It looks like a rather quiet meeting went on yesterday. The discuttion point I’m excited about is the upcoming ‘über shader’! Ton Roosendaal writes: Hi all, Here are notes from...

[read the full article on blendernation.com]

It's possible to add an minimum price (admin/store/settings/cart/edit). But is it also possible to show this minimumprice. The warning should disappear when the basket contains enough products (money).

Xenakios has released version 1.4.0 (beta) of HourGlass for Windows and Mac OS X. Changes: Varispeeder offline processing module. DSP Module Rack. Fragment voice send levels and probabilities can be a [Read More]

The Blender Foundation has released a second bugfix release for 2.67b, which solves over 30 issues. Ton Roosendaal writes: Too many good bugs were reported and solved in the last week, especially for...

[read the full article on blendernation.com]

I'm getting used to Drupal and I understand most of the stuff, but some of the theming stuff has me very confused.

I need to add in another column and change the output of the ubercart shopping cart table, both on the shopping cart page and the block in the sidebar. For the latter, it looks like theme_uc_cart_block_content is the function I am looking for. Somehow, I must override this function in my custom module.

Does anyone know how to override the theme_uc_cart_block_content function in a module? Nothing I have tried has worked.

read more

Hello.

I have at little problem.
I want a view plus a search facet to filter products by their display price, that includes taxes.
But that field i not available in neither a view filter or the facet field selector in search API.
There is only sell price available, that does not include tax.

I thought about making a calculated field that automaticly add the tax to the sell price.
With for example the "computed field" module.

Have any of you had this problem and how have you solved it?

Thanks

I have been asked to look at a Drupal/Ubercart issue with PayPal.

The site is seeing a progressively growing number of abandoned carts where the customers are complaining about issues with PayPal not allowing them to complete transactions.

The site is using Drupal 7.22 and Ubercart 3.4 and PayPal Payments Standard.

read more

synthv1 - polyphonic synthesizer. drumkv1 - drum-kit sampler. rncbc.org has updated the Vee One Suite of old-school software instruments to version 0.3.3: synthv1 polyphonic synthesizer; samplv1 [Read More]

Hello, and thank you in advance for taking the time to help me out.

read more

I have this case:

- a product with one attribut with several options
- the options do influence the price
- the costumization is just done when the product is shipped so there need to be _one stock_ for all the options.
- there need to be quantity based discounts (e.g. -30 % if 50 pieces ordered. Normaly only one option is chosen, so it doesn't make a difference if it's 50 of the same option or not. The percentage rate is the same for all the options)

read more

By George Kim. George Kim writes: This is a 3D environment demo of DIGITAL MIRAGE which specializes in VFX & Product Visualization. The entire 3D content has been been created from scratch using...

[read the full article on blendernation.com]

Hello, I hope you can help me.

I am quite new to drupal and ubercart but I am improving day by day so please bear with me.

I have installed ubercart and ubercart marketplace plus a few additional modules. These are installed fine but the trouble is actually configuring them to what I want them to do. (I do not know how)

My website will have members who can register to sell their own products and services. I have configured everything so that members can register for this and also they can even list products for sale in the marketplace, this is not the issue.

Where I need help is:

read more

mzuther has updated traKmeter to v1.05.0. Changes: LV2 plug-in (GNU/Linux). Experimental 64-bit version for Windows. Display maximum level on overload. Smooth switching of crest factor. Full re-calibr [Read More]

VROOOOM! By Heinzelnisse. Heinzelnisse writes: Rigged Pz.Kpfw VI Ausf.E Tiger, hope you like it The track movement+tank “wobbling” is generated from a simple start/stop point. The...

[read the full article on blendernation.com]

We have Ubercart... I don't know what version. And to preface this, I am not a programmer.

The shopping cart doesn't show taxes in the totals, but charges the user. As you can imagine, the client is delighted to see this only on their credit card statement rather than in the cart when it's being charged.

Can anyone help me, please?

Thanks,

Michele

blazraidr writes: Here is a quick overview video showing the studio setup used in my Jaguar XKR-S image, and the compositing setup I used to get the look I want. In the tutorial are a few tips on...

[read the full article on blendernation.com]

Mookie shows you how to create this tangled jumping rope. mookie writes: I have always wondered how to create tangled rope, bowl of pasta or a twisted cable that lies on the ground. Now that I found...

[read the full article on blendernation.com]

mzuther has updated K-Meter to v1.31.0. Changes: LV2 plug-in (GNU/Linux). Experimental 64-bit versions for Windows. Code clean-up and a few small bug fixes. Full re-calibration and new audio file. [Read More]

The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.

This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally.

Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly. As a precautionary measure, we've reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps.

1. Go to https://drupal.org/user/password
2. Enter your username or email address.
3. Check your email and follow the link to enter a new password.
   • It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

All Drupal.org passwords are both hashed and salted, although some older passwords on some subsites were not salted.

See below recommendations on additional measure that you can take to protect your personal information.

What happened?

Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability.

The suspicious files may have exposed profile information like username, email address, hashed password, and country. In addition to resetting your password on Drupal.org, we are also recommending a number of measures (below) for further protection of your information, including, among others, changing or resetting passwords on other sites where you may use similar passwords.

What are we doing about it?

We take security very seriously on Drupal.org. As attacks on high-profile sites (regardless of the software they are running) are common, we strive to continuously improve the security of all Drupal.org sites.

To that end, we have taken the following steps to secure the Drupal.org infrastructure:

• Staff at the OSU Open Source Lab (where Drupal.org is hosted) and the Drupal.org infrastructure teams rebuilt production, staging, and development webheads and GRSEC secure kernels were added to most servers
• We are scanning and have not found any additional malicious or dangerous files and we are making scanning a routine job in our process
• There are many subsites on Drupal.org including older sites for specific events. We created static archives of those sites.

We would also like to acknowledge that we are conducting an investigation into the incident, and we may not be able to immediately answer all of the questions you may have. However, we are committed to transparency and will report to the community once we have an investigation report.

If you find that any reason to believe that your information has been accessed by someone other than yourself, please contact the Drupal Association immediately by sending an email to password@association.drupal.org. We regret this occurred and want to assure you we are working hard to improve security.

Thank you,
Holly Ross
Drupal Association Executive Director

FAQ What happened?

The Drupal.org Security Team and Infrastructure Team has identified unauthorized access to user information on Drupal.org and groups.drupal.org, which occured via third-party software installed on the Drupal.org server infrastructure.

What information of mine was exposed?

The information includes username, email address, hashed passwords, and country for some users. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.

Was my credit card information exposed?

We do not store credit card information on our site and have uncovered no evidence that card numbers may have been intercepted. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.

Were projects or hosted drupal.org code altered?

We have no evidence to suggest that an unauthorized user modified Drupal core or any contributed projects or packages on Drupal.org. Software distributed on Drupal.org is open source and bundled from publicly accessible repositories with log histories and access controls.

Does this affect my own Drupal site?

This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally. However, we recommend that you follow best practices and follow any security notices from Drupal.org or third party integrations to keep your site safe. Resources include the following sites:

• https://drupal.org/security
• https://drupal.org/writing-secure-code
• https://drupal.org/security/secure-configuration

How did the access happen?

Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate.

What has been done to prevent this type of unauthorized access in the future?

There have been several infrastructure and application changes including:

• Open Source Lab, the group that hosts the servers for Drupal and infrastructure teams rebuilt production, staging, and development webheads
• GRSEC secure kernels were added to most servers
• An anti-virus scanner was run over file servers, and run routinely to detect malicious files being uploaded to the Drupal.org servers.
• We hardened our Apache web server configurations
• We made static archives of any site that has been end-of-lifed and will not be updated in the future
• Sites that were no longer going to receive feature or content updates were converted to static copies to minimize maintenance.
• We removed old passwords on sub-sites and non-production installations

Do you have any information about the identity of the person or group who did this?

At this point there is no information to share.

What is the security team doing to investigate the unauthorized access?

We have a forensics team made up of both Drupal Association staff and trusted community volunteers who are security experts investigating.

How is my Drupal.org password protected?

Passwords on Drupal.org are stored in a hashed format. Currently, passwords are both hashed and salted using multiple rounds of hashing (based on PHPass). Passwords on some subsites were not salted.

Who maintains the Drupal.org site?

The Drupal Association is responsible for maintaining the site, with the assistance of many trusted Drupal community volunteers.

How can I delete my profile rather than create a new password?

Please email password@association.drupal.org with the request.

What else can I do to protect myself?

First, we recommend as a precaution that you change or reset passwords on other sites where you may use similar passwords, even though all passwords on Drupal.org are salted and hashed. Some older passwords on some subsites were not salted. To make your password more secure:

• Do not use passwords that are simple words or phrases
• Never use the same password on multiple sites or services
• Use different types of characters in your password (uppercase letters, lowercase letters, numbers, and symbols).

Second, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not our practice to request personal information by e-mail. Also, beware of emails that threaten to close your account if you do not take the "immediate action" of providing personal information.

Although we do not store credit card information, as a precaution we recommend you closely monitor your financial accounts if you made a transaction on association.drupal.org or if you use a password with your fianancial institution that is similar to your Drupal.org password. If you see unauthorized activity (in the U.S.), we also suggest that you submit a complaint with the Federal Trade Commission ("FTC") by calling 1-877-ID-THEFT (1-877-438-4338).

Based on the results of the investigation into this incident, we may update the FAQs and may recommend additional measures for protecting your personal information.

I'm currently working with the uc_fedex module, version: 6.x-2.x-dev and using Drupal 6. I've been working with FedEx and they say I need to add in a condition to check for products that can be shipped by dimensional weight. I've read previous forum posts, specifically this one:
http://www.ubercart.org/forum/support/15938/need_adjust_shipping_dimensi...

The author of that post says they used some code that a user named TR made.

read more