An End to Using Java?

I know this has been discussed before but with the discovery of yet ANOTHER Java zero day exploit (see link below), please tell me that Squiz is at least considering getting rid of the Java navigation in Matrix. I understand that Easy Edit is supposed to help with that but Easy Edit doesn't cut it for us.

I like Matrix and all that it can do. As a CMS product, I think it works well. However, I would really like to know that Squiz is working toward a solution that doesn't use technology that is such a security risk (not to mention slow and doesn't work the same, or at all, in all browsers and platforms).

http://arstechnica.com/security/2013/03/another-java-zero-day-exploit-in-the-wild-actively-attacking-targets/

Yes, we are working towards a solution. I can't provide any more information at the moment.

See, this is the problem with Squiz claiming to be open source - core development isn't open in any meaningful sense. Rather, most development is kept secret, meaning that people who might be tempted to contribute to the system don't, and there isn't a community built around it.

It's possible to run commercial open source projects in such a way that people feel like there is a reason to contribute, but Squiz isn't one of those. It's very frustrating.

That’s a very unfair statement. I can’t share more because I don’t have all the project details sorted out and cant give a meaningful timeline or description. Giving false information is as bad as giving none at all.

For any Squiz clients: you can find the asset map change in the Squiz Roadmap install. It’s the top idea in the Squiz Matrix project.

And there it is again: "For any Squiz clients" - it's not open development in any meaningful sense of the term. Make the roadmap visible to all users, so they can see what's likely to be developed. Even making it open for users to view, but only allowing paying clients to make new suggestions or comment would be an improvement on the current situation. That way, people can look at what the system does, and what it's likely to do in the future, and make informed decisions on using it based on those.

Also means that people can see how long a feature has been top idea, and what progress has been made towards it, whether that is none or nearly complete.

And there it is again: "For any Squiz clients" - it's not open development in any meaningful sense of the term. Make the roadmap visible to all users, so they can see what's likely to be developed. Even making it open for users to view, but only allowing paying clients to make new suggestions or comment would be an improvement on the current situation. That way, people can look at what the system does, and what it's likely to do in the future, and make informed decisions on using it based on those.

 

Also means that people can see how long a feature has been top idea, and what progress has been made towards it, whether that is none or nearly complete.

Just because Greg mentioned Roadmap is only available for Squiz client, doesn't mean Matrix is not open development. Nic and I have contributed code from our own personal time and they have been accepted into the core Matrix packages (Nic - JS API, Captcha enhancement, MP3 and video assets; myself - File bridge, virus scanning, support script and various bug fixes). There is also the public bug tracker which the Matrix team actively use and keep in sync with Roadmap for any features on Matrix (Also some users have provided patches for various small changes through the public bug tracker as well).

The reason the asset map has not made any progress is because it is such a key feature with a lot of hidden functionality that would have to be replicated to almost 100% before it could released any how (and there are other factors like costs, training, users resisting the change etc).

If you have any contributions you want added to Matrix, we are more than happy to verify and accept them, just we find any user contributions are rare.

Look at it from the other direction. Say I'm a programmer wanting to contribute to an open source project, and I really want to contribute to government website powering open source CMS.

I do a search on "open source enterprise cms", and get a bunch of results:

• Magnolia: I click "Comunity site", then "Get Involved", and I have a number of options to contribute, can check on the issue tracker (without logging in or creating an account), and can grab the source, either as a zip archive, or from an open git repository
• Typo3: I click "Contribute", and get a number of options for ways to contribute. I can download the source and there is a git repository, and an open bug tracker
• Drupal: On the home page there is a link "Develop with Drupal", easy to download source, and there are issue queues, although they aren't 100% obvious
• Squiz: From the home page, it's not even obvious where to download. Going to "Squiz Community" gives a page of social media links, some of which don't work (on my machine, "Squiz Tweets" just says "Searching the Twitters"). I then click on "Squiz Matrix" under "Community Resources", and find a download, but it's not just source, it's an entire VM. 700Mb download for a CMS? There is a CVS repository, but in order to check out the source I have to use a specific script. Viewing the web interface, the most recent updates to the changelog were 3 months ago. In order to look at the bug tracker, I have to log in either by creating an account or by providing an email address, whereupon I get a bunch of random looking headings, some of which repeat, and which include open issues from 2004 in the "All feature requests" report. Additionally, the bug tracking system appears to be a version from 2008, which has security vulnerabilities reported against it.

Which projects are encouraging user contributions? Making the code available is only a tiny part of using open development principles - there is the infrastructure around that, making sure that users feel like contributing to a project is worth their time, and not making them jump through hoops to even try.

It is unfortunate that this thread has turned into a discussion about one person's interpretation of contributing to Matrix, but the main discussion was about the Java asset map being replaced, not contribution of code. So to that end:

As I said, this is something we are looking at. Squiz clients get special access to our internal planning tools. Now that I am back posting from my laptop, I can post the link. It is: https://squizmap.squiz.net/matrix/159

If you are not a Squiz client, we write a weekly newsletter and other articles (http://www.squizlabs.com), or you can follow commits on the CVS repo (http://public-cvs.squiz.net/cgi-bin/viewvc.cgi/mysource_matrix). Progress will be documented in these locations once we know more.

Mathew, I'm not forcing you to use Squiz Matrix, so I'd really appreciate it if you could direct your anger to whoever is, or to the person that represents you at Squiz (if you are a client). If someone at Squiz is talking to you about open development and you think they are wrong, please approach them directly. I'm not here to defend or preach a message. I'm just here to try and help people with Squiz products, as all people who post here are. This is not the right forum to bring up your issues as it is not monitored by the people you are complaining to or who can answer you in any meaningful way.

I just wanted to add something real quick to this discussion. And that is, I have been using Squiz Matrix since 2006. During that time I have never found a better product, a more powerful product, or a more flexible product.

I have been forced to use other CMS products in other instances, and each time I wished I had the features Matrix provides.

If you take the time to realize what an amazing CMS Matrix is, I think your complains will be null.

As I said, this is something we are looking at. Squiz clients get special access to our internal planning tools. Now that I am back posting from my laptop, I can post the link. It is: https://squizmap.squiz.net/matrix/159

...as a client - which of my credentials work with that? (forum / bug tracker ones don't seem to)

Cheers

K

Yes, we are working towards a solution. I can't provide any more information at the moment.

I am very glad to hear this. Please let us know more when you can.

Squiz clients get special access to our internal planning tools. Now that I am back posting from my laptop, I can post the link. It is: https://squizmap.squiz.net/matrix/159

Hey Greg. What credentials do we need to get into this site?

You need to use your Squiz Extranet credentials to get in. If you don't know them, or don't have an account for some reason, speak to your account manager to get access.

Once in, you'll also be able to cast votes on the projects that you would like to see in our products, and take a look at various factors that Squiz considers, such as cost, effort and supportability improvements (there are many more). It's all very transparent.