Planet Drupal

Site Hacked? Read Cracking Drupal!

Cracking Drupal: A Drop in the Bucket
was everything I'd hoped it would be, and more.

Cracking Drupal by Greg Knaddison

I know that's a cliche, but when I first learned about Greg Knaddison's book (greggles in Drupal-land), I'd assumed it would be aimed primarily at Drupal contributed module developers. By the time I finished the excellent book about Drupal security, I realized it was an essential read for anyone connected with developing, theming, or maintaining a Drupal site.

I had been anticipating the release of Knaddison's book for months, as I've been a fan of his for some time, due in part to his active and helpful role in Drupal's forums, and to his work with the Security Team. After reading the book, I feel more secure than ever using Drupal, as its well-documented API and best practices ensure that any module maintainer adhering to them will produce rock-solid code. At the same time, it quite visibly demonstrates the importance of an active community to ensure the modules and themes we use do just that.

Let's look in more detail at the book.

Fighting Spam in Drupal with Mollom and Hashcash

I hate spam. Of course, I imagine the overworked, underpaid dupes in Pakistan dishing it out at 5¢ per hundred comments don't particularly like it much either. It's just their job.

So anyway, about a year ago, the spam on this site was getting a bit out of control. Fortunately, Mollom had just whipped out their new, free spam-blocking service about the same time, so I gladly installed it. As you can see in the graph below (the orange being 'Spam attempts blocked'), this has been a fantastic boon for the site, with over 700,000 spam attempts blocked in the past year.

Mollom blocks spam (2008-2009)

Looking at that graph, you can see the spam attempts really dropped off sometime in April or May. I really don't know why; if anything, the traffic to this site has steadily increased over the year. I suspect that whatever methods spammers were using were not paying off as well, perhaps in part due to the diligence of the great folks over at Mollom?

However, read on to see how it's been fairing lately...

Drupal Media Presentation in Colorado

If you haven't gotten your ticket for DrupalCamp Colorado, there's still time! Along with other excellent and anticipated sessions, I'll be presenting the current state of Drupal Media on Sunday, July 28, at 2:30 PM. The next day, Denver Open Media is hosting a Media Code Shiai / Sprint -- interested developers of all levels are invited and welcome!

Media Module Mockup

For anyone interested, here's the latest mockup for the Media module, courtesy of Maarten Verbaarschot (mverbaar) of the D7UX team!

Media Module Mock-up
(original at http://www.flickr.com/photos/mverbaar/3632702590/in/set-72157619245872526/)

You can see more screenshots at the D7UX Microproject - Media Library for D7 issue.

And Jon Stacey (jmstacey) is doing a bang-up job of helping to realize this vision, via the Google Summer of Code! He's been hard at work with Andrew Morton (drewish), another co-mentor, to make this happen for Drupal 7. (And yes, we're also continuing to back-port this work into 6.)

A Visit from the Drupal Security Police

Caveat: The following should be read with the understanding that I absolutely respect and admire the job that the volunteers of the Drupal Security Team do! Without their gallant efforts, Drupal wouldn't be the safe framework that it is. And as an aside, all module maintainers, developers, and anyone interested in learning more about how to lock down their site should read Cracking Drupal: A Drop in the Bucket, by Greg Knaddison (greggles), who happens to be a member of that crack force.

Drupal Security Team

Last week, I received a visit from the Drupal Security Team, telling me that the Embedded Media Field module contains a XSS vulnerability.

That put the fear of Drupal into me! The next day, I had a spanking new fix for it, and was ready to make a new release. That's when I actually read the instructions about what to do when you've been contacted by the Drupal Security Team...

Read about how to avoid the panic...

Everything is Miscellaneous

At the Open Media Camp in Denver yesterday, Kevin Reynen (kreynen) got things off to a great start with Overview of Metadata Standards for Video - Why doesn't it work like a Library? We discussed the difficulties of even agreeing on a standard set of genres for tagging video, from how to decide what genres to include in a taxonomy to the user interface in presenting those options to editors. (For instance, he said that his experience with the standards used at PEGMedia.org is that editors often use the Action genre by default, which is listed first in the listing, rather than scrolling through the hierarchy of available choices.)

Everything is Miscellaneous

I was reminded during this discussion of a book I read last summer, Everything is Miscellaneous: The Power of the New Digital Disorder, by David Weinberger. I mentioned the book, and got a few nods and a few shakes of the head. Seems quite a few people have looked at these issues from a lot of directions...

Media Sprint at Open Media Camp in Denver!

Make sure to attend the Media Sprint Update Panel and join the Media Sprint 2009 at Open Media Camp in Denver, on April 18-19!

The presenters of this panel, including Aaron Winborn (aaron), Arthur Foelsche (arthurf), and Alex Urevick-Ackelsberg (Alex UA), will discuss the ongoing efforts of the Media Sprint by the Drupal Media working group to bring to fruition the Media module and related work.

This panel will begin with a demonstration and discussion of the current state of the ongoing development of the Media module, and a thorough examination of the concept for its extensible API. Finally, we'll discuss the near and far-term plans, including the Media Sprint planned for the next day of the Open Media Camp.

Using Intelligent Web Services for Semantic Drupal Sites

See video

Original Session: Using Intelligent Web Services for Semantic Drupal Sites

Leveraging semantic web services such as Thompson Reuter's Calais within Drupal enables you to do amazing things that will be part of the semantic revolution. This session will cover some incredibly powerful things you can do to augment content and create powerful features once you have the semantic context and metadata of the information driving a site.

Syndicate content

The Society for Venturism has chosen me as the recipient of its charity for this year, to hopefully offer me cryonic preservation when the time comes. And this month, Longecity, an excellent forum for the discussion of issues related to extending the lifespan of humans, has offered up a matching grant of up to a thousand dollars to help out! So help out! Please.