Jul 13 2016
Jul 13

The Drupal security team published a PSA to warn about upcoming security advisories. I shared my advice and predicted attacks within the hour after the security advisories are published. The security advisories are now published. Here is my followup.

I applaud the Drupal Security Team for warning about the highly critical updates. However the public service announcement (PSA) left the impression that this event was going to be much more serious than it was. Such a PSA would have been perfectly appropriate for SA-CORE-2014-005 "Drupalgeddon". But the only PSA there was in hindsight.

I guess it is resonable for the Drupal Security Team to be over cautious, especially given the lessons learned from Drupalgeddon fallout. And of course, such decisions and criticism is much easier with hindsight.

But now I am concerned how the Drupal Security Team can realistically raise the level further there is another vulnerability that is as serious as Drupalgeddon. Even if they raise the alert level using language in the PSA, will people still believe them? It reminds me of the boy who cried wolf.

Of course serious vulnerabilities like these are rare events in Drupal, so there is not yet a standard to compare alert levels to.

Jul 12 2016
Jul 12

Just arrived here? Read my followup first.

Original post

The Drupal security team announced multiple highly critical updates to Drupal contrib modules in PSA-2016-001. Expect attacks within less than one hour from the announcement; 18 hours from the time this article is published. This is probably going to be Drupalgeddon all over again.

My advice

If you are prepared, you will save yourself a lot of time. If you are late or too slow, you will probably find yourself with a lot more work, e.g. the rescue workflow for Drupalgeddon 1.

Today

Don't skimp on the first two. And do at least one of "3. Update a contrib module" or "4. Learn how to apply patches". Which one you choose depends on your skills and how out of date contrib modules are on your Drupal websites. Ideally, do both steps 3 & 4; You might find one of them is significantly challenging for you.

  1. Backup your Drupal 7 websites; Database, code & files directory
  2. Plan to be online at 1600 Wednesday 13 July 2016 UTC. In other timezones:
    America/Los_Angeles: 0900 Wednesday 13 Jul
    America/New_York: 1200 Wednesday 13 Jul
    Europe/London: 1700 Wednesday 13 Jul
    Europe/Paris: 1800 Wednesday 13 Jul
    Australia/Sydney: 0200 Thursday 14 Jul
    Pacific/Auckland: 0400 Thursday 14 Jul
  3. Update a contrib module on each of your Drupal 7 website(s) to make sure there will be no problems and you know how to do it. Do it manually by downloading the module from Drupal.org. The update server that Drush and Drupal use might be delayed, overloaded or under attack.
  4. Learn how to apply patches:
    1. Choose any popular module that your website uses, e.g. Views
    2. Navigate to the module's issue queue
    3. Filter for "Reviewed & tested by the community"
    4. Filter for the version of the module your website uses
    5. E.g. Views 7.3 RTBC issues
    6. Open any issue
    7. Download any .patch file
    8. Apply it using Drupal's documentation, which boils down to something like:
      1. cd sites/all/modules/views/
      2. patch -p1 < ~/Downloads/views-fix_hide_rewriting_if_empty-1428256-21.patch
      3. Test the patched module still works
  5. Restore your website from the backup into a new environment to make sure your backup is complete, you have sufficient access and you know how to do it. If you are on time and fast, this won't become necessary. But just in case...
  6. Subscribe to Drupal security email announcements: Log in on Drupal.org, go to your user profile page and subscribe to the security newsletter on the "Edit » My newsletters" tab.
  7. Consider taking servers that host highly sensitive data offline if your Drupal website can reach them. Drupal's maintenance mode may not be sufficient protection.
  8. If you can move to a Drupal-tailored web host easily, do so. They often offer additional protection while you work on applying updates. I usually recommend Pantheon.
  9. Take stock of any modifications (patches) to Drupal core and contrib modules. The Hacked! module automates most of this.
  10. Clean up and/or take stock of any unusual files in your website. A version control system like git makes this easy.
  11. Use the Security Review module to check if you have configured your Drupal website securely.
  12. Backup your website again if you made changes since the last backup.
  13. Subscribe to my blog;
    • I will post any important or relevant updates, more aggressively than what the Drupal Security Team is able to
    • Submit your email address in the right sidebar.
    • You can unsubscribe anytime (I won't be offended)

At T minus 1-hour

At 1500 Wednesday 13 July 2016 UTC, an hour before the scheduled time;

Do what you need to do to have the next few hours free from distractions; I.e. eat, use the bathroom, get comfortable.

At 1600 Wednesday 13 July 2016 UTC

  1. Look for contrib security advisories on Drupal.org.
  2. For each advisory that is published, check if your website(s) use the module. If yes, update it.
  3. Check you are recieving security advisory emails. Sometimes the highly critical updates require followup.

Drupal 6

The Drupal security team no longer supports Drupal 6. So we don't yet know if it is vulnerable or if there will be a patch. All of the above applies and you should do it, but if Drupal 6 is vulnerable patches or updates will probably be provided by the Drupal 6 long term support (LTS) programme.

Worst case, be prepared to roll-back to your backup from before the announcement.

Consider also;

  1. Accellerating your plans to upgrade to Drupal 7 or 8
  2. Taking your server or website offline
  3. Archiving it as a static HTML website (no PHP)
  4. Maintenance mode or locked-down permissions to be read-only is better than nothing, but may not offer any protection

Will I be affected?

The Drupal security team have added that the affected contrib modules are used on between 1,000 and 10,000 sites. That limits the affected modules to those ranked 522 to 2180; Just 1680 of the most popular 2000 Drupal contrib modules. Some Drupal websites, especially simple ones, will be lucky in that they won't be using an affected contrib module. But don't count on luck.

Oct 22 2014
Oct 22

I estimate hundreds of thousands of Drupal websites now have backdoors; between ten and ninety percent of all Drupal websites. Automated Drupageddon exploits were in the wild within hours of the announcement. Updating or patching Drupal does not fix backdoors that attackers installed before updating or patching Drupal. Backdoors give attackers admin access and allow arbitrary PHP execution.

If your Drupal 7 (and 8) website is not updated or patched it is most likely compromised. If your website was not updated within a day of the announcement, it is probably compromised. Even if your website was updated within a day, it may be compromised.

If you did not know, Drupageddon is the highly critical SQL injection vulnerability in Drupal core announced 15 October. It is also known as Drupalgeddon (with an "L"), CVE-2014-3704, Drupal SA core 2014 005 and #DrupalSA05. Drupageddon (no "L") is the original name selected by Stefan Horst, who initially reported to the Drupal security team. See Drupageddon.com.

I have drafted this flowchart to help Drupal website administrators understand their options for recovering from Drupageddon. Review, feedback and collaboration is welcome.

The flowchart is a living document. Currently version is number 7.

Updates

How to fix a Drupal site compromised by Drupageddon

Creative Commons License

Jan 13 2011
Jan 13

There is currently severe flooding in Queensland Australia. An area twice the size of Texas is underwater. Entire homes are completely inundated. Bridges and cars have been washed away like toys. In Brisbane, airports are closed and the CBD has been closed down. There are at least 15 dead and more than 60 still missing.

QLDfloods.org is a Drupal 7 website set up by several members of the Australian Drupal community to provide information, track missing persons, find resources and people that need them (like beds), track damage and provide support. It was mentioned four times on CNN on Wednesday and multiple times on Australian national media.

The site builders are seeking help with Drupal 7 multiple-server configuration & infrastructure. Do you have expertise to help? Join #Drupal-AU on IRC, speak up in g.d.o/australia or contact Ryan Cross directly.

Coincidentally, DrupalDownunder is just 9 days away in Brisbane city. At this stage the venue has not been damaged and everything is still on track. Keep an eye on DrupalDownunder.org/flood-update for any changes to that.

Dec 17 2010
Dec 17

2010 has been a big year for the Drupal Association. Early in the year new members were brought on and the Board of Directors saw some changes. But most noteworthy is what the Drupal Association did for the Drupal community;

Screenshot of the newly redesigned Drupal.org.

Drupal.org Redesign Completion

Drupal.org has a new look and feel. If you have not seen it (have you been under a rock!?) go check out Drupal.org right now!

It took a few years and many iterations and volunteers, and even that was not enough. This year the Drupal Association came to the party with funding to finish the job. Contracts went to tender and were won by Neil Drumm, Achieve Internet and 3281d Consulting.

Thank you to everyone who contributed to the Drupal.org redesign for all your hard work and effort to pull this off. And especially thank you to the Drupal Association for funding the last several miles that could not be covered by volunteers alone.

Drupal.org will never be the same again! Find out what is next for Drupal.org.

DrupalCon San Francisco

Photo of chx with a large DrupalCon San Francisco logo on the projector screen behind him.
Photo by Kathleen Murtagh

How could we ever forget? DrupalCon San Francisco, was epic. By all measures, it was the largest and most spectacular Drupal event yet.

The Drupal Association bootstrapped the funding and locked in critical contracts in order to secure the venue and other services. Many of the DrupalCon San Francisco committee members also serve the Drupal Association. The Drupal Association managed all the finances for the event and coordinated the local team and service providers with the rest of the Drupal community.

And that is just the beginning of what the Drupal Association did to make DrupalCon San Francisco a reality!

Git Migration

Photo of Sam Boyer posing with a Druplipet on his head.
Sam Boyer. Photo by Fox

The Drupal Association recognized the urgency to update Drupal.org's version control system (currently CVS).

Drupal has an active, amazingly awesome and amiable community. One of the reasons for this, is that Drupal.org is our home. It has everything Drupal developers need, all in one place. However the last couple of years has seen a trend for contributions to be distributed elsewhere.

The Drupal Association realised that if Drupal.org did not offer modern version control and code-distribution tools, then Drupal.org would cease to be a central repository for contributed Drupal code. And that would ultimately be damaging to the community and the project.

Git logo

So earlier this year, the Drupal Association hired Sam Boyer to work on detailed planning and foundation work in preparation for the migration of Drupal's gigantic CVS repository, including about 9000 contributed themes modules and other projects, to Git.

This work is underway and is making good progress, but has some way to go yet. Sam is leading the effort but the success of the project is highly dependent on volunteer effort too. You can get involved on g.d.o.

Paid Staff

Early in the year, Treasurer Jacob Redding was hired as full-time General Manager for the Drupal Association. More recently, the Drupal Association hired Neil Kent as a Events Manager and Megan Sanicki as Sponsor Wrangler (Fundraising Manager).

Jacob does a wide range of tasks including managing financial assets and tasks, lawyers, accountants, contracts, bills, Drupal Association meetings and boot load of other tasks that arise.

Neil is working hard on a range of administrative, logistic and financial tasks related to DrupalCon Copenhagen 2010 and DrupalCon Chicago 2011, as well as trying to document it all and make DrupalCon production more sustainable, so that it is not so much work to reproduce DrupalCon in a new location every 6 months.

Megan is working on raising funds and managing relationships with past, future and potential sponsors, for both DrupalCon and other projects of the Drupal Association. She is also exploring new avenues of revenue.

These funds allow the Association to;

  • pay salaries of staff
  • fund hardware that keeps Drupal.org online
  • fund projects like the Drupal.org redesign and the Git migration
  • pay contractors to keep Drupal's websites up to date, secure and useful to the community

Megan's, Neil's and Jacob's responsibilities are critical to the health of the Drupal Association. Which is in turn, critical to the Drupal community and the resources they depend upon, such as Drupal.org and many other infrastructure services.

Legal and Financial Achievements

Through the careful management of Jacob Redding, the Drupal Association has managed to achieve all of this with less than 25% overhead. That is incredibly low for any non-profit or trade organisation.

DrupalCon Inc. received its 501c3 (not for profit) status, which allowed tens of thousands of dollars to be put right back into the Drupal community. This was a major process to work through the processes of the Internal Revenue Service agency of the US government.

Additionally, the Drupal Association;

  • got payment time for invoices down to less than 30 days (from more than 60)
  • turned over more than a million US dollars
  • registered for tax purposes in four countries
  • was a fiscal agent for 3 major DrupalCamps in the US; NYC, Colorado and Chicago

Mission Statement

Another important achievement of 2010 was updating our mission statement. We began this process in April in San Francisco at our full-day-long meeting, then iterated on it over the following months to reach the final wording.

You can read more about the process and work that went into the missions statement in this blog post by Robert Douglass. Or you can just skip to the result;

Mission Statement

The Drupal Association fosters and supports the Drupal software project, the community and its growth.

The Drupal Association does this by:

  1. Maintaining the hardware and software infrastructure of Drupal.org and other community sites.
  2. Empowering the Drupal community to participate in and contribute to the project.
  3. Protecting the GPL source code of the Drupal project and its community contributions.
  4. Protecting the Drupal project and community through legal work and advocacy.
  5. Organizing and promoting worldwide events.
  6. Communicating the benefits of the Drupal software.

The mission statement helps guide the Drupal Association in it's decision-making, and makes it clear to the community what the Drupal Association does and does not do.

Priorities

Another of the main outcomes of the full-day-long meeting in San Francisco was a list of the five highest priority goals;

  1. Completing the implementation of the Drupal.org redesign
  2. Continuing to build a sustainable model for DrupalCons
  3. Improving internal processes and decision-making
  4. Hiring permanent staff to help the DA better execute on its initiatives
  5. Improving the technical infrastructure of drupal.org

We completed items 1 and 4. Double yay!

We made excellent progress on item 2, including hiring an Events Manager and outsourcing website development to Growing Venture Solutions. However scaling the production of 3000-person bi-annual events is a large project that will take time and never be completely finished.

Similarly, item 5 is never really "done". Maintaining Drupal.org hardware, software and infrastructure is a never-ending job that volunteers work at tirelessly and with very little thanks from the hundreds of thousands of members and visitors to Drupal.org. The Drupal Association applauds their hard work and thanks them sincerely. The Drupal Association funds some of this work from time to time when volunteered time is not sufficient, and also pays for hardware and expenses required for the task.

As for item 3, the mission statement is one significant achievement towards this goal, but there is a lot more to it than that. Additionally, the Drupal Association has hired a consultant experienced with non-profit organisations to help us determine changes to structure that will help us achieve this goal. We are looking forward to report the changes that we decide to implement and how this will improve the efficiency of the Drupal Association to better serve the Drupal community.

Thank You!

Thank you for empowering the Drupal Association with your financial contributions and volunteer effort. You can continue to donate to the Drupal Association by;

Nov 22 2010
Nov 22

DrupalDownunder is just 2 months away and is expected to be a sell-out event, with Dries Buytaert (the Drupal project lead and founder) presenting a keynote and attending.

The keynote speakers are:

DrupalDownunder is on Saturday 22 and Sunday 23 January 2011. Registrations are now open at drupaldownunder.org/registration. The earlybird price is $132 AUD.

I am really looking forward to DrupalDownunder, meeting more of the Australian Drupal community and visiting Brisbane. I have already registered, booked flights and a room at the Central Summit. I am looking for a room-mate. Contact me.

Jun 01 2010
Jun 01

Logo of Palantir.netToday is a new beginning. Today is my first day at Palantir.net. I am now a "Palantiri"! (That's Palantiri-speak for someone who works at Palantir.net. ;)

Palantir.net is a high-end Drupal consulting & services company based in Chicago, Illinois, USA. Palantir.net has a great team of Drupal developers and contributors, including some friends and past colleagues from CivicActions and NowPublic. And I am excited to be a part of that team!

"Bevan joins our Front-end Development (FED) team as a senior front-end developer. A permanent member of the Drupal Association, Bevan is an active community member and a jack-of-all-Drupal-trades with expertise in theming, Javascript, and module development.

Palantir.net/blog

This means that I will be traveling back to North America again in June already, for a one-week long Palantir on-site, DrupalCamp Chicago and one-week working in-house in Palantir's offices.

My title at Palantir.net is "Senior Front End Developer" (aka "themer", or "FED").

To new beginnings...

Jun 01 2010
Jun 01

No. Neil Drumm and I looked at collaborating, but Neil had already implemented most of the jQuery side of the d.o dashboard, I didn't have much time, and it had different requirements to jQuery.dashboard(), especially with regards to the version of jQuery and jQuery UI it was dependent on.

Apr 20 2010
Apr 20

I scheduled the "tpl.phps are not real templates" session and discussion as a BoF session on Wednesday at 11am in room 212 at DrupalCon San Francisco.

From my original post;

"Drupal's template files (*.tpl.php) are not really templates. This is what my DrupalCon core developer summit submission is about. The slides briefly explain why tpl.phps are not real templates, what real templates are, why this is a problem for the Drupal project and community, and mentions some possible solutions to the problem. It also provides some basic guidelines as a starting point for tpl.php standards, should that be pursued."

Links

Apr 14 2010
Apr 14

Drupal's template files (*.tpl.php) are not really templates. This is what my DrupalCon core developer summit submission is about. The slides briefly explain why tpl.phps are not real templates, what real templates are, why this is a problem for the Drupal project and community, and mentions some possible solutions to the problem. It also provides some basic guidelines as a starting point for tpl.php standards, should that be pursued.

Download the slides here.

Attachment Size Drupal tpl.phps are not templates.pdf 294.24 KB
Apr 14 2010
Apr 14

The new year (this post is a little late!) has brought me new opportunities and some new roles;

NowPublic, Crowd Powered Media

New job at NowPublic

At NowPublic I work on front end theming and customizations for NowPublic.com and Scan — a realtime twitter and social media tracker for NowPublic.com, Examiner.com, WashingtonExaminer.com, SFexaminer.com and The Vancouver Sun.

Currently I am the skeleton dev team that maintains NowPublic.com, while the rest of the NowPublic dev team works on the Examiner.com migration to Drupal 7. Though I spend most of my dev time in the depths of the javascript and theme layer of Scan.

One of the most exciting things about this job is that I am able to work with an amazing team of developers including some other CivicActions alumni, whom I respect and seek to learn from. Such as chx, kkaefer, douggreen and Morbus Iff and many others.

Head On Vancouver

Vancouver

The new job at NowPublic saw me relocate to Vancouver for two and a half months, from just after DrupalSouth Wellington

at the end of January, until DrupalCon San Francisco, this week.

Vancouver has been astounding! Some highlights of my first trip ever to Canada and my stay in Vancouver include;

Returning to New Zealand

This Friday 16 April I depart Vancouver for San Francisco, where I will stay with the Clarity Digital Group developer team at Westin Hotel Market street for 8 days, for the Drupal core developer summit, DrupalCon SF, code sprints, meetings, social events, and a Drupal Association retreat.

Finally, on April 26 (after losing April 25 to the date line) I will arrive home to Christchurch NZ to stay indefinitely. It will be exactly 8 months since my wife and I departed Christchurch for DrupalCon Paris and a journey across 5 continents. I am looking forward to having a home (when we find and rent one!) and our bed back.

Drupal Association

Permanent Member of the Drupal Association General Assembly

Being elected onto the Drupal Association's General Assembly was largely unexpected and came as a surprise to me. I have been a core part of the DrupalCon Asia-Pacific Organisers (DCAPO) group on groups.drupal.org since it started in September 2009 and collaborated a little with Cary Gordon (Drupal Association Board, Director of Events) over that time. Cary asked me to join the Drupal Association to help centralise international DrupalCon coordination efforts (as per the events plan) and provide the association with a more internationalised perspective.

It is still early days at the association, but my goal (as per my application) at the Drupal Association is to empower a team to organise and run a DrupalCon somewhere in the Asia-Pacific region, hopefully around 2011. There are some ideas and projects at the association to do with scholarships and mini-conferences — but I will save that for another time, when it is ready.

Apr 12 2010
Apr 12

jQuery for Designers and Themers is a fun interactive session at DrupalCon San francisco on getting started with jQuery. It is targeted at designers and themers but is suitable for anyone with a decent understanding of HTML and CSS — no programming experience is necessary. It doesn't include any PHP, and only basic programming concepts are introduced.

The session is early on Tuesday 20 April in room 307 (Commerce guys) at DrupalCon SF at 8:30am.

The sample code is available at Drupal.org/Project/jQ4DaT and slides are available at TinyURL.com/jQuery-Designers (Google Docs).

Some other related or similar sessions include;

Apr 12 2010
Apr 12

DrupalSouth attendees pointing at Angela 'webchick' Byron (Drupal 7 core committer) in the center

DrupalSouth Wellington 2010 was a booming success! And that would be an understatement. 100 Drupallers from NZ, Australia, North America and Europe came together for 2 Wellington-wet days in a brewery and couldn't stop talking about Drupal!

Here is DrupalSouth by the numbers;

  • 1: Code sprints
  • 2: Tracks (simultaneous sessions)
  • 2: Duration in days
  • 2: Lunches provided
  • 2: Organisers
  • 2: Attendees from parliament (Green party)
  • 3: Keynote speakers from North America (Liz Henry, Emma Jane Hogbin & Angela Byron)
  • 3: Platinum Sponsors
  • 3: DrupliBeanBags
  • 4: Attendees from the IRD
  • 5: Gold sponsors
  • 5: Percent of attendees from Hawkes bay
  • 5: Months to organise
  • 6: Companies involved in the wireless internet
  • 6: Wireless access points
  • 7: Value of each bar token in NZ dollars
  • 8: Silver Sponsors
  • 9: Varieties of beer brewed on-site
  • 10: Start time on Saturday
  • 11: Thousands of dollars turned over in event production
  • 15: Attendees from NZ government agencies (IRD, Greens, NZ Police, various ministries, etc.)
  • 16: Sponsors
  • 16: Percent of attendees from Australia
  • 16: Percent of attendees from Christchurch
  • 18: Age of youngest attendee
  • 20: MBs of synchronous bandwidth
  • 21: Percent of attendees from Auckland
  • 26: Speakers
  • 28: Attendees who also attended LCA the week before
  • 29: Sessions
  • 30: Percent of female attendees
  • 32: Percent of attendees from Wellington region
  • 36: A3 sheets of printed sponsor logos
  • 60: Registration cost
  • 64: Cost of food and snacks per attendee
  • 100: Registrations sold
  • 220: Bar tokens printed

Some of my personal highlights were;

Thank you to;

Read other's post-DrupalSouth write-ups at;

Feb 26 2010
Feb 26

jQueryjQuery for Designers and Themers is a fun interactive session on getting started with jQuery. It is targeted at designers and themers but is suitable for anyone with a decent understanding of HTML and CSS — no programming experience is necessary. It doesn't include any PHP, and only basic programming concepts are introduced.

If you want to see this session at DrupalCon San Francisco you'll need to vote on it here it is at 8:30am on Tuesday 20 April in room 307 (Commerce guys) at DrupalCon SF.

I've presented sessions like this one twice before. The first time at DrupalCon Paris September 2009, and the second time at DrupalSouth Wellington January 2010, where it was successful and well received and both times.

Sample code is available at Drupal.org/Project/jQ4DaT and slides are available at TinyURL.com/jQuery-Designers (Google Docs). (They will be updated.)

Some other related or similar sessions include;

Feb 23 2010
Feb 23
Crude network and sponsor diagram/map of DrupalSouth's Wifi and internet connectivity, showing each step of the internet connection chain and sponsor's logos.

DrupalSouth — a 100-person technical conference — had awesome internet. This is how we did it.

DrupalSouth might well be the first Drupal conference with internet that didn't suck. For the first time, I didn't hear anyone complain about connectivity or speed. Everyone had internet access! If I didn't hear about any issues you were having, or if you had any complaints or problems, please let us know in the comments.

  1. Egressive pulled most of this together. Egressive provides both Linux and Drupal services and know a lot of people in the industry. In particular, Rob Fraser's technical networking know-how and contacts at Effusion, IOPEN, Unleash and elsewhere are what made this possible.

    Thanks Rob, and thanks Egressive!

  2. IOPEN and members of the Effusion group built a robust scalable wireless network for Kiwi PyCon 2009, just a few months earlier. DrupalSouth's wireless requirements were very similar to PyCon's. DrupalSouth was a little smaller in number of attendees. One difference was that the network data analysis and the Wireless Weather Report (see below) generating were not done on-site but 400 km away in Christchurch using a small real-time data stream from DrupalSouth. Also, Brian Chatterton of IOPEN made a few minor configuration enhancements, renamed the the networks in honour of Drupal's founder and changed the passwords.

    Brian Chatterton really understands networking. Technical conferences have such demanding wifi and networking requirements that can not be tested under load ahead of time. And usually they fail. Brian's experience and knowledge has been twice-proven by Kiwi PyCon and DrupalSouth's great wifi.

    Thanks Brian!

  3. R2 installed the purple VSDL cable and connection from the DrupalSouth network hub, out the window, up to the roof of Mac's Brewery, across the roof, up the wall of the NZ Stock Exchange building, through a window of TradeMe's offices, and into a spare wall-mounted network port nearby; which was re-patched directly into Citylink's fibre network in TradeMe's server and patch room.

    Richard Naylor of R2 is very respected and well known in Wellington when it comes to internet connectivity. As a City Council employee in the 90s he founded the project that later became Citylink. He now runs a private consultancy with his son, specializing in video streaming, and live video recording and hosting online. R2 did the video recording and streaming for Linux.conf.au Wellington.

    Richard and his network of industry and business contacts made this possible; he provided a missing link between the wifi LAN and Citylink's high-speed fibre network, temporarily extending it to the venue.

    Thanks Richard!

  4. Citylink's high speed city fibre optic network in Wellington connects hundreds of businesses, buildings and data centres city-wide with fast low-latency network speeds. Karen Lindsay-Kerr at Citylink was kind enough to arrange a sponsored VLAN from TradeMe's data centre to Unleash's point of presence across town. That's fibre all the way!

    Thanks Karen and thanks Citylink!

  5. Unleash, the last point in the hardware chain, provided a high speed connection to the Internet. They generously sponsored 100Gb of data, a 20Mb symmetrical link, and a whole block of 256 IP addresses. (Unfortunately we couldn't assign the public IP addresses to devices due to time constraints.)

    Unleash is an ISP based in Christchurch with four data centres across New Zealand, and nationwide network coverage with fibre, wireless and ADSL2+. They provide virtual and dedicated hosting, co-location and high-speed Internet services.

    Thanks Unleash!

The last component is a software layer: IOPEN created a network traffic monitoring tool that collects data about the network and monitors load and resource usage. A "wireless weather report". This is useful to fix any issues if they arise (which they didn't!) and analyse network traffic to make improvements to network configuration for next time. They also made the data from tool available to users connected to the DrupalSouth network. Here is a screenshot:

Screenshot of the network weather report tool by IOPEN

Most of the companies and individuals mentioned here donated their time and services. You can see all of DrupalSouth sponsors on the sponsor page.

Thanks everyone!

Nov 09 2009
Nov 09

We are excited to announce the DrupalCon Asia-Pacific Organisers group. DCAPO intends to lay foundations that will facilitate international Drupal Conferences (DrupalCons) in the Asia-Pacific region.

DCAPO welcomes and needs input and assistance from Drupal users and communities throughout the Asia-Pacific region. DrupalCons are a lot of work, and are only possible through the community's effort. Please join the DCAPO group to share your opinions and experience, volunteer your time, or nominate yourself or others for roles on the selection team.

DCAPO will later announce a call to the community to suggest and research locations for the first Asia-Pacific DrupalCon. Note that a lot of work goes into researching locations. The DCAPO selection team will only be able to seriously consider locations with suitable venues, dates and event management companies, financial estimates, potential audience and motivated local teams.

But first, as much of the Asia-Pacific Drupal community as possible needs to get involved. You can help by translating and reposting this announcement on other websites where Asia-Pacific Drupal users and communities are likely to find it. Don't forget to note any translations and reposts in the DCAPO group so that we can track progress and share translations with each other.

DCAPO is a result of the Drupal Association's new Events Plan (announced on Drupal.org) to have an Asia-Pacific DrupalCon every two years.

Thank you!
From the DrupalCon Asia-Pacific Organisers group

Oct 20 2009
Oct 20

I am currently available for Drupal development contract work.

I am interested in contracts or projects of any width, height or length. I am especially interested in projects that (roughly in order);

  • are socially conscious
  • have other talented and experienced Drupal developers to work and grow with
  • compensate at reasonable-to-good rates

I am only available to work virtually, since I am based in Thailand (UTC+7) till Christmas, then Wellington, New Zealand (UTC+13) till about late January, then probably Christchurch, NZ after that.

I'm highly experienced with Drupal and many contrib modules, contributing to and interacting with the community, Drupal module development, debugging and front end development – especially CSS, Javascript and efficient, maintainable and scalable Drupal themes. I am also very skilled and experienced at mentoring less-experienced Drupal developers, planning & architecting Drupal-based solutions from wireframes and/or specifications and putting into effect best practices for Drupal development teams.

My blog and my Drupal.org profile is my certification. My groups.drupal.org profile shows further involvement in the Drupal community, such as DrupalSouth Christchurch 2008, DrupalSouth Wellington 2010, DrupalCon Asia-Pacific, Usability group and UX team. I presented 4 sessions at 3 of the last 4 DrupalCons on Scalable/Advanced Theming, jQuery, and contributing to Drupal.

I have contributed patches that were committed to Drupal core. I have contributed a few small modules, co-maintained a few others and more extensively maintained and contributed to the Salesforce module.

Please contact me to discuss adding me to your team! :)

Sep 14 2009
Sep 14
DrupalSouth logo: The DrupliKiwiFruitFollowing in the success of DrupalSouth Christchurch November 2008, DrupalSouth Wellington January 2010 is in it's planning stages. It will be close to LCA Wellington 2010 both in time and location, and will feature excellent overseas and home-grown speakers & attendees, such as; Please take this one-minute survey to help us better determine suitable dates and other logistics. To get updates, subscribe to the NZ Drupal group, follow @DrupalSouth on twitter and get involved!
Jun 29 2009
Jun 29

Auckland's Sky Tower and city-scape illuminated in Christmas colours during December.  By Kahuroa, Courtesy of wikipedia.I'm going to be in Auckland this Friday and am meeting up with some other Drupalers to drink, dine and talk Drupal. Please see my post on groups.drupal.org for more details and to let us know if you're coming.

read more

Jun 29 2009
Jun 29
Penguins Crossing; LCA Wellington 2010 logoLinux Conference Australasia (aka LCA, linux.conf.au) will be in Wellington 18-23 January 2010 – 6 and a half months from now. This presents opportunities for the NZ Drupal community to;
  1. Promote Drupal in the wider FLOSS community (which is good for business)
  2. Run a DrupalCamp/Conference; which allows attendees to combine expenses if attending LCA, and organizers to share venue, admin, financial and other resources with LCA.
  3. Just hang out and drink & talk Drupal! Or perhaps (talk) and (drink drupal)!? :)
  1. Promote Drupal

    With the government moving away from Microsoft products and towards Open Source, and (hopefully) a FLOSS-friendly Patents Act in NZ, it is a very critical time to be making folk aware of Drupal and how it can empower them and their organisation/s.

    This is good for the Drupal marketplace, and good for anyone providing Drupal services in NZ – probably you!? (Conferences like this are also great places to grow your own business network directly!)

    Saturday 23 January is Open Day at LCA and is probably a good opportunity to set up a Drupal stand or similar. We would be able to use the Drupal banner from DrupalSouth for this.

  2. Run a DrupalCamp/Conference

    LCA is taking proposals for miniconfs during, before or after LCA. Given the prominence of Drupal in both the web and FLOSS communities it's likely a well–organised and well-written proposal would be accepted.

    Alternatively, we could organize our own DrupalCamp or mini-conference outside of LCA proper. Though LCA-miniconfs make admin easier and minimize the overhead of organizing a DrupalCamp or miniconf.

    Perhaps such an event could be DrupalSouth 2?

  3. Hang out and talk Drupal!

    With or without the above (or other Drupal events), it'd be great to meetup with other Drupalers and talk Drupal in the bars. Who else is planning on or thinking about attending?

I'm very keen to be involved in any/all of the above, but won't have enough bandwidth to be a driving force behind organizing anything big while living in Thailand (from September). I'm loosely planning on being back and living in NZ (maybe Wellington) in time for LCA. This is a cross-post from groups.drupal.org/new-zealand. Please discuss it there.
Dec 08 2008
Dec 08

I recently finished Feriana.co.nz, a simple Drupal 6 site for my fiancée and her handbag business. It uses CCK, Views and Panels 2 alpha, as well as ImageField, ImageCache and Lightbox2 modules. I also wrote Image Themer and Views Themer modules, which I contributed to the Themer package and plan to abstract in to re-usable solutions in my next Drupal 6 theming project which I start this week. I will also be demonstrating these modules at the Advanced Theming Techniques session (if it gets in – Go Vote!). You browse the still-very-alpha code for these modules in Drupal's CVS repository.

Feriana.co.nz Drupal 6 Showcase site

The site is a good example of what can be achieved with a small budget and flexible requirements. I spent no more than 30 hours total on this website including some contrib-module development, photoshop slicing and resizing and a little custom theming. The base-theme is foliage. Before commencing I spent a few hours in conversation with my fiancée (the 'client') working out what was most important sketching some paper prototypes.

Dec 08 2008
Dec 08
Now that I have been a full-time Drupal Developer for a couple of years, and a part-time Drupal developer for a year before that, I am beginning to recognize recurring patterns and problems in Drupal projects and people's experiences with Drupal. This is a report on my experiences, and a summary of learned lessons and recommendations for those entertaining the idea of a financially-driven Drupal project.

Executive Summary

  1. Don't undertake a Drupal project without, at the very least, someone on the team or available to the team, to check solutions are architected the Drupal way, monitor development for employment of good practices, look for learning opportunities for the less-experienced Drupal developers on the team, and be available in a timely manner to answer the question What would Drupal do?.
  2. Don't underestimate the cost of learning Drupal. It is almost always greater than the difference in price between experienced and inexperienced Drupal shops or developers.
  3. If you do not have an experienced Drupaler on your project's team, expect it to go several times over budget, and/or be under-delivered. Most of the time it will be cheaper to have the developers use the tool they already know.

Introduction

As more and more people discover and decide to use Drupal, the more and more popular it becomes. Given the way a crowd-attracts-a-crowd, especially with free and open source software, Drupal is quite clearly set to become the dominant open source web CMS in the professional and business-oriented web-development markets – if not the dominant CMS of both open source and proprietary options. It's also likely that Drupal will dominate in the amateur and hobbyiest markets too, when usability bugs get ironed out with a little more time and a couple more Drupal versions.

Many non-Drupal web development shops are recognizing this, and are beginning to realize that it's too expensive to maintain their own proprietary CMS, or – worse – maintain skills in multiple different CMS, when one could rule them all, and even do a better job.

The Problem

Businesses and individuals seeking websites also recognize this. In fact, many clients looking for a web shop have already decided they want their website to use Drupal. Instead of shopping for a general solution provider, they often look for a Drupal developer or Drupal shop.

I have seen this many times now, always with one of the two following results;

  • They find an experienced Drupal developer, recognize the value and importance of siad Drupal developer's experience and role in the project, and get them involved.
  • They don't find (or find, but can't afford) a Drupal developer or shop, fail to recognize the importance of this, and contract web developer or web shop with little or no experience.

Unfortunately – because of the high demand for experienced Drupalers – most end up in the last category. This is understandable, given that most clients seeking someone to build their website do so because they lack the expertise to do it themselves – they are therefore not likely to understand that – even with software, including Drupal – a tool is only as useful as the skills and experience of it's user.

This always – with no exception – ends up leaving the developers running frustratedly in circles, and the client burned with an under-delivered and over-budget product.

I have seen a number of non-Drupal web development shops talked in to using Drupal for the project because it was what the client wanted. The developers or shop often tell clients that "Drupal is a PHP application, and we're a PHP shop, so we can do Drupal". Even the developers often fail to recognize that Drupal is worthless to them until they have learned "the Drupal way", have experience with Drupal, have become self-dependent Drupal learners and can confidently answer the question What would Drupal do?. For most web development shops this is a significant amount of resources to commit. In fact for most run-of-the-mill shops, which are typically small businesses of 5-15 persons, it's too-large an investment.

The Solution

And indeed it is a large investment – after working full time with Drupal for a couple of years now, I'm still learning new things about Drupal just about daily. And there is no possible way any person or even small group of people can recall, understand and know how to use even half of the almost-4000 contributed modules.

The solution is to develop mentoring relationships. Every Drupal project needs at least one person who is sufficiently experienced with Drupal such that he or she can guide other developers through the project, showing them what Drupal would do. Finding this mentor or Drupal developer is key to the success of any Drupal project with any non-trivial amount of configuration and code.

It is the responsibility of project stakeholders to find these people. It is also the responsibility of web developers to avail themselves in a mentoring capacity to less-experienced Drupal developers.

Sep 18 2008
Sep 18

Together with some friends and colleagues we have been working hard to organise, finalize and publish details of what will be the two most important days for Drupal in New Zealand:

DrupalSouth: The New Zealand Drupal Event for 2008

DrupalSouth logo: The DrupliKiwiFruit DrupalSouth is the New Zealand Drupal Event for 2008. DrupalSouth will bring NZ's Drupal community together for the first nation-wide Drupal event and the first ever Drupal camp in NZ.

DrupalSouth runs for two days in the first weekend of November, starting at 9:30 am on Saturday 1st November and concluding at 6 pm on Sunday 2nd November 2008. The morning of each day will be filled with presentations, while the afternoons will be open to less formal talks, discussions, demonstrations, tutorials and hacking.

I will be presenting on Google Maps in Drupal; The Hub Map, in which I will showcase the Hub Map, and talk about implementing Google maps mashups in Drupal.

Many of the speakers are well-established Drupal and Open-Source community contributers like Dan "dman", Brenda "Shiny" Wallace, Marek Kuziel (Open ID, Python, Postgres) and myself. Others have won NZOSS awards for their contributions to Open Source, like Joshua Campbell and Dave Lane.

The awesome line up of presenters will present on a variety of topics, such as How Drupal stacks up in enterprise, and OpenID and Drupal to name just a couple.

DrupalSouth presents a great opportunity for attendees to learn new and interesting Drupal skills, techniques and resources, network face to face with industry leaders and Drupal professionals, companies and users, engage new clients, employees and contractors, discover how others are using Drupal or promote their own company or services.

If you do anything with Drupal, you oughta be there!

DrupalSouth is great value at $50 NZD and includes catered lunch on both Sunday and Saturday and drinks on Saturday night. You can register for DrupalSouth at DrupalSouth.net.nz/conference.

DrupalSouth is sponsored by some great Drupal companies from New Zealand and abroad, including CivicActions whom I work for; Signify, Catalyst IT, Egressive, Encode and Evolved Development.

Find out more about DrupalSouth at DrupalSouth.net.nz.

Mar 30 2008
Mar 30

I don't like to advertise, but this might save someone $1000 USD:

If you've been thinking about coming to New Zealand from the US, now is the time to get tickets. Qantas has specials that have cut flight prices by about 50%.

$900-$1000 USD from West Coast USA to AKL, WTN, CHC or Queenstown.
Around $1300 USD from East Coast to AKL, WTN, CHC or Queenstown.

If you're thinking about going to Drupalcon Sydney in May, it may be cheaper to fly via NZ with those specials. Flights from NZ to Sydney start at around $350 USD. It certainly wouldn't be much more expensive.

Unfortunately they don't have equivalent specials from NZ to the US.

[update] this was mis-titled "Cheap Flights to DrupalAPC via Sydney". Corrected to "Cheap Flights to DrupalAPC via NZ". Thanks lyricnz for the notice

Mar 01 2008
Mar 01

I arrived in Boston yesterday afternoon, absolutely exhausted after Usability testing at UMN -- which was amazing. See the report at 9am on Monday to hear why. It was snowing heavily here this morning. Today I need to prepare for my presentation on Scalable Theming and my parts of the Usability presentation, and try open another US bank account.

Here's my photoblog to date:

A few NEW cultural oddities I've noticed in the US since my last visit 5 years ago:

  • Airport pager: "The security threat level... is orange" -- talk about
    fear-mongering. No need for foreign terrorism in the US -- the local authorities are terrorizing plenty enough here!
  • Control-culture doesn't seem to be so severe this trip but is still grating. I think that's more to do with the people and places I'm mingling with though.
  • You can't seem to fill up a bottle with water anywhere. They seem to be getting the idea of 'being green' with recycle bins and signs to conserve hand-drying paper in the toilets and not leave the tap dripping, yet it's difficult NOT to go through several styrofoam, paper or plastic cups, bottles, plates and fast-food trays per day. I wonder how effective the recycling actually is here? Given the amount of extremely cheap "recyclable" materials consumed, and the fact that these materials usually aren't economically worth recycling, I suspect very little of it is actually recycled. Even where recycle bins are present. Meaning all the recycle bins do is make you feel less guilty about being a polluting consumer.
    • Most annoyingly of all for me, I can't fill up a bottle with tap water anywhere except a public bathroom, which 'feels' unhygenic, although probably isn't.
Feb 18 2008
Feb 18

[Update: this had the wrong tag to get on Planet Drupal]

I'm really looking forward to DrupalCon Boston 2008. The highlight for me will likely be meeting a bunch of really great people I have come to know, respect and be inspired by;

  • Everyone at CivicActions; My awesome colleagues and team-mates for the last 6 months.
  • Dries Buytaert; For obvious reasons.
  • Karoly Chx Negyesi; It's been great having your support on SoU. I want to put a voice to your words, code-comments and even php code!
  • Folk from the Usability Group; Eigentor, Gaele, SteveJB, Yoroy, CousinHub and many others.
  • Neil Drumm; You're usability discussion at BADcamp (I listened to the podcast) was inspiring and interesting for me.
  • Kent Bye; You have contributed a lot of videos and screenshots that have been inspiring for me. Then there's Backtrace Vizualizer which is just amazing.
  • Angie Webchick Byron; You're never-ending support is inspiring and motivating. Where do you get all that energy from?
  • And too many others to list here...

I leave this coming Sunday night (in less than 6 days) for Frisko via AKL and LAX, where I'll overnight. I go onto Minneapolis on Monday for the usability testing at the UMN, where I'll arrive in time, albeit a bit late, for the Twin-cities drupal meetup with Dries, the 'usability team' and local drupal folk.

On Friday 29th, it's off to Boston. I'm still looking for something to do for the weekend. I was thinking of heading to NYC to see the big apple, Montreal Canada just cause I've never been there, Vermont for a day's riding the slopes, or maybe hanging out in Boston to site-see, see if I can open a US bank account, and maybe scratch my apple-itch helping the RCS folk unlock or brick their iPhones.

Monday 3rd of course brings on the Main Event. Saturday 8th sees me on a plane back to Frisko for the night. On Sunday 9th I'll have most of the day free to site-see before getting on a plane home to Christchurch on Sunday evening.

Jan 30 2008
Jan 30

Edit by Bevan: I think this is technically creative targeted spam. The username linked to http://www.chicagoplumber53.com/. I'm publishing it anyway cause it's interesting how well it has been targeted and that it links to real company information; phone numbers and addresses.
================
Hi,

Very good and interesting site and it's renewed my interest in the possibility of Plumbing design means getting involved on the ground floor and working with other home design professionals.And very recently i come across another site based on plumbing which is related to your site and i hope it will really helpful for all .. Thanks

Jan 29 2008
Jan 29

I assume any future DrupalCon Down Under (wherever it ends up) would attract less North Americans or Europeans purely from a travel distance point of view anyway, so might not need quite the same size facilities as the Boston or Barcelona events would. But it would probably still be quite a stretch to justify and/or organise an NZ event.

More realistically an Australasian miniconf as part of a future Webstock (eg Wellington 2010) would be pretty cool. Or if LCA comes back to NZ - Due to circumstances I missed both LCA Dunedin and the previous Webstock unfortunately.

Or maybe with the help of Silverstripe (and any O'Reilly or Google friends they have) get an open source CMS conference happening down under?

Jan 25 2008
Jan 25

[Update: This had the wrong tag to get on Planet Drupal]
As others have noted, the DrupalCon Boston logo contest is closing soon, so you'd better get your votes in.

Here are my personal favourites;

  1. About 3rd as far as user-votes go, with 36 points; DB8
  2. LauraS only just submitted this one, so it's only got a few votes so far: BoSox style by Don Hajicek at pingVision
  3. This one is simple and elegant, although probably not everyone's cup of tea. By Dakku:

And here are the leading entries so far, by user-votes:

  1. 50 points, By Acromedia:
  2. 41 points, Boston Seal, by Konstantin Kaefer:
  3. 29 points, By Camworld:
  4. 28 points, the luck of drupal, by corinn:
  5. 19 points: DrupalSox by pcorbett:
Jan 08 2008
Jan 08

While checking out Raincity Studio's drupal work on SpreadFirefox.com I found myself becoming agitated by the bright orange color palette. I whined a little about the design then realized my monitor is partially to blame. The model I have of Dell's 30" LCD monitor (Here's the newer model) has a whopping 1:1000 contrast ratio. Is that what makes firefox-orange so damned bright?

In these photos I've tried (not completely successfully) to capture the difference between the Dell monitor and th MacBook Pro monitor:
SpreadFirefox.com side-by-side on Dell 30

I've already tried adjusting adjusting with Mac OS X but couldn't improve the orange much. Adjusting brightness helps a little too but not enough. I haven't bothered trying out the Dell CD that came with the monitor as I assumed Apple's calibrator would be easier to use. Also the CD is probably only for windows -- although I should probably check it out. Has anyone found Dell software 'drivers' useful on Mac OS X?

Attachment Size IMG_5516.JPG 106.4 KB
Jan 07 2008
Jan 07

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Jan 07 2008
Jan 07

The task was to take all of the excellent feedback and suggested solutions in Factory Joe's review and task-ify them or create patches if the solution was simple. This sounds like an easy task, but is in fact very difficult considering the amount of excellent usability feedback Factory Joe gave us. Marco also learned how to create review and apply patches and started integrating himself with the drupal community.

I found a lot of great Newbie tasks while doing this review.

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web