Re: [Evangelism] Plone not listed on sixrevisions.com post How to Evaluate What CMS to Use
They added it :) Check the comment dated 265th of November from Stewart. Thanks for the info. Dave PS : jim, please publish a translation of this news. Thanks. Le 26 nov. 09 à 10:04, Donna Snow a écrit : Plone IS listed here.. http://sixrevisions.com/web-applications/10-promising-content-management-systems/ Donna 'SnowWrite' Snow Office Manager, Hacker Dojo hackerdojo.com Owner, C2E Training illuminating your path to Open Source c2etraining.com On Wed, Nov 25, 2009 at 8:36 PM, Nate Aune na...@jazkarta.com wrote: Plone is not mentioned in this article Choose the best free CMS either, although it's mentioned in the comments. http://www.netmag.co.uk/zine/discover-culture/choose-the-best-free-cms Nate On Wed, Nov 25, 2009 at 4:59 PM, David Sapiro - Pilot Systems da...@pilotsystems.net wrote: Hi, http://sixrevisions.com/web-development/how-to-evaluate-what-cms-to-use/ You can read: Stewart McCoy November 25th, 2009 Joel, I noticed Plone isn’t listed on here. I’ve not used it a lot myself, but my major professor (who also runs http://www.eserver.org) swears by it. I’ve also noticed it’s been the recipient of several awards. Was it in consideration? If so, why did you decide to leave it off? If not, is Plone not on the radars of many professional web developers? FYI and action, too late for me to work on that one ;) Dave -- David Sapiro - da...@pilotsystems.net Pilot Systems - 9, rue Desargues - 75011 Paris Tel : +33 1 44 53 05 55 - www.pilotsystems.net Gérez vos contacts et vos newsletters : www.cockpit-mailing.com ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism -- Nate Aune - na...@jazkarta.com http://www.jazkarta.com http://card.ly/natea +1 (617) 517-4953 ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism -- David Sapiro - da...@pilotsystems.net Pilot Systems - 9, rue Desargues - 75011 Paris Tel : +33 1 44 53 05 55 - www.pilotsystems.net Gérez vos contacts et vos newsletters : www.cockpit-mailing.com ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism
Re: [Evangelism] Hack Plone! Win a Mac!
Am 26.11.2009 um 16:09 schrieb Norman Fournier: think there may be more positive ways for plone to get this message across For example? I think we must have clear rules. The first hacker who puts his name on the frontpage wins, if he documents how he'd done it. If we have more macs the first three or four hackers win, if they don't use the same exploit. And better they find the exploit on a dummy site as if they'd find them on the CIA-site? juh smime.p7s Description: S/MIME cryptographic signature ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism
Re: [Evangelism] Hack Plone! Win a Mac!
On 26 Nov 2009, at 15:09, Norman Fournier wrote: Hello, Worst case scenario. What if we are wrong? Some smart punk hacks the plone and posts the hack or hints somewhere. How many Macs can we afford to give away? How long can we afford to pay lawyers to fight spurious claims in court? A risk analysis should be air-tight before any contest is publicized. Even the smallest give-aways are fraught with legal complications which is why contest legal copy takes so much space on an entry form. For me, I am not liking this idea at all. I think there may be more positive ways for plone to get this message across without exposing the software to a million punk hackers with a goad like both Screw Plone and Win a Mac at the same time! You also might have difficulty getting the site hosted somewhere. If you can't get to Plone you then try the OS. If you cant get the OS you try the network... etc. For instance, probably the easiest way to get in there would be to do something like a password reset request and try and intercept the email, so you might then find an attack against an email server somewhere else as a result. Quite risky. Hrmm... I wonder what Amazon would say about it? Wonder if you could host it on EC2? You could easily setup a FreeBSD server with Plone running on it. Lock everything else down (ssh via keys only etc). I guess you could privately invite Plone core developers to take a pop at it first, they are likely to know any 'weak' spots if any in Plone itself. -Matt -- Matt Hamilton ma...@netsight.co.uk Netsight Internet Solutions, Ltd. Understand. Develop. Deliver http://www.netsight.co.uk +44 (0)117 9090901 Web Design | Zope/Plone Development Consulting | Co-location | Hosting ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism
Re: [Evangelism] The State of Drupal
Dries opinion on why it's important: Plus, large organizations that are about to invest hundreds of thousands of dollars in a website project, don't want to make the wrong technology choice. Instead, those large businesses call Gartner, or any of the other analyst firms, to get advice on what technologies to adopt. Yes, the large businesses look to the analyst firms to tell them what is a safe choice. They don't want to go out on a limb and make a choice that goes against the common practice. By going with the recommendations of the analysts, they can always justify their decision and point their boss to the Gartner report saying that IBM (or whatever) was a recommended as a good choice for the type of system they needed to implement. How they did it: One of the things we've been doing since the inception of Acquia, is talking to analyst firms like Gartner, Forrester, and the 451group about Drupal, and all of Drupal's successes. Almost all of that work is carried out by Acquia's marketing people, but I've been in several analyst calls myself. Ie, paid marketing people who are lobbying analysts and ringing them constantly to develop relationships. ideas anyone? Yes, if the Plone Foundation had a paid marketing person, I think this would be a very effective use of their time. Reaching out to the analysts and showing them Plone's strengths. I know that Matt Hamilton will be meeting with Janus Boye (who just organized the http://jboye.com conference in Aarhus, Denmark) at an upcoming conference in England. Scott - you and I may want to jump on Matt's suggestion of having an analysts day at Gilbane and invite all the analysts to a session where we can get them up-to-speed on the state of Plone, and try to get Plone included in their future CMS reports, or at least get them blogging about it and getting Plone on the radar screen of larger organizations. Nate -- Nate Aune - na...@jazkarta.com http://www.jazkarta.com http://card.ly/natea +1 (617) 517-4953 ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism
Re: [Evangelism] Plone not listed on sixrevisions.com post How to Evaluate What CMS to Use
Plone IS listed here.. http://sixrevisions.com/web-applications/10-promising-content-management-systems/ Donna 'SnowWrite' Snow Office Manager, Hacker Dojo hackerdojo.com Owner, C2E Training illuminating your path to Open Source c2etraining.com On Wed, Nov 25, 2009 at 8:36 PM, Nate Aune na...@jazkarta.com wrote: Plone is not mentioned in this article Choose the best free CMS either, although it's mentioned in the comments. http://www.netmag.co.uk/zine/discover-culture/choose-the-best-free-cms Nate On Wed, Nov 25, 2009 at 4:59 PM, David Sapiro - Pilot Systems da...@pilotsystems.net wrote: Hi, http://sixrevisions.com/web-development/how-to-evaluate-what-cms-to-use/ You can read: Stewart McCoy November 25th, 2009 Joel, I noticed Plone isn’t listed on here. I’ve not used it a lot myself, but my major professor (who also runs http://www.eserver.org) swears by it. I’ve also noticed it’s been the recipient of several awards. Was it in consideration? If so, why did you decide to leave it off? If not, is Plone not on the radars of many professional web developers? FYI and action, too late for me to work on that one ;) Dave -- David Sapiro - da...@pilotsystems.net Pilot Systems - 9, rue Desargues - 75011 Paris Tel : +33 1 44 53 05 55 - www.pilotsystems.net Gérez vos contacts et vos newsletters : www.cockpit-mailing.com ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism -- Nate Aune - na...@jazkarta.com http://www.jazkarta.com http://card.ly/natea +1 (617) 517-4953 ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism
Re: [Evangelism] Hack Plone! Win a Mac!
Worst case is really bad publicity. But then is it? If it got hacked we'd patch it immediatly and patch most systems out there and we'd explain how that system works in advance. Basically use it to explain how open source increases security and speed of patches. It would also show that we take security seriously. Dylan Jay Technical solution manager PretaWeb 99552830 On 27/11/2009, at 2:09 AM, Norman Fournier nor...@normanfournier.com wrote: Hello, Worst case scenario. What if we are wrong? Some smart punk hacks the plone and posts the hack or hints somewhere. How many Macs can we afford to give away? How long can we afford to pay lawyers to fight spurious claims in court? A risk analysis should be air-tight before any contest is publicized. Even the smallest give-aways are fraught with legal complications which is why contest legal copy takes so much space on an entry form. For me, I am not liking this idea at all. I think there may be more positive ways for plone to get this message across without exposing the software to a million punk hackers with a goad like both Screw Plone and Win a Mac at the same time! My $.02. Norman On 2009-11-25, at 10:28 PM, Nate Aune wrote: I think it's a great idea. Set up a server (perhaps using the Hardening Plone howto below) and let the games begin! http://plone.org/documentation/how-to/securing-plone/ Nate On Wed, Nov 18, 2009 at 11:52 AM, Jan Ulrich Hasecke juhase...@googlemail.com wrote: Hi all, what do you think about a hacking contest? We setup a plain plone site and who ever hacks it first wins a mac or a playstation or whatever. All exploits must be documented of course so that we can fix them. We promote Plone as a secure system and can document it with the CVE entries but often people say, yeah, but there are a lot less installations of Plone than there are of PHP-systems, so you cannot compare the figures. So lets challenge the hackers! This could be an online event with a great publicity effect may be in the run-up to the World Plone Day. What do you think? juh Jan Ulrich Hasecke (DZUG e.V.) -- DZUG e.V. (Deutschsprachige Zope User Group) www.dzug.org www.zope.de ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism -- Nate Aune - na...@jazkarta.com http://www.jazkarta.com http://card.ly/natea +1 (617) 517-4953 ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism
Re: [Evangelism] Hack Plone! Win a Mac!
On 27/11/2009, at 9:00 AM, Mark A Corum wrote: Actually, it would show we are arrogant and cavalier about security - which are about the worst things you can be in the eyes of an enterprise customer. People who are serious about security TEST the security of their software in a professional, systematic way. They get experts in the field and folks who really know what they are doing to make sure nothing in their code or deployment is opening up websites to attack or possible compromise of data. I don't disagree with your points below but testing security via experts is I'm sure what companies like Microsoft do and that hasn't worked out well for them. FOSS has repeatedly shown that security by numbers - ie lots of eyes on code rather than experts has made for more secure systems. The whole opening your software to hackers thing is a stunt - a stunt with very little if any upside, and a huge potential downside. If someone brings your server to its knees with a Denial of Service attack or a weakness in the OS you are running on, you can complain from now until eternity that it wasn't fair but the only coverage you are going to get is Plone gets hacked. If no one is able to hack the site, its not really something worthy of coverage, now is it? maybe. Afterall, we are already well known as having one of the best security records of any CMS. I would disagree we are well known. Plone is general is NOT well known. It's underwhelmingly unknown given its history and competitive advantages such as security. When Drurpal can get recommended as an enterprise CMS by Gartner and Alfresco can get away with giving the their product the label THE open source enterprise content management system I would say we're not well known. One thing I got out of this years conference is that security is a big competitive advantage of Plone thats easy to explain and has impact. We've only just started marketing that to the outside world. Until Gartner labels us The secure open source enterprise content management system I think we have a lot of work to do. If stunts aren't the right way to do it at least we're thinking about it. I'd love to hear some other ideas wouldn't you? If Plone had previously been weak on security, and had gotten its act together, this might make sense. But in reality -- where Plone is a VERY secure system with a long-term record of protecting sites and data -- this kind of circus stunt is not a good idea. Mark Mark A Corum User Interface Designer | Online Marketer | Certified ScrumMaster markcorum on AOL, Googletalk, MSN, Skype, Meebo, TokBox, Facebook, Twitter and Yahoo; Light up the darkness. - Bob Marley Quis custodiet ipsos custodes? (Who watches the watchmen?) - Juvenales, Satires No matter where you go ... there you are. - Buckaroo Banzai On Thu, Nov 26, 2009 at 4:06 PM, Dylan Jay d...@pretaweb.com wrote: Worst case is really bad publicity. But then is it? If it got hacked we'd patch it immediatly and patch most systems out there and we'd explain how that system works in advance. Basically use it to explain how open source increases security and speed of patches. It would also show that we take security seriously. Dylan Jay Technical solution manager PretaWeb 99552830 On 27/11/2009, at 2:09 AM, Norman Fournier nor...@normanfournier.com wrote: Hello, Worst case scenario. What if we are wrong? Some smart punk hacks the plone and posts the hack or hints somewhere. How many Macs can we afford to give away? How long can we afford to pay lawyers to fight spurious claims in court? A risk analysis should be air-tight before any contest is publicized. Even the smallest give-aways are fraught with legal complications which is why contest legal copy takes so much space on an entry form. For me, I am not liking this idea at all. I think there may be more positive ways for plone to get this message across without exposing the software to a million punk hackers with a goad like both Screw Plone and Win a Mac at the same time! My $.02. Norman On 2009-11-25, at 10:28 PM, Nate Aune wrote: I think it's a great idea. Set up a server (perhaps using the Hardening Plone howto below) and let the games begin! http://plone.org/documentation/how-to/securing-plone/ Nate On Wed, Nov 18, 2009 at 11:52 AM, Jan Ulrich Hasecke juhase...@googlemail.com wrote: Hi all, what do you think about a hacking contest? We setup a plain plone site and who ever hacks it first wins a mac or a playstation or whatever. All exploits must be documented of course so that we can fix them. We promote Plone as a secure system and can document it with the CVE entries but often people say, yeah, but there are a lot less installations of Plone than there are of PHP-systems, so you cannot compare the figures. So lets challenge the hackers! This could be an online event with a great publicity effect may be in the run-up to the World Plone
Re: [Evangelism] Hack Plone! Win a Mac!
Not sure how I feel about the overall idea, but the exploit documentation condition *must* be expanded to specify that the exploit be documented to the Plone security team, and only the security team. Publicizing of methodology for an attack must be only after a patch is made available, and the award would be made only after those conditions are fulfilled. The attack would need to be via Plone — not the OS or other parts of the stack like reverse proxy. Open registration must be off in the test install. On Wed, Nov 25, 2009 at 10:28 PM, Nate Aune na...@jazkarta.com wrote: All exploits must be documented of course so that we can fix them. ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism
[Evangelism] [Fwd: Save the Date - OSCON is back in Portland!]
hey everybody, just a heads up that OSCON will be back in Portland, OR in 2010, and we should make best efforts to have a strong Plone presence there. we should consider exhibiting and getting a Plone Foundation booth as well. nate ---BeginMessage--- If you cannot read the information below, click here: http://post.oreilly.com/rd/9z1zdg4g5scrjn95talckbj9fqm85ldcsuc6rsj5nug. Attention all open source enthusiasts: O'Reilly Open Source Convention, OSCON, is happening July 19 -23, 2010, and get this, back at the Oregon Convention Center in Portland Oregon! The call for proposals will open in December and we'll unveil the program and open registration in February. Stay tuned for further details in the coming weeks. == Follow OSCON, Receive Updates == You can follow OSCON on: Twitter: http://post.oreilly.com/rd/9z1zupejgu2bgbqsrce19ornkm39s3e9kk05rrm41ro Facebook: http://post.oreilly.com/rd/9z1zs9asjek2dpbq6llgmbusdl66cu56jmmdo32ql98 Identica: http://post.oreilly.com/rd/9z1z4g3jckurmvipov169naq9pgoqm7tuegnlqhkgn8 LinkedIn: http://post.oreilly.com/rd/9z1zvtn35ubbnfc75vneaco8kh2ae8a9qadvke178s8 To receive advance notification and stay informed on the program as it develops, sign up for the conference newsletter at: http://post.oreilly.com/rd/9z1z3uvb6t2qrg2p7cseen2dokq9815vk17pc750b3o == Sponsorship Opportunities == Sponsorship and exhibit opportunities are available to promote your company at the 12th annual OSCON. Contact Sharon Cordesse for details: scorde...@oreilly.com For media and promotional partner opportunities please email to: mediapartn...@oreilly.com We look forward to seeing you in Portland next summer, The 2010 OSCON Conference Team You are receiving this message because you signed up to receive the OSCON newsletter via email. To change your newsletter subscription options, please visit http://post.oreilly.com/rd/9z1zd9ch9l6u082spk4plt05tdfuuj6dkhk8lroidoo. To ensure delivery to your inbox (not bulk or junk folders), please add conferen...@post.oreilly.com to your address book. Forward this announcement to a friend: http://post.oreilly.com/f2f/9z1ztr34mi2vkd4imeb9v8gegab7gm80dn61t2i7oqg To unsubscribe from all email announcements from O'Reilly, click here. http://post.oreilly.com/prefs/9z1zkgg6lggumns03i0uhe8d289r8fcs7a03eth5ncg. For assistance, email conf-ad...@oreilly.com O'Reilly Media, Inc. 1005 Gravenstein Highway North, Sebastopol, CA 95472 (707) 827-7000 / (800) 998-9938 ---End Message--- ___ Evangelism mailing list Evangelism@lists.plone.org http://lists.plone.org/mailman/listinfo/evangelism