How to Deal with Mean People

Some time ago I had the novel experience of being abused on social media by a member of the Joomla! community (novel for me anyway, although I think not that uncommon in the Joomla world). It was a bit of a surprise, mainly because I don’t normally bother much with social media.

But unfortunately one of my previous blog posts went unexpectedly viral and clearly annoyed this person. At the time I was a bit shocked and upset at his response. I did think about responding in kind, because actually I enjoy insulting people as much as the next person when they are the ones that start it. But really I could not foresee anything good coming out of exchanging insults with him.

Then I realised something important: I actually just did not care.

I regard this as real personal growth: there was a time when I was abnormally sensitive and probably would have been crushed at someone saying mean things about me. It’s a huge relief, to realise that actually I don’t really care very much any more about what people think or say about me.

What I mainly put it down to is this. I have had cancer twice in the last four years. That’s an actual problem, it is something that matters. I don’t bang on about it, because it is private, but dealing with it has been really tough. But I have, and I am OK.

By contrast, a civilly-challenged person abusing me on social media matters very little. I have no intention of identifying him by the way, I really am over it. I do not even feel any ill will towards him.

So my advice on how to deal with mean people is this: if you find yourself caring about what someone says about you on Twitter, Facebook, Reddit or whatever – just get a grip. It is not important. Go and do something that does matter: hug your children, or your spouse; take the dog on a lovely long walk; go out and have tea and cake with a good friend; paint a picture; play an instrument. Do anything that expands your life rather than contracts it.

There are a few people in the Joomla community who unfortunately seem to think that it is OK to indulge their own feelings of frustration by abusing others on Twitter and elsewhere. They are wrong, it is not. But they are like the mean kids at school, my mum always told me to just ignore them, and she was right.


Improving Quality Control in Joomla Code

Since writing my previous blog post, in which I explained how a coding error had protected older versions of Joomla from the serious security vulnerability which was patched in Joomla 3.6.4, my friend Bernard Toplak has been doing some research into how it came about that the coding error in the vulnerable user controller was fixed.

It seems that a user called lecoeurlou joined Github on 30 August 2015, submitted a patch for the faulty function call to $model->validate() to the Joomla CMS project that same day, which was accepted without question and has never had any activity on Github since.

You can see the activity here:

Now this may in fact be innocent, but to my mind it is at least possible that someone had noticed the potentially vulnerable controller in the code, had experimented with it and found the coding error. Then they realised that if they could quietly fix it, they could open up a critical vulnerability in one of the world’s most popular content management systems, which they could then exploit.

I think that the lesson is that there needs to be more quality control on patches submitted through Github, because unfortunately there clearly is scope for a malicious actor to wreak havoc.


Since I wrote this yesterday, I have been astonished at the level of interest. I expected it to be read by a dozen people at most, and to provoke no reaction whatsoever. Instead it seems to have been read by several thousand people and to have annoyed quite a few of them.

But there was a serious purpose to the article: when something goes seriously wrong, then I think it makes sense to look at why it happened rather than burying our heads in the sand, carrying on as normal and pretending it can’t happen again.

I will deal quickly with a few of the points that have been raised:-

Firstly, I am definitely not trying to point the finger of blame at any individual. I have no idea whether lecoeurlou is an evil genius or just a helpful person trying to fix some code. The problem is that we have no way of knowing.

Secondly, I am not suggesting any kind of conspiracy. Frankly it hardly required a conspiracy. If the code patch was malicious, it was far more likely just opportunism.

Thirdly, yes I really did think of saying all this by myself, I am not being used by anyone.

I am saying it because I think that it matters. Open source software is a wonderful thing, and so is the Joomla project. I would like to see it thrive. But I think that is more likely to happen in the long run if we are honest with ourselves about what the problems are.

I don’t know what the solution is. I certainly don’t want to discourage anyone from contributing to an Open Source project, quite the contrary. But we are really kidding ourselves if we think that every single person who does so does it from the purest motives, because that I am afraid is just not human nature.

I think that these are issues that need to be discussed, and if I have upset a few people by encouraging that then I can live with it, though that was not the intention.

Joomla Security Release 3.6.4: Breaking the Code by Fixing It

Many people will have noticed (including a lot of bad guys) that there is a security release of the Joomla! content management system.

Previous versions contain a vulnerability which allows a malicious person to register a user account on a Joomla site by carefully crafting their own html form, even when user registration has been turned off, and also to manipulate the user group. This is done by accessing a vulnerable controller in components/com_users/controllers/user.php, which includes a register task that does not check the site configuration or properly validate the data.

The controller has been around since Joomla 1.6, so it has left a lot of people wondering if older versions of Joomla are vulnerable, such as 2.5 which is still widely used. In fact the good news is that older versions are not.

If you try to submit a crafted html form to a Joomla 2.5 site, you get the following fatal error:-

Warning: Missing argument 2 for JModelForm::validate(), called in components/com_users/controllers/user.php on line 114 and defined in /libraries/joomla/application/component/modelform.php on line 258 Fatal error: Call to a member function filter() on a non-object in /libraries/joomla/application/component/modelform.php on line 261

Or something similar depending on your exact version. The reason for this is that the user controller includes a coding error, it uses

$return = $model->validate($data);

 instead of
$return = $model->validate($form, $data);
so that it fails because the data object is null when the model is called to register the user.
Then in Joomla 3.4.4 someone helpfully fixed the coding error in the controller without asking themselves what on earth the controller was doing. I am sure they meant well, I think it would be unfair to blame only the person that fixed the code, these things are supposed to be tested. But still, it opened the CMS up to a serious vulnerability.

Web Security: An Example of How Not To Do It

Quite a few news sites are reporting this story at the moment, about hackers hitting online stores using the Magento E-commerce system: The reports seem to originate from this site which has been set up to help owners of Magento sites scan for vulnerabilities in their store for free.

A nice idea you might think, and it is. The problem is that those behind the site don’t really seem to have given much thought about verifying who is doing the scan. Anyone can use it. It is easy to find sites that use Magento online, for example Googling ‘inurl:/checkout/cart/’ will bring up a nice crop. Then run the scan, it will bring up a nice handy guide to what vulnerabilities the site suffers from.

The makers excuse themselves by saying:

The MageReport tool only tells you what is wrong, not how to exploit it

However this is really not good enough in my view, once you know what the weaknesses are, it is the work of a minute or two to find the exploit online, my dog could do it.

The only way to protect against this is apparent to block the “magereport” user agent in the site robots.txt file, I would suggest that owners of Magento sites do this, but if site owners do not know that they have vulnerable software on their site, are they really going to know that they should do that?

Chuckles Coulter: A Dog’s Life

It is with a great sadness that I announce the death of Chuckles, my much loved dog. She passed away peacefully on 17 November 2015.

Chuckles Coulter

She was probably a Lakeland Terrier (mostly). Not much is known about her early life, she was adopted by my father at about the age of 18 months, towards the end of 2001. She had been found as a stray, very thin and scared, wandering by herself on bonfire night.

Whatever the difficulties of her early years, it did not dampen her enthusiasm for life. As a young dog she had seemingly boundless energy, and was something of a little hooligan. Her best friend was a young Beagle called Millie, whom she adored. They used to chase each other at breakneck speed around the town ramparts of Berwick-upon-Tweed, where my father regularly walked her.

She liked cats, although it has to be admitted that she also enjoyed chasing them. However it did not seem to be motivated by ill-will, but simply because it was fun. She lived for many years quite amicably with my father’s cat Min.

As well as chasing things, Chuckles cultivated an interest in chewing things; squeaky toys (which she enjoyed killing), and sticks. Unfortunately she never got the hang of fetch, taking the view that if you threw a stick away you could hardly expect to get it back again, and it was therefore hers. She was never much interested in balls, unless the ball belonged to another dog, or occasionally a golfer; then she would enjoy grabbing it and running off with it. She always had a keen sense of mischief, which made her a fun, though occasionally embarrassing companion.

She was also an enthusiastic scavenger, and adopted an “eat everything” policy towards anything even remotely edible that she found on her walks, no matter how disgusting it might look and smell. I won’t turn my reader’s stomach by supplying details. She never seemed deterred by the occasional tummy upset this caused her.

In later years, she calmed down a lot (as do we all), and took up sniffing things as her main interest, which she could do happily for hours on end. She still loved walkies, but at a much more sedate pace.

I know that my father loved her dearly, and she was a loyal friend to him in the last years of his life. Sadly my father died in March 2013, and I adopted Chuckles. She was a wonderful companion for me at a very difficult time, particularly when I was undergoing chemotherapy, when she was a great source of support. I had some of my treatment at home, and, in a particularly touching gesture, she would sit and guard me while the nurse administered the medication. It was very healthy for me to have a reason why I had to go out every day for a walk, even when I really did not feel like it at the time. More than anything, her presence did a lot to help me keep my spirits up.

There are some people (nasty, bitter and twisted people: people who don’t like dogs) who imagine that a relationship with a dog is just an inferior substitute for a human relationship: but they are wrong, I think that it is something unique and valuable in its own right, and can be very profound. Dogs have a joyful simplicity and directness in their response to life, they are masters of living in the moment. They give their love without reservation, with a glad heart. They can teach us a lot, particularly people who don’t like dogs.

So when I say that Chuckles was a good dog, I mean it as no small thing. As Dad once said of her, she was everything you could want in a dog, in a conveniently small package. She was a true friend, and I will miss her with all my heart.

How Are You Today?

question mark

The other day a young woman rang me up “on behalf of Yahoo”. Now Yahoo don’t ring people up (nor do Google for that matter) so I am pretty sure that what that little sleight of hand really meant was that she was from an internet marketing firm who wanted to sell me some advertising on Yahoo, something that I could arrange for myself if I wanted, then charge me a fee for it.

However it wasn’t that little bit of dishonesty that really irritated me, it was the fact that she began our conversation with the question: “how are you today?” I have noticed that this is a bit of a trend, mainly among people who are trying to sell me something. No doubt some “marketing guru” once told them that this is a good way to start a conversation, that it creates a feeling of warmth and trust.

Well, no it doesn’t, in me anyway it creates irritation. I assume that the caller expects that I will answer “great, I’m fine”, and we will settle down to a nice cosy chat. In fact I find it an impossible question to answer, because even if I am feeling fine I don’t feel like sharing it with a complete stranger. And supposing I am not fine, supposing that I have just had my leg amputated, or am mourning the loss of my beloved pet swamp dragon? In that case I would be forced to either lie, and say that I am fine when I am not, I am feeling heartbroken; or I would have to tell the truth and pour out my heart to someone who blatantly does not care; who moreover is sufficiently lacking in personal ethics to pretend to be from Yahoo when they are not. Neither of these would be an attractive choice.

As a general rule in life I think that you should only ask how someone is if you actually know them, and you actually care enough to hear an honest answer. To do anything else is presumptuous. All of which I tried to explain to the caller, but she hung up on me.



I had a sudden urge to go camping recently, which I did, in the Forest of Dean. It has been a few years since I slept in a tent, I had forgotten how uncomfortable it is sleeping on the ground. Also it was a very cold night, I was not imagining it, when I got up in the morning there was actually a slight frost on the ground – this is July!

The result was that I got very little sleep, by the next morning I was so exhausted that I felt quite ill, and decided to go back home. I think that you can gather that I am not a natural outdoors-woman, I am not a female Ray Mears. So it was a short trip. It was a pity, apart from the terrible lack of sleep I did actually enjoy the camping. I do like the simplicity of it, the way it brings life back to basics. The Forest of Dean is magnificent – even though some bits are quite touristy, the forest is so big that it is easy to just walk away from them.

I was hoping to see some wild boar. I didn’t – but I definitely heard them during my long sleepless night. At first I had no idea what it was, I heard some weird snuffling sounds, then scampering, and what was unmistakably the grunt of a pig. They must have been only a couple of metres away from my tent.

I will go camping again some day, but not before I have got myself an air bed.

I’m Still Here and I’m OK

Since some people have expressed concern about my well-being, this is just a short post to make it clear that I am fine, I simply have not felt like updating my blog until now. The purpose of this blog was never to be a confessional, I suppose that I am old enough to firmly believe in the importance of drawing a line between the public and the private sphere. Therefore I did not want to be writing about having cancer. However I can say that my treatment has been successful (so far anyway), it just takes a long time to get over. It is a bit like climbing out of a deep, dark well: even when you reach daylight you are not over it, you are so exhausted by the experience that you just want to lie in the sunshine and rest. At least so I have found it.

In the meantime here is a picture of a painting I made last year.landscape-small. I took up painting again – not really having done any since I was a teenager – but felt the need for some kind of hobby that I could do sitting down.