Deploy to Mars Part 1: Ground Support Systems

Speaker: aaronfeledy
Audience: All Attendees
Track: DevOps

You thought Lando was just a flight simulator. A tool to be used on the ground, safely replicating the real-world environment you and your team face in production. What if I told you that Lando is also your production facility, your launchpad, and your mission control? That it’s the launch vehicle that takes you to orbit as well as the ground-support system that sees your mission through to success? Whether you’re new to Lando or have extensive flight hours, prepare for liftoff as we take Lando on a mission to deploy to Mars.

In part one of this two-part series, we will cover how Lando can quickly and easily simulate your production environment for all members of your team. We’ll spin up a local Drupal-as-an-app environment for sending static HTML to space using the Tome module. We’ll prevent rapid unscheduled disassembly of your deployment by automating testing with Drupal Test Traits. Finally, we’ll jettison Drupal’s front end and demonstrate working with decoupled environments

Dev, Test, Live in your own AWS account

Speaker: salim
Audience: All Attendees
Track: DevOps

 

Dev, Test, Live in your own AWS account

 

You’re likely paying a lot of money today for hosting your website with a multi-dev environment and a Dev, Test, Live workflow. 

 

And you’re probably paying for hosting each site individually. 

 

What if you could host ALL your sites in your own account with the same point-and-click UI and UX? 

 

What if it came with browser based dev environments? with a Cloud IDE (VS Code in a browser) so you didn’t need local dev environments?

 

What if your sites ran on the “Enterprise Grade Infrastructure” of AWS - without any shortcuts… 

 

What if everything was managed by AWS, so you didn’t have to worry about things going down? 

 

What if everything was automated… so you didn’t even have to know any AWS? 

 

What if your sites were set up in an auto-scaling cluster, that grew and shrank based on load and traffic? 

 

And what if you paid AWS directly… and only for what you used. No middle-man! No Lock-in!

 

Sound too good to be true? 

 

Come to this session and you’ll walk out knowing how to set all of this up TONIGHT in less than half an hour!

 

See you there.

 

 

Stop Wasting Time, Start Writing Tests

Speaker: bryce
Audience: Intermediate
Track: Development & Performance

How do you get a team to start writing tests, especially when they see testing as a waste of time?  It may seem like a fantasy, but one person can change everything.  In this session you’ll see how every team has a testing process, but some are more efficient than others.  You’ll get practical advice on how to introduce tests in legacy code to teams who may be resistant to the “additional work”, and you’ll leave with the tools and insights to help your team stop wasting time and starting writing tests. 

Introduction to GitHub Actions: Understanding Key Terms and Building Your First GitHub Action

Speaker: gilzow
Audience: All Attendees
Track: DevOps

We all know we should be doing more automation of our software development lifecycle, but getting started can be challenging. Even if you have experience in continuous integration and continuous delivery (CI/CD) automation, learning a specific platform's terminology and idiosyncrasies can be frustrating.   

This presentation is designed to provide an overview of GitHub Actions, a CI/CD platform that allows you to automate your build, test, and deployment pipelines, and writing one's first Action, a reusable component that can automate repeatable tasks. We'll start by going over key terms and concepts in the GitHub Actions platform, such as actions, workflows, events, and jobs, and explain how they can be pieced together to build robust and dynamic automations.

Then, we'll dive into the process of building your first GitHub Action, walking through the steps of creating a new action, the types of actions you can create, defining inputs and outputs, and required properties. We'll then work together to build an action that can be immediately used in your own workflows.

Whether you're a seasoned developer looking to move to GitHub Actions, or a newcomer to automation looking to get started with your first CI/CD automation this presentation will help jumpstart your journey.

 

Becoming a Top Gun: How to Ace the Interview Process and Land Your Dream Coding Job

Speaker: arcaneadam
Audience: All Attendees
Track:

Do you constantly get shot down after job interviews... despite your technical knowledge? Learn tips, tricks and tactics on how to soar through an interview and emerge victorious.

This session is geared more toward the technical field and some of the shortcomings I see in having interviewed for (as an interviewee and an interviewer) hundreds of technical positions over the years. But all backgrounds are welcome as the topic will be useful to anyone looking to improve their interview skills.

The Maintainer Support Initiative

Speaker: Greg Boggs
Audience: All Attendees
Track: Beginner Track

Have you always wanted to contribute more to the Drupal community but don't know where to start? The Maintainer's Initiative is here to help you.

The Maintainers Project is a community organized effort started by Damien Mckenna from Media Current and I to improve the support of Drupal contributed modules. Maintaining a large collection of modules is a big undertaking. Rather than trying to write new code, the goal is to ensure more people get responses to their contributions.

Join me for a conversation about the future of module support, an update on what the initiative has accomplished so far, and direct support helping you get involved in contributing to module support. You'll get a primer in how to become a module maintainer for an abandoned project, an overview of our support todo list, and guidance on how to contribute to module support no matter your skill level. During the session we'll create a release for a languishing Drupal module together!

Zoom After Party

Speaker: simplyshipley
Audience: All Attendees
Track: Non-Session

Keep the conversations going in our Zoom room

https://us02web.zoom.us/j/88314683335?pwd=NDVQS1dwaGhpZUxtcWluNzA2bit0dz09

 

Really Protected Content

Speaker: panchiniak
Audience: Intermediate
Track: MakerSpace

The meaning of protecting something is always incomplete until we define against whom. We may protect content from one user against the unauthorised access of other users, except by ourselves, auto proclaimed the protectors of the content. Or, we can do much better than that by allowing the users themselves to protect themselves even against our own unauthorised access. So far, the only known way for achieving that is by employing client side encryption in a zero knowledge proof schema and by the usage of asymmetric encryption keys. This, however, poses some challenges to the day-to-day operations. The first I had to face when creating the Protected Content module was the classical problem of the private key transportation. If the system has to work, the private key can not be communicated though the system. This causes two very important problems. I could ask the user to copy to himself the key, and use it whenever he had to decrypt something, bringing it with himself having had it copied somewhere else. But this approach would force users to do something that is a big burden and I wanted something that was as easy as any other conventional authentication method. Also, copying the private key somewhere else could pose even bigger security problems than storing it in the server. An hybrid approach is possible for overcomming these problems. The symmetric encryption of the asymmetric key. In other words, this allows a type of compressing of the private key in a way that it becomes at the same time defined at the client side and therefore never communicated to the server in its original form, and small enough to be remembered as a password, leaving to the attacker only a brute force option.

In this session I would like to demonstrate these concepts by showing how Protected Content integrated Drupal with OpenPGPjs in order to achieve real protection of content.

Lightning Talks

Speaker: leew, simplyshipley
Audience: All Attendees
Track: Non-Session

Lightning Talks⚡ are short (5min-ish) impromptu sessions on anything you want. Do you have something you’re proud of? Do you have a new technique that’s saving you time? Have you learned about something cool? Get up and share!

Really Protected Content

Speaker: panchiniak
Audience: Intermediate
Track: MakerSpace

The meaning of protecting something is always incomplete until we define against whom. We may protect content from one user against the unauthorised access of other users, except by ourselves, auto proclaimed the protectors of the content. Or, we can do much better than that by allowing the users themselves to protect themselves even against our own unauthorised access. So far, the only known way for achieving that is by employing client side encryption in a zero knowledge proof schema and by the usage of asymmetric encryption keys. This, however, poses some challenges to the day-to-day operations. The first I had to face when creating the Protected Content module was the classical problem of the private key transportation. If the system has to work, the private key can not be communicated though the system. This causes two very important problems. I could ask the user to copy to himself the key, and use it whenever he had to decrypt something, bringing it with himself having had it copied somewhere else. But this approach would force users to do something that is a big burden and I wanted something that was as easy as any other conventional authentication method. Also, copying the private key somewhere else could pose even bigger security problems than storing it in the server. An hybrid approach is possible for overcomming these problems. The symmetric encryption of the asymmetric key. In other words, this allows a type of compressing of the private key in a way that it becomes at the same time defined at the client side and therefore never communicated to the server in its original form, and small enough to be remembered as a password, leaving to the attacker only a brute force option.

In this session I would like to demonstrate these concepts by showing how Protected Content integrated Drupal with OpenPGPjs in order to achieve real protection of content.

Really Protected Content

Speaker: panchiniak
Audience: Intermediate
Track: MakerSpace

The meaning of protecting something is always incomplete until we define against whom. We may protect content from one user against the unauthorised access of other users, except by ourselves, auto proclaimed the protectors of the content. Or, we can do much better than that by allowing the users themselves to protect themselves even against our own unauthorised access. So far, the only known way for achieving that is by employing client side encryption in a zero knowledge proof schema and by the usage of asymmetric encryption keys. This, however, poses some challenges to the day-to-day operations. The first I had to face when creating the Protected Content module was the classical problem of the private key transportation. If the system has to work, the private key can not be communicated though the system. This causes two very important problems. I could ask the user to copy to himself the key, and use it whenever he had to decrypt something, bringing it with himself having had it copied somewhere else. But this approach would force users to do something that is a big burden and I wanted something that was as easy as any other conventional authentication method. Also, copying the private key somewhere else could pose even bigger security problems than storing it in the server. An hybrid approach is possible for overcomming these problems. The symmetric encryption of the asymmetric key. In other words, this allows a type of compressing of the private key in a way that it becomes at the same time defined at the client side and therefore never communicated to the server in its original form, and small enough to be remembered as a password, leaving to the attacker only a brute force option.

In this session I would like to demonstrate these concepts by showing how Protected Content integrated Drupal with OpenPGPjs in order to achieve real protection of content.

Let's Define Some Terms, Thinking And Talking About Content Layout: Discovery, Atomic Design, Pages, Layout, and Site Architecture

Speaker: jcandan
Audience: All Attendees
Track: Project Management and Consulting

I have been modeling this talk for a couple of years. Each time I have presented the material, it has helped immensly to drive stakeholder conversations away from being centered around Pages to being about content structure we can use.

We'll cover material in increasing phases of complexity beginning with what I consider to be the pre-discovery phase kick-off--a presentation to get a common set of terms on the table and a clear picture of catories of content layout. From there we consider these in smaller and smaller chunks, allowing us to adopt atomic design principles, and discuss the different implementation options.

Product owners, designers, project managers, themers, site builders, and full-stack developers will benefit from this talk.

Taxonomy Place

Speaker: KarenS
Audience: All Attendees
Track: Site Building

 

Taxonomy Place dynamically creates a 'Place' vocabulary using Address module to manage the geographical information. The taxonomy terms that are created are nested by country, then state/province, then city. The Address module is used as an API to retrieve the right country and province codes and names, and to manage the nesting of countries, provinces, and localities.

Instead of creating a huge taxonomy of all possible locations, many of which may never be used, the module creates the taxonomy terms as they are referenced. Users fill out an address field on a node to identify the place the node should be associated with. When the node is saved, the node's entity_reference field is updated to link it to the correct place taxonomy term, adding it to the vocabulary, if it doesn't already exist. In this way, the vocabulary only contains places that have actually been referenced.

In addition, the end user experience of interacting with an address field instead of a huge list of taxonomy terms is probably a nicer UX for linking content to places.

This session will demo how the module works and when it makes sense, with some background about why it was created.

Regex: Demystifying the Hieroglyphics

Speaker: gilzow
Audience: All Attendees
Track: Beginner Track

You're working with some data and find yourself needing to find a specific piece of information, but your searches keep matching on things that aren't what you want. While basic searches are fine for some things, in the case above, you need something more powerful. Enter regular expressions (also referred to as "regex"). BUT WAIT non-programmers! Before you scroll to the next session description: did you know that this powerful searching capability is available in things like Word and Excel, as well as Google Search Console and Google Analytics? And not only can you use it to search for information, you can also use it to transform information!

In this session, we'll jump into a brief history of regex, discuss pattern matching, and dive into the fundamentals of how we can use regex to surface the data we've been searching for in powerful ways. We'll play some regex-based games to help hone our skills, all while demystifying the idea that regular expressions are black magic, beyond the capabilities of mere mortals.

PUPPIES, PUPPIES, AND MORE PUPPIES!!!! Also: Lessons Learned While Creating a Core Theme

Speaker: mherchel
Audience: All Attendees
Track: Design, Theming, & Front-end Development

DO YOU LIKE PUPPIES????!!! IF SO THIS IS THE SESSION FOR YOU! THIS SESSION WILL FEATURE TWO PUPPIES (LADY AND KATIE) WHO ARE THE CUTEST EVER! WE WILL WATCH THEM SNUGGLE, WRESTLE AND MORE! 

 

Also, I might talk a bit about the Olivero theme, and walk through several technical and personal challenges that I encountered while creating this theme, and the techniques used to overcome these. 

 

We’ll learn about various “DrupalWTFs”, supporting Internet Explorer, and more. 

Really Protected Content

Speaker: panchiniak
Audience: Intermediate
Track: MakerSpace

The meaning of protecting something is always incomplete until we define against whom. We may protect content from one user against the unauthorised access of other users, except by ourselves, auto proclaimed the protectors of the content. Or, we can do much better than that by allowing the users themselves to protect themselves even against our own unauthorised access. So far, the only known way for achieving that is by employing client side encryption in a zero knowledge proof schema and by the usage of asymmetric encryption keys. This, however, poses some challenges to the day-to-day operations. The first I had to face when creating the Protected Content module was the classical problem of the private key transportation. If the system has to work, the private key can not be communicated though the system. This causes two very important problems. I could ask the user to copy to himself the key, and use it whenever he had to decrypt something, bringing it with himself having had it copied somewhere else. But this approach would force users to do something that is a big burden and I wanted something that was as easy as any other conventional authentication method. Also, copying the private key somewhere else could pose even bigger security problems than storing it in the server. An hybrid approach is possible for overcomming these problems. The symmetric encryption of the asymmetric key. In other words, this allows a type of compressing of the private key in a way that it becomes at the same time defined at the client side and therefore never communicated to the server in its original form, and small enough to be remembered as a password, leaving to the attacker only a brute force option.

In this session I would like to demonstrate these concepts by showing how Protected Content integrated Drupal with OpenPGPjs in order to achieve real protection of content.

Drupal Behaviors for Data Protection

Speaker: hotwebmatter
Audience: Intermediate
Track: Beginner Track

Companies love analytics, but customers value privacy. Recent legislation such as Europe's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) in the USA aim to restrict the ways that web developers can legally track visitors. We'll learn how to achieve basic compliance with these regulations using contributed modules for Drupal 7, 8, and 9, and I'll show you how to achieve strict compliance by writing Drupal Behaviors in a custom module. 

Contribution Lounge

Speaker: simplyshipley
Audience: All Attendees
Track: Non-Session

Join us at the Drupal Camp Chattanooga Contribution Lounge for coffee, community, and contributions! This is a great chance to help move Drupal forward.

We're open Saturday during from 9pm - 3:50pm.

Who should attend?

Everyone!!

We welcome those from all levels of expertise, background, gender, ethnicity, sexual identity, religion, age, and ability. Our community is diverse and we know that Drupal can benefit when everyone is included.

Not a coder?

That’s perfectly fine!

Not everyone who works on open source projects is a developer. Smaller tasks help the less experienced gain confidence and experience, which, in turn, leads to more contributions. Code is very important, but so are all the other parts.

What will we be working on?

Anything you want! From Drupal Core to community contributed projects. There is plenty of work to be done to move the project closer to perfection.

Drupal Recipes

Audience: All Attendees
Track: Site Building

Maybe you are just starting to use Drupal or maybe you've been around a long time. Either way, don't you wish you had a cookbook of Drupal Recipes filled with great tasting stuff!

Starting this past summer the Fox Valley Drupal users group out in the far western suburbs of Chicago started talking about how each of us struggles with keeping up our "best practices" for Drupal projects we work on. Each is different, each has particular special needs, but most of us have those tasty recipes we can whip up when visitors arrive!

That was the start of a new "initiative" we are working on at Fox Valley Drupal. We want to share the latest with you and discuss how everyone can contribute to build-up the recipe book so the best recipes can end up somewhere on D.O.

This is a preview of a similar presentation given at Chicago Drupal on October 7th (so you don't fall asleep watch at least 1.5x speed)

Configuration Workflow Automation

Speaker: Greg Boggs
Audience: All Attendees
Track: Beginner Track

Configuration management has only gotten more complex as Drupal 8 has matured. With Config 2.0 going full speed ahead, some improvements have arrived. Unfortunately, our dream of being able to save configuration directly to files is more cumbersome than it should be, and the community has created complex workflows to work around the problem of storing configuration in the database.

Now the workflow has been automated for you.

The crux of Configuration Workflow is that Drupal must create and update database schema during configuration import. The answer? Automatic configuration import and export with a small contributed module.

Come talk configuration automation with me, and lets talk through the future of config in Drupal 9. You'll leave the session with a more detailed understanding of  configuration management and a tool that will save you time on every site build.

Using the Robot Task Runner to Improve Developer Workflows

Speaker: markdorison
Audience: Intermediate
Track: DevOps

Learn how to use the Robo PHP task runner to transform your project’s complicated, multi-step processes into simple commands so your team can preserve their sanity and become more efficient in the process.

Have your projects become festooned with scripts and complex multi-step documentation to support tasks such as deployments, code linting, tests, database backups, and multi-site creation? Perhaps it’s time to consider the role of a “task runner” to replace these difficult-to-maintain linchpins. A task runner such as PHP’s Robo will allow you to consolidate this functionality, maintain it in the primary language of your project, expose it to users easily, and even share it across multiple projects!

The Webform module's greatest hits, combined by an AMA

Speaker: jrockowitz
Audience: All Attendees
Track: Site Building

For the past four years, dozens of new and cool features have been added to the Webform module for Drupal 8. This presentation will walk-thru the Webform module's greatest hits with some rare gems from the feature vault. You are guaranteed to learn something new about the Webform module, especially because you can "Ask Me Anything" (AMA) during this online presentation. Participants are invited to help answer people's questions via chat by posting recommendations and links.

The goal of this online presentation is to help you get the most of the Webform module while ensuring all your questions are answered. 

The format of this presentation will be walking through my list of the Webform module's top ten features with user questions answered after each feature segment. There will be live demos with an actual working instance of the Drupal and the Webform module. This working instance of the Webform module will also be used to answer your questions.

Participants do not need to have any prior experience with the Webform module. It helps if you take the Webform module for a spin and watch this introduction video.

Using the Robot Task Runner to Improve Developer Workflows

Speaker: markdorison
Audience: Intermediate
Track: DevOps

Learn how to use the Robo PHP task runner to transform your project’s complicated, multi-step processes into simple commands so your team can preserve their sanity and become more efficient in the process.

Have your projects become festooned with scripts and complex multi-step documentation to support tasks such as deployments, code linting, tests, database backups, and multi-site creation? Perhaps it’s time to consider the role of a “task runner” to replace these difficult-to-maintain linchpins. A task runner such as PHP’s Robo will allow you to consolidate this functionality, maintain it in the primary language of your project, expose it to users easily, and even share it across multiple projects!

Putting GatsbyJS into terms a Drupal developer can understand

Speaker: Dorf
Audience: Intermediate
Track:

GatsbyJS is a great front end for a decoupled Drupal application, but learning how to use it can be scary for someone used to living in Drupal-land on the Island of PHP. Join me as I break down some of the components of Gatsby into their analagous Drupal parts to help get a clearer conception of what it's actually doing and how it's doing it, and maybe we'll even blur the lines between front and back end.

Description

What is a node? What is a page? What is a template? If you live in Drupal-land, these are all familiar terms, but once you step foot into Gatsby-topia they all have different meanings. Don't worry, we'll figure it out together. During my time working with Gatsby, I've found several analogies between Drupal and Gatsby that have helped me to conceptualize what is actually happening behind the scenes and enabled me to architect Drupal and Gatsby applications. Once I unlocked the Secret Code of Gatsdrupbyal™ everything in the world (read project) began to make sense.

Now, for the low, low cost of attending my session, you too can have access to these secrets that made me a stronger developer, taller, and a better cook.*

During this session I will help you beat that habit you've been trying to rid yourself of, fix all of your personal relationships, and, even more importantly, understand the pieces of Gatsby in a way that will make your Drupal mind say, "Oh, hey... NOW I GET IT!"**

We'll examine components of Drupal and how they are pulled into Gatsby and spit out into a beautiful, fast site. We'll also take a look at how the Gatsby architecture is similar to the Drupal theme layer we know and love.

By the end of this session you will have unlocked the secrets of the universe and be ready to take on your next decoupled Drupal project, headed up by Gatsby. We'll also explore how just because Gatsby is built on React doesn't mean that it's only for front-end developers. Even those of us who consider ourselves back end can play!

*These statements have not been evaluated or approved by anyone.

** I've been advised that I should not make these claims without a disclaimer that some things I'm saying may not be true.

Load Testing with Locust

Speaker: hussainweb
Audience: Intermediate
Track: Development & Performance

Load testing remains a straight-forward and simple way to test if a website can survive under some load. There are dozens of tools to write load testing scripts but you have probably heard of ab–Apache Bench. Apache Bench is good for quick validation but if you need more control or if you want to test specific user paths, you need a more sophisticated tool.

In this session, we will look at Locust for writing a load testing script. We will work through some of the basic Locust terminology and how to write a very simple script. Basic Python knowledge is required but we will look at some templates so that you don’t have to worry about Python and focus on website testing strategies. We will also talk about the beautiful graphs and reports produced by Locust.

After the basic examples, we will briefly talk about more advanced use cases such as simulating real traffic, integrating with some of the Locust plugins, and running Locust in a distributed way. At the end of the session, you should have enough skills to quickly write a simple locustfile and know where to find information for more advanced use-cases.

Micro trends in the Wake of Covid

Speaker: johard
Audience: All Attendees
Track:

Covid-19 has thrown the entire world in a tizzy. From top to bottom, companies, economies, humans are changing, industries are being created, and the phrase "I can't hear you" has seen exponential growth in business interactions. 

There are things that we can predict as part of our post-Covid world, like remote work and home-delivery of booze sticking around forever. But there are also some more nuanced after-effects of the pandemic that are quietly changing the world. Join Annie Hardy for a discussion about some fascinating global micro and macro trends emerging as a result of Covid, pitch in some of your own projections for the future, and then go twiddle with your stock portfolio to future-proof your 401K.  

Deploy to Mars Part 2: Orbital Maneuvers

Speaker: aaronfeledy
Audience: Advanced
Track: DevOps

You thought Lando was just a flight simulator. A tool to be used on the ground, safely replicating the real-world environment you and your team face in production. What if I told you that Lando is also your production facility, your launchpad, and your mission control? That it’s the launch vehicle that takes you to orbit as well as the ground-support system that sees your mission through to success? Whether you’re new to Lando or have extensive flight hours, prepare for liftoff as we take Lando on a mission to deploy to Mars.

In part two of this two-part series, we will produce and deploy build artifacts to the red planet with a single local command. We’ll fire up Lando’s Hyperdrive script to automatically build your project in the cosmos. We'll remote control and automate our testing and deployments in deep-space using various CLI tools and Github Actions.

Creating Structured Data with Schema.org Metatag

Speaker: KarenS
Audience: All Attendees
Track: Site Building
  • Structured data has become an important component of search engine optimization (SEO) and placement in search results.
  • Schema.org has become the standard vocabulary for providing machines with an understanding of digital data.
  • Google now prefers Schema.org data as JSON LD over the older methods of RDFa and microdata. 
  • You can use the Schema.org Metatag module to add Schema.org structured data as JSON LD in Drupal and validate it using Google’s tools.

This session will talk about how Schema.org works, how it is organized and how to get the right metadata onto a page. There's a new 8.2 version of the module that has been completely re-architected, and I'll talk a bit about what changed and why.

Really Protected Content

Speaker: panchiniak
Audience: Intermediate
Track: MakerSpace

The meaning of protecting something is always incomplete until we define against whom. We may protect content from one user against the unauthorised access of other users, except by ourselves, auto proclaimed the protectors of the content. Or, we can do much better than that by allowing the users themselves to protect themselves even against our own unauthorised access. So far, the only known way for achieving that is by employing client side encryption in a zero knowledge proof schema and by the usage of asymmetric encryption keys. This, however, poses some challenges to the day-to-day operations. The first I had to face when creating the Protected Content module was the classical problem of the private key transportation. If the system has to work, the private key can not be communicated though the system. This causes two very important problems. I could ask the user to copy to himself the key, and use it whenever he had to decrypt something, bringing it with himself having had it copied somewhere else. But this approach would force users to do something that is a big burden and I wanted something that was as easy as any other conventional authentication method. Also, copying the private key somewhere else could pose even bigger security problems than storing it in the server. An hybrid approach is possible for overcomming these problems. The symmetric encryption of the asymmetric key. In other words, this allows a type of compressing of the private key in a way that it becomes at the same time defined at the client side and therefore never communicated to the server in its original form, and small enough to be remembered as a password, leaving to the attacker only a brute force option.

In this session I would like to demonstrate these concepts by showing how Protected Content integrated Drupal with OpenPGPjs in order to achieve real protection of content.

Sharing is caring: Don’t hold your knowledge hostage

Speaker: Dorf
Audience: All Attendees
Track:

Why is helping others so important in not only the Drupal community, but in Open Source development at large? Every year, new people start learning Drupal, and every year, Drupal gets harder to learn. By being willing to help others by sharing knowledge and experience, we can build a much stronger community, while helping ourselves grow as developers.

Drupal is built by thousands of people, some developers, some designers, and some who do neither, but still love the project. What would happen if none of them shared what they learned with others in the community? How would new people learn to deal with Drupal’s idiosyncrasies and quirks without access to a helping hand? What do those who have experience have to gain from helping others out? Well, it would ruin the session if I gave all the answers here, now wouldn’t it?

Over the course of this session, I’ll be providing some examples of how having the drive to help others solve problems can build up your own skills. Whether you’re taking the time to answer questions on StackOverflow, watching the #support channel in Slack, or browsing the issue queue for opportunities to contribute, you have the chance to help others while becoming better at what you do.  And if you're new to the community, wondering what the best ways to ask for help are, don't worry, I've got you covered, too!

Static Analysis for your Drupal modules with CI

Speaker: hussainweb
Audience: Beginner
Track: Beginner Track

Do you read your code before running to make sure it would work? Do you see if that variable was initialised, or if you included a return statement? Do you also see if the code follows Drupal coding standard? If you answered yes to any of the above, you are statically analysing your code in your head.

But your brain doesn’t scale, nor are you capable of checking hundreds of lines of code with every commit. Use your brain for better things and leave static analysis to tools designed for that purpose.

You might have used PAReview for your Drupal modules to verify that your code is clean and follows coding standards. It is easy to forget to run it before each commit. Do yourself and the poor soul who has to review your merge request a favour and automate!

In this session, you will learn:

  • What is static analysis?
  • More about PAReview
  • Why can’t you use PAReview in a CI environment?
  • Tools like phpcs, phpmd, phpstan, stylelint, eslint, etc…
  • Integrating these tools with gitlab with a Docker image designed for this purpose

Really Protected Content

Speaker: panchiniak
Audience: Intermediate
Track: MakerSpace

The meaning of protecting something is always incomplete until we define against whom. We may protect content from one user against the unauthorised access of other users, except by ourselves, auto proclaimed the protectors of the content. Or, we can do much better than that by allowing the users themselves to protect themselves even against our own unauthorised access. So far, the only known way for achieving that is by employing client side encryption in a zero knowledge proof schema and by the usage of asymmetric encryption keys. This, however, poses some challenges to the day-to-day operations. The first I had to face when creating the Protected Content module was the classical problem of the private key transportation. If the system has to work, the private key can not be communicated though the system. This causes two very important problems. I could ask the user to copy to himself the key, and use it whenever he had to decrypt something, bringing it with himself having had it copied somewhere else. But this approach would force users to do something that is a big burden and I wanted something that was as easy as any other conventional authentication method. Also, copying the private key somewhere else could pose even bigger security problems than storing it in the server. An hybrid approach is possible for overcomming these problems. The symmetric encryption of the asymmetric key. In other words, this allows a type of compressing of the private key in a way that it becomes at the same time defined at the client side and therefore never communicated to the server in its original form, and small enough to be remembered as a password, leaving to the attacker only a brute force option.

In this session I would like to demonstrate these concepts by showing how Protected Content integrated Drupal with OpenPGPjs in order to achieve real protection of content.

Schema.org -- what is it, why should I care, and what's Drupal got to do, got to do with it?

Speaker: lisa.ridley
Audience: All Attendees
Track: Site Building

Schema.org is a collaborative, community activity with a mission to create, maintain, and promote schemas for structured data on the Internet, on web pages, in email messages, and beyond.  it's in effect, a standardized way to structure data for consistency, SEO optimization, and interoperability.

What's this got to do with Drupal?

Well we're going to talk about Schema.org, content schemas (yes they're a thing), and new tools for your toolbox to create content entities that are compliant with Schema.org schemas, generate standards-compliant markup for SEO optimization and provide API data consistent with Schema.org schemas in JSON-LD format, among other things.  We'll demo Schema Blueprints, a new module package in development written by Jake Rockowitz, maintainer of the Webform package for Drupal.

 

How To Lead Brilliant Developers

Speaker: bryce
Audience: All Attendees
Track: Project Management and Consulting

Sometimes the most talented people can also be the most frustrating to work with.  They may obsess over minor details, insist on rigid adherence to peculiar rules, or simply not play well with others. So, how do you lead someone who is brilliant but frustrating?  In this session you’ll learn how some smart people see the world differently, understand the mind-sets which not only make them great but also give them grief, and discover how much they need your leadership.  In the end you’ll leave with practical plans to reduce frustration and help the brilliant people on your team shine even brighter. 

Checking under the hood: Auditing your website for a smooth ride

Speaker: volkswagenchick
Audience: All Attendees
Track: Beginner Track

We often talk about websites the way we talk about cars. Are you driving a flashy sports car or a stable hatchback? And is yours a lemon, no matter how pretty the paint job? And if you just got one used, what’s going on under the hood? There’s a way to address these questions about your website, and it’s called a technical audit.

The vast majority of site owners live in fear of the day their site “breaks down.” Performing a site audit can ensure you understand the current state of your site, from the back end code level to the front end performance. It can also help you see potential problems when it comes time to add features (like that sweet audio system).

People attending this session will learn the basic building blocks of performing a technical audit.

  • Approaches for auditing different aspects of your site: custom code, theme and front-end functionality, back-end configuration and modules, accessibility, etc.
  • Tools that can be used to run these tests
  • Tips on what to watch for when managing a website over time

 

Really Protected Content

Speaker: panchiniak
Audience: Intermediate
Track: MakerSpace

The meaning of protecting something is always incomplete until we define against whom. We may protect content from one user against the unauthorised access of other users, except by ourselves, auto proclaimed the protectors of the content. Or, we can do much better than that by allowing the users themselves to protect themselves even against our own unauthorised access. So far, the only known way for achieving that is by employing client side encryption in a zero knowledge proof schema and by the usage of asymmetric encryption keys. This, however, poses some challenges to the day-to-day operations. The first I had to face when creating the Protected Content module was the classical problem of the private key transportation. If the system has to work, the private key can not be communicated though the system. This causes two very important problems. I could ask the user to copy to himself the key, and use it whenever he had to decrypt something, bringing it with himself having had it copied somewhere else. But this approach would force users to do something that is a big burden and I wanted something that was as easy as any other conventional authentication method. Also, copying the private key somewhere else could pose even bigger security problems than storing it in the server. An hybrid approach is possible for overcomming these problems. The symmetric encryption of the asymmetric key. In other words, this allows a type of compressing of the private key in a way that it becomes at the same time defined at the client side and therefore never communicated to the server in its original form, and small enough to be remembered as a password, leaving to the attacker only a brute force option.

In this session I would like to demonstrate these concepts by showing how Protected Content integrated Drupal with OpenPGPjs in order to achieve real protection of content.

Introduction to GitHub Actions: Understanding Key Terms and Building Your First GitHub Action

Speaker: gilzow
Audience: All Attendees
Track: DevOps

We all know we should be doing more automation of our software development lifecycle, but getting started can be challenging. Even if you have experience in continuous integration and continuous delivery (CI/CD) automation, learning a specific platform's terminology and idiosyncrasies can be frustrating.   

This presentation is designed to provide an overview of GitHub Actions, a CI/CD platform that allows you to automate your build, test, and deployment pipelines, and writing one's first Action, a reusable component that can automate repeatable tasks. We'll start by going over key terms and concepts in the GitHub Actions platform, such as actions, workflows, events, and jobs, and explain how they can be pieced together to build robust and dynamic automations.

Then, we'll dive into the process of building your first GitHub Action, walking through the steps of creating a new action, the types of actions you can create, defining inputs and outputs, and required properties. We'll then work together to build an action that can be immediately used in your own workflows.

Whether you're a seasoned developer looking to move to GitHub Actions, or a newcomer to automation looking to get started with your first CI/CD automation this presentation will help jumpstart your journey.

 

JSON:API - A Zero Config OOTB Approach For API-First Drupal

Audience: All Attendees
Track: Development & Performance

The JSON:API module is a fully compliant implementation of the JSON:API Specification. In its own words, the JSON:API specification is:

A specification for how a client should request that resources be fetched or modified, and how a server should respond to those requests.

Drupal 8.7 ships with JSON:API which makes a solid and stable path to support decoupled Drupal through standardisation of payload structures and query string parameters.

JSON:API is designed to minimize both the number of requests and the amount of data transmitted between clients and servers. This efficiency is achieved without compromising readability, flexibility, or discoverability.

Drupal's data-structures, i.e. entity types, bundles, and fields, are incredibly well suited to the JSON:API.

Learning Objectives

The session will cover an introduction of the JSON:API specifications and how it compares with the Drupal 8 core REST module, when to go for JSON:API and what JSON:API can't do. We will also learn about why it made sense for JSON:API to be added to Drupal core.

You will also learn how to use the zero-configuration JSON:API module provides a standardised API for exposes resources, interacting with relationships between resources (entity references), fetching of only the selected fields, and filtering, sorting and paginating collections of resources.

At the end of this session, attendees will be able to know more and perform actions below:

  • What is JSON: API Specifications?
  • Intro about JSON: API Module in Drupal 8
  • JSON: API vs. core's REST module
  • JSON: API Security Considerations
  • How to work with JSON: API module?
  • GET requests for filters, sorting & pagination
  • POST Requests
  • PATCH Requests
  • GET Requests
  • Things which JSON:API can’t do
  • Gotchas
  • Live Demo

Target Audience
This hands on session is helpful for who are looking into build and consume web-service API via Drupal using JSON:API module. After this session audience will get to know awesomeness of the JSON:API module and it's OOTB features.

Prerequisites
Attendees will get the most out of this session by being familiar with Drupal 8 and web-services concepts like RESTful web-services

Drupal for DevOps Engineers

Speaker: hussainweb
Audience: Beginner
Track: DevOps

Drupal was written long before the DevOps movement or since the introduction of “the cloud”. As it stands, many infrastructure engineers do not readily identify with how Drupal runs on a system and how to get it to run in a scalable manner.

This session will introduce how Drupal works and how the system should be configured for it to run efficiently. Further, we will also talk about the parts of Drupal which can be replicated for a scalable environment and associated concerns. We will also talk about general practices for better performance by using external systems.

This talk is mainly for engineers who are familiar with how modern infrastructure works and how to build scalable applications but don’t know how to install Drupal on that infrastructure.