Moving House
PLEASE BE PATIENT if you have sent me and email – and refrain from sending me abusive messages….. you know who you are…
I am moving house at the moment, and only have mobile broadband access and my main PC is in a box! I dont have all the tools I need to do my job and so therefore I cant 
I’ll be up to full speed by next Monday again.
Thanks to those who are being patient
The scale of the email problem
I blog quite often on the email over load I am under
But this time here are some interesting statistics to put it in perspective.
In February 2007 I set up a gmail account and I forward a single copy of all incoming email to that account, gmail filters the spam so whats left in my inbox is all good mail.
So since 17 Feb 2007 I have received 159976 emails (recorded by gmail) ! (Thats exact as of now. the rest of these figures are slightly less as its not yet feb 2009)
Thats an average of:
- 79988 emails per year
- 6665 emails per month
- 222 emails per day
And I aim to reply to each and every one of these personally!!! Gulp
Lets say I reply to 222 emails a day and each takes me 2 mins to research and type a reply to – thats 444mins = 7.4 hours……
so after replying ot my emails everyday I have 0.1 hours to do other things – like go to the bathroom, eat and drink coffee – no wonder I struggle!
I’m Declaring Email Bankruptcy!
I have been toying with this idea to make me more productive for some time now, and then today I found out that I was not alone and that the term “Email Bankruptcy” is in fact something that has been done by many others over the years…
So as of today – I have Zero Emails in my Inbox. (I just deleted over 500!)
Question: Whoah there you might say… Why have you done that?
Answer: Well because the last 10 emails I replied to all replied back to me saying the problem was resolved or they don’t need assistance any more! – a waste of my time – some of these emails have built up over time as I have been out of the office, some of these emails can be answered by READING THE FAQ and some are just plain stupid.
Question: Does this mean you are not answering emails?
Answer: No it doesn’t – I will still answer any email sent me from now on, even if its a resend of an earlier email, by you resending it I know that its important and needs my attention rather than being one email in a big sea of emails…
Question: I sent you an email last week, am I going to get a reply?
Answer: Not unless you resend it !!!
Question: Why are you doing this!!!!
Answer: Simple – there are just not enough hours in a work week to reply to all the new emails and the historic ones built up over the last few weeks (months!) and why should I waste time researching, composing and replying to emails where my replies are no longer required…
Question: Ok then, so where else can I find help to save me emailing you?
Answer: to be honest I use a lot of quick replies to FAQ posts and Blog posts where 80% of all my email queries have already been answered, please try searching the blog, or visiting the products FAQ page (Especially Forms for Joomla, there are some articles in there I email people about all the time!!)
Question: So how long will it take for you to reply to my next email?
Answer: Don’t Know but a hell of a lot sooner than before I declared email bankruptcy!
(Ok I lied, I am keeping about 10 emails from the last few hours in my inbox as they are current and require my input 
)
The Future: Well its easy to “keep up” when I’m in the office, also this frees up more time for development, its been far tooooooo long since my latest releases and we have some exciting new features to roll out, including some bug fixes
So Thanks for your patience email me if you really need to
Back From Holiday – Playing Catchup!
We are now back from our holiday and returning to work – over a thousand emails to filter through, plus more forum posts and other incoming communications… Please be patient
Our trip was a good break away – however VENICE IS A DUMP, we were highly disappointed with Venice. The place is nothing like the TV or Books portray and is infact nothing more than a graffiti plastered, rubbish strewn, smelling island in the middle of a lagoon with a massive industrial plant on one side and water on the other. I would never recommend you go to Venice, unless you are a real lover of history and art – and never take a baby or wheelchair, see those lovely little bridges? well each one is actually a stepladder up and down again! steps, steps and more steps!!!
The hotel was the only thing that stopped us returning after a few days! The hotel room was a mini-suite and was simply amazing! (As was the local internet cafe!)
So back to work now – all systems go – but we ask for your patience if you have contacted us over the last week – we will get to your emails – promise!
Joomla Still Doesn’t Get it on Migrating
I was out on the web today when I came across an article from someone who doesn’t normally blog ablout Joomla, but about Macs.
I advise you to read the full article, but to pad out my own blog post here is a short except:
However, I continue to believe that, the largest difference will be that Joomla will fail because of their migration, whereas Apple executed a perfect migration. First, “for those interested in migrating”… a product management failure right off the bat. Joomla should be thinking that every site should upgrade, and they should be evangelizing Joomla admins to start looking to making that transaction. Second, saying that the migration process has issues completely ignores the fact that migration should have been a paramount priority.
An interesting opinion from a regular Joomla user!….
Edit: I note that the Joomla Dev Blog now has a post on the migration procedure as well – I really should have a coffee before blog posting
Joomla 1.0.13 contains a CSRF vulnerbility
We write this blog post with sadness. On the 4th December 2007 a nice white hat hacker notified the Joomla Core Development team of a CSRF Vulnerability in Joomla 1.0.13 and Joomla 1.5 RC3.There have been many reports of these vulnerabilities around the web since then.
The nature of the vulnerability means that your site cannot be hacked while you sleep (like many of the other types of 3rd party component issues), but requires you (the sites Super Admin) to be logged into Joomla Admin while at the same time surfing sites (maybe even your own) that contain links to [THINGS] that send [NAUGHTY] requests back to your Joomla Admin Console without you knowing. This can lead to complete disaster and even complete server compromise.
The Joomla Developers took only 4 days to fix this in Joomla 1.5 SVN and then shortly after released Joomla 1.5 RC4 stating they had fixed this category A5 Security [High] Vulnerability.
To date, no changes and no attempts by the core development team have been made to the Joomla 1.0.13+ SVN tree to fix this vulnerability in Joomla 1.0.13 Update: Changes are now in SVN for the next version of Joomla 1.0.x – about time!
In an effort to assist them we spent a few hours and backported code from Joomla 1.5 RC4 to Joomla 1.0.13 and made all the changes required to fix Joomla 1.0.13 and make it secure from this type of vulnerability.
Details of this can be found in the following forum thread:
http://forum.joomla.org/index.php/topic,248109.msg1136076.html#msg1136076
I personally emailed all three lead developers with the same information as I published there, including providing the diff/patch files to Joomla 1.0.13. I have been assured that once Joomla 1.5 stable is released time will be spent on fixing this issue in Joomla 1.0.13 (I object to this – why take 4 days to fix unreleased software and over 4 weeks to fix software running on millions of sites already?!?)
Here is my professional advice to help you stay safe from the known and publish vulnerability until the next version of Joomla 1.0.x is released.
The number one bit of advice I can give all site admins at the moment is to – LOGOUT OF YOUR JOOMLA ADMIN as soon as you finish using it, and do not surf around the internet in other tabs/browser windows while administrating your Joomla site, and if you allow users to modify your site’s frontend, be careful not to surf your frontend as well while logged in.
Do not install any 3rd party components/mambots/modules/AND TEMPLATES!!! from untrusted sources, if these components choose they can use this vulnerability to do[BAD] things…
Joomla 1.0.13 New Password Hashing Method Means NO Compatibilty
Ever since the conception of Mambo/Joomla the passwords for admins and users have been converted into a md5 hash string and stored to the database.
In Joomla 1.0.13 (About time too!) this has changed. The password is now “salted” and then md5 hashed with the salt, the salt and the password are both stored in the database.
This means that Joomla 1.0.13 breaks backwards compatibility with itself (you can’t downgrade to anything before joomla 1.0.13), and with some extensions like Community Builder and Forum bridges!!
Basically any 3rd Party Component that reads/writes/validates the password of an admin or user will now FAIL in Joomla 1.0.13 unless it is updated to know about the new changes.
The salting of passwords is a good security step – we praise the core team for doing it – HOWEVER no announcement has been made about this, no blog post has been made and users are now in the dark – remember, this means you can NEVER DOWNGRADE your site if you have problems so make sure you MAKE A BACKUP before upgrading to Joomla 1.0.13 – you have now been warned!
Extensions Site Voting Rigged By The Faceless
Here is a new listing (Joomla Tags) on the Joomla Extensions Directory (JED) Site
It has 13 anonymous votes – giving it 3stars out of 5
It has 5 (great) reviews all 5 star ratings.
Should the JED allow anonymous voting?! I dont believe so – I (any visitor) could quite happily vote down ANY extension on the JED without reason.
Maybe the votes should be linked to the reviews and not anonymous clicks? At least with good and bad reviews you can understand the reason for the current number of stars.
Surely a component such as our Joomla Tags, which has received 5 positive, 5 star reviews from real people (with joomla accounts – easily identified and traced if needed) should not have a 3star rating swayed by faceless anonymous people, who may or may not even used the component !?!?!?!?
This is not a commercial rant – but it can happen on any free component listing too.
Why allow the faceless to sway the rating?
Keep up to date with Joomla Related News
I was asked today how I manage to keep up with the huge amount of new news about Joomla from the official source and other peoples blogs about Joomla – simple – RSS Feeds and Google Alerts!
Google Alerts:
The google alerts system allows anyone to subscribe to alerts for any keyword, We have several alerts set up with them, keywords for “Joomla”, all our product names and all our competitors names, along with some terms relevant to hacking and security in Joomla. When Google spots a blog post, news item or new web page containing these terms Google emails an update direct to my mailbox. Useful for finding new blogs too!
RSS:
I think most people know what RSS is by now, I’m not going to go too much into it, infact this blog post was more about Google than RSS – just know this, RSS is useful for looking for changes on a small number of websites, I have over 250 RSS feeds and I find filtering out the noise and finding keywords relavant to me and my company very difficult. (We use the sage plugin for firefox since we left behind our windows days and became 100% linux based. On windows we recommend FeedDemon)
No affiliate links in this post – just wanted to help you find relevant information about Joomla.
What kind of support can you expect after purchasing?
Last year I wrote a note about how we provide support for our customers after they have purchased, I am repeating that post now as I find that it is important to make the distinction between After Sales Support for a product you purchased, and demanding time from an over worked developer for free for your specific “want”.
This note is written as a clarification. I’m not angry just need to let people know what is acceptable Aftersales support and whats not.
When you purchase a product you obviously assume that you will get a certain level of support and assistance for the product you purchase – that is right and proper. However, there is a line between what is aftersales support and what is not support. There is a difference between what is expected and what is blatantly custom development or excessive handholding. Our components are very mature and have been installed on over 8000 servers worldwide – we have total confidence in them and we are dedicated to ensuring you get the best out of them.
Or read it in the FAQ where it has been for some time…