Software

On IP address encryption: security analysis with respect for privacy Frequently, privacy concerns and regulations get in the way of security analysis. I’m a big fan of privacy, but I’m also a big fan of security and preventing people from getting hacked. If you are hacked you have no privacy either. Per-customer/subscriber traces are extremely useful for researching the security of networks. Specifically, lists of DNS requests per IP address make spotting infected users or infected devices very easy, especially if you look at “yesterday’s traffic” and compare it to today’s threat intelligence.

On Linux vDSO and clock_gettime sometimes being slow Like the previous post on this somewhat dormant blog, I want to share an oddity I discovered that no search engine could really find for me - even though once I found what the problem was, it turns out I was by no means the first person to discover this. Some system calls that are used extremely frequently in Linux can be speeded up by a mechanism called vDSO: a virtual dynamically linked shared object.

So no matter how pretty your code, eventually someone will benchmark it and demand top performance. Squeezing microseconds is a very addictive and even destructive activity. It ruins your evenings, destroys your ability to converse with human beings and typically leaves your code in a mess. No programmer can escape it however: the world demands speed, or a somewhat equivalent modern measure, longer battery life. Squeezing out more performance is not just a matter of “writing better code”.

A meandering walk through innovation that also reviews a book This article is part of a series on (European) innovation and capabilities. I care deeply about innovation. It is literally where the future comes from, but it is a curious thing. Innovation and its more powerful partner, invention proceed at a snail’s pace. “In a world where change is the only constant” is a lie. It took this world 20 years to invent a decent can opener.

// $Id$ /** * @file * Implements various blocks to improve pending content workflow. */ /** * Implements hook_block_info(). */ function approval_block_info() { $blocks['pending_comments'] = array( 'info' => t('Pending Comments'), 'status' => TRUE, 'region' => 'sidebar_first', 'weight' => 0, ); $blocks['unpublished_nodes'] = array( 'info' => t('Unpublished Nodes'), 'status' => TRUE, 'region' => 'sidebar_first', 'weight' => 0, ); return $blocks; } /** * Implements hook_block_configure(). */ function approval_block_configure($delta) { $form = array(); switch($delta) { case 'pending_comments': $form['pending_comment_count'] = array( '#type' => 'textfield', '#title' => t('Configure Number of Comments to Display'), '#size' => 6, '#description' => t('Enter the number of pending comments that will appear in the block.'), '#default_value' => variable_get('pending_comment_count', 5), ); break; case 'unpublished_nodes': $form['unpublished_node_count'] = array( '#type' => 'textfield', '#title' => t('Configure Number of Nodes to Display'), '#size' => 6, '#description' => t('Enter the number of unpublished nodes that will appear in the block.'), '#default_value' => variable_get('unpublished_node_count', 5), ); break; } return $form; } /** * Implements hook_block_save(). */ function approval_block_save($delta = '', $edit = array()) { switch($delta) { case 'pending_comments': variable_set('pending_comment_count', (int)$edit['pending_comment_count']); break; case 'unpublished_nodes': variable_set('unpublished_node_count', (int)$edit['unpublished_node_count']); break; } return; } /** * Implements hook_block_view(). */ function approval_block_view($delta = '') { switch ($delta) { case 'pending_comments': $block['subject'] = t('Pending Comments'); $block['content'] = approval_block_contents($delta); return $block; break; case 'unpublished_nodes': $block['subject'] = t('Unpublished Nodes'); $block['content'] = approval_block_contents($delta); return $block; break; } } /** * A module-defined block content function. */ function approval_block_contents($delta) { switch ($delta) { case 'pending_comments': if (user_access('administer comments')) { $nbr_comments = variable_get('pending_comment_count'); $result = db_query("SELECT cid, subject FROM {comment} WHERE status = 0 limit $nbr_comments"); $items = array(); foreach ($result as $row) { $items[] = l($row->subject, 'comment/'.$row->cid.'/edit'); } return array('#markup' => theme('item_list', array('items' => $items))); } break; case 'unpublished_nodes': if (user_access('administer nodes')) { $nbr_nodes = variable_get('unpublished_node_count'); $result = db_query("SELECT nid, title FROM {node} WHERE status = 0 limit $nbr_nodes"); $items = array(); foreach ($result as $row) { $items[] = l($row->title, 'node/'.$row->nid.'/edit'); } return array('#markup' => theme('item_list', array('items' => $items))); } break; } } Tags:

• block
• module
• drupalplanet

URL: paulbooker / gist:5420976 Tweet

<?php function demo_menu() { $items['demo-autocomplete-test'] = array( 'title' => 'Test autocomplete', 'page callback' => 'drupal_get_form', 'page arguments' => array('demo_form'), 'access arguments' => array('view published content'), 'type' => MENU_NORMAL_ITEM, ); $items['demo-autocomplete-engine'] = array( 'page callback' => 'demo_autocomplete', 'access arguments' => array('view published content'), 'type' => MENU_CALLBACK, ); return $items; } function demo_form($form, &$form_state) { $form = array(); $form['colors'] = array( '#title' => t('Colors'), '#type' => 'textfield', '#maxlength' => 60, '#autocomplete_path' => 'demo-autocomplete-engine', ); $form['submit'] = array( '#type' => 'submit', '#value' => 'Submit', ); return $form; } function demo_autocomplete($text) { $results = array(); $query = db_select('colors', 'c'); $query ->condition('c.color', '%' . db_like($text) . '%', 'LIKE') ->fields('c', array('color')) ->orderBy('color', 'ASC'); $colors = $query->execute(); foreach ($colors as $row) { $results[$row->color] = check_plain($row->color); } drupal_json_output($results); } Tags:

• form
• hook_form
• autocomplete
• hook_menu
• drupal_json_output
• drupalplanet

Tweet

Alongside the long awaited Drupal 8 Beta release, we have also updated our first Drupal 8 theme. We haven't include many new features but we have tried to clean up its code and have improved our starter kit. Anyway, let's dig into the latest new features we have discovered with the first Beta releases of Drupal 8. Feel free to check out the code on drupal.org or read our dedicated blog entry if you want to find out more about our first Drupal 8 theme. If you can wait to see the result, take a look at our online demo.

Read More...

When I learned BADCamp wasn't going to be recording sessions, I jumped at the chance to field-test the camp record kits I'm working on. After all, I was confident I fixed the audio equation and was going to start talks with the Drupal Association about next steps.

The current recipe for the kit is a Hauppage HD Rocket PVR for the screen capture and the Zoom H2N voice recorder as the microphone. Add to that a handful of dongles and converters to cover HDMI in/out for the PVR, and you're good to go.

Walking in to BADCamp, I was feeling great. I'm a big advocate for session records and I would be covering three rooms. Pretty cool, right? 

Wrong.

Throughout day one of sessions, a couple laptops had connection issues and had to bypass recordings, but overall things appeared to be going smoothly. It wasn't until the end of the day when copying files off the thumb drives that I noticed many recordings were 0k mp4 files, primarily from the main room. This was the most disconcerting, because every indication was that things were working.

On this, I have a couple ideas, but no solid understanding of why the files didn't write. That was the easiest room in terms of handshake between PVR and projector, plus there was a dedicated A/V crew that was helping hook up laptops.

When we tested at Fox Valley's camp, the laptop was typically disconnected by the time I made it to the rooms to swap out equipment. I suspect that disconnecting the device before hitting the stop button and waiting long enough for the files to write may kill the save. This one will be easy to test.

Projectors were also an issue. In the main space, none were HD and all were different flavors of Sony. Some hooked up just fine, while others squeezed the output. The Saturday-only keynote room was loving it. 

And then there were presenter laptop issues. There were a few older VGA-only laptops. One refused to work with the VGA to HDMI converted, while one worked for about 15 minutes before failing off and on, mid-presentation. One of the A/V techs suggested that maybe there is not enough USB power on the laptops to handle both the PVR and the converter, so a powered USB hub may be in order. Most Macbooks were fine, but a handful gave output with a very green tint to it.

No surprise, HDMI in/out is proving to be more of a hurdle than originally anticipated. In addition to HDMI in, the PVR also has an option to accept component video. It's likely that converting VGA out from a laptop to component video in to the PVR will be a safer bet. So the question becomes whether I can convert the HDMI out of the PVR to VGA for the projectors.   

All in all, this was an enormous fail. That said, this was the absolute best time for it to happen. My goal is to build a system that can handle the majority of the random that a camp will throw at it. 

I'm looking forward to testing the next iteration.

Tags:

• drupal planet
• drupal camps
• session recording

In this tutorial (for DrupalCamp Ohio 2014) we'll explore how to build a mobile application and website that can geo locate places near our current position. The nearby location results will be displayed on a map, and will allow us to click on a result item to view its complete details.

The website will be powered by Drupal 7. The mobile application will be built using DrupalGap, which is powered by PhoneGap and jQuery Mobile. Let's get started!

Long time ago in a galaxy far far away… Hold on, it was precisely 7 years ago, 15 November, 2007 in Lutsk, when the InternetDevels Drupal development studio was founded. The company has made a long way since then: overcomed lots of obstacles to gain the respected position at web development market; established number of contacts and connections; made significant contribution to the world’s Drupal community; taken over new development technologies, like Symfony framework… But there’s always something to do!

Read more

Thanks to sponsorship from Amnesty Intl. Spain and GMCVO the Webform-Integration module now has 4 new features available for you to try out:

• Support for CiviGrant - allows front-end users to apply for grants and update their application information.
• Multiple Cases - open or update any number of cases on a single webform.
• Multiple Activities - Create as many activities as you wish. 
  Activity and case settings have been decoupled from each other so you can file activities on a case, or not, independent of what cases you are working with.
• File Attachments - Webform Grants and Activities now have built-in support for native file attachments.

Try it out!

You can test these new features by downloading the "dev" version of Webform-CiviCRM 4 and going through the usual module upgrade procedure. This upgrade will alter your existing webform activity and case settings to work with the new features. I recommend trying it out on a test copy of your site and let me know if you spot any bugs. As soon as it's had a bit more testing and feedback we'll get these features into the next stable release of the module.

• Drupal

On October 15th a new version of Drupal core was published (see details of this fix), so naturally everyone is wondering: How do I protect my site?

How Updates Work in Drupal

Drupal is open source software managed by a community made up of all kinds of experts and hobbyists. Community members who manage security specialize in the processing and verification of all modules hosted on drupal.org and the core of Drupal itself. This super-smart team has a long history in Drupal and a vast understanding of the core code, its history and its planned future. 

They are in charge of analyzing the existing application to protect it from malicious threats, regardless of their origins. When an issue is detected, they evaluate its impact and urgency in order to determine an appropriate mode of communication that meets the needs of the community. This usually means that in the event of a risk, an update is issued on one of the pre-planned bi-weekly release dates.

The security team works independently and regularly offers updates to the modules and Drupal core. Below are some ways you can follow these updates to keep your site secure and up to date.

The Security Alerts

Most Drupal users have an account on drupal.org. If you don’t have one, you’re missing out and you should get one immediately. From your account, you have access to the "Newsletter" tab. On this page, you are invited to subscribe to the security newsletter and be informed of updates.

Twitter

Like any self-respecting tech community, the security team is on Twitter: @drupalsecurity.

RSS

You can find subscribe to two different RSS feeds of security advisories for Drupal core and for contributed modules.

Application maintenance of your site

Whether you developed your site or worked with an agency, once online it must be maintained. The purpose of this maintenance is not to make your site a Rolls Royce, but rather to protect it against errors, insecurities and to improve it with the new features added to Drupal core and the modules you use. It’s encouraged to update early and often.

You can choose the frequency and process for updates, but the operations to be carried out are always the same: update the core of Drupal, update themes and modules and test the full operation of your application before you push your updated project live. Prior to deployment, ensure you have a full backup of your codebase, your files directories, and your database in case anything goes wrong.

How do I update my site?

Several technical means are available to you to get the latest version of core, themes and Drupal modules. Whatever method you choose, you will retrieve new files to install it on your production site. Here is a summary of what to do in general (this protocol is an example for your project, please refer to your usual procedure of deployment).

Starting with a copy of your site on a local environment:

• Get the new version of files or a patch containing updates.
• Review the changelog to see what has been changed that may affect existing functionality on your site, including any new dependencies, minor API changes, or other notes requiring manual intervention in the update process.
• Replace the files or apply the patch. At this point updates are physically available but they are not necessarily applied on your site.
• You may be asked to launch an "update" of the database, for example.
  • In this case, start Drush UPDB drush command or run the update.php page on your local copy site. This operation will be applied to your site changes in its database.
• To ensure that the updates have all been taken into account, empty the cache of your site. Please note this may take some time and will affect the navigation on the site for treatment. For production sites, it is recommended to keep your current deployment procedure.
• Once this is done, test your site. Check that everything is working properly.

If you update a Drupal site between two very different versions of the core, it is possible that some functionalities could be affected. However, in an update of one direct release to another, you should not experience major functional changes. When you are confident with this procedure, following your usual process, update your site or sites.

How to update Security SA-CORE-2014-005 - Drupal core - SQL injection

If your site has been well-maintained, the security update will be simple and have no effect on the functionality of your project. You can update the core of Drupal as you normally do using this new version: https://www.drupal.org/project/drupal

However, if you have not maintained the core of your application for some time (skipping several versions) and even though we do not recommend it, if you made a manual change in the core of Drupal, we recommend that you apply the patch only containing the security patch itself, here: https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch

In both cases, the changes in the new version of Drupal will have no effect on the functionality of your project, because it only affects one file related to forms.

How to ensure security on my eCommerce site?

Security is a key issue for an eCommerce website and it is your duty as a merchant to maintain a safe site for your users. To ensure the security of your site, you must first perform regular Drupal core updates, security or not, or suffer the risky consequences.

Then, regularly update the modules you use. In some cases, this may affect the functionality of your site, and must be treated with kid gloves.

In any case, to make these updates, please refer to the standard procedure for updating your site that you have set up with your agency or web host, or enjoy the new technology implementation of Platform.sh to easily update your site and test with confidence.

How Commerce Guys ensures the security of your projects

Subscribers of our Drupal Application Support and Commerce Application Support programs have seen first hand how we can help protect your sites. We patched our customers immediately and 100% were protected whether they hosted with us or not.

Our Platform.sh subscribers benefited from the ability to use a “Drush make” driven workflow to manage the codebase for their sites. This workflow has the advantage of managing the versions of Drupal core and contributed themes and modules on your site through a single configuration file that contains a list of elements that make up your site. Platform.sh uses this file to create and deploy your site by downloading modules and the core of Drupal, making updates fast and easy.

By creating a file Drush Make File, you can ask to recover the latest version of Drupal with the security patch automatically. You gain in maintenance time and reduce your potential for errors.

In addition to ensuring the stability of your hosting, Platform.sh blocked incoming HTTP requests for applications that had not applied the patch. Therefore, only stable sites were available on Platform.sh, and any unprotected sites were immediately aware that action must be taken.

Read more about this protective block here.

If you want to know more about the updates to Drupal, the following links to learn more:

• The details on the newest version of Drupal
• The Drupal.org security page
• Drupal.org security configuration advice page
• Blog post: Your Drupal site got hacked. Now what? (via @qdelance)

Language Undefined

The Quiz module is a sophisticated and flexible way to create quizzes in Drupal.

To get started with Quiz, you need to install and enable the 2 core Quiz modules from http://drupal.org/project/quiz:

During our weekly developers meeting I spoke about my approach to contributing to Drupal core, sharing some tips and tricks I've learnt along the way

This is a preview of a proposed session for DrupalSouth Melbourne 2015

In support of my mission to make local development easier and faster, I've released boxes for four of the most popular Linux distributions I use and see used for Drupal sites: CentOS 6/7 and Ubuntu 12.04/14.04.

After a very successful drush code-sprint at BADCamp 2014, drush make now supports YAML format!

Instead of the old INI format

api = 2 ; Set contrib directory. defaults[projects][subdir] = "contrib" core = "7.x" projects[drupal][type] = "core" projects[drupal][version] = "7.32" ; Remove scary ajax error when autocomplete terminates: https://www.drupal.org/node/1232416#comment-8748879 projects[drupal][patch][] = "https://www.drupal.org/files/issues/D7-fix_autocomplete_terminated_error-1232416-179-do-not-test.patch" ; Ensure plain text fields evaluate line breaks. projects[drupal][patch][] = "http://drupal.org/files/text-plain-1152216-24.patch" projects[addressfield][version] = "1.0-beta5" projects[addressfield_tokens][version] = "1.4" projects[admin_views][version] = "1.3" projects[field_collection][version] = "1.0-beta7" ; Field collections are ownerless https://drupal.org/node/1954124 projects[field_collection][patch][] = "https://drupal.org/files/issues/field_collection-ownerless_fields-1954124-23.patch" ; Fixes fatal error in migrate code: https://www.drupal.org/node/2315921#comment-9028779 projects[field_collection][patch][] = "https://www.drupal.org/files/issues/migrate-fatal-error-2315921-01.patch"

YAML can be used with the latest version of Drush 7:

api: 2 # Set contrib directory. defaults: projects: subdir: "contrib" core: "7.x" projects: drupal: type: "core" version: "7.33" patch: # Remove scary ajax error when autocomplete terminates: https://www.drupal.org/node/1232416#comment-8748879 - "https://www.drupal.org/files/issues/D7-fix_autocomplete_terminated_error-1232416-179-do-not-test.patch" # Ensure plain text fields evaluate line breaks. - "http://drupal.org/files/text-plain-1152216-24.patch" addressfield: "1.0-beta5" addressfield_tokens: "1.4" admin_views: "1.3" field_collection: version: "1.0-beta7" patch: # Field collections are ownerless https://drupal.org/node/1954124 - "https://drupal.org/files/issues/field_collection-ownerless_fields-1954124-23.patch" # Fixes fatal error in migrate code: https://www.drupal.org/node/2315921#comment-9028779 - "https://www.drupal.org/files/issues/migrate-fatal-error-2315921-01.patch"

Included .make files whether local, or discovered recursively within downloaded projects, can be in either YAML of INI format.

In order to use the newly-supported YAML format, simply name files with a .yml extension, such as my_project.make.yml.

The best part? This can be used now! Even though YAML files are mostly a new concept for Drupal 8, drush make will parse YAML make files for Drupal 7, and even Drupal 6. Want to learn more about DRUSH make files? Check out Joe Turgeon’s “Getting Started With Grunt Drupal Tasks“

This entry is part 2 of 2 in the series Drupal Performance Tips

In the spirit of the computer video game Doom and its skill levels, we’ll review a few ways you can improve         your Drupal speed performance     and optimize for better results and server response time. These tips that we’ll cover may be at times specific to Drupal 6 versions, although     you can always learn the best practices from these examples and apply them on your own code base.

Doom skill levels: (easiest first)

  1. I’m too young to die

  2. Hey, not too rough

  3. Hurt me plenty

  4. Ultra-violence

  5. Nightmare!

  This post is rated “I’m too young too die” difficulty level.

 

If you’re using a Drupal distribution which is great for kick-starting a project with many features built-in, you should still review added modules which are managed through the installation profile as they might prove un-necessary for your product as time goes and your product evolves and matures. Remember that even if you’re not using a distribution, you might have added some modules to meet a functionality, which you no longer use and you disabled through CSS, through the menus, through the theme, but you forgot all about removing the actual module. These un-used modules account for memory footprint as they are loaded through PHP and they can also account for Drupal hooks, which is even worse in terms of performance for you.

Remember to review your installed modules base on Drupal and remove any un-used functionality:

(adsbygoogle = window.adsbygoogle || []).push({});

The post Drupal Performance Tip – removing unused modules appeared first on Liran Tal's Enginx.

Article

One of the best ways to learn useful tricks at the command line is to sit with someone and watch what they do. Due to the distributed nature of the Drupal community, we don't do nearly enough pair programming. Too often we work in isolation and then push our work on others when we finish. In this article I invite you to sit down beside me and watch over my shoulder as I explore Drupal 8 from the command line.

Navigating Drupal in the Bash Shell

The instructions in this article will work for OSX, and Linux systems, such as Ubuntu, but not Windows.
When reading command line instructions, there are two important characters we need to know about: $ and #. When applied to the beginning of a line, these refer to the prompt. We don't type these characters when issuing our command. $ signifies the command should be run as a regular user; # signifies the command is run as the administrative user (“root”).

As a themer, the first thing I want to explore is, of course, the themes. Let's begin by navigating to our Drupal folder. I start by opening up a terminal application. At the command line, I type cd, and then, using Finder, locate my Drupal folder. I then drag this folder onto the terminal application. It will automatically paste the path to the Drupal folder into my bash prompt. I press return, and bingo – we have navigated to the Drupal folder!

Let's take a peek inside the core folder of themes: we’ll navigate to the folder core/themes and then list (or ls) all files.

$ cd core/themes $ ls

There should be four things listed. See them all?