Drupal

After Cognizant installed Zscaler on my work Mac, DDEV could no longer retrieve images from Docker Hub. It complained that it could not verify the TLS certificate. I use Colima as my Docker provider, which apparently does not yet automatically update its root certificate authorities to match the machine it runs on.

Drupal Forge is a non-profit project of the Drupal community. Our mission is to support vendors that devote a portion of their revenue to sustaining the software and infrastructure Drupal needs to be a great product. Our product launch buttons are part of a business model to sustain contribution. This makes them different from launch buttons that hosting vendors offer on their own.

Due to concerns that the launch button would funnel business to one vendor at the expense of others, Starshot leadership announced that the launch button would use WebAssembly to run site trials in a user’s browser without external hosting. This approach has the advantages of being able to run Drupal off line and not needing anyone to pay for hosting. However, it is technically challenging and will not work for everyone. Sites running in WebAssembly cannot be visited by others and are not persistent.

Dries Buytaert introduced the Starshot initiative at Drupalcon Portland 2024. The idea was to create a product for less technical users, one that could be installed and updated without using the command line, that would have the best content creation tools pre-installed and configured, and that could be customized without writing code.

At DrupalCon Portland 2022 people were talking about makers and takers. The fear was that companies that just take and use free software would outcompete companies that help to make it.

At the DrupalCon Portland community summit, we discussed how local meetup organizers could support each other by maintaining a shared slide show for meetups. I have started a slide show and am looking for volunteers to join me in building it. Leave a comment on the issue in the Event Organizers Working Group if you can help.

Last week, I wrote about how free software has to break out of the customer-vendor mindset. The customer-vendor mindset doesn’t work with free software because users don’t pay and developers don’t provide customer service. The free software community works on a build-what-you-use model. I ended by saying that the build-what-you-use model is not enough to sustain hero developers—people who contribute at a level that cannot be sustained by their own use of free software.

I was able to spend some time in the DrupalCon Community Summit yesterday. One of our topics was how a paid ecosystem could align with Drupal core values. We have developers who are not getting paid for the work they do to support their projects, and users who complain about the support they are given as if they had paid for it. Developers feel like users are bad customers because they don't pay, and users feel like developers are bad vendors because they don’t provide support.

Yesterday I had my fears confirmed about the Drupal Automatic Updates initiative. It requires sites to be able to modify core Drupal files. While this makes it easier to fix vulnerabilities, it is not something you want when your site is actually being attacked. The best way to protect against someone exploiting a vulnerability to modify your Drupal core files is to change the file permissions so that your site cannot modify them.