Feed aggregator

Dries Buytaert: Weather.com using Drupal

Drupal News - November 20, 2014 - 8:06am
Topic: DrupalAcquiaDrupal sites

One of the world's most trafficked websites, with more than 100 million unique visitors every month and more than 20 million different pages of content, is now using Drupal. Weather.com is a top 20 U.S. site according to comScore. As far as I know, this is currently the biggest Drupal site in the world.

Weather.com has been an active Drupal user for the past 18 months; it started with a content creation workflow on Drupal to help its editorial team publish content to its existing website faster. With Drupal, Weather.com was able to dramatically reduce the number of steps that was required to publish content from 14 to just a few. Speed is essential in reporting the weather, and Drupal's content workflow provided much-needed velocity. The success of that initial project is what led to this week's migration of Weather.com from Percussion to Drupal.

The company has moved the entire website to Acquia Cloud, giving the site a resilient platform that can withstand sudden onslaughts of demand as unpredictable as the weather itself. As we learned from our work with New York City's MTA during Superstorm Sandy in 2012, “weather-proofing” the delivery of critical information to insure the public stays informed during catastrophic events is really important and can help save lives.

The team at Weather.com worked with Acquia and Mediacurrent for its site development and migration.

Acquia: Meet Cal Evans ... Meet Jeffrey A. "jam" McGuire

Drupal News - November 20, 2014 - 6:14am
Language Undefined

Voices of the ElePHPant / Acquia Podcast Ultimate Showdown Part 1 - Cal Evans and I got the chance to sit down and talk (a lot!) at DrupalCon Amsterdam and talk about a range of topics we have in common. In this first part of a 2-part series, we talk Drupal, PHP convergence and the "PHP Renaissance", open source communities, proprietary v open source business and the ethics of helping, and more.

Why PHP?

According to Cal, PHP has three things going for it:

Paul Booker: Creating you own API endpoint using Services

Drupal News - November 20, 2014 - 3:53am
/** * Implements of hook_services_resources(). */ function mymodule_services_services_resources() { $api = array( 'frontpage' => array( 'operations' => array( 'retrieve' => array( 'help' => 'Retrieves front page', 'callback' => '_mymodule_services_frontpage_retrieve', 'access callback' => 'user_access', 'access arguments' => array('access content'), 'access arguments append' => FALSE, 'args' => array( array( 'name' => 'fn', 'type' => 'string', 'description' => 'Function to perform', 'source' => array('path' => '0'), 'optional' => TRUE, 'default' => '0', ), array( 'name' => 'nitems', 'type' => 'int', 'description' => 'Number of latest items to get', 'source' => array('param' => 'nitems'), 'optional' => TRUE, 'default' => '0', ), array( 'name' => 'since', 'type' => 'int', 'description' => 'Posts from the last number of days', 'source' => array('param' => 'since'), 'optional' => TRUE, 'default' => '0', ), ), ), ), ), ); return $api; } /** * Callback function for blog retrieve */ function _mymodule_services_frontpage_retrieve($fn, $nitems, $timestamp) { // Check for mad values $nitems = intval($nitems); $timestamp = intval($timestamp); return _mymodule_services_blog_items($nitems, $timestamp); } /** * Gets frontpage blog posts */ function _mymodule_services_blog_items($nitems, $timestamp) { // Compose query $query = db_select('node', 'n'); $query->join('node_revision', 'v', '(n.nid = v.nid) AND (n.vid = v.vid)'); $query->join('comment', 'c', 'c.nid = n.nid'); $query->join('users', 'u', 'n.uid = u.uid'); $query->fields('v', array('timestamp', 'title')); $query->addField('u', 'name', 'author'); $query->addField('n', 'nid'); $query->addField('n', 'title'); $query->addField('n', 'uid'); $query->addField('n', 'created'); $query->addField('n', 'changed'); $query->addField('u', 'picture'); $query->addExpression('COUNT(c.cid)', 'comments'); $query->condition('n.type', 'blog', '='); $query->groupBy('n.nid'); // How many days ago? if ($timestamp) { $query->condition('v.timestamp', time() - ($timestamp * 60 * 60 * 24), '>'); } $query->orderBy('v.timestamp', 'DESC'); // Limited by items? if ($nitems) { $query->range(0, $nitems); } $items = $query->execute()->fetchAll(); return $items; } Tags:

Drupal Commerce: Commerce 2.x Stories: Taxes

Drupal News - November 20, 2014 - 1:40am

"Why doesn’t Commerce/Magento/$otherSolution handle my taxes properly? That’s the most basic feature!” - many people, often.

When it comes to eCommerce, nobody likes taxes. We expect taxes to “just work”, so we can finish our projects and get on with our lives. At the same time, no other topic is as complex.

Selling online puts us at the crossroads of different (and sometimes conflicting) laws with many rules and even more exceptions. All eCommerce systems provide the basic tools (“Define your tax rates and specify when to apply them”) and make the site developer responsible for tax compliance. The developer usually passes that responsibility to the client, sometimes implicitly. The client consults an accountant, sometimes. But the buck has to stop somewhere, and it often comes back to the developer, 5 days after launch.

As taxes become more and more complex, there is a need for smarter tax handling, where the application does more and the site administrator less. In the Commerce 1.x lifecycle we’ve built the commerce_vat module to handle the more and more complex VAT taxes. For 2.x, we’re bringing this approach back into core, and releasing several libraries to share the solution with the wider PHP community.

Read more...

PreviousNext: Community gathering at DrupalCamp Melbourne

Drupal News - November 19, 2014 - 6:51pm

It's been a while since the last DrupalCamp in Melbourne, so the community came together recently to share what they know. Here's a brief wrap up of the two day event.

Paul Booker: 10 commands that could help you to survive Drupageddon

Drupal News - November 19, 2014 - 4:18pm

It's been more than a month since Drupageddon so I thought I would post an update of my previous post.


Commands that help with auditing:

Showing files that have changed on the live server:

git status

Looking for code execution attempts via menu_router:

select * from menu_router where access_callback = 'file_put_contents'

Another possible code execution attempt via menu_router:

select * from menu_router where access_callback = 'assert';

Showing which files are on the live server and not in version control:

diff -r docroot repo | grep 'Only in docroot'

Looking for PHP files in the files directory:

find . -path "*php"

Looking for additional roles and users:

select * from role select * from users_roles where rid=123

Checking the amount of time between when a user logged into your site and their most recent page visit:

select (s.timestamp - u.login) / 60 / 60 / 24 AS days_since_login, u.uid from sessions s inner join users u on s.uid = u.uid;



Commands that can help with recovery:

Apply the patch. Hotfix: (SA-CORE-2014-005)

curl https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch | patch -p1

End active sessions, i.e log everyone out.

TRUNCATE TABLE sessions;

Updating passwords:

update users set pass = concat('XYZ', sha(concat(pass, md5(rand()))));

If you need help regarding the recent drupal vulnerability feel free to contact me.

P.S.

Latest security advisory was today.

Tags:

Shomeya: How to Level Up from Nice Guy Dev to Awesome Guy Dev

Drupal News - November 19, 2014 - 4:05pm

If Barbie I can be a Computer Engineer taught us anything it taught us that Steven and Brian are nice guys. They just want to help, they know how to fix it, and they are there just when you need them to be. And worst of all they don't mean anything by it.

So what's a nice guy to do? You care, you retweet the awesomest feminist blogs, you were ON it during #gamergate. But on a human interaction level how does it go? Here are some ways that you can level up from just that nice guy that I don't call out on everything, but who secretly makes me sad, to awesome guy that makes my day well ...awesome.

Read more

Drupal Watchdog: Drush: The Swiss Army Knife for Drupal

Drupal News - November 19, 2014 - 2:52pm
Article

Hello again, young MacGyver!

In the previous issue you learned how to install Drush, Drupal, and contributed modules. If you missed it, make sure you go back and read Part One from the previous issue.

Updates

Now that you've successfully installed Drupal and extended it with some awesome contributed modules, it's time to apply a few updates. With Drush, it is easier by far than any method you might currently be using.

Let's get started: Make sure you are working from the root directory of your website. That would be the directory where you find index.php, and I'm going to assume that location for the remainder of this article.

Issue the following command:

drush pm-update

That command will check for new versions of core, themes, and all the contributed modules that are enabled on your site. A list of all available updates will be shown on the screen. Review the list and then press “y” at the prompt if you wish to proceed with the updates.

If you proceed with the updates, Drush will make a backup copy of all the out-of-date packages, download the new ones, and then run database updates, if any are required. It's all very quick and you don't even have to open an FTP client.

Alas, sometimes things go awry; often, very awry. That's why Drush stores a backup copy of the updated packages for you. Should an update fail, it will restore the previous versions and notify you there was a problem. Or, if you need to restore manually, you can find the backups in your user's home directory under “drush-backups”.

Now let's say you only want to update Drupal, but none of the contributed projects. Easy enough: this time only check for Drupal core. Let’s use the shorter version of the command, which I prefer:

drush up drupal

The command “up” is short for “pm-update”. As in the first example, Drush will backup the installed version, replace it with the latest, and then run database updates, if any are required. In this case, we specified “drupal”, so Drush will only check for updates for Drupal core.

KatteKrab: DrupalSouth - Call for sessions open!! (closes 30 Nov 2014)

Drupal News - November 19, 2014 - 1:49pm
Thursday, November 20, 2014 - 08:49

DrupalSouth is the biggest Drupal gathering in the Antipodes.

We'll be at the Melbourne Convention and Exhibition Centre over three days in early March 2015. March 5-7 to be exact.

Find out more at the website
https://melbourne2015.drupal.org.au/

The call for sessions is open, and we're trying hard to get the word out wide and far, to whisper in new ears, and encourage people of all sorts to share their ideas for sessions so we can create a truly wonderful, inspiring, engaging and fun program for this conference!

For those who may not know, Drupal is an open source content management system. It's used by people and organisations all around the world, for all sorts of web sites. It's also being used as back end application framework for mobile apps! It's amazing what Drupal can do.

Drupal events are the heart and soul of the community that makes Drupal. Bringing people together drives the project forward, and forges friendships.

But we're also part of the wider web. So we want to hear from all sorts of web specialists, not just Drupalists.

Please, submit a session, or simply help us spread the word. The deadline is looming and won't be extended. Get that proposal in by 30 November 2014. https://melbourne2015.drupal.org.au/program/session-submission

Mediacurrent: Highlights From BADCamp, Part 2

Drupal News - November 19, 2014 - 11:07am

From November 6th through the 9th, members of the Mediacurrent team headed to San Francisco for the Bay Area Drupal Camp. Hundreds of Drupal enthusiasts convened at the Palace of Fine Arts to take part in some fantastic sessions, code sprints, and all the San Francisco has to offer. Mark Casias and Matt Davis weigh in for Part 2 of BADCamp's highlights.

Drupal.org frontpage posts for the Drupal planet: Drupal 7.34 and 6.34 released

Drupal News - November 19, 2014 - 10:39am

Drupal 7.34 and Drupal 6.34, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.34 and Drupal 6.34 release notes for further information.

Download Drupal 7.34
Download Drupal 6.34

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.34 is a security release only. For more details, see the 7.34 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.34 is a security release only. For more details, see the 6.34 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.34 and 6.34 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.34 or Drupal 6.34.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Károly Négyesi: Drupal 8 critical issues office hours November 14, 2014

Drupal News - November 19, 2014 - 10:27am

cilefen begin to work on the When a content entity type providing module is uninstalled, the entities are not fully deleted, leaving broken references issue. Turned out that a necessary dependent issue is already being worked on so he was able proceed well. I am reasonably confident this issue will get resolved in due time. Sam Hermans have advanced Bulk operations does not respect entity access forward which is great but it still needs some work. Let's note that Sam "only" had a core patch reroll so far and yet he was able to move a critical forward! You could do it as well: I will be waiting for you on IRC in channel #drupal-contribute every Friday noon Pacific (9pm CET).

Phase2: Make Your Product Vision Real – A Case for Incorporating Prototyping Into Your Next Project

Drupal News - November 19, 2014 - 8:53am

As product designers and experience strategists, we research how people use systems and design products that tap into users’ natural behaviors. We want people to instinctively know how our product works.

Years of research into the human mind tells us that our brains love patterns, the repeated way in which something happens or is done. Our subconscious mind uses what we’ve learned from patterns – like turning a knob will open a door – to instinctively make decisions about what we do throughout our day. This is why we can walk or breathe without thinking about it – we spend most of our time running on autopilot.

We have an understanding of how people make decisions, but we forget to apply this knowledge when communicating our product vision to stakeholders.

There are Drawbacks to Designing in the Abstract

Experience design deliverables, or artifacts, are abstract. We too often produce artifacts, intended to build a shared understanding of a product vision, that are hard to understand. Low-fidelity wireframes and complex flow diagrams require stakeholders to think hard about what we are trying to communicate. They mentally fill in the gaps where we lack details. We consistently break Steve Krug’s number one rule: “Don’t make me think!”

Imagine how these abstract artifacts skew conversations about a product:

We show a stakeholder some wireframes and talk them through the features. Once they see them they begin to imagine the ways features will look and act based on similar products they have used.

While perfectly natural, this behavior is problematic – what we envision may be nothing like products this stakeholder has previously used. These assumptions your stakeholder makes will lead to you and your stakeholders having different expectations during product development.

You need to make artifacts as real as possible in order to elicit the most unbiased, unimpeachable feedback from users during research. You do not need to build a fully functioning product to validate your idea.You do need to eliminate or reduce the guesswork needed to understand how your product will work.

Make Your Product Vision Real

Prototyping is a great way to eliminate ambiguity so that you get the best results from user research. A prototype is a preliminary model of a product used to show a concept or validate an idea. A prototype should only contain the minimum amount of content, design and functionality needed to demonstrate how the end-product will function.

Context is key to determining fidelity of a prototype. If you are conducting user testing with a tech-savvy group of stakeholders, clickable wireframes may suffice. If you are introducing a new concept to a set of clients, then you may need a higher-fidelity, interactive web page. Your prototype should only contain the fidelity needed to have a meaningful conversation with your users about your product.

Build The Right Prototype For You

There are many different approaches to building prototypes. You can link wireframes together to show user flow with a system like inVision, or build interactive features using an open source CMS like Drupal.

When creating prototypes, make sure to include the following:

  1. The main actions that a user can take and the reactions they will receive from interactive elements.

  2. The key messages you want to communicate to users at different stages of their interaction.

  3. A programmatic way to track user behavior while they use the prototype.

Get Better Results from Your Projects

Some of the many benefits of prototyping are:

  • It produces more accurate results from user testing, allowing you to better determine what works and what doesn’t.

  • It gives you more opportunity to focus on interaction design by forcing you to have conversations about interactive elements during user research rather than development.

  • Prototypes bring less-apparent usability issues to light earlier in the development process.

  • You have a potential starting point to work from when beginning development, minimizing the amount of work that needs to be done in the long run.

John Whalen said “UX does not happen on a screen. It happens here. In the mind.” Keep that in mind (no pun intended) as you seek to build a shared understanding of, and validate, your product ideas. The more real you make the experience of interacting with your product early in the design process, the more accurate a feedback you will get from your users. For more thoughts on prototyping, check out Frederic Mitchell’s “Static Prototyping and Keeping Drupal Simple (KDS)” and “The Devil’s in The Details” by Sharon Smith!

Cheppers blog: Busy Drupal weekend with a training day and a camp

Drupal News - November 19, 2014 - 4:54am

In the middle of November there was a weekend when it was all about Drupal in Hungary. Cheppers was hosting the Drupal Global Training Day Hungary 2014 and I was one of the core organizers of Drupal Weekend Budapest 2014, so we were concerned by the success of both.

Code Karate: Drupal 7 FullCalendar

Drupal News - November 19, 2014 - 4:49am
Episode Number: 179

The Drupal FullCalendar module makes it easy to build an interactive calendar using the power of Views. The Drupal FullCalendar module uses the JQuery FullCalendar plugin to make it easy to create an event calendar that allows event dates to be changed by drag and drop.

In this episode you will learn:

Tags: DrupalDrupal 7Drupal PlanetUI/Design

Modules Unraveled: 127 Using Entity Pilot for Content Staging in Drupal 8 with Lee Rowlands - Modules Unraveled Podcast

Drupal News - November 18, 2014 - 10:00pm
Published: Wed, 11/19/14Download this episodeEntity Pilot
  • What is Entity Pilot?
    • I’ve been working on Entity Pilot since February, and have slowly been working through my backlog of features - but now its ready for Beta testers so that’s why I here on the show.
  • How does Entity Pilot work?
    • The basic premise is you create your content like normal and then create a new departure. You can add the content to your departure in logical groups, or you can create one departure for each piece of content - its a pretty flexible workflow. So if you were working on a new product launch you might create all of that content on your staging site. You’d be able to see what the site will look like with the new content, preview the front-page and landing pages etc.
  • You’re using airport terminology, like “baggage”, “departure” and “arrival”. Can you break those down, and explain what each one entails?
    • Passengers
    • Baggage
    • Departure - When you create the departure the baggage handler service takes care of adding the dependencies - so if you create a node, any terms or images it requires, or the author account are automatically added as baggage.
    • Arrival - On another site, you setup your Entity Pilot account and then create a new Arrival. This presents you with the list of your flights that exist in Entity Pilot for your account. After selecting the flight for the arrival, you move to the approval stage.
    • Customs - The approval stage presents you with a list of content on the incoming flight. Each item can be previewed and if it matches existing content on the site the administrator is able to view a diff of the changplanet-drupal the desired items to import are selected and imported either immediately, or via background processing.
  • How does this work in a team?
  • Talk about security
  • Pricing
Use Cases
  • For marketing: Prepare content for a product launch on the staging site. Land the content on the live site on launch day.
  • For editors: Share content between your sites. Write content once and adapt to any site in your network.
  • For developers: Deploy content when you deploy code. Use real content not lorem ipsum. Solid APIs to integrate into your custom deployment workflow or code.
Episode Links: Lee on drupal.orgLee on TwitterEntity Pilot on Twitterlarowlan on IRCEntity PilotTags: Content StagingDrupal 8planet-drupal

Large Robot: Better Sleep Through Web Security

Drupal News - November 18, 2014 - 6:09pm

This Thursday I'm presenting on Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

It's at the beautiful Fuller Theological Seminary in Pasadena, California, and there's a video conference for those who can't attend in person. The meeting is from 6-8pm Pacific Time and we'll launch into the security talk after some quick intros and raffle prizes.

It's been about a year since I last gave a talk on internet security and the recent Heartbleed, Shellshock and POODLE (and now the "Drupalgeddon" vulnerabilities that hit the mainstream news in Forbes, the BBC and The Register), have prompted me to dust off my slides and update them for some of the internet security threats we face today.

This particular presentation goes into some detail about the "Drupalgeddon" vulnerability, officially known as SA-CORE-2014-005. It allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control. Scary stuff.

I hope you can join me. If you haven't heard of Drupal or aren't interested in general web application security, you can skip this one (unless, of course, you just like the sound of my voice). If, however, you make websites for either fun or profit, this is a great chance to get up to speed on some security best practices, including common attack vectors, what to do if your site gets hacked, and the the differences between security and privacy.

Tags: Planet Drupalinternet securityDrupal

Exaltation of Larks: Is Drupal Secure? Drupalgeddon and Our Approach to Security at Exaltation of Larks

Drupal News - November 18, 2014 - 1:09pm

Is Drupal secure software? You may have heard about the significant security announcement nicknamed “Drupalgeddon” and are wondering where Drupal fits in today’s fast-changing world of internet threats, enterprise software and risk management.

We stand by Drupal’s security record and recommend it for a variety of business cases. To put our money where our mouth is, our cofounder and chief tin-foil-hat fashionista, Christefano Reyes, is presenting Better Sleep Through Web Security. this Thursday, November 20th, at the San Gabriel Valley Drupal Meetup.

Thanks to a the Greater Los Angeles Drupal user group and its sponsors, this meetup is hosted on the beautiful Fuller Theological Seminary campus in Pasadena, California, and also have a video conference for those who can attend only by video conference or phone.

   Date and time: November 20, 2014 at 6pm Pacific Time
   Location: Fuller Theological Seminary, at 135 N Oakland Ave
Pasadena, CA 91101 (Building “Glasser 110”)
   Video conference: https://glad.zoom.us/j/129319220
   Phone: +1 415-762-9988 or +1 646-568-7788
   Meeting ID: 129 319 220

Better Sleep Through Web Security

Christefano Reyes presents Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

The “Drupalgeddon” vulnerability has been covered in mainstream news including Forbes, the BBC and The Register, and has brought web security, frequently an overlooked part of web development, back to the center stage.

This particular vulnerability, officially known as SA-CORE-2014-005, allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control.

Topics that will be covered in this presentation include:

  • Security vs. Privacy
  • Common Attack Vectors
  • Drupal’s security record and the Drupal Security Team
  • SA-CORE-2014-005 (also known as “Drupalgeddon”)
  • I’ve Been Hacked! Now What?
  • Best Practices for Helping Others and Yourself
  • Resources
  • Questions / Answers

Christefano is one of the founders of Exaltation of Larks, a Drupal design and engineering firm with a worldwide team of Drupal experts; and Droplabs, an open source-friendly coworking space and business incubator near Downtown Los Angeles. As an advocate of open source software and self-declared meetup junky, he helps organize meetups and conferences all over the Greater Los Angeles Area, including the Los Angeles Chess meetup and LA Geek Dinners.

If you haven’t heard of Drupalgeddon or don’t know if your Drupal sites have been updated since the announcement, please stop reading and see the SA-CORE-2014-005 FAQ immediately. You can contact us for any questions related to Drupal maintenance and support, including security services, at 888-527-5752 and via our Contact form.

read more

Mediacurrent: Highlights From BADCamp, Part 1

Drupal News - November 18, 2014 - 12:48pm

From November 6th through the 9th, members of the Mediacurrent team headed to San Francisco for the Bay Area Drupal Camp. Hundreds of Drupal enthusiasts convened at the Palace of Fine Arts to take part in some fantastic sessions, code sprints, and all the San Francisco has to offer. Below is Part 1 of their weekend highlights.

Greater Los Angeles Drupal (GLAD): Drupalgeddon followup and Security Presentation on November 20th in Pasadena, CA

Drupal News - November 18, 2014 - 12:40pm

As you may have heard, Drupal has recently had a significant security announcement nicknamed "Drupalgeddon". You may not have heard, though, that here in Los Angeles, California, we're dedicating a portion of several upcoming meetups to web security and helping provide our group members with any resources they need.

If you can make it, please join us this week for a special presentation, Better Sleep Through Web Security. It's this Thursday, November 20th, at 6pm in Pasadena, California.

If you haven't heard of Drupalgeddon or don't know if your Drupal sites have been updated since the announcement, please stop reading and see the SA-CORE-2014-005 FAQ immediately. You need to take action and contact a service provider about protecting your Drupal site and hosting environment.

   Date and time: November 20, 2014 at 6pm Pacific Time
   Location: Fuller Theological Seminary, at 135 N Oakland Ave
Pasadena, CA 91101 (Building "Glasser 110")
   Video conference: https://glad.zoom.us/j/129319220
   Phone: +1 415-762-9988 or +1 646-568-7788
   Meeting ID: 129 319 220

This meetup will have a video conference for those who can attend only by video conference or phone. The video conference is with Zoom, one of our many great sponsors, and you can join with iPhone, Android, PC and Mac at https://glad.zoom.us/j/129319220

Better Sleep Through Web Security

Christefano Reyes presents Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

The "Drupalgeddon" vulnerability has been covered in mainstream news including Forbes, the BBC and The Register, and has brought web security, frequently an overlooked part of web development, back to the center stage.

This particular vulnerability, officially known as SA-CORE-2014-005, allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control.

Topics that will be covered in this presentation include:

  • Security vs. Privacy
  • Common Attack Vectors
  • Drupal's security record and the Drupal Security Team
  • SA-CORE-2014-005 (also known as "Drupalgeddon")
  • I've Been Hacked! Now What?
  • Best Practices for Helping Others and Yourself
  • Resources
  • Questions / Answers

Christefano is one of the founders of Exaltation of Larks, a Drupal design and engineering firm with a worldwide team of Drupal experts; and Droplabs, an open source-friendly coworking space and business incubator near Downtown Los Angeles. As an advocate of open source software and self-declared meetup junky, he helps organize meetups and conferences all over the Greater Los Angeles Area, including the Los Angeles Chess meetup and LA Geek Dinners.

We hope to see you at Thursday's meetup!

Tags: DrupalgeddonDrupageddonSan Gabriel Valley DrupalPlanet Drupal
Syndicate content