Aaron Winborn

Caveat: The following should be read with the understanding that I absolutely respect and admire the job that the volunteers of the Drupal Security Team do! Without their gallant efforts, Drupal wouldn't be the safe framework that it is. And as an aside, all module maintainers, developers, and anyone interested in learning more about how to lock down their site should read Cracking Drupal: A Drop in the Bucket, by Greg Knaddison (greggles), who happens to be a member of that crack force.

Last week, I received a visit from the Drupal Security Team, telling me that the Embedded Media Field module contains a XSS vulnerability.

That put the fear of Drupal into me! The next day, I had a spanking new fix for it, and was ready to make a new release. That's when I actually read the instructions about what to do when you've been contacted by the Drupal Security Team...

Read about how to avoid the panic...

FYI, I'm planning to do a Dojo session (using DimDim) sometime hopefully early this week around Embedded Media Field, with the following goals:

* Create a provider file for Hulu.com: This will cover the basic steps to create an include file for emfield, with a basic video provider who provides an API. As Hulu.com implements oEmbed, this will also give a brief introduction to that standard. As Hulu.com will not be included as part of the package of emfield, this will also show the expected way to provide a file outside of the base module.
* Create a provider file for IMDB. This media provider does not offer an API, so it gives a basic introduction to the difficulties involved in accommodating such a provider. Even though IMDB uses Hulu for its videos, their TOS prohibits page scraping. So any techniques covered in this portion of the demonstration are for instructional purposes only.

This live session will be for intermediate developers. It assumes you know how to build a module, and that you understand Drupal's hook system. It will be recorded for later viewing.

Date/time and more info later.

(Cross-posted at the Drupal Dojo.)

As you can see here, thumbnails are now stored locally with Embedded Media Field. This opens the way to ImageCache integration and more.

This example also makes use of a new formatter, which uses jQuery to replace the thumbnail with an inline video, so that cookies aren't sent to the provider unless the user clicks to play.

Video: 

Here's a play button. Maybe for Embedded Media Field...

I've started work on the Media Transcriptions module today. This module will allow the attachment of Transcriptions (or Closed Captioning) to video and audio files. The initial version in CVS is from some work by Jonathan DeLaigle (grndlvl), who is a co-maintainer & developer of the module.

For full functionality, you'll need to wait for Drupal 7, because of the long-awaited hook_file and Fields in core issues.

However, there will be releases with limited functionality for Drupal 6, and even a teaser for Drupal 5, with a promise of smooth upgrading as things progress.

Read more to Find out What this Means for your Multimedia!

A YouTube clone? In Drupal? Of course!

I was asked by the organizers of the Do It With Drupal seminar if I would like the opportunity to create a YouTube clone in Drupal and talk about that process with the community. Of course!

Do It With Drupal will take place in New Orleans, from December 10-12, 2008. Besides my YouTube clone, other showcase fantasy sites will also be presented, including Flickr, Twitter, and FreshBooks.com clones. All built with Drupal! And that's just the first day. There are some really big name folks presenting at the seminar, like Earl Miles, Robert Douglass, Gábor Hojtsy, John Resig (who wrote jQuery), Matt Westgate, Moshe Weitzman, Angela Byron, James Walker, and more! Seriously, check out the speaker list if you haven't yet.

Now that I've agreed to that, it means up all this personal time I just freed up from finishing up Drupal Multimedia (which goes to the printers on Monday!) will now go to building this fun site...

Read more about How I Plan to Do YouTube With Drupal...

Embedded Media Field has grown exponentially in the last year since I've begun developing it. From its humble beginnings as a brainstorming session at DrupalCampNYC last spring, it has grown from a quirky method of make embedding YouTube videos easier for editors to a full-featured suite of modules allowing for drag-and-drop placement of third party videos, images, and audio clips.

Used on a wide range of sites, such as Air America, NRDC, and Drupal Dojo, the module is a flexible and powerful solution for embedding multimedia.

Read on for its strengths and weaknesses...

As referred to in YouTube API for Drupal on the Way, beeradb has now opened the YouTube API module for development. He and I have been working to polish it up and make it ready for release.

You can take a look at the YouTube search on this site if you want to try it out! You can currently search YouTube for tags or users from the form, and see the results right here.

Obviously, that's just the tip of the iceberg. There are some cool things planned for it in the near term, such as integration with Media Mover, Embedded Media Field, and yes, Rob, I haven't forgotten about Annotation Field...

And of course, the holy grail of single site integration of a YouTube video upload from your browser...

I blogged briefly recently about YouTube's new and improved API. Soon thereafter, there was a flurry of discussion about creating a Google Summer of Code project to integrate it with Drupal, including a proposal that wasn't accepted, but I believe nothing further happened from that point.

Until now.

Brad Bowman (beeradb) has stepped up to the plate and created a YouTube API wrapper. He hasn't released it yet, though he indicated that he plans to early next week. I have had the honor of an early review, and it is nice to work with.

I set it up on a test server, and was able to upload a video to its file directory and have it also uploaded to YouTube, showing up in my user account almost immediately. The API also let me view my YouTube video user feed, so I could verify the results without leaving my site.

Additionally, when retrieving videos, you have access to everything stored at YouTube with that video, including video duration (as shown in the screen shot), description, and user comments.

Read on, anxious reader...

This list is partly to inform interested others of my personal Drupal plans this month, partly to get feedback, and partly as a reminder for myself when I see my blog. The order is roughly in order of priority for me. We'll see how it actually pans out...

• Finish writing Drupal Multimedia! (I've finished 10 of 12 chapters, so I'm on the home stretch...)
• Upgrade Embedded Media Field to Drupal 6. (There are several folks working on this, who have been instrumental in current progress.)
• Write the engine for 5 Second Game. (Morbus Iff has jumped on board as a co-developer, helping to ensure the highest quality for this fun project!)
• Expand GetID3 functionality. (Thanks to Rob Loach for his ideas and push to get that going. The next stage of development for this is to create an API to better handle Metatag storage.)
• Make a tutorial for XSPF Playlist + Views recipe. (I just finished writing an awesome tutorial for this in the book, but want to make a video tutorial available, probably for Drupal Dojo.)

There are other projects on the back-burner I'd like to get to as well, such as upgrading some of the other modules I work on, creating official releases, etc. I plan to revise this list next month, and see where things are.