(AD) Sponsored links
This site is build on openstandards with opensource software and an openmind. That is why all content is licenced under the open content licence.
The Orange Suit, E01 something you have. AKA using the Two Factor Authentication module on a Drupal website
Trust, authentication. The key factors of the internet in this age where hacking, privacy and security are the biggest threat to freedom on the Internet. Trust starts with authentication. Authentication starts with identification. For some good background, the decade old keynote of Dick Hardt with regards to identity, it is still a classic.
The old adagium is that good authentication can be done by using three factors, something you know, something you have and something you are. For example, a pincode (know), a key (have) and a photo (are).
Two factor authentication combines two of these three for identification, often a password and a one-time-usable code delivered via the phone that you have. Two factor authentication is standard in the offline world, a driver's license (have) with a photo (are) or a bank card (have) with a PIN code (know). And it is about time that we use this Two Factor Authentication (TFA) as the basis for our web presence as well, to log in to your mail, your bank account and to your Drupal website.
This will prevent ugly security incidents or frontpage defacements. People reuse passwords, write them down never change the passwords, have listed passwords or share them and if you have a website where editers and administrators can publically can log in, you will have a security incident waiting to happen.
On drupal.org we use TFA for higher roles. The module being used as d.o is https://www.drupal.org/project/tfa and I do think it should be on every Drupal site.
I always wanted to start a screencast series on Drupal modules for site builders. So it was only logical that the TFA module was the first module I used for this vlog. You can see the screencast called "The Orange Suit" episode 1, "Something you have" and hear why you need this module, how to configure the module and what the module does.
Suggestions for the next episode are welcome as well via one of those channels.
We have got to learn to address humans. Not just humans who can code. That is, if we want to be a true community for a product. A product that is well designed and does attract both the business and the user to participate in the product, the process and hence the community.
Leaderers. Entrepeneurs. Visionaries. Testesters. Document writers. Project Managers, marketeers. To name just a few. Of course developers can also have the skills to do these jobs, an often overlooked fact. But someone who is "just" a marketeer, will not come for the code. (S)He might come for the job at hand, money that might be involved, the functionality, but the best reason why an external non developer should come to the community to help out, is the community that is helping her/him out. Not clean lines of code, but helping hands of love.
DrupalJam -organised by the Dutch Drupal foundation- will be held in Utrecht, April 30 and it really represents the helping hands -not just the lines of code- of the community. With keynotes from Bruce Lawson ( HTML fame), Marco Derksen (digital strategist, entrepreneur) and featured speakers like Jefrey Maguire (moustache fame, D8), Anton VanHouke (leading design agency in the NL, introduced scrum in to strategy and design), Stephan Hay (designer, writer) and Ben van 't Ende (Community Manager for the TYPO3 Asssociation).
The event will be held in an old industrial complex as can be seen in these shots
I am really looking forward to this event, it has a long tradition and always strengthened the community and brought in new blood. People who "Come for the business and stay for the community" Those who come of the need for design and stay for the love. Or love the functional and stay for organising the next DrupalJam.
Both Drupal agencies and individuals who have achieved extraordinary results get special recognition from inside and outside the Drupal community. The international jury selects winners out of hundreds of contestants in several categories including best government project and best Drupal theme.
The jury includes well known people in the broader PHP and Drupal community from all around the world: Joost de Valk (SEO WP fame) , Moshe Weitzman (contributor since 2001), Jeffrey "jam" McGuire (evangelist with a mo), Holly Ross (Executive Director DA) , Morten Birch Heide-Jorgensen (enfant terrible and good friend :-)), Stefan Koopmanschap (PHP / Symfony guru from the Netherlands) , Guido Jansen (magento fame) and Robert Douglass (SOLR fame and most of all around friendly chap) will select the ten winners who will walk home along the canals with a great award and a smiling face.
There are 10 awards to be given, from architecture and commerce to best governmental site and theme. The award self will be held for some 100 people, in an old cinema in the centre of Amsterdam. We are really looking forward to this event. And in fact, it will be the last event of the year for the Dutch and a great year it has been.
From a record breaking DrupalJam, via the social events around DrupalCon to 100's of students getting a free training on the Drupal Training Day and now the bowtie SplashAwards, showing of the Dutch Drupal community never was better.
Drupal evolved towards this from a blog alike system 10 years ago, a content type with user generated comments below. Back then everybody knew that you should filter User Generated Content and stripe the HTML if you cared about the site. Many other systems up to today however do not filter UGC good enough; user signups, search input and many other ways a user can give input ot the system.
Now Drupal is talking to other systems, combining data from multiple sources, devs still need to understand that one should ***never*** trust input data, no matter if the source is another database or a user.
Because, what could possibly go wrong with just displaying this data directly or injecting it in the database? Why should you "checkplain" the TXT fields in zone of a domain? Why?