Drupal does CAS

For the last two years, the IT department has been working on a project to improve identity, communications, and passwords across campus. We’re finally ready to start rolling pieces of that out. And you, lucky Drupalers, are getting to test one of the very first pieces.

Starting on October 9th, when you log into Drupal, you’ll be automatically taken to the CAS login page. What’s CAS? CAS provides a Central Authentication Service, which means that when you log into it, you’re actually logging into all the services that CAS is aware of. And when you log out, you’re logging out of all the services that CAS is aware of.

In the future, this is going to let us do some pretty neat things. For example, that means after you log into Drupal, when you go to myLane and press login, you’ll just automagically be logged in – without having to enter your L Number and password all over again. But for now, it’s just going to look like a different login page. So what’s it look like?

Screenshot of the CAS login screen

No, really, that’s it. When you go to the Drupal login page, it’ll automatically go to the CAS login page. After you log in, you’ll go back to Drupal.

It’s super important that you remember to log out when you’re all done. Since logging into CAS logs you into all services, if you forget to log out that means the next person that comes up to that computer could not only use Drupal as you, but also use any other CAS enabled service (and eventually, that’ll mean almost everything at Lane!). So please, hit the log out button when you’re done!

New Map and Tour

Today, we’re officially launching our new Campus Map! We’ve been quietly working on this project all summer, and we’re ready to show it off in all its glory.There’s a lot of awesome features on this map that we’d like to walk you through, but before we do that, Go check it out!

Here’s some pictures that show how detailed this map is:

West Entrance Garden Labyrinth

West Entrance Garden Labyrinth

CFE Buildings and Learning Garden

CFE Buildings and Learning Garden

Building 5 Mural and Art

Building 5 Mural and Art

Courtyard Between Center and Building 11

And so many awesome things:

  • The entire map is completely mobile friendly
  • Check out the tours tab on the left hand side, where you can take a virtual tour of campus
  • The search feature on the left is super helpful for finding things on campus – just search for it, and if it’s one of the layers the map can help you find it
  • Panoramic Photos! Turn on the Panoramic Photos layer and then click one of the 360 icons.
  • Speaking of layers, there’s only a few that are public right now, but we’re gradually adding other departments to the map to add layers that are interest specific. For example, we’ll have a layer about all the art on campus, a layer about our athletics facilities, and a layer about campus food options.

This project was a partnership between the Webteam, Marketing and Public Relations, Outreach and Recruitment, and CampusBird.

Have some feedback about the map?

Map Feedback

  • This is totally optional, but we appreciate knowing how to address you!
  • While you don't have to provide this, we can't get back to you about the status of your map concern without having your email!
  • If you're reporting a problem of some kind, be sure to provide us with as much detail as you can.

Encrypt all the things!

Over the last few weeks, we’ve been battling a problem where the web server would sometimes forget its own name. Some days it would want to go by www.lanecc.edu, other days it would want to go by (our public IP address), and other days it would use our internal server name. We gave it a stern talking to, but it refused to cooperate.

The solution is to specify Drupal’s base_url variable. Normally, Drupal tries to identify what server name to use and it does a pretty good job. But clearly our server isn’t so great at that anymore. Specifying the base_url forces Drupal to use what we tell it.

But the base_url needs to be a full URL, complete with protocol. So it needs to be “http://www.lanecc.edu” or “https://www.lanecc.edu” – we’re not allowed to just say “www.lanecc.edu”. Why does that matter? Because even though the difference is just one letter – an “s” – that turns out to be one of the most important letters on the Internet.

HTTP is the protocol that defines how a lot of content on the internet moves around. It’s part of how this page got to you. But it’s a completely unencrypted format. When you’re browsing the web in HTTP, you’re sending everything in clear text – anyone that can listen in (for example, on an unencrypted WiFi connection) can read whatever you’re sending. But if we add the “s”, and browse via HTTPS, then everything we do is encrypted, and no one can listen in*.

But there’s some gotchas with HTTPS pages. For instance, most webpages actually consist of multiple requests – the Lane homepage has 34. If even one of those requests is made over HTTP instead of HTTPS, then we have a “mixed mode content error”, and the browser hides that content.

And that’s kept us from specifying our base_url so far. If we set it to “http://www.lanecc.edu”, then on pages that are HTTPS, like webforms, then all the styles and javascript will break, since those would be sent over HTTP. And if we went the other way, and set the base_url to “https://www.lanecc.edu”, then our caching infrastructure, which is built assuming most connections are over HTTP, would break, significantly slowing down the site. So we’ve been stuck running a mixed-mode site – most people use HTTP, but authenticated people and webform users use HTTPS.

There’s a number of reasons that isn’t ideal, which are well outside the scope of this already too long blog post. And the wider Internet is moving forward with using HTTPS only everywhere. So yesterday, we deployed new caching infrastructure which will allow us to go with using HTTPS only. Going forward, all connections with www.lanecc.edu will beĀ  encrypted.

This should be a almost completely transparent transition, but if you notice any problems, email us at webmaster@lanecc.edu and let us know!

* strictly speaking, this isn’t true, and there’s a a whole category of attacks that can still work on HTTPS. But there’s a fix for that too, and we’re working on rolling that out too some time in the future.



New Search Engine

A slightly early holiday gift from the web team: new search!

Just before break, we finished our migration away from our Google Mini to Google’s hosted Site Search. We hope you’ll find it more reliable, more accurate, and easier to use on your phone. Try it out at lanecc.edu/search, or using the megamenu at the top of most Lane web pages.

Happy Holidays!

Media Server SFTP & FTP support ending the first week of January, 2015

We will be turning SFTP access to media.lanecc.edu files off the first week of January, 2015. After the first week of January, 2015, all media.lanecc.edu files must be managed through Filehost.

The only change to media.lanecc.edu files is that you will add, delete, and update them through Filehost instead of through a ftp client. Everything else stays the same.

To manage your media.lanecc.edu files through Filehost, just navigate into your ‘mediaserver’ folder. That folder is the root of your media.lanecc.edu/users/username account. So a mediaserver/foo.txt file can be viewed at media.lanecc.edu/users/username/foo.txt.

This also applies to media.lanecc.edu/courses/acctname and media.lanecc.edu/acctname accounts. The username/password for these accounts should be the same as when you used to use SFTP.

Remember that there are several ways to manage files. See http://doc.owncloud.org/server/7.0/user_manual/#file-access-and-management

The web interface at https://filehost.lanecc.edu is great for single files or deleting a folder. WebDAV and the sync client are best when dealing with many files.

For more information, see: https://blogs.lanecc.edu/webteam/2014/05/19/announcing-filehost-lanes-very-own-internal-cloud-storage

As with the Media Server, support is provided by the ATC. If you need help, just ask. http://www.lanecc.edu/atc

Evaluating the new search engine

New Search Feedback

  • This field is for validation purposes and should be left unchanged.

Some Announcements

Over the last few weeks, we’ve added some features to Drupal that may interest you.

First, we’ve added some new buttons to the WYSIWYG editor:

  1. The “K” button works much the same way as the Flickr button, and allows you to embed Kaltura Videos (hosted on http://video.lanecc.edu). For more information, talk to Dean Middleton
  2. The map button allows you to embed the new style Google Maps maps. Google changed both the Google Maps interface and the embed codes recently. If you see a white box on the left hand side of Google Maps, you’re using the old version, and should continue to just paste the map link into the WYSIWYG on its own line, like always. But if Google Maps takes up the entire screen, you need to copy the embed code and paste it using the new Google Maps button in the toolbar.

Second, we’ve had some problems with revision messages. Here’s a real life sample of some of the message we’ve seen the last few weeks:

  • z
  • .
  • Revised page
  • Update1
  • page update
  • routine
  • same
  • got it

Clearly, these are incredibly unhelpful. Log messages should be concise and descriptive. Here’s some great ones:

  • Revised office hours and added fall term hours
  • Update reference to Retail AAS
  • added IT maintenance window event spud
  • updated links to event flyers
  • added link to BP040

When we’re trying to figure out when something changed, it’s a lot easier if we can skim through the revision log. And it helps you – that way you can see who else changed your pages, and what they did.

Due to the number of really poor revision log messages, we’ve been forced to add some checks within Drupal for obviously bad ones. If your message doesn’t meet the terribly low bar we’ve established, your node will not save, and you’ll be asked to enter a better message.

Remember, if you find yourself constantly entering messages like “Trying again” or “One more time”, you should try using the Preview button to make sure what you’re adding is what you want. That way you’re not creating 3 or 4 revisions for one small change.

There’s also a couple of people who include their initials with the log message. Although we used to really like having that information when we were using Contribute, we track your login when you make changes now, so there’s no need to also have your initials. Save a few keystrokes!

Finally, we’ve also open sourced a piece of our Drupal Migration. if you visit our GitHub page, you can find the source of our Migration Tracker, which kept track of the old and new URLs, and made it possible for us to migrate over several months, rather than needing to do it overnight.

Filehost has been upgraded to OwnCloud 7

Filehost has been upgraded to the latest version of OwnCloud. Here’s a very brief overview of some of the changes:

  • Responsive UI. Now it won’t look so bad when you are browsing the web ui on your phone or tablet.
  • The left nav bar is now a drop down that appears when you click the menu to the right of the OwnCloud cloud icon.
  • There is now a sidebar on the left that makes it much easier to figure out the status of your shared files.
  • To find the webdav link, just click the gear icon in the bottom left corner.
  • There are now limited odt and doc editing capabilities. Very limited. Just select Documents in the nav menu.

I’d also encourage you to check and update your sync clients if there’s an update available.

A Static Server

As I may have blogged once or twice previously, making websites really fast is important to me. Recently, we’ve made a change that should help us improve the speed of not only www.lanecc.edu, but of many of Lane’s other websites, including this one.

When you request a webpage, in addition to fetching the page itself, you usually end up requesting each individual image, font, css sheet, and javascript sheet. Making those requests is expensive. There’s a sliding window, which limits how many requests you can make at once. So if the window size is 5, but you need to make 6 requests, you need to wait for one of the first 5 requests to finish before you can make the 6th. On the other hand, if you only need to make 5 requests, your browser can start rendering the page a lot sooner.

One way is to combine images into a css sprite. Here’s ours:

Lane's CSS Sprite, which combines social media and other common icons and images from the website into one image.

That’s 15 different images combined into one. And even though there’s empty space on the bottom right, it’s actually usually faster to fetch a slightly bigger image then it is to fetch each icon individually.

Another way is CSS and JavaScript aggregation. Most pages on our website have 35 CSS sheets and 35 JavaScript files – but after aggregation, you only end up requesting 7 of each (there’s reasons why 7 of each is better then just 1 CSS and 1 JS, but that’s outside the scope of what we’re doing here).

But the easiest way to speed up a request is to not make it at all. When you make a request, you send some request headers with it, that tell us things like if you’ll accept a compressed version and what language you prefer. Then we respond with a header that tells you how long you should keep our response cached on your computer. If you need that resource again before the expires time we gave you, you just use the local one, rather than fetching a new one.

In addition to sending headers with your request, and us sending different ones, we also send each other cookies.

A picture of some cookies

baked by https://www.flickr.com/photos/plutor/3646688/in/photostream/

Cookies are always set on a domain. When you log into Moodle, cookies are set on the domain classes.lanecc.edu, so Moodle knows on every page load that you’re logged in. But here, on the Lane website, we’re not so lucky, as you can actually use the website on either www.lanecc.edu, or on just lanecc.edu. So we set our cookies on .lanecc.edu. That little dot before lanecc.edu is critical. That tells your browser to send your cookies to all domains that end in lanecc.edu.

The downside is that those cookies are sent on every request to our domain – even requests that don’t need them, like the request your browser made to show you the picture of those cookies up there.

What does this have to do with static?

We’ve started moving relatively static (unchanging) resources, like the college logo and the megamenu onto the static asset server, which we’re putting on the domain static.lanecc.net. Since these resources are relatively unchanging, we can set a long expires time – maybe 30 or even 45 days in the future (for now, it’s set to 0minutes in the future, for testing). Once your browser has fetched them, you won’t need to fetch them again for a whole month. And because they’re not under the lanecc.edu domain, you won’t send any cookies (and we won’t send any back), making the few requests you do need to make even smaller.

If you’re really curious about the inner workings of our new static asset server, I’ve added some extra geeky content to the Our Tech Stack post.

In the months to come, we’ll keep migrating content onto the static asset server, trying to reuse resources between websites, so that the logo you see on myLane is served from the same URL as the logo you see in Moodle, reducing the number of requests you need to make, and making it simpler for us to update things in the future.