The effects of the next Drupal security hole should be entertaining.

Http headers say 'Server: White House'

I would guess all that is publicly accessible is static and being served from Squid or Varnish.

Good luck taking advantage of any Drupal security hole.

Most likely Varnish, which is made possible by the Pressflow Drupal distro, which among other things, cleans up the http header problems in Drupal 6: http://fourkitchens.com/pressflow-makes-drupal-scale

Much of Pressflow's codebase was backported from Drupal 7, so its advantages will be available to all Drupal sites after the stable release of version 7 sometime early next year.

The change to Drupal 7 that make better http headers (now in Pressflow 5 & 6) will allow, afaik, for any reverse proxy, but varnish is definitely one of the easier to use.

All Drupal 5 and 6 sites can use these features by substituting the Pressflow core.

Now I'm wondering how the US government will contribute back to the Drupal project.

absolutely. I bet Vegas is taking bets on it

Drupals founder, Dries Buytaert got some reflections on this too. http://buytaert.net/whitehouse-gov-using-drupal

He's from Belgium, though I don't know where he learned English.

Probably at school, starting at the age of 11 something. Like everyone else at his age in Flanders.

Stupid Flanders.

Um, what's wrong with Flanders now? Learning a language is not trivial, and even less so if not via immersion as a child.

That was a Simpsons joke.

http://www.snpp.com/guides/flanders.file.html

I'm laughing so hard right now.

How many languages do you know?

English is a language, a tool for communication. What he wrote is perfectly understandable by any reasonably intelligent individual who is fluent in English. I'm sorry if his English proficiency is not up to your standards, but I assure you that it is far better than your Flemish, or French, or probably any other language than English, which happens to be the one you learned as a child.

So I guess it's a pattern in the PHP community to blog in languages you don't know. Almost like how they write code...

Original article: http://www.washingtonpost.com/wp-dyn/content/article/2009/10...

Actually a pretty reasonable write-up of open source advantages.

http://www.barackobama.com/ is run on Movable Type Pro, which is essentially the supported commercial version of the open source Movable Type. I don't recall the hoopla surrounding that choice. Buytaert's company Acquia helped develop whitehouse.gov. Perhaps some of the development that went into whitehouse.gov may end up back in open source, but I wouldn't bet on it.

I would hope that the White House would apply their cyber-security experts to the problem of securing Drupal and contribute their changes back to the community. ;)

Yeah. The White House's cybersecurity experts. That should be pretty awesome.

I sure hope their email is done a physically different server and hard drive.

You have to enlighten me how it could be a different physical server and yet be the same hard drive ?

Unless you are suggesting they use ATA-over-ethernet or something like that to share the same drive.

Or maybe you meant to be worried that they might use virtual machines where one is running the .gov site and the other would be mail server or something like that ?

At the volumes of web traffic they receive there it would surprise me if they only had one server to do just whitehouse.gov, especially if they're using drupal.