At the Ref Desk (5/22/18): Got an IM request explaining in great detail (several sentences in fact) what kind of article the person was looking for. Only thing missing -- the topic. Oh well... [more...]

Make It Hard to Update Software? Guess What: Then People Won't

Submitted by Leo Klein on Fri, 6/8/18 (2:36am)

Drupalicon Ars Technical reports on the vulnerability of 115,000 Drupal websites to 'hacker takeovers'. This even though a software patch has been available for over 10 weeks.

All I can say is, I'm not surprised. I mean, updating Drupal software is not an easy thing. There is no link or button you can click on which gets the job done. Instead, the programmers have built a command-line interface using Drush (or whatever) thus coming up with a method which only a programmer would love. For this reason, when you go through comparisons of CMS's routinely making the rounds, 'easiness of updating' for Wordpress rates as 'easy' while for Drupal, it rates as 'difficult'.

"Difficult"? Is it any wonder then that an almost predictable result is a significant time lag before updating? This is not rocket science.