Language Selection

English French German Italian Portuguese Spanish

Drupal

The current state of Drupal security

Filed under
Interviews
Drupal
Security

Greg Knaddison has worked for big consulting firms, boutique software firms, startups, professional service firms, and former Drupal Security Team leader. He is currently the director of Engineering at CARD.com and a Drupal Association advisory board member.

Michael Hess works with the University of Michigan School of Information and the UM Medical Center teaching three courses on content management platforms and overseeing the functionality of hundreds of campus websites. He serves in a consulting and development role for many other university departments and is the current Drupal Security Team leader. He also consults with BlueCross on large-scale medical research projects. Hess is a graduate of the University of Michigan School of Information with a master's degree in information.

Read more

How containers will shape the Drupal ecosystem

Filed under
Server
Drupal

I recently had the opportunity to interview David Strauss about how Pantheon uses containers to isolate many Drupal applications from development to production environments. His upcoming DrupalCon talk, PHP Containers at Scale: 5K Containers per Server, will give us an idea of the techniques for defining and configuring containers to get the most out of our infrastructure resources.

Having recently dove into the container realm myself, I wanted to learn from the experts about the challenges of managing containers in a production environment. Running millions of production containers related to Drupal, David is certainly an expert resource to ask about this subject. I look forward to learning more details at DrupalCon!

Read more

Building better pages in Drupal with Paragraphs

Filed under
Interviews
Drupal

When you’re publishing anything online, the way you lay out your content can be as important as the content itself. A good layout can help readers better interact and consume that content.

Users of content management systems like Drupal have a number of options that allow them to create very attractive, very usable layouts. That’s one factor that drew Murray Woodman to Drupal. He co-founded Morpht, a Drupal-based web development shop in Sydney, Australia. He found that Drupal 6 provided a level of freedom and productivity, and hasn’t looked back.

One Drupal module for laying out pages that Woodman is keen on is Paragraphs. I caught up with Woodman ahead of his talk at DrupalCon 2015, and he kindly shared his insights into the Paragraphs module.

Read more

Also: 4 tips for building a successful CMS

govCMS to release its own Drupal distribution

Filed under
Drupal

The government's govCMS project will make its own Drupal distribution publicly available for download, it announced today.

The distribution will be a fork of the aGov distribution, which was developed by local development shop PreviousNext and is the building block for govCMS sites.

aGov was released in 2013 after a beta period involving a number of federal and state government agencies. High profile end users include the NSW government's 'one stop shop' for services, Service NSW.

Read more

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Filed under
Drupal
Security

On October 29, 2014, the Drupal Security Team released advisory identifier DRUPAL-PSA-2014-003. This advisory informed administrators of Drupal-based Web sites that all Drupal-based Web sites utilizing vulnerable versions of Drupal should be considered compromised if they were not patched/upgraded before 2300 UTC on October 15, 2014 (seven hours following the initial announcement of the vulnerability in SA-CORE-2014-005).

In the case of the Drupageddon vulnerability, the database abstraction layer provided by Drupal included a function called expandArguments that was used in order to expand arrays that provide arguments to SQL queries utilized in supporting the Drupal installation. Due to the way this function was written, supplying an array with keys (rather than an array with no keys) as input to the function could be used in order to perform an SQL injection attack.

Read more

Git Success Stories and Tips from Drupal Core Committer Angie Byron

Filed under
Drupal

The Git revision control system is “at the center” of Drupal's hyper-collaborative community says Drupal core committer Angie Byron. The open source content management platform has 37,802 developers with Git commit access, and about 1,300 actively committing each month, she says.

“Git (was) the smartest/safest choice for our community, and a choice that definitely paid off,” said Byron, who is also the director of community development at Acquia.

Read more

Higher ed finds increasing value in open source CMS options

Filed under
OSS
Drupal

"The university has since launched somewhere between 350 and 400 websites, all built on Drupal 7," writes Schaffhauser "While the CMS is centrally managed to keep the system updated, it grants individual colleges, programs and departments the flexibility to put up their own images, update text as they want, add and move site objects (themes, content types and Drupal "modules") and "essentially have a custom look with a managed system," [director of university Web services, Mark] Albert explained to Campus Technology.

Read more

The Changing Cost of Open Source

Filed under
OSS
Drupal

At one time higher ed wanted community-built software because of the $0 price tag; now many universities are paying somebody else to keep open source projects moving forward.

Read more

4 tips for how to migrate to Drupal

Filed under
OSS
Drupal

Well, to jump from your current CMS (or lack thereof) and make the transition to Drupal, you want to know much it costs and exacting what that migration entails. First, there are several factors that have to be taken into an account before any Drupal development company can give you a quote. But, while there isn’t an exact price range for migrating to Drupal, you can do some in-house work to keep your migration costs down and prepare your team for the migration, keeping headaches down too.

Read more

Mark Morton: Why we chose an open source website

Filed under
OSS
Drupal

Platforms like Wordpress and Drupal, which are maintained by a community of users, can be a cost-effective and flexible option for charities, writes the digital media manager at Epilepsy Action

Read more

Also: Sydney developer brings open source e-commerce to WordPress

Syndicate content

More in Tux Machines

KDE/Qt: Qt 3D, Kube/Kolab, GSoC, and Atelier (3-D Printing)

  • What a mesh!
    With all the advances being made in Qt 3D, we wanted to create some new examples showing some of what it can do. To get us started, we decided to use an existing learning framework, so we followed the open source Tower Defence course, which you can find at CGCookie. Being a game, it allows an interactive view of everything at work, which is very useful.
  • Last week in Kube
    Perhaps if Windows wasn’t such a PITA there would be more progress
  • GSoC 2018: Week 4 & 5
    The last 2 weeks were mainly dedicatd for reviews and testing and thanks to my mentors, I passed the first evaluation with good work till now. Some significant changes were made on discussion with my mentors during the last 2 weeks in the code and some new features.
  • Giving Atelier some Love
    I work for atelier together with Chris, Lays and Patrick for quite a while, but I was basically being the “guardian angel” of the project being invocked when anything happened or when they did not know how to proceed (are you a guardian angel of a project? we have many that need that) For instance I’v done the skeleton for the plugin system, the buildsystem and some of the modules in the interface, but nothing major as I really lacked the time and also lacked a printer.

Proprietary Software on GNU/Linux

  • Winepak – Install Windows Apps and Games on Linux via Flatpak
    A reason for Linux not being more used as added in the comments section of a recent article is “Adobe and Games“. Well, there is a latest Linux bad guy in town and it is here to comfort us in a cooler way than Wine.
  • Mark Text Markdown Editor Adds Sidebar And Tabs Support
    Mark Text is a somewhat new free and open source Electron Markdown editor for Windows, Mac and Linux, which supports the CommonMark Spec and the GitHub Flavored Markdown Spec. The app features a seamless live preview using Snabbdom as the render engine, multiple edit modes (Typewriter, Source Code and Focus), includes code fence support, light and drak themes, emoji auto-completion, and export to PDF, HTML or styled HTML.
  • Google’s VR180 Creator Makes It Easier to Edit VR Video on Linux
    It’s called “VR180 Creator” (catchy) and the tool aims to make it easier for people to edit video shot on 180-degree and 360-degree devices like the Lenovo Mirage camera (pictured opposite). And boy is just-such a tool needed! VR180 Creator: Easier VR Video Editing Editing VR video is, to be perfectly frank, a pain in the rump end. So by releasing this new, open-source tool for free Google is being rather smart.Anything that makes it easier for consumers and content creators to edit VR on something other than a high-end specialist rig is going to help the format flourish.

Devuan GNU+Linux 2.0.0 "ASCII"

When I am trying out a desktop distribution, what really tends to divide the field of Linux distributions in my mind is not whether the system uses MATE or Plasma, or whether the underlying package manager uses RPM or Deb files. What tends to leave a lasting impression with me is whether the desktop environment, its applications and controls feel like a cooperative, cohesive experience or like a jumble of individual tools that happen to be part of the same operating system. In my opinion Ubuntu running the Unity desktop and Linux Mint's Cinnamon desktop are good examples of the cohesive approach. The way openSUSE's administration tools work together provides another example. Like them or hate them, I think most people can see there is an overall design, a unifying vision, being explored with those distributions. I believe Devuan falls into the other category, presenting the user with a collection of utilities and features where some assembly is still required. This comes across in little ways. For example, many distributions ship Mozilla's Firefox web browser and the Thunderbird e-mail client together as a set, and they generally complement each other. Devuan ships Firefox, but then its counterpart is the mutt console e-mail program which feels entirely out of place with the rest of the desktop software. The PulseAudio sound mixing utility is included, but its system tray companion is not present by default. Even the system installer, which switches back and forth between graphical windows and a text console, feels more like a collection of uncoordinated prompts rather than a unified program or script. Some people may like the mix-and-match approach, but I tend to prefer distributions where it feels like the parts are fitted together to create a unified experience. What I found was that Devuan provided an experience where I had to stop and think about where items were or how I was going to use them rather than having the pieces seamlessly fit together. However, once I got the system set up in a way that was more to my liking, I appreciated the experience provided. Devuan offers a stable, flexible platform. Once I shaped the operating system a little, I found it to be fast, light and capable. Having a fairly large repository of software available along with Flatpak support provided a solid collection of applications on a conservative operating system foundation. It was a combination I liked. In short, I think Devuan has some rough edges and setting it up was an unusually long and complex experience by Linux standards. I certainly wouldn't recommend Devuan to newcomers. However, a day or two into the experience, Devuan's stability and performance made it a worthwhile journey. I think Devuan may be a good alternative to people who like running Debian or other conservative distributions such as Slackware. I suspect I may soon be running Devuan's Raspberry Pi build on my home server where its lightweight nature will be welcome. Read more Also: deepin 15.6 Released With New Features: Get This Beautiful Linux Distro Here

Android Leftovers