drupal planet

I'm going to be doing a talk in a couple of weeks called "10 reasons why Drupal (might) kick your CMS's a**" to a local group of web tech folks, only a couple of which use Drupal. I have some ideas, but wanted to crowdsource this a bit and see if I can get some input from the community. I have a very limited exposure to other popular CMS's, so any input on comparing and contrasting Jooma, Wordpress and Drupal would be appreciated. Also, any nifty graphs or diagrams that might hit the points home? So far, here are some items on my list:

  • Caching - The various caching tools enable Drupal to perform nearly as fast as static HTML
  • Community - Lots of IRC participation, local user groups, positive leadership
  • No forking - The community hasn't yet reached the point where a schism caused forking.
  • Central module repository - This has meant that all projects are supported in similar ways (version control, issue queues, etc) and that they are GPL compliant. Also, this adds exposure for the modules and they get vetted by the community.
  • Drupal is a programming framework plus a CMS - Drupal does a lot of heavy lifting, and helps you organize your code in a meaningful way other folks can plg into.
  • Drupal modules don't have to hack core to work - As opposed to other CMSs
  • Drupal scales well - And this will only get better with Drupal 7 and the new database layer
  • Drupal is mature - It's been around a while, it's stable and is being supported by a lot of big projects (need some good diagrams here)
  • Extendable data structures (i.e. fields in core) - Makes all data flexible at the interface level

I'd love to have some good visuals for this, and I'd also like to get some ideas on what I might be missing. I will gladly open source this presentation as well once it's complete.

Thanks!



200910310730.jpg

As part of this review process, I interviewed Ben Finklea. We covered his new book, "Drupal 6 Search Engine Optimization," as well as other interesting topics like how you might need to start your own church to write a book, what it's like to overcome the stigma of doing SEO, and what to expect in the future of search engines and Drupal 7. Listen to the interview here. (right-click and select 'save as' to download)

Props

I have a lot of respect for business owners forging new niches in the Drupal space. Not only has Ben Finkea done this, but he's done it in a niche that's rife with controversy. SEO as a subject is highly polarizing, and choosing it as the topic of a book directed at an open-source audience that highly values the transparency often neglected in the SEO sector seems downright masochistic. So, before even addressing the content of the book I have to applaud Ben's gumption. To have success in a controversial arena like this, I think you have to be quite skilled at filtering out and responding positively the inevitable negative feedback - something that's not always easy to do.

The book

To begin with, I think the name of this book is understandably misleading. While "Drupal 6 Search Engine Optimization" covers many topics related to optimizing a site for search engines, a large part of the book is dedicated to teaching the reader how to improve conversion rates, attract readers and organize content. I think this is a good thing, but going into the book knowing that a variety of non-SEO topics will be covered might allow the reader to enjoy it more.

I've had enough SEO experience to be a bit beyond the curve the book takes on, so I felt a little outside the target audience range. In spite of this, I still found a lot of value in it, and surprisingly this value was mostly in the material that wasn't directly SEO-related. Also, if I step back about 5 years to before I knew much about Drupal or SEO, the value multiplies significantly. If you're new to Drupal, sifting through the module repository to find ones that will help your site become more friendly to search engines is tricky, because they're not all labeled as such. The first part of the book introduces the reader to a variety of helpful modules and walks them through the steps required to configure them. Along the way, the reader is exposed to some basics concepts in SEO, such as the importance of targeting keywords, cleaning up URLs, dealing with redirects and the benefits of writing semantically-correct markup. If you find that you have too few tools in your SEO toolbox, then this initial coverage is important and will get you headed in the right direction. Pages 11-17 in particular lists out a number of useful SEO modules that are mentioned throughout the book, and this list alone is a great resource.

A number of more advanced topics are covered as well, including how to optimize your robots.txt file (something I don't have much experience in), and tips on speeding up your site. For a typical site maintainer who hasn't given much thought to optimizing their site for search engines, there is enough material here to keep busy for a while. And based on my knowledge of SEO, using the collection of tools Ben suggests is an excellent defensive strategy for getting your content indexed by search engines properly, without any fear of sketchy tactics getting your site penalized or banned.

At about page 150, SEO starts to take a back seat and traffic optimization takes the wheel. My favorite two sections in this second part are labeled "Don't Stop" and "Find Inspiration." Don't Stop is a short, single paragraph, but summarizes a principle that is just about the most essential aspect of building meaningful traffic, which is continuing to build content and keep things fresh - an excellent reminder. "Find Inspiration" is a list of around 20 suggestions for sources and structures you can build content from. Ben mentions that he refers to this list when he gets stuck, and I found the list useful enough that I'm going to start doing the same. Some suggestions include subscribing to Google Alerts, reviewing emails and questions from customers, and doing original research. If you've attempted to write on a regular basis, then you know that some days you're more inspired than others. There's something on this list for just about any level of inspiration.

Some interesting additional topics are covered in this second part, such as how to write compelling copy, organize large amounts of content and improve conversion rates, which are all very useful to those responsible for managing web site content.

Criticism

I understand that one book can't be everything to everybody, and this book serves its purpose well. However, If you have some experience with SEO, you'll notice that there are some notable omissions in this book. With controversial subject matter, one can be be bold, in-your-face, opinionated and passionate, taking a side and sticking with it. Or, one can be cautious and careful and avoid arguable material. This book takes the latter approach. It definitely outlines a clear path of SEO defense which useful material that is difficult to argue against, but leaves out a lot of the meaty bits I find most interesting about SEO. Subjects like inbound and outbound linking, link building campaigns, conducting tests against search engines to see how PageRank is transferred (and is it even important?). Link text - generally thought to be one of the most important aspects of passing value from one page to another - is only briefly mentioned. What about changing content on pages that have been indexed, or how search engines consider the longevity of links? The book but doesn't take the SEO talk further than the basics, which may be disappointing to some.

Those things being said, I recognized a number of suggestions in the book that I don't apply regularly enough, and the argument can be made as to the amount of good the material I'd like to hear about would do me if I'm not executing the essentials properly.

The only other criticism I have is that I would have liked to see more sources referenced. Matt Cutt's blog is mentioned briefly, but I would be really interested to see where the rest of the material came from or from where it was inspired. That kind of list would also be helpful for folks ready to dive a little deeper into SEO.

Summary

I think this book can provide a lot of value to new web development shops or freelancers. If you become familiar enough with the material it covers, you will have an arsenal of answers to tough questions you're inevitably going to get from potential customers regarding SEO and managing content. It will take a while to gather this information yourself, and the time it saves you will be worth the cost of the book.

As a new site administrator or owner of a site that needs to optimize its traffic sources, a lot can be gained from utilizing this book as a reference guide for writing and organizing content. As an intermediate Drupal user, I would suggest reviewing this book to make sure you're following the different strategies it outlines. If you find yourself running out of ideas for improving your site and building content, there's some excelent material in the second half of the book for you, too.

Interview notes

Ben was kind enough to interview with me, and some really interesting topics came up. One notable bit that got missed in the interview was that the book probably wouldn't have been written if Ben didn't get appendicitis and had been high on drugs in the hospital with nothing to do but find the bottom of his e-mail inbox. Here's a quick list of what you'll hear about:

  • How the Drupal community has responded to an SEO company in their midst
  • Is organic SEO dead?
  • How will SEO in Drupal 7 be different?
  • How are search engines changing and what can we do?
  • Reflections and tips on writing a book (everyone should do it!)
  • Listen to the interview here


One thing that's really nice about working on your own Drupal projects is that you get to share what you're working on (no NDAs, woot!). This particular project (Build a Module.com) is a video tutorial site for newer Drupal developers. For a while, I had a single product offering, but feedback made me realize that people like options. So, I decided to to offer single video purchases as well as 'collections,' or groups of videos bundled up into a single product. I also needed to make sure that customers had the right permissions set on files depending on their purchases.

Here's a video outlining the solution I came up with. Scroll down below the video for further details.

About the flow

I have 3 node types:

  1. Videos - Contains description and video file in a file field
  2. Single Video Product - Is an Ubercart product with a node reference CCK field pointing to a single video
  3. Collection Product - Another Ubercart product, but this one has a node reference CCK field that points to a number of videos

I didn't realize that a node reference field could point to multiple nodes before a fellow Drupalista pointed it out to me. Eesh! I really could have used that info a year ago.

So here's the flow:

  1. A user adds a Single Video Product or a collection to their cart
  2. They check out and complete the purchase
  3. They visit a video page
  4. A custom function checks against their orders to see if they have access to the video. If they do, they're in.

The function used in step 4 uses several queries to determine access. The queries check for the following:

  1. Is the product free? If so, show the video.
  2. Has the user purchased a product that includes the video file that this Single Video Product type points to?
  3. Same check for a Collection Product type
  4. If there is no product for the video, then give access (some videos, like the intro video, don't have an associated product)

In the hook_file_download, the same function is called, but I first have to figure out what node the file belongs to. In Drupal 6, hook_file_download only supplies you with the name of the file. No node associations or anything, so you have to connect the dots with your own query. I think the reasoning is that a file can belong to multiple nodes, but since my workflow doesn't allow that, it's not an issue.

There are some good things about this approach, such as when files change in the nodes (i.e. you upload a video with corrections), even though there is a new file name, the node association will remain the same and access will be granted.

For a while I was using a module called File Access, which allows you to set granular permissions for each file based on user or role, but because I would have to build a connector action between a purchase and the access, and then respond when new files are uploaded, I figured I would keep it simpler and just cross-reference the orders instead. The downside is that if my products change, so will access. Also, using File Access would enable access based on field, rather than on node. So, if I have two different versions of a file on the node (iPod version and full-size) and wanted to sell them separately, I would need something more complex.

Part of the reason I'm putting this info out there is to get feedback and see if a module that handles this type of access and setup would be a welcome addition to Drupal contrib, so feel free to drop me some feedback below.



200909251153.jpg

On October 24 and 25 I'm going to be in Seattle for the Pacific Northwest Drupal Summit. From my understanding, this un-conference is aimed specifically at intermediate and advanced Drupal users, so most of the topics are hitting the folks a little higher up the Drupal learning curve. There will be a whopping 4 rooms of sessions, which means that we'll have a lot of choices, and there will be a lot of people hanging out in the halls looking at the schedule, trying to figure out where to go. Perfect for me, because I love hanging out in the halls.

The Summit's web site was donated by This By Them, the same folks that did the uber-nice DrupalCamp LA site. You can see some similarities. I'm happy to see this re-purposing of a DrupalCamp web site (A full distribution and case study for the site can be found here). First of all, it saves the organizers time, and secondly it gives us attendees a familiar framework when registering, planning and voting on sessions. When we finally get a DrupalCamp Idaho off the ground, using this distribution will be a slam dunk.

There's some good topics being covered, such as deployment, Drupal 7 theming, Open Layers and SEO. I've also submitted a few sessions on AJAX development, Drupal security, themeing, and making friends. I've also been asked to do a BOF (Birds of a Feather) on the Navigate module. You can check out what sessions I've voted for by going to my profile page and clicking "My picked sessions."

I've you're planning on attending and want to say hi, drop me a line. Look forward to seeing you there!



One thing I appreciate about Drupal is that it attracts fantastic people. Every time I attend a Drupal event, I know I can grab some random person to chat with (which I often do) and end up in an interesting conversation, and the DrupalCamp in Victoria BC was no disappointment. The event was held in the offices of NorthStudio, a web dev / marketing firm and training facility. I judge a venue selection successful when the rooms are just barely big enough to fit the audience with standing room only, and the two rooms chosen for the presentations were perfect in this respect. Because the the rooms were their training facilities, everyone seated had a shiny Mac computer (running Windows) they could use to follow along with.

While I tend to gravitate towards lobby-talk during presentations, I caught most of several presentations that were quite interesting, and heard good things about the others. Here are some highlights.

DrupalCamp Highlights

Open Layers with Patrick Hayes. Open layers is a Drupal module that allows users to generate layered maps, with virtually any base layer (Google maps, Yahoo maps, NASA, etc). You can draw geometrical shapes and save them as nodes, as well as traditional points. After chatting with Patrick and Charles (his business partner over at GeoMemes), I heard my first ever argument for using PostgreSQL over MySQL. In summary, MySQL's support of geographical calculations and indexing flat out doesn't compare. Good to know. The demo was compelling and well presented, and makes me really excited to have a reason to use Open Layers.

Information Architecture, Design and Theming. Tom James and Alex Ventpap from Image-X gave a dual presentation on tips for designing, including wireframing, using Photoshop effectively and handing the finished design off to the Themer. I now have a few new Photoshop tricks up my sleeve, like make repeating backgrounds vector graphics (they're smaller in file size and expand more cleanly), clear your cache every once in a while to free up RAM, and a bit I need to follow up on about how you can minimize the file size of your PSD with a couple minor settings. After Alex's coverage of design, Tom took over and gave some good tips about theming, including using Aegir for deployment, minimizing theme customization by starting with a custom theme and using version control.

Next, Vanessa Turke, another member of the Image-X team, presented on information architecture (IA). She managed to cover a ton of stuff in a really tight time slot. A couple bits I took from it is 1) If your client doesn't buy into IA, and you can only spend a little time on it, then find out what the primary goal of the site is. I know from experience that you can't get far without that bit of info, but it's good to hear an IA expert say so. Also, Vanessa stepped aside to let a really fun, enlightening video about the typical web user play through. The video was a set of street interviews where the interviewer asked 'What is a browser?'. The bottom line was that you shouldn't overestimate your audience. They tend to not know what the **** they're doing, so you have to help.

Dan Howard with a bag of Developer tricks: This presentation was particularly cool because I'd just recorded a series of Drupal training videos for new developers at Build a Module.com. Dan covered a lot of similar topics, and it a spookily similar way. It's strange how even though each developer is different, we all develop a common set of tools and strategies (and mistakes).

Drupal Development Evolved!

Finally, I had a great time presenting a session called "Drupal Development Evoloved!" The core of the talk was meant to give new and intermediate developers a grasp of the tools that they might use someday soon to improve their workflow. Afterwards, some of the attendees suggested that the scale could be used to help people explain where they are in their personal development. The scale is based loosely on the number of sites one has built, but I discovered that some people find it more effective to use one of the strategies in the middle even though they've worked on many more sites. Here's the scale:

  • 1st site: Download Drupal, install, download modules, install modules, etc.
  • 2nd site: Copy the first site and gut it, use it again
  • 3rd site: Create a base install and use this as a base (prevents embarrassing leftovers from copying and gutting)
  • 4th site: Create multiple base installs for different kinds of sites (blogs, e-commerce sites, social networks)
  • 5th site: Integrate team development
  • 6th site: Share and collaborate using install profiles, Features, distributions and the like

The presentation featured many references to WebEnabled, a pretty groovy service I did a writeup on a while back and have more recently been doing some User Experience (UX) work for. At several of the stages outlined in the presentation, WebEnabled offers handy shortcuts and powerful deployment options. For example, instead of setting up a database, downloading and installing Drupal, you can just spin up a new instance of Drupal 5, 6, 7 or Acquia Drupal with a click. It sets up a shell account automatically for the application, so you can use an IDE like Coda or Komodo to work with the files remotely. Think Drupal Gardens for developers. It's pretty neat, if you haven't seen it yet, check it out.

I unfortunately wasn't able to record the session live, but below are the slides, and a dry run I did to get some peer reviews before the camp:



Summary

Overall, I was happy to make the 13 hour trip from Idaho to Victoria BC. I met a lot of great people, derived several insights form interesting conversations, and had some rather excellent sushi. Next year, I'm going to plan on sticking around a little longer to explore what I've been told is some of the most beautiful coastline in Canada. And I'm going to bring some extra garden burgers.



200908131139.jpgIt recently came to my attention that there are some gaps in my conceptualization of Drupal security. I was fortunate enough to have this pointed out to me by the Drupal Security Team, and not by a DOS, CSFR, SQL injection or XSS attack. After publicly bemoaning the mild lashing I received, four members of the Drupal community suggested I read Cracking Drupal. One of them even sent me a copy. No other book was even mentioned, which says to me that - considering how recently it was released - the book fills a void of knowledge that was seriously aching for coverage, and fills it well.

Over years of developing, I've become familiar with the various vulnerabilities that make their way into code, but I've never felt like I could build a complete defense. My knowledge has been piecemeal, drawing from documentation, books, interesting conversations and other people's code. In my case, Cracking Drupal did a fantastic job of gluing these pieces together into a comprehensive frame of mind.

What becomes clear very quickly in Cracking Drupal is that Drupal is quite a wily beast that gives developers real incentive to learn security. There are few functions in Drupal whose exclusive purpose is security, and Greg makes it clear that learning how to secure your site has definite side benefits: "When developers learn and use the API, they are not only safer but more effective and more efficient." When you learn how to use different aspects of the Drupal API (forms, translations, helper functions, theming) you gain bits of security as a bonus. If you set out to learn Drupal security, you'll come out the other end with a pretty solid grasp of Drupal APIs. Either way, it's a win.

Cracking Drupal is surprisingly brief. In 134 pages, Greg covers a lot of ground including:

  • An overview of the different types of attacks one is likely to encounter, from physical to social
  • Most (if not all) aspects of the Drupal API that have security implications
  • Coverage of security-related contributed modules
  • An introduction to the Drupal Security Team
  • Demonstrations of exploiting common weaknesses in Drupal modules and how to fix them

An interesting choice is made in Cracking Drupal to keep a somber atmosphere around the subject matter. In almost any other context, this would be an immediate turn-off. I appreciate humor and optimism to drive my enthusiasm when reading. In contrast with other instructional books which end a chapter with a "go for it, get things done!" message, this book ends chapters with lines like "This paranoid perspective is a good one to maintain as you write, review, and implement features on your site." and "Remember that it is nearly impossible to fully protect yourself from a dedicated and persistent attack." and "If nothing else, I hope this chapter has scared you a bit about the realities of just how easy it is to exploit insecure code and sites".

In a book covering attacks that can result in a very serious loss of time and money, this lack of optimism is probably a good thing. And the final chapter, "Un-cracking Drupal" does leave the reader with the sense that something can be done. It's difficult work, but it's doable. Ultimately, I think the book drives home the fact that the most effective way to make a module or theme secure is to do it right from the start.

The title chapter of Cracking Drupal was probably the most lively and hands-on part of the book. I came out of it feeling like I could really enjoy exploiting vulnerabilities for the greater good. Because of this reaction, I think it would have been a good candidate for a first chapter to really whet people's appetites.

Overall, I think Cracking Drupal does a tremendous service to the community by pulling together the most important aspects of Drupal Security into one solid, compact document. While I came into the book having already been introduced to many of the concepts, it filled in a few gaps, and made the subject matter finite and approachable (albeit a little scary). I suspect this book will serve well as a guide and quick reference as I dive into identifying and patching up vulnerabilities in the modules I maintain.

A couple things I learned

While the greatest benefit to this book was the broad, sweeping overview of security, there were a few additional gems that will come in handy later on:

  • There's a lot more to hook_menu() than I was aware of. Good coverage of examples on p.55
  • I didn't realize that you had to exit after using drupal_access_denied(). p.59
  • Ah, db_placeholders() - a useful function for passing a number of variables to db_query() p.65
  • I had no idea there was such a robust node access API. Wow!

Notes in the margin

Below are a few unorganized comments that constitute my wish-list for future versions and complements to the author:

  • Good quote regarding the definition of security: "For this book I’ll define site security as follows: A site is secure if private data is kept private, the site cannot be forced offline or into a degraded mode by a remote visitor, the site resources are used only for their intended purposes, and the site content can be edited only by appropriate users."
  • I would have liked to see more AJAX security strategies and techniques covered.
  • I liked all the Drupal 7 references, gives a good feel as to the direction of things
  • I was surprised that there were not more brutal admonitions about hacking core, but suspect that's because they represent much fewer vulnerabilities than badly designed contrib.
  • I was happy to see some coverage of CVS and DRUSH, namely using CVS to keep code up-to-date
  • Nice coverage of security-related modules starting around p.41
  • A brief mention is made that using mixed-mode SSL is pretty pointless. This is a big deal, I wish it had gotten further coverage.
  • Being more of an optimist, I appreciated this particular phrase: " Every day there are more and more techniques beingdeveloped to attack sites, but every day there are also Drupal users reviewing code and providing new modules and enhancements to core to keep your site safe." Ahh, a glimmer of hope!
  • Would have liked to see more coverage on the use of form tokens. If one must step outside of the forms api, this could be very important
  • I liked that theme safety was covered, and thought the take on it was interesting: Make the theme secure by giving themers no reason to make stupid mistakes.
  • Since the 'Vulnerable' module was patched up in the end, maybe it should actually be named to indicate that it's meant to be a useful module. That would feel more like a practical example.



Skip to the video demo

Open the Drupal.org project page for Query-Based Views

One of my first Drupal modules ever was Ajax Table, which gave some rich tools to users who would would normally circumvent Views to create a report or feed by constructing it programmatically. The problem being solved was "what does one do when they need to build a report starting with a query?" The Views answer is to expose everything you need to Views through modular hooks. This is an awesome long-term solution because, once your tables and custom output functions are exposed to Views, they can be used by any other view, and you can combine stuff in really novel, nifty ways.

However, a lot of people don't have the time or expertise to do that. They need to start with a query, and they would normally create a custom function, run the query directly and then generate the output programmatically. I think that there will always be use cases for this, and even if the same report could be created in Views, some people will do it this way simply because it's faster for what they need. Ajax Table was a utility module for these use cases. By running a query through a helper function and passing a couple parameters, users could generate ajax-reloading, searchable, sortable reports with very minimal work. It was handy, and I used it all the time. I still use it for my internal time-keeping / invoicing / proposal generating system.

The functionality was useful enough that I built out a second iteration called Query-Based Views, this one using Drupal configuration instead of straight-up code. I demo-ed the module to my local Drupal User Group, and got some positive responses regarding of the ajax functionality, rapid development and in-line editing. However, the general consensus was that the functionality would make a much greater impact if contributed as a Views plug-in, or as patches to Views itself.

So I shelved the project, thinking that until I knew enough about Views to integrate this, it would be better not to fork efforts.

Then a few days ago it struck me that maybe I should ask Earl Miles (merlinofchaos), the developer of Views, if the idea of starting with a query was actually Views-compatible. I was thinking that maybe the Views query builder was just an element of the UI that could be replaced out with something supplying a raw query. He said that it really wasn't. Too much of the power of Views is derived from abstracting out the query building process into the UI that's there.

That means there's actually room for this type of module. It's true that a lot of functionality is duplicated, but Query-Based Views runs on a different paradigm that's incompatable with Views, so it's reasonable for it to do so. Some specific bits like in-line editing could be abstracted more to be able to work with Views and Q-Views, but as a first effort, I think this module should fit the bill.

So I spent a couple of days porting the Drupal 5 version of Q-Views to Drupal 6, fixed a bunch of bugs and am releasing it as an alpha. The bulk of the code is written by the Chris Shattuck of yesteryear, who was not as well versed in Drupal ways, so if the module is useful enough a code rewrite is in order for a non-alpha / beta release. But as it stands, it's functional and ready to roll.

Video Demo

Q-Views has a lot of functionality, so this is a longer video (20 min). Feel free to skip around, though.



200908041150.jpg

WebEnabled is really neat, so neat you have to give it a few minutes to sink in.

If you're a Drupal freelancer or web shop, you spin up new Drupal sites all the time. If you've been doing it long enough, you've probably figured out ways to make the process quicker and cleaner. If you've got a team, you've most likely established a system that allows multiple people to work on the same project. You've got a system for demo-ing Drupal to potential clients and for capturing your work so that you don't do the same stuff over and over. However, if you're considering adjusting your current workflow, have some gaps that need to be filled, or are starting from square one, then it's worth your while to meditate on what WebEnabled can do for a moment.

After signing up for WebEnabled, the first thing you'll want to do fire up an 'application'. WebEnabled has a one-click installer, which installs the latest versions of Drupal 6, Drupal 5, Drupal 7 dev or Acquia Drupal. While cool, a one-click installer is not novel in itself. What is novel is the feature set that accompanies the application. You can set up an app on a fresh .webenabled.com sub-domain, or link it up with your own domain. You can share applications with other users, which makes team-driven development a snap. SVN is also supported out of the box, if you roll with version control. Once you have your app set up, you can clone it. Imagine this workflow: You have a few different flavors of sites you work with, say blogs, e-commerce sites and social networking sites. If you start from scratch, you end up running the same configuration every time, installing the same modules, making some basic theme adjustments. If you've been doing this long enough, you've probably got a folder and database set up locally which you copy every time you start a new project. WebEnabled take this one more step: Fully automated cloning, complete with database config changes, a new database and new SSH account. Again, all this with just one click. It's hard to get simpler than that. After its cloned, you can continue to make improvements to the base site.

Okay, so we've got the ability to create a new site and clone it in just a couple of clicks. Perfect for solo folks, but what about managing default installations with a team? Here's one place where the number of options in WE is a little overwhelming, and detracts from the central awesomeness which is that if you want team-driven development, you can have it. For one, you can use integrated Subversion to manage team development with version control. Version control is a common solution to the problem of team development, but you can also connect different WE accounts to the same project to give several team members access to work with files directly.

The above feature set was enough to get me excited, but WE does one more really unique thing that I personally think is brilliant.

In the Drupal community, there's a lot of work sharing that goes on. Users contribute modules, themes, documentation, and support so that other users don't have to go through the same rigamarole that they did. Fixing people's problems is a two-way exchange. You help people, and earn a name for yourself, and perhaps meet some of your other goals (financial or otherwise). One thing I haven't seen is a good method of sharing base installations. Install profiles and the Patterns module can do something similar, but they take time that most folks don't have. People can package up distributions and share those, but maintaining a distribution is a daunting task that's difficult to do well.

WebEnabled allows you to publicly share your default installation, again with one click. What this does, in essence, is elegantly fill this missing gap for a community-based mechanism of sharing base installations. One doesn't need to go so far as to create and maintain a distribution, and updates made to the default install are automatically available, so there's no overhead in making the default install public. A WE account is required to initially import the default install, but because the free WE account allows up to 3 application installs, there's no cost to download. A public URL is given to a shared install, so you can promote the install however you'd like.

A plan is in the works to provide a marketplace so that developers have the option of selling their default installs. This would work in the same fashion as the free / premium theme model. Supporting this model means that people can actually derive some financial motivation to construct good default installs, and that could benefit the Drupal community and help users at all levels.

One more use case - Drupal training

One thing I think is worth mentioning is that WE is being used by at least one Drupal training firm to get their students set up and learning Drupal. It's easy, ubiquitous, and the only thing that you have to help people set up is an SSH browser of some sort. I can see WE being used for all kinds of Drupal training, both by instructors demonstrating, and students following along.

Criticisms and Concerns

From a User Experience standpoint, the interface assumes that you're a seasoned developer, and I think that might be a mistake, especially considering that students and new developers provide some really solid use cases. So, there are some gaps in documentation and some of the messaging was a little cryptic. There were several points during the initial setup where I asked myself 'okay, what's next?' Once I sorted those out, moving forward was reasonably clear.

I get the feeling that WE is still wrapping their head around their target markets. If I hadn't talked to one of the WE developers, the site wouldn't have called out to me to re-think the way I was doing things. It took a longer conversation to get enthusiastic about it, and to think about ways to incorporate WE into my workflow.

At it's core, WE is a hosted solution. While they've got a bit of a head start, with the open availability of Aegir, and with the Garden / Fields Acquia hosting projects, they're going to have some formidable competition in the marketplace really soon. WE is already stepping up their marketing, and that's good to see. WE has the opportunity to fill a real niche amidst some different rising options, but they will need to carve it out and perhaps even define it as they go.

My experience experimenting with WebEnabled left me pretty excited about its future. I can see that it's headed in a good direction, and it already has what appears to be a solid platform for creating default installs, supporting team-based development, and distributing the install packages. WE can be an awesome addition to a Drupal developer or firm's toolbox, and solves some rather difficult problems quite elegantly.



At DrupalCamp Colorado, Stephanie Pakrul and Jay Wolf spoke about the new module Skinr and how it relates to Panels for theming, and I left the session with a few pleasant goosebumps. For the uninitiated - as I was - Skinr is a module sponsored by Gravitek Labs which allows themes to expose style presets to blocks. The upshot is that once you create a nice style, you can allow users to apply the styles to virtually any area of a page with a couple clicks. This effectively incorporates several principles that have up until this point been applicable mostly to modules, like reuse of code, config-based changes and ... well ... general modularity. I could immediately see that this was an idea with really big potential. Even in its infancy, the Skinr module can do some pretty neat stuff.

Along these lines, Top Notch Themes did a pre-release of their new Fusion theme which incorporates Skinr functionality. The folks at TNT have really been quite genius with their positioning of the Fusion theme, and I think they have really wrapped their minds around where theming is headed over the next couple of years. Their base message is that Fusion is the only theme you'll ever need - a tall order for any one theme, and an interesting proposition. The theme is grid-based and comes in fluid or fixed 960 variety, and a plethora of styles are made available through Skinr for layout and look and feel.

The main purpose of the Fusion base theme, however, is not to provide a look and feel, but rather to supply a solid foundation for sub-themes and - get this - pluggable, extensible style packs (my term). So, instead of having to cut and paste stylesheets and images from one theme to another, instead you paste these style packs in. I really like this idea. Fusion will ship - I believe - with an example sub-theme that looks pretty decent out of the box. Fusion also exposes some nice configuration options you don't see in a lot of themes, like font settings and setting the default text in several areas of the site.

Fusion will be released into Drupal contrib, and then TNT will be selling sub-themes on their site. The fact that they will be moving their themes to Fusion says something really important about Skinr and Fusion. If a leading Drupal company that needs the support of the community to survive is throwing their weight behind these technologies, it's a good indication that it's something to watch very carefully.

I think the move to create a one-size-fits-all, highly modular theme is inevitable, and comes at an excellent time considering how important it is to the Drupal community to attract more designers and themers. I also think it's a daunting task that can be accelerated if there is a model to drive the development commercially, alongside community development, so I appreciate TNT's and Gravitek's roles in this venture. The ability to create 'style packs' (again, my term), is another way that themers can contribute, and Fusion / Skinr will allow designers to do an awful lot of design without worrying about theming. That's pretty powerful stuff.

I'm really looking forward to seeing how this moves forward. TNT and Gravitek have their work cut out for them, but I hope that quickly it will become a minor movement to change the way we look at theming from here on out.



Syndicate content