Language Selection

English French German Italian Portuguese Spanish

Drupal

The current state of Drupal security

Filed under
Interviews
Drupal
Security

Greg Knaddison has worked for big consulting firms, boutique software firms, startups, professional service firms, and former Drupal Security Team leader. He is currently the director of Engineering at CARD.com and a Drupal Association advisory board member.

Michael Hess works with the University of Michigan School of Information and the UM Medical Center teaching three courses on content management platforms and overseeing the functionality of hundreds of campus websites. He serves in a consulting and development role for many other university departments and is the current Drupal Security Team leader. He also consults with BlueCross on large-scale medical research projects. Hess is a graduate of the University of Michigan School of Information with a master's degree in information.

Read more

How containers will shape the Drupal ecosystem

Filed under
Server
Drupal

I recently had the opportunity to interview David Strauss about how Pantheon uses containers to isolate many Drupal applications from development to production environments. His upcoming DrupalCon talk, PHP Containers at Scale: 5K Containers per Server, will give us an idea of the techniques for defining and configuring containers to get the most out of our infrastructure resources.

Having recently dove into the container realm myself, I wanted to learn from the experts about the challenges of managing containers in a production environment. Running millions of production containers related to Drupal, David is certainly an expert resource to ask about this subject. I look forward to learning more details at DrupalCon!

Read more

Building better pages in Drupal with Paragraphs

Filed under
Interviews
Drupal

When you’re publishing anything online, the way you lay out your content can be as important as the content itself. A good layout can help readers better interact and consume that content.

Users of content management systems like Drupal have a number of options that allow them to create very attractive, very usable layouts. That’s one factor that drew Murray Woodman to Drupal. He co-founded Morpht, a Drupal-based web development shop in Sydney, Australia. He found that Drupal 6 provided a level of freedom and productivity, and hasn’t looked back.

One Drupal module for laying out pages that Woodman is keen on is Paragraphs. I caught up with Woodman ahead of his talk at DrupalCon 2015, and he kindly shared his insights into the Paragraphs module.

Read more

Also: 4 tips for building a successful CMS

govCMS to release its own Drupal distribution

Filed under
Drupal

The government's govCMS project will make its own Drupal distribution publicly available for download, it announced today.

The distribution will be a fork of the aGov distribution, which was developed by local development shop PreviousNext and is the building block for govCMS sites.

aGov was released in 2013 after a beta period involving a number of federal and state government agencies. High profile end users include the NSW government's 'one stop shop' for services, Service NSW.

Read more

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Filed under
Drupal
Security

On October 29, 2014, the Drupal Security Team released advisory identifier DRUPAL-PSA-2014-003. This advisory informed administrators of Drupal-based Web sites that all Drupal-based Web sites utilizing vulnerable versions of Drupal should be considered compromised if they were not patched/upgraded before 2300 UTC on October 15, 2014 (seven hours following the initial announcement of the vulnerability in SA-CORE-2014-005).

In the case of the Drupageddon vulnerability, the database abstraction layer provided by Drupal included a function called expandArguments that was used in order to expand arrays that provide arguments to SQL queries utilized in supporting the Drupal installation. Due to the way this function was written, supplying an array with keys (rather than an array with no keys) as input to the function could be used in order to perform an SQL injection attack.

Read more

Git Success Stories and Tips from Drupal Core Committer Angie Byron

Filed under
Drupal

The Git revision control system is “at the center” of Drupal's hyper-collaborative community says Drupal core committer Angie Byron. The open source content management platform has 37,802 developers with Git commit access, and about 1,300 actively committing each month, she says.

“Git (was) the smartest/safest choice for our community, and a choice that definitely paid off,” said Byron, who is also the director of community development at Acquia.

Read more

Higher ed finds increasing value in open source CMS options

Filed under
OSS
Drupal

"The university has since launched somewhere between 350 and 400 websites, all built on Drupal 7," writes Schaffhauser "While the CMS is centrally managed to keep the system updated, it grants individual colleges, programs and departments the flexibility to put up their own images, update text as they want, add and move site objects (themes, content types and Drupal "modules") and "essentially have a custom look with a managed system," [director of university Web services, Mark] Albert explained to Campus Technology.

Read more

The Changing Cost of Open Source

Filed under
OSS
Drupal

At one time higher ed wanted community-built software because of the $0 price tag; now many universities are paying somebody else to keep open source projects moving forward.

Read more

4 tips for how to migrate to Drupal

Filed under
OSS
Drupal

Well, to jump from your current CMS (or lack thereof) and make the transition to Drupal, you want to know much it costs and exacting what that migration entails. First, there are several factors that have to be taken into an account before any Drupal development company can give you a quote. But, while there isn’t an exact price range for migrating to Drupal, you can do some in-house work to keep your migration costs down and prepare your team for the migration, keeping headaches down too.

Read more

Mark Morton: Why we chose an open source website

Filed under
OSS
Drupal

Platforms like Wordpress and Drupal, which are maintained by a community of users, can be a cost-effective and flexible option for charities, writes the digital media manager at Epilepsy Action

Read more

Also: Sydney developer brings open source e-commerce to WordPress

Syndicate content

More in Tux Machines

today's howtos

Graphics: VC4 and AMDVLK Driver

  • VC4 display, VC5 kernel submitted
    For VC5, I renamed the kernel driver to “v3d” and submitted it to the kernel. Daniel Vetter came back right away with a bunch of useful feedback, and next week I’m resolving that feedback and continuing to work on the GMP support. On the vc4 front, I did the investigation of the HDL to determine that the OLED matrix applies before the gamma tables, so we can expose it in the DRM for Android’s color correction. Stefan was also interested in reworking his fencing patches to use syncobjs, so hopefully we can merge those and get DRM HWC support in mainline soon. I also pushed Gustavo’s patch for using the new core DRM infrastructure for async cursor updates. This doesn’t simplify our code much yet, but Boris has a series he’s working on that gets rid of a lot of custom vc4 display code by switching more code over to the new async support.
  • V3D DRM Driver Revised As It Works To Get Into The Mainline Kernel
    Eric Anholt of Broadcom has sent out his revised patches for the "V3D" DRM driver, which up until last week was known as the VC5 DRM driver. As explained last week, the VC5 driver components are being renamed to V3D since it ends up supporting more than just VC5 with Broadcom VC6 hardware already being supported too. Eric is making preparations to get this VideoCore driver into the mainline Linux kernel and he will then also rename the VC5 Gallium3D driver to V3D Gallium3D.
  • AMDVLK Driver Gets Fixed For Rise of the Tomb Raider Using Application Profiles
    With last week's release of Rise of the Tomb Raider on Linux ported by Feral Interactive, when it came to Radeon GPU support for this Vulkan-only Linux game port the Mesa RADV driver was supported while the official AMDVLK driver would lead to GPU hangs. That's now been fixed. With the latest AMDVLK/XGL source code as of today, the GPU hang issue for Rise of the Tomb Raider should now be resolved.

AMD Ryzen 7 2700X Linux Performance Boosted By Updated BIOS/AGESA

With last week's initial launch-day Linux benchmarks of the Ryzen 5 2600X / Ryzen 7 2700X some found the Linux performance to be lower than Windows. While the root cause is undetermined, a BIOS/AGESA update does appear to help the Linux performance significantly at least with the motherboard where I've been doing most of my tests with the Ryzen 7 2700X. Here are the latest benchmark numbers. Read more

GNU: The GNU C Library 2.28 and Guix on Android

  • Glibc 2.28 Upstream Will Build/Run Cleanly On GNU Hurd
    While Linux distributions are still migrating to Glibc 2.27, in the two months since the release changes have continued building up for what will eventually become the GNU C Library 2.28. The Glibc 2.28 work queued thus far isn't nearly as exciting as all the performance optimizations and more introduced with Glibc 2.27, but it's a start. Most notable at this point for Glibc 2.28 is that it will now build and run cleanly on GNU/Hurd without requiring any out-of-tree patches. There has been a ton of Hurd-related commits to Glibc over the past month.
  • Guix on Android!
    Last year I thought to myself: since my phone is just a computer running an operating system called Android (or Replicant!), and that Android is based on a Linux kernel, it's just another foreign distribution I could install GNU Guix on, right? It turned out it was absolutely the case. Today I was reminded on IRC of my attempt last year at installing GNU Guix on my phone. Hence this blog post. I'll try to give you all the knowledge and commands required to install it on your own Android device.
  • GNU Guix Wrangled To Run On Android
    The GNU Guix transactional package manager can be made to run on Android smartphones/tablets, but not without lots of hoops to jump through first.