Category: conference notes

Posted on

Web Services

Oh dear, heavy accent. Which is fine, but will definitely take some extra effort to attend to.

SOAP? Really? Not REST? (Not that I know much about either.)

Anything with bulk changes. Is this where the “bug all page managers” thing I want to do comes in?

Oh….also could use it to create a form elsewhere and then turn the submissions into assets. I guess this is the thing that I was thinking about for calendar and/or catalog.

hmmm…authentication piece could be tricky. (remembering the issues with publish sets.) create a “web services” user? guy sittingร‚ย  next to me said they do something like that.

idea: drupal module for writing to cascade? are there soap-related modules?!

so every time something gets edited in the CMD (for example) it also gets sent to Cascade AND published. No PHP. Automatic URLs/Page Titles. I think you could even do the preview with that technique. Maybe.

Mind blown.

And now I have a slightly better idea of how SOAP works in PHP, which seems a lot like how Ajax stuff works in JS.

Posted on

Template XSLT Formats

Trying to decide whether I’ll want to knit during this session. (And whether I want to go to the next one at all. Neither one is really calling to me.) Transforming one kind of XHTML into another XHTML? oh, hold on: this means i could make the content talk to the navigation so I could do that “you are here” thing I’ve been wanting, WITHOUT js. conditional js, based on what the content is. maybe obviates some things i’ve looked at content types to do. I did take out my knitting, tho I’ve had to stop a couple of times. this is pretty stony, now that he’s getting into it, but he started with a lot of talking about talking. start-root-code THIS. this is what i wanted to do all along. but wait: does this mean you have to put the content into the asset format as actual stuff? “[div id=”hideBodyId”]special[/div]” – how odd. but the 2nd format removes those. could you put a definition list in the first format? that would be super nerdy. www.iu.edu/~pagriet/csuc12/ oh, now I get it: you attach a format to the template in the template editing interface. (a really basic thing that was confusing me the whole time.) lightbulb just came on for reals. instead of all ids – “hideTitle” “hideBreadcrumbs” or “showBreadcrumbs” – use classes “hide” and “show” and then ids (or definition list) to know which thing.

Posted on

Roadmap Session

I’ve never actually been to a conference for a specific vendor. It’s weird to see a presentation that includes how they moved into new offices.

Still wondering what exactly it means for Cascade to have “full HTML5 support” — does that just mean that you can use new tags in content without them being stripped out?

Yep, this is the talk talk talk blah blah blah session I thought it might be.

Topic-based user groups.

Oh hey, the KB might suck less.

Huh, this is actually still just the welcome, not the roadmap. The actual roadmap session might be better?

…which starts…now.

“the engineers are the employees with beards”

so no women, then?

this is probably the sort of session where I ought to be knitting instead of writing snarky journal entries or tweets, mostly so I don’t miss stuff.

“modules are a little vague” – adding functions w/out so much coding? no idea what he’s talking about.

focusing on usability. hrmph. but they’re talking about it as “features” and not so much as “omg working in this makes me want to yell at something.”

Auto-saving drafts. On the one hand: I love that in WordPress. OTOH: I gather drafts have caused horrible disasters.

All of this contextual editing is great, I guess, but what I really want is for someone to be on the actual website, and when they see something that needs fixing, be able to click a button and jump to the right spot in the CMS.

Customizing the toolbar! I was going to see if I could hack into that myself. ๐Ÿ™‚ And the equivalent of content/tag filters in Drupal. (No, you CAN’T create an h1, rather than making it look ugly and they don’t understand why.)

o look: an automatic report that would’ve let us know about that thing that was probably broken for 6 months.

site-wide link check! that’s actually pretty cool. per-asset link check on publish? should already exist, but does that include external or just internal? should look that up.

I think Susan might especially appreciate some of the reports stuff.

more about modules:

Guy in front of me is looking at info about contribute. Hilarious.

twitter feeds module. oh dear, I think that means my recent very

built-in image sliders. I wonder if that’s going to suffer from the same problems as all the carousel etc modules in Drupal, which meant tha I ended up preferring getting Views to generate a list and then including the cycle lite jquery plugin in the theme.

“give users the ability to create these things” — oh wait, that’s basically the same thing as the image gallery thing I built this summer? :\

any ARIA support?

ways to indicate that an image is “decorative” rather than meaningful.

“only a single h1 element” — but if using headers, sections, articles, is that still best practice?

so there’s an accessibility checker? where’s that? but apparently it only checks the asset’s content?

ARIA in TinyMCE. that’s kinda cool.

50% of site redesigns of projects they work on are including response. apparently session tomorrow abt mobile will be focused on RWD, so maybe I will go.

looking at better support for HTML5 Boilerplate, Twitter Bootstrap, etc. looking to export some of their services projects to Github, sites that you could actually just import into a site. Innnnnteresting.

ah, one of the HH employees just responded to the single snarky tweet that I hashtagged. #awkward

SO MANY things we can’t do until we convert to “Sites”. Dammit.

Two minutes left, in theory.

Seriously, I’m beginning to hate the term “user” when referring to people who do stuff inside a CMS. (this isn’t a Cascade complaint specifically.) How hard is it to call people authors, editors, or managers?

Also, the word “blast” in re marketing can die in a fire. (email, facebook post, whatever. DIAF.)

Gah, missed a bunch about performance improvements while copying (some) of that into tweets. Whoops.

Posted on

Cascade User Conference liveblogging

Hey, it’s conference blogging! I haven’t done this in here in a while; when I went to PNW Drupal Summit last year, I was trying to move everything to my “Web Generalist” blog. But I’ve pretty much shuttered that, so now it’s here.

For my loyal readers: Cascade Server is a content management system (CMS) used at The Evergreen State College. Its care, feeding, and spiffy new web features built with it are my job. I’m at the vendor’s annual user conference in Atlanta, GA — where I’ve never been before — to learn more, get ideas, and meet people.

I’m not totally suffering on EDT, mostly because I stayed up all Saturday night before my flight on Sunday. (D&D Saturday until 11ish, airport shuttle at 3:45, so packing & watching Zoolander twice kept me going through the night. Which meant I was exhausted enough to go to bed at 7:30(?) last night, and wake up not too long before my normal alarm time.)

Posted on

drupal to-do

Here’s a list, in order from my PNW Drupal Summit notes, of some things I’d like to do/learn/try:

answer 1 support request a day (in install support forum?).

make progress on one issue per day. (views or another module you know well) mark duplicate, answer support request, etc.

when you learn something new, document it as you go.

/contribute – places to jump in. but she prefers /community-initiatives. highlights things that are important.

irc

git

try D7, possibly for the feedreader pet project

documentation patches, “novice” tag

look into D7 multigroup issues

themekey: re-read code of the alternate themes, also just try reinstalling at next update.

review ALL the tips in the server optimization notes.

try yslow

idea: create map/app of walking tour brochure. experiment with map of recreation facilities (see maps notes, also http://github.com/tylor/quickmaps)

create a personal/site issue queue: view ads ctr counting, quickrates loan issue, ecard

write blog post about drupal/enterprise and/or “year with drupal” (see JK keynote notes)

upgrade to webforms 3 [notes]; write bolt-on module to connect with campaign monitor. if ENA goes to Drupal use webform for membership signup.

drush.

try login_security

look at role_delegation for intranet?

“scrum” meetings in our department: what you did, what you will do, what’s blocking you – under 15 mins total meeting

features & context, for real this time.

web widget for rates?

Posted on

deploy webinar

since I’m still in drupal mode, and in note-taking mode….

missed a chunk for a phone call.

I’m still really intrigued by deploy, generally speaking.

important to note that there’s a bunch of stuff that needs to be turned on in the live site.

sessionid authentication: how does it work?

[I REALLY need to move the awards section to a totally different site. For reals.]

have to manage site title by hand after deploying. so would it be most appropriate to run during the OMG EARLY updates? not so great for regular content updates. hm.

[to go on the to-do list, for the 987th time: drush.]

what? cck fields can be difficult? o.O wondering what 3rd party modules are problematic.

what’s left to do for deploy to get out of dev? well, he does want to get it done before leaving for sweden, so that’s something.

seen in irc: “You could set the $site_name in the settings.php file in the $conf array”

no cck3 support, does that also mean existing multigroups? (multigroups are a BFD for me.)

oh, am I remembering correctly that services requires PHP5.2? hrm.

argh, all this is way too distracting! not just the webinar window & audio, but IRC, the usual distractions of the web, and the usual noises of the office.

ah, of course PHP’s implementation of uuid isn’t actually standard. :\

and zooooom, went over my head. I’ve got lots of other things on my list, I think deploy will, alas, have to continue to wait.

Posted on

open gardens

about.opengardenproj.org

research tools that they would like to make

putting technological & non-tech people.

alphabet as organizing projects

alphabet garden: a real garden, someone who works for civic actions. blogging about the garden by letter, then starting over after Z, facilitating community storytelling – aha! give people prompts to get themselves going.

command line = chef knife (I would love to be able to take a command line 101 class)

codelandstorytimecollective.org

she’s a museum person! background in explaining science – how can that be done with technology?

explaining memory links & garbage collection using bunnies. inspired by commoncraft videos

resource sharing technologies

mapping!

vozmob

fun games with git, “cubby holes” – “nobody wants to waste their time learning something useless”

human internet game – using real people to act out aspects of the internet. “what’s going on behind the beachball” (oh, freegeek chicago)

web-based irc – and using chat, skype, etc to talk about what was going on with irc.

chach is very enthusiastic, but this is a little drifty.

“spot-check” on individual learning projects.

jing – free cross-platform for making screencasts – free is 5 mins/200mb only, but that’s actually a plus, makes you condense. takes 1-2 hrs to make a really good 2-5 mins vid.

“lab hours”

she just jumped past the concept of “neutral space” – wonder what’s that about.

I wonder if we should have “scrum” meetings in our department: what you did, what you will do, what’s blocking you – under 15 mins total meeting.

to be honest, I think I got more out of the conversation we had hanging out in the lobby.

web widgets module – embed drupal content on another site – gives you a script to use on wordpress, etc, tho not facebook

http://garden.localbiology.org/

about 50 people involved – 10 learners – plus mentors, etc. just about the right size for a single main teacher.

where from here:

she’s delightful but rambly!

http://www.drumbeat.org/festival

http://github.com/chachasikes/opengarden

Posted on

security

evil robots, scripts.

wow, unfiltered xss put site in maint mode, changed password, locked out of site.

48% of security advisories for drupal are XSS (core & contrib)

[note to self for webform/campaign monitor integration: suggestion from prev presenter to create submodule based on webformphp]

71% of sites tested by whitehat have xss vulnerabilities.

a month of bugs…only 1 was really severe, about half were xss, more moderate.

changing the default input format. (done. actually, I think my default is a plain text version.) better formats module, which I’m using, and like a lot. html purifier module for use w/wysiwyg.

unsafe: script, object, embed, style, iframe, img (maybe: can be used as a vector for other attacks; don’t use for anon users) – but other tags can run into problems, whitelist is better.

dangerous permissions: administer… filters, users, permissions, content types, site configuration, views. “least privilege” side benefit: makes the interface much simpler for those users.

devel module – anon permission to execute php. (an actual live .edu site. jeez.) “I swear it was that way when I found it”

same criteria you’d use to evaluate the quality of a module can be used to evaluate security of the module. indirect & subjective, but a good starting place.

University of Pennsylvania “drupal approved modules” – staff who have audited the code, no guarantees, but has been reviewed.

coder module will give information about use of coding standards, another way of judging attention to detail. someone’s working on an add-on “secure code review”

xsrf – request forgery – anytime where visiting a page does something…potential flaw – if you see big crazy number (token) at the end, that’s good. (same sort of thing happens in ob.)

test for access bypass, with a variety of roles and permissions: what features still work if logged out? a flaw in code may allow inappropriate access: node access control + filefield – private node files could still be accessed as if public.

securepages – oh, our apache config is already set up for that (redirect to ssl version) – but has some maintenance issues

password_policy or password_strength

role_delegation – moderator can give moderator access to others, w/out full admin users permission

video_filter – safe way to post youtube, etc. w/out allowing script. difference from mfield?

adminrole – which I’m using and really like. (I turn the admin user off most of the time.)

always test updates before going live. drush pm-update. all updates w/single command – time-saver! read the advisories: not all issues apply to everybody.

crackingdrupal.com, owasp.org

discussion of password security, expiration, enforcing strong passwords. greggles talked about false sense of security about strong passwords, better to work on detecting brute force attacks. (there’s a module for the latter, login_security)

Posted on

forms

webform 3

“now more abusable than ever!”

oh, he’s one of the using drupal co-authors. (get book signed? ๐Ÿ™‚ )

pnwsummit coupon code thru next week. (might have to talk to matt abt that)

doesn’t use entities in D7 – database tables issue. nor fields (ie CCK)

trying to remember what my really weird webforms use-case was. chat survey?

was looking bleak about a year ago: more than 650 open issues, but all better now! scaled back the scope of webform 3. still lots of people on webform 2.

conditional fields! yay. “choose your own adventure”

save draft of form and resume later. (works for anon, but that disables caching for that user; interesting discussion of edge/use cases)

can multiple have webform-enabled content types

“basic” views support – eg, listing of submissions – but not yet listings of submitted data, patch has it working. (I think the latter is what I had trouble with, and had to write some custom php for.)

better data integrity, harder to break by end users. oh, like the problem with changing values of locations for holidays.

form builder integration did NOT happen, there’s a project – visual interface – too much work, but may include backwards (????)

lots of API stuff. include ability to create dynamic select lists.

was it webform that I wrote custom stuff for to talk to campaign monitor?

options moved to step 2, so as to not stuff everything into regular node form.

email config is in its own tab – who gets the email. includes template options for the actual email text. handy. template option not yet fully developed.

and then a separate tab for all those options.

(what about upgrading existing forms?)

CSV doesn’t support UTF-8? huh. nice: Excel format is just TSV with .xls extension. ๐Ÿ™‚

separate receipt template for multiple recipients

mimemail module – can send html email & attachments. oh, so then webform can email attachments!

webform will automatically use date popup module if it’s turned on. lots of other modules that if you turn them on, more options automatically appear in webform.

page breaks. conditional logic. and conditional logic WITH page breaks. whee!

“select or other” module – that works too. (all this stuff is listed on the module page)

integration between pay module and webform – example of a donation form. very cool. way easier than doing something with ubercart.

ah, someone else who ran into “oh, hey, canada is a different country!” problem.

Posted on

keynote – Josh Koenig

what’s up with the “losing your hair” theme?

the theme also of “playing together”

graph of technology adoption.

“the enterprise” – long terms, have tech staff, have existing tech that they’re committed to keeping. risk-averse. concerned with downtime, bugs, security. and all the enterprise sites he just showed are all drupal.

case study, but can’t tell some specifics…including the name of the company. 22 content types, 16 modules, etc., etc. (we have 29 content types, altho a couple aren’t actually used.)

have a plan! (imagine that.) views, blocks, menus, etc. – being consistent with what to use where. pick naming conventions, do it consistently. (damn straight.) export as much as possible – features, core exportables. config in code, which gets into maintainability. have to use version control. hudson/selenium (testing tools? lost track for a sec) aegir, drush. need to figure out drush.

“make the robots do the f’ng work” using code instead of ui.

scaling. no longer a crazy unknown thing.

project mgmt, biggest challenge.

able to fund drupal improvements via enterprise client. panels inplace editor. interesting. hmmmm. (actually, that’s EXACTLY what C has been talking about wanting to do with a site.)

hurdles: sales, and interestingly acquia is helping with this because they have a sales staff; scope creep, esp because may not know what’s easy & what’s hard; multiple stakeholders, don’t know who’s the boss, dealing with issues that have nothing to do with you/the project. Platform requirements, moving outside your comfort zone, esp mentions MS issues. “The Pager” – uptime requirements, someone avail as emergency contact.

“this is already a big thing for them” minimize other newness.

human challenges > technical challenges. (all problems are social.)

tool: hudson, automated testing (java), selenium for browsing testing, coder.module. (also goes with one of my other pet theories: let the computers do the part they’re good at.)

aegirproject.org – automated building.

his new thing: pantheon, platform, high performance, best practice git – “trying to build the robots” http://getpantheon.com/ (I’m wondering if I should use something like this or Drupal Gardens to build out my test intranet. Way easier than what I’ve been trying to do!)

I think I have a blog post in me about this stuff, being in a (smallish) enterprise.

warning about only talking to the people that you know “uid ain’t nothin’ but a number” – most intelligent creative people may have just walked into the room; continue to be welcoming.

bring our ideals into the enterprise.

oh, or I might do a post about a year with Drupal. (not unlike my “year with Xtracycle” post!)

Q&A

“going to agile is as big a change as going with drupal” – “do one new thing at a time on a project” – but doing agile (or whatever) internally, with him as the interface with the customer in their process.