By now, you’re probably aware of a serious ASP.NET Vulnerability going around. The ASP.NET team has been working around the clock to address this. Quite literally as last weekend, I came in twice over the weekend (to work on something unrelated) to find people working to address the exploit. Recently, Scott Guthrie posted a follow-up blog post with an additional recommended mitigation you should apply to your servers. I’ve seen a lot of questions about these mitigations, as well as a lot of bad advice. The best advice I’ve seen is this - if you’re running an ASP.NET application,...
My son and I returned from a week long vacation to visit my parents in Anchorage Alaska last night. Apparently, having the boys out of the house was quite the vacation for my wife as well. :) We had a great time watching the World Cup and going on outings to the zoo as well as hiking. Well, at least one of us was hiking while another was just enjoying the ride. We hiked up a trail to Flattop which has spectacular views of Anchorage. Unfortunately, we didn’t make it all the way to the...
Deploying a Subtext skin used to be one of the biggest annoyances with Subtext prior to version 2.5. The main problem was that you couldn’t simply copy a skin folder into the Skins directory and just have it work because the configuration for a given skin is centrally located in the Skins.config file. In other words, a skin wasn’t self contained in a single folder. With Subtext 2.5, this has changed. Skins are fully self contained and there is no longer a need for a central configuration file for skins. What this means for you is that it...
This blog is experiencing technical difficulties. Do not adjust your browser. Hi there. If you’ve tried to visit this blog recently you might have noticed it’s been down a lot in the last two days. My apologies for that, but hopefully you found what you needed via various online web caches. I’ve been dogfooding the latest version of Subtext and as CodingHorror points out, dogfood tastes bad. I’ve done a lot of testing on my local box, but there are a class of bugs that I’m only going to find on a high traffic real site, and...
Simo beat me to the punch in writing about this, After many long years being hosted on SourceForge, the Subtext submarine is moving into a new project hosting port. We’ve finally moved off of SourceForge and onto Google Code’s project hosting. Our main site (primarily for end users) is still at http://subtextproject.com/ and I’ve hopefully updated every place it points to SourceForge to now point to Google Code. Image stolen from Simo’s blog. ;) This was a very tough decision between CodePlex and Google Code. CodePlex is a great platform and I really like what they’ve...
How many of you out there who use Subtext host it on a hosting provider who does not have ASP.NET 3.5 available? I’d like to make the next version of Subtext 2 take a dependency on 3.5. Note that it wouldn’t have to take a dependency on SP1. Just ASP.NET 3.5 proper as I believe most hosting providers support it. If you’re stuck with a hosting provider who only supports ASP.NET 2.0 and not 3.5, do leave a comment. Note that we’re still in the planning stages for Subtext 3, which will be built on ASP.NET MVC. In...
A Subtext user found a security flaw which opens up Subtext to potential XSS attacks via comment. This flaw was introduced in Subtext 2.0 by the feature which converts URLs to anchor tags. If you are still on 1.9.5b or before, you are not affected by this issue. If you upgraded to 2.0, then please update to 2.1 as soon as you can. Note that you can edit comments in the admin section of your blog to fix comments if someone attempts to abuse your comments. This release has several other bug fixes and usability improvements as well....
One feature of Windows Live Writer that Subtext supports is the ability to edit your post slug? What is the URL slug associated with a blog post? What is the URL slug? Take a quick look in the address bar and you should notice that the URL ends with “editing-post-slugs.aspx”. That bold part is the post slug. It’s a human friendly URL portion that identifies this blog post, as opposed to using some integer id. For a long time, Subtext had the ability to automatically convert your blog post title into friendlier URLs. However, as with most automatic...
An undisclosed source informed me that MySpace China is using a modified version of Subtext for its blogging engine.
var subtextBlogInfo = new blogInfo('/', '/1304049400/');
So if anyone is wondering if Subtext can scale, it sure can. MySpace China gets around 100 million page views, approximately a million of which go to the blog.
My source tells...
When summer arrives, many like to create a new look via a haircut or new threads. I prefer to change the look of my blog with a new design. This here design took all of four hours to complete. Well that’s not exactly true. It took all of four hours of my time to complete (give or take a few). You can probably see where I’m going with this if you’re one of the many to have read The 4-Hour Workweek: Escape 9-5, Live Anywhere, and Join the New Rich recently. Wondering what all the buzz was about I...
In my previous post, I outlined some minor changes to the skinning model for Subtext. In this post, I will give a high level overview of how skinning works in Subtext. Subtext renders a Skin by combining a set of CSS stylesheets with a set of .ascx controls located in a specific skin folder. If you look in the Skins directory for example, you might see a set of folders like this. Skin Template A common misperception is that each folder represents a Skin. In fact, each folder represents something we call a Skin Template, and can...
If you are hosting multiple blogs on a single installation of Subtext, the recent Subtext 1.5 release unfortunately introduces a security bug that will allow an admin of one blog to login to another blog. The fix has already been posted to Sourceforge as part of the Subtext 1.5.1 release.
If you already upgraded to Subtext 1.5, you only need to update the Subtext.Framework.dll file in the bin directory. The fix was a one line code change. I apologize for the inconvenience and for the mistake. Please spread the word.
I noticed the following checkin message in the subtext commits mailing list today (this is the mailing list in which we can receive Subversion checkin notifications).
Date: 2006-04-21 13:56:27 -0700 (Fri, 21 Apr 2006)
The link to Phil Haack blog was wrong
(http://haacked.com/blog) Fixed it.
This had me cracking up because I am the one who added the link to my own blog originally. It took someone else to notice the mistake and fix it. An inability to link to oneself correctly. Is that a recognized form of...
Steve Harman reports that Subtext reached 1000 downloads just recently on SourceForge.
That is pretty sweet news. I sort of wish we added some code that asked permission to ping us when someone installs Subtext, but as you can imagine that would be very low on the totem pole of requirements.
We are getting close to a bug fix release that contains some extra goodies. I will set a release date soon. I have just been overwhelmed with work and other events.
Since I was called out, I went ahead and quickly implemented CoComment for Subtext, but I have yet to deploy it to my personal blog. It will be released as part of our upcoming interim 126.96.36.199 release which is focused on bug fixes and a few developer goodies thrown in.
I said before I wasn’t interested in supporting CoComment, hoping to see a cleaner approach come along and surprise everyone. But it seems that adoption of CoComment is going pretty well and I am not one to stand in the way of progress. Besides, it really didn’t take...
UPDATE: Ok, this is totally my fault. I took a perfectly good NAnt script another developer wrote and tried to add a few things in there and made a dumb error. I should have a unit test for our NAnt script. ;) I’ll write up a post later describing the issue.
So I guess my fears of the release weren’t totally out of order. The first major bug report has come in. Fortunately it is an extremely easy fix.
The emoticons.txt file appears to be missing from the webroot in the distribution package. I looked at...
For simple ASP.NET applications that do not employ URL Rewriting, stepping through the code that handles a request is fairly straightforward. For example, given a request for http://localhost/MyProject/Page.aspx, simply open up Page.aspx and look at the code-behind file to see what code handles this request.
But for applications such as Subtext that support dynamic URLs, it can be a bit daunting to find the code that finally responds to the request.
Common approach to URL Rewriting
Most applications that employ dynamic URLs employ a tactic called “URL Rewriting” The approach these applications typically take is some variant of this approach outlined...
I’ve been intentionally quiet about how Subtext is progressing (apart from a couple minor posts on how to obtain the code via CVS). My reticense is certainly not from lack of excitement or enjoyment of the project. Working on Subtext has been about the most enjoyable software development project I’ve ever had the pleasure to work on. So much so, that I’ve fallen a bit behind on my “real” work. Unfortunately this has caught up to me as I now have two projects with a potential third not far behind to work on (Yes, I know....
For the past several days, I’ve been consumed with working on the Subtext blogging engine (not to be confused with the Subtext programming language). It's been the most fun I've had writing software since, well, since working on RSS Bandit as a matter of fact. ;)
Speaking of RSS Bandit, Dare offers some good advice for those starting an Open Source project. I'm going to have to pick his (and others) brain some more and maybe write a short article with advice on starting and continuing an open source project. Especially since I've already violated one piece of...
This document describes the goals for future versions of Subtext as well as
a plan for achieving them. The goals for this roadmap are the following:
Communicate to end users what features are planned for future releases
Elicit feedback from users about upcoming releases
Provides a prioritization of features
This document is a work in progress and feedback is welcome.
Administrative Road Map
Documenting existing source code and features. (priority: high)
Fill specific project roles (patch manager, forum manager, etc...) (priority: high)
Set up a website and Wiki for Subtext (unfortunately subtext.com is taken). (priority: med)
Set up an automated build process (NAnt) (priority: low)
As we flesh...
1. The implicit or metaphorical meaning (as of a literary text)
2. A story within the story.
What is .TEXT?
.TEXT is a popular (among .NET loving geeks), scalable, and feature rich blogging engine started by Scott Watermasysk and released as an open source project under a BSD license. Scott did a wonderful job with .TEXT as evidenced by its widespread use among bloggers and being the blogging engine for http://blogs.msdn.com/ among others.
Sounds great. So why fork it?
There are several reasons I think a fork is waranted.
.TEXT is dead as an open source...