"Count what is countable. Measure what is measureable. What is not measureable, make measureable." -- Galileo

Wednesday, April 29, 2009

Blank Spots on the Map

I thought I'd take a look at the geographical distribution of Plone interest tonight. I can see the breakdown of visits to Plone.org by continent as per Google Analytics (from an arbitrary sample of a month's worth of data). What is not apparent is how these regions stack up per capita. Here's the table with percentage of world population added.

Continent Pop Pct Plone Ratio
Asia 61% 11% 0.2
Africa 14% 2% 0.1
Americas 13% 39% 2.9
Europe 11% 44% 4.0
Oceania 0.4% 3% 6.9

I've calculated the ratio of each regions Plone percentage to its population percentage. You can imagine that if a particular region had a ratio of 1.0 it would mean that its proportion of Plone.net visitors was equal to that region's fraction of the world population.

What we see is that Oceania has much more than its "fair share" (thank you, Australia and New Zealand), while Asia and Africa are much under represented. This also shows that, while Plone is popular in the Americas, it is still a Eurocentric CMS.

And while I'm poking around in Google Analytics, here's the breakdown by browser type.

Browser Percent
Firefox 60%
IE 21%
Safari 9%
Chrome 4%
Other 6%

Not really a surprise that an open-source community would attract users of open-source browsers.

Now let's see what sort of pageviews Plone.org has. Thankfully, Analytics not only displays pageviews, but unique pageviews. For a thoughtful discussion of the difference, please see Kaushik's Standard Metrics Revisited. Here's one day's percentages.

Page Pageviews Unique Pageviews
1 / 14.89% 11.08%
2 /products 7.10% 4.22%
3 /documentation 5.61% 3.49%
4 /products/plone 3.21% 2.51%
5 /about 1.09% 0.92%


16 /products/by-category/themes 3.25% 0.42%

Pageviews and unique pageviews pretty much track each other except down on line 16 of the report. There theming products have far more pageviews than unique ones. Based on pageviews, "themes" would be ranked 4th. Understandably, people looking for tools to assist with look-and-feel issues for their skins are repeatedly coming back to the "themes" page (an average of 3.25/0.42 or almost 8 times).

Based on this, I'd suggest that we create a grid of screen shot thumbnails so that visitors hunting for a theme could visually browse them all at once. It might look like this:


With appropriate links, it would save a lot of people a lot of clicks. Hmm?? Maybe I should wander over to the Plone.org website forum and volunteer.

Next posting we go beyond pageviews and investigate Plone.org visitor loyalty.

Wednesday, April 22, 2009

World Plone Day

I've been following WPD on Twitter. Lots of activity from Japan and even remarks from Malta and Basque country. Haven't seen anything from Australia, New Zealand or India yet. Here in New Mexico things won't kickoff until around 11:00.

If you hosted a WPD event, please hop over to the Google Docs spreadsheet input form where we're collecting participation information. You can view last year's results and see this year's numbers roll in at the spreadsheet itself.

This year WPD coincides with Earth Day, at least in the U.S. I just Googled for "Earth Day" & Plone. Over 9,000 results, most of them Earth Day events promulgated on Plone-based sites. By way of comparison, "Earth Day" & Drupal returns 29,000 results while Joomla has nearly 65,000. The difficulty of interpretting numbers like these is that SERP doesn't indicate search term affinity, adjacency, or context. A blog like this one mentions "Plone" and "Earth Day," so it turns up in the results, even though its not a Plone-based site.

I am reminded that the City of Albuquerque's "sustainability" section, its original Plone section, is http://www.cabq.gov/albuquerquegreen. Looking forward to meeting up with the City's Plonistas later today. Also looking forward to catching up with the gang from FosterMilo.

Re: SharePoint blues. Had an interesting call from one of the Megaports folks upstairs early this morning. They needed to move a folder with all its subfolders and content. Turns out to be non-trivial. Moral of the story, in SharePoint you'd better get your information hierarchy right the first time, because after you load up your folder structure, changes become very hard.

By contrast, moving a folder in Plone is a simple cut-and-paste. With an object oriented database under the hood, all the links simply work.

Re: Drupal blues. More anecdotal evidence turned up yesterday about difficulties with Drupal's security and the strength of Plone's.

In closing, I thought I'd link to a couple excellent resources about Web statistics from FosterMilo. Thanks, Chantal.

Presentation to UNM's Anderson School of Management
The myth of visitor stats
Segmentation in Google Analytics
Measurement without e-commerce conversion goals
Have a great World Plone Day!

Sunday, April 12, 2009

Plone and SharePoint

Before I get down to business, I thought I'd mention Packt's new release, "Choosing an Open Source CMS: A Beginner's Guide" by Nirav Mehta. At first blush, I was a little put off by the self-demeaning subtitle, but upon reading the Packt material more closely, it looks like anyone in the CMS decison-making hierarchy could stand to give this one a read. At the very least, it repeats my mantra of "Requirements, requirements, requirements" as the first step to solving a problem.

However, without having seen the text, I'm a little worried that it is a marketing ploy for WordPress, Joomla, and Drupal. The online material specifically calls those three out when it talks about the book having quick-start guides and examples. It would be a pity that a good concept should be ruined by having pre-conceived solutions that fly in the face of their own advice to let requirements drive the CMS decision.

I wonder where Plone will fall in their section on "CMSs by Breed?" Interestingly, in the final chapter apparently they reiterate the results of the last Packt open source CMS award winners. That certainly opens the door for Plone, but a final call will have to wait until I get my hands on a copy.

Meanwhile, on to tonight's topic: SharePoint. At my day-job I continue to see the corporate SharePoint solution spread (more than 1000 sites currently listed internally). The beauty of a corporate SharePoint is that it has no impact on a project's bottem line--its just another cost subsumed in IT overhead.

That makes our skunkworks of a Plone shop expensive by comparison, since we bill our services directly out of someone's program budget. Even so, Plone offers enough advantages over the alternatives that we stay very busy.

I've had my share of anecdotal evidence about how SharePoint and Plone differ on their implementation, but the sparkplug for all this is Bryan Ruby's CMS Report last month entitled "The Problem is Bigger than SharePoint." Bryan's piece put me on to Thomas Vander Wal's post, "SharePoint 2007: Gateway Drug to Enterprise Social Tools." Both are well thought out articles with a healthy dose of comments from all sides of the issue.

What seems to be drawing in customers are a few key capabilities:
  • Online forms. PloneFormGen and the ability to permit anonymous submission of completed forms, for example, workshop registration or non-citizen visit request.
  • Document sharing. Getting the traditional webmaster out of the way so site owners can upload their own content using their own folder hierarchy.
  • Customizable workflow. Special roles for individuals and groups, perhaps for just a particular subset of the portal.
  • Unique content types. Archetypes generated from UML models to handle special use-cases.
  • Versioning. Tracking document revisions really cuts down on e-mail glut.
  • Flexible theming. The ability to skin a site quickly to either the corporate standard or a particular project's own brand.
  • Automatic indexing/full-site search. Need I say more.
  • Broad collection of 3rd party products. The need for questionnaires, surveys, inventories, calendars, wikis, workgroups, and other features are often solved with a product "off-the-shelf."
That's a surprisingly modest list of functions and it seems like SharePoint would do some of these as well as or even better than Plone. But I have to agree with Bryan that SharePoint and many enterprise systems are caught between two worlds and not doing the social collaboration side of the solution well.

Sunday, April 5, 2009

Plone Security

Last week my Twi-alerts tuned me in to an ongoing Twitter discussion between David Strauss and Alexander Limi. Apparently, it started when the Idealware review came out showing Drupal as having a lower security rating than Plone.

The discussion eventually moved to David's blog where he posted the interestingly titled "Drupal's vulnerability reports are not signs of security weakness." There he cited the Google trends numbers comparing Drupal and Plone. Others have since joined in the fray, including the Idealware authors and quite a few others. VH Wouter cited the graphic comparison of security exploits among PHP and Zope-based CMS.

Let me extend the Google Trends observations by adding Typo3 and Joomla so that we have all the players from the exploits graph.

CMS Color in Graph
Google Average* Exploits
Plone Blue 1.0 10
Typo3 Green 2.6 52
Drupal Red 8.0 164
Joomla Orange 28.4 265
* 12-mo average with Plone normalized to 1.0

Looks like there's a relationship between Google trends and security exploits. If we graph them, a nice logarithmic pattern becomes apparent.

R-squared is 98%! Now one has to be very careful here... correlation doesn't mean causation. This is one of the most common fallacies in all of statisticdom. Here it is in a nutshell from stats.org:
In general, we should all be wary of our own bias; we like explanations.... Without clear reasons to accept causality, we should only accept correlation. Two events occurring in close proximity does not imply that one caused the other, even if it seems to makes perfect sense.
Maybe many eyes means more detected vulnerabilities means safer software. Maybe all the Google searches are because all the Joomla users are desperately looking for fixes to their security holes.

In the end, I think Alex's comment is as good a way of summarizing things as we are likely to get:
Instead of going for the “Drupal is so popular, all bugs are shallow, that's why we have so many security holes” rhetoric, I’d suggest addressing the list of the 10 most common security vulnerabilities in web applications from OWASP. It’s a good checklist that lists the most common attack vectors for web applications these days. If the PHP-based projects (not just Drupal :) can show how they address these, they are on their way to show that they take security seriously.

Plone’s version is here: http://plone.org/products/plone/security/overview

Another way of looking at this is David Guilhufe's analysis (thanks for the link, Laura):
Four Kitchens seems to suggest that part of the reason for more vulnerabilities in Drupal compared to Plone is that it’s more popular. But, if you’ve been an observer to the Linux/Windows FUD wars, you’ll remember that Microsoft has that exact same argument about why there are more security vulnerabilities in Windows as compared to Linux. And the Linux folks say, in response, “It’s not popularity, it’s design.” I’m sure that Four Kitchens, and most open source software developers agree with that perspective. In reviewing Plone, and talking with people who develop for Plone, I was convinced that the reason that Plone had fewer reported vulnerabilities was not just because it was less popular - it’s because it (and Python and Zope) was more secure by design.

I am completely happy with Drupal’s security (otherwise, it wouldn’t have gotten a “Solid.”) I think the Drupal community takes security extremely seriously, and if they didn’t, I wouldn’t have chosen it as a platform for development. I also think that the Joomla and WordPress communities take security seriously. In our estimation, they were all really good. But Plone was just that much better.

The fact that the Idealware review's remarks on CMS security stirred up so much commentary in the Twittersphere and the Blogosphere speaks well for the entire open-source community. Security is serious business and OSS takes it seriously.

Wednesday, April 1, 2009

Idealware CMS Report

No matter what fault you may find with Idealware's recent "Comparing Open Source Content Management Systems," we have a rare jewel in the world of web comparative analysis: a report with a completely documented methodology. Of course, you are welcome to disagree with their ratings, their categories, and their thresholds, but at least they are 100% up front about where the numbers come from. Tip o' the hat to Idealware.

So... down to the nitty gritty. What does the report have to say? The easiest thing to do is take their verbal scores (None, Fair, Solid, Excellent) and convert them to numeric values (0, 1, 2, 3 respectively). The result is a modified version of their comparison chart on page 16 (numbered page 14 due to front matter).

WordPress Joomla Drupal Plone
Simple Site Config
Complex Site Config
Content Admin
Graphical Flexibility
Structural Flexibility
Roles and Workflow
Web 2.0
Extending and Integrating

The long and the short of it is that there is only a 10% difference between the bottom (Joomla) and the top (Drupal). WordPress and Plone are only 3% behind the front runner. I'd say that the differences are "in the noise."

Perhaps a better way to approach this is to weigh those comparison categories to match your needs and requirements, run the math, and see what comes out. For example, if security is a big driver (as it is for me), giving it a weighing factor of 2 might be appropriate. Then the final scores are 31, 29, 32, and 33.

But as is so often the case, we're looking at apples and oranges here from the get-go. WordPress is a blogging/collaboration tool, Joomla is a web CMS, Drupal is a complex mixture of both. Plone by virtue of its powerful combination of features is a collaboration system and a web content management system, yet strong enough to do the heavy lifting for an enterprise portal.

Its always nice to see good scores and the fact that Idealware chose Plone along with only 3 other serious open source systems is high praise in and of itself. Idealware should be complimented for having a transparent methodology, a relatively neutral approach, and giving good press to four worthwhile systems.

Still, I can't stress enough that your specific, unique requirements must drive your choice for a CMS. Don't let someone else's numbers blind you to what you and your community of users need to accomplish.

Coming next: a stroll through Idealware's Consultants listing in the appendix.