Oh The Huge Manatee

Drupal, Sysadminning, and Tech.

Drupalgeddon: Best Practices Aren’t Good Enough Anymore

Last week’s Public Service Announcement from the Drupal security team caused a lot of attention. And rightfully so – it told us that the vast majority of Drupal 7 sites around the world are considered compromised. A mere 7 hours after critical security patch SA-CORE-2014-005 was released, robots were spotted in the wild, bulk-hacking Drupal 7 sites with this vulnerability. This is something that’s never happened to the Drupal community before, and it is extremely serious. In some way it’s our own version of Heartbleed and other highly-publicized critical vulnerabilities in open source software.

This issue should not reflect badly on the Drupal community, or the Drupal product at all. Vulnerabilities happen to every software project – particularly the large and compl…

Mobile Apps Are a Temporary Phase, All Hail the Accessible Web

Dries made an interesting post about the new HTML5 standard the other day. OK, the post itself is more of an announcement, but the meat (as far as I’m concerned) is near the end, where he says that “The trend in development seems to be towards native mobile applications rather than mobile websites.” He links to the excellent Mobile is Eating the World presentation by Benedict Evans as evidence.

Really? Because while I agree with Evans that mobile in general is the future, I don’t see it as evidence that mobile apps, specifically, are the future. In fact I believe the contrary: mobile apps are just a phase. Mobile web is going to eat the world, and it’s because of the capacity for a single source to provide machine-readable, machine-reformattable content.

What do I mean by machine-readable and machine-reformattable? Technologists will understand what I mean when I say “responsive”, and they may even understand that responsive and accessible go hand in hand. I am avoiding those terms because they are more specific …

Bug: Multilingual Auto Label Will Break Your Entity Static Cache

This is an important one to note: If you use the popular Automatic Entity Label module on a multilingual site, it will break your paths because of an interaction with Drupal’s built in object cache. I looked at this briefly a few months ago and ran out of time, but my (badass) colleague bburg figured it out this week.

For now, the only solution is a slow one – we clear static entity caches when we generate multilingual titles. That’s not an awesome fix, but it’s hard to think of a better one without any of the D8 cache tagging functionality. Massive kudos to bburg for figuring this out!

And for those of you keeping score, this is a good example of how to file a bug report for a really complex issue in a really popular module… and follow up until you resolve it.

D8 Core Sprint in DC

A quick note to all the Drupalists in the DC general area – Forum One is trying to put together a D8 core sprint in their DC office space. They’re coordinating with the DC Meetup group to try and spread the word to as many community members as possible!

If you haven’t been to a code sprint before, it’s basically a coding party. Developers get together and help each other contribute better and faster by reviewing code on the spot, mentoring each other, and generally working in small ad-hoc groups. It’s a lot of fun, and gives a big boost to development of the next generation of Drupal.

Forum One will provide the locale in downtown DC complete with…

How to Configure Authcache on Drupal 7

So you have authenticated user traffic you want to cache? Good – you’re on the right post. This post is a walk through for caching content for authenticated users in Drupal 7. We will be using the Authcache suite of modules. If you haven’t read it yet, I strongly recommend you check out my last post, Authenticated User Caching Concepts in Drupal 7.

Our goal is a simple authenticated user caching system based on Authcache’s AJAX implementation, with a Memcached backend. We will serve pages…

Authenticated User Caching Concepts in Drupal 7

Drupal has a wide variety of highly effective solutions for caching anonymous user content. The typical setup is APC, Memcached or Redis, and Varnish in front, and this can easily serve thousands of concurrent anonymous users. There is excellent documentation out there discussing this kind of simple caching.

But what about authenticated users? You can cache elements of the page using a method like Render cache, Entity Cache, or Views Content Cache. But Drupal still has to assemble each page for your users, a relatively heavy operation! If you want to address hundreds or thousands of authenticated users, you’re simply SOL by these traditional approaches.

Enter the Auth Cache suite of modules. Though this project has been around for quite some time,…

Drupal Superheroes: ASSEMBLE!

Drop Signal Regular Drupalcon attendees know that the opening pre-keynote session is one of the highlights of the con. That’s the session where we welcome everyone to the con with stupid jokes, some well known Drupalists, and a lot of fun. This year is going to be especially good – and we need your help!

The evil Lord Over Engineering is threatening to delay the release of the CMS, which we need to save the world! The only way to stop him is to assemble the greatest force of Drupal superheroes ever assembled! Can the heroes save the day? Can we manage to make the final git push? You’ll have to be there to find out!

“If you only get up early once during DrupalCon, this is the morning to do it. And hey, at least you’ll get better seats for my keynote right after.” — Dries

In Prague we ha…

Drupalcamp Helsinki Takes on the World

Last weekend I got to keynote Drupalcamp Helsinki with my friend and often-collaborator, scaragucc – and what a great camp it was! Organizer Lauri Eskola deserves tremendous credit for taking this camp to the next level. They doubled their attendance from last year, attracted positive attention from some great notables in the global Drupal world, and got their local community energized to engage more. At all the various after parties there were frequent toasts of “one of the best Drupalcamps in the world!”

Lauri and I met at the last Drupal Dev Days event, in Szeged. That was also hailed as an example of a hugely successful Drupal event, and he took the lessons from their in-depth report to heart. To be fair, the local volunteers and sponsors also …

How to Recover Photos and Data From a Keylocked Android Phone

Recently a good friend of mine passed away suddenly. Her family asked me to recover her photos and videos from her computer and android phone. The computer was easy enough, but the android phone posed a real problem. It had a keylock enabled, and USB debugging disabled. There was no external SD card to pull out, which meant that all the photos were stored on the internal memory. The phone was a totally stock Samsung Galaxy S3 mini. With a lot of reading, I worked out a way to get a data dump from her phone without having to bypass the keylock.

1) Get Clockworkmod Recovery

Clockworkmod recovery is a familiar tool to anyone who has ever rooted their Android phone or installed a custom ROM. I run my own phone on Cyanogenmod, so I knew the broad strokes of how to install and use it. If you haven’t done this before: your Android device actually has several partitions on it for various kinds of data. Your device actually has several different boot “modes”, which are activated by various key combinations on startup. One of the boot modes, “recovery”, is specifically there to allow critica…