Jaza's World Trip

DrupalCon, day 1

The first day of my first-ever DrupalCon was very full-on. Jam-packed with meeting famous people, having heated discussions, and attending a plethora of sessions. It felt absolutely gawddamn amazing to finally make it to one of these things. Read on for my shpiel on the various sessions that I attended today, and on what happened at them.

Rasmus Lerdorf: PHP, performance, and security

Rasmus is the founder of the PHP programming language, as well as an excellent presenter. He gave some pretty hard-hitting reports on security, focusing in particular on XSS. He gave some examples of vulnerabilities that were wackier than anything I've ever seen before, including embedding JavaScript attacks inside HTTP request headers, and escaping out of strings and putting executable JavaScript by using HTML-encoded quote characters (WTF?!?!). He also gave a report card for a number of CMSes and their web sites, including drupal.org, and he found live XSS vulnerabilities for every single one that he reported on.

Rasmus talks serious security stuff.

James Walker: OpenID in Drupal

Very cool presentation by walkah on what OpenID is, on the security implications, on the practicalities of implementing it, and on why Drupal needs it. A lot of people, including myself, asked some very cynical and critical questions at the end of this session, and we got some great room discussion going on the plusses and minuses that exist in this domain. Looks like OpenID is happening: it's going into core real soon.

Walkah on OpenID.

Károly Négyesi: The new Drupal menu system

Crazy talk by chx, the Hungarian nutty professor of Drupal, that basically went through the code for the new menu system line-by-line. I didn't understand everything that was said (nor did anyone else, no doubt — after all, this is chx!), but walking through the code helped me understand the magic of it all a bit better.

Lunch

Yahoo! provided some nice pack lunches of wraps and potato chips. Had a good chat with such famous people as Rasmus Lerforf, Nick Lewis, Jeff Eaton, and others.

Steven Wittens: designer eye for the geek guy/gal

Only made it through half of UnConeD's first session for DrupalCon Sunnyvale '07. Lots of interesting but heavy stuff on typography, colour palette selection, colour theory, intelligent spacing and positioning, etc. Very useful stuff, but I doubt that even after 10 of these sessions, I'd be able to design anything half as kickass as what UnConeD whips up.

Robert Douglass and Doug Green: core search, CCK and Views

Rob told us some stuff that very few of us knew about UnConeD's awesome work on the new search system. For example, it includes built-in support for altering the score of search results based on hyperlinks to other search results, and it has hooks that allow things such as catering for stemming of words. That is so damn cool it's not funny — despite not giving such kickass results all the time, Drupal's built-in search module has many of the features that make real search engines, such as Google, tick!

Filed in: SunnyvaleTechnologyDrupalCon