Macrotone
Welcome to the Macrotone Consulting Ltd web site. Macrotone Consulting Ltd provides consultancy services on Oracle, UNIX and Joomla. The purpose of this site is to provide you with useful information about our company that we hope makes it easier for you to do business with us.
Macrotone Consulting Ltd was established in 1996 to provide IT consultancy and technical skills to customers upon a contract basis. Since that time it has been involved in the formulation of system business strategy, security procedures and risk evaluation, management of people, projects, and direct technical management and problem resolution of IT systems for a number of prestigious customers.
Specialist technical skills cover extensive use of Oracle database systems and numerous flavours of UNIX (HP, Solaris, AIX, BSD, Linux. etc.) and of their integration into a Microsoft dominated machine environment. Other areas of expertise include system backup mechanisms and disaster recovery situations.
Other technical skills include the management of Joomla CMS systems, including the designing and implementation of Joomla extensions.
Feel free to browse around this site. If you have comments or questions about our products or services, or simply need more information and want to contact us, details are provided under the "About Us" page within this site.
Thank you for visiting and we look forward to being able to assist you.
The information contained in this website is for general information purposes only. The information is provided by Macrotone Consulting Ltd and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you are able to link to other websites which are not under the control of Macrotone Consulting Ltd. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, Macrotone Consulting Ltd takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
This Macrotone Kbase (or Knowledgebase) FAQ (Frequently Asked Questions) is intended to assist you in providing answers to some of the most commonly asked Kbase questions. It is intended to supplement the main documentation.
How do I get hold of a copy of the component?
The release is currently is live testing and upon release will be made available for download in the 'Download' directory.
Which version of Joomla does it work with?
The initial release was for Joomla 3.4 but it runs on the current release versions of Joomla. It is not supported on any older versions of Joomla!
Are there any front end features?
Yes the main functionality is also available through the front end. This includes the creation and upkeep of Knowledgebase entries and the control of article attachments.
Where is the documentation?
The full product documentation is/will be available as web pages and in PDF format. The documentation covers all releases.
Are any Joomla core files changed?
No. The component uses standard Joomla functionality, no core files are changes.
Are other languages supported?
The main supported language is English. We welcome any submitted language translations that users might like to contribute. These would then be made available to the whole community.
The component will make use of the Transifex system and it is hoped that some additional languages will be provided as time goes by. Please see the appropriate pages on the site for details of the currently available translations.
Does it work with sh404SEF?
The initial release does not work correctly with sh404SEF and instead uses its own SEF friendly URLs. We may write a sh404SEF plugin when or if circumstances deem it necessary. If you are using sh404SEF it is necessary to configure the component to use the 'Joomla router'.
This Password Control FAQ (Frequently Asked Questions) is intended to assist you in providing answers to some of the most commonly asked questions. It is intended to supplement the Password Control documentation.
Where is the documentation?
Does it work with Joomla 3.x?
Yes. All releases version 0.0.5 and above works with Joomla 3.x.
Does it support the new encrytion mechanism in Joomla 3.3?
Yes. Release version 0.1.1 and above works with the new PHPass encrytpion mechanism.
I do not want users to change anything other than the password!
This is possible since this is a Joomla configuration option.
In the User profile the settings are in two categories: Profile, which includes username and password, and Basic Settings, which include editor, time zone, front end language.
In the back end if you navigate to User Manager -> Options, under Component (Users Configuration) you will see two options 'Front End User Parameters' and 'Front End User Language'.
Set 'Front End User Parameters to "Hide" and that will hide the 'Basic Settings' in the Users profile.
- Front-end Language
- User Editor
- Time Zone
I have installed and enabled the plugin but users are not being asked to change their passwords?
If this is a fresh install, then the first time existing users who have logged in before, will have the date for their next password change set to be the number of days specified in the 'periodic change days' parameter in the configuration menu, after the date they next connect. i.e. If they connect today their next change date will be the number of days after today. If you desire them to change it earlier you may either a) set a single change date or b) use a low setting for the periodic changes and increase it later when the users have made their initial change. New users who have never logged on will be forced to change their password immediately if the plugin is configured to change on the initial logon, or in the periodic number of days time. Release 0.0.3 and over.
Does the plugin check passwords?
Yes the plugin has the ability to check the users specified password with their previous password. In release 0.0.2/0.0.3 only the previous password is saved for checking. In release 0.0.4 the administrator specifies how many previous passwords are saved and checked. The previous passwords are saved in encrypted form only, not plain text. Release 0.0.2.
Does the plugin check the strength of a specified password?
Yes, release 0.1.0 implements password strength checks. It also enables the specification of the password criteria such as: the number of numerics, number of upper case characters, number of special characters etc.
Can a password change be forced for new users?
Yes, new users (defined as users who have never logged in before) can be forced to change their passwords upon their initial connection.
Can a user be forced to change their password periodically?
Yes this is a administration configuration parameter. Specify the number of days for which the password is valid.
Can all existing users be forced to change their passwords from a specific date?
Yes there is a administrator option to specify a date when users should change their passwords. If a future date is specified the users will be forced to change their password when they login for the first time after the specified date. If a earlier date is specified, i.e. yesterday, then the next time the user logs on they will be forced to change their password.
Can a new password be auto generated?
Yes, release 0.1.0 introduced the ability for the generation of a password that meets the site criteria. This works in the back end when users may be created or the front end where teh user registers themselves.
Can the user be prompted to change their password before it expires?
Yes, this is an optional administration option.
Can a user account be blocked if their password is not changed within the specified period?
Yes, this is an administration option. Note that administrator users are specifically not blocked.
Are administrator users blocked?
No, administrator and super administrator users are not blocked, but will be required to change their passwords, unless they are specifically marked as exempt. They are still subject to the password reuse rules.
What are exempt users?
Exempt users are users indicated by the administrators as not being subject to the password control rules. The administrator enters the ids of the users in the plug-in parameters. Typically such users would be administrators and super administrators, although any valid user id is permitted.
Exempt users are still subject to the rules concerning re-use of passwords. Exempt users are not forced to change their passwords, but any voluntary changes are recorded and reuse prevented.
Does the plugin impact guest users?
No, guest users by their definition are not required to register upon the site and therefore do not require any password specification.
Why are there two password checking routines?
For performance reasons it is desirable to perform the checks as 'close' to the data as possible, which means within the database itself. This is especially true when a lot of passwords are being saved. If the number of saved passwords is small, then the performance gain is marginal. The administrator is provided with the option of choosing which ever routine they are most comfortable with for their site. Both routines produce the same result and use the same basic checking mechanisms.
NOTE: Certain hosting providers do not permit users to create anything other than MySQL tables, hence attempts to create or use custom procedures can cause database errors. In these situations use the supplied PHP routines.
NOTE: The introduction of the PHPass encryption mechanism in Joomla 3.2 broke the plugin database checking mechanism and it has been disabled in release 0.1.1. It may be reintroduced if the implementation is deemed worthwhile.
Problem routine #__updcontroltable not found.
A problem has been identified where on a site restored from a backup the database function '#__updcontroltable' is not found in the database. This is the same problem as explained in more detail in the 'Issue Tracker' Forum. It is caused by the backup component not including the database function in the backup, hence when restored, the function cannot be found. The backup component must be configured to backup up database procedures, functions and triggers, in order for them to be included in the backed up file.
In addition be aware that not all 'host' providers grant the appropriate database privileges to accounts, which means that the Joomla user connecting to the database may not even be able to see the function in order to back it up. The easiest solution is to reinstall the plug-in in the restore database, and the procedure will be recreated.
I am experiencing problems with the database password checking routine, what do I do?
As described in the documentation this is likely to be related to the underlying database version. Let us know the version of the MySQL database being used and we will investigate further. The plug-in has been tested upon 5.0 and 5.1 databases. In the meantime please use the supplied php checking routine (chosen from the parameter settings).
NOTE: Certain hosting providers do not permit users to create anything other than MySQL tables, hence attempts to create or use custom procedures can cause database errors. In these situations use the supplied PHP routines.
Are other languages supported?
The base language supplied is English. However the component has been written specifically to be able to support other languages. There are a number of submitted translations available. The list of available translations is show in the Translations area of the site.
We welcome any submitted language translations that users might like to contribute. These would then be made available to the whole community. We mainly use Transifex for managing component translations.
There is also a article upon our web site with details upon Transifex and how one can contribute as well as instructions upon how to package up a language translation for the a component.
Do I need to install the User Profile Plug-in?
No the Password Control User Profile Plug-in is entirely optional. It is provided as an additional feature to provide some extra details to users and an aid for site administrators.
Do I have to have the Password Control System plugin in order to use the User Profile Plug-in?
Strictly speaking no, but there is little point in using the Password Control User Profile Plug-in without the System Plug-in since the information it displays is meaningless without it. So it really does not make any sense to do so.
What does the Password Control User Profile plug-in do?
This plug-in provides two additional pieces of information to the user profile, the date of the last password change, and the scheduled date of the next mandatory password change. Each of these is optionally configured and the information displayed will depend upon the system plug-in configuration.
It also provides the administrator with similar details and the ability to configure the next password change, again dependant upon system plug-in settings. See the documentation for more details.
GDPR and Macrotone
- Details
- Published: 16 June 2018
On May 25th, 2018 the European Union's General Data Protection Regulation (GDPR) comes into effect. In this article we will explain what are the changes it brings with regards to our services and our software.
IMPORTANT INFORMATION REGARDING AUTOMATIC ACCOUNT DELETION
The EU GDPR requires us to automatically and irreversibly delete inactive user accounts. If you have not logged in to our site in the past 18 (eighteen) calendar months we will be legally obliged to delete your account on Friday, May 18th, 2018. The deletion is automatic and IRREVERSIBLE: we are legally forbidden from being able to restore your user information.
If you want to prevent your account from being deleted you simply need to log into our site. You DO NOT have to make any purchase WHATSOEVER. All accounts which have EITHER logged in the last 6 months OR have one or more active subscriptions are exempt from the automatic account deletion.
Please don't send us angry emails that we are terrible people for deleting your user account without asking you or that we're extorting you to make a purchase. Again a. the account deletion is required BY THE LAW (on penalty of up to twenty million Euros) and b. you ABSOLUTELY DO NOT need to purchase anything to keep your account active and prevent its deletion, you just need to log in AT LEAST once every 6 months.
Unfortunately we cannot exempt you from the account deletion policy even if you ask us to. The law does not give us that option.
GDPR and your account at Macrotone Consulting Ltd
The GDPR is legislation designed to promote a privacy first approach to handling your personal data with more transparency and a way to reasonably exercise your data rights. While it only covers citizens of any member state to the European Union we consider it better to provide the same level of treatment to everyone. Not only it's more sane for us (since we can't know what is your nationality, to begin with) but also because we care deeply about your privacy and security.
First and foremost, you will see that there our Privacy Statement and our Cookies Policy are now separate documents from our Terms of Service. However, accepting the whole lot is still required to use our services. The Terms of Service does state that the privacy statment and our cookies policy are integral parts of our Terms of Service.
Per the GDPR you now have to give your explicit consent to us processing your personal information. That's a fancy way of saying that you let us give your invoicing information to the tax authorities and our accountants and auditors, as well as let our staff (who are technically subcontractors) to provide you support. Starting May 19th you will need to indicate your consent if you subscribed before April 2018 or do not have an active subscription with us. You can withdraw your consent at any time but we won't be able to provide any of our services to you until you give your consent again. Managing your consent (revoking your consent) is possible after that. Read the "Exercising your Data Rights" section below for more information.
Cookies can likewise be rejected, including the login / session cookie of our site. If you reject cookies you will not be able to log into our site and we will not be able to provide you our services due to no fault of ours. We might revise this policy in the future since login cookies are exempt by the GDPR. It's just that the third party extension we currently use does not have that option. Most importantly, when you reject cookies you just disable Google Analytics. We don't use any other cookies on our site as of the time of this writing; check the Cookies Policy for the most up to date information. Cookie consent can be given and revoked at any time. Look at the bottom of every page of our site for the controls.
Finally, the GDPR mandates data minimization. That's a complicated way of saying that we must delete your information when we have no reasonable business use for that. This means that we will delete your data profile 6 months after your last subscription expires or you last logged into our site, whichever comes later. This is a legal requirement. We will send you an email to the email address we have on file for you a month before we delete your user account as a courtesy and to prevent any issues. You DO NOT have to buy a subscription or otherwise pay us to keep your data with us. You can very simply log into your user account with us at least once every six months. Please note that emails will NOT be sent to the first batch of users who have not logged in the past 18 months, to be deleted between May 17th and May 25th, 2018.
Since profile deletion is permanent and irreversible we are going to be ramping up the deletion period over time. We will start with an 18 month cutoff period (instead of 6 months) until September. Then we will reduce it to 12 months. On January 2019 we will reduce it again to 6 months. Please DO NOT email us asking to not delete your user account or why we deleted your user account. If you want your user account to not be deleted just log into our site. If your account is deleted it's because we are legally required to do so and no, we cannot reinstate your account because we no longer have your data and we are not allowed by the law to do it anyway. If you do send us an email we will point you back to this page since there are only so many ways this can be put into words. Yes, we do understand that for the average client this is horrible and will lead to frustration but no, we cannot ignore the law. The highest fine for ignoring the GDPR is 20 million Euros which is very much higher than our total company income since we started writing our software in October 2006.
If you have questions about our handling of your personal information please do read the privacy statement and cookie policy pages. All the information the European Union requires us to make available to you is in there. Emails or other forms of contact with similar questions will be answered with a link to this page which contains links to the pages with the information you are seeking. If you feel something is missing please do say so in your email and point out exactly what so we can help you. If you have spotted something substantial missing we will of course update this page to include the missing information.
Exercising your Data Rights
Starting May 19th, 2018 you are able to exercise your Data Rights using our self-service Data Processing Options self-service page. You can get to that self-service page in the following ways:
- Click on this link: Data Processing Options
- Click on the Data Processing Options link you can find at the footer of every page of our site after logging in.
- Log in. Then click on My Profile. Click on the Edit Profile link at the top right of that page. On the edit page scroll down until you find the Personal Data Options header. Click the “Manage your personal data options” link next to it.
Kindly note that you must be logged for the link to work. We DO NOT keep personal information for any natural persons who do not have a user account on our site. As a result, all your personal information is linked to your user account. For obvious security and privacy reasons you need to log into our site to verify that you are in control of the user account you are trying to manage Data Processing Options for. If you cannot log into your account use the "Forgot my username" and "Forgot my password" links on our site. If you can log in but cannot get past your account's Two Step Verification please use the Contact Us page to request our assistance.
The following data rights are available from that page:
- Revoke or give again your consent to processing personal information. Kindly remember that without your consent we cannot let you use our site since there are no services we can render without being able to collect your IP address in a log for security purposes (download service) or use your personal information to reply to your requests (support, contact us etc). Should you revoke your consent you will only be able to use the logged out (public) version of our site until you give your consent again.
- Export your profile with us (data portability right). The exported data is in XML format using the same database keys the Open Source software we use on our site (Joomla and our extensions) use. Therefore you could possibly use it to transfer your data to another site using the same software and / or transform it to another suitable format for your purposes.
- Delete your profile with us (right to be forgotten). THIS IS IRREVERSIBLE. If you have a subscription it's terminated without a refund and you waive all your rights against us. Use with EXTREME caution.
Keen readers may have spotted that the rights to amendment and objection are not mentioned. Your right to amendment has always been possible through the My Profile link on our site. It's at the top of every page of our site once you log in. The right to objection is invalid in the context of our relationship. Your invoicing information is required to be transmitted by the tax laws which override the GDPR protections. Security logs are exempt from GDPR. The information you send us in tickets or contact requests is processed only under active consent. Therefore there is no case where objection has reasonable grounds.
As a further clarification, we'd like to note that emails and any off-site communications are deleted immediately after we conclude our communication (typically: after we send you a reply). We do not keep any copies. Please keep in mind that from May 25th, 2018 onwards we will NOT consider email or other out-of-site communications as binding us in any way whatsoever since we are not allowed to keep copies, therefore we are not allowed to have a permanent audit log of such communications which renders these communications effectively off-the-record. This includes the Contact Us page which simply sends us an email. If you want to conduct communication which is official and binding you MUST tell us in advance and explicitly waive your right to be forgotten in the strict scope of that particular communication.
Moreover, we'd like to remind our users and clients that should you email us or otherwise ask us to manually exercise your data rights on your behalf you will be asked to use the Data Processing Options self-service page. You will also receive a link to this document. This is for your own security and privacy. We do not have the know-how or technical means to verify identities off-line. We can only trust that if you know the log in to a user account you have the authorization to manage the Data Processing Options for that person. That's why we ask you to log in.
Let us reiterate that we DO NOT keep personal information for people who do not have a user account with us. Do not ask us for information regarding a non-user, we have none. If you do, you'll just get a link to this page.
Moreover, we cannot divulge who is a user or not, whether a user account exists or confirm any property of a user account. If you send us a request about a non-user or the existence and / or properties of a user account you will be linked to this page without further reply. We do this to protect your privacy and security.
GDPR and our software, on our site and on your sites
Disclaimer: this is not legal advice; we are not lawyers. If unsure or have questions about GDPR compliance please consult a qualified laywer.
In the following paragraphs we will discuss how the information collected by our various software, installed on bot our site and,most importantly, your sites affects the GDPR compliance of the site where they are installed.
Our support / helpdesk software (Issue Tracker System)
Macrotone Issue Tracker by its very nature stores personally identifiable information in 'issues'. It is impossible to encrypt the issue titles and body because the hit in performance and the inability to search through the content renders it impractical. To the best of our knowledge GDPR accepts that line of reasoning.
However, you should NEVER, EVER store passwords or other sensitive information (such as a person's real address) as unencrypted data in the database.
Another sticky point with regards to GDPR is the issue-by-email and the issue notification by email features. According to the GDPR it's illegal to accept personal information over unencrypted email. Since implementing support for encrypted email is complicated and technically infeasible in most cases we have to warn you that it's ILLEGAL to use that feature after May 25th, 2018. We plan to remove it in a future version of the software. Regarding email notifications to issues, you are advised to remove the issue content from the email template. We cannot do this automatically. You have to go an edit your email templates for PRIVATE tickets.
Speaking of which, the GDPR provisions for privacy do not apply to public issues, obviously. People electing to file public issues do so being fully aware that their information will be visible to anyone and they do receive adequate warning. You may, however, want to set up your Issue Tracker categories to ofer private tickets by default. The idea is that the GDPR asks you to implement your sites with privacy by default. We understand the implication to that is that the default issue visibility should be Private as a result.
Moreover, old private issues of inactive clients will be removed from our site as they may contain sensitive information. If you are an active client (you have a subscription) or you have logged in the last 18 months on our site please review your private tickets. If they have private information please ask us to remove them and remember to give us the issue numbers (or we will remove ALL your private issues!). No, if you ask us to check we cannot do that; we do not have the manpower. That's why you can log in and check for yourself. Also note that we do explicitly tell you to give us temporary access, therefore we do not have any responsibility if you failed to revoke our access since your issue was closed.
Other software we make
To the best of our understanding, our other software does not store personal information of any kind. Therefore the GDPR is irrelevant to its use on our site or anywhere else.
The software we are using to enforce GDPR compliance
The cookie policy is enforced by the EU e-Privacy Directive extension for Joomla! by Michael Richey with some modifications.
Joomla! 3.9 will come with its own solution called com_privacy. We cannot yet guarantee that our software will work together with com_privacy in the future since we don't even know how it's supposed to work on account of it being under development at the time of this writing (May 15th, 2018).