Site Upgrade

Posted on November 29, 2009 by agentrickard

At long last, I have gotten around to upgrading the site. I moved from Drupal 5 to Drupal 6. And at the same time, I consolidated my old WordPress 2.8.x blog into the Drupal 6 architecture.

Two tools make this possible. One, the pretty nifty WordPress import module for Drupal. (A hat-tip, as well, to WP's nice XML export feature). The second, of course, is Domain Access, which allows multiple subdomains to run from a single Drupal installation.

With Domain Access in place, I can branch out a bit, and separate different parts of the site (and my life) to different audiences. So, for instance, the main blog is still Second Goose, where I post work-related material. On the main site,, will be the best from all sites, and maybe some family stuff (mostly dog photos, probably). For fun, there is \m/ where I will talk about heavy metal and albums I like. And I set up to host API documentation for various modules that I maintain.

There may be a little dust flying around for a few days while things get settled. Hopefully there aren't too many broken links on the site. I also have to get ImageCache and its family of modules running later.

Secure permissions for Drupal

Posted on November 22, 2009 by agentrickard

Picture 2Sometimes, you read things on the web and they just stick in your head. Randomly nagging at you to do something about them.

Well, on Friday, I ran across a tweet by @djay75, which I will repost here.

Governments trust plone. There are 5 times as many US gov #plone sites as #drupal, (e.g. FBI, CIA). Why? security

The link takes you to a Plone marketing page, which has this information:

Problem A2: Broken Access Control
How Plone handles this: Plone is based on the well-proven (7 years in production), flexible and granular ACL/roles-based security model of Zope. In addition, Plone utilizes an innovative workflow-based approach to security, which means that end-users never see or modify the security settings — they only work with security presets that have been supplied to them by the developers of the application. This greatly reduces the possibility of misconfigured security settings.

And, having been bitten by this in Drupal a few times, I looked at this line end-users never see or modify the security settings and thought, "Hm, I wonder if you can do that in Drupal?"

Well, of course you can. The original module code took me about 2 hours (thanks to some nice new API features in Drupal 7). I spent another 2-3 hours polishing the documentation and the user interface (making it so you don't accidentally lock yourself out of your own site.) And now, we have the Secure Permissions module for Drupal 7.

I can see this being very helpful in some use-cases, as site permissions and roles can be configured on a development site, then exported to code and loaded onto the production site.

Update: And I just realized, the entire module only has one SQL query in it. Big win for the Drupal APIs. And, for the record, the module is ~ 450 lines of code, probably half of which are comments.

Update 2: I just released the Drupal 6 version today.

Public Media and Drupal: Examples needed

Posted on October 14, 2009 by agentrickard

I noted the other day that I'm off for PublicMedia Camp this weekend. I'm excited about the event, and my trip is generously sponsored by the folks at PBS Engage. While there, I hope to help with some of the technical brainstorming sessions (and maybe a little bit of strategy, too).

I also signed up to do a short session on Why Drupal is Good for Public Media. It is basically an introduction to the ethos (yes, we have one) and practice of the Drupal community. It is a non-technical talk designed to explain why Drupal is an attractive platform for public media projects.

Some clarifications and a request.

-- "Public media" may be a peculiarly American concept. Yes, the BBC is a government-run company, but its structure and (especially) its funding are vastly different from a PBS or NPR in the states. Public media in the U.S. (traditionally) is broadcast spectrum set aside for local public interest programming on TV and radio. Stations are run locally, and receive most of their funding from local contributions (though there are national grants and government funds available).

Part of the big challenge of public media is how to address the Internet and the shifts in audience that have happened over the last 20 years. That's precisely the problem PBS Engage tackles.

So, my request:

-- I am looking for examples of Drupal usage for public media operations and projects, with a particular focus on the following topics:

  • Interactive projects that engage audience with content creators
  • Fundraising and donation tools
  • Membership and rewards programs, such as CRM
  • Media channels and narrowcasting
  • Local tools for civic engagement

Please, I don't need a technical "you can do that with module X and configuration Y." I would like some links to real-world examples. I also can't really use sites like NowPublic, because they are not "public media" as defined above.

If you have any thoughts or a good showcase site, please leave a URL in the comments.

Review: Drupal 6 Search Engine Optimization

Posted on October 3, 2009 by agentrickard


When I was at DrupalCamp Atlanta two weeks ago, I spent some time talking to Ben Finklea, CEO of SEO firm Volacci. Ben was in town to present on Drupal and SEO marketing (naturally). After the con, his office contacted me and asked if I would review Ben's new book, Drupal 6 Search Engine Optimization

Let's start back in the dark early days of the Internets. I got my start in this business back in 1998 (though I was teaching rudimentary web page building as early as 1995). This was, if you can believe it, before Google ruled the web. (Looking on Wikipedia, it seems that Google was incorporated a scant two weeks before I started by job.)

I think this is important to the review because I have a deep mistrust of SEO as a concept, and that extends to the people who peddle SEO like a commodity. I have seen the rise of SEO and the tricks that came with it. Like this classic bit we all tried to add keywords to pages. And I have seen the failure of those techniques, as the search engine providers get smarter and trying to game the system gets you punished.

Well, the good news is that I think Finklea is on the good side of that battle. And a read through his book confirms it.

This book serves two purposes, and unlike some books that suffer from a split focus, pulls both off very well. On the one hand, the book is a gentle yet thorough introduction to current SEO practices, terms and tools. The other focus of the book is using Drupal and its contributed modules to optimize your site for Google. (Though other search engines are mentions, Finklea points out that Google's market dominance makes it the best target for your optimizations.)

One might argue, in fact, that the last chapter of the book ("Increasing the Conversion Rate of Your Drupal Web Site") should in fact be the first, since it introduces essential marketing strategies that, if you don't know already, you need to learn. But that chapter is deliberately placed, and ties together the technical details of the book with a marketing strategy. What you are left with is a nicely balanced, short introduction to SEO with a focus on Drupal best-practices.

Reading through the book, you will learn (or be given a refresher on):

  • How to install Drupal modules
  • The essential modules for SEO in Drupal
  • Best practice usage of those modules (over two dozen are discussed)
  • How to perform keyword research
  • How to optimize content for search
  • Using OpenCalais and Apache Solr to increase site traffic
  • What not to do because it a) won't help or b) will get your site penalized
  • How Google uses Robots.txt
  • Which META tags you need use and which to ignore
  • The importance of page weight and load speeds
  • How to perform basic usability testing
  • How (and why) to perform A/B variance testing to optimize your site design

That's a pretty long list, and doesn't cover the entire book. Particular standout sections of the book hit the following topics in detail:

  • Picking the right keywords to target
  • Using the Page Title and Token modules to advantage
  • PathAuto configuration (which is always a little messy)
  • How to write good content to increase search relevance
  • Proper use of <H1> and heading tags
  • Optimizing Drupal's default robots.txt file
  • Identifying the goals of your web site so you can target your marketing spend
  • Google Webmaster Tools, plus a survey of other free and commercial tools for SEO, such as SEOmoz

The book is written in an easy, conversational style, and I only found one instance where I thought I was reading a sales or marketing manual. (This comes fairly early, in discussing a site's first SEO campaign, Finklea writes "Since we want to justify a fuller campaign, we need some easy wins". In this book, that statement was a little jarring, and I couldn't tell who needed to sell a "win," to whom, and for what reason. This is the kind of sales setup which makes many of us wary of SEO firms, and I think the editor should have caught that error in tone.) A few parts of the book feel a bit rushed, too, such as the end of chapter 4, where some additional screenshots are noticeably absent.

Let's get to the bottom line: If you build or maintain Drupal web sites (or manage people who do), should you run out and spend $44.99 on this book? Well, if you know nothing more about SEO than what I have told you, then, yes, immediately go buy a copy. Otherwise, I would find a copy and read Chapter 10 (or browse the TOC online). If it contains ideas which you haven't considered when building your web site(s), then you'll know that this book is right for you.

One final note: this is perhaps the most gracious of the Drupal books that I have read, and the thanks to Drupal contributors (including Palantir's own John Wilkins) are sprinkled liberally throughout the book (there are more than 30 in the introduction alone). And this generosity really helps sets the tone for the community spirit that helps make Drupal so powerful for web site builders.

Drupal Community++

Posted on October 3, 2009 by agentrickard

So I received this email the other day:

Your Domain Access module is fantastic and I am perpetually amazed at the level of support you provide and the speed with which you provide it. Having this module has made a huge difference in setting up and maintaining my research group's sites and I wanted to send along a little thank you...


And so he did, sending along a copy of Greg Knaddison's Drupal security book, Cracking Drupal

Aww. Thanks, Ethan!

That is a really nice use of Domain Access, too. Ethan provides a portal for ecology research:

Throw this on top of my upcoming trip to Sweden, and I'm having a pretty good Drupal month. Maybe even enough to roll up the sleeves and finish the stable release.

DrupalCamp Sweden: Vi kommer till Stockholm

Posted on September 26, 2009 by agentrickard


That's right. I have been invited to present at DrupalCamp Sweden, to be held November 11-12 in historic Stockholm.

First off, a huge thanks to NodeOne, the event sponsors, and to, for giving me clearance to take a week to travel to Sweden for the first time.

This is a two day camp, which some organized sessions and some BarCamp style meetups. You can look at the program online. I will be presenting on both days. Day One concentrates on Drupal as a platform for media companies, and I will be speaking about Drupal for newspapers and magazines (including sites like Foreign Affairs and SavannahNow). Day Two is more technical, and we will be diving into the Domain Access module suite. We may even do a live demo for how to run multiple DrupalCamp websites off a single installation.

And, if that wasn't enough, Amy also managed to get the week off. And, following the "You can't go to Europe without me" rule, she'll be coming along to explore. So if any Drupalgängers are thinking of going (or if you live in Sweden and want to show us around a bit), let us know.

All you Scandanavian Drupalers, this one is going to be big. Hope to see you there!

PublicMediaCamp: October 17th and 18th

Posted on September 24, 2009 by agentrickard

[Edit: I goofed the dates the first time. Now corrected. Sorry.]


One of the ideas that came up during our last PBS Engage advisory board meeting was the desire to create a series of PublicMedia Camps around the country. These BarCamp-style events would encourage developers and producers (and, you know, ordinary people) to come together and collaborate in order to improve public media.

Well, the first camp is set, for October 17th and 18th, in Washington D.C. This event is the model for future events around the country, and it should draw some top talent

PublicMediaCamp (PubCamp) is an initiative to strengthen the relationship that public broadcasters have with their communities through the creation of collaborative projects. Beginning with a national kickoff event in Washington, DC scheduled for October 17th-18th, 2009, PubCamp would be followed by local events hosted by participating stations. NPR, PBS, and American University Center for Social Media will host the launch event in conjunction with iStrategyLabs.

And, if you work at an NPR or PBS member station, you can apply for a scholarship to attend. (Hurry, this closes at 5 p.m. ET on Wednesday, September 30.)

And if you are interested in hosting a local PubCamp, there are resources on the way.

DrupalCamp Atlanta

Posted on September 21, 2009 by agentrickard


Alright, so the first (annual?) DrupalCamp Atlanta is over and done. A success all around, and most (if not all) of the credit goes to the Atlanta Drupal Users Group and especially Dave Terry and the team at Mediacurrent. Great venue, free food and some surprise guests from out of town.

Addison Berry came down as the keynote speaker. It was fun for me to finally see her talk, since she is traveling on a Knight Drupal Initiative grant. Her mission is to improve Drupal's documentation, but her message is that everyone is part of the Drupal community and can add value to the product and the process of sustaining Drupal.

Josh Brauer came from out West to represent Acquia and discuss Gardens and Drupal 7. Jakob Perry [japerry] even came from Seattle to see what we were up to. There was also a large group of folks from Nashville, including Jamie Meredith.

Ben Finklea from Volacci came from Austain to discuss SEO, marketing strategies and Drupal. His talk, "I have seen the future of marketing and it is Drupal blue," reinforced some lessons about site architecture, content and (believe it or not) honesty in marketing that made for a good refresher, and a break from a day of code-speak.

The best talk I went to all day, actually, was by my former co-worker (I quit, not him), Cameron Guill. Cameron is the MySQL DBA at Morris Digital Works and is responsible for keeping large sites like SavannahNow and running smoothly. He discussed the use of Squid and Squirm as a front-side cache; the advantages (and limitations) of running Drupal with memcached; a whole boatload of MySQL performance tunes; the importance of performance monitoring and query logging; and, well, a bunch of stuff that went right over my head. If I had to summarize his advice, it would be: make sure you write to memory instead of to disk, whenever and wherever possible. Disk swap can cripple your site. Oh, and if you aren't running a dedicated database server (and don't have a real DBA) you're kidding yourself if you try to scale Drupal.

I presented on Domain Access, and how it might change your Drupal life. And the talk was well-received, though I could have used another 20 minutes for questions.

In all, a very successful day of Drupaling. The rain dampened spirits a bit (and I think kept us from hitting our 250 attendee capacity). But it was worth getting up early and making the (sometimes harrowing) drive through the rain to get there and back. Next time, I'm staying the night so I can go to the afterparty.

Paris, Drupal and the Drupalgängers

Posted on August 25, 2009 by agentrickard

My wife Amy and I are sitting in the Charlotte, NC, airport, waiting for our plane to Paris and DrupalCON 2009. This will be the third year we've gone to DrupalCON Europe, and after great trips to Barcelona and Szeged/Budapest, we're very excited about Paris. And my wife is probably more excited than I am.

Why? Well, let me tell you a little story...

Back in 2007, at DrupalCON Barcelona, I still wasn't a full time Drupaler. I had a day job that involved some Drupal, and worked on a few modules, but wasn't deep in the community. Still, when Barcelona was announced as the location, I knew we had to go. So one of my missions for that confernce was to introduce my wife to other people, so that she could have fun while I was off geeking out.

I wasn't alone. The night before DC Barcelona, we had a meetup for Drupalers and their partners at Moshe Weitzman's apartment. As I recall, there were about 6 or 8 people there when we arrived. There was some wine, some introductions, and a chance to meet a few people.

During Barcelona, Amy spent some time with a few of these folks, and we met a few more people one night at the Place Royale (people we would run into again in Szeged, as it turns out.)

In Szeged, there were a few more fellow travelers, and more ad hoc meetups. Szeged, unlike Barcelona (or Paris) was small enough that people could easily meet at the venue, and then plan a day wandering around, haging out, and generally having a good time.

Starting in Szeged, the idaea was hatched to start a more formal group, one which could help coordinate events, activities and introductions for people travelling to but not attending DrupalCON. And thus the Drupalgängers group was born. Their mission is simple:

The primary goal of the Drupalgängers, defined as friends, partners, spouses, and other associates of Drupal community members, is to have a contingency of awesome individuals with whom we may enjoy the "con" - without ever having to participate in the geekdom of the event - by traveling around the town or city together.

For Paris, they have gone all out. There was an activity survey (with over 25 responses), some serious planning, and an effort to be as inclusive and casual as possible. From all that work has come the non-attendee track for DrupalCON Paris, which is dedicated to providing social opportunities in the heart of Paris.

A few extra words about the makup of the Drupalgängers, and the kinds of interaction you can expect. In true Drupal fashion, they are best described as a Birds of a Feather (BoF) group; an ad hoc collection of individuals who are committed to making the most of their time together. While the group has some scheduled events, there are always opportunities to just hang around a cafe, or to suggest alternative trips or side excursions, or to just stop and have an ice cream in the park.

In essence, the group's character will be defined by the people who attend the events. You don't have to know anyone, know anything about Drupal, or pass any membership tests. Just be yourself, come on over, and be open to meet some new friends.

Review: Drupal Multimedia

Posted on May 21, 2009 by agentrickard

Drupal Multimedia
Drupal Multimedia, by Aaron Winborn, Packt Publishing, 2008

Drupal Multimedia covers the use of audio, video and image files within the popular Drupal open-source content management framework. The book is aimed at site architects, themers and Drupal developers, with an emphasis on those new to the platform.

Packt sent me a copy of the book for review, and I think that is an important statement. I would not have purchased this book otherwise, mostly because I have been using Drupal since 2004 and am familiar with the challenges and solutions discussed in this book. That said, I did learn some new tricks (jQuery Media, Dash Media Player), and I have tried to approach my final review as if I were new to Drupal.

Let me start the formal review by praising Winborn’s depth of knowledge and commitment to Drupal and the issues regarding media handling. In fact, I use some of Aaron’s work on every site that I build, and his contributions to hook_file() should make multimedia in Drupal 7 even stronger. This book, however, is about how we can put Drupal to work today while building sustainable web sites.

The collaboration on media has been a little contentious in the Drupal community – something Winborn deftly covers in Chapter 11, which covers the road ahead for media handling and reviews some of the challenges yet to be solved. The basic problem boils down to this: Drupal core does not have a media handling solution, and individual developers have tried to craft solutions for their specific problems. Making those solutions workable for the majority of use-cases is a great challenge. A good example of this is found in chapter 10, in the discussion of a specific solution for that leverages common solutions but still requires custom code. (An aside: the audio chapters of the book are probably the strongest section, though Winborn rightly notes that audio is often the overlooked medium in the multimedia mix.)

The book itself treats it material insightfully, with a strong organization and chapters that logically build on each other. Chapter one offers a crash course in Drupal basics and introduces some tools and concepts that are essential. It is important to note that the chapter begins with a succinct explanation of the Drupal philosophy that “the webmaster is dead”; the idea being that non-technical people should be given the tools needed to build a good web site without leaning the sometimes arcane nuances of the acronyms of the profession: HTML, LAMP, FTP, CSS and so on. Drupal and its developers strive to build a platform that can survive without them.

The problem, especially for the complex use-cases for multimedia presentation and storage, is in crafting solutions that can be configured rather than coded. Winborn does a commendable job explaining the factors that influence module selection, which is a critical topic given the state of uncertainty that revolves around file handling in Drupal.

And the rest of the book is largely given over to discussions and examples of how to select, install and configure various modules (Image, ImageField, Audio, MediaMover, Embedded Media Field, Lightbox 2) to accomplish specific tasks, like the building of a photo gallery or displaying an audio playlist. The solutions are sound and well-established best practices, and they should give the new user some firm footing to begin adapting Drupal to meet her needs. The book, rightly, makes clear that some customization through code will be likely, and there are some long passages devoted to theming the final HTML output that the new Drupaler should examine carefully (chapter 6 has a good example).

What will a new reader learn to do with this book? Here’s a quick list:

  • Assess a site’s media needs and select appropriate Drupal modules.
  • Display images within site content.
  • Create multiple image galleries.
  • Display images from Flickr or other third party hosting services.
  • Understand how to theme image display for Drupal.
  • Display video files hosted on BlipTV, Brightcove or other third-party services.
  • Display and host video from a local server.
  • Select a cross-browser media player.
  • Host media files on external services.
  • Upload and display audio files within site content.
  • Create and display audio playlists.
  • How to work with the Views module to create media galleries.
  • When and how to customize existing Drupal solutions for media display.
  • How to contribute to media handling in Drupal.

These topics are largely given equal treatment, and the style of the book is familiar and consistent, making for an easy read in as little as two hours.

There are some clunky moments in the book, such as two sections on User Images and the Taxonomy Image module that are unrelated to the rest of chapter 3 (but seem to have no home elsewhere in the book). The proofreading slips in a couple of cases (most blatantly on page 174), and the index is so thin that I was frustrated by it (security, GIMP, XSS and Zen are all missing.) On page 98, we suddenly jump back from Views 6.x.2 (used throughout the book) to Views 5.x.1 with no explanation.

There are also some implementation decisions I would argue with – especially using menu IDs (which are volatile and can be changed in the UI) as CSS class names in the CSS example on pages 120-2. And some strong concepts are missing – such as the way Embedded Media Field can be used with FeedAPI to automatically pull content from a YouTube or BlipTV RSS feed to create content on your site. The theme override tricks discussed on pages 104-5 are specific to Drupal 6 and, in my opinion, a non-standard solution to the problem at hand. That type of solution is generally handled at the theme layer without the need for hook_theme_registry_alter(). To his credit Winborn seems to be showing each of the options available to developers in the different examples – using module-based themes, template.php, preprocess theme functions, *.tpl.php files -- but this approach is not made clear and leaves me wondering why certain approaches are used at different times.

Most glaringly, I think the issue of security when dealing with files is not handled properly. The relationship between the IMG SRC tag and XSS attacks is a little arcane, and it needs a section early in the book to explain exactly why Drupal is so sensitive to user input. While the filter system (called Input Formats in the Drupal administrative interface) is covered in the book, that coverage is scattered and not grounded in a clear discussion of the security issues involved with allowing media uploads to your server and embedded media links into your content (the former issue is not discussed at all, as I recall; and the two issues are definitely not interchangeable).

Still, the coverage in the book is strong, and I would particularly encourage new developers to explore the Embedded Media Field (which is itself a secure solution to the problem of media files) and the FileField/ImageField combination when building (or testing) a Drupal site. One of the issues that the new developer will face, however, Winborn clearly states (numerous times): some solutions were only available for Drupal 5 (AcidFree Albums, MediaMover) at the time of writing, and may or may not be ready for Drupal 6. This issue is a common one in open source, and something that Drupal users will need to prepare for – most successfully by being an active member of the community, a theme that Winborn returns to continually.

How would I rate this book overall? For me, I think the book is a necessary one: it covers a topic vital to Drupal sites, and it gives a good overview of the issues and solutions available. But I don’t think the book is a vital addition to my personal Drupal library. However, that statement should be qualified by the fact that, for instance, I have seen presentations and demonstrations of modules like Asset and MediaMover at DrupalCONs (annual Drupal user conferences in North America and Europe each year), and I have used many of these modules in production on sites like

Given that the cost of the book easily comes under the cost of attending DrupalCON Paris (September 2009) and provides a worthy introduction to the topic, I would recommend the book for those new to Drupal, with a special note to those who may have inherited the support of a Drupal-powered web site, since the book will help you to understand why certain decisions have been made about how the site was constructed.

Buy the Book

Buy your copy of Drupal 7 Module Development today!

It includes my detailed chapter on Node Access in Drupal 7.

Speaking Engagements

Contact me for availability.


  • agentrickard [at] gmail [dot] com


My Wish List