Language Selection

English French German Italian Portuguese Spanish

Drupal

The current state of Drupal security

Filed under
Interviews
Drupal
Security

Greg Knaddison has worked for big consulting firms, boutique software firms, startups, professional service firms, and former Drupal Security Team leader. He is currently the director of Engineering at CARD.com and a Drupal Association advisory board member.

Michael Hess works with the University of Michigan School of Information and the UM Medical Center teaching three courses on content management platforms and overseeing the functionality of hundreds of campus websites. He serves in a consulting and development role for many other university departments and is the current Drupal Security Team leader. He also consults with BlueCross on large-scale medical research projects. Hess is a graduate of the University of Michigan School of Information with a master's degree in information.

Read more

How containers will shape the Drupal ecosystem

Filed under
Server
Drupal

I recently had the opportunity to interview David Strauss about how Pantheon uses containers to isolate many Drupal applications from development to production environments. His upcoming DrupalCon talk, PHP Containers at Scale: 5K Containers per Server, will give us an idea of the techniques for defining and configuring containers to get the most out of our infrastructure resources.

Having recently dove into the container realm myself, I wanted to learn from the experts about the challenges of managing containers in a production environment. Running millions of production containers related to Drupal, David is certainly an expert resource to ask about this subject. I look forward to learning more details at DrupalCon!

Read more

Building better pages in Drupal with Paragraphs

Filed under
Interviews
Drupal

When you’re publishing anything online, the way you lay out your content can be as important as the content itself. A good layout can help readers better interact and consume that content.

Users of content management systems like Drupal have a number of options that allow them to create very attractive, very usable layouts. That’s one factor that drew Murray Woodman to Drupal. He co-founded Morpht, a Drupal-based web development shop in Sydney, Australia. He found that Drupal 6 provided a level of freedom and productivity, and hasn’t looked back.

One Drupal module for laying out pages that Woodman is keen on is Paragraphs. I caught up with Woodman ahead of his talk at DrupalCon 2015, and he kindly shared his insights into the Paragraphs module.

Read more

Also: 4 tips for building a successful CMS

govCMS to release its own Drupal distribution

Filed under
Drupal

The government's govCMS project will make its own Drupal distribution publicly available for download, it announced today.

The distribution will be a fork of the aGov distribution, which was developed by local development shop PreviousNext and is the building block for govCMS sites.

aGov was released in 2013 after a beta period involving a number of federal and state government agencies. High profile end users include the NSW government's 'one stop shop' for services, Service NSW.

Read more

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Filed under
Drupal
Security

On October 29, 2014, the Drupal Security Team released advisory identifier DRUPAL-PSA-2014-003. This advisory informed administrators of Drupal-based Web sites that all Drupal-based Web sites utilizing vulnerable versions of Drupal should be considered compromised if they were not patched/upgraded before 2300 UTC on October 15, 2014 (seven hours following the initial announcement of the vulnerability in SA-CORE-2014-005).

In the case of the Drupageddon vulnerability, the database abstraction layer provided by Drupal included a function called expandArguments that was used in order to expand arrays that provide arguments to SQL queries utilized in supporting the Drupal installation. Due to the way this function was written, supplying an array with keys (rather than an array with no keys) as input to the function could be used in order to perform an SQL injection attack.

Read more

Git Success Stories and Tips from Drupal Core Committer Angie Byron

Filed under
Drupal

The Git revision control system is “at the center” of Drupal's hyper-collaborative community says Drupal core committer Angie Byron. The open source content management platform has 37,802 developers with Git commit access, and about 1,300 actively committing each month, she says.

“Git (was) the smartest/safest choice for our community, and a choice that definitely paid off,” said Byron, who is also the director of community development at Acquia.

Read more

Higher ed finds increasing value in open source CMS options

Filed under
OSS
Drupal

"The university has since launched somewhere between 350 and 400 websites, all built on Drupal 7," writes Schaffhauser "While the CMS is centrally managed to keep the system updated, it grants individual colleges, programs and departments the flexibility to put up their own images, update text as they want, add and move site objects (themes, content types and Drupal "modules") and "essentially have a custom look with a managed system," [director of university Web services, Mark] Albert explained to Campus Technology.

Read more

The Changing Cost of Open Source

Filed under
OSS
Drupal

At one time higher ed wanted community-built software because of the $0 price tag; now many universities are paying somebody else to keep open source projects moving forward.

Read more

4 tips for how to migrate to Drupal

Filed under
OSS
Drupal

Well, to jump from your current CMS (or lack thereof) and make the transition to Drupal, you want to know much it costs and exacting what that migration entails. First, there are several factors that have to be taken into an account before any Drupal development company can give you a quote. But, while there isn’t an exact price range for migrating to Drupal, you can do some in-house work to keep your migration costs down and prepare your team for the migration, keeping headaches down too.

Read more

Mark Morton: Why we chose an open source website

Filed under
OSS
Drupal

Platforms like Wordpress and Drupal, which are maintained by a community of users, can be a cost-effective and flexible option for charities, writes the digital media manager at Epilepsy Action

Read more

Also: Sydney developer brings open source e-commerce to WordPress

Syndicate content

More in Tux Machines

Debian Leftovers

  • Plex Home Theater 1.4.1 for Debian Jessie and Sid
    Recently Plex Plex Home Theater was updated to 1.4.1 with fixes for some errors, in particular concerning the new music handling introduced in 1.4.0. As with 1.4.0, I have compiled PHT for both jessie and sid, both for amd64 and i386.
  • Debian/TeX Live 2015 preparations
    I have uploaded a preliminary version of the texlive-bin based on the 2015 sources (plus the first fixes) to the Debian archive, targeting experimental. As there are four new packages built from the sources (libtexlua52, -dev, libtexluajit2, -dev) the packages have to go through the NEW queue, which at the moment is an impressive 500+ entries long (nearly top in total history). But ftp-masters are currently very active and I hope they continue for some time.
  • Reproducible builds: week 4 in Stretch cycle
    Lunar rebased our custom dpkg on the new release, removing a now undeed patch identified by Guillem Jover. An extra sort in the buildinfo generator prevented a stable order and was quickly fixed once identified.

Android Leftovers

  • Google Makes Chrome For Android Open Source
    Google has announced that Chrome for Android is now open source, the news was announced by Android software engineer Aurimas Liuyikas on Reddit.
  • Screenshots of Google’s new Photos app for Android leak
    We’ve heard rumors since at least August 2014 that Google+’s image functions may be spun out into a standalone photo service. In March, Sundar Pichai, senior vice president for products at Google, said the company is going to put a renewed focus on photos. “Photos are a big use case,” Pichai said. “So we are going to say this is the stream now.”
  • Android's stand-alone Photos app will give you more creative control
    Android Police has peeked at a leaked copy of a reworked Photos app, and it's clear that Google is using the service split as an incentive to shake things up. The highlight may be Assistant (below), an effective substitute for Auto Awesome that gives you more creative power -- you can produce more content yourself (such as Stories) instead of waiting for it to show up.
  • Android Factory Resets Are Flawed, Allow User Data to Be Recovered: Study
  • Factory data reset for Android leaves encrypted data and login keys intact
    Researchers at Cambridge University discovered they were able to recover data on a vast array of Android powered devices that had undergone the factory data reset process.
  • Android 5.1 Lollipop Update Coming To The NVIDIA Shield Tablet
    The update would improve performance and stability, and bring a Shield controller update that makes pairing easier. Among many other features, the LTE model includes improvement in camera, audio, and performance of the modem.
  • Android 5.1.1 Lollipop For Samsung Galaxy S4 Mini GT-I9190: How To Install It Using CM12.1 Nightly Custom ROM
    Users of the Samsung Galaxy S4 Mini with the model number GT-I9190 can have the latest Lollipop experience on their smartphones with the help of a new custom ROM. The new CyanogenMod 12.1 (CM12.1) Nightly custom ROM is based on stock Android user interface with additional features and options.
  • Android Payments Could Be Key Item News From Google I/O: Merrill Lynch
    In the research report published on Friday, Merrill Lynch analysts gave their input on 2015 Google I/O developer conference that will take place on May 28- 29 in San Francisco, California. Since competition in the payments industry is on the horizon, the research firm expects Google Inc (NASDAQ:GOOG) to launch an upgraded payment platform for the Android users.
  • Android M: This is Google’s new Photos app
    Google is expected to announce a bunch of new software initiatives later this week, one of them being Android M. Some leaks have already provided early information on what the upcoming operating system will have to offer, and a new report sheds light on what could be one of the most important new apps for Android M (and other Android versions) that Google is expected to announce at I/O 2015.
  • Best new Android widgets (May 2015) #2
    If you're a dedicated Android fan and not making full use of widgets, then you're totally not using the full potential of Google's platform. See, if we take away widgets out of the feature bag, we are easily stripping it from one of its defining features.
  • Boffins silently track train commuters without tripping Android checks
    Nanjing University boffins Jingyu Hua, Zhenyu Shen, and Sheng Zhong have tracked commuter train trips with 92 percent accuracy using stolen phone accelerometer data.
  • ZTE unveils Q519T smartphone in China: 4000mAh battery, Android 5.0 Lollipop
    Chinese smartphone maker ZTE has unveiled the successor to the Q509T, dubbed Q519T, a new affordable smartphone which is priced at 599 Yuan (approximately Rs 6,100) in China. There is no information provided as to when the device will be available in India.
  • Android M and Nexus updates: The good, the bad and the ugly
    Android M is expected to be unveiled later this week at Google I/O, and it will bring several new features to Google’s mobile platform according to various reports, including a brand new device update guarantee for Nexus devices.
  • 10 Best Android Apps & Games This Week
    A week has passed, which means we’re back with our usual roundup with some of the best new Android apps and games that have made their way into the Play Store. This time we’ve got a good collection of games, so if you were looking to add some new ones on your Android smartphone or tablet, now is the right time to do it. Also, do check out our previous roundup, as well as this week’s sister list with the newest and greatest iOS apps, as well.
  • Asus ZenFone 5 Android 5.0 Lollipop Update to Release in 'Next 3-4 Months'
    The Android 5.0 Lollipop update for Asus ZenFone 5 has been delayed by 3-4 months, reveals the Taiwanese company.

Torvalds: decisions, decisions, top up sun tan or release Linux 4.1?

Work/life balance is important. But important enough to slow development of a tool on which a fair slab of the world relies every day? Read more Also: Yet Another OpenGL 4.5 Extension Is Nearing Completion In Mesa

How to turn your old PC into a modern media center with Kodibuntu

We will be using Kodibuntu, a Linux based operating system with sole purpose of giving you a modern HTPC features and interface. The goal of this tutorial is to help you in building a standalone, multi purpose media center which you can control from your smartphone, tablet or PC. Read more