June 2011 Archives

If you are running Movable Type and you have users on your system you can't completely trust, you urgently need to update to the latest version, says Six Apart in an announcement this morning.  They specifically mention that this release fixes an issue where:
Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system.
That is bad, as it would allow a potential attacker to read things like configuration files etc. which may contain passwords or other sensitive information.
Between 2004 and 2008, Elise Bauer ran Learning Movable Type, a group weblog with tips, tricks and tutorials for beginning Movable Type webmasters (and one of the sites inspiring me to start Movable Tips).  As Elise didn't have the spare time to run the site anymore, Six Apart took over the hosting but nothing much happened with it anymore for several years, even though it remained a very useful resource. But now the site has a new home: Elise has graciously passed me the torch, and since yesterday the site is hosted on my server.
During the interview, Byrne touches on the reasons why Melody got started, its relationship with Movable Type and Six Apart, the wider MT/Melody community and finally there is a peek at the future of Melody.  Worth a read!
Thanks to Google translate (and the community feed) I found out about this nice little trick (original Japanese version) by Akira Sawada today.  When doing any kind of Perl development, you can run a one-line command just by calling
perl -e 'some command'
and it will be executed.  But did you know you can also (in your MT folder) do this
perl -MT -e 'some command'
and have it executed with all of Movable Type's settings and modules etc. loaded?
I just added the feed of Endevver's knowledge base to the Movable Type and Melody Community Feed Aggregator.  The aggregator is now tracking 50 feeds for Movable Type and Melody related news, and over the past weeks there hasn't been a single day without at least several updates appearing.  Know of any other sources I should include?  Let me know!
Are you using Memcached in combination with Movable Type, and are you using the caching options on one or more of your module or widget templates?  Then have a look at these bug reports (106215106287), as they might affect the performance of your installation quite negatively.

Neat new plugin on H. Fujimoto's blog: Extend Taggable Listing.  Under Movable Type's 5.1 listing framework, you can pick and choose the columns to display on any listing screen, like the Manage Entries screen for example.  This plugin allows you to display a column listing all the tags applied to a listed item.  It works with all lists of things that can be tagged: entries, pages, assets...
Six Apart has released updated versions of Movable Type containing several security fixes (and a few other bugfixes as well).  Release notes are here.  It is highly recommended to install these updated versions, as they patch a number of vulnerabilities of the type that got PBS.org hacked through a Movable Type 0day exploit last week.  As always, don't just upgrade, but make sure your installation is properly secured as well.
I recently found out about the IncludeMap plugin while browsing the Japanese Movable Type Plugin Directory (which seems way livelier than the 'official' one).  This neat plugin builds a map of the relationships between your various templates, showing you a neat visualisation of which templates include which modules and widgets, but also the other way round, going multiple levels deep.
Anyone using the MT Cumulus plugin to generate a flash-based tag cloud, take heed: there is a security vulnerability in the flash part of this plugin that allows script injection attacks.  If you are using this plugin, it is probably better to remove it for now until an update becomes available, and to rely on Movable Type's built-in HTML-based tag cloud widget.
I recently had to deal with a list of entries of arbitrary length, and every second out of three had to be displayed slightly differently than the one before and after it.  The idea was to create sort of a three-column effect, with each 'middle' entry sporting a left and right border.  A very useful tool for this is Movable Type's built-in modulo operation.
After the recent hacking of PBS.org (most likely caused by a 0day exploit in an older version of Movable Type 4), it is probably a good idea to review the security of your Movable Type installation.  To help you, we compiled this list of ten security tips, with help from the engineers at Six Apart Japan.
On Six Apart Japan's website there is an announcement which, if pulled through Google translate, seems to indicate some kind of deal with Evernote.  The gist seems to be that there is a new plugin for Movable Type to directly clip entries to Evernote, and it looks as if this feature is also available to certain TypePad users, although it isn't clear to me if this is for Japanese users only or worldwide.  Stay tuned!
Interesting new Melody plugin from Mike: Melody Database Backup. It sets up an automated taks that automatically saves a database backup to a specified folder on your server every day.  The plugin only works on Melody, unfortunately, but maybe someone can make a Movable Type compatible version?