Jeff Robbins, from Lullabot on Drupal (Podcast and Interview Transcription)

(Informal talk)

Lisa Padilla: Okay, and you know one concern about open source, Jeff, is attacks from hackers and I wonder if you can address the security of Drupal as how that’s accommodated in the community.

Jeff Robbins: Yeah, I mean that’s always sort of a debate. It kind of goes both ways. You could argue that this sort of security through obscurity as with proprietary software where people don’t know what’s happening behind the scenes, how they are going to hack it. And the answer is well, there are a lot of really common ways to hack web sites and common mistakes that are often made on the web. There was a what’s called clickjacking event, sort of hacking event that just happened on Twitter today which they had a really quick fix for but I don’t know if it’s made it into the sort of usual tech news sources yet, but it’s sort of interesting piece.

Lisa Padilla: Explain to listeners what clickjack is?

Jeff Robbins: Well, I am not quick sure I totally understand myself. I believe that someone had posted a link that brought you to a web site that had some Java script kind of thing that made it look like you are visiting Twitter, but in fact, it was like posting Twitter postings on your behalf. I don’t quite understand what’s happening. I am curious to sort of see. I was building my own content management system, I didn’t know what you call that I mean, when I was just building little PHP applications for clients in the past and in retrospect, there were a few of them that were hacked and I was always flabbergasted by the techniques that were used. It was never something I would have thought of but —

(Informal talk)

Jeff Robbins: Yeah, all kinds of genius sorts of things, but by Drupal being open source, you have a lot of even those same people or people who are familiar with those techniques, really smart people either way you look at it, are able to kind of look and see if Drupal is vulnerable to these types of attacks or other types of attacks. And Drupal has historically had a really, really good track record with security. There are security updates that come out on a regular basis. And so, it’s been argue that because of those security updates come out that it’s patching Drupal problems. But usually, these are problems that were never actually exploited or the use case where your site would need to be set up in a way where it could be exploited with such rare cases but it never happened. And so, there have been very, very few, I can’t think of any popular Drupal sites, that have been hacked. It’s got a really good track record that way.

Lisa Padilla: And can you give me an example of when you might use an in-house Drupal developer to build and maintain your site versus outsourcing to a team who could build and maintain that for you, is it meant to be something that somebody inside non-technical could manage?

Jeff Robbins: Yeah. Because of the Drupal’s capabilities, it can really scale. It can scale from $5 a month virtual hosting environment up to these large redundant multi server kinds of things that Sony or Lifetime are running. And it really depends on what’s being done with it. But because of Drupal’s complexity, oftentimes it’s used for larger web sites and that’s the type of stuff, in particular, the Lullabot tends to focus on. And we tend to focus on helping companies like that to build an in-house team. It’s usually good to have someone at least sort of nearby that kind of can sort of Drupal in one way or another, and that’s why we’ve sort of chosen to kind of focus on more on consulting and training developers rather than really focusing on doing development ourselves. We kind of help our clients to do their own development. But certainly, I mean the process of getting bootstrapped or if you’ve got a smaller web site, where you can really manage it yourself, yeah, there are a lot of Drupal development companies out there and you can hire them to help you build your web sites and you can usually manage it yourself, I mean that’s the whole thing with the content management system is it’s really meant to be able to be updated and for you to be able to sort of make those changes yourself. But if you’ve got a big popular web site and you are starting to change the way that the caching system works or adding new features or that kind of stuff. It would be a good idea to at least sort of feel like you have an idea or have some resources around for knowing whether that’s a good idea or not. I mean Drupal is a very community built platform, and as such, there is a huge, huge community of developers. So these developers got together to build a community building platform and they sort of inadvertently built a community of developers at the same time. And so, there is a really active IRC channels and active forms on Drupal.org and that kind of stuff, you can find all that stuff on Drupal.org.

Lisa Padilla: And aside from coming to Lullabot, where else can people find Drupal events going on? Do you know any coming up? I know there are local meet-ups, local developer meet-ups.

Jeff Robbins: There are, there are a lot of. I should mention also there are a lot of local meet-ups. There is a web site Groups.drupal.org where you can find a lot of those local Drupal user groups and they oftentimes will meet once a month and people will talk about what they are working on and bringing up questions that they have. And this is always a really a good thing if you are getting involved with Drupal. And the big event DrupalCon, which happens usually one in North America and one in Europe somewhere each year so two DrupalCon events happen a year and the next one is happening in Washington DC in March, and I am bringing up the dates here and there are so many different things on my calendar here, let’s see. It is the 4th through the 7th in Washington DC and you can find out about that at Drupal.org. But I will tell you that what you will find is that it’s sold out already, it’s sold out. You’ve got 1,300 people already signed up for that and it’s sold out.