I’ve just released a new B2 hack. Inspired by a conversation on IM about the recent request to be able to turn off a blog from the admin tool; I have produced a hack which will allow you to define arbitrary extra options, set their values in the admin tool and use them in your templates.

You can see my announcement on the B2 forum here.

You can find details, and download it from the B2 Extra Options page.

Please post bug reports, fixes, comments, questions, etc. to this topic in this forum.

Update: There is a JavaScript problem see the forum

I was pointed to a new report from the Aberdeen Group: entitled Open Source and Linux: 2002 Poster Children for Security Problems (requires free registration to read the full report) by Aamir

It’s interesting that the report never seems to come out and clearly say exactly who the poster children are. It mentions “Security advisories for Open Source and Linux software accounted for 16 out of the 29 security advisories”. But then goes on to say “Keeping pace with Linux and Open Source software are traditional Unix-based software products, which have been affected by 16 of the 29 advisories”. So that’s 16 out of 29 for Linux & Open Source and 16 out of 29 for traditional Unix!

Hmmm. It doesn’t seem to mention the combination of Windows and Open Source which was also affected by, for example, the last two Apache security advisories.

Interestingly, it doesn’t mention the fact that most Linux distributions ship with at least 1000 more applications than Windows. More applications means more bugs (including security related ones).

It doesn’t mention anything about the response times to get these vulnerabilities fixed. I am on about 8 security mailing lists, and I see how fast these things are reported, and how fast the fixes are released. Often within a couple of days.

It doesn’t mention the fact that security issues and bugs are found much more quickly and easily in Open Source software simply because you can see and examine the source code. It also fails to mention that it is equally as quick to fix them for the same reason.

It then quotes some much more alarming statistics about incidents (occurrences of the same vulnerabilities), but fails to assign any OS or development model labels to the numbers.

“One of these realities is that no one vendor or supplier is more at fault than another.”

Funny I didn’t get that from the headline.

“Moreover, the scourge of past days, viruses, has been replaced by active Internet content that worms its way into any Internet-aware software utilities and services”

and we all know which Internet-aware software suffers most from this don’t we? IIS, IE, and Outlook.

BTW, This is the same company that published a report attacking the Athlon XP’s processor rating system, which it turned out was funded by Intel. Stories on ZDNet and slashdot.

I’ve had an idea for a new project! Another add-on for B2. It should be quite simple to do, and very useful.
More when I’ve coded it! 🙂