It's Fixed in the Next Release - Technology

TD Bank Tries an End Run Around Site Tracking Blockers

nospam@example.com (Alan Langford) — Fri, 21 Nov 2008 14:21:26 -0600

I'm well aware of the value of site analytics. Most of my sites make extensive use of them. But at the same time I'm aware of a user's absolute right to not be tracked, be it anonymous or not. When it comes to my personal information, I'm usually happy to let most sites drop in a statistical tracking cookie, but I almost always set the lifetime of those cookies to "session only".

Basically, I'm happy to let someone know how I navigate their site, because that information is likely to result in improved usability. What I don't like is disclosing how many times I visit a site over a period of time, and what my multi-visit user patterns are like.

With browsers like Firefox and now even Internet Explorer providing easy tools to manage cookie acceptance and lifetime, more and more users who don't want to be tracked are limiting cookies. This is giving marketers a more challenging time and skewing their statistics. Poor babies.

Some marketers are fighting back. What's not commonly known is that Adobe's Flash Player lets sites store cookie-like information as well. Now Adobe hasn't quite caught up with the concept of individual liberties, so the default configuration of the Flash Player is to allow local storage without any explicit user permission. Adobe pretty much has a monopoly when it come to this sort of thing, so there's little incentive for them to change.

So now marketers who claim to seek to improve customer service have a method where they can gather data even if their customers have taken explicit steps to prevent it. News Flash: That is NOT good customer service! It's really rather offensive customer abuse.

Some time in the past few months, TD Bank decided to join the ranks of companies who have elected to bypass their customer's wishes. I recently connected to my online banking site, and got asked for permission to allocate local storage to an invisible bit of Flash. So I cranked open the page and found this link: https://easyweb46w.tdcanadatrust.com/dojo111/dojox/storage/Storage.swf?baseUrl=/dojo111/dojo/. At least its name reflects its purpose.

Anyone familiar with the big Canadian banks has become accustomed to dealing with these arrogant behemoths, protected from significant international competition by legislation, and reading from some version of a dictionary where the meaning of "service" is very different from the commonly accepted definition. Really the only surprising thing is that they haven't found a way to charge me 25 cents per byte of information that they want to store on my computer.

But you don't have to be subject to corporate whims. These things are configurable. Don't go looking through your browser, plugins or program settings for the control panel, though. Follow this link to your Flash Player control panel. This looks like a screen shot of what a control panel might look like, but don't be confused: it's a live presentation of your current settings. Click on the second tab, "Global Storage Settings". There's a reasonably good explanation of the settings below the panel, but if you move the slider to the left until it reads "None", then every site that tries to save data in flash will have to get your approval first. If you don't want to be asked, set the "Never Ask Again" check box. Then go to the last tab, "Website Storage Settings" to take a look at which sites have left tracking codes on your computer. Delete all the ones you don't trust.

Now you have control of your information again.

Joomla 1.5.8 is... is what??

nospam@example.com (Alan Langford (developer blog)) — Tue, 11 Nov 2008 08:06:10 -0600

Shortly after the release of "Joomla!" 1.5.8, I found myself in this release announcement on techcebu.net. It appears to be a bad case of double-translation, from English to Italian (or perhaps Hebrew) and back to English again. The text was just too hilarious to not repost.

11Nov JOOMLA 1.5.8 RELEASED

Joomla 1.5.8 Released

The Joomla Project is entertained to foretell the unmediated availability of Joomla 1.5.8 [Wohnaiki]. This promulgation contains a sort of fault fixes and digit moderate-level section fixes. It has been around digit months since Joomla 1.5.7 was liberated on Sept 9, 2008. The Development Working Group’s content is to move to wage regular, regular updates to the Joomla community.
Download
Click here to download Joomla 1.5.8 (Full package) »
Click here to encounter an update package. »

Instructions

New installation and technical requirements
Upgrade from an existing Joomla 1.5 version
Migration from Joomla! 1.0.x

Want to effort intend Joomla? Try the online demo. Documentation is acquirable for beginners.
Release Notes

Check the Joomla 1.5.8 Post-Release Notes to wager if there are essential items and adjuvant hints unconcealed after the release.

View instance release notes for Joomla 1.5.7 or release notes for Joomla 1.5.6.
Security

Two moderate-level section issues were immobile in this release:
o Default filtering for content
o Filtering for Web Link descriptions

For additional information, visit the Joomla Security Center.
Components

Articles: Remove brackets around Last Updated fellow and time, Start Publishing fellow corrections for another than UT1 00:00, impact counts precise for Articles, adding a expanse after a draped telecommunicate address
E-mail addresses: Correctly draped when presented in Section and Category descriptions
Categories: Edit picture aright shows for Articles without Title links, Print picture precise today on prototypal tender for Blog Layout

Sections: Plural and signifier modify correction, Category unification right ended, Router changes reverted to edition 1.5.6 so Article ID does not attach to the Article slug
Frontpage: Article naming correction, rectified sort of Links
Contacts: Image pass rebuke when Image Directory is configured
RSS Feed: Corrected spelling of Category in Category feed
User: Added isInternal checking on referer values
Weblinks: Language strings

Modules

Feed: Target concept validation, module progress correction
Login: ItemID is cured on redirect
Menu: Changing Menu Link Type today functions properly, Section Language string, Article Reset fix working
Related Items: Keyword matched functions aright and filters characters appropriately
Stats: Corrected Time
Sections: No dominance constant entireness correctly
Search: Form validates aright for Transitional xHTML

Legacy

Return evidence additional for Legacy Menu Check

Templates

Beez: Lengthened E-mail Content Popup, Search fix today entireness when pressed, countersign set entireness correctly, corrections to Beez HTML folders, User info tender corrected
JA_Purity: Added absent module strings

Administrator

Console: Added “Welcome to Joomla!” aggregation and Joomla Security RSS feeds to Administrator Console
Installation: Proper redaction of factor directories, choice entries for Templates and Languages are today precise for uninstall
Media Manager: Changed choice for newborn sites to alter Flash multi-file uploader cod to contradictoriness with Flash 10
Installation: Remove unclear nonachievement communication most module files for spreading installations, Administrator Modules today aright uninstall INI files
Sample data: Updated programme feeds to saucer to liberated code accord sites, comprehensive corrections and updates to distribution content

System

API: JFolder::files and JFolder::folders corrections for Search, absent Method additional to JRecordSet, Database Class aright quotes obloquy not using extend notation, JTableUser matches using the precise sort of fields
Cache: Correct undefinable uncertain in Cache Class
Language file: Corrected wording, precise artefact of PDF fonts autarkical of module choices, individual module progress corrections in en-GB.ini
Menu: Performance improvements for sites with some schedule items
Users: Temporary Users are today healthy to logout, bonded prescript crapper today be utilised when redaction statement details
Added PHP 4 sympathy for isInternal checking

Statistics

Statistics for the 1.5.8 promulgation period:

Joomla 1.5.8 contains:
o 71 issues immobile in SVN
o 26 commits
Tracker state resulted in a gain modification of 4 astir issues:
o 65 newborn reports
o 130 closed
o 66 immobile in SVN
* At the instance the 1.5.8 promulgation was packaged, the tracker had 114 astir issues:
o 44 open
o 44 confirmed
o 24 pending

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their sacred efforts work reports, sterilisation problems, and applying patches to Joomla. If you encounter a fault with Joomla, find discover more aggregation here on how to inform the bug.

Active members of the Joomla Bug Squad during this terminal promulgation wheel include: Ian MacLennan and Mark Dexter co-leads; Airton Torres, river Zijlstra, Akarawuth Tamrareang, Alan Langford, suffragist Ferrara, Amy Stephen, saint Eddie, Elin Waring, Ercan Ozkaya, Charl camper Niekerk, Gergo Erdosi, Hannes Papenberg, Jennifer Marriott, Jens-Christian Skibakk, Jonah Braun, carpenter LeBlanc, Kevin Devine, Marijke Stuivenberg, Mati Kochen, Mickael Maison, Robin Muilwijk, prophet Moffatt, Shantanu Bala, Toby Patterson, and Wilco Jansen.

A hearty recognize to the newest members of the Joomla Bug Squad: Dan Walker, Eduardo Diaz, and Tibor Toth.

"IBM May Quit Technology Standards Bodies" WSJ Screams

nospam@example.com (Alan Langford (developer blog)) — Mon, 06 Oct 2008 08:06:45 -0500

Some days I wonder about the entire field of journalism. The quoted phrase above is from an article headline in the Wall Street Journal (September 23, 2008, they don't deserve an actual link). The headline is not inaccurate, but it is close to the most ludicrously sensational interpretation of the facts that is possible.

This is what the actual IBM press release has to say on the point: "The tenets of IBM's new policy are to: Begin or end participation in standards bodies based on the quality and openness of their processes, membership rules, and intellectual property policies."

Thus an equally useless headline might be "IBM May Join Technology Standards Bodies." I thought Journalism was supposed to add value for the reader, but it seems that even for otherwise reputable organizations, it's really all about sensational headlines that add value to the advertising department. "Reputable" in this context is now officially meaningless. Sad.

I've noticed a lot of general criticism of standards processes over the past few weeks, and I think this release from IBM is largely responsible for firing up the discussion. For the most part, the criticism is justified. It seems that standards processes are either needlessly academic and somewhat out of touch with reality, or deeply buried in corporate politics and patent complications, which has a tendency to result in crappy standards. IBM's policy release sort of touches on this with another tenet: "Collaborate with standards bodies and developer communities to ensure that open software interoperability standards are freely available and implementable." The problem with this is that IBM seems to want to set itself up as some benign intermediary between the standards process and the people who need to use the standards. Call me silly, but it seems more appropriate that the developer communities should be an integral part of the standards process, not some second-hand "collaborative resource".

The essence of the problem is funding. Participation in the standards process isn't cheap. Not only does membership cost, but participants typically absorb the costs of time, travel, and communications. Standards bodies need a funding model that ensures accessibility based on merit and relevance, rather than dollars. I don't know what that model is, but is can't be based on revenue from selling standards documents, either. The prospect of having to pay real money in order to ensure compliance with a standard is, in most cases, equally ridiculous and stupid.

The Anatomy of a Security Breach

nospam@example.com (Alan Langford) — Fri, 15 Aug 2008 11:15:16 -0500

"Joomla!" had an extremely serious security issue arise earlier in the week. I'm pretty deeply involved in the project, and I happened to be on the Bug Squad chat when the news broke. The issue was not a SQL injection problem, as many sources have assumed but reported as fact. Ironically, it had to do with defeating a session security feature. The security problem was a programming error. "Joomla!" goes through extensive procedures to defend against SQL injection, and from version 1.5 onward, such a vulnerability in the core code is highly unlikely. [Extensions are another matter. I strongly recommend that users only install open source extensions that have either been audited or that have broad community support.]

Even though this problem caused a fair bit of damage, I'm very proud of how the "Joomla!" team responded to the problem. This was a worst-case scenario: the exploit was published with no advance notification, and it was dead simple to implement.

The first we heard of it was a post on the Dutch "Joomla!" forums. One of the Bug Squad team mentioned this in chat on August 12th at 15:50 EST. We immediately took steps to verify the issue, and then once confirmed, to remove the details from the forum post. A patch was made available for testing at 16:10. A full package release was made available for testing at 18:19. Announcement of the release was made on joomla.org at 18:57, and by 19:40 update packages were also available. That's three hours and 50 minutes from report to full public release. If that's not a record I'll be surprised.

What is distressing is that a large number of security focused sites reported this as a SQL injection vulnerability, along with a variety of other erroneous or misleading information. Almost a week later, many have corrected their errors, but several have not. Considering that the "Joomla!" team responded so quickly, and that complete information was posted as the first item on the joomla.org web site before the exploit became widely known, this suggests that many of these sites simply repeated each other's misinformation, rather than taking even the smallest steps to verify the report.

Granted a sample size of one event is not sufficient to draw conclusions, but if this is any indication of how "trusted" security information sources behave, then it is no wonder that whole security field has a serious credibility issue. These kinds of reports are extremely serious matters, with a lot of potential for damage. Certainly the timeliness of information is critical, but hopefully not at the expense of accuracy. The security community has a deep obligation to perform the simplest verification of facts before rushing to publication.

In Search of an Application Framework: PHP GTK Python XULRunner

nospam@example.com (Alan Langford (developer blog)) — Sun, 03 Aug 2008 21:48:27 -0500

Lately I've been thinking about starting yet another project. This one needs a rich GUI that runs as a thin client, as well as more limited support for a web browser (or so I thought initially). I've gone through a bit of an eye-opening exercise while looking at the implementation, and I thought I'd record the line of exploration just in case someone else is looking at the same sort of problem. Maybe this will save a little time.

The original idea was to replace an interesting but quirky application that will remain nameless. It's a fairly large project that implements its own thin client. As I started looking at it, I realized that a lot of what it does is more related to providing the application framework than the application itself. Sometimes I still suffer from the closed-source way of thinking, and I soon began listing requirements for my own framework. A few minutes into defining my XML markup for laying out simple interfaces, I remembered that there is already a pretty good standard for that: XUL.

At the time I was thinking of using GTK+ for the GUI. I've grown somewhat fond of various GTK+ applications that I've installed over the years. These applications have offered nice rich interfaces and have been pretty reliable. A lot of them are written in Python, and the bridge between GTK+ and Python, PHP-GTK is the way to go.

The search is for something that lets me bridge XUL and GTK, be it in PHP or Python. This leads me to Gul, a fairly complete implementation of XUL for PHP-GTK.

Let's try adding the GTK to PHP. I go to the PHP-GTK site and try to figure out whether to download the binary package or the binary extensions package, read confusing and incomplete install notes, search about a bit, and as best I can tell, the easiest way to run PHP-GTK on Windows is to install a complete copy of PHP with the GTK extensions. This truly fails the cross-platform and easy-to-install tests — I can manage it, but an end user? No way. Then I take a look at Gul 2.0: lots of procedural code that relies on passing things through obscure globals with two characters. Next!

On to Python. Searches for XUL and Python lead, at best, to half-developed projects dating from 2004. Not good. Now the thinking is that maybe a fairly basic XUL module for Python won't be that much work. I look more deeply into XUL. Obviously, it's pretty capable, after all it's the base for Firefox and Thunderbird. But this makes the scope of a full implementation quite a lot bigger than I'd like.

Maybe there's something in XULRunner. Wow. It doesn't take much looking around to realize that XULRunner is pretty compelling. It's obviously got the GUI with a full XUL implementation. It's got scripting in Javascript, Python, even Java. It has network interfaces and support for XML-RPC and SOAP. It's extensible: all the features that make it easy to plug extensions into Firefox are part of XULRunner. It's got localization and custom skins. It's got an integrated web browser. That's about 90% of the core requirements and several bonuses right there.

Now the kicker: if you have Firefox 3.x installed, then you have XULRunner installed. Firefox knows how to do its own updates, which means the framework updates seamlessly too. Perfect.

So that's it. Forget GTK+, nice as it is. XULRunner is a fantastic way to do GUI application development.

Now all I need is a good way to map objects back to a relational database...

Why I Love Open Source

nospam@example.com (Alan Langford (developer blog)) — Wed, 16 Jul 2008 19:08:41 -0500

Every user of an application has run into small but irritating characteristics of that application. Most of the time, they can be easily ignored. But sometimes they are part of a repetitive task, and then they become problematic. They have a disproportionate effect on both productivity and the user's overall impression of the application.

Just about every enterprise makes nice noises about how they listen to their customers and how customer service is important to them, but the odds are very low that comments about small irritations will result in code changes. This is partially because most companies don't actually care as much about customer service as they pretend to, and partially because tracking these small things and then sorting through them, removing duplicates, and distilling them down to something that can be easily understood is a very complex and expensive task. Most of the time the effort involved simply doesn't justify the results.

This is something that always attracted me to open source. As a developer, the odds are pretty good that I can find a fix for that thing that irritates me. Then I can change the code to fix my version. If the irritation is idiosyncratic — basically if I'm the only one who doesn't like it the way it is — then that's where the process ends, and I'm happy.

The first credo of open source is that you try to give back to the community. So even as a non-developer there is an incentive to find the bug tracker or support forum for the project and to suggest a change. Sometimes that works[1], but a lot of the time good comments and patches simply fall through the cracks. After all, if tracking details like this is difficult for a for-profit corporation, it's not going to be any easier for a project run by volunteers!

What is really satisfying is getting sufficiently involved in a project to be able to have a direct influence on it, as I am with "Joomla!". It's great to be able to identify a minor irritation, to fix it, and to get it to a production release. This has been my experience twice in recent weeks. I've implemented small changes to the system that make it just a little easier to use[2, 3]. Not only will I enjoy the product more as a result, I'll have the satisfaction of knowing that thousands of systems administrators out there might think just for a moment, "oh, they fixed that – great!"

It is an interesting experience. These small tweaks and fixes that I get to make aren't the biggest contribution I make to the project in terms of lines of code or hours of work, but they're tangible and real. The direct impact on the user is visible and easy to understand. Implementing unit testing and contributing to the building of a "Culture of Quality" in the project are more complex and significant contributions, but they're also more abstract. The small tweaks are actually kind of fun, and it's nice to know that here and there, they is me.

Notes:

If you're an Eclipse user and noticed that v3.1 puts the entire file path in the window title... that was my suggestion. In the web development world where you can have many files called "index.php" open, this helps you quickly figure out where you are.
Add a new module to a "Joomla!" site from version 1.5.4 onward, and the list of available modules is now sorted alphabetically down the columns, rather than split across rows. We still have an issue to sort out with international characters, but it's an improvement.
Starting in version 1.5.5, all panes in the parameters block can be collapsed. Before this change, if you had a long list of parameters that ran off the screen, you would need to scroll down to the bottom in order to expand a panel below. Now you can collapse the long block, which lets you see the panels below, and then expand the one you want.

Web 2.0 and the One Page Web Site

nospam@example.com (Alan Langford (developer blog)) — Tue, 24 Jun 2008 09:34:47 -0500

I'm busy working on my first major web site using "Joomla!" 1.5. One of the things I did for the site was to install a simple component that provides an index of articles in a side panel. Simple enough, you click on the index link and it fetches the page with that article.

The problem is that it's quite a page. There's a nice graphics-rich template that wraps the site, then there's the Javascript. A full copy of mootools comes with every page. Sure the browser has most of this stuff cached, and Joomla has the actual page content cached, but still the browser has to do a lot of work to reload the page and recompile mootools, just to change a relatively small portion of the page. The user gets to watch as everything is (re)displayed, most of it exactly the same as it was before the request.

The obvious solution would be to have the index link send an AJAX request for the relevant content and then to simply repaint the area that needs to change, but that only works in this specific case and it deprives the CMS of the ability to update other parts of the page in response to the request or to other events at the server.

I'm big on generalizing ideas like this, so why not make the entire site a single page? The first time the browser requests something from the site, send the structure of the template, and most of the Javascript needed to run the site down to the browser. Then make every internal site link send an AJAX request. The server can respond with a list of the areas of the template that need to be updated, along with either the HTML or the data needed to perform the update.

Now my index request could respond with a new menu, any updated news items, the content I requested, or even a completely new page layout. The client-side application then applies these updates, possibly issuing secondary requests. Only the data that's changed comes back from the server, and most of the Javascript loads just once with the first request, so the page updates much faster than it did before. Best of all, the user doesn't have to watch the template being regenerated, which is visually disturbing no matter how quick it is.

Now the page is an application in itself, and the browser is playing the role of the operating system. The user gets a platform independent, end-device sensitive interface that can be rich, intuitive, and more interactive.

It's an idea worth implementing. Not for this particular site, but it would be nice to build this capability right into Joomla!

Microsoft Security Fix Clobbers Two Million Password Stealers

nospam@example.com (Alan Langford (developer blog)) — Tue, 24 Jun 2008 09:06:48 -0500

Normally I'm no fan of the "blog by repeating news" style, but in this case I have to make an exception. The headline above is from a Computerworld Security article dated June 20, 2008. Discussing a recent upgrade to Microsoft's Malicious Software Removal Tool, this excerpt caught my attention:

One password stealer, called Taterf, was detected on 700,000 computers in the first day after the update. That's twice as many infections as were spotted during the entire month after Microsoft began detecting the notorious Storm Worm malware last September.

"These are ridiculous numbers of infections my friends, absolutely mind-boggling," wrote Matt McCormack, a spokesman with Microsoft's Malware Response Center, in a Friday blog posting.

This may be mind-boggling to someone who lives deep in Microsoft culture, but to everyone else, it's barely a surprise. The missing part of McCormack's quote should have been "The Linux/Unix guys are right, Windows security still sucks at a deep structural level." Good thing regular doses of Microsoft Cool-Aid prevents that.

Firefox 3 is Ready, Bug 183689 Intact. Duh.

nospam@example.com (Alan Langford (developer blog)) — Sat, 14 Jun 2008 06:16:24 -0500

The good news is that Firefox 3, one of the best web browsers available, is set to release version 3 in a few days.

The weird news is that it's shipping with Bug 183689 fully intact. Under mysterious (or at least elusive) circumstances, Firefox fails to close a file that the user uploads to a web site. The file is locked and unusable until Firefox is restarted.

This has the ring of familiarity. Any user of Firefox 2.x who has lots of extensions installed will have noticed that it tends to get more and more sluggish over time. A quick look at the process will reveal that memory consumption continuously rises until the best thing to do is restart it.

That's not really a problem that the Firefox developers had a lot of control over. If an extension is leaking memory, there's not much the core can do to stop it. In fact this is one of the major improvements in Firefox 3. A new, sophisticated memory manager now finds a lot of these unreferenced data structures and cleans them up. On my system, the memory footprint for Firefox 3 is nearly 200Mib smaller at start up, and if it grows, it doesn't grow very fast. That alone is reason to upgrade on June 17, 2008 – Firefox Download Day.

The point of this digression is that I've become used to Firefox losing track of resources. But losing a file handle? Really. Can that be too hard to find? Apparently the answer is "yes", since Bug 183689 has been open since December, 2002! There are some good reasons why the browser needs to keep track of the file, for example if you refresh the resulting page, the file is part of the Post data that needs to be re-sent.

But eliminating memory leaks is hard, and it's easy to just rely on increasingly sophisticated garbage collection tools instead of finding the cause. Unfortunately, a garbage collector has no way of knowing that something it's cleaning up represents an open file, so the memory leak is fixed, but the file handle leak remains.

Five-plus years is far too long for a major bug to remain open, even for an open source project. But don't go updating that bug! Despite the fact that there's no explanation that the issue is independent of the user's specific circumstances, any provision of additional information will be considered spam by Jonas Sicking, the fellow who has been assigned the bug. Considering that the bug seems difficult to reproduce, the contradiction is obvious. One would think that more examples might lead to the discovery of a pattern, but that seems to not be the case as far as Mr. Sicking is concerned.

Hopefully he was just feeling a little stressed with a major release coming up so quickly, and his comment will be clarified or withdrawn. If not, I'm guessing this one is going to remain open for quite some time to come.

[Note: it has since been determined that an extension, LiveHTTPHeaders, is the culprit for this bug. My "duh" is withdrawn. My disdain for Mr. Sickling's response remains unchanged, however.]

Malware Injection: More Fun With Skype

nospam@example.com (Alan Langford) — Thu, 29 May 2008 13:43:15 -0500

Skype screen capture

This one probably isn't new, but it's worth noting. An associate recently got this bogus "security warning". Appropriately named "irony", the message warns the user that "Security Center has detected Malware" and directs the user to a site where they can download a patch. Click on the image for a full sized version.

The "patch" will install malware on the user's computer. At least they can't forge the link as belonging to Microsoft, but this could easily fool an unsuspecting user.

Ubuntu is an African Word...

nospam@example.com (Alan Langford (developer blog)) — Fri, 23 May 2008 08:39:52 -0500

...that means "Gentoo is too hard for me."

This line came from a chat with another developer, and I had to write it down. It has a lot of truth to it, as I watch my system compile the latest point release of KDE, while telling me I need to compile a new kernel and rewrite my MBR with the latest version of grub. Sigh.

Maybe it's not so much "too hard", but just "too much trouble." Don't get me wrong, I love Gentoo. I've made my Gentoo box do some really neat things, and most of the time I know I have the latest and greatest installed and ready to go.

On the other hand, my Kubuntu laptop is a lot easier to maintain, even if it's not right up there on the cutting edge. An Ubuntu maintenance update takes minutes; KDE will be compiled in 5 hours or so, and there will be manual steps to be done after that.

Then there's the matter of "not by me" maintenance. If I put Gentoo into a production server, how long will it take me to train someone else to take care of it? What are the odds that they'll fail? If they quit, how easy will it be to find a replacement? It used to be that I planned to build a stable binary build on a stand-alone machine, then use it to send binary packages to production servers, but even that still needs someone willing to deal with Gentoo's quirks and complexities on the back end.

Tossing Gentoo and moving to Ubuntu may be copping out, but it's a lot simpler. It's not the "best" solution from a bit-head's point of view, but from the management side, it's "Keep It simple, Stupid" in action.

The biggest problem will be moving all the development tools and demos across. Switching distributions isn't something to be taken lightly. It's a job for when I have a few days to play... like that's about to happen.

"Joomla!" Goes PHP5

nospam@example.com (Alan Langford (developer blog)) — Mon, 12 May 2008 14:47:20 -0500

The decision to drop PHP4 support in the next version of Joomla was made yesterday.

There's going to be some controversy over this one, but in my opinion, it's the right move. It's actually something I've been (gently, I hope) lobbying for for months.

Top reasons to move to PHP5:

By the time 1.6 comes out, PHP4 will be completely unsupported.

We can make Joomla run faster under PHP5.

The only people this will cause a really serious problem for are lazy ISPs who haven't got their act together. Hosting providers who don't have PHP5 support in place by now probably have all sorts of other maintenance issues outstanding and deserve this pain, in my opinion.

It makes my AP5L ACL code a candidate for use as a "rights provider" in the next release, which would makr my first really significant contribution to the project.

PHP5 is a lot nicer to code in.

Very happy.

Online Shopping versus Traditional Shopping

nospam@example.com (Alan Langford) — Mon, 25 Feb 2008 13:36:49 -0600

It's interesting how often the question of online versus traditional shopping comes up. A friend asked me this earlier today and I gave him the same answer I've been providing for a decade now.

These days the response seems reasonable, but back in 1998 it was heresy. It used to be guaranteed to make a room full of start-ups and venture capitalists go dead quiet. Of course back then we were in the middle of the dot-com boom, when somehow geeks who don't like daylight managed to convince everyone that their concept of a good shopping experience was somehow universal.

So here it is:
Continue reading "Online Shopping versus Traditional Shopping"

Steve Jobs Just Loves Windows Vista!

nospam@example.com (Alan Langford) — Tue, 29 Jan 2008 22:55:51 -0600

As more Windows users cry "Help, I've been Vista whipped!", I thought that the introduction of the oppressive Windows Vista was going to be a boon for Linux.

I got the first part right. As Vista subverts your computer into a Microsoft Peripheral, subject to whatever whim "Balmer and The Boys" cook up, users have resisted. A large number of not-so-technical people I've talked to want to avoid Vista like the plague. [And in my opinion, rightly so.]

My assumption was that given reasonably priced hardware from several suppliers and completely free Linux distributions like Ubuntu, the discomfort with Vista would be the kick that finally pushed Linux into the consumer mainstream.

Not so.
Continue reading "Steve Jobs Just Loves Windows Vista!"

Open Source Changes Software Acquisitions

nospam@example.com (Alan Langford) — Tue, 29 Jan 2008 08:25:32 -0600

It used to be that when one software company acquired another, it was frequently as much an acquisition of a customer base as it was one of technology. Often it was a "strategic acquisition" which frequently meant taking a competitor out.

These sorts of acquisitions are the worst: Some innovative company gives a major player a hard time by delivering a great product. It develops a fiercely loyal customer base. "Majorco" users start to ask "when are you going to implement feature X like 'Smallco' does"? Unfortunately feature X requires a complete re-write of the major company's fragile solution, and being constantly reminded of this is no fun. So what does the major player do? Simple, acquire Smallco and throw their technology away. All the customers who hated you now really hate you, but they now have no choice and the customer bleed stops.

As a customer I've had this happen to me more than once, and it sucks. I've dropped entire lines of business partially because I couldn't bear working with the purchaser's sorry-ass excuse for a product.

The integration process must be something else in these situations too. The guys who run Smallco are now rich. They have a contract that makes them hang around and say nice things about Majorco for a couple of years. Then they can go off and do what they want. The rest of the staff, at least those who survive "cost efficiencies", have a choice of working with a product they probably hate, or finding new employment.

In the open source era, customers are defended from this sort of thing.
Continue reading "Open Source Changes Software Acquisitions"