walkah: drupal

The third annual Drupal Camp Toronto event is coming soon. On Friday May 23rd and Saturday May 24th join the Toronto Drupal Users Group in celebrating two days of Drupal at the University of Toronto!

We're putting together an exciting event this year. We have John Resig coming to talk about jQuery and ActiveState will be giving away prize packages. Plus we'll have two full days of information - tips, tricks, case studies and howtos. Make sure to register soon! We already have over 100 people signed up!

Also, we are actively seeking both speakers and sponsors. Propose a session or contact us if you're interested in sponsoring or have other questions.

Hope to see you there!

Summer is coming - which means it's time for Google's Summer of Code. This is the fourth year of the project (and the fourth year that Drupal has been involved). We continue to be one of Google's favourite open source projects this year grabbing 21 spots - which means a $105,000 investment in Drupal development this summer!

I'm excited as this will be my third year as a mentor and my project this year will be OpenID Attribute Exchange support for Drupal. Attribute Exchange is one of the next important pieces in digital identity and one that I'm pretty excited about. My student, Anshu Prateek, has shown a lot of enthusiasm. I think it's gonna be a good summer!

I know it's late notice, but I'll be hosting a free workshop tomorrow night, April 2nd at 7pm as part of the PHUG + RMI free workshops.

For those of you here in Toronto that are unaware, PHUG is the new local PHP User Group. They have a lot of momentum and are an exciting group - I look forward to more collaboration in the future betweeh PHUG and DUG-TO.

The workshop will be Drupal Basics - a crash course in everyone's favourite CMS. We'll look at the core Drupal concepts, how building sites in Drupal works, and some basic theming tricks.

It's a free event, but space is limited so please register. Looking forward to meeting some new faces!

UPDATE: P.S. this isn't an April Fool's joke ;)

Dries finally took the wraps off his other new Drupal related venture: Mollom.

I've been amongst the beta testers on mollom (I'm uid #8!) for a long time now, here on this blog and with some other projects. I have to say, it's impressive. It's sort of like Akismet but has some interesting goals that are slightly different. The key is in calling it "content monitoring" rather than just "spam blocking" (which it already does effectively). Think: high powered moderation tools - with network intelligence.

Congrats, Dries, on another one! (When do you sleep?!)

With almost a week gone by since I left Boston, it's high time to do a quick recap of DrupalCon Boston 2008. Despite spending most of the week battling a nasty stomach flu, making two trips to the Apple Store in Cambridge, and being without my laptop (which suffered a failed keyboard and trackpad), I had a great time and want to offer my congrats to the organizing team for a solid event!

Although I took part in 6 sessions, I only presented one of them on my own: OpenID and Identity in Drupal. I was pleased with how the session went - packed room with lots of great feedback and discussion. For those interested, check out the slides on slideshare.

Otherwise, it was really great to see all the old faces and meet some new ones. For anyone who missed it, the Acquia party was a blast (Orbit rocks!). Looking forward to the next!

Good Morning, Boston! We're just an hour away from getting this thing rolling - it's gonna be a crazy week. Here's the sessions where you'll be able to find me:

• Drupal Multimedia
• OpenID and Identity in Drupal: the future of user.module
• Drupal Security - Best Practices and Process Discussion
• Zen and the Art of Drupal
• Fast Company Case Study
• The Drupal Association Panel
• Drupal Podcast Live

I'll be doing updates here and from twitter. Don't forget to follow walkah :)

Here we go again! One week from today, DrupalCon Boston 2008 will get underway. For the 3rd straight conference, I'll be doing a session on OpenID in Drupal:

OpenID and Identity in Drupal: the future of user.module

Those of you who have attended my OpenID talks at previous DrupalCons should definitely come out to this one, as I would like to dive a bit deeper into roadmapping future changes, additions and directions for the code as well as touching on rolling out OpenID support across the Drupal.org infrastructure itself. I'd also like to discuss additions and changes to user.module that will better accommodate alternate authentication mechanisms.

Can't wait to see you there! Oh, and yes, I'll bring my socks ;-)

Picking through my email and RSS on a Sunday afternoon, I noticed that jabber.org has finally relaunched using Drupal! I think this is exciting, as it brings together two of my favourite technologies.

I've been peripherally involved in the XSF/jabber.org Drupal initiatives for a few years now. While I wasn't as closely involved in this site launch as I'd hoped to be (due to time constraints), they've definitely got my support and I hope to help this initiative continue to grow!

Congrats Peter and team!

There have been reports that Harvard recently had a Joomla! based website compromised, and the database contents have been made available via BitTorrent. Of interest - the compromise was apparently via the usage of an insecure password. From the Torrent Freak article:

A file included with the release labeled password.txt carries a message:

Thomas gatton….stupid people, you don’t use a secure password

While it's not entirely clear whether it was an insecure system password or an insecure Joomla! password used - it does highlight an important aspect of security.

Ensuring that you write secure code is only (a small) part of the security problem. With our recent Drupal 6.0 release, we have tried to incorporate several changes to help our users be more secure:

• Password strength checker: when selecting a password now in Drupal, users are advised when their passwords are "weak". Encouraging tougher to crack/guess passwords particularly for admin and privileged users.
• OpenID support: Even a strong (hard to guess / crack) password can be compromised by a clever attacker if you consistently log in without SSL (i.e. when you're at that internet cafe). Also, remembering several (hundreds!) of complicated, strong passwords can be daunting and frequently leads to poor password choices. By including OpenID authentication support, Drupal users and administrators no longer have to remember passwords to every site they administer. They can use their OpenID - which in turn can implement stronger authentication methods to limit potential vulnerabilities. Development Seed has a great article on how they use OpenID to avoid sharing passwords for admin accounts.
• Update module: One of the biggest security challenges is keeping you site up to date. Drupal sites tend to be a combination of Drupal core and several (10 - 50) contributed modules - keeping them all up to date is a complicated task. It's also a crucial security precaution.

The point being: writing secure code is one thing, but there is a much trickier, critical task in educating users and administrators. It's something we're working towards within the Drupal Security Team and within the community in general. We're not done yet, and welcome your feedback and suggestions!

Happy Valentine's Day everyone! I case you hadn't heard, Drupal 6.0 has finally been released! It's been just over a year since our last major release and, while it feels sort of like an eternity, there is a *ton* of great stuff in this new release.

I'm really proud to have helped contribute OpenID support (relying party) to this release - the first step in a larger plan to put (keep?) Drupal at the front of the digital identity curve. Those interested in hearing more, check out my OpenID session at DrupalCon.

There's a ton of other great new stuff in 6: Update module (if you haven't used update status in Drupal 5 - you should), revamped i18n support, and Drag 'n' Drop everywhere (Nate, you're a rockstar)!

Drupal, be mine. :-*