I do see a lack of civility in your posts, but not much information.

Drupal does claim to be modular. It doesn't often claim to be simple, unless you are only using a few core modules, perhaps in the default install, for instance, to make a blog. In the base install it _is_ less polished than, say, Wordpress. But it does more. I'm not sure how you measure intuitivity - what's intuitive for one person isn't necessarily, for another.

I don't know what you mean by 'Behavours are inconsistent across themes'. Isn't the point of themes to bring individualism to your Drupal installation? Doesn't that by definition mean that different themes will do different things?

Regarding 'Half the available themes are broken'. I have no idea where you get this statistic. I do know that if you install a Drupal 5 theme on a Drupal 6 installation, it will most likely not work. Perhaps that's what you did?

Regarding 'Not supporting things off the bat'. Again, I'm not sure what you want? By default Drupal 6 supports posting stories, pages, blogging, aggregating content from feeds, hierarchically structured collections of pages, comments on any content, contact forms, multilingual sites, forums, login with OpenID, polls, clean URLs, content categorisation, registered user profiles, searching, basic statistics tracking, and user uploads. Amongst other things. I'm not sure what else you would like a CMS to do as in the basic installation.

Regarding 'Enabling the modules requires manual downloads and dependency hells.'. Yes, in most installations you have to manually download and enable modules. This makes it more secure. Modules list their requirements and will not allow you to enable them unless their dependencies are also available. I'm not sure how this is 'hell'? Surely it's sensible not to allow a module to be enabled if it's guaranteed to break?

Regarding 'The notion of using the site as you build it is shit,' On the other hand, eating your own dogfood is a very good way of being sure that your users will enjoy the site you are building.Usually one would put the site into maintenance mode, but this isn't required. But again, if you don't like to use what your users use, you ARE able to use an admin theme. If you are building a larger site, it's not recommended practice to work on the live site. I have no idea what you mean about 'just writing your own CSS'.

'The only people who are willing to waste the time to understand Drupal enough...are those...chasing buzzwords...' Drupal is not for everyone. It's definitely not perfect; it's a large, rapidly growing system, which is being improved as it grows. Quality outside of the core is variable, as you would expect. It doesn't solve every problem, despite having around 5,000 modules available, spread across Drupal 5 and 6; clearly it didn't suit you, although it is fine for hundreds of thousands of other users. I don't know what problem you were trying to solve, but there are many CMS out there, and I'd recommend you start by investigating Sharepoint.

Are you complaining that the security team takes time to go through the 2000+ components, find problems and notify you?

You can unsubscribe from the list, and rely only upon the status subsystem, which if you have not switched it off, will notify you on a regular basis about upgrades and security fixes for the only modules you are using.

In contrast to your assertion: Drupal has an _excellent_ security history, and the fact that you are alerted about updates serves to highlight this.

You may wish to switch to a CMS which has no security warnings, but I would not feel comforted by lack of warnings.

It would appear that your experience doesn't stretch terribly far; off the top of my head I can name several much less secure systems. Finding, fixing and announcing vulnerabilities is a good thing: by your measure a hugely exploited CMS with no fixes would be better!

Regarding you assertion that the rewrite engine cannot be disabled; this is just plain wrong. The Apache rewrite engine can be disabled without any problem. If you do this, then you won't enjoy clean URLs, instead you'll have URLs like www.somesite.com/index.php?q=some/path instead of www.somesite.com/some/path. Internally Drupal always works with the first form. However, the rewrite engine is a widely used Apache module - with perhaps millions(?) of sites using it. It may very well have exploits - just as any software may - but it is trusted by lots of users.

Followsymlinks can be disabled too. It's required for rewriting and for one form of upload. Drupal works without problems without it. However, there's nothing inherently insecure in symlinks, and the default Drupal directory layout does not symlink to outside of the install tree.

Database load. I note that your assertion about load is without any reference to figures. I'm not certain which CMS you think is well written. However I'll note that there is a general problem with CMSs which are designed to be easily extensible: tightly integrated system usually use a single SQL statement to retrieve data - the designer knows all the constraints at design-time. A loosely coupled system is usually not able to do this: the designer has little idea of what will be present at run time. So it's in the nature of most loosely coupled system to run one query or more for each additional module. Drupal uses a loosely coupled callback orientated architecture. This means its very easy to extend. However the downside is that each module will usually include extra tables. Drupal is fairly smart about loading this extra data, but beyond that, to counteract the tendency for growth in queries, Drupal has a caching subsystem that is active in several layers. For anonymous users, Drupal only runs a few queries which determine where in the cache the data sits, and returns it.

Perhaps you'd like to elaborate with some firm figures and an example of a CMS that in your opinion does it right.

Regarding PHP security. Again - have you any firm facts to show that PHP is inherently less secure than any other language? The consensus in security circles is that openness is better for security. *You* are able to download the PHP source code and contribute patches. If you know of a security issue, I'd urge you to help fix it. Or is this opinion without facts to back it up?

Again, I'd be interested to know which CMS you do recommend to the person in the street. I would not at the moment recommend Drupal for most brochureware sites, though it is capable of brochureware, however for sites in excess of about 100 pages, for sites where there is a heavy community aspect, and for sites which hope to change and grow, Drupal is an excellent choice.

I think you are misinformed. Morpheus seemed to be targeted at a range of software, including Joomla, but not Drupal: as far as I can see, none of the URL's it scanned are Drupal-based. See http://zeroq.kulando.de/post/2008/08/20/morfeus-fucking-scanner for example, but there are others out there.

In fact, Drupal has an excellent history of security. We find holes, fix them and issue patches. There is a security mailing list that anyone can sign up to. You will receive mail on the latest security fixes. Your Drupal installation will tell you when components are out of date, and when there are security updates. It will also email you on a regular basis if you don't care to look at your status, or ignore the status message at the top of the page when you log in as an administrator. Drupal will not download and install components without human intervention: components require manual installation.

Just like any software, I'm certain that Drupal has as yet undiscovered exploits. What's important is whether they are found and fixed, and we have a good track record of doing this.

Microsoft have derived a stack of publicity from the Sensecam and lifeblogging - it's made them look like a terrific company. I think this PR needs some counter-balance: Microsoft made Lyndsey Williams, the inventor of the Sensecam, redundant. Possibly not the best way to reward someone who was responsible for millions of dollars of positive PR; you don't get rid of the people who are doing brilliant work if you plan on delivering brilliant products in the future. But this has probably been a good thing for the rest of us; Ms Williams is prolific in bringing new devices to prototype and beyond. Her site shows her recent work, including the Sensebulb - a device for non-intrusive monitoring of elderly people who live alone. It can detect unusual situations and alert friends and relatives. This would have saved the lives of two people I knew. She has a stack of other interesting projects on the go too. Her site is well worth reading.

Disclosure: I know Ms Williams and take the opportunity to promote her work whenever I can. I'm not paid for this: I'm not in PR.

Mod the parent up: what his link shows is that Intel are not keeping it a secret that they offload to the processor; they have a published document saying that they do this for 3DMark as well as other software for the XP and Vista driver. I don't know whether they have yet published a similar document for Win7 driver, but Win7 is not yet on the shelves, so it's a bit hard to criticize them for not disclosing for that.

It's not really cheating is it, if you are open about what you are doing; I think the title and tone on the article is inappropriate.

IMO it's debatable whether this sensible for a benchmark or not - but it's not something that they've kept secret in a hope of gaming benchmarks - which is what a lot of other commenters seem to think.

I have no relationship to Intel apart from occasionally buying their products. I also buy other brand microprocessors and graphics hardware. I have mod points, but I think it's more important to point out why this comment is important than to mod it up myself.

I run Linux. I bought ATI because they support open source, but have been very disappointed with their drivers, and the open source drivers aren't great either.

I used the closed source driver because I can play 3d games. I can view more than 1 screen, although in windows both of my screens are rock solid, while in Linux there's flicker on one. I know I'd be able to fix it on Linux BUT... ..the reason I am down on ATI is that I have probably spent FIVE days of my life dicking around, trying to get their drivers working with X, and I am not going to spend any more of my limited number of days on earth dealing with this sort of thing. Every time there is a new version of Ubuntu I have had to go through the same stupid waste of time, trying to get everything going satisfactorily again. I like open source, I write open source, I support businesses that support open source, but the next time I have a problem with my video card, I'm going to throw it away and buy a rival card.

Sadly ATI do not support open source enough for their support to be truly useful. Nor do they make great closed source Linux drivers.

It sounds like you are in a sticky situation but maybe all is not yet lost..

Firstly, as a technologist, you are focused on the technology, and it sounds like you've pretty much ignored everything else. For a tech-based business, the tech is necessary, but it's not sufficient. Most tech startups die because they don't pay attention the the things that are out of their sphere of experience, but which are critical to success. It's the WHOLE package that matters, not individual parts. It's impossible to stress this enough.

Start by buying a copy of the Beermat Entrepreneur: it's a quick read - it's not the only book of it's kind, but it hits all the important points I think you need. A key idea is that there are cornerstones to businesses. You only appear to have one cornerstone - a technology person. You need to find people to fill the other cornerstones. Go to all the local networking groups you can find. Go to conferences - look for things that are outside your comfort zone. For instance, you won't find people interested in sales at a tech meeting. Phone up all the people you've worked with, who you thought were great. Chat. Drink wine. It's not going to be quick. You need to persuade these people that if you can find funding that they'll quit their jobs and come to work with you. In return they get about 20% or the business. If you can't persuade the other cornerstones of your idea, it's a non-starter. Go find a job.

If you can persuade these people, then because you don't have any money, you and your team need to persuade either a company to buy your technology as a product/service, or persuade a business angel to fund you.

Wrt the former, you need to list all the strengths and weaknesses of your tech, and find a niche that only your tech can fulfill, where someone with lots of cash is desperate for a solution. It's the job of your marketing person to think about this. Sometimes it helps to have external consultancy because it's likely that it will not be in a niche you know exists. You'll need to validate by talking to people who are potential customers in the niche, to make sure you are targeting the right area. It's the job of your sales person to find companies that match the profile of your nice. Together you need to persuade them to buy early prototypes or a development project. Finally you will have some cash coming in. You need to use as much as you can possibly afford, to grow the business - find the next customer and deliver tech. Repeat until some time later, when you my be able to sell the company.

Or if you think funding is the best way forward, you need to build a portfolio of evidence as to why your technology is ten times better than the competing technology, and you need to show that people are desperate to buy your products, but that you need capital and the angel experience. Much of what I wrote in the previous para applies - you'll need to produce lots of convincing documentation backed by research. There's lots of advice out there about finding an angel. Don't just say yes to the first person to offer you cash: it's better to kill the idea than experience years of pain, andl then have to kill the business. Find someone you like and trust who has good experience that can be applied to your business. Again, this is unlikey to be a quick process.

Even if you don't have an angel, a mentor would be an invaluable asset, and although you probably won't have to produce documentation to the same degree, hunting for the right person is a similar process.

Given that you are out of money, unless you are able to produce an absolute kick-ass demo immediately, and can use this to persuade people, I would stop working on developing the technology, and either switch all my efforts to the other more critical tasks, or stop working on it altogether, and start looking for a job so that you can use the income from the job to fund finding the right people to have a future with.

Lastly, you are much more likely to die from lack of people knowing about your technology than you are to die from people stealing your ideas or killing you through IP law. If you have filed a patent, you should not be coy here about talking about the technology; in the comments you should tell people much more about it. That way you may find people with knowledge about specific needs - for instance, I know of an unsolved problem which could be solved by motion capture with 1mm accuracy, but over a capture field of a few miles, working in extreme environmental circumstances, with real-time response being critical.

Good luck!

When my child gets punished for bad behavior, she will sometimes get cross and in a fit of spite she will do things that she thinks will hurt us, her parents. Often she ends up hurting herself more through her actions.

Microsoft makes some fine software. They are a bunch of bright, creative people. But apparently they have the corporate personality of a 4 year old bully. They were caught being bad, again, and their response to being punished is petulance. Not to worry; they are harming themselves. The middle of a recession is not a good time to make your product more expensive and with a higher barrier to entry.

----------

I've seen a few people saying that it would be hard for them to give a choice of browsers, and that, in fact, just deciding which browsers would be too hard for some of the brightest people on the planet. I wouldn't compare my intellectual powers with those of Mr Ballmer, but I can imagine that they could:
1. Publish the specifications of the integration API that IE supports, so that it can be implemented in other browsers
2. Publish the source code to IE so that people can see what's missing from the API
3. Bundle Mozilla, Opera and Safari
4. Ask the user for a URL, then download a browser as part of the installation process
5. Ask the user to insert a CD containing the browser

None of these are exclusive of the others - they should be doing all five.

What I see is a case of corporate petulance and bad grace from a management team who think that they are above the law.

--------------

Now some balance.

If I were in the position where I was genuinely surprised by the EU's decision (though I can't see how MS could possibly be surprised), and I was completely unprepared, rather than hold back the launch of the OS globally, I might choose to issue it in stages in the EU to give myself time to comply with the ruling. However, I would also be incredibly careful to communicate about this strategy so as not to upset my customers. But as far as I can make out, this is not what is happening here because I've seen no explanation as to how insisting on a clean install fits in with a two stage strategy or how it complies with the EU ruling.

I'm the parent poster.

My point is that this was major tech news. And hours after the news broke, it still hadn't appeared on the front page. It should have been there minutes after the announcement seeing as it's major news nerds. Even that gnat in the technology-news arena, Republica, managed to report it before it appeared here. Slashdot should be waaaaaaay ahead of the crowd in reporting interesting IT stories.

I'm not decrying the Phorm story: I'm also in the UK and have an interest in it, and I'm glad it was published, but to have it appear while news of a major development in the operating-system-wars is sitting in the queue shows that there's a problem in the editorial flow.

I would like to point out that the BBC, Boingboing, South Africa's Mail & Guardian, the UK's Daily Mirror, the bloody Katmandu, Nepal based Republica, and 632 news sources managed to report the announcement of Google Chrome OS before it was a glimmer in Slashdot's eye.

A very poor show for Slashdot, which is supposed to be news for nerds, stuff that matters.

You are quite right that there are only two comments, and that's because the Times are not publishing responses to their article: I submitted one as soon as I learned about their involvement, decrying their actions, and calling on others to do so too. It is yet to be published.

IMO, newspapers feel threatened by good bloggers because there's no space for the interpretation of opinions when you can read the primary source yourself. And this was a self-serving action to fight back against bloggers. It was not in the public interest. The result is that a source of citizen journalism that exposed what policemen thought has been shut down.

I am appalled by the Times' actions.

Erlang, from what I recall has had the ability to replace running programs in place since forever. A quick look on Amazon shows the first Erlang book dated at 1993. And I think that's probably where I remember reading about it. I thought what a clever technique they had at the time.

Quoting from the an Erlang white paper:
"Hot code upgrade - Many systems cannot be stopped for software maintenance. Erlang allows program code to be changed in a running system. Old code can be phased out and replaced by new code. During the transition, both old code and new code can coexist. It is thus possible to install bug fixes and upgrades in a running system without disturbing its operation. "

(Whoever owns that one copy might want to up their price about now. And I think I may go see if I still have my copy to sell to the next highest bidder. Do I hear any Apple patent lawyers bidding? )

With just a little luck this will point help to point out to companies that asserting patent claims over prospective standards is a bad idea, sure to cost more money than it makes.

Measure the memory cost of your web application. Suppose that it's PHP and a session takes 35MB, then you need 35MB for the duration of servicing the request. With 1000 visitors a day, if they all visit during lunch hour, and they are each looking at 10 pages, you'll have about 2.7 requests per second on average.

This means that on average you'll need another (35MB + database overhead + Apache overhead) x 2.7 memory per second. If page generation lasts an astoundingly long 2 seconds, you'd have about 6 sessions stacked up before you recovered the memory used by the first session in the queue. Assuming that you need 10MB for Apache + database, you'd need all of 270MB + OS footprint to run your server.

I think we can safely say that 16GB is overkill under these circumstances.

Of course if it's lunch hour, your peak (which is the important thing) would be higher: maybe 50% people would hit in the first 15 minutes of the hour. You need to do capacity planning which is appropriate for the load and the technology you are using.

By contrast: one of my sites had 15 minutes of fame, and had 20,000 page views across about three hours. It was running as static content, from a Xen instance, with 1GB of memory, and about 25% of processor time on a dual processor 1GHz system. There wasn't even a hiccup in dealing with the load.