Liberal Hopeful Bob Rae Expects Three Years of Recession?

Bob Rae announced that he will be seeking the leadership of the Liberal Party today. “I’m running because I believe I have the judgement, the character, the values and the experience to lead at a very difficult time in the life of our country,” said Mr. Rae.

It’s not exactly clear which leadership he’s talking about. If he had said “a very difficult time in the life of our party,” I would probably be in agreement. He and Michael Ignatieff are both pretty strong candidates, but I think Mr. Rae stands a better chance in a federal election. I find Ignatieff to be a little distant… he might very well make the best Prime Minister, but that’s no good if you can’t win an election. I also don’t think Mr. Rae’s much-discussed stint as Ontario premier is anywhere near the liability that it’s been made out to be.

But watching today’s press conference, I got the distinct impression that Rae is saying that he’s got what it takes to be PM during hard economic times. So he’s got some magic plan to win the leadership race and topple Harper’s government in the next nine months or so — that would be quite a feat — or he expects the recession to last a good three to four years, the most likely time we’ll be called to the polls again.

Now this downturn may very well last that long, but it sure doesn’t look good to come out looking like that’s your expectation. Looks like poor judgement, which makes the statement self-contradictory. (more…)

Joomla 1.5.8 is… is what??

Shortly after the release of “Joomla!” 1.5.8, I found myself in this release announcement on techcebu.net. It appears to be a bad case of double-translation, from English to Italian (or perhaps Hebrew) and back to English again. The text was just too hilarious to not repost.

11Nov JOOMLA 1.5.8 RELEASED

Joomla 1.5.8 Released

The Joomla Project is entertained to foretell the unmediated availability of Joomla 1.5.8 [Wohnaiki]. This promulgation contains a sort of fault fixes and digit moderate-level section fixes. It has been around digit months since Joomla 1.5.7 was liberated on Sept 9, 2008. The Development Working Group™s content is to move to wage regular, regular updates to the Joomla community.
Download
Click here to download Joomla 1.5.8 (Full package) »
Click here to encounter an update package. »

Instructions

* New installation and technical requirements
* Upgrade from an existing Joomla 1.5 version
* Migration from Joomla! 1.0.x

Want to effort intend Joomla? Try the online demo. Documentation is acquirable for beginners.
Release Notes

Check the Joomla 1.5.8 Post-Release Notes to wager if there are essential items and adjuvant hints unconcealed after the release.

View instance release notes for Joomla 1.5.7 or release notes for Joomla 1.5.6.
Security

* Two moderate-level section issues were immobile in this release:
o Default filtering for content
o Filtering for Web Link descriptions

For additional information, visit the Joomla Security Center.
Components

* Articles: Remove brackets around Last Updated fellow and time, Start Publishing fellow corrections for another than UT1 00:00, impact counts precise for Articles, adding a expanse after a draped telecommunicate address
* E-mail addresses: Correctly draped when presented in Section and Category descriptions
* Categories: Edit picture aright shows for Articles without Title links, Print picture precise today on prototypal tender for Blog Layout
*
Sections: Plural and signifier modify correction, Category unification right ended, Router changes reverted to edition 1.5.6 so Article ID does not attach to the Article slug
* Frontpage: Article naming correction, rectified sort of Links
* Contacts: Image pass rebuke when Image Directory is configured
* RSS Feed: Corrected spelling of Category in Category feed
* User: Added isInternal checking on referer values
* Weblinks: Language strings

Modules

*
Feed: Target concept validation, module progress correction
* Login: ItemID is cured on redirect
* Menu: Changing Menu Link Type today functions properly, Section Language string, Article Reset fix working
* Related Items: Keyword matched functions aright and filters characters appropriately
* Stats: Corrected Time
* Sections: No dominance constant entireness correctly
* Search: Form validates aright for Transitional xHTML

Legacy

* Return evidence additional for Legacy Menu Check

Templates

* Beez: Lengthened E-mail Content Popup, Search fix today entireness when pressed, countersign set entireness correctly, corrections to Beez HTML folders, User info tender corrected
* JA_Purity: Added absent module strings

Administrator

* Console: Added “Welcome to Joomla!” aggregation and Joomla Security RSS feeds to Administrator Console
* Installation: Proper redaction of factor directories, choice entries for Templates and Languages are today precise for uninstall
* Media Manager: Changed choice for newborn sites to alter Flash multi-file uploader cod to contradictoriness with Flash 10
* Installation: Remove unclear nonachievement communication most module files for spreading installations, Administrator Modules today aright uninstall INI files
* Sample data: Updated programme feeds to saucer to liberated code accord sites, comprehensive corrections and updates to distribution content

System

* API: JFolder::files and JFolder::folders corrections for Search, absent Method additional to JRecordSet, Database Class aright quotes obloquy not using extend notation, JTableUser matches using the precise sort of fields
* Cache: Correct undefinable uncertain in Cache Class
* Language file: Corrected wording, precise artefact of PDF fonts autarkical of module choices, individual module progress corrections in en-GB.ini
* Menu: Performance improvements for sites with some schedule items
* Users: Temporary Users are today healthy to logout, bonded prescript crapper today be utilised when redaction statement details
* Added PHP 4 sympathy for isInternal checking

Statistics

Statistics for the 1.5.8 promulgation period:

* Joomla 1.5.8 contains:
o 71 issues immobile in SVN
o 26 commits
* Tracker state resulted in a gain modification of 4 astir issues:
o 65 newborn reports
o 130 closed
o 66 immobile in SVN
* At the instance the 1.5.8 promulgation was packaged, the tracker had 114 astir issues:
o 44 open
o 44 confirmed
o 24 pending

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their sacred efforts work reports, sterilisation problems, and applying patches to Joomla. If you encounter a fault with Joomla, find discover more aggregation here on how to inform the bug.

Active members of the Joomla Bug Squad during this terminal promulgation wheel include: Ian MacLennan and Mark Dexter co-leads; Airton Torres, river Zijlstra, Akarawuth Tamrareang, Alan Langford, suffragist Ferrara, Amy Stephen, saint Eddie, Elin Waring, Ercan Ozkaya, Charl camper Niekerk, Gergo Erdosi, Hannes Papenberg, Jennifer Marriott, Jens-Christian Skibakk, Jonah Braun, carpenter LeBlanc, Kevin Devine, Marijke Stuivenberg, Mati Kochen, Mickael Maison, Robin Muilwijk, prophet Moffatt, Shantanu Bala, Toby Patterson, and Wilco Jansen.

A hearty recognize to the newest members of the Joomla Bug Squad: Dan Walker, Eduardo Diaz, and Tibor Toth.

“IBM May Quit Technology Standards Bodies” WSJ Screams

Some days I wonder about the entire field of journalism. The quoted phrase above is from an article headline in the Wall Street Journal (September 23, 2008, they don’t deserve an actual link). The headline is not inaccurate, but it is close to the most ludicrously sensational interpretation of the facts that is possible.

This is what the actual IBM press release has to say on the point: “The tenets of IBM’s new policy are to: Begin or end participation in standards bodies based on the quality and openness of their processes, membership rules, and intellectual property policies.”

Thus an equally useless headline might be “IBM May Join Technology Standards Bodies.” I thought Journalism was supposed to add value for the reader, but it seems that even for otherwise reputable organizations, it’s really all about sensational headlines that add value to the advertising department. “Reputable” in this context is now officially meaningless. Sad.

I’ve noticed a lot of general criticism of standards processes over the past few weeks, and I think this release from IBM is largely responsible for firing up the discussion. For the most part, the criticism is justified. It seems that standards processes are either needlessly academic and somewhat out of touch with reality, or deeply buried in corporate politics and patent complications, which has a tendency to result in crappy standards. IBM’s policy release sort of touches on this with another tenet: “Collaborate with standards bodies and developer communities to ensure that open software interoperability standards are freely available and implementable.” The problem with this is that IBM seems to want to set itself up as some benign intermediary between the standards process and the people who need to use the standards. Call me silly, but it seems more appropriate that the developer communities should be an integral part of the standards process, not some second-hand “collaborative resource”.

The essence of the problem is funding. Participation in the standards process isn’t cheap. Not only does membership cost, but participants typically absorb the costs of time, travel, and communications. Standards bodies need a funding model that ensures accessibility based on merit and relevance, rather than dollars. I don’t know what that model is, but is can’t be based on revenue from selling standards documents, either. The prospect of having to pay real money in order to ensure compliance with a standard is, in most cases, equally ridiculous and stupid.

The Anatomy of a Security Breach

“Joomla!” had an extremely serious security issue arise earlier in the week. I’m pretty deeply involved in the project, and I happened to be on the Bug Squad chat when the news broke. The issue was not a SQL injection problem, as many sources have assumed but reported as fact. Ironically, it had to do with defeating a session security feature. The security problem was a programming error. “Joomla!” goes through extensive procedures to defend against SQL injection, and from version 1.5 onward, such a vulnerability in the core code is highly unlikely. [Extensions are another matter. I strongly recommend that users only install open source extensions that have either been audited or that have broad community support.]

Even though this problem caused a fair bit of damage, I’m very proud of how the “Joomla!” team responded to the problem. This was a worst-case scenario: the exploit was published with no advance notification, and it was dead simple to implement.

The first we heard of it was a post on the Dutch “Joomla!” forums. One of the Bug Squad team mentioned this in chat on August 12th at 15:50 EST. We immediately took steps to verify the issue, and then once confirmed, to remove the details from the forum post. A patch was made available for testing at 16:10. A full package release was made available for testing at 18:19. Announcement of the release was made on joomla.org at 18:57, and by 19:40 update packages were also available. That’s three hours and 50 minutes from report to full public release. If that’s not a record I’ll be surprised.

What is distressing is that a large number of security focused sites reported this as a SQL injection vulnerability, along with a variety of other erroneous or misleading information. Almost a week later, many have corrected their errors, but several have not. Considering that the “Joomla!” team responded so quickly, and that complete information was posted as the first item on the joomla.org web site before the exploit became widely known, this suggests that many of these sites simply repeated each other’s misinformation, rather than taking even the smallest steps to verify the report.

Granted a sample size of one event is not sufficient to draw conclusions, but if this is any indication of how “trusted” security information sources behave, then it is no wonder that whole security field has a serious credibility issue. These kinds of reports are extremely serious matters, with a lot of potential for damage. Certainly the timeliness of information is critical, but hopefully not at the expense of accuracy. The security community has a deep obligation to perform the simplest verification of facts before rushing to publication.

Paris Hilton Gives Republicans a Lesson in Internet 101

I kind of like republican Presidential candidate John McCain — as a person. He seemed to have great personal integrity until last week, when his campaign started running attack ads against his Democratic opponent, Barack Obama.

Unfortunately for him, this ill-advised manoeuvre seems to have been engineered by a bunch of old dinosaurs who are completely out of touch with the reality of the Internet. I guess nobody told them that big television advertising dollars no longer get you exclusive access to the attention of the populace. Oops.

The McCain ads sandwiched Obama’s image with those of Britney Spears and Paris Hilton, deriding him as a mere celebrity, not ready to lead. I’ve always maintained that Ms. Hilton plays her public image as a lot dumber than she really is (don’t get me wrong, I’m not giving her Rhodes Scholar either), and this week Paris Hilton shot back at the use of her image in that ad.

Analysts have said that the main advantage of the McCain ads were that they got widespread news coverage, and that having segments of them lead the news gave them huge extra exposure at no cost. Unfortunately for them, it looks like Hilton’s spoof, likely shot for a few tens of thousands of dollars and featuring McCain being referred to as “wrinkly white-haired guy”, is going to get almost as much exposure.

In general, I think attack ads are crass and desperate (particularly when run by a party that is in power outside an election, but that’s another post entirely), and it’s good to see them backfire. The only real downside of this parody is that there will probably be an embarrassingly large number of ballots filed in November with Paris Hilton as a write-in candidate.

To conclude, here’s the Internet 101 summary for anyone contemplating an attack ad:

In a wired world, be careful about where you lob the muck. It’s a lot easier to fight back than you think.