weird

Never trust data, no matter what the source is

xss in the zoen boerland.com
Drupal is becoming increasingly a backend CMS. For editers so they can easy manage their content while for example AngularJSis delivering the content. Or as a backend hup combining content from multiple sources, databases and systems.

Drupal evolved towards this from a blog alike system 10 years ago, a content type with user generated comments below. Back then everybody knew that you should filter User Generated Content and stripe the HTML if you cared about the site. Many other systems up to today however do not filter UGC good enough; user signups, search input and many other ways a user can give input ot the system.

Now Drupal is talking to other systems, combining data from multiple sources, devs still need to understand that one should ***never*** trust input data, no matter if the source is another database or a user.

Because, what could possibly go wrong with just displaying this data directly or injecting it in the database? Why should you "checkplain" the TXT fields in zone of a domain? Why?

Beste wel snel, 250 km per uur over de snelweg (mashup van open data op een google maps)


Vandaag kwam ik op bestwelsnel.nl, een eenvoudige mashup waarbij data van hoe snel mensen rijden geplot wordt op een google maps.

Op de uitleg pagina staat hoe men aan de data komt. En dat wist ik niet, het is gewoon open(bare) data.

Op meer dan 24.000 meetlocaties worden dag en nacht autosnelheden gemeten. De Nationale Databank Wegverkeersgegevens (NDW) stelt deze informatie beschikbaar als 'open data'. Nuttig voor het vermijden van files, maar het geeft ook inzicht in hoe hard er soms in Nederland gereden wordt.
De waarden op de kaart zijn gebaseerd op NDW meetgegevens over gemiddelde snelheden. Deze worden door lokale overheden en Rijkswaterstaat aan het NDW aangeleverd. De waarden worden meestal gemeten doormiddel van detectielussen. Een 'luspaar' waarbij twee detectielussen op bijvoorbeeld 2,5 meter van elkaar in het wegdek zijn geplaatst kan de voertuigsnelheid bepalen door het tijdverschil tussen detectie op de twee lussen te meten.
Wanneer er in een minuut over een luspaar op een rijstrook maar een enkele auto of motor rijdt, zal dit door het meetstation gemeld worden als:

gemiddelde snelheid: 175km/h aantal voertuigen: 1
Dit zijn de metingen waarmee bestwelsnel.nl werkt.

Meer informatie over de data kan je vinden op NDW.

Tour De Drupal, come to DrupalCon Amsterdam by bike


When the three orange Dutch guys presented DrupalCon Amsterdam 2014 in Prague, they had a slide (#36) were they joked about that one should come to Amsterdam, The Netherlands by bike.

Two friends were funny enough to take this from "a joke" to "a practial joke". Rachel and Stefan created "Tour de Drupal", a community movement to get as many Drupalista as possible to visit DrupalCon Amsterdam 2014 in 330 days by bike!


If you come to this DrupalCon, there is no excuse, you have to come by bike and put yourself on the map. While you are at it, follow our friends on @TourDeDrupal as well. Even I come by bike, and so should you Dries!

There is bound to be more funny stuff coming from the community in Amsterdam, I hope to be involved in some of this and will post it here as well. There is for example talk of an Eurosongfestival with Drupal songs and a revival of the Kitten Killers so bring your guitar as well.

So in the closing ceremony we now have lists of the amount Megabits used, liters coffee drunken and number of flat tires… :-)

No-one knows how the police officers find their way back to the exact stadium in which they were born.



No-one knows how the police officers find their way back to the exact stadium in which they were born. Yet every year, thousands make this epic journey - battling their way up one-way streets, and through congested city centres - to the very same sporting venue in which they began their lives. They end their journeys exhausted, barely able to complete the final act for which this epic journey was made. It was here that they were born; it is here that they will spawn the next generation of law-enforcers; and it is here that they will end their lives - in the terraces of their ancestral arena, after one of the greatest migrations of the natural world.

via jwz

Spam wil eat itself, spammer requesting spam comments to be deleted

The site you are watching is rather old. The first posting is from 2002 and that is only because I deleted the database, the first posts were from around 2000.

So I have seen lots of spam attacks on my site, up to the point that I deleted the posisbility to add comments. I know about captchas and bayesian fingerprinting services like mollom, but this is my site with my rules. You want to expres your opinions, hike to facebook, twitter or start your own blog. My site, my rules.

However, back in 2006 I had comments on and there was a posting with some rather lame comments ("yes, I agree, Drupal is great"). Never gave it much thought. However, there was also a link in the users name. ... Indeed spam links. :-(

Now read this mail I got the other day:

Funny right? They have been spamming the internet for ages and now they found out that the postings they have paid for to be placed on sites like mine, are contra productive for their Google ranking and now they wanted to delete the posts!

Here is my answer, lets see what will be happening :-)

(ps I deleted the spams all the same :-)

XML feed