Acquia session room

Overview

Google has shown us that search matters. Drupal's core search has strengths as well as weaknesses. What are they and how are the weaknesses being addressed? What new search options have emerged, and how does one evaluate them?

Agenda

* Core search in Drupal 7: What needs to be done?
* Minnesota Search Sprint: What got accomplished and where does it go from here?
* Xapian, Sphinx and ApacheSolr: With so many third-party options to choose from, how does one evaluate and decide?
* Search and Drupal.org: What special needs does Drupal.org have, and how can we improve things now and in the future?

Goals

Increase focus on improving core Drupal search. Increase awareness of alternative solutions. Increase awareness of different search features, such as faceted searching. Encourage more collaboration amongst developers.

Resources

* http://drupal.org/project/apachesolr
* http://drupal.org/project/xapian
* http://www.sphinxsearch.com/
* http://groups.drupal.org/node/4102 (Search group on g.d.o.)

Overview

Most Drupal security vulnerabilities are discovered via manual code reviews or by accident. This session will introduce two automated approaches to detecting Cross-Site Scripting (XSS) and SQL Injection (SQLi) security vulnerabilities and present progress to date in applying them to Drupal.

Dynamic Analysis, or "data tainting," involves tagging actual data within a running program received from untrusted sources as "tainted," propagating the taintedness to any data derived from tainted data, and detecting when tainted data is used in dangerous circumstances. For example, data tainting would detect when any data derived from unsanitized GET request parameters is outputted within HTML.

Static Analysis involves performing data-flow analysis directly on source code to detect when certain kinds of security vulnerabilities are possible. Like Dynamic Analysis it uses a data tainting model but instead of operating within a live running program on real data it studies all possible code paths within a program to identify potential problems.

Agenda

* Conceptual introduction to Dynamic Analysis and Static Analysis
* Advantages and disadvantages of each approach
* Current progress and results with Drupal
** System-wide data tainting using Taint PHP
** Using the Schema API for accurate database tainting
** Development of Taint Trace for easier debugging
** "Run-time static analysis" of Drupal Input Formats

Goals

Attendees will learn how Static and Dynamic Analysis can work to improve program security by automatically detecting XSS and SQLi vulnerabilities.

Resources

This session requires only basic PHP development skills. All Drupal module developers are qualified and encouraged to attend.

Overview

The session will introduce the Field API intended for Drupal core. The Field API supports "CCK fields in core" as a new central concept for organizing content as an eventual replacement for the Node API model.

Agenda

* Motivation for Fields in core
* Design goals for the Field API
* Current status of the Field API
* Fields on remote data and the semantic web

Goals

Attendees should leave this session understanding what the Field API is, how it will work, and how to use it to create custom content types programmatically.

Resources

Attendees should be familiar with node types and how to use CCK user interface to define custom content types with fields.

Overview

The Drupal 6 menu system has a fundamentally different architecture from what was present in Drupal 5. This session is designed to highlight the key features of the new system, and give some code-level examples of how to use them well and what to avoid.

Agenda

* How does Drupal 6 serve paths and render links
* When are the menu hooks called
* When to define a router item
* Examples of bad code
* Examples of good code
* Advanced tricks and tips

Goals

By the end of this session I hope you will have thrown off the shackles of your Drupal-5-based thinking about the menu system and be ready to use the features and be aware of the limitations of the Drupal 6 menu system.

Resources

You should be familiar with writing a hook_menu implementation and preferably the {menu_router} and {menu_links} tables to get the most of this session

Overview

This is a round-table session, gathering those who are interested in collaborating on a Drupal Certification program.
As Drupal grows, the need for Drupal training grows as well, and so - more companies offer Drupal training and courses.
Training people to Drupal, has many benefits:

• It helps customers make a better use of their websites or Drupal-based web applications
• It increases the offer of Drupal savvys in the jobs market, whether as webmasters, developers or designers
• It creates another channel for people to get to know Drupal, and as such... (see next bullet)
• It helps the community grow

It is important therefore, that all those who are involved in this area, collaborate, in order to achieve a coherent, collaborative Drupal training curriculum. There is an ongoing effort to achieve that on g.d.o, but it doesn't prove to be the right platform. In this round table we will try to find the best way for us to collaborate and share over this matter.

Agenda

Some key issues that will be discussed (not necessarily in this order):

• What is a Drupal certification at all? Can there be ONE certification?
• Who is allowed to certify anyone to Drupal?
• What are the implications of not collaborating over a certification program?
• Does the Drupal association have to take the control over certifications?
• What impact will Acquia's certification program have on other Drupal training programs? (see this discussion on g.d.o.)
• How should the collaborative platform look like? How should it behave?

See this g.d.o. wiki page for more background (feel free to participate): Associations, ideas, and possible questions, that comes to your mind, when talking about...

Goals

At the end of the session we should have a clearer picture about the Drupal's certification program, and about the ways to achieve collaboration from all those who are involved in the area.

Resources

Here (Szeged 2008 related sessions)

• The Alexandria Project (seems to have dropped)

Groups.Drupal.Org

• Curriculum and Training group
• A brainstorming wiki page in preparation on this session
• Drupal training syllabus
• What impact Acquia new Training and Certification project will have on Drupal community ? (comments are interesting)

Acquia.com

• Yellow Jersey
• A skeptic plans a certification program
• A Certification Success Story

Overview

Testing saves time, allows you to provide code-level checking for your clients' crazy requirements, documents how your code is supposed to work, frees you to refactor your code without fear of breaking things, and ensures you never get the same bug twice. Sounds great! But how do you get started?

This session will provide an intro to testing for developers who've never touched it before, in preparation for Testing, part 2: Crazy testing party!

Agenda
* What is testing?
* Why is it awesome?
* What tools do I need?
* How does it work?
* How do I write tests?

Goals

Attendees will leave this session with an understanding of how testing works at a broad level, and how to write a basic test. They'll be provided with hand-outs with more detailed information.

Resources

* http://drupal.org/simpletest
* http://www.lullabot.com/articles/introduction-unit-testing
* http://cwgordon.com/how-to-write-automated-tests-for-drupal