twogrunts  2006-07-18 21:13   

Welcome to TwoGrunts.com

TwoGrunts.com is a collaboration between... well.. two grunts (what were you expecting?)

mike  2006-10-10 14:44  Drupal   

This post on Drupal.org seems to have ignited a firestorm. I think this comment and this one raises a few interesting points.

Drupal has challenges ahead. Usability is an issue. WYSIWYG editing vs. HTML input. Work needed to get a useful, non-trivial website (trivial defined as anything beyond a simple blog site) up and running. The list goes on.

mike  2006-09-12 10:17  Drupal   

I've been working pretty intensely with Drupal 4.7 over the last several months, including creation of custom modules. Here's what I like so far:

• Installation is very straightforward if you have basic unix skills and shell access
• Simple extensibility model
• Simple database abstraction layer
• Nice theming system
• Good performance
• Caching system to help handle slashdotting or being dugg
• Bone-simple module and theme installation mechanism, could be simpler but it's pretty damn good now.

Now, here's what annoys me:

mike  2006-08-15 23:26  Drupal   

This post on Drupal.org is too funny.. and too true.

The red triangle refers to a forumla we've developed that brings the greatest likelyhood of a large project going to hell. The idea of the red triangle is to ensure that the project manager is defacto non-existant. In the classic red triangle flow, the client, and designer directly order the developer, and the developer is given little to no leverage to refactor, or deny their requests. For best results, treat code and development as something like "witchcraft" -- like both witches, developers have magic powers; are not to be trusted; and often will pretend they can't do something because they are lazy. Our research has found that refusal to listen to warnings from developers is the quickest way to hell.

mike  2006-08-02 16:45  Drupal   

I was checking out the 4.7.3 Drupal release that was included with the recent XSS vulnerability in user module security fix.

Here's the complete list of changes, from CHANGELOG.txt:

// $Id: CHANGELOG.txt,v 1.117.2.6 2006/08/02 18:13:26 killes Exp $

Drupal 4.7.3, 2006-08-02
------------------------
- fixed security issue (XSS), see SA-2006-011

Here are the contents of the patch :

Index: modules/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/Attic/user.module,v
retrieving revision 1.612.2.15
diff -u -p -r1.612.2.15 user.module
--- modules/user.module	16 Jul 2006 18:26:56 -0000	1.612.2.15
+++ modules/user.module	2 Aug 2006 18:09:22 -0000
@@ -900,7 +900,7 @@ function user_login($msg = '') {
 
   // Display login form:
   if ($msg) {
-    $form['message'] = array('#value' => "
$msg