The document summarizes discussions from a Drupal camp meeting. It introduces the panelists and their experiences. It then summarizes questions and responses about eliminating bot registrations, detecting and preventing form spam, determining if a site has been compromised, and securing Drupal sites. The panelists provided suggestions on modules, configuration, and best practices to address these issues.
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)nous sommes vivants
rapport d'innovation de courts circuits : le marketing du luxe ("mon identité de luxe")
Des marques comme Paul&Joe ou Nespresso en s'appropriant les codes du luxe de plus en plus vite et avec talent forcent le luxe à INNOVER
Plus qu'une remise en cause de la notion de "luxe", nous assistons à une confrontation d'IDENTITÉ entre les ADNs de marque et les individus qui cherchent à s'accomplir à travers elles.
Le renouveau viendra de ce que les marques et les individus ont en commun...la CULTURE...mais cela n'ira pas sans certaines tensions...
jeremy dumont, directeur de pourquoi tu cours (l'agence des idees)
10 Things Webdesigners tend to do Wrong in SEO - SMX 2014Timon Hartung
Tim Hartung gives a presentation on common mistakes in SEO and how to avoid them. Some of the key points he discusses are:
- Using Google Webmaster Tools to find 404 errors on your site and submit your XML sitemap.
- Ensuring your XML sitemap is up-to-date and checking it for broken links to improve your crawl rate.
- Being careful with your robots.txt file as incorrectly blocking bots can prevent them from crawling your site.
- Optimizing for site speed as it is one of Google's ranking factors and users prefer faster sites.
- Implementing Schema.org structured data and Rel=Author to increase click through rates on search results.
10 Things Web Designers tend to forget when doing SEOTimon Hartung
1) Tim Hartung presented 10 things web designers tend to forget when doing SEO, including using Google Webmaster Tools, having good sitemaps, being careful with robots.txt files, ensuring AJAX and JavaScript content is crawlable, and optimizing site speed.
2) Schema.org and rel=author annotations can increase click-through rates on search engine results pages by providing rich snippets for structured data and attributing content to authors.
3) International IP redirects that send all traffic to country-specific sites can hurt SEO by preventing search engines from accessing global site content. Redirects should target homepages only and notifications provided for users redirected away from their expected language or country content.
The document provides guidance on building a basic web application using common web development technologies and patterns. It discusses key concepts like CRUD operations, MVC architecture, and using frameworks to provide structure. It recommends starting simply by building a CRUD application using HTML, CSS, JavaScript, and following an MVC pattern before expanding knowledge further. Frameworks help by providing file structure, build tools, and letting developers focus on unique application aspects rather than recreating common components. Object-oriented programming and the model-view-controller pattern help structure applications by separating data, display, and logic concerns.
This document discusses 7 reasons for code bloat, including: 1) underestimating the time needed to understand a new project; 2) maintaining code without proper tools; and 3) developers not reading documentation or existing code before starting work. It argues that developers often try to solve problems their own way before listening to existing solutions or documentation. Proper documentation and planning time for understanding projects are presented as ways to avoid bloated code.
This document is an introduction to the ALT.NET programming methodology, which focuses on core object-oriented practices and design patterns rather than specific frameworks. It discusses goals like maintainability and simplicity. Key principles mentioned include YAGNI (You aren't going to need it), last responsible moment, DRY (Don't repeat yourself), loose coupling, and unit testing with continuous integration. The introduction provides an overview without code examples, and says future chapters will cover topics like OOP, persistence, and dependencies in more depth with hands-on examples.
This is the paper that was presented during the NESS Conference in 2011 in Stockholm Sweden by Daniela Patti.
For further information please contact d.patti@cetit.at
Windows 8 introduced significant changes compared to Windows 7, including replacing the Start menu with a Start screen, making the Windows key essential for navigating between the modern and desktop interfaces, and removing the classic desktop view. Other changes were adding ribbons to Windows Explorer like in Microsoft Office, including a Windows Store for apps, introducing touch-friendly navigation gestures, reducing startup and shutdown times, and optimizing performance. While the changes made Windows 8 take some adjustment, it offered improvements in usability and speed over Windows 7.
courts circuits : l'innovation dans le luxe 'mon idendité de luxe" (partie 3)nous sommes vivants
rapport d'innovation de courts circuits : le marketing du luxe ("mon identité de luxe")
Des marques comme Paul&Joe ou Nespresso en s'appropriant les codes du luxe de plus en plus vite et avec talent forcent le luxe à INNOVER
Plus qu'une remise en cause de la notion de "luxe", nous assistons à une confrontation d'IDENTITÉ entre les ADNs de marque et les individus qui cherchent à s'accomplir à travers elles.
Le renouveau viendra de ce que les marques et les individus ont en commun...la CULTURE...mais cela n'ira pas sans certaines tensions...
jeremy dumont, directeur de pourquoi tu cours (l'agence des idees)
10 Things Webdesigners tend to do Wrong in SEO - SMX 2014Timon Hartung
Tim Hartung gives a presentation on common mistakes in SEO and how to avoid them. Some of the key points he discusses are:
- Using Google Webmaster Tools to find 404 errors on your site and submit your XML sitemap.
- Ensuring your XML sitemap is up-to-date and checking it for broken links to improve your crawl rate.
- Being careful with your robots.txt file as incorrectly blocking bots can prevent them from crawling your site.
- Optimizing for site speed as it is one of Google's ranking factors and users prefer faster sites.
- Implementing Schema.org structured data and Rel=Author to increase click through rates on search results.
10 Things Web Designers tend to forget when doing SEOTimon Hartung
1) Tim Hartung presented 10 things web designers tend to forget when doing SEO, including using Google Webmaster Tools, having good sitemaps, being careful with robots.txt files, ensuring AJAX and JavaScript content is crawlable, and optimizing site speed.
2) Schema.org and rel=author annotations can increase click-through rates on search engine results pages by providing rich snippets for structured data and attributing content to authors.
3) International IP redirects that send all traffic to country-specific sites can hurt SEO by preventing search engines from accessing global site content. Redirects should target homepages only and notifications provided for users redirected away from their expected language or country content.
The document provides guidance on building a basic web application using common web development technologies and patterns. It discusses key concepts like CRUD operations, MVC architecture, and using frameworks to provide structure. It recommends starting simply by building a CRUD application using HTML, CSS, JavaScript, and following an MVC pattern before expanding knowledge further. Frameworks help by providing file structure, build tools, and letting developers focus on unique application aspects rather than recreating common components. Object-oriented programming and the model-view-controller pattern help structure applications by separating data, display, and logic concerns.
This document discusses 7 reasons for code bloat, including: 1) underestimating the time needed to understand a new project; 2) maintaining code without proper tools; and 3) developers not reading documentation or existing code before starting work. It argues that developers often try to solve problems their own way before listening to existing solutions or documentation. Proper documentation and planning time for understanding projects are presented as ways to avoid bloated code.
This document is an introduction to the ALT.NET programming methodology, which focuses on core object-oriented practices and design patterns rather than specific frameworks. It discusses goals like maintainability and simplicity. Key principles mentioned include YAGNI (You aren't going to need it), last responsible moment, DRY (Don't repeat yourself), loose coupling, and unit testing with continuous integration. The introduction provides an overview without code examples, and says future chapters will cover topics like OOP, persistence, and dependencies in more depth with hands-on examples.
This is the paper that was presented during the NESS Conference in 2011 in Stockholm Sweden by Daniela Patti.
For further information please contact d.patti@cetit.at
Windows 8 introduced significant changes compared to Windows 7, including replacing the Start menu with a Start screen, making the Windows key essential for navigating between the modern and desktop interfaces, and removing the classic desktop view. Other changes were adding ribbons to Windows Explorer like in Microsoft Office, including a Windows Store for apps, introducing touch-friendly navigation gestures, reducing startup and shutdown times, and optimizing performance. While the changes made Windows 8 take some adjustment, it offered improvements in usability and speed over Windows 7.
The document summarizes the author's history in Payson, Utah over several decades. In the 1980s, the author and his family restored an old house and opened a home decor and gift store with a tea room, which became very popular. They later expanded to include a commercial kitchen and upscale dining. The author also worked at a local radio station and emceed many community events. After relief trips abroad, he felt called to help people in need at home and is now running for mayor.
The new Wonderland magazine Activate & Involve presents how young architects and planners in Europe are engaging to their cities today. The Project Space cooperative planning workshop in different cities are presented together with the work done by young offices. Enjoy the reading!
This document discusses utility emergencies involving electricity, natural gas, and propane. It provides information on electrical distribution systems, hazards of downed power lines, pole/transformer fires, vehicle accidents involving poles, and manhole fires. Guidelines are given for establishing safety zones, contacting utility companies, and safely responding to various emergency scenarios until utilities personnel arrive to isolate energy sources. Personnel are advised to treat all wires and gas/propane equipment as energized until proven otherwise and to avoid actions that could cause arcing or explosions.
Thank you for the training. I have completed reviewing the full document and understand the proper inspection and use of the FFRED-SCBA integrated escape system.
The new radio procedure for contacting MACC, South Buffalo Mercy, and Kenmore Mercy Hospital involves:
1) Turning on the "400mghz" or "Hamburg Fire" radio and selecting the "Interop2" channel using the up channel button, which is 7 clicks away from "Ham F-1".
2) Using the handset labeled in the back of the ambulance to call the hospitals and make reports.
3) Pressing the "home" button to return to the "Ham F-1" channel when the report is complete.
The document provides an overview of the new 400MHz radios used by Big Tree VFC, including portable radios and those installed in vehicles. It describes the main functions and buttons of the radios like power, volume, monitor, scan, phone and menu. The channels are also listed with their names and frequencies.
This document provides a summary of a hazardous materials operations refresher presentation. It discusses responder classifications including awareness and operations levels. Key terms like hazardous material and incident are defined. Transportation and storage of hazardous materials is covered including shipping papers, placards, and common locations. Methods for identifying hazards such as the Emergency Response Guidebook are explained.
This document provides guidance on annual refresher training for self-contained breathing apparatus, including reviewing the components and functions of the SCBA, maintenance and inspections, donning and operational testing, and considerations for use. Classroom and hands-on sessions are outlined to ensure proper care, use, and safety with SCBA equipment.
The 6k startup - How to Launch a Startup on a BudgetCrystal Taggart
Crystal Taggart launched her training platform TrainAsYouGo.com for under $6,000 by outsourcing all development through Elance. She defines the business model, prototypes the solution, gets feedback, documents requirements, manages the project, sets up WordPress, and tests the software. Key steps included identifying the business model, prototyping with tools like Axure, documenting CRUD and business rules, selecting affordable technologies like MySQL, hiring developers through Elance, and testing the software through methods such as load testing.
Stop Your Website Sending Your Customers to Your Competition and Move Your Bu...Tim Miller
This document discusses how businesses can move their operations to the cloud in a cost-effective manner. It addresses common myths about cloud computing, such as that it is always cheaper than on-premise solutions. In reality, total cost of ownership must be considered, as well as factors like migration costs. The document recommends that businesses educate themselves on cloud options, benchmark against competitors, and take a strategic approach, starting with small pilots rather than migrating all at once.
This document provides an overview of WordPress and considerations for website planning and hosting. It discusses content management systems (CMS), why one might choose WordPress, and free or low-cost hosting and domain registration options. It also covers WordPress jargon, how to create a WordPress site, useful plugins, and where to find help. While WordPress is very popular, the document notes there may be better options depending on one's needs and budgets.
Web Publishing & WordPress Introduction 16x9 draft 17msz
Helps you manage your WordPress site with ease. It provides useful tools like backups, security scans, speed optimizations, updates and more.
Akismet:
Helps protect your site from comment and trackback spam. It uses a crowd-sourced database of spam to detect spam quickly and accurately.
Contact Form 7:
Allows you to easily create contact forms and customize form fields. It has a simple interface to add and manage forms.
Google Analytics:
Tracks your site visitors and traffic sources. It provides detailed stats on pageviews, locations, devices and more to help optimize your site.
Yoast SEO:
Helps optimize your site for search engines. It
From Drupal 7 to Drupal 8 - Drupal Intensive Course OverviewItalo Mairo
From Drupal 7 to Drupal 8
A Drupal 7 and Drupal 8 course Intensive Overview
Treated arguments
Project characteristics
Main uses and users
Strength points
Community Documentation
Site Building Guide
Drupal 7 Focus
Implementation Workflow
Technology Stack, Core and Files Structure
Clean URLs & Aliases
Hooks
Themes
Blocks & Regions
Nodes
Taxonomy
Fields
Download & Extend (main useful modules)
Views Module
Menu System
Quality Assurance & Coding Standards
Multisite
Advanced Development Tools and Workflows
Git operational workflow
Continuous Integration, with Features Module
Drupal 8 Focus
Files Layout and Structures
Core concepts: “Proudly Invented Elsewhere”
New features and enhancements
WYSIWYG Editor
Quick Edit - In-place Editing
Refreshed Admin Theme
Draft Support in Core
Mobile First
Mobile-friendly Toolbar
Responsive-ize ALL Things (Themes, Images, Tables...)
Multilingual First & Language Selection Everywhere
Views in Core
More and Better Blocks
More Field Types
Render arrays
Front-end Developer Improvements
HTML5
Improved Accessibility
New Theme System: Twig
Back-end Developer Improvements
Symfony based Routing System
Configuration Management System & Configuration Sync Workflow
Content Deployment
Entities Everywhere, Configuration and Content Entities
Web Services
Improved Caching & Big Pipe
Building Modules with Drupal 8
Migration Path: Preparing for Drupal 8
Deciding When to Upgrade
Using Composer and GIT To create a new Drupal 8 project
This document summarizes techniques for building scalable websites with Perl, including caching whole pages, chunks of HTML/data, and using job queuing. Caching helps performance by reducing workload and scalability by lowering database load. Large sites like Yahoo cache aggressively. Job queuing prevents overloading resources and keeps websites responsive under high demand by lining requests up in a queue.
What is Web Scraping and What is it Used For? | Definition and Examples EXPLAINED
For More details Visit - https://hirinfotech.com
About Web scraping for Beginners - Introduction, Definition, Application and Best Practice in Deep Explained
What is Web Scraping or Crawling? and What it is used for? Complete introduction video.
Web Scraping is widely used today from small organizations to Fortune 500 companies. A wide range of applications of web scraping a few of them are listed here.
1. Lead Generation and Marketing Purpose
2. Product and Brand Monitoring
3. Brand or Product Market Reputation Analysis
4. Opening Mining and Sentimental Analysis
5. Gathering data for machine learning
6. Competitor Analysis
7. Finance and Stock Market Data analysis
8. Price Comparison for Product or Service
9. Building a product catalog
10. Fueling Job boards with Job listings
11. MAP compliance monitoring
12. Social media Monitor and Analysis
13. Content and News monitoring
14. Scrape search engine results for SEO monitoring
15. Business-specific application
------------
Basics of web scraping using python
Python Scraping Library
Leveraging start up technology for your library and the power of the slack ap...Brian Pichman
People talk about start-ups as lean, mean, fighting machines. Many start-ups and entrepreneurs use a slew of apps and technologies to fight cost, build collaboration, and accomplish big things — often with a small amount of money. Libraries can leverage a lot of these technologies and tricks to strengthen their teams and processes. This session will highlight these tools with an in-depth look at Slack as a powerful collaboration tool.
The document discusses various ways that developers and businesses can benefit from open source software like Drupal, including increased skills and reputation for developers, and lower costs, brand awareness, and developer talent for businesses. It also outlines different open source business strategies for the Drupal community, such as contributing code, writing modules, creating distributions, education, and hosting/tools.
The Open Commerce Conference - Premature Optimisation: The Root of All EvilFabio Akita
This is the talk I presented in NYC at the Spree Conference. It's about how we may be making bad decisions out of blindly following misleading pitches. To avoid it, we just need to go back to the basics of CS: Don't optimize prematurely. Here's how.
Building a social network website from scratchElinext
In 2020, there were 3.6 billion social media users worldwide. Half of the world's population was active on social media before the pandemic. In the last two years, our online presence has only strengthened. Social websites are an essential part of our daily life. TikTok, Facebook, Instagram, and YouTube crashes frighten people more than ever. So, creating a new social site could be a profitable project. But where to start? Learn in our new guide.
The idea of getting a web solution up and running is to empower one to focus on the business goal and objective. Which approach best suit your project or idea and how do you avoid reinventing the wheel?
The document summarizes the author's history in Payson, Utah over several decades. In the 1980s, the author and his family restored an old house and opened a home decor and gift store with a tea room, which became very popular. They later expanded to include a commercial kitchen and upscale dining. The author also worked at a local radio station and emceed many community events. After relief trips abroad, he felt called to help people in need at home and is now running for mayor.
The new Wonderland magazine Activate & Involve presents how young architects and planners in Europe are engaging to their cities today. The Project Space cooperative planning workshop in different cities are presented together with the work done by young offices. Enjoy the reading!
This document discusses utility emergencies involving electricity, natural gas, and propane. It provides information on electrical distribution systems, hazards of downed power lines, pole/transformer fires, vehicle accidents involving poles, and manhole fires. Guidelines are given for establishing safety zones, contacting utility companies, and safely responding to various emergency scenarios until utilities personnel arrive to isolate energy sources. Personnel are advised to treat all wires and gas/propane equipment as energized until proven otherwise and to avoid actions that could cause arcing or explosions.
Thank you for the training. I have completed reviewing the full document and understand the proper inspection and use of the FFRED-SCBA integrated escape system.
The new radio procedure for contacting MACC, South Buffalo Mercy, and Kenmore Mercy Hospital involves:
1) Turning on the "400mghz" or "Hamburg Fire" radio and selecting the "Interop2" channel using the up channel button, which is 7 clicks away from "Ham F-1".
2) Using the handset labeled in the back of the ambulance to call the hospitals and make reports.
3) Pressing the "home" button to return to the "Ham F-1" channel when the report is complete.
The document provides an overview of the new 400MHz radios used by Big Tree VFC, including portable radios and those installed in vehicles. It describes the main functions and buttons of the radios like power, volume, monitor, scan, phone and menu. The channels are also listed with their names and frequencies.
This document provides a summary of a hazardous materials operations refresher presentation. It discusses responder classifications including awareness and operations levels. Key terms like hazardous material and incident are defined. Transportation and storage of hazardous materials is covered including shipping papers, placards, and common locations. Methods for identifying hazards such as the Emergency Response Guidebook are explained.
This document provides guidance on annual refresher training for self-contained breathing apparatus, including reviewing the components and functions of the SCBA, maintenance and inspections, donning and operational testing, and considerations for use. Classroom and hands-on sessions are outlined to ensure proper care, use, and safety with SCBA equipment.
The 6k startup - How to Launch a Startup on a BudgetCrystal Taggart
Crystal Taggart launched her training platform TrainAsYouGo.com for under $6,000 by outsourcing all development through Elance. She defines the business model, prototypes the solution, gets feedback, documents requirements, manages the project, sets up WordPress, and tests the software. Key steps included identifying the business model, prototyping with tools like Axure, documenting CRUD and business rules, selecting affordable technologies like MySQL, hiring developers through Elance, and testing the software through methods such as load testing.
Stop Your Website Sending Your Customers to Your Competition and Move Your Bu...Tim Miller
This document discusses how businesses can move their operations to the cloud in a cost-effective manner. It addresses common myths about cloud computing, such as that it is always cheaper than on-premise solutions. In reality, total cost of ownership must be considered, as well as factors like migration costs. The document recommends that businesses educate themselves on cloud options, benchmark against competitors, and take a strategic approach, starting with small pilots rather than migrating all at once.
This document provides an overview of WordPress and considerations for website planning and hosting. It discusses content management systems (CMS), why one might choose WordPress, and free or low-cost hosting and domain registration options. It also covers WordPress jargon, how to create a WordPress site, useful plugins, and where to find help. While WordPress is very popular, the document notes there may be better options depending on one's needs and budgets.
Web Publishing & WordPress Introduction 16x9 draft 17msz
Helps you manage your WordPress site with ease. It provides useful tools like backups, security scans, speed optimizations, updates and more.
Akismet:
Helps protect your site from comment and trackback spam. It uses a crowd-sourced database of spam to detect spam quickly and accurately.
Contact Form 7:
Allows you to easily create contact forms and customize form fields. It has a simple interface to add and manage forms.
Google Analytics:
Tracks your site visitors and traffic sources. It provides detailed stats on pageviews, locations, devices and more to help optimize your site.
Yoast SEO:
Helps optimize your site for search engines. It
From Drupal 7 to Drupal 8 - Drupal Intensive Course OverviewItalo Mairo
From Drupal 7 to Drupal 8
A Drupal 7 and Drupal 8 course Intensive Overview
Treated arguments
Project characteristics
Main uses and users
Strength points
Community Documentation
Site Building Guide
Drupal 7 Focus
Implementation Workflow
Technology Stack, Core and Files Structure
Clean URLs & Aliases
Hooks
Themes
Blocks & Regions
Nodes
Taxonomy
Fields
Download & Extend (main useful modules)
Views Module
Menu System
Quality Assurance & Coding Standards
Multisite
Advanced Development Tools and Workflows
Git operational workflow
Continuous Integration, with Features Module
Drupal 8 Focus
Files Layout and Structures
Core concepts: “Proudly Invented Elsewhere”
New features and enhancements
WYSIWYG Editor
Quick Edit - In-place Editing
Refreshed Admin Theme
Draft Support in Core
Mobile First
Mobile-friendly Toolbar
Responsive-ize ALL Things (Themes, Images, Tables...)
Multilingual First & Language Selection Everywhere
Views in Core
More and Better Blocks
More Field Types
Render arrays
Front-end Developer Improvements
HTML5
Improved Accessibility
New Theme System: Twig
Back-end Developer Improvements
Symfony based Routing System
Configuration Management System & Configuration Sync Workflow
Content Deployment
Entities Everywhere, Configuration and Content Entities
Web Services
Improved Caching & Big Pipe
Building Modules with Drupal 8
Migration Path: Preparing for Drupal 8
Deciding When to Upgrade
Using Composer and GIT To create a new Drupal 8 project
This document summarizes techniques for building scalable websites with Perl, including caching whole pages, chunks of HTML/data, and using job queuing. Caching helps performance by reducing workload and scalability by lowering database load. Large sites like Yahoo cache aggressively. Job queuing prevents overloading resources and keeps websites responsive under high demand by lining requests up in a queue.
What is Web Scraping and What is it Used For? | Definition and Examples EXPLAINED
For More details Visit - https://hirinfotech.com
About Web scraping for Beginners - Introduction, Definition, Application and Best Practice in Deep Explained
What is Web Scraping or Crawling? and What it is used for? Complete introduction video.
Web Scraping is widely used today from small organizations to Fortune 500 companies. A wide range of applications of web scraping a few of them are listed here.
1. Lead Generation and Marketing Purpose
2. Product and Brand Monitoring
3. Brand or Product Market Reputation Analysis
4. Opening Mining and Sentimental Analysis
5. Gathering data for machine learning
6. Competitor Analysis
7. Finance and Stock Market Data analysis
8. Price Comparison for Product or Service
9. Building a product catalog
10. Fueling Job boards with Job listings
11. MAP compliance monitoring
12. Social media Monitor and Analysis
13. Content and News monitoring
14. Scrape search engine results for SEO monitoring
15. Business-specific application
------------
Basics of web scraping using python
Python Scraping Library
Leveraging start up technology for your library and the power of the slack ap...Brian Pichman
People talk about start-ups as lean, mean, fighting machines. Many start-ups and entrepreneurs use a slew of apps and technologies to fight cost, build collaboration, and accomplish big things — often with a small amount of money. Libraries can leverage a lot of these technologies and tricks to strengthen their teams and processes. This session will highlight these tools with an in-depth look at Slack as a powerful collaboration tool.
The document discusses various ways that developers and businesses can benefit from open source software like Drupal, including increased skills and reputation for developers, and lower costs, brand awareness, and developer talent for businesses. It also outlines different open source business strategies for the Drupal community, such as contributing code, writing modules, creating distributions, education, and hosting/tools.
The Open Commerce Conference - Premature Optimisation: The Root of All EvilFabio Akita
This is the talk I presented in NYC at the Spree Conference. It's about how we may be making bad decisions out of blindly following misleading pitches. To avoid it, we just need to go back to the basics of CS: Don't optimize prematurely. Here's how.
Building a social network website from scratchElinext
In 2020, there were 3.6 billion social media users worldwide. Half of the world's population was active on social media before the pandemic. In the last two years, our online presence has only strengthened. Social websites are an essential part of our daily life. TikTok, Facebook, Instagram, and YouTube crashes frighten people more than ever. So, creating a new social site could be a profitable project. But where to start? Learn in our new guide.
The idea of getting a web solution up and running is to empower one to focus on the business goal and objective. Which approach best suit your project or idea and how do you avoid reinventing the wheel?
This presentation is all about my exploration of content management systems over the last couple of years. It's includes short descriptions of a half dozen CMS's and a much longer argument on why I chose Drupal.
Presentation from June 2013, Surrey, BC, Drupal Group meetup.
- Some tips how to improve Drupal 7 performance.
- Get Drupal 7 working faster
- Optimize code in order to get proper responses
- Use cache (memcache, APC cache, entity cache, varnish)
- Scale Drupal horizontally in order to balance load
This document summarizes a presentation about creating websites using WordPress. Some of the main topics covered include:
1. What content management systems (CMS) are and why they are popular choices for building websites. WordPress is highlighted as the most widely used CMS.
2. The benefits of choosing WordPress include its large community support, ease of use/customization, and ability to find help online. However, other CMS options are also briefly discussed.
3. Tips for setting up WordPress include considering free local testing options before paying for web hosting, and reviewing various cheap or free hosting providers while being wary of services that seem too good to be true.
2. Seth Viebrock has worked on Justin Bieber's web site, led a team as CTO
at a start-up company, traveled to Tokyo for data center security
assessments, worked on world-class e-commerce software, provides
Drupal expertise for Estee Lauder and their many international brands,
been building web sites for clients since 1996, and started a few
businesses, including Origin Eight.
Gary Parker is a Systems Administrator for the Office of Information
Technology and is the primary administrator for Drupal sites hosted by
OIT at the University of Massachusetts Amherst.
Rob Higgins is a Drupal Developer currently working with Origin Eight and
MIT. He has been developing Drupal applications for 5 years and draws
his experience from building a custom newspaper publication
management system on top of Drupal as well as many smaller scale
projects.
Cheryl Handsaker is a Technical Project Manager and Drupal Developer
supporting the work of ALM Enterprises, Origin Eight and Charlemont Web
Works. She has cajoled these smart people to serve as panelists.
3. I work on a site for a small non-profit that runs a yearly conference.
Admission to the conference is free but an accurate head-count on
registrations is helpful for planning. It is a goal of the organization that
the barriers to registration are low.
User registration requires a username and email address be provided.
Mollom is enabled and completing a CAPTCHA is required for
submission, a controversial decision given ease of use concerns. In
addition the email address provided must be verified before the user can
complete the remaining profile fields and be officially registered.
Despite these precautions, we receive 5-6 bot registrations/ day. These
have reasonable looking user names but are tied to unrelated nonsense
emails, typically from the hotmail domain but we have also seen gmail
and yahoo domains as well.
How can I eliminate bot registrations without continuing to raise the barrier
for registration from real humans?
4. Disqus -- http://drupal.org/project/disqus -- If all you need is commenting, use
Disqus and disallow user registration altogether. Or, if you need user registration,
but the major problem is comment spam, use Disqus.
Captcha Riddler -- http://drupal.org/project/riddler -- Create your own Captcha
riddles. In the case of a Drupal conference event, the question could be "What
does that little blue drop stand for at the top of the page? Hint: It starts with a 'd'."
Help text: "If you reeeeally need help figuring out what the blue drop stands for,
email help@conferencename.net"
Spambot -- http://drupal.org/project/spambot -- Spambot protects the user
registration form from spammers and spambots by verifying registration attempts
against the Stop Forum Spam (www.stopforumspam.com) online database.
Botcha -- http://drupal.org/project/botcha -- The approach of BOTCHA is to add
various elements to forms that need protection from bots. These elements do not
present new fields to users, so BOTCHA is completely transparent to humans. Both
humans and bots submit those forms and BOTCHA performs heuristic analysis on
each submitted form. Bots are usually programs/scripts that are relatively dumb,
and most of the time they fail BOTCHA tests and human users don't. The more
there are opportunities for the bot to slip and prove it is a bot, the better defense
from spam we have. So we can combine multiple BOTCHA recipes as opposed to
only one CAPTCHA per form. This gives huge advantage to BOTCHA. To prevent
spam most effectively, you must combine and fine-tune several of the available
"recipes.”
5. Countryban and ip2country -- If your target audience is only one or a few countries,
try http://drupal.org/project/ip2country for D6 (could be upgraded to D7), or write
something around http://drupal.org/project/ip2country to either block or give a
special registration form to users from a set of countries.
Mollom - http://drupal.org/project/mollom -- Provides a decent captcha, and helps
analyze statistical data about the poster and the poster's content. I'd use reCaptcha
(see below) for the captcha on user registration, and have Mollom deal with content
analysis by already-registered users.
reCaptcha - Owned by Google. Very common captcha for user registration.
http://drupal.org/project/recaptcha
Social network auth - i.e. http://drupal.org/project/fboauth,
http://drupal.org/project/gigya -- use social login to help prevent spam.
Drupal core - Require users to validate their email address. In worst-cases, require
admin approval of account.
Community moderation of users - Use something like
http://drupal.org/project/rules_link or http://drupal.org/project/flag to block users
after their content has been marked as "spam" by a certain threshold of community
users. Put a flag right on the content and let your community participate in the work.
6. I work on a website for a start-up company that uses forms to
capture sales lead information. We allow anonymous users to
submit inquiries on the site through these forms. The forms
typically have 10-15 required fields, a mixture of free form text
and select boxes. We use the free version of Mollom on the
registration form and 12 general information forms on the site,
which is working very well most of the time. However, on a good
day we run into trouble.
Free Mollom has a per day limit on the number of successful
CAPTCHA completions per day. Occasionally, this limit is exceeded
and we have chosen to accept further form submissions rather
than rejecting because of the nature of the information collected
resulting in spam being delivered to our sales force.
Are there alternatives to the paid version of Mollom for detecting
and preventing form spam that do not make it more difficult for
our target customer to complete them?
7. Many of the suggestions that Seth outlined for bot
registrations are also effective at reducing form
spam.
Use only plain text inputs for forms. Do not allow
even filtered html. Insure that php form input is
completely disabled.
Consider the business goal. Weigh the cost of lost
sales due to increased barriers against the cost of
reviewing and removing spam emails. Many
companies underestimate the cost of handling spam.
If Mollom is working effectively for you, purchasing
the paid service may be the most cost effective
solution.
8. The patterns of usage on my educational website
shift rather suddenly. In particular, comments are
appearing on nodes that I didn't think had
comments enabled and there is a lot of traffic to
a file download that came over from an early site
migration. I have taken a cursory look at the
Drupal log but there are so many entries there
that only the last few hours of activity are visible.
What steps I can take to determine if my site has
been compromised?
9. Google your own site as an anonymous user.
Often this is enough to replicate the behavior.
Check the site with Google Safe Browsing, i.e.
http://www.google.com/safebrowsing/diagnosti
c?site=drupal.org
Check authentication, especially for powerful
users. Look for evidence of privilege escalation.
If you have access, review the system logs. All
activity should be logged there.
Network utilization, unexpected spikes in
memory or cpu usage.
10. Check the file structure for new or modified
files.
Use version control to compare to those
deployed.
Review source code of any changed files
looking for modifications, especially the
introduction of iframes and metadata.
11. Secure pages module
http://drupal.org/project/securepages and secure
pages hijack prevention (D6)
http://drupal.org/project/securepages_prevent_hijac
k modules. By default, Drupal doesn't force user
authentication over SSL so user names and passwords
could be sent in plain text.
LDAP integration
http://newrelic.com/
Use code repository for all site deployment
Nagios for Drupal http://drupal.org/project/nagios
Set password policies:
http://drupal.org/project/password_policy
12. Cloudflare: http://drupal.org/project/cloudflare reverse
proxy, firewall and CDN
Securing your site: http://drupal.org/security/secure-
configuration
Production Checklist:
http://drupal.org/project/prod_check
Be sure to remove modules used in development on
production (i.e. devel, backup & migrate, views UI).
Hacked module: http://drupal.org/project/hacked
Having site code owned by root is OK. If root is
compromised your problems go beyond your website.
Code review modules
◦ Coder http://drupal.org/project/coder
◦ Secure code review: http://drupal.org/project/secure_code_review
13. Vulnerability Scanning services (free & paid)
◦ Acquia Insight
◦ Droptor.com
◦ Hackertarget.com/drupal-security-scan/
◦ http://drupalscout.com/
◦ Your staff – ask them to try to hack into your site for a bonus and
much internal glory.
Ben Jeavons from Acquia at NYC Camp 2012 :
http://archive.org/details/HackIntoDrupalSitesorHowToSe
cureYourDrupalSite
http://drupal.org/security-team
Captcha ideas
◦ MINTeye: Identified as not very strong captcha
◦ Use of Esperanto characters and works for catpcha
Books & Presentations
◦ http://crackingdrupal.com/
14. Choosing secure Drupal modules
◦ Look at the issue queue – not too many open issues
and no issues with any kind of unaddressed
security vulnerability
◦ Lots of downloads – others are using it widely
◦ Scan the module code for undiscovered
vulnerabilities
◦ Actively maintained
◦ Get involved – report issues you do uncover and
work with developers to resolve these issues.
15. Seth, Gary and Rob!!
Eric Peterson who volunteered to be
empanelled at the last minute and supported
the conversation with knowledge and good
humor!
To the participants. Good suggestions, good
questions, great conversation.
To the Drupal community for your work and
wisdom and most especially for sharing both.