Language Selection

English French German Italian Portuguese Spanish

Drupal

Whitehouse.gov Moves From Drupal to WordPress in CMS Shift

Filed under
Drupal

Eight years ago, the Obama administration chose an open-source content management system to power the whitehouse.gov website. In 2017, the Trump administration also chose an open-source CMS, albeit a different one from what has been in use since 2009.

In October 2009, the open-source Drupal CMS was chosen to power the whitehouse.gov website, a move that was heralded at the time as a big win for both Drupal and open source. With relatively little fanfare, the whitehouse.gov website was relaunched on Dec. 15 using a WordPress CMS, instead of Drupal.

Read more

Drupal Association and Project Lead Statement Regarding Larry Garfield

Filed under
Drupal

We recognize that events and conversations earlier this year surfaced many concerns and needs within the community. One in particular is related to Larry Garfield’s role within Drupal. After several conversations with Larry, and careful consideration, we can now provide an update to this situation, our decisions, and Larry’s role moving forward.

We thank you for your patience while we spent many hours meeting with Larry and outside experts to resolve this matter. We recognize that actions were taken quickly before, which resulted in poor communication, and we wanted to avoid this happening again. We made sure to provide the proper time and attention these conversations needed before releasing this follow-up post.

We know our poor communication in the past led to frustration with us and pain for others. For that, we are sorry. We want to learn from this and improve. We listened to the community’s request to provide more streamlined, clear, and easy-to-follow communication. So, this post includes a statement from Dries Buytaert, as Project Lead, followed by a statement from Megan Sanicki, Executive Director of the Drupal Association.

[...]

Larry's subsequent blog posts harmed the community and had a material impact on the Drupal Association, including membership cancellations from those who believed we doxed, bullied, and discriminated against Larry as well as significant staff disruption. Due to the harm caused, the Drupal Association is removing Larry Garfield from leadership roles that we are responsible for, effective today.

[...]

As long as Larry does not harm or disrupt the project, he will continue to be a member of the community as an individual contributor. However, we reserve the right to remove Larry's individual contributor roles if that is not the case. Also, we recognize that situations can change over time, so the Drupal Association will revisit these decisions in two years.

I recognize that my communication to Larry and with the community did not provide transparency into this situation and I apologize for the pain and confusion that caused. Our advisors told us not to share these details in order to protect all parties pending evaluation from authorities. Also, when Larry shared these details during the appeal process, he asked us to keep them confidential. It is my hope that this statement provides the clarity that many have been requesting.

Read more

German firms unveil DeGov eGovernment platform

Filed under
OSS
Drupal

German ICT service providers are pooling their work on public administration portals, leveraging open source software. The companies unveiled DeGov, a portal solution built on Drupal 8, at the ‘Drupal in der öffentlichen Verwaltung’ (Drupal in public administration) conference in Düsseldorf on 17 November.

Read more

FOSS CMS News

Filed under
OSS
Drupal
Web
  • WordPress, Joomla, Drupal, More: Keeping Up With Open Source CMS

    Due to its organic nature, the world of open source software is in constant flux, which makes it difficult to keep tabs on.

    To keep you in the loop, I’m kicking off a monthly roundup of open source CMS news, starting today.

    Here are your latest open source CMS highlights.

  • 4 open source peer-to-peer marketplaces

    What happens if your startup can't afford one of these proprietary solutions or you need customized features? You go look for an open source alternative that could open the space for new solutions and modules. Here are four peer-to-peer marketplaces that are working to become the Wordpress or Prestashop of their kind.

The future of Drupal could be cooking in this lab

Filed under
Drupal

Acquia Labs has no illusions of making self-driving cars or shooting things into space like Google X, but the budding applied research arm of enterprise open-source Drupal provider Acquia does have designs on a slew of new applications for what it anticipates will be an increasingly browserless world.

Preston So, development manager at Acquia Labs and a 9-year veteran of the Drupal community, shared his vision for Acquia’s skunkworks-plus outfit at the company’s annual Engage event for customers held in Boston this week.

Read more

FOSS CMS News

Filed under
OSS
Drupal
  • The Wix Mobile App, a WordPress Joint

    Anyone who knows me knows that I like to try new things — phones, gadgets, apps. Last week I downloaded the new Wix (closed, proprietary, non-open-sourced, non-GPL) mobile app. I’m always interested to see how others tackle the challenge of building and editing websites from a mobile device.

    I started playing around with the editor, and felt… déjà vu. It was familiar. Like I had used it before.

    Turns out I had. Because it’s WordPress.

  • WordPress and Wix Are Fighting About Open Source Software

    So WordPress and Wix are fighting one another – and I'm not talking about them competing for customers. Instead, the two website building heavyweights are having a brawl via the blogosphere.

  • Attackers use patched exploits to hit Joomla! sites
  • Joomla websites attacked en masse using recently patched exploits

    Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.

    The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.

  • Georgia state government earns national recognition for web accessibility

    Georgia's enterprise web platform runs on Drupal 7, which includes many accessibility features in its baseline code and structure. That makes it easier for any new site to build in accessibility from day one. This comes with the caveat that not all modules are accessible, and plenty can be coded and designed without accessibility in mind, meaning that just using Drupal does not make a site accessible to users with disabilities. That said, even in its original implementation with Drupal 7 in 2012, Georgia's web publishing platform was built to meet federal accessibility standards (Section 508, for those of you interested in the details).

    From there, when the product team wanted to improve the platform's underlying code to meet the more modern WCAG 2.0 AA accessibility guidelines, they were working from a flexible and scalable base.

FOSS CMS News

Filed under
Software
OSS
Drupal
  • Wix denies allegations it stole WordPress code, says it open sourced work

    A day after being on the receiving end of allegations that it not only stole code from WordPress, it also failed to contribute back to the open-source community, Wix has responded, saying that the claims against it are baseless and that its do-it-yourself website building platform has been operating in good faith.

    In an open letter to WordPress creator Matt Mullenweg, Wix chief executive and cofounder Avishai Abrahami answered every criticism leveled at his company. He admitted that Wix did use WordPress’ open source library for “a minor part of the application,” but claimed that every modification or improvement the team made was submitted back as open source. Mullenweg had said previously that Wix’s mobile app editor, which was released this month, was built using “stolen code.”

  • Wix Delivers Weak Response To Stolen WordPress Code Claims

    Recently, Automattic CEO Matt Mullenweg’s accused Wix of stealing source code from WordPress and using it in the company’s mobile app “without attribution, credit, or following the license”. Wix, deciding it was best not to let Mullenweg’s stipulations go unchallenged, has fired back with a double-barrelled, if wishy-washy, reply.

    Matt Mullenweg’s letter garnered not one, but two responses from Wix: the first from CEO Avishai Abrahami and the second via the company’s lead engineer Tal Kol.

  • WordPress Creator Matt Mullenweg Blasts Wix, Avishai Abrahami Responds

    Matt Mullenweg, the creator of WordPress, is not happy with the editor used in the Wix mobile app, saying the web building service copied his platform. Wix.com's CEO Avishai Abrahami responds to Mullenweg's accusations.

    Mullenweg said in his blog that Wix's mobile app seems familiar to him, it's like he had used it before. He said he has because it's WordPress.

    "If I were being honest, I'd say that Wix copied WordPress without attribution, credit, or following the license," he said. "Wix has always borrowed liberally from WordPress - including their company name, which used to be Wixpress Ltd. - but this blatant rip-off and code theft is beyond anything I've seen before from a competitor."

  • Nasdaq Taps Open Source Tech for IR

    Nasdaq Corporate Solutions, a business line of Nasdaq, Inc., is banking on the collective input from users of Drupal open-source web content management technology to empower its platform for IR websites.

  • Moodle Installation Made Easy

    Moodle is a very popular course-management system, equivalent to Blackboard, but entirely free and open source. This short YouTube video by Moodle expert Nellie Deutsch explains how you can install Moodle in your cPanel with Softaculous in under 2 minutes.

Nasdaq Selects Drupal 8

Filed under
Drupal

Dries Buytaert announced today that Nasdaq Corporate Solutions has selected Drupal 8 and will work with Acquia to create its Investor Relations Website Platform. In the words of Angela Byron, a.k.a "Webchick", "This is a big freakin' deal."

Read more

Direct: Nasdaq using Drupal 8 for new Investor Relations websites

A brief history of Drupal from 1.0 to 8.0

Filed under
Drupal

Drupal began as a forum for a few friends to monitor their shared Internet connection, which "was expensive and being spliced between them," according to Jared Whitehead's The rise of Drupal and the fall of closed source. Today, it's one of the most popular content management systems out there, competing with powerhouses like WordPress.

So, what has the Drupal community done to ensure continued competitiveness, usability, and overall sustainability? In this article, I'll walk you through Drupal's evolution chronologically, including key design decisions and feature upgrades. My sources include the History of Drupal: from Drop 1.0 to Drupal 8.0 slideshow by WebSolutions HR and Drupal's CHANGELOG.txt.

Read more

FOSS content management systems (CMS)

Filed under
OSS
Drupal
Web
  • How to Resolve Your Open Content Management Quandary

    After years of development and competition, open source content management systems (CMS) have proliferated and are very powerful tools for building, deploying and managing web sites, blogs and more. You're probably familiar with some of the big names in this arena, including Drupal (which Ostatic is based on) and Joomla.

    As we noted in this post, selecting a CMS to build around can be a complicated process, since the publishing tools provided are hardly the only issue. The good news is that free, sophisticated guides for evaluating CMS systems have flourished. There are even good options for trying open CMS systems online before you choose one. Here, in this newly updated post, you'll find some very good resources.

    he first thing to pursue as you evaluate CMS systems to deploy, including the many free, good platforms, is an overview of what is available. CMSMatrix.org is a great site for plotting out side-by-side comparisons of what CMS systems have to offer. In fact, it lets you compare the features in over 1200 content management system products. Definitely take a look. This site also has a good overview of the options.

  • Postleaf is an open-source blogging platform for the design-conscious

    Content management systems are boring until you have to use one. You can install a little Drupal or WordPress, pick up some Squarespace, or just dump to Medium, the graveyard for posts about protein shakes and VC funding. But what if you could roll your own CMS? And what if you made it really cool?

    That’s what Cory LaViska did. LaViska is the founder of SurrealCMS and has been making it easy to edit stuff on the web for nine years. Rather than build and sell an acceptable CMS, however, he took all of his best ideas and made a far better CMS. And he made it open source and called it Postleaf.

Syndicate content

More in Tux Machines

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

  • Another Face to Face: Email Changes and Crypto Policy
    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended. One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre
    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure. For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.
  • Addressing Meltdown and Spectre in the kernel
    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly. First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.
  • Is it time for open processors?
    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea. Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.
  • Notes from the Intelpocalypse
    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel. All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks. A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.

US Sanctions Against Chinese Android Phones, LWN Report on Eelo

  • A new bill would ban the US government from using Huawei and ZTE phones
    US lawmakers have long worried about the security risks posed the alleged ties between Chinese companies Huawei and ZTE and the country’s government. To that end, Texas Representative Mike Conaway introduced a bill last week called Defending U.S. Government Communications Act, which aims to ban US government agencies from using phones and equipment from the companies. Conaway’s bill would prohibit the US government from purchasing and using “telecommunications equipment and/or services,” from Huawei and ZTE. In a statement on his site, he says that technology coming from the country poses a threat to national security, and that use of this equipment “would be inviting Chinese surveillance into all aspects of our lives,” and cites US Intelligence and counterintelligence officials who say that Huawei has shared information with state leaders, and that the its business in the US is growing, representing a further security risk.
  • U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources
    U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said. The warning comes after the administration of U.S. President Donald Trump took a harder line on policies initiated by his predecessor Barack Obama on issues ranging from Beijing’s role in restraining North Korea to Chinese efforts to acquire U.S. strategic industries. Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei [HWT.UL] handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.
  • Eelo seeks to make a privacy-focused phone
    A focus on privacy is a key feature being touted by a number of different projects these days—from KDE to Tails to Nextcloud. One of the biggest privacy leaks for most people is their phone, so it is no surprise that there are projects looking to address that as well. A new entrant in that category is eelo, which is a non-profit project aimed at producing not only a phone, but also a suite of web services. All of that could potentially replace the Google or Apple mothership, which tend to collect as much personal data as possible.

today's howtos

Mozilla: Resource Hogs, Privacy Month, Firefox Census, These Weeks in Firefox

  • Firefox Quantum Eats RAM Like Chrome
    For a long time, Mozilla’s Firefox has been my web browser of choice. I have always preferred it to using Google’s Chrome, because of its simplicity and reasonable system resource (especially RAM) usage. On many Linux distributions such as Ubuntu, Linux Mint and many others, Firefox even comes installed by default. Recently, Mozilla released a new, powerful and faster version of Firefox called Quantum. And according to the developers, it’s new with a “powerful engine that’s built for rapid-fire performance, better, faster page loading that uses less computer memory.”
  • Mozilla Communities Speaker Series #PrivacyMonth
    As a part of the Privacy Month initiative, Mozilla volunteers are hosting a couple of speaker series webinars on Privacy, Security and related topics. The webinars will see renowned speakers talking to us about their work around privacy, how to take control of your digital self, some privacy-security tips and much more.
  • “Ewoks or Porgs?” and Other Important Questions
    You ever go to a party where you decide to ask people REAL questions about themselves, rather than just boring chit chat? Us, too! That’s why we’ve included questions that really hone in on the important stuff in our 2nd Annual Firefox Census.
  • These Weeks in Firefox: Issue 30