Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough
Mar 14 2006
Mar 14

New versions of Drupal are out for the 4.5.x, the 4.6.x and the 4.7.0-beta branches which fix 4 (in words: four) security issues from four different categories, namely: access control bypassing, cross-site scripting, session fixation, and mail header injection.

Upgrade now!

Warning: If you're using 4.5.x, the patches for DRUPAL-SA-2006-003 will not fix the security issue immediately. You have two options: a) upgrade to 4.6.6 instead of 4.5.8, or b) upgrade to PHP >= 4.3.2.

Mar 10 2006
Mar 10

Rumor is spreading of some sort of new analytics tool from the blogging experts over at Performancing. This tool utilizes Drupal and is designed specifically for bloggers. It's a tool similar to others like Google Analytics and Sitemeter. What makes it different is that it is designed to track blogs specifically. Read more about it at Performancing, Problogger and Code Professor.

Mar 07 2006
Mar 07

Had to delete the xmlrpc.php file that come with Drupal because my host was getting slammed by hack attempts - some successful, some not. The naughty installation was 4.3.3 and I have since upgraded to the 4.6.5 version. (Gee, how did that one slip by?) Should be safe now...

In any event, I have been asked very nicely to not upload these files in the future. Will comply... As a result, Drupal ID logins are now disabled at my website.

However, it took me a while to figure out that this file was also related to the Drupal ID login feature, not just the website directory ping. That's not really clear in the documentation. Here I am making a fool of myself trying to login in to the Drupal Sites directory.

Mar 01 2006
Mar 01

John Stahl recently gave me some heat for my assertion that Elgg should be built on top of Drupal.

I think that the next few years are going to bring tremendous challenges for applications that do not easily communicate with other applications that are “outside their platform” i.e are written using a different language/framework, run on a different server, etc....The days of monolithic application stacks that try to do everything are fading fast. A new “network-centric” software ecosystem is starting to bloom.

This is wishful thinking. I've spent much of the past few years puzzling over this exact question. While I am personally very much a proponent of web standards and web services I am pessimistic as to how much immediate impact they will have in the evolving marketplace of non-profit/ngo & advocay web technology services.


I didn't always think this way. If you told me a year and a half ago that I would be hawking CivicSpace/Drupal as the über-platform that could meet virtually every need of any size organization I would have told you you were nuts....

After the Dean campaign ended and we started work on CivicSpace our assumptions were:

  • Drupal wouldn't be able to "scale" to meet the needs of large organizations
  • We would not be able to develop the platform quick enough to meet all the core needs of organizations any time soon
  • We would integrate third party service providers to fill the functionality gap organizations required

Then some interesting and unexpected things happened:

  • It turned out Drupal could scale
  • CiviCRM showed up and filled the functionality gap
  • Lots of vendors established quickly growing businesses servicing the technology. The top half dozen firms now employ ~ 50 people between them and each are looking to hire.

This reshaped my thinking on the future of the web-technology marketplace quite a bit. We have an immediate opportunity to commodify the core web-technology organizations need to a single integrated and scalable open-source application stack and this is a very good thing for the marketplace. Over the next few years I believe the advantages afforded by this stack of technology (CS/Drupal/CiviCRM) will far outweigh the benifits realized by the integration of applications accross web-services in terms of costs saved and passed on to technology owners and innovations in technology and services.

Integration accross web-services and web-standards is relatively costly

  • Web applications that are not built from the ground up to be integrated will never play nicely with one another. Let me repeat: if an open-source application is not built to be integrated with your web-application it probably isn't worth the effort to try to integrate it. This renders 95%+ of open-source web applications useless for those looking to leverage the work of other communities.
  • If an application has a strong API it is still tricky to integrate. Even integrating with CiviCRM, an application that was built from the ground up to interface with CMS's and shares the same web-app environment as Drupal, it costs us 2-10X more to integrate with it than it does to integrate with a standard Drupal module.
  • The most cutting edge private sector web-service and web-standards are not that advanced. We still don't have workable single sign-on solution, the cutting edge of semantic information interchange across the web is to embed it in XHTML, the hottest API's from SalesForce and Flickr haven't made much of a dent in the marketplace, and please don't get me started on the semantic web.

The market currently prefers a single integrated stack

  • The majority of the market for web-technology services is owned by companies like Kintera, GetActive, and Convio that serve as one-stop shops for virtualy all an organizations web-technology needs. They have trained technology owners to make purchasing decisions under the assumption that they can cut a check to a single entity that will provide and support a complete "solution". I.E. there is not much point to shopping around for "best of breed" services to integrate, "just give us your business and all your technology problems will go away". This creates an uphill battle in the marketplace for vendors selling what will be seen as "piecemail" solutions created by amassing various web-technology providers products across web-services.
  • There are huge unanswered usability concerns created by integrating together two different applications. This is espcially felt in functionality that is presented to an organization's contituents. Technology owners demand a seamless user-experience across their user facing application space (CMS, event tools, community tools, etc). In the future as more and more functionality moves out of the back-office and onto the web these concerns will only increase.
  • Open-Source vendors eat costs when integrating third party services, mantaining integration, and licensing software, so they have economic incentives to service a complete pre-integrated stack of technology instead of servicing a suite of other providers products integrated over web-services.

The future of the application stack and the role I think webservices will play

I hope and expect that in the next year the CS/CiviCRM/Drupal stack will evolve to a point where it can compete head on with the likes of Kintera, GetActive, and Convio. When this happens open-source vendors will grow into full blown ASP's that will be able to sell services that undercut the current market of proprietary service providers and will be able to grow downmarket to smaller organizations and horizontally to for-profits with overlapping technology needs. With so many organizations and vendors based on the same codebase it will create a very efficient marketplace that supports application development and services. It will also open up the marketplace to anyone wishing to specialize their services towards a vertical, sell data services, or offer 'best of breed' applications. Since the majority of the vendors business will be based entirely around customization and hosting / support and not licensing fees to support product development and sales, they will be much more likely to partner with 3rd party providers or create specialized services themselves. Over time as web-standards evolve the third party services and specialization will grow increasingly important in the marketplace. And then we can all live happily ever after....

Feb 21 2006
Feb 21

Russell Beattie figures out MySpace, in component terms. Funny how every sentence of his reminded me of a specific Drupal module that provides that feature.

Then of course, we’re not counting the sentences that talk about hotties and risque photographs. I don’t think there’s a module (yet) to provide that.

Feb 14 2006
Feb 14

The Yahoo! UI people just opened up their widget library, complete with graded browser support. Hmm. Maybe we would use the calendar widget for the Drupal archive.

Jan 31 2006
Jan 31

Recent versions of Drupal have the oh-so-cool feature that allows you to host many websites off a single Drupal codebase. The coolest part about this is that you can share some tables accross multiple websites; which means you can do things like have a single username/password table accross all the websites. This can easily be done, as specified in the settings.php comments as:

* $db_prefix = array( * 'default' => 'main_', * 'users' => 'shared_', * 'sessions' => 'shared_', * 'role' => 'shared_', * 'authmap' => 'shared_', * 'sequences' => 'shared_', * );

Now here’s an important thing to note: The first table you have to share is the sequences table. This is the table that handles all the id counters, so if you don’t share this one, something like this can happen:

[you shared only the users table]

1. User 1 signs up on Site A, gets user id#1
2. User 2 signs up on Site A, gets user id#2
3. User 3 signs up on Site B, gets user id#….? The correct answer is not 3!

This happens because you didn’t share sequences… Site B uses it’s own sequence generator to render a duplicate userid… which the user table would not accept, and this would go on till the Site B sequence catches up with the Site A sequence, and then things would be normal. The code quality in user.module helps protect the user table from data corruption, but you will have many signups disappear into thin air with a set up like this. Hence, all you need to do is share the sequences table along with the users… and you’re all set!

Btw, hello Planet people!

Jan 30 2006
Jan 30

FINALLY finished the captcha.module for drupal. This is ONLY a first draft, lots of improvements to happen. Features:
* ability to protect any drupal form
* captcha API – make your own challenge response! (math and image are included in package)

(use cvs checkout to get)

Jan 25 2006
Jan 25

I've spent the last 40 work hours or more trying to figure out how to get Drupal to display a right side bar box that says "Ann's Class - 4th Grade." It gives one pause. 40 hours? Forty hours? Well, er, yes. But that's what happens when you get sucked in by a program like Drupal. You're fascinated and intrigued—then challenged and stimulated—and finally, wild-eyed, defiant and obsessed with beating the damn thing at its own... Ah-hm. So anyway, there I was, side-bar-boxless. I tried displaying bits of the post information from node.tpl.php in a custom block, and actually got a little box that said "Ann's Class - 4th Grade," as nice as you please. Problem was it continued to say that on Mary's 3rd grade class pages and Joann's 2nd grade section. It was back to the drawing board. I tried snippets, taxonomy modules, and a number of hacks of Taxonomy Context. I wrangled and wrestled code, ripping it out here and jamming in it there, and after all that work, I still didn't have a box that would display correctly on the various sections of the site. Oh, I had a box. I even had the text I wanted. I just couldn't get the text to display in the box. I ask you, what was a girl to do? That's right. I cheated. At pretty much the end of my tether—and way past my rudimentary knowledge of PHP—I popped open the CSS file, gave the box a little padding to prop it open, and absolutely positioned the text from one side of the page to the other. Job done. Yet even as I grinned and wiped my hands with satisfaction, I found myself glancing around a little furtively. Would anyone notice? Would anyone realize that my clever coding was nothing more than a clumsy, cloddish PHP fake? A CSS imposter. A pile of smelly coding do-do. I considered going back to the module and trying again to hack it into shape. But the memory was still too fresh. The pain too recent. I would live with it. Shamefully, yes, but I would get by. Then this afternoon on the drive to pick up the kids from school, I suddenly realized that CSS had, once again, come to my rescue. And who was I to spit in the eye of a champion? Maybe a PHP purist would rather slit her wrists than hack a script with CSS. But so what? I bet a PHP purist knows a lot of PHP, too. In my world, a hack is a hack is a hack. And until I can learn to harness the power of Drupal and PHP, the power of CSS will just have to do.

Jan 20 2006
Jan 20

Has anyone ever put


up at the top of their Drupal template page.tpl.php? If I were to print my var_dump source, it would be 181 pages. Granted when you var_dump $GLOBALS, there is some recursion, but that still seems like a lot of variable generation.

I can think of a couple things to do, namely more aggressive unset use, more discouraged use of the global keyword, or just putting to RAM what is actually needed.

AFAIK, Drupal loads every variable stored in the database to memory on every page load. I hope I'm wrong about that. It seems to me like a properly indexed database would be quicker if it only pulled variables it needed on every page load plus what a specific module needs for its operation. Someone should benchmark (which will probably end up being me if I want to know the answer) to see if storing Drupal core vars as a serialized string would be faster to unserialize or to pull from several database rows.

Is it an issue? I can't tell from just the preliminary var_dump output, but perhaps spending some time with APD will uncover some waste I can submit a patch for. I doubt developers are spending a lot of time comparing alternative scripting implementations for speed improvement.

Jan 17 2006
Jan 17

I have recently converted a few article "groups" into books. I basically went through certain taxonomy lists and used the "outline" tab for each one to add it to a top-level book page. The result that I found was that I got a much higher percentage of click-throughs with the book navigation than from a taxonomy listing.

Drupal Book Navigation

Taxonomy Listings are Boring?

The original reason for converting from a listing to a book was because a client of mine was unhappy with the "text heavy" appearance of the listing - she wanted the feel of a portfolio. I had a hunch that the book module might be the answer when I noted that another area of the same website (Wedding Packages), which was a book, was doing well. Meaning that over half of the visitors were navigating from beginning to end.

Book Module to the Rescue!

So I converted the Wedding Gallery to a book. See the before and after here:

Everyone Seems to Love Drupal Books...

The client and her staff reported that they thought it was now "fun" to click through the pages. Visitors seemed to like it as well and the traffic through the Galley increased. It was so successful that I grouped a several of my articles book-style:

Jan 11 2006
Jan 11

The new year has started and, with it, my resolve to find time for this blog. Between keeping up with clients and trying to spend more time with the family, this site got put on the back burner. Also, I have to admit I was tired of writing it—a little bored with reading and writing, talking and thinking so much about CSS. I needed a break from it.

Don't get me wrong. I still love CSS. (Yes, I actually typed those words. Can you believe it?) And I still think web standards are important. In fact, the more I learn about the web, the more convinced I am that they're crucial. I just felt that was all I was writing about. The web doesn't need another Jeffery Zeldman wannabe. Not when it has the real thing.

So, I needed a hiatus from the blog. I needed something new. And boy, did I get it! I can tell you in one word: Drupal. However, since I'm constitutionally unable to be brief, I'll elaborate. One thing I've noticed this past year is the increasing prominence of content management systems, or CMS. Most large sites and a lot of small ones use some sort of CMS. This blog runs on one, Moveable Type. They seem to be everywhere. But MT has been my only experience with CMS. Up until now I knew nothing about them. They sounded complicated and scary. A little out of my league. So, of course, I had to find out all about them.

But where to start? Then I read somewhere that Drupal was the most difficult but also the most configurable of all the open source CMS. Well, that clinched it. The word configurable has always been a favorite of mine—ranks right up there with mod, plugin and hack. If you ask me, there's not much that's more fun or fascinating than fiddling with a program to see what you can get it to do. What can I say? It's a personality flaw. The inner geek in me struggling to come out.

So I downloaded Drupal and spent a week picking over the files, completely bewildered and lost. Drupal is written in PHP, which I don't know, and that certainly didn't help. So I bought a book or two on PHP, got on the Drupal forums and read the manuals from cover to cover. Slowly I began to make sense of the program, and I have to tell you, I am thoroughly impressed. In fact, I'm hooked. Drupal is powerful, well-designed and highly customizable. Yes, the learning curve is a little higher. But once you get over that hurdle, there's not much you can't do with Drupal. And you don't have to do it completely alone. The support forums are pretty helpful, and the documentation is superb.

By the Way

You may have noticed the change in the subtitle of this blog. I've only been in professional web design for a year now, but "breaking in" just didn't feel right anymore. I'll always be a newbie. I just can't resist trying and learning about all the new stuff that pops up on the web every 3 minutes or so. But I don't feel as new to the web, itself, anymore. After all, I've been casually playing around with web design for almost ten years—and taking it seriously for one. I've got my web legs now. But there will always be a new regions to explore and discover...as long as there is someone to think them up.

Jan 10 2006
Jan 10

Just a quick note: Drupal 4.7.0 beta 3 is available now, fixing more than 100 bugs since the last beta. If you have any further issues or suggestions for 4.7 — now is the time to speak up, file bug reports, post patches etc.

I haven't had too much time for Drupal development recently, but I guess I should really start updating the poormanscron module now (finally!) and help with getting the German translation up-to-date...

Jan 08 2006
Jan 08

I recently made my first cron contrib module for Drupal, DB Maintenance. Since the DB Maintenance OPTIMIZE TABLE query locks the database tables it queries, I don't want just anyone to access cron.php anymore. The restriction I added was for the Apache .htaccess file that manages the clean URL rewrite rule.

<Files cron.php>
  Order deny,allow
  Allow from
  Deny from all
</Files> is the current IP address of deekayen.net, which is needed instead of when you run cron.php with lynx or wget as the documentation strongly suggests, which means isn't the remote IP when Apache receives the request. I only put in so in the future, if I need to access from localhost for some reason, I can.

Jan 07 2006
Jan 07

Langemark's Cafe is Gunnar Langemark's personal/professional website. It syndicates content with a focus on Information Architecture, Semantic Web, Web2.0, User Experience - and Drupal!

Langemarks Cafe - Drupal Information

He features quite a bit of Drupal related news, inlcuding this story mentioning Advanced Web Design. Thank you, Gunnar!

As you would expect, his website is powered by our friend Drupal. His Drupal category has an XML feed available for those who are interested.

Jan 07 2006
Jan 07

After I was back from a short vacation without Internet access, I was surprised to see a post by Robert Douglass titled "Uwe Hermann's Drupal article in PHP Solutions is out" on the drupal.org main page. At that point I didn't even know that the article had been published ;-)

Robert wrote a short review of the article which outlines the main content. In contrast to my last article which was a general introduction to Drupal, this one concentrated on some specific (probably more advanced) topics instead: multi-site install, l10n+i18n, search engine optimization, and AJAX(-like) user interfaces of the upcoming Drupal 4.7 release.

The printed article should be available in multiple languages (German, French, Polish and Italian, at least). There might be a free online version as soon as the next issue of PHP Solutions is published, but I'm not entirely sure.

Thanks a lot to Robert Douglass for the review and to Drupal's Benevolent Dictator for Life Dries Buytaert who reviewed an early draft of my article and provided helpful suggestions!

Jan 04 2006
Jan 04
Posted by chx on 4 Jan 2006 at 16:15 UTC

Someone under the pseudonym "Liz0ziM" sent a false security alarm to BugTraq without first contacting the security team:


This vulnerability is fixed in Drupal 4.5.6, 4.6.4 and onwards. Drupal's new XSS filter mechanism takes care of all vulnerabilities listed on http://ha.ckers.org/xss.html (and even more).

If you have already updated to at least 4.5.6 / 4.6.4 then you are safe and you do not need to take any action. If you have not updated yet, then we advise you again to do so ASAP.

Dec 21 2005
Dec 21

CNet is running a story about GoodStorm, a site built on Drupal and the open source ecommerce package I authored. Very impressive indeed! Way to go Team GoodStorm.

Dec 13 2005
Dec 13

Yay. Ruby on Rails 1.0 has been released 39 minutes ago. I will probably check it out for real now (although I usually use Drupal for web development work, of course).

They sure have some funny quotes on their website ;-)

“Ruby on Rails is astounding. Using it is like watching a kung-fu movie,
where a dozen bad-ass frameworks prepare to beat up the little newcomer
only to be handed their asses in a variety of imaginative ways.”
--Nathan Torkington, O'Reilly Program Chair for OSCON

Dec 01 2005
Dec 01

You might have already noticed, but I'll re-iterate nevertheless: the Drupal project has released Drupal 4.6.4 and 4.5.6 which fix three security vulnerabilities. Everyone running a Drupal site is advised to upgrade, as always.

Multiple people were mighty busy yesterday preparing, finalizing and testing the patches and advisories. I was one of them, although I was more like lurking around trying to look busy ;-) Anyways, I have sent the respective advisories (DRUPAL-SA-2005-007, DRUPAL-SA-2005-008, DRUPAL-SA-2005-009) to the "usual suspects" today: Bugtraq, Full Disclosure, and the php-sec mailing list. The advisories have already been picked up by Secunia and a bunch of other security sites...

Btw: I finally received news that my domain was transferred to my new web hoster today, which led to a short downtime. Everything should be fine now. If you notice any problems, please drop me a note.

Oct 24 2005
Oct 24

I never thought I'd be doing what I'm doing right now. I'm at work in my underwear, pillow marks on my face and am eating breakfast while posting a blog entry. Yup. I'm a work-at-home freelancer now.

There's nothing about my university job I didn't like. My peers were great to work with and had a real collaborative spirit. I had a kick-ass office that allowed my inner-introvert to hide and crank out Drupal code. And of course the job security and benefits would make any family man sleep soundly at night. So why the job change?

Last weekend Cori and I jumped in the car and saw our friend Stuart once again rock the inner chambers of the Omaha Healing Arts Center. If you've never seen Stuart play, besides performing he'll purposefully and obviously try to connect with you during the show. He doesn't stare up at the ceiling or close his eyes when he plays. He looks at the audience. He looks at you.

During the performance all I could think about was here's a dude who's living the way he wants to live: intentionally and aligned with the Bodhisattva vows. It blows me away when I think of the courage it takes to sometimes perform in a bar full of drunk people and sing songs of mysticism and love. That's some serious Buddha nuts.

Which leads me back to my resignation from the university. Sure my job has the tangible perks but I want to be closer to the Mystery. I want my heart to be as happy as the rest of me was at the day job.

So, here I go. Into less comfortable territory but with more conviction then I've had before. Let's see what unfolds, shall we?

Oct 22 2005
Oct 22

Here's a bunch of smaller updates which probably don't warrant extra blog posts, but might be interesting nevertheless:

  • On the right-hand side of my homepage you now have three new blocks which should simplify site navigation. Each contains a weighted list of tags (tag clouds) for my blog, my podcast, and my photoblog, powered by Drupal's tagadelic module. Of course, the "traditional" navigation menu is still there.
  • There's also an RSS feed for comments on this site now, courtesy to Drupal's Comment RSS module.
  • On the lower left-hand side of my homepage, there's another new block. It shows where the visitors of my site come from in (almost) realtime. This is a service provided by MapStats (I already talked about it earlier).
  • I have uploaded updated versions of my bashrc, vimrc, and muttrc config files.
  • My podcast is now listed in iTunes (thanks Daniel Reutter for adding it). You can subscribe by clicking on this button: Subscribe to my podcast in iTunes!. The amount of people who subscribe to my podcast have almost doubled, figures went up from 30 subscribers to more than 50 today! If you're reading this and subscribed through iTunes: thanks ;)
  • My video iPod will (probably) be shipped on October 31, and it'll take a few more days until it arrives. Arghh, /me wants it now!
Oct 06 2005
Oct 06

The annual report from usability expert Jakob Nielsen:

  1. Legibility Problems
  2. Non-Standard Links
  3. Flash
  4. Content That's Not Written for the Web
  5. Bad Search
  6. Browser Incompatibility
  7. Cumbersome Forms
  8. No Contact Information or Other Company Info
  9. Frozen Layouts with Fixed Page Widths
  10. Inadequate Photo Enlargement

I agree with all of them, especially number 3 (Flash). I'm starting to like most of the AJAX sites popping up around me, but I have yet to find a Flash site which I really like.

Oct 01 2005
Oct 01

Green Leaves
Two Flowers

Bear in mind, I'm no professional photographer or something — I just happen to own a crappy 1.3 MegaPixel camera and take photos with it from time to time.

The photoblog is (again) implemented with/on my existing Drupal site by abusing the taxonomy system.

Comments are welcome.

Sep 15 2005
Sep 15

Yesterday, I launched my own podcast (I had threatened to do so earlier). In an unsurpassed effort of creativity I named it Uwe Hermann's Music Podcast ;) This is a pure music podcast (no talking / ranting by me), featuring freely available (mostly Creative Commons licensed) music from various artists and various genres, see my announcement for details.

On the technical side, I have integrated the podcast into my existing website and blog (which is powered by Drupal 4.6.3). The podcasting was possible almost out-of-the-box (as most things are, if you use Drupal). I only applied this small patch which creates an <enclosure> tag for every MP3 to which I link in the respective node. I use the standard "blog" node type to create the podcast entries, put them all in the category "Uwe Hermann's Music Podcast" which I have aliased to http://www.hermann-uwe.de/podcast. The RSS feed for the podcast is simply the standard Drupal feed for that category, which I aliased to http://www.hermann-uwe.de/podcast/rss.xml. Simple, eh?

As I only link to external MP3s that's all I need. If you want to create your own recordings for your podcast, I recommend the audio module by Colin Brumelle of Bryght.

Of course, as I based the podcast on Drupal, you can comment on any podcast "show", refer to them via trackback etc. etc.

I'm eager to hear your opinions, comments and suggestions. Oh, and please feel free to suggest free music which you like. If I like it too, I'll happily play it ;)

Sep 14 2005
Sep 14

A lot of people have already blogged about the new Planet Drupal. It's about time to get my act together and blog about it, too.

I have been submitting a few patches for Drupal's aggregator module recently and working closely together with Dries (Drupal's Benevolent Dictator for Life) to create the planet. He mercilessly reviewed (and applied!) my patches, commented on my ideas and suggested lots of improvements. Without him the planet wouldn't be here today.

As I already stated in the original announcement, we run the planet using Drupal, of course (dogfood etc.), and not the (otherwise quite nice) PlanetPlanet, which most other planets use.

The now improved aggregator module is capable to create a Planet site like Planet Drupal in a few minutes and mostly out-of-the-box, requiring no changes to the code. There are a few minor issues which we need to sort out, but the Planet is there now, and you can subscribe to it in any RSS feed reader.

Sep 03 2005
Sep 03

Ingoldesstat-finden Logo

I have recently built a homepage (based on Drupal, of course) for quite an interesting not-for-profit project called Ingoldesstat-finden.

Some history background:

A document of Charlemagne ( or Charles the Great) from 806 mentions for the first time a "Kammergut" (estate) he owned, namely Ingoldesstat — which later became the city Ingolstadt (not too far away from Munich). Yes, that's the Ingolstadt you know from Mary Shelley's novel Frankenstein. Ingolstadt will celebrate the 1200th "birthday" in 2006...

The project:

The aim of the archaeological project Ingoldesstat-finden is to find the exact place where the first settlers of Ingolstadt lived. Some recent findings indicate that the original Ingoldesstat was not where the city center is today...

The project, lead by Hans Strobl, has many volunteer participants, ranging from archaeologists, historians, art restorers, designers, photographers, videographers and — finally — a computer science student who created their website ;-)

There's a photo gallery which documents the excavations, findings, activities and people behind the project. I also set up a group blog so that all people involved can blog about what they do... It was a lot of fun for me to work with these people to get the site up and running and I'm curious how it will develop — my hope is that it will become a lively site with lots of discussions.

The thing that fascinates me most about this project is that so many citizens of Ingolstadt take part, help with excavations, wash findings, take photos etc. etc. I'll probably also take part in some of the archaeological stuff in the future. Expect to see me "digging in the dirt" soon, in the truest sense of the word ;-)

Aug 27 2005
Aug 27

drupal.org has moved to new servers today. After a short downtime the site was up again and faster than ever.

As I reported earlier, Drupal asked for donations for new server hardware. And received them. Lots of them. The server move today was the first step to put that money to good use. More will follow.

Aug 22 2005
Aug 22

I played a bit with the colors of my blog theme. I'm no usabiliy expert, but I think it's a bit cleaner now and looks better.

Please report if I have broken something.

Aug 17 2005
Aug 17

I cleaned up my blog a bit, today (various smaller updates, removed spam comments and trackbacks from my moderation queue etc.). While I was at it, I also tried some new Drupal modules:

Funny new stuff. Tell me how you like it.

Aug 15 2005
Aug 15

Everyone using Drupal should upgrade ASAP to the new Drupal 4.6.3 (or 4.5.5 if you're running 4.5.x), as a serious security vulnerability has been found in the third-party XML-RPC library Drupal ships with. I sent the security advisory to Full-Disclosure, Bugtraq and the phpsec mailing lists, so hopefully everyone will notice and upgrade.

Aug 09 2005
Aug 09

I released a first version of my Drupal security.module yesterday. The module is sort of an intrusion detection system for Drupal sites. It helps the site admin to check and ensure the security of his Drupal installation. Read my original announcement for more details.

The code is in ALPHA stage, so don't expect everything to work, yet.

Jul 14 2005
Jul 14

Drupal Donations Thanks Poster

Lots of good news for the Drupal project:

The future looks bright...

Jul 10 2005
Jul 10

The Drupal website has been down for two days now. They haven't received a response from support and hence cannot fix it (sounds familiar to me).

On the long run, Drupal will migrate to the Open Source Lab (OSL) which offers lots of services and already hosts many popular Open Source projects like Mozilla, Apache, and Debian.

To be able to do this, they need a new server (free rack space and bandwidth are provided by OSL) for which they are seeking donations now.
It's also planned to create a non-profit organization which will hold the funds, so the donations will be tax-deductible...

Jul 03 2005
Jul 03

The Bryght guys (a bunch of very competent Drupal developers) seem to have a lot of fun while coding...

Jul 01 2005
Jul 01

As most of you probably noticed, the design and structure of my homepage and my blog changed quite a bit a few days ago.
That was me upgrading to Drupal 4.6.1, which makes my life a lot easier, has a bunch of new features (e.g. my blog now has del.icio.us-like tags) and bugfixes, and most importantly fixes a serious security issue.

Two days ago I tried to help a bit with the new Drupal 4.6.2 release, which mainly fixes two major security problems. The first one is an issue with incorrect input validation, resulting in the DRUPAL-SA-2005-002 security advisory. The second one fixes a problem in the XML-RPC library shipped with Drupal (and Wordpress, and PostNuke, and...), resulting in DRUPAL-SA-2005-003.
It was quite a fun experience for me, the release was coordinated and discussed on IRC, we had lots of peer-review of the advisories and release-announcement, testing the patches etc. Thanks to all who participated and made this such a great experience.

Jun 24 2005
Jun 24

Woah, three of the modules I've written for Drupal are among the top 12 downloaded modules.

May 05 2005
May 05

I'm happy to announce that my (German) Drupal article has now been translated (not by me) and will be published tomorrow in Issue 55 of the (English) Linux Magazine.

It doesn't appear to be available online, unfortunately.


About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web