FLOSS Project Planets

Everyone loves a good showdown. Drupal VS WordPress debate has been a hot topic for ages. Businesses want to make informed judgments, and articles like these can play a crucial role in the decision game. While comparing market share and numbers might seem interesting at first glance, beyond the stats, it’s about finding the right CMS that perfectly fits your needs. We're a downright Drupal-centric company. We're all in on Drupal – it's in our DNA. Now that you've got the picture, it’s important to emphasize that we won't engage in a one-sided battle between Drupal and WordPress. The focus is on providing insightful comparisons and that can help you find the right solution for your specific needs. So dive into this article where we're tackling the most popular questions about Drupal VS WordPress, sourced straight from Google and beyond.   Question #1: What's the community support like for Drupal and WordPress? Before answering this question, let’s talk about why community support is important. One of the most common and significant reasons why organizations choose an open-source Content Management System (CMS) is having lean-back support from a strong community. This assures them that their code is in safe hands even if they have to change vendors. After all, open-source code is built by everyone, for everyone. Both WordPress and Drupal boast of a global community of open-source enthusiasts. Due to its sheer popularity and widespread usage, the WordPress community is vast and you can find a solution to almost every query. WordCamps are low-key, local events held all over the world and are attended by WordPress users and developers. State of the Word events are annual events where the co-founders discuss the platform's current state and future direction. Fun fact: the first WordPress community summit took place in the year 2012 at Tybee Island, Georgia. While Drupal’s community is comparatively smaller, although growing every day, it is renowned for its depth of technical expertise and knowledge. This makes it a great resource for complex projects.  DrupalCamps are local community events where developers and users come together to learn and network. DrupalCons are held annually both in the United States and Europe where thousands of Drupal enthusiasts come together to network, learn, contribute, and get inspired. Dries Buytaert, founder of Drupal, presents his keynote speech every year where he discusses the state of Drupal and talks about innovation and new initiatives for the future. Fun fact: the first-ever Drupal community event (DrupalCon) was held in Antwerp, Belgium in the year 2005. No matter how expansive or niche a community is, the crucial question remains: Which community dynamics align better with your goals? Question #2: Is Drupal easier to learn or WordPress? The easy (and blunt) answer to this question is WordPress. WordPress’s intuitive and friendly user interface makes it accessible to beginners. Because of its vast community, and access to tons of online documentation and tutorials, learning WordPress is not hard.  But if you’re looking for a more meaningful explanation, it starts with a question - What are you trying to accomplish with your CMS?   If you want to set up a website and want it to go live before EOD today, WordPress makes it easy. If you want to learn to set up a straightforward personal blog or portfolio site, WordPress is for you. If you’re a small to medium-sized business or e-Commerce store, looking to establish an online presence without help from external agencies, WordPress could work for you.BUT If you're a web developer buff, with Drupal, you'll enjoy learning new skills, and you won't be intimidated by the challenge level. If you like customizing existing modules or building custom modules, Drupal gives you a ton of flexibility with that. If you’re looking at building enterprise-level, complex applications for you or your clients, Drupal offers everything you need. Drupal is notorious for its steep learning curve. Having said that, over the years, there has been a tremendous shift on that front especially since the launch of Drupal 8 in 2015. The evolution of Drupal has seen a departure from traditional Drupal-ly aspects to embrace modern trends like object-oriented programming and standardized frameworks like Symfony. This shift has attracted developers with diverse skills into the community. Initiatives such as the Project Browser are making it easier for site admins to discover and apply modules, creating a marketplace-like experience. Add to that, initiatives like Easy out of the box, Automatic updates, Recipes, starterkits, and distributions are contributing heavily to making Drupal more beginner-friendly. On a side note, this brilliant article written by Kathy Sierra is worth a read if you’re starting your career or looking to become an expert in your field. This "How to be an expert" graph below resonates with the idea that persistent learning and improvement make mastering Drupal easier, even with its initial complexity. Question #3: Which is easier to customize, Drupal or WordPress? While this again depends on the level of customization you are looking for, let me try to keep it simple. WordPress’s extensive theme and plugin ecosystem allows for straightforward modifications without deep coding knowledge. It offers a vast array of themes, both free and premium, allowing users to change the look and feel of their site instantly. Many WordPress themes come with integrated page builders or support popular ones. These drag-and-drop interfaces enable users to create complex layouts without any coding, enhancing the customization experience. When it comes to deep customizations, Drupal is the clear winner. Its modular architecture allows for precise customization where modules can be added, removed, or modified to extend functionality. The level of control and specificity you have with customizing themes is unparalleled with Drupal. The Twig theming engine allows for a flexible and secure way to customize the presentation layer of your website. You can leverage the Drupal Views module (core module) to customize the way your data is presented using custom queries. The ability to create custom content types and fields enables websites with complex content requirements (educational institutions, media, and publishing houses) to create highly structured data. Clearly, this level of customization comes with a learning curve, which brings us back to the question mentioned before - What do you want to accomplish with your CMS? :) However, this does not mean that WordPress cannot be used to build customizable websites or that Drupal cannot be used to build simple websites. It’s just that each platform has its strengths and sweet spots. WordPress excels in simplicity, quick deployment, and a massive ecosystem of plugins for common features. Drupal's power lies in its flexibility, scalability, and ability to handle complex projects with a high degree of customization.  Question # 4: Are there notable performance differences between Drupal and WordPress? This is where Drupal truly excels, hands down! Clearly, speed and performance are Drupal's key differentiating factors. While WordPress can also be used for complex websites whilst maintaining performance, it does require a lot of optimization expertise. If a WordPress website uses too many or poorly coded plugins, it can slow down performance and speed. Its inability to provide granular access control can also limit performance. Drupal, on the other hand, offers high performance right out of the box: Advanced Caching Mechanism - The built-in caching mechanism is simply brilliant. Drupal doesn't just cache pages; it goes the extra mile by caching dynamic views at both the query and output levels. This meticulous approach can be further optimized and ensures optimal performance. Version Upgrades - With every version upgrade released by Drupal, you don’t just get better features, you get improved performance out of the box. Because of its dependencies like PHP and Symfony, Drupal needs to stay updated to make sure it stays compatible with the best version of the dependencies. A recent study by Kinsta shows that a Drupal 10 website using the latest PHP 8.3 version “gives you an extreme speed boost”. Optimized Database Queries - Drupal's database queries are well-optimized, contributing to efficient data retrieval. This means quicker response times when fetching content from the database. Lazy Loading - Drupal supports lazy loading for images and other assets. Resources are loaded only when needed, enhancing the initial page load speed. BigPipe technology -  Drupal’s BigPipe technology optimizes performance by introducing dynamic page-loading mechanisms for authenticated and anonymous users. Instead of waiting for the entire page to be fully rendered, it prioritizes and delivers the main content first. It also utilizes parallel processing, allowing different components of a page to load concurrently. As of Jan 16, 2024, the usage statistics of Drupal show that although used by fewer websites compared to WordPress, when it comes to being used by high-traffic websites, Drupal tops the list. uestion #5: How do the security features compare between Drupal and WordPress? Whenever we have discussed security, we always make it a point to clarify that security is not just a one-time task but an ongoing process. But yes, choosing the right CMS does make a huge difference in safeguarding your data. While both Drupal and WordPress are dedicated to security, Drupal is known for its excellence in this area. While WordPress core is secure, with thousands of third-party plugins and themes freely available, it is more susceptible to hacker attacks. It requires careful selection and maintenance to ensure a secure environment. Security vulnerabilities may arise from poorly coded or outdated plugins. According to a 2022 Website Threat Research Report by Sucuri, WordPress accounts for 96.2% of infections while Drupal was at 0.6%. Of course, you cannot deny the popularity of WordPress when a comparison analysis of this sort is carried out. Drupal has a robust defense against critical internet vulnerabilities, boasting a proven 15+ year track record of its Security Team successfully identifying and addressing potential threats. The platform's stringent coding standards and rigorous community code review process contribute significantly to preventing security issues altogether. Drupal offers many security modules and when implemented with the right strategy, you can have a highly secure website. Granular access control is a strength of Drupal. Site administrators can define specific roles and permissions, ensuring that users have the appropriate level of access. It is also important to keep your Drupal website updated with the latest release to mitigate any security vulnerabilities. The Automatic Updates module (coming soon to core) makes updating your website easier with features like auto patch-level updates, problem detection and reporting at every stage, error detection API, and more. Final Thoughts It is rather easy for us to give our verdict - Drupal is the best 🙂 But jokes apart, it is up to you to decide which platform best fits your needs and budget. Both Drupal and WordPress offer great features and can be powerful tools for web development. If you’re still confused if Drupal is the right CMS for you or not, we can help. Simply fill out the form and tell us your requirements. You'll hear from us with the best-fit solution. We'll never push a CMS on you if it doesn't meet your specific needs. You can also call us at +1-678-806-8004. 

In 2015, I wrote one of my more popular blog posts, “Your Text Editor Is Malware”, about the sorry state of security in text editors in general, but particularly in Emacs and Vim.

It’s nearly been a decade now, so I thought I’d take a moment to survey the world of editor plugins and see where we are today. Mostly, this is to allay fears, since (in today’s landscape) that post is unreasonably alarmist and inaccurate, but people are still reading it.

Problem Is It Fixed? vim.org is not available via https Yep! http://www.vim.org/ redirects to https://www.vim.org/ now. Emacs's HTTP client doesn't verify certificates by default Mostly! The documentation is incorrect and there are some UI problems1, but it doesn’t blindly connect insecurely. ELPA and MELPA supply plaintext-HTTP package sources Kinda. MELPA correctly responds to HTTP only with redirects to HTTPS, and ELPA at least offers HTTPS and uses HTTPS URLs exclusively in the default configuration. You have to ship your own trust roots for Emacs. Fixed! The default installation of Emacs on every platform I tried (including Windows) seems to be providing trust roots. MELPA offers to install code off of a wiki. Yes. Wiki packages were disabled entirely in 2018.

The big takeaway here is that the main issue of there being no security whatsoever on Emacs and Vim package installation and update has been fully corrected.

Where To Go Next?

Since I believe that post was fairly influential, in particular in getting MELPA to tighten up its security, let me take another big swing at a call to action here.

More modern editors have made greater strides towards security. VSCode, for example, has enabled the Chromium sandbox and added some level of process separation. Emacs has not done much here yet, but over the years it has consistently surprised me with its ability to catch up to its more modern competitors, so I hope it will surprise me here as well.

Even for VSCode, though, this sandbox still seems pretty permissive — plugins still seem to execute with the full trust of the editor itself — but it's a big step in the right direction. This is a much bigger task than just turning on HTTPS, but I really hope that editors start taking the threat of rogue editor packages seriously before attackers do, and finding ways to sandbox and limit the potential damage from third-party plugins, maybe taking a cue from other tools.

Acknowledgments

Thank you to my patrons who are supporting my writing on this blog. If you like what you’ve read here and you’d like to read more of it, or you’d like to support my various open-source endeavors, you can support me on Patreon as well!

1. the documention still says “gnutls-verify-error” defaults to nil and that means no certificate verification, and maybe it does do that if you are using raw TLS connections, but in practice, url-retrieve-synchronously does appear to present an interactive warning before proceeding if the certificate is invalid or expired. It still has yet to catch up with web browsers from 2016, in that it just asks you “do you want to do this horribly dangerous thing? y/n” but that is a million times better than proceeding without user interaction. ↩

Removing maintainers from open source projects About • Blog • Newsletter • Links Removing maintainers from open source projects

Published 2024-01-23 by Seth Larson
Reading time: minutes

Here's a tough but common situation for open source maintainers:

• You want a project you co-maintain to be more secure by reducing the attack surface.
• There are one or more folks in privileged roles who previously were active contributors, but now aren't active.
• You don't want to take away from or upset the folks who have contributed to the project before you.

These three points feel like they're in contention. This article is here to help resolve this contention and potentially spur some thinking about succession for open source projects.

Why do people do open source?

Most rewards that come from contributing to open source are either intrinsic (helping others, learning new skills, interest in a topic, improve the world) or for recognition (better access to jobs, proof of a skill-set, “fame” from a popular project). Most folks don't get paid to work on open source for their first project, so it's unlikely to be their initial motivation.

Recognition is typically what feels “at stake” when removing a previous maintainer from operational roles on an open source project.

Let's split recognition into another two categories: operational and celebratory. Operational recognition is the category of recognition that has security implications like access to sensitive information or publishing rights. Celebratory has no security implications, it's there because we want to thank contributors for the work they've done for the project. Here's some examples of the two categories:

Operational:

• Additional access on source control like GitHub (“commit bit”)
• Additional access on package repository like PyPI
• Listing email addresses for security contacts

Celebratory:

• Author and maintainer annotation in package metadata
• Elevating contributors into a triager role
• Maintainer names listed in the README
• Thanking contributors in release notes
• Guest blog posts about the project

You'll notice that the celebratory recognition might be a good candidate for offsetting the removal of incidental operational recognition (like your account being listed on PyPI).

Suggestions for removing maintainers' with empathy

Ensure the removal of operational recognition is supplanted by deliberate celebratory recognition. Consider thanking the removed individual publicly in a blog post, release notes, or social media for their contributions and accomplishments. If there isn't already a permanent place to celebrate past maintainers consider adding a section to the documentation or README.

Don't take action until you've reached out to the individual. Having your access removed without any acknowledgement feels bad and there's no way around that fact. Even if you don't receive a reply, sending a message and waiting some time should be a bare minimum.

Practice regular deliberate celebratory recognition. Thank folks for their contributions, call them out by name in release notes, list active and historical maintainers in the documentation. This fulfills folks that are motivated by recognition and might inspire them to contribute again.

Think more actively about succession. In one of the many potential positive outcomes for an open source project, you will be succeeded by other maintainers and someone else may one day be in the position that you are in today.

How can you prepare that individual to have a better experience than you are right now? I highly recommend Sumana Harihareswara's writing on this topic. There are tips like:

• Actively recruit maintainers by growing and promoting contributors.
• Talk about succession openly while you are still active on the project.
• Give privileges or responsibility to folks that repeatedly contribute positively, starting from triaging or reviewing code.
• Recognize when you are drifting away from a project and make it known to others, even if you intend to contribute in the future.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0

Python's None value is used to represent emptiness. None is the default function return value.

Table of contents

1. Python's None value
2. None is falsey
3. None represents emptiness
4. The default function return value is None
5. None is like NULL in other programming languages

Python's None value

Python has a special object that's typically used for representing emptiness. It's called None.

If we look at None from the Python REPL, we'll see nothing at all:

>>> name = None >>>

Though if we print it, we'll see None:

>>> name = None >>> name >>> print(name) None

When checking for None values, you'll usually see Python's is operator used (for identity) instead of the equality operator (==):

>>> name is None True >>> name == None True

Why is that?

Well, None has its own special type, the NoneType, and it's the only object of that type:

>>> type(None) <class 'NoneType'>

In fact, if we got a reference to that NoneType class, and then we called that class to make a new instance of it, we'll actually get back the same exact instance, always, every time we call it:

>>> NoneType = type(None) >>> NoneType() is None True

The NoneType class is a singleton class. So comparing to None with is works because there's only one None value. No object should compare as equal to None unless it is None.

None is falsey

We often rely on the …

Read the full article: https://www.pythonmorsels.com/none/

In this short tutorial, we’ll quickly compare Python map vs loop. We’ll try to assess whether the Python map is faster than the loop or vice-versa. The comparison between using map and a loop (such as a for loop) in Python depends on the specific use case and the nature of the operation you are […]

The post Is Python Map Faster than Loop? appeared first on TechBeamers.

Today I saw a short YouTube video about “cozy games” and started writing a comment, then realized that this was somehow prompting me to write the most succinct summary of my own personal views on politics and economics that I have ever managed. So, here goes.

Apparently all I needed to trim down 50,000 words on my annoyance at how the term “capitalism” is frustratingly both a nexus for useful critque and also reductive thought-terminating clichés was to realize that Animal Crossing: New Horizons is closer to my views on political economy than anything Adam Smith or Karl Marx ever wrote.

Cozy games illustrate that the core mechanics of capitalism are fun and motivating, in a laboratory environment. It’s fun to gather resources, to improve one’s skills, to engage in mutually beneficial exchanges, to collect things, to decorate. It’s tremendously motivating. Even merely pretending to do those things can captivate huge amounts of our time and attention.

In real life, people need to be motivated to do stuff. Not because of some moral deficiency, but because in a large complex civilization it’s hard to tell what needs doing. By the time it’s widely visible to a population-level democratic consensus of non-experts that there is an unmet need — for example, trash piling up on the street everywhere indicating a need for garbage collection — that doesn’t mean “time to pick up some trash”, it means “the sanitation system has collapsed, you’re probably going to get cholera”. We need a system that can identify utility signals more granularly and quickly, towards the edges of the social graph. To allow person A to earn “value credits” of some kind for doing work that others find valuable, then trade those in to person B for labor which they find valuable, even if it is not clearly obvious to anyone else why person A wants that thing. Hence: money.

So, a market can provide an incentive structure that productively steers people towards needs, by aggregating small price signals in a distributed way, via the communication technology of “money”. Authoritarian communist states are famously bad at this, overproducing “necessary” goods in ways that can hold their own with the worst excesses of capitalists, while under-producing “luxury” goods that are politically seen as frivolous.

This is the kernel of truth around which the hardcore capitalist bootstrap grindset ideologues build their fabulist cinematic universe of cruelty. Markets are motivating, they reason, therefore we must worship the market as a god and obey its every whim. Markets can optimize some targets, therefore we must allow markets to optimize every target. Markets efficiently allocate resources, and people need resources to live, therefore anyone unable to secure resources in a market is undeserving of life. Thus we begin at “market economies provide some beneficial efficiencies” and after just a bit of hand-waving over some inconvenient details, we get to “thus, we must make the poor into a blood-sacrifice to Moloch, otherwise nobody will ever work, and we will all die, drowning in our own laziness”. “The cruelty is the point” is a convenient phrase, but among those with this worldview, the prosperity is the point; they just think the cruelty is the only engine that can possibly drive it.

Cozy games are therefore a centrist1 critique of capitalism. They present a world with the prosperity, but without the cruelty. More importantly though, by virtue of the fact that people actually play them in large numbers, they demonstrate that the cruelty is actually unnecessary.

You don’t need to play a cozy game. Tom Nook is not going to evict you from your real-life house if you don’t give him enough bells when it’s time to make rent. In fact, quite the opposite: you have to take time away from your real-life responsibilities and work, in order to make time for such a game. That is how motivating it is to engage with a market system in the abstract, with almost exclusively positive reinforcement.

What cozy games are showing us is that a world with tons of “free stuff” — universal basic income, universal health care, free education, free housing — will not result in a breakdown of our society because “no one wants to work”. People love to work.

If we can turn the market into a cozy game, with low stakes and a generous safety net, more people will engage with it, not fewer. People are not lazy; laziness does not exist. The motivation that people need from a market economy is not a constant looming threat of homelessness, starvation and death for themselves and their children, but a fun opportunity to get a five-star island rating.

Acknowledgments

Thank you to my patrons who are supporting my writing on this blog. If you like what you’ve read here and you’d like to read more of it, or you’d like to support my various open-source endeavors, you can support me on Patreon as well!

1. Okay, I guess “far left” on the current US political compass, but in a just world socdems would be centrists. ↩