Planet Drupal

Better Sleep Through Web Security

Drupalgeddon - image courtesy of Fuse Interactive This Thursday I'm presenting on Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

It's at the beautiful Fuller Theological Seminary in Pasadena, California, and there's a video conference for those who can't attend in person. The meeting is from 6-8pm Pacific Time and we'll launch into the security talk after some quick intros and raffle prizes.

It's been about a year since I last gave a talk on internet security and the recent Heartbleed, Shellshock and POODLE (and now the "Drupalgeddon" vulnerabilities that hit the mainstream news in Forbes, the BBC and The Register), have prompted me to dust off my slides and update them for some of the internet security threats we face today.

This particular presentation goes into some detail about the "Drupalgeddon" vulnerability, officially known as SA-CORE-2014-005. It allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control. Scary stuff.

I hope you can join me. If you haven't heard of Drupal or aren't interested in general web application security, you can skip this one (unless, of course, you just like the sound of my voice). If, however, you make websites for either fun or profit, this is a great chance to get up to speed on some security best practices, including common attack vectors, what to do if your site gets hacked, and the the differences between security and privacy.

Coders with a Cause

Next month I'll be co-presenting at a conference for non-profits on the Coders with a Cause program we started at Droplabs, the coworking space and business incubator I co-founded in 2011. One of the subjects is on "community barn raisings" and how we work to harness the good will and technical expertise of our software developer community to aid non-profits who are in need of those resources.

If you're unfamiliar with the "barn raising" term, I'll get to that in a minute.

This presentation is just one session among many at the conference, but it's on a topic that's very close to my heart. I'd like for this presentation to cover as much as possible within its allotted time and I'm requesting input, ideas, questions — and even answers from everyone reading this — to make the session the best it can be.

Save me, I'm going to GLADCamp!

GLADCamp, the Greater Los Angeles Drupal Camp, is coming up in a couple weeks and I'm helping organize a couple events that make up the conference program. I'm incredibly excited, and at the same time I'm feeling like I might be going out of my mind.

Depending on where you are or how far you're willing to go, this kind of event just doesn't happen very often (if at all). We have a non-profit summit, a job fair, an employers summit, a barn raising for a non-profit and our first-ever website performance speed competition.

That's in addition to a general DrupalCamp with keynotes, sessions, BoFs, trainings and code sprints.

GLADCamp finds a home

GLADCamp, the Greater Los Angeles Drupal Camp, has found a home at the Hilton Pasadena in Pasadena, California, and is March 7-9, 2014. I posted a report of the site visit to the venue earlier this month, but the ink on the contracts is only now just drying.

For anyone who knows of GLADCamp's brief history, this has been a very long road for the conference and our organizing team. Coming to an agreement with the Hilton Pasadena is a large milestone for us. Now that both the venue and the dates are set, we can begin planning our our general conference dedicated to all things Drupal.

Finding a replacement

With the "digital nomads" breakout session at DrupalCon Portland still on my mind, I came across an intriguing blog post today by Nithin Coca about the "rise and fall" of Couchsurfing. For me, one of the big takeaways from reading the post is I learned that went commercial last year. Nithin Coca's argument is that as a result of its commercialization, its business model makes room for "quantity over quality" and the site and its community has gone downhill.

Introducing Feedmine

There are plenty of website feedback collection services like GetSatisfaction, but for me they've always been… unsatisfactory. If you already have a ticketing system for your project, why use yet another tool and segregate your content across multiple services?

Today I'd like to introduce a new tool to enter the fray: Feedmine. It's designed for businesses and organizations who already use Drupal and Redmine and don't want or need another system to manage.


Subscribe to RSS - Planet Drupal