Drupal Needs a New Home

reardonsteel writes "All of the Drupal websites were offline for about two days because of a server meltdown at the organization's hosting provider. The main Drupal website is back up with a single temporary page and they've announced a fund-raising drive to raise US$3000 for a new server to be hosted at the Open Source Lab at Oregon State University's server farm. Drupal is the leading open-source (written in PHP) content management system and is used to power tens of thousands of websites, blogs, community sites, etc." At this point, all they need is an actual server, too: the OSL has agreed to provide rack space, bandwidth, power, backup facilities and support.

Nice

[z0ink]

So now we'll go ahead and destroy the temporary server too. Good work.

Re:Nice

[robertjw]

I mean, what type of computer costs 3000? You can get a good rackmount for $1200. Usually, all it takes to host a website is a high end desktop at up to $950.

Many computers cost $3000 and up. I've seen rackmount machines from HP, Dell and Sun all cost way more than $3000.

Mostly it depends on what their uses are. If they are just using it to host their website they probably don't need much of a server, if they are using that server as a development/test platform as well I'm sure it would be helpful to have a somewhat bigger machine. Actually, from their site:

Currently, drupal.org runs on a shared server paid for and maintained by Kjartan. The server is a single Pentium Xeon 3Ghz with 1 GB of RAM. There are about 20 sites running on the server, including some of our sites like http://drupal.org/, http://drupaldocs.org/ and http://cvs.drupal.org/. In addition to the websites, the server hosts our mailing lists, mailing list archives and CVS repositories. Last month, drupal.org alone served more than 3 million pages for 100 Gb of traffic (this does not include any of the other sites or services; non Drupal websites, Drupal mailing list traffic, etc).

Where I work we run HP DL380 machines, which is not really a high end server. Base price on those is $2899. In a perfect world, that would be about the class of server I would want to run a site like Drupal has.

What I love about the FOSS movement

In only 12 hours, they have already raised nearly 2000 dollars for the new server, PRIOR to the posting on slashdot. People who care change the world for the BETTER, while those who don't impact it terribly.

Re:well, since i can't get to the link

[JasdonLe]

Drupal is a CMS (Content Management System). It's like Slash, or PHPNuke, or Mambo. I wouldn't call it THE leading CMS, like the summary does, but it is terrific software.

If you don't know anything about the software I listed above, just google them!

Oh that's good...

[noneloud]

They have a server meltdown, so Slashdot gives them another?

tim, I think you should watch your (real life) Karma...That's not very nice :)

Re:Who?

[lordsilence]

Certainly could. But I've never heard about the Mamboserver project ( http://www.mamboserver.com/ ) before. But they dont claim to be leading in the CMS business, just among the most powerful *shrug*

Renting a dedicated box?

[moz25]

What I don't get is why they aren't renting their own dedicated box, so they don't have to own the hardware. You can get a dual Xeon configuration for about $200-300/month and with about 2TB of bandwidth. Of course now they won't have a monthly bill, but every time they need to upgrade the machine or repair it, there are going to be costs.

Re:Renting a dedicated box?

[suwain_2]

A few reasons I can think of off-hand:
* Renting higher-end servers gets awfully expensive
* Adding another hard drive might cost you something like $20/month forever -- if you plan on being around for a long time, it's actaully much cheaper to just buy
* I've read a few horror stories of people whose dedicated server providers (some at fairly reputable places) had their servers formatted by mistake. With a colocated server, you don't have to worry about a tech transposing a couple digits in your IP and formatting the wrong machine.

Drupal powers...

[UnConeD]

To answer the question, what is Drupal...

Drupal is the open-source CMS behind:

• KernelTrap
• SpreadFirefox
• Gnome Footnotes
• Linux Journal

and many more sites. Even if you don't know Drupal, you've probably visited a Drupal site before. Drupal is known for its modular architecture, clean code and developer friendlyness.

Well, I offered it to them...

[SlashChick]

I offered them a free Dual Xeon 2.8GHz server, 1GB RAM, 1x80GB hard drive with 500GB transfer a month, hosted at Simpli (my hosting company). We host several Drupal sites and I'd be happy to have them on board. I asked for a text link back to Simpli. I haven't heard back from them, so I guess they'd rather beg their users for money than take a free dedicated server. I have to say I'm a bit disappointed, but it's their money and their choice.

Re:Well, I offered it to them...

[factoryjoe]

SlashChick, just wanted to say that we appreciate your offer and wouldn't mind discussing some kind of backup mirroring situation with you.

The reason why your offer was treated as such was not because we don't appreciate it -- indeed we've had a few offers and we're fortunate to receive them!

As one of the proponents of this project (which I suggested more than a month ago but only became serious about around the middle of June) I know that there were a number of possibilities that we considered before deciding to go with OSL.

In particular, I've maintained an excellent relationship with Scott Kveton over there during my time at Spread Firefox. He was an excellent resource and advocate during that time and in fact offered to host Drupal.org sometime back in February when I mentioned the idea to him.

As part of the arrangement, we needed to purchase the hardware on which drupal.org would live. The $3000 target was set by the following recommended specs, supplied by Scott:

Dell PowerEdge 1850 1U
2 x 2.8Ghz Xeon w/ 1Mb cache 800Mhz FSB
2GB RAM
2 x 73 GB SCSI disks
RAID controller for RAID1 (mirror)
Redundant Power Supply

From there, Dries (Drupal's founder), Steven Peck, Kieran Lal (of CivicSpace) and myself collaborated on a fundraising strategy, with Dries and Steven writing up the description that ended up on Drupal.org.

Ironically, or perhaps just as one could have predicted, drupal.org went black for two days just as we were finalizing the copy. With drupal.org down, I presume Dries moved the DNS to another host and posted the text we had.

13 hours later we more than doubled our goal thanks to the collective economic power of the open source community!

So in sum, SlashChick, we do really appreciate your offer, but we had already staked out a plan a month ago and drupal.org's going black was simply an oddly timed incident that spurred the community to action! Feel free to get in touch with me to discuss your offer further if you'd like.

Already hit fundraising target!

[LiquidCoooled]

From the single page, it says:

Fundraise status

Start date:
13 hours 5 min ago

Received:
$6468 USD

Target:
$3000 USD

Last updated:
2 min 56 sec ago

MISSION ACCOMPLISHED!

Drupal rocks

[nysus]

As a minor contributor to the Drupal project, I can tell you it rocks. It's a very well written piece of code. Much more than a CMS, it's a platform on which communities can be launched and mini applications can be written. I believe that Drupal could help revolutionize web site development for inidividuals, small non-profits, and small businesses. It's an extremely flexible and powerful platform. What's more, the main developers of Drupal are pure to the free software philosophy.

When the site comes back up, you should check it out.

CivicSpace is a distribution

[UnConeD]

Today, CivicSpace is a distribution of Drupal: their core is unforked, and their modules are developed and stored in the main Drupal repository. They contribute patches to the main project as well as work on their own stuff.

Re:What is the security of Drupal like?

[stevey]

It could well have been the recently revealed XML-RPC exploit which Drupal appears to have been vulnerable to.

Debian released an updated Drupal security package today. I'm sure other distributions have also done so, or are about to.

Drupal got 11 Google "Summer of Code" developers

[nysus]

To the naysayers out there, you should know that Drupal got 11 "Summer of Code" developers. Do the folks at Google obviously think very highly of this open source project.

Re:well, since i can't get to the link

[moosesocks]

I'd be cautious grouping it with Slash or nuke. Those are previous-generation CMS systems, and are becoming quite dated.

Newer stuff such as Drupal, Mambo (which I personally dislike), Textpattern, and other newer CMS systems have embraced emerging web technologies (Ajax, CSS) and are generally written with extremely clean code and have very simplistic ways of operating (mac-like if you would care to make the analogy)

Slash and nuke are dinosaurs. They may still work fine, but if you're going to make a new site, you'd do yourself a favor to research the newer options. Development on all of the 'old' CMSes has stalled, and little work is being done to improve them.

WTF?

[n3k5]

if you need some sort of "content management system" to power your website, you probably aren't the type of person who should be having a web site. It only takes 30 minutes or so to custom build something that does exactly what you want it to [...]

Are you saying every web site out there should run on software written ad hoc, only for this one site, and every developer who needs more than 30 minutes to build it is an untalented loser?

[...] rather than spending probably hours configuring some bizarre conglomeration of weird things, that you'll then have to spend hours trying to figure out the code, if you have to make changes at that level.

I see, so you were unable to find one of the CMSs that run admirably right out of the box/package and offer lots of great features, and now you're pissed at CMSs in general and refuse to touch any of them again? There are several open source solutions you can get into at the source level in just one afternoon, which pays off in days and weeks of time saved every time you need to make a change or set up another site. I particularly like systems like Antville and Textpattern that let you change large parts of their own code right within your site itself. These aren't full blown, enterprise grade CMSs, but as these take months to develop, that's not what you're thinking of anyway. In 30 minutes you can write a little CGI script, but that won't offer validated HTML and CSS that works with pretty much every user agent, secure user accounts with multiple levels of privileges, etc. etc. Furthermore, your notion that only software developers should have web sites is just plain bonkers.

Or maybe there was some misunderstanding you could clear up?

Re:.....wtf

[Salamander]

It only takes 30 minutes or so to custom build something that does exactly what you want it to, rather than spending probably hours configuring some bizarre conglomeration of weird things, that you'll then have to spend hours trying to figure out the code, if you have to make changes at that level.

Bull. I used to write all of the code for my own website. It probably took me about a week of full-time-equivalent work, and it worked OK, but that's still a far cry from half an hour. Don't give me any of that crap about it being because you're a better programmer, either. I work on kernels and distributed systems for a living, and have done for over a decade. Web programming is something I do as a break from real work because it's so easy by comparison. Nonetheless, all you can get in half an hour is something that sucks. If you want something that's modular and maintainable, that takes more time. If you want something that's database-efficient, that takes more time...and flat-file-based systems are even worse so don't go there. If you want something that's standards-compliant, that takes more time...and your main page generated 130 errors when I ran it through the W3C validator. If you want it not to look like crap (again unlike your site) that takes more time. If you want to have features like markup in comments and comment preview, decent archive management, categories, and search (again unlike...) that takes more time. If you want to do all of those things and have it be secure, that takes more time; not knowing how to implement features securely is a poor excuse for having a low-functionality site. Do all that in under the week it took me, and I'll be impressed. So far, not even close.

My guess, based on your comment, is that you're another victim of the rewrite bug that often afflicts junior programmers. Writing code is not necessarily more efficient than reading other people's, but it is generally more fun so kiddies always want to rewrite everything in sight. What they end up with isn't usually any better, though. Most code that's written as an excuse not to understand something that already existed sucks far worse than what it replaces. That's why most of the people who roll their own website never even have the balls to make the result available for others to see. They know that it's a lot easier to claim superiority than to prove it.

if you need some sort of "content management system" to power your website, you probably aren't the type of person who should be having a web site.

That's the most offensive thing about your post, and why I went out of my way to be offensive right back. Sure, maybe you and I can (with varying degrees of success) write code to do the things that a typical weblog does, but why should we be the only ones to have sites? Why shouldn't high-school students and grandmothers have them too? Sure, most of what they write is crap, but so is most of what geeks write (including here). What purpose is served by having someone who might be able to contribute code in some other domain that you know nothing about have to learn your most treasured skills as the price of entry to the world of website ownership? What if their contribution is something other than code - like scientific knowledge or political insight? Aren't those valuable too? Thinking that everyone should value what you value is beyond elitist, and contrary to the spirit of free enterprise. It's just a crutch for insecurity, not a valid or useful attitude. It's almost as pathetic as posting fake-IQ-test results to your blog.

Re:.....wtf

My guess, based on your comment, is that you're another victim of the rewrite bug that often afflicts junior programmers. Writing code is not necessarily more efficient than reading other people's, but it is generally more fun so kiddies always want to rewrite everything in sight. What they end up with isn't usually any better, though. Most code that's written as an excuse not to understand something that already existed sucks far worse than what it replaces.

Well, it turns out, you're right. I went to his site and thought, "hmm, a blog system with comments and trackbacks, maybe he does have a point if he built this whole thing in 30 minutes." But then I tried his system. Anyone can add comments -- comment spam could (and probably eventually will) overrun his system. In addition, I was able to easily drop JavaScript code into the comments and it was executed! Of course, I only dropped in a harmless JavaScript alert, as I don't want to get in trouble for "hacking" a neophyte's crappy blog system.

But in any case, to the grandparent post: my God, man, you cannot build such a shoddy, terrible system, and then tout the benefits of reinventing the wheel. Your wheel is awful, and better people before you have built wheels that put yours to shame. Yours is bad enough to actually be dangerous. It's a black-hat's wet dream. SQL injection, code insertion, you don't even launder your input! I fear for your site and the server that hosts it.