Hugo Estrada's House of Wonder

Short answer: make sure that gmap_markers.js has Drupal.gmap.iconpath pointing to the right folder where the marker icons are.

The long story:
Recently a client had a problem with drupal's gmap module. The markers wouldn't show. If you carefully moved the pointer around the map you would see it changing to a hand. One could even click on it. But the markers themselves were invisible.

I found the following page: http://drupal.org/node/1071244 which gives you a troubleshooting checklist for gmap. One of its steps is to make sure that you have access to gmap_markers.js. When I went to that page, I found that this is a configuration file. I saw that the images were supposed to be in a folder given by Drupal.gmap.iconpath, so I navigated through the directories in the file system to see if the images were there. They were not.

So the problem was that the file was moved to a public area, as it is required for it to work, but the value of Drupal.gmap.iconpath was never changed. So gmap was not able to find it. Changing the value to the appropriate drupal path fixed the problem.

Performance tweaking

There is a need for high performance drupal. Faster sites are more money. Faster sites get ranked higher by google. Vistors love fast sites. Mentioned in the media? What if the server goes down exactly then?

How to fail at Optimizing
1. Optimizing one part to death and neglecting the rest
2. Optimizing things without knowing where the pain is
3. Optimizing things with new methods without really understanding them
4. Optimizing things without testing it will hold the load

*pressflow / drupal 7
* APC
* MemCache
* Varnish and boost

Testing a site for Performance

* Safari / chrome / Firefox Developer Toolbar
* ab (apache benchmark)
* Load Testing test suits
* Devel module

Devel can save how long it takes to get pages.
If modules are a problem, enabling core

Pressflow if you want to do high performance drupal

APC
alternative PHP Cache
makes it much faster

MemCache
* You can store the cache into memory
* locking is important for drupal implementation
* It especially helps in logged in user

Boost
* it will create static html files

Varnish
* High performance concurrent reverse proxy
* delivers much faster than Apache
* works mostly only with anonymous pages

To set up the configuration
Set varnish to port 80
set apache to port 8080

Other stuff
imagecache_info
php slowness, HipHop

It is important to get yourself information.

varnish debug module -- being released today

enable boost and adding that configuration

planet and trollon.com the blog post with the information

Security Review module

vulnerable module: the vulnerable example module
Coder module
secure code review module

Security Review module.
It identifies the problems.
It gives you a description of what is wrong.
And a link to the manuals

You can also use drush

Hacked! project module
It may take a while

Revision control.
Use revision control to check whether a site has been hacked.

Secure Code Review module
static analysis of the code.
It uses a php tokenizer. It uses patterns.

Vuln.module

Browse around your site to see different popups

Drupal Scout Automated XSS

Scout Automated CSRF
dynamic code analysis
new tool

http://www.drupalscout.com

Risks

Mis-configurations
Insecure code
unsafe practices

Mitigation
audit configurations
secure code
and processes

Automated security audits and penetration testing

Ben Jeavons
@benswords

48% are XSS vulnerability

Drupalsecurityreport.org

control users with text formats

slides: http://lb.com/dscc

* Text format.

Cracking drupal.

There was nothing to prevent javascript from being run.
Text formats are there to prevent these kinds of problems
Filter HTML. It strips out javascript Changing these cause a problem.

HTML purifier module.

* Trust

Know your roles
How roles are granted
Administer permissions
Administer users
Administer filters
Administer content

Idea of least privilege

Automated configuration checks
Security review module

* Recovering from an attack
Backups of the site
make sure that you upgrade
change your passwords
audit your config and code

Backups of the site

Security updates are small

FTP
Insecure

SFTP. Better.

SSL
Firesheep
intercept information to the site

Run site on TLS/SSL

securepages & securepages_prevent-hijac

security review module

Custom code, the most vulnerability lies.
drupalsecurityreport.org

Coder module
audit and peer review
drupal.org/writing-secure-code

William O'Connor

* The more specialization you have, the better it scales.

* Performance is how fast I can get something back to person
*Scalability is how many people you can run at the same time

*Apache
* Standard, but bloated
* A well tested solution
* Apache okay for development, but move to another

*Nginx
* lighter faster cases
* WebDav won't work
* They see a lot of performance
* It is also great as a load balancer

* use drupal 7 or Pressflow platform
Support for db replication
support reverse proxy caches
mysql optimization
php5 optimazation

Opcode caching
* sort of like having a compiled version of your application
* optimizes php components
* stores the compiled php bytecode for execution in stored memory
* Result: Smaller PHP memory footprint

Recommended:
APC
* stable
* actively supported
* used eAccelator and Xcache (not recommended)

Database cluster:
* MyISAM
* good for read
* not good for writing
* It will do a table lock rather than a row lock

Switch to InnoDB
Better crash recovery

Alternatives:
MariaDB
Drop-in replacement for MySQL
superior technology

Drizzle

Alternatives
MongoDB
* Documented-oriented DB
*Examiner
*D7 module for it
** I can replace of certain portions of those things

Cassandra
column-oriented DB
*Facebook Inbox
* Eventual consistency

Separate DB Server
* One of the fastest ways to improve scalability
* DB fights vs apache in resources

Static Caching
* To make db and server to do less
* static caching. Materials that you can return without change. Returning flat and statically

Drupal modules
* boost modules. Only for anonymous files.
*AuthCache Module
A little bit more advance. More configuration. It can work with other caching engines. Some problems when you get bigger. If that is the case, you need a bigger thing
* helper module
ajaxify regions/blocks
ESI (varnish ESI)

Static cache on the same server.
* Wasted overhead.
* port to port
* segment traffic by port from the static caching.

Drupal 7 gives you easy opportunities to use static caching

Static Caching: Varnish
https://www.varnish-cache.org/about
* Free
* It can be difficult to set it up
* vcl file is a series of subroutines

Squid
Free
not designed to do this thing, but they used it to do it

AICache
* best performance, but paid service

CND
Cache content that is static (outside of full pages)
paid solutions
can be expensive

static-caching is great for anonymous traffic

Object caching
* layer of defense for db
* It caches a full object in memory.
* It will use a hash
* is leverage in memcache or APC

APC
http://www.php.net/apc
* it is the pretty quick and easy solution
* It is a single server solution
* Not distributed

* Memcache
http://memcached.org/
* It can be used distributed
* Facebook uses it
* slower in the single server instance
* provide silos/buckets can be created for information so you can distribute information across multiple servers
* memcache should be behind the firewall
* it is a hash table
* there is a one meg limit

Object/Document-module Dbs
* MongoDB can be used similarity to Memcache
* You can get object by key and run queries on it!!!
* It is a well perfoming system

Solr
* It allows the site perform much better
* You can move it out another system
* It handles the data store
* All what it must do is feed it information

Deployment
* Jenkins

Monitoring soluitons
*Zabbix

Start with application improvements

pressflow/DY
innoDB
APC

Tom Cochran

The principles of open government

* participation
* transparency
* collaboration

Drupal allows for constant change and collaboration.
Seeking to provide a platform for creating more collaboration and web applications.

Future:
* Upgrading to drupal 7
* Deploy NoSql and big data tools
* leverage OpenId & OAuth 2.0

Things to remember:
* Foster a culture of change so that open source can be adopted
* Thing of website is a web platform on which you can build services
* What got you here won't get you there.
* Drupal enables the White House website

Jason Hoesktra

whitehouse.gov made it possible for the rest of the government to adopt it.

Many government websites are driven by drupal Many states and territories. Many agencies.

Why using drupal?
1. Cost.
It allows to create a test quickly without having to get procurement
2. Capabilities
3. Community

There is also an internal drupal community within the government community.

How can you get involved?

1. Big data
http://data.gov

REST api, visualization api.

http://fcc.gov/data
They have a lot of data

2. Contests
http://challenge.gov

3. Interact with the community
http://groups.drupal.org/druapl-state-and-federal-agencies-government

http://goo.gl/bv4GJ

A while ago I said that I may come back and enter detail instructions on how to install simple test on drupal 6 on Windows. I forgot about it, and, of course, I need that information now. So here it is, in its detailed glory, how to do this.

1. Download simple test from this link http://drupal.org/project/simpletest

2. Make sure that you have curl installed. Check whether curl has been installed by looking at your phpinfo() page, or running on the command line php -i . If you don't have it installed, install it. On windows, that means going to your php.ini, and uncommenting the line where it says php_curl.dll and potentially moving php_curl.dll to Windows/system32 More information on this link http://www.php.net/manual/en/curl.installation.php read the 28-Dec-2009 07:17 comment by wixelbomb for more details on it.

3. Run the patch on drupal 6 core. Oh, boy, was this fun 2 months ago.
First, information on applying the patch is given here http://drupal.org/patch/apply If you are using windows, that means that the utility that you need must be run in cygwin http://www.cygwin.com/ or you need http://unxutils.sourceforge.net/ . That is actually not that bad. More information specific to windows on http://drupal.org/node/60179

What ended up being hard to figure out where you should run the patch. The answer to this, for simpletest, is your root drupal directory. Since I don't like to type too much, I copied and pasted D6-core-simpletest.patch to root, and ran the following command in cygwin

patch -p0 < D6-core-simpletest.patch

That should be it. Then you can have fun testing.

This was complicated to set up, but I am finally running a case. I may have to write a more detailed set of instructions on how to set it up on 6.x. The good news is that it is part of core on 7.

After running an update on a drupal site, I got the following error when looking at any content: Unknown column 'u.signature_format' in 'field list'.

There was this thread on it http://drupal.org/node/508666#comment-1783504

Someone said that they solved this by running a query. There was no query offered, but I was able to create one quickly by looking at the users install code:

alter table users add column signature_format smallint not null default 0

I spent about an hour battling the following error: Call to undefined function install_no_profile_error().

I had followed the directions on how to install Simple Test, and whenever I ran any test, even Simple Test's tests, I got that error.

After reading the following issue on their issue tracker http://drupal.org/node/341661#comment-2895990 they had some cryptic talk about the profiles/default. I couldn't really follow what they were saying since I thought that this may be some kind of configuration (about 90% of issues in Drupal can be solved through configuration settings). Soon after I learned enough to understand that they were talking about a file under the profile folder.

A quick look into my acquia site folder, and I found that profile/default was missing.

A quick copy and paste of the default folder from a clean drupal download into acquia's profile folder fixed the problem.