Today Joomla! turns 5. It was five years ago when a handful of individuals decided to put community engagement and Freedom of Choice above profit and fork the Mambo CMS, forming one of the most successful 100% community-driven projects in the world: Joomla!

Most of us are already very experienced with Joomla! so as not to require any help building our own sites. Listening to the client's objectives we can intuitively translate their needs to extensions and potential set-ups. This knowledge comes from years of experience in doing this kind of work. However, this isn't always the case with those who are fresh to the world of the Joomla! CMS. What they need is some guidance or, if you'd like, a way to “seed” their brains with adequate ideas to get them started. I was recently reading Packt Publishing's new book, “Joomla! 1.5 Site Blueprints”, which seems to fit nicely this bill.

I promise you, this article doesn't have to do anything with religion. It talks about site security. The beast I am referring to is unwittingly opening a back door to your site to potential hackers. You may not know it, but you could be a sitting duck. It all lies in the dark world of ownership, users, groups and permissions. This is a long article, but I promise you to learn things you would have never imagined. Let us shed some light to the mystery of the 777 number and kill the evil beast!

On quite a few occasions fellow developers ask me which is the best way to get started with Joomla! Development. Among other things, I always propose that they should have a complete reference of the Joomla! Framework API. The only book which was up to this task was “Mastering Joomla! 1.5 Extension and Framework Development”, albeit a bit outdated since it was written when Joomla!1.5 was still in beta, some two and a half years ago. When Packt Publishing announced that they'd release the updated “Mastering Joomla! 1.5 Extension and Framework Development (Update)” I got ecstatic! So, here you go, I reviewed the new edition of the book and I'm willing to share my experience with you.

Like all of you, I just found out that the upcoming Joomla! World Conference in Melbourne was postponed due to... a rain forecast?! I understand that this is a figure of speech (OK, I'm Greek, I'm not stupid). The "rain" is used metaphorically and this is exactly why I tweeted yesterday that “It takes more than a website and a joomla.org announcement to organize a world conference. It requires COMMUNITY involvement”. Some people mistook my tweet as a bad take on the Australian and Asian Joomla! Community and the event's organizers, implying that they're incapable, or unimportant, or something like that. On the contrary! This is why I am writing this blog post.

Unless you live under a rock, you already know that the past three days J and Beyond 2010 was taking place in Wiesbaden, Germany. The fact that it was the first international Joomla! event was further stressed as it was organized (impeccably!) by the community, for the community. It has been an amazing experience and – certainly – the best three days of my Joomla! life.

Republished from http://www.alltogetherasawhole.org/profiles/blogs/an-urgent-call-to-community.

For everyone who has read the latest Joomla! Developer Working Group notes, there is one thing which instantly became apparent: Joomla! is like a patient on life support.

As I've written in the recent past, one of the most challenging endeavours for anyone experienced in Joomla! is trying to disseminate his own knowledge of the CMS to a complete newbie. Being a developer – instead of a tutor – puts me in an impossible position, as my understanding of the system is registered within me in a way that's impossible to transfer to a non-developer. Well, unless he's in for a steep learning curve and awkward tech-talk. Thankfully, there's Packt Publishing's new book, “Joomla! 1.5 Beginner's Guide”, written by Eric Tiggeler. As promised, this is the full review of the book!

Don't miss the raffle at the end of the article!

As you all know, every new Joomla! installation comes with a Super Administrator account with a well-known user ID: 62. Nobody really knows for sure why 62 was chosen, but this can lead to your site's security being compromised. Why? It is a very well known value and potential hackers can take advantage of it in conjunction with another vulnerability to take control of your site. Known constants are a security nightmare as made clear in the case of the attack against Joomla! 1.5.5 which caused a lot of sites to be compromised as the researcher who found the vulnerability released it to the general public before the Joomla! team had a chance to fix it.

One easy workaround is to demote this well-known user account down to the Registered level and block it, hanging potential hackers to dry. However, in order to complete our security modification we do need another Super Administrator. The problem is that if you just create a new user his ID will be 63, which is not secure at all; it's a hacker's next best bet. So, we need a way to create a Super Administrator with a random ID, preferably in the 1-61 range which is otherwise unused in Joomla!. This is what we are going to do, folks, without even using phpMyAdmin for the task.

Note: You will be modifying your site's database. Even though the following procedure is well-tested, it's best to practice it on a local testing server first.

Whenever I say to a circle of friends that I am a Joomla! developer, the dreaded question always pops up: “Hey, I've heard that this Joomla! thing is good, can you help me build my own site?”. This usually makes me frown because a. the person who asks is a complete newbie to Joomla! and/or web sites and b. they don't want to hire a web developer – like me, for example – to build their site. If I respond positively to such an inquiry I will end up building a site, explaining step-by-step how I do that, do a lot of training and not get paid for my time (no, buying me a coffee doesn't make up for 80 hours of lost time, sorry). If I respond negatively I am usually accused of elitism, or even confronted with the equally dreaded “Oh, come on, you'll just teach me the basics, I don't want to steal your job”. Awh... What can anyone do in such an awkward situation?