CMSMS | CMS Made Simple

Just wanted to make a quick comment about the number of releases in the last couple of weeks. We’ve basically had 2 major security releases in a matter of a week, and I’m sure that raises a red flag with some of the more established users.

I just want to emphasize something… this is a good thing. Sure it takes you several minutes to update your sites to the latest version and there isn’t an automated way of doing that yet. But as we gain users and gain popularity (very, very quickly I might add), more and more people are banging on the system and deconstructing it… finding these great obscure bugs that some hacker might’ve found first. And I make sure that we as a group jump on them as soon as I can. Instead of just sitting on them and waiting for a bunch to come in and bundle them up like Microsoft does, the group does all they can to get a new release out and get the word out quickly. This has become a philosphy for us and luckily all of the devs support it.

Annoying? Sure. Responsible? Definitely.

We’re trying out best to make a great, safe product with the little team that could. And sometimes this is the best we can do.

Thanks for you patience! Someday this gig will be fulltime for us and we can put a lot more time into making this the great app it should be.

Bookmark to:

Yesterday we held a developer conference in IRC. I’ll post a transcription of it as soon as I can get it together, but here is the rundown…

1.1
We are going to do an rc3 version. This is mainly because of some translation issues (mostly in French for some reason) and also because TinyMCE wasn’t in the rc2 build (my fault). The idea is to release rc3 today, and then have 1.1 out in the middle of next week. We just need some quick user testing to make sure everything is correct now.

Dev Team Additions
ThomasM and Reneh (both of their IRC nicks) have been added to the dev team. Both have been a great help to the cause, especially on IRC. We will update the About Us page soon. We also realized that DeeEye isn’t on the About Us page either, so we need to correct that.

2.0
The dev team is committed to finishing up 1.1 and moving that into maintenance status. At that point, the trunk will be changed over to the 2.0 code and the others along with myself will start working on it. While not said in the meeting, I’m still hoping for a beta in the September timeframe.

Forge Rewrite
As stated previously, I’m in the process of rewriting a simple gforge replacement. I just gave a quick overview of what is there and what is needed for launch. Hoping to beta that in about 2 weeks.

Dev Team Meetup
This was kind of the big topic we wanted to discuss. Basically, the dev team wants to finally meet face to face later this summer. We’ve set a date of the weekend of September 8th in Copenhagen, Denmark. We’ve chosen this location because 1) we have a team member there who has an apartment we can do some work in, and 2) because it’s pretty central to several people on the team. Of course, for those of us in North America, it’s pretty darn expensive and will probably require some fundraising, but we’ll get there. Luckily, it’s only 3 of us.

Plans for what we’re going to do while there haven’t been fleshed out. I’m hoping for a decent social/work mix, but it’s going to be kind of up in the air in order to keep everyone content. Though, it does seem like the 2.0 beta will hopefully be poking up it’s head around that time, so there will probably be stuff to discuss/work on.

Conclusion
Another productive meeting. We took right around the allotted 2 hours and got a lot accomplished. We agreed that we wouldn’t probably meet again until after 1.1 is released and it was time to start figuring out the 2.0 duties for the devs. The transscription (with some email addresses and urls removed to not promote spam) can be found here: http://cmsmadesimple.org/uploads/devmeeting-2006-06-06.txt

Bookmark to:

Hey all,

Sorry if I haven’t been around as much lately. As least with the forums, blog and working on 2.0. It’s just been a hectic month.

However, I do have some good news. We’re in for a few infrastructure changes onver the next few weeks. Here’s the quick rundown…

I’ve purchased a new server. In fact, this blog has been running on that new server for about a week now. It has double the memory, way more than double the hard drive space and is MUCH faster. The existing server is really struggling with the increased traffic load we’re received over the past few months, so this should help get rid of some of that down time.

I’ll be moving the main site, wiki and forums over tonight (sometime around 4 to 5 AM GMT — May 20, 2007). The downtime should be minimal, and it’s pretty much the slowest traffic time of our entire week, so I’m not TOO concerned about it affecting too many people. If I see a problem and have to abort, I will. In fact, I was going to do it last week, but mediawiki wasn’t having any parts of it, so I gave up. The issues are resolved now, so it should be good to go.

Gforge (dev.cmsmadesimple.org) will not be making the move, unfortunately. Gforge is great and all, but it’s entirely too much system for what we do with it. The mailing lists are annoying, it’s creating all kind of users and directories on the server, it’s cron jobs are taxing the system, etc.

Instead, I’ve rewritten a minimal gforge replacement in ruby on rails and figured out how to migrate the data. The rewrite isn’t complete yet, but it’s very close. I should have something working in another week or so, at which point I’ll be asking people to help to beta test and work out the kinks. Then when it’s time for it go live, we’ll just do a final database migration and shut gforge off forever.

After the first version goes live, I’ll be looking for people to help add some new features, so stay tuned for that.

After all this is done and the old server is off… the summer will be spent on 2.0. I’ll have another announcement regarding that soon, but the dev team and I have to work out a few scheduling issues before I’ll announce what it is.

I’ll make sure I post an update to this message after the migration is complete, for the curious…

Thanks!
Ted

UPDATE — The sites are moved. Everything seems to be working correctly. Let me know if something isn’t.

Bookmark to:

One important thing when running websites in corporate environments is the secure feeling that updates will work and be compatible.

But when your biggest fear becomes reality and websites break down after updating to the latest version here are some step you could follow.

You should, ALWAYS, have back-ups, not only because it could crash when updating but also if you experience a HD failure or whatever.

If a website is critical for your business and down-time is not done, you can also restore a back-up in a sub dir on the same server with the same settings, and test the update before you apply it on a live website.

If you have updated your website and it breaks down you can do the following;

If errors occur on the front-end, and you cant fix them within an hour or so, restore a back-up, make a test dir and try again, if it al works well something in the update process went wrong, and you should try again. If it doesn’t and you cant get it to work, get help on the forums, and just keep you live website un-updated for the time being.

If the errors only occur on the back-end (admin) part of the website, you can take some more time trying to fix it because regular visitors wont notice, and if you cant work it out, the forums will probably help you out.

Also make sure that modules you are using are compatible with the new updated version, you can, most of the times, see based on the Php error what file and path is causing what error, if the path is from a module, disable the module and see if everything works well.

So what would be nice to see in CMSMS 2.0 for updating problems.

If all hell breaks lose and no one else can help you, you can, apart from calling the A-team, make a clean install, export and import your theme, but if you have about 100+ pages and maybe 300 news items, it wont be fast job rebuilding the content.

Regular page content and news items is probably the most used CMSMS content, I know lotsa websites have modules and such but they are restored pretty quick most of the times, and if updating really fails you, you have no choice.

So it would be nice to see in 2.0 that one can export pages and news items like you can do with themes, this would make complicated updating errors allot less fearful, since in most cases you could be up and running within one hour if you dont have any special modules which are hard to restore content for.

I you have more ideas on what people can do when having updating problems, or have an idea on how to make the updating safe/easier in the future and reducing forum topic about updating problems please comment.

Bookmark to:

Put the green bar to work for you— whether you’re a developer, designer or an editor.
I was halfway through development of my first CMS Made Simple site before I really took a look at the Shortcut bar. It sits so neatly out of the way at the right side of the page that I never gave it any thought. Then, one day, weeks into the project, after navigating to the site’s primary stylesheet a dozen times — one after another — the power of the Shortcut bar suddenly clicked.

Since then, I’ve put that little green bar to work everywhere, and it’s made developing and maintaining sites faster and easier — for me and for my clients. Here are some tips and ideas on how you can do the same, and get more out of CMS Made Simple right now.

Activating The Shortcut Menu
The Shortcut bar is activated with the Administration Shortcuts checkbox in the My Preferences / User Preferences menu. Javascript must also be enabled in your browser. After that, just click the green bar at the right of the page to access the current shortcuts or to add/modify them.

Adding Links
Capture any link by right-clicking and selecting “Copy Link Location” or “Copy Shortcut” for pasting into the Shortcut “URL” field.

Development / Design

During development and design, you’ll spend a lot of time on the same few templates and stylesheets, and adding new content. Speed access to those functions with these shortcuts:

• Edit Stylesheet / Edit Template
  Most sites have a few key page templates and CSS stylesheets, and you’ll probably find yourself editing them frequently during development. Add one-click access to these frequently-accessed templates and stylesheets for quick direct editing.
• Collapse & List Pages
  If your site has a lot of pages or complex hierarchy, it can take several seconds for the page list to display completely. Add a shortcut to the “Collapse All Sections” link on the page list, and your page list will display in a snap, ready for navigation.
• Module Help
  Working with a particular module frequently? Link to its “help” page for fast access to reference on its syntax and features.
• Add Page
  You’ll be adding a lot of pages when you first build your site. Get right to it with a shortcut to the “add new page” option from the page list.

Site Maintenance

Once your site has been developed, the focus shifts to content. You can streamline the process of keeping online information up to date, and reduce the need for user training by focusing editors directly on their content. Give your page owners and editors quick access to the areas they’re responsible for with these shortcuts:

• Edit Key Content
  Your site probably has a few pages or global content blocks that change more often than others. Make a shortcut directly to these key pages and editors won’t have to navigate the pages menu to get there.
• Instant News / Events
  Add a shortcut to “Add Article” and “Add Event” links in the News and Calendar modules to add new items with a single click.
• “Edit My Pages”
  If your site has multiple page editors, add shortcuts to the pages they can edit for each editor’s account. You’ll have less to explain and they’re less likely to get lost.
• “Change My Password/Email”
  Give users one-click access to basic account login information by linking directly to the My Preferences/My Account page.
• Site Standards / Documentation
  Link directly to any site documentation, standards guides or cheatsheets you’ve developed for your users.

General Tips / Tricks

• Open Shortcut in A New Window/Tab
  Add ‘” target=”_blank’ to the end of the URL in your shortcut to make it appear in a new window. Include the double-quotes, but exclude the opening and closing single-quote, and note the space after the first double-quote and before “target.” You can also right-click any shortcut link and select the option to open it in a new window or tab.
• Use Relative Paths For Portability
  If you want shortcuts to work even if the host changes (such as a development site that will later be migrated to another host), use relative paths instead of absolute paths. You can delete everything through “\admin\” on the left side of the path. For example, to add a page, all that’s needed in the URL is “addcontent.php”.
• Sort Shortcuts
  Shortcuts are sorted alphabetically by name (in ASCII order). Add punctuation or numbers as prefixes to display items in your preferred order.

Your Shortcuts

Have you found other handy shortcuts? Share yours in the comments!

Bookmark to:

As a designer I love cmsms, its simple, its easy to use for editors, its stable and pretty clean.

I found cmsms back when version 0.10 was introduced, now I loved it ever since but there is one thing that keeps bugging me. Cms Made Simple, by default, is pretty small but I for one don’t like that the search module is shipped with it, in my opinion not even the news system should be shipped within.

The install system (module manager) for modules is so easy that I don’t see a reason why modules like news and search would be shipped with it, same goes for allot “user defined tags” off course I mean the ones not used in stock templates.

When I build a small website I don’t need most of these functions, and if I did I would just import them with the module manager. Most people with speed issues delete all unnecessary modules and functions to increase speed. Why not have it that way by default, its only a matter of seconds to import a module if you need one. This way cmsms would keep getting known as a simple system and easy to expand if needed.

So for CMSMS 2.0 I would make the following changes to the module managing system.

Make some changes to the module manager and get 3 tabs like.

• One list of top 10 most used modules. Which could be news, search, FEU, FCKeditor, etc.
• Functions list, all tested and stable functions ready to be imported for user defined tags.
• All other modules the same way it is now.

This way there will be less unused files on your hosting account en get the most speed out of the system as possible.

Drop a comment if you think different about this.

regards,

Signex / Benjamin

Bookmark to:

In Part 1 I wrote about choosing a hosting package (shared/VPS/Dedicated) this part I`m writing about how to choose a webhosting company.

In my country(Holland) hosting prices vary allot, I’ve seen a couple USA hosts and it isn’t much different, only difference is that bandwidth is way cheaper in the US then it is in the Netherlands.

One of the problems with choosing the right company is that you cant always see who is behind the beautiful corporate looking website, because it just could be a 16 y/o just trying to make a quick buck, not caring about his costumers at all.

Which makes it even harder is that prices vary so much, and off course nobody wants to spent too much on something that you can get way cheaper.

The first thing for you to decide is how important is your website for you, or how much is your client willing to spent. You can get a shared hosting package for 10$ a year, but the same package costs 100$ a year somewhere else, so where is the difference? here’s a small list of things that could make this difference.

• Do they make backups on a second server
• Do they use an A brand for their hardware
• Are their spare parts on the spot in case off hardware failure
• Which datacentre are they located in, try to find reviews or opinions
• What Control panel do they use, Directadmin is cheaper then Cpanel
• Do they have phone support, or only mail support
• Do they have a 24/7 phone support when your server is down
• What is their write-off period for a server, 3 or 5 years can make a big difference

Probably the thing that impacts price the most is whether they oversell or not, and how much. I read studies from dutch webhosters that only 20 to 30 % from the sold traffic and hard disk capacity is used by their costumers. So basically they can sell 3 times what they can handle. This sometimes means that on a single shared server there are over 500 costumers, so when its a little busy on your server, serverloads get high and your website will be slow, this often resolves in new topics being created complaining CMSMS is so darn slow, which in most of the times just isn’t the case. So ask your host how much costumers share a server, or how many VPS`es are created on your server. Most good webhosters will proudly tell that they only put about 100 costumers on a shared server (depending on their server hardware). But don’t be surprised that their prices are 5 times as much as some other webhosting companies.

So finding a good hosting company depends on your needs and budget, but whatever you choose always ask for a “try before buy” package for about 48 hours and make a CMSMS installation and see how it does in daytime and nighttime. Beware that some hosters will putt these packages on empty test servers, so be sure your “try before buy” package is on the same server as when you buy your package.

Here are some other things you could use to check out a company.

• Find reviews from other costumers
• Ask about the hardware they work with
• Ask how long they exist
• Try out mail and/or phone support, is it fast enough for you
• Guaranteed uptime? then what is the compensation when they fail
• Prices to good to be true? ….they are
• Ask uptime reports from the last 6 to 12 months

I hope this will be to good use, suggestions and comments welcome!

Signex / Benjamin

Bookmark to:

I know this topic isn’t really about CMS Made Simple, but I see quite allot topics in the forums with problems that would never occur if everyone had the right web hosting company for their CMS Made Simple website.

Basically this post is split in 2 entries;

Part 1: Finding out the right solution for your website which suits your needs.
Part 2: Finding a suitable company, comparing price vs. options, testing the chosen company.

Step 1: Decide what kind of website it will be, and what kind of hosting it will need. basically this can be divided in 3 options.

1. A small personal website - Shared hosting will most likely fit your needs.
2. A corporate website (small or medium sized) - Most company websites need to be more stable a need en more secure hosting platform, but sometimes a whole dedicated server just isn’t worth it. Go for a VPS (Virtual private Server).
3. A big community/corporate website - Go for a Dedicated machine just for you.

I’ll try and sum up the pro’s and con’s about these 3 options.

(more…)

Bookmark to:

Hey Guys n Gals,

If you’re running a good install of 1.0.2 here’s the way I go about upgrading to 1.0.3. Works fine, and has been tested on both an IIS and an Apache install in the last couple of days. This update is recommended as some security issues have been fixed, and the contact form now uses Captcha which can of course limit spamming of your site.

Download the upgrade zip or tar.

Make sure that you are LOGGED OUT from your site admin!

Extract the files in the archive somewhere safe and remember where it is!

FTP, SSH or copy the files into the root directory of your site.

If you now log into your admin with your usual username and password there will be an option in the main part of the admin interface to upgrade, so click away and you should be up and running in no time!

Take care all, and enjoy 1.0.3

Ade (3dcandy)

Bookmark to:

Yesterday I made an entry about CMSMS getting bigger and having a fair amount of users. Now, there is also a downside to this. Getting more attention will also attract hackers, knowing when they can get into one CMSMS website they can get into a lot more.

However, the development of the core is done by a of couple great developers. I don’t think the CMS Made Simple core would get into a lot of problems when getting bigger and having more users. Also, they would be releasing patches quickly when serious security holes would occur.

But how about the modules? And I’m not talking about the much used modules as they will grow and get updated with the core system because so many people use them. But the more unknown modules which don’t get updated very often.

Those modules will probably cause potential security risks in the future, since scripting never stands still and new vulnerabilities get discovered every now and then.

Now we all know that using GPL/Open source software comes without warranties, and using it is at your own risk, but when old modules get security issues CMSMS gets blamed, or at least associated with the vulnerability. This is kinda the way Joomla got his bad name in my opinion. Joomla as a clean install combined with decent chmodding is pretty safe, but with so many 3rd party modules its hard to keep track of what’s safe to use and what’s not, maybe not for the hardcore coders between us but it is for many others.

So what would be a good way to “protect users” against the risk of using older not updated modules?

Maybe a new module category in the forge called “Not updated in the last 12 months - could have potential security risks and/or isn’t compatible with new core systems” and automatically put all the modules in there which have not been updated in the last 12 months.

I’m really interested in how other people think about the module security. Am I just paranoid or could these thoughts be potential ideas?

Drop your thoughts in the comments!

Regards

Signex / Benjamin

Bookmark to: