The Joomla! Community Portal ™

Community Blog

Mon

03

Nov

2008

Did you know? Overrides are not just for HTML!
Written by Anthony Ferrara   
Monday, 03 November 2008 00:12

Arguably, one of the greatest features of Joomla! 1.5 is the ability to override nearly every single piece of HTML output that it produces.  What most people don't realize, is that you can do the same thing with all the core components' classes!  You can override controllers, models and views!  What does this mean for you?  You almost never need to actually modify the core of Joomla!  All you need to override a controller, model or view (or multiple), is a simple plugin!

Read more...
 

Fri

24

Oct

2008

Security and Joomla
Written by Ron Severdia   
Friday, 24 October 2008 23:17

Over a thousand posts in the Security Forum shows an active interest in security, especially when it comes to protecting your own site. Some posts are people that have had their outdated installations hacked, some posts are Dev and Security Teams giving general advice on how to protect oneself, and some are just users curious to learn more. Overall, there's a great interest in discussion around security.

 
The Joomla teams have repeatedly voiced how important security is. If Joomla isn't secure, then credibility can be lost. With less credibility, users will turn to other solutions for their needs. Once lost, credibility and trust take time to regain. So an ounce of prevention can be worth a pound of cure.
 
Security is not black or white. While you may or may not have heard the phrase "there's no such thing as 100% secure," it's definitely true when it comes to software—you can never be 100% secure or even 100% unsecure. Joomla is no exception.
 
Keeping Joomla users secure has been a daily exercise since day one. To best handle this, the Joomla Core Team recently created the Joomla Security Strike Team. Besides performing their own auditing, they look at each and every single report that comes in from users. Imagine what a tall task that is. Also imagine how many false reports come in or reports on an outdated install that already existed. It's a very time-consuming and detailed process, but completely necessary to keep Joomla as rock solid as it can be.
 
Users need to keep firmly in mind that security doesn't stop there. You, as the user, need to be aware of any vulnerabilities a third-party extension can cause. With almost 4000 "tidbits of goodiness" in the JED, it's hard to resist all those wonderful extensions that enable you to do just about anything you can imagine. But there's some due diligence when using third-party extensions. Check the developer's Web site thoroughly. Is there a support forum? Are users experiencing serious issues? Is there a reasonable response time from the developer? Naturally, whenever you use a new extension on your site, you're first testing it on a "sandbox" site (a duplicate of your live site for testing), right? You have a system for backups, right?
 
To say that Joomla is not secure is to say that it's always sunny in California. It's a generalization that's just not true. If your site was hacked, you'd immediately think "That damn Joomla!" because the culprit may not be initially apparent. Only after you've verified all third-party extensions and updated to the latest version of Joomla can you THEN point a finger at the Joomla Security Strike Team. But if you're not doing both of these things on a regular basis, then you're leaving yourself open and there's nobody to blame but yourself.
 
Security is a process, not a state.
 
 

Tue

21

Oct

2008

Joomla! Member of the Month... what next?
Written by Ken Crowder   
Tuesday, 21 October 2008 18:07

Over the last couple months the Global Moderators have discussed what to do with the Joomla! Member of the Month award. As a group, we came up with some great ideas on how to improve it and more importantly, get more participation. We love being able to reward community members who help out in the community. We have found that there are a couple problems with the current process and would like to ask all of you to help us think this through. 226,357 heads are better than 7.

 

Read more...
 

Mon

20

Oct

2008

A Reminder for All JED Developers
Written by Steve Burge   
Monday, 20 October 2008 15:11

After conversations with several developers, we'd like to provide a little clarification for people with listings in the JED.

Essentially all the rules break down to two simple dos and don'ts:

Two Things You Can Do

  1. Reply to a review. If you want to reply directly to a reviewer, click "Reply". Please don't ask us for a reviewer's contact details as we cannot give that out. However, you can give the reviewer a way to contact you.
  2. Report a review. If you think a review is incorrect and want to ask for its removal, click "Report" and explain why. Our rules for reviews are here.

Two Things You Can't Do

  1. Don't don't touch your extension listings in any way, except "reply and "report". Please don't submit reviews, don't vote, don't click "Is this review helpful?".
  2. Don't touch any other extension in your category. After all, there's little difference between voting 0/5 for a rival and voting 5/5 for yourself.

Please make sure that everyone else who works with your follows these rules. Violating them may lead to a warning or suspension.

What Should I Do If I've Broken These Rules?

If you've clicked "Is this review helpful?" a few times, don't worry about it. However, if you've reviewed your own extension or one of your rivals, you may want to email us via This e-mail address is being protected from spambots. You need JavaScript enabled to view it .


I hope this clears things up. We don't enjoy suspending developer's listings, but we do it to help two groups:

  1. Other Developers. Put yourself in the shoes of a developer whose rivals keep giving themselves 5/5 votes.
  2. Extension users. Its great to get fair, unbiased feedback from other people who have used the extension.

 

 

Mon

13

Oct

2008

An old friend comes of age
Written by Wilco Jansen   
Monday, 13 October 2008 22:01

We are often asked the question when we will officially stop supporting Joomla 1.0.x and, given the huge install-base, it's not an easy question to answer. We know that the code originates from several years ago and is certainly showing its age (Mambo 4.5.2 was released in early 2005, but the codebase originates partly from 4.5, released in December 2003). To recap our short history, the Joomla Project originated from a fork of the Mambo Project on August 17, 2005. Shortly thereafter, Joomla 1.0 was released on September 16, 2005 and was an improved version of Mambo 4.5.3 (you can still find that code in subversion). The announcement of the Alpha version of Joomla 1.1 was made on October 27, 2005 and this version was later on renamed Joomla 1.5. What began as a minor update turned out to be a full re-write of the codebase and the current version of Joomla was released on January 22, 2008.

Since then, seven versions of Joomla 1.5 have been released. Download numbers and usage have increased exponentially, evidenced by nearly 7 million downloads. In January 2008, just 15% of newly posted extensions were Joomla 1.5 native and that percentage has recently soared to 73%. The adoption rate of Joomla 1.5, by both users and developers alike, has occured at an amazing rate and demonstrates an untold level of commitment to the Joomla Project on both sides.

But now it's time to say our farewells to our old friend Joomla 1.0. As of July 22, 2009, the Joomla 1.0.x series will no longer be supported. As a user, is it required that you upgrade from Joomla 1.0.x? Absolutely not since security upgrades will be supported until this date. But if you're a user who hasn't yet upgraded to Joomla 1.5, you should do so in order to start reaping the benefits the latest version has to offer. If you're a developer in that small minority who hasn't yet become Joomla 1.5 native, this is your last call to join the majority of developers who have already discovered the power and ease of the Joomla 1.5 series.

In the meantime, we are working diligently on Joomla 1.6 (with its new ACL), which promises to be the most exciting release for Joomla yet.

 

 


Page 131 of 147