Nov 18 2014
Nov 18

Is Drupal secure software? You may have heard about the significant security announcement nicknamed “Drupalgeddon” and are wondering where Drupal fits in today’s fast-changing world of internet threats, enterprise software and risk management.

We stand by Drupal’s security record and recommend it for a variety of business cases. To put our money where our mouth is, our cofounder and chief tin-foil-hat fashionista, Christefano Reyes, is presenting Better Sleep Through Web Security. this Thursday, November 20th, at the San Gabriel Valley Drupal Meetup.

Thanks to a the Greater Los Angeles Drupal user group and its sponsors, this meetup is hosted on the beautiful Fuller Theological Seminary campus in Pasadena, California, and also have a video conference for those who can attend only by video conference or phone.

   Date and time: November 20, 2014 at 6pm Pacific Time
   Location: Fuller Theological Seminary, at 135 N Oakland Ave
Pasadena, CA 91101 (Building “Glasser 110”)
   Video conference: https://glad.zoom.us/j/129319220
   Phone: +1 415-762-9988 or +1 646-568-7788
   Meeting ID: 129 319 220

Better Sleep Through Web Security

Christefano Reyes presents Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

The “Drupalgeddon” vulnerability has been covered in mainstream news including Forbes, the BBC and The Register, and has brought web security, frequently an overlooked part of web development, back to the center stage.

This particular vulnerability, officially known as SA-CORE-2014-005, allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control.

Topics that will be covered in this presentation include:

  • Security vs. Privacy
  • Common Attack Vectors
  • Drupal’s security record and the Drupal Security Team
  • SA-CORE-2014-005 (also known as “Drupalgeddon”)
  • I’ve Been Hacked! Now What?
  • Best Practices for Helping Others and Yourself
  • Resources
  • Questions / Answers

Christefano is one of the founders of Exaltation of Larks, a Drupal design and engineering firm with a worldwide team of Drupal experts; and Droplabs, an open source-friendly coworking space and business incubator near Downtown Los Angeles. As an advocate of open source software and self-declared meetup junky, he helps organize meetups and conferences all over the Greater Los Angeles Area, including the Los Angeles Chess meetup and LA Geek Dinners.

If you haven’t heard of Drupalgeddon or don’t know if your Drupal sites have been updated since the announcement, please stop reading and see the SA-CORE-2014-005 FAQ immediately. You can contact us for any questions related to Drupal maintenance and support, including security services, at 888-527-5752 and via our Contact form.

Jun 26 2014
Jun 26

TimeBanks USATimeBanks USA is a 501c3 nonprofit organization that promotes and supports timebanking. Timebanking was created by Dr. Edgar S. Cahn, who founded TimeBanks USA in 1995.

Timebanking is a tax-exempt alternative currency system that works like this: if I spend one hour helping you build your website, I earn one credit, or time dollar. You can then turn around and exchange that time dollar by giving it to someone who fixes your refrigerator, coaches you on your resume, or gives you a ride to the airport.

The possibilities are endless,” according to TimeBanks USA. “An hour of gardening equals an hour of childcare equals an hour of dentistry equals an hour of home repair equals an hour of teaching someone to play chess.” It’s different from bartering, because this type of timebanking is based on services (and not goods) between members of a network.

This wasn’t the first time Exaltation of Larks has worked with alternative currencies. We created a virtual economy for Digital Dollhouse, a casual game where girls are empowered to become their own interior designers. In this virtual world, it’s possible to trade or regift items like dolls, plants and pets, and work with an in-game currency named ddCoins.

In addition to our work with TimeBanks USA, our experience with timebanking includes working as volunteers with two Los Angeles-area timebanks: Arroyo S.E.C.O. Time Bank and the West LA timebank cleverly named Our Time Bank. Our Time Machine project is an experimental Drupal installation profile for communities and organizations looking for turnkey timebanking software for their members and participating businesses and organizations.

TimeBanks USA founder Dr. Edgar S. Cahn has spent more than four decades striving for social justice. He began his career working for the Kennedy administration, focusing on alleviating poverty and hunger. He then opened the Citizens Advocate Center, an organization dedicated to protecting the rights of community groups as they interacted with the government. In 1972, Dr. Cahn founded the Antioch School of Law, whose curriculum was designed to teach students to practice law for the greater good of society.

Here at Exaltation of Larks, we have enormous respect for Dr. Cahn: at the age of 80, he is still a rabble-rouser and hell-raiser who is fighting to change the world, and we’re proud to provide him with the technical assistance to further this goal. Dr. Cahn is a true visionary and we hope to work with — and write about — him and his partner, Chris Gray, TimeBanks USA’s CEO, more in the future.

TIMEBANKS USA’s ROLE IN TIMEBANKING

TimeBanks USA TimeBanks USA supports timebanking in myriad ways, including offering onsite trainings nationwide; organizing an annual timebanking conference; hosting webinars and teleconference calls; and consulting individually with clients. The organization helps members connect with local timebanks or create their own.

One of the parts of TimeBanks USA infrastructure is a large scale social networking platform named Community Weaver, which has a software-as-a-service subscription model. There are more than 400 timebanking websites all around the world that rely on it to help manage and organize their timebanking processes, community activities and other needs.

TIMEBANKS USA’s NEEDS

Exaltation of Larks performed a substantial security and performance audit on Community Weaver, a complex Drupal multisite system. We helped TimeBanks USA fix critical issues affecting one of their essential online organizational tools — their Community Weaver software. This software platform runs a quickly evolving and iterating network of Drupal websites, so it was vital that the software could be updated and developed sustainably and seamlessly, yet without overriding the autonomous decision-making processes of each chapter website.

In addition, we worked with TimeBanks USA to develop a project plan for version 3.0 of Community Weaver and raise the funds to build it; we addressed problems arising from the system’s simultaneous use of both WordPress and Drupal; and we helped streamline the organization’s decision-making process.

TimeBanks USA needed extensive rework on their Community Weaver software, specifically with regard to security, performance and usability issues. Community Weaver is an online organizing and tracking tool for timebank members: it records time exchanged, displays service offers and requests, keeps track of memberships, and displays announcements for the community. Any local timebank can subscribe to TimeBanks USA’s software-as-a-service (SaaS) system to manage their members’ work. TimeBanks USA hired Exaltation of Larks to audit and rework Community Weaver 2.0, with the plans to eventually migrate all their technology, online memberships and e-commerce data to version 3.

TimeBanks USA was also experiencing security problems with its self-hosted WordPress website, which was outside our original scope of work. TimeBanks USA used our emergency support system and we quickly mobilized to resolve this new issue. We determined that security had been compromised and implemented several solutions to tighten it up, from checking the code integrity to updating MySQL access and hardening file permissions.

In addition to our work with TimeBanks USA, we worked with the Arroyo S.E.C.O. Time Bank, one of the many timebanks affiliated with TimeBanks USA. Arroyo S.E.C.O. serves neighborhoods in the eastern and northeastern Los Angeles area, which meant the Larks who were in the Downtown Los Angeles area could work with them one-on-one.

OUR SOLUTION

We began by tackling the security issues found in Community Weaver. Fortunately, TimeBanks USA had an in-house Drupal developer, who we worked with on a massive infrastructure audit, focusing on security and performance. This multisite installation had been built by its previous developer with development practices that were common in 2007, before Features and configuration-in-code became popular. We identified which multisite instances had been modified by their local chapters’ coordinators — which meant examining data structures, views, and content types across hundreds of Drupal websites — and which had unsafe code or configuration. We found security vulnerabilities through the entire stack, from the Drupal systems and websites down to the server operating system, all of which we documented, prioritized and / or resolved.

This was an extensive audit that had both technical and political ramifications. Each chapter is run by its coordinators and volunteers and sometimes in completely different ways than other chapters. In a multisite environment, making technical decisions for the entire fleet of hundreds of websites would impact all local chapter websites that had been modified for their own business cases.

We worked in conjunction with TimeBanks USA to devise policies and joined them on many global community conference calls — open to all coordinators of all the timebanks in the world — to describe our technical approach and to solicit feedback. Our task was to provide technical leadership for the entire organization. We needed a set of standards for sustainable development of this enormous network, but we also needed to respect each individual chapter’s right to make its own decisions.

The project plan we provided included time estimates to address the security problems we found. TimeBanks USA’s tech coordinators reviewed our list of most-needed fixes and then we consulted with a local timebank coordinator and Community Weaver user to make sure these fixes matched their timebank’s list of essential tasks.

We worked with several popular web hosting providers, including Drupal-as-a-service platform companies, to negotiate competitive pricing on behalf of TimeBanks USA. Due to their unique system and web application architecture, we recommended SoftLayer based on their features and pricing.

TimeBanks USA Community Weaver

The unfortunate multisite architecture that the prior developers had devised had the result of creating exponential complexity precluding any proper maintenance and further development on the system. We navigated our way through thousands of lines of uncommented custom code. We also found that the Linux server environment was an abandoned and unsupported custom distro. In both cases, we replaced as many unknown components as possible with stable, peer-reviewed alternatives and we documented the rest. We also stabilized the system by locking down the kinds of changes that individual coordinators could make to their individual timebank chapter websites, thus reducing future maintenance costs.

We fixed several security issues in the system by altering file permissions, MySQL accounts, and text input filters. We used PHP Filter Lock, a module we developed that disables the text form fields that contain PHP code, thereby mitigating the risk of CSRF and XSS security threats on websites that have the core PHP Filter module enabled.

On the same server as the Drupal multisite network was a WordPress marketing website. This in itself is not a problem. Exaltation of Larks’ position is that WordPress is great for simple websites and Drupal is great for complex systems and web applications. Having both on the same server created unnecessary security issues, however. The WordPress installation was technically able to overwrite anything on the Drupal side as well as access the Drupal database. We changed all MySQL usernames and passwords and locked down the file permissions so that the WordPress website could no longer be overwritten or be a risk to other software on the server, including Community Weaver.

Next, we worked with TimeBanks USA to develop the requirements for the next version of Community Weaver. The materials we developed included specifications for a fully featured mobile app, a business plan with financials and pitch deck, and more, and were designed to help TimeBanks USA secure additional funding. In the meantime, we trained a member of their community to maintain the software so they could further reduce their total cost of ownership.

Exaltation of Larks also provided TimeBanks USA with communications strategy consulting services. We performed a 360-degree organizational audit and came up with a more streamlined decision-making process. We created flowcharts of all the key players and stakeholders at TimeBanks USA and highlighted the points at which they had both strengths and weaknesses, and made recommendations where more efficiency was needed.

COMMUNITY INVOLVEMENT

Timebanking has evolved very differently in other parts of the world in ways that no one could have predicted. Nowhere is this emergent behavior more apparent than in highly populated cities, where the numbers, density, and different practices around timebanking create vastly different needs. One such advanced timebank is the Arroyo S.E.C.O. Time Bank in Los Angeles, which has thousands of members across dozens of separate neighborhoods. They needed several custom workflows implemented on their individual timebanking website to manage the scale that had resulted from their impressive growth. By its very nature, the timebank had no money for further development on their individual website.

Barnraisings are a concept taken from Amish culture, where the community comes together to build a barn for a newly married couple who wouldn’t be able to afford the time or expense of building a barn on their own. In the context of web development, barnraisings are like code sprints where the programming community gets together with a deserving nonprofit, and works with them to create or improve their software. For the development community, this is a teaching experience, and newer developers get to learn from seasoned veterans about client relationships, requirements gathering, project planning and the tools used for effective teamwork. The nonprofit brings food — usually excellent food — and everyone benefits.

Starting in April, 2012, the Larks partnered with Droplabs and arranged three separate barnraisings to build new features for the Arroyo S.E.C.O. Time Bank. Not only was a good time had by all, the team built functionality that the Larks turned into Features-based modules that could then be securely distributed to the other timebanks, to be turned on, or not, according to the wishes of each individual timebank coordinator. Features built included a custom registration workflow, neighborhood-specific blogs, and structured data types for content, among others.

PROJECT OUTCOME

Previous to Exaltation of Larks coming on board, TimeBanks USA had been working with a different development company. The Community Weaver software proved challenging to rework and over the 2 years we worked together we ensured that key security and performance problems with the software were resolved.

TimeBanks CEO Chris Gray says of the project: “Given the importance of the software for the mission and vision of TBUSA, and given how much we had to learn, this was a very intense experience for us.”

In addition, with the help of the volunteers at the barnraisings, we added several new features to the Community Weaver software, including a blog post content type and RSVP feature that integrates with the Signup module. These features directly benefit all the hundreds of TimeBanks chapters around the world that use the same Drupal distribution of Community Weaver.

All members of the Larks team, from the principals to the project leader to the programmers, demonstrated that they cared deeply about the quality of the work undertaken,” Chris Gray said. “[They] provided many hours of consultation to this endeavor. We are truly grateful for those contributions. Under challenging circumstances, they provided highly professional services to TBUSA. We greatly appreciate the professionalism of the Larks and the ongoing willingness to go above and beyond.”

Jun 11 2014
Jun 11

Friday5 Exaltation of Larks is proud to work with Friday5, a Los Angeles startup we think is worth paying attention to. Friday5 is an innovative crowd-funding platform that helps take the guesswork out of finding worthy causes and making tax-deductible donations.

Members who sign up at Friday5.org enter their credit card information, select the amount they want to donate to a nonprofit each week, and then receive a weekly email detailing which cause Friday5 has carefully curated for that week’s crowd-funded donation.

In short, Friday5 is helping change the world — one Friday at a time — and they’ve been praised in publications such as Forbes and PandoDaily.

Exaltation of Larks has worked with many nonprofits over the years but the opportunity to work together with Friday5 and support a new nonprofit each and every week was one we couldn’t pass up.

The role that we have with Friday5 is twofold: we provide the technical expertise and project management needed for Friday5’s online operations, and Christefano Reyes, an executive at Exaltation of Larks, serves on the Friday5 board and helps guide and advise the technical direction for the company. “Exaltation of Larks has a long history of working with both startups and with cause-based organizations,” Christefano said, “and our work with Friday5 has been a a great match for both companies.”

IDENTIFYING FRIDAY5’s NEEDS

Our collaboration with Friday5 began in 2013, when Friday5 founder Mike Berman found himself needing a team to help maintain Friday5.org, implement features requested by Friday5’s partners, and prepare for growth.

Friday5 home page

When Friday5’s lead developer left the company, Mike began looking for someone new. After a month of searching for a new team, he reached out to Ben Stewart at ShareMagnet, another Los Angeles startup that Exaltation of Larks has worked with and has a 1st-degree connection. “From day one, we’ve felt that we’ve been in great hands with Larks,” Mike says. “They quickly and accurately assessed our needs, and we’ve been more than impressed with their work.”

OUR SOLUTION

Friday5’s site hadn’t been updated for several months by the time Exaltation of Larks came on board. We performed our standard site audit and included a security review.

The results of our site audit identified several technical issues that needed to be addressed, from server maintenance and security issues to general bug fixes and ways to streamline and optimize the payment process. We also performed a business assessment and documented the platform and its systems and helped Friday5 plan for its next phase.

Recognizing the need to ensure that Friday5 had as seamless a transition to our services as possible, we worked with Friday5’s former lead developer over the course of several meetings to perform site discovery and produce all related documentation.

Managed Hosting
The payment gateway Friday5 uses, Network for Good, requires its customers’ servers to have a fixed IP address. This eliminates the option of using some grid and cloud hosting platforms. While the hosting costs at the time were higher than necessary, we advised against migrating to a new server environment. The transition cost of migrating to a new server or webhost were greater than the immediate short-term benefits.

Fortunately, their webhost changed its pricing options in April, 2014, and is now much more affordable. By using our server administration tools and our familiarity with the Friday5.org website and systems, we were able to build a completely new server infrastructure and fully migrate the Drupal site to it in less than 30 minutes.

As part of our managed hosting services, we provide Friday5 with rock solid backup and disaster recovery services. Systems we’ve implemented create backups of the database and codebase and these are regularly saved to a number of locations, including Amazon S3. Together with the documentation we’ve compiled for Friday5, we help ensure Friday5’s business continuity.

Network for Good
Network for Good is a specialty payment gateway set up to provide services to nonprofits. Exaltation of Larks maintains the Network for Good integration module that connect Drupal sites with Network for Good’s API, and has shared this module with the larger Drupal developer community. “We contributed this module during the code sprint at a Drupal Coworking Friday,” Christefano said. “These events combine mini code sprints and free coworking days and are a great way for us to mentor other Drupal developers.”

Friday5 mobile interfaceData-Driven Development
When joining the project, we immediately documented Friday5’s systems and features that existed at that moment in time. This gave us a clear starting point for developing the product’s roadmap.

Our project planning for the next phase of feature development uses a data-driven approach. The features we’ve developed so far include better reporting tools to measure key indicators and enable business decisions on critical issues and opportunities. We’re expanding this to allow for more clarity in the day to day management of the organization, as well as insight for future planning.

Support and Maintenance
Exaltation of Larks performs ongoing maintenance and support for Friday5. These services give Friday5 the comprehensive coverage they need, from basic maintenance to emergency support. For example, the Friday5 website had an issue when the company was in the middle of an important business meeting. Friday5 used our emergency support system and the issue was resolved within the hour.

PROJECT OUTCOME

Exaltation of Larks has given Friday5 solid footing in the area it most needed it: technical leadership and support. We continue to act as a technical resource for Friday5, advising Mike and his team on the company’s infrastructure for growth. “With Larks,” Mike said, “we have instant access to great programmers, and we only pay for what we need. As we grow, we’ll need more development time and expertise — Larks has us completely covered.”

We are proud to see Friday5 succeeding in the market and see Friday5 as an important addition to the Los Angeles startup landscape — and also the national nonprofit landscape. Friday5 has proven to be a pioneer in crowd-funded charity giving. Indeed, about 6 months after Friday5 launched, Google effectively validated Friday5’s business model by introducing One Today, in which users donate $1 per cause per day using a system very similar to Friday5’s — including Network for Good integration.

Jun 03 2014
lee
Jun 03

Droplabs Exaltation of Larks is at DrupalCon Austin!

This is the Drupal community’s biggest conference for all things Drupal and it’s a great chance for you to meet all the Larks who are in attendance.

To set up a meeting with us, send us a message or mention @LarksLA on Twitter. We’d love to talk with you about Droplabs, the Drupal incubator we co-founded in Los Angeles in 2011, how it’s become the Top Drupal Location in the world, and how to start a Droplabs in your city.

Droplabs If you’re in the Los Angeles area and aren’t going to DrupalCon, you’re welcome to join Lee Vodra, one of the co-founders of both Exaltation of Larks and Droplabs, for a Droplabs Open House on Thursday, June 5th.

Droplabs will be announcing its Droplabs Academy and tuning in to the live stream of the DrupalCon Austin Closing Session. Drop by and meet some of the Larks who are in Southern California and say farewell to DrupalCon Austin and “hello!” to DrupalCon Amsterdam, DrupalCon Bogota, and the surprise location of DrupalCon North America 2015.

Jun 03 2014
Jun 03

CMEDownload CMEDownload is a continuing medical education (CME) service that gives physicians and medical students access to a high-quality library of thousands of lectures in video and audio formats for computers and mobile devices. This video on demand (VOD) service contains thousands of lectures and hundreds of hours of continuing medical education.

The service is a good example of Drupal being used to power a MOOC, or massive open online course: it combines digital-age distance learning with unlimited participation and open access to educational materials. CMEDownload has since been joined by other MOOC services using Drupal, including edX.org.

Attending conferences can be tricky for busy medical professionals. CMEDownload partners with top-level national and international medical conferences so that physicians can view lectures without leaving their homes, jobs, or families. Customers who sign up for an all-access pass can stream or download any of the thousands of videos and also earn certificates in continuing medical education through watching these videos.

Exaltation of Larks has been working with CMEDownload since 2012. What started as a standard site audit — with a focus on improving website performance and fixing security issues — turned into a major refactoring project and infrastructure overhaul. With the results from our initial site audit, we have steadily improved the website in almost every way.

To this day, Exaltation of Larks continues to maintain and support the CMEDownload website. We are a fully-integrated, full-service design and engineering firm, and in the case of CMEDownload we have provided development, maintenance and support, infrastructure consulting and managed hosting services.

IDENTIFYING CMEDOWNLOAD’s NEEDS

Sujal Mandavia, CMEDownload’s CEO, is a sharp businessperson with a great product. He wanted to improve CMEDownload’s security and performance and he needed a sleeker, faster-moving way to present and organize the service’s video media, as well as improve the user experience of the customer-facing features.

As someone with development experience himself, Sujal knew he needed to find a team that was familiar with site architecture for media-heavy sites, and who understood how to organize, catalog, and serve up large amounts of video media. Sujal searched extensively for the right team to handle the upgrades he needed.

The Larks’ consistency was a plus,” Sujal says. “So was their level of experience.” Both companies have offices in Los Angeles — CMEDownload is an LA startup and Exaltation of Larks has a Los Angeles-based team — which made working together an easy decision.

OUR PROGNOSIS & SOLUTION

Code Audit and Refactoring
We began with a full infrastructure audit. This included a review of CMEDownload’s web hosting, which at the time of our audit was on a dedicated Xserve server. This server was occasionally crashing and we took emergency measures to improve data integrity in the event that the MySQL database server crashed. At the same time, our implementations significantly improved the database performance.

Understanding the way the original CMEDownload website was constructed required high technical expertise. Through our audit, we learned we would need to untangle some of the previous development work. We refactored large parts of the codebase to use high quality third-party modules that are available on Drupal.org to provide the same functionality, while performing a code audit of the 17 custom modules installed. (The previous vendor had developed significant parts of the Drupal codebase from scratch and in many cases had reinvented the wheel.)

Managed Hosting
CMEDownload is now hosted on Amazon Web Services (AWS). We’ve utilized AWS extensively to reduce CMEDownload’s web hosting costs by almost 50%. These changes include refactoring and optimization of the codebase and database, which have lowered both web hosting fees and ongoing maintenance costs.

We provide long-term support and maintenance services for CMEDownload. This includes ticket-based support, ongoing bug fixes, and working directly with CMEDownload’s staff. Through our support system, we provide CMEDownload with services for all of their hosting and infrastructure needs.

Performance and Scalability
We improved CMEDownload’s page load speeds through extensive database tuning and performed significant database maintenance tasks, including automated integrity checks and optimization of the database tables.

Modules we installed and configured included Varnish, Expires and Purge, and we added Views caching that was missing for nearly all the blocks and pages, including video queues, playlists, completed quizzes, etc.

We also implemented the CDN module for Drupal in order to use a content delivery network. With the CDN, CMEDownload is able to deliver the files in its enormous video library much more quickly and efficiently to its customers.

Security Improvements
One of the first things we worked on was improving security, fixing potential information disclosure vulnerabilities. Many pages and custom lists of information displayed by Views did not check for access control, which we promptly fixed.

As is standard with e-commerce sites we work on, we performed an e-commerce audit to ensure that customer data was protected. This was also one of the first projects where we enforced HSTS, or HTTP Strict Transport Security, a security implementation created in 2012.

HSTS is a powerful and relatively little-used method for increasing security and even improving usability by preventing mixed content warnings. We recommend using HSTS on all our projects that use SSL,” says Christefano Reyes, of Exaltation of Larks. “It’s been part of our standard security package for a while and we would love to see more websites using it.”

Subscription Issues
Customers are presented with an interface similar to Netflix: members have a queue to which they add videos they want to save for later viewing. We added functionality that allowed members to reorder their queue and delete videos from it. CMEDownload also uses the Drupal iTunes module to expose users’ playlists in iTunes.

CMEDownload queue

We fine-tuned custom modules that determined how a lecture or course was labeled and displayed to subscribers, and who had permission to view what content. We also worked on streamlining a method for offering discount codes. Many lectures and courses have attached quizzes, to test subscribers on the material before they can gain a certificate of completion. We worked on CMEDownload’s custom modules to simplify the process of displaying these quizzes to viewers.

CMEDownload also keeps track of who has watched which videos, and issues the corresponding continuing education credits and certifications. CMEDownload uses custom code and scripts to calculate these credits and display them. These proprietary methods enable CMEDownload to track the views of individual members.

Exaltation of Larks is an Authorize.Net development partner and we implemented their service with Drupal to better manage CMEDownload’s subscription information.

Another customer-facing change we implemented was a switch from FlowPlayer to JWPlayer for streaming video. We chose JWPlayer because support for JWPlayer is very good and the player does most of the work: it can play HTML and Flash files in one instance, whereas with FlowPlayer it’s necessary to switch between two types to play HTML or Flash. CMEDownload and their customers are happy with the results.

GIVING CMEDOWNLOAD A CLEAN BILL OF HEALTH

Our customer is very satisfied. Sujal’s only complaint was that he wished Exaltation of Larks had been on the project from day one. “I think companies like Larks have made it easier for folks to access the power and community of open source without being experts themselves,” Sujal says.

Sujal believes the Los Angeles startup scene has changed for the better in recent years. He recognized the need for a CME product and he filled that need, but the startup community was smaller and technical resources were harder to find at the time CMEDownload was founded. Open source software was available but only easily utilized by developers and hardcore aficionados.

Here at Exaltation of Larks, we’re extremely happy to have helped CMEDownload with their success. We are currently working with CMEDownload on upgrading from Drupal 6 to 7, which will make feature development considerably faster and further reduce support and maintenance costs.

Jun 02 2014
Jun 02

You’ve probably come across this situation before. When visiting a certain site, you see a browser warning that the website is using mixed content — both HTTP and HTTPS together.

Avoiding mixed content is nothing new to some web developers, but read on if you’re looking for a quick fix to prevent both mixed content warnings and CSRF attacks, which are the underlying reason why browsers have those warnings in the first place.

Introducing HSTS

HSTS, or HTTP Strict Transport Security, is a security implementation that was created in 2012. It’s been part of our standard security package for a while and we would love to see more websites using it.

read more

Mar 19 2014
Mar 19

Tech Coast Angels Tech Coast Angels (TCA) is the largest angel investment organization in the United States. With over 300 members throughout Southern California, Tech Coast Angel’s members have invested over $120 million in over 200 startup companies since their inception in 1997.

Since 2013, Exaltation of Larks has been working with Tech Coast Angels with their online systems, including an extensive Drupal web application that their members use as a deal flow tracker and document management system. Services we’ve provided include support, maintenance, security improvements, performance optimization, and mobile integration.

The website that Tech Coast Angels uses allows its members to view startup companies’ applications for funding, discuss each company’s application and collaborate with one another in researching each company, which then helps them make individual decisions on funding.

IDENTIFYING TECH COAST ANGELS’ NEEDS

Mike Panesis, Chairman of Tech Coast Angels’ Board of Governors, says of the collaboration, “Tech Coast Angels engaged Exaltation of Larks to perform a security audit on our web site. Exaltation of Larks did a comprehensive analysis, compiled a task list with time estimates and risk assessments, and made recommendations for proceeding.”

Exaltation of Larks began this project with a site audit to evaluate the quality and maintainability of the existing Drupal web application and server environment, with a focus on performance optimization and general best practices.

During the site audit, we found Drupal and several contributed modules had been modified from their original versions, which made feature development and regular maintenance such as updates much more complicated. Many of the modules were out of date and required security updates, and several modules were development versions, which made it difficult to determine whether they needed updating, and if so what version to update them to.

With a go-ahead from Tech Coast Angels, we then performed a more in-depth review, which unearthed further security and server memory issues. We documented them and helped Tech Coast Angels prioritize which ones to tackle first.

Tech Coast Angels also enlisted Exaltation of Larks to help them create an iPhone app. This presented an interesting challenge: Tech Coast Angels’ website used Drupal 6, but the Services module, which provides key data in a format that a smartphone app could read, had been discontinued since its authors and maintainers focused their efforts on versions for Drupal 7 and Drupal 8.

OUR SOLUTION

First, we brought the modified codebase that had outdated versions — and unversioned development releases — back into mainstream Drupal core and contrib releases.

Next, we worked on the security and server memory issues. There were two types of improvements needed: quick fixes and larger upgrades. Quick fixes included enabling Views caching and turning off unneeded modules on the production server. Among these modules were Locale, Devel, and String Overrides.

Many of the upgrades had to do with memory usage and resource management. We migrated the website to a current LAMP environment, which included upgrading MySQL from 5.1 to 5.5, which has many performance and memory management improvements. We adjusted many MySQL cache parameters to improve performance and reconfigured both MySQL and Apache to dramatically reduce memory usage, including configuring Apache to use 25 modules, rather than the 57 that the legacy server had been using.

All web hosting is provided by Amazon Web Services (AWS), for which Exaltation of Larks is a delivery partner. Even though we stayed with the same size AWS instance, we configured the production server to be more efficient using the same hardware resources, so there was plenty of memory capacity in case of traffic spikes. We rebuilt the new AWS server for optimized IO operations per second, which added moderate extra costs, but substantially reduced overall system latency. These extra costs were easily offset by purchasing a heavy utilization reserved instance.

Further configuration improvements allowed us to reduce the memory usage of the staging server so it could run on a smaller, more lower cost instance. The production site went from allocating almost all its memory on the original instance to performing better than the legacy site on a smaller instance.

Security upgrades included configuring Apache to not have write access to Drupal’s PHP files, an important security improvement; adding SSL and making it mandatory for all connections; implementing a backup strategy that moves backups to Amazon S3; and using MySQL accounts with the least necessary privileges for accessing MySQL databases.

Finally, we decided to backport the Drupal 7 security fixes and new REST server features in the Services module to the Drupal 6 version. Working with Tech Coast Angels’ mobile application developer team, we used this backported version of Services to create an API that exposed the appropriate data to their iPhone app. We plan is to make the Drupal 6 version of Services available to the larger Drupal community.

PROJECT OUTCOME

We have been very happy with the Larks’ performance,” Panesis says. “They are truly Drupal experts, conduct themselves in a professional manner, and treat our website as if it was their own.”

In the future, Exaltation of Larks and Tech Coast Angels plan to work together on a site redesign and an upgrade to Drupal 7. We continue to work with Tech Coast Angels on ongoing feature development and provide support and maintenance services.

read more

May 19 2013
May 19

Exaltation of Larks will be at DrupalCon Portland next week and we’d like to share some of our DrupalCon plans.

To summarize, we’re excited to announce that we’re co-training on Drupal Commerce with Commerce Guys; we’re continuing the conversation we started last month about Long Term Support for Drupal 6; and we have a quick list of Drupal Fit activities that are happening before and during the conference.

Interested? Read on.

Drupal Commerce Training

One of our core philosophies is that high-quality trainings are one of the very best ways to help Drupal and the Drupal developer community grow, and we’ve been working closely with Commerce Guys for the DrupalCon training, Launching an Online Store with Commerce Kickstart, on Monday, May 20th.

Our joint curriculum is based on the 7.x-2.7 version of Commerce Kickstart, which was just released yesterday. The attendees of this training are really in for a treat and this is a Commerce training that’s not to be missed.

Drupal Commerce Meetups Every Month

This is a good time as any to let everyone know that we’re proud sponsors of the Drupal Commerce Meetup, which meets in Los Angeles on the 4th Tuesday of each month.

Not in Los Angeles? Not to worry, these meetups are also being broadcast online for everyone to tune in for and enjoy. The next meetup is after DrupalCon on Tuesday, May 28th, so be sure to sign up over at Drupal Groups to hear what the next meetup is about.

These meetups are recorded and the video from last month’s meetup is available online. The video features a presentation by Ryan Szrama on Relify and personalized product recommendations. Relify neatly narrows the gap between Drupal Commerce and recommendation systems, like Amazon’s “you may also like” suggestions.

Long Term Support (LTS) for Drupal

We’re hosting a BoF (birds of a feather) discussion on long-term Drupal support (particularly for Drupal 6 sites when Drupal 8 comes out and bug fixes and security releases for Drupal 6 are discontinued).

Long Term Support is a topic that is near and dear to us and a number of our clients and this BoF is a followup to our earlier post, Drupal 6 End of Life When Drupal 8 is Released… Or Not.

We’re preparing an “LTS” version of Drupal 6 and have a lot more planned, so stay tuned to the DrupalCon BoF schedule and @LarksLA on Twitter for news of when this BoF gets scheduled.

Drupal Fit

Finally, if you haven’t heard of Drupal Fit, it’s a group of nearly 200 Drupaleros who are dedicated to fitness is one form or another (mental, physical, etc.) and to sharing their experiences with other Drupal community members.

Here’s a summary of some of the Drupal Fit activities at DrupalCon Portland.

Are there any other Drupal Fit activities not mentioned here? Send @DrupalFit a shout out on Twitter.

read more

Mar 30 2013
Mar 30

At the Boston Drupal meetup that was at Acquia this month, several presentations were focused on “what’s new in Drupal 8” from the view of several people who now work at Acquia. I loved it. There were other presentations, as well (including one of my own!), and I really enjoyed seeing the Boston Drupal group again after many months.

During the questions and answers part of the meetup, I asked Dries if he was considering naming a security maintainer for Drupal 6 when Drupal 8 is released. (In case you didn’t know, support for Drupal 6 will be discontinued by the Drupal core and security teams. See the handbook page on backwards compatibility at https://drupal.org/node/65922 for more, including Dries’ original statement on the subject in 2006.)

read more

Jul 23 2012
Jul 23

We’re happy to announce that Exaltation of Larks is sponsoring, co-organizing and offering pre-camp training at DrupalCamp LA this July 27-29th. We hope that you join us!

Pre-Camp Training

The class that we’re offering is all about Drupal Best Practices, and it’s being offered together with Chapter Three on July 27th at 60% off our usual price. This is one of our most popular classes and is one of our favorites, too.

If you’ve taken one of our previous paid classes, you can use coupon code ALUMNI to get an additional 10% off! (In order to use this code, you’ll need to be logged in with your existing account at https://www.larks.la/training)

You don’t need to be registered for DrupalCamp LA to take our class, but why not sign up at http://2012.drupalcampla.com/user/register today? This gives the conference organizers an accurate headcount, and makes it easy for you to pick out your sessions and add your comments to the session proposals.

Presenting at DrupalCamp LA

Speaking of sessions, all of our session proposals were accepted this year and here’s what we’re presenting:

We’ll also be leading BoF (birds of a feather) sessions on coworking and timebanking, which are two topics we’re eager to share and hear from others about.

Meanwhile, several of our partners, including Chapter Three, Acquia and Build a Module, are also represented at DrupalCamp LA this year:

Upcoming Classes in and Around Los Angeles

Can’t make it to DrupalCamp LA? We have several upcoming trainings that we’ve scheduled throughout the Summer and into the Fall, from introductory Drupal Site Building and Layout and Theming to Module Development and Web Services and APIs.

read more

Feb 28 2012
Feb 28

At the end of 2011, we were excited to hear that the Drupal Association was planning a series of global training days, when high-quality Drupal workshops would be scheduled all around the world and all on the same day. We believe 100% in this initiative and talked with Jacob Redding, the Executive Director at the Drupal Association, about how to bring it to Los Angeles. We quickly settled on some common goals, including how to work together to promote Drupal to as many newcomers as possible.

Everything was moving forward until we learned that one of the key pieces of the Drupal Association’s strategy is that Exaltation of Larks and other Drupal companies with well-developed training programs were being asked to produce these trainings at low- or no-cost to attendees. This one had us at a loss — literally! — and had us wondering how to sustain the growth of our training program without sapping resources from our consulting and development divisions, not to mention the attendance at our upcoming paid trainings.

One of the things we enjoy the most is a good challenge, and we immediately started coming up with ideas to make it work with our training program’s existing costs and our dedication to quality. In the end, we succeeded on all counts with two parts planning and one part luck.

We were lucky because we have a great training venue at Droplabs, a Drupal-friendly coworking space in Los Angeles that a few of the Larks and other entrepreneurs founded last year and that many of the Larks work out of. One of the events that Droplabs hosts is Drupal Coworking Friday, a free coworking day on the last Friday of every month — which coincided this time with the Drupal Association’s global training day.

With the potential for cross-promotion with Droplabs and the local Downtown Los Angeles Drupal user group, we went ahead and scheduled our Introduction to Drupal workshop. This was a lunch and learn-style workshop and providing lunch was the only hard cost that we had associated with the event.

We usually go through a large marketing and production process for our trainings, but this time we didn’t buy ads or book a large venue. Instead, we liberally borrowed parts of some of our favorite presentations and workshops that we’ve done many, many times: an introduction to databases and queries, sections from our Drupal Fundamentals course, and questions and answers about web hosting and the Drupal community.

What We Covered

  • When and why to use Drupal
  • Considerations when starting a Drupal project and how to organize a project
  • The basics of Drupal, from content management to membership (“user”) management
  • An introduction to databases and queries
  • How to organize a site using Drupal content types, Taxonomy and Views
  • How to turn ideas for features and functionality into achievable tasks using user stories and use cases
  • Which tasks are crucial for a successful Drupal website and how to organize them
  • How to choose the right Drupal version and modules for a project
  • The basics of web hosting and getting Drupal running on a local computer
  • How to connect with the Drupal community, its meetups, conferences and job fairs and online discussion forums and chat rooms

What We Learned

The best learning experiences are where everyone learns something, including the instructors. Here’s what we learned by doing this format compared to our usual one- and multiple-day trainings:

  • Unlike our other courses, which have clear prerequisites and a “ladder” structure, this workshop is going to be different every time depending on the number of attendees and their range of technical expertise. We can’t assume anything about what students do or don’t know.
  • This isn’t a “deep dive” workshop and it’s important that the entire class shares the same overview and moves forward together. We tried to avoid getting sucked into Drupal’s details, like technical recipes for specific functionality such as galleries, content workflows for newspapers, etc.
  • This is a 3-hour workshop. We’d originally planned this workshop to be 2 hours and that wasn’t enough time to touch on some more advanced topics that some of the attendees asked about toward the end of the workshop. Our group was yearning for information and all but 2 attendees stayed for nearly 3 full hours.
  • Everyone likes to have fun when they’re learning, and learning Drupal is no exception. You never know when the “aha” moment will be. When it presents itself, grab it and run!

Although the workshop “sold out” and all the seats were technically reserved, there were a few no-shows. We always expect this to happen with low- and no-cost events, but we didn’t expect those available seats to be immediately filled by walk-ins and people who were attending Drupal Coworking Friday but hadn’t heard about the workshop.

Our experience was so positive that we immediately added it to our list of available courses. Not only are we planning to offer this workshop again, we’re going to do it every month! We’ve already scheduled the next one for March 30, 2012, which happens to be another Drupal Coworking Friday.

Jan 01 2012
Jan 01

2011 was a big year for us at Exaltation of Larks. In addition to our regular consulting and development work, we kicked off our public training program in January of 2010 and have offered public classes on everything from Drupal fundamentals to back-end development and everything in between.

In 2011, we trained organizations in Los Angeles, Silicon Valley, Irvine and San Diego and our training clients are companies including LegalZoom, Disney Interactive, Thomson Reuters, The Annenberg Foundation and Warner Brothers; universities including UCLA, UCI and UCSB; and many Los Angeles-area creative and advertising agencies.

Training Scholarship Program

Our trainings aren’t just for big organizations, however. We want to help train as many people as possible, including unemployed job seekers and people in need, and help them become the developers, themers and architects of tomorrow. To this end, we started our training scholarship program in September.

In 2011, we gave away seats at our trainings worth more than $10,000 to our scholarship students and to local area Los Angeles Drupal user groups to raffle off at their meetups. This has been a tremendously rewarding experience for us and we look forward to doing more of the same in 2012.

Upcoming Trainings

Our first training of the new year is on Drupal Scalability and Performance and it’s at SANDcamp, the San Diego Drupal Camp, on January 26, 2012! If you’re interested in making Drupal go really fast, this training is for you. We’ll provide the servers you’ll get to optimize for performance and all you need to bring is your laptop.

We’re also working with the Drupal Association to bring their worldwide “Drupal in a day” training initiative to Los Angeles in February in an effort to introduce people to the Drupal project and solve the Drupal talent issue that many companies are facing. Follow @LarksLA on Twitter or Like Exaltation of Larks on Facebook to hear more about this initiative.

Request training in your area

In closing, are you interested in our trainings but aren’t able to make it to one of our public classes? Sometimes it’s easier and more cost-effective for us to come to you. We’ll even work with you and your team to tailor our curriculum to better fit your organization. Contact us to request training in your area and we’ll follow up with you:

Thanks, and we’re looking forward to seeing you in 2012!

Oct 21 2011
Oct 21

We’ve been working on a website that all of a sudden developed a really specific and annoying problem. After going to any page in the site, the page would load, then would instantly go to a white screen and sit there forever. This only happened to certain users, and was tough to duplicate from any of my dev environments.

Digging deeper, I found that the issue was with the Google Analytics conversion.js script, but only with circa version 3 Firefox and Safari, and it appeared that this issue came up as a result of some change on Google’s side — our site used to work fine with these browsers, then something changed and broke. The “white” page was loading a 1px-by-1px tracking pixel from Google, and inexplicably timing out on some request to an Adsense server.

Our site was loading the Adsense conversion tracking script in 3 situations — general browsing, and based on two specific user-conversion actions. The general browsing instance was handled by the Google Analytics module. We added the conversion tracking code in the “post-snippet code” to automatically add a reference to Google’s conversion.js script on every page. For the pre-historic browsers, that spelled a death-knell for the site.

Since the percentage of traffic from these browsers is fairly low, we decided to simply bypass the conversion tracking for those users, instead of trying to work any kind of fancier work-around.

The only issue to tackle at that point was handling the logic to selectively omit the conversion script based on the user’s browser/version. Since the conversion scripts were included in both PHP and JavaScript, I elected to use PHP to handle the inclusion logic, and use an AJAX callback for the JavaScript.

Implementing this wound up being a bit more of a pain than I’d hoped initially as several steps threw up little roadblocks, so I wanted to share some of my experience…

PHP Browser detection
Browser detection in PHP is pretty straight-forward — you can use the get_browser function, which requires you to download and configure an additional browscap.ini file in your server settings — this file just contains a bunch of browser name definitions that the get_browser module can use against the HTTP_USER_AGENT header to determine the user’s browser version and other info. You download the browscap.ini file to the server, set it up in php.ini as instructed with the browscap directive, and you’re good to go, right?

No.

For inexplicable reasons, in my local build of PHP, the browscap file worked just fine. On the server, however, it was a different story — the file wouldn’t parse correctly despite numerous attempts to rectify the situation. This likely had to do with slightly different OS platforms and PHP builds. Rather than fight the solution, I tracked down Chris Schuld’s PHP Browser Detection script. It was extremely easy to use, and required no changes to the server’s configuration, which is a help for those of you who may be dealing with shared hosting restrictions. I did have to put a slight piece of logic in-place to simplify the version number — Chris’ script displays the whole version number which can have multiple decimal points, so I added a split function and stripped out only the major version release.

Menu Callback
I set up a menu callback to return the result, TRUE or FALSE, and print it out in a JavaScript-readable format. Since this was a single value, there was no need to leverage JSON, so I just did a simple drupal_to_js($result);

JavaScript logic && Drupal.settings
I used a jQuery post construct to handle calling the ajax callback function.

$.post('/ajax/my_callback_url',
  function (msg) {
    //need to pass back result or set persistant variable accessible elsewhere
  });

Because of variable scope, I couldn’t just set a value inside the $.post function’s success function, nor could I return a value. In order to set a flag that was accessible to other JavaScripts, I leveraged Drupal.settings and set Drupal.settings.myModule.myVariableName = msg. That meant that anywhere else I needed to check the value, I could just reference the jQuery object.

Putting It All Together
I added the logic to the requisite places in-code and was successfully able to omit the conversion scripts for prehistoric browsers. Everything worked great, except…

Varnish — the secret nemesis
Since the site is running on a Varnish/Pressflow stack, I ran into an immediate issue that the AJAX callback page was getting pulled from cache, instead of correctly reporting if conversion scripts should be displayed on a specific browser-by-browser basis. In order to avoid this, I needed to instruct Varnish not to cache this page.

To do this simply edit the yoursite.vcl file, and add the following logic to the vcl_recv() function, which dictates initial handling of requests:

  if (req.url ~ "ajax/display_conversion_script") {
    return (pass);
  }

To be even fancier and simply instruct Varnish to not cache all AJAX pages, you can use wildcards in the VCL rule. It is not necessary in this site, but can be useful. Even better might be to set flags in the URL to dictate whether items should be cached or not — e.g. ajax-cacheable vs ajax-nocache, etc.

Discussing cache strategies and approaches is out of the scope of this (longwinded) article, so let’s table further discussion for now.

Finally
I put all the pieces together and everything finally worked. Happy ending to an annoying problem. I hope you found this information useful. Please add any questions or clarifications to the comments below.

Oct 17 2011
Oct 17

RESTful is the native API of web browsers. When you put some website’s address into a browser, that’s an implied REST expression called a “GET” of the resource at that address. In response to that GET request, the web server on the other end returns a web page. However, REST is much more than requesting the resource (data) at some address. Just like using any website, one is able to Create things, Retrieve them afterwards, perform Updates to them, and eventually Delete them. That Create -> Retrieve -> Update -> Delete cycle is called “doing CRUD” (really), and that in a nutshell is what creating and using a RESTful system is all about.

In the “early days” of the Internet, when someone wanted to make a printer or some other machine programmatically communicate over the Internet, more complex systems with names like SOAP, XMLRPC and AMF were used to handle that communication. Then around the year 2000, a smart guy named Roy Fielding pointed out that the web itself was an API and these complex systems were not only a bother to create and work through, but needless because what they were offering was already built into the web itself.

Now, Drupal is a content management framework whose essential purpose is to create a website of some sort. You are probably familiar with some websites including information from other websites, such as a Twitter feed or Facebook friend status. This including of other website’s information can be accomplished “the old, hard way” via scraping the page that normally shows this data, via SOAP/XMLRPC or that communicating of information can be accomplished “the new, shiny RESTful way” which takes less effort and by it’s nature is universally supported.

This is essentially machine-to-machine communications, and is how an iPhone/iPad/Android/game console/printer or virtually any other device communicates on the Internet. This is using REST.

The topic of our Developing RESTful Web Services and APIs class is how to use the new Services 3.0 module. Services 3.0 provides an API for Drupal module developers to create a REST API of their own design. Using Services it’s most basic level, one can install and enable a set of built in APIs that will allow remote programmatic administration of that website (thru secured authentication of course!) What I detail is the more ambitious creation of a series of programmatic resources, demonstrating how to create a useful API of the type that could support anything capable of programmatic control.

For example, you could have a site where you provide users “alerts” when items the users have shown interest become available. Additionally, those alerts can be seen on Facebook and in an iPhone app. Your Drupal site providing these alerts can use a custom module and Services to publish an example.com/alerts/uid API that the Facebook and iPhone apps use to manipulate that information. Using REST for this communication is more lightweight on your web server because the Facebook and iPhone app logic is able to request that information specifically, rather than an entire web page where they would scrape off the data they want, or get that information through the more complex SOAP or XMLRPC methods.

This is also how one could have a mobile and/or console game’s universal high scores and user community forums present in-game as well as simultaneously on the web. One could have a Drupal site using Services to publish an API for “doing CRUD” with high scores and interacting on the community forum. For the Drupal site, business as usual, but for the mobile and/or console game they are getting that data via a RESTful communication with the Drupal site. For the mobile and console game developers, this type of communication is easy. And through Services, it’s also easy for the Drupal developer.

Further, I use Services to create “custom on-demand digital products” at a Drupal/Ubercart store, with that on-demand creation taking place on a remote cloud server. I walk through how that is setup, and my architecture for scaling the environment should my custom digital products go viral.

And the best part, REST is how one creates Web Services. What are Web Services? They are the future of everything. Really. Remember up there where I mention machine to machine communication? Web Services are the creation and publishing of APIs to “do CRUD” with things that people care enough to pay real money for access. Such as access to commercially controlled data like music, movies, or even stock and bond research and trading. Web Services is taking REST and wrapping it in commercial activities. Some event venue could publish a ticketing API, and then charge ticket brokers for access. The list of possibilities are endless. And that list is expected to be how all commercial services in the future will be conducted. (Make your eyes really big when you read that last part :)

In summary, our Developing RESTful Web Services and APIs class covers how to create an API with Services 3.0, as well as how to support your API customers (who may not be using Drupal) (and who may be dumb as rocks) how to successfully use your site’s API.

At the class, I give out and walk through an API Shell, which took over a month to create. Next, students begin creating their own API with architectural guidance by myself and other Larks trainers. To facilitate this, an example API’s is step-by-step created, with time for the students to implement their component in their API as we go along. For individuals or groups with a specific project they are planning or have in development, a 3rd day of additional guidance and support is also available.

Oct 03 2011
Oct 03

To celebrate today’s release of Services 3.0 for Drupal 6 & 7, we sat down for an interview with Blake Senftner, a Services expert who is providing our Developing RESTful Services and Web APIs training in Los Angeles on November 3, 4 & 5.

We’re also offering 10% off this training: just use coupon code SERVICES10 at checkout. The discount code expires on October 15th.

Christefano: What was it that got you interested in Services?

Blake: Well, to be honest it’s because of Services and Drupal’s other APIs that I’m using Drupal at all. I come from a 3D animation background — I did both feature films and console video games — and I needed the ability to create Web APIs for a distributed computing environment for my own startup.

C: When was that?

B: I started working with Services 6.x and the XMLRPC Server, getting the first version of my distributed environment operating with that. It worked fine and I wasn’t looking forward to the move to RESTful until a buddy at Disney Interactive sat me down and explained REST to me.

With XMLRPC, you create remotely callable functions and the logic feels very “atomic” in that you’re doing one function at a time, with no “system” or architectural framework. Within a RESTful structure, though, you’re creating and working with “resources” — which are very much like objects in an object oriented sense. Where XMLRPC is working in data, REST works on “things” that have a complete CRUD lifecycle — create, review, update, and delete operations. Just that simple CRUD framework provides a structure that makes working in REST conceptually easier.

C: Give an example of how using REST makes things easier.

B: Okay, an example would be with my XMLRPC service, I had a function that could create a 3D model. That was all it did. The same thing in REST by default supports creating, editing, deleting and updating. Just because that comes with REST and is part of the concept of REST, you automatically think in lifecycle frames of references. With an XMLRPC, all you think of is “I just want this one item.” There’s no architecture in that. There’s no lifecycle in that.

Oh, I also had a client that saw my earlier XMLRPC API and wanted something exponentially more sophisticated. Envisioning that in XMLRPC was causing me to consider a CRUD framework for XMLRPC, but luckily my buddy at Disney had that talk with me. That’s why I switched to REST.

C: When did you start working with Services 3.x?

B: I was digging through the sources, examples and issue queue as soon as a usable 3.x version was available. That was probably around September or October of last year. There may have been working versions earlier than that, but that’s when I started. The maintainers of the Services project are amazing and overworked and I hope the training we’re doing helps alleviate their workload.

C: How long did it take you to get your first “hello world” working?

B: Oh, geez. [Blake checks his email.] It looks like it was just shy of 4 weeks before I had satisfactory handshaking and then another 6 weeks before I had a full CRUD resource working with Relationships, Actions, Targeted Actions, and Authentication. Of course, I was also developing my client’s project at the same time, but the Services work was a continual focus because we had so much riding on it working.

That’s a big reason behind my offering this training. I speak with Drupal developers all the time at my Droplabs co-working space, and very few of them have the time or clients with the vision to commit the time to learn Services. Services is the key behind offering “software as a service”, as well as backends for mobile apps and console games.

C: We’re really excited to be doing this training. What do developers need to know in advance, and what do they need to bring to the training when they sign up?

B: You probably need to know at minimum how to create a basic Drupal module. To make anything interesting, you probably want to know enough to create a Forms API-driven interaction. It could be creating a custom content type or anything that exposes forms from your module. If you know that, you have everything you need to jump into Services with gusto.

Bring a laptop with a local development installation or a way to remotely access a Drupal installation where you’re a server admin and can install and deploy modules. It can be Drupal 6 or Drupal 7. Your choice.

C: Thanks for answering all my questions!

B: Sure, I hope it’s helpful. I look forward to developing with you!

Exaltation of Larks is providing this 3-day training (2 days of classroom-style training with an optional third day of hands-on mentorship on student projects) on November 3, 4 & 5, 2011. If you have any questions, visit us at http://www.larks.la/training or contact us at trainings [at] larks [dot] la and we’ll be happy to talk with you. You can also call us at 888-LARKS-LA (855-527-5752) with any questions.

Sep 22 2011
Sep 22

Tomorrow is the last day of Summer but the Drupal training scene is as hot as ever. We’ve scheduled a number of trainings in Los Angeles this Fall that we’re excited to tell you about, and we’re happy to publicly announce our training assistance program.

First, though, we’re sending out discount codes on Twitter and Facebook. Follow @LarksLA on Twitter, like Exaltation of Larks on Facebook or sign up to our training newsletter at http://www.larks.la/training to get a 15% early bird discount* toward all our trainings!

Los Angeles Drupal trainings in October and November, 2011

Here are the trainings we’ve lined up. If you have any questions, visit us at http://www.larks.la/training or contact us at trainings [at] larks [dot] la and we’ll be happy to talk with you. You can also call us at 888-LARKS-LA (888-527-5752) with any questions.

Beginner trainings:

Intermediate training:

Advanced trainings:

All our trainings are $400 a day (1-day trainings are $400, 2-day trainings are $800, etc.). We’re excited about these trainings and hope you are, too. Here are some more details and descriptions.

Training details and descriptions

   Drupal Fundamentals
   October 31, 2011
   http://ex.tl/df7

Drupal Fundamentals is our introductory training that touches on nearly every aspect of the core Drupal framework and covers many must-have modules. By the end of the day, you’ll have created a Drupal site that looks and functions much like any you’ll see on the web today.

This training is for Drupal 7. For more information, visit http://ex.tl/sbd7

   Drupal Scalability and Performance
   October 31, 2011
   http://ex.tl/dsp1

In this advanced Drupal Scalability and Performance training, we’ll show you the best practices for running fast sites for a large volume of users. Starting with a blank Linux virtual server, we’ll work together through the setup, configuration and tuning of Drupal using Varnish, Pressflow, Apache, MySQL, Memcache and Apache Solr.

This training is for both Drupal 6 and Drupal 7. For more information, visit http://ex.tl/dsp1

   Drupal Architecture (Custom Content, Fields and Lists)
   November 1 & 2, 2011
   http://ex.tl/ccfl1

Drupal Architecture (Custom Content, Fields and Lists) is our intermediate training where we explore modules and configurations you can combine to build more customized systems using Drupal. You’ll create many examples of more advanced configurations and content displays using the popular Content Construction Kit (CCK) and Views modules.

This training is for Drupal 6. For more information, visit http://ex.tl/ccfl1

   Developing RESTful Web Services and APIs
   November 3, 4 & 5, 2011
   http://ex.tl/dwsa1

Offered for the first time in Southern California, Developing RESTful Web Services and APIs is an advanced 2-day training (with an optional third day of additional hands-on support) for those developers seeking accelerated understanding of exploiting Services 3.0 to its fullest. This is THE training you need if you’re using Drupal to create a backend for iPad, iPhone or Android applications.

This training covers both Drupal 6 and Drupal 7. For more information, visit
http://ex.tl/dwsa1

Training assistance program

In closing, we’d like to tell you about our training assistance program. For each class, we’re setting aside a limited number of seats for students, unemployed job seekers and people in need.

For more details about the program, contact us at trainings [at] larks [dot] la and we’ll be happy to talk with you. You can also call us at 888-LARKS-LA (888-527-5752) with any questions.

* Our early bird discount is not valid toward the Red Cross First Aid, CPR & AED training and 2-year certification that we’re organizing. It’s already being offered at nearly 33% off, so sign up today. You won’t regret it and you might even save someone’s life. ^

Aug 05 2011
Aug 05

Drupal Camp Los Angeles 2011 - August 6-7th This weekend, August 6-7th, we’re at University of California, Irvine (UCI) for DrupalCamp LA. This is our 4th DrupalCamp LA and this year we’re sponsoring, providing a pre-camp Site Building with Drupal training, at last count, presenting (and co-presenting) 12 sessions.

Exaltation of Larks’ executive team, including Lee Vodra, Cary Gordon and myself, Christefano, will be there with members of our team and close to 250 other attendees who are attending more than 50 presentations, activities and Birds of a Feather (BoF) sessions.

Here’s what we’re up to this weekend:

Pre-camp Training

Today’s pre-camp training is Site Building with Drupal 7 and we filled the classroom to its capacity. This training marks the first occasion that Chapter Three’s curriculum for Drupal 7 has been used in Southern California and the response was tremendously positive.

We’re already preparing to offer this training again in Los Angeles immediately following DrupalCamp LA. We’ll continue offering Drupal 6 trainings for the foreseeable future, too, but this class showed us that the community is hungry for more Drupal 7 training.

Sessions and BoFs

Oliver Seldman is leading our pre-camp training and is presenting, as well:

Steve Rifkin is presenting a number of sessions, participating on several panels, and is coordinating conference volunteers each day:

Lee Vodra and I will be leading a Drupal Coworking BoF and we’re looking forward to sharing the experiences we’ve had since founding Droplabs (the Drupal event and coworking space that Lee proposed during the opening announcements at DrupalCamp LA 2010) with 5 others in the LA Drupal community.

I have a few sessions and BoFs, as well, and I’m leading the Sunday code sprint:

Sponsoring

This is our 4th DrupalCamp LA and our 3rd time sponsoring. We’re very involved in local communities and sponsoring DrupalCamp LA this year was even easier than before. Since last year’s camp, the LA Drupal user group formed an unincorporated association and has its own bank account, managed by the LA Drupal Association.

Putting together a DrupalCamp is a lot of work and DrupalCamp LA 2011 is no different. I’m grateful to all the organizers, but especially to John Romine, this year’s lead organizer, sponsor liason and venue coordinator. John’s contributions have been invaluable, to say the least, and DrupalCamp LA 2011 wouldn’t be possible without him.

I have no doubt this will be another great camp. Drop by our sponsor booth and say hello!

Jun 01 2011
Jun 01

We’re offering Los Angeles Drupal and Drupal Association members a discount code that’s good toward our June trainings in Los Angeles. Use coupon code TRAINME and get 10% off!

These two trainings, Drupal in a Day and Drupal Module Development, are being offered by the Drupal experts at Exaltation of Larks and Chapter Three and will be taking place at Droplabs, a new Drupal event and coworking space in Downtown Los Angeles. Droplabs was created this year for and by members of the LA Drupal community.

Here’s what we have coming up in June in Los Angeles:

   Drupal in a Day
   June 20th, 2011
   http://ex.tl/diad-june-20

This introductory workshop will touch upon almost every aspect of the core Drupal framework:

  • Discover how to add, edit, and moderate content.
  • Learn how to create user accounts and understand Drupal’s permissions system.
  • See how to set-up menus, and position blocks on a page.
  • Create human-readable URLs, and categorize your content using Drupal’s taxonomy system.

Drupal in a Day is on June 20th, 2011, and is $400. At the end of this one-day class you’ll have a completed Drupal site, which looks and functions a lot like many sites you’ll see on the web today!

   Drupal Module Development
   June 21-23rd, 2011
   http://ex.tl/dmd-june-21-23

This three-day workshop teaches you how to create a comprehensive Drupal module. We’ll use and explain each of the top ten Drupal hooks, the menu system and the Form API. You’ll learn how to conform to Drupal coding standards. You’ll write secure code by using Drupal’s built-in functions to sanitize data for display.

You’ll learn the correct way to save and retrieve data, including how to add your own custom database tables. We’ll also practice using theme system from your module. Depending on interest, we’ll show you how to expose your custom data to Views, demonstrate how to create SimpleTests for your module, or teach you the proper way to upgrade your custom database schema.

What you will learn:

  • Drupal coding best practices
  • Understanding hooks
  • Using the Form API
  • Saving custom data
  • Providing themable output from your module
  • Techniques for keeping your site secure

Drupal Module Development is on June 21-23rd, 2011, and is $1200. Enroll today, and if you’re a member of Los Angeles Drupal or the Drupal Association you can use coupon code TRAINME to get 10% off!

We’re excited about these trainings and hope to see you there. If you have any questions, contact us at trainings [at] larks [dot] la or visit us at http://www.larks.la/training

Mar 23 2011
Mar 23

DrupalCon is a Mecca for thousands of companies and individuals that call the Drupal community home and, naturally, several of the Larks attended DrupalCon Chicago earlier this month.

We’re very involved in our local and global professional communities and we participated at DrupalCon Chicago on several levels, from volunteering to organizing to presenting.

Sessions and BoFs (birds of a feather sessions)

Rain Breaw, who heads up our Drupal training program, presented to a filled auditorium on Views Demystified, a Drupal 7 update to her immensely popular session from DrupalCamp LA and DrupalCon San Francisco. Rain was also a DrupalCon volunteer and you may have seen her at conference registration.

Also at the conference was our Director of Business Development, Cary Gordon. Cary is a Board Member of the Drupal Association, the organization dedicated to Drupal’s funding, promotion and infrastructure, and he has been working to help build the Association’s professional events team. You may have seen Cary at the Library BoFs (I and II), the Domain Access BoF and several of the Core Conversations sessions.

As for myself, I co-presented on Building Successful Local Communities: Insights and Best Practices. I also participated in the DrupalCamp Organizing Round Table, where I shared how the Los Angeles Drupal community, already one of the largest Drupal user groups in the world, is dealing with the growing pains of nearly doubling in size in less than a year.

Drupal Fit: Drupal’s fitness movement and support group

For fun, I participated with dozens of others in the Drupal Fit BoF that ran throughout the entire conference. Drupal and fitness might sound like an unusual combination, but as Dries Buytaert, Drupal’s creator and project lead, once told me, “We want the Drupal community to be fit so that we make better open source software.”

During the conference, I recorded several new Drupal Fit interviews that will shine the spotlight on members of the community who are focused on getting and staying fit.

Looking to the future

DrupalCon is one of our favorite events and DrupalCon Chicago was no different. This time, DrupalCon felt like another turning point for the Drupal community. As Rudyard Kipling once said, “I have struck a city — a real city — and they call it Chicago,” and DrupalCon Chicago has without a doubt left a similar impression on everyone who attended and exhibited.

See you at the next DrupalCon at DrupalCon London!

Nov 30 2010
Nov 30

A few days ago, Exaltation of Larks celebrated its 5th anniversary. It’s been an exciting five years, and it doesn’t go without saying that we wouldn’t have gotten this far without the outstanding clients, colleagues and talented developers, designers and themers we’ve had the pleasure of working with.

In the United States, we recently observed the Thanksgiving holiday, and our 5th anniversary is a perfect time to take a moment and express our gratitude to everyone who helped us get to where we are today.

From small opportunities to great enterprises

Our first Drupal client was the Center for Bits and Atoms (CBA) at the MIT Media Lab. The CBA is best known for Neil Gershenfeld’s FabLab program, which freely shares its open source recipe for workshops built around rapid prototyping tools like laser cutters and 3D milling machines.

The site we built helped unite MIT’s numerous FabLabs around the world and included online courseware, a busy discussion forum, project photo galleries and a downloads section for the open source hardware drivers related tools. It was also the Media Lab’s first Drupal site.

We enjoyed working with the CBA and were inspired by its vibrant culture of experimentation, high technology, modular design and open source software. We value those principles more than ever today.

Doing things that haven’t been done before

We like technical challenges and one project that we’re particularly fond of was successfully integrating a third-party facial recognition library with Drupal. Multifactor authentication systems aren’t new, but we were the first to build a biometric/facial recognition login system for Drupal.

We demonstrated this technology at a Boston Drupal meetup and a video of that presentation is included below. It is also available on blip.tv in several video formats.

Looking back at that project, it’s clear that we were helping Drupal break new ground and didn’t even realize it at the time.

Taking Drupal in new directions

Another highpoint of ours was building Digital Dollhouse, for which we used Drupal to build a virtual world complete with an enormous catalog of virtual items that could be moved around in real-time in a 3D playarea. During the project, part of our team temporarily relocated to Los Angeles, California, where we worked directly with the brilliant Jesyca Durchin and David Schnepp at Digital Playspace.

This opportunity also opened up casual gaming and virtual worlds as new areas of expertise for us, which included perfecting our tools for creating and maintaining virtual economies with Drupal. This was recently covered in one of Lullabot’s podcasts, which features our work with virtual currencies in Drupal.

One of the unexpected developments of working on Digital Dollhouse was that by temporarily relocating our team from Boston, several of the Larks stayed and opened our West Coast office in Los Angeles.

Our community initiatives

Exaltation of Larks has been busy this year in Southern California and we’ve been major sponsors of LA Drupal’s DrupalCamp LA, Git with Drupal 7, Drupal Everywhere, the upcoming Drupal Design Camp LA conference, and countless LA Drupal meetups. We enjoy giving back to Drupal, which has given us so much, and we make an effort to help local community members build their Drupal skills and develop as leaders themselves.

Looking forward to the next five years

As we continue the usual development and design work that we’re known for, we’re also expanding into the training arena early next year. We are partnering with Chapter Three and are organizing trainings that coincide with SandCamp (the San Diego Drupal Camp) and Drupal Design Camp LA. We’ll be publishing our official training schedule in the weeks ahead.

The first five years have been exciting, challenging and nothing if not a lot of fun. Here’s to the next five years!

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web