Locking Threads?

[greenjelly]

Moderators; 

I understand I am new here, and shouldnt rock the boat until I have established myself as a "qualified" joomla user.  I assure you, I need allot of help with setting up Joomla.  However I can also assure you that I have done a significant amount of time to educate, study and learn website community development, and I have a great concern.

My post specifically deals with the locking of this thread...
http://forum.joomla.org/index.php/topic,228462.0.html

Admins should lock threads because they are abusive, not because they say stuff you or others don't agree with.  The loss of the debate that multiple debates that were occurring is a grave loss.  Linking a WebSite as fraud does help promote google rank, so simply remove the and make the link "encrypted" example... h t t p ://

Last I knew this was an open community and an open source application.  Facilitating healthy debate makes progress, by locking threads that do not deteriorate into flame wars is a grave mistake and misconduct.  If Joomla is in fact an open source development, then having open discussions about all things is in fact contributing to the project...  One of the greatest tools we can use to progress is healthy discussion, and that can help shape the rodemap of the future of this project down the road, and potential avoid any mistakes.

Your response maybe that this had no relativity to development or Joomla development, but I would greatly disagree with this view.  The communication of certain community based conversation and moderation rules is a topic that should be discussed and revisited on a regular bases.  In addition, you have blocked people from providing valid solutions... as I have had one...
I am greatly saddened to see the mistake that had been made in locking the thread.

First of all, the forum is locked probably to prevent people from giving this person traffic.  Yet by locking it you failed to allow me or others to provide report fraudulent links on major search engine and even that work with the browsers like FireFox to prevent the access of these sites.  You have failed to allow us to work as a community to come up with a VERY valid solution.  In addition, it is likely that the person involved had his user name and password farmed, and was failed to be warned about the possibilty of someone coming on this site and illegally using his account.

I also have a VERY long and detailed background on studying the culture of cyber criminals (notice I dont use the word hacker).  It is in their best interest to go un-noticed.  Brushing issues under the carpet as I have felt has happened here, is in fact playing into their hands.  When there is a security threat, the worst course of action is to censor the open discussion of it.  The top priority is to inform people that there are Joomla phishing sites out there, and to be carefull.  Something this thread does.

Another discussion should be made about how security holes are found and reported.  This topic itself deserves an entire thread dedicated to it.

P.S. I have seen this and other common mistakes in open source development before, and in many cases, the loss of communication ultimately ended up with users abandoning the project, and eventually leading the project into the ground.  I have witnessed other CMS systems fail because of these issues, and have also seen other Open Source applications fail..

I hope this is in the right thread...

[MMMedia]

Another discussion should be made about how security holes are found and reported.  This topic itself deserves an entire thread dedicated to it.

There are two entire forum dedicated to security. 1.0.xx http://forum.joomla.org/index.php/board,267.0.html and 1.5 http://forum.joomla.org/index.php/board ... tml.  Your assumption that these don't exist, only shows that you have not even bothered to actually look at our forums.

Admins should lock threads because they are abusive, not because they say stuff you or others don't agree with.

The thread was locked because of abuse, not because there was disagreement.  The poster was being abusive of our forums, after repeated requests to discontinue breaking the rules,  not only in the thread you cited, but also in private messages from the moderators.  That is abuse, not only of the forums, but of other users and the moderators.

It is very sad that their site was broken, because they were misled.  The thing to learn from this is, take frequent backups of your site before you add or remove anything.  If you don't, you run the risk of losing your site due to a malfunction.  You should also take frequent backups of your site because life happens and bad things happen to good people all the time.  Servers go down, hard drives are lost, scripts go bad, lightening strikes, floods ... etc. 

The rules of this forum are simple and quite easy to follow.  They are located here: http://forum.joomla.org/index.php/topic,65.0.html

[greenjelly]

I did see the security forums... I was just brushing a topic that was off topic, that ran across my mind... If you discover a security whole, you want to tell the developers so they can fix it before publishing it...  But there is no dispute against that, and really it was me rambling off topic...

If the individual was beign abusive then that sucks... Though the topic was a solid topic... and to be able to take care of this "clone" was a very interesting read...

however, really... everything on this site is GNU license... so essentially I COULD copy all of it and put it somewhere else...  Then again, this could be wrong since on the bottom of the page it never says all content is copy righted under the GNU...

I was more worried about over aggressive moderation, which doesnt seem to be the case... though the member should of been removed and maybe not the thread... hehe...

I wanted to post on how they a clone site like this could cause damage... send people emails on this site (in the email box or private emails) that link to an article on the phishing site, and require a login...  Tricking users to give their passwords... then you come back to this site, look up the user, find their website, you goto their website and try the password they use here on the website they just made...

Bamb... Security whole... And yes, someone reading this now will have the same password they use on the forum as they do their web page...  Its inevitable!  Sounds silly, but I can assure you... humans are silly creatures.... We tell them to use a different password, backup, do this, do that... and guess what... Right now, my website isnt backed up (then again Ive only worked on it for 2 days)...  Though I don't have the same password for this place as I do for that... and I couldnt even TELL you what mySQL password is... I would have to look it up in the configuration file... its some very complex list of numbers and letters I got from two different password generation websites...

The human is always the largest security whole in any system...  Thats why I wrote this post, because of these concerns, and I felt that people should have this discussion on a regular basis, so that they stay vigilant....

I didn't mean to offend... Im a MIS guy... not a writer... I write one thing I mean another...  If I could write forum posts with the precision and logic off code, and the tech specs/plans then there would be no room for interpretation and my posts would be much better:)  Unfortunately I dont think a sudo code will get my point accross.

Maybe...

If (User == Abusive)
  Ban User
elseif (Thread == Flameware)
  Lock Thread
elseif ((User != Backupsite) || (UserForumPassword == SiteAdmiinPassword) || (UserForumPassword == SiteCPanelPassword))
      Slapwrist

If (forumtopic == "SiteClone")
    {
    WarnUsers;
    ProvideLinkstooGoogleYahooFraud;
    }

If (forumUser == UnintentionalInsulting)
  UserAppoligizes;

If (forumUser == Noobie)
  DontFlame;

.....


That works...

[infograf768]

This thread has nothing to do in 1.5 administration board.

As it mostly deals with moderating, it is now moved to site and Infrastrucure.

[AmyStephen]

GreenJelly -

You and I have interacted a number of times during your short tenure. I trust you have found my guidance helpful, as you have learned? Even more importantly, I hope that you have seen me as welcoming and friendly. 

This is a forum to learn about how to use Joomla!. On an average day, nearly 200 people sign up in the forums. There are approx. 1300 posts each day and 300 new threads. Volunteers manage the forums and volunteers help answer questions for those learning Joomla!. If the climate here deteriorates into conflict too frequently, volunteers find it is not fun to return and they don't. Then learners can't ask and have answered questions.The forum administrators and moderators do an excellent job of managing that climate in such a way that I have returned for two years, knowing they are taking care of business.

I've seen a number of people come and go over the past couple of years. A piece of advice for you. Please take time to get to know the community, slowly, learn our ways, and find a way to contribute. It is a mistake, in my opinion, to say actions here are a "grave mistake and misconduct" when you have yet to be here one week. If this type of accusation continues, I will be honest and admit I will be reluctant to volunteer my time to answer your questions. It feels attacking and we are here to help people learn Joomla!, nothing more and nothing less.

These are good people doing difficult work, sometimes. If you decide to trust the community and observe, without judgment, for awhile, I believe you will also reach that conclusion.

With respect,
Amy