Keeping a Drupal site secure means staying on top of security updates, which are a kind of patch-level update. You may have heard of Automatic Updates, a tool that helps you apply patch-level updates to your site without the need to manually use Composer on the command line. Perhaps you’ve installed Drupal CMS and encountered it there or in the documentation as a feature. Before you dive in, make sure you understand what’s required and the best-fit use cases. Depending on your hosting provider and deployment workflow, you may already have the best update solution in place.

In this post, we’ll walk through what Automatic Updates can and can’t do, the technical requirements and limitations, a decision matrix to help you determine if it's a good fit, and where to learn more in the Drupal CMS Guide.

Introduction

DDEV works in various environments, and it's often tested in virtual machines, but nested virtualization can be hard to set up and may impact performance.

In 2024, VMware Workstation Pro became free for personal use.

This guide shows how VMware Workstation Pro can be used to prepare environments for both Windows and Linux, where Docker and DDEV perform well even inside a VM.

Warning: Nested virtualization may not work on all systems:

Virtualized Intel VT-x/EPT is not supported on this platform. Continue without virtualized Intel VT-x/EPT? VMware Workstation does not support nested virtualization on this host. Module 'HV' power on failed. Failed to start the virtual machine.

If this occurs, search for known workarounds specific to your hardware and BIOS/UEFI configuration. It worked out of the box for me on Arch-based Linux but did not work for Randy on Windows 11.

Installing VMware Workstation Pro

Download and install VMware Workstation Pro. You must click on the link to the terms and conditions to accept them before downloading (checkbox is inactive by default). Packages are available for Windows and Linux.

On Arch-based systems, install via:

Initial configuration steps:

• Edit > Preferences > Workspace > Default Location for Virtual Machines - use location with sufficient space
• Edit > Preferences > Hotkeys - remember shortcut to escape the VM, the default is Ctrl+Alt.
• Edit > Preferences > Updates > Configure update behavior
• Check other settings

Installing Windows 11

Download the Windows 11 Disk Image (ISO) for x64 devices.

In VMware:

• File > New Virtual Machine > Typical > I will install the operating system later
• Select Windows 10 x64, not Windows 11 x64 (I don't want to use TPM encryption)
• Specify 100 GB disk, stored as a single file
• Customize hardware and finish:
  • Set at least 8GB RAM
  • Number of processors: 2, number of cores per processor: 2
  • Virtualize Intel VT-x/EPT or AMD-V/RVI (check)
  • Virtualize CPU performance counters (check)
  • Network Adapter > Connect at power on (uncheck) - to be able to set up a local Windows account and skip Windows updates
  • Sound Card > Connect at power on (uncheck) - I don't like any beeps on the first boot, will be turned on later
  • USB Controller > Automatically connect new USB devices (uncheck if you don't need USB devices)
  • CD/DVD (SATA) > Use ISO image > Browse - select ISO file

To apply additional low-level VM configuration, close VMware itself and use the script below:

Press "Start up this guest operating system".

If Windows 10 was chosen as virtual machine type:

• Wait for the "Select Image" screen (where you choose which Windows to install), press Shift+F10 to open cmd, write regedit, open HKEY_LOCAL_MACHINE\SYSTEM\Setup
• RMB (right mouse button) on Setup > New > Key > write LabConfig
• RMB on Values area > New > DWORD (32-bit) Value > write BypassSecureBootCheck, set 1
• RMB on Values area > New > DWORD (32-bit) Value > write BypassTPMCheck, set 1

After the first reboot (installation is not done yet), don't select country in the initial setup:

• Press Shift+F10, enter OOBE\BYPASSNRO (O letter, not number) directly in cmd. This is needed to force creation of a local account (I don't want to login anywhere here).

After Windows boots:

• VMware Menu > VM > Install VMware Tools
• Open Explorer, select D: drive with mounted tools, and run setup.exe
• Reboot

Windows configuration:

• Settings > Windows Update > Pause
• Explorer > This PC > View > Show > Filename extensions, Hidden items
• Settings > Home > Rename
• Settings > System > Power > Screen and sleep timeouts > Never
• Settings > System > Sound > More sound settings > Sounds > No Sounds, uncheck "Play Windows Startup sound"
• Settings > Personalization > Taskbar > Task View (uncheck), Widgets (uncheck)
• Settings > Personalization > Taskbar > Taskbar behaviors > Taskbar alignment > Left

Registry configuration:

Shutdown the virtual machine, press "Edit virtual machine settings":

• Hardware > Network Adapter > Connect at power on (check)
• Hardware > Sound Card > Connect at power on (check)
• Hardware > USB Controller > Automatically connect new USB devices (check if needed)
• Hardware > CD/DVD (SATA) > Connect at power on (uncheck)

Press "Start up this guest operating system", and run inside Windows:

• Search > Disk Cleanup
• Search > Defragment and Optimize Drives

At this point, the VM uses more disk space than needed. We can shrink guest on hosted platform:

• Add VMware Tools to PATH, run Terminal as admin:

  cmd /c "setx /M PATH ""C:\Program Files\VMware\VMware Tools;%PATH%"""

• Restart PowerShell, and run Terminal as admin:

  VMwareToolboxCmd.exe disk shrink c:\

• Wait until *.vmdk file at virtual machine location will be shrinked.

VMware Menu > VM > Snapshot > Take snapshot.

Install Docker and DDEV. Create additional snapshots as needed.

Installing Linux

Follow similar steps as for Windows, using a Linux ISO (e.g. Ubuntu).

Install VMware Tools inside the guest:

If display resolution is incorrect:

If copy/paste from/to the host doesn't work:

References:

• https://github.com/vmware/open-vm-tools/issues/627
• https://github.com/vmware/open-vm-tools/issues/568

To configure shared folders inside the guest:

Shrink Linux VM disk, take a snapshot, then proceed with installing Docker and DDEV. Create additional snapshots as needed.

How Do You Test DDEV?

If you use a different setup that performs well, consider contributing a guest post to ddev.com or sharing your findings.

AI — one of the most breathtaking inventions of the 21st century — isn’t just changing the game; it’s rewriting the rulebook for effective website management and creation. The Drupal community knows this well, which is why embracing AI has become a top priority for the platform.

Join Carlos Ospina and Ana Laura Coto as they discuss their unique perspectives on work-life balance, the blending of personal and professional lives, and the challenges and opportunities within the Drupal community. From remote working experiences, integrating AI in their workflow, to the importance of small and medium-sized projects in sustaining the Drupal ecosystem, the conversation reveals insightful and diverse views. Hear their inspiring story of collaboration, love for Drupal, and their vision for making the Drupal community more inclusive and accessible globally.

For show notes visit: https://www.talkingDrupal.com/cafe006

Carlos is a seasoned Drupal Architect and active contributor in the Drupal community. With over two decades of experience in open-source technologies, Carlos specializes in site architecture, development guidance, and performance optimization. He is the founder of Palcera, a digital agency looking to deliver high-quality Drupal services to clients across the Americas. Carlos is known for his community engagement through events, meetups, and mentorship within the Latin American Drupal scene and the US community. He frequently shares his knowledge through talks, workshops, and contributions to Drupal.org, helping to advance the platform and support new developers. Passionate about building inclusive tech communities, Carlos champions collaboration and continuous learning in open source and the development of a more global community for Drupal.

Ana is a dedicated Drupal developer and advocate. With a background in front-end development and user experience, Ana Laura brings a passion for building accessible, user-centered websites using open-source technologies. She is an active member of the Drupal community, contributing to both local and international events as a speaker, organizer, and mentor. Ana Laura is especially committed to fostering diversity and inclusion in tech, helping to create welcoming spaces for underrepresented voices. Through her contributions to Drupal.org and community initiatives, she continues to inspire collaboration and growth within the Drupal ecosystem.

• How We Met: A Unique Beginning
• Different Perspectives on Work-Life Balance
• Challenges and Benefits of Working from Home
• The Drupal Community and Family Life
• The Role of AI in Our Work
• Future of Drupal and Community Challenges
• Challenges and Opportunities in the Drupal Job Market
• The Evolution and Pricing of Drupal
• Reviving the Drupal Community
• Global Perspectives on Drupal's Future
• The Importance of Inclusivity in Drupal
• Personal Reflections and Future Goals
• Concluding Thoughts

A Drupal Couple The IXP Program IXP registration Site Palcera

Carlos Ospino A Drupal Couple camoa Ana Laura Coto A Drupal Couple anilucoto

Ongoing professional development is a fact of life for people who want a long-term career in technology. That means finding ways to learn new skills above and beyond what you’re paid to do. We all need to strike a balance between having a life outside of work, and making sure we’re learning new work-related skills. Your professional development should not take over your personal life, but if you only learn on the job you will limit your options over time and be bound to the generosity of your employer.

I changed jobs recently. In the process of leaving my old job I was asked a lot of questions about how I’ve built up a wide-array of skills and knowledge. During those discussions I tried to give the best advice I could on the fly to a question I was asked cold. Now I’ll try to assemble a set of more carefully considered advice.

These suggestions are more or less in the reverse direction of importance: the more you read the more valuable I think the suggestion is.

Directed Learning (Job Related Learning)

By “Directed Learning” I mean learning that is supported or encouraged by your employer. This can be certification preparation, employer provided trainings, or research into an emerging technology, even building tools that directly support your work. Into this category goes anything that can lead to higher pay, advancement, or even just keeping your current job.

Some employers are really good about this. Over time I’ve been sent to trainings, had course fees covered, and other direct support. The job I just left even provided financial incentives (cash) for us to acquire select certifications of value to the company. Other employers have published a list of what they wanted people to have – without direct incentive. But most often I’ve had to figure this out on my own which is not ideal of anyone involved.

This type of growth has a few benefits. First, it can help with your reputation (and hopefully pay) with your employer: “Oh, Aaron is certified on [interesting product] we can assign him to [high profile project].” Second, it helps make sure you are growing in alignment with your employer’s needs. That can be helpful when they are forced to make cuts: “We should keep Aaron, he’s the only team member with [rare certification] and Salesforce wants us to have that on the team.”

In my life as a Drupal developer this looked like creating modules for internal use, or learning new techniques. But it boils down to the same thing: learning stuff your employer needs you to know.

The downside of only learning what your employer needs is that you miss chances to grow beyond their needs. That limits your future mobility – your best chances will be for another job like you have today. If you want a better job or a job doing something different, you need skills your employers doesn’t think they care about.

Personal Learning: Side Projects and Other Self-Directed Research

To learn things your employer does not care about you will likely need to put in your own time. You should focus this kind of learning on something that interests you – make it fun. My experience is that this kind of learning goes best with side projects.

Side projects allow us chances to test and practice the ideas we’re learning. I use them to learn programming languages, frameworks, and techniques that interest me but not directly useful to my work. Sometimes they come around to being useful in my work. Sometimes they just give me a chance to learn interesting things. My Github account is full of examples.

An early professional mentor told me to learn a new programming language every year, and so over time I taught myself a bunch of programming languages. These days I generalize that advice a bit and try to learn a new platform, framework, or technique every year – and sometimes a new language. That meant when Salesforce rolled out LWCs to replace Aura Components, I was ready to learn them quickly. It also means when a friend started to talk about using Wails I could related from my experiences using Electron. My experience creating a project estimation tool helps me discuss estimation techniques with project teams.

This blog is an example of a side project. Every post gives me practice at writing. To keep posts accurate I include research as part of my writing process. That research teaches me things I wouldn’t learn otherwise. The act of writing forces me to clarify my thinking on topics. All of that is useful to me and helps me be better at my work. I also know this blog as been read by colleagues, employers, and potential employers all of whom are useful audiences when getting new work.

When I give talks about communication skills I tell people what they do for practice doesn’t matter: what matters is that they practice. Same is true for side projects. What project you tackle isn’t important. What is important is that you do something that forces you to learn new things.

Side projects help us look at our work from different angles, and therefore test our limits and grow.

Develop Learning Routines

It’s easy to get lazy or to put your professional development aside – it feels like there will be time later. So you should create a routine that works in your life.

I like to have a routine to make sure I’m steadily doing some form of professional development – it’s a marathon not a sprint. For me that generally looks like job-related learning for about an hour after my formal work day and working on a side project on weekends. Attaching your learning to your work day allows you to more easily block the time in your mind and with family.

I know people who like to do their study before work because that’s when they are fresh and study gets their brain into the right gear for the day. Other friends tell me they like to do research or study after their kids go to bed because it gives them more time with the most important people in their lives. All of those are great patterns because they are tailored to their life.

Whatever routine works for your life is a good one. The important part is to making learning a regular activity.

Share What You Know

One of the best ways I know to learn is to teach. Giving talks, writing blog posts, and mentoring all give me a chance to share what I know with other people.

Sharing can be intimidating. I have been writing this blog for nearly 10 years. I gave me first conference talk more than 10 years before that. And still, every time I take on a new topic I’m nervous I’ll be found to be a fraud.

I try to leverage the fear I feel to help me assemble the best content I am able (at least within my time and resource constraints). When I am writing, or preparing a talk, I also do a lot of fact checking. Since I never want to put anything into the world that I can’t back up later, I do my best to make sure I’m right. In the process I also learn more about the topic. That even means correcting information I was preparing because my initial understanding was wrong.

On the flip side I try not to let the perfect be the enemy of the good. I require myself to post on my blog once a month – limiting my editing time. Similarly conference talks have a hard deadline. Those deadlines force me to complete content on a schedule, not when it’s perfect. So be it.

When you share what you know people start to see you as an expert. That can lead them to ask you questions that push you to learn more.

All that can lead you to be an expert.

Make Friends

Making friends is easier for some of us than others. And maintaining friendships in our current society is extremely hard. But friendships are super important. They help keep us healthy, mentally fit, and happy. Friends also teach us really important things about the world around us.

If you have read this blog much you are used to seeing me make references to my friends as sources of information. They are my greatest resource for learning (and a bunch of other things too). Friends know stuff we don’t know. Even better, they will tell you things you don’t know. Good friends don’t judge you for your gaps, but are happy to help you fill them.

I value the input and perspective that friends share with me. We don’t have to agree on everything. We don’t have to be interested in the same technologies. In fact both of those conditions help me understand things I wouldn’t know about otherwise.

I cite my friends in my writing because they are important. They deserve credit when they teach me things. Processing ideas with my friends helps me test them for quality. Often they point out errors in my thinking. Those are all good things.

Be Curious

This is one of the most important lessons I learned from my mom. She was a deeply curious person and that rubbed off on my sister and I. We both remember her dragging us to lectures at the RPI Freshwater Institute in Bolton’s Landing, NY (it’s fun to discover those still happen – I highly recommend if you’re in the area). And the time she took us to a ranger talk at a National Park where the ranger offered a postcard to anyone who asked a question he couldn’t answer – she promptly earned all his postcards with questions she genuinely wanted answered. She would stop and talk to keepers at the Philadelphia Zoo to learn more about the animals (a habit my wife and I both now share).

Because of her constant interest in, well just about everything, I have been to historic sites, factory tours, art and science museums, zoos, and many other places. My wife – a curious person herself with her own curious parents – and I continue those kinds of adventures. We go places, we ask questions, and we learn things.

We also read widely, both in our professional fields, and about the world in general. Long drives often involve several hours of listening to podcasts featuring experts in a variety of fields. I’ve previously talked about those as my ongoing Liberal Arts education.

If you aren’t someone who was trained to be curious by your family, it turns out you can do things to increase your curiosity. And yes, I found that article cause I was curious to know if curiosity is trainable – there are deeper articles on curiosity out there too.

The value in being curious is that it causes you to learn things you might otherwise have missed. Some of those things just make you smarter about your world – and the world needs more smart people. Others will suddenly pop up in your work and make you better at your job. They might come up in random conversation with a new friend and deepen your connection to another person.

Learning new things is never a bad idea.

Always Learn More

All this advice boils down to this central idea: always being learning something new. It’s good for your brain and good for your life (oh yeah, and career).

Reading through all of this commentary on professional development you might think: “Wow, that takes a lot of time!” But if you put yourself into a mindset of always trying to learn something new much of that times starts to overlap with other activities in life. And when it’s not all dedicated directly to work it doesn’t burn you out the way constant study of one technology of platform can.

Push yourself forward. Find things that are interesting to you. Nothing new is a waste of your time.