Vulnerability list update.

Written by Claire Mandville

The new vulnerable extensions list has been released into the wild today. Based at the http://docs.joomla.org/Vulnerable_Extensions_List

The announcement has been made in both the extensions forum and the documentation forum for maximum exposure.

Why has this list been produced?

We find that most users "install and forget" They may upgrade the latest Joomla! version, but dont always update the extensions.

This has replaced the old, seldom updated list that has now been archived.
Reports of vulnerable extensions can be reported to the JED http://extensions.joomla.org/ or posted in a security topic clearly showing a vulnerable extension report.

How to use this list

• All known extensions are the listed in the first column.
• "Alert Advisory" details in the centre column (the date is in American format mm/dd/yyyy).
• The link to the advisory notice.
• Finally a link to the notice about any update or Not Known where none is known.

Any developer who has cleared the vulnerability or discontinued the extension should let us know so that we can mark it on the list. Preferably in the extensions forum topic.

Users, after checking the version of the extension they have installed, please check with the extension publisher in case of any questions over the security of their product if no update link is provided.

This list is compiled from found information and may not be an up to date accurate list. following feedback from people, items will be removed after a suitable period and not on resolution of the vulnerability as some people may still be using old extensions years beyond their shelf life.

Remember, just because its fixed, doesnt mean its not out there or we know about it!

Thank you.

0 Comments

Pleasure, profit or pain - Giving your user what they want.

Written by Claire Mandville

It is often asked if a site should be made for the user or the designers benefit.

What if you spend hours/weeks/months on your site only for people to get lost!

• Several sites I have worked with are doing very well with the minimum of features and fuss.

• Does your site really need the latest content video flashes, scrolling facebook and bouncing twitter birds?

Most of the support questions I deal with are to do with paid extensions. If you have a paid for extension, the most obvious choice would be to go to the supplier first, they have your money. Unless of course you have obtained the template or extension from a dubious; unprofessional source.

Once you have found a decent template, do you really need to rip it apart then rebuild it to make it look "good" when you can build one using a good template construction kit?

For most new users to Joomla, and experienced ones, you can get a decent looking, easy to navigate site using free templates and tools.

The community site bristolestate.org.uk shows such an example of using the milky way template with a replaced logo and an extension for the top menu module. There is also a download, gallery and video player extension. All free, all easy to use and very user friendly for the target audience (50+ years old) who do most of the updates themselves.

If you look at this site. mandyhost.co.uk/ You will see it is a straight forward template, with only a couple of extensions. An image gallery and a drop down menu extension. it is visited by several hundred people a week and syndicated to around 30 different community websites.

The services and news it supplies are what people are after along with a simple navigation without being just another blog.

For the more complex community news site that has just been relaunched is whitehawk.uk.net which is currently running a design a logo competition. It uses a standard free template, with a free image gallery and forum. The versatile template woks well, and a few other extras such as the sobi links extension, shows how a functioning community site can be built without whistles. It does use K2 to provide a more social networking site. The target audience is 14-30 years and all migrated from a 5 page html site, with a free hosted forum and a cant be bothered site admin.

Yes there are other sites that I could mention with more features and flashy templates but this article is just to show that you don't need to have all the bells and whistles, templates that look very futuristic and have every extension that you can get hold of. Remember, only one component can run at any one time, and a barrel load of modules will slow your site down.

Design your site for your target audience, people will respect you more for keeping something easy and simple than overloading them with scrolling banners and zooming menus. If you want to build a facebook or youtube clone, then go ahead. Expect about 50 people to sign up at the start, your bandwidth to be hit like a steam train and don't bother renewing the domain at the end of year.

My clients come to me for build straightforward sites they can handle. If I build a "personal pastime" site, then I can fill it up with what I want, but I wont pay myself for the added features I may use once because they are to complex.

Think simple, think professional, think use ability. Get repeat visitors and pleasure, not repeat pain.

0 Comments

Urgent, It dont work - fix it!

Written by Claire Mandville

You've probably been to the forums because you're encountering a problem. 

Just remember, when you post there, that we are trying to help you.  Don't get angry, frustrated or rude, just tell us what's wrong and we'll help you work out the problem. You should also have at least read the beginners guide to joomla.

When asking for advice, the most important aspect to consider is asking in such a way that will allow the community to quickly know what you want and give all the information they need to help you.

In general, you want to be clear, concise, complete, and polite.

When you ask for support, please understand that depending on the number of questions the community see, other commitments, social life etc, they may not be able to answer or even acknowledge your question. Also understand that if you’re asking for free help, you need to be respectful of the time they’ve dedicated free and of the additional time you’re asking them to spend with you. Supply them with as much information as possible.

•  Refrain from spamming or bumping, posting for points. If you make a post and don’t receive a reply within 5 minutes, that doesn’t mean you should post again. This will likely move you down or off the good attention list. People dont live on the forum waitng for your post.

•  Unless otherwise told, do not contact/PM/Skype the forum leaders or more experienced people. This will not only make you unpopular and probably be classed as a bully. Some people actually make a comment in their signature lines stating they will ignore, delete and ban people who do. Others may also state that if you PM them, you will accept their personal support charges. They may also make a public posting in the topic you want help on stating you are a demanding, impolite user and everyone will ignore you.

•  If you see an error message, copy the entire error message and include that in your initial post. These error messages help to narrow down the problem making for quicker resolution times

•  Is there a forum for your language? It may be better to post in the wrong forum where someone can undertand you than post in Babel English where people will have no idea what your on about!

We know just as well as anyone else that everyone makes mistakes.  If the problem was caused by something you accidentally did, we may be able to help.  We don't expect you to be an expert at using our Joomla.
Even Microsoft states
"When posting questions to a professional forum or newsgroup it is vital to format the question and it's content in a proper way in order to greatly increase the possibility for quickly receiving a good answer, and thus saving you time and frustration. "

Dont grovel it is not a substitute for your lack of searching.
“I know I'm just a pathetic newbie loser, but”. Is unhelpful and when it's coupled with vagueness is really useless. Don't waste your time or ours. Present the background facts and your question as clearly as you can.

Don't mark it as “Urgent - Help”, even if it is for you.
Thats not really our problem. Claiming urgency is very likely to result in the opposite. If its that urgent, then youll probably end up paying for it. Your concept of "needed now" is probably differents from ours.  Your save the "lesser spotted Onepchew's"  website can possibly wait a day or two.

Did I read the forum?
I am not on about searching, but actually read  the stickies "what forums should i post in", "how to ask for help", " Use the post tool".
Whats a post tool? It was something that was designed and programmed to enable all newbies to easily gather information for their support request into one easily postable format by RussW.
Where is it? - At the top of every forum, under the Absolute Beginner's Guide to Joomla! <-- please read before posting. http://docs.joomla.org bit.
Easily spotted Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post. http://forum.joomla.org/viewtopic.php?f=428&t=272481

What should a post look like?

Poor posts - nothing to work with!

"Hi,
When i want to edit article I only get a couple of buttons.
On my other site, I got the same template and I got buttons like: insert table,Columns,...
How i can fix it?"
----------------------------
"I have a bit of a peculiar issue and wondering if someone could diagnose the problem.
My site looks like this:
Thanks"
-------------------------------
"No back end visiable front end ok what could be the problem?"
----------------------------

Reasonable post - at least here there is something.
"I have uploaded all the joomla website with all necessary steps, usually I am doing this but now I get this error.
Fatal error: Call to undefined function: stderror() in /hsphere/local/home/desertwe/desertpalmresort.com/components/com_banners/models/banner.php on line 115"
-----------------------------------
"hey plz help me
i m unable to add pics to my site:
steps used are firstly i upload pics to the site then m inserting the image
as m inserting pics in backend it gets added but after saving it .
it gets crashed and the pics in neither available in backend nor in frontend.."
--------------------------------------

So what now?
To sum up;
Your post should have an informative subject: try to make the topic's title as detailed and clear as possible.

•  Using one word like help! or please! will get you no where, and won't help people who search the forum before demanding/ asking for help.

•  Try to give as much specification as possible, like your version, PHP version, modules/addons affected etc.

•  Link: giving a link will probably give the community a better understanding of the problem and may result in fast help. Or provide a screenshot of your site if its on localhost.

•  Problem: a detailed description of the problem you are having and the error message you get will help.

If you want more on this subject, then please read http://catb.org/~esr/faqs/smart-questions.html.

Oh and whats the most common question asked?  
Personaly i think it is "How do i change the Welcome to the Front Page" 

Edit added Do not ask here for support - ask on the forums

14 Comments

Trials of community web support!

Written by Claire Mandville

I work for a community based network of roving IT people, engineers and IT Helper. One of those roles is to attend workshops for technically challenged people and community/charity start ups.

This week i attended a community web workshop. the basics of it was;
"A surgery to help people who run a community website; but need some help to maintain or improve it along with expert volunteers to come and help out. Topics covered were seo, Google products, Wordpress/Joomla/similar free web software and writing for the web. " So I was prepared for almost anything.

For some reason i got paired with a person who wanted to discuss forum integration within their website. Their opening question was "Is a forum a bulletin board?"  (un-comfort zone)

So i had a look at their site to see what their current forum was.
[*] surprise number 1 - it was 'simplestforum'  so that meant their site was running Joomla! (comfort zone)
we discussed the other options eg phpbb and SMF for a while before looking into some of the style issues with their current forum.

[*] surprise number 2: their site was running legacy mode err why? - "no idea" they said, "our IT people set it up".
They didn't have a big list of components, just SF, a video plugin and that was about all.

[*]  Surprise number 3: their user list was about 300 people long, 250'ish of those were spam registrations. bring on the captcha recommendations or even something like Alpha registration it was also noticed that all but 2 of their 7 admins/super admins havent logged in in over 2 months!

[*] Suprise number 3: their site was running Joomla 1.5.8 ! yes 1.5.8 (1.5.9 released Jan 10th 2009) 
This led to another discussion on What are the top 10 stupidest Joomla! security tricks?  and to my horror - they didn't even know where they were hosted or what emergency plans they had.

So my suggestion was to send their IT team an email saying "we have been hacked, what are YOU going to do about it?" and see what the response was.  Then to follow up another email saying that we need everything updated the whole site, plugin, modules, components the works.

So to sum up, any one know how to make simplest forum topics flow like phpbb3 and not stagger drunkenly across the screen? and no, i wont name the website, even i am not that stupid, and you know how I am about security!

1 Comment

Building Websites with Joomla! 1.5.x

Written by Graham Stoney

Introduction

When I decided to publish my Engineering wisdom on the internet, and later to set up a website for my Personal Development business, I knew that I would need a Content Management System (CMS) to do the job properly. Although I was an experienced Embedded Systems Engineer in a past life, I hadn't ever done any serious web publishing before so I had no idea where to start and expected there would be quite a learning curve. I ended up using Joomla!, which has done the job quite nicely. This article describes what I learned along the way, including some tips to save you time setting up a website of your own.

Read more: Building Websites with Joomla! 1.5.x

29 Comments

Commit Junkies, do I have an offer for you!

Written by Sam Moffatt

 If you are looking for news on Joomla! 1.6 development, look no further. Get the blow by blow action as it's happening, now.

Ever find it hard to keep up with the commits made to the Joomla! SVN repository? Well, I have the ultimate tool for you: the Official Joomla! Commits Mailing List. Its full of non-stop committing action, watch every change as it occurs, monitor the change log for entries and see which people aren't putting messages in with their commits!

You may ask where you can get all of this subversion-y goodness in your inbox and wonder the price. As an introductory offer, I'm willing to
give the first ∞ few users access for free! Yes, that's right - free access. Get in fast to secure your access today, just visit the following link, feed it an email address and I'll approve you as soon as possible!

http://joomlacode.org/mailman/listinfo/joomla-commits

Don't wait, subscribe today!

4 Comments