Recently Written

• SoC: AtomPub Week 11 Status
• SoC: AtomPub Week 10 Status
• SoC: AtomPub Week 8 Status
• How to Make the iPhone a Trusted Platform
• SoC: AtomPub Week 7 Status
• SoC: AtomPub Week 6 Status
• SoC: AtomPub Week 5 Status
• SoC: AtomPub Week 4 Status
• Why Should Anyone Use Safari on Mac?
• SoC: AtomPub Week 3 Status

Categories

• 360
• 700 MHz
• 9rules
• Absolute Comments
• adobe
• Adsense
• analytics
• android
• Animals
• app store
• Apple
• applications
• Asides
• backup
• beanbag
• beverly hills real estate
• billings
• Black Hat SEO
• Blog
• Blogging
• Bontb
• Brandon Connell
• browser
• Business
• Business Merchant
• cachecheck
• case
• Celebrities
• cell phone
• chair
• Charity
• chicago seo company
• Classifieds
• Code
• Commentators
• conferences
• connect360
• Consumer Reporting
• contextual advertising
• conversion tracking
• core 2
• Corporate Planning
• Creative Financing
• Credit
• cs3
• Dashboard
• DNS
• dock
• domain
• domain names
• Domains Yahoo
• DRTV
• E-Super Brands
• Editorials
• Elections
• Entertainment
• Firefox
• Frank Scozzaro
• freenas
• fusion
• gmail
• Google
• google analyticator
• Google Analytics
• Government
• Government-Related Organizations
• Hardware
• Health
• How To
• ical
• ichat
• ie7
• iflash
• Ikle
• ilife
• imap
• In the News
• Injustice
• intel
• internet
• internet explorer
• iphone
• Ipod
• ipod touch
• ishowu
• jailbreak
• Keyword
• Keywords
• Kipp Kelly
• leopard
• Life
• macbook
• macbook pro
• macheist
• mail
• mailplane
• Margo Majdi
• Marketing
• Mastery In Transformational Training
• Matchmaker
• microsoft
• Monetization
• motorola
• movable type
• Mozilla Firefox
• name server
• nas
• Networking
• News
• News and Media
• newsfire
• office 2007
• office 2008
• Olympics
• omni
• omnifocus
• On the Web
• opendns
• orly the matchmaker
• os x
• overflow
• paper
• paul stamatiou
• penryn
• Plugin
• Politics
• PPC Advertising
• publishing & media
• pzizz
• Radio
• Random Stuff
• Real Estate
• Resumes
• Reviews
• rizr
• Russ Whitney
• safari
• saft
• santa rosa
• Sci/Tech
• sdk
• Search Engine Marketing Seminars
• search engine marketing training
• Search Engine Optimization
• search engine workshops
• Search Engines
• Searching
• Security
• seo tips
• seo tools
• SEO Training
• Site News
• Sleepys
• smart case
• snitter
• Social Media
• Software
• south park
• sp3
• spanning sync
• Sports
• spotlight
• stacks
• steermouse
• summer of code
• sumo
• synk
• textmate
• The Real Life
• time machine
• Tomorrow's Web
• Tools
• Top Stories
• touch
• twitter
• twitterrific
• Typepad
• U.S.
• Uncategorized
• update
• Vending
• Vendors
• verizon
• versions
• video
• videos
• Viral Marketing
• visualhub
• vmware
• waterfield
• Wealth Strategies
• web design
• web host
• Web search engine
• White Hat SEO
• Widget Marketing
• WordPress
• World
• World News
• writeroom
• xbox
• xp
• xtorrent
• xtrnl
• yahoo
• z6tv
• Zemanta

Archives

• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• December 2007
• November 2007
• October 2007
• August 2007
• June 2007
• May 2007

Admin

• Register
• Log in
• Wordpress
• XHTML

Search

I have great news this week. I have finally figured out the whole Movable Type authentication debacle.

The WSSE Authentication Problem

I want to preface my findings with this advisory. I do not have a full understanding of Perl, and my statements may be wrong. If anyone can correct me, please do. I would rather be told I’m completely wrong than continue down the wrong path.

Late last night while inspecting MT’s Atom API code, I found the troublesome line of code (/lib/MT/AtomServer.pm, line 168-170):

if ($nonce_record && $nonce_record->id eq $auth->{Nonce}) {
        return $app->auth_failure(403, "Nonce already used");
}

When commenting out this line of code, the authentication passed, and I was finally seeing a list of posts stored in Movable Type’s database. Once I realized this was the problematic line, I started investigating what this line is doing. From my limited understanding of Perl, this line is checking to see if the nonce has been used in the past. If it has, the check fails to authenticate.

Once I realized this, I looked at my nonces being sent. I verified each nonce generated was different from the last one, eliminating the possibility of the problem being on my end. This tells me somehow Movable Type is incorrectly adding the current nonce to the list of previous nonces before performing that check.

Looking at the slightly bigger picture:

my $app = shift;
my $auth = $app->get_auth_info
    or return $app->auth_failure(401, "Unauthorized");
for my $f (qw( Username PasswordDigest Nonce Created )) {
    return $app->auth_failure(400, "X-WSSE requires $f")
        unless $auth->{$f};
}
require MT::Session;
my $nonce_record = MT::Session->load($auth->{Nonce});

if ($nonce_record && $nonce_record->id eq $auth->{Nonce}) {
    return $app->auth_failure(403, "Nonce already used");
}
$nonce_record = new MT::Session();
$nonce_record->set_values({
    id => $auth->{Nonce},
    start => time,
    kind => 'AN'
});
$nonce_record->save();

From what I’m understanding, the code appears to add the nonce to the record after checking, however, the nonce is passed through MT::Session->load before the check is performed, indicating that may the source of the issue. Sure enough, MT::Session->load is the problem. After replacing the passed nonce with a blank string, the nonce is no longer in the list of previous nonces and the check passes.

I have notified Movable Type’s developers of this problem, and I hope to hear back soon. The good news is once this error is resolved in Movable Type, the importer should work wonders. The bad news is it may be a bit until the next version of MT is released or the bug is fixed. I’ll try to keep everyone updated on the status as I hear back from the developers.

Future Branches of the Atom Importer

Beyond working with Movable Type, after talking with Lloyd this week, we have decided to look into the possibility of porting the importer to other platforms; namely Vox and WordPress itself. We talked about Vox as there is currently no importer at all, as Vox lacks export methods and APIs such as XML-RPC. The idea for WordPress came up because we thought it might be a great way to move a blog from location to location without having to deal with export files.

Over the next week I will be looking at creating those branches of the importer. Thankfully, since the Atom API is a standard, I should be able to quickly and easily make the ports. We’ll see how that goes next week.

Just a heads up, 9rules, the most awesome blogging network in the universe, relaunched today. The forum discussions have been removed from the site, returning 9rules to the original idea; highlighting great content from around the web. Check out the new site when you get a chance.

On a side note, I realize my last post is extremely ironic considering I have not posted since publishing that post. The second my finals are over you’ll see some great content, I promise.

For the past few months I have had difficultly blogging. Part of the difficulty has been finding the time to blog, but most of the problem has been my blogging environment. My desk had become cluttered, my work environment noisy, and I could not find a moment of peace to myself.

I solved these problems by starting to write my rough drafts on paper, away from my normal work area. I write while I’m waiting for class, or even in class when the professor is boring. When I am on my computer, I have started using an excellent application, WriteRoom, which removes the normal background noise. This combination has allowed me to resume a regular post schedule without much difficulty.

I’m curious if other bloggers and writers run into the same problem as me. Do you find your working environment difficult to write in at times? How do you deal with this? Change of scenery? Hit up Panera or Starbucks? I’d love to hear how others deal with this frustration.

As you have probably guessed by now, I have not had much time for blogging lately. Therefore, instead of letting my site waste away until I could sit down and write something, I created this video. Contents of this video are listed below.

1. Welcome
2. Firefox 3 (0:24)
3. Safari 3 (1:07)
4. Xbox 360 Fall Update (1:43)
5. New Phone Choices (2:55)

As I mentioned in the video, any and all feedback would be appreciated.

Everyone’s favorite blog community, 9rules, is launching their sixth iteration today. I’ve been spying on the development over the past months, and I can say without a doubt the new version, dubbed Ali2, is better than ever. Greatly enhanced Notes, more prominent Member content, and of course a standard Web 2.0 LOLcat error message. If I say any more Scrivs or Tyme may have to kill me. Just check it out later today and you won’t regret it.

With the controversy stirring around some Members leaving 9rules, I just want to take a quick second and mention I’m sticking around. The Apple Community is looking a little weak though, so feel free to drop by and help keep the community going. With a little participation, you just may find yourself a 9rules Member.

Blogroll

• Beverly Hills, Ca. Real Estate - Nick Lapin - Coldwell Banker - Beverly Hills
• Bill Hartzer
• BONTB(Blog Or Not To Blog)
• cavemonkey50.com
• Chicago Party Planner - FiestaGurl is a party planner that specializes in kids birthdays, and graduation parties.
• Chicago Website Design
• EquityBeGone.com - Free Real Estate Classifieds - A free real estate classifieds listing website.
• Free phone calls and SMS - Call or send SMS anywhere in the world free
• Lingerie - Sells men’s, women’s, and plus size lingerie.
• Make money online - No investment required - Want to make money online with zero out of pocket investment? Sign up FREE.
• National & International Movers
• New Easy Recipe - Free recipe website full of tasty goodies.
• Nicadema Directory - A human edited directory
• Over 3,000 channels on your computer screen - Get over 3,000 satellite tv channels on your computer screen.
• RankRover - RankRover is an seo company based in Illinois. They guarantee top 10 rankings using white hat seo.
• SEO Book.com -
• Stefan Juhl

WP Themes

• Activate
• Blindigo
• Blue Zinfandel
• Eye Candy
• Detour
• Frequency
• Radiance
• Vertigo
• Vertigo Squared
• Wonderland