Technology

How to secure a Drupal website

Fri, 13/01/2017 - 10:45 -- James Oakley

OK - I'll hold my hands up. The title of this post is misleading. I'm not going to give you an ABC on how to secure a Drupal site (maybe another day). I'm responding to a post on the Reseller Club blog entitled How to Secure Your Client's Drupal Website.

There is some good advice in that article, but it's mixed in with some bad advice, and in other parts it's just plain confused. In the hope that it helps people, I'm going to try and untangle things.

Blog Category: 

Say hello to PHP 7.1

Fri, 02/12/2016 - 17:20 -- James Oakley

This is just a short post:

PHP released version 7.1 yesterday. Congratulations to all those who worked so hard to get this version out of the door. Especial congratulations to Davey Shafik and Joe Watkins, the release managers, and to Anatol Belski who mentored them.

Blog Category: 

How To: Install QuickTime engine without the Application

Fri, 04/11/2016 - 12:59 -- James Oakley

Apple no longer supports its QuickTime player. Both the player and the browser plugins were found to have security flaws which meant a malicious website could trick you to playing a doctored file in the player / plugin, which would then allow those vulnerabilities to be exploited.

The answer is simple: Install another player. Like VideoLan's VLC Player.

Blog Category: 

Solving the error: "ANOMALY: use of REX.w is meaningless"

Fri, 21/10/2016 - 12:39 -- James Oakley

I'll post this here in case anyone else is searching for this issue

Since my computer updated to Windows 10, build number 1607 (also known as the "Anniversary Update", because it was a feature release timed to coincide with a year since the first release of Windows 10), I've been getting an error when I try to run any command in a command prompt window:

[0x7FFCF5BB70E3] ANOMALY: use of REX.w is meaningless (default operand size is 64)

Blog Category: 

Tech Tips: Be Careful Forwarding Mailing List Messages

Tue, 04/10/2016 - 10:58 -- James Oakley

Here's a simple tech tip for you.

You're signed up to some mailing list. It could be for special offers from a business you shop at. It could be a newsletter for a charity. It could be just about anything. In comes something that you think is particularly helpful. You think "I'll forward this to my friends".

Just pause before you do so.

All (well, almost all - I'm sure there are exceptions) mailing list software will rewrite any hyperlinks within the email.

Blog Category: 

Mod Security: SecRemoteRules causing Apache timeouts

Tue, 06/09/2016 - 12:38 -- James Oakley

A techy post - we haven't had one of those here for a while.

The Problem: Apache 2.4 timing out

I noticed occasional timeout messages coming back from monitors keeping an eye on Apache 2.4 on a server. (Centos 7.2.1511 and Apache 2.4.6 if it makes any difference).

Blog Category: 

Be Prepared for Drupal Contrib Security Updates

Tue, 12/07/2016 - 19:33 -- James Oakley

The Drupal Security team has just released a public security announcement, PSA 2016-001.

There will be multiple releases of Drupal contributed modules on Wednesday July 13th 2016 16:00 UTC that will fix highly critical remote code execution vulnerabilities (risk scores up to 22/25).

If you run any Drupal sites, please be prepared, and be ready to update your site as soon as this is released.

Blog Category: 

For Drupal 8, use Drush 8

Sun, 11/10/2015 - 21:45 -- James Oakley

Last week, to appropriate fanfares, Drupal 8 reached Release Candidate stage. That means Drupal 8 tagged releases now have an upgrade path between them, and it also means (very nearly) complete API / hook stability - which means this is the cue for some serious testing and development of contrib themes and modules.

However I made one schoolboy error: I was still using Drush 7.

It's actually quite an understandable mistake - all you had to do was follow the development of Drupal Next, and Drush, but not quite follow it closely enough.

Blog Category: 

Pages

Subscribe to Technology