Drupal, Dries and the Larry Garfield discrimination

Submitted by dryer on Sat, 04/15/2017 - 06:06

Drupal has been big on diversity and inclusion, priding itself on being one of the biggest, friendliest open source communities around. As such, it has been a prime hotspot for activists to push feminist-flavored social justice rhetoric. They adopted a code of conduct, established a Community Working Group, and basically bend over backwards to satisfy the demands of those who see the open source world as a problematic place where meritocracy is used to justify gatekeeping and elitism.

Drupal 8 lead PHP developer Larry Garfield (Crell) forced to leave the project

Submitted by dryer on Fri, 04/14/2017 - 18:47

Over the last few weeks the Drupal community has been in turmoil over the news that Drupal 8 lead developer Larry Garfield AKA Crell has been forced to leave the project:

A few weeks ago, I privately asked Larry Garfield, a prominent Drupal contributor, to leave the Drupal project. I did this because it came to my attention that he holds views that are in opposition with the values of the Drupal project.


Security vulnerability in unmaintained Drupal contrib module puts 120000 sites at risk

Submitted by dryer on Fri, 04/14/2017 - 16:32

Drupal referencesDrupal is known for it's large number of community contributed modules that add functionality to the bare bones core system. While the core system is actively maintained by the Drupal core security team, there is no such guarantee for the third party modules.

Drupal, WordPress, Joomla vulnerable due to PHPMailer

Submitted by dryer on Wed, 12/28/2016 - 09:34

PHPMailer, a popular class used by popular web CMSes like WordPress, Joomla and Drupal has been found to be vulnerable to a bug that allows execution of arbitrary code. PHPMailer is the most popular utility class for sending emails with PHP. There are an estimated 9 million sites of it live on the internet currently, most of them vulnerable.

The issue is not trivial as it allows attackers to exploit millions of websites that are deployed from small businesses to giant corporations. The issue, now tracked as CVE-2016-10033, was made public by Dawid Golunski.

Karoly Négyesi (chx) ousted from the Drupal community

Submitted by dryer on Tue, 11/22/2016 - 11:15

A long standing member of the Drupal community, Karoly Négyesi AKA chx, has been expelled from the Drupal community. With a ban for both the Drupal.org website and DrupalCon events Karoly will continue to work with Drupal as a consultant, but will no longer contribute to the Open Source community efforts.

The action comes from the Drupal Community Working Group (DCWG) after numerous complaints of his behaviour as a personality to the community, ending in the final statements :


Updates for critical vulnerabilities in Drupal 8

Submitted by dryer on Wed, 09/21/2016 - 03:42

The Drupal security team has announced critical updates in the Drupal software. Related to comment visibility, cross site scripting and unauthorised export of all configurations:

For the comments editing a user without the permission to administer comments the visibility of nodes can be set. Whoever has rights to edit a node can also change the visibility of comments for that node. This issue is not critical.

Drupal and CQRS/ES (Command Query Responsibility Segregation and Event Sourcing)

Submitted by dryer on Sat, 09/17/2016 - 08:10

Drupal is a very popular content management framework that is used for all kinds applications. With global web applications and sites relying on Drupal, performance is one question that is often pops up. Most of the performance techniques for scaling out Drupal have to do with optimising the infrastructure.

For read performance additions high performance Java-based solutions like Elastic search and Drupal are used to improve performance. These advantage technologies offer superior performance for querying data over the baseline PHP and MySQL solutions that Drupal is founded on.

How to install Drupal on Windows Subsystem for Linux (WSL/Ubuntu)

Submitted by dryer on Sun, 08/07/2016 - 10:11

Windows 10 can now run a native Linux shell using a novel technology. Previously running PHP applications like Drupal was cumbersome under the world's most popular desktop operating system, but with the Windows Subsystem for Linux developers can enjoy a near-native Ubuntu shell within Windows.