The ImageMagick tool suite is a popular solution for the processing and modification of image files in web applications. Many Drupal and WordPress websites use it behind the scenes. On freistilbox, ImageMagick is installed on both the web application and shell login boxes.
On 3 May 2016, a whole list of vulnerabilities in ImageMagick, nicknamed “ImageTragick”, was published. Due to an insufficient sanitisation of command arguments, these vulnerabilities allow attackers to execute arbitrary commands and connect to remote websites.
Immediately after the publication of ImageTragick, the freistilbox operations team implemented a workaround that blocks these exploits. Thanks to our automated system management, this workaround has been installed consistently on all servers that use ImageMagick.
The security of our customers’ websites is our first concern, and we’re doing our best to make sure that you can work efficiently and sleep peacefully.
05 May 2016
New customers often ask us how they can deal with email using their website’s domain. The short answer is: There are a lot of options outside of freistilbox that solve this issue much better than we can.
With freistilbox, we focus on delivering world-class web hosting. Operating an email service is a completely different area of expertise. While we have experience in the setup of email infrastructure, running an email service at the same level of quality as our web hosting platform would require changes that we’re not going to make for the time being.
Just as freistilbox offers a much better web hosting solution than our customers could get by “just setting up a server”, we decided that our customers deserve a better email solution than us “just setting up a server”. That’s why we recommend using third-party services that make email their business focus.
All freistilbox application and shell login boxes are equipped with a Mail Transfer Agent (MTA) that allows your web application to send email. This alone doesn’t guarantee that your emails will be accepted by their recipients, though. If our servers aren’t formally authorised to deliver email in your (domain) name, there’s a high risk they’ll quickly get blacklisted as potential spam sources.
Additional measures like including our servers in your domain’s SPF record can lower that risk. But often still more effort is necessary to ensure your messages will reach their recipients.
That’s why we recommend using a specialised email delivery service in the first place, especially if you’re going to send more email than the occasional registration notice. Here are a few well-known options for transactional and marketing email delivery:
There are Drupal modules and WordPress plugins available that make the integration of these services into your web application easy. If you need any help in setting up email delivery in Drupal or WordPress, just get in touch with our support team.
Despite all the attempts to kill it, email still is much too critical for business communication to just provide it as an add-on service without giving it the focus it deserves. That’s why we don’t support receiving email on freistilbox at all. Instead, we recommend using an email provider such as the following:
Our customers choose freistilbox because we’re good at what we do. It just makes sense to take the same approach with regard to email service providers.
04 May 2016
Since DrupalCon is going to come to Dublin in fall, the Irish Drupal community has decided to move its main DrupalCamp out of the capital this year. Thanks to the generous offer of Johnson & Johnson to host the event, we’re going to meet at DrupalCamp Limerick on May 13 and 14.
DrupalCamp Limerick will take place at the IDC on the University of Limerick campus. We will focus on developing with Drupal, bringing together developers, themers, end users and everybody interested in learning more about this powerful and flexible framework backed by one of the world’s most innovative open source communities.
In case studies, everyone interested in Drupal can learn about of real-life examples of using the CMS. You’re welcome to bring your own questions and get them answered by the community. In small-group discussions, we’ll tackle the topics that you’re interested in. And of course, we’re going to visit a few of Limerick’s great pubs to end the day with even more great craic.
That should be enough reasons to come to Limerick in May, don’t you think? So don’t wait, go right to the DrupalCamp Limerick website and register!
26 Apr 2016
chef generate is a handy tool to create cookbooks or components of it from
the command line. It creates the all the necessary files and best: first test
chef generate also creates comment headers in all files from command line
-C "freistil IT Ltd." -m email@example.com -I apache2 in our case.
To make life easier chefdk supports configuration options which are put in
if defined?(ChefDK) chefdk.generator.license = 'apache2' chefdk.generator.copyright_holder = 'freistil IT Ltd.' chefdk.generator.email = 'firstname.lastname@example.org' end
This looks like an undocumented feature, an issue on github/chef-dk got my attention to this.
21 Apr 2016
For the first time, a DrupalCamp directly addressed both businesses and the developer community in Germany (and its German-speaking neighbours). And it was a great success. Taking place in Heidelberg from April 8 to 10, the Drupal Business and Community Days ran a business-centered track with expert presentations in parallel to a community track in which Drupal developers worked on Drupal code and documentation.
The Business Days […] will be an opportunity for the German-speaking Drupal Business Community to get together, and work on strategies for growing Drupal within Germany, Austria and Switzerland. The Community Days […] will be international, with participants from all over Europe. The Community Days will be English, German, and hopefully a few more languages. The community event will have a focus on core, translation, and D8 User Guide sprints.
Why did the event team around Drupal Company Erdfisch choose this kind of topic split? They wrote about their reasoning on the event website:
In Germany, Drupal has an amazing developer community, but it is not as well known as a business product as it is in other countries. We need to work on that!
They did a great job. And having business relationships around Drupal proved helpful quickly: When the venue’s internet connection didn’t hold up, Erdfisch was able to get the University of Heidelberg to offer space at their data center so the development efforts could continue.
You could tell from the high attendance of the business track that providing products and services around Drupal is an important topic for businesses in D-A-CH. In Germany, all the leading Drupal businesses have realised that the market is big enough and treat each other as colleagues even though there’s competition. This opens up the way to share experience and learn from each other. A rising tide floats all the boats, and as businesses we can only benefit from conferences like this one. That’s why we were happy to support the event both as a sponsor and as active participants.
The freistilbox team had planned to attend in full force but unfortunately, I had to stay at home fighting a nasty virus that afflicted the whole family. In consequence, I wasn’t able to give my talk “How not to be afraid of your own success”. Instead, our friends at the Palasthotel stepped in with a great session about their new Drupal development workflow.
In total, 118 people ranging from “interested in Drupal” to “enthusiastic for Drupal” attended the conference. After it concluded, praise for a great DrupalCamp came not only from German attendees…
…there were also people from Canada (!)…
Thanks @DrupalBCDays for a wonderful event! It was really great.— Ryan Weal (@ryan_weal) 11 April 2016
…from the Netherlands…
We just arrived home from a fabulous @DrupalBCDays. Thanks for a great weekend!— The Lyf of Barthe (@BartFeenstra) 11 April 2016
Bye bye Heidelberg! Thanks very much to the organisers of the #DrupalBCDays, amazing event totally recommended!— Mon Franco (@mon\_\_franco) 10 April 2016
…and probably a few more countries — it was a great weekend for the international Drupal community.
The freistilbox team had lots of fun meeting old and new friends, and we also learned new stuff. So, thanks a million to Erdfisch for organising a great DrupalCamp! We’re looking forward to the next Drupal Business and Community Days!
19 Apr 2016
From April 8 to 10, the beautiful city of Heidelberg will be the location for the first Drupal Business and Community Days in Germany.
With a different format from usual DrupalCamps, this event aims at kick-starting Drupal business in Germany and building on both the German-speaking and international Drupal community, literally at the same time: there will be a business track and a community track running in parallel.
The Business Days part will be an opportunity for Drupal businesses to get together and work on strategies for growing Drupal within the DACH region. While Drupal has an amazing developer community here, it is not as well-known as a viable option for businesses as it is in other countries around the globe. This lack of professional reputation is what this track is going to improve.
Under the track’s motto “From acquisition to maintenance”, Drupal experts will share their experience on business topics such as lead marketing, hosting, infrastructure, quality assurance and support. One of these talks will be “Keine Angst vor dem eigenen Erfolg” (“Don’t be afraid of your own success”) in which our CTO Jochen Lillich will shed some light on how to tackle the daily challenges of running a business-critical Drupal website.
Taking place at the same weekend, the Community Days are going to be quite international with attendees coming from all over Europe. Based on the Sprint format common at DrupalCamps and DrupalCons, the Community Days are going to focus on improving Drupal core, translations and D8 User Guides. For participants who have not yet contributed code or documentation to Drupal or feel just a little bit rusty, there will be mentors to help them get started.
The freistilbox team is going to attend in force; this’ll be one of the rare opportunities to meet Markus, Philipp and Jochen at the same physical location. And since we know what actually drives DevOps practicioners around the world, we’re sponsoring one of the coffee breaks.
If you’re part of a Drupal business in Germany, Austria or Switzerland, you don’t want to miss this event. See you in Heidelberg!
22 Mar 2016
We use the following configuration snippet in our Apache VirtualHosts on freistilbox:
# Cache TTL <IfModule mod_expires.c> ExpiresActive On ## default: 4h ExpiresDefault A14400 ## text/html: 15min ExpiresByType text/html A900 </IfModule>
This snippet takes care of proper HTTP caching headers when the web application doesn’t set caching headers itself. The values used here enable Varnish to cache files for 4 hours, HTML content for 15 minutes.
Today I learned that if you want to override this, it’s not enough to simply set
Cache-control: max-age=600 to change the caching time to 10
is quite strict in its interpretation of the following lines:
Expiresheader is already part of the response generated by the server, for example when generated by a CGI script or proxied from an origin server, this module does not change or add an
When you only set
Cache-Control: max-age=600, the web server adds another
Cache-Control: max-age=900 and an
Expires header. Confusing, right?
To properly control both headers, you have to set an explicit
everything works as expected.
16 Mar 2016
Last weekend, I had the pleasure of attending the fourth instalment of DrupalCamp London. It’s grown from humble beginnings in 2013 to one of Europe’s most important Drupal gatherings. This year, more than 500 Drupal fans met at London City University to attend the CxO Day on Friday and/or the community talks on Saturday and Sunday.
The CxO Day was a good opportunity for leaders of Drupal-based businesses to meet and exchange experiences. I especially enjoyed Vesa Palmu’s talk “Growing your agency: Organic, mergers and acquisitions” about the different ways to grow a business; lots of good advice!
Over the weekend, the wider Drupal community came together to listen to talks, work on Drupal 8 and enjoy the “Hallway Track” (consuming more than 100l of coffee and 400 pastries in the process). Clifton Cunningham’s enthusiastic keynote was a great start, although I’m afraid that his insights into building a big web application developed in-house doesn’t 100% apply to Drupal; for example, you can’t just split up Drupal into microservices maintained by separate teams. The following sessions held by community members were much more Drupal-centric, of course, and most of them touched on the upcoming Drupal release 8 in some fashion. Since I’m not a developer, I chose quite often to engage in hallway conversations instead of attending presentations. From the few I did attend, I took away these points:
- After learning about Bigpipe in “Drupal 8 with Cache and Bigpipe” and about AuthCache in “Don’t Varnish over the cracks”, I just can’t wait to see our customers flip the afterburner switch for their authenticated website visitors!
- It was interesting to see a more modular approach to what we do with our laptop script in “Provision your Mac with Ansible”.
In parallel to the sessions, some developers (a whopping 70% of which were female) gathered for the “Sprints”, group coding sessions that resulted in 2 solutions to Drupal 8 issues being “Reviewed & Tested by the Community”. Well done!
For me, the highlight of every DrupalCamp is always the people. I met lots of familiar faces and again managed to confuse a few new acquaintances with my peculiar mix of German and Irish accents. I thoroughly enjoyed DrupalCamp London and will make sure to register early as soon as DrupalCamp London 2017 is announced. Thanks and congratulations to the #dclondon team for another great Drupal community event!
10 Mar 2016