Here's a Frappr map showing some Drupal users. A few months ago Colorado had just one lone dot (but many users). As of this post it's got 4 users registered with Frappr.

Groups.Drupal.Org promises to replace this but in the meantime, Frapp away.

So, if you have Drupal installed and maybe even configured and now you're saying hey, what database do all of my installations use? Are my settings files secure?

Well, you already know that I love DreamHost because of the shell access and why?

Well, fun stuff like this!

Drupal's Scripts

There's a few fun examples in the base directory of your drupal install in the scripts folder. code-clean.sh will get rid of backup files and clean up the code. There are also examples of scripts to use to call the site's cron script (you are doing that, aren't you? here's why you should) Lots of fun examples in that scripts directory.

A little database security

Let's say you have a bucket of domains hosted on the same account so they are all in the same home directory and you just realized that your settings.php files are readable by other people with shell access (permissions of 644) which is necessary on many shared hosting accounts because of the way they run PHP, but not necessary on DreamHost using php running as your user. If someone has the information in your settings.php file, they could get into your mysql database with some decent privileges. Yikes! So, just use this one liner to find those files, and chmod them down to something more reasonable like 600.

Find the files and list the permissions:

find ./ -name 'settings.php' -exec ls -l {} \;


And then to tighten down those permissions:


find ./ -name 'settings.php' -exec chmod 600 {} \;


Great! Security, and only one line of commands.

To break down what's happening in that line, I use the find command to find files. ./ is expanded by the shell to look for anything in the form {stuff}.{stuff} such as "knaddison.com" so that it looks in all the directories that correspond to domains. I have lots of other directories in my home folder, but I know I don't need to search those so I don't want to waste my computer's time. Next, I use the -name flag to only look for the file called "settings.php". Fair enough. Then, I use the "exec" command to call chmod.

Shortly after reading Steve Dondley's message about giving credit for Drupal commits I actually made a patch for a problem with node preview that got committed. You can see the commit message in cvs log for node.module

There it is:

Note: this is a really bad way to do this - see the comments for the right way.

I disagree on this point, but a friend asked and other folks have previously been confused so I removed the "not verified" label from a site and I was confused on where to do it. A little bit of grepping and I found it's in common.inc:

@@ -898,7 +899,8 @@
$output = $object->name;
}

Continuing on from the project I just mentioned...I wanted to remove the list of pages (which is analogous to a table of contents) from the book pages. On this particular site I'm using the book block on the right hand side, so having this information on the bottom of top level page makes for duplication of links and just seems plain funny. Below is the relevant diff -u on the subject:

So, I'm converting a site from a current static HTML version to a drupalized version and in the process we are taking comments that were created over email from a "contact me mailto:" email on the old site and putting them into forum discussions on the new site. Most of the discussions were "receive email, send response" variety, so it's just a node and a comment.

In order to give a feel of the time of the original email and the response, we used the node administration facility of setting the time when creating the nodes. That works great, but when you enter comments you don't have the same control over the time. So, we calculated the average response time in the emails and decided to set comments to be that far in the future after their node. The first curious thing to me was figuring out what dates in Drupal are based on - turns out it's the Unix Timestamp which is fairly common.

So, armed with the knowledge that the average comment lag was 183807 seconds, I ran the following sets of queries to get the desired offset:

mysql> create table gjk_junk as SELECT n.nid, created +183600 as new_time FROM node n inner join comments c on n.nid = c.nid;
Query OK, 19 rows affected (0.96 sec)
Records: 19 Duplicates: 0 Warnings: 0

mysql> create table comment_bak as select * from comments;
Query OK, 19 rows affected (1.61 sec)
Records: 19 Duplicates: 0 Warnings: 0

mysql> update comments c, gjk_junk g set timestamp = new_time where c.nid = g.nid;
Query OK, 19 rows affected (0.20 sec)
Rows matched: 19 Changed: 19 Warnings: 0

mysql> select c.cid, c.timestamp, b.cid, b.timestamp from comments c inner join comment_bak b on c.cid = b.cid;
+-----+------------+-----+------------+
| cid | timestamp | cid | timestamp |
+-----+------------+-----+------------+
| 2 | 1140696532 | 2 | 1141291314 |
| 3 | 1110370045 | 3 | 1141291509 |

Spam is a problem, right? Everybody hates it except for the people making money on it.

Penny Email

Currently, spam is a cost to the service providers (it uses large amounts of network and disk space - fortunately, both of those are fairly cheap) and it's a problem for people who don't have unlimited time in their lives.

A while ago I subscribed to Computer Power User and read an article by Rob Malda (cmdrTaco to you /. folks) about charging a penny per email.