home
news feeds
Blog - Joomla! Community Portal
Joomla! - the dynamic portal engine and content management system
-
Install from URL, JoomlaCode and 1.6
Today I was doing some work on JoomlaCode, looking at performance and logging to see what was happening and I noticed something really quite cool. Every week on average a little over 3600 extensions are installed into Joomla! 1.5 sites directly from JoomlaCode. You can do it yourself, navigate through JoomlaCode, find something you want to install but copy the URL of the download instead of downloading it to your computer. Then log into your Joomla! 1.5 site and paste the URL into the "Install from URL" box. Assuming you've got everything you need, it'll download and install the extension for you. Now it may not work properly in all hosting environments, especially ones who have disabled access to the web through either PHP or by blocking the actual connection at a firewall level.
Looking through the list of user agents we've got the usual selection of browsers (IE, Firefox, Safari, Opera), we've got tried and true downloader 'wget' grabbing files here and there, we even have some mobile browsers from DoCoMo flicking around the site and over 43k hits identifying as Google Chrome already. We've also got all of your friendly spiders floating about (Google, Yahoo!, MSN) as well as some language specific ones for languages like Chinese and Korean (e.g. Baidu). We've also got Feedreaders coming in and even some requests identifying themselves as various Java versions. Last but not least we've got Subversion clients coming in as well pulling up data from our various repositories.
So in 1.5 we added the ability to install from a URL, and it looks like people are using it. So what are we doing when we start looking at 1.6? Well we're going to start leveraging this to provide an update system that'll allow you to, within Joomla!, update your extensions. We're going to add some new extension types, such as libraries and packages. We've also done some work changing the way the installer system looks and we're unifying all of those extensions on under one 'manage' tab. Its not yet ready but its starting to take shape with little bits here and there coming together. We're nowhere near done with it but it is coming and we're hoping it'll have some really cool features for both developers and users.
To round up, Brad and Ron did some great work over the last few days upgrading JoomlaCode to the latest release of GForge and it seems to be running beautifully and has a new refreshing look. So we thank both GForge and Rochen for providing the application and hosting environment to keep JoomlaCode alive and the great resource it is for the community.
-
Joomla! Security, do you take it seriously like we do?
After the recent security update, it's still so saddening to see how many people do not take security of their (and their clients) Joomla! sites seriously. If an urgent security patch is released, there is a good reason for it. In any case, just follow the Security Forum for a few hours to see what I am talking about.
What can we all do about this?
Here's one way: http://feedproxy.google.com/JoomlaSecurityNews
You can subscribe via email and/or RSS the choice is yours.Why not help us all out by spreading that link around as much as you can and encouraging more people to subscribe.
PS We have more and more RSS/Email subscription options available to our users on the JoomlaConnect site now as well. Just click your browsers RSS icon. We'll be adding more of the language categories when we have time.
-
JSST Is Coming...
We over here at Joomla are preparing a new team... The first letter of the name is obvious (Joomla!)... The second stands for "Security"... The rest will be left for the official announcement which should be sometime this week if all goes to plan. We (Joomla!) do take security VERY seriously, and have always taken it seriously. However, events of late have really proved what we have known for a long time; That we need a dedicated team just for handling core security. The wheels are in motion, and more information will be available as the steps unfold. So for now, suffice it to say that JSST is coming...
-
Hosting providers - Isn't it time?
Time for what? PLEASE read this: http://au2.php.net/register_globals - read the part in RED.
I've finished yet another posting spree trying to help users with security and performance issues and I am still SHOCKED at how many hosts still have register_globals ON serverwide. Come on hosting providers, isn't it time you you kept up? Isn't it time you closed this security hole that only you as a host can close, and help prevent cross server file compromises?
What about running suphp (or an equivalent)? Why are so many hosts STILL not running a 'more secure' environment for their users?
I am sure all hosts understand (they should!!) what I am talking about, but for the users, who I suggest take this and pressure your hosts, let me try to explain these two things in laymans terms:
1. With register_globals ON serverwide even if you as a user disable them (via a php.ini or .htaccess directive) under certain circumstances your site can still be compromised if another user account on the server is compromised or is used maliciously. It's that simple, and it happens day in and day out, people posting on the Joomla Forum making it apparent that this was the reason their site was compromised.
* Disclaimer: It's true, your host may have a method of working around this huge security hole, but even still, I ask "WHY?" register_globals has been off since php 4.2 by default, and we are well into the php5 world now.
2. suphp (or equlivalent). Running Apache/php via this method means permission problems for you users are a thing of the past (almost). Under this environment when php writes a file (ie installing a template for example) the files are owned by your user account. Files that are 644 are writable by your user (ftp), and yet other users on the same shared server cannot write to them. Again, why would you not want this simple extra layer of security, as well as making it so much easier for your users to mange their Joomla (and any other php script) website?
* Disclaimer: Again, there are circumstances when suphp is not efficient (dedicated server possibly, and extremely high load possibly), however at the least, check with your provider and ask them what methods they use and why.
.. anyway.. that's if for now. PLEASE, do your users, and by extension yourself a favor and consider my comments.
Oh, and I guess it goes without saying, since php4 is now EOL all hosts should be running php5 now.
-
How's that new site design eh?
Don't you just love it: www.joomla.org
I just wanted to say a public thanks to Louis, Ron and others on the team who have worked so hard to make this new site happen. They have been working overtime (more than 12 hours a day recently I estimate) to bring this kind of amazing work to the community. Make sure you check out the new sites and it's many new features and sections.
If you see any of them around, make sure you say thanks.
Primarily of course, this site is for people who have not heard of Joomla before, for the the rest us, we have community.joomla.org Make sure you keep putting it to good use. When will this site receive the new design? I can't wait.
... and if you want to be apart of all this, there is one new page you should see: http://www.joomla.org/about-joomla/contribute-to-joomla.html
Enjoy!
-
Community Cooperation
I was just shared some partial information on an interchange that occurred between a representative of OSM and a 3rd party developer. All round, due to the cooperation and response everyone benefits.
Of course the names etc have been removed, but enjoy this wonderful example of cooperation in part of the exchange below:
Currently you are distributing something labeled the "Joomla! ****" from the **** site and mirrored at Joomlacode.org. Unfortunately, the naming of this package is very problematic for Open Source Matters and the Joomla! Project because of the strong likelihood that users will believe that it is an officially supported release. .... there is a strong likelihood that your users will believe that these are in fact Joomla! products and nothing on your site leads them to believe otherwise. The steady flow of emails we get for **** support via the OSM contact form indicates that this confusion is fairly widespread.
So, what do we need you to do? ....For example, "***** Preinstalled on Joomla! 1.5.x" would be descriptive.
However .... First, we need you to add prominent disclaimers to your site indicating that what is being downloaded is not an official Joomla! release, will not be supported or warranted by the Joomla! Project or Open Source Matters and that all support questions should be addressed to your team. Second, we need you to include this statement "Joomla! is the trademark of Open Source Matters, Inc." Also, the first use of the term Joomla! on each page should be accompanied by a superscript TM.and the reply:
thank you for your email. I fully understand that you want to prevent
confusion among Joomla! beginners. You also need to take care of the
Joomla! trademark for OpenSourceMatters and we at **** of course
respect it.
I have added a prominent notice at our downloads page
The **** will be renamed to "**** (with
Joomla! 1.5) and so will the package files be renamed.
The next release of this "bundle" (with J! 1.5.4) will include this notice
(that it's an unofficial release) too.
The Trademark notice was added to all pages on ****.
Let me know if it's ok now-
Best wishes!How about that for community cooperation! Great work to the developer for setting such a fine example.
-
Sharing the burden...
Our infrastructure currently is made up of 6 servers. Currently, three servers are used to serve the heavy loads of joomla.org (including sub domains like forum.joomla.org, extensions.joomla.org, community.joomla.org, developer.joomla.org, docs.joomla.org etc.) and two others are used for serving JoomlaCode. The Joomla! extension Directory (JED) is our busiest site and needs a server upgrade. Time to add a new server to the Joomla! 'cluster' by moving away the Joomla! extension Directory (JED) to this new box.
This new server is a Dual Xeon 3060, 4 Gb Ram, SCSI drives for faster read/write performance. This new server is located in a different data center and will host just JED. The old JED server will be used for a few other sites, probably developer.j.org, docs.j.org and community.j.org. With an Apple Xserve for future package generation we then will go to a total of 7 servers used to host the complete Joomla! infrastructure.
On the development - and community blog several blogs have been written on people contributing to the project. In the donations blog I have briefly discussed another way of contributing back to the Joomla! project; donations (hopefully an update on this will be blogged soon). Anyway, there are dozen of ways to contribute back to the project and in this blog I want to focus on the infrastructure this project is using to serve the community.
Rochen is putting in a tremendous effort on helping out this project by donating most of the infrastructure needs, not only by offering most of the hardware but also by providing professional resources to keep the infrastructure running 7 days per week. Rochen is adding this new server as a service to the project for free! As we did earlier on we want to thank Rochen for their endless support to our open source project and the very high level of support we receive 365 days per year since this project started in September 2005!
Rochen will be handling the move, and there should be hardly any downtime at all. The move is planned, but if all goes well no one will even notice the site has been moved. As usual we expect their skills to be used to tweak and optimize this new box for peak performance.
-
Help me NOW!
Yes.. that is a very common forum post title, sad, but true. So where can you get help? Which forum should you post in?
- First and foremost, have you used the search feature on the forum? Despite what you may think, Google does know how to search. As a result using the Google Search up the top right is a MUST. Did you know it also searches the Extensions as well as Documentation website? (We may add others soon as well) PLEASE use it. After your initial search you can refine your search by clicking on the respective refinement that shows up.
- Second, please THINK before you post, unless of course you are not really looking for an answer. Have you read Which Forum Should You Post In? Did you know each day, I move more threads that are posted in the wrong forum than I post replies to peoples questions. What a waste of time, for everyone.
- Third, have you read the rules that explain how to 'Post Questions the Smart Way' as well as Ken's: Making the Most of Your Posts ?
- Forth, do you thank people when they help you out? The bus driver thanks you when you get off the bus, and yet when someone helps you out for free, too many people do not even bother to thank them.
.. at the very least.. PLEASE do this. We have an amazing support community, but day in and day out people waste other peoples time by not doing these basic steps first.To all who tirelessly offer free support by answering questions for others on our forum, the next time you see a "HELP ME" post, please point them to this blog post. Perhaps we can provide a bit of reeducation, or at least try.
-
A Quick Example of Collaboration
I just wanted to take a second to point out an example that I saw today of the power of the Joomla! Community in action. A community member named Clive reported a problem he found using the contact form with the banned words feature.
When he reported the problem he was articulate about what he did, what happened, and what went wrong. He was clear and polite.
Within 10 minutes, Robin confirmed his report and created a tracker item. Elin asked follow up questions and Clive quickly responded.
Within an hour, Anthony had a patch on the tracker and members of the Bug Squad tested it. Robin shared the patch in a more user friendly way with Clive and provided instructions on how to use it.
Clive reported the results of testing clearly, outlining his tests and the results, ending with, "I think the error is fixed. Thank you everyone."
Eight hours, start to finish. That's not always how it happens of course, but when it does it's pretty cool. It pays off to be a part of this community and help make the software better. Not only did Clive get his problem solved, but he is now a part of the solution for everyone else that might have run across this problem. Great work to all involved.
-
Volunteer(s) Needed: Joomla! Tips and Tricks
The Joomla! Community needs your help.
We would like to migrate the Tips & Tricks to their new home at: http://docs.joomla.org
While this section on the forum has been very useful, a more appropriate place is the documentation website docs.joomla.org. What will it take? A bit of time, the ability to use the wiki (it's not hard to learn) and a desire to contribute to the Joomla! Community.
If you are interested, please contact me via my forum profile here.
Thanks in advance to anyone (all) who offer to help out in this way.
Edit: Work has begun: http://docs.joomla.org/Category:Tips_and_tricks
latest news
National Cake Supplier
Sticky Fingers Cakes website makeover completes showcasing there winter collection of cakes.
Photographers Website Online
The site is to help promote Franks photography and to sell some of his images as prints.
