Archive for August, 2008
It never ceases to amaze me: DOCman has crossed 700.000 downloads (since March 2007, not counting alternative download locations). That makes it one of the most popular Joomla extensions out there. Because it’s so widespread, recently a lot of new third party DOCman addons have popped up. They even have their own category in the Joomla extensions directory. If you’ve developed one of these, or you’re planning on releasing a DOCman addon, rest assured: we’re totally cool with that. In fact, we highly encourage everyone to release their extensions to the community!
All we ask is that you play by the rules. It’s actually very simple: Your addons must be released under the GPL license. Joomla and DOCman are available to you for free, and are created by members of the community, so it’s only fair for extensions developers to adhere to the licenses for these applications. (This doesn’t mean you can’t charge for your extension; the GPL clearly allows that.)
I know from personal experience that for a couple of small addons, it’s not worth the trouble of maintaining a public forum. That’s why I closed down the old MjazTools forum and told my users to go to “3PD addons” category at the Joomlatools forum instead.
I’d like to invite all developers to do the same. Send users with questions about your extension to the forum here, and, more importantly, drop in every now then to answer those questions. Please be aware that all support and moderation on our forums is done by volunteers from the community. We can’t ask them to get to know each extension out there. A community forum only works when everybody tries to help out other people, as a favour to those that helped you.
Today, 08/08/2008, is not only a popular day for getting married, it’s also a great day for the PHP world. PHP4 is no more, it’s expired, it’s pushing up the daisies! PHP4 is an ex-language. From now on, only PHP 5 is supported, the version that turned PHP from an advanced scipting utility into a an enterprise grade, full blown programming language.
When Joomla! 1.5 (called 1.1 at the time) was planned, it was decided to go for PHP4 compatibility, as PHP5 was not being adopted by ISP’s a lot. In retrospect, it would have been better to go for PHP5 right away, but of course, no-one at the time knew it would take two years before Joomla! was ready for release.
Luckily, in a flash of brilliance it was decided to make Joomla! forward compatible with PHP5. By coming up with some clever tricks here and there, adding the proper docblock comments, and having a clean naming convention, J!1.5 turned into an interim release that could bridge the gap between PHP4 and PHP5. The idea was that it then would be easy to refactor to PHP5-only in the next major Joomla! release.
Funnily though, when the time came to plan J!1.6, there was a general reluctance in the development working group to make the move to PHP 5.2, or even to discuss it. It took a couple of nudges from our end, to get the community to speak up and express the dire need to switch. It was great to see how the community really came together to push what it felt was important! In the end it was announced that 1.6 would be for PHP 5.2 only.
At Joomlatools, we knew early on we couldn’t realize all of our plans for Nooku using PHP4. As some people have begun to notice, Nooku is about more than just translations. A big chunk of the code is written in a way that will make it reusable for other extensions. Some of the API concepts and patterns we implemented (mixins, chain of command, inflection, …) wouldn’t have been possible with PHP4. So for us, PHP5 is the only way forward.
IBM Internet Security Systems published it’s X-Force 2008 Mid-Year Trend Statistics report and immediately everyone is going through the roof, publishing scary and sensational headlines about Drupal, WordPress and Joomla! being vulnerable.
What everybody got so upset about, is the following table of Vendors with the Most Vulnerability Disclosures:
| Ranking | Vendor | Disclosures |
|---|---|---|
| 1. | Apple | 3.2% |
| 2. | Joomla! | 2.7% |
| 3. | Microsoft | 2.5% |
| 4. | IBM | 2.3% |
| 5. | Sun | 1.9% |
| 6. | Oracle | 1.4% |
| 7. | Cisco | 1.4% |
| 8. | Drupal | 1.2% |
| 9. | WordPress | 1.1% |
| 10. | Linux | 1.0% |
Time to lock all doors and windows and go back to good ol’ static html? Yes, if you believe some bloggers. But take a closer look: the table lists vendors with the most vulnerability disclosures. It doesn’t list the most vulnerable vendors, and there’s a huge difference. Chances are that the vendors that didn’t make the top ten are actually more vulnerable, but simply have less disclosures. The more people use code and look at it, the more issues will be discovered. That’s why only big names get in the top ten. Joomla! and Drupal are always very quick with security patches, so there’s really no need to panic.
It reminds me of the Belgian dioxine affair a couple of years back. Some eggs and chickens were discovered to contain the toxic dioxine. The press and the public opinion went insane, there was a huge political crisis, and 7 million chickens were destroyed. When it finally blew over, it turned out the dose was less than 100mg and no direct threat to public health. And nobody seemed to get that it was actually good news: If the Belgian food inspection can detect such small amounts of toxics, we can be pretty reassured that our food is safe. The same thing goes for Joomla!: if many issues are discovered and dealt with, the result is an application we can trust.
