Return to main site

Reporting

Textpattern repository moved to Google Code

As a pragmatic result of our long-lasting struggle to tame the touchy Subversion host we finally gave in and moved our code repository. While being there, we’ve also established a mailing list which broadcasts commit notifications (feed).

More details are over at the FAQ article.

NB: To obtain your own working copy of the repository, you will need a fresh checkout. Relocating an existing copy will not work as the repository UUIDs have changed. To preserve any private modifications, create a patch file from your old working copy and re-apply this patch to the fresh checkout.

Posted 36 days ago by Robert Wetzlmayr · Comment [7]

---

Textpattern Gets Ripped Off?

It’s one thing to re-brand and sell, quite another to call it your own, disable features and charge for adding them back, then heave support back onto the open source community.

Legal (if they provide the source to all their clients under GPL), but positively shameful.

Update

It turns out that we have a combination of two misunderstandings:

  1. money was paid for a site’s design two years ago, not a content management system or extended support
  2. a misunderstanding of what the proper way to go about branding is

I consider this fully resolved. If you have any questions, please contact me privately.

Explanation of the Update

For those that have been following this from the beginning, and are a little confused…

As stated above, it was a misunderstanding. I talked with them personally, and there was not only a reasonable explanation but a sincere apology. They have also made corrections to their site to clarify what it is they are actually offering, and they now understand the correct way to go about offering a customized Txp install for their clients.

Hence, the links were removed. If I believed that their corrections were only the result of “getting caught” (which is what actual thieves/site rippers tend to do), I would not have removed them. I am fully satisfied that it wasn’t intentional.

Posted 75 days ago by Mary Fredborg

---

Textpattern 4.0.6 released

After quite a while and lots of work from many, many people it’s finally here. Textpattern 4.0.6 is available as always on the download page.

We have fixed no less than six security issues. Because half of those can be used from the public side, updating is strongly recommended.

Updates should be seamless for the vast majority of people, otherwise make sure that all plugins are also updated to their most recent version, especially admin-side plugins. We’ll add entries to the FAQ specifically for 4.0.6 where questions may arise.

Changes in 4.0.6:

Further reading:
FAQ-Entries specific to 4.0.6 (will be added when they arise)
Textpattern Contributors (will soon be updated to 4.0.6)
Forum-Thread for the announcement

Posted 101 days ago by Ruud van Melick · Comment [13]

---

Help us test the release candidate for the upcoming 4.0.6 release

The final, official 4.0.6 release is scheduled for next week, unless unexpected problems or errors arise.

We’re looking for people who like to help us make sure that we didn’t miss any regressions or introduce new bugs. We would like to get feedback on clean installations and updates from older versions.

Make sure that if you use this release candidate, you also update to the final 4.0.6 version when it is released.

Download

Discuss

Post your feedback in this forum thread

Notes

The included HISTORY.txt file already lists most of the important changes since 4.0.5. If we missed something, let us know.

This download advertises itself as 4.0.5 (r278x) in diagnostics, because we haven’t yet bumped the version number.

Posted 107 days ago by Ruud van Melick · Comment [3]

---

Textpattern.Org Clean-up

Come one, come all! Help get the resources site cleaned up.

Posted 109 days ago by Mary Fredborg · Comment

---

Last.fm runs Textpattern

For some fellow music lovers, the service of Last.fm is indispensable. Exploring the symphonic wisdom of crowds, it kind of helps to reopen minds and discover new musical behaviours.

Today I stumbled across their blog and noticed a very familiar comment form sporting a button labelled “Preview”, which is one of Textpattern’s key spam repellent features. So the evidence is obvious and we take pride in the fact that Last.fm’s blog is powered by Textpattern.

See you there...

Posted 111 days ago by Robert Wetzlmayr · Comment [3]

---

Blogging with your type-writer

Rich Roat writes in:

Today I decided taht I was going 
to do all of my blog posts on the old type-
writer, [...]

Wait, this might be a problem. Can Google 
search this text? Don't think so. [...]

Need to talk to the folks over at 
Textpattern ab ut that.

Done. But don’t expect transcription services as part of the core any time soon.

Posted 151 days ago by Robert Wetzlmayr · Comment [21]

---

Textpattern 4.0.5 released

After quite a while and lots of work from many, many people it’s finally here. Textpattern 4.0.5 is available as always on the download page.

We have fixed one security issue (XSS) on the public-side with comment-previews, which means that updates are strongly recommended. The relevance and potential attack vectors are described on wikipedia [type 1]. Since the authentification cookie is restricted to the admin-directory and not accessible from the front-end, in most cases this means “only” the info from the comment-data-cookie might be leaked. Users that run textpattern together with other software or third party plugins that set cookies might be at risk of having other data leaked, when a user can be tricked into following certain links.

Updates should be seamless for the vast majority of people, otherwise make sure that all plugins are also updated to their most recent version. We’ll add entries to the FAQ specifically for 4.0.5 where questions may arise. There’s also a very minor, low-impact issue for 4.0.5rc1-testers, but I’ll write more about that in the next few days, but nothing that has any impact on updating to 4.0.5 final right away.

Changes since 4.0.4:

Further reading:
FAQ-Entries specific to 4.0.5 (will be added when they arise)
Textpattern Contributors (will soon be updated to 4.0.5)
Forum-Thread for the announcement

Posted 317 days ago by Sencer Yurdagül · Comment [37]

---

Mentions

I bring you: folks that have mentioned Textpattern.

Textpattern is really starting to be taken notice of by various magazines, books and sites, so I thought it appropriate that we start a proper listing of such.

Please let us know if and when you notice a new Textpattern reference, be it online or off, and any relevant details (if it is for a magazine, a link to the issue details page, if one exists, and so on).

Posted 318 days ago by Mary Fredborg

---

Anti-Spam plugins

From time to time I get questions asked about spam prevention. As I’ve mentioned in the past, I am open to questions from any plugin developers that need assistance in learning how to make use of the anti-spam plugin-API we have in textpattern.

For users and developers

There is of course the Textbook page on comment-spam which talks about some background, and offers a few plugins. There’s also a very basic example plugin which asks a simple question and checks the answer available here:
asy_spamexample.phps
asy_spamexample.txt
which works and can be easily adapted for “static” challenges. Though the main purpose is to illustrate the use of the API as described in the Textbook page.

For developers

The Textpattern anti-spam plugin-API is very flexible in what allows you to do. You can manipulate the form by adding input-elements or displaying text or images – and this can be done with default-values as soon as the plugin installed with the option of allowing the user to override the defaults by imply placing the appropriate tags in his comment form. You can use the nonce-mechanism of textpattern’s comment system to select your challenges from either a predefined list of e.. questions or images, or via function you can create true random challenges (mathematical questions for example).

Then upon submission, your plugin can check the submitted values for their validity. In simple cases you may check against hardcoded values, or you might call remote APIs like the Akismet-plugin does. Or you could check previously stored comments for clues. Because of the nonce-mechanism you do not have to deal with storing any state (via DB or sessions) between the pageviews. It can be derived from the “secret” that’s stored for each comment-nonce. If there is interest I can post a couple more example that do such things.

And finally after checking your plugin can suggest or enforce a way of action, like reloading the comment-form a number of times before taking further action, or straight up showing a custom error-page. Or maybe accepting the comment and placing it in the moderation queue.

To throw some ideas out there:

and so on and so on. Given that many other CMS were hit a lot earlier with large amounts of comment spam, we have the luxury of checking out other people’s efforts and porting that which works acceptably, or that which yields a good benefit/cost ratio in terms of development, maintenance and usage. Of course there is no silver bullet that will solve the issue once and for all, anybody who tells you otherwise is likely selling you snake oil. But the problem can be made managable specifically to your preferences and the kind of trade-offs you’re willing to make or not make.

If anybody runs into hurdles implementing any anti-spam ideas, I’ll try to help and I’m open to suggestions in extending the anti-spam API. But you have to ask, otherwise we won’t know about what you need. ;)

I’ve always found the txp-plugin list the ideal place for theses discussions. So I’d point to there for discussions and questions you might have.
http://lists.textpattern.com/mailman/listinfo/txp-plugins
It’s the easiest to manage and follow, and it doesn’t get lost between support/troubleshooting and other topics that come up on the forum.

Posted 321 days ago by Sencer Yurdagül · Comment [5]

---

Older ·