The Orange Suit, E01 something you have. AKA using the Two Factor Authentication module on a Drupal website

Trust, authentication. The key factors of the internet in this age where hacking, privacy and security are the biggest threat to freedom on the Internet. Trust starts with authentication. Authentication starts with identification. For some good background, the decade old keynote of Dick Hardt with regards to identity, it is still a classic.

The old adagium is that good authentication can be done by using three factors, something you know, something you have and something you are. For example, a pincode (know), a key (have) and a photo (are).

Two factor authentication combines two of these three for identification, often a password and a one-time-usable code delivered via the phone that you have. Two factor authentication is standard in the offline world, a driver's license (have) with a photo (are) or a bank card (have) with a PIN code (know). And it is about time that we use this Two Factor Authentication (TFA) as the basis for our web presence as well, to log in to your mail, your bank account and to your Drupal website.

This will prevent ugly security incidents or frontpage defacements. People reuse passwords, write them down never change the passwords, have listed passwords or share them and if you have a website where editers and administrators can publically can log in, you will have a security incident waiting to happen.

On drupal.org we use TFA for higher roles. The module being used as d.o is https://www.drupal.org/project/tfa and I do think it should be on every Drupal site.

I always wanted to start a screencast series on Drupal modules for site builders. So it was only logical that the TFA module was the first module I used for this vlog. You can see the screencast called "The Orange Suit" episode 1, "Something you have" and hear why you need this module, how to configure the module and what the module does.

Please leave a comment with your feedback on the youtube video, if you just liked it, thumbs up on youtube: and do follow "The Orange Suit" on facebook and twitter

Suggestions for the next episode are welcome as well via one of those channels.

DrupalJam 2015, come for the Jam, stay for Drupal

Drupal. I didnt come to Drupal code 14 years ago, I came for the community and stayed for the functionality. That is part why I never liked the "Come for the code, stay for the community" slogan. Sure, it is a perfect cheesy slogan. If all you want attract are coders in the community, it is even a perfect slogan. For a perfect community, of perfect happy coders.

We have got to learn to address humans. Not just humans who can code. That is, if we want to be a true community for a product. A product that is well designed and does attract both the business and the user to participate in the product, the process and hence the community.

Leaderers. Entrepeneurs. Visionaries. Testesters. Document writers. Project Managers, marketeers. To name just a few. Of course developers can also have the skills to do these jobs, an often overlooked fact. But someone who is "just" a marketeer, will not come for the code. (S)He might come for the job at hand, money that might be involved, the functionality, but the best reason why an external non developer should come to the community to help out, is the community that is helping her/him out. Not clean lines of code, but helping hands of love.

This is I am active in the Drupal community, to help out to get others on board. With a rocking team ( Marja, Imre, Rolf and Peter and others) we are organising the DrupalJam event in the low lands. The DrupalJam started with 20+ persons and pizzas in a room and is now a big event with over 300 people attending, over 25 sessions and a budget in the tens of thousands.

DrupalJam -organised by the Dutch Drupal foundation- will be held in Utrecht, April 30 and it really represents the helping hands -not just the lines of code- of the community. With keynotes from Bruce Lawson ( HTML fame), Marco Derksen (digital strategist, entrepreneur) and featured speakers like Jefrey Maguire (moustache fame, D8), Anton VanHouke (leading design agency in the NL, introduced scrum in to strategy and design), Stephan Hay (designer, writer) and Ben van 't Ende (Community Manager for the TYPO3 Asssociation).

And like last year, Dries will do a virtually Q-and-A. If you want to ask him nearly anything, do so at this form.

The event will be held in an old industrial complex as can be seen in these shots

I am really looking forward to this event, it has a long tradition and always strengthened the community and brought in new blood. People who "Come for the business and stay for the community" Those who come of the need for design and stay for the love. Or love the functional and stay for organising the next DrupalJam.

PS: Now this head has rolled, it is time we decide what we do the body. If you have 5 minutes of your spare time, read this post and if you have one minute more, see this one from 2008 as well.

Drupal SplashAwards 2014

On december 12 the Dutch Drupal Foundation will organise the first edition of the "SplashAwards". This award is to put outstanding projects in the spotlight, the best Drupal projects and community contributions from Belgium and The Netherlands.

Both Drupal agencies and individuals who have achieved extraordinary results get special recognition from inside and outside the Drupal community. The international jury selects winners out of hundreds of contestants in several categories including best government project and best Drupal theme.

The jury includes well known people in the broader PHP and Drupal community from all around the world: Joost de Valk (SEO WP fame) , Moshe Weitzman (contributor since 2001), Jeffrey "jam" McGuire (evangelist with a mo), Holly Ross (Executive Director DA) , Morten Birch Heide-Jorgensen (enfant terrible and good friend :-)), Stefan Koopmanschap (PHP / Symfony guru from the Netherlands) , Guido Jansen (magento fame) and Robert Douglass (SOLR fame and most of all around friendly chap) will select the ten winners who will walk home along the canals with a great award and a smiling face.

There are 10 awards to be given, from architecture and commerce to best governmental site and theme. The award self will be held for some 100 people, in an old cinema in the centre of Amsterdam. We are really looking forward to this event. And in fact, it will be the last event of the year for the Dutch and a great year it has been.

From a record breaking DrupalJam, via the social events around DrupalCon to 100's of students getting a free training on the Drupal Training Day and now the bowtie SplashAwards, showing of the Dutch Drupal community never was better.

Never trust data, no matter what the source is

xss in the zoen boerland.com
Drupal is becoming increasingly a backend CMS. For editers so they can easy manage their content while for example AngularJSis delivering the content. Or as a backend hup combining content from multiple sources, databases and systems.

Drupal evolved towards this from a blog alike system 10 years ago, a content type with user generated comments below. Back then everybody knew that you should filter User Generated Content and stripe the HTML if you cared about the site. Many other systems up to today however do not filter UGC good enough; user signups, search input and many other ways a user can give input ot the system.

Now Drupal is talking to other systems, combining data from multiple sources, devs still need to understand that one should ***never*** trust input data, no matter if the source is another database or a user.

Because, what could possibly go wrong with just displaying this data directly or injecting it in the database? Why should you "checkplain" the TXT fields in zone of a domain? Why?

Corporate Social Responsibility and using Open Source

A star in a network
It may differ per country and continent, but for most of the regions I know of, Corporate Social Responsibility (CSR) has become a standard within corporations as a way of buying, selling and producing goods and services. We all know that resources are scarce and hence should be used for the best possible use and more important, reused when possible.

By reusing resources to produce new goods or services, we make optimal use of that what is there. This is no longer a “left" or “green" political statement but is being executed by all parties in the political and economical arena, simply because it is in the interest of the person doing so as well as all other persons. It makes economical sense to reuse resources, be good for persons, the community and the environment. Even if it was just for the tragedy of the commons or from a prioner’s dilemma point of view. For those interested in how doing good or bad impacts the group, this academic PDF might be a good start. If you master Dutch this TED quality keynote during a DrupalJam conference of my friend Yoast on vimeo is truly something to watch.

Garden city of to-morrow

So it is my opinion that CSR has moved beyond empty platitudes and has become truly in the genes of people and companies. Many people think that CSR started as corporate philanthropy, a way of the rich to donate to the poor. I don't think this is true, in every revolution, there have been powers to do good for the environment, the people and the community. For example during the Industrial Revolution there was a very strong new socialism trend with taking care of the housing, commnities and villages of the workers, “The garden cities of to-morrow". Not because “the Rich" want to do good perse (“philanthropy"), but because it made sense economically; less death and diseases (less risk) and a richer and happier workforce (and new business models around this growth).

Urban gardening

Most of the definitions I have seen of CSR have in common that it is an integral vision towards sustainable business with social responsibility in business decisions to balance the social and economic impact of the decision. That by itself is an excellent definition and one that will be supported by anyone who is been doing business. The implementation most see however is to have a policy on carbon footprint in a company or to only buy agricultural products that are produced in a sustainable way, without pesticides. All fine.

But it seems that there is a very easy way to have implementation of CSR: by using a product that is produced to be be reused, made with the knowledge of thousands and with target audience of the world. The product that is not wasting a single second of the future and not wasting a drop of the paste. Indeed, I am talking about using open source software (OSS)!
OSS is by definition made with CSR in mind, it is being produced by different people all over the globe to be reused for you and your knowledge will be direct input for making the product better, iterate on the development and implementation.

And hence, a company that is using open source has a sustainable competitive advantage by using valuable rare resource in the most optima form. Therefor I dare any company that is using software to produce goods, to take using open source software into account and into its’ Corporate Social Responsibility policy. For by using open source software, we can truly make a better world by using more knowledge and less resources.

A very healthy situation for any company.


PS: if you want more information on this vison, do visit the 12 Best Practices from Wunderkraut session at the DrupalCon Amsterdam. Or visit Wunderkraut at booth number 1 in the sponsor lounge, right by the coffee! We are part of the community that uses and make open source software. With passion.

XML feed