Slate Rolls Out A Bunch Of Misconceptions About Drupal

I just got done reading this article on Slate, which argues that whitehouse.gov moving to Drupal is a “political disaster waiting to happen”. Let me take some time to address each of these lies.

Drupal knows best. It's not that Drupal thinks you're evil. It just thinks you're ignorant. In a basic setup, the software is suspicious of everything you try to do. Should you, say, go completely rogue and try to add some Javascript in the body of a page—a 14-year-old technology that controls interactive components like buttons—the platform will have none of it. The message: "That's dangerous stuff, and you probably don't know what you're doing." Better to outlaw something altogether, Drupal figures, than simply ask you if you really want to use it. If Drupal ran the Food and Drug Administration, it would ban high-fructose corn syrup. This is just the sort of straitjacketed paternalism that half the country is convinced the Democrats are hell-bent on imposing on us all.

Javascript is dangerous stuff. Ever try putting it in on Wordpress? You can’t. That’s not the case with Drupal, and it exemplifies that the author of this article has no idea what he is talking about.

XSS, that acronym for “cross-site scripting” is a huge security risk, accounting for 80% of all vulnerabilities in 2007. For example, when you login to a Drupal site there are cookies stored on your computer. Those cookies are what lets Drupal know that you are that logged in user. By placing a simple line of javascript inside of content posted on a Drupal site that allowed it, I could easily have your session cookie sent to some server I run and then put that cookie into my browser and now I am logged in as you and you would never know I got it. This isn’t limited to Drupal, but to any system that allows logging in.

So does that mean I can’t use Javascript in Drupal? Absolutely not. Let’s look at the code to embed a CNN video:

<script src="http://i.cdn.turner.com/cnn/.element/js/2.0/video/evp/module.js?loc=dom&vid=/video/health/2009/03/13/dcl.gupta.safe.cigarettes.cnn" type="text/javascript"></script><noscript>Embedded video from <a href="http://www.cnn.com/video">CNN Video</a></noscript>

Know what that is? It’s Javascript and you can see that exact video on this site by clicking here.

Wow that must be some kind of voodoo, but it isn’t. It didn’t even require any programming. It was a simple option inside of Drupal where I can change my “input format” to allow it. Not only that but I can limit what users can enter Javascript and not (try doing this on something like Wordpress – you need a plugin or to code it yourself). That’s the power of Drupal, and the piece of mind any website owner can have with it.

Let’s move on

Drupal is impenetrable. Even the software's defenders admit that it is hostile to newcomers—or at least indifferent to their plight, as a University of Baltimore study found. The apologists will tell you that, once you scale the learning curve, it gets much easier. This is probably true, but a lot of ordinary, code-fearing people who just want a simple Web site are getting left behind. If Drupal were an employee of the federal government, it would be the person who answers the phone at Immigration and Customs Enforcement who is unable to help you and unable to tell you who can. If you suspect government is the problem, not the solution, this sort of bureaucratic sprawl is your worst enemy.

Yes Drupal has a very steep learning curve and I’ll be the first to admit that (this is also being addressed in the upcoming Drupal 7). The extensibility of Drupal is what makes it complex. If the White House wanted some simple blog style site with a few static pages then they could have just rolled out a Wordpress site. Instead they wanted something highly customizable and that’s where Drupal shines. That is also why the White House hired a Drupal company to put everything together.

I also don’t think that the White House wanted some “simple site” as the author implies. At the beginning of his article, Chris says acts like the move to Drupal was some “repudiation” of Bush. The Bush White House paid programmers to write a custom system. Do we want our taxpayer dollars going to programmers writing code to take a some typed in words from a web form and turn it into a nicely formatted post, or manage, authenticate and store users? I doubt it, especially when there are proven systems to do just that freely available like Drupal or Wordpress.

Drupal hates change. Want to modernize Drupal by upgrading to a newer version? Ask these guys how that worked out for them. If Drupal were a piece of legislation, it would be the farm bill: desperately in need of an overhaul but unlikely ever to get one because entrenched interests keep the forces of reform at bay.

And what software doesn’t have problems when upgrading? Drupal releases a new major version every two years and supports the previous one for two years after the next release. By the logic this author is using the entire web should be powered by simple static files, meaning no more YouTube, Digg, Facebook, etc.

Here’s the deal on this. The web constantly changes. Programming languages evolve and new technologies come out. To keep up with this ever changing landscape a platform must also change. Drupal does a great job at that. Take the programming language Drupal is written in as an example – PHP. The next version of Drupal (Drupal 7) will require your server run a newer version of PHP (PHP 5.2+) and the support for PHP 4.2 will be dropped, the version that came out in 2002. The programming language has evolved and continuing support for the older version will prevent Drupal from growing. But perhaps this author is wondering why he can’t run his new game on Windows 95?

Drupal is disorganized. Instead of displaying your pages in folders that you can browse, like you do on your personal computer, Drupal provides a nightmarish content list. To find what you're looking for, you have to search for it. And unlike most content management systems, Drupal doesn't have a convenient way to prevent two people from accidentally editing the same page at the same time. This is exactly the kind of rudderless confusion that small-government types have always said defines the federal government.

Taxonomy is the magic word here, and something Drupal offers by default. I have thousands of “folders” for my posts. Want to read more of my posts on Drupal? Why not check out my Drupal folder tag. Want to see my index of all tags? Then simply go here (full disclosure – the tag archive page is a custom module I wrote for my site and crooksandliars.com). You can even view my posts by date by simply clicking here.

Drupal gives you countless ways to organize your posts, users, or anything at all. Its up to the end user to decide the best way to do that, and speaks volumes of the power of Drupal.

Drupal is righteous. The open-source movement has done wonderful things for the Web. But at its core, it remains a religion. If you went to DrupalCon in Paris last month, then you would have almost certainly come across proselytizers of one the movement's fundamental tenets: Drupal doesn't break Web sites. People with Drupal break Web sites. Most problems with Drupal stem from people who "don't get it" or aren't using it correctly. This is probably true, but it's not much consolation when you spend 45 minutes trying to upload a photo. Drupal's defenders are eerily reminiscent of those movement Democrats who were constantly knocking at your front door in the summer of 2008. Granted, they did get Obama elected, but it's a miracle they didn't cost him the election in the process.

And why shouldn’t we be? Countless people have spent countless hours developing a system that anyone can download, use and modify. Shouldn’t we be proud of what we have poured so much love and mental sweat into?

People with Drupal do break sites. This goes hand in hand with the steep learning curve I talked about above, but once those people ask questions in one of the multiple support venues for Drupal (where you can also find me offering help), they quickly realize where their mistake lies and can easily have a functioning website the way they wanted it.

It all boils down to using the right tool for the right job. If you want a simple blog that allows comments and maybe a couple static pages for information on yourself and even a photo gallery, then Wordpress is a much better choice. If you want a robust system that can be used to allow community content, contact management, an online store, or even more of a Digg style site, then Drupal is the better choice. I wouldn’t buy a flat head screw driver and think that will undo every screw I come across. Instead I buy a set of screwdrivers, or one of those nice multi-drivers.

After reading this article I also don’t see how this could cause any political disaster for the Obama administration, as the author implies from the start. A political disaster could be using a messed up email system that doesn’t properly archive as required by federal law – ask Bush about that. Instead what I read is someone who tried Drupal once and instead of asking about it or taking time to learn it, they got frustrated. He dismissed it as garbage and moved on.