Exploiting backup copies of settings

We have all done it at some point; a quick change in production to some settings in your CMS configuration, probably in a panic reacting to some ongoing issue, and made a temporary backup of wp-config.php or settings.php with a bak or similar extension. Tested the fix and then probably forgotten to remove the backup - no problem? Big problem! - Putting the issues of such bad practice aside for a moment (fixing production directly and 'reacting' in this way), in this post I want to explore in greater depth why this is a serious issue, how it leads to compromised web sites, who is exploiting such scenarios and how to defend against them.

MacOS Sierra SSH (and other) Issues

Upgrading to the latest macOS Sierra was relatively painless - but a few SSH and other issues arose. SSH now wants a passphrase or complains about an error in your ssh config file and Homebrew complains about file permissions and your local development web sites start displaying It Works! only. These are common issues and the solutions are simple.

BOM disposal

Occassionally when you get files from someone else or use a new text editor you encounter an issue with hidden characters or incorrect encoding that can be a pain to track down.

A common one of these that I haven't encountered for ages, (since we moved from Windows to OSX for development) is the Byte Order Mark (BOM).

This is a simple marker that indicates the encoding order of UTF-8 files and should in itself be no problem. It does however cause an issue when the file is included within other files (by PHP as *.inc files for example) such as in template files.

Stock for Drupal 8 commerce - Technical overview & use cases

The business requirements

Drawing on the experience of maintaining the Drupal 7 stock module and working with a number of ERPs over the years we have come up with a completely new architecture for Drupal 8 commerce stock module.

The following are the 4 main challenges that I encountered with the Drupal 7 module that needed addressing:

Setting up Brightpearl ERP on a Drupal Commerce site

This article will show how to set up the Brightpearl ERP on A Drupal commerce site to find out more about Brightpearl checkout my previous introduction post.

This guide uses http://simplytest.me to demonstrate the process.

This article will cover the following:

  • Install instructions (consists of two parts)
  • Configuration instructions
  • Un-install notes.

Drupal 8 Release

On the 19th November 2015 a new version of the Drupal content management system (CMS) will be released - Drupal 8.

This new version has been over four years in development and has seen contributions from over three thousand people. It contains well over 200 new features, uses object orientated code and is probably the most significant release to date.

Compiling Varnish modules

Varnish is a great performance boost for web sites. Sometimes however you may need to configure authentication so that your cached pages are not visible to the public. Basic authentication needs to be mirrored from the webserver to the Varnish VCL.

To do this you need to use a Varnish module and to use that you need to compile them against the Varnish source - not for the faint hearted - here are some remedies to problems you may face.

Brightpearl ERP for Drupal Commerce integration


After many custom Drupal Commerce ERP integration's we have come across Brightpearl an ERP with all the facilities a small to medium size business would need and decided to share our code with the Drupal community see the Brightpearl module page.    

Also check the Brightpearl setup guide Setting up Brightpearl ERP on a Drupal Commerce site post.


Ansible - Sublime Text

I recently moved from Text Wrangler to Sublime Text for editing YAML files for Ansible. Getting it set up right involves very little and now with Ansible syntax highlighting it offers a light weight editor for your plays. In this post I note down some of the steps to get it setup the way I like it.

Ansible filters for taming lists (part 1)

In this article I look at a very simple example of how to convert complex variable structures to simple lists using Jinja2 filters within an Ansible task.

YAML Death by non-breaking spaces

Working on a long Ansible play today - I was tripped up by a hidden unicode character inadvertently entered in to a YAML file - resulting in a UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 0: ordinal not in range(128) slap in the face. Here is how to deal with that!

Jinja errors when running Ansible tasks

One of the great things about Ansible is being able to use Jinja filters both in templates and in yaml files.
I came across a not so great thing today though. Running a play I got the following error: "template error while templating string: expected token 'end of print statement', got ':'"
But the error was 'thrown' by a task I haven't changed in ages. It appears it actually related to a jinja filter error in a subsequent task.

Testing configuration files before they go live - with Ansible

I came across a great Ansible tip recently that showed how to use the validate option of the template module in Ansible. A great solution for testing configuration before it goes live. However it doesn't work with Apache (apachectl -t -f) - you get a validation error like "Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration" for syntax that is perfectly valid. A bit of investigation shows though that this is expected and you have to go a bit further - but I came up with a solution.

Using Ansible to protect against 'Connection attempts using mod_proxy'

I regularly encounter issues that arise from reviews of server security, log reviews etc that provide good examples of how Ansible can be used to respond to an issue.
If you are using a utility like Logwatch to keep an eye on activity on your servers you may occasionally see an entry such as 'Connection attempts using mod_proxy' - Addressing this with Ansible is simple, and maintains the state of your security measures.

Drupal Commerce site for Moscow bakery

We were commissioned to create a Drupal Commerce based web site for a top Moscow bakery.
The site is a custom themed multilingual site offering online ordering, delivery slot choice alongside recipes and other product information.
The Drupal Commerce framework is an ideal platform for the creation of an online shop and with a degree of customisation provides an excellent base for this multilingual online bakery.

Apache: Better blocking with common rules

This is a follow on post to the 'Using Apache to block Spammers' post.
It shows how to use Includes in your Apache configuration to re-use useful rules.

Support Rules development for Drupal 8

We have pledged support to get Rules 8 ready for Drupal 8.
Rules is a key part of a lot of developments we have done in the past and certainly will be in the future so we are happy to pledge support to get the development ready for Drupal 8. This is a small contribution back to such a key module and we encourage others do do the same!
#d8rules - Let's support the Rules module for Drupal 8

A web site to support the Reforestation of the Atlantic Forest

The Royal Botanical Gardens at Kew engaged us to convert an existing MS Access desktop database into a multilingual CMS based web site. The site is a responsive mobile and tablet friendly CMS based web site that enables the management of a database of tree data for conservation purposes. The data relate to trees native to the Atlantic Forests of Brazil that could be used for reforestation - The South Eastern Bahia Atlantic forest database.

Working with Drupal commerce order total

The following gists shows a few approaches for working with Drupal commerce order totals.
All three examples retrieve the order total as two components Ex Vat and VAT:

The first example shows how to get nicely formatted amounts. This is easily done using two functions:
commerce_price_component_total() - Returns the total value and currency for the specified price component in a price array.
commerce_currency_format() - formats the amount with the correct localization and currency symbol

Dickies Workwear - Online Catalogue responsive web site

The internationally renowned manufacture of hard wearing and fashionable workwear - Dickies - engaged us to create a web site for their workwear range.
The web site presents their range of workwear and links through to a network of online distributors and retail shops. The site is presented in 10 languages, is responsive and optimised for multilingual SEO.
The site also provides access to corporate information and enables the ordering of custom workwear, embroidery and access to the extensive image library of Dickies products.