Bryan Ruby


Thoughts, Words, and Deeds

Red Stool

Red Stool

I wonder where that old red stool from my childhood went?

This little stool is mine
I use it all the time
to reach the things I couldn't
and lots of things I shouldn't.

 

 

Drupal Security: Not Shocking but Responsible

Over the years, I've made it an unwritten policy not to sensationalize bug fixes and security vulnerabilities in content management systems. While there may be great interest in such stories, I believe such stories have a tendency to cause more harm than good. When sensationalized, such articles tend to cause customers to address security concerns with emotion instead of logic which is never a good thing. So, when the security vulnerability known as "Drupageddon" broke and Drupal developer Bevan Rudge posted "Your Drupal website has a backdoor", I knew this story was going to eventually reach mainstream media. In the meantime, I've been struggling on how best to write this article and what story need to be told.

For those that don't know, Drupageddon is the highly critical SQL injection vulnerability in Drupal 7 core and was fully disclosed by the Drupal Security Team in SA-CORE-2014-005. Since the dawn of time when databases were introduced to websites, SQL injection vulnerabilities have been discovered and in the majority of cases when found are patched by their developers and system administrators. What makes Drupageddon particularly nasty is the vulnerability can be exploited by users not even logged into your site (in Drupal they're called anonymous users). Worse, if you didn't update your site quickly enough, your site may still be compromised even after applying the fix (in Drupal 7.32 or later versions).

The great ENIAC

ENIAC (Electronic Numerical Integrator And Computer) in Philadelphia, Pennsylvania Glen Beck (background) and Betty Snyder (foreground) program the ENIAC in BRL building 328

After spending most of my years years in grade school working hard on experimental science fair projects and not receiving a ribbon, I finally gave up and wrote a "non-experimental" paper on the history of computers in the eighth grade. Despite the paper being weak even for eighth grade standards, I finally won a ribbon (third place) in the school science fair. Remember, this was the early 1980's and everyone was still fascinated with the then new concept of computers entering "everyday" life. Why am I going down memory lane? Well I came across an article on the 60th anniversary of ENIAC  [via news.com, broken link] the "first" computer built which of course was mentioned in that paper of mine some 25 years ago.

Though, only to find out after reading the article, ENIAC wasn't the first computer and it really didn't do a whole lot. They just had a good public relations department that explained well to the American audience what role the computer would play in the future. If you read the article you'll find (not included in my excerpt) that the PR people went so far to include the placing of flashing light bulbs on the computer console so that people had something to look at besides vacuum tubes and switches. Still, you have to admit it was an amazing engineering achievement despite needing a good marketing campaign to go along with it.

Her Story: Karen and the F-16

Karen Ruby getting ready in the F-16 2-seater

Not long ago, my wife retired from the Air National Guard after having previously served in the U.S. Marine Corps. With 24 years of military experience, those that serve are almost always bound to walk away with a story or two to tell. This is one of those stories. In January 2006, Karen was given the opportunity to fly in the backseat of an F-16 (General Dynamics Fighting Falcon). Below, in her own words is what Karen experienced during that flight. She originally wrote this on our family blog that we're shutting down, but I felt compelled to make sure her story lived on within the contents of this blog.

Since retirement, Karen has become an accomplished photographer and is currently employed by a local capital investment group. 

Is the end near for large professional organizations?

Last month, the Board of Directors for the Content Management Professionals announced the ending of CM Pros. The decision to close down the organization was evidently made by the Board in Summer 2014.

A couple years ago I joined CM Pros, paid for membership, never got billed, and never heard back from the organization. Knowing that some good people were involved in the organization told me that they were facing an uphill battle. The battle for an organization to have identity and play a role in the industry they wish to advocate.

The creation of CM Pros dated to the early 2000s. The organization was originally designed to unite professionals in all facets of the content management world.

In the years since, that world fractured and subdivided considerably, and other organizations emerged to serve the needs of the resulting sub-audiences. In particular, the emergence of the "content strategy" segment of the industry subsumed a large portion of the audience that CM Pros was originally intended to represent.

Given that the audience had become broad and fractured, the concept of a "content management professional" became too vague to effectively support. Thus, the Board determined that the organization had run its course and come to a natural end.

The LinkedIn group is still available, though it no longer represents any formal organization. It is unmoderated and open for unrestricted membership.

Although the CMS Pros didn't play a significant part in my content management endeavors, I'm nevertheless a little saddened by their departure. I understand the difficulties of advocating the technical side of content management when the more glitzy marketing side of the house is talking content strategy. But this isn't the cause of my sadness, it's my nostalgia for the days professional organizations had real value to people like you and me.