Recently I went to board a train at Arundel station on a Sunday, where there is a service every hour if you fancy a trip out. As usual it turned into a disaster and down right danger. I have put in italics the amusing "sorry, not sorry " parts.
Dear southern rail
On the 1559 Arundel to Chichester. I Walked with my dog along the platform towards front 4 carriages and guard saw me along with about 5 other people .
The Guard then got back on train, but the dog then decided to pooh on platform, I scooped it up in a bag and I was about a foot from door.
I turned round and train doors were locked, I was pressing the button and it pulled away while I was pressing button and very close to train (inside the yellow line)
There was No call from guard and driver didn't check clear safe platform. Not even shout and i was in the train danger zone and it left.
The Woman in ticket office said i can complain but wont do any good. She said the Driver is in charge not guard and to wait for next one as I missed it.
What Are Cookies
For more general information on cookies see the Wikipedia article on HTTP Cookies...
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.
The Cookies We Set
This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Third Party Cookies
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.
For more information on Google AdSense see the official Google AdSense privacy FAQ.
In some cases we may provide you with custom content based on what you tell us about yourself either directly or indirectly by linking a social media account. These types of cookies simply allow us to provide you with content that we feel may be of interest to you.
Several partners advertise on our behalf and affiliate tracking cookies simply allow us to see if our customers have come to the site through one of our partner sites so that we can credit them appropriately and where applicable allow our affiliate partners to provide any bonus that they may provide you for making a purchase.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; twitter,faceboook, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. However if you are still looking for more information then you can contact us through one of our preferred contact methods.
This is intended as a short summary of what I have done with the API. Feel free to argue with any points, if you feel that I have got it wrong.
I have prepared some short documentation on the VEL API which we can make available to users (see vel-api-documentation.html), which explains how to access it. This purpose of document is to explain to us how to use it.
The fields actually included in the public feed are these ones:-
It is pretty straightforward, go to components->VEL, click 'new'.
I hope that the feeds are fairly self-explanatory. Note that we can add internal notes to the internal description field, these will not be made public. We can link the entry to a joomla article if we want, that might be useful in future, it will provide a way to link items to the current VEL articles.
You must change the status to live or resolved for it to show up in the feed.
The vulnerability type field is for our use only, and is not included in the feed, we don't have to use it but might find it useful to keep track of the vulnerability types in our database.
We can upload the extension manifest, then the data from the manifest will be automatically parsed, to give us the following:-
It will be accessed at https://vel.joomla.org/index.php?option=com_vel&format=json. There will also be a verification hash at https://vel.joomla.org/index.php?option=com_vel&format=json&task=verify. The verification hash updates when the feed updates, so plugins can use this to check whether it is necessary to fetch an updated version of the feed. Note that com_vel does not output anything else.
Com_vel has its own cache, which should cache the feed for up to a year, if nothing changes. Whenever a new item is added, or one is deleted (if that ever happens), or one is edited, the cache will be automatically cleared, and a new cached page will then be generated. Similarly the verification hash will be updated. So it should be quite efficient.
There is always the possibility of adding additional fields if we decide that they are wanted, and actually there are several more that exist as fields in the database but are not currently included in the feed, mainly in order to keep things simple.
However they are all still there in the database, making it easier to include them in the feed later if we want. The main ones that have been dropped for now are the CVSS 3.0 temporal and environmental scores, as we discussed previously they probably do not add anything significant, and it would be fine to use just the base score. However the CVSS temporal and environmental scores do exist as fields in the database so can quite easily be added if we ever want to do so.
I have come round to the idea that including the CVSS 3.0 base score and vector string is a good idea, and actually much better than saying what type of vulnerability (eg SQL injection) it is. I have kept a field for the vulnerability type available to us in the admin, it might come in useful, but the vulnerability type is not included in the public feed.
There is also the possibility of crediting the discoverer of the vulnerability, if they want to be publicly credited, again it is a field in the database but not currently in the feed.
At the moment which fields are public is hard-coded into the extension (in models/items.php), there are some advantages to keeping it that way, at least it means that a mis-configuration will not accidentally make public any internal data. Still I may look at improving that at some point.