Fake DNS Hosts with Behat with custom behat parameters

I was recently working on a Drupal project that had some internal DNS managed via hosts file. Tell me about it. Having no publicly accessible DNS or IP creates a challenge when your SaaS based Jenkins runs the tests.

The solution for this is a little custom work in your FeatureContext constructor and a BeforeScenario method.

And a little glue in the behat.yml to pass the custom hostHeader variable to the FeatureContext. Make sure that you're also setting the IP of the server for base_url and you're all set.

You can use this same pattern to pass around other variables from behat.yml to your FeatureContext.


Fixing insufficient storage available error on Cyanogenmod

Update: A commenter suggests using InsuFixer which simplifies this process greatly.

A few weeks ago Google Play started throwing an error the error "Insufficient storage available." I looked at my phone storage and saw ~4gb available. Annoyed, I googled around for fixes. Most forums suggest clearing caches, repairing permissions, or deleting random things out of /data/app. Of course, none of which fixed my issues.

I decided to poke around with adb shell to see what was going on and discovered a great tool that ships with the SDK called monitor.

Running monitor gives a live view (LogCat) of whatever is going on while the error condition is happening.

I assume you don't have android sdk on OS X so here are the steps, you can watch them too.


Interrupt driven workflow

It comes as no shock to most of you, but you get a lot done when you're not distracted. And these days its getting harder and harder not to fall victim to distraction.

More and more it seems that our devices distract by default. Chime, hey a tweet. Beep, oh an email. Ring ring, a phone call.

Here are some tips for a distraction free day:

Disable notifications on your phone.

I use a tasker task on my phone called dark mode, which disables all notifications from email/twitter/etc. It also kills my ringer for all but a few select individuals. I also have a weekend task that disables work related notifications on the weekend.

Disable notification center.

Just found out about this one, but if you open up notification center and scroll down, you can put it in do not disturb mode.

Protecting Drupal's fleshy underbelly with .htaccess

In this article, I’m going to show you a few methods to separate your public site from the vulnerable parts of your administration area. What you need is an effective way to keep your site locked and secure, and protected from attacks, while still leaving your site editable for trusted users.

Methods for securing the admin section of your site

One of the things that is often overlooked when setting up and securing a Drupal site is the administrative sections. Sure, Drupal protects these paths with access controls but you can do a lot more to protect your site, especially if your site doesn’t require public login.

If the public has no business accessing /user, they shouldn’t be able to. This path is an attack vector for denial of service (DDoS), brute force password guessing, and it drastically increases attack surface of the site.

My candidacy for the Drupal Association Board of Directors

For those of you who may not have heard, the Drupal Association is electing two new board members. You can read more about that at the Election 2013 page.

I participated in the first meet the candidates session. If you didn't have the chance to listen in my answers are available in text format and are posted below.

TL;DR - I want to be part of the DA Board because I want to help shape the future and growth of the community. Having worked with the DA in the past, through my organizational experience with CapitalCamp, I bring a different perspective that will help the overall governance of the DA. So please, vote for me!


Video & Slides: OMG DDoS - Drupal lessons learned the hard way

Last weekend I gave my session at the second annual Capital Camp, as you may have gathered from my last blog post. It was really well attended, despite the attendance being down due to Metro track work. The session went really well, there were a lot of great questions and follow-ups. I'm still answering emails, actually.

I think this goes to show that not a lot of people are well-versed in what to do when faced with a DDoS. I hope that other people pick up the torch here and I'd be glad to help anyone that is interested. I also plan on advance-ifying the session for PNW or BadCamp.

Slides for OMG DDoS - Drupal lessons learned the hard way
Video for OMG DDoS - Drupal lessons learned the hard way


Announcing OMG DDoS - Drupal lessons learned the hard way

My session on DDoS was accepted to Capital Camp! (Full disclosure: I'm an organizer of Capital Camp. I don't think my co-organizers had it in them to deny my session.)

I'm pretty excited to give this talk, as there doesn't seem to be a lot of info about Drupal and DDoS. You can find my session in the Grand Ballroom, Friday, July 27, 12:00 - 1:00 PM. It's setup as a beginner session, so all are welcome to attend. See you there.

Also, have you registered for Capital Camp yet?

xkcd comic


CDN module without a content delivery network

Modern web browsers put a cap on the number of connections they make to a host. This means if you've got a lot of assets on one hostname the browser will queue the remaining assets, while the ones in front download. This is referred to as blocking.

One way around blocking is to create multiple subdomains, for instance, assets0.davidstoline.com and assets1.davidstoline.com to increase the number of resources downloaded in parallel. This is method is called domain sharding and it is recommended by both Google's PageSpeed and Yahoo's YSlow.

I can't exactly afford a high quality CDN like Akamai but I can still leverage some of the benefits and fun of using a CDN. My friend Wim Leers wrote the Drupal CDN module, which you can leverage to do a little home grown sharding of your own.



Subscribe to david stoline. RSS