Looking Back, Looking Forward: DrupalCamp NJ, 2020

DrupalCamp NJ Recap January 30 to February 1, 2020

The Central NJ Drupal Group hosts one of my favorite Drupal camps in the northeast, and this year’s DrupalCamp NJ was no exception.

Location, Location, Location

Princeton University uses Drupal heavily, and gives back to the community by hosting the monthly Web Developers Central NJ Meetup and the annual camp.

This year’s camp was held in a new location, which will give us room to grow in the future. It is also closer to Princeton’s beautiful main campus.

I have a personal connection to the new venue. The three buildings we used are very close to Fine Hall, where I spent five years earning my Ph.D. (That is the “Looking Back” part of my title.) I know I am at my alma mater when I see this color scheme:

conference tables with orange table cloths and black chairs

Another thing I like about the venue is that I can stay in a reasonably priced hotel on the not-so-beautiful Route 1, then walk to campus along the D&R Canal. A two-mile walk is a great way to start the day, and it makes my new FitBit so happy!

Training: The Great Gatsby

Last year at BADCamp, I helped Ryan Bateman with an all-day training session on using Gatsby and Drupal’s Umami installation profile to create a decoupled site. On Thursday, I was the primary presenter for this training, and Adam Bergstein generously offered to assist.

I wanted to rearrange the slides, and for technical reasons I had a lot of work to do updating the presentation to work with Drupal 8.8. I think the session went well, but I also have ideas for doing a better job the next time I have a chance to present it.

Sessions and BoFs and Migrate API, oh my!

Handling HTML Markup with Drupal’s Migrate API

During the first session slot, I talked about wrangling HTML markup with regular expressions vs. proper parsing and some work that Marco Villegas and I did to make proper parsing easier in the context of Drupal’s Migrate API. The session page has a link to the recording and the slides. I had a pretty good-sized audience, and they asked good questions.

room showing about 25 training attendees smiling

The first time I presented this material was last year at New England Drupal Camp. That was extra fun, since Marco and I gave the presentation together. He lives in South America, so that was the first time that we met in person.

On the plus side, I got some help from Lindsey Gemmill, so my slides for this session look great. This is the first presentation using reveal.js that has Hook 42 branding, and I think we will see a lot more of these in the future!

For the rest of the day, I went to a mix of regular and Birds of a Feather (BoF) sessions. I did my best to take notes at all of these, and I save these to my Conference Notes repository on GitLab.

Using Machine Learning to Help with Daily Workflows

First was a session on Machine Learning (ML). Danny Teng and Neha Bhomia gave some background on ML.

Danny Teng and Neha Bhomia standing in front of presentation title screen

Then they talked about two Drupal modules.

The first is Drupal Rekognition, which will get alt text for images using the AWS Rekognition service. Thanks to my colorful hat, I was the subject of a live demo:

Drupal backend displaying ai generated alt text for picture of me at camp

It is nice to know that AWS Rekog-nizes me as a Person, but what is this about Home Decor?

The second module is still in development. Its goal is to recognize malicious IP addresses. In order to do this, they need to train their ML model. They already have a database of GET requests from several large Drupal sites. They need help identifying which requests are legitimate. For example, there are several legitimate bots (search engines, uptime monitoring services) as well as actual people. Then there are the 404 errors because someone is trying to access wp-login.php on a Drupal site.

If you would like to help train the model, then contact ip-data-tagging@umich.edu.

All things HAX

After lunch, I went to a BoF on Headless Authoring eXperience (HAX). I had not heard of this before, and the description got me curious. I have still not had a chance to try it out, but it seems to be a system for editing web components. I will have to check with the front-end specialists at Hook 42 to see whether they are interested. From the description of the session, I thought it might be a sort of content editor that works through the front end of decoupled Drupal sites; maybe it also does that.

Securing Drupal’s Auto-Update Infrastructure

In an attempt to combat the post-lunch blahs, the organizers scheduled a coffee break after the first afternoon session. After that, I went to a BoF that was basically a working session among five members of the Drupal Security Team.

There is an initiative to enable automatic updates of Drupal sites. Most of the work so far is available in the contrib Automatic Updates module. The goal is to make it easier to keep a Drupal site up to date, especially when a security update is released.

This BoF was about the infrastructure behind that initiative. The nightmare scenario is that someone might hack the automatic-update process. Then, instead of making sites more secure by keeping them up to date, the system would install hacked code on every site that was set up for automatic updates.

To avoid this, the Security Team is working on protocols and infrastructure to prevent such hacking. At this BoF, the team discussed adopting The Update Framework (TUF) as the basis for Drupal’s system of automatic updates. This is a standard already adopted by many large companies, and the protocol is very similar to what the Security Team already designed on its own.

Progressively Decoupled Drupal, for everyone!

For my last session, I chose one on web components and HAX, a follow-up to the BoF I attended after lunch.

The four presenters made the case for concentrating front-end development on web components.

  • This technology has been under development for years but has only recently been adopted by all the major browsers.
  • You can use the components that you develop in your current theme, without the headaches of switching to a fully decoupled site all at once.
  • When you are ready to decouple, you will be able to use those components in whichever front-end framework you choose.
  • You can also use your web components on completely different systems: WordPress, Gatsby, Jekyll, etc.
  • Since the web component lives in its own repository, you can update it in one place and see the effect in hundreds of sites that use the component.

I am not sure exactly how that last point works. Updating to the new component has to be automatic, but not too automatic, since there is a danger that the new version of a web component will break existing sites.

Mentoring & Collaboration

The last day of the camp was devoted to contributing back to Drupal.

I started the day by sitting in on the workshop for first-time contributors, in case AmyJune Hineline, the presenter, had technical questions that a back-end developer and core contributor could answer.

I spent the rest of the day reviewing two issues.

The first issue is one that I have been following for some time: Drupal core should inform the user of the security coverage for the site’s installed minor version including final 8.x LTS releases. The problem is that, with Drupal 9 around the corner, we want to make sure that the site status report advises site administrators to upgrade to that and not to a non-existent version 8.10 when the time comes. The other problem is that the existing code in the core Update module is a bit of a mess, so working with it is a challenge.

Ted Bowman has been the primary developer for this issue. I have taken on the reviewer role, which means:

  • I should not contribute patches myself, and
  • My aim is to help Ted and others get their patches to a point where the core committers like what they see.

The second issue was Add more strict checking of hook_update_last_removed() and better explanation. This issue was tagged for usability review, in order to get some advice on the wording of a new error message. As a member of the Drupal Usability team, I often do such reviews, either on my own or at one of our weekly meetings. I am not an expert at UX design in general, but I am pretty good at word-smithing, and I think I was able to suggest an improvement for this issue.

I’ll Be Back!

With a full three-day schedule, DrupalCamp NJ is one of my favorite camps, up there with BADCamp and MidCamp. Since I was giving a training session, this was the first year I participated in all three days.

I got to spend time with some friends like Adam Bergstein and AmyJune Hineline, and I met several new (to me) people: the people who attended my training and my session, and @mixologic, who I have previously only known through issues on drupal.org and on Slack.

I also had a chance to revisit the town and the campus where I spent five years, which brought back some fond (and amusing) memories.

I expect that DrupalCamp NJ will also be my first Drupal camp of 2021.