Overview
Analysts estimate that 75% of attacks against web servers enter at the application, not the network level. And as many as 15% of these attacks are due to poor coding practices. With the help of well known security firms, We'll discuss ways to secure your Drupal application.
Agenda
* See For Yourself - demonstrations of application attacks
* Case Study: Secrets to Securing a Social Network
* Key Habits of Secure Drupal Coding
* Vulnerability Detection to Remediation
* Security Resources for Drupal Applications
* Discussions
Goals
You will learn best practices you can employ right now to build secure Drupal Application code that meets security compliance standards and maintain customer confidence.
Overview
Drupal needs media handling, but more than that, Drupal needs a way to handle ''Social Media''. YouTube or Flikr are excellent examples of gallery-style media sites that have experienced organic community growth (Flikr more than YouTube). Facebook has fairly robust handling of photos and leverages their "social map" to deliver an exciting experience.
Drupal is already an excellent platform for building robust social networking sites and community collaboration spaces. Media handling is rapidly improving. With the current discussion on how to formalize media handling in Drupal and the continued development in the social networking space, Drupal is a natural choice for developing social media projects. All that is missing is a straightforward implementation path. The Scald platform -- first developed for a groundbreaking new project from Chicago Public Radio -- is a first step down that path.
Agenda
Goals
Attendees should leave feeling that they have a grasp of how Drupal currently stacks up in the Social Media space. They should understand the basic Scald feature set, its architecture (on a high level), the rationale behind its development and some ways that Scald can be used as an effective tool in developing social media websites.
Resources
Overview
There are many developers who can't stand working with CSS, but are occasionally forced to, and many site administrators who are asked to make small changes to a site's design, but don't know where to start. This session aims to cover the basics of CSS and how to use it to make alterations to your site's theme.
If there's interest, I'll follow up this session with a BoF to help tackle specific problems on your own sites.
Please let me know if there's something I've missed from the agenda.
Agenda
* What is CSS?
* I don't get the cascade: please explain it again.
* Using the cascade to target different areas of your page.
* FireBug to the rescue!
* Take apart page.tpl.php and put it back together the way you want it.
* Using template.php to make your life easier.
* Modules that can help.
* Dealing with Internet Explorer.
Goals
This session aims to cover the basics of CSS and how to use it to make alterations to your site's theme.
Requirements
Familiarity with Drupal, perhaps a rough idea of what's in a theme.
Some knowledge of HTML.
We'll be copying and pasting a little PHP, too.
I want to open a discussion on how to use various components and sides of Drupal to enable us, Developers to improve usability in our projects. Le us discuss how to use Form Elements, Helper Libraries, Naming conventions and Insert Your Birght Idea Here to enable the community to improve Drupal's usability.
Overview
Improving usability for project Foo might make the same software horrible to use in project Bar. That is why we could look at improving usability in Drupal by not making Drupal core more usable. But by enabling the developers to make Their Drupal project more usable for Their users in Their specific cases: enabling the community to improve usability.
Looking at Drupal as a Framework (the CMF) gives us opportunities: We can improve usability by enabling Dan the Distro Builder to put together a Blog Install Profile that is very usable for Bob the Blogger.
Agenda
* Introduction on Usability in general: Why is it so hard to get right in Drupal?
* Short introduction on why this 'enable' route might work better then the oldfashioned 'make Drupal core more usable'.
* Open Discussion on ways to achieve this.
* Putting Money where Mouth is: create code, docs and projects after the outcome of the discussions. This should be the biggest part: we must avoid this becoming a vapourware project and start off with some Real Working Code and Good Resources.
Goals
Setting up and initial infrastructure that will help people who want to contribute to the usability of Drupal.
Get a message out about this initiative and to enthuse developers for this usability project.
And, in the very end: to allow you to build a perfect site for your specific users.
Resources
Please collect any nice code (form elements) nice ideas (the back of a beermat) or good designs (like That One CSS Trick to align forms) on your laptops or servers. So that we have some real working code and ideas to start off with.
Overview
Usability is a big factor in the success of a website or a web
application. With some usability knowledge developers can improve their
modules.
I will show what changes have been made (and will be) to Simplenews and
Header Image modules (the modules I maintain). Along the way I will share
my thoughts and considerations regarding contributed module usability.
Usabiltiy is no rocket science, just applied common sense.
Agenda
* What is usability and why do we need it
* Common mistakes
* Simplenews and Header Image usability past, present and future
Goals
To make module developers, users and decisionmakers aware of usability
aspects of module development.
Resources
* Common sense
* Books: Don't make me think by Steve Krug
Report as inappropriate:
http://szeged2008.drupalcon.org/mollom/contact/d6913aa9de19dc61
Overview
In this BoF, we will discuss practices for securing PHP from the Server Administrators view. This includes various web server settings, php.ini settings and demonstrations of less-known attacks.
Agenda
* Web server settings for PHP security
* See for yourself - demonstrations of weird attacks
* php.ini settings
* Discussions
Goals
After you walk away from this BoF, you will know more about PHP settings, how to secure it and most importantly: How to sleep better at night.
Overview
Accessibility should not be considered an option or an add-on. It is the responsibility of the entire team, from the designer, to the coder, to the writer, to the themer, and even to the business development team.
Agenda
Goals
Fortunately, Drupal has a solid foundation for coding standards and separating its data, logic, and presentation separate from each other. This has greatly contributed to the ease in which to make a Drupal site accessible. But is it enough and could it be better?
Resources
Link to the slide:
http://quiddities.com/presentations/2008/08/drupalcon-accessibility/
Overview
I would be talking about how drupal supports the RIA like Flex based applications.
Agenda
* Introduction to RIA
* Introduction to Flex
* How drupal supports Flex based applications
* Difficulties involved
* Future support
Goals
To make the people aware of the support provided by drupal to use RIA.
Resources
Flex based drupal modules.
Overview
Everytime I work on a drupal based project, I am thinking about users how they are going to add content, set up taxonomy, maintain site and perform other tasks without getting lost on their site. This session will try to showcase best practices in admin interface and I will try to show where rootcandy (http://drupal.org/project/rootcandy) project is at the moment and where it is heading.
Agenda
* Several scenarios how to make administration easier
--* TBC
* RootCandy theme/module project
--* RootCandy for developers
--* RootCandy for users
* Available modules that can improve administration
Goals
By the end of this session, attendees will see more possibilities in improving admin section and benefits of making admin section userfriendlier.
Overview
I've been asked to give a talk on the specified topic by the track co-chair. Since I am now running large scale Drupal installs for over two years (mainly drupal.org) I have learned a few tips about making your Drupal code run fast and not give your server a hard time which I want to share.
Agenda
* Drupal caching in core
+ Drupal 5
+ Drupal 6
+ Drupal 7
* Mistakes to avoid when programming Drupal
* Tips and tricks.
* Different cache backends.
* Other stuff (basic server config)
Goals
I'd like attendees to gather an understanding for why caching is important and the pitfalls that may occur.
Resources
General familiarity with Drupal is going to be helpful.