Information Technology

Last fall, I once again had the privilege of participating as a member of the judging panel for Packt Publishing's Open Source Awards. For the 2010 event, I participated by voting for the category of Open Source CMS Awards. In that award, the winner was declared by the panel to be CMS Made Simple, with SilverStripe as first runner up followed by MODx as second runner up.

I received a lot of inquiries asking me how and in what order did I rank the content management systems. Each of the judges on the panel, selects and ranks their top three CMS from the five included in this category. The judges are given a lot of reign for how they rank the CMS and may consider a number of factors including performance, usability, size and support from community, accessibility, ease of configuration, customization, scalability and security.

It has been my history to be transparent to all with how I rank each CMS as my vote will have some differences to those of the panel. This time around, I find myself hesitant and under personal protest with me providing information on how I ranked the five content management systems.

I question whether we're doing any good by declaring one CMS as better than another CMS. Dean Barker discussed on his blog some time ago this same uneasy feeling you get when you judge a CMS without having some reference to real world requirements. None of these content management systems would I consider losers and all of them remain worthy of future consideration. Yet, I'm disturbed that people will look at the numbers and interpret the results in a ways I never intended my rankings to be used.

My rankings for the Five Best Open Source CMS (with number one being the highest) were:

1. SilverStripe
2. mojoPortal
3. MODx
4. XOOPS and CMS Made Simple (Tie)

I'm not a firm believer in ties when it comes to ranking content management systems. Yet, this year I did just that for XOOPS and CMS Made Simple. All five content management systems that were reviewed I would consider as a candidate for a future project. None of the CMS would I consider a "last place" CMS so I refused to do so. It is also important to note that neither Drupal, Joomla!, or WordPress competed in this ranking as previous winners in this category duke it out in the Hall of Fame category.

Last week was a very frustrating time for me. For whatever reason, an unusually number of botnets decided to zero in on my Drupal site and created what I call an unintentional  Denial of Service attack (DOS). The attack was actually from spambots looking looking for script vulnerabilities found mainly in older versions of e107 and WordPress. Since the target of these spambots were non-Drupal pages, my Drupal site responded by delivering an unusually large number of "page not found" and "access denied" error pages. Eventually, these requests from a multitude of IPs were too many for my server to handle and for all intents and purposes the botnet attack caused a distributed denial of service that prevented me and my users from accessing the site.

These type of attacks on Drupal sites and numerous other content management systems are nothing new. However, my search at Drupal.org as well as Google didn't really find a solution that completely addressed my problem. Trying to prevent a DDoS attack isn't easy to begin with and at first the answers alluded me.

I originally looked at Drupal for the solution to my problems. While I've used Mollom for months, Mollom is designed to fight off comment spam while the bots attacking my sight were looking for script vulnerabilities that didn't exist. So with Mollom being the wrong tool to fight off this kind of attack, I decided to take a look at the Drupal contributed model Bad Behavior. Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots then blocks such access and logs their attempts. I actually installed an "unofficial" version of the Bad Behavior module which packages the Bad Behavior 2.1 scripts and utilizes services from Project Honey Pot.

As I had already suspected, looking for Drupal to solve this botnet attack wasn't the answer. Pretty much all Bad Behavior did for me was to take the time Drupal was spending delivering "page not found" error pages and use it to deliver "access denied" error pages. My Drupal site is likely safer with the Bad Behavior module installed, but it was the wrong tool to help me reduce the botnets from overtaxing Drupal running on my server. Ideally, you would like to prevent the attacks ever reaching your server by taking a look at such things as the firewall, router, and switches. However, since I didn't have access to the hardware, I decided it was time to look at my Apache configuration.

What are the enterprise trends in content management? This past month, I've given a lot of thought on the evolution of content management and social media in large organizations. Perhaps the amount of time I've recently spent on the plane traveling both coasts of the United States gave me too much reflecting time on this subject. Most of us understand the impact Enterprise 2.0 has had on enterprise content management, yet I feel like we're missing pieces to the puzzle. Luckily, there are a lot of smart people out there giving us clues to what the current enterprise trends are with content management.

This week I have been thinking a lot about how poorly we manage data and information. The quality of the data and the lack of needed data has historically been an issue at work. We have focused a lot of our time on data mining but never really recognized that one day there would be too much data and information for our staff to sift through. Recently, our managers proposed two new data sources for the operational staff to review and I decided that it was time to hit the panic button that we're currently giving out more information to our workers than they can handle.

When a business presents too much information to their staff it is a lot like catching deer in your headlights. If the deer is too overwhelmed to run and you don't steer the car out of the way then no good can come to both car and deer. This is where I think we are at work and we're needing to slow things down a bit to give both driver and deer time to think about their next move. For the moment at least, I'm personally at a lost on how best to solve our issues with information overload.

This year, I had the privilege of participating as a member on the judging panel for Packt Publishing's Overall Best Open Source CMS Award. As I mentioned last month, WordPress was declared the winner of the award followed by MODx, SilverStripe, DotNetNuke, and finally XOOPS. Since the award announcement, I've had a lot of inquiries asking me how and in what order did I rank the content management systems. I decided to wait for a month before my posting my rankings of the Web applications because I wanted focus to remain on the declared winners and not my individual choices.

My rankings for the Overall Best Open Source CMS (with number one being the highest) were:

1. WordPress
2. DotNetNuke
3. SilverStripe
4. MODx
5. XOOPS

Each of the judges on the panel, selects their top three CMS from the five included in this category. The judges are given a lot of reign for how they rank the CMS and may consider a number of factors such as performance, usability, accessibility, ease of configuration and customization, scalability and security. Despite the criteria given, the fact is the best CMS is the CMS you determine is best in meeting your project requirements. In other words, you may find that all five CMSes in this category meet your project needs or in some cases none of the given applications will meet your requirements. Despite how I ranked the CMS you still need to do your own homework before choosing what your "best" CMS.

Not having the opportunity to own an iPhone due to lack of coverage by phone carrier AT&T, I haven't been a smartphone user. Then a few weeks ago my carrier, Verizon, introduced the Motorola Droid and I purchased my first smartphone.  Since then, I've been carrying the Droid where ever I go and taking full advantage of the phone's features.

My experience with the Droid has forced me once again to question what I know about Web content management and best practices. I knew I would use the phone for social media aspects (Facebook, Twitter) but I've been surprised at how much I hungered to read content from various Internet sites. Despite the iPhone and the Droid both having good Web browsers, I've come to the conclusion that reading content on a smartphone for a site like CMSReport.com still sucks.

This week, I spent a lot of time in various discussions on the negatives of Web content management systems (WCM). For all the excitement us CMS enthusiasts have for WCM, there is also associated frustration that threatens to dampen our spirit and kill the mission.

We lasted nine months. That's right, for nine months we hosted our Drupal site with a shared hosting account. Last January, I knew we were taking a gamble but the monthly cost savings for hosting the site was just too tempting. In this end though, CMS Report was too busy and exceeded the shared hosting provider's CPU usage policy.

Working for a large organization, it should be no surprise to all that my workplace is going down the SharePoint path for its "enterprise software" solution. What may be surprising to some is that SharePoint confuses me.

Is SharePoint a document management system or a content management system? Every executive touts using SharePoint's collaboration features, but behind closed doors I only hear whispers that those collaboration tools aren't so great. I'm told Sharepoint is a cheap solution to implement, yet over the years I have never heard a CIO actually tell me they're saving money using SharePoint. Then there is the Microsoft Sharepoint licensing agreements. Every time I read a Microsoft license I can't help but wonder if I'm on a road that doesn't offer my organization appropriate exit ramps.

Last week, Socialtext's Eugene Lee forwarded a link on Twitter with SharePoint as the focus of the article.  The SharePoint article is titled, SharePoint 2007: Gateway Drug to Enterprise Social Tools and the author discusses the frustration enterprises and site developers have with the Microsoft product.  There is some truth in the article as I've heard from many people discussing their concerns about SharePoint lacking quality Enterprise 2.0 features or causing vendor lock for their organization.  However, the article borders slightly on the side of a rant on SharePoint and I've allowed it remain in a tab on my browser for quite awhile while I pondered what I wanted to take from the article.

I think the frustrations the author describes about SharePoint isn't a SharePoint problem.  And the author describes the issue very well without recognizing it's just not SharePoint that drives organizations crazy.

SharePoint does some things rather well, but it is not a great tool (or even passable tool) for broad social interaction inside enterprise related to the focus of Enterprise 2.0. SharePoint works well for organization prescribed groups that live in hierarchies and are focussed on strict processes and defined sign-offs. Most organization have a need for a tool that does what SharePoint does well.

This older, prescribed category of enterprise tool needs is where we have been in the past, but this is not where organizations are moving to and trying to get to with Enterprise 2.0 mindsets and tools. The new approach is toward embracing the shift toward horizontal organizations, open sharing, self-organizing groups around subjects that matter to individuals as well as the organization. These new approaches are filling gaps that have long existed and need resolution.

The problems identified with SharePoint can easily be said about many enterprise applications out there.  Many of the enterprise suites provided to the market traditionally offered turn-key solutions in an effort to deliver a single integrated solution for the customer.  These integrated suites can and do create "vendor lock" but that isn't the sole goal of enterprise products being delivered by such companies as Microsoft, IBM, and Oracle.  The customers asked for efficient and effective enterprise solutions and the big software companies responded by providing the expected tightly controlled software platforms (historically a good thing) along with terms of licensing, predictable pricing, training, and infrastructure support.