Security Team Activitiy in 2007 by the Numbers

While the rest of this post looks back at 2007, I'd like to throw some attention to the security presentation at DrupalCon Boston.

2007 was a busy year for the Drupal Security Team. That's not to say that Drupal is unsafe but that security requires a lot of work. The nature of the work makes it hard to communicate exactly what is going on. So here is an attempt to share some information about the past year for the security team.

Releases, Reports, and Discussion

The team issued 37 Security Announcements (SAs), representing more than 100 patches released. Each SA requires at least 1 patch and 2 reviews (review before the patch is made to find other security holes and a second review to ensure that the hole has actually been fixed). Most issues involve multiple patches and multiple reviews. Each also requires the SA to be written and reviewed, the patches to be committed, release nodes created, published, drafts copied from to, and flipping publish/status bits on a few nodes around our infrastructure. All of that work was done 37 times last year or approximately once every 10 days. For comparison, 2006 totaled 32 SAs.

For each issue, there are more problems reported which turn out not to be issues. See Howto report a security issue and My Site Was Defaced ("hacked") What Should I do Now? for more information about how to report issues properly and with sufficient information. You can get a sense for the amount of discussion of security related topics and also of false reports based on the volume of emails to the internal mailing list:

Individual mails to the security team:

Glass Castle by Jeanette Walls

One of the nice things about being on a trip is that it gets you out of your normal habits and gives you more free time for things you don't prioritize at home like reading.

Nikki and I both just finished off The Glass Castle by Jeanette Walls. It was a surprisingly good book - quite a fast read but still thought provoking. I was amazed at how often I agreed with her parents (if you haven't read the book, the central premise is that the parents are crazy). The major conclusion we both drew was, of course, that people can survive from some pretty horrible situations. Some fun sub-ideas were that American mainstream is so crazy that even some nutty individualists are right a lot of the time. And we both agreed that Jeanette Walls writing was stunning. It really puts you into the mind of a child at the age she was in the biography and makes you think of the world with wide-eyed-wonder.

It's definitely highly recommended by both of us. Thanks to Mom Kneser for the gift! We passed it on to our friend Eliana which would probably make Jeanette's mom happy by not just throwing it out ;)

To "boje the sequence" - to mess up

I went on a month long backpacking trip when I was 16 with an organization called NOLS. It was good fun and I learned quite a bit

My trip leader was Laura Ordway and she had this great phrase:

Boje the sequence

When you "boje the sequence" you messed up. You did something in the wrong order, or didn't do a step, and it has effects on other steps in a process. I'm not sure whether part of the definition includes that it's friendly, or if that was just Laura's way, but it's something you can say to a friend who has messed up and it has an undertone of "It's OK, I'll help make it right". I looked around and didn't see that on the internet, so I thought I'd include the knowledge here in case anyone else needs a good phrase like this.

Yay WRW61394!

Google Reader now Searches - I'm a Genious!

According to their blog, Google Reader now searches. Brilliant idea!

Note that I had this idea almost a year ago (my post on searching google reader). More great tips are available for a variety of companies on the old freedbacking link. Ideas like improvements for Google Documents for example.

Note to my readers: give this a shot yourself and be sure to use the freedbacking tag as suggested by Chris Pirillo.

Adobe to Offer Productivity Software ("Office" Software)

So, it turns out that Adobe offering a productivity software is a total rumor, but in discussing it at lunch we came up with some great ideas...

If Adobe Made Productivity Software

  • It would cost $2500 and you'd have to upgrade every 2 years, but don't worry, your kid brother can get you an education copy for $250
  • It would take 3 minutes to boot up, but have a beautiful interface
  • Interoperability with Flash/PhotoShop/Illustrator would be great, but the files (minimum size of 300MB) would be a proprietary format that would be unreadable by other software.
  • Versions for Intel Mac wouldn't be available until two years after the general availability even though Intel Mac is the number-one target consumer

slightly more risque content after the "jump"

Laptop Sleeve for 17" Dell Inspiron E1705 and 9400/9300

I wanted a sleeve for my Dell Inspiron E1705 (which is basically the same machine as the Inspiron 9300/9400) but couldn't find many good reviews online. Some said it would fit in XYZ sleeve and others would say it wouldn't fit in the same sleeve. So, I traveled to a few local computer supply shops and found several things. First, OfficeMax/OfficeDepot suck for laptop sleeves. They have lots of briefcases.

CompUSA (which I generally hate because of their return policy) at least had a decent selection of briefcases, sleeves, and psuedo sleeve-briefcases. I already have lots of bags - I didn't want yet another briefcase or even a briefcase-sleeve combo. I just want a sleeve that will protect my machine inside of whatever crazy bag I may slide it. I tried out the inCase 17" neoprene sleeve which was in the Apple section of the store because it's "for the MacBookPro". In fact, it works great for the Dell Inspiron 17" series machines even though the Inspirons are much fatter than the MacBookPro. I don't usually zip it up because it seems unnecessary and is a bit of a pain. I have to pull the neoprene pretty tight to get the zipper to close so I just don't bother unless I really want to secure it (e.g. sticking the laptop in check-through luggage).

More Fun RainSkirt photos

So, I showed my mom the RainSkirt photos I took and she hated them. Not hated them, but hated the fact that they were untouched. I like things in their "natural state" and generally don't touch up my photos, but now that I see her work I might be swayed.

comparing these two photos of Nikki in her skirt on that lone rainy day this spring:

the photoshopped RainSkirt photo

the original RainSkirt photo

I just can't complain with those results.

And yes, my mom is much better at photoshop than I am. And yes, you can get your RainSkirt at their website.

Syndicate content