- Settings:
Plain layout without fancy styles
Large fonts
Very large fonts
Restful colour scheme
Light text on a dark background

Note: user account creation on this site has been disabled.

Programming, speculative fiction, science, technology
Powered by Drupal, an open source content management system
Include Children
If you select a term with children (sub-terms), do you want those child terms automatically included in the search? This requires that "Items containing" be "any."

Everything in the Events vocabulary

"Events" is used for: Convention Post, Page, Story.

People mentioned in the articles

"People" is used for: Page, Convention Post, Story.

Themes mentioned in the article

"Themes" is used for: Page, Convention Post, Story.
Skip to top of page

Drupal Camp Austin 2010

IMG_1463 Jeff Robbins from Lullabot

There were presentations on everything Drupal-related, from module development to theming, to security, usability, or building large, yet scalable enterprise websites with Drupal. Each of the two days opened with a keynote speech that drew an audience over 300 people into the room. Organizer Todd Nienkirk greeted us with the news that the number of attendees made Drupal Camp Austin the second largest Drupal Camp ever; an hour later, a few last-minute registrations pushed us up to #1.

In his "Whole Lotta Drupal" speech, Lullabot CEO Jeff Robbins named prominent websites that use Drupal, from whitehouse.gov and economist.com, to Grammy awards and record label websites. The most amusing part of his presentation were examples of fake Drupal sites -- clones of well-known web applications recreated with Drupal. Examples were Flickr.com clone Flippr.com (though that domain seems to be vacant at the moment), BaseCamp and Twitter clones, and, most notably, Thieveslist.com -- a clone of Craigslist. "You don't know if stuff on Craigslist is stolen, but on ThievesList you can be sure of that," said Jeff Robbins. He had replicated Craigslist look using taxonomy, Drupal's way of organizing your website's content into hierarchies of tags.

In the last 25 minutes of his talk, Jeff Robbins put together a Drupal e-commerce site before the audience's eyes, using a fairly basic Drupal installation, Ubercart module, and a few other modules, such as Image.

Jeff Robbins pauses his keynote speech to pose for my picture

Jeff Robbins pauses his keynote speech to pose for my picture. More pictures from Drupal Camp Austin 2010 are in my photo gallery.

Sunday keynote speaker was Ben Finklea, CEO of Drupal SEO company Volacci, who gave advice on building a successful Drupal web development business. He started out by trying to dissuade freelancers from making the transition to a business owner. It starts out with you, freelancer, getting more work than you can handle, and hiring your first employee to help out. Suddenly accounting becomes more complicated, so you need an accountant; then you need to keep more and more projects coming in to make a payroll. Thus the process snowballs out of control, and one day you wake up a business owner. Congratulations -- you are now spending all your time finding customers and cleaning toilets in the office (since obviously you're not going to ask your $100/hour developers do that). As a result, you are doing none of the stuff you initially liked -- building websites.

For those who weren't so easily scared, Finklea had lots of advice: create processes (which he illustrated with New Client Setup process on Volacci intranet site, implemented in Drupal, of course), and find your niche. The niche-finding was the most interesting part of his speech. His Pedigree of Drupal diagram was modeled after the Pedigree of Man, and showed an ecology of niches occupied by Drupal companies of various specializations. For example, some of the companies diversify by "survival of the opposite" principle. Let's say company X offers cheap Drupal hosting, then company Y can set itself apart by offering high-end hosting at a much higher price. The companies in the Pedigree of Drupal tree occupy such niches as commercial support (Acquia), hosting (Neospire), training (Lullabot), online training (drupalize.me), SEO (Volacci), localization (iCanLocalize), and designing enterprise websites for various industries: legal (Duo Legal), publishing (Open Publish), even church websites (Mustard Seed).

Comparison of the most recent Pedigree of Drupal slide with the one Ben Finklea showed at Drupal Camp Austin 2009 demonstrated how much Drupal ecosystem grew in one year. There are maybe twice as many companies in the tree this year.

Ben Finklea's Pedigree of Drupal 2010

Ben Finklea's Pedigree of Drupal 2010. Click on the image for a bigger version. More pictures from Drupal Camp Austin 2010 are in my photo gallery.

Ben Finklea ended his talk with an ominous announcement: elephants are coming. Vignette, Accenture, Microsoft -- those companies are now using Drupal. "Get ready to see some very large scale enterprise Drupal implementations. What does it mean for you guys?" he asked small business owners and freelancers in the room. "We're screwed," said a guy in the audience. Ben Finklea awarded him a coupon for a book -- he gave these prizes to people who answered his questions correctly. That didn't mean he agreed that small Drupal web development firms were destined to go under. He wouldn't be surprised if some of those big companies will buy small Drupal shops, especially if those shops are good at something the big company wants to be good at, but doesn't have time to sit down and figure out. Another way this tide may lift the boats of small Drupal developers is that by embracing Drupal, those big companies are also bringing a lot of Drupal jobs.

The camp had many presentations on theming, usability, SEO, integrating Drupal with third party applications, and community building, but with three tracks going on simultaneously, I only attended those talks that were of interest for me as a developer.

Ben Jeavons and Greg Knaddison gave back-to-back presentations on Drupal security. Both covered several scenarios of common attacks, such as cross-site scripting, when a user enters malicious Javascript in a form. It can lead to such disasters as letting the attacker shop for free at a Ubercart site. Greg Knaddison also covered cross-site request forgery, a way for attacker exploit the trust a web site has in the victim's browser. He showed us how a malicious user can embed in an <img> src attribute a request to delete all the users of the website. It will be executed when another user with sufficient administrative privileges logs in to the website and views that page. He also led the audience through an exercise of hacking a Drupal website. Many people in the audience were well-versed in security threats, and suggested ways to attack Drupal sites that the presenter had not thought of.

As a way of securing your website, both presenters emphasized the necessity of restricting and validating user input. You should always set the user input format to be Filtered HTML, and only give Full HTML privileges to trusted users. Assume that any text entered by a user is unsafe, and filter out the tags that can possibly contain malicious scripts. To minimize a damage an attacker might do, you should make truly destructive actions difficult to do. For example, don't delete anything important from the database -- it's better if a Delete command actually archives stuff, making later recovery possible.

Among other developer-oriented presentations, Rob Ristroph talked about debugging Drupal sites. He didn't focus so much on Drupal-specific debugging techniques (though he covered watchdog() and xdebug), as on analytical approach to debugging. 80% of debugging is thinking of good tests to isolate the bug. Just as important is to train your users to give you detailed bug reports. A salesperson or other nontechnical person can be extremely valuable to a company in getting informative bug reports from users.

Aaron Forsander

Aaron Forsander. More pictures from Drupal Camp Austin 2010 are in my photo gallery.

Some sessions branched out into non Drupal-centered web development topics. Aaron Forsander presented jQuery in a manner accessible to newbies, with easy-to-understand examples and jazzy slogans, such as: "jQuery provides methods for moving around your web page. It's like a little dollar-shaped sports car. jQuery is like your little dollar sign-shaped portal to your server. Think $targate."

Diana Dupuis

Diana Dupuis. More pictures from Drupal Camp Austin 2010 are in my photo gallery.

Bird of Feather sessions attracted audiences that may be small, but eager to chat on a particular topic. "Mad skillz for Drupal developers" bird-of-feather session, led by Diana Dupuis, focused on skills Drupal development companies are looking for. Diana made a list of such skills. While Drupal itself is #1 in her list, is not always necessary. Her company hired a developer with no Drupal knowledge, because he knew PHP and had worked with big, complex projects, which was important to them. He picked up Drupal on the job, and is now one of their most brilliant developers. Other skills are: HTML and CSS; knowing how to build a Drupal theme; Javascript (you should better at it than me, says Diana Dupuis, but not necessarily as good as Aaron Forsander, who dreams in Javascript); behaviors; version control; command line; some knowledge of caching and performance; some knowledge of system administration; MySQL. And if you are a backend developer, you should know PHP. You should also be able to show an interviewer modules you have developed, or code you have written for a client.

There was some debate as to whether a computer science degree is necessary, or even helpful for someone working with Drupal. I was a bit surprised to hear an opinion that a computer science degree might prejudice companies against you, as if you may be too much of an ivory tower intellectual to be happy with humble Drupal work.

These informal sessions gave you chances to ask questions you wouldn't find out from reading Drupal documentation -- the *why*, not *how* parts. For example, I was able to discuss my goals for my Drupal site with Level 10 folks hosting an Open Enterprise bird-of-feather session, and discover that certain Drupal distributions were not suitable for what I was doing. Opportunities to get this kind of invaluable advice were what made this camp so successful.