Slashdot Mirror
Australian Government To Standardise On Drupal
angry tapir (1463043) writes "The Australian government is eyeing the introduction of a government-wide content-management system, with the preferred choice almost certain to be Drupal. Government documents indicate that part of the appeal is that Drupal modules can be easily shared between government agencies and with the public."
Working with drupal is a nightmare. Drupal 8 is looking much better but all below are just terrible to work with.
As opposed to what? WordPress? Joomla? Drupal does have a steeper learning curve than some of the other open source CMS's but it has more flexibility, and if you're going to standardize on one, that flexibility is important. I'm curious to know if you have a specific alternative in mind.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Easy to learn (as long as you know programming) and ridiculously flexible and simple compared to Drupal, with the ability to scale up to more complex frameworks with apps. Pretty sure the Australian government is targeting this for more complex frameworks, instead of just blogs.
Django itself is more of an app development environment, although using it for blogging and such would be as simple as adding one of the existing blogging apps to it, or you could roll your own with a few lines of code.
The Django tutorial is great... so glad I found it after looking at Wordpress, Joomla, Drupal, and other less popular ones.
Disclaimer: Website developer that has used Drupal, Joomla and Wordpress, not liking any of them.
I find that Silverstripe to be a pretty neat CMS for developers and clients. Find it much easier to work with than the other major players like you listed.
The New Zealand Government actually use Silverstripe themselves and they seem to be pretty happy.
Seriously though, it is actually enjoyable to work with for the variety of projects I have used it for. In time like the others, it might reach a point that it is no longer fantastic to work with and at that point, I will find the next system to adopt.
Coding a custom CMS is a start. Programming web-based systems isn't that hard. I do it for a living, but I use Wordpress or Joomla when the customer wants it. Generally a custom CMS offers better flexibility - if you have a competent web staff that knows how to code, you can get something slick finished pretty quickly.
There's a lot of fear mongering when it comes to picking CMSes in the first place. Generally you will see people that aren't qualified to make decisions force technical staff members into a corner to "standardize" things, pissing everyone off equally. These types of decisions, in my opinion, should be left to the individual web teams that serve these separate units of government throughout the country. They have to use it every day - let them decide.
It doesn't sound like the Australian Government even knows what it needs a CMS for. At the end of the day, KISS is the best practice to follow. They're just webpages after all. You don't need a CMS that has 26,000 modules (point was made in the article) to plop up a website with a slideshow, a bunch of PDF files, an event listing, different pages full of text. You only need to determine what you want your website to do and let the technical staff make the best choice. One CMS to rule them all is quite stupid in this case, because they think they're solving a problem that doesn't really exist. They also think there will be some kind of magical collaboration that will save everyone money.
http://agov.com.au/features - Half of the features on this page are purely fluff, pointless, or outright misleading:
1.) Reponsive design - Responsive design is tied to the template and CSS - not the fucking CMS. ... image sliders. Really now? This is a reason? Every Australian Government website must have this eh?
2.) Event management - every CMS out there features some kind of event management plugin, or you can just code one yourself. This isn't a good reason to "standardize" on. Again, let the web team working on the site pick the best option.
3.) Feature carousel - They're
4.) Rich content editing - Good, finally they found one reason to standardize their CMS onto every agency - because this is such a huge problem with CMSes - wait, what? No, it's not.
You know, there's more to this than the stuff I managed to quickly slap together at 3:30 AM.
My viewpoint is the following:
Making blanket assumptions on how things are used and forcing decisions across an entire Government will only lead to unhappy workers, stifling of innovation, and harm to other great CMSes and developers out there.
That said, if every agency felt that Drupal was their best option... so be it.
3.) Feature carousel - They're ... image sliders. Really now? This is a reason? Every Australian Government website must have this eh?
Yeah, I know what you mean.
Should I use a carousel?
What's wrong with Drupal? It's modular, very flexible, free, secure, and has been demonstrated to be good enough by other major organisations (ie, the Whitehouse, and Australia is essentially America's lapdog these days).
It's not easy to set up, but, that doesn't make it a poor choice, and what other alternative can you suggest which is proven to be secure, is flexible, modular and has a huge community base?
I hate our government for so many things, but, it's very easy to implement a powerful search engine in Drupal, and there are so many modules available that its a good choice for projects designed to last well into the future.
Also, one of my mates found a serious backdoor in a CMS system used often in Europe (and it was open source). So, since the Whitehorse has likely done some auditing of the Drupal code, it makes sense for the AU government to build on top of their work/testing.
Only requirements were:-
1) Free, since this government thinks they should get everything free while screwing over anyone in need...
2) Server must run off a 15Mb/1Mb internet connection since that's what the rest of us are doomed to...
"We know what happens to people who stay in the middle of the road. They get run over." - Aneurin Bevan
Working with drupal is a nightmare.
Yeah? I was a web admin for a part of the Northern Territory government a few years ago and we used some really ugly thing, built in house with ColdFusion. Anything would be better than that. Drupal's a bit of a pain in the arse, but i'm sure it's an improvement on a lot of government CMSs.
Proven to be secure? Number of user up == number of vulnerabilities found up. Just because it's "proven" secure now, if you add a massive incentive to find more vulnerabilities (standardized governmental roll out sounds like a tasty hacker target to me) and increase the user base significantly then lets see how long it remains so proven. How proven is the security of the modules that are available that you tout as a boon for the CMS? They're mostly third party aren't they? Just like all the other OS web CMS's. Not a cat in hells chance that all those modules are as secure as the core CMS, so how is having those modules available a good thing when they'll have to write their own if they want them secure?
I love how you think that the US government may have shared their experience with Australia about a web CMS too. Governments barely manage to communicate between internal departments, let alone internationally.
Lets not forget that the preferred operating system for governments is still Windows. If you're thinking security is a major factor in governmental software decision making then this fact ought to indicate either just how little they care, how little they know, or how much they've been lobbied.
May I remind you of the HBGary Federal break-in by Anonymous?
Part of the break-in was classical social engineering, but if I remember correctly another important part was played by their roll-your-own CMS that had a classical vulnerability.
Rolling your own CMS seems easy enough for the core functionality of slapping up and managing a web site, but security is not trivial and it's a, by definition, net facing program.
From a security and general bug perspective of at least the core system, going with a widely used open source package with active bug fixing is probably the smarter move for a large organization, never mind a government.
As someone that has seen several of the drupal sites developed by the Aus government I can assure you they AREN'T been done right. They are a mess of vulnerabilities and poor configuration and most of them seem to be run by pods of developers themselves rather than the IT departments which probably explains the atrocious security practises on a lot of them.
4.) Rich content editing - Good, finally they found one reason to standardize their CMS onto every agency - because this is such a huge problem with CMSes - wait, what? No, it's not.
As far as I'm aware, all available editors are based on contenteditable functionality, which has been bug-ridden for years and simply was not designed to offer a rich content editing experience to the end user of a CMS. Yes, this is a huge problem with CMSes, including Drupal. For this reason, this is not fluff, pointless of misleading, it is an outright lie.
0x or or snor perron?!
If they're genuinely only going to use it as a CMS then Drupal might serve. But what I see with Drupal is that someone wrote a CMS and then tried to build a general web framework on top of it. It would make more sense to take a general web framework, such as Symfony, and then build a CMS on top. That way you have a platform which is suitable for websites which go beyond being a CMS. As an added bonus, Symfony is built around a type system rather than associative arrays nested like Russian dolls.
Drupal and PHP are for beginners. They are good tools for that.
This decision is like the government saying that they are going to standardize on EasyBake Ovens for all government owned kitchens. Hey my niece made some delicious* cupcakes in an EasyBake Oven! There is no theoretical reason why EasyBake Ovens can't produce good food!
* the cupcakes were not delicious
Drupal 8 is built on Symfony.
I work with PHP and I would not say it is for beginners. That you can do something quick in PHP is one thing, but doing a proper MVC app in PHP requires pretty much the same skillset as a Java or .NET guy. In either case, all of those feel like children toys after you use either Node.js, C++/Boost or D with Vibe.
But having said that, I would not feel religious about any of the tech out there. In the end rarely you get to decide what is being used, since a lot of projects have to end up using whatever tool they started being coded with.
It's simple. Many cheap hosting providers only permit LAMP stacks and won't have anything to do with a long running Python process associated with their web server. That creates an ecosystem where better solutions can't compete against the PHP masses.
I am becoming gerund, destroyer of verbs.
Secure?? you have got to be fucking joking. https://drupal.org/security that is not the record of a product with good security practises. The vulnerabilities in the core alone are bad enough, but add in all the vulnerabilities from common modules and you have a pigs breakfast.
Coding a custom CMS is a start.
Why does everyone want everyone to reinvent the wheel? It's cheaper to do it this way. Drupal mostly works. If you can get 99% of the functionality you need out of the box, why not use it?
It doesn't sound like the Australian Government even knows what it needs a CMS for.
Presumably, to make it easier for departments to maintain content. That's the usual reason. It's a pretty good one.
That said, if every agency felt that Drupal was their best option... so be it.
Right, let every agency decide, and/or wait for consensus. What could possibly go wrong?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Wasn't Facebook originally on PHP..?
-Myke
Who wants PHP version 1?!? It's been PHP:Hypertext Preprocessor since version 2 or so.. =)
-Myke
Generally a custom CMS offers better flexibility - if you have a competent web staff that knows how to code, you can get something slick finished pretty quickly.
True. But where I work, we plan for everything. Like upper management firing most of our "Competent web staff" Who's going to support your custom code then? If you're using an industry standard, it may not be as flexible but if the shit hits the fan at least you can pull in contractors and not have to rely on what would basically amount to the top tier of web developers out there as your only hiring resource. Use Joomla (or whatever) and you have an immediate pool of talent to hire from.
PHP input filter is disabled by default from Drupal 7 on... really it's only good for prototyping.
-Myke
Anything would be better than ColdFusion, eh?
Let me introduce you to ExpressionEngine. Learn about its parsing order then go in the corner to cry. It's pure madness that a real coder cannot accept.
Get free satoshi (Bitcoin) and Dogecoins
which consists of thousands of different modules
Fabulous! what every project wants - nay, needs - is to import THOUSANDS of different modules.
Yeah, and that's exactly how many modules are used in a typical Drupal site... why are people who truly know nothign about Drupal posting bad things about it..?
-Myke
But why would the government of Australia use cheap shared hosting? The web server process on any VPS should be able to speak FastCGI or SCGI to your Python application server. Or is the problem that the vast majority of potential candidates for web developer positions have PHP experience because they learned web development while maintaining a portfolio of web applications on cheap shared hosting?
Should I use a carousel?
They're OKAY, as long as they are merely things like feature ads for your product, as opposed to essential interface elements. It's a display, like a rotating billboard. There should be no requirement to interact with it.
And they should be relatively small, the delay should be no more than 6-8 seconds max, and they should be based on JS, not Flash. And one more thing:
For f*s sake, people, get the tags and CSS for your sliders right. If someone uses a script blocker, they should see the first panel of your slider clearly, not the entire set stacked on top of each other. I've seen major websites get this wrong.
What's wrong with Drupal? It's modular, very flexible, free, secure, and has been demonstrated to be good enough by other major organisations (ie, the Whitehouse, and Australia is essentially America's lapdog these days).
The problem is that it's based on PHP, which is more than just showing its age.
There are better, more stable, and more consistent languages to build your web framework around today. Why anybody would start a new project today and build it in PHP is totally beyond me. In fact I have made quite a bit of money taking sites that were built in PHP and rebuilding them in something more modern.
I work with PHP and I would not say it is for beginners.
I agree. Something for beginners should at least make sense.
PHP's inconsistency is a nightmare. In my opinion, it does not qualify as a consistent language, it is merely a giant toolbox full of independently-developed utility functions.
That might be a slight exaggeration, but not much of one.
Making things up is fun and all, but PHP is the most popular language on the internet, and shows no signs of decreased usage whatsoever.
So in the light of actual data, your "strong opinion" that it's like COBOL and "on the way out", is fucking moronic.
There's plenty of valid reasons to criticize PHP, but this isn't one of them.
Silverstripe is IMHO currently the CMS to build sites on. After dealing with drupal, wordpress, modX and a few others I find Silverstripe the easiest and the most "civilized" way to build custom things. If someone wants something that works out of the box on the other hand it might be not the very best choice.
There's plenty of PHP, ASP.NET, Django, Java, etc. developers out there. I would argue that there would be fewer developers for something like Joomla than it's parent programming language - PHP. This is because a Joomla developer needs to understand the idiosyncrasies of the CMS itself. They also need to understand how PHP works. So at the very least, they need to be able to code in PHP, otherwise you've just hired a crappy Joomla developer that probably Googles everything and copy and pastes stuff.
Coding a custom CMS or "reinventing the wheel" does have benefits. It provides security benefits by having less code, less eyeballs looking at the code, and alternative ways of configuration that may lead to better security (how it works with different server modules and such). It also allows for more rapid bug fixes for problems that arise, rather than waiting for a fix for 3 months after submitting it to a bug tracker.
You also have to think about how important the website is. Does this website provide a basic press release listing, PDF files, and a couple of pages? It probably doesn't need a massive CMS.
Let the web team decide what they would like to work with.
"Australia Gov: It was a bad move to standardize on drupal." Let's see how long it takes.
But there are so many features that customers eventually want that you end up reinventing lots of wheels hand-adding them along the way, eventually ending up with a Big Ball of Mud.
It may be good job security for the original coder, but for the organization it can be a bear to write up contracts and pay for new coding for various features that are add-ons with packaged CMS.
Maybe if OSS community offered kits that allowed easier add-ons to semi-customized CMS, we could approach the best of both. For example, settle on a generic data model so that add-ons can hook directly onto the data model. Custom programming can still be done using that data model.
Table-ized A.I.
Ah, another newbie to PHP who blames the tool instead of the person using the tool.
Sorry to have to disabuse you of your fantasy, but I've worked with PHP for more than 8 years. And I am glad to be free of it, thank you very much.
You have to change nearly everything about how Drupal works to make it work well on a large site, or a large number of sites. So where is the "standard"? What it does with MySQL DB by default, as one example, is an absolute travesty. Then you run into, oh I can't build my massive site using nodes, it will blow up, so lets use templates, but now we have to mange templates, lets build something for that, oh now caching, how well does it deal with a big server farm, oh need patches and work on that too. Oh it isn't OOP so I have to do alot of extra work and process to keep the maintaince programmers from blowing everything up on multiple sites because they just know a little PHP and want to work in that all of the time vs the system you built. It is like so many other things, people spend tens of thousands of man hours on making it work, then say, Drupal is great! Just fucking amazes me. Of course Drupal isn't unique in that.
Yep, there is the "standard" Heh.. It is so flexable.... :p
The majority of Facebook is still PHP.
A lot of it no longer runs on the official PHP software but on their own called HipHop (uses a Just in Time compiler) but the code their programmers write is PHP.
Coding a custom CMS is a start. Programming web-based systems isn't that hard. I do it for a living, but I use Wordpress or Joomla when the customer wants it.
I'm a consultant, and you're not thinking this through. You shouldn't start writing a new CMS from scratch whenever you start a new project. When I start a new project, say for a moderately complex web site, I go back to the beginning and design a new CPU. The new system that the CPU will fit into has to be designed, built and tested, and then a new OS written and debugged. Next a new communications protocol has to be designed, written and tested. Finally, a new set of applications written for the new OS, and then, finally, a web site.
This approach is the only reasonable way to turn a three month contract into a 15-year failed project. You've grasped the basic consulting creed of re-inventing the wheel at every opportunity, but you're not going far enough.
Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
Silverstripe is great, I've used it quite a bit and it does stand head & shoulders above the competition. But, possibly this is because it's written in PHP, it's dog-slow. Odd that the four comments above are all AC...
Drupal sites I run don't use thousands of modules. But they do use dozens, and I'm nervous as shit because there is really no way for me to evaluate the security of all that module code that's originated in god-knows-where.
SpyDock: Scientific Python in a Docker container
I think some of them are serving millions, some 10s of millions per day. I'm not sure if you can count Facebook, since they are running their own engine, but I believe the 'pages' still look like PHP. Whitehouse.gov, data.gov are both Drupal. So are all of the Ivy League schools, soon if not already. Of course, Whitehouse.gov has more than 80 people working on their website but that's not all coding. I would think most of that is content development and other stuff.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
Ah, the good old days. I started with PHP 1.9s - one step past shell scripting. :) Things have come a long way. Nowadays of course I don't do it for my real job, just some side stuff I do to keep my hand in. One of those is manhandling Drupal - not a fun thing for newbies, but having tried WordPress (the other biggie), I would say Drupal is much more robust, more adaptable to real enterprise applications, more secure, and has a more involved community.
Which reminds me - I'm going to my first Drupal Con June 2-6 in Austin! Shameless plug: my employer Bright Plaza, Inc. is going public at the conference with its Drupal module for Picture Passwords for the Web! We are going to have a cool special offer for websites that install the module and sign up.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
IDK anything about Silverstripe, this is the first I've heard of it. But if you are having slowness it could be a lot of things besides PHP per se. In my experience many if not most PHP and other applications are actually database-limited, so it could be that. I've had PHP scripts that spent 95% of their time in the database, both in elapsed microtime when wrapping the database calls, and in CPU load. I only occasionally have seen Apache/PHP at the top of the list in "top".
Failing that, there are almost always particular functions that seem to be the ones that take up most of the time, which can be recoded, split up, etc. Anything involving creation of large arrays of objects is a candidate, especially if you are memory limited.
If you have access, try dropping microtime calls into the code, for instance at the top of each class or even each function, and log the results somewhere to see where the time goes. I like to just keep the difference between each step, which shows the elapsed time for each function. But you can also keep the start time and print the total elapsed time at the end of the page.
In my experience slowness is almost always due to these few pathological points in the code. Sometimes it's as simple as some piece of code that needs to do a DNS request (for a curl fetch), or a bunch of NFS file accesses that take a long time.
Once you know it's not just one or two pathological functions, then there are multiple strategies. For database, consider using the MEM-whatever database engine if you have enough memory. I haven't used PHP cacheing, the Zend speedups, nor the HipHop tools but I assume they are pretty useful.
Finally, one thing that all these CMS systems have in common is that they do a lot of work compared to a simple web page - I am guessing that every single web page requires the CMS to open, read and parse as many as 100 files. It's rather amazing to me that they work as fast as they do.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
That's the thing - it's been in use by a number of *big* government sites (whitehouse.gov, data.gov), and enterprise and academic sites for quite a while so there's been a lot of work on the security for quite some time. From what I've seen Drupal has been much less prone to security problems than, for example, WordPress, not to mention roll-your-own.
A big security advantage of using a well-vetted CMS is that the framework has abstracted much of the vulnerability. If you use the built-in input functions, they are built to prevent most of the classic problems such as XSS, SQL injection, etc. So your newbie programmers are not as likely to leave the front door of your website open by coding a naive input function.
This applies to the various modules as well. They *should* be using those same input functions. There are now at least two Drupal module certification groups, Top Shelf Modules and another I forget. I think CommerceGuys also does this for modules they support. Part of the certification includes code review. This is a level of inspection that few companies can afford to do to their own roll-your-own code (and also an advantage of open source BTW).
Drupal does have a steep learning curve, and especially now with big transitions in the way things are done, it's easy to get lost in the module sea. But it, and the other CMS, provide an amazing amount of functionality without having to write a single line of code. And for a government with dozens or hundreds of departments, having a single CMS standard means a lot of synergy, it allows the central government to establish and *maintain* a common policy for all departments, and it means that IT people can move from one department to another with almost no learning curve.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
There is a burgeoning (maybe that's too strong) module certification effort now happening. Top Shelf Modules is one group; I think CommerceGuys does it for things in their catalog, there's another that I always forget. So, progress occurs.
Realize that there are still lots of vulnerabilities in core C libraries - not to mention that C is inherently unsafe and must be handled with care. Many of the vulnerabilities in Drupal, PHP and other tools are really just exposing the failings of C. But not to start a flame war... :)
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
It's difficult to predict the future. I work for Type A managers who flitter all over the place on a whim.
They also ask for mobile-friendly, Atom feeds, ADA-compliant, image resizers, CRUD-like features, etc. because they can and they want it. Oh, and it has to be super-duper simple for users because they don't want to spend money on training.
Table-ized A.I.