[SGVLUG] Questions about CMS's

[Miguel Hernandez]

First off, sorry for resurrecting this thread. It's just that I've kept
meaning to post since this discussion started.

Totally agree w/Rae on 2 of his points: 1) Any CMS requires some level of
time investment 2) Wordpress *is* notorious for security issues.
However, Joomla's way worse (~3x as many critical security issues vs. WP at
any given time). There was a report I saw early last year that compared 4 of
the top CMSes in the realm of security. Plone came in first with like 9
security issues. Drupal was 2nd w/like 50, Wordpress was 3rd w/like 300 &
Joomla was 4th w/~900!!! I haven't been able to find the bookmark to the
article by that security firm but as soon as I do, I'll share it here.

Basically, the reason why Joomla is so insecure is due to there not being a
dedicated team that vets contributed plugins so the end-result is lots of
plugins contributed by folks who don't know how to write secure PHP code. As
Braydon mentioned, Wordpress' security issues stem from WP-content being out
in the open. Drupal has a dedicated team of people who verify contributed
modules but issues still arise. However, Drupal is more secure than ever
before. Back in the day, Drupal wasn't considered as an option for
government agencies due to it not being fully up-to-snuff on security. It's
quite the opposite now, TONS of government agencies all throughout the US &
even moreso abroad are adopting Drupal as their platform of choice. After
all, www.whitehouse.gov is a Drupal site.

In re: to Braydon's knowledgeable insights, I agree & disagree. Yes, WP is
more of a blogging platform w/a focus on non-technical end users. I still
say that WP does blogging out of the box better than any other solution.
I've been saying for years now that Drupal is more of a CMF (content mgtm.
framework) than CMS due to it's insanely rich API system known as the Hooks
system. What this allows Drupaleros to do is customize the smack out of
every single function if they so choose. This results in the potential for
the creation of awesome web solutions. Also agree that Drupal's learning
curve is way stiffer than most but once you clear that hurdle the "aha"
moments start coming in left & right. Lastly, it's true that Drupal's not
always been the friendliest to end users but super friendly to developers.

However, where I disagree w/Braydon is that user unfriendliness is still the
case. Drupal 7 was released in Jan. & the main focus was on the UI to be
less intimidating (then again, a good Drupal developer makes this a
non-issue as there are many ways to hide things that content editors don't
need to see but many are too lazy to invest the time in doing so, or
sometimes the budget doesn't allow for those extra hours). To that end,
there's an entirely new admin interface that's really slick. The other focus
was to your other point about module cohesiveness in that several of the
most widely-used contributed modules were incorporated into Drupal core. As
someone who comes from a longtime Software/Web QA background, one of my
favorites is the inclusion of the SimpleTest module which is now just called
"Testing" in D7. I gave a presentation last year on SimpleTest in D7 & you
can see my slides here: http://migshouse.com/content/simpletest-drupal-7-you.
I'd suggest y'all check out www.drupalgardens.com (built on D7) which is
Drupal's answer to wordpress.com- it's free & you don't have to pay for
hosting so like LeVar Burton used to say on "Reading Rainbow", "You don't
have to take my word for it, take a look..."

Additionally, there's LOTS of work being done in the realm of Drupal
distributions. OpenPublish is a platform for publishers & other media
providers. Drupal Commons is a great solution if you'd like to build a
social networking site. OpenAtrium is an intranet-in-a-box. There's also
Managing News (exactly what it sounds like). Putting together a conference?
Conference Organizing Distribution (COD) is what you want. Drigg is a Digg
clone. OpenPublic is a distro for governments. OpenChurch is for ministries.
Pressflow is for high availability, performance & scalability (Grammys.com
is a Drupal site & in 2010 they used Pressflow to scale their site to be
able to handle 82 million uniques on that day alone). There's even early
work being done on a Genealogy distro. I don't see any other CMS/CMF pushing
the distro forefront like Drupal is, but I could totally be wrong.

I'm currently involved in the creation of a Drupal distro at www.vozmob.net.
Vozmob users can create blogs by simply sending a text message to the server
& including audio, video & pics. It's being used for civic engagement & is
allowing a technologically marginalized population acess to the internet
where normally they'd have none. This population had never heard of open
source yet now discusses "codigo libre" & "codigo abierto" (open source) all
the time. Specifically, I'm working on a white label version of Vozmob which
will be licensed under the GPL. It's completely open source-based & will be
available to anyone who'd like to use it. You can see a 3min video:
http://www.youtube.com/watch?v=vL5utjMK8Us. Vozmob recently won the World
Summit Award for Best Mobile Content:
http://vozmob.net/en/story/mobile-voices-wins-world-summit-award. I'd be
glad to talk about this more later or even present on Vozmob/Drupal if
people would like to hear more, down the road.

These are all the reasons why I suggested Drupal for the SGVLUG re-design
after the site got attacked last year (Matt Campbell & I are still working
on its deployment). Apologies for such a long post.

--miguel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.sgvlug.net/pipermail/sgvlug/attachments/20110407/920ad28e/attachment.html