Tag Archives: Movable Type

Movable Type and TypePad Passwords in Plain Text

Posted on by
Reply

“If Movable Type was as popular, and under the same amount of scrutiny, I can’t imagine they would still be storing passwords as plain text.” upset at least one reader of “Movable Type Pro, Setting Social Networking Free, Vaporware, WordPress, BuddyPress“. His comment wasn’t polite, so I’ll answer without here without publishing it or calling attention to the comment author.

While working on the TypePad and Movable Type AtomPub Exporters (still in progress), programmer Ronald Heft Jr had a problem interacting with the WSSE authentication both use. The problem ended up being in his own code, but it also led to some interesting observations about how the authentication works.

TypePad doesn’t require as secure code.

  • TypePad can handle the WSSE nonce either base64 encoded or plain text. Movable Type requires the nonce to be base64 encoded. Ronald had been using base64 on the nonce from the beginning, and TypePad accepted it. The APE does not encoding the nonce, so it works with TP but not MT.
  • TypePad allows the same nonce to be used multiple times, while Movable Type requires a new nonce for each request. The AtomPub library Ronald had been using did not regenerate the nonce as it was centered around TypePad. Once he started giving a new nonce for each request, MT started authenticating.

This is a good reminder that allowing programmers a less secure option, and they will likely take it because they trust you, and have other deadlines.

WSSE authentication is inheritantly insecure.

When Ronald looked in his Movable Type database he found that the passwords were stored in plain text. WordPress remote access development lead Joseph Scott explains that the only way to support WSSE is to store the passwords in plain text on the server, which is one of the reasons why WordPress won’t be supporting WSSE.

Movable Type Pro, Setting Social Networking Free, Vaporware, WordPress, BuddyPress

Posted on by
7

Six Apart VP Anil’s response today on the official Six Apart blog to my Movable Type Pro Introduction video parody doesn’t surprise me, but where is the link love?

Continue reading

Movable Type Pro with Comments

Posted on by
13

I’m sure Movable Type Pro is a fantastic product, but when I watched the introduction video in the announcement article I wasn’t feeling the “profoundly powerful new set of capabilities that shows the web where blogging is going next.”

I thought it was ripe for parody, and so here is my voice-over:

Update: Six Apart shared my video with all of their customers, but gave no link love or attribution to me (no Lloyd Budd anywhere in sight), see my response “Movable Type Pro, Setting Social Networking Free, Vaporware, WordPress, BuddyPress

I’m Biased, But Try Movable Type and Drupal

Posted on by
10

Anil Dash has written an article titled “A WordPress 2.5 Upgrade Guide” on the official movabletype.com blog. It is full of misdirection, and, thankfully, overall it hasn’t been well received. What excites me is it has sparked some excellent discussions, and it’s a great launching point for more conversations.

I whole heartily recommend you try the open source flavor of Movable Type. It is clearly a great product created by fantastic people.

If you are thinking you only have time to try one other blogging software than WordPress, my time and money is on Drupal. People bringing Drupal into the conversation as an alternative has been one of my favorite parts of the discussions. Built on the same PHP stack that powers WordPress and much of the rest of the high performance web. Drupal is the full featured CMS with the heart and minds of the open source communities (I hang out with). Its blogging experience isn’t as polished out of the box as WP or MT, but it’s getting there — and we’re working hard at staying focused and one step ahead of them ;-)

If you have time please do share what you love about these other personal publishing environment, particularly if it relates to something that annoys you about WordPress. This way WordPress participants can respond by letting our code do the talking.

If you are currently using WordPress then your highest priority will likely be to plan to take a look at WordPress 2.5 as a release candidate will be coming very soon — watch the WordPress Development blog for the news.

Continue reading

15 Minutes to Publish!

Posted on by
Reply

Down to a few few seconds after migrating China Digital Times from Movable Type to WordPress.

Go to the Scot Hacker Bird House and read Notes on a Massive WordPress Migration. Scott, the webmaster of the UC Berkeley Graduate School of Journalism, and O’Reilly author knows his stuff, and backs it up with the data. Brilliant insights!

Movable Type 200% Open Source!

Posted on by
37

Where 100% and fully are not quite the definitions I’m used to.

Yes, Movable Type Open Source should be celebrated! It is awesome that it already includes everything that was released as Movable Type 4.0 and more. As I understand it there should soon be a stable release. But I am confused by the conversations I read and concerned by the phrases used to describe this “version”.

Continue reading

Todd Cochrane Doesn’t Like MT4′s Podcasting Support, and What That Really Means For WordPress

Posted on by
1

Todd Cochrane who wrote the book on podcasting, Podcasting: Do It Yourself Guide, wrote a harsh post about Movable Type 4 not living up to its announced podcasting support claims. The article begins:

From today forward I will no longer recommend Movable Type as a viable new media blogging / podcasting platform. I will recommend WordPress to any and all that ask my advice.

Todd elaborates in the comments on the experience in WordPress that has contributed to his conversion:

Wordpress does have native support when you are publishing a post you will see add media at the bottom of the page.

If you add your media there and hit publish the media will be included as a enclosure in your RSS feed.

While you will not have all the fancy itunes tags you can manually edit your rss template and add that data to be included.

To make it easy the podpress plugin makes it easy for you to add the itunes data to the feed.

Another thing to consider is that at least you can publish a podcast with WordPress today. You cannot say the same with MovableType Version 4 it is simply not possible to publish a podcast with the current version of the blogging software.

Welcome to the team Todd!

Continue reading