Drupal

In an article about Drupal's security process my colleague Jam made the claim that Drupal was the "the world's largest open source CMS." I was dubious at first, but his claim has some merit. The first paragraph of his article links to a study by Henrik Ingo of openlife.cc.

The study compared the projects on metrics like:

• developers active /day
• commits/day
• loc/day
• developers active / month
• developers active all time
• companies all time

Using those metrics Henrik declared Drupal to be one the largest "CMS" project and one of the largest open source projects (approximately 6th overall). However, there are some weaknesses in the study. The study has incomplete data about Drupal (missing devs/day, locs/day, companies all time) and probably incomplete/innacurate data on the other projects. The study was limited to a subset of total projects and only 2 CMS. In comparing the CMS, it considers Wordpress core only but seems to be looking at all Drupal contributed modules when calculating commits/day (or it sampled a very active day for Drupal core!).

If Henrik is interested I would be very willing to get him the data he needs from Drupal to do a more accurate comparison of CMS projects. To be clear: I think Henrik's analysis is very interesting and useful but could be improved to be more accurate.

Bold claim heads towards a lie: Standing Cloud's Drupal Press Release

Standing Cloud wrote a press release which was printed verbatim by other "news" sources like sfgate.

<

blockquote>

This post was originally written in June of 2007 on pingv.com. Since that company is no longer in business, I revived it from the web archive. Thanks, web archive!

We've been in hiring mode for a while now. As most any Drupal Service provider will tell you, there's big demand for people and companies that have an expertise in Drupal. There's also a bit of a shortage of people to satisfy that demand. We've decided on a strategy of hiring great people regardless of Drupal experience and then getting them plugged into the "Drupal way" of doing things as quickly as we can.

There are really two pieces to that process - learning the Drupal code, API, modules and learning how to interact with the the Drupal community and the social values of that community. I distilled some information into a quick document that gives a guide to what I consider to be required reading and actions for anyone serious about being a full time Drupal developer.

Learn the Mantras and the Standards

"Code is gold." Idle discussion or complaining is not valued and will decrease your karma in the eyes of many. Contributing high quality issues, ideally with patches attached, is valued. But don't take the phrase too literally - "Code" is just one thing that's valued. In a big project like Drupal all substantive contributions (e.g. documentation, spam-policing) are valued.

I recently accepted a position as an employee at Acquia. I have been "my own boss" since about 2006. I had a brief stint as a part-time employee at a company that has now ceased operations, but for the most part I've been the "owner" of GVS.

Thoughts on GVS

I founded GVS with a few goals. I wanted a company that mirrored open source values of do-ocracy and collaborative decision making. In part this was to make it easy for us to hire community rock-stars and have them feel right at home. In reality that didn't work perfectly though it worked pretty darn well. In part this was because I don't really like being a "manager" and wanted to have an empowered independent team. That mostly worked :)

GVS has had a ton of amazing clients and projects. Some of my personal highlights I'm most proud of are the work on Economist.com, California Closets, and the Drupalcon Chicago site which really helped push forward the COD platform. Not everything turned out perfectly. We had our fair share of mistakes but I think in the end we at least were honest and did our best to deliver what we promised and what the client wanted.

One of the real highlights was that working at GVS allowed me to take a 9 month long trip through Spain, Argentina, Uruguay, Chile, Bolivia, and Peru with my wonderful wife. We visited 30+ wineries, drastically improved our Spanish, and had an amazing time. I've asked every employer I worked for to support me in doing that and none really did. Working for myself I could do that. Of course, it was a lot of work to make that a reality. I had to be aggressive about accepting certain clients that would be flexible with me while I was abroad and on flakey internet connections. I also used that time strategically by investing much more than normal in my community work which has had long term marketing benefits.

So, I'm a Drupal fanboy. Naturally. But there's been some amazing work recently by the Drupal Accessibility Team that I wanted to highlight.

Accessible CMS: Drupal!

According to Drupal's Statement on Accessibility:

This initiative started with advancements with Drupal 7 accessibility. We have committed to ensuring that all features of Drupal core conform with the Worldwide Web Consortium (W3C) guidelines: WCAG 2.0 and ATAG 2.0. Where possible we will also update the previous version of Drupal core, version 6, to enhance its accessibility.

That's a pretty bold statement. Perhaps even more exciting is the Drupal Accessibility Pledge where the maintainers of the thousands and thousands of contributed modules and themes agree that they are willing to work to fix problems if those problems are brought to their attention.

But who can bring the problems to their attention?

CMS Accessibility Team: Groups.drupal.org

Drupal has a large team of accessibility professionals who coordinate their efforts on groups.drupal.org and in irc and other community methods. This group of 374 individuals has been working since 2006 to make Drupal core and it's modules/themes more accessible. The group has over forum threads and hundreds of comments discussing ideas on how to achieve this. It's truly amazing work.

As one of the folks who helps make groups.drupal.org function I'm always inspired when people point to that site as the home of their team.

Aaron is a relatively famous SEM/SEO and has obviously built a lot of sites. After he migrated his main site, SEOBook.com to Drupal and then even made a optimistic prediction about the future of Drupal I was curious about Aaron's experiences and wanted to see what he had to say about the process and why he likes Drupal. He was kind enough to respond with these answers.

1. What initially motivated you to migrate seobook.com from MovableType to Drupal?

I originally used MovableType, but I wanted to create a site with premium content and permissions based access. The Drupal premium module facilitated that quite well. Plus my developer really liked Drupal and saw it as being extensible enough to do everything I wanted (integrate with our affiliate program, create a structured online training program , offer page by page control of premium or regular access, allow me to offer free snippets on some of the premium content, integrate with vBulletin forums, and integrate with the Paypal IPN).

2. What CMS (or mix of CMS) do you use as the basis for new projects?

Honestly most of my projects usually come in a couple waves. A small mini-site using flat files or server side incles, put up so I can start promoting it right away, and then as I decide to grow it out I typically switch off to Drupal or Wordpress on most sites. The really easy small and bloggy type projects get Wordpress, but Drupal is used on the more complex ones.

3. Was anything about Drupal particularly hard to get used to? Hard to migrate to? Anything particularly easy and beneficial?

The coolest thing to stick on your blog this days (since the release of Drupal6) is a series of screencast videos about Drupal6. Below are some of the videos about Drupal6 and the HTML you need to embed them into your blog. This page should make it easy for you to help spread the word about the Drupal6: Just pick your favorite video (or 3) and post them to your blog.

Note that for the first three videos they are "cc-by-sa" which requires the attribution link be to MasteringDrupal.com while the third is by Addison Berry of Lullabot.

New Features in Drupal6

Whey even bother with an upgrade? Well, the New Features in Drupal6 video should help get you excited to upgrade.

While the rest of this post looks back at 2007, I'd like to throw some attention to the security presentation at DrupalCon Boston.

2007 was a busy year for the Drupal Security Team. That's not to say that Drupal is unsafe but that security requires a lot of work. The nature of the work makes it hard to communicate exactly what is going on. So here is an attempt to share some information about the past year for the security team.

Releases, Reports, and Discussion

The team issued 37 Security Announcements (SAs), representing more than 100 patches released. Each SA requires at least 1 patch and 2 reviews (review before the patch is made to find other security holes and a second review to ensure that the hole has actually been fixed). Most issues involve multiple patches and multiple reviews. Each also requires the SA to be written and reviewed, the patches to be committed, release nodes created, published, drafts copied from security.drupal.org to drupal.org, and flipping publish/status bits on a few nodes around our infrastructure. All of that work was done 37 times last year or approximately once every 10 days. For comparison, 2006 totaled 32 SAs.

For each issue, there are more problems reported which turn out not to be issues. See Howto report a security issue and My Site Was Defaced ("hacked") What Should I do Now? for more information about how to report issues properly and with sufficient information. You can get a sense for the amount of discussion of security related topics and also of false reports based on the volume of emails to the internal mailing list:

Individual mails to the security team: