Language Selection

English French German Italian Portuguese Spanish

Drupal

govCMS to release its own Drupal distribution

Filed under
Drupal

The government's govCMS project will make its own Drupal distribution publicly available for download, it announced today.

The distribution will be a fork of the aGov distribution, which was developed by local development shop PreviousNext and is the building block for govCMS sites.

aGov was released in 2013 after a beta period involving a number of federal and state government agencies. High profile end users include the NSW government's 'one stop shop' for services, Service NSW.

Read more

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Filed under
Drupal
Security

On October 29, 2014, the Drupal Security Team released advisory identifier DRUPAL-PSA-2014-003. This advisory informed administrators of Drupal-based Web sites that all Drupal-based Web sites utilizing vulnerable versions of Drupal should be considered compromised if they were not patched/upgraded before 2300 UTC on October 15, 2014 (seven hours following the initial announcement of the vulnerability in SA-CORE-2014-005).

In the case of the Drupageddon vulnerability, the database abstraction layer provided by Drupal included a function called expandArguments that was used in order to expand arrays that provide arguments to SQL queries utilized in supporting the Drupal installation. Due to the way this function was written, supplying an array with keys (rather than an array with no keys) as input to the function could be used in order to perform an SQL injection attack.

Read more

Git Success Stories and Tips from Drupal Core Committer Angie Byron

Filed under
Drupal

The Git revision control system is “at the center” of Drupal's hyper-collaborative community says Drupal core committer Angie Byron. The open source content management platform has 37,802 developers with Git commit access, and about 1,300 actively committing each month, she says.

“Git (was) the smartest/safest choice for our community, and a choice that definitely paid off,” said Byron, who is also the director of community development at Acquia.

Read more

Higher ed finds increasing value in open source CMS options

Filed under
OSS
Drupal

"The university has since launched somewhere between 350 and 400 websites, all built on Drupal 7," writes Schaffhauser "While the CMS is centrally managed to keep the system updated, it grants individual colleges, programs and departments the flexibility to put up their own images, update text as they want, add and move site objects (themes, content types and Drupal "modules") and "essentially have a custom look with a managed system," [director of university Web services, Mark] Albert explained to Campus Technology.

Read more

The Changing Cost of Open Source

Filed under
OSS
Drupal

At one time higher ed wanted community-built software because of the $0 price tag; now many universities are paying somebody else to keep open source projects moving forward.

Read more

4 tips for how to migrate to Drupal

Filed under
OSS
Drupal

Well, to jump from your current CMS (or lack thereof) and make the transition to Drupal, you want to know much it costs and exacting what that migration entails. First, there are several factors that have to be taken into an account before any Drupal development company can give you a quote. But, while there isn’t an exact price range for migrating to Drupal, you can do some in-house work to keep your migration costs down and prepare your team for the migration, keeping headaches down too.

Read more

Mark Morton: Why we chose an open source website

Filed under
OSS
Drupal

Platforms like Wordpress and Drupal, which are maintained by a community of users, can be a cost-effective and flexible option for charities, writes the digital media manager at Epilepsy Action

Read more

Also: Sydney developer brings open source e-commerce to WordPress

Australian government Drupal-based CMS goes live

Filed under
OSS
Drupal

GovCMS, the Australian government's new cloud-based web content management system, has gone live on Australia.gov.au, the federal government's chief technology officer, John Sheridan, said at a media briefing in Sydney on Tuesday. The site receives more than 2 million visitors each month, and is the first site to migrate to the platform.

The Department of Finance has developed govCMS, an Australian government-specific distribution of the Drupal open-source content management platform, in conjunction with Acquia — a company founded by Drupal's creator, Dries Buytaert, to provide commercial-grade support for the platform.

Read more

Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003

Filed under
Drupal
Security

This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal.

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Read more

Jeffrey McGuire From Acquia Explains Drupal 8, the GPL, and Much More

Filed under
Interviews
Drupal

Jeffrey McGuire

Tux Machines has run using Drupal for nearly a decade (the site is older than a decade) and we recently had the pleasure of speaking with Jeffrey A. "jam" McGuire, Open Source Evangelist at Acquia, the key company behind Drupal (which the founder of Drupal is a part of). The questions and answers below are relevant to many whose Web sites depend on Drupal.

1) What is the expected delivery date for Drupal 8 (to developers) and what will be a good point for Drupal 6 and 7 sites to advance to it?

 

Drupal 8.0.0 beta 1 came out on October 1, 2014, during DrupalCon Amsterdam. It’s a little early for designers to port their themes, good documentation to be written, or translators to finalise the Drupal interface in their language – some things are still too fluid. For coders and site builders, however, it’s a great time to familiarise yourself with the new system and start porting your contributed modules. Read this post by Drupal Project Lead, Dries Buytaert; it more thoroughly describes who and what the beta releases are and aren’t good for: “Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch when necessary. Beta releases are not recommended for non-technical users, nor for production websites.”

 

With a full Release Candidate or 8.0.0 release on the cards for some time in 2015, now is the perfect time to start planning and preparing your sites for the upgrade to Drupal 8. Prolific Drupal contributor Dave Reid gave an excellent session at DrupalCon Amsterdam, “Future-proof your Drupal 7 Site”, in which he outlines a number of well-established best practices in Drupal 7 that will help you have a smooth migration when it is time - as well as a number of deprecated modules and practices to avoid.

 

2) What is the importance of maintaining API and module compatibility in future versions of Drupal and how does Acquia balance that with innovation that may necessitate new/alternative hooks and functions?

 

The Drupal community, which is not maintained or directed by Acquia or any company, has always chosen innovation over backward compatibility. Modules and APIs of one version have never had to be compatible with other versions. The new point-release system that will be used from Drupal 8.0.0 onwards - along with new thinking among core contributors and the broader community - may change this in future. There has been discussion, for example, of having APIs valid over two releases, guaranteeing that a Drupal 8 module would still work in Drupal 9 and that a Drupal 9 module would work in Drupal 10. Another possibility is that this all may be obviated in the future as moves toward broad intercompatibility in PHP lead to the creation of PHP libraries with Drupal implementations rather than purely Drupal modules.

 

3) Which Free/libre software project do you consider to be the biggest competitor of Drupal?

 

The “big three” FOSS CMSs – Drupal, Wordpress, and Joomla! – seem to have settled into roughly defined niches. There is no hard and fast rule to this, but Wordpress runs many smaller blogs and simpler sites; Joomla! projects fall into the small to medium range; and Drupal projects are generally medium to large to huge and complex. Many tech people with vested interests in one camp or another may identify another project as “frenemies” and compete with these technologies when bidding for clients, but the overall climate between the various PHP and open source projects is friendly and open. Drupal is one of the largest free/libre projects out there and doesn’t compete with other major projects like Apache, Linux, Gnome, KDE, or MySQL. Drupal runs most commonly on the LAMP stack and couldn’t exist or work at all without these supporting free and open source technologies.

 

NB – I use the term “open source” as synonymous shorthand for “FOSS, Free and Open Source Software, and/or Free/libre software”.

 

4) Which program -- proprietary or Free/libre software -- is deemed the biggest growth opportunity for Drupal?

 

Frankly, all things PHP. Drupal’s biggest growth opportunity at present is its role as an innovator and “meta-project” in the current “PHP Renaissance”. While fragmented at times in the past, the broader PHP community is now rallying around common goals and standards that allow for extensive compatibility and interoperability between projects. For the upcoming Drupal 8 release, the project has adopted object-oriented coding, several components from the Symfony2 framework, a more up-to-date minimum version of PHP (5.4 as of October 2014), and an extensive selection of external libraries.

 

On the one hand, Drupal being at the heart of the action in PHP-Land allows it and its community of innovators to make a more direct impact and spread its influence. On the other hand, it is now also able to attract even more developers from a variety of backgrounds to use and further develop Drupal. A Symfony developer (who has had a client website running on Drupal 8 since summer 2014) told me that looking under the hood in Drupal 8, “felt very familiar, like looking at a dialect of Symfony code.”

 

NB – I use the term “open source” as synonymous shorthand for “FOSS, Free and Open Source Software, and/or Free/libre software”.

5) To what degree did Drupal succeed owing to the fact that Drupal and all contributed files are licensed under the GNU GPL (version 2 or 3)?

 

“Building on the shoulders of giants” is a common thread in free and open source software. The GPL licenses clearly promote a culture of mutual sharing. This certainly applies to Drupal, where I can count on huge advantages thanks to benefitting from more than twelve years of development, 100k+ active users, running something like 2% of the Web for thousands of businesses, and millions of hours of coding and best practices by tens of thousands of active developers. Our code being GPL-licensed and collected in a central repository on Drupal.org has allowed us to build upon the strengths of each other’s work in a Darwinian environment (”bad code dies or gets fixed” - Jeff Eaton) where the best code rises to the top and becomes even better thanks to the attention of thousands of site owners and developers. The same repository has contributed to a reputation economy where bad actors and dubious or dangerous code has little chance of survival.

 

The GPL 2 is business friendly in that the license specifically allows for commercial activity and has been court tested. As a result, there is very little legal ambiguity in adopting GPL-licensed code. It also makes clear cases for when code needs to be shared as open source and when it doesn't (allowing for sites to use Drupal but still have "proprietary" code). The so-called “Web Services Loophole” caused some controversy and discussion, but also opened the way to SaaS products being built on free/libre GPL code. Drupal Project Lead Dries Buytaert explained this back in 2006 (read the full post here):

 

“The General Public License 2 (GPL 2), mandates that all modifications also be distributed under the GPL. But when you are providing a service through the web using GPL'ed software like Drupal, you are not actually distributing the software. You are providing access to the software. Thus, a way to make money with Drupal is to sell access to a web service built on top of Drupal. This is commonly referred to as the web services loophole.”

 

Business models remain challenging in a GPL world; nothing is stopping me from selling you GPL code, but nothing is stopping you from passing it on to anyone else either. App stores, for example, are next to impossible to realise under these conditions. Most Drupal businesses are focused on value add services like site building, auditing and consulting of various kinds, hosting, and so on, with a few creating SaaS or PaaS offerings of one kind or another.

 

NB – I use the term “open source” as synonymous shorthand for “FOSS, Free and Open Source Software, and/or Free/libre software”.

 

6) What role do companies that build, maintain and support Drupal sites play in Acquia's growth and in Drupal's growth?

 

Acquia was the first company to offer SLA-based commercial support for Drupal (a Service Level Agreement essentially says, “In return for your subscription, Acquia promises to respond to your problems within a certain time and in a certain manner”). The specifics of response time and action vary according to the level of subscription, but these allowed a new category of customer to adopt Drupal: The Enterprise.

 

Enterprise adoption – think Whitehouse.gov, Warner Music, NBC Universal, Johnson & Johnson – of Drupal resulted in increased awareness and therefore even further increased adoption (and improvement) of the platform over time. Everyone who delivers a successful Drupal project for happy clients improves Drupal for everyone else involved. The more innovative projects there are, the more innovation flows back into our codebase. The more happy customers there are, the more likely their peers are to adopt Drupal, too. Finally, the open source advantage also comes into play: it behooves Drupal service providers to give the best possible service and deliver the highest-quality sites and results. If they don’t, there is no vendor lock-in and being open source at scale also means you can find another qualified Drupal business to work with if it becomes necessary. Acquia and the whole, large Drupal vendor ecosystem simultaneously compete, cooperatively grow the project (in code and happy customer advocates), and act as each other’s safety net and guarantors.

 

NB – I use the term “open source” as synonymous shorthand for “FOSS, Free and Open Source Software, and/or Free/libre software”.

 

7) How does Acquia manage and coordinate the disclosure of security vulnerabilities, such as the one disclosed on October 15th?

Acquia as an organisation is an active, contributing member of the Drupal community and it adheres strictly to the Drupal project’s security practices and guidelines, including the Drupal project’s strict procedure for reporting security issues. Many of Acquia’s technical employees are themselves active Drupal contributors; as of October 2014, ten expert Acquians also belong to the Drupal Security Team. Acquia also works closely with other service providers, whether competitors or partners, in the best interests of all of us who use and work with Drupal. This blog post, “Shields Up!”, by Moshe Weizman explains how Acquia, in cooperation with the Drupal Security Team and some other Drupal hosting companies, dealt with the recent “Drupalgeddon” security vulnerability.

Syndicate content

More in Tux Machines

A Fedora 22 beta walk-through

The new Fedora, with its GNOME 3.16 interface, is an interesting, powerful Linux desktop. Read more Also: Web software center for Fedora Red Hat's Cross-Selling and Product Development Will Power Long-Term Growth Red Hat Updates Open Source Developer and Admin Tools

Unix and Personal Computers: Reinterpreting the Origins of Linux

So, to sum up: What Linus Torvalds, along with plenty of other hackers in the 1980s and early 1990s, wanted was a Unix-like operating system that was free to use on the affordable personal computers they owned. Access to source code was not the issue, because that was already available—through platforms such as Minix or, if they really had cash to shell out, by obtaining a source license for AT&T Unix. Therefore, the notion that early Linux programmers were motivated primarily by the ideology that software source code should be open because that is a better way to write it, or because it is simply the right thing to do, is false. Read more Also: Anti-Systemd People

Kubuntu 15.04 With Plasma 5.3 - A Totally Different Kubuntu

The latest version of Kubuntu, 15.04, aka Vivid Vervet was released last week and it's available for free download. With this release it has become the first major distro to ship Plasma 5 as the default desktop environment. There are chances that some users may still have bad memories of Kubuntu. It's true. Back in 2011 when Ubuntu made a switch to Unity, I started looking for alternatives as their desktop environment was not suited for me. I started trying KDE-based distros and Kubuntu was among the top choices. However my experience with the distro was mixed. It was buggy, bloated and GTK apps would look ugly in it. That's when I found openSUSE and settled down with it. Read more More on KDE:

  • KActivities powered recent media in Plasma Media Center
    As you may have already read the blog post from Eike Hein about Building on new pillars: Activities and KPeople in Plasma 5.3, activities can provide the useful information about the recent applications and resources used by them.
  • kreenshot-editor is incubating
    Now, kreenshot-editor is a new Qt-based project that was inspired by Greenshot’s image editor. It is hosted on KDE playground. It focuses on the image editing task, can be invoked from command line and should also provide a resuable editor component which could be integrated into other screencapture tools. The current code is already separated into an image editor widget and the main application.
  • Spring break for the KDE system monitor

64-bit STB SoC supports 4K video and Android TV

Marvell announced an “Ultra” version of its Android-focused Armada 1500 STB SoC that advances to a 64-bit, quad-core Cortex-A53 foundation for 4K delivery. The Armada 1500 Ultra (88DE3218) is designed to “enable PayTV operators and set-top box (STB) manufacturers to cost-effectively deliver small form factor devices with feature-rich 4K entertainment and gaming services,” says Armada. As with earlier Armada 1500 system-on-chips, it’s primarily focused on Android, with specific support for Android TV Read more