Archive for August, 2006

Debunking General Public License (GPL) myths

GPL LogoIt’s so easy for us in the open source world to get confused about what exactly the GPL covers, and what it doesn’t. Today, IT Manager’s Journal published a great story that interviewed three key lawyers about the general myths spread through the open source community about GPL, and provide great answers to misconceptions such as:

  • The GPL is viral
  • The GPL is unenforceable
  • You can’t charge for GPL software
  • The “liberty or death” clause applies absolutely

…and more. Definitely worth a read for anyone doing open source development, especially all you third-party Joomla component providers.

 

Laptop stolen from a great non-profit, time to give back

Aspiration TechThe LinuxWorld SF 2006 conference was a great showing for the PICnet and the Joomla team. It couldn’t have been as successful as it was without the help of our good friends at Aspiration, including Heather Carpenter and Allen Gunn.

Unfortunately, bad things happen to good people.

When we arrived for our last morning at the Moscone Center, we found that one of the laptops graciously provided to our Joomla booth from Aspiration was stolen. A laptop stolen from the .org Pavillion, a section of the conference only to non-profit projects. Someone’s got some bad karma coming at them!

Ryan Ozimek, Pradeep Suthram, and Allen Gunn at NTC 2006Aspiration has been such an inspiration to us, that we want to do whatever we can to help replace the stolen laptop. We encourage our PICnet and Joomla friends to give a little something to this great organization by giving a small donation to Aspiration.

I mean, look at these smiling faces. A little help to our friend Gunner (on right) and his team at Aspiration can go a long way.

 

Time tracker in Basecamp worth the upgrade

BasecampClose friends and clients of PICnet have known for a long time of our love affair with Basecamp. The project management system that popularized Ruby on Rails has been manna from the heavens for us.

Now, they’ve made it even better.

Basecamp Todo Task Time TrackingWell, actually I guess we made it better for ourselves by upgrading our package that includes time tracking for tasks. This was a big issue for us. With our support clients, we’d been finding that many trouble ticket systems were too technically oriented, and kept us out of step with clients’ real needs. The Basecamp system is really more like trouble-tickets crossed with storytelling. The main drawback from the bean counter’s perspective was that it didn’t allow us to track the time spent on interactions with clients, much like the trouble ticketing systems.

Now with our upgrade to a package that includes time-tracking for todo tasks, life has been considerably better. For those that need it, we highly recommend the upgrade to a Basecamp package that includes this valuable feature. Now if they could only allow us to track both estimated and actual billing times. That would be the icing on the cake.

 

Upgrade to Joomla 1.0.11 and save the heartache

Joomla!Early this morning, the Joomla team released an important security and bug fix upgrade. The new version 1.0.11 fixes the following issues:

1.0.11 contains the following fixes:

  • 04 High Level Security Fixes
  • 04 Medium Level Security Fixes
  • 18 Low Level security Fixes
  • 25 General bug fixes

Your friends at PICnet highly recommend you upgrade your Joomla sites immediately. The discussion thread that’s ensued since the launch has been vibrant, with lots of good vibes sent to stingrey who put a ton of work in packaging this release and making it happen.

 

Optgroup – A Lost Element

So the other day I was looking at a site and it had groupings in a drop down. I had never seen that except for this particular site. My curious nature got the best of me and I checked out the source. It used “optgroup”. I had seen them before because they are autotext by Dreamweaver but never knew what they were used for. They were actually exactly what I wanted for a client that I’m working with right now. There is a nice little explanation on it at http://www.htmldog.com/reference/htmltags/optgroup/. Unfortunately, you can’t remove the italics from the title due to the fact that it the browser that is doing it, even FireFox.

 

Autologin after Registration

So one of clients wanted for the user to be automatically logged in after the user registered with the site. I thought it was going to be a little difficult, doing a form with hidden fields that submitted to the login page. But after a little searching, it turns out that its a 2 lines of editing to the registration component. Add “$mainframe” as one of the globals in line 118 and add

 $mainframe->login($row->username,$row->password); 

to line 213. Happy Coding

Ciao Ciao

 

Joomla Security Tip

I got forwarded an email yesterday about a vulnerability in the Joomla! component “a6MamboCredits”. The vulnerability was due to three things.

  1. Registered Globals were turned on.
  2. Joomla! emulates registered globals turned on.
  3. The global varible “mosConfig_absolute_path” was used to include files.

Read more »

 

A shout out to our friends at Pair Networks

Pair NetworksSince PICnet started in 2001, we’ve been using Pair Networks as our shared hosting provider of choice for all our clients. Their staff is amazingly knowledgeable, friendly, and provides immediate support to us tech people. Today, they continued to shine for us.

One of our clients had a completely miserable hosting provider (very large provider that shall remain nameless), and trying to get tech support to figure out what was wrong with their database server took an act of God. Then, when you got tech support, they read off a script, and had about 10 different logins for us to tell them. At the end of the day, the client’s hosting has been in disarray for years with this provider, and they needed to cut fast.

A quick sign-up with Pair, and a nice email to their sales line (I think they know who we are by now), and we were up and running with a new account in less than 15 minutes, with the full connections we needed (SSH, not just Telnet, and all the databases and disk space the client could use).

Pair, if you’re reading this, thanks for 6 years of awesome support! We always recommend them to other organizations looking to find reliable hosting with a friendly, and reliable, support staff. And tech people, their staff are extremely knowledgeable and actually know what they’re talking about (I know, hard to believe, right).

 

Redirecting in Joomla 1.5

So alot of things are changing for Joomla 1.5 and I ran across one of those last night. For redirecting we used “mosRedirect()” in Joomla 1.0. There is a “josRedirect()”, but I was having issues with it last night after I got the latest nightly build. After some research I found “$mainframe->redirect()” which worked flawlessly. Johan confirmed that “$mainframe->redirect()” is the better way to go. Moral of the story “mosRedirect” is now “$mainframe->redirect()”.

 

Please, please turn off register_globals, and other PHP security no-brainers

PHPWoe is the PHP hosting provider that thinks leaving register_globals on is a good thing. At lunch today, the PICnet gang was chatting about security vulnerabilities that were occuring in many Joomla 3rd party components. The problem is that our wonderful Joomla core was taking flack for not being secure, but at the end of the day all the hacks seemed to be occuring because of poor programming and server hosts leaving on the dreaded “register_globals” on their servers.

I mean, this is PHP hosting 101, right?

Unfortunately, one of our great clients had a server that had register_globals turned on, and the hacker took full advantage. Moral of the story, please, please, check to make sure that register_globals is turned off. If your hosting provider has it turned on, turn and run the other way.

Now, to take this to the next step, Johannes Ullrich over at the Internet Storm Center wrote his Tip of the Day on PHP security today. Read more for some excerpts of how you can protect your code.

Read more »