Publishing

We've been getting several inquiries related to document management in Drupal, and occasionally about OpenAtrium, a Drupal distribution we've used as a base for several projects that needed strong group collaboration functionality.

Heerad asks:

There's a few problems with setting up shop on the web. All of your competitors are right next door. You're in the worst neighborhood, with crooks inventing new tools to break in every day. That parking lot you just built now has to accommodate scooters and semi trucks.

If you've used a web ontology before, or any other large-scale data repository, you're likely familiar with one of the chief concerns facing anyone in such a position: how do you get your data into the system? Moreover, how do you get large amounts of data into the system with (relative) ease? And if you've used a content management system before, you've likely faced a similar, albeit inverted problem: how do you get your data out?

If you can accomplish these preliminary items without a good deal of effort, you're finally left with the task of transforming the data from one, and allowing it to be recognizable by the other.

If, instead, you haven't used either of these, you're likely wondering why on Earth you would want to.

Crowd-funding is a pet favorite topic of mine. It's the opposite of taking control over a shared resource and turning it into profit -- it's building something that benefits everybody, enlisting a large number of people to make it happen.

We've had several clients recently chafing at how confining Drupal sites can be -- it can be a lot more work to make individual pages vary from the template, and if you have build web sites using a tool like Dreamweaver, you can't tweak the layout the same way.

A question came across the Drupal Developer's list today asking whether Drupal could auto-update itself, like WordPress. As someone who thinks about security a lot, the very thought of this horrifies me.

It's a bad idea for several reasons, but the biggest reason:

Not 2 weeks after my newsletter calling out how people take for granted that nothing bad will happen to their web sites, two of the biggest providers went down yesterday, Amazon and Akamai, in several separate incide

All the planning and preparation in the world won't prevent an incident, but it can greatly reduce the consequences.
Nothing better prepares you for responding to disaster than experience. In the world of web applications, sometimes we act as firefighters, coming in to rescue the smoldering remains of a hacked site, a crashed server, or an unexpected traffic burst.

No matter how diligent you are at preventing vulnerabilities and securing your environment, it's impossible to be completely secure on the Internet. What you can do is plan for how to limit the damage that people can do when they manage to compromise some part of your system. This line of thinking is called "Defense in depth" -- you can't just apply security updates and call it good.