Forum One: Programmatically Restricting Access to Drupal Content

Planet Drupal - Wed, 2015/06/24 - 7:01pm

Have a requirement like “I want users to not be able to add, update, delete or view content if some condition is true?” If so, hook_node_access might be all you need. This hook simply allows you to alter access to a node. Now let’s learn how to use it.

How this hook works

Anytime a user accesses a node (to add, update, delete or view it) this hook is called and can be used to alter that access decision. It receives three parameters.

  • $node – Contains information about the node being accessed (or base information, if it is being created)
  • $op – What type of access it is (create, update, delete, view)
  • $account – Information about the user accessing the node

It expects a return value to alter the access, which is; NODE_ACCESS_DENY, NODE_ACCESS_IGNORE or NODE_ACCESS_ALLOW. Best practice is to not use allow and use either deny or ignore (ignore is the default, if no return is given). You get far less permissions headaches this way.

I use this module often for customized workflow requirements. The most recent use case was “I want to deny update access to all users who try to update a node based on a user select field on the node selecting them or not.”

This is all done with one simple hook in a custom module (see below).

NOTE: There are some instances this hook is not called/skipped. Refer to the hook’s link for those cases.

/** * Implements hook_node_access(). * * Enforces our access rules for custom workflow target content to force updates * only if the user is targeted in the user select field */ function mymodule_node_access($node, $op, $account) { // If a node is being updated if ($op == 'update') { // If the user select field exists on this node if (isset($node->field_my_user_select)) { // If the user select field is not empty if (!empty($node->field_my_user_select)) { // If the user id in the user select field does not match the current user if ($node->field_my_user_select[LANGUAGE_NONE][0]['target_id'] != $account->uid) { // The users are not the same. Deny access to update in this case return NODE_ACCESS_DENY; } } } } // Else ignore altering access return NODE_ACCESS_IGNORE; }

Palantir: Twin Cities or Bust!

Planet Drupal - Wed, 2015/06/24 - 4:29pm

We love Drupal Camps for a lot of reasons, and the popular Camp in the Twin Cities is no different. We get to learn about new projects, see old friends, and discover interesting ideas and solutions to challenges in Web development, design, and strategy. In addition, not only does our Senior Web Designer Carl Martens live in the Twin Cities area, we’ve worked with a number of clients there, including the University of Minnesota and PRI, among others.

This year, we have six Palantiri in attendance, presenting sessions on a number of important topics like Drupal 8, testing, technical debt, design systems, and much more. The Camp also gives us a unique opportunity to talk shop with past, current, and potential clients to learn about their projects and understand the challenges our expertise can help solve for them. Heading to the Camp? Please do let us know via our contact form.

We give an overview of our sessions for Twin Cities, and propose why each is important for your project or those working on it. We’ll update this post once the recordings are online.

Rendering HTML With Drupal: Past, Present, and Future

by Steve Persch
Friday, June 26, 10:30am

What is it about?
This presentation will review the mental models used in Drupal theming and propose a workable path forward. For years, Drupal core has encouraged a mindset of altering and overriding its internal data structures. Developers in the Drupal 6 era created a philosophy called “sustainable theming” that relied heavily on CSS to work best with Core’s tendencies. The rapid acceleration in the wider Front-End community in recent years has brought new underlying assumptions and new ways of thinking. Expectations for how to construct Drupal sites have changed. The future holds clear decoupling with Javascript MVC frameworks, Web Components and some traditional HTML frameworks that encapsulate Front-End pieces that can work with multiple data providers. Can you make Drupal’s components be those components? Bonus: the phrase "Headless Drupal" will come up at least a dozen times.

Why is it important for your project?
Knowing the history of a system helps round out your overall knowledge of that system. As such, you'll learn how Drupal's theming system has been shaped by expectations of different eras, and how CSS usage has evolved, ultimately learning how to spot patterns that move toward the future of front-end development. In addition, you’ll learn the importance of discussing with theming choices with team members, and ways to future-proof their code and workflow.

Drupal 8: The Crash Course

by Larry “Crell” Garfield
Friday, June 26, 10:30am

What is it about?
One of the most widely-used and mature Content Management Systems on the planet, Drupal runs more than one in fifty websites in the world. However, it has always been something of an odd duck, with an architecture and design very different than anything else in PHP. Enter Drupal 8: almost a complete rewrite under the hood, Drupal 8 is a modern, PHP 5.4-boasting, REST-capable, object-oriented powerhouse. Now leveraging 3rd party components from no less than 9 different projects, Drupal 8 aims to be the premiere Content Management Platform for PHP.

Why is it important for your project?
A bit of Drupal 8 preparedness never hurt anyone. This session will provide a walkthrough of Drupal's key systems and APIs, intended to give developers a taste of what building with Drupal 8 will be like, and should be able to recognize common patterns in Drupal 8 development, and identify the Drupal 8 equivalents of common tasks from Drupal 7 at the end of it.

Design Systems and Drupal

by Larry “Crell” Garfield and Carl Martens
Saturday, June 27, 10:30am

What is it about?
Modern Web design demands visual systems that ensure content is delivered to our myriad devices, from smartphones to tablets to desktop displays and beyond, in usable ways. It requires thinking in terms of content that gets presented, often in a variety of different ways, rather than simply presentation. In this session, Larry and Carl will provide practical examples for how modern, modular design systems and practices can map directly to Drupal’s Views module, view modes, image styles, panels and other common site building tools.

Why is it important for your project?
You'll walk away with information that will help you leverage Drupal’s strengths through leading edge Web design, to both see and understand the basic concepts of design-system thinking, content strategy, and Drupal as a unified worldview that results in better, faster, and more consistent sites.

Technical Debt Insights from the Lorax

by Andrea Soper and Joe Purcell
Saturday, June 27, 1:00pm

What is it about?
Technical debt is a common analogy to describe the cost of code mess and poor architecture. However, how far can the monetary analogy go? In this session we will look at insights from the Lorax and “environmental debt”. Specifically, Andrea and Joe will build an argument for why the monetary comparison communicates the wrong idea about how technical debt is measured and how it impacts business. They will also include measures and practices to mitigate such technical debt.

Why is it important for your project?
If you deal with the challenge of communicating the business cost of technical debt, want a clearer understanding of what technical debt is and how to measure it, or want advice on how to mitigate against technical debt, this session will help. The goal is cleaner, more sustainable code and architecture for you, your team, your project, and the future.

On PhpSpec and Not the Drupal Way

by Michelle Krejci
Saturday, June 27, 2:15pm

What is it about?
This session gives you an introduction to the distinctions between unit, integration, and system testing, an introduction to behavior driven development (BDD), and, of course, using PhpSpec (a BDD tool) to isolate and spec out functionality in your Drupal codebase. PhpSpec is a toolset for building out testable pieces of functionality strictly designed to meet —and only meet—the project requirements that you have made explicit. Identify your inputs, test your expected outputs. That's it. The bigger question is: how do we as developers mature our skills and deliver testable, functional code while we continue to work on Drupal 7?

Why is it important for your project?
Proper testing breeds successful projects, plain and simple. You'll walk away with not only an understanding of the cost/benefit tradeoff of unit testing vs. system testing, you'll also learn the importance of building out custom functionality in Drupal using PhpSpec. The ultimate goal is helping you write better code and modernize your developer skills. Project Managers are welcome, too!

Heading to Twin Cities? Let us know in the comments, @ reply us on Twitter, or get in touch via email.

Categories: Test the staging version of on Drupal 7 NOW!

Planet Drupal - Wed, 2015/06/24 - 4:13pm

What, still runs on Drupal 6? Yeah. It is absolutely time to update to Drupal 7 so we can keep improving the site on an up to date platform, so we need your help to try the new staging version out. Sebastien Corbin and Gábor Hojtsy with the invaluable help of the Drupal Association prepared the staging site and hope it is near ready for the upcoming live update. But we need more testers to ensure it actually is. Here is how the test works:

  1. See all instructions for testing at, including how to report issues
  2. Everybody with existing accounts or new staging registrations is welcome (note that the site is not rebuilt, so if you don't already have a account, you need to create one on staging)
  3. This public testing runs until the 8th of July (for 2 weeks)

If you test now, we can fix issues ahead of the launch, so you would not need to complain after the update. Any questions? Post on the issue at

read more


Realityloop: Giving back to the community: Community Tools

Planet Drupal - Wed, 2015/06/24 - 11:37am
24 Jun Brian Gilbert

At DrupalCon Sydney where I was the Community track chair, for the first time at a DrupalCon both Stuart and I had offered to help as mentors at the post conference sprint. We felt in a relatively good position to do this as we’ve been running a mentoring event locally in Melbourne nearly every month since some time in 2010, which is another story in itself.

This naturally led on to us being mentors at DrupalCon Portland. During the mentor BOF’s while mostly listening, I was already thinking how can I make things better and the thing that stuck out to me were the common issues that often came up while getting a first time sprinters set up with a local development stack:

  • Bandwidth usage
  • Different stacks (MAMP, WAMP, XAMPP, etc)
  • Mentors having to support a stack they’re not familiar with
  • Time of setup (some users would take nearly an hour to setup)

Around the same time Stuart and I had been playing around with BitTorrent Sync (BTSync), which at that time was pretty new, but in my mind a promising potential solution to the bandwidth component of the problem.

I also thought that Acquia Dev Desktop (ADD) may be a better option for setting up a local stack than using any of the other *AMP stacks listed above. While also simplifying the support task for mentors that are essentially volunteering their time.

Eventually I started to talk to some of the more seasoned mentors about my ideas and there was some interest in my thoughts on BTSync, but a lot of kickback on using ADD due to previous sprints where various people had been burned trying to use ADD with Drupal 8 in the past.

As luck would have it one of the mentors that worked at Acquia, scor AKA Stéphane Corlosquet, was at these BOF’s also and we exchanged details. See the relevant issue at:

Attending what is now known as the First Time Sprinters workshop in Portland I was surprised when it was suggested that attendees all go and download MAMP/WAMP/XAMPP “now”.. It was no wonder the wifi had a history of dying during sprints, and it didn’t disappoint this time going down at exactly this point during the Portland sprints.

Needless to say this was enough motivation for me to implement and prove my thoughts, so I started building what eventually became the Community Tools Installation process.

What were the constraints?

There wasn’t that many, but these were the key things:

  • Installation is fast
  • Lean on the network
  • Doesn't break anything existing on a users machine.

It seems common for people to think that we are putting this forward as the ideal development stack, this is not at all the case, it is simply designed to be the fastest way to get someone up and running with a capable stack.

By using BTSync the majority of the network traffic for the tools is served from within the sprint room itself from the laptops of mentors that have pre-synced it.

BTSync has two levels of access to a shared folder, one that is read/write (only known to me) and one that is read only which is given to everyone else. This means we don’t run the risk of spreading malware that could arise through the use of USB keys shared with approximately 200 people.

BTSync also allows for last minute changes to be made that will sync out to all users, meaning we can respond to issues that arise quickly and not have to re-image a bunch of USB keys just before the workshop.

In the beginning there was a lot of pressure to include MAMP and other tools in the package, but I was eventually able to work with Acquia via scor to improve the ADD2 Beta such that it was the clear winner for this specific use case. Related issue:

ADD2 installs it’s webserver and database using ports for these services that are to my knowledge unique, meaning that it will not conflict with any existing web stack a user has set up.

ADD2’s supplied configurations (PHP/MySQL) also work out of the box with Drupal 8, something that often needed changing with other stacks.

Why this collection of tools?

The components were primarily chosen based on relevance to the typical activities performed by a first time sprinter during the sprint day, these are:

  • Use IRC (Limechat / Hexchat)
  • Edit code (SublimeText)
  • Use Git to apply and create patches (Git)
  • Run Drupal 8 (Acquia Dev Desktop 2)
  • Install Drupal 8 (Drupal Core — dev branch)

Initially the tools came with a PDF that walked you through each of the installation steps, pretty quickly I saw that people weren't reading this and making mistakes in the installation, so fairly promptly I started scripting as much of the installation as possible to reduce the chance of user error and also reduced the installation time. Related issue:

The OSX scripting was easy but It was fun having to learn how to code a .BAT file after not having used windows for several years.

At this stage the only manual step of the installation apart from selecting which parts you want to install is adding the site in ADD which has substantially reduced the size of the PDF that nobody reads ;)

The script prompts to see if you want to install an IRC client and a code editor, it then checks if you have git installed or not and prompts to install and configure git to d.o standards.

To save bandwidth Drupal 8 core is included in the tools package that is synced, extracted during the installation and then a git pull is executed to only grab recent changes saving again on bandwidth.

At this stage I’m very confident this is as lean as it can get without creating a customised install package specific to each operating system.

How has it performed?

After testing it at local events the concept was proven, the first real test at scale at DrupalCon Austin, about 50 people out of 200 had issues with it syncing but I considered it a success.. and the network stayed up!

We used it again in DrupalCon Amsterdam where I don’t think we had as many issues with people getting it synced but did still have to use USB drives for some people.

And I used it at DrupalSouth Melbourne earlier this year where it synced perhaps the fastest ever and we didn't have to use any USB thumb drives.

What could be improved?

It’s fairly clear that there are some limitations built into BTSync, and that the venue network setup can sometimes cause issues. I am constantly on the lookout for a better transport method (ideally looking for something open source instead of BTSync or for the Sync team to provide a free pro account so that we can share these secrets with unlimited users)

I think having a web server at the venue that could serve the tools would provide the most added benefit to the existing setup, while removing the weakest remaining link (BTSync) and also opening up the possibility of using tools that are larger in file size.

Linux doesn’t have ADD so the current experience is quite different for Linux users, and in my not consistent enough. To some degree we expect these users to already know how to set up a stack which isn’t the best assumption to make.


Tools download file sizes:

  • Linux         510MB
  • OS X         247.5MB
  • Windows  290.3MB

External Bandwidth usage during installation:

On OSX Git is installed via download of the command line tools.. ~120MB
For OSX and the rest the only the Git pull to update core ~20MB or less

Installation time:

  • Linux          ~5 minutes
  • OS X           ~4 to 7 minutes depending on if you already had git installed or not
  • Windows     ~5 minutes
Where to from here?

There are several community members that are pushing for vagrant to be for the stack part of this toolset, I think that it will go a long way to resolving the inconsistencies that we currently see with Linux setups, talking about it in the office we all think it needs a pretty control panel to make it easier for as wide a group of end users as possible. But there are some considerations that still need to be factored in. Related issues: and

This is a recount of events spanning several years, I've done my best to be as accurate as possible please forgive me if there may be some small factual errors in my recounting of things.

drupal planetdrupal 8

Blair Wadman: 19 simple methods to improve the page speed performance of a Drupal site

Planet Drupal - Wed, 2015/06/24 - 11:29am

Site speed is one of the most critical factors when running a site. If a site takes too long to load, visitors will hit the back button and go elsewhere. Google is well aware of this, so slower sites will not rank as well as fast sites (all other things being equal).

Drupal performance optimisation can be a complicated specialisation in its own right. Consultants and Drupal agencies can spend days or even weeks investigating performance issues and fixing them. But there are many quick fixes and simple methods that you can implement right away. You don’t have to implement absolutely everything on this list - you can implement some and monitor the difference it makes to the site speed....


Modules Unraveled: 140 Using the Math Field Module to Compute Values Without the PHP Filter with Caleb Thorne - Modules Unraveled Podcast

Planet Drupal - Wed, 2015/06/24 - 7:00am
Published: Wed, 06/24/15Download this episodeMath Field Module
  • What does the Math Field module do?
  • Why did you develop it? What hole does it fill?
  • You mentioned EntityForm...
  • How does it compare to the Computed Field and other modules?
  • What are the limitations? When wouldn’t you use it?
  • You mentioned before we started recording that you actually rewrote the entire module to use core’s AJAX framework instead of custom jQuery. Why was that? and how did it go?
Use Cases
  • What types of sites do you see this being of most use?
  • I might be using this on an upcoming project
  • What are your plans for D8?
  • What other general features are planned? I saw the note on the project page about issues with multiple parameters and multivalue fields.
Questions from Twitter
  • Rick Nashleanas
    Any performance implications using the Math Field module? (Yea, I know, this is a plant!)
  • David Csonka
    Is there a practical limit to how many Math Field fields you can have calculating in a piece of content? Performance?
  • Rick Nashleanas
    What's the most complicated implementation you've done with the Math Field module?
Episode Links: Caleb on drupal.orgCaleb on TwitterMath Field ModuleBlog Post about Math FieldTags: planet-drupal

Open Source Training: The Beginner's Guide to Drupal Security Releases

Planet Drupal - Wed, 2015/06/24 - 2:05am

There was a Drupal security release this week.

This release managed to confuse several of our users, because it wasn't clear if they should update their sites.

Security release information is rarely, if ever, written in plain English. And these week's updates were additionally confusing because they only impacted some Drupal sites.

So here, upon request, is our plain English guide to Drupal security releases.


Drupal Association News: Drupal Association Board Meeting: 17 June, 2015

Planet Drupal - Tue, 2015/06/23 - 10:59pm

First things first - an apology. I realize it's been a couple of month since I put up a post about our Board meetings. I definitely apologize, and will try not to let that happen again. However, know that you can always see the meeting minutes, materials, and recordings on our site. And, if you ever have any questions, you can find me on Twitter, D.O, in IRC (drupalhross), or you can send me an email (you know, if you are old school). 

The June board meeting covered the month of May at the Association, which was a rather big month. As usual, we had a number of items to cover in our operational upate, and then we dove into updates from the Working Groups

Operational Update
  • Drupal 8 Accelerate had a great month in May, adding $55,000 to the total of over $213,000 now raised to help close D8 release blockers. Huge thanks to Catalyst IT, Open Source Developers Conference Australia, Siteground, Figleaf Software and Duo Consulting for the $1,000+ donations in May. You can see how every dollar is directly impacting Drupal 8.
  • We had a DrupalCon! We'll give you a full wrap up in August when all the details, including financials are available. 
  • Content Strategy is coming to In an nutshell, we are excited to have completed a content strategy process with Forum One. With the strategy document complete, we can begin implementation. In the next few months we'll be introducing changes to the site to support the new information architecture and content governenace. When everything is in place, you will see a site that is easier to navigate and gives topic owners more flexibility in the types of content and permissioning they can use. You can see all the details in the DrupalCon LA session we hosted. 
  • As we shared in last week's post, our revenue continues to come in slower than planned. In Executive Session we shared a mid-year adjustment to the plan that we have now begun executing. Although we are not meeting our original goals, we remain excited about the possibilities for the Association - we are still growing. Especially reassuring is that all the Drupal 8 content we release is snapped up quickly.
Working Group Updates

Last quarter the Working Groups met in-person at DrupalCon Los Angeles. During the meeting, the groups discussed their role in producing the roadmap and began the process of re-prioritizing the work. We have definitely discovered a broader need for the Association engineering team across the Drupal ecosystem, and need a better process to allow for unplanned work to be prioritized. A good example is DrupalCI, which morphed from an entirely volunteer-run initiative to work supported heavily by Association staff. 

The Working Groups have also proposed charter changes in to the Executive Committee for review. We are looking to expand the number of community members on each group and further clarify the roles. 

Thanks and see you next month!

That's all we had for this board meeting, but more is planned for July and beyond. Check out all our upcoming board meetings and register to attend. 

Flickr photo: pdjohnson


DrupalCon News: Get an Advantage by Sponsoring at DrupalCon

Planet Drupal - Tue, 2015/06/23 - 8:43pm

DrupalCon Barcelona is going to be an incredible event in a beautiful city with a great Drupal community. Sponsoring give your organization visibility and recruting benefits you can’t find at another event.

Categories: Revert a Drupal Database Update

Planet Drupal - Tue, 2015/06/23 - 8:40pm

Red Crackle: Drupal Performance Optimization Checklist

Planet Drupal - Tue, 2015/06/23 - 8:15pm
You must have read plenty of articles on how to tune your Drupal site to improve its page load times. This post assembles an exhaustive list of all the configurations and tweaks you can do to improve Drupal's performance before increasing RAM and CPU speed of your server. The list contains components from the full stack, including Drupal application and modules, front-end proxies, CDN, webserver, PHP, database, OS and server hardware.

InternetDevels: DrupalTour Lviv

Planet Drupal - Tue, 2015/06/23 - 5:25pm

What do we get if we combine two popular memes: "Keep calm and code on" and "Keep calm and visit Lviv"? And if we add the fast green Drupal bus, good spirits and exciting IT reports? Of course, we get DrupalTour in the city of Lviv which is the capital of the Ukrainian web development services!

Read more

DrupalCon News: The Critcal Importance of Sending Your Team to DrupalCon

Planet Drupal - Tue, 2015/06/23 - 4:37pm
It may not feel like it at first, but choosing to send your team to DrupalCon is one of the best (and most important) decisions your business can make. While it may not immediately be clear what the ROI is for attending DrupalCon, the value of having your company’s employees at the event is huge. Here’s why. 1. Learn About Bleeding Edge Best Practices

Drupal Watchdog: Responsive Themes

Planet Drupal - Tue, 2015/06/23 - 4:23pm

In 2010, Ethan Marcotte published his seminal article, “Responsive Web Design,” and the way we build web sites was forever changed. Although Drupal 7 came out at the beginning of 2011, there was nothing in core to support the themers who wanted to build responsive websites. By 2012, all of the popular base themes offered a stable release which included a responsive starting point. As of Drupal 8, the core themes, and the administrative interface, will be responsive – making Drupal usable at any viewport width.

The original tenets of responsive web design had three directives:

  1. Use a fluid grid to lay out page elements.
  2. Make images flexible, and responsive to their parent container.
  3. Use media queries to specify which styles should be assigned for any given viewport width.

In practice, it has been a lot more complicated to implement these guidelines so that they work across devices and are respectful of the slower connection speeds we often experience on mobile devices.

In this article we'll take a look at how to implement each of these three principles in your Drupal 8 themes. The article was written against Drupal 8.0-alpha13. Some things are likely to have changed between now and Drupal 8's official release. Where possible, I've noted where this might be the case.

Fluid Grids

Out of the box Drupal 8 does not provide any support for a universal fluid grid. It does, however, provide the cleanest, most semantic markup of any version of Drupal to date. Markup is almost entirely contained in template files, and the theme function has been virtually eliminated from core. All of these changes were accomplished by the team working to convert Drupal from PHPTemplate to Twig. As a result, it will be significantly easier to drop in your grid layout system of choice – whether it is custom built, or part of a framework such as Bootstrap or Foundation.

Working with a base theme is still, of course, an option for you. As of this writing, there are no base themes with a completely functional Drupal 8 release; however, a few have Drupal 8 branches if you'd like to help with their upgrade process.


ThinkShout: Introducing the ThinkShout Interns

Planet Drupal - Tue, 2015/06/23 - 4:00pm

We are thrilled to introduce ThinkShout’s very first interns! In partnership with the Drupal Association, we will be working with two graduates of Epicodus’ first PHP class, Daniel Toader and Bojana Skarich. We’re very excited to welcome them to our offices, and the Drupal Community. They'll both be spending time at the Drupal Association's headquarters as well as ours. They've already mastered the art of posing for ThinkShout photos...

Without further ado, meet our interns!

Daniel Toader

Daniel worked previously as a systems analyst for Microsoft and an insurance company before he decided to dive into code. He’s a University of Washington graduate with a degree in informatics. He got his first taste of code while in school. After several years of extensive traveling, Daniel decided it was time to take the plunge into web development, so he brushed up on his Javascript and enrolled in Epicodus. He hopes to someday work as a backend developer.

Favorite snack: Pretzels and beer.

Favorite word: Supercalifragilisticexpialidocious

Bojana Skarich

Bojana comes to us with a background as a public librarian. She’s an Americorp grad with a passion for technology, especially when it’s used for social good. She turned to Epicodus when she decided she wanted to pursue a career in web development development. Front end development is her forte, and she dreams of one day building data-driven websites. She loves Drupal and is looking forward to getting more involved with the community.

Favorite mythical creature: Griffin

Favorite tree: Silver birch

Welcome, Daniel and Bojana! We're so happy we could be a part of your continued Drupal education.


Drupalize.Me: Using Tail to Debug Drupal Sites

Planet Drupal - Tue, 2015/06/23 - 3:04pm
Tail is command for Unix and Unix-like systems (like OS X) that allows you to take a peek at the contents of the end of a file. From the manual page: "tail - output the last part of files." Tail can be really useful for debugging purposes, or for taking a look at the recent access_logs from your Drupal setup. Tail can be particularly useful in a production environment when you may not have PHP error reporting enabled, and need to find the cause of serious errors with your Drupal site.

Dries Buytaert: Winning back the Open Web

Planet Drupal - Tue, 2015/06/23 - 10:58am

The web was born as an open, decentralized platform allowing different people in the world to access and share information. I got online in the mid-nineties when there were maybe 100,000 websites in the world. Google didn't exist yet and Steve Jobs had not yet returned to Apple. I remember the web as an "open web" where no one was really in control and everyone was able to participate in building it. Fast forward twenty years, and the web has taken the world by storm. We now have a hundreds of millions of websites. Look beyond the numbers and we see another shift: the rise of a handful of corporate "walled gardens" like Facebook, Google and Apple that are becoming both the entry point and the gatekeepers of the web. Their dominance has given rise to major concerns.

We call them "walled gardens" because they control the applications, content and media on their platform. Examples include Facebook or Google, which control what content we get to see; or Apple, which restricts us to running approved applications on iOS. This is in contrast to the "open web", where users have unrestricted access to applications, content and media.

Facebook is feeling the heat from Google, Google is feeling the heat from Apple but none of these walled gardens seem to be feeling the heat from an open web that safeguards our privacy and our society's free flow of information.

This blog post is the result of people asking questions and expressing concerns about a few of my last blog posts like the Big Reverse of the Web, the post-browser era of the web is coming and my DrupalCon Los Angeles keynote. Questions like: Are walled gardens good or bad? Why are the walled gardens winning? And most importantly; how can the open web win? In this blog post, I'd like to continue those conversations and touch upon these questions.

Are "walled gardens" good or bad for the web?

What makes this question difficult is that the walled gardens don't violate the promise of the web. In fact, we can credit them for amplifying the promise of the web. They have brought hundreds of millions of users online and enabled them to communicate and collaborate much more effectively. Google, Apple, Facebook and Twitter have a powerful democratizing effect by providing a forum for people to share information and collaborate; they have made a big impact on human rights and civil liberties. They should be applauded for that.

At the same time, their dominance is not without concerns. With over 1 billion users each, Google and Facebook are the platforms that the majority of people use to find their news and information. Apple has half a billion active iOS devices and is working hard to launch applications that keep users inside their walled garden. The two major concerns here are (1) control and (2) privacy.

First, there is the concern about scale and control. These organizations shape the news that most of the world sees. When too few organizations control the media and flow of information, we must be concerned. They are very secretive about their curation algorithms and have been criticized for inappropriate censoring of information.

Second, they record data about our behavior as we use their sites (and the sites their ad platforms serve) inferring information about our habits and personal characteristics, possibly including intimate details that we might prefer not to disclose. Every time Google, Facebook or Apple launch a new product or service, they are able to learn a bit more about everything we do and control a bit more about our life and the information we consume. They know more about us than any other organization in history before, and do not appear to be restricted by data protection laws. They won't stop until they know everything about us. If that makes you feel uncomfortable, it should. I hope that one day, the world will see this for what it is.

While the walled gardens have a positive and democratizing impact on the web, who is to say they'll always use our content and data responsibly? I'm sure that to most critical readers of this blog, the open web sounds much better. All things being equal, I'd prefer to use alternative technology that gives me precise control over what data is captured and how it is used.

Why are the walled gardens winning?

Why then are these walled gardens growing so fast? If the open web is theoretically better, why isn't it winning? These are important questions about future of the open web, open source software, web standards and more. It is important to think about how we got to a point of walled garden dominance, before we can figure out how an open web can win.

The biggest reason the walled gardens are winning is because they have a superior user experience, fueled by data and technical capabilities not easily available to their competitors (including the open web).

Unlike the open web, walled gardens collect data from users, often in exchange for free use of a service. For example, having access to our emails or calendars is incredibly important because it's where we plan and manage our lives. Controlling our smartphones (or any other connected devices such as cars or thermostats) provides not only location data, but also a view into our day-to-day lives. Here is a quick analysis of the types of data top walled gardens collect and what they are racing towards:

On top of our personal information, these companies own large data sets ranging from traffic information to stock market information to social network data. They also possess the cloud infrastructure and computing power that enables them to plow through massive amounts of data and bring context to the web. It's not surprising that the combination of content plus data plus computing power enables these companies to build better user experiences. They leverage their data and technology to turn “dumb experiences” into smart experiences. Most users prefer smart contextual experiences because they simplify or automate mundane tasks.

Can the open web win?

I still believe in the promise of highly personalized, contextualized information delivered directly to individuals, because people ultimately want better, more convenient experiences. Walled gardens have a big advantage in delivering such experiences, however I think the open web can build similar experiences. For the open web to win, we first must build websites and applications that exceed the user experience of Facebook, Apple, Google, etc. Second, we need to take back control of our data.

Take back control over the experience

The obvious way to build contextual experiences is by combining different systems that provide open APIs; e.g. we can integrate Drupal with a proprietary CRM and commerce platform to build smart shopping experiences. This is a positive because organizations can take control over the brand experience, the user experience and the information flow. At the same time users don't have to trust a single organization with all of our data.

The current state of the web: one end-user application made up of different platform that each have their own user experience and presentation layer and stores its own user data.

To deliver the best user experience, you want “loosely-coupled architectures with a highly integrated user experience”. Loosely-coupled architectures so you can build better user experiences by combining your systems of choice (e.g. integrate your favorite CMS with your favorite CRM with your favorite commerce platform). Highly-integrated user experiences so can build seamless experiences, not just for end-users but also for content creators and site builders. Today's open web is fragmented. Integrating two platforms often remains difficult and the user experience is "mostly disjointed" instead of "highly integrated". As our respective industries mature, we must focus our attention to integrating the user experience as well as the data that drives that user experience. The following "marketecture" illustrates that shift:

Instead of each platform having its own user experience, we have a shared integration and presentation layer. The central integration layer serves to unify data coming from distinctly different systems. Compatible with the "Big Reverse of the Web" theory, the presentation layers is not limited to a traditional web browser but could include push technology like a notification.

For the time being, we have to integrate with the big walled gardens. They need access to great content for their users. In return, they will send users to our sites. Content management platforms like Drupal have a big role to play, by pushing content to these platforms. This strategy may sound counterintuitive to many, since it fuels the growth of walled gardens. But we can't afford to ignore ecosystems where the majority of users are spending their time.

Control personal data

At the same time, we have to worry about how to leverage people's data while protecting their privacy. Today, each of these systems or components contain user data. The commerce system might have data about past purchasing behavior, the content management system about who is reading what. Combining all the information we have about a user, across all the different touch-points and siloed data sources will be a big challenge. Organizations typically don't want to share user data with each other, nor do users want their data to be shared without their consent.

The best solution would be to create a "personal information broker" controlled by the user. By moving the data away from the applications to the user, the user can control what application gets access to what data, and how and when their data is shared. Applications have to ask the user permission to access their data, and the user explicitly grants access to none, some or all of the data that is requested. An application only gets access to the data that we want to share. Permissions only need to be granted once but can be revoked or set to expire automatically. The application can also ask for additional permissions at any time; each time the person is asked first, and has the ability to opt out. When users can manage their own data and the relationships they have with different applications, and by extension with the applications' organizations, they take control over their own privacy. The government has a big role to play here; privacy law could help accelerate the adoption of "personal information brokers".

Instead of each platform having its own user data, we move the data away from the applications to the users, managed by a "personal information broker" under the user's control.

The user's personal broker manages data access to different applications.


People don't seem so concerned about their data being hosted with these walled gardens since they've willingly given it to date. For the time being, "free" and "convenient" will be hard to beat. However, my prediction is that these data privacy issues are going to come to a head in the next five to ten years, and lack of transparency will become unacceptable to people. The open web should focus on offering user experiences that exceed those provided by walled gardens, while giving users more control over their user data and privacy. When the open web wins through improved transparency, the closed platforms follow suit, at which point they'll no longer be closed platforms. The best case scenario is that we have it all: a better data-driven web experience that exists in service to people, not in the shadows.


Drupal Association News: Homepage Sponsorship

Planet Drupal - Tue, 2015/06/23 - 12:52am

In the next couple of weeks we'll be launching a new sponsorship opportunity for Drupal Supporters on the homepage of  The following is background information and a proposal for the program.  We would like a period of public community feedback. Feedback is open until the 6th of July. At that time, we will incorporate the feedback into the sponsorship program plan.


The Drupal Association has been creating advertising programs on in an effort to do more to serve our mission, and to take the pressure off of DrupalCons to perform financially.  We’ve been working to develop advertising products that are meaningful for advertisers, deliver value to the community, and are respectful of users contributing to the project. 

About the Program

The Homepage Sponsorship will highlight partners who support the community through Drupal Supporter Programs.  This includes Supporting Partners, Hosting Supporters and Tech Supporters.  The sponsorship will display in the 300 x 250 ad block that already exists on the homepage.   The creative template is designed and maintained by the Association.  The featured supporter will provide a logo, body copy, button copy, and a link to that will direct to their website.  We will display the partner’s supporter badge, and eventually, pass in any applicable organization credits.

The idea for the Homepage Sponsorship originates from the rewards mechanism that Dries discussed in his DrupalCon Amsterdam 2014 Keynote.  His vision involves building a system that creates an incentive for Drupal companies to contribute to the project by rewarding them with benefits and giving recognition. 

There is a larger project in motion which includes the Drupal Association building commit credits for organizations, and developing the algorithm to apply a value to the credits.  The Homepage Sponsorship is one potential reward that will eventually feed into the system.  Until that larger project is complete, the Homepage Sponsorship will be available for purchase by Drupal Supporters.  It will be sold in one week increments, giving the partner 100% of the page views during the campaign.  The program will expand recognition for those organizations who already give back, and will encourage more organizations to participate in Supporter Programs.

Homepage Sponsorship Mock

Advertising Guidelines for

The Drupal Association interviewed representatives of the Drupal Community to help guide our advertising strategy and ensure a positive advertising experience on  We developed informal guidelines; for example, advertising is not appropriate in issue queues, and when possible, products should monetize users who are logged out and not contributing to the Project.  After we received feedback on our most recent program - Try Drupal, we started work on formalizing these guidelines for advertising on 

We created an issue to share a draft advertising policy developed by the Association and Content Working Group.  The policy will set guidelines for how we advertise - addressing issues like the labeling of ads, content guidelines, etc. with the aim of providing an advertising experience that complements and supports our community values. Whatever decisions are made in that policy will be applied to existing programs, including the Homepage Sponsorship and Try Drupal program.

Talk To Us

We want your input about the Homepage Sponsorship.  Please comment on this post, or in the issue, with your questions and insights.


AttachmentSize HP Sponsor Mock-small.png130.36 KB

Commerce Guys: The Case for a Unified Customer Experience and Content-Driven Commerce

Planet Drupal - Mon, 2015/06/22 - 10:35pm

Commerce Guys has been promoting the value of content-driven commerce for many years, and we are thrilled to see more and more people talking about this continued transformation in the eCommerce market. One company that has recognized this important trend is Forrester Research, who makes a strong and compelling case in their "Content And Commerce: The Odd Couple Or The Power Couple?". In particular, they point out that companies who differentiate themselves by providing a unified user experience to tell their story should consider a tightly integrated solution that provides both a rich Content Management System (CMS) and a flexible eCommerce transactional />
Today there is almost no barrier to selling online, making it increasingly difficult for companies to differentiate themselves online, create a strong web presence, and attract customers. The solution for many will be to focus more on creating unique user experiences, supported by interesting content, which allows their users to execute transactions anywhere along the buying journey within the context of that information. The challenge today is that this experience requires CMS and eCommerce to work together seamlessly. Unfortunately most companies manage these two functions separately with two distinct systems. This approach results in added complexity and a disjointed and inconsistent user experience that is confusing to users and damages their brand.

According to Forrester, "the convergence of content and commerce platforms is already well underway. [They] expect that these two solution categories to be foundational elements in digital customer experience management"1. They go on to say that "In an ideal world, commerce and content platforms would have fully converged into customer experience management platforms, with commerce services seamlessly exposed through best-in-class digital engagement tools and supported by social, testing, and content management services." - "But this ideal isn’t likely to exist in the near future"1.

Drupal + Drupal Commerce Provides Seamless Content & Commerce

The future is NOW - and the reality is that Drupal + Drupal Commerce is the only platform with commerce natively embedded in a CMS, offering a seamless digital experience management solution with a single code base, administration, and database.

Why is this not more widely known?

While this may be news to many, Drupal Commerce has been around for over 5 years and has over 57k active sites. It consists of core and contributed modules, support by Commerce Guys and the broader community, that can be dropped into Drupal (which itself has been around for 10+ years and has over 5 million active sites) allowing transactions to occur anywhere within the user experience created. Contextual relationships between content and products are extremely easy to create - something that is hard to do when you bolt together separate CMS and eCommerce platforms. A great example of the power of Drupal + Drupal Commerce is which helps Lush in the UK tell their story, engage their customers, and sell more product.

Who Benefits from a Content & Commerce Solution?

Potentially everyone, but in particular are brands who benefit from a differentiated user experience that enables them to tell their story through interesting content and community engagement driving sales within the context of that experience. In addition, existing Drupal sites looking to add transactional capabilities is another obvious fit. With an existing investment in technology, skills and content, there is no better choice than to "drop in" commerce functionality, through Drupal Commerce modules, anywhere. Integrating with a separate eCommerce solution and bolting it onto Drupal is a common approach and certainly possible, but the result is added complexity, cost and valuable customer information that is spread out across multiple systems. Two systems makes it harder to create a level of contextualization and a unified experience that buyers are looking for. Given the increasing importance of targeting and personalizing content and offers and knowing your customer, having customer information in one place allows companies to merchandise more effectively.

What Should You Do?

Read the Forrester report. They get it right, and they are one of a growing number of analysts talking about the value of content-driven commerce.   2. Don't get stuck on features. Yes, they are important, but they will also change, and you need a solution that will adapt and allow you to take advantage of new ideas quickly. Instead, consider how your business will benefit by creating an experience that keeps your customers coming back and makes it easy for them to buy.   3. If you think your business would benefit from a richer user experience, or if you just want to simplify your infrastructure with a single platform that can serve both your content and commerce needs, take a look at Drupal Commerce - you will be pleasantly surprised by what you see. -----
1. Stephen Powers, Peter Sheldon with Zia Daniell Wigder, David Aponovich, Rebecca Katz Content And Commerce: The Odd Couple Or The Power Couple? How To Choose Between Using A Web Content Management Solution, An eCommerce Platform, Or Both (Forrester, November 19, 2013) 11,14