Jun 26 2018
Jun 26

For some time, major internet players have advocated for a ubiquitous, secure internet, touting the myriad benefits for all users and service providers of “HTTPS everywhere”. The most prominent and steadfast among them is Google. In the next week, continuing a multi-year effort to shepherd more traffic to the secure web, Google will make perhaps its boldest move to date which will negatively impact all organizations not securely serving their website over HTTPS.

To quote the official Google Security Blog

Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”

Chrome insecure message for HTTP
Google blog

Given the ambiguous “in July 2018”, with no clearly communicated release date for Chrome 68, it’s wise to err on the side of caution and assume it will roll out on the 1st. We have readied our partners with this expectation.

So what does this mean for your organization if your site is not served over HTTPS? In short, it’s time to make the move. Let’s dig in.

What is HTTPS?

HTTP, or HyperText Transfer Protocol, is the internet technology used to communicate between your web browser and the servers that the websites you visit are on. HTTPS is the secure version (s for secure) which is served over TLS: Transport Layer Security. What these technical acronyms equate to are tools for internet communication that verify you’re communicating with who you think you are, in the way you intended to, in a format that only the intended recipient can understand. We’ll touch on the specifics in a moment and why they’re important. Put simply, HTTPS enables secure internet communication.

Why secure browsing matters

Leaving aside the technical details for a moment and taking a broader view than communication protocols reveals more nuanced benefits your organization receives by communicating securely with its audience.

HTTPS improves SEO

Since Google accounts for 75-90% of global search queries (depending on the source) SEO is understandably often synonymous with optimizing for Google. Given their market domination, competitors are taking queues from Google and in most cases it’s safe to assume what’s good for SEO in Google is good for optimizing competing search engines.

In the summer of 2014, Google announced on their blog that they would begin to favorably rank sites who used HTTPS over HTTP. It’s already been nearly four years since we’ve known HTTPS to be advantageous for SEO. Since then, Google has consistently advocated the concept of HTTPS ubiquity, frequently writing about it in blog posts and speaking about it at conferences. The extent to which serving your site over HTTPS improves your SEO is not cut and dry and can vary slightly depending on industry. However, the trend toward favoring HTTPS is well under way and the scales are tipped irreversibly at this point.

HTTPS improves credibility and UX

Once a user has arrived at your site, their perceptions may be largely shaped by whether the site is served over HTTP or HTTPS. The user experience when interacting with a site being served over HTTPS is demonstrably better. SEMrush summarizes well what the data clearly indicate; people care a great deal about security on the web. A couple highlights:

You never get a second chance to make a first impression.

With engaging a participant of your target audience, you have precious few moments to instill a sense of credibility with them. This is certainly true of the first time a user interacts with your site, but is also true for returning users. You have to earn your reputation every day, and it can be lost quickly. We know credibility decisions are highly influenced by design choices and are made in well under one second. Combining these two insights, with the visual updates Chrome is making to highlight the security of a user’s connection to your site, drawing the user’s attention to a warning in the URL bar translates to a potentially costly loss in credibility. Unfortunately it’s the sort of thing that users won’t notice unless there’s a problem, and per the referenced cliché, at that point it may be too late.

Browsers drawing attention to insecure HTTP

Much like search, browser usage patterns have evolved over the last five years to heavily favor Google Chrome. Therefore, what Google does carries tremendous weight internet-wide. Current estimations of browser usage put Chrome between 55% and 60% of the market (again, depending on sources). Firefox has followed suit with Chrome as far as HTTP security alerts go, and there’s no indication we should expect this to change. So it’s safe to assume a combined 60-75% of the market is represented by Chrome’s updates.

Google Chrome HTTP warning roll out

Google (and closely mirroring behind, Firefox) has been getting more stringent in their display of the security implications of a site served over HTTP (in addition to sites misconfigured over HTTPS). They’ve shared details on the six-step roll out on their general blog as well as on a more technical, granular level on the Chrome browser blog.

In January 2017, they began marking any site that collects a password field or credit card information, served over HTTP as subtly (grey text) not secure.

Chrome insecure message for HTTP
Laravel News

Then, in October 2017, they tightened things up so that a site that collected any form information over HTTP, would have the same “not secure” messaging. They added the more action-based aspect of showing the warning on the URL bar when a user entered data into a form. This is an especially obtrusive experience on mobile due to space constraints, which more deeply engages the user cognitively as to exactly what is unsafe about how they’re interacting with the site.

Chrome insecure message for HTTP
Google blog

Next, in July 2018, all HTTP sites will be marked as not secure.

In September 2018, secure sites will be marked more neutrally, removing the green secure lock by default connoting a continuing expectation that HTTPS is the norm and no longer special.

Chrome insecure message for HTTP
Google blog

In October 2018, any HTTP site that accepts any form fields will show affirmatively not secure with a bold red label, much like a misconfigured HTTPS site does now.

Chrome insecure message for HTTP
Google blog

Though they haven’t yet announced a date, Google intends to show affirmatively not secure for all HTTP sites. The drive is clearly to establish the norm that all the web traffic should be served over HTTPS and that outdated HTTP is not to be trusted. This is a pretty strong message that if Google has their way (which they usually do) HTTPS will inevitably be virtually mandatory. And inevitably in internet years, may be right around the corner.

HTTPS vastly improves security for you and your users

Returning to the technical, as mentioned previously, HTTPS helps secure communication in three basic ways.

  • Authentication “you’re communicating with who you think you are”
  • Data integrity “in the way you intended to”
  • Encryption: “in a format that only the intended recipient can understand”

What authentication does for you

In order for the browser to recognize and evaluate an HTTPS certificate, it must be verified by a trusted certificate authority (CA). There are a limited amount of CAs who are entrusted to distribute HTTPS certificates. Through public-key cryptography, a fairly complex but interesting topic, through inherent trust in the CA who has provided the HTTPS certificate for a given site, the browser can verify any site visitor is positively communicating with the expected entity with no way of anyone else posing as that entity. No such verification is possible over HTTP and it’s fairly simple to imagine what identify theft would be possible if you were communicating with a different website than you appeared to be. In the event any of the major browsers cannot validate the expected certificate, they will show a strong, usually red warning that you may not be communicating with the expected website, and strongly encourage you to reconsider interacting at all.

Chrome misconfigured HTTPS

Therefore, the authentication gives your users the confidence you are who you say you are, which is important when you’re engaging with them in any way whether they’re providing an email, credit card or simply reading articles.

How data integrity helps you

Ensuring perfect preservation of communication over the internet is another guarantee HTTPS provides. When a user communicates with a website over HTTPS, the browser takes the input of that communication and using a one-way hashing function creates a unique “message digest”: a concise, alphanumeric string. The digest may only be reliably recreated by running the exact same input through the same hash algorithm irrespective of where and when this is done. For each request the user makes to the website, the browser passes a message digest alongside it and the server then runs the input it receives from the request through the hash algorithm to verify it matches the browser-sent digest. Since it is nearly computationally impossible to reverse engineer these hash functions, if the digests match, it proves the message was not altered in transit. Again, no such data integrity preservation is possible over HTTP, and there is therefore no way to tell if a message has been altered en route to the server from the browser.

What encryption does for you

Communicating over an unencrypted HTTP connection allows for some easily exploitable security risks in the case of authentication to a site. To demonstrate how easy it can be to take over someone’s account on an HTTP connection, a tool called Firesheep was developed and openly released in mid 2010. Major social media platforms Facebook and Twitter were both susceptible to this exploit for some time after Firesheep was released. The identity theft is carried out through a means called session hijacking. With Firesheep installed, a few clicks could log you in as another user who was browsing over WiFi nearby on any HTTP website. This form of session hijacking is possible when the authentication cookies, small identifying pieces of information that live in your browser while you’re logged into a site, are transmitted to the server on each request over HTTP. Over WiFi these messages are broadcasted into the air in plain text, and can be picked up by anyone listening. HTTPS prevents this since the communication is encrypted and unintelligible to eavesdroppers.

In the example of a CMS like Drupal or any other system in which there is a login, if an administrator with elevated site permissions is logged in over HTTP, they’re subject to the same risk if that traffic is monitored or “sniffed” at any point along its path from the browser to the server. This is especially easy over WiFi but is not relegated to only WiFi. The cookies are sent to the server upon every request, regardless of whether or not the user entered their password during the active session or not. Depending on the admin’s privileges, this access can be easily escalated to complete control of the website. Encryption is a big deal.

HTTPS is required for the modern web

One of the more promising developments of the last few years, is the pervasiveness and effectiveness of Progressive Web Apps (PWAs). PWAs is the name coined for a set of technologies that provide a feature-set for mobile browsing akin to native applications, yet is entirely served through the web browser. PWAs require all communication to be done over HTTPS. Some of the possibilities with PWAs that were previously relegated to native applications only are:

  • Providing content and services based on the user’s location data
  • Providing interaction with the user’s camera and microphone within the browsing experience
  • Sending push notifications
  • Serving off-line content

If you aren’t taking advantage of any of these features that are possible through PWAs, it’s something your organization should strongly consider to further engage users. Before the ambitions to be on feature parity with native applications are fully borne-out, PWAs will continue to evolve the power of layering deeper engagement with users on top of your existing mobile experience with minimal effort. PWAs simply do not work over HTTP. HTTPS is required to open the door to their possibilities.

Barriers to HTTPS have been lifted

Historically, considering a move to HTTPS has been held back by some valid concerns for webmasters whose job it was to select where and how their websites were hosted. A few of the fundamental apprehensions could be categorized as:

  • No perceived benefit. People often assumed if they weren’t collecting financial or personal information, it wasn’t necessary. We’ve covered why holding this belief in 2018 is a misconception. Savas Labs made the move in July 2017 to serve exclusively over HTTPS for our statically-generated Jekyll website even though at the time we had no forms or logins.
  • Performance costs. We know reducing latency is crucial for optimizing conversions and HTTPS does require additional communication and computation. However, with the broad adoption of the HTTP/2 protocol over the last few years, HTTPS now usually outperforms HTTP.
  • Financial costs. HTTPS was too complex and costly to implement for some. Large strides have been made across many hosting providers who now bundle HTTPS into their hosting offerings by default, often at no additional cost. Let’s Encrypt, a relatively new and novel certificate authority, first began offering free certificates (which they still do) and then made it easy to automatically renew those certificates, helping to ease the burden and cost of implementation.

We’ll cover each of these in more detail in the follow-up article that will help guide you on how to make the move to HTTPS.

Conclusion

To revisit Google’s announcement:

Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

Interpreting that and providing our perspective:

You’re not part of the modern web unless you’re exclusively using HTTPS.

A bold, if slightly controversial statement, but for ambitious organizations like the folks we’re fortunate enough to work with each day, HTTPS-only is the standard in mid 2018 and beyond. Given the benefits, the lifted previous barriers, and the opportunity for the future, very few organization have a good reason not to exclusively serve their sites over HTTPS.

Have we convinced you yet? Great! Stay tuned for some guidance on how to make the move.

Additional resources

Jul 20 2017
Jul 20

The Simple MailChimp module for Drupal 8 intends to be the easiest way to add MailChimp integration to your site.

There is already a MailChimp module for Drupal, of course. There are several of them.

The main MailChimp module itself does a lot…

The MailChimp module allows users to manage email marketing efforts through MailChimp’s service. The module supports the creation and sending of campaigns, management of email lists and individual subscribers, and offers standalone subscribe and unsubscribe forms.

The problem with these modules is that they either do too much, or they are too specific in their use case. What I often need on my sites, more than anything else, is just a checkbox at the bottom of a form that will allow me to subscribe users to my MailChimp list if they choose to do so. Most likely, I need a checkbox at the bottom of many forms.

I don’t need to manage campaigns, lists, etc. from within my Drupal site. I just need a checkbox. Maybe a few options (MailChimp groups), but that’s it. And, again,I need it on all forms. I need it on my subsciption form of course, but I also need it on warranty registrations, user registrations, webforms, or any other form that may be included with my site.

This is where the Simple MailChimp module comes in.

Example form with “group” options.

Again, this module is not meant in any way to be as robust as the MailChimp module. You can’t manage subscribers. You can’t work with lists. It simply gives you the ability to add a checkbox for subscribing to a single MailChimp list, and also allows a field for one interest group option.

To configure this module, you will need your MailChimp API key, list ID, and a mapping of fields. See screenshot below. Under “Enabled Forms” you would enter one Drupal form id per line, and then map the email field (and other fields) to the appropriate merge fields.

Simple MailChimp supports most MailChimp field types:

  • text
  • zip_code
  • number
  • address
  • date
  • phone
  • birthday
  • website

The idea of this module is to be simple. It does not make any assumptions. It does not provide any public facing forms. It’s simply for adding a checkbox to existing forms.

Download Simple MailChimp and try it out.

Sep 23 2016
Sep 23

Here at Savas Labs, we listen to our clients needs, and what many of our clients need is to reach their target audiences effectively. Let’s be honest here - perfectly coded, a pretty looking website will be of little use if it doesn’t produce leads / increase brand awareness / facilitate conversions or generate revenue! So how do we help our clients achieve their goals? We get there by balancing website objectives while giving priority to lead generation via SEO. The more quality traffic that comes to the website - the more conversions we can achieve. It’s that simple!

There are multiple ways of generating traffic to a website. The most popular methods are SEO (Search Engine Optimization) and PPC (Pay Per Click). Both bring traffic through search engines. The difference between the two is that SEO brings long-term results boosting organic traffic while PPC helps marketers achieve short-term goals by gaining instant exposure throughout the duration of an ad campaign.

In this post I’ll share some insight about current SEO trends. I’ll also describe new features of Drupal 8 that make it the most SEO-friendly content management framework available today.

Let’s start by taking a look at what exactly Search Engine Optimization is.

What is SEO?

Search Engine Optimization (SEO) is a marketing discipline focused on optimizing a website’s architecture and content so that it performs well (read “ranks high”) in organic search engine results.

Search engines (Google, Bing, etc.) change their search algorithms many times throughout the year. There are over 200 ranking factors that become updated with every algorithmic change. It is worth noting that Google, one of the leading search engines, is steadily growing its market share in the world and the United States for both desktop and mobile search (see chart below).

Search Engine Market Share 2016

Search Engine Market Share 2016

Google’s dominance in web search makes it clear that in 2017 marketers should pay close attention to Google’s algorithmic updates in order to stay ahead of the curve. Standards introduced to SEO by Google are likely to satisfy all other search engines. Given this reality, there are many techniques that website owners can use to optimize their digital property for search engine consumption. So where do we start? How do we know what efforts will bring us the best Return on Investment (ROI) and let our marketers do their job effectively in the long run?

SEO Outlook 2017

The Savas Labs team stays dialed in on the current trends of Search Engines Optimization. By leveraging aggregated research data and first-hand experience, we’ve developed a solid, yet constantly evolving, foundation of currently effective marketing methods.

Here are four ranking factors that we’ve identified as being most important as of Q4 2016. Our forecast is that these four factors will likely remain at the top of the list throughout 2017.

1. Content

Content is still king! Yes, that’s right. It is and it always will be! You’ve got to be relevant in order to even appear in search. And nothing will make you more relevant than carefully crafted, practical, awesome, juicy, shareable, actionable (you name it) CONTENT! It is important to note that marketers should stop thinking of content as purely text and focus their efforts on providing visual content that supports storytelling, is engaging and matches user intent.

Not just any good ‘ol link to your website. Good backlinks come from high authority domains that are in the same niche as your website. Strong backlinks bring quality traffic and are therefore considered highly desirable to your SEO cause.

3. Responsive Design

With more people using their handheld devices to browse the internet, it has become increasingly important to make a website look good across multiple platforms (smartphone, tablet, etc.). It is not an option in 2017 - it is a necessity! While we won’t get into the notoriously labeled Google algorithm update “Mobilegeddon” that happened in April 2015, we will provide some interesting statistics to back up the importance of responsive design.

There are more mobile internet users than desktop internet users; 52.7% of global internet users access the internet via mobile, and 75.1% of U.S. internet users access the internet via mobile.

4 out of 5 consumers use a Smartphone to shop.

4. Page Speed

In response to the substantial increase in mobile traffic growth, search engines have acknowledged the importance of page speed and the effect it has on user experience (UX) and now give more weight to fast-loading websites.

40% of people abandon a website that takes more than 3 seconds to load.

a 2-second delay in load time during a transaction resulted in abandonment rates of up to 87%. This is significantly higher than the baseline abandonment rate of 67%.

Can your business handle the loss in revenue that may occur from slow page load speed?

Drupal 8 - Built with SEO in Mind

The base of all our SEO efforts lies within the website’s architecture. There are many website engines and CMS’s to choose from and most of them will claim that they are SEO optimized. Don’t be fooled! No CMS will come search engine optimized out of the box. It may have some features, which, if configured correctly, may bring you some SEO benefits. SEO is not only about code, though it does start there. SEO is also about the continuous efforts of your marketing team. We all know that time = money. The more efficient your marketing team is in performing tasks within your CMS - the more ROI you get!

A good CMS must provide means for your marketing team to work independently from your development team. Drupal 8 does just that! It provides a solid framework that can be tuned to become a powerful marketing-machine.

Let’s take a look at some of the new features in core that make search engines love Drupal 8.

Drupal 8 is Responsive out of the Box

Drupal 8 comes with responsive themes in core. Now both public facing and admin facing themes are responsive and make user experience great on any device.

Drupal 8 Page Load is Fast

There has been a lot of debate about Drupal 8 vs. Drupal 7 performance / page load since the Drupal 8’s release. It is a fact that vanilla Drupal 8 is running much more code than vanilla Drupal 7. It runs vendor code like Symfony, which adds some overhead. However, Drupal 8 has a significant number of performance improvements that are making up for that overhead:

  • Javascript files are now loading in the footer. Due to this change pages build up faster and user can see and use them earlier.

  • Pluggable CSS/JS aggregation and minification to support more optimal optimization algorithms.

  • Highly improved caching. Drupal 8 uses “cache tags” that makes caching more efficient and includes Cache Context API which provides context-based caching. This means pages load faster while ensuring that visitors always see the latest version of your site.

  • BigPipe render pipeline. Sends pages in a way that allows browsers to show them much faster. First sends the cacheable parts of the page, then the dynamic/uncacheable parts. Uses the BigPipe technique.

These improvements have the potential to make your Drupal 8 website fly! And if after all that it is not “flying” - than you need someone to review the code that powers your website’s features. Contact us.

Semantic Markup

Search engines appreciate clean markup that explicitly describes the purpose of on-page elements. Thanks to the HTML5 Initiative for Drupal 8 development, we now have a number of great markup improvements right in Drupal core:

  • HTML5 themes with new semantic elements in core templates

  • Support for the new form elements to Drupal’s Form API

  • Rich media handling with <video> and <audio> elements

  • ARIA roles in markup to improve accessibility

  • Resource Description Framework (RDF) support that provides a standardized model for data interchange and facilitates Schema.org mappings

  • Twig theming engine - makes it harder for developers to create messy, non-semantic code

Content-as-a-Service

Another exciting new feature of Drupal 8 is a flexible content delivery.

Today, content owners want to get their content to as many platforms and channels as possible: web, mobile, social networks, smart devices, etc. It is expensive to have a separate solution for every channel. It is much more efficient to have a single editorial team and single software platform that allows for well-organized content management. Drupal 8 and its content-as-a-service capability provides a one-stop solution where content is created and managed via unified web-interface and then consumed by other channels with minimal effort.

Drupal 8 Multilingual Capabilities

To reach audiences from around the world, companies need to speak to users in their native language. In 2017, producing content in English language is not enough, even if English is considered an internationally accepted language. The United States is now the world’s second largest Spanish-speaking country after Mexico, which amplifies the necessity of serving multilingual content for U.S. based audience. To help put things in perspective we checked recent statistics.

English is a #1 language used in the Web, but it only amounts to 26.3% of the online market.

There are 41 million native Spanish speakers in the U.S. Around 79% of them using search engines on a daily basis for gathering information about a future purchase.

Reaching a global audience with Drupal has never been this easy! Previous versions of Drupal had partial support for multilingual websites. Luckily, Drupal 8 had a fundamental overhaul of its multilingual system. Every single component is translatable out of the box in Drupal core without any additional modules. Drupal core natively supports 94 languages. Also, the administration interface is now entirely translatable. Media assets (files or images), can now be assigned to a language or shared between languages. This gives a huge advantage to businesses that aim to reach a global audience.

SEO for Drupal 8 is off to a good start with just the core features! Drupal 8 also has a growing number of contributed modules that can amplify your SEO efforts. Just to name a few: Metatag, Google Analytics, Pathauto, Redirect, and more.

Drupal 8 satisfies current SEO trends enabling marketers do their job effectively and efficiently! Even with minimal configuration, Drupal 8 lays a solid base for future marketing performance.

Mar 15 2013
Mar 15

Average: 3 (2 votes)

I've been on the road a lot lately, touting the opportunities that Drupal offers to workforce and economic development efforts of regions and states. Thing is, before we can get to all the advantages for regions to develop a Drupal-talented workforce, we have to educate a lot of government leaders, commissions and committees on what Drupal is and does.  In short, they need to "get it." This means understanding not just what Drupal is used for, but why it is growing as quickly as it is.  Decision makers in many of our forums do not know what a content management system is, nor what open source means. That's a lot of ground to cover before we can even get to the whole training component!

So, in our usual DrupalEasy approach to making things more efficient, we created an under-three minute video that seems to meet our needs.  No audio as yet, but we are open to suggestions as to a voice over, or some open source diddy that might make it a bit more engaging.  Give it a look, and let us know what you think, what we can do to improve it, and how you might be able to use it.  Also, if you need to explain Drupal to anyone, feel free to pass it along.  DrupalEasy proudly presents... V1 of: What is Drupal?

Trackback URL for this post:

http://drupaleasy.com/trackback/562

Dec 11 2012
Dec 11
It's time to rethink our approach to how we manage the content lifecycle.

The so-called modern web Content Management System (CMS) has outlasted its utility and is failing content marketers. And still, it is one of the most important tools that we at Digett leverage on behalf of our enterprise clients in the deployment of systems to store and display content to an audience in the form of a website.

Considered in isolation, the CMS does a fine job of this. But this constrained store-and-display scenario represents a diminishing slice of the expanding role that content plays in good marketing. To evaluate the effectiveness of the CMS from a higher vantage point, a picture emerges of widely-used toolsets that put too much downward pressure on marketing ROI.

It has become clear to me that we need to seriously rethink how we solve many of the challenges posed by content marketing.

Three Big Problems with the Web CMS

As content gains prominence, the tightly-coupled nature of enterprise systems like Drupal, for example—which attempt to address a full breadth of challenges related to the content lifecycle—becomes burdensome, inefficient and ineffective:

  • burdensome because we get stuck with huge applications to maintain
  • inefficient because replacing any part of these systems often means replacing the whole thing
  • ineffective because developer attention is spread thinly and unevenly across thousands of requirements.

How We Got Here

I think it is useful to recognize that we got here for good reasons. The web evolved, after all, into the most important communication medium of our time almost overnight. To address this growing demand to publish content, we have developed dozens of programming languages and web technologies to solve specific problems as they arise. To make it easier for the non-techie to take more control of the publishing function, for example, we devised simple tools to achieve this.

These were the earliest iterations of the CMS. All hands have been on deck to focus on these challenges, and look how far we've come! But somewhere along the line we crossed a couple notable thresholds.

  1. The CMS evolved to fulfill roles that would best be divided among multiple applications.
  2. Content became useful in more ways than our inflexible and bloated CMS architectures can keep up with.

To suggest that any one user type is the "most important" serves to help illustrate the challenge of treating content management as one to be solved by a single application. The fact is, by the way, that the most important user of a website is its intended audience. But even if we allow ourselves to shift our focus off the audience onto users that "work with content"—as does the referenced article—we are still talking about a wide range of roles: content strategists, authors, editors, reviewers, content administrators, web publishers, curators, and any number of possible "wholesale" consumers of content who need or want access to it for a purpose such as pushing it through another channel.

Each of these functions has its own unique set of challenges and requirements, and in some cases the needs and interfaces related to one function look nothing like those related to another.

Today's CMS has grown up as a one-tool-does-all approach to getting content onto the web and managing its lifecycle. We have WordPress, Drupal and Joomla (among many others), each of which increases in size and complexity with each version release.

It's not hard to see why this happens. Consider, for example, that a website is no longer something we view only from a desktop computer, but from mobile devices of all shapes and sizes. Consider that a website needs to leverage or at least play nicely with social media outposts.

These are just a couple requirements among many that demand new and more capabilities, and too frequently these capabilities become the responsibility of the CMS. This leads to bloated software that is less effective than it should be and more expensive to maintain.

Nowhere does this growing complexity result in more pain than with the never-ending and expensive two- to three-year cycle of upgrading a website to a new version of its underlying CMS platform. We do these upgrades to be able to stay current with security patches and, less often, to benefit from a new feature or two that the previous CMS version does not support.

How wasteful that we discard the result of previous website-building efforts every few years and replace it with the result of an entirely new website-building effort! Is there really justifiable value generated by this ever-repeating exercise?

How to Build a Better CMS

What we need is a more role-centric approach, applying best practices learned over decades in the software development industry, separating distinct groups of requirements into highly-tailored components, each designed for a specific role. Allowing these applications to interoperate would be well-defined interfaces that hide the complexity of what happens under the hood and make it feasible for developers to evolve and improve individual components of the content support ecosystem without worry of breaking it.

At its center would be a flexible and logically-designed content store that provides multiple methods for getting content in and out, as well as the means to effectively catalog it. Contrast this with the CMS database of today, which has become a tangle of unrecognizable labels and table structures and offers a poor foundation on which to build robust content applications.

Relegate the assembly and packaging of content into pages for viewing on different devices to a lighter-weight application that does only that. Give authors tools that streamline their own processes, which somewhere integrate with those of the content marketer who manages the production of those authors in the context of an editorial calendar.

There are hints of this type of modular approach just about everywhere you look. Drupal itself is a fabulously-architected wonder that goes further than probably any other comparable system to modularize its functions. Those who work with me know I'm a Drupal fan.

But I don't like telling my clients to budget for an expensive upgrade every three or four years on top of the significant ongoing cost of keeping the system patched. I don't think it should be that way, and right now I do not know of a better alternative.

I'd like to see the CMS go the way of SaaS, and believe at some point we'll see a tipping point toward that destiny. We see pieces of this already, and have for some time, in companies providing functions like data collection and reportingemail services, and social media integration. And there are some legitimate offerings for CMS SaaS, my long-time favorite being Squarespace.

But one of the very first frames of the video overview for Squarespace starts out by promoting its biggest weakness: "Everything you need to create an exceptional website."

Not that this might not be a legitimate approach if I'm going after the low-budget audience, mind you, but this won't fly for the enterprise. Any given enterprise is going to have its own unique set of needs that a one-size-fits-all solution cannot accommodate.

A Call For a More Sustainable Approach

In the end I'm looking for a better system, or ecosystem, to employ and leverage in the pursuit of helping my clients acquire, engage and retain customers through content marketing.

Additionally I want a more sustainable website solution; one that puts an end to the madness of explaining to my clients that shelling out $20-$30K or more every other year for a CMS upgrade is the norm, even while the old one seems to work just fine. It should not be the norm, and I know there has to be a better way.

Getting there will take time, but here’s hoping we can start a dialog to evoke change in that direction.  

Apr 11 2012
Apr 11
Doctor Who Technobabble

As a client or potential client of Digett you probably have taken a look through our blog posts and wondered why we bother posting technical articles about Drupal. Some people think, “That’s not what a client wants to read.” or “Prospects aren’t interested in all that technobabble.”  But as a client—ours or anyone else’s—the technical materials should be important to you too. Here’s why and what you can learn from our example.

Actions Speak Louder

Too many times have I been on a website and seen Joomla, Wordpress, Drupal, and Dreamweaver all listed as the expertise of a small firm. Anyone can list off all the top content management systems (CMS) and claim to be an expert, but the more likely scenario is that they are proficient at one or maybe two and passable at the others.  

So how can you tell if someone really knows Drupal (or any other platform)? Read their technical posts and the comments. Are the posts educational and do they talk about applying technical knowledge on the topic? Do they have comments and are they from other developers? Do the comments support the notion that the author is an expert on the topic?  You don’t have to completely understand all of the technical language to get a sense of whether the author knows what he or she is doing.

Enthusiasm is Contagious

A large part of the purpose of any website is to attract traffic and build a community. Talking about things that interest you is a way to do both. The interesting thing about being interesting is that when one tries to be interesting they often fail, but when one gets excited about something others get excited too. Evangelist John Wesley, famously said, “Catch on fire with enthusiasm and people will come for miles to watch you burn.” You don’t have to be the most polished writer to talk about what interests you — just “catch on fire with enthusiasm.”

Our technical posts about Drupal have brought in a substantial increase in overall traffic to our site. And while much of that traffic is from other developers and not prospects, the traffic increase has a positive effect on our credibility with search engines.

Drupal is the Bomb

Lastly, Drupal is on an upward trend in popularity and awareness, and has been for a few years. There are some large Drupal firms with sales efforts out talking about Drupal among enterprise clients. While we didn’t choose Drupal for this reason, we are positioned to ride this wave of growth due to our established expertise in Drupal and experience with building visually appealing, clean and user friendly sites.

So Drupal is not only what we are enthusiastic about, but it is a positively trending topic in web design. We blog about Drupal so much because it brings together both of those reasons while providing evidence to prospects of our technical expertise.

Related Posts

Aug 08 2011
Aug 08

The evening of Tuesday 23rd August will be the unofficial DrupalCon curry night. Together with NikLP, we are planning to bring together all those who love both Drupal AND curry. After all, London has some of the best of the country's curry houses, so bring an iron stomach (just kidding, as curry doesn't have to be violently hot, if you don't like that sort of thing) and let's eat!

We're going to keep the official information in a DrupalCon forum thread, but the basic idea is that we will meet in a bar around 7.30pm, and once everyone's gathered, head to the restaurant at 8.00pm. We would really appreciate if you can commit to this definitely, as we will need to book tables, and we need to know numbers as accurately as possible, so if you're just thinking about it, please hold fire, and come back when you're sure!

In any case, the DrupalCon thread is the place to get the most up-to-date information, and to let us know you're interested! Hope to see you there!

Apr 01 2011
Apr 01

A routine branding exercise went awry early Friday in Brooklyn when Growing Venture Solutions performed a "mind map" exercise to aid in the creation of logos for two of their flagship products, the Scout hosted sercurity review service and COD, the Conference Organizing Distribution for Drupal.

Drupal Scout LogoConference Organizing Distribution logo

"Connecting to the unintellectualized, visceral, gut responses we get from each logo helps us maximize branding potential so that we can produce marketing collateral that's sure to engage members of our target market segments, helping them to connect to each brand at an emotional level, which results in increased conversions" said social media expert Robert H. McJellyPants. He added, "Tachyon converter beam subspace electron resonance tuning."

Unfortunately, while exercise participants were discussing their friendly, communal associations with schools of smiling fish in the COD logo, as well as some of the more stern, defensive associations evoked by the Scout owl logo, the owl took flight and picked up the fish, instantly crushing the fish's vital internal organs with its beak.

Scout owl logo eating COD fish logo
Illustration by Carl Wiedemann.

Needless to say, participants were horrified at the sudden attack by the owl but impressed by its swift, decisive action in the face of what the owl saw as a potential security risk to its personal website, SupercuteCatsWearingWigsandSmallDressesTailoredEspciallyforCatsNoThisisnotajoke.com/website.

McJellypants expressed concern, saying "This is highly unusual for a branding exercise, and the attack could be a step in the wrong direction for both brands. It may cause people to construe the owl as reckless and aggressive, rather than defensive and wise." He pointed out that "[i]t makes the COD logo more similar to the previous one, which was also a dead fish," referring to the public domain image of an Atlantic cod that previously represented the Conference Organizing Distribution.
Dead Atlantic cod

COD has been used to power many feature-rich conference websites for DrupalCamps, the recent DrupalCon Chicago conference, as well as non-Drupal events in the United States, India and Australia.

When asked to justify the attack, the owl provided participants with helpful information about the specific security vulnerability it claimed was presented by the fish. However, for more information, it directed them to its "Scout Automated Plus" and "Scout Enterprise" solutions, where Drupal security experts explain potential vulnerabilities on specific sites—and the steps to mediate them—in great detail.

Despite having clear expertise in Drupal security, it was reported in several tweets on Friday that the owl's personal site had the full HTML input format enabled for anonymous commenters early Friday morning. The issue appears to be resolved as of the publication of this article, though one comment on the site by "IttyBittyPrettyWittyKittyCommitteeinNewYorkCitySingingaDitty36" appeared to show a properly escaped cross-site scripting attack probe, and read, <script>alert('XSS Vulnerable Meeeeow');</script>

When reached for comment, the owl tried to bite off my face.

Two of the mind-map exercise attendees posted a re-enactment of the event to YouTube. Note: the mind map was done on a boat.

Jun 12 2009
Jun 12

I recently came across a 2008 blog post by George Dearing in Information Week titled, "Is Drupal Finally Enterprise Ready?" Dearing explored how the Drupal community has been growing over the past few years and how Acquia has been supporting a lot of commercial initiatives behind Drupal.

read more

Jul 14 2008
Jul 14

Change does not necessarily equal quality

The key to a successful website is to change the content on your website as often as possible. right?

Change can be a dangerous notion on a website, and is something that is made easy and readily available by drupal and other CMS systems. But you must remember that arbitrary change for the sake of change serves no function. And can hurt your website, by disorienting users, and hurt your search engine rankings as well.

The change dilemma often comes especially when someone is new to a CMS system and starts publishing their own content. When you first start out with drupal for instancee one of the first things users want to do is edit all the content that is available to edit on the site. And this behavior is perfectly acceptble, in fact I heartily recommend that you customize your drupal site to suit yourself and your needs. The trouble comes with the default model of having two content types: the page and the story

Problem: Users want to update their content.
Solution: User installs a CMS (such as drupal)
Failure: User doesn't understand the best way to engage users with a consistant behavior.

This problem stems from the inability to tell the difference between these two content types. What is story content? What is page content? These two terms are confusing to users and here is why.

A lot of beginning drupal users are new to the world of creating their own content. Often in the past they would send their content to a design studio to have it put in the template, or they would put it on the page themselves with one of the plethora of wysiwyg html editing applications. For these users a CMS is a new experience, and there are little or no classes on writing for the web anyhow.

These users because of their previous knowledge and how they are used to doing things will have a mental model of drupal which is more in line with the page concept. That is these users think in terms of one page which is to be updated instead of the story concept of a string of interrelated pages which chronologically tell a narrative about the website, and the website's content.

The story concept is new to them, and is the same concept as a blog. Because of this lack of grasping this concept the user doesn't think about the consequences of altering these story nodes. What ends up happening then, is a rewritten history which ultimately shows change, but it shows change in such a way that the user is disoriented

When a user has no clear idea of the nature of the event and in its place sees only a recap or congratulations in it's place they are disoriented

Instead of disorienting the user, we should not be supplanting old information with the new, but instead linking through old information to an update, or at the very least including the old text along with the new text when updating. Though I must stress that I highly recommend creating a new page instead if for no other reason than those people reading your content through a feed reader will most likely not see your edits. With a new post you will bring this updated information right back up to the forefront of their reading queue

Related Posts

Debunking the myth: Content doesn't create itself

Content Management systems are the easy end all solution for creating content for the web, a magical thing which makes it easy to create awesome websites which get tons of visitors, right?
Jan 30 2008
Jan 30

Edit by Bevan: I think this is technically creative targeted spam. The username linked to http://www.chicagoplumber53.com/. I'm publishing it anyway cause it's interesting how well it has been targeted and that it links to real company information; phone numbers and addresses.
================
Hi,

Very good and interesting site and it's renewed my interest in the possibility of Plumbing design means getting involved on the ground floor and working with other home design professionals.And very recently i come across another site based on plumbing which is related to your site and i hope it will really helpful for all .. Thanks

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web