In terms of the landscape right now for open source projects, Drupal has over 26,000 modules. Those range from lol to enterprise class. Building a new platform yourself is a ****load of work to the point of being excessive, imo.

I think like the module you linked for Drupal, you would be better served for creating a module such as that for each of the major open source platforms that you can realistically support. Drupal/WordPress/Joomla being the big 3, but there are a lot more if you felt it made sense.

Good point. The basic idea is to piggyback on the javascript ecosystem in general, AngularJS in particular. If we're going for a single-page application, doesn't that render most of the Drupal modules useless in that context? Though I'm not too familiar with Drupal/WordPress/Joomla plugin architecture other than I remember them looking very messy compared to web framework APIs when I looked years ago. I should probably try to set up a basic site, write some basic modules and see what the experience is like. Are you also familiar with WordPress plugins? What's your take on WordPress vs Drupal?


I was just wondering if the paradigm shift (from server-side web apps to single page javascript apps and mobile) over the past 5 years can justify a new CMS, the same way it justified a new generation of web frameworks like AngularJS. Not sure if I can really get into CMS module development for its own sake.

I think all of Drupal's stuff* that tries this uses Cordova as a base so that would be the first thing I'd investigate if I were to go DIY.

*I don't know much about Drupal, my PHP-CMS of choice is Joomla.

Do you need seo? Angular is a nightmare if you do.

So, do you think there's a market for a AngularJS-based CMS that solves this problem systematically? I don't need anything personally - I'm just trying to figure out it would be worth my time to write an open-source CMS. Generating server-side fallbacks automatically from a well-structured single-page javascript app for crawlers and older browsers is definitely a feature a single-page-javascript CMS can provide that, AFAIK, existing CMS solutions or JS MVC frameworks haven't really tackled successfully. I'm taking the usefulness of single-page apps and AngularJS as a given, since a lot of development is going in that direction despite the pain points.

I think of Drupal as the enterprise PHP CMS, Joomla is a step below that and security is a pretty big concern for Joomla. Wordpress is not enterprise-ready yet without significant custom work, but it is getting there.

We switched our own site from Joomla to Drupal and I really enjoy using Drupal. We also build on Drupal primarily for clients and it always seems to be a huge improvement over what they were using, or even an upgrade from how they were using Drupal before.

Interesting. Thanks for your take! At the enterprise level, I see Sharepoint a ton, though I think a lot of this depends on the importance of internal users versus external visitors.

Yea, it is out there a lot, but SharePoint as an external website is lol

You wrote this in response to my comment about being the most technically competent person in my department (actually, the whole company).

I managed to convince them to hire someone *more* technically competent than I am. I have no idea how I pulled it off, but it took a wildly intense 2+ hour meeting to pull it off.

Yes, it was worth it.

I'm new to programming, and I've a question:


How often/regularly is open source software properly audited by trustworthy third parties, generally speaking?

Cool summary. All I ever heard regarding Drupal were some "horror stories" when upgrading but I've never worked with it/looked at it.

if it's popular, the assumption is that other programmers will look at it and anything malicious would be found. large projects are typically maintained and contributed to by many devs.

your question seems to imply some more official auditing process, which in general never exists, unless the software is used by a large corporation that decides to take on that burden themselves.

Thanks for your reply mate.

I'm asking mainlly in response to the recent events w/ truecrypt, and the recent crowsourced project to audit it.

Did this audit happen simply because it's a widely us3d security product that implements crypto and so the interest/need for it to be audited was high enough to where a large scale effort was made to audit it? Is truecrypt an exception to general practices?

I'd guess that security focused open source projects generally have a community that care more about security and are more willing to spend time doing that sort of stuff.

I suspect after Heartbleed - security audits will become more common with large companies paying (either directly or indirectly) to have it done.

That makes sense, and this happens all the time.

The #1 reason upgrading can be a nightmare is when people make changes to Drupal Core. The biggest rule in Drupal is to not make changes to core. Always make your changes via modules/configuration/etc. When you hack core directly, everything you changed is going to break when you upgrade. This can obv range from small stuff that takes little effort to fix, to absolute destruction.

Even when following best practices, upgrading can still be a pita. Often times, contrib modules are not supported in the newer version so it becomes a choice of making it custom or trying to find alternatives. Then if you have dependencies with other modules it can get to be pretty spaghetti-ish and headache inducing to figure out what the best approach is. For a small team with a lot of other priorities, I can understand why this would be a real drag.

For Drupal, some clients will independently pen test it and hire 3rd parties to test the security of it. If anything was found and the people developing it weren't total jackasses, the security group for Drupal would always be notified and it would be patched.

Embarrassingly stupid question I guess: when writing a "web server" from scratch, I have to just manually handle all HTTP responses' content-type headers myself based off of the extension or something? Most likely terrible (node) example: This is really what has to be done? I guess I just thought the browser figured this all out by magic or something. Or am I way, way off?

that's the only way I've ever seen it done

See for example apache's mime.types config file

Would you guys say it would b better to know many programming languages and be just okay at them, or to know one at a very high skill set? (speaking in terms of development)

I'd say you're unlikely to learn one language to a very high skill set without picking up the basics of many others along the way. Also once you know one language to a reasonable level, the bar to learning another is massively lower.

It's a pretty tough question. I think you should pick one language and get really good at it and do most of your work in it but at the same time get a good idea about other languages just to see how stuff is done differently.

Depending on what you want to do here's my candidates for language #1 in no particular order:
1) Java: Wide spread, robust backend language. Gets quite a lot of hate, statically typed, quite verbose. The underlying VM is top notch and lots of money is bet on it. Java8 introduced some nice features and there seems to be a slight functional shift. OOP.
2) Python/Ruby (or other languages): Light weight dynamically typed. Web friendly, Django/Rails and more lightweight stuff available. Good communities and support...Python is widespread in academia, Ruby is a little cleaner in the OOP department imo.
3) JavaScript...well it's JavaScript. The language is frustrating at times, the DOM is a horrible API but it's here to stay. Prototype/noclass inheritance is actually pretty cool as are first class functions etc.
4) C/C++...you'll know when you need those. Pretty much only if you do baremetal stuff that requires optimization (games, drivers etc.)
5) Others...I think the sexy languages de jour are golang, Erlang then there's the Lisps (Clojure, Scheme, Common Lisp etc.), Haskell if you're smarter than everyone etc, the Microsoft stuff if you want to go that route (C# is actually a nice language, I hear good things about their functional stuff as well)

If I'd start out today I'd probably learn JavaScript eventhough it's not the most ideal language to learn as a first one (Python/Ruby are much nicer imo). Seem slike a good bet for the future. Pick one, finish about 3 projects in it and see if you like it.

I enjoy reading stuff like "7 languages in 7 weeks" on the site to get a high level idea of other languages.

Just learn Lisp, imo. (just kidding (or am I?))

Clowntable: do you really believe that Haskellers are smarter than everyone else or do you believe they are just too naive to care or simply don't give a **** when they start using it?

Is ruby used for much professionally outside Web Development and scripts?

Also clearly the answer is Scala, the lisp of the jvm

*ducks out before Dave gets angry*

scala isn't a lisp, clojure is the lisp of the jvm

Having heard Scala called a Lisp multiple times now, I'm starting to think that "Lisp" has been corrupted to mean "Every language with first-class functions. And some without them."