A couple weeks ago NPR's Planet Money and This American Life had some really great episodes about the broken patent system. These are great stories for people who don't understand why patents are a problem, but they overlooked a couple of crucial points.
Before doing any changes to your web site, the first thing to figure out are your goals. As a web development shop, we focus on building web sites that create measurable value for our customers, aligned with their goals.
Some common goals:
How you should revamp your site completely depends upon which of those goals (or whatever other goals you may have) are most important for your business at the current time.
Yesterday Drupal.org got hacked, and potentially all the password hashes on the site fell into malicious hands. According to the security team's announcement, the attack was not a result of a Drupal vulnerability, but of other, as yet undisclosed, software on the server.
Drupal has long had one of the best security track records among open source CMSs. The security team does a great job of tracking down even the smallest exploits, often removing modules that maintainers choose not to fix. The vast majority of fixes and security updates we see are protecting against "privilege escalation" -- vulnerabilities that can only be exploited by users who already have some level of administrative access.
For example, there was a webform update yesterday to close a hole that allowed somebody who already had permission to create or edit a webform, to gain full administrative access. We use webforms on a huge number of sites, but we have never set up a configuration where we give an untrusted user the power to create or edit webforms. And yet on a large, community driven site, you might want to give some people the ability to create a survey without further access. This kind of strict, detailed review leads to a project that has a high level of security baked in. It's very rare that we see the more dangerous kinds of exploits -- SQL Injection, Cross-site scripting (XSS), or Remote Code Execution.
This incident highlights that there is more to security than just the software. In this case, something else in the hosting environment provided a weakness that allowed an attacker to break in. What was it? They haven't said, so far, but we can speculate on some possibilities:
Hey, that's not what I was thinking!
That's a very common complaint customers have with developers, when they receive the result of weeks or months of hard work. And it indicates a failure of planning.
We've found nothing that works better to avoid this result than to write up and discuss user stories in detail.
What's a user story? It's a description of the process a person goes through to get a specific result, and what happens along the way.
Apparently Elon Musk ( @elonmusk ), the founder of Tesla Motors, wants to bypass auto dealerships, and has gone to the Texas legislature for special exemptions to allow him to sell his cars directly to consumers. The story is covered here: http://www.bizjournals.com/houston/news/2013/04/10/tesla-ceo-texas-elect...
I was talking with a new client the other day who spends a lot of money on Search Engine Optimization (SEO) and Search Engine Marketing (SEM) to try to get people to visit his online store. And yet his blog -- what search engines value most -- was on wordpress.com.
We have several other clients who have WordPress blogs separate from their main site. If this is you... * Cough Cough *
At Monday night's MIT Enterprise Forum event, Mark Anderson headlined a fascinating sideline discussion of the "Coming Tech Wreck."
The discussion centered around how Microsoft, Apple, Google, Facebook, Amazon, carriers, manufacturers, and others are all competing to dominate the next "platform," which they spent the first 10 minutes trying to define.
While Drupal is our primary focus here at Freelock, we've been experimenting with Ajax and rich client applications for a lot longer. The first time I used Ajax to populate a table of data was back in the days of Internet Explorer 5.5, circa 2001.
As I was bringing on more work and starting to hire employees in the mid-2000s, I built an internal task management tool called Project Auriga, and as the Dojo Toolkit hit a version 0.9 and then 1.0, I used Auriga as a playground for experimenting with single-page in-browser applications.
At Freelock, we've been adopting a pattern for git branch management called Git Flow. If you haven't run across git flow before, go check out this article to get the basic concepts: A successful Git branching model.
We're growing quickly at Freelock, and I've been interviewing candidates for a number of positions. For the most part, we've been working with a temp service (CampusPoint) who has done a great job at sending us enthusiastic candidates that fit well on our team, but we also hire people directly, generally based on employee referrals or recommendations from contacts.
What a pleasure to work with Freelock in launching our family website for the West Seattle community. John and Jill were vital to our success. We quickly saw that Drupal could handle our scope of requirements and thrilled to find that many of our wish list features were doable with such a capable staff. Communication and support are out of this world impressive with the Freelock team and set the standard for the industry. On time and in budget. Freelock is the clear choice.
We are located in Pioneer Square, in downtown Seattle. 83 Columbia Street #401 Seattle, WA 98104 USA [P] 206.577.0540 Contact Us/Directions | Site Map Get Updates 
©1995-2011 Freelock Computing
