Bryan Ruby


Thoughts, Words, and Deeds

Words

Uncle Sam Wants You To Update Your WordPress Plugins

In times of war, you may be asked what you can do for your country. In modern times, your country may be asking you to do your part by updating your WordPress plugins.

The United States' Federal Bureau of Investigation (FBI), through the Internet Crime Complaint Center (IC3), issued a public service announcement last week recommending website administrators to update their Wordpress sites. More specifically, the bureau wants you to update your third-party WordPress plugins.

Why is the FBI worried about your content management system? Apparently, continuous website defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). According to the FBI, the defacements have affected website operations and the communication platforms of:

  • News organizations
  • Commercial entities
  • Religious institutions
  • Federal/state/local governments
  • Foreign governments,
  • A variety of other domestic and international webites.

While one wouldn't expect WordPress to house national or company secrets, all this unwanted disruption translates to cost in terms of lost business revenue and expenditures on technical services to repair infected computer systems.

But why is the FBI focused on WordPress and not another CMS? In part, it's because Wordpress is popular and used by many. The more sites vulnerable to known and specific exploits, the easier it is for hackers to find their target. All victims of the defacements identified by the FBI shared common WordPress plug-in vulnerabilities easily exploited by commonly available hacking tools.

Now What? Conference 2015 Announces Speaker Lineup

You've done it. With the help of developers and advisors you brought your website online and proved if you build it, they will come. But it's never that simple. You now face an unforeseen challenge after launching your new website. Once you customers visit your site, how do you keep them coming back for more? The answer to this question is exactly what the Now What? Conference 2015 is all about. The Now What? Conference is two days of smart talks and workshops from smart people, all focused on keeping your website up-to-date post-launch.

Now What? Conference 2015

This is the third year for the Now What? Conference which is held in one of the fastest growing modern communities in the region, Sioux Falls, SD. If you're within a half day's drive from this great city, I encourage you to register for the conference. The conference and various workshops will be held on April 29 - 30, 2015. Created by Blend Interactive, the conference will be bringing together web and marketing professionals from across North America. Something that rarely happens in our region, you have an opportunity to hear from today’s content management leaders as they come together and cover post-launch web maintenance, web analytics, content strategy, and talk shop with colleagues and speakers.

The Weather Channel, Drupal, and Acquia

When I talk about Drupal, information technology and the weather all in the same breath, I get a little excited. I can't help myself. I'm biased toward Drupal as it is one of my favorite content management systems. I'm also a former meteorologist working in information technology for a very large organization that is heavily involved with the weather. Needless to say, a year or two ago when I heard that The Weather Channel started using Drupal to meet the needs of it's customers and meteorologists, it caught my attention. I think the use of Drupal is a win-win for everyone around and given my background, I wish my own employer had adopted a similar solution. I think organizations miss out on a lot when they don't utilize open source or even proprietary systems in favor of an in-house CMS.

The news keeps getting better if you're a Drupal fan. Last month, both Acquia and Mediacurrent announced that The Weather Channel is standardizing on the Acquia Platform for Weather.com. Weather.com started using Drupal last year to increase the agility of its content creation and publishing. Now, the company has moved the entire website, which serves more than 20 million pages of content, to the Acquia Platform, which brings together Drupal and Acquia’s solutions for digital engagement and experience management. The team at Weather.com worked with Acquia and digital agency partner Mediacurrent for its site development and migration from its legacy web content management system Percussion.

Drupal Security: Not Shocking but Responsible Bryan Ruby Sat, 11/01/2014 - 11:24

Over the years, I've made it an unwritten policy not to sensationalize bug fixes and security vulnerabilities in content management systems. While there may be great interest in such stories, I believe such stories have a tendency to cause more harm than good. When sensationalized, such articles tend to cause customers to address security concerns with emotion instead of logic which is never a good thing. So, when the security vulnerability known as "Drupageddon" broke and Drupal developer Bevan Rudge posted "Your Drupal website has a backdoor", I knew this story was going to eventually reach mainstream media. In the meantime, I've been struggling on how best to write this article and what story need to be told.

For those that don't know, Drupageddon is the highly critical SQL injection vulnerability in Drupal 7 core and was fully disclosed by the Drupal Security Team in SA-CORE-2014-005. Since the dawn of time when databases were introduced to websites, SQL injection vulnerabilities have been discovered and in the majority of cases when found are patched by their developers and system administrators. What makes Drupageddon particularly nasty is the vulnerability can be exploited by users not even logged into your site (in Drupal they're called anonymous users). Worse, if you didn't update your site quickly enough, your site may still be compromised even after applying the fix (in Drupal 7.32 or later versions).

Her Story: Karen and the F-16

Karen Ruby getting ready in the F-16 2-seater

Not long ago, my wife retired from the Air National Guard after having previously served in the U.S. Marine Corps. With 24 years of military experience, those that serve are almost always bound to walk away with a story or two to tell. This is one of those stories. In January 2006, Karen was given the opportunity to fly in the backseat of an F-16 (General Dynamics Fighting Falcon). Below, in her own words is what Karen experienced during that flight. She originally wrote this on our family blog that we're shutting down, but I felt compelled to make sure her story lived on within the contents of this blog.

Since retirement, Karen has become an accomplished photographer and is currently employed by a local capital investment group. 

Mailbag: A Mention of DNN 7.3

So I'm halfway through my three month sabbatical from blogging and I get an email from my good friend, Shaun Walker. For those that don't know Shaun, he's the CTO and co-founder for DNN Corp. You know, the guy that started DotNetNuke. To make a long story short, Shaun wanted to remind me that the DNN community recently released 7.3 which focuses on platform performance. Shaun thought it would be a good idea to mention the release to readers here at CMS Report. Given that this was the man that identified wayback that the future of content management systems was in cloud, mobile and social media...it is difficult for me to ignore such requests.

However, I'm not fully giving up my three-month break from blogging. Instead, I'll do what any good blogger in my circumstances would do...steal from Shaun's own blog post about DNN 7.3. It's the only way I know how to keep DNN fans happy while my summer plans stay intact. The following is in Shaun's own words:

I am very excited to announce that the latest version of DNN was officially released today. This is a major release focused primarily on platform performance and stability. With almost 450 issues closed in this iteration, this release represents a substantial amount of value for customers and platform users.

WordPress 3.9 Refines Media Experience

WordPress 3.9 has been released with a number of refinements that WordPress hopes you'll "love". The changes and new features are solid but perhaps not as many as we've come to expect given past WordPress point releases. Some of the new features that can be found in WordPress 3.9 include improvements in the media editing experience, gallery previews, and live editing of widgets and headers.

Media Editing Improvements

  • Improved visual editing - The updated visual editor has improved speed, accessibility, and mobile support. Filtering out excess code from your word processor such as from Microsoft Word has been improved.
  • Image Editing - Quicker access to crop and rotation tools and you can now also scale images directly in the editor.
  • Drag and Drop - Uploading your images can be grabbed from your desktop or file system and dropped directly into the editor.

Gallery Previews

Galleries display a beautiful grid of images right in the editor, just like they do in your published post.

Audio and Video Playlists

Similar to how WordPress has handled images with galleries; WordPress now has included a simple audio and video playlists to embed your music and clips within the content.

Live Widget and Header Previews

Those familiar WordPress widgets can now be added, edited, and rearranged right in the theme customizer. It's "live editing" where you can preview your changes without having to save and publish.The improved header image tool also lets you upload, crop, and manage headers while customizing your theme.

 

Put this one on your radar: Microweber CMS

Microweber Commerce

Whenever a content management system first appears on my screen, I always look at whether the developers' initial claims are true. In this case, I'm looking at Microweber and its claim that their software offers a "new generation" CMS with "cool features and innovative concepts".  Given that most of the software development in Microweber CMS is recent, from 2012 to present, the goals and claims are ambitious. Impressively, the CMS has already been translated into seven languages so far by its contributors. As word about this CMS beings to spread globally, it's time to dig a little deeper into Microweber.

Microweber LogoMicroweber's tagline for their content management system is "a CMS that lets you Drag & Drop with Live Edit feature". What makes Microweber interesting is that while a number of CMSs we have reviewed integrated these features into their CMS, Microweber is so new that the "next generation" features are being built into the software from the ground up. In other words, there is no legacy requirements for Microweber to overcome so they're able to embrace innovation without consequence. This is something established CMSs, open source or proprietary, rarely have the luxury to do.

Python, Java, C++ Top Three Popular Programming Languages

CodeEval recently released their list of Most Popular Programming Languages of 2014. Each year they release this list based on thousands of data points they've collected by processing over 100,000 coding tests and the input of over 2,000 employers. This list confirms what Python and Java developers already know. It is also list to disappoint Tcl developers and those nostalgic of the Visual Basic days.

According to CodeEval, the top five most popular programming languages for 2014 are:

  1. Python (30.3%)
  2. Java (22.2%)
  3. C++ (13.0%)
  4. Ruby (10.6%)
  5. JavaScript (5.2%)

What about the other C variants and PHP? You can see how they ranked and the the remaining languages on the list at CodeEval's blog. Of special interest to Web developers is that when compared to 2013, the data shows that popularity for PHP, Perl, and Java have shrank. CodeEval also notes on their blog that there has been increased interest in Objective-C, C#, as well as Javascript.

Drupal says farewell to PHP 4

Well, this certainly wasn't on my radar. Gábor Hojtsy, Drupal 6 lead maintainer, announced that starting March 1, 2014 support for PHP 4 in Drupal 6 will end. I wasn't surprise to hear about Drupal developers dropping support for PHP 4. Instead, I was in shock to hear that Drupal didn't drop support for this ancient version of PHP sooner.

To put this announcement in perspective, the PHP project developers said their goodbyes to PHP 4 back in 2008 and I personally said my "see ya later" back in 2007. Needless to say, I don't think anyone with merit can complain Drupal is dropping PHP 4 support. In Gábor Hojtsy's words:

Drupal 6.0 was released almost 6 years ago in February 2008. The Drupal community is committed to release Drupal 6 bugfixes until Drupal 8.0 is released and with recent changes provide security fixes much longer.

The hosting and development landscape was very different in 2008 though. PHP has gone a long way since we released Drupal 6. While Drupal 6 is still supported on PHP 4.x, the PHP developer community itself end-of-lifed PHP 4 just half a year after Drupal 6.0 came out. According to public statistics and data available to us about Drupal 6 sites, we estimate that there is a very small number of Drupal sites which may still run on PHP 4. We also don't believe it is in our best interest to support Drupal 6 on a possibly insecure but definitely unsupported base system, so we discussed and decided to drop support for PHP 4 on March 1st 2014.

Typically, Drupal has dropped support for an older versions of Drupal when a new version of Drupal is released. The expectation was Drupal 6 support would be dropped when Drupal 8 becomes an official release. I suspect the delay in dropping Drupal 6 support is postponed partially due to a change in Drupal 8's new site migration approach. There is a new workflow for site migration that has the potential for site owners to migrate their content not only from Drupal 7 to Drupal 8 but also allow Drupal 6 sites to migrate directly into Drupal 8. Until the new migration approach is proven, it is in everyone's interest to continue support for secure Drupal 6 sites. For the "secure" mandate to be supportable no website should be running on PHP 4.