BobbyMods

As our community grows, it is imperative that we preserve the things that got us here; namely, keeping Drupal a fun, welcoming, challenging, and fair place to play. The new Drupal Code of Conduct (DCOC) states our shared ideals with respect to conduct. Think of this as coding standards for people. It is an expression of our ideals, not a rulebook. It is a way to communicate our existing values to the entire community.

Our friends at Ubuntu have blazed a brilliant trail in this area. They use Drupal as their CMS, and in turn we have embraced their Code of Conduct. This code of conduct is essentially identical to that used by Ubuntu, except that the name of the project has been changed, and the conflict resolution process has been removed since we don't have one.

The DCOC has been under discussion for several months on groups.drupal.org and discussed further at Drupalcon Conpenhagen. Folks who are interested in talking more about the DCOC should do so in the Drupal.org Policies group.

The short version:

1. Be considerate
2. Be respectful
3. When we disagree, we consult others.
4. When we are unsure, we ask for help.
5. Step down considerately.

read more

This past March, I decided it was time to put my skills as a Drupal developer to use and launch a new online business. I knew early on that I wanted this business to be product-based, and after several weeks of playing with different ideas, I settled on selling premium Photoshop layer styles. It was the perfect opportunity to combine my love of photography and Photoshop with my passion for web development and Drupal.

Several months of product development later, StyleWorks was born. The site runs on Drupal 6, and integrates with FastSpring for e-commerce capabilities.

After iterating through several hundred designs in Photoshop, I finally had the look I wanted to go with, and it was time to make it come alive in Drupal. But first, a key decision had to be made: Start from scratch, or go with Zen?

read more

In 2009 Appnovation Technologies was asked to design and develop a Drupal based community and e-commerce website called Cargoh. The driving idea behind the site is to create a “social marketplace” for independent artists from all over the world to be able to showcase and sell their products and services. It features community tools such as forums, an internal messaging system and events section.

Cargoh.com was founded by Paul and Cariann Burger when they noticed the lack of avenues for independent artists, designers and musicians to get their work to the world. They realized that some of the most talented people in the world were making them coffee in the morning at the local coffee shop. They set out to change that by creating a super accessible, highly affordable and unbelievably feature rich venue for artists, designers and musicians to sell the things they create. Above that, they wanted to create the world's best online shopping mall for all the uniquely independent products in the world. So from those two missions, Cargoh.com was born. The world's most exciting social marketplace for independent creatives!

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-089
• Project: Simplenews content selection (third-party module)
• Version: 6.x
• Date: 2010-August-18
• Security risk: Less critical
• Exploitable from: Remote
• Vulnerability: Cross site scripting

read more

In this webinar we will explore the use of MySQL as the underlying database for .NET applications. Using several example programs, we will dive into how to develop a few starter applications for MySQL in C# and ASP.Net using Visual Studio. We will also guide you through the process from installing MySQL Connector/NET, setting up Visual Studio, starting a project, designing, coding and running these simple .NET apps. If you are in need of a quick jump start for developing your own .NET applications with MySQL, this webinar is for you.

In Part 2 of a three-part performance series, MySQL performance expert Brian Miezejewski will take you beyond the basics and show you the next set of steps to take when architecting your product's MySQL embedded or bundled database for higher performance and customer satisfaction. Brian has many years of consulting experience helping some of the world's largest software and appliance vendors achieve MySQL performance gains of 50% to 500% in their products.

In this session, Brian will build on this steps he covered in Part 1, the Fundamentals and will review the following, more advanced topics:

1. Monitoring - How to know what’s going on
2. Data and Key Caches
3. Sessions
4. Tuning - Even with other applications on the server
5. Sorting
6. Other Server Tuning Tips

Part 3 will build on Parts 1 and Part 2 and will be held in November. Check the MySQL Live Webinars page for the exact date.

Founded in 1991, The Cara Program is a Chicago-based non-profit that empowers men and women affected by homelessness and poverty with the skills, confidence and resources to secure and sustain quality jobs and achieve long-term success. Since their founding, they have placed more than 2,500 individuals into full-time, rewarding positions with leading Chicago area companies such as ABM Lakeside, The Hilton Hotels, JP Morgan Chase, Sodexho, and more.

The Cara Program sought a redesign of their static website, one that engaged visitors by quickly delivering key information that was clear and concise, and could be easily maintained by Cara staff. Being a non-profit website, they also needed a way to accept donations, recruit volunteers, allow visitors to join their mailing list, and recruit sponsors and employment partners. In addition to being able to simply accept donations, they wanted to eventually “empower” donors to use social media and/or other outlets to spread the word, champion their cause and help others donate or otherwise support. The ability to share some content also needed to be a feature on The Cara Program "child" program websites: Clean Slate, Quad Communities and Career Pathways.

Duo Consulting was chosen to implement their goals and Drupal was the platform chosen.

read more

It's time for another update from DrupalCon Copenhagen! This time around we have updated information on the core developer summit, the unconference, and the code sprint.

First of all, we are happy to announce that the final version of the program is now available on the site. The few remaining slots in the schedule will be used for sponsor sessions and lightning talks. We'll try to keep schedule changes to a minimum, but if we do have to shuffle a few sessions around, this is the page to watch. Also, we'll make the entire program available as a PDF if you would rather keep it on your laptop or print a copy to keep in your pocket during the conference.

Now that the program has been finished, you can start planning your DrupalCon Copenhagen. Go to the session schedule and add all your favorite sessions to your personal schedule. You can see a list of your chosen sessions by going to your user profile and clicking the "My schedule" link.

If you're in Copenhagen on Sunday, August 22nd, and interested in helping improve Drupal core, you should participate in the Core Developer Summit. The summit will provide opportunities both for people to discuss changes to Drupal code and processes as well as people interested to move Drupal 7 closer to release. The summit will start wit three shorts sessions by Dries Buytaert, Sam Boyer, and Jen Simmons. After the kick-off sessions, the summit will break up into two groups, with plenty of space to be fruitful and get stuff done. All ideas are welcome!

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-088
• Project: Content Construction Kit (CCK) (third-party module)
• Version: 6.x
• Date: 2010-August-11
• Security risk: Less Critical
• Exploitable from: Remote
• Vulnerability: Access Bypass

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-087
• Project: GovDelivery Integration (third-party module)
• Version: 6.x
• Date: 2010-Aug-11
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Cross site scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-086
• Project: Prepopulate (third-party module)
• Version: 5.x and 6.x
• Date: 2010-Aug-11
• Security risk: Moderately Critical
• Exploitable from: Remote
• Vulnerability: Access Bypass

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-085
• Project: Pathauto (third-party module)
• Version: 5.x, 6.x
• Date: 2010-August-11
• Security risk: Less critical
• Exploitable from: Remote
• Vulnerability: Cross Site Scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-084
• Project: OpenID (third-party module)
• Version: 5.x
• Date: 2010-Aug-11
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Authentication bypass

read more

• Advisory ID: DRUPAL-SA-CORE-2010-002
• Project: Drupal core
• Version: 5.x, 6.x
• Date: 2010-August-11
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Multiple vulnerabilities

read more

Drupal 6.18 and 5.23, maintenance releases which fix security vulnerabilities are now available for download.

Drupal 6.19 also fixes other small issues reported through the bug tracking system.

Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement, more information on the 5.x releases can be found in the Drupal 5.0 release announcement. Drupal 5 will no longer be maintained when Drupal 7 is released. Upgrading to Drupal 6 is recommended.

read more

This post is part of a series to inform the Drupal community about the drupal.org redesign project, and the work the Drupal Association is funding to help get the redesign completed. If you would like to contribute to the redesign as a volunteer, see the community initiatives redesign page. If you'd like to contribute to the redesign financially, see the Drupal Association memberships and donations pages.

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-083
• Project: UC2Checkout, UCPaypal, UC Cart LInks (third-party modules in the Ubercart Project)
• Version: 5.x, 6.x
• Date: 2010-Aug-11
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Access Bypass, Cross Site Request Forgery

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-082
• Project: Printer, e-mail and PDF versions (third-party module)
• Version: 5.x, 6.x
• Date: 2010-August-11
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Local file read access

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-081
• Project: FileField Sources (third-party module)
• Version: 6.x
• Date: 2010-May-19
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Arbitrary Code Execution

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-080
• Project: Privatemsg (third-party module)
• Version: 6.x
• Date: 2010-August-11
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Cross-Site Scripting

read more