Princeton University Blog Service

Update: We isolated the problem and fixed it. The new firewall was blocking all outgoing HTTP traffic from the blog server. This delayed logging in, and it also delayed entry publishing for those bloggers who use “ping” sites.

Original entry: Admins and authors may have noticed that logging in to the admin interface for blogs.princeton.edu takes slightly longer than a minute. Once that initial authentication and authorization step is completed, page access times are normal; however, that initial sixty-second wait can be annoying.

This log-in delay has been a problem for at least three weeks, and we think that the problem is related to moving the server behind a hardware firewall on March 26.

I apologize for the inconvenience and hope to have the problem resolved soon.

Posted by Michael D. Muzzie at 3:06 PM | Permalink

A new anti-spam CAPTCHA plugin, called Comment Challenge is now installed on the blog server.

The battle between blog administrators and spammers is an ever-escalating arms race. Every time a new tool for blocking or filtering spam comments is released, the spammers develop new technologies and new tactics so that their marketing messages about “enhancements,” online gambling, and “morgage” loans continue to be posted all over the web.

This blog service already uses the SpamLookup and Akismet plug-ins, which rely on keyword filters and URL blacklists. However, an annoying new tactic is gaining popularity among spammers. They use their automated scripts or “spambots” to randomly post dozens and dozens of blog comments with random text and legitimate website links (like cnn.com, apple.com, cnet.com, etc). The spammers’ goals include poisoning the filters with false positives and sneaking their marketing links among the the dozens of comments with “legitimate” links.

So far the most reliable way to foil a spambot is with a CAPTCHA (an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart).

One type of CAPTHCA, the image CAPTCHA, generates wildly distorted letters and/or numerals and overlays them on psychedelic backgrounds. The intention is to foil optical character recognition (OCR) software; however, image CAPTCHAs can be a barrier to the visually impaired, and deciphering them can be difficult even for those with perfect vision.

The Comment Challenge plug-in instead creates a “challenge and response” CAPTCHA. With this plug-in, a blog administrator creates a simple question that only a human should be able to answer. If a comment is not submitted along with the proper response, it goes into the comment junk folder.

To use this plug-in on your blog, you will need to activate it, choose a question and response, add a template tag to two of your templates, and rebuild your site. Full instructions are below.

Continue reading "More anti-spam ammo" »

Posted by Michael D. Muzzie at 2:01 PM | Permalink | Comments (6)

Update: The transition to Movable Type Enterprise as the primary administration interface occurred around 8:50 AM this morning. If you experience any problems, please contact blogs@princeton.edu.

Princeton University recently purchased a license for Movable Type Enterprise. We will make the move to Movable Type Enterprise at 9 AM on Tuesday, September 26.

For most of our users, the transition will be barely noticeable. The code base for Movable Type Enterprise is the same as Movable Type 3.3. Both products use the same database, the same template tags, the same plug-ins.

An outage will not be necessary. In fact, both systems are currently running in parallel on the server, accessing the same information. Once we make the change, the next time you log-in, you may see a slightly altered log-in screen and blogs.princeton.edu/mt will take you to the MT Enterprise admin screen.

The are a few things that you should be aware of with the Enterprise upgrade:

• LDAP Support: A PU Blog Service user who is also in the Princeton University directory may now log in to the admin interface using his or her Princeton NetID and LDAP password. If you were assigned a Movable Type password, that password will continue to work. We are keeping both password systems in place because we need to support users who are not in the Princeton directory. Keep in mind, though, that changing your password under the Author Profile will change your Movable Type password, not your Princeton LDAP password. Requesting a password reset at the log-in screen will reset your Movable Type password, not your LDAP password.
• Version Number: The current version number of Movable Type Enterprise is 1.02. The current version number of Movable Type is 3.32. After a site rebuild, many of your site pages may incorrectly report the version number (ex. Powered by Movable Type 1.02). If this concerns you, you can update your templates. Find the following code in your Main Index and archive templates (and/or any other custom templates :
  Powered by<br /><a href="http://www.movabletype.org">Movable Type <$MTVersion$></a> Replace it with: Powered by<br/><a href="http://www.sixapart.com/movabletype/"><$MTProductName version="1"$></a>
• Admin interface: Not much has changed. Movable Type Enterprise’s admin interface looks almost identical. Here’s the new header: We also added a custom logo in the footer.

Soon after the transition, we will post some additional tutorials to explain many of the latest features added to the Movable Type system, including entry tags and the Widget Manager.

Posted by Michael D. Muzzie at 12:14 PM | Permalink | Comments (2)

To facilitate repair of the Uninterruptible Power Supply (UPS) system in the main data center room of 87 Prospect, a power outage is scheduled for Saturday, July 8, and Saturday, July 15. Each outage is expected to begin at 5 AM and should only last until 12 noon.

The Princeton University Blog Service will be affected by this outage, and all blogs and the administrative interface will be inaccessible during this time.

Update 7/11: Further problems with power in 87 Prospect necessitated moving the July 15 outage to the evening of July 11 from 7 PM until around midnight.

Posted by Michael D. Muzzie at 1:16 PM | Permalink | Comment | TrackBack

This is no April Fool’s joke.

I have been trying, without success, to get the ImageMagick Perl module to compile and install on the server ever since we rebuilt the system on December 21. This module is required for the automatic generation of thumbnails via the Upload File dialog box, accessed via the left sidebar link in the admin interface.

However, Movable Type also provides hooks for another back-end image generator called NetPBM. I had also tried a few times to install and configure this module. Tonight I finally met with success.

The linked image of the PUBS logo in this entry is an example of a pop-up window with an auto-generated thumbnail.

Posted by Michael D. Muzzie at 4:09 AM | Permalink | Comments (3) | TrackBack

SendMail, which is a server-side agent that allows web scripts to send e-mail messages, now works on the blog server. I apologize that this has never been functional on the server before now.

What does this mean for users of the blog service?

Well, by default, any time someone posts a comment or TrackBack to your blog, and it does not get filtered into the Junk Comments or Junk TrackBacks folder, you should receive an e-mail notification. (There are three levels for comments—Published, Moderated, and Junked.)

The e-mail contains links that allow you to visit that entry directly, or to edit a comment, delete it, or promote a moderated comment.

Also, the password recovery feature (which can e-mail a forgotten password after the author provides the correct password hint) should work now.

Posted by Michael D. Muzzie at 7:02 PM | Permalink | Comment (1) | TrackBack

If you connect to any sites with the blogs.princeton.edu domain via a secure (SSL) connection (ex. https://blogs.princeton.edu), you should see a lock icon in either the bottom status bar or the top title bar of your browser. If you click on that icon, you can now view the Thawte-verified certificate information for this site.

What this means is that we are now ready, upon request, to create LDAP password-protected blogs, requiring users to connect via a secure connection (https://). This way LDAP passwords won’t be sent over the network “in the clear” for users who visit those secured blogs, and those visitors will not have to click through any ominous “this is not a trusted site” dialogs.

One caveat is that on-campus users who try to use the shortcut https://blogs/ to connect to https://blogs.princeton.edu/ will see a warning dialog that states that you have attempted to connect to blogs; however, the security certificate presented belongs to blogs.princeton.edu.

Clarification: The LDAP integration is only for password-protecting an individual weblog’s pages and/or associated files. It is done at the Apache server level and uses an “.htaccess” file that we can create upon request. Unfortunately, we do not yet have any way to use LDAP to manage netIDs and passwords for author log-ins to the Movable Type admin interface.

Posted by Michael D. Muzzie at 11:35 AM | Permalink | Comment (1)

Update 4/01: This entry is now moot with the successful installation of NetPBM.

On the new weblog server installation, we have had trouble getting the ImageMagick Perl module to compile and install.

Without ImageMagick, the Upload File dialog loses the functionality of auto-generating image thumbnails based on the dimensions the author specifies.

Instead, Movable Type generates code for a “View Image” text link that, when clicked, displays the uploaded image at its original size.

We are working to restore the thumbnail functionality, and I will post a message here as soon as we have successfully re-installed ImageMagick.

In the interim, one can manually achieve the previous functionality. This will require manipulating the image with a desktop image application, then using the Upload File function twice. The steps are outlined after the jump.

Continue reading "Thumbnail problem" »

Posted by Michael D. Muzzie at 2:24 PM | Permalink | Comment | TrackBack

Users of the Princeton University MT blog server no longer have to type blogs.princeton.edu/exampleblogaddress to get to a blog. You can now just type blogs.princeton.edu/exampleblogaddress. If you are on campus, that address is just blogs/exampleblogaddress.

To get to the admin interface, one can instead type blogs.princeton.edu/mt. You may have to log-in an extra time until your browser cookie is set to the new address.

All of the old addresses still work (ex. communitas/blogs/, commons/blogs/, communitas/mt3, commons/mt3, etc. Old links and bookmarks should seamlessly redirect to the new addresses.

A site rebuild will change any addresses in your blog that are generated by the <$MTBlogURL$> tag. Any absolute URLs in any existing posts will continue to work. Manually changing them is not really necessary. Any new URLs generated by Movable Type will use the new address.

blogs.princeton.edu, by itself, just goes directly to this site.

www.princeton.edu/~blogs also goes to this site.

The communitas/blogs directory is no longer browsable. However, I plan to replace that functionality with a PHP-generated directory browser that will enable exclusion of certain files and directories.

Posted by Michael D. Muzzie at 5:14 PM | Permalink | Comments (2) | TrackBack

Because the previous installation of Movable Type did not have adequate protection against comment and TrackBack spam, this server was hit hard the past month.

This extraordinary problem required extraordinary measures, so I went through all of the comments myself and junked anything that was obviously spam.

• 310 legitimate comments, 1034 spam comments
• 4 legitimate TrackBacks, 843 spam TrackBacks

Please check your Junk Comments and Junk TrackBacks folders to make sure that I did not accidentally junk any legitimate feedback.

Henceforth, individual weblog authors will be responsible for keeping their sites free of advertisements for online poker sites, incest sites, bestiality porn, scat porn, and whatnot that may slip through the spam filter.

The new anti-spam filters do one of four things to entry feedback based on a numerical score that it assigns to potential spam.

1. It blocks the comment or TrackBack.
2. It lets it through and publishes the feedback on the individual archive page.
3. It moderates the feedback. That comment or TrackBack has a yellow warning symbol beside it in the Comments (or TrackBacks) list. The weblog author must then manually publish the comment or TrackBack before it appears.
4. It junks the feedback. The Comments page and the TrackBacks page have a link to a Junk Folder. Items in the Junk folder can be published or deleted. Items left in the Junk folders are automatically deleted after a period of time set by the weblog author (under Settings—>Feedback—>Junk; the default setting is 60 days.)

Individual weblog authors can customize the SpamLookup plug-in’s settings under Settings—>Plugins—>SpamLookup - Lookups, SpamLookup - Link, and SpamLookup - Keyword Filter.

Posted by Michael D. Muzzie at 5:29 PM | Permalink | Comments (4) | TrackBack

I successfully upgraded the installation of Movable Type to version 3.2 this morning. When you log-in, you will immediately see a slightly refined user interface with multi-colored icons. I also added and upgraded a few plug-ins such as MT-Enclosures, StyleCatcher, Notifier, and MT-Protect.

If you developed your templates under an earlier version of Movable Type, your weblog may not be able to take advantage of some of the new functionality without some manual editing.

You may notice a Refresh Template(s) menu option under the “More actions…” menu on the Template page. If you (or one of your preceptors, etc.) have customized the default templates in any way, performing this action may produce drastic, possibly unwanted, changes to the look of your site.

In the coming days, I will post tutorials on how to take advantage of the some of the new features.

Here’s the first one—if your weblog is set up to allow you to see and access the Settings menu on the left, under the General settings, you can set your main page to display the last n entries instead of the last n days. That way if you haven’t posted in awhile, your main page will not look like an empty wasteland.

Posted by Michael D. Muzzie at 4:46 PM | Permalink | Comment | TrackBack

Between 9 AM and 10 AM on Tuesday, November 1 (during fall recess), I plan to upgrade the Movable Type installation on the blog server to version 3.2.

The upgrade should be seamless; it should not result in any significant downtime. Visitors to your blog will probably not even notice any difference. However, the upgrade includes quite a few features that you will be able to tap into should you choose to.

• Improved documentation
  Documentation for previous versions of Movable Type were a bit…lacking. The new documentation can be quite useful, especially for those who like to customize their templates.
• Better spam management
  For the past few months, content creators on this blog server who are using comments and TrackBacks have been plagued by comment and TrackBack spam. This spam takes the form of dozens of vile, disgusting links to even viler websites posted among the legitimate feedback from your readers. Our current defense against comment spam is the MT-Blacklist plug-in; however, the author of this plug-in has obsoleted it in favor of the SpamLookup plug-in that is built into MT 3.2. Most of the spam that now gets through should be then redirected to a Junk Comments folder, and the blog author can either promote that comment to be published, delete it immediately, or let that comment be automatically deleted after a set period of time.
• Better spam management
  This one is worth mentioning again.
• An improved admin interface
  Almost everything is more or less in the same place; it just looks nicer, more polished and somewhat more colorful.
• Easier template styles
  With the new template architecture in MT 3.2, you will be able to use any of the styles in Six Apart’s vastly expanded Style Library. Also, the css-phobic can use the browser-based Style Generator to create new styles. Finally, the new StyleCatcher plug-in will allow blog authors to apply a new style to a site with just a few clicks.
• New plug-ins
  Six Apart redesigned Movable Type’s plug-in architecture with 3.2, many of the plug-ins that I would like to add to this server only work with that version. A few planned plug-in installations include a couple more anti-spam options and, per a user’s request, a notification plug-in that allows readers to subscribe to a blog or a post in order to be automatically e-mailed about content changes.

You can read more about version 3.2 of Movable Type at Six Apart’s website.

Posted by Michael D. Muzzie at 5:31 PM | Permalink