Tag Archives: TypePad

The Clear Six Apart Open Web

Posted on by
Reply

One of my inspirations Simon Willison, as well as his excellent deep analysis on numerous web development issues, provides pithy links and comments in from “elsewhere” on his blog. I highly recommend subscribing to his feed.

Today, he shared this quote from Anil Dash:

“It’s clear that, even those who are privileged by access and wealth and the ability to amplify their own voices have anticipated that we’ll all be disenfranchised by the private companies that own and control our networks of communication. And yet, most of our effort and ambition in the technology industry are not going towards building for the open web.”

Anil Dash, The Web in Danger, Nov 16th, 2009

Oh, how clear it is. As I commented on Simon’s post:

Anil is a VP at Six Apart.

Why do images on TypePad not have file name extensions?

Why are there no export features for Vox?

I could go on… I’ve emailed Anil Dash personally months ago about each of these issues. As has historically been the case with my interactions with Anil, I’ve only got hand waving back.

Here are the Get Satisfaction threads on those two issues:

This is something that gets me emotional. Even if Six Apart did not compete with us (WordPress/WordPress.com/Automattic) in some spaces, this issue is one of my emotional Achilles’ heels.

For all of their tooting about the open web, not only are Six Apart’s main services not open source projects, but they have long outstanding issues with locking in their customers.

Being able to get your content and data out is the greatest fundamental of the open web!

Update (later the same day): Announced today at Web 2.0 NYC, Anil is no longer employed by Six Apart. He is now Director of Expert Labs. I wish him all the best in his new job trying to effect change on the greatest scale.

Movable Type and TypePad Passwords in Plain Text

Posted on by
Reply

“If Movable Type was as popular, and under the same amount of scrutiny, I can’t imagine they would still be storing passwords as plain text.” upset at least one reader of “Movable Type Pro, Setting Social Networking Free, Vaporware, WordPress, BuddyPress“. His comment wasn’t polite, so I’ll answer without here without publishing it or calling attention to the comment author.

While working on the TypePad and Movable Type AtomPub Exporters (still in progress), programmer Ronald Heft Jr had a problem interacting with the WSSE authentication both use. The problem ended up being in his own code, but it also led to some interesting observations about how the authentication works.

TypePad doesn’t require as secure code.

  • TypePad can handle the WSSE nonce either base64 encoded or plain text. Movable Type requires the nonce to be base64 encoded. Ronald had been using base64 on the nonce from the beginning, and TypePad accepted it. The APE does not encoding the nonce, so it works with TP but not MT.
  • TypePad allows the same nonce to be used multiple times, while Movable Type requires a new nonce for each request. The AtomPub library Ronald had been using did not regenerate the nonce as it was centered around TypePad. Once he started giving a new nonce for each request, MT started authenticating.

This is a good reminder that allowing programmers a less secure option, and they will likely take it because they trust you, and have other deadlines.

WSSE authentication is inheritantly insecure.

When Ronald looked in his Movable Type database he found that the passwords were stored in plain text. WordPress remote access development lead Joseph Scott explains that the only way to support WSSE is to store the passwords in plain text on the server, which is one of the reasons why WordPress won’t be supporting WSSE.

WordPress GSoC Week 4 and import/mt-atom.php

Posted on by
1

Today is the end of week 4 of coding for WordPress’s Google Summer of Code. It’s hard to believe it has already been 4 weeks, and there are only 2.5 weeks until the half way mark. This year, we’re running a tighter program and I think the results will speak for themselves.

Like last year, I’m mentoring Ronald Heft, Jr’s. He is working on TypePad AtomPub-based Content Importer. Ronald has been good about keeping me updated, asking good questions, proposing solutions, prioritizing issues, and sharing his results with the community.

Today seemed like a good day to take a look at the code and take it for a spin. I identified some issues and Ronald immediately responded with a plan to investigate and address them.

It isn’t quite ready for you to test importing from TypePad, but things are looking good. It’s getting close.

TypePad SEO Blows…

Posted on by
25

There are so many possible places to start in supporting Michael Krotscheck‘s statements and pointing out Six Apart VP Anil Dash mistakes. Here is an easy one:

And TypePad simply blows WordPress.com away on SEO when it comes to search engine indexing. TypePad delivers your blog posts directly to Google Reader and My Yahoo and Blogline.

Are there specific issues that WordPress needs to fix to reverse the blow (hard)?

Continue reading

Overwhelm their Fears with Open Source

Posted on by
17

When in conversations with people championing freedom causes using Google Blogger or Six Apart TypePad, I share that myself and many people find it upsetting that they do so using proprietary software.

The inconvenience and their frustrations with software usually leaves them too afraid to even consider switching to another publishing platform.

It is ok that it isn’t their issue. We all have a limited amount of energy, and relative to other causes open source isn’t urgent.

It is our opportunity, those that are passionate about open source, to provide a solution that is superior. We need to allow those people to see benefits that overwhelm their fears and helps them champion their own causes.