You may know Contenta CMS. It is a decoupled Drupal starter kit. It is aimed to teach developers, and site builders, about the tools available in the decoupled landscape. It also serves as an example for both Drupal and client side best practices.

It took a while, but the distribution and all the associated projects are now running on Drupal 9.

Recently I read “Click Here to Kill Everybody” by Bruce Schneier. I really recommend this book to anyone. It is not targeted to a technical audience, although you might enjoy it a tiny bit extra if you are familiar with cyber security.

In this post I want to highlight one of my favorite parts, where Schneier lists ten principles to secure our devices.

Today my friend Andrew Berry pointed out to me that his browser was warning him about this blog not having HTTPS enabled. For additional irony he noticed that while reading my article on How to use HTTPS in your local environment.

I have several local development environments in my machine. I would like to use HTTPS on them without much hustle. That is why I decided to create my own custom Certificate Authority to simplify the process.

Earlier in the year I became a member of the Free Software Foundation. Today they reached to me asking me to spread the voice. I think their email was very compelling.

A while ago Molly de Blanc and Karen M. Sandler released the first draft on the Declaration of Digital Autonomy. This is a big deal. I learned that they were working on this manifesto during 2020’s GUADEC event. I think this is an instrumental cause to fight for our freedom, so I decided to contribute to it providing a translation of the document to the Spanish language. I also translated this document to Catalan a while ago, in case you are interested.

I have blogged about ensuring you connect to a VPN when connecting to certain wi-fi networks. I have used this technique to ensure that I stay connected to my ProtonVPN when browsing the internet. This is an easy step towards online privacy. Recently I have changed my setup for something even more reliable. This will even protect me against IPv6 leaks.

In this video I show a set of Open Source tools we have created to manage the whole application lifecycle when embedding JS apps inside of Drupal.

You can fork these tools, and with a couple of clicks you will get a demo of progressive decoupling in Drupal in your own site. This works in Drupal 8 and Drupal 9.

The other day I had an interesting conversation about JSON:API collections and how different projects may benefit from one collection style or another. Participants in the thread were Gabe Sullice, Matt Glaman, and myself.

I pasted the Slack conversation here in case anyone is interested in it.

Drupal, out of the box, cannot provide all the data suggested in the OpenID Connect Standard Claims. This means that in order to implement the different claims sites will need to let Simple OAuth know about those implementation details.

In order to add or alter custom claims to the OpenID Connect (aka OIDC) there are two steps necessary: