Syndicate contentCool

Secure permissions for Drupal

Posted on November 22, 2009 by agentrickard

Picture 2Sometimes, you read things on the web and they just stick in your head. Randomly nagging at you to do something about them.

Well, on Friday, I ran across a tweet by @djay75, which I will repost here.

Governments trust plone. There are 5 times as many US gov #plone sites as #drupal, (e.g. FBI, CIA). Why? security http://bit.ly/199qWh

The link takes you to a Plone marketing page, which has this information:

Problem A2: Broken Access Control
How Plone handles this: Plone is based on the well-proven (7 years in production), flexible and granular ACL/roles-based security model of Zope. In addition, Plone utilizes an innovative workflow-based approach to security, which means that end-users never see or modify the security settings — they only work with security presets that have been supplied to them by the developers of the application. This greatly reduces the possibility of misconfigured security settings.

And, having been bitten by this in Drupal a few times, I looked at this line end-users never see or modify the security settings and thought, "Hm, I wonder if you can do that in Drupal?"

Well, of course you can. The original module code took me about 2 hours (thanks to some nice new API features in Drupal 7). I spent another 2-3 hours polishing the documentation and the user interface (making it so you don't accidentally lock yourself out of your own site.) And now, we have the Secure Permissions module for Drupal 7.

I can see this being very helpful in some use-cases, as site permissions and roles can be configured on a development site, then exported to code and loaded onto the production site.

Update: And I just realized, the entire module only has one SQL query in it. Big win for the Drupal APIs. And, for the record, the module is ~ 450 lines of code, probably half of which are comments.

Update 2: I just released the Drupal 6 version today.

Drupal Community++

Posted on October 3, 2009 by agentrickard

So I received this email the other day:

Your Domain Access module is fantastic and I am perpetually amazed at the level of support you provide and the speed with which you provide it. Having this module has made a huge difference in setting up and maintaining my research group's sites and I wanted to send along a little thank you...

cracking-drupal

And so he did, sending along a copy of Greg Knaddison's Drupal security book, Cracking Drupal

Aww. Thanks, Ethan!

That is a really nice use of Domain Access, too. Ethan provides a portal for ecology research: http://www.weecology.org/

Throw this on top of my upcoming trip to Sweden, and I'm having a pretty good Drupal month. Maybe even enough to roll up the sleeves and finish the stable release.

DrupalCamp Sweden: Vi kommer till Stockholm

Posted on September 26, 2009 by agentrickard

dc-stockholm

That's right. I have been invited to present at DrupalCamp Sweden, to be held November 11-12 in historic Stockholm.

First off, a huge thanks to NodeOne, the event sponsors, and to Palantir.net, for giving me clearance to take a week to travel to Sweden for the first time.

This is a two day camp, which some organized sessions and some BarCamp style meetups. You can look at the program online. I will be presenting on both days. Day One concentrates on Drupal as a platform for media companies, and I will be speaking about Drupal for newspapers and magazines (including sites like Foreign Affairs and SavannahNow). Day Two is more technical, and we will be diving into the Domain Access module suite. We may even do a live demo for how to run multiple DrupalCamp websites off a single installation.

And, if that wasn't enough, Amy also managed to get the week off. And, following the "You can't go to Europe without me" rule, she'll be coming along to explore. So if any Drupalgängers are thinking of going (or if you live in Sweden and want to show us around a bit), let us know.

All you Scandanavian Drupalers, this one is going to be big. Hope to see you there!

PublicMediaCamp: October 17th and 18th

Posted on September 24, 2009 by agentrickard

[Edit: I goofed the dates the first time. Now corrected. Sorry.]

final.pmc.iso

One of the ideas that came up during our last PBS Engage advisory board meeting was the desire to create a series of PublicMedia Camps around the country. These BarCamp-style events would encourage developers and producers (and, you know, ordinary people) to come together and collaborate in order to improve public media.

Well, the first camp is set, for October 17th and 18th, in Washington D.C. This event is the model for future events around the country, and it should draw some top talent

PublicMediaCamp (PubCamp) is an initiative to strengthen the relationship that public broadcasters have with their communities through the creation of collaborative projects. Beginning with a national kickoff event in Washington, DC scheduled for October 17th-18th, 2009, PubCamp would be followed by local events hosted by participating stations. NPR, PBS, and American University Center for Social Media will host the launch event in conjunction with iStrategyLabs.

And, if you work at an NPR or PBS member station, you can apply for a scholarship to attend. (Hurry, this closes at 5 p.m. ET on Wednesday, September 30.)

And if you are interested in hosting a local PubCamp, there are resources on the way.

DrupalCamp Atlanta

Posted on September 21, 2009 by agentrickard

drupalcamp-atl-logo-peach

Alright, so the first (annual?) DrupalCamp Atlanta is over and done. A success all around, and most (if not all) of the credit goes to the Atlanta Drupal Users Group and especially Dave Terry and the team at Mediacurrent. Great venue, free food and some surprise guests from out of town.

Addison Berry came down as the keynote speaker. It was fun for me to finally see her talk, since she is traveling on a Knight Drupal Initiative grant. Her mission is to improve Drupal's documentation, but her message is that everyone is part of the Drupal community and can add value to the product and the process of sustaining Drupal.

Josh Brauer came from out West to represent Acquia and discuss Gardens and Drupal 7. Jakob Perry [japerry] even came from Seattle to see what we were up to. There was also a large group of folks from Nashville, including Jamie Meredith.

Ben Finklea from Volacci came from Austain to discuss SEO, marketing strategies and Drupal. His talk, "I have seen the future of marketing and it is Drupal blue," reinforced some lessons about site architecture, content and (believe it or not) honesty in marketing that made for a good refresher, and a break from a day of code-speak.

The best talk I went to all day, actually, was by my former co-worker (I quit, not him), Cameron Guill. Cameron is the MySQL DBA at Morris Digital Works and is responsible for keeping large sites like SavannahNow and Jacksonville.com running smoothly. He discussed the use of Squid and Squirm as a front-side cache; the advantages (and limitations) of running Drupal with memcached; a whole boatload of MySQL performance tunes; the importance of performance monitoring and query logging; and, well, a bunch of stuff that went right over my head. If I had to summarize his advice, it would be: make sure you write to memory instead of to disk, whenever and wherever possible. Disk swap can cripple your site. Oh, and if you aren't running a dedicated database server (and don't have a real DBA) you're kidding yourself if you try to scale Drupal.

I presented on Domain Access, and how it might change your Drupal life. And the talk was well-received, though I could have used another 20 minutes for questions.

In all, a very successful day of Drupaling. The rain dampened spirits a bit (and I think kept us from hitting our 250 attendee capacity). But it was worth getting up early and making the (sometimes harrowing) drive through the rain to get there and back. Next time, I'm staying the night so I can go to the afterparty.

Paris, Drupal and the Drupalgängers

Posted on August 25, 2009 by agentrickard

My wife Amy and I are sitting in the Charlotte, NC, airport, waiting for our plane to Paris and DrupalCON 2009. This will be the third year we've gone to DrupalCON Europe, and after great trips to Barcelona and Szeged/Budapest, we're very excited about Paris. And my wife is probably more excited than I am.

Why? Well, let me tell you a little story...

Back in 2007, at DrupalCON Barcelona, I still wasn't a full time Drupaler. I had a day job that involved some Drupal, and worked on a few modules, but wasn't deep in the community. Still, when Barcelona was announced as the location, I knew we had to go. So one of my missions for that confernce was to introduce my wife to other people, so that she could have fun while I was off geeking out.

I wasn't alone. The night before DC Barcelona, we had a meetup for Drupalers and their partners at Moshe Weitzman's apartment. As I recall, there were about 6 or 8 people there when we arrived. There was some wine, some introductions, and a chance to meet a few people.

During Barcelona, Amy spent some time with a few of these folks, and we met a few more people one night at the Place Royale (people we would run into again in Szeged, as it turns out.)

In Szeged, there were a few more fellow travelers, and more ad hoc meetups. Szeged, unlike Barcelona (or Paris) was small enough that people could easily meet at the venue, and then plan a day wandering around, haging out, and generally having a good time.

Starting in Szeged, the idaea was hatched to start a more formal group, one which could help coordinate events, activities and introductions for people travelling to but not attending DrupalCON. And thus the Drupalgängers group was born. Their mission is simple:

The primary goal of the Drupalgängers, defined as friends, partners, spouses, and other associates of Drupal community members, is to have a contingency of awesome individuals with whom we may enjoy the "con" - without ever having to participate in the geekdom of the event - by traveling around the town or city together.

For Paris, they have gone all out. There was an activity survey (with over 25 responses), some serious planning, and an effort to be as inclusive and casual as possible. From all that work has come the non-attendee track for DrupalCON Paris, which is dedicated to providing social opportunities in the heart of Paris.

A few extra words about the makup of the Drupalgängers, and the kinds of interaction you can expect. In true Drupal fashion, they are best described as a Birds of a Feather (BoF) group; an ad hoc collection of individuals who are committed to making the most of their time together. While the group has some scheduled events, there are always opportunities to just hang around a cafe, or to suggest alternative trips or side excursions, or to just stop and have an ice cream in the park.

In essence, the group's character will be defined by the people who attend the events. You don't have to know anyone, know anything about Drupal, or pass any membership tests. Just be yourself, come on over, and be open to meet some new friends.

Knight Drupal Initiative: $480,000

Posted on March 5, 2009 by agentrickard

At DrupalCON DC yesterday, Jose Zamora of Knight Foundation announced the first round of grants from the KDI. Below is the press release from Knight:

WASHINGTON, D.C. -- Six ideas that will make it easier for anyone to join the digital conversation will be realized with support from the John S. and James L. Knight Foundation. The projects will use the free and popular software Drupal, which allows users to efficiently publish content online.

"These powerful tools will help people exchange information and ideas about their communities -- which we hope will make them more engaged and vibrant places to live," said Jose Zamora, Knight Foundation's Journalism Program Associate.

The Knight Drupal Initiative's winners, announced at the DrupalCon DC Conference, will receive a total of $485,380 to:

* Create concise, up-to-date instructions for Drupal software packages so that tech novices can use the tools; (Winner: Programmer Addison Berry)

* Create a free publishing system to make it easier for several geographic communities to share local news with each other; (Winner: Oregon-based funnymonkey.com)

* Allow anyone, anywhere to easily create a Drupal online news site whose content can be published on Facebook in order to reach an extended social network; (Winner: Software developer Dave Cohen)

* Develop software that allows people to create and share a personalized stream of information within their social network, helping them to filter and recommend articles to others interested in the same issues; (Winner: Instant Syndicating Standards, a Brazilian non-profit)

* Add a micro-blogging function to Drupal that will allow users to transmit brief text updates on their Web sites (Winner: Web developer Rob Loach)

* Create a tool that will help residents better communicate and understand information about their community by allowing them to geo-tag -- or add a geographical identification -- to stories so they can be displayed on a map; (Development Seed, a Washington D.C. firm)

The Knight Drupal Initiative tapped into a massive network of programmers, to get their recommendations for how to hasten media innovation for the common good. The Drupal Community, a group of about 350,000 programmers who write free software collaboratively on the Web, solicited, reviewed and recommended the projects for funding. The Drupal Community also includes the more than 1.4 million users worldwide who rely on Drupal to manage the content of their Web sites. The application process was open, meaning anyone could submit or vote on an idea. Knight Foundation made the final selection.

About the John S. and James L. Knight Foundation

The John S. and James L. Knight Foundation invests in journalism excellence worldwide and in the vitality of U.S. communities where the Knight brothers owned newspapers. Since 1950, the foundation has granted more than $400 million to advance quality journalism and freedom of expression. Knight Foundation focuses on projects with the potential to create transformational change. For more, visit www.knightfoundation.org.

What can I say, but "Wow." I am especially excited about the Documentation sprint, which will directly benefit drupal.org.

KDI proposals recommend $178,000 for Drupal development

Posted on October 2, 2008 by agentrickard

The October review meeting of the Knight Drupal Initiative saw three new proposals accepted by the community.

KDI logo

These proposals have been passed to Knight Foundation for final review and potential funding.

The Knight Drupal Initiative is an ongoing, open grant funding process for the Drupal open source project. We want to enable more people to enter the digital conversation by lowering the technical barriers to entry. We will provide powerful tools for digital publication, free and open to all. Our goal is to encourage people to improve their communities by supporting the free exchange of information and ideas.

For more information or to learn how to apply, see http://groups.drupal.org/knight-drupal-initiative

Woo hoo

Posted on September 29, 2008 by agentrickard

So today, we finally got our furniture back. It almost looks like our house again.

If you look closely at the fireplace, you'll see the new art we bought last week. Ironically, its a painting of three trees.

I have also included a bonus picture of some happy dogs, who now have their house back.

img_2263.jpg

img_2265.jpg

img_2266.jpg

img_2267.jpg

img_2269.jpg

BBEdit 9: Customer service and developer love

Posted on September 9, 2008 by agentrickard

There is an ongoing debate (in my office at least) about the value of BBEdit instead of a true IDE. I tried Zend, but could never make it show invisibles or line breaks, which drove me crazy.

Well, the BBEdit folks get high marks on two points. One, this email I received yesterday:

Thank you for your previous purchase of BBEdit 8.5. We are happy to inform you that you are eligible for a free upgrade to BBEdit 9.0, a major upgrade with over a hundred new features and enhancements.
...
You are receiving this message because you purchased BBEdit 8.5 on or after January 1, 2008.

So, first, big props to customer retention and happiness.

Second, IDE-style features are here. Witness PHP function auto-completes:

picture-4.png

Now to make it recognize the Drupal API.

Buy the Book

Buy your copy of Drupal 7 Module Development today!

It includes my detailed chapter on Node Access in Drupal 7.

Speaking Engagements

Contact me for availability.

Contact

  • agentrickard [at] gmail [dot] com

Donations

My Amazon.com Wish List