Drupal4Gov Half-Day Security Session

Mid last month, Dave Stoline and I presented the Security session at the Drupal4Gov half day event at OPM. The PDF of the slides is attached here. Dave focused on common security vulnerabilities and working with the Drupal Security Team while I talked about security related trends like the use of a separate edit domain and HTTPS everywhere.

Web.config as a honeypot

One of my clients has started using a automated security scanning tool to regularly crawl their Drupal site looking for vulnerabilities. In their first run of the tool, it identified only one issue: a "predictable resource location" vulnerability based on the presence of the web.config file in the Drupal docroot.

The Conflicted Developer

"The only thing that saves us from the bureaucracy is inefficiency.
An efficient bureaucracy is the greatest threat to liberty."

- Eugene McCarthy

What does the White House's Executive Order mean for Open Government

I wrote the following piece after looking into the Executive Order on Open Data. The original is published at https://www.acquia.com/blog/what-does-white-houses-executive-order-mean-...

How to Determine Which Nodes Are Using Pathauto Paths

Recently at work, one of the site managers asked for a listing of which nodes on the site were using the auto-generated Pathauto paths and which were not. Should be easy, right? Just figure out where Pathauto stores whatever variable it uses to indicate if a node has the "Automatic alias" parameter set and dump the list. Turns out, actually no, it's not that simple. Pathauto doesn't store a variable.

Migrating from CVS to Git

One of the initiatives begun since I came on board at USP is to convert the team from using CVS for version control to using Git. CVS was performing adequately in most respects, but the leadership recognized that Git is the de facto industry standard these days and that, beyond the technical benefits of moving to Git, there was value in keeping up with the standards of the industry and the Drupal community. The question, then, was how to best accomplish the change.


On July 13th, I'll bid farewell to GDIT and the EOP and move on to the next step in my career. It's been an honor to work with the team there and I've learned more in the past year than I would have imagined possible, a small sampling of which are below.

  • #!'s in URLs are forever.
  • --skip-lock-tables. For the love of dog, use --skip-lock-tables
  • Team dynamics are critical. The right combination of people in the right environment can produce some amazing outcomes and make even the most arduous environment bearable. Unfortunately, that balance is remarkably fragile. It takes very little mis-management to upset the balance and destroy morale.
  • Unicorns bleed rainbows.
  • cd -: How have I lived this long without having known about this command?
  • Mongo is wonderful until you need to do a simple join query, in which case you're looking at writing at least a hundred lines of application-layer code.
  • CDN's are insanely expensive but worth every single penny when people in Guy Fawkes masks decide to pound on your site.
  • Kanban is a wonderful management tool, created by 3M as a ploy to sell Post Its.*

Credit and disclaimers:

hook_career_alter() was originally developed by webchick. I'm just running a custom implementation of it.
* I have no proof that 3M created Kanban...but it just makes so much sense.

When the Birds of a Feather Don't Flock

Some months ago, I got involved with implementing OpenID on Drupal for work. One of the things that struck me was that the OpenID modules appeared to be largely dormant. With DrupalCon coming up, the logical solution seemed to be to get together a Birds of a Feather (BoF) session.

Completing DataSmith.net Project Revision

The final outcome of this project came out a bit different than originally envisioned, but I'm calling this one done for now. In the end, I created a Project node type with a Taxonomy term reference for the project status and a view to display the Project nodes which have a status of either Exploration, Active, or Someday.