DrupalCamp Stockholm 2009
- Is Drupal secure: the Drupal project’s responses to the web’s most common software vulnerabilities
- Scalable Drupal infrastructure: a guide to planning, deploying, and scaling big websites
On Wednesday, May 20th at 6:30pm, Four Kitchens is teaming up with GeekAustin to spread Drupal love in Austin. This free event is a chance for local Drupal professionals to share their passion with the curious and uninitiated masses of our fair city.
A discussion recently arose on the Bazaar mailing list asking, “Why isn’t rebase support in core?” Rebase support is currently packaged as a plugin. This plugin is widely distributed, even in the standard Mac OS X installation bundle.
There are boring reasons that rebase support isn’t in core, like the lack of strong test coverage. More interesting are questions about the necessity of rebasing in typical workflows.
What is rebasing, and why should I care?
In large projects, there’s a mainline branch representing the current, global, coordinated development. In Drupal’s case, this is CVS HEAD. This mainline might not always be in perfect condition, but there’s a general sense that the mainline is not a sandbox for untested changes. Many changes are small enough that the developers simply work on and test a patch, but this workflow is inadequate for larger development projects like Fields in Core. Such large features require their own branch for development, a feature branch.
Despite being held on a Saturday, more than 15 dedicated Drupalers showed up for Day 4 of the San Francisco Drupal.org redesign sprint. Here’s what was achieved.
I’ve been tweeting back and forth with Alex Limi, one of the founders of Plone, about the validity of the security analysis from a CMS comparison report that includes Plone and Drupal. He’s proud of Plone’s infrequent vulnerability notices; it had two in the last year. Drupal had 26. Alex also cited a related IBM report on security in a later tweet.
While both reports above seem to identify Drupal (and Joomla! and WordPress, to be fair) as having notably bad security, they’re also both based on one superficial metric: self-reported vulnerabilities. Neither severity nor response time nor history of actual exploitation factored in.
After many months of deliberation, we’ve decided to totally rebrand Four Kitchens. It was a tough decision — there’s so much work that needs to be done — but we decided, in the end, that our firm needed a new look.
Our goals for the rebranding are:
Please check out our ideas below. Any feedback is welcome. We really need your help!
Drupal themer extraordinaire Morten.dk, currently ranked #7 on Google for “king of Denmark”, has been bugging us for a Don’t Mess with Texas mug. Well, “bugging” may not be the right word. “Profanely demanding” is more appropriate.
Finding one was surprisingly difficult. While (lesser) cities like Dallas and Houston are lined with shops hawking rattlesnake heads and scorpions encased in plastic, there doesn’t seem to be much demand for Texas memorabilia in Austin.
Except at the airport, where you can find your name stamped on a fake Texas license plate or worn chunk of fencepost.
So, after scoring the great city of Austin for tacky crap, we proudly present Morten.dk’s Don’t Mess with Texas mug:
Drupal’s CVS is now more user-friendly!
As part of the Documentation Sprint at Drupalcon DC 2009, web chef David Strauss built a “CVS Instructions” tab for Drupal.org. The tab provides concise, step-by-step instructions on how to check out, commit, patch, tag, and branch any module or theme. A simple drop-down box at the top of the page allows the user to select the version of the module or theme they want to work with, and the instructions are updated to display exact, copy-and-pastable commands.
Articles abound about the “hidden costs” of using free, open-source software. Many of them are sponsored by companies with a stake in their own proprietary solutions — and they’re responding to the threat of increasing enthusiasm about free alternatives. Some of the claims are legitimate; others are FUD.
Here at Four Kitchens, we’re on the opposite side. We advocate using free software like Drupal (and our own free-software derivative, Pressflow) whenever possible. When it’s not immediately possible, it’s a hard decision between writing a free solution and going proprietary. We enjoy the freedom of free software for many reasons, especially because it doesn’t feel like we’re fighting the company behind the software in order to get the most out of it.
Drupal has a number of queries with unfortunate scalability profiles.
URL alias counting (one instance in core)
The biggest offender in Drupal 5 and Drupal 6 is the query counting the number of URL aliases:
SELECT COUNT() FROM url_alias. This query dates back to when nearly every Drupal site ran on MyISAM, which is important because MyISAM keeps an exact count of the number of rows in every table, making
SELECT COUNT () FROM [table] an O(1) (read: fast, constant-time) operation.