Oh 1.5.13 how will we remember thee - not only was it released a scant 3 weeks after the last one, it also breaks the media manager, gee i never really use the picture part of my web sites anyway.

So now I have to unzip, upload and patch all my sites just to get the security update to stop breaking them.

Quick note to joomla folks - love you, yes I do, but think about us schlemiels actually using joomla for clients - small biz cannot afford the time it takes to participate in the great experiment. ie - howabout a stable joomla for people whose business depends on joomla and experimental for the latest greatest:  (link updated)

http://docs.joomla.org/What_happend_to_the_Media_Manager?

Is anybody else annoyed at the frequency of these security updates, especially for us manual laborers it's a little much yes?

and for those who use template overrides another issue to deal with re security updates:

http://brian.teeman.net/joomla-gps/automatic-joomla-updates.html

This is a time and cost issue for small biz using Joomla and frankly in my opinion is bordering on painindabutt territory -

I know upgrading a cms is not as easy updating say an ftp program but, automating joomla security updates as much possible and/or getting updates down to say 6 a year, I think is going to be important cost and time issue going forward.

Oh, and now all my sites' backups are technically not up to date. I'm about to dig in to Joomlapack native tools which purportedly will automate and solve this issue, link below, but the good folks at Joomla need get a handle on the variety of consequences joomla security updates have on us humps out hustling da joomlaz on the street. 

 http://joomlapack.net/news/releases/native-tools-2009-3.html

###

Jeff Channell is a web guy who I've seen time and time again volunteer his time on the Joomla security forum. He has found several Joomla extensions with XSS Vulnerabity exploits. He was kind enough to answer some questions about what it is and how Joomla site managers can best defend against it:

The way I really learned (and keep learning)  about Joomla security was to start reading the security forum every morning:

http://forum.joomla.org/viewforum.php?f=432

If the tales of woe wept within do not spark your security urge, nothing will.

Action Item #1: A web guy from WV (Jeff Channell) frequently helps people out within the forum, and recently posted that he has found 9 Joomla extensions with XSS Vulnerabilities. He was kind enough to answer some questions about this issue and what to do about it, I will post Q&A separately. Here is the XSS vulnerability security forum post:

http://forum.joomla.org/viewtopic.php?f=432&t=420895

Action Item #2: Recently in my inbox I received an email blast from Phil Taylor, subject: 'not up to date' Joomla sites are being hacked by automated hacking bots at an alarming rate. Conclusion - make sure to keep Joomla installations up to date, and, of course, only download Joomla from the official Joomla site:

http://www.joomla.org/announcements/release-news/5242-joomla-1512-released.html

Resources: For Joomla security beginners (aren't we all) Joomla provides solid commonsense checklist:

http://docs.joomla.org/Category:Security_Checklist

For the advanced player, or if you just want to be scared, very scared, I like Tom Canavan's Joomla security book. Additionally, for those interested generally in network and computer security as a career, you will get a ton of great tools and tips from this book:

http://www.amazon.com/Joomla-Web-Security-Tom-Canavan/dp/1847194885

I appreciate everyone's patience while we get up to speed on how JomSocial integrates with the JoomlaChicago website!  We're working on a new site design right now, but as we know, "form follows function." Frankly, we're still learning about all the "functions" which Azrul has built into this puppy, so we don't want to rush the design (too much). 

If you would like to help out on building out the social-end of the site, let me know! That's what JoomlaChicago is here for: for YOU to learn how to get the most out of Joomla! CMS. That means you're better off breaking this site than yours, when trying out new stuff! ;)

Cheers!

Ad agencies in Minneapolis are teaming up to tell a story: "Minneapolis is a powerhouse center for advertising services" -- read the full story in the New York Times.

Shouldn't we be doing something similar in Chicago, around the topic of Content Management System (CMS) services?

Not sure how to put a concerted effort together around this -- as the ad agencies did in Minneapolis -- how can we work together to make something like this happen?

Joe Scarry is head project manager for Chicago Joomla web developer and web design firm Arc Technology Group.

The schedule for CMS Expo just came out. Arc Technology Group president Robert Jacobi will be doing a presentation along with Arc client JellyTelly about how to use Joomla in combination with cloud computing utility Ooyala to serve up large amounts of video on the web: Check it out the presentation description!

Joe Scarry is head project manager for Chicago Joomla web developer and web design firm Arc Technology Group.

Following my October 08, 2008 presentation titled "Joomla Security Nuggets" I have been asked by many for a copy of the presentation. I have decided to make the presentation slides available on this website.

Remember that we only scratched the surface and it is your job to perform your own research to verify and solidify your knowledge.

If you found value, please stay tuned for more in dept instruction and consulting provided through my upcoming professional services.

This presentation along with others from our monthly meetings is found on this website under the "Presentations " tab.

Now it's your turn to contribute back and reply to this blog with your additional security tips.

What operating system do you run Joomla! ? I will refer to the operating system in this blog as a platform.  Due the Open Software that Joomla is built on (Apache, MySql, PHP) Joomla! can run on various platforms.  The Joomla! 1.5 installation manual indicates that Joomla has been tested on Windows, Linux, and Apple Mac OSX.

I would say that 99% of the people I talk to run Joomla! on the Linux platform.  I recommend the Linux platform to the majority of the folks who ask for advise.  I am not suggesting that windows and OSX is less suited. It really depends upon each persons or companies circumstances.  For example, budgets, security, transaction volume, experience, skills, company policy, etc.  

I am a long time IT professional in large data centers.  For over 25 years I have been a systems programmer on mainframes and morphed into UNIX administration on IBM's flavor of UNIX called AIX on IBM Pseries enterprise servers (Power5 and Power6).  

Is Joomla! ready for the corporate world?  I believe it can be when used where it makes sense.  

I decided to challenge myself with the task to install Joomla! on an IBM Pseries Server inside a VIO LPAR running on the AIX Operating system.   
Yesterday I accomplished this goal.  After installing AMP (Apache, MySQL, PHP) I was able to install Joomla! 1.5.6 without any difficulty.

I hope to use this Joomla! installation for our teams documentation.
For those interested more in the advantages of the IBM Pseries servers take a look at a demo of only two of the benefits of a Power6 server...