We've been doing a lot of work recently building a best practice guide on security and wanted to be able to send our clients a simple list of principles that are written in plain language. There is Safety in the Herd: Leverage large, well maintained open source libraries (packages) with a critical mass of users and developers. Use compiled packages and check data integrity of downloaded code. Start with OpenBSD, Debian/Ubuntu or RedHat/CentOS WITHOUT cPanel. Order Matters: Don’t open up services to the Internet before your server is properly secured. Limit Exposure: Only install and maintain what is necessary. Reduce...
There are lots of ways to set up a enterprise server environment for Drupal, but in dealing with IT folks who are coming from other Content Management Systems (CMS) or worse static sites, there is an asumption that for an organization to have control, that they need to have a completely isolated server. Many organizations historically have not had a CMS which had the workflow structure and level of interactivity that Drupal comes with. Historically, the staging server has been used as the final Quality Assurance (QA) environment for new content. It was also used as a barrier between the...
OpenConcept believes in the importance of community & the power of open source. Drupal is a great software product, but the community behind it is bigger and better than the software itself. Open source approaches are really disruptive when they are applied properly because they can disrupt the producer/consumer mindset which has been drilled into our heads over the last 50 years. When we realize that we can contribute something which helps others and by making the community stronger also helps ourselves. Sadly there are a few process in place which really hinder that participation. There are a lot of...
Buckminster Fuller was a real visionary, but he died in 1983 and the backbone of the Internet TCP/IP was only standardized in 1982, so it would be hard to imagine how he would have been able foresee either the World Wide Web, let alone the re-thinking of intellectual property that has come about with the growth of Free Software (or Open Source Software). He definitely thought out of the box as he strove to "make the world work for 100% of humanity in the shortest possible time through spontaneous cooperation." One of his main critiques of our economic system was...
We did it! The Drupal community successfully fundraised to bring Vincenzo Rubano to DrupalCon Portland. Vincenzo is a blind Italian student that has been contributing to Core for the last year. This was one of the first successful crowdsourcing efforts in the Drupal community and we were really happy to show that it can work. This proved that Drupal developers and shops are willing to use alternative means to bring folks to DrupalCon. The week went fast, but I wanted to highlight a few key elements of our discussions from the conference. The first person we wanted to meet with...
We did it! The Drupal community raised $5k to bring Vincenzo Rubano to DrupalCon Portland. This is an amazing accomplishment that demonstrates that crowdsourcing to support the Drupal community can work very well. Although it's been an idea that's been brewing for a while, we've been doing all that we could to bring Vincenzo to a DrupalCon . Vincenzo is a blind Italian student who is just finishing high-school. In the fall he started contributing enhancements to Drupal 8. As a screen reader user, he has been able to identify & test problems and effectively communicate them through the issue...
Viagra & Government Sites - A screencapture from Google
This is was originally titled What Communications Managers Should Know (and Do) About Web Security , but that was just way too long a title. Security is something that everyone needs to understand on a basic level in our modern society, but staff need to know more as their organizational mission can also be jeopardized. For people in management it is especially important as they set the tone for everyone else. IT security simply cannot be left to the techies to take care of. The risks are huge, it’s complicated, and unfortunately if management ignores it, it won’t just go...
Photo with John, Vincenzo & myself in front of the DrupalIcon
We were successfully able to raise the funds to bring Vincenzo to DrupalCon. Thanks everyone, was a great community effort! I first encountered @falcon03 in the Drupal 8 issue queue in September of 2012. At that point I didn't know why he was interested in accessibility issues or what, if anything, he had to contribute to the discussion. With the Drupal 7 Core issue queues, over 400 people have participated in the discussions, patches and tests. Most are active on just a couple issues out of the many that were tagged with accessibility. A few of the participants, like Jason...
We really enjoyed the opportunity to be part of organizing Ottawa's first DrupalCamp. It was a great success, and as a platinum sponsor we were happy to see it take place. There were a lot of good presentations, but we'd like to highlight a few of them here on our site. The first is a great talk by Tom Erickson, CEO of Acquia talking about Drupal & government around the world. As an Acquia Partner, OpenConcept was really happy that so many of their team was able to come in to participate in this event. It was also a pleasure...
Ontario government home page
We were happy to see that at the end of 2012, the main website for the Government of Ontario(GoO) moved to Drupal 7. Their new site demonstrates that it is possible to have a visually interesting site that meets the Accessibility for Ontarians with Disabilities Act(AODA). Many folks reading this blog post will know that the AODA requires a wide range of organizations within Ontario to meet the Web Content Accessibility Guidelines (WCAG 2.0 AA). WCAG is an International standard organized by the World Wide Web Consortium (W3C), they are responsible for a number of standards for the Internet including...