It's OK to build new sites on Drupal 7

by David Snopek on October 17, 2017 - 4:11pm

In about a month, it'll be 2 years since Drupal 8.0.0 was released. Drupal 8 has come a long way since then, especially with Drupal 8.4.0 released two weeks ago, which is the most feature-packed release yet.

Drupal 8 is the future of Drupal. It's awesome.

However, looking at all the blogs and articles and podcasts in the Drupalsphere, we're sending a message that you should only build new sites on Drupal 8.

The common wisdom is that starting a new project on Drupal 7 is dumb idea.

While I'm sure there's lots of people who are OK with that or even think that's the right message...

I strongly believe that we are hurting the Drupal project by sending that message.

Read more to find out why!

Drupal 6 version of netFORUM Authentication not affected by SA-CONTRIB-2017-077

by David Snopek on October 11, 2017 - 1:37pm

Today, there was a Moderately Critical security advisory for an Access Bypass vulnerability in the netFORUM Authentication module for Drupal 7:

netFORUM Authentication - Moderately critical - Access Bypass - SA-CONTRIB-2017-077

The module was bypassing protections on the Drupal 7 user login form, to deter brute force attempts to login to the site, and so was an Access Bypass vulnerability by making login less secure when using this module.

However, Drupal 6 (including Pressflow 6) don't have these same protections for the user login form, and so, using this module is no less secure than using vanilla Drupal 6. Of course, these protections could be added to this module, and while this would be great security hardening, this doesn't represent a vulnerability - only a weakness which is also present (and widely known) in Drupal 6 core.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Drupal 8: Now a Great Podcast Platform

by Elliot Christenson on October 11, 2017 - 10:25am

If you are an agency, solo Drupaler, or just want to add a podcast to your organization's marketing, this might be of interest to you. I created a very simple podcast module...

Agencies: How to Turn Micro-Tracking Off and Profit-Making On!

by Elliot Christenson on September 20, 2017 - 1:44pm

All businesses have to track their income and expenses. That's the most fundamental axiom of business. We've all learned to think about this in terms of time or "billable hours" After-all, we track our success based on how many billable hours we either get paid or "save".

Is that working for you perfectly?

WTH is "Micro-Tracking" and Why is it Terrible?

I define "micro-tracking" as the "micro-managing of time and resources". We see a few things wrong with "micro-tracking" - specifically for support - but possibly other business expenses.

Do you bill clients by the minute? Even the hour?

It's almost always a terrible idea to watch the clock for support!

Below I'll attempt to outline a few of the downsides...

Agencies: How Do You Convince Your Developers that Support is Fun!?

by Elliot Christenson on September 13, 2017 - 10:38pm

I've been thinking about some of the pain points of some of our clients and potential clients. We work with agencies, and I've been a part of agencies in the past. Support is always a pain point with agencies. If you have good developers, can you provide good customer support?

Developers hate "support" projects. Right?

Well, we don't think it's that simple. Afterall, we are developers, and we love support! So, for today's article, I simply want to share some of the things we love about support - and hopefully you can apply some of these ideas to your team!

Drupal 6 versions of CAPTCHA and Clientside Validation are not affected by SA-CONTRIB-2017-072 or 073

by David Snopek on September 6, 2017 - 3:24pm

Today, there were two security advisories posted for modules that have Drupal 6 versions:

Happily, neither issue affects the Drupal 6 version of the modules!

I think this is particularly important for the Critical issue in Clientside Validation. Anyone who uses the Drupal 7 version of that module should update immediately! But, this time, Drupal 6 users can rest easy. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Last call to get a FREE migration to Drupal 8 / CiviCRM (for nonprofits)!

by David Snopek on August 24, 2017 - 10:58am

In case you haven't heard, we're building an Open Source platform for nonprofit websites built on Drupal 8 and CiviCRM, available as a SaaS with hosting and support included.

In exchange for joining the BETA, we're offering a FREE migration to the platform from your existing site! (whether you're currently on Drupal 6 or 7 or something else entirely)

We've talked to few dozen organizations already, and we have a short list of who we think would be good candidates for the BETA. We're only going to choose 10, and we plan to make our decision next week.

So, if you're involved in a nonprofit organization that might be interested, this is your last chance! Please fill out this form and we'll setup a time to chat as soon as possible.

(It's our goal to talk to everyone who's interested before making a decision.)

And if we've already chatted, well, this is just to let you know that we'll be deciding soon!

Drupal 6 security update for Views

by Elliot Christenson on August 16, 2017 - 1:28pm

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for the Views module to fix an Access Bypass vulnerability.

The Views module enables you to create custom displays of Drupal data.

When creating a View, you have the option to enable the use of AJAX. The Views module does not restrict access to the AJAX endpoint to only Views configured to use AJAX. This is mitigated by having access restrictions on the view.

See the security advisory for Drupal 7 for more information.

Here you can download the Drupal 6 patch for 6.x-2.x or 6.x-3.x.

If you have a Drupal 6 site using the Views module, we recommend you update immediately.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

FREE migration to Drupal 8 for 10 nonprofits

by David Snopek on August 15, 2017 - 9:01pm

Migrating your site to Drupal 8 isn't simple or cheap. Nor is maintaining it or getting support once your new Drupal 8 site is live!

This is a problem that affects all organizations using Drupal, but it's particularly hard on smaller nonprofits.

A couple weeks ago, I wrote a super long article detailing how Drupal 8 has left many small nonprofits behind. It also proposes a possible path for fixing it!

We're building an Open Source platform for nonprofit websites built on Drupal 8 and CiviCRM, available as a SaaS with hosting and support included.

That article was primarily about why - in this article I'd like to talk about the details of how!

There's a lot to discuss, but I'll try to make this article shorter. :-)

Oh, and we're looking for 10 adventurous nonprofits to join the BETA and help build it.

If you join the BETA, we'll migrate your existing site to the new Drupal 8 & CiviCRM platform for FREE!

Read more to learn about all the details we've got worked out so far...

How to install CiviCRM on Drupal 8 (and WHY choose it over pure Drupal CRM)

by David Snopek on August 9, 2017 - 9:06pm

Last week, I published a super long article called Drupal 8 has left small non-profits behind... How can we fix that? which details the many issues Drupal 8 is having and their chilling affect on usage among nonprofit organizations.

It also proposes a possible path for fixing it: building an Open Source platform for nonprofit websites built on Drupal 8 and CiviCRM, available as a SaaS with hosting and support included.

We're looking for 10 nonprofits who are willing to participate in the BETA and help build it (in exchange for a FREE migration to Drupal 8 & CiviCRM).

Next week, we're planning to talk more details about how that BETA process will work! (That article is up now too!)

However, this week, I wanted to take a little break from that, and talk more about CiviCRM in Drupal 8.

So, in this article, we're goning to:

  1. Walk through how to install CiviCRM on Drupal 8. It's quite complicated now, but we're helping to improve that.
  2. Talk about why we're betting on CiviCRM and not a CRM built in Drupal. There's a couple of great, pure Drupal solutions to CRM, like RedHen or CRM Core - but we've chosen to go with CiviCRM. Why?

Read more to find out!

Subscribe to Blog on myDropWizard.com

We're a Top 40 Drupal Blog!