work process

Firebug is a hell of a thing and at Chapter Three we use it regularly - as many others do - to analyze and debug our web development work. It can do things like inspect the HTML, manipulate the CSS, execute and debug Javascript, and monitor site performance and download times. It is so great that we wished it spoke Drupal and knew our name - kind of like the cute girl at the dance. Things get a little better when people know your name.

It is in that spirit that that Drupal for Firebug was developed as a way to extend the capabilities of Firebug by mixing in a little Drupal. Drupal for Firebug is both a FireFox Extension and a Drupal Module. To celebrate Drupalcon Szeged there are now releases for both Drupal 5 and Drupal 6 available. Get the extension and download the module, check our the test and demonstration site, and watch the drupal magic happen right in your Firebug window:

With a copy of the module and the Firefox extension installed, a developer can see debug messages, examine the SQL query log (with Devel module), look at how a Drupal page load is handling a site’s users, views, nodes, and forms, and even execute PHP. The goal of the module and extension is to create a framework for centralizing Drupal development and debugging work using power of Firebug. The major features include:

• More centralization of web development debugging information by moving that information from Drupal page view into separate Firebug window. This helps to provide a clean separation of development debug information from the rest of the site.
• Clean and external debugging message text and dumpable PHPs arrays and objects which can be displayed in the Firebug debugging window using the handy firep() function where they can be viewed without disrupting the rest of the page flow. There is also a handy “debug message only” search feature which is helpful in locating specific pieces of information in the debugging output.
• Integration with the wonderful Devel module is available to provide a Firebug accessible SQL query log. Since the Firebug debugging window can be resized, hidden, or broken out as a separate window, it provides additional options (beyond appending the log to the bottom of the screen) for viewing the SQL query log.
• Complete information about each user and node and view and form that is accessed during a page load is available. This can be invaluable in determining what Drupal items are being referenced and what $op is being performed on them. There is awareness of the original and modified state of the view and form items and even smart color highlighting to tell you when additions, changes, or deletions have happened to the item during the hook_form_alter or hook_views callbacks.

This is only the initial release of the module and there are plenty of tweaks and improvements to make down the road. The real secret sauce will be figuring out what are the most useful pieces of information to display in the Firebug window and making some important XUL interface improvements to the Firefox Extension to increase usability around the viewing and sorting of debugging data. Think HTML browser style functionality for the User, Form, Node, and View arrays and objects. But for now, at least it speaks our language.

We live in a very insecure digital world where it is very possible for those unsavory elements of our society to spy, sniff, inject, and otherwise interfere with the work we do on our computers.

In real terms the odds of anything particular bad happening to any of us while we build Drupal websites and sell awesome fixies is low, as a matter of best practices and general sanity here are a few things you can do to keep your local workstation or laptop a little more secure.

1.) Make sure to use a secure/encrypted session to the company email.

There are generally two ways you can access your webmail account (see below for examples from our company) and while they look and work the same way there are critical differences. If you use the normal “HTTP” connection, the emails you are sending and receiving can be snooped/hijacked by anyone on your same wifi or cable modem network. You must use “HTTPS” to have a secure/encrypted session to the email provider making it more difficult to snoop on your traffic.

HTTP - http://mail.google.com/a/chapterthreellc.com (bad - dont use this)
HTTPS - https://mail.google.com/a/chapterthreellc.com (good - use this)

2.) Be aware that IRC channels are often *not* secure (same goes for private messages through IRC)

The IRC network as a whole is not encrypted and conversations and passwords that flow through it can be easily snooped and recorded. This is true not only for people on your local network, but also for server operators and people with some smart masking/spoofing skills. IRC is often full of very shady people. In general, IRC should not be used to communicate sensitive information or server passwords.

3.) Securely communicate with your colleagues and clients using AIM *with* the OTR

The best way to discuss sensitive topics or share server/login credentials is through AIM (AOL Instant Messenger) using a plugin called OTR (Off the Record). If both users have this plugin, their communication is encrypted and cannot be read by anyone else. Without this plugin, anyone can read your messages and all data goes through the AOL main network to be relayed out….

Main OTR Page: http://www.cypherpunks.ca/otr/
Adium - http://www.adiumx.com/ (included by default)
iChat - http://chris.milbert.com/AIM_Encryption/#MacOTR
Pidgeon/GAIM - http://www.cypherpunks.ca/otr/README-pidgin-otr-3.2.0.txt and http://www.cypherpunks.ca/otr/binaries/windows/pidgin-otr-3.2.0-1.exe
Trillian - http://trillianotr.kittyfox.net/downloads.php

4.) Encrypt Your Harddrive

There are lots of pieces of sensitive data on your harddrive - from server passwords to saved emails and logged IRC/AIM chats - that should be protected. The best way to protect this data, of course, is to keep your laptop under your control, but if the laptop is stolen or misplaced bad things can happen. A very simple solution is to encrypt your user directory so others cannot read that data (even if they steal your computer).

OSX: http://www.youtube.com/watch?v=VQ9HQwGC_64
Windows: http://www.youtube.com/watch?v=coAMTC7uFxA or http://www.youtube.com/watch?v=-8YTaBVB7f0

5.) Consider Locking Your User Session When You Leave

Along the same lines as encrypting your harddrive, its helpful to also “lock” your computer session when you are not using it. This is less important in the office or a trusted work space, but if you have sketchy friends or are in a public place locking your computer will prevent others from stealing your data or pretending to be you.

OSX: http://technology.cca.edu/support/knowledgebase/index.php?article=24#mac
Windows: http://technology.cca.edu/support/knowledgebase/index.php?article=24#Win...