June 2011 Archives

Security Update: Movable Type 5.12, 5.06, and 4.37 Released

By Maarten Schenk on June 23, 2011 10:15 AM | 1 Comment | No TrackBacks |
If you are running Movable Type and you have users on your system you can't completely trust, you urgently need to update to the latest version, says Six Apart in an announcement this morning.  They specifically mention that this release fixes an issue where:
Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system.
That is bad, as it would allow a potential attacker to read things like configuration files etc. which may contain passwords or other sensitive information.
Continue reading Security Update: Movable Type 5.12, 5.06, and 4.37 Released.

"Learning Movable Type" is Back!

By Maarten Schenk on June 21, 2011 9:29 AM | No Comments | No TrackBacks |
Between 2004 and 2008, Elise Bauer ran Learning Movable Type, a group weblog with tips, tricks and tutorials for beginning Movable Type webmasters (and one of the sites inspiring me to start Movable Tips).  As Elise didn't have the spare time to run the site anymore, Six Apart took over the hosting but nothing much happened with it anymore for several years, even though it remained a very useful resource. But now the site has a new home: Elise has graciously passed me the torch, and since yesterday the site is hosted on my server.
Continue reading "Learning Movable Type" is Back!.

CMSCritic Interviews Byrne Reese of the Open Melody Project

By Maarten Schenk on June 16, 2011 10:54 PM | No Comments | No TrackBacks |
During the interview, Byrne touches on the reasons why Melody got started, its relationship with Movable Type and Six Apart, the wider MT/Melody community and finally there is a peek at the future of Melody.  Worth a read!

Nice Trick to do Movable Type One-Liners in Perl

By Maarten Schenk on June 16, 2011 2:00 PM | 1 Comment | No TrackBacks |
Thanks to Google translate (and the community feed) I found out about this nice little trick (original Japanese version) by Akira Sawada today.  When doing any kind of Perl development, you can run a one-line command just by calling
perl -e 'some command'
and it will be executed.  But did you know you can also (in your MT folder) do this
perl -MT -e 'some command'
and have it executed with all of Movable Type's settings and modules etc. loaded?
Continue reading Nice Trick to do Movable Type One-Liners in Perl.

Movable Type and Melody Community Feed Now Tracks 50 Feeds

By Maarten Schenk on June 15, 2011 10:04 AM | 1 Comment | No TrackBacks |
I just added the feed of Endevver's knowledge base to the Movable Type and Melody Community Feed Aggregator.  The aggregator is now tracking 50 feeds for Movable Type and Melody related news, and over the past weeks there hasn't been a single day without at least several updates appearing.  Know of any other sources I should include?  Let me know!

Bug: Movable Type' s MTInclude Tag Caching Broken while Memcached Active

By Maarten Schenk on June 14, 2011 2:00 PM | 130 Comments | No TrackBacks |
Are you using Memcached in combination with Movable Type, and are you using the caching options on one or more of your module or widget templates?  Then have a look at these bug reports (106215106287), as they might affect the performance of your installation quite negatively.

Continue reading Bug: Movable Type' s MTInclude Tag Caching Broken while Memcached Active.

Showing Entry Tags on Movable Type's Manage Entries Screen

By Maarten Schenk on June 10, 2011 3:42 AM | No Comments | No TrackBacks |
Neat new plugin on H. Fujimoto's blog: Extend Taggable Listing.  Under Movable Type's 5.1 listing framework, you can pick and choose the columns to display on any listing screen, like the Manage Entries screen for example.  This plugin allows you to display a column listing all the tags applied to a listed item.  It works with all lists of things that can be tagged: entries, pages, assets...
Continue reading Showing Entry Tags on Movable Type's Manage Entries Screen.

Mandatory Movable Type Security Updates Released (5.11, 5.051, 4.361)

By Maarten Schenk on June 9, 2011 9:26 AM | No Comments | No TrackBacks |
Six Apart has released updated versions of Movable Type containing several security fixes (and a few other bugfixes as well).  Release notes are here.  It is highly recommended to install these updated versions, as they patch a number of vulnerabilities of the type that got PBS.org hacked through a Movable Type 0day exploit last week.  As always, don't just upgrade, but make sure your installation is properly secured as well.

The IncludeMap Plugin for Movable Type (with screencast)

By Maarten Schenk on June 9, 2011 2:28 AM | No Comments | No TrackBacks |
I recently found out about the IncludeMap plugin while browsing the Japanese Movable Type Plugin Directory (which seems way livelier than the 'official' one).  This neat plugin builds a map of the relationships between your various templates, showing you a neat visualisation of which templates include which modules and widgets, but also the other way round, going multiple levels deep.
Continue reading The IncludeMap Plugin for Movable Type (with screencast).

MT Cumulus Plugin Security Vulnerability

By Maarten Schenk on June 7, 2011 1:52 PM | No Comments | No TrackBacks |
Anyone using the MT Cumulus plugin to generate a flash-based tag cloud, take heed: there is a security vulnerability in the flash part of this plugin that allows script injection attacks.  If you are using this plugin, it is probably better to remove it for now until an update becomes available, and to rely on Movable Type's built-in HTML-based tag cloud widget.

Treating Every n'th out of x Entries as Special in Movable Type

By Maarten Schenk on June 6, 2011 3:42 PM | 1 Comment | No TrackBacks |
I recently had to deal with a list of entries of arbitrary length, and every second out of three had to be displayed slightly differently than the one before and after it.  The idea was to create sort of a three-column effect, with each 'middle' entry sporting a left and right border.  A very useful tool for this is Movable Type's built-in modulo operation.
Continue reading Treating Every n'th out of x Entries as Special in Movable Type.

10 Tips for Securing Your Movable Type Installation

By Maarten Schenk on June 2, 2011 4:17 PM | 10 Comments | No TrackBacks |
After the recent hacking of PBS.org (most likely caused by a 0day exploit in an older version of Movable Type 4), it is probably a good idea to review the security of your Movable Type installation.  To help you, we compiled this list of ten security tips, with help from the engineers at Six Apart Japan.
Continue reading 10 Tips for Securing Your Movable Type Installation.

Six Apart Japan and Evernote Announce Deal (I think)

By Maarten Schenk on June 1, 2011 3:34 PM | 2 Comments | No TrackBacks |
On Six Apart Japan's website there is an announcement which, if pulled through Google translate, seems to indicate some kind of deal with Evernote.  The gist seems to be that there is a new plugin for Movable Type to directly clip entries to Evernote, and it looks as if this feature is also available to certain TypePad users, although it isn't clear to me if this is for Japanese users only or worldwide.  Stay tuned!

Melody Database Backup Plugin

By Maarten Schenk on June 1, 2011 2:46 PM | No Comments | No TrackBacks |
Interesting new Melody plugin from Mike: Melody Database Backup. It sets up an automated taks that automatically saves a database backup to a specified folder on your server every day.  The plugin only works on Melody, unfortunately, but maybe someone can make a Movable Type compatible version?
« May 2011 | Main Index | Archives | July 2011 »