bert

Never trust data, no matter what the source is

xss in the zoen boerland.com
Drupal is becoming increasingly a backend CMS. For editers so they can easy manage their content while for example AngularJSis delivering the content. Or as a backend hup combining content from multiple sources, databases and systems.

Drupal evolved towards this from a blog alike system 10 years ago, a content type with user generated comments below. Back then everybody knew that you should filter User Generated Content and stripe the HTML if you cared about the site. Many other systems up to today however do not filter UGC good enough; user signups, search input and many other ways a user can give input ot the system.

Now Drupal is talking to other systems, combining data from multiple sources, devs still need to understand that one should ***never*** trust input data, no matter if the source is another database or a user.

Because, what could possibly go wrong with just displaying this data directly or injecting it in the database? Why should you "checkplain" the TXT fields in zone of a domain? Why?

Bert Boerland en de Icebucket Challenge

Hoe het voelt om als allerlaatste Nederlander genomineerd te worden voor de icebucketchallenge? Zie dat in deze video

Bodemllijn: Ik doneer aan Aaron Winbord (fund), een #drupal vriend die aan ALS leidt. En ik nomineer Paus Franciscus, permier Mark Rutter en Koning Willem Alexander.

Virtual Firewall with kinect and a projector

I am a big fan of all thing gesture (kinect) and augmented reality. So this "firewall" on aaron-sherwood's site is something I digg

The original concept stems from a performance piece I’m currently developing as Purring Tiger (with Kiori Kawai) titled Mizalu, which will premiere in June 2013. During one scene in the performance dancers will press into the spandex with the audience facing the opposite side. Mizalu is about death and experience of reality, so this membrane represents a plane that you can experience but never get through. As hard as you try to understand what’s in between life and death, you can never fully know.

And a bit more howto

The piece was made using Processing, Max/MSP, Arduino and a Kinect. The Kinect measures the average depth of the spandex from the frame it is mounted on. If the spandex is not being pressed into nothing happens. When someone presses into it the visuals react around where the person presses, and the music is triggered. An algorithm created with Max allows the music to speed up and slow down and get louder and softer, based on the depth. This provides a very expressive musical playing experience, even for people who have never played music before. A switch is built into the frame which toggles between two modes. The second mode is a little more aggressive than the first.

Need some nerd time!

Zen and the Art of Drupal, The DrupalJam 2014.


As a member of the Stichting Drupal Nederland I have been (co) organising our DrupalCamps called "DrupalJam" for some time now. Last year we hired a soccer stadium for the the DrupalJam and this year we are at a very relaxing location at the water: InnStyle

This year we are working hard to make sure we will have an even better conference than last year. So far, we are on track on making sure we will. :-)

The first keynote speaker is Ancillia Tilia, former fetish model now known in the Netherlands a advocate on digital rights. She has been active in BIts Of Freedom, the Dutch equivalent of the EFF and the "pirateparty" in Amsterdam. The second keynote is from Jan Willem Tulp who creates astonishing data visualisations. Take for example the work descibed on on this page and burn some CPU cycles while flying in WebGL over over Amsterdam.

The featured speakers include Jeroen Tjepkema on web performance, Vincent van Scherpenseel on UX, Iacobien Riezenbosh (State of the web) and Sander Spierenbug (Ethical hacker at KPN, the largest telco in the Netherlands). Apart from these there is a full program on the site and it includes a Question and Answer session via the internet with Dries Buytaert.

Always wanted to ask a question (even if you are not coming to the DrupalJam or are from the Netherlands?), but were afraid to ask? Now is your chance. Do send in your hair raising questions to Dries! If you are stuck in Drupal, we also have a gurubar where the best minds of the Dutch Drupal community will help you out on the spot.

We would like to thank the sponsors and if you are around in the Netherlands, be sure to buy your ticket for 29 euros (30 if you become a member of the Stichting Drupal Nederland). It includes coffee, tea, water, quality lunch, 20 plus sesions, a free e-book from O'Reilly, the option to win 1 out of 5 free PHP Storm licenses, first free drink in the bar and eternal peace. If you do, be sure to pick the pick a badge.

If you can't make it, you can follow the event at eventifier or @drupaljam


Last thing, friend Metin Seven made an artwork with Druplicon that we printed on a 1 meter high canvas. Attendees can bid on this artwork (new office? must have! :-) ) during the conference.

Organising these events is always a lot of work but with a great team it is neither "a lot" nor "work". Thanks team! Peace.

Leap userinterface with Flickr, Minority Report User Interface is here (well sort of :-)

I recently gave a presentation about Natural User Interface and dived again in my old (?) leapmotion.

It can do minority style user interface within a webapp:

XML feed