AdoptOS

Assistance with Open Source adoption

Open Source News

Compile Time vs Runtime OSGi Dependencies

Liferay - Thu, 04/05/2018 - 20:01

Just a quick blog post to talk about compile time vs runtime dependencies in the OSGi container, inspired by this thread: https://web.liferay.com/community/forums/-/message_boards/view_message/105911739#_19_message_106181351.

Basically a developer was able to get Apache POI pulled into a module, but they did so by replicating all of the "optional" directives into the bnd.bnd file and eventually putting it into the bundle's manifest.

So here's the thing - dependencies come in two forms. There are compile time dependencies and there are runtime dependencies.

Compile time dependencies are those direct dependencies that we developers are always familiar with. Oh, you want to create a servlet filter? Fine, you just have a compile time dependency as expressed in a build.gradle file like:

compileOnly group: "javax.servlet", name: "javax.servlet-api", version: "3.0.1"

Basically a compile time dependency is a dependency needed by the compiler to compile your java files into class files. That's really it; you need a class from, say, the XStream XOM package, well then you declare your dependency on in it your build.gradle file and your code compiles just fine.

Runtime dependencies are not as straight forward. What you find, especially when you deploy your OSGi bundles, is that you not only have your direct dependencies like the servlet spec jar or the XStream jar, but there are also indirect dependencies to deal with.

Let's take a look at XStream. If we check mvnrepository.com, these are the listed dependencies for XStream:

Group Name Version cglib cglib-nodep (optional) 2.2 dom4j dom4j (optional) 1.6.1 joda-time joda-time (optional) 1.6 net.sf.kxml kxml2-min (optional) 2.3.0 net.sf.kxml kxml2 (optional) 2.3.0 org.codehaus.jettison jettison (optional) 1.2 org.codehaus.woodstox wstx-asl (optional) 3.2.7 org.jdom jdom (optional) 1.1.3 org.jdom jdom2 (optional) 2.0.5 stax stax (optional) 1.2.0 stax stax-api (optional) 1.0.1 xmlpull xmlpull 1.1.3.1 xom xom (optional) 1.1 xpp3 xpp3_min 1.1.4c

Note that there are only two dependencies here that are not listed as optional, xmlpull and xpp3_min. These are libraries that XStream uses for lower-level XML stuff.

But what are all of these optional dependencies?

Let's pick the well-known one, Joda Time.  Joda is a date/time library that supports parsing date/times from strings and formatting strings from date/times, amongst other things. The library is marked as "optional" because you don't have to have Joda in order to use XStream.

For example, if you are using XStream to do XOM marshaling on XML that does not have dates/times, well then the code that uses Joda will never be reached. So Joda is absolutely optional, from a library perspective, but as the implementing developer only you know if you need it or not. If you have XML that does have dates/times but you don't have Joda, you'll get ClassNotFoundException errors when you hit the XStream code that leverages Joda.

When the libraries are being built, the scope used for the declared dependencies, i.e. runtime vs compile in Gradle and <optional /> tag in Maven, will translate into the "resolution:= optional" stanza in the jar's MANIFEST.MF. Depending upon how the jar is used, this extra designation can be used or it can be ignored. For example, if use the "java" command with a classpath that includes the XStream jar and your classes, Java will happily run the code whether or not Joda is required. However, if you were to try to process an XML file with a date/time stamp, you may encounter a ClassNotFoundException or the like if Joda is not available.

The OSGi container is stricter about these optional dependencies. OSGi sees that XStream may need Joda, but it cannot determine whether or not it will be needed when the bundle is resolving. This is one reason why you get the "Unresolved Requirement" error when OSGi attempts to start the bundle.

It is up to the bundle developer to know what is required and what isn't, and OSGi forces you to either satisfy the dependency (ala something like this) or excluding the package dependency by masking them out using the Import-Package declaration. If you, the developer, are using XStream, OSGi expects that you should know if you are going to need an optional dependency like Joda or not.

Now I hate picking out one example like this, but I think this is really important to point out. Yes, you can tell OSGi to also treat the dependency as optional. It will get you by the Unresolved Requirement bundle start error. The problem, however, is it leaves you open to a later ClassNotFoundException because you have a dependency on a package which is marked as optional. The last thing you want to have happen is to find your module deployed to production and fail on a sporadic basis because sometimes an XML file has a date/time to parse.

Recommendations

So, now for some recommendations...

If you have a dependency, you have to include it. I tend to use Option 4 from my blog, but I'm using the compileInclude Gradle dependecy directive to handle the grunt work for me. If your dependency has required dependencies, well you have to include them also and compileInclude should cover that for you too.

For the optional dependencies, you have to determine if you need them or not. Yes, this is some analysis on your part, but it will be the only way to ensure that your module is correctly packaged.

If you need the optional dependency, you have to include it. I will typically use the compileInclude directive explictly to ensure the dependency gets pulled into the module correctly.

If you don't need the optional dependency, then exclude it entirely from the bundle. You do this in the bnd.bnd file using the Import-Package directive like:

Import-Package: !org.codehaus.jackson, \ !org.codehaus.jackson.annotate, \ !org.codehaus.jackson.format, \ !org.codehaus.jackson.impl, \ !org.codehaus.jackson.io, \ !org.codehaus.jackson.type, \ !org.codehaus.jackson.util, \ !org.joda.time, \ !org.joda.time.format, \ *

The syntax above tells OSGi that the listed packages are not imported (because of the leading exclamation point). This is how you exclude a package from being imported.

NOTE: When using this syntax, always include that last line, the wildcard. This tells OSGi that any other non-listed packages should be imported and it will require all remaining packages be resolved before starting the bundle.

And the final recommendation is:

Do not pass the optional resolution directive on to OSGi as it may lead to runtime CNFEs due to unsatisfied dependencies.

Got questions about your dependency inclusion? Comment below or post to the forums!

David H Nebinger 2018-04-06T01:01:30Z
Categories: CMS, ECM

CiviCamp Calgary May22/2018 - Action Packed Program - Final call for Registrations

CiviCRM - Thu, 04/05/2018 - 09:40
CiviCamp Calgary 2018

Join us on Tuesday May 22 - 2018 for CiviCamp Calgary - a one day event covering everything related to CiviCRM. Attend CiviCamp and learn about CiviCRM and what it can do for your organization, meet other CiviCRM Users, CiviCRM Partners and CiviCRM Core Team Members and gather their feedback, learn advanced strategies for managing your online database, ask any questions you might have, share tips and build connections! This is the opportunity to meet the CiviCRM community and share experiences and knowledge with other organizations using CiviCRM!

Categories: CRM

Experiência-Digital-do-Cliente

Liferay - Wed, 04/04/2018 - 17:28

Empresas bem-sucedidas acreditam no êxito que a experiência do cliente pode trazer mais do que nunca. De acordo com um estudo da Walker, ela se tornará o principal diferencial entre as marcas até o ano de 2020, superando preço e produto. E parte deste novo diferencial virá através da experiência digital do cliente.

A experiência digital do cliente é tão crucial quanto as interações tradicionais, cara a cara. As marcas devem considerar essas duas facetas separadamente, mas fortemente conectadas, para criar uma estratégia eficaz que agrade o público-alvo. No entanto, entender estes dois tipos de experiências pode ser confuso para aqueles que não estão completamente familiarizados com suas diferenças e semelhanças.

Definindo a Experiência do Cliente

O termo experiência do cliente (CX) é amplo no que se refere a como um consumidor se sente em relação ao seu tratamento por uma empresa. Isso inclui os aspectos tradicionais do atendimento ao cliente, como a ajuda presencial de um funcionário, bem como as interações mais recentes e baseadas no mundo digital, como os serviços de chatbot. O termo experiência digital do cliente (DCX) é focado exclusivamente nestes serviços digitais, assim como ferramentas de back-office que ajudam a tornar essas experiências online possíveis, como softwares de personalização.

Pense na experiência do cliente e na experiência digital do cliente como igualmente importantes para atender às necessidades da sua audiência e proporcionar- uma interação coesa e positiva com sua marca. Embora DCX possa ser englobada na definição mais abrangente de CX, elas são distintas uma da outra em seu modus operandi, embora tenham o mesmo objetivo de fechamento de vendas.

Experiências Diferentes Precisam de Estratégias Diferentes

É importante que as empresas entendam que os mesmos princípios usados para criar uma ótima experiência do cliente nem sempre se traduzem perfeitamente em uma ótima experiência digital do cliente. Embora o público-alvo de uma empresa possa encontrar o mesmo nível de serviço e atendimento, tanto presencialmente quanto online, as empresas devem observar que a experiência do cliente e a experiência digital do cliente não têm uma correlação direta.

Como discutido pela Harvard Business Review, grande parte da experiência do cliente tradicional depende das ações de outros clientes, do ambiente físico e da localização, o que geralmente resulta em clientes que diminuem suas expectativas em relação à experiência. No entanto, a experiência digital do cliente é puramente online e está sujeita aos altos padrões dos consumidores, incluindo o tempo de carregamento de páginas, a velocidade para encontrar os itens desejados e ter suas necessidades atendidas exatamente como eles esperam. Os clientes que estão em uma loja sabem que os funcionários estão ocupados e podem precisar aguardar para serem atendidos, mas os clientes online sentem que não há desculpa para serviços lentos ou ineficientes ao realizarem compras em seus computadores. Estas expectativas diferentes exigem estratégias distintas para serem atendidas adequadamente.

As organizações precisarão de insights valiosos sobre como os consumidores interagem com elas por meio de plataformas digitais, com o intuito de criar experiências digitais excelentes. O Gartner relata que a maneira mais comum de começar a aprimorar a DCX é melhorando a coleta e análise de feedback dos clientes. Desta forma você pode obter uma melhor compreensão do que melhorar para atender às expectativas do cliente.

O Valor da Experiência Digital do Cliente

Com a quantidade de trabalho necessária para fazer uma ótima experiência digital do cliente, as empresas podem se perguntar se vale a pena o esforço. Entretanto, quando feitas de forma eficaz, elas demonstraram ter um efeito positivo nos clientes e levar a um alto retorno do investimento. Embora o impacto da experiência digital do cliente nos lucros de uma empresa varie, as informações da Forbes mostram que a adoção mais ampla de uma interação digital (como um carrinho de compras online) gera uma receita mais alta e menor custo operacional. A pesquisa da McKinsey também mostra que as empresas que possuem maior capacidade digital podem converter as vendas a uma taxa 2,5 vezes maior do que empresas com menor capacidade digital.

Assim como a experiência do cliente tradicional, uma experiência digital do cliente ruim pode fazer com que eles recorram a um concorrente. Como discutido em um artigo no Huffington Post, 67% dos clientes colocaram más experiências como uma razão para deixar uma empresa em favor de um concorrente. Isso inclui experiências ruins online. É importante notar que, mesmo que você não esteja ouvindo reclamações diretas de clientes, estatísticas mostram que apenas 1 em cada 26 clientes insatisfeitos reclamarão de uma experiência ruim. O silêncio do seu público-alvo em relação à uma experiência digital do cliente fraca ou inexistente não significa que você não deva melhorá-lar.

O Futuro da Experiência Digital do Cliente

É importante notar que as experiências online e offline, embora ainda diferentes umas das outras, estão se tornando mais próximas do que nunca na jornada do cliente. O cliente moderno geralmente espera poder alternar entre os dispositivos enquanto estiver online, bem como iniciar, continuar ou concluir sua jornada pessoalmente sempre que desejar. Isso significa que uma empresa deve fornecer experiências digitais que possam transferir informações importantes entre dispositivos e também acessar estas informações em locais físicos para uma experiência suave e interconectada.

À medida que você gerencia e procura melhorar a atual experiência digital do cliente, tenha isso sempre em mente para que sua marca consiga acompanhar as expectativas em evolução do público moderno.

 

Isabella Rocha 2018-04-04T22:28:52Z
Categories: CMS, ECM

Implementation Guide on Headless and Decoupled CMS

Drupal - Mon, 04/02/2018 - 16:03

The following blog was written by Drupal Association Signature Hosting Supporter, Acquia

The rapid evolution of diverse end-user clients and applications has given rise to a dizzying array of digital channels to support.

Websites in the past were built from monolithic architectures utilizing web content management solutions that deliver content through a templating solution tightly “coupled” with the content management system on the back-end.

Agile organizations crave flexibility, and strive to manage structured content across different presentation layers consistently in a way that’s scalable.

Accomplishing this efficiently requires that teams have flexibility in the front-end frameworks that dominate the modern digital landscape. That’s why decoupled and headless CMS is taking off. That’s why you’re here. But now you need the right technology to support the next phase of the web and beyond.

Download this eBook on headless and decoupled CMS
Categories: CMS

Announcing 4.☔ LTS

CiviCRM - Sun, 04/01/2018 - 06:55
You may have read the recent announcement of CiviCRM 5.0 and its revolutionary new method of numbering CiviCRM releases.   Meanwhile, those who prefer greater stability can use the Long-Term Support (LTS) releases of CiviCRM.  LTS users won't be left behind in the version numbering progress, however.  
Categories: CRM

Avoid These 6 Common Credit Card Processing Nightmares

PrestaShop - Fri, 03/30/2018 - 08:18
As an e-commerce business owner, I’m sure you’ve been told time and time again that processing payments is simply going to be a hassle.
Categories: E-commerce

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002

Drupal - Wed, 03/28/2018 - 13:14
Project: Drupal coreDate: 2018-March-28Security risk: Highly critical 24∕25 AC:None/A:None/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code Execution Description: 

CVE: CVE-2018-7600

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

The security team has written an FAQ about this issue.

Solution: 

Upgrade to the most recent version of Drupal 7 or 8 core.

  • If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
  • If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)

Drupal 8.3.x and 8.4.x are no longer supported and we don't normally provide security releases for unsupported minor releases. However, given the potential severity of this issue, we are providing 8.3.x and 8.4.x releases that includes the fix for sites which have not yet had a chance to update to 8.5.0.

Your site's update report page will recommend the 8.5.x release even if you are on 8.3.x or 8.4.x. Please take the time to update to a supported version after installing this security update.

This issue also affects Drupal 8.2.x and earlier, which are no longer supported. If you are running any of these versions of Drupal 8, update to a more recent release and then follow the instructions above.

This issue also affects Drupal 6. Drupal 6 is End of Life. For more information on Drupal 6 support please contact a D6LTS vendor.

Reported By: Fixed By:  Contact and more information

The Drupal security team can be reached by email at security at drupal.org or via the contact form.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Categories: CMS

Thinking Outside of the Box: Resources Importer

Liferay - Wed, 03/28/2018 - 09:48
Introduction

On a project recently I had a Theme war and, like those themes you can download from the MarketPlace, I also had pages, contents and documents imported by the Resources Importer (RI) as a site template.

Which is pretty cool, on its own, so I could deploy the theme and create a new site based on the theme and demo how it looks and works.

But I ran into something that I consider a bug: every time the container restarts, the WAR->WAB processes my theme but also my Resources Importer stuff and it goes crazy creating new versions for the contents and documents, and my sites (if propagation was enabled) would start throwing exceptions about missing versions (I had developer mode enabled so the old versions were getting deleted).

I have open bugs on all of these issues, but it made me wonder what I could do with the RI to work around these issues in the interim.

So I knew that I would still want to use RI to load my assets, but I only ever want RI to load them once, and not again if the containing bundle were already deployed.

Running once and only once, as part of an initial deployment or perhaps as part of an upgrade, well I've seen that before, that's a perfect fit for an Upgrade Process implementation.

So I had an idea that I wanted to build an upgrade process that could invoke RI to import new resources. The Upgrade framework would ensure that a particular upgrade step would only run once (so I don't end up w/ weird version issues), that I could support doing version upgrades when necessary, and since I'm using RI I don't have to recreate the wheel to import resources.

What Can RI Do OOTB?

So the Resources Importer (RI) is an integrated part of Liferay 7.x CE and Liferay 7.x DXP. It is implemented in the com.liferay:com.liferay.exportimport.resources.importer bundle. RI ships with the following capabilities OOTB:

That second one was a doozy to find. It's not really documented, but it is in the code to support it.

If you trace through the code from modules/apps/web-experience/export-import/export-import-resources-importer in the com.liferay.exportimport.resources.importer.internal.extender.ResourceImporterExtender class, you will see that it has code to track all com.liferay.exportimport.resources.importer.provider.ResourceImporterBundleProvider instances. When found, the RI infrastructure will look for a liferay-plugin-package.properties file in your bundle classes which defines where to find the resources to import. So if you register a ResourceImporterBundleProvider component in your bundle, RI will load your resources from that bundle.

Now I don't know if it suffers from the same issue as the WAR->WAB reloading loop, so it might have issues on its own, but that would take some testing to find out.

The LMB message aspect can be found in the ResourceImporterExtender class.  If you don't want to use the ResourceImporterBundleProvider aspect, you could use the code in this class to initialize the bundle servlet context and send RI a hot deploy message and it will kick of the resource import (which is how the Extender class actually invokes RI, so if you can use the ResourceImporterBundleProvider component it will save you some boilerplate code).

The LAR file handling was interesting.  You can have a single LAR file as /WEB-INF/classes/resources-importer/archive.lar to load public resources.  If you have public and private or just private resources, you have to use /WEB-INF/classes/resources-importer/public.lar and/or /WEB-INF/classes/resources-importer/private.lar respectively.

Can I Do More with RI?

In short, yes. The first problem is that the Liferay APIs are not exported, so even though their bundle has the necessary classes, they are hidden away.

So in my workspace, https://github.com/dnebing/rsrc-upgrade-import, I have a module, resources-importer-api, which has copies of the classes but they are exported. Included in this module are some extension classes I created to support running RI within a bundle's UpgradeProcess.

The second module, resources-importer-upgrade-sample, is a sample bundle that shows how to build out an upgrade process that invokes the Resources Importer in upgrade processes.

The code that is checked in is configured only for bundle version 1.0.0. You can build and deploy to get the Dog articles.

Next, change the version to 1.1.0 in the bnd.bnd file and uncomment the line, https://github.com/dnebing/rsrc-upgrade-import/blob/master/modules/resources-importer-upgrade-sample/src/main/java/com/liferay/exportimport/resources/importer/sample/ResourceImporterUpgradeStepRegistrator.java#L73, build and deploy to get the Cat articles.

Next, change the version to 1.1.1 in the bnd.bnd file and uncomment the line, https://github.com/dnebing/rsrc-upgrade-import/blob/master/modules/resources-importer-upgrade-sample/src/main/java/com/liferay/exportimport/resources/importer/sample/ResourceImporterUpgradeStepRegistrator.java#L76, build and deploy to get the Elephant articles.

At each deployment, only the assets tied to the upgrade process will be processed. And if you start your version at 1.1.1 and uncomment both of the registry lines referenced above, build and deploy the first time to a clean environment, you'll see all 3 upgrade steps run in sequence, 0.0.0 -> 1.0.0, 1.0.0 -> 1.1.0, and 1.1.0 -> 1.1.1.

Since we're using an upgrade process to handle the asset deployment, the RI will only run once and only once for each version.

Conclusion

With the provided API module, there are more ways to leverage the RI. I can imagine a message queue listener that receives specially crafted messages that contain articles that transforms these into consumable RI objects and invokes RI to do the heavy lifting, invoking the RI system to properly load up the assets correctly, letting it invoke all of the necessary Liferay APIs.

Or a directory watcher that looks for files dropped in a particular folder and does pretty much the same thing.

For the record, I don't think I'd want to use this for managing the deployment of a long list of assets. I wouldn't want to use the RI as some sort of content promotion process as content creation is not a development activity and should be handled by appropriate publication tools built into the Liferay platform.

Anyways, check out the blog project repo at https://github.com/dnebing/rsrc-upgrade-import and let me know what you think...

David H Nebinger 2018-03-28T14:48:59Z
Categories: CMS, ECM

Engineering Group and Open Source Initiative Partner for Enhanced Leadership in Open Source: Engineering Group continues its support of global open source software communities.

Open Source Initiative - Wed, 03/28/2018 - 08:29

Rome (Italy) - March 27, 2018 – Engineering Group, the global IT player and Italian leader in digital transformation, announced their continued sponsorship of the Open Source Initiative (OSI). The OSI is internationally recognized as the stewards of open source software, working to promote and protect open source projects, development and communities. For 20 years the organization has served as the reference point for individuals, non-profit organizations, international enterprises, and governments that recognize the critical role of open source in enabling flexibility, transparency, innovation, and added-value in technology-based products and services.

Moreover Daniele Gagliardi—Technical Manager at Engineering Group’s Open Source Competency Center—has been re-elected Corporate representative in the Board of Directors of OW2 (www.ow2.org), one of the major global open source software communities and an OSI Affiliate Member. It grants the durable and sustainable development of the most adopted and reliable enterprise-level open source solutions. OW2 hosts over 100 open source projects, including Knowage, SpagoBI, Spagic and Spago4Q, realized by Engineering Group.

As for Knowage—the reference brand for business analytics—the most important novelties, available for download on OW2 marketplace starting from 6.2 version, focus on improved features supporting data inquiry and cross navigation through interactive cockpits, in order to offer even more flexible and effective tools to extract value from one’s business data. For all updates and upcoming events, visit www.knowage-suite.com.

“Engineering Group’s sponsorship highlights the broad appeal and value of open source software and the communities of practice that enable its development, we are so grateful to have their support” said Patrick Masson, OSI General Manager. “Engineering Group serves as a model across industries, showcasing how business can authentically engage, as users of open source software, as developers of open source projects, and as contributors to open source communities.”

About Engineering Group
Engineering Group (www.eng.it) is the Italian leader in the Information Technology sector, with more than 10,000 employees and 50 sites in Italy, Germany, Spain, Belgium, Republic of Serbia, South America and the United States. The Technical, Innovation & Research Division includes the Open Source Competency Center.

About The Open Source Initiative
Founded in 1998, the Open Source Initiative (OSI) protects and promotes open source software, development and communities, championing software freedom in society through education, collaboration, and infrastructure, stewarding the Open Source Definition, and preventing abuse of the ideals and ethos inherent to the open source movement. The OSI is a California public benefit corporation, with 501(c)(3) tax-exempt status. For more information about the OSI, see https://opensource.org.

Categories: Open Source

Thunder, the Drupal 8 Distribution for Professional Publishing

Drupal - Tue, 03/27/2018 - 18:41

Thunder is proud sponsor of the Media and Publishing Summit ahead of the DrupalCon in Nashville. Meet us on 9th April and during the DrupalCon to learn more about Thunder and how it is used in professional publishing.

https://thunder.org/

Thunder is the Drupal 8 distribution for professional publishing. Thunder was designed by Hubert Burda Media and released as open-source software under the GNU General Public License in 2016. As members of the Thunder community, publishers, partners, and developers build custom extensions and share them with the community to further enhance Thunder.

Thunder consists of the current Drupal 8 functionality, lots of handpicked publisher-centric modules with custom enhancements (our own Thunder Admin Theme, the Paragraphs module, the Media Entity module, the Entity Browser module, and lots more), and an environment which makes it easy to install, deploy and add new functionality (e.g. the Thunder Updater).

To learn more about Thunder projects, read these case studies: German magazine Mein Schöner Garten (Gardening Magazine for Hubert Burda Media), US magazine American Heritage (American Heritage Magazine Migration – Drupal 8), and Serbian television and radio station PannonRTV (News portal for media house – PannonRTV).

About the idea:

We at the Thunder Core Team believe that publishers do not compete with each other through technology, but rather through content and brands. That is why the German publisher Hubert Burda Media established the Thunder community which aims to join forces among media companies by sharing code and innovation power. The goal is to innovate faster and spend less money overall by working together.

The Thunder community’s core product is the open-source content management system Thunder. Community members develop useful modules, use them for their own purposes and share them with the community by publishing them under the GNU General Public License. Neither Hubert Burda Media nor the other publishers in the community charge anyone for their contributions.

Any company publishing content professionally is welcome as a member of the Thunder community - both as user and as contributor. Anyone can join by contributing to the distribution. The usefulness and richness of Thunder’s functionality directly benefit from the number of contributors.

Why Drupal was chosen: 

For Burda, Drupal is the content management platform of choice. It is a free and open-source content-management framework written in PHP and distributed under the GNU General Public License.

The standard Drupal core already provides the essential features, e.g. user management, menu management, RSS feeds, taxonomy, page layout customization, and system administration. It is easily adaptable and extensible with thousands of modules provided by a global community of users and developers. In addition, developers at Hubert Burda Media have had previous good experiences with Drupal. Drupal is therefore a tried and tested basis and has become even better with Drupal 8.

Describe the project (goals, requirements and outcome): 

Thunder started as a way to share innovation and synergies among the many different brands and products within the Burda Corporation to save costs and speed up the time to market. It did not take long until we realized that the model that worked within the very diverse Burda universe would be useful for almost all digital publishers. That was when we decided to open source the distribution.

Due to its open source basis on Drupal 8, all features and functionality within Thunder are available to anyone wishing to benefit from Burda’s industry experience. Individual brands can add modules to tailor the system to their specific needs. Many of those “specific” customizations will prove to be valuable to more than just the organizations they originated from. We therefore designed Thunder in a way that we can easily incorporate those add-ons into the main distribution and share the features among all brands.

Goals:

We aim at becoming the best open-source content management system for professional publishing. In this, we focus on the creation of content. We want to help editors to create articles, to add media, to build landing pages, in short, to share their stories with the world.
We want Thunder to be a CMS jointly developed by its users and are therefore working towards building a community of publishers, IT agencies, and anyone else who shares our ideas and contributes to Thunder.

Our aim in doing so is to stay very close to the Drupal community and the Drupal core instead of creating a Thunder fork. Whenever we want to implement a new functionality or solve a problem, we try to do this in Drupal core or in the modules Thunder uses instead of fixing things in the distribution.

Time spent:

It’s difficult to measure the time spent on the development of Thunder, as this is an ongoing process. Currently, there are four developers employed by Hubert Burda Media working on the distribution full-time, plus several external developers. They focus on the advancement of Thunder as well as Drupal core and the contrib modules used in the distribution. A community manager is working on coordinating and growing the Thunder community of publishers, developers, and other partners.

Timeline and Milestones:
  • 30th August 2015: Repository and first commits for Thunder
  • September 2015: playboy.de – the first website running on Thunder
  • November 2015: instyle.de – the second website running on Thunder as well as proof of concept of the sharing model
  • 17th March 2016: Official press release about Thunder
  • October 2016: produceretailer.com is the first professional non-Burda website running on Thunder
  • 30th January 2017: Release of Thunder 1.0
  • March 2016: One year after the official launch of the Thunder initiative, 15 websites (we know of) are running on Thunder.
  • 1st June 2017: Release of Thunder 2.0
  • 20th July 2017: Release of Thunder Admin Theme
  • 20th November 2017: First community event, the Thunder Day in Hamburg
Results:

We released Thunder 1.0 in January 2017. One year later, at least 60 professional websites that we know of now run on Thunder. In the meantime, we have also released Thunder 2.0 and the Thunder Admin Theme.

Publishing houses grabbed the idea of working together. The Austrian publisher kurier.at, for example, contributed to the liveblog module used in Thunder and developed a new functionality to split text paragraphs.

In community matters, we talked to more than 300 companies worldwide. We established the “Certified Thunder Integrator” program to help publishers to find IT agencies as well as IT agencies to find customers. As of now, there are more than 20 companies certified or in the certification process.

We aim at bringing people together to share experiences. For this purpose, we introduced a Slack team for the Thunder community as well as several social media accounts. Furthermore, we organized the first community event – the Thunder Day – with around 120 participants in November 2017.

Challenges and how we resolved them:

Updating:

Distributions such as Thunder face the problem of losing control after the installation. How should a distribution actually deliver features and updates? We thought a lot about this problem and introduced the Thunder Updater, the “Thunder way to keep your site up to date”. Thunder checks if installed configurations have been changed – if not, they can be updated. Otherwise, you will get a message telling you there’s an update pending and what to do if you wish to have it. This functionality is currently an integral part of the distribution but we plan to detach it and publish it as a module on drupal.org soon so that everybody can use it.

Testing:

Writing an Admin Theme is very difficult because Drupal offers so many possibilities to adapt things: If you change something it can have unexpected effects in unexpected places. To avoid surprises, we developed Sharpeye, a visual regression tool. It takes screenshots and compares them in automated tests. This gives us a good overview. We open sourced the tool and you can download it here: github.com/BurdaMagazinOrg/sharpeye

Technical details, tips, and tricks: Tooling:

We invested a lot of time into automated testing but it was well worth the effort, not only for Thunder but also for Drupal core and the contrib modules we use since we discovered a lot of bugs there too.

Development process:

We don’t use a closed issue tracker but publish our tickets on drupal.org, thereby creating transparency. We use Github rather than drupal.org for the development because the developer experience is much better.

Organizations involved: 

Thunder

Modules/Themes/Distributions

Key modules/theme/distribution used: 

Why these modules/theme/distribution were chosen:  Requirements / Key modules Storytelling

In professional publishing, it’s all about the story. It has to be easy to create a story, to extend it, to change its narrative strand, and to enrich it with multimedia content. We use the Paragraphs module for this. Instead of putting all their content in one WYSIWYG body field including images and videos, end-users can now choose on the fly between pre-defined Paragraph Types independent from one another. Paragraph Types can be anything you want from a simple text block or image to a complex and configurable slideshow. This allows editors to structure an article into sub-elements which can easily be created, edited, and reorganized.

Media Handling

Editors want to enrich their articles with pictures, videos, content from social media, and whatever else you might think of. Paragraphs are one part of this, the other is the combination of the Media Entity module and the Entity Browser module. With those modules, editors can easily upload new content but also find and reuse existing entities.

SEO

Search engine optimization plays a major role in every editor’s life. Thunder therefore gas a plethora of different adjusting screws, from several meta tags for Facebook, Twitter, and Open Graph up to the simple XML sitemap.

Scheduled Publishing

The editor’s daily life is a lot about planning. With Thunder, you can schedule articles, ensuring they will be published at a given date and time. Even more importantly, you can also schedule the time at which an article or a picture should not be shown on the website anymore, e.g. if the contract period for a photograph has ended or an event announcement isn’t useful anymore.

Improved Authoring Experience

Our primary focus is making the editors’ work with Thunder as easy as possible. In order to achieve this, we created the Thunder Admin Theme based on findings of user tests and a survey conducted with editors working with Thunder.

Detailed Module List

Find a detailed list of the modules we use in Thunder here: burdamagazinorg.github.io/thunder-documentation/modules

Community contributions: 

Since we get a lot from the Drupal community, we give our best to contribute back, e.g. by fixing the bugs we find through automated tests and by supporting Drupal events and code sprints with developer time, talks, and sponsoring. Christian Fritsch, a member of the Thunder Core Team, contributed a lot of his time to the media initiative. Ingo Rübe, the initiator of Thunder, is a member of the Drupal Association’s Board of Directors.

Project team: 
  • Daniel Bosen - Lead Developer
  • Christian Fritsch - Senior Developer
  • Mladen Todorovic - Senior Developer
  • Volker Killesreiter - Senior Developer
  • Julia Pradel - Community Manager
  • Ingo Rübe - Initiator of Thunder
  • Collin Müller - Head of Strategic Development
Team members: 
Categories: CMS

Liferay Portal 7.0 CE GA6 Release

Liferay - Tue, 03/27/2018 - 11:47

I'm pleased to announce the immediate availability of: Liferay Portal 7.0 CE GA6!


  Download Now! What’s New
  • Bug Fixes - Liferay 7 Portal CE GA6 is mainly a bug fix release and contains over 800 fixes. A complete list can be found here.

Known Issues
  • LPS-71774 - Browser button border overflow on Documents and Media
  • LPS-78897 - Announcement portlet's titles wrongly translated to Finnish and Swedish
  • LPS-78989 - Event repeat date incorrect when changing start date
  • Upgrade Process - May see message: Duplicate entry 'com.liferay.rss.web.internal.util.RSSFeed' for key 'IX_B27A301F'.  We have determined this error is non-disruptive and can safely be ignored.
Release Nomenclature

Following Liferay's version scheme established in 2010, this release is Liferay Portal 7.0 CE GA6.  The internal version number is 7.0.5 (i.e. the sixth release of 7.0).  See below for upgrade instructions from 6.1, 6.0, and 5.x.

Downloads

You can find the 7.0 release on the usual downloads page. 

Source Code

As Liferay is an open source project, many of you will want to get at its guts. The source is available as a zip archive on the downloads page, or on its home on GitHub. Many community contributions went into this release, and hopefully many more in future releases! If you're interested in contributing, take a look at our updated contribution guide.

Compatibility Matrix

Liferay Portal 7.0 CE GA6 is testing extensively against different Open Source App Server/Database server combinations.

Application Servers:
  • Apache Tomcat 8.0 with Java 8
  • Wildfly 10.0 with Java 8
Database Servers:
  • HSQLDB 2 (only for demonstration, development, and testing)
  • MySQL 5.6
  • MariaDB 10
  • PostgreSQL 9.4
Search:
  • ElasticSearch 2.4.x
Documentation

The Liferay Documentation Team has been hard at work updating all of the documentation for the new release.  This includes updated (and vastly improved/enlarged) javadoc and related reference documentation, and and updated installation and development documentation can be found on the Liferay Developer Network. Our community has been instrumental in identifying the areas of improvement, and we are constantly updating the documentation to fill in any gaps.

Bug Reporting

If you believe you have encountered a bug in the new release you can report your issue on issues.liferay.com, selecting the "7.0.0 CE GA6" release as the value for the "Affects Version/s" field.

Upgrading

The upgrade experience for Liferay 7 has been completely revamped.  There are some caveats though, so be sure to check out the Upgrade Guide on the Liferay Developer Network for more details on upgrading to 7.0.

Getting Support

Support for Liferay Portal 7.0 CE GA6 is provided by our awesome community.  Please visit our  community website for more details on how you can receive support.

Liferay and its worldwide partner network also provides services, support, training, and consulting around its flagship enterprise offering, Liferay DXP.

Also note that customers on existing releases such as 6.1 and 6.2 continue to be professionally supported, and the documentation, source, and other ancillary data about these releases will remain in place.

Kudos

Thanks to everyone in our community! It is thanks to your constant support that makes each release as great as they are!

Jamie Sammons 2018-03-27T16:47:31Z
Categories: CMS, ECM

Using Conversion Rate Optimization to boost sales

PrestaShop - Tue, 03/27/2018 - 08:58
It’s a digital marketer’s job to help increase sales on a website. So how do they do this?
Categories: E-commerce

KNIME and DYMATRIX Meetup - Munich

Knime - Tue, 03/27/2018 - 07:24
KNIME and DYMATRIX Meetup - Munich heather.fyson Tue, 03/27/2018 - 14:24 April 25, 2018 Munich

Become part of this innovative and active community. Find out more about the opportunities and best practices provided by advanced analytics and join us at this meetup, hosted together with DYMATRIX on the evening before DYMATRIX' DynaSummit, in Munich.

We look forward to an evening of interesting talks and discussion on customer centricity, innovative use cases involving text and image data and the open analytics platform.

If you would like to attend, please register through the DYMATRIX webpage.

Agenda:

  • 18:00 - Welcome & Opening (Thomas Dold, DYMATRIX CONSULTING GROUP)
  • 18:15 - The Open Analytics Platform (Thomas Gabriel, KNIME)
  • 18:30 - Customer Centricity - Wie Alder Modemärkte Relevanzsteigerung für den Kunden durch Individualisierung realisiert (Paul Christ, ADLER Modemärkte und Dr. Sebastian Moll, DYMATRIC CONSULTING GROUP)
  • 19:00 - Jacke wie Hose? - Innovative Use Cases mit Text- und Bilddaten (DYMATRIX CONSULTING GROUP)
  • 19:30 - Get together

Location: Hotel NH München Ost Conference Center,  Einsteinring 20, 85609 Aschheim

Categories: BI

KNIME User Meetup on Big Data and Machine Learning, Stuttgart

Knime - Tue, 03/27/2018 - 07:15
KNIME User Meetup on Big Data and Machine Learning, Stuttgart heather.fyson Tue, 03/27/2018 - 14:15 April 17, 2018 Stuttgart

Join us in Stuttgart for an evening on Big Data and Machine Learning!

Machine learning and artificial intelligence have a wide variety of exciting applications. Come and explore these applications and collectively improve and grow with KNIME and more like-minded people. Join us for this unique meetup in the picturesque atmosphere of one of the most beautiful wine cellars in Stuttgart.

Thomas Gabriel will provide an update on KNIME software - including a glimpse at what is new in the most recent 3.5.2 release of KNIME Analytics Platform and its commercial extensions.

The next talk, "Smart Data Collaboration Hub“, by Kilian Retter of Landesbank Baden-Württemberg, presents the scalable Big Data Infrastructure of LBBW, which is fully built upon open source technologies – Cassandra, Spark, and KNIME. The talk also dives into different machine learning use cases that have been deployed on the Smart Data Collaboration Hub.

Taming and analyzing always-on data streams within an Industry 4.0 smart factory setup will play a crucial role in boosting overall equipment effectiveness. “Smart Industry 4.0” by Michael Wojtas of Leadec Industrial Services will give an overview on how Leadec addresses Predictive Maintenance in modern production environments.

The final talk on "Anomaly Detection in Time Series“, by Stefan Weingaertner of DATATRONiQ, displays the variety of anomaly detection challenges, depending on the structure and characteristic of the underlying data or sensor source – ranging from low-frequency to high-frequency signals.

The meetup closes with a networking session and a tasting of local wines of Collegium Wirtemberg.

Agenda:

  • 17:30 - Registration
  • 18:00 - Welcome and Introductions (Stefan Weingaertner, DATATRONiQ)
  • 18:05 - KNIME Open Source Story and What’s New in KNIME (Thomas Gabriel, KNIME)
  • 18:30 - Smart Data Collaboration Hub (Kilian Retter, Landesbank Baden-Württemberg)
  • 19:10 - Smart Industry 4.0 – Predictive Maintenance (Michael Wojtas, Leadec Industrial Services)
  • 19:50 - Anomaly Detection in Time Series (Stefan Weingaertner, DATATRONiQ GmbH)
  • 20:20 - Networking & tasting of regional wines

Location: Uhlbacher Kelter, Collegium Wirtemberg, Uhlbacherstrasse 221, 70329 Stuttgart

 

All talks will be in German – the slides are in English.

    Categories: BI

    Sending emails with personalised links / Opt-in to communications

    CiviCRM - Mon, 03/26/2018 - 12:08

    I've had a few requests from clients recently with queries around updating contact details and permissions with the new GDPR data protection legislation coming into force in Europe in May.

    As a result I've developed two very simple extensions which I'd like to share:

    Contact Checksum

    This extension provides a simple UI under the contact summary via Actions->Contact Checksum.

    When opened a simple UI is displayed with information and example links to use in emails when sending personalised / "update your details" links from CiviCRM.

    Categories: CRM

    Announcing Unconference at Liferay Symposium North America 2018

    Liferay - Mon, 03/26/2018 - 11:35

    We are excited to announce that, for the first time, Unconference will be coming to Liferay Symposium North America 2018 and registration is now open.

    This one-of-a-kind crowdsourced conference is unlike any other. There are no sponsored pavilions, no paid speakers and no planned sessions at Unconference. Instead, this event is completely shaped by its attendees and their needs.

    Previously held at Liferay DevCon for the last several years, Unconference will give LSNA attendees the opportunity to shape an entire day around the ideas they are most interested to learn more about. In addition, attendees will be able to establish themselves as sources of knowledge on various matters by providing insights about the pressing issues most affecting them today by hosting their own session.

    Held on the first day of LSNA 2018, this special gathering sees the Liferay community come together to form their own conference and crowdsource the topics and presentations that they want. At the start of Unconference, a space is set up for attendees, allowing them to gather in a circle to brainstorm and build out the day’s agenda. Attendees then write down topics on cards and promote them to the crowd in order to draw interest. Finally, these session topics are coordinated into available time slots and organized to avoid topic repetition and allow attendees to join the sessions they believe are right for them.

    Unconference attendees then break out into sessions throughout the day, returning as a group at the day’s close to discuss what they have learned and experienced. In the past, Unconference attendees have been thrilled to take part in an ever-changing, highly focused and deeply insightful day that addresses needs and interests in ways few other conferences can do.

    While Unconference is geared toward developers, anyone can attend. In addition, because the topics and sessions are created and held by the attendees themselves, no two Unconferences are the same and are shaped by the unique crowd at every event.

    This year, Unconference will take place on October 8, the first day of Liferay Symposium North America 2018 in New Orleans, LA, and is hosted by Olaf Kock. Admission is $79 and Unconference runs from 9 a.m. to 5 p.m., allowing attendees to experience a full day of crowdsourced knowledge.

    In the past, Unconference admission at DevCon has sold out quickly, so make sure to purchase your ticket as soon as possible to join in on the many insights that are sure to be shared this year.

    Register for Unconference Today

    Click the link below to get your ticket to Unconference and take part in this one-of-a-kind event.

    Purchase Your Ticket   Matthew Draper 2018-03-26T16:35:29Z
    Categories: CMS, ECM

    Call for Proposals for Liferay Symposium North America 2018 is Now Open

    Liferay - Mon, 03/26/2018 - 11:32

    Liferay Symposium North America will be taking place from October 8-10 this year in New Orleans, LA, and proposal for presentations at the event are now being accepted.

    If you or your organization has developed a project using the Liferay platform or discovered something you find fascinating within the world of Liferay software development, now is your chance to share your knowledge with others. We are looking for people who are passionate about the advances they are making in digital transformation, customer experiences, vertical-specific solutions, applications and more digital innovations with Liferay.

    Through a presentation at LSNA, organizations have the chance to provide insights into Liferay development that may have not been known before, as well as help establish themselves as a source of knowledge in their fields of interest. Often, these presentations give an exclusive look into the development process and the strategies used to effectively reach complex goals to better serve customers, support employees, adapt to a changing industry and more.

    Past Symposiums have seen companies, partners and more organizations present insightful case studies regarding how their teams leveraged Liferay software to create innovative solutions, providing details regarding the process behind programming new applications, how technology impacted their success as a company, how they determined the software and solution type that was right for their business needs and much more. In doing so, a business can show themselves as thought leaders and innovators in their respective fields.

    “Take the next step in digital innovation” is the theme of LSNA 2018. Presenters will tie their talks in with this central idea and the three supporting subpoints:

    • Be a Change Agent - IT leaders need to play active roles in identifying the right technologies, strategies and methodologies to digitally mature their businesses.
    • Turn Ideas Into Action - Success means moving forward one project at a time, using new insights and tools to translate your vision into actionable steps that deliver on key goals specific to your company, industry and audience.
    • Do It Together - Business and IT leaders can together stimulate rather than hinder digital innovation by learning to speak the same language and improving cross-functional collaboration.

    LSNA presentations offer the opportunity for both developers and executives to provide insights regarding the latest in modern digital business development to a like-minded crowd. Together, the wide variety of presenters at Symposium represent leaders at the forefront of digital innovation in industries around the world.

    If you are excited to share what your organization is doing with Liferay, there is no better opportunity than Liferay Symposium North America.

    The deadline to submit your proposal is Friday, May 11, and those selected to speak at LSNA 2018 will be notified by June 11. Every presenter whose talk is accepted by the program committee will receive a free ticket to LSNA 2018.

    Submit Your Proposal Today

    Click the link below to submit your Liferay Symposium North America 2018 proposal.

    Submit a Proposal   Matthew Draper 2018-03-26T16:32:00Z
    Categories: CMS, ECM

    Meet Pravesh, Ambassador of the month | March 2018

    PrestaShop - Mon, 03/26/2018 - 04:42
    Pravesh is our Ambassador in Lucknow, India since beginning 2016. We are grateful for the work he has invested in the program thanks to his successful meetups.
    Categories: E-commerce

    User Guide Improvements from Remote Sprint

    CiviCRM - Sun, 03/25/2018 - 22:44

    Last week we had a remote sprint to improve documentation, and wow, what a success it was!

    Progress
    Categories: CRM

    ADFS Liferay DXP Integration

    Liferay - Sun, 03/25/2018 - 09:50

    Introduction

    This blog covers Liferay DXP SP4 integration with Microsoft ADFS (2.0) through SAML 2.0 (Liferay SAML plugin 3.1.1). Please note as per new update in Liferay SAML plugin, you don't require to restart the server post any changes at Liferay end. Also, in this blog Liferay is registered as Service Provider and ADFS as Identity Provider.

    This article is inspiration and collaboration of following references.

    1. https://web.liferay.com/web/a.s/blog/-/blogs/adfs-dxp
    2. https://web.liferay.com/web/sandeep.sapra/blog/-/blogs/sso-in-liferay-dxp-using-saml
    3. Liferay SAML customer documentation (only available with licensed customers)
    4. https://support.zendesk.com/hc/en-us/articles/203663886-Setting-up-single-sign-on-using-Active-Directory-with-ADFS-and-SAML-Professional-and-Enterprise-

    Integration steps

    • ADFS needs to register Liferay Application first as relying party trust manually ONLY. Below are the errors when you don't enter details manually.

     

    Figure-1: ADFS import metadata URL error

    Figure2: Error while registering Liferay metadata in ADFS through URL

    • During manual registration you have enter Liferay's SP EntityID, Certificate properly. Once you register Liferay's SP SAML metadata, just confirm following points carefully.

    Figure3: Identifiers - This should be Liferay saml metadata's "EntityID".

    Figure4: Liferay by default works with SHA encryption.

    Figure5: Endpoints. Remember ONLY 1 assertion and 1 logout endpoint is allowed by Liferay.

    Figure6: ADFS's SAML endpoint assertion details.

    Figure7: SAML logout endpoints.

    • Add following claim rules against registered relying party trust. First is LDAP claim rule and second is NameID transformation.

    Figure8: LDAP attribute mapping claim rule at ADFS.

    Figure9: NameID transformation claim rule.

    Figure10: All claim rules at ADFS. Remember the sequence of claim rules, SAML doesn't like change in this sequence. NameID rule should always be last.

    • Now execute following 2 commands from ADFS server's powershell.
    Set-AdfsRelyingPartyTrust -TargetName "www.my-site.com" -SamlResponseSignature MessageAndAssertion

    Command1: This forces ADFS to sign all saml response of Liferay's Replying party trust.

    set-ADFSRelyingPartyTrust –TargetName "TESTX" –EncryptClaims $False

    Command2: This allows ADFS SAML response's assertion to be in decrypted form which can be by Liferay.

    • Register ADFS as Identity Provider at Liferay's SAML Admin section.

    Figure11: NameID and attribute mapping at Liferay end for ADFS. Take note of Liferay attributes on right-side of equals operator.

    • Re-verify Liferay's service provider setting

    Figure12: Liferay Service Provider settings

    • One last step of configuration is importing of ADFS certificate into Liferay's SAML. By default SAML's certificate is generate at /data folder of Liferay Home. Execute below command to import ADFS certificate.

    keytool -importcert -alias ssoselfsigned -file sso-certificate.cer -keystore keystore.jks

    • Please remember password while importing is "liferay"
    • Since ADFS is IdP and Liferay is SP, in this scenario ADFS SSO initiated sign-in and sign-out URL should be used.

    Sign-in URL: https://fs.testsso.com/adfs/ls/idpinitiatedsignon.aspx?RelayState={logged-in-page-liferay}

    Sign-out URL: https://fs.testsso.com/adfs/ls/?wa=wsignout1.0

    Neeraj Gautam 2018-03-25T14:50:57Z
    Categories: CMS, ECM
    Syndicate content