I feel very happy today and I think you should feel happy too. Pathauto is a great module that has served millions of visitors to thousands of sites very well over the years. But Pathauto, along with all of Drupal, is getting a little bit better!

Enter Token Module

At the very end of 2006 Jeff Eaton started work on a token module which took the pattern logic out of Pathauto into its own module (and extended it a bit further). All those little strings of text like [title] and [cat] and [user] which Pathauto uses were all placed into a separate API. This provides two great benefits - first, it makes them available to other modules such as the custom breadcrumb, autonodetitle and other modules. Second, I instantly recognized the personal benefits from this decision because the token parsing part of Pathauto was the source of most of the bugs. I thought that if I outsourced the patterns I'd also outsource the bugfixing! In the end I'm now a co-maintainer of the token.module providing some bug fixes, features, design reviews for the module. At least I have a partner in crime on the issue and at least the work can benefit all of Drupal instead of just Pathauto users.

Call to module developers

This call is two fold:

First, to modules that implement pathauto hooks: now's the time to start implementing the token hooks. This will open up your module to interaction with a much broader set of modules and is a much better long term solution than the Pathauto hooks. To learn more about token or discuss it's use, join the tokens group on groups.drupal.org.

So, I'm writing from Drupalcon Is Drupal an Enterprise Solution? which is an interesting and awesome presentation.

Web application security

Secondly, Rasmus this morning had some great quotes this morning. jeff captured one that I really liked:

When I'm surfing around to find hackable sites, I love to find hand-rolled CMS systems. I know I can hack them in a heartbeat. If I see a site is running on Drupal, or Joomla!, or another CMS? I know there may be a hole, but as soon as they fix that hole, everyone using them is safe.

But there was another fun one from Rasmus. He was talking about his XSS XSRF scanner and how about half of the major banks that he scanned with it had major security problems. He wanted to release his tool as an open source tool, but was concerned about the frequency of the bugs it found and how many companies would be exposed overnight with problems that would ruin their banks/customers. That would be sad. So, as he discussed this he was like "yeah it would be nice to release to the world because it works pretty well but..."

"I didn't want to be the guy that released the tool that broke the whole web."

Yeah. I think we all agree that we don't want to be "that guy."

Open Source in the "enteprise"

Someone from the audience (who works for the US government) dropped this quote:

"build" vs. "buy" vs "assemble and extend"

That's really valid and I hadn't heard it before. "build vs. buy" we're all familiar with. But where does open source fit into that equation?

Getting More Folks to Adopt Drupal

Final quote I just heard was in response to the question of how do we get everyone to drink the Drupal "Kool-Aid"?

Chant! Chant! Drink! Die!

After seeing the innertee.net site I was pretty impressed. Then I heard that they are up for an award at SXSW and I got really impressed. The idea is really cool and the implementation looks attractive and very custom. I got a chance to speak with Miles Sims one of the cofounders of the site.

innerTee Company, Community, Site

First and foremost the site is an artist community. The site provides the artists a way to share and be creative in a new format. The format that they are currently using is tee shirts and remixes of tee shirt designs. Artists contribute artwork (elements) which then must be approved before they are available to the general public. This keeps the quality high. Visitors of the site can combine into mixes of multiple elements to create a custom and pleasant design. It's basically an "open source" approach to tee shirt design.

innerTee and Drupal

The ideas for the site really launched about a year ago. That explains why, when you check out their blog why it's written in wordpress. A year ago that made the most sense. Once they had a blog up they started looking for technologies to make an artist community site with an ecommerce twist and - no surprise here - they found Drupal. They started with no outsider funding and still don't have any, so building from scratch seemed daunting. According to Miles, "Drupal gave them a leg up in development of a full site."

Well, after looking at Octobers drupal download data and then losing the data for November and December due to unintended consequences of some configuration changes...here is January's data:

Most Popular Modules for January - Overall

These are the most popular across all versions of drupal (e.g. aggregated 4.6, 4.7, and 5.x versions together) so it's somewhat unfairly weighted to the old modules.

Much like previous months - people love images and wysiwyg (images being gallery/image/imce and wysiwyg being imce/tinymce/fckeditor).

Wikipedia is going to use the nofollow for all external links on their site. Well that's just crazy talk. They need a better solution than this and while I'm not entirely sure what the better solution is, the solution definitely isn't to just nofollow everything. Honest editors of wikipedia pages are now denied one of the few ways that Wikipedia can "give back".

The Lazy SEO Webmaster Way to Nofollow your Wikipedia Links

So, let's say that you are a lazy webmaster. You don't want to go back and edit all of your wikipedia links to add the nofollow attribute to them. So, what do you do? You write a little filter for Drupal (you build all your sites in Drupal, right? You don't? Well just hire me to do that for you then...) So yeah, you create a filter for Drupal that will filter all of your wikipedia links to add a nofollow tag.

The irony of the nofollowlist module

To me, the irony of the nofollowlist module is that it implements something basically like what Wikipedia needs. If they could create a list of spammer sites (let's call it a blacklist) and then filter against that blacklist then their problem is solved. Brilliant!

Download, Compatibility, and Install

I'm not sure this thing really belongs in the contrib area on Drupal.org. If folks want me to add it I will, but until then just download it from this page. Oh yeah, and it's only tested with Drupal5 though a 4.7 version would probably be trivial (if it doesn't work already).

You can now get it from the project page on drupal.org

Continuing in the vein of statistics about Drupal here is a review of some interesting facts about Drupal module, theme, translation, and core downloads:

Moshe has provided a quick screenshot of groups.drupal.org usage map overlay which is neat. I like looking at this kind of data from the perspective of density and growth.

Sorting by the number of visits is interesting, but neglects the fact that countries are different sizes. Sorting be people/visit shows more of a "weighting" by the size of the country, but discounts the levels of computer/internet penetration within the country. It's not perfect, but it's still interesting. If you want the raw data here is the spreadsheet.

One more skewing factor: rss feeds