We live in a post peak Drupal world. Drupal peaked some time during the Drupal 8 development cycle. I’ve had conversations with quite a few people who feel that we’ve lost momentum. DrupalCon attendances peaked in 2014, Google search impressions haven’t returned to their 2009 level, core downloads have trended down since 2015. We need to accept this and talk about what it means for the future of Drupal.
Technically Drupal 8 is impressive. Unfortunately the uptake has been very slow. A factor in this slow uptake is that from a developer's perspective, Drupal 8 is a new application. The upgrade path from Drupal 7 to 8 is another factor.
In the five years Drupal 8 was being developed there was a fundamental shift in software architecture. During this time we witnessed the rise of microservices. Drupal is a monolithic application that tries to do everything. Don't worry this isn't trying to rekindle the smallcore debate from last decade.
Today it is more common to see an application that is built using a handful of Laravel micro services, a couple of golang services and one built with nodejs. These applications often have multiple frontends; web (react, vuejs etc), mobile apps and an API. This is more effort to build out, but it likely to be less effort maintaining it long term.
I have heard so many excuses for why Drupal 8 adoption is so slow. After a year I think it is safe to say the community is in denial. Drupal 8 won't be as popular as D7.
Why isn't this being talked about publicly? Is it because there is a commercial interest in perpetuating the myth? Are the businesses built on offering Drupal services worried about scaring away customers? Adobe, Sitecore and others would point to such blog posts to attack Drupal. Sure, admitting we have a problem could cause some short term pain. But if we don't have the conversation we will go the way of Joomla; an irrelevant product that continues its slow decline.
Drupal needs to decide what is its future. The community is full of smart people, we should be talking about the future. This needs to be a public conversation, not something that is discussed in small groups in dark corners.
I don't think we will ever see Drupal become a collection of microservices, but I do think we need to become more modular. It is time for Drupal to pivot. I think we need to cut features and decouple the components. I think it is time for us to get back to our roots, but modernise at the same time.
Drupal has always been a content management system. It does not need to be a content delivery system. This goes beyond "Decoupled (Headless) Drupal". Drupal should become a "content hub" with pluggable workflows for creating and managing that content.
We should adopt the unix approach, do one thing and do it well. This approach would allow Drupal to be "just another service" that compliments the application.
What do you think is needed to arrest the decline of Drupal? What should Drupal 9 look like? Let's have the conversation.
Drupal is more than a pretty face - it's safe as houses, lets you fit in, and offers bells, whistles.....and maybe bagpipes!
(Disclaimer: Dries did not ask/order/suggest/request me to post this neither to make any changes whatsoever.)
Those who know me will be well aware that I am both a passionate cyclist. Last June I wrote a blog about cycling. It told the dreadfully sad tale of a cyclist who died close to my home following a road traffic incident. In just 24 hours the post had over 10,000 reads. This triggered me to take positive action, the result of which is my campaign "BeyondACyclist", which has backing and support from CyclingUK.
A totally volunteer effort (entirely inspired by my work with Drupal) BeyondACyclist has a groundswell of support and active participation from the likes of Three Degrees West film company, Cheshire Fire Service, Cheshire East Council, West Midlands Police, Christie Hospital, composer Brian Lane, script writer Craig Roderick (Southpaw Agency) and Phil Jones MBE Managing Director - Brother UK to name but a few. Plans are in advanced stages to produce an ambitious cinema quality short film, supporting studio portraits and action photography, social media campaign and distribution across a variety of mediums.Why I am reaching out to you the Drupal community
Within the next few months we will have the film completed. But there is a final missing link. I need a website designed, built and themed to drive traffic towards. A site to serve as central focal point for all campaign activity. The place where all traffic will arrive be that from TV news, print media, social or offline. I cannot do all of this alone. I already have a lot on my plate!
I'm hoping someone in the Drupal community will be reading right now and feel this is a cause they would like to get involved with. Obviously Drupal 8, it will be high traffic as I have built excellent relations with media outlets including TV, print and social. And this is a global issue. In Ireland, across USA, Australia there are currently hot news stories about cycle safety and sadly more deaths. So don't think being outside the UK is a blocker, no.
I anticipate needing 2-3 individuals to complete the task - Designer, Site builder or Site builder and Themer (as separate roles). If you would like to discuss the idea further or are just plain interested in getting involved please use my contact form to reach me. And thank you in advance. Paul.
The Hook 42 team is on their way to the historic city of Baltimore. Its early days helped shape the narrative of America. This year it hosts DrupalCon North America and perhaps it will share a role in shaping the future of Drupal.
The team is excited to share what they are looking forward to, not only at DrupalCon, but also what the city might have in store for them during their down time.
At Platform.sh, we believe that all websites deserve to be secure, fast, and feature-rich, and that it should be easy to have all three. Secure has always meant that a site is encrypted using SSL, which is why we’ve never charged for an SSL certificate. Fast means using HTTP/2, which we added support for earlier this year, but most browsers only support HTTP/2 over SSL. And feature-rich means allowing the full range of newer web functionality such as geolocation, access to media devices, or notifications, many of which browsers are now only permitting over SSL connections. You know what? The modern web only works properly with SSL so let’s cut out the middleman. Let’s Encrypt everything.
We’re happy to announce automatic support for Let’s Encrypt SSL certificates on every production site on Platform.sh Professional, at no charge.
Starting today for all new projects, on every deploy we will automatically provision and install an SSL certificate for you using the free Let’s Encrypt service. You don’t have to do anything. It will just be there.
For existing projects, we're bringing that functionality online in batches to avoid overwhelming the Let's Encrypt servers. We expect to finish getting through them all within the next few weeks. If you're about to bring a site live and want to make sure you get Let's Encrypt functionality before that, just file a support ticket and we'll bump you to the front of the line.Wait, what does this mean for my site?
If you currently just have HTTP routes defined in your routes.yaml file, then as of your next deploy HTTPS requests will be served as HTTPS requests rather than being redirected to HTTP. Both will “just work”.
If you want to serve your entire site over HTTPS all the time (and yes, you do), simply change all http:// routes in your routing file to be https://. That will automatically redirect HTTP requests to HTTPS going forward.
See the Routes section of the documentation for more details, but really, there’s not many details beyond that. It just works.What about Platform.sh Enterprise?
Most Platform.sh Enterprise sites are served through a Content Delivery Network already, in which case the SSL certificate is handled by the CDN. This change has no impact on Platform.sh Enterprise customers.Neat! So what should I do?
You don’t have to do anything. HTTPS just works now. As above, you can configure your site to use HTTPS exclusively by adding the letter "s" to your routes.yaml file in a few places. (We told you it was easy.)
Of course, now that you know your site will use SSL, you also know it will be using HTTP/2. All SSL-protected sites on Platform.sh use HTTP/2. HTTP/2 is supported by nearly 80% of web browsers in the world. That makes it safe, and a good investment, to start optimizing your site for HTTP/2, layering in HTTP/2-specific capabilities like server push, and so forth.
Secure, fast, feature-rich, and easy. Welcome to Platform.sh!Larry Garfield 20 Apr, 2017
As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!
Today, there is a Moderately Critical security release for the CCK module to fix an Access Bypass vulnerability.
CCK allows you to add custom fields to any content type.
The Node Reference sub-module had a bug where it could list the node titles of nodes that the user doesn't have access to.
Here you can download the Drupal 6 patch.
If you have a Drupal 6 site using the CCK module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)
If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.
Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).
Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.
The Drupal Association team is gearing up for DrupalCon Baltimore. We're excited to see you there and we'll presenting a panel giving an update on our work since Dublin, and our plans for the coming months.Drupal.org updates Project application revamp
As we announced in mid-March, new contributors on Drupal.org can now create full projects and releases! Contributors no longer have to wait in the project application queue for a manual review before they are able to contribute projects.
This is a very significant change in the Drupal contribution landscape, and it's something we approached carefully and will continue to monitor over the coming months. Drupal has always had a reputation for a high quality code, and we want to make sure that reputation is preserved with good security signals, project quality signals, and continued incentives for peer code review.
That said, we're very excited to see how this change opens up Drupal to a wider audience of contributors.
Please note that the removal of project applications to create full projects and releases means a change in the security advisory policy (see below for details).Security Advisory Opt-in and new Security Signals for Projects Are you responsible for the security of your clients' Drupal sites?
Please note that Drupal's security advisory coverage policy has changed. Security advisory coverage for contributed projects is now only available for projects that have both opted in to receive coverage and made a stable release. You can see which projects have opted in by checking their project pages. If you have questions, please contact email@example.com.
Because users may now create full projects and releases without opting in to security advisory coverage, it's critically important that we provide good security signals to users evaluating projects on Drupal.org. This is why we've added a security coverage warning to projects that aren't opted in to coverage.
- Opened up the opt-in process, allowing any maintainer of a project (not just the node author) to opt in to receive security advisory coverage
- Added a confirmation step when a user goes to make a stable release - this encourages users to be sure the project is ready for a release, and to opt-in to coverage if they haven't already
- Blocked security advisory opt-in if a project has an open, public security issue
- Started displaying info about public security issues on project pages that haven't opted into advisory coverage
- Added a filter to project browsing pages to make it easier to find projects with supported stable releases
The 2017 elections for the community-at-large seat on the board were held successfully in March. Drupal Association community board elections are conducted with the Instant Runoff Voting system. This voting methodology requires that voters rank their preferred candidates on their ballot, and we've heard that this system has been somewhat unwieldy in the past.
Each year we try to improve the voter experience and so this year we deployed a new drag-and-drop ballot.
Finally, we want to congratulate our newest board member Ryan Szrama!Better international datetime support throughout Drupal.org
Drupal.org has grown organically over the course of more than a decade, and as features have been built out they were not always consistent in their display of datetime information. While it sometimes makes sense to have a few different formats for displaying date and time, many of the formats in use were simply arbitrary historical decisions.
As a quality of life improvement, especially for users outside of the USA, we've standardized the datetime format used on Drupal.org. That format is: DD MMM YYYY - hh:mm (UTC±h). For example: 11 Aug 2016 - 16:42 (UTC+8)DrupalCI CSS Lint check style results
When we implemented coding standards testing in DrupalCI in February we were not able to add CSS Lint testing until the CSSLint configuration file in core was fixed. That issue was fixed in late February and so we added CSSLint to support coding standards testing for CSS at the beginning of March.Cleaning up coding standards results
The addition of coding standards results to DrupalCI means that Drupal.org is now storing even more test data about the code we test on Drupal.org. Our initial implementation of coding standards testing did not include clean up of older results, and so to preserve database space and testing resources, we implemented some clean-up routines in March. In particular we are now:
- Cleaning up all results for closed issues
- For custom one-off tests, keeping results for 30 days to match what is shown on project’s automated testing tab
- For tests triggered on a schedule or commit, keeping the most recent per-environment per-branch, and keeping anything less than 24h old
We experienced some minor Git outages in March, due to malicious authentication attempts. To mitigate these issues in the future, we've implemented fail2ban rules to protect Git authentication. This should improve the stability and uptime of Git services for all developers on Drupal.org.
We want to thank Drupal.org infrastructure volunteer mlhess for his assistance with this.Community Initiatives Contrib Documentation Migration
New tools for Documentation have been available on Drupal.org for more than half a year. While most of the core documentation has been migrated to the new system, we are still encouraging Contrib maintainers to migrate their docs.
To make it easier for contrib project maintainers to migrate their documentation to the new documentation tools, we've made two improvements:
- Maintainers may now attach Documentation guides directly to their project pages.
- The Documentation Guides that a user maintains are now listed on their user profile.
As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:
- CivicActions - *NEW* Supporting Partner
- HS2 Solutions - *NEW* Supporting Partner
- Cheeky Monkey Media - Renewing Supporting Partner
- Cybage Software - Renewing Supporting Partner
- Digital Circus - Renewing Supporting Partner
- Message Agency - Renewing Supporting Partner
- QED42 - Renewing Supporting Partner
- Srijan Technologies - Renewing Supporting Partner
- Evolving Web - Renewing Supporting Partner
- Brightcove - *NEW* Technology Supporter Partner
- SiteGround - Renewing Hosting Supporter Partner
- Smartling - *NEW* Technology Supporter Partner
- Sevaa Group - *NEW* Technology Supporter Partner
If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.
The engineers at Acquia recently launched Acquia Cloud CD, a set of developer tools to automatically and continuously assure the quality of Drupal applications on Acquia Cloud.
To help you get started with these powerful tools, Acquia Learning Services has created a task-oriented, hands-on tutorial, to walk you through implementing continuous integration for your Drupal application.Tags: acquia drupal planet
A week at DrupalCon is a fantastic way to level up your skills and bring new knowledge back to your work. We have had such high interest in these training courses, that many have sold out! We know there are still people out there who want to learn these valuable skills, and we want to be sure you have that chance, even if it's not at DrupalCon.
There’s been a lot said and written about the most recent drama in the Drupal community, quite a few people have asked me why I care. This is hard to answer without sounding flippant in 140 characters, so I’ve taken the time to write another blog post about the topic. This one a little less angry and more reasoned than the first.mikl Tue, 2017-04-18 - 18:23 Tags Drupal Drupal Planet
Attendees to Baltimore's DrupalCon 2017 should check out Xeno Media Strategist Jim Birch's presentation, Bootstrap Paragraphs, on April 26 at 10:45am.
In it, you will learn how to combine the power of the world's most popular front end framework, Bootstrap with Drupal Paragraphs, the powerful module that allows content creators to build layouts and structured pages.
Using the Bootstrap Paragraphs Drupal 8 module, you'll be able to create Bootstrap features like Accordions, Carousels, Modals, Tabs, and Multi-column layouts. We'll also demonstrate how to harness the power of Drupal referencing Text, Images, Contact Forms, Blocks, and even Views! We will also review how the module adds different widths and backgrounds which can be modified in the Drupal theme layer.This presentation will review:
- Why use the Bootstrap framework?
- Why use the Paragraphs module?
- What goes into the different types of bundles?
- How we add width and background options
- How to override, and build on top of the defaults
Attendees will come away learning how to build a site using the Bootstrap Paragraphs module, how to customize it in their own themes, and how to use the module as a baseline to develop their own Paragraphs bundle types.
Colorfield: Update a project installed via composer_manager or drush to a CI based Composer template under Drupal VM
If you have to go for a Drupal core update from a previous install based on composer_manager or drush (both deprecated), consider installing something robust, Composer friendly, that also enables CI tools like Phing, Behat, PHPUnit, ...
If you don't have already Drupal VM installed, head to the documentation.
A custom block is made of two entities, one for the placement and one for the actual content. Only the actual placement can be exported with cim. The content can not. Therefore this will result in "Block description Broken/Missing" error on site where the config is imported. And since there is no option to disable custom blocks from being exported through Configuration management, this will break the functionality.
Steps to reproduce
On Site A:
Create custom block
Assign this custom block to any region
Export configuration of the site
On Site B:
Import configuration from site A…
Let's connect at DrupalCon Baltimore, April 24 - 28, 2017.In this post we will cover...
- Sessions we'll be presenting at DrupalCon
- A fun movie trailer for PM: The Musical!
- An opportunity for you to sign up to meet with us
We want to speak with you at DrupalCon!Schedule a Time
Heavily borrowing from “The Raven” by Baltimore’s own Edgar Allen Poe.
Once upon a laptop dreary, with its glow so blue and eerie,
Viewing travel sites where I could shop the online store —
While I purchased, looked at mapping, suddenly there came a tapping,
As of someone gently rapping, rapping at my office door.
“’Tis my colleague,” I muttered, “tapping at my office door —
Helping plan for Baltimore.”
DrupalCon! It is upon us! This conference of such colossus;
3,000 strong will be among us on the conference floor.
Many coming from Palantir to learn and join in Drupal’s cheer
Coming to learn and share with those of similar rapport,
Descending upon a convention center on this eastern shore.
Arriving to explore.
Palantir will have a presence: Booth 109 — and we’ll have presents:
Swag to give all those who visit our spot upon the floor.
A photo booth will offer chances to give our visitors some glances
Of how they look with props and hats of variety galore.
They can tweet and share photos beyond that building’s door.
Posterity forever more!
Three talks will come from Palantiri, who worked hard on each topic’s theory.
The first is 2:15 on Tuesday, and has a musical score:
“Project Management: The Musical” . . . could be slightly Seussical!
Allison and Joe will sing and dance on running scrums and more.
There’s much to learn! Don’t be fooled by the use of songs of yore.
Room 307 – Acquia in Baltimore.
The next are April 27. First at noon . . . is it hell or heaven?
Can separate teams together be something to desire or deplore?
“Successfully Integrating Teams” is the stuff of engineer dreams.
Mixing teams with thoughtful prep can much success ensure.
The tips to do this seamlessly Megh Plunkett will underscore.
Room 319 – Platform.sh in Baltimore.
The last is in the afternoon, and shows that no site is immune
From website content that has been continuously ignored.
“Content Before Code: A D8 Case Study” at 2:45. Grab a buddy!
So you too can learn how to gather content in ways to make all sure.
“Get your content ready for launch!” Michelle and Bec implore.
Room 307 – Acquia in Baltimore.
Palantir will host the fun at Trivia Night, where everyone
Can try for fame by answering questions about Core.
Doors will open right at 8, so hurry there and don’t be late!
Test your skills against your friends to gain the highest score.
Baltimore Soundstage is the place where we shall host the lore.
124 Market Place in Baltimore.
Our wish to see you there grows stronger; hesitating then no longer,
Please know we’d love to see you at our booth or on the floor.
Since we know that time can be fleeting, you can even set up a meeting.
To discuss how we can help your project take wing, and then to soar!
Contact us so we can meet that week in Baltimore.
We want to speak with you at DrupalCon!Schedule a Time
This year, don't take home the DrupalFlu along with your swag and business cards - here are some tips for staying healthy at a huge conference.
Come see Project Management: The Musical! at DrupalCon Baltimore. April 25th at 2:15pm.In this presentation we will cover...
- How to get your project organized
- What analytics and KPIs to review
- How to handle scope creep
- ...and many more facets of project management
We want to make your project a success.Let's Chat.
Additional information about this session can be found on the DrupalCon site.
Stay connected with the latest news on web strategy, design, and development.Sign up for our newsletter.