White House Website Switches To Open Source 219
Falc0n writes "WhiteHouse.gov has gone Drupal. After months of planning, says an Obama Administration source, the White House has ditched the proprietary content management system that had been in place since the days of the Bush Administration in favor of the latest version of the open-source Drupal software. Dries Buytaert reflected on this, adding: 'this is a clear sign that governments realize that Open Source does not pose additional risks compared to proprietary software, and furthermore, that by moving away from proprietary software, they are not being locked into a particular technology, and that they can benefit from the innovation that is the result of thousands of developers collaborating on Drupal.'"
High profile target and popular CMS' (Score:4, Insightful)
I'm not sure how Drupal fares with bugs and patching speed (I know Wordpress seems to get some high profile holes discovered) but even if all vulns are patched before someone takes advantage of it, you're still going to need an admin who's going to be constantly alert to patching it.
I'm not arguing against closed source vs open, more about popular vs obscure.
Re: (Score:3, Insightful)
You could just as easily turn that argument around and say that because it's a popular CMS and has a lot of people looking through it's code for exploits, it's also a lot more secure than some other more obscure CMS which would have much less reviewed code.
Re:High profile target and popular CMS' (Score:5, Insightful)
Re: (Score:2)
[Not really, I'm just trying to be mildly humorous].
Re: (Score:2)
Re:High profile target and popular CMS' (Score:4, Insightful)
because it's a popular CMS and has a lot of people looking through it's code for exploits, it's also a lot more secure
As pointed out, Wordpress easily proves this long-believed mantra false. It's one of the mostly widely used blogging applications and it is consistently in the news for high-profile hacks and exploits. That, and Drupal hardly seems immune [google.com].
What's even more interesting is the possibility for intentional security flaws in the code. Interested parties can start submitting patches and changes to the Drupal codebase with inherent flaws. These might even be distributed (module A has a flaw that uses module B's flaw that uses module C's flaw...), which combined with submissions over a series of weeks or months and it seems unlikely they'll be easily spotted.
This is the real downside to using open source code in government applications -- In four months the White House website may be running code written by Chineses (or Russian or whoever) hackers (who may or may not be government employees) for the sole purpose of exploiting the site. Expand this into internally used applications like MediaWiki, Pidgin and it has even bigger implications for intelligence gathering and infiltration.
Major programs like these are big and complex. If the Debian OpenSSH fiasco taught us anything it should be that when you combine big and complex, don't be surprised if those many average eyes are insufficient to catch what the few skilled and experience hands put in the codebase.
Re: (Score:3, Insightful)
(okay, it's not that simple, but it's still a nice option to have)
Re: (Score:3, Insightful)
Perhaps you would also like to talk about all that closed source proprietary code that government espionage agencies all over the world have access to. In fact most governments are now refusing to you closed source proprietary code unless they have access to the code to scan for back doors not only put in by corporations for then own advantage but put in by governments via secret warrants and not disclosed for national security reasons.
The biggest difference between closed source and open source in gover
Re:High profile target and popular CMS' (Score:5, Interesting)
Re: (Score:3, Funny)
You're assuming an unusually high level of competence in government IT departments.
Re:High profile target and popular CMS' (Score:4, Insightful)
They picked Drupal, not Joomla or Wordpress
Re: (Score:3, Interesting)
...with the actual Drupal server locked down and disconnected from the internet.
How does the caching server get the original cache? Do you connect the actual server at some point, clear the cache, and let it answer requests, or do you push a cache?
Re:High profile target and popular CMS' (Score:5, Informative)
I run a fairly high profile drupal site - and this has always been a large concern for us.
Our solution was basically to disable user logins completely. An overwhelming number of the exploits require you to login, so by removing this prerequisite, we basically avoided the problem.
Security isn't exactly a priority for drupal either, it's almost added as an afterthought. To put things in perspective, their login page doesn't even support SSL by default in either drupal 5 or drupal 6. To me that's verging on pathetic.
We were lucky because user logins weren't a core part of our site concept when we implemented the site, but I am now thinking that it might be a good way to go in the future, but I'm mostly petrified of this problem.
On the bright side of things they include a large number of extensions, and things mostly work as advertised, so we found this to be our best option out of all the open source CMSes we tried.
Re:High profile target and popular CMS' (Score:4, Funny)
Security isn't exactly a priority for drupal either, it's almost added as an afterthought.
not any more!!
Re:High profile target and popular CMS' (Score:5, Informative)
Security is most certainly not an afterthought for Drupal.
Up though version 6 you needed to turn on a module like Securepages module to enable SSL logins.
The upcoming Drupal 7 has SSL login support in core.
See http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-possible-solutions [crackingdrupal.com]
Incorrect on almost all points (Score:4, Informative)
It would appear that your experience doesn't stretch terribly far; off the top of my head I can name several much less secure systems. Finding, fixing and announcing vulnerabilities is a good thing: by your measure a hugely exploited CMS with no fixes would be better!
Regarding you assertion that the rewrite engine cannot be disabled; this is just plain wrong. The Apache rewrite engine can be disabled without any problem. If you do this, then you won't enjoy clean URLs, instead you'll have URLs like www.somesite.com/index.php?q=some/path instead of www.somesite.com/some/path. Internally Drupal always works with the first form. However, the rewrite engine is a widely used Apache module - with perhaps millions(?) of sites using it. It may very well have exploits - just as any software may - but it is trusted by lots of users.
Followsymlinks can be disabled too. It's required for rewriting and for one form of upload. Drupal works without problems without it. However, there's nothing inherently insecure in symlinks, and the default Drupal directory layout does not symlink to outside of the install tree.
Database load. I note that your assertion about load is without any reference to figures. I'm not certain which CMS you think is well written. However I'll note that there is a general problem with CMSs which are designed to be easily extensible: tightly integrated system usually use a single SQL statement to retrieve data - the designer knows all the constraints at design-time. A loosely coupled system is usually not able to do this: the designer has little idea of what will be present at run time. So it's in the nature of most loosely coupled system to run one query or more for each additional module. Drupal uses a loosely coupled callback orientated architecture. This means its very easy to extend. However the downside is that each module will usually include extra tables. Drupal is fairly smart about loading this extra data, but beyond that, to counteract the tendency for growth in queries, Drupal has a caching subsystem that is active in several layers. For anonymous users, Drupal only runs a few queries which determine where in the cache the data sits, and returns it.
Perhaps you'd like to elaborate with some firm figures and an example of a CMS that in your opinion does it right.
Regarding PHP security. Again - have you any firm facts to show that PHP is inherently less secure than any other language? The consensus in security circles is that openness is better for security. *You* are able to download the PHP source code and contribute patches. If you know of a security issue, I'd urge you to help fix it. Or is this opinion without facts to back it up?
Again, I'd be interested to know which CMS you do recommend to the person in the street. I would not at the moment recommend Drupal for most brochureware sites, though it is capable of brochureware, however for sites in excess of about 100 pages, for sites where there is a heavy community aspect, and for sites which hope to change and grow, Drupal is an excellent choice.
Re: (Score:2)
Re:High profile target and popular CMS' (Score:4, Insightful)
Re:High profile target and popular CMS' (Score:5, Insightful)
I'd argue it's the exact opposite: by choosing a popular, mature CMS, they're insuring a LOT of the vulnerabilities have been found, exploited and fixed. The major difference between the White House site and Joe Web Dev's site is that the former will probably only upgrade for security fixes and will be very careful with new features, since that's where the bugs and exploits can hide. With good sysadmins, proper security tools and good practices, the site can be very safe. I just don't see them using alpha versions of modules and such.
On the flip side, I'm hopeful that WhiteHouse.org's programmers and sysadmins will also contribute to the codebase with fixes and improvements of their own. This could end up being very beneficial for the Drupal community.
Re: (Score:3, Funny)
Actually, it's www.whitehouse.gov for the Obama administration. I'll let it slide though; as long as you don't confuse it with whitehouse.com - not linkified for a very special reason....
Re: (Score:2)
With a web based CMS you are constantly exposed and exploits can implemented and run in minutes (mod security only provides limited protection). You don't need to infect a webserver to do damage, you just need to be able run an sql query or upload a file with code.
There will always be a timelag between an exploit be
Re: (Score:2)
> I'm not arguing against closed source vs open, more about popular vs obscure.
Whatever they use is going to be a high-profile target just because they are using it. Security by obscurity doesn't work for such sites.
Re: (Score:3, Informative)
The advantage to using Drupal for the White House is that it's a popular CMS and has lots of people patching exploits and vulnerabilities. The second a proof of concept piece of code or an easy exploit is discovered, a few thousand developers will descend to get their patches submitted.
As opposed to your homegrown CMS, where you only discover the security holes when 3gotiZt posts pictures of full frontal nudity on the home page of your site.
Re: (Score:3, Insightful)
You're certainly right the Drupal has a lot of visibility. On the other hand, is it the end of the world if Whitehouse.gov gets exploited? If we can assume that the site is reasonably managed, and does not have a direct pipeline from the front end web server into the CIA's servers, then the likely worst result would seem to be that misinformation would be published. This isnt' good, but it would probably get detected fairly quickly by partisans. We're not talking missle launch systems here.
If Drupal hel
Re:High profile target and popular CMS' (Score:5, Informative)
I think you are misinformed. Morpheus seemed to be targeted at a range of software, including Joomla, but not Drupal: as far as I can see, none of the URL's it scanned are Drupal-based. See http://zeroq.kulando.de/post/2008/08/20/morfeus-fucking-scanner [kulando.de] for example, but there are others out there.
In fact, Drupal has an excellent history of security. We find holes, fix them and issue patches. There is a security mailing list that anyone can sign up to. You will receive mail on the latest security fixes. Your Drupal installation will tell you when components are out of date, and when there are security updates. It will also email you on a regular basis if you don't care to look at your status, or ignore the status message at the top of the page when you log in as an administrator. Drupal will not download and install components without human intervention: components require manual installation.
Just like any software, I'm certain that Drupal has as yet undiscovered exploits. What's important is whether they are found and fixed, and we have a good track record of doing this.
Re:High profile target and popular CMS' (Score:4, Funny)
If your security beliefs are based on Googling " exploit" I hope you're not in charge of anything important.
Re: (Score:2, Informative)
Drupal really has not been known for its security in the past;
On the contrary. Drupal was one of the big open source projects to have a dedicated security team performing code audits and going through a security release process.
Drupal automatically checks for security updates (both in the core and in contributed modules) and can notify you immediately of updates. If, you know, you think that kind of thing is important.
Re:High profile target and popular CMS' (Score:5, Funny)
You're right. Block port 80, that'll stop 'em.
Re: (Score:3, Insightful)
Proper firewalls do more than simply block ports.
Clearly (Score:3, Interesting)
Huh. Now to me, this is a clear sign that they hired a new web guy who happens to have experience with and a preference for Drupal. I don't think there's a necessarily a political statement here.
Re:Clearly (Score:5, Insightful)
Re:Clearly (Score:4, Insightful)
The top of the government and especially the president are HR people first and foremost. They don't do much personally, but act through the agents they select, rely on their judgement and trust them to condense issues of importance for them. Sure, they also get to make some decisions, but they decide based on the information fed to them and the decisions are broad, policy decisions in most cases.
The point is, they didn't make a policy decision that "zomg, F/OSS ftw!", but they hired the guy who hired the guy who hired the guy who hired the web guy and the web guy seems competent enough to pick a F/OSS solution.
Re: (Score:2)
Sure, that's the way it works in theory. But how do you really know that a PHB looking to leverage some synergies didn't hand down this decision from on high? It's not like the private sector has a monopoly on incompetent management. (Yes, I know this applies equally well and probably moreso to "zomg $PROPRIETARY_SYSTEM ftw!" and even more likely to "zomg $SYSTEM_OWNED_BY_COMPANY_I_OWN_SHARES_IN ftw!")
PHP based? (Score:2, Funny)
I wish they used something Python based:
def askPresidentQuestion(q):
if president == "Bush":
misSpeak()
elif president == "Obama":
pass
Just wondering... (Score:2)
There's more to it than your personal preferences (Score:5, Insightful)
If some of the people who post here were as smart as they think they are, they'd figure out:
* Whitehouse.gov is not running Drupal on a ten-dollar shared server at GoDaddy.com.
* Building and maintaining a large, continuously updated website is not something you do in a weekend with Notepad, a giant bag of Cheetos, and a case of diet Coke.
* Any Drupal project of this scale involves layers of extremely high-performance caching and multiple firewalls.
* The site's administrative tools aren't available from the outside. (This is not difficult to implement.)
* Life does not begin and end with your personal favorite programming language, database server, etc., or with the boundaries of your parents' basement.
* Security reports are reports of vulnerabilities that have been fixed, not vulnerabilities that lie in wait to ambush your site. A properly run open-source project has a documented process [drupal.org] for handling security issues.
I don't know any details of the site's technical architecture beyond the obvious, but it's blazingly fast. My bet is that when you hit the site, you're pulling completed pages out of RAM on a customized and hardened Varnish [varnish-cache.com], but that's just a guess. The HTTP headers identify the server technology as "White House."
Re: (Score:2)
You must be new here!
Re: (Score:3, Informative)
I don't know any details of the site's technical architecture beyond the obvious, but it's blazingly fast. My bet is that when you hit the site, you're pulling completed pages out of RAM on a customized and hardened Varnish [varnish-cache.com], but that's just a guess. The HTTP headers identify the server technology as "White House."
I don't know where you came up with Varnish . . . there are lots of ways to get performance that's just as snappy. A CDN is a good start. And it's pretty easy to tell that that's exactly what's being used here:
$ dig +short www.whitehouse.gov
www.whitehouse.gov.edgekey.net.
e2561.g.akamaiedge.net.
96.16.18.135
They're using Akamai for most of their content, it seems. I get 35ms ping to www.whitehouse.gov from machines in New York, Denver, Holland, and Washington (the state). My Washington machine get
Re: (Score:3, Funny)
I work for the government, and uh, bullshit.
Open Source Education IT (Score:2, Interesting)
Re: (Score:2)
If you want to see a large part of the reason that this happens, look no farther than places like this:
http://oetc.org/cgi-bin/searchbytype.pl [oetc.org]
Seriously, at $2.30 per CAL for Exchange...
What was te old CMS (Score:2)
Hardly (Score:2)
Dries Buytaert reflected on this, adding: 'this is a clear sign that governments realize that Open Source does not pose additional risks compared to proprietary software, and furthermore, that by moving away from proprietary software, they are not being locked into a particular technology, and that they can benefit from the innovation that is the result of thousands of developers collaborating on Drupal.'"
Or, more likely, the PHB in charge is running with Drupal because it's popular and CMS's are
Awesome! (Score:2)
This is Awesome, now all the Drupal vulnerabilities will be highlighted on a daily basis!
I like Drupal, but security isn't really their strong point, nor is proper testing of their modules.
Oh well.
okay, so you guys don't like Drupal's security... (Score:2)
Do any of you have a recommendation on what to use instead? Preferably PHP-based, so it has a realistic shot of being supported on most hosting plans?
Re:okay, so you guys don't like Drupal's security. (Score:5, Insightful)
Actually most people have been praising Drupal for its excellent security. You aren't going to find a CMS with a much better track record than Drupal.
What they were mainly saying is that Drupal is extremely popular with lots of people looking to exploit it, so it might theoretically be a high risk. A less well known CMS would not have many people looking (well, that would definitely change overnight if whitehouse.gov chose it :) and is therfore a lower risk, but also has tons of exploits not found yet.
Stick with Drupal if you want a tested, secure, and reliable CMS.
You know, a lot of people here are very silly. (Score:4, Insightful)
Yes, whitehouse.gov is a very attacked site, for all sorts of reasons, and I bet it will be the very first place to try out any new Drupal vulnerability, and at least one of those will succeed sometime in the next couple of years.
But, um...who cares if it does? It's not a mission critical web site. It's stupid fluff pieces about the president and his initiatives. If something goes wrong it gets flipped offline, restored from backup, patched, and brought back online.
It's interesting to see the government try OSS, and that might be an interesting discussion, but way too many people(1) here instantly leapt to the non-existence security implications, acting like important government computers were going to be exposed via any security issues in Drupal.
1) And half the remaining people appear to be morons talking about how CMS are useless. They haven't realized that stating 'people don't need CMSes' doesn't, like they think, show that they're some elite HTML coder, it just reveals them as someone who's never been hired to make a web site for someone else who then can add and remove content.
Re: (Score:2, Insightful)
Are you a troll, naive or stupid?
A CMS is required if you want content to be updatable by non-programmers, which is almost always a very requirement on larger corporates pages.
A CMS will also allow versioning of content, making it easy to publish new content at specific points in time.
Re:Why CMS (Score:4, Insightful)
A better question is why so many practically static web sites use online content management systems. Is it just for convenience? Lack of thought? A life content management system on the server is a serious security liability. Many web sites could just as well use an offline CMS and push the data to the server when an update is made. A typical web server can handle orders of magnitude more visitors when there is only static content. Even if you aggressively cache the CMS output, that still leaves the security aspect. I guess it takes a Slashdotting / Digg effect before most authors realize that having a web site which can't handle 10 concurrent visitors is rather pointless.
Re: (Score:2)
Are there many static-CMSes (for want of a better term) like that available?
Re: (Score:2)
Re: (Score:3, Informative)
Why reinvent the wheel?
Sure, you can program everything from scratch and that might even appeal to you if you're the CEO of a company that sells programming services, but in many cases it makes more sense to use off-the-shelf software (which drupal is - well, off an imaginery shelf where everything is free as long as you give back).
Re: (Score:3, Insightful)
Not only that, but using Drupal means you have a built-in security/programming team, constantly updating, improving, looking for bugs, etc. If you write your own software, YOU have to maintain it, by yourself. Are you as good as the Drupal devs? (I know I'm not)
Re: (Score:3, Insightful)
Businesses have come to accept the limitations of software, and will often adjust the way they do things to fit in with whatever the software requires, sad but true.
Re: (Score:3, Insightful)
It's not necessarily a bad thing. Yes, sometimes it cuts off new and creative ideas. Often, those are bad ideas, and everybody else is doing it the regular way for a reason.
This is especially true when a business is getting outside of its domain. If you're the best bottle-maker or book-binder on the block, do that. But your accounting and web site is almost certain to be identical to any other businesses, and crafting roll-your-own accounting or web management software specialized to your thing is quite
Re:Why CMS (Score:4, Insightful)
Re: (Score:2)
Forget the OS - do you reckon he designs and fabricates his own CPUs?
Screw that! (Score:4, Funny)
I make my own fucking ELECTRONS!
Re:Screw that! (Score:5, Funny)
Dude, why are you being so negative?
Re: (Score:2, Funny)
Do you know how fucking hard it is to make POSITRONS?
Re: (Score:2)
Re:Why CMS (Score:5, Informative)
"Did you guys forget how the web worked before CMSs came around?"
Yes: it did work slower, more expensive and less functional. I even remember why first intranet efforts used to fail: because content stagnated due to the fact that only programers that didn't produce the information in first place were the only ones allowed and/or with the knowledge to modify contents.
"Most CMS products are insecure pieces of shit. I would not use a CMS for a high profile target like that. They should be publishing static files with a custom system. Only pages that must be dynamic should be. It's just dumb?"
You do know you can have your CMS administrative backend opened only to your internal networks so from the Internet all you have access to is an static, pre-cached, read-only version, do you?
Re:Why CMS (Score:5, Informative)
That's your opinion and just because you have one doesn't make it the correct choice.
In fact, I do remember how the web was before CMS came around. I remember people handing me MS Word documents saved as 150KB+ HTML files. Or having to clean up sections of the corporate site where someone cut-and-pasted from MS Word into the site.
Heck, people made a living off writing software just to clean up the mess. Eliminate clutter in Microsoft Word generated HTML files with the Office 2000 HTML Filter [com.com]
And to Sopssa, He fails to realize that Drupal can be hardened and has the benefit of several years of testing and user feedback unlike a custom system.
I clearly remember the days before CMS and it looked like this.
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40" > <head > <meta name=Title content="This is normal unformatted text" > <meta name=Keywords content="" > <meta http-equiv=Content-Type content="text/html; charset=utf-8" > <meta name=ProgId content=Word.Document > <meta name=Generator content="Microsoft Word 10" > <meta name=Originator content="Microsoft Word 10" > <link rel=File-List href="WordtoHTML_files/filelist.xml" > <title >This is normal unformatted text </title > <!--[if gte mso 9] > <xml > <o:DocumentProperties > <o:Author >Elizabeth Pyatt </o:Author > <o:Template >Normal </o:Template > <o:LastAuthor >Elizabeth Pyatt </o:LastAuthor > <o:Revision >1 </o:Revision > <o:TotalTime >1 </o:TotalTime > <o:Created >2003-10-22T19:05:00Z </o:Created > <o:LastSaved >2003-10-22T19:06:00Z </o:LastSaved > <o:Pages >1 </o:Pages > <o:Company >ETS </o:Company > <o:Lines >1 </o:Lines > <o:Paragraphs >1 </o:Paragraphs > <o:Version >10.2418 </o:Version > </o:DocumentProperties > </xml > <![endif]-- > <!--[if gte mso 9] > <xml > <w:WordDocument > <w:DisplayHorizontalDrawingGridEvery >0 </w:DisplayHorizontalDrawingGridEvery > <w:DisplayVerticalDrawingGridEvery >0 </w:DisplayVerticalDrawingGridEvery > <w:UseMarginsForDrawingGridOrigin/ > <w:Compatibility > <w:SpaceForUL/ > <w:BalanceSingleByteDoubleByteWidth/ > <w:DoNotLeaveBackslashAlone/ > <w:ULTrailSpace/ > <w:DoNotExpandShiftReturn/ > <w:AdjustLineHeightInTable/ > </w:Compatibility > </w:WordDocument > </xml > <![endif]-- > <style > <!-- /* Font Definitions */
@font-face
{font-family:"Times New Roman";
panose-1:0 2 2 6 3 5 4 5 2 3;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:50331648 0 0 0 1 0;}
@font-face
{font-family:Arial;
panose-1:0 2 11 6 4 2 2 2 2 2;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:50331648 0 0 0 1 0;}
@font-face
{font-family:Palatino;
panose-1:0 2 0 5 0 0 0 0 0 0;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:50331648 0 0 0 1 0;} /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Palatino;}
h3
{mso-style-next:Normal;
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:3;
font-size:13.0pt;
font-family:Helvetica;}
p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
{margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Palatino;
color:#993366;
font-weight:bold;}
p.HeaderE, li.HeaderE, div.HeaderE
{mso-style-name:HeaderE;
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:16.0pt;
font-family:Palatino;
font-weight:bold;}
p.SubHeadE, li.SubHeadE, div.SubHeadE
{mso-style-name:SubHeadE;
margin:0in;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Palatino;
font-weight:bold;}
p.TitleE, li.TitleE, div.TitleE
{mso-style-name:TitleE;
margin:0in;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
font-size:18.0pt;
font-family:Palatino;
font-variant:small-caps;}
p.FigureText, li.FigureText, div.FigureText
{mso-style-name:"Figure Text";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:Helvetica;
font-weight:bold;}
p.RedBold, li.RedBold, div.RedBold
{mso-style-name:RedBold;
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
color:red;
font-weight:bold;}
p.Sub-SectionHeading, li.Sub-SectionHeading, div.Sub-SectionHeading
{mso-style-name:"Sub-Section Heading";
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:.25in;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Arial;
font-weight:bold;}
p.Sub-SectionParagraph, li.Sub-SectionParagraph, div.Sub-SectionParagraph
{mso-style-name:"Sub-Section Paragraph";
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:.5in;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
letter-spacing:-.5pt;}
p.MainSectionHeading, li.MainSectionHeading, div.MainSectionHeading
{mso-style-name:"Main Section Heading";
mso-style-parent:"Heading 3";
margin-top:0in;
margin-right:0in;
margin-bottom:6.0pt;
margin-left:0in;
mso-pagination:widow-orphan;
page-break-after:avoid;
font-size:16.0pt;
font-family:Arial;
font-weight:bold;}
p.TitleHeading, li.TitleHeading, div.TitleHeading
{mso-style-name:"Title Heading";
margin:0in;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
font-size:24.0pt;
font-family:Arial;
font-weight:bold;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-- >
</style >
</head >
<body bgcolor=white lang=EN-US style='tab-interval:.25in' >
<div class=Section1 >
<p class=MsoNormal >This is a sample of unformatted normal text </p >
</div >
</body >
</html >
Re: (Score:3, Funny)
I clearly remember the days before CMS and it looked like this
Ha! The planetarium scheduler for the the school I work at has an HTML file she edits in Word to create the current month's calendar. This file has been used for some 2-3 years. Pulling it up right now, it is 682 KB in size and has over 6,000 lines of CSS at the top of the document. Here's a snippet:
Re:Why CMS (Score:4, Insightful)
theres alot of good reasons people use cms... and let me try and use your own words... say you wanted a website that looked like cisco's.
In a CMS, (such as drupal)... heres who does what:
1) designer writes a theme for the website (to give it the look)
2) content producers write the pages
3) codes do the bits the cms doesn't already do.
The point is, the CMS gives you alot to begin with without limiting you, sure you could code a website from scratch but something as powerfull as drupal is going to take a long time. You may not need everything drupal does so you can cut that down a bit. But ultimately you'll end up with something that allows people to do their jobs (i.e. content producers to write pages). Drupal CMS is also especially good at being extended (and there are virtually no limits that I can think of). So rather then writing a whole heap of code to do your website, your coders just write what they need to extend the CMS - "dang, drupal doesnt do rsa based two factor auth, we're going to have to code it in" as apposed to "ok, lets get started on coding a website - quick grab 15 people who know architecture".
Re: (Score:2)
Pretty sure noone in the world wants a website that looks like Cisco's. It's the worst site by a major technology company I've ever used. To get to anything I normally have to login 3-4 times because it randomly forgets your logged in, only to find out that what I was trying to get to was just a link back to where I started. And forget trying to download the software my account privileges say I should be entitled to, I always wind up using someone else's account because despite several attempts on Cisco'
Re:Why CMS (Score:4, Insightful)
So when you write your own code, you've written a CMS. But you just passed one up because it was too heavy-weight...
Re: (Score:3, Insightful)
"Both of those things can be accomplished on your own code too"
Yes, of course. And do you know how the internal app you developed so to allow non-programmers to update content, so PHBs can review the content prior to go public, so you can version contents and pre stablish the date it will go alive, etc. will be called? It will be called a "Content Management System".
So in the end you won't avoid the CMS you'll just develop your own internal one: reinventing the wheel, at a cost, and probably worse.
Re:Why CMS (Score:5, Informative)
Just a few reasons:
* You want to automatically use templates and not replicate formatting code
* You want different people that are not programmers to be able to update different parts of the website; you want to let them do it from their browser in a wysiwyg editor; you want to let them to easily first publish their articles on a staging host and then authorize somebody else to go online with it
* You want to allow commenting, feedback forms, registered users etc.
* You easily want to keep track of versions and revisions of published pages
* You want to automatically index the pages for searches
* You want to easily include dynamic(computed) data into your web pages
Re:Yes, but I don't want Whitehouse.gov doing that (Score:5, Insightful)
Yes, but I don't want Whitehouse.gov doing that. Allowing feedback on the high profile website is STUPID and ignorant.
Apparently, allowing feedback attracts the stupid and ignorant.
Re: (Score:2)
Re: (Score:3, Insightful)
Why do you assume they're not doing that?
Because he's a moron who doesn't understand how CMSes are actually used in the real world, and thinks the only point of them is for 'dynamic' content.
When in actual fact something like half of all CMS sites are mostly 'static', with maybe a forum and an RSS feed block being their sole 'automatically changing' area, and then rest is so that people who don't know a hell of a lot about web sites can fricking manage the site, or at least their area of it, and add and
Re:Why CMS (Score:5, Informative)
Especially for large websites, this can dramatically improve how fast you can update and improve your site.
Also, if you don't want to use a CMS, a framework like Django or Ruby on Rails is the way to go. These allow you to program everything yourself, but already have a lot of functionality built-in, to avoid reinventing the wheel.
Re: (Score:3, Informative)
Re:Why CMS (Score:5, Insightful)
With all due respect, are you a web developer?
For starters, a well-developed CMS and some competent IT people can produce a site every bit as quick as a static HTML site, because that's exactly what they'll be serving up with good server-side caching. Any "weight" in the backend is more than offset by the increased ease with which content can be updated.
Moreover, a CMS allows non-technical people to be involved in the process. Most likely, people from the press and communications offices are going to be the ones in charge of the content on this website, and it's not at all unreasonable to assume that most of them aren't going to be any good with HTML.
And why should they be? CMS is exactly what it says it is -- a content management system, letting people focus on content by hiding away the markup and technical nonsense they're not concerned with anyway. Sometimes it's fully inappopriate; sometimes a custom one is better than off-the-shelf. But you really can't see why anybody would want to use one? Ever?
Re:Great... (Score:5, Funny)
Now they're locked in to PHP.
It's part of Obama's economic recovery program. Just think how many IT jobs this will create: maintenance, debugging, modifications, and security. Maybe we could have a Slashdot poll on who will pwn the website first. I think it'll be the Chinese as payback for the tariffs on tires.
Re: (Score:2)
It's a significant step forward
It's quite a sad state of affairs when moving to one of the most common and widely used back-ends for a website is considered "a significant step forward".
Re: (Score:3, Insightful)
"It's quite a sad state of affairs when moving to one of the most common and widely used back-ends for a website is considered "a significant step forward"."
Bullshit - it's not a "step" anywhere.
This is ONE part of the government changing ONE system over to open source. That's it. The whole "since the Bush Administration" comment is a red herring:
a) Drupal only went Open Source in 2001. "Hey, it's time to update the Whitehouse.gov back end, and there's this new cool thing that just got released. It's ma
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
I suspect your memory is a little faulty.
Akamai has been reverse proxying whitehouse.gov for quite some time.
So IIS on linux might have been reported, but all sites akamai proxies for show up as being on linux. See
http://uptime.netcraft.com/up/graph?site=search.microsoft.com [netcraft.com] for example
of IIS/6.0 on linux.
Re:Something fishy. (Score:5, Funny)
In other words, what did they switch from.
They switched from capitalism to communism, silly.
Re: (Score:3, Insightful)
Re: (Score:2, Informative)
Re: (Score:2)
Re: (Score:2)
My first reaction to seeing this article was how long it will take for Fox News and friends to declare open source software as socialist and how comrade Obama has taken jobs away from hard working capitalist programmers. It's really not a stretch given their track record.
Take a look at the drupal logo. I think this calls for a big investigation to confirm that Obama is an alien!
My first take is (Score:4, Insightful)
does this even offset a Administration which takes all the bad habits of the last and compounds them with super sized bills that no one gets to review and a good dose of intimidation against any who speak up?
Re: (Score:3, Interesting)
My first reaction to seeing this article was how long it will take for Fox News and friends to declare open source software as socialist and how comrade Obama has taken jobs away from hard working capitalist programmers. It's really not a stretch given their track record.
foxnews.com's server runs on Linux according to Netcraft.
That's totally wrong. (Score:3, Insightful)
First off, most leaders of the left wing imagine a future where scarcity is the norm, largely because they see the consumption of natural resources by the West as unethical in a larger world view. In their eyes, Americans already have "too much" and therefor should have to make due with less. This faux-conservatism, coupled with the right wing's stupid devotion to "free trade", is the underlying cause of this current economic crisis. It is that people want more stuff, resources are capped by environmenta
Re: (Score:3, Informative)
Except you completely ignore externalities, systemic risks, and equity, which is what got us in various messes already.
http://en.wikipedia.org/wiki/Externality [wikipedia.org]
Consider the "True cost" of oil from various perspectives:
http://www.energyandcapital.com/articles/oil-gas-crude/461 [energyandcapital.com]
"""
Milton Copulus, the head of the National Defense Council Foundation, has a different view. And as the former principal energy analyst for the Heritage Foundation, a 12-year member of the National Petroleum Council, a Re
Re: (Score:2, Insightful)
Externalities, Concentrations of Wealth, etc... is a made up word excuse for socialism.
Re: (Score:2)
Really? I mean, I'm not saying you are wrong, but I am saying you've just made a direct statement of fact with no justification whatsoever. It's not even an argument.
Re: (Score:2, Insightful)
but I am saying you've just made a direct statement of fact with no justification whatsoever
Yes and no. I think your out would be that if you could address your concerns of concentrations of wealth and externalities without some of federal assumption of ownership, its pretty hard to avoid socialism.
The thing is, that, if you have a government to keep wealth from getting concentrated, it's wealth will get concentrated. If you make the government the sole arbiter of some bit of land or sky, then, it will be
Re:That's totally wrong. (Score:5, Insightful)
"If we all had our one acre of land, even if one of us screwed it up, humanity could continue. But if the King owned all the land, then, the King could screw up all the land, and frequently, will."
And if one of those people on their one acre of land makes a bioengineered plague, then everyone dies? Or, when the nuclear power plant next door melts down, we permanently evacuate Manhattan?
Here is something to consider, by Manuel de Landa:
http://www.t0.or.at/delanda/meshwork.htm [t0.or.at]
"Indeed, one must resist the temptation to make hierarchies into villains and meshworks into heroes, not only because, as I said, they are constantly turning into one another, but because in real life we find only mixtures and hybrids, and the properties of these cannot be established through theory alone but demand concrete experimentation."
Manuel de Landa suggests we need a healthy balance between meshworks and hierarchies.
By the way, make sure you get enough Vitamin D while working inside on simulations, as I agree the public health agencies have dropped the ball on a lot of things:
http://www.vitamindcouncil.org/newsletter/vitamin-d-and-h1n1-swine-flu.shtml [vitamindcouncil.org]
http://www.vitamindcouncil.org/treatment.shtml [vitamindcouncil.org]
http://curtisduncan.blogspot.com/2009/10/why-michelle-obama-is-more-likely-to.html [blogspot.com]
Also, on "socialism":
http://digg.com/political_opinion/Socialist_Agencies_Destroying_America_Graphic [digg.com]
"""
This morning I was awoken by my alarm clock powered by electricity generated by the public power monopoly regulated by the U.S. Department of Energy.
I then took a shower in the clean water provided by a municipal water utility.
After that, I turned on the TV to one of the FCC-regulated channels to see what the National Weather Service of the National Oceanographic and Atmospheric Administration determined the weather was going to be like, using satellites designed, built, and launched by the National Aeronautics and Space Administration.
I watched this while eating my breakfast of U.S. Department of Agriculture-inspected food and taking the drugs which have been determined as safe by the U.S. Food and Drug Administration.
At the appropriate time, as regulated by the U.S. Congress and kept accurate by the National Institute of Standards and Technology and the U.S. Naval Observatory, I get into my National Highway Traffic Safety Administration-approved automobile and set out to work on the roads build by the local, state, and federal Departments of Transportation, possibly stopping to purchase additional fuel of a quality level
determined by the Environmental Protection Agency, using legal tender issued by the Federal Reserve Bank.
On the way out the door I deposit any mail I have to be sent out via the U.S. Postal Service and drop the kids off at the public school.
After spending another day not being maimed or killed at work thanks to the workplace regulations imposed by the Department of Labor and the Occupational Safety and Health administration, enjoying another two meals which again do not kill me because of the USDA, I drive my NHTSA car back home on the DOT roads, to my house which has not burned down in my absence because of the state and local building codes and Fire Marshal's inspection, and which has not been plundered of all its valuables thanks to the local police department.
And then I log on to the internet -- which was developed by the Defense Advanced Research Projects Administration -- and post on Freerepublic.com and Fox News forums about how SOCIALISM in me
Re: (Score:3, Informative)
"On the way out the door I deposit any mail I have to be sent out via the U.S. Postal Service and drop the kids off at the public school."
I should have caught that as a problem too. Someday, public schools may be much more like public libraries open to anyone to use than day prisons for children of working parents, but until then, consider:
"Links about alternative peer-oriented education"
http://p2pfoundation.net/Category:Education [p2pfoundation.net]
"The Underground History of American Education"
Re: (Score:3, Insightful)
The key really is, how do create a social mechanism to prevent excessive concentrations of wealth, without creating a defacto concentration of wealth?
I think you're framing the problem incorrectly. I think the question should be, how do we make sure that enough wealth is distributed such that society can reasonably function, and that we feel decent about how we are treating the least fortunate among us?
Focusing on the concentration at the top is just jealousy. The ethical concern is at the bottom of the pyramid, in my view.
If the wealthy are prudent, they will remember the lessons of the French Revolution and Russia in 1917, and make sure that they pas
Re: (Score:3, Informative)
From The American Conservative:
http://www.amconmag.com/article/2005/mar/14/00017/ [amconmag.com]
"""
This is no surprise, as libertarianism is basically the Marxism of the Right. If Marxism is the delusion that one can run society purely on altruism and collectivism, then libertarianism is the mirror-image delusion that one can run it purely on selfishness and individualism. Society in fact requires both individualism and collectivism, both selfishness and altruism, to function. Like Marxism, libertarianism o
Re: (Score:2)
It will be interesting to see the first bug report from the White House. With all the layers of security they need, they are undoubtedly going to push Drupal's envelope in some novel ways.
Or maybe we will see evidence of a White House bug stomping party, or contributed code, first. I'm sure that the tech guys at whitehouse.gov will give back to the community somehow.
Is there a way to monitor drupal.org for White House activity? Can we see some "First sighting!" competitions? Or should we look for press re
Re: (Score:2)
Re: (Score:2)
Insightful post. Completely off-topic but, still, you make some damned good points.
Yeah, totally off topic, but inspired somewhat by the commentary that inevitably follows an FOSS product adoption decision made by a major enterprise..., it's like "the movement" won. Maybe the gov't just picked the better product?