Klausi's Weblog

Mago presentation at Drupal Dev Days Athens

Klaus Purer — Thu, 23 Apr 2026 00:00:00 +0000

Here are the slides</a> and video</a> of my Drupal Dev Days presentation</a> about Mago</a> in Athens.

almost kms many times

Klaus Purer — Sun, 22 Mar 2026 00:00:00 +0000

Triggerwarnung: Tod, Suizid

Mein Sohn Moony</a> hat sich das Leben genommen. In meiner Trauer ist dieser Text entstanden (weitere Texte in der Kategorie: suicide</a>).

18 Monate

Klaus Purer — Fri, 20 Feb 2026 00:00:00 +0000

Triggerwarnung: Tod, Suizid
Ich trauere um meinen Sohn Moony</a>, der sich das Leben genommen hat. Dies ist ein weiterer Text in meiner Suche nach Umgang mit Selbstmord (Kategorie: suicide</a>).


Moony

Klaus Purer — Sun, 01 Feb 2026 00:00:00 +0000

Triggerwarnung: Tod, Suizid
Mein Sohn Moony hat sich das Leben genommen. In meiner Trauer ist dieser Text entstanden (weitere Texte in der Kategorie: suicide</a>).


Testing Claude AI for Drupal code

Klaus Purer — Fri, 04 Apr 2025 00:00:00 +0000

I tested ClaudeAI for Drupal code, got inspired by Dries Buytaert video</a>.

🤯 the interaction and suggestions were quite good</li>
💵 execution is expensive, I paid $1.16 for 20 minutes</li>
🙄 I got annoyed a couple of times, because Claude did contradictory things</li> </ul>
</a> </div>

Dangerous Next.js redirects - how misconfiguration can bring your website down

Klaus Purer — Thu, 30 Jan 2025 00:00:00 +0000


Security Advisory: Next.js Denial of Service vulnerability in redirect misconfiguration

Project: Next.js</a></li>
Security Risk: Less Critical</li>
Vulnerability: Denial of Service (DoS)</li>
Category: OWASP A05:2021 – Security Misconfiguration</a></li>
Affected versions: all Next.js versions, for example 15.0.3</li> </ul>
Note: This vulnerability has been disclosed privately to the Vercel Security Team. They decided that this is a misconfiguration issue and not an inherent security issue.

D7Security presentation at Drupal Dev Days Bourgas

Klaus Purer — Wed, 26 Jun 2024 00:00:00 +0000

Here are the slides</a> of my Drupal Dev Days presentation</a> about D7Security</a> in Bourgas. Unfortunately there is no video recording.

D7Security presentation at Drupal Austria Meetup

Klaus Purer — Wed, 13 Mar 2024 00:00:00 +0000

Here are the slides</a> and a recording of my Drupal Austria Meetup presentation about D7Security</a>.
</a> </div>

Drupal 7 end of life podcast: Unofficial Drupal 7 Security Team

Klaus Purer — Sun, 31 Dec 2023 00:00:00 +0000

Here is the video of my appearance on the Drupal 7 end of life podcast, talking about plans for the D7Security</a> group. Thank you Mark Dorison and Chris Free from Chromatic for the recording!
</a> </div>

Proposing a Drupal 7 security team

Klaus Purer — Tue, 12 Dec 2023 00:00:00 +0000

Update: The D7Security group is now established at gitlab.com/d7security</a> and d7security.org</a>!

The Drupal Security Team has announced in PSA-2023-06-07</a> that unsupported Drupal 7 modules/themes cannot be supported again. I'm proposing to create a D7Security team on Gitlab.com that can provide security fixes for those unsupported modules. A small update module can then notify Drupal 7 site owners when new security releases are available on Gitlab.com.

Fully hidden automatic system updates on Ubuntu 20.04

Klaus Purer — Tue, 05 Jan 2021 00:00:00 +0000


Ubuntu's graphical update manager pops up every time you need to install updates. That can be annoying when you are watching a movie or doing other things and don't want to be bothered all the time. Yes, I want to always apply all updates from all sources, but please do it silently. Here is a small script I use to do that with Anacron.

Russmedia CTO meetup talk: Pull Request Review best practices

Klaus Purer — Fri, 27 Nov 2020 00:00:00 +0000

Here is the video of my Russmedia CTO & product meetup talk "Pull Request Review best practices".
</a> </div>

Drupalcon 2019 talk: Find security vulnerabilities through code review

Klaus Purer — Sun, 03 Nov 2019 00:00:00 +0000

Here are the slides</a> and the video of my DrupalCon Amsterdam 2019 talk "Find security vulnerabilities through code review".
</a> </div>

A new blog on Zola

Klaus Purer — Sat, 26 Oct 2019 00:00:00 +0000


I converted my old blog posts from Drupal to static files and now I'm trying out Zola</a>. The static files are hosted on Github Pages</a>.

Mocking in Rust with conditional compilation

Klaus Purer — Sun, 31 Mar 2019 00:00:00 +0000

When writing automated unit tests for your application you will probably need to use mocks</a> at some point. Classical object-oriented programming languages such as PHP solve this with reflection where mock object types are created during test runtime. The code under test expects a certain interface or class and the test code passes mock objects that implement the interface or are a subclass.
Similar approaches exist in Rust where mock objects are used to test code that expects a trait type. There is a wonderful Rust mock framework comparison</a> by Alan Somers that lists their features. The biggest problem with most of them as far as I can see is that they cannot mock a foreign struct</code> you are using in your code. Rust does not have a concept of object inheritance for structs so there is no way to mimic a struct type from the standard library or an external crate.
Drupal Austria Meetup: Drupal security learnings Klaus Purer — Wed, 13 Mar 2019 00:00:00 +0000 Here are the slides</a> of my Drupal Austria Meetup talk "Drupal security learnings". Benchmarking a Rust web application Klaus Purer — Fri, 31 Aug 2018 00:00:00 +0000 Performance testing is an important part when developing a network application - you want to know when you have a regression in request throughput in your service. I set out out my goal 9 for Rustnish: Write benchmark code that compares runtime performance of Rustnish against Varnish</a>. Use cargo bench</code> to execute the benchmarks. </blockquote> The basic idea of a performance test here is to send many HTTP requests to the web service (the reverse proxy in this case) and measure how fast the responses arrive back. Comparing the results from Rustnish and Varnish should give us an idea if our performance expectations are holding up. Crashing a Rust Hyper server with a Denial of Service attack Klaus Purer — Sun, 11 Mar 2018 00:00:00 +0000 I'm writing a reverse proxy in Rust using Hyper</a> and I want to measure performance a bit to know if I'm doing something terribly wrong. By doing that I discovered a Denial of Service vulnerability in Hyper when IO errors are not properly handled. Note that a workaround has been released in the meantime in Hyper 0.11.20</a>, more background info can be found in this Hyper issue</a>. Testing memory leaks in Rust Klaus Purer — Fri, 06 Oct 2017 00:00:00 +0000 Rust has many built-in concepts for memory safety, but it cannot prevent application level logic errors that take up system memory. An example would be a server application that stores something for each incoming request in a growing collection or list. If the program does not clean up the growing list then it will take up more and more server memory - thereby exposing a memory leak. While working on my reverse proxy project I discovered such a leak in the HTTP library Hyper</a>. In order to prevent and detect memory leaks in the future I set out my goal 7: Add an integration test that ensures that the proxy server is not leaking memory (growing RAM usage without shrinking again). Use /proc information to compare memory usage of the current process before and after the test. </blockquote> Static variables made thread-safe in Rust Klaus Purer — Sat, 09 Sep 2017 00:00:00 +0000 When writing integration tests for my Rustnish reverse proxy project</a> I have hard-coded port numbers in tests. This is not ideal because it is hard to keep track of which port numbers have already been used and which ones are available when writing a new test. Because Rust's test runner executes test cases in parallel</a> it is important to coordinate which test uses which ports so that there are no clashes that break the tests. One obvious solution to this problem would be to disable parallel test execution with cargo test -- --test-threads=1</code>. But we want to cover program and test isolation with our test so this is not really an option.