that can have states
    • User defined themes,
  • The single responsibility theory http://snk.ms/1r
  • Zen-Grids for the win with separating structure from the HTML
  • Naming Convention

  • http://smacss.com

    Drupal Speaks - Aural User Interfaces
    http://portland2013.drupal.org/session/drupal-speaks-aural-user-interfac...

    Jesse Beach & Wim Leers

    • +a11y, accessibility, are tags for issue queue for things that need review
    • #D7AX and #D8AX tags exisit.
    • Working to improve D8 base-line from non-usable to useable
    • ARIA-LIVE is a very useful attribute
      *

    <

    div aria-live="polite"> and it expresses state changes aurally

    • drupal.announce() is built into D8
      • supports translation
      • when used it is appended to the body tag
    • 98.6% of screen reader users enable javascript (WebAim 2012 survey)
    • drupal.tabbingmanager allows restoration of focus after the modal closes
      • It helps constrain tabbalble elements to just those necessary for the specific task
      • drupal.tabbingmanager.constrain() is used to constrain what is tabbable
      • You then use drupal.announce() to explain that the tabbing is constrained
    • There is a devel accessibilty module! http://drupal.org/project/devel_a11y
    • Backbone.js lives in Drupal Core, I totally missed that.
    • drupal.announce should be able to back ported to D7, tabbingmanager, maybe a bit more involved
    • BOF at 1pm Thursday, check board for room

Meeting Drupal Events and Meetups Rock
http://portland2013.drupal.org/session/making-drupal-meetups-and-events-...

  • Encourage diversity, the meetup should reflect the local communities makeup
  • Post to g.d.o, meetup.com, and all social media you can (Hootsuite is one way to automate all of the social media posts)
  • Go to other events that match your use of Drupal and talk about Drupal
  • Ask those that are attending, where they found out about your meetup, and then leverage those channels
  • Find a sponsor to pay for Hootsuite or Meetup.com account and then thank them on the meetup page
  • Reach out to new meetup folks and thank them for coming.
  • Include a code of conduct to help each person feel safe and have a way to report bad conduct
  • Meetups and Events ideas
    • Drupal Ladder
    • Presentations of what they are doing with Drupal
    • Drupal games (3 random modules, make something cool -- drupal wheel of fortune)
    • Keep the presentations short (30 minutes)
    • Always have a beginners presentation to encourage new folks to attend
    • Staggered meetups, a more beginner focused one with q&a, a more advanced one with presentations, these alternate month to month
  • To ROCK
    • Introductions
    • Job Opportunities
    • Consistent scheduling
    • Readvertise about 2 weeks out
    • Keep a google doc of what people want to learn about. Allow users to put hash marks next to topics of interest.
    • Announce topics well in advance. Have the topics planned 3 or 4 meetings out.
    • Encourage communication between regional groups
    • Google, Yahoo, Twitter, Microsoft, will always give money (Will have to try this out)
    • Coffee Shops, Pizza places, will often give huge discounts
    • Community Cultivation Grants drupal.org/community/grants
    • Ask for donations from attendees
    • https://docs.google.com/document/d/192sKn4-IjMpuBMoZPEBg85LE-gLhDz-bZYat...

Aegir
- Valkyrie DevOps for Drupal - drupal.org/project/valkyrie
- DevShop - drupal.org/project/dev_shop
- Koumbuit K-Platforms, take a look at that
- Provision Git, take a look at it on d.o. Also, look at the old hosting_features code but don't use it

SASS/Breakpoints
http://portland2013.drupal.org/session/managing-responsive-web-design-sa...

codingdesigner and Snugug

  • Team SASS, https://github.com/Team-Sass/ (SASS mixins)
  • device agnostic/future friendly
  • breakpoints are large changes, tweakpoints are for massaging little details
  • nesting the media queries allows for easier visualtization while working in the SASS
  • breakpoint-sass.com
    • allows for assigning media query vars a meaningful name
    • " " managing queries by context
    • change breakpoints to ems by setting a flag!!!! Frickin awesome.
    • allows for mass updating of all media queries. This is neat.
    • Suppports fallbacks in the same stylesheet again with a simple flag.
    • Can run resolution media queries as well, currently only FF supports that but it is a future spec (dppx)
    • breakpoint context aware, this is fun and powerful
    • singularity.gs

Logging Everything
http://portland2013.drupal.org/session/logging-everything-and-staying-sane

Brian Altenhofel, @BrianAltenhofel, brian.altenhofel@vmdoh.com

Logstash & Elastic Search
- 3 types of plugins
* Inputs, Filters, Outputs
- Outputs to Nagios, elastic search, etc...
- https://github.com/jordansissel/lumberjack is an input that allows log prep before handing off to logstash. It runs on the servers to ship logs to your logstash machine. It ships the logs via SSL.
- Elastic search is schema free which means no defining what the logs are. It is built on Apache Lucene. elasticsearch.org/download
* Kibana is a really awesome front-end for Elastic Search. Kibana 3 is beautiful.kibana.org
- Moving the logging from Drupal to lumberjack can speed up the site. Logstash also has a built in dblog input if we can't get access to the files on the server.
- Reasons to do logs like this:
* Trend analysis of web server errors
* Much easier to sort through the MySQL slow logs,
* You can filter through twitter trends and see what is being said about the brand. Nice for admissions and marketing. Maybe this is our in!
* Identify when you have a large amount of users logging in
* Smarter notifications - send alert to specific users if a certain message is found by logstash
*
- Look at Pager Duty, http://www.pagerduty.com/
- Space can be a concern so use a script to archive the logs and send them to other storage
- 17-18 web servers require one log server or so (a 2Ghz log server)

Kip Kaiser
Karen McGrane - Watch this Keynote (Kip Kaiser)
https://portland2013.drupal.org/keynote/karen-mcgrane

Michael Lopp - Contentious
https://portland2013.drupal.org/keynote/michael-lopp

Display Suite - https://drupal.org/project/ds

Neil McKay
Designing on Purpose (Neil McKay)
https://portland2013.drupal.org/session/designing-purpose-design-process...

White House developer session
https://portland2013.drupal.org/session/drupal-whitehousegov-open-source...

Content RPG
https://portland2013.drupal.org/session/content-strategy-rpg

Jake & Emily
Helped to Build
https://portland2013.drupal.org/news/drupalcon-portland-day-3-we-use-dru...

Warren
Chef
https://portland2013.drupal.org/session/joy-cooking-whip-drupal-environm...

Questions & Answers

Justin - Life Cycle of Drupal Project
* How do you onboard folks faster?
(Matthew) - Using Rubik in D6 - https://drupal.org/project/rubik
Dress Code for style guides - https://github.com/instructure/dress_code
D7 Views in content dashboard

Mark - Is there some type of data flow chart for Drupal?

Allysa - Hybrid Auth Module
https://drupal.org/project/hybridauth

Masonry Views Module a good idea for Image Gallery grid display
https://drupal.org/project/masonry
Example at the bottom of the gravit digital homepage

Zen sub-theme - https://drupal.org/project/zen
Fences - https://drupal.org/project/fences
* share bitbucket library for our sub-theme

Features - It would be nice to have a demo of features for everyone to see

The Macro module that was talked about - https://drupal.org/project/macro, Has not been touched in nearly a year.

Feeds for migrating content into your site. Useful for creating and updating nodes.

Possible Next Meeting Topics

  • git (Probably Max)
  • Drupal Commerce (Kip)
  • Field Collections (Jake)
  • Feeds & Mass Data (Matthew)
  • Views & Views Filters (Matthew or others)
  • Custom Video Player (Matthew)
  • Interacting with the community (Jennifer)

Bellingham

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: