Being casual about open source security is not funny. Headlines like the Panama Papers this year showed that an improvident dealing with security and updates can cause a huge damage. Fees are still a crucial reason for people to hesitate to secure their business by using charged services. This is not a pitty - this is grave.
There are many people out there who give a lot without receiving a reward. They see more benefits in helping and strengthen people, any kind of living being or purpose than in a regular salary.
More and more, midsize companies are excited by Drop Guard, recognising the benefits and values of using this tool.
This time we want to present undpaul to you, a Drupal agency from Hannover, Germany, that is built by an enthusiastic team of Drupal developers. Eleven team members support Anja Schirwinski and Johannes Haseitl, founders and CEOs, in their daily effort to please the needs of their customers best.
In doing so, the whole company let Drop Guard support them and let it provide continuous Drupal and website security for their clients. We asked the undpaul about what changed since they started to use Drop Guard on a daily basis.
Our existing users may have already noticed a few changes and improvements in Drop Guard. However, not everything is visible enough, so we decided to make a short list with the recent updates.
Drop Guard is now capable of managing your composer.json and composer.lock files, in the same fashion as you would do it normally via CLI.
When executing the update task, Drop Guard modifies the composer.json to accommodate the recommended module or core version and runs "composer update" command to keep the composer.lock in sync. Both files get pushed to the repository, and the only thing you need to take care about is running "composer install" to receive the updated packages.
As always, Drupal Security Team did an excellent job and the news on the security vulnerabilities reported on Wednesday wasn't a bombshell for most of us. Everyone had a chance to prepare and pre-allocate resources to take all measures necessary to patch the supported websites.
A quick recap for those who missed the buzz or just slowly waking up right now.
Two weeks ago we decided to run a little survey asking Drupal folks one simple, but provocative question “Why I don’t update my website continuously”. I decided to present you the results - and I can tell that some serious voices got out!
First, I want to speak highly of least 38 of 78 participants, who actually update their website continuously and seem to know exactly what happens if they wouldn’t do it.
Were you too busy to join our live webinar on 06/20? No problem, we present you the whole story right here:
Enjoy 30 minutes about how to
- sell support contracts with value to your clients
- automate update processes to save developer time
- establish a support process with existing resources
- maximise data security for clients as added value support
There is no question about the importance of regularly updating your Drupal installation, including core, contribs, and libraries.
No matter how you manage the workflow - by using dedicated tools, custom scripts, or just update the codebase via FTP - keeping the application's 3rd party code always up-to-date is a must for every open source project.
Without getting into the details of why this is important (in fact we believe our readers don't need to be convinced at all), we decided to imagine the consequences of intentionally ignoring all updates in your project or updating the codebase selectively, when some modules get their new versions regularly and the rest remains outdated.
To join, use the following YouTube link.
Most Drupal shops depend on a transactional business model which requires hunting for new projects every month. Building Drupal applications is a great base to add more value to your business by selling support contracts, to grow your recurring revenue and deliver continuous value for your clients that have built their online business with Drupal. Using the transactional project business strategically to sell support contracts can help Drupal shops to grow fast and sustainable.
Drop Guard team didn't make it to DC North America this year, but we've spent quite a time talking to our colleagues there, interacting with people via Twitter and Facebook, and obviously - enjoying the sessions as soon as they're available for the online viewing.
We are really excited about the number of the highest quality sessions on various topics, and to be honest we recommend to watch all of them (although be aware of the time you need to complete the whole list).
However, for those interested in all things security, support and maintenance related, and not having too much time to enjoy the full playlist, we've hand-picked a limited amount of videos which we found most insightful and would recommend to the Drop Guard blog readers.
Michael Schmid , Group CTO at Amazee, conduces his team with creativity and an amount of know-how you wouldn’t think his age would possess! Amazee Labs, a web-hosting, web-consulting and development company, started their Drupal security of 2016 with Drop Guard. And amazee.io the just launched Drupal Hosting platform built for develeopers, which has a full integration into Drop Guard.