Giving Clients What They Need - Not What They Want

by Elliot Christenson on September 20, 2016 - 7:38am

If you're anything like me, you've spent a few years in the freelance/agency world performing work for clients. If your clients are anything like the ones I've had, they come in with preconceived notions, "wives tales", and many, many things that are just not in their best interest.

I know there is a tendency to say "the customer is always right." I would prefer to say "the customer is entitled to the best product possible."

Part of that product is you - their developer - and your knowledge.

In this post, I'm going to attempt to show you a piece of what I mean when I say "Giving Clients What They Need - Not What They Want".

Higher Ed Drupal: Drupal In Computer Science

by Elliot Christenson on September 6, 2016 - 8:46pm

School has just started for many of your children. It may be starting for you too!

I start tomorrow: as an instructor at the University of Wisconsin-Green Bay. My mind is all full of anxiety as I try to guess the level of knowledge of the large (25 plus a waiting list) class. I'm also excited to bring Drupal into the classroom.

At myDropWizard, we supply support and maintenance for several world-class universities, so I know Drupal is no stranger to the world of "higher-ed". There are also Higher Ed sessions at Drupalcon and most DrupalCamps!

Drupal 6 security updates for Flag!

by David Snopek on August 31, 2016 - 12:49pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security releases for the Flag module for multiple Access Bypass vulnerabilities.

The module includes a view that lists each user's bookmarked content as a tab on their user profile. The permissions on this view are setup incorrectly, allowing any user who has permission to use the 'bookmarks' flag to see the list of content that any user has bookmarked.

See the security advisory for Drupal 7 for more information.

Here you can download the patch for 6.x-1.x or 6.x-2.x!

If you have a Drupal 6 site using the Flag module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Survey Results From "Is Drupal Hard?"

by Elliot Christenson on August 23, 2016 - 7:51am

A few weeks ago, we had A Survey! Is Drupal Hard?

First of all, thank you for taking the time to answer (even though we had a short-lived technical snafu!). At myDropWizard, we believe in transparency and openness, so I'm going to share the unfiltered data with you - as well as what my thoughts are in interpreting this non-scientific study.

Drupal 6 security updates for Panels!

by Elliot Christenson on August 17, 2016 - 1:16pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security releases for the Panels modules for multiple Access Bypass vulnerabilities.

The first vulnerability allows anonymous users to use AJAX callbacks to pull content and configuration from Panels, which allow them to access private data. And the second, allows authenticated users with permission to use the Panels IPE to modify the Panels display for pages that they don't have permission to otherwise edit.

See the security advisory for Drupal 7 for more information.

Here you can download the patch for 6.x-3.x!

If you have a Drupal 6 site using the Panels module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Creating a static copy of a Drupal 6 site

by Elliot Christenson on August 15, 2016 - 3:40pm

As you probably already know, Drupal 6 is end-of-lifed. This creates many risks for Drupal 6 site owners to keep their site up! First and foremost: security updates are difficult to find and get. Because the energy of the Drupal community as a whole is focused on Drupal 8, the resources dedicated to keeping Drupal 6 secure are very limited. So, your site is more vulnerable to be hacked.

YouTube videos stop working with Lightbox2? Here's the fix!

by David Snopek on August 15, 2016 - 7:12am

This is similar to our last article about how YouTube videos stopped working with Embedded Video Field on Drupal 6 - except this is for Lightbox2 and affects Drupal 6, 7 and 8.

While we still can't seem to find any announcement from Google, it appears that the old YouTube embed code (which is used by the Lightbox2 module) has stopped working.

Using Lightbox2 to play videos is sort of an edge case, and there wasn't an existing fix for it, so we created a patch on this issue.

We encountered this issue with one of our Drupal 6 Long-Term Support customers, so we created a Drupal 6 patch too!

(We created a Drupal 7 patch, and looking at the code the Drupal 8 version appears to be affected also, but since there is no stable release for it, we didn't test it or create a D8 patch.)

To fix: just apply the 6.x-1.x or 7.x-2.x patch!

YouTube videos stop working on your Drupal 6 site? Here's the fix!

by David Snopek on August 12, 2016 - 4:47pm

If you have a Drupal 6 site that uses Embedded Media Field and the Media: YouTube module to embed the YouTube player on your site, you may have noticed it stopped working in the last couple days.

While we can't seem to find any announcement from Google, it appears that the old YouTube embed code which those modules use has stopped working.

Luckily, it's pretty easy to fix!

Read more to find out how...

Drupal 6 security updates for Google Analytics and Piwik!

by David Snopek on August 10, 2016 - 11:21am

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there are two Moderately Critical security releases for the Google Analytics and Piwik modules to fix a Cross-Site Scripting (XSS) vulnerability.

Users who have permission to configure these modules have the ability to add unrestricted, custom JavaScript to the page, however, it's not commonly known that this permission presents a security risk (and there was previously no way to seperate the ability to configure the modules from the ability to add JavaScript).

The new versions create a new permission for adding JavaScript code, which users will need to have in addition to just the permission necessary to configure the modules.

You can download one the of three patches for Google Analytics for 6.x-2.x, 6.x-3.x and 6.x-4.x.

And you can download this one patch for Piwik.

If you have a Drupal 6 site using the Google Analytics or Piwik modules, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

A Survey! Is Drupal Hard?

by Elliot Christenson on August 1, 2016 - 5:04pm

I attended Drupal Camp WI at the University of Wisconsin-Madison this weekend.

There was a fantastic presentation called "Why Is Drupal So Hard?" by Joe Shindelar at Drupalize.me

It got me thinking about myDropWizard, our clients, and what path people are taking at this current crossroad of Drupal 6 -> Drupal 7 -> Drupal 8 versus going a different path. Sometimes when you are too close to a question, you shouldn't be the one answering it. So, I'd like to ask "you," the world!

I'll share the results in a future blog post, and I'll share my thinking about what the results mean.

If you have any criticisms of the survey, please share those with me! I think this is just the first of a few surveys that we can do.

I hope this is fun, and I know it's not "scientific". However, I am hoping that it continues the discussion within the Drupal Community in regards to what we should do?

Without further ado: Here is the survey!

Articles aggregated for consumption on Drupal Planet!

o