X-Force report is a GOOD thing in the WRONG light

A lot has been said recently of IBM's X-Force results, most news sites and some clueless bloggers have made the now growing redundant point of stating the likes of Joomla!, Drupal and wordpress three of the biggest PHP based systems are all listed in the top 10 of this report which covers 'Vendors with the Highest Percentage of Public Exploits'. This report has been made a big thing of but totally in the wrong manner - if anything Drupal, Joomla! and wordpress alike will be happy to be on this list.

Sadly however the media are often written by brainless morons (like myself on certain days) and only note that this list shows 'known public issues' the keyword here is public issues, knowing a programs issues is often a good thing as it allows (in the open source world) the developers from various backgrounds to collaborate together towards a fix.

Not to long ago i remember reading a similar report by RedHat which tracked there issues and put them alongside Microsoft's and showed there turn around time for fixes, whom discovered them and there patch/fix status and based on the report it showed RedHat having far more issues, but a very quick turn around basis and most issues being discovered by the RedHat devs themselves.. meaning they we're finding and fixes there own issues which is often the case with Drupal, Joomla! and Wordpress and most other PHP based systems, phpNuke being the exception :P

What does this mean all together ? quite simply really, this report does nothing really for anyone out there other than the media type whom wish to get a story out there or create a little chaos. Mathias of the Joomlatools crew touched on this citing a Belgium Chicken massacre story, to quote:

It reminds me of the Belgian dioxine affair a couple of years back. Some eggs and chickens were discovered to contain the toxic dioxine. The press and the public opinion went insane, there was a huge political crisis, and 7 million chickens were destroyed.

When it finally blew over, it turned out the dose was less than 100mg and no direct threat to public health. And nobody seemed to get that it was actually good news: If the Belgian food inspection can detect such small amounts of toxics, we can be pretty reassured that our food is safe.

Even the likes of Apple are facing stupid titles like 'Apple gets bruised in vulnerability report' has the report gone into any depth of detail other than found issues I'm quite certain we all know which application vendor would be on top (sup bill).

Kris Lamb operations manager for said report is quoted as saying:

"Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fueling online criminal activity,"

"There is a reason why X-Force does not publish exploit code for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice."

While most developers will agree that issues should be shared and known about by all users I'm sure at the same time they are wishing the IBM lot would have actually taken time to place further information into there report such as:

• how quick the issues are fixed
• are they fixed as of current version

and produce some detailed information on these such issues, while these reports are welcome by open-source and encouraged i think most any of the developers out there will feel this report as well as the media coverage in a negative light of said report has done nothing more than insight meaningless worry into some of the largest communities on the Internet today.

why make use of third party services ?

Making use of third party tools when you use the likes of Joomla! is not really much of a common concept, lets face it Joomla does it all - feeds, comments, PDF creation, downloadable material so why would you need or more to the point want to make use of third party tools ? As yet I've not found in my reviews a clear answer from various webmasters why they use third party tools rather than built in or extensions to establish the same result, so i thought i would explain why i use several third party tools on my website IRCNews.

The first service i take advantage of is Disqus, a commenting service which offers the following features:

• threaded conversations
• email and mobile posting.
• Track and follow
• Subscribe
• rate comments
• widget support
• moderation system
• ability to assign moderators
• basic access control system
• spam/troll filtering
• customizable
  

My basic reason for using this was, again my users could comment from anywhere around the world, another reason was it does everything most comment systems aim to do for Joomla! as extensions but it doesn't add any further load, java scripts or size to my database.. which is great! It tracks conversations and also produces rss feeds which you can make use of on your site as well as the widgets, all of which are great.

It also allows users without a Disqus account to post comments with minimal fuss and if need be allows you to make use of a commenting queue system, all of which contribute to making your life that much easier and beyond all that they offer a subdomain on there main domain which can only help with your SEO rankings.

but on a much larger scale its a trusted service, my users tend to trust there email addresses with a well known service over my own service, the users of course that I've known for some time are not overly fussy but as i run a community based site its very unlikely i will know each and every users and will have spoken to them all on a personal level so the trust factor again is important.

The next service i make use of is Feedburner, again prior to making use of Feedburner i made use of news letter components to get my stories out there and people reading them, this is what counted overall for me. Again this one came down to my users trusting that they would not receive spam from Feedburner and subscribing would not be an issue. Since making use of feedburner while my results are not sky high they have doubled in the amount of readers via syndicated services, which only goes to save me bandwidth in the long-run.

Along with being a trusted brand, its features like pingshot also help to get other services you don't directly take part in getting hold of your news and content thus overall your service only benefits from such things. It does if your interested in making a few bucks also offer a very well put together advertising system so you can make a few bucks at the same time BUT! perhaps more important you can assign your CC license on your content which can be configured on a low level and output on your feed data so that's all good.

Another service which while the person whom indirectly introduced it to me says its lacking in a few features for your END USER (you and me) its a great service which on its very lowest level (it can be used to do oh so much more than what I'm on about thus lowest level) its capable of combining several feeds, sorting them into anyway you think is best (normally with news by date in a desc order). This service is called Yahoo pipes, so whats the big fuss about this one, well Feedburner does not offer a combined into singular writing service, it does produce pretty feed URLs but no ability to combine feeds.

This is where Yahoo pipes does help, you can combine your feeds for example, put in your optional sorting and this will in itself produce a feed which you can then feed to feedburner, which then produces your pretty URL for your numerous feeds thus your users are able to track say your Joomla! community site, your wordpress personal blog and say BBC news feeds all combined into your own feed object - a simple concept and done in a very simple way.

So overall the question i asked was why make use of third party services ?, my biggest reason points to trust in brand news and big companies as often these services are run by as well as the amount of load, bandwidth and database space this will save you in the long run (imagine a site like slashdot running jomcomment, disaster!)

If anyone else has any other third party utilities they make use of please feel free to comment or drop a post on the Google Group, just a short post this time around but its one of those posts i can point to every time i get asked about it :)

Joomla!Fish First Impression

As i did a review recently on Nooku i thought it would only be fair that i did a review on Joomla!Fish the other of the translation systems for Joomla! So off i went on my travels and started out with the beta 2.0 package which was released in April if i recall correctly.

The first thing i did was install the component via the extension manager which went smoothly - however once done i entered the Joomla!Fish control panel and received an error in regards to there feeds not being correct along with an internal server error.

I started out with the help option which gave me a fair amount of positive information on how to get started out with Joomla! Fish. So i moved on and looked into Joomla!Fishs language manager which again i found a little confusing as you would think this would be handled by Joomla! itself and perhaps kept out of the way ?

As i had only one language installed at the time i reviewed the options for that language (en_GB) but sadly this lead me too:

Layout "translateConfig" not found

 Oddly none of the tables we're sortable, since this is a native 1.5 version this seems like as yet the devs behind the fish have not opted to make full use of Joomla!'s 1.5 features. At the same time however each header showed a huge amount of information and had a lot to guide you as you went which as you can imagine with a component such as this is always welcome.

Being unsure what content elements do and much like most end users i opted to figure this one out on my own, based on what i can gather the content elements which are installed as plugins specific to the Fish are how the Fish knows what it can and cannot translate within components.

I reviewed the content element for the content component a native Joomla! component and was impressed with the amount of information provided. Again as mentioned this is a beta so there are some obvious things not finished and some things needing cleaned up, one of which is the content elements page which doesnt have the snappy feeling of other J! 1.5 components.

From there i opted to move directly onto what really matters when it comes into translation management, that being the management of translations. Once in there i was presented with 3 options:

• Check translation status
• Check original status
• Copy original to language

I figured that to make this work i would go and get me another language, which in all fairness i should have done in the first place!

Having installed my second language (i went with French) and moved back to the language manager - again the configuration options still produced a 500 error but it did locate the language without any help in finding it.

From there placed a tick to activate both my languages and clicked save, all went well and then it was onto the translation manager once more. I opted to try the first option Check translation status

I was then after clicking the option presented with a message saying that joomlafish was checking my request, which i missed first time around, suggesting this should perhaps be a touch more visible or the message area a little more clearly defined.

After waiting a minute with no movement i went with the second option: Check original status, again i was left waiting with nothing happening leaving me to get a little concerned, finally i moved onto the third option which again stalled - leaving both myself and my demo site scratching our heads as to what has possibly gone wrong.

Rather than get right into it and give this a negative review i have opted to share my progress with it as i go and have decided that later in the week il give it another go around and see how far i can get and perhaps offer a complete review on this system

I will report my findings as i go on My Google Group with my impressions posted here, so keep a look out for 'Joomla!Fish Second Impression' and by all means if anyone knows where i went wrong, either comment or head off the to the group.

Joomla!: 5 things to avoid first install

New to Joomla! users for the most part are often trying a CMS for the first time and there are several mistakes they make on the first go which can often lead them away from the product or worse yet they stick with it and encounter issues later during there usage of Joomla!

So i thought i would put together a small post of 10 things i think new to Joomla! users should avoid on there first play around. This is not an all that technical post (much like my other posts) so here are the issues in no particular order!

1. Mass Extension installs
While i plan to do a blog post in the not so distant future on making usage of the core CMS - this is one of the issues i do find new users encounter. There is this seemingly odd thought that Joomla! is just a framework with a WYSIWYG editor thrown in on top with a few templates and everything else must be accomplished via the usage of 3PD extensions.

Remember with the core you can do a LOT of things and you should (for me) at least explore what exactly the core can and cannot do prior to looking at installing 3PD extensions or worse yet forking out a fortune on a 3PD extension.

2. Turning on the Cache while still creating your site
This one should be basic for most anyone, if your still working on your site, you will want to see changes as they are applied. Turning on the cache means your seeing cached data thus not in effect the applied data so you are only creating more work for yourself!

3. Deleting Plugins via FTP rather than using disable
Joomla! is a modern framework unlike say phpNuke which somewhat outdated (amongst other things). There is rarely a need for you to access FTP to manage Joomla! certainly when installing, removing plugins. Clicking disable is more than enough - if its a core item and you cannot uninstall it from Joomla!'s ACP then this alone is a small way of saying Leave it alone

4. Not installing the demo content
I never really understood why when you are new to something you would not wish to have the demo content, perhaps someone out there whom has done this can explain it to me ?

The demo content in short is there for you to toy with, see how things look and try out some of your own ideas without actually having to create your own content to see what something looks like in a position.

Furthermore and beyond just the looks and what not it is actually informative demo content - so its also worth reading!

5. Not clicking the little help icons
Joomla! depending on your background can be very easy or very hard to get your head around, as I've said numerous times on a few posts i originally found it very hard to adopt due to my background in other systems in which several terms meant one thing to them and another to Joomla!

Thankfully Joomla! 1.0.x and 1.5.x are both filled with a mass of help buttons all over the place that give you a little insight into just exactly what something does. These documents are often more than not written for a purpose, now its not like i don't understand that not everyone can read and grasp the often big-word using Joomla! documents - some of us do prefer the human way of explaining things which is cool but you should always make an effort to read the documentation whenever possible.

As i said earlier this is a none technical list and i don't think it is, its not even a very detailed or well informative list if we're honest but its basically my way of saying taking the time to read documents, explore the system and not brake whats not meant to be removed and you should be fine!

Joomla!: The Flipside

While its nice to always point out the strong features of Joomla! and declare just how wonderful of a CMS it is, it does have one or two annoyances about it that can often contribute to it being a very difficult system to use, more so if your used to other CMS's - new alltogether in general will for the most part not encounter most the 'problems' highlighted within this post.

The first thing that seems to be an issue is the ACL - Joomla! has a very simple and straight forward ACL, while powerful in its own right it does always have the limited feeling about it. As a simple example i looked at Xoops CMS which happens to have one of the strongest ACLs about it. While there are some things in Xoops that do feel limited, the permission system is not one of those.

As you can see from the provided screenshot Xoops allows its modules to plug into the ACL allowing any group to adminsitrate a module if set to do so as well as allowing blocks to be visible or not so. As you can imagine this would be very handy for a Joomla! based site.

Lets say you want users to sign up to remove advertisements or once they hit a certain post level there moved to a new group automatically which again hides advertisements or gives them new access to some neat features as a giving back reward.

There are endless examples that could be given of course this is just one of those examples, Joomla! is not without its ACL extensions either but as yet ive not seen or used one that comes close or provides a painfree package. Most components that choose to extemd upon an ACL have actually taken the option of using a group based system, extensions using this are DOCman and Remository (Remository adopting the idea from DOCman)

Another annoyance with Joomla! which i did find very difficult to work my head around when first moving from another CMS to Joomla! was the complete lack of sub-categories. Joomla! makes use of the:

Section -> categories -> document

process and does not natively allow:

Section -> categories -> sub-category -> document

There are ways around this by using the following method:

Section -> categories -> menu item -> document

By assigning the documents or categories within the menu item in effect this makes the menu item the category reducing natural categories to sub-categories.

This is again a pain more if your moving from one system to another but admittedly once you get used to this method it doesn't feel any superior in terms of administration (or at least for me) but you do grow to appreciate the flexibility it does allow you at the same time.

Another small but somewhat pesky annoyance is the menu items which from time to time just tend to no longer function, this is one i have not yet managed to nail down where it comes from or why it happens or if indeed it does expand beyond just my own environment.

Research suggests its just one of those things that 'happens' 90% of the time you will notice it prior to your members noticing it but it can be a pain. It also only seems to effect 3PD items and as yet has not caused my any huge issues, however it is the one thing that has followed me from 1.0.x to 1.5.x.

The last thing that bugs me about Joomla! is the lack of auto saving while writing a document, lets be honest how many times have you spent writing a mid-long document then when you come to save it it seems your admin session has timed out and because you have as yet not applied or saved your changes they are all gone ?

I know one person whom will be reading this post whom will indeed be nodding her head in agreement with this assessment, as it happens to have hit her a few times. While i agree hitting the apply button every so minutes and continuing with your document is no big deal there is often i find myself 'in the zone' so i just don't take the measures to save what I'm working on within the editor and then i have to start all over again which often leads to mass coffee consumption to get over the annoyance.

Well that's the end of this post, please feel free to share your annoyances about Joomla!.