Drupal Association blog: Update on Drupal’s response to the EU’s proposed Cyber Resilience Act

This post is a follow up on the collaboration between Drupal and other FOSS projects in response to the proposed CRA legislation in the EU. You can read our original joint letter here.

The Drupal Association has continued to participate in weekly calls with other open source projects leaders hosted by Open Forum Europe to discuss the proposed Cyber Resiliency Act (CRA) in the EU. 

The EU legislators are now reconciling several different draft versions of the regulation, and incorporating stakeholder recommendations into a new draft to be advanced through the legislative process.

For the past several months multiple constituent groups within the EU have shared draft versions of the text, soliciting feedback from a variety of stakeholders in government, industry, and the open source community. 

The Open Forum Europe group reviewed several of those draft pieces being reconciled by legislators and offered detailed input and recommendations. One of the major goals was to ensure that the obligations of the CRA don't fall as an undue burden on individuals, non-profits, non-commercial entities, etc., and to forestall unintended consequences that might curtail corporate participation in open source projects. 

The Drupal Association together with the other projects represented in this process strongly believes that Free and Open Source Software is more secure software, and wanted to ensure that this legislation would not stifle the growth of the FOSS movement.

Some of the many areas we focused our recommendations on were: 

Criteria for obligation under the regulation

  • Preventing redundant obligations on open source software caused by use across multiple entities, and ensuring that appropriate obligations for larger entities are not unfairly enforced on smaller ones. 
  • Avoiding tying obligations to the rate of the release cycle which could create a chilling effect on innovation. 
  • Further clarifying that individual contributors as natural persons do not invoke regulatory obligations by participating in open source projects.
  • Encouraging a process that will allow alignment of obligations internationally, so that it will be easier for global communities to meet all their regulatory obligations.

Defining commerciality

  • Improving the text's definition of 'commerciality' - to help ensure that open source projects and the non-profit foundations that support them are not unintentionally punished for the maturity of their development process or the effectiveness of their fundraising activities. 

Risk assessment 

  • Portions of the regulation depend on the concept of risk assessment and the evaluation of security issues 'low' or 'high' risk, 'known vulnerabilities', 'exploitability,' etc. We noted that these definitions must be carefully considered, transparent, standardized, and have room to be refined post-enactment. 
  • We also raised examples of why the method of remediation of known vulnerabilities might vary depending on each project’s approach, suggesting that this should not be too rigidly defined. 

Open Source Stewardship

  • The regulation introduces the concept of an Open Source Steward, a legal entity that can be said to hold responsibility and accountability for an open source project.
  • This creates a category for obligations separate from those of 'software manufacturers' with a level of flexibility appropriate for open source.
  • However, we noted some potential pitfalls in discrepancies between the definition of stewardship and the authority those steward organizations might have over their projects (see for example, collaborative/decentralized projects).

Collaborative/Decentralized Projects

  • Most regulatory language assumes a central entity with responsibility and accountability. Open source projects are often collaborative and decentralized. We provided several recommendations for defining 'collaborative' projects and flagged some concerns with use of the term 'decentralized' in their regulatory definition. 
  • The primary goal of our recommendations was to avoid inducing obligations (or the risk of fines) on entities that do not necessarily have formal legal relationships with each other nor formal 'ownership' of the software projects they are participating in. 

… and many more recommendations, as well. 

What comes next?

When the draft versions have been reconciled by the EU legislature and the new text is publicly available we'll share with the community. The legislative process will then move form the main body to the standards and implementation details created by the act. 

The Drop Times: Component-Based Design Using Single Directory Components (SDC) in Drupal

Since recently, Drupal has been using the experimental SDC (Single Directory Components) module. This module aims to bring Drupal front-end development closer to component-based design, a paradigm that in recent years has gained momentum, but was not easy to implement in previous versions of Drupal. In this guide, we will explain what SDC is and how it works, how it can benefit you, how it integrates with other internal and external tools, what its potential is, and how it could even revolutionize the way we work the Drupal front-end.

LostCarPark Drupal Blog: Drupal Advent Calendar day 12 ECA (Event - Condition - Action)

Drupal Advent Calendar day 12 ECA (Event - Condition - Action) james Tue, 12/12/2023 - 07:00 Image removed.

It’s day 12, marking the half way point in the Advent Calendar, and behind today’s door is a module that opens a whole world of possibility for Drupal site builders. We are joined by Michael Lenahan (michaellenahan) to tell us about the ECA module.

A gentle introduction to the ECA module

The reason I chose to write about this module for the Advent Calendar is that I was recommended to look into it by one of my colleagues at work.

It’s one of those modules that really changes the way you think about Drupal … in this case, especially how Drupal can be better for site-builders and those who are not…

Tags

Specbee: How to Navigate Automation Testing with the Power of Selenium and Python

Automation testing is indispensable for anyone involved in software or web applications. Developers love it because it makes the development process smoother, boosts code reliability, and speeds up feedback. Testers get a break as automation takes care of repetitive tasks, easing stress. Business clients save big on costs, thanks to time savings and reduced testing expenses, leading to improved efficiency and financial gains. It's a win-win all around! Selenium, the open-source testing framework for automating web browser interactions, is a powerful cross-browser testing tool that is widely used for functional testing. While it supports multiple programming languages like C++, Java, and C#, Python's readability and simplicity make it user-friendly for writing and maintaining test scripts, enhancing the overall efficiency of the testing process. In this article, we’ll dig deeper into automation testing and how you can use Selenium with Python for automated testing. What is Automation Testing Automation testing is a software testing technique used to automate the validation process or functionality of software to ensure it meets the requirements before releasing it to production. With the help of automation testing, large and repetitive test cases like regression and sanity testing can be made faster by reducing considerable human tester's effort and also achieving quality testing.Automation testing uses scripted sequences executed with the help of automation testing tools. It executes the scripts written to validate the functionalities, compares the results, and produces the Test results report. What can be automated? 1. Stable web applications.2. Applications with minimal changes.3. Repetitive testing like Sanity/ Regression testing. What cannot be automated? 1. Unstable applications (having many open issues/ frequent major changes).2. Automation will not be suitable for projects that are in the under-development stage because it will consume a considerable amount of time and resources to update and maintain the automation test scripts.3. To test a few applications that require specific attention and subject matter expertise. Manual testing will be suitable for these types of testing rather than automated testing.4. CAPTCHA – this requires human intervention to identify the correct match to pass it which is not possible by automation.5. Visual Testing – Applications that require you to validate how they display to the end users, which will need end-user experience that automaton scripts cannot fulfill. What is Selenium Selenium is an automation testing tool to validate the functional and non-functional requirements of web applications.  Selenium is one of the widely used automation testing tools because:  It is an open-source test automation tool. It can be coded in multiple languages like Java, Python, Javascript, C# etc. Selenium covers cross-browser testing like Chrome, Mozilla, Edge, and Safari. It can run using different IDEs like Pycharm, Eclipse, and Visual Studio. Different frameworks are available like Unit Testing, Pytest, and Robot along with keyword-driven or data-driven or hybrid frameworks. Using Selenium with Python As mentioned previously, Selenium accepts various scripting languages to automate the test scripts. Python is the most popular scripting language amongst them because: It is easy to learn and understand, and easier to code due to simple and clean syntax. The code flow of Python is easy to understand as it uses indentation instead of Curley braces at the start and end of the blocks. Python is easy to construct as it uses simple English words and is less verbose than other programming languages. The world is moving towards AI with Machine learning and Python plays a crucial role in implementing them. Installing Python  To install, you can visit their site, and then download and install the latest version of Python. Once Python is installed successfully, you will need to set Python home into system variables. Next, copy the path of python.exe and Script folder locations to: >> system environment variables>>Advanced>>Environment variables >> Add new path. PIP is a Standard package manager for Python (like jars in Java). It allows you to install and manage additional packages which are not part of Python's standard library. Pycharm Installation Pycharm is one of the editor tools used to script the test steps using Selenium with Python. It can be installed by following the steps mentioned below. Download Pycharm here. Download the community edition. Once downloaded and installed successfully, create a new project. Right-click on the project and add a new Python file (this will create a “.py” extension) Start writing your Python program. Browser Invocation To start web automation testing, browser invocation is the first step and this can be achieved with the below syntax based on the browser. For Edge browser: obj = Service() driver = webdriver.Edge(service = obj) driver.get(“webpage url”)For Chrome browser: obj = Service() driver = webdriver.Chrome(service = obj) driver.get(“webpage url”)For Firefox browser: obj = Service() driver = webdriver.Firefox(service = obj) driver.get(“webpage url”)For Safari browser: obj = Service() driver = webdriver.Safari(service = obj) driver.get(“webpage url”)Basic Selenium automation functionalities These functionalities form the foundation for creating Selenium test scripts and are crucial for automating interactions with web applications. Window Maximize: This will maximize the browser window. driver.maximize_window() Window Minimize(): This will minimize the browser window. driver.minimize_window() Page title: This will get the current page title. driver.title Page URL: This will get the current page URL. driver.current_url Closing the current window: This will close the current opened window driver.close() Closing the entire browser: This will close the entire browser opened by the automation  driver.quit() Refresh the current page: This will refresh the current browser driver.refresh() Moving to next screen: This will help to move next to previous screen. driver.forward() Moving to previous screen: This will help to move back to previous screen. driver.back() Selenium Locators Locators enable testers to identify and select the HTML DOM elements to act on. These locators help Selenium WebDriver interact with the specific elements needed for testing or automation.  Here are some common types of Selenium locators: Locating by ID: It is used to identify an element using the ID attribute. There may or may not be ID available for all elements but if it is available, it should be unique. Syntax:  find_element(By.ID, “value”) Locating by NAME: It is used to identify an element using the Name attribute Syntax:  find_element(By.NAME, “value”) Locating by Link Text: It is used to identify a link using link text. It is applicable only for the text having hyperlinks. Syntax:  find_element(By.LINK_TEXT, “value”) Locating by Partial Link Text: It is used to identify the link's partial text. It is applicable only for the text having hyperlinks. Syntax:  find_element(By.PARTIAL_LINK_TEXT, “value”) Locating by CSS_Selector: It is used to locate an element using the CSS selector. Syntax:  driver.findElement(By.cssSelector, “tagname[attribute=‘value’]”) Locating by XPATH: It is used to locate an element using XPath query. Syntax:  driver.findElement(By.cssSelector, “//tagname[@ttribute=‘value’]”) Headless mode: Running the application in invisible state(backend) Syntax:  oj = webdriver.ChromeOptions()oj.add_argument("--start-maximized")oj.add_argument('--headless')  Keyboard data – input: Input data needed to provide on run from the keyboard. Syntax: driver.get(input("Enter the application URL: ")) Final Thoughts By understanding the basics of Selenium automation functionalities, including browser invocation, key WebDriver commands, and the significance of locators, testers, and developers can harness the power of automation to create effective and reliable test scripts. If you're looking for a Drupal development company to seamlessly integrate these automation practices into your web projects, explore the possibilities with Specbee.

The Drop Times: SparkFabrik: Pioneering Excellence in Drupal and Web Development

Experience innovation with SparkFabrik, a leading force in Drupal and web development. Led by CEO Stefano Mainardi, SparkFabrik combines a rich history of success, open-source commitment, and a vision for the future. Dive into their Drupal expertise, community contributions, and cutting-edge technologies. Join SparkFabrik on the forefront of innovation, where scalability, adaptability, and excellence define every project. Welcome to a world where technology meets vision, and SparkFabrik leads the way.

Drupal Core News: Coding standards proposals for final discussion on 2 January 2024

The Technical Working Group (TWG) is announcing two coding standards changes for final discussion. Feedback will be reviewed at the meeting scheduled for Tuesday 2 January 2024 2100 UTC.

Issues for discussion

The Coding Standards project page outlines the process for changing Drupal coding standards.

Join the team working on Coding Standards

Join #coding-standards in Drupal Slack to meet and work with others on improving the Drupal coding standards. We work on improving our standards as well as implementing them in the core software.

Talking Drupal: Talking Drupal #428 - Digital Nomads

Today we are talking about Being a Digital Nomad, common nomadic hurdles, and realized work/life benefits with guests Chad Hester and Shelley Goetz. We’ll also cover Flag as our module of the week.

For show notes visit: www.talkingDrupal.com/428

Topics
  • What does digital nomad mean?
  • When did you first start to think about this
  • What was your physical journey like
  • What do you do for work
  • What is the biggest win
  • How did this affect family dynamics
  • What was the biggest gotcha
  • Tips and tricks
  • Long term plan
  • Why not Europe or South America
  • Question from Stephen: As a Patriots fan what are your thoughts on the 2023 season, is Bill Belichick staying or going
Resources Guests

Shelley Goetz - shelleygoetz Chad Hester - chadkhester.com chadhester

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Ron Northcutt - community.appsmith.com rlnorthcutt

MOTW Correspondent

Martin Anderson-Clutz - @mandclu Flag

  • Brief description:
    • Have you ever wanted a simple way to let users bookmark, like, or even flag as inappropriate content on your Drupal site? There’s a module for that.
  • Brief history
    • How old: originally created in 2008 by quicksketch, who listeners may remember as the original author of Webform
    • Versions available: 7.x-3.9 and 8.x-4.0-beta4
  • Maintainership
    • Actively maintained, but no commits in the last year
  • Has a handbook, but it’s in the old documentation system
  • Number of open issues: 675, 132 of which are bugs against the 8.x branch
  • Usage stats:
    • Over 38,000 sites
  • Maintainer(s):
    • Recent releases by Berdir, who we recently mentioned as the maintainer of TMGMT in episode #426
  • Module features and usage
    • The Flag module provides a flexible system that can reference any kind of entity, so content, users, comments and so on
    • When you create a flag type, you set the target entity type, and then you can optionally choose specific bundles that can be flagged
    • Flags can be per-user, like bookmarks, or global, meaning that they’re the same for everyone
    • Links to Flag or Unflag content or other entities can be displayed in a variety of ways: in a field, in entity links, as contextual links, and more
    • By default flag links are rendered as AJAX links that flag or unflag content without reloading the page, but you can configure them to display in various ways, including a links to a field entry form, because flag types are also fieldable
    • There is extensive views integration, so it’s easy to list flagged content, for example to show a user content they’ve flagged as their favorites. The ecosystem of modules around Flag includes one called Views Flag Refresh that can trigger a view to automatically update via AJAX as soon as any content in that view is flagged or unflagged
    • Not long ago I used Flag as part of a lightweight task management system within Drupal, and anyone wanting to try that out can install the Tasks module

The Drop Times: Empowering Women in Drupal

Let's dive into something awesome today—the fantastic women rocking the tech world, especially in our Drupal community. There's no fluff, just facts about how they're taking Drupal to new heights.

Women are making waves in the tech world, and right here in Drupal, they're levelling up the game. Their outstanding achievements shape the tech landscape, proving that women are forces to be reckoned with in technology.

Women are taking the lead in Drupal organizations, such as the Drupal Diversity and Inclusion Group, which aims to foster a more diverse and inclusive community by promoting diversity in leadership, speaking opportunities, and events.

Drupal's got your back with the "Women in Drupal," formerly DrupalChix. This program hooks women with mentors, resources, and chances to connect. It's all about building a community where everyone's voice is heard.

Women in Drupal are not just part of the community but driving it to new heights. As we applaud their achievements, let's acknowledge that there's more ground to cover on the path to gender equality in tech.

Let's continue championing diversity, fostering inclusivity, and supporting one another. Now, look back at what we covered last week at The DropTimes.

Alka Elizabeth, a sub-editor, wrote about a Reddit discussion on Drupal Dilemmas, addressing issues and seeking improvements. I ran two interviews, the first with Andrew Berry, Director of Technology at Lullabot, sharing his insights from Evolve Drupal Toronto and contributions to the Drupal community. Read the complete interview here. The second one featured the API Client Initiative led by Brian Perry, core maintainer, aiming to provide a comprehensive solution for Drupal. Click here to read.

And for the Drupal community, here's some important news: Drupal core committers and the Drupal 10 readiness initiative seek your feedback. They're proposing a new working group focused on contributed modules where maintainers haven't updated to the next major Drupal version.

In noteworthy announcements, Tag1 Consulting celebrated a milestone with Nathaniel Catchpole's collaboration with Chrome for Developers, marking a crucial development for Drupal 10.2. Drupal core version 10.3.0 introduces a new access policy API for assigning permissions in various ways. Dave Long announced a significant change in Drupal core version 10.2.0, adding autocomplete attributes to login and password reset forms.

On the events front, Open Source Summit North America is accepting proposals for its April 16-18, 2024 event in Seattle. NERD Summit 2024 announced Dr. David Weinberger as the keynote speaker for March 8, 2024, and encourages session proposals before January 15, 2024. Rod Martin, Lead Trainer at OSTraining, will conduct an Absolute Beginner's Guide to Drupal training session on February 23, 2024, at Florida DrupalCamp.

Now, onto organization news—Bounteous is celebrating a big win at the MarCom Awards 2023, receiving the prestigious Gold Award. Kevin Montgomery of SearchStax published a guide highlighting the seamless collaboration between SearchStax Studio, Drupal CMS, and React. Tag1 Consulting's Michael Meyers and Janez Urevc conclude their podcast series, addressing migration cost complexities with Lucas Hedding. DevBranch, a team from Lutsk, Ukraine, reveals their extensive contributions to Drupal.org. Annertech introduces a 40% discount on vulnerability management for LocalGov Drupal.

Tutorials cover a range of Drupal topics: Saranya Ashokumar's D4Drupal video delves into automated testing in Drupal, Idroot provides a guide for installing Drupal on Fedora 39, Prerna Trimurty Infotech offers a step-by-step guide for upgrading Drupal websites and Drupalize.Me present tutorial videos covering essential concepts for module developers. Additionally, Ritvik Tak provides a comprehensive guide on setting up Drupal 8 multi-site environments using Lando.

We've also featured some insightful case studies. Droptica shares its experience developing the digital content platform EM360, showcasing the strategic use of Drupal for an innovative user-generated content hub in the IT sector. Druid presents a case study on renewing Veikkaus, the Finnish Gambling Website.

In book-related news, Smile has released a comprehensive white paper titled "Drupal in 2024," highlighting Drupal's global prominence as an Enterprise Content Management System (CMS). Joe Shindelar of Drupalize.me plans to release a curated "Hello, world" guide for developers in the Drupal community. AcroCommerce offers a practical integration guide, combining BigCommerce e-commerce capabilities with the versatility of Drupal CMS.

Switching to the security front, Achieve Internet issues an urgent compliance warning for Apigee Legacy Developer Portal users, stressing the critical importance of upgrading.

There are more stories to discover, but we must stop here due to space constraints. Keep enjoying your Drupal journey!

To get timely updates, follow us on LinkedIn, Twitter and Facebook.

Thank you,

Sincerely

Kazima Abbas
Sub-editor, TheDropTimes.

Drupal Association blog: Meet Lenny Moskalyk, the first Ukrainian Board Member of the Drupal Association Board

Image removed.

We're thrilled to introduce Lenny Moskalyk, one of the newest members on the Drupal Association Board. Lenny is a Senior Project Manager at Cocomore and is involved in organizing DrupalCamp Kyiv. She's actively engaged in the Ukrainian Drupal Community and serves as an Advisory Board Member of DrupalCon Europe, among other contributions to various Drupal events. Recently, Lenny received the Women in Drupal 2023 award in the ‘Scale’ category, given to those who boost growth in Drupal—her accomplishments that led to this award represent the value of growth within the Drupal Community. 

Lenny recently joined the Drupal Association Board, and she shares her insights on this exciting journey:

What are you most excited about when it comes to joining the Drupal Association Board?
The opportunity to help and contribute back to the community in an efficient meaningful way.

What do you hope to accomplish during your time on the board?
I aim to build connections with underrepresented communities and make sure their voices are heard.

What specific skill or perspective do you contribute to the board?
Being the first Ukrainian on the Board, I am representing one of the biggest and most active communities in Europe. I have experience in organizing Drupal events of various scales and being an experienced project manager, I have excellent communication skills.

How has Drupal impacted your life or career?
I started to work with Drupal around 10 years ago and from the day the ideas of open source and support within the community won my heart. It inspired me to try myself in new roles, such as co-organizing DrupalCamp Kyiv. Through Drupal, I have discovered many new things about different cultures and nowadays wherever around the world I would go—I know for sure where to find like minded people :)

Tell us something that the Drupal community might not know about you.
I am a passionate traveler who recently added sailing skills! Another thing that brings me joy is cooking for my loved ones and sharing meals with them :)

Share a favorite quote or piece of advice that has inspired you.
“Fortune favors the brave.”

We can't wait to experience the incredible contributions Lenny will make during her time on the Drupal Association Board. Thank you, Lenny, for dedicating yourself to serving the Drupal community through your board work! Connect with Lenny on LinkedIn.

The Drupal Association Board of Directors comprises 12 members, with nine nominated for staggered 3-year terms, two elected by the Drupal Association members, and one reserved for the Drupal Project Founder, Dries Buyteart. The Board meets twice in person and four times virtually annually, overseeing policy establishment, executive director management, budget approval, financial reports, and participation in fundraising efforts.

Subscribe to