Response to a client or reader question.
The short answer: Not Vulnerable.
We've been asked by several customers about whether they or we are affected by the recently discovered Bash ShellShock vulnerability. And to the best of our knowledge, we are completely unaffected.
Joaquin asks:
Sorry, John.
But when it comes to adding Youtube and Vimeo, you still haven't made the case for not going into the HTML.Here is a test page I created.
We've been getting several inquiries related to document management in Drupal, and occasionally about OpenAtrium, a Drupal distribution we've used as a base for several projects that needed strong group collaboration functionality.
Heerad asks:
Everybody is writing about Heartbleed this week. The reason? It probably affects more people than any other vulnerability we've ever seen. If you ever log into any web site, anywhere, your password might be revealed -- and that is just the start. The biggest problem?
Ha. Just got another message from a client who has been the victim of several comment spam campaigns:
Will asks:
> I ... have been thinking about alternatives to QuickBooks. I sent these links to my bookkeeper but she has not used any of these. Do you recommend any of them, or is a “custom open source” option viable for me at this point?
We've had several clients recently chafing at how confining Drupal sites can be -- it can be a lot more work to make individual pages vary from the template, and if you have build web sites using a tool like Dreamweaver, you can't tweak the layout the same way.
Mavis asks,
I have already spent thousands of dollars on my [Zen Cart] website. What would be your advice for [a company] who wants to transfer their site to a new host but not redesign it?
A question came across the Drupal Developer's list today asking whether Drupal could auto-update itself, like WordPress. As someone who thinks about security a lot, the very thought of this horrifies me.
It's a bad idea for several reasons, but the biggest reason:
Short answer: it depends.
We still do most of our projects in Drupal 6, mainly because it's been around a few years, and modules we use on many sites are not yet stable for Drupal 7 (and some are still a ways off).
