Unconference 2018

Tags: Blog Published:

Saturday 3rd November, saw the 2018 edition of the North West Drupal User Group's (NWDUG) Unconference (https://uncon.nwdrupal.org.uk/), the third since the Unconference started in 2016.

This was my first such Unconference, so while knowing the theory behind how they work, I was expectant to see how they work in practice. Essentially, with an Unconference, none of the talks are pre-scheduled beforehand. Attendees are encouraged to instead bring a talk with them, with the idea being the talks get added to a slot on the day's schedule. Should multiple talks vie for a single slot, the attendees then vote on which one is presented, although talks that don't get enough votes may still feasibly go-ahead in a side-room, or even as part of the 'hallway' track should there be enough interest.

While encouraged, you are not required to bring along a talk. If you prefer to take in the talks and network with other attendees, then that is acceptable. The organisers do note that if you do want to present a talk, an Unconference is the perfect venue to try a talk out in a relaxed friendly environment.

The highlights included:

* John Cook (of Drupal Yorkshire fame) providing a timely reminder of the use of the Composer package manager and the Git version control system to manage Drupal projects.

Particularly noting that this can be achieved with Drupal 7, as well as Drupal 8 projects for consistency.

* John Hannawin from I-Next (@intarsia_mdsp) presenting a case study on a project using Drupal 8 in a decoupled/headless setup.
A decoupled/headless setup allows you to use the Drupal just for managing content, and as a data store. This content/data is then utilised, and displayed by some other frontend app. Commonly, this might be achieved using a Javascript framework such as Angular.js, or React.js with the content/data supplied via Drupal using microservices or a REST API.

In John's talk, he covered an application that allowed their clients' employees to choose a Christmas gift from a set list. This application got most of its use for a small period every year, with it being most used in a four- day period.

The main issue with the application setup is it relied on a single server specced to handle the four- day spike in traffic, that then effectively sat more or less idle for the rest of the time. 

Switching to a decoupled Drupal set allowed the front-end app to take the load. As the front-end app was small, multiple instances could be spawned quickly and easily. This allowed the initial load to be handled by a large number of app instances that could then be scaled back once the load dropped to lower levels.

It was particularly impressive that I-Next were able to do this following a 'Keep It Core' approach. This essentially meant that as far as possible the backend app used only functionality provided by Drupal core, trying to keep the use of contributed modules to a minimum. The aim being to keep the application as lean as possible.

I-Next were successful in this aim, as the end result used only a single contributed module, Rest UI (https://www.drupal.org/project/restui). In addition to this were two small custom modules (less than 500 lines of code in total) providing some additional request handling, and logging functionality.

* Continuing the decoupled/headless theme were talks focussing on using the JSON API (Sally Young, @justafish, Lullabot), and one by Michael Trestianu (@tresti88, formerly of this parish, currently with Inviqa) on using a decoupled Drupal 8 setup, GraphQL, and GatsbyJS to create statically generated websites.

I have heard a lot about using Drupal in a decoupled/headless setup over recent years, but have as yet not had a project to sink my teeth into where it made sense, and I’m keen to give it a try.

Maybe that's why roughly half the talks I attended followed that theme...

* Crispin Read chaired a round-table discussion on the subject of mentoring.

The discussion was around how mentoring is used generally in the workplace, and peoples experiences of it either as a mentor or as a mentee. Initially starting out discussing approaches taken specifically as part of the Drupal Apprenticeship Scheme, but also covering new starters and junior team members, and how this could be expanded outwards more generally in the day to day of the workplace.

There were some sound points raised, and it was interesting to get insight into how other agencies approach onboarding apprentices and juniors, and manage/monitor their progress.

* How to Keep Drupal Secure, Alex Burrows (@digidropio)

A refresher session from Alex in which up-to-date good practice on how to keep a Drupal site secure included:

* applying security updates in a timely manner
* not altering core or any contributed modules
* only using contributed modules hosted on drupal.org
* only using, as far as possible, contributed modules with a full release (not dev, alpha, or beta versions)
* module recommendations (TFA - for 2- factor authentication, Password Policy, Paranoia - highlights issues), Entity Access Audit, Username Enumeration Prevention - helps prevent brute force login attempts, making usernames harder to guess)
* using specific permissions per role
* rename user 1 (the main admin user on Drupal sites with access to everything)
* use `drush uli` to login for user 1, instead of creating/storing a password
* good devops practices - keeping your infrastructure secure, consider Platform As A Service (PAAS) as an alternative
* good QA processes - manual and automated tests, using pull requests to ensure other developers have visibility on code changes

The key takeaway from this talk came in the questions afterwards. After a general discussion around the recent critical security issues in Drupal core, a question was asked on how to best reassure clients who have heard about some security issue and are concerned.

The answer was simply put, that Drupal currently has no publicly disclosed vulnerabilities for any currently supported version.

The day was ended on a round or two of Slideshow Karaoke, where participants are given two minutes to talk on a randomly chosen topic, with an equally random set of slides. The results were often hilarious, usually sublime, and occasionally just bizarre like Daniel Wehner letting us know that "Drupal 9 will be a bit like a squirrel", and Brian Teeman (co-founder of the Joomla! CMS) on the topic of "Dries and me"... (referring to Dries Buytaert, creator and project lead for Drupal).

The day was genuinely enjoyable and informative, in a friendly and relaxed atmosphere. My thanks have to go to NWDUG, and the 3 organisers in particular, @eli_t, @iriinamacovei and @philipnorton42 for such a great event!