News

News

Showing articles from http://feeds.feedburner.com/dasbloginfo External_link

[64 total ]
Themes for dasBlog 1.9 plus

Posted about 1 year ago by Admin

Themes (From Version 1.9 forward)

One of our goals is to make it easier to share Themes for use within DasBlog. However,
earlier versions would require you to copy/unzip the theme into the themes folder
AND include a bunch of ... [More] information about the themes paths and assets within the web.config.
Users and Theme Authors alike found this tedious. So, DasBlog 1.8 introduced the concept
of “Theme Manifests” to promote xcopy installation and distribution of new themes.

Each theme directory needs a theme.manifest file that describes the name, title, and
relative directory of that them, including any optional “named assets.” For example,
this manifest includes custom images for the itemLink and dayLink.

<?xml version="1.0" encoding="utf-8" ?>

<theme name="dasblueblog" title="dasblueblog" templateDirectory="themes/dasblueblog"
imageDirectory="themes/dasblueblog">
    <image name="dayLink" fileName="dayLink.gif" />
</theme>

 

How do themes’ and templates work?

Here’s a quick overview on how themes and templates work in dasBlog:

Whenever dasBlog renders an HTML page, it does so using templates from one
of the configured themes, which are installed for the current dasBlog site.
A theme is a set of templates and bitmaps that define the appearance of the pages
in your blog.
Themes & Templates Basics

In any dasBlog website you will find, by default, a “themes” subdirectory that contains
several subdirectories, named “candidBlue”, discreetBlogBlue”, “justHtml” and so on.
In each directory you will find at least three files:

· homeTemplate.blogtemplate

· dayTemplate.blogtemplate

· itemTemplate.blogtemplate

If you look at these files in a text editor, you will find that all of them contain
HTML fragments with a couple of strange tags which are enclosed in “<%” and “%>”
marks. These are macros and we’ll get to them in a moment.

The homeTemplate.blogtemplate file contains the main template for all HTML
pages rendered by the engine when using the theme. It contains a complete HTML page
instrumented with macros that automatically render elements such as the title, the
footer area, the calendar and all the other elements that are common for every page.

The dayTemplate.blogtemplate file contains the template for each “day” 
that is rendered for the front page, the category pages and for the pages, you get
to when you select a date from the calendar. The dayTemplate is rendered for
each day for which blog entries are found. The populated fragments that result from
processing the macros for a single day are rendered, directly following each other,
as the replacement text for the <%bodytext%> macro of the homeTemplate.

The itemTemplate.blogtemplate file contains the blog template for every blog-entry
rendered onto a page. All items for a particular day are rendered as a sequence of
processed itemTemplates inside the <%items%> macro in the dayTemplate.

The macros, behave differently depending on the page and on whether you are logged
in as administrator or are just a visitor. For all of the administration pages, the
<%bodytext%> macro in the homeTemplate will not resolve into a list of
items, but rather into the body of the administration page you want to work with.
The same applies to the comment page, for instance.

In each theme directory you can create subdirectories that correspond to the names
of the categories on your blog. If you have a category “My Dog” and create a subdirectory
called “My Dog”, you can store a different set of templates there. This set will be
used for the category page.
It’s important to note that the theme names be unique within the themes directorry,
otherwise dasBlog will simply fail to start up properly. The templateDirectory attribute
in the manifest contains a relative path from your site’s main directory to the directory
where the *.blogtemplate files for a theme can be found. The imageDirectory attribute
points to the directory where the images for that theme can be found. The Radio Userland
compatible macro <%radio.macros.imageUrl(‘filename’)%> will properly resolve
references to images inside your template to this location and the <%radio.macros.imageRef(‘filename’)%>
macro will insert a complete <img> tag. The arguments to these macros are paths
to filenames that are relative to the imageDirectory of a theme. So, if you
use <%radio.macros.imageUrl(‘myphoto.jpg’)%> the macro will return an absolute
URL to the file ‘myphoto.jpg’ in the current theme’s imageDirectory.

If you don’t like one or multiple of these themes, it’s safe to remove them, but you
must have at least one theme and that theme must be defined as the default theme in
the siteConfig/site.config file; so, for instance, like this: <Theme>default</Theme>

Adding themes:

If you want to add a theme, create a new directory in the themes directory with an
appropriate manifest file and new supporting files.

A bit special are the <image> entries that you can find illustrated embedded
in the entry for the “default” theme in the example above. DasBlog uses a set of standard
images for rendering some of its elements, such as the “permalink” image (itemLink.gif)
, the calendar day image ()
or the images for the administrator mode such as the edit ( editbutton.gif)
or delete ( deletebutton.gif)
images. All of these images can be replaced by a theme in two ways. The first, and
simplest method, is to place a file with the same name as one of the standard files
into your theme directory. In this case, the files must also be using the GIF format
just as the default images. If you want to replace the files with files having a different
name or file format, you can create an <image> entry as shown above. The <image>
entry’s name must be the name of the image that should be overridden (without
the file extension) and the fileName must be a file name relative to the theme’s imageDirectory.

You can select the current theme for your site simply on the configuration page or
by modifying the <Theme> entry in the siteConfig/site.config directory.
Modifying or Creating Themes:

Modifying or creating new themes is quite easy if you know your HTML. All you need
is an HTML editor that, preferably, knows a bit about style sheets, the "macro
reference" below and with a bit of looking around in the existing themes.

One thing you will find is that dasBlog renders a couple of quite complex elements
by itself that cannot be found in those templates. However, the appearance of all
of these elements can be tightly controlled using cascading style sheets (CSS), because
we defined CSS classes for almost all elements dasBlog renders. So if you want to
tweak the look of the calendar or the blogroll, you can do so using style sheets in
your homeTemplate.

The CSS class names are documented alongside the macros that render the elements in
the macro reference.

The above is pretty much all you need to know about themes in dasBlog. [Less]

dasBlog on 64bit

Posted about 1 year ago by Admin

If you want to run dasBlog on Windows 2003 64bit IIS6, download the 32bit version
and make the following changes.

You will need to replace the 32bit "BasicFrame.WebControls.BasicDatePicker.dll" with
the 64bit version available in the ... [More] source directory "lib".

The file is "BasicFrame.WebControls.BasicDatePicker.dll.64bit", rename it and replace
the file"BasicFrame.WebControls.BasicDatePicker.dll" in your "bin" directory.

Restart IIS and problem solved.

Note:

I understand that the compiled version of dasBlog 2.0 is supposed to be CPU agnostic,
except for the date picker, which was provided to Microsoft as a freebee created bit
specific (a 32bit version and a 64bit version is included in the source, the default
setup is for the 32bit .dll).

I understand that dasBlog on Vista IIS7 is a little more involved you may want to
read Scott Hanselmans blog on the subject.

http://www.hanselman.com/blog/32bitnessAnd64bitnessAndMigratingDasBlogOnIIS7AndASPNETUnderVista64.aspx

This weblog is sponsored by DasBlog. [Less]

dasBlog on 64bit

Posted about 1 year ago by Admin

If you want to run dasBlog on Windows 2003 64bit IIS6, download the 32bit version
and make the following changes.

You will need to replace the 32bit "BasicFrame.WebControls.BasicDatePicker.dll" with
the 64bit version available in the ... [More] source directory "lib".

The file is "BasicFrame.WebControls.BasicDatePicker.dll.64bit", rename it and replace
the file"BasicFrame.WebControls.BasicDatePicker.dll" in your "bin" directory.

Restart IIS and problem solved.

Note:

I understand that the compiled version of dasBlog 2.0 is supposed to be CPU agnostic,
except for the date picker, which was provided to Microsoft as a freebee created bit
specific (a 32bit version and a 64bit version is included in the source, the default
setup is for the 32bit .dll).

I understand that dasBlog on Vista IIS7 is a little more involved you may want to
read Scott Hanselmans blog on the subject.

http://www.hanselman.com/blog/32bitnessAnd64bitnessAndMigratingDasBlogOnIIS7AndASPNETUnderVista64.aspx [Less]

Latest News

Posted over 2 years ago by Admin

Version 2.0 of dasBlog is released, and dasBlog goes ASP.NET 2.0 (with medium
trust).

After a long period as a .NET 1.1 application with .NET 2.0 compatibility,
dasBlog has finally migrated completely to ASP.NET 2.0. This ... [More] means that we can take
adavantage of the 2.0 platform and provide newer features!
Tony Bunce has a fine write-up
on the issues we ran into with dasBlog on Medium Trust. Here's some highlights:

"The goal of medium trust is for hosting providers to provide functional
ASP.NET 2.0 hosting while also protecting against rogue or malicious applications.
Unfortunately that protection comes at the cost of application flexibility. ...There
are a few features that are limited in a medium trust environment: SMTP on alternative
ports and Mail to Weblog via POP3...dasBlog will let you know that you don't have
these privileges by displaying warnings on the configuration page.

There is some good news though, these limitations won't affect most users.  Many
hosting providers that run limited trust environments don't run in the default
medium trust, but rather a "modified full trust".  In that case you may already
have all the permissions you need for all of the features to work."

What is dasBlog?

dasBlog is an ASP.NET blogging application. It runs on ASP.NET 2.0, (all versions
1.9x and prior run on ASP.NET 1.1 & ASP.NET 2.0) and is developed in
C#. dasBlog is an evolution of the BlogX weblog engine initially written by Chris
Anderson and contributors.

The initial conversion from Blogx was created by Clemens Vasters. dasBlog adds lots
of additional features like Trackback, Pingback, Mail notifications, and over 50 other
major modifications some unique only to dasBlog.

dasBlog does not require a database, so it is easier to get setup and cheaper to host.
All that dasBlog requires is that you grant write access to a folder so that dasBlog
can save your information.

dasBlog is under active development and is always seeking more contributors! If you
feel that you can contribute to the project, we'd love to hear from you. [Less]

Latest News

Posted over 2 years ago by Admin

Version 2.0 of dasBlog is released, and dasBlog goes ASP.NET 2.0 (with medium
trust).

After a long period as a .NET 1.1 application with .NET 2.0 compatibility,
dasBlog has finally migrated completely to ASP.NET 2.0. This ... [More] means that we can take
adavantage of the 2.0 platform and provide newer features!
Tony Bunce has a fine write-up
on the issues we ran into with dasBlog on Medium Trust. Here's some highlights:

"The goal of medium trust is for hosting providers to provide functional
ASP.NET 2.0 hosting while also protecting against rogue or malicious applications.
Unfortunately that protection comes at the cost of application flexibility. ...There
are a few features that are limited in a medium trust environment: SMTP on alternative
ports and Mail to Weblog via POP3...dasBlog will let you know that you don't have
these privileges by displaying warnings on the configuration page.

There is some good news though, these limitations won't affect most users.  Many
hosting providers that run limited trust environments don't run in the default
medium trust, but rather a "modified full trust".  In that case you may already
have all the permissions you need for all of the features to work."

What is dasBlog?

dasBlog is an ASP.NET blogging application. It runs on ASP.NET 2.0, (all versions
1.9x and prior run on ASP.NET 1.1 & ASP.NET 2.0) and is developed in
C#. dasBlog is an evolution of the BlogX weblog engine initially written by Chris
Anderson and contributors.

The initial conversion from Blogx was created by Clemens Vasters. dasBlog adds lots
of additional features like Trackback, Pingback, Mail notifications, and over 50 other
major modifications some unique only to dasBlog.

dasBlog does not require a database, so it is easier to get setup and cheaper to host.
All that dasBlog requires is that you grant write access to a folder so that dasBlog
can save your information.

dasBlog is under active development and is always seeking more contributors! If you
feel that you can contribute to the project, we'd love to hear from you.

This weblog is sponsored by DasBlog. [Less]

Theme Screen Shots

Posted over 2 years ago by Admin

These are the current themes shipping with dasBlog, many more are pending inclusion,
and of course you can find many others in the wild.

BlogXP

business

calmBlue

Candid ... [More] Blue

dasBlog

dasblogger

DirectionalRedux

Discreet Blog Blue

Elegante

essence

Just Html

MadsSimple

Mono

Movable Radio Blue

Movable Radio Heat

nautica022

orangeCream

Portal

Project84

Project84Grass

Slate

Sound Waves

Tricoleur

useit.com

Voidclass2

This weblog is sponsored by DasBlog. [Less]

Theme Screen Shots

Posted over 2 years ago by Admin

These are the current themes shipping with dasBlog, many more are pending inclusion,
and of course you can find many others in the wild.

BlogXP

business

calmBlue

Candid ... [More] Blue

dasBlog

dasblogger

DirectionalRedux

Discreet Blog Blue

Elegante

essence

Just Html

MadsSimple

Mono

Movable Radio Blue

Movable Radio Heat

nautica022

orangeCream

Portal

Project84

Project84Grass

Slate

Sound Waves

Tricoleur

useit.com

Voidclass2 [Less]

How To Secure Your dasBlog Installation

Posted over 2 years ago by Admin

How
To Secure Your dasBlog Installation

Posted
by Alexander Groß http://www.therightstuff.de/

http://www.therightstuff.de/2007/06/08/How To ... [More] Secure Your DasBlog Installation.aspx  



 

DasBlog has
a pretty large user base, and while browsing some dasBlog sites I occasionally check
if they're set up securely. It's not that dasBlog is inherently insecure, but some installations
allow for information leakage and most users aren't even aware of this.

Basic
setup

There
are a couple of locations where you can set up security
for any ASP.NET application:

       NTFS
security,

       IIS
virtual directory and folder security,

       web.config <authentication> element
or a HttpForbiddenHandler for
certain ASP.NET file extensions.

Note
that web.config settings
only apply to file extensions mapped to ASP.NET on Windows Server 2003 and before.
I am working on IIS 6 here and while I like my security settings in (mostly)
one place I usually go with a generic read access configuration in IIS and
set the more fine-grained settings using NTFS.

When
deploying dasBlog to your web server you will likely enable read access
to the dasBlog folder for the IUSR
and NETWORK SERVICE accounts

on
the NTFS Security tab. This gives the IIS and ASP.NET runtimes the rights they
need to work. On the /logs, /content and /SiteConfig directories
you will also need to enable change access for the NETWORK SERVICE account since this
is where dasBlog stores its working data. (dasBlog is represented by the IIS worker
process identity, which is NETWORK SERVICE on Windows Server 2003 and ASPNET on Windows 2000
and XP.) If anything is set up incorrectly you'll see the configuration
error page

when
you're trying configure your blog or post a blog entry.

Folder

IUSR
access

NETWORK
SERVICE access

Notes

/dasBlog
root

R

R

 

  /bin

RI

RI

Contents
protected by ASP.NET

  /content

RI

RI,
W

Blog
posts, comments, trackbacks

    /binary

RI

RI,
WI

Binary
content, i.e. images and enclosures

    /profiles

RI

RI,
WI

User
profiles

  /DatePicker

RI

RI

 

  /ftb

RI

RI

 

  /images

RI

RI

 

  /logs

RI

RI,
W

Log
files

  /SiteConfig

RI

RI,
W

Config
and error pages

  /smilies

RI

RI

 

  /themes

RI

RI

 

Legend:
R=Read, RI=Read (inherited), W=Write, WI=Write (inherited)

The
/logs folder

Sometimes
when I visit a random dasBlog site I try to download one of dasBlog's log files
which are located in the /logs folder.
Since IUSR's read access is most likely inherited (RI) in this folder, anonymous users
can download log files. The log file name format is publicy available so, for
example, the /logs/2007-06-08-referrer.log.zip file
contains the referrers for today. This information
leakage

could
be easily mitigated by denying IUSR read access to the /logs folder.
However, I've found at least three high-traffic blogs where this was not the
case (I e-mailed the owners, things are fixed now).

Themes

Another problem
that came
up recently on the developer mailing list

was
how to keep blog
templates

private.
Since we already incorporate the HttpForbiddenHandler for *.blogtemplate files
and IIS
doesn't serve files when there's no MIME type available

this
is really a non-issue. The template's manifest file, however, will be served but that
should not bother you since there's no valuable information in it.

Special
Case: The /content folder

One
rather interesting place is the /content folder.
Your posts, comments and blogged binary content like images are stored there. The /content/binary subfolder
holds images and enclosures, i.e. basically everything you attach to a certain post. The /content/profiles folder
serves as a container for user profiles stored in <Username>.format.html files.
Please note that *.format.html files
are always templated and served through FormatPage.aspx,
that is, are never accessed by IUSR directly.

With
the basic setup above, read access for anonymous users is enabled in the /content folder
and its subfolders. Thus, anonymous users are able to get the raw post data by requesting
the *.dayentry.xml and *.dayfeedback.xml files
for a certain date, i.e. /content/2007-06-08.dayentry.xml.
Again, the file name pattern is no secret.

This
last piece of public information should only be served through certain channels like
the templated font page or RSS. Because of dasBlog's folder structure securing the /content folder
it is kind of tricky:

       First,
deny read access to the /content folder
for the IUSR account.

       In
the next step, open the security tab of the /content/binary folder
and break NTFS inheritance there copying all existing ACLs.

       Delete
the Deny ACL for IUSR.

Secure
Configuration

In
the end the NTFS security settings that work best for me look like this: (Changes
red)

Folder

IUSR
access

NETWORK
SERVICE access

Notes

/dasBlog
root

R

R

 

  /bin

RI

RI

Contents
protected by ASP.NET

  /content

RI, RD

RI,
W

Blog
posts, comments, trackbacks

    /binary

R

R,
W

Binary
content, i.e. images and enclosures

    /profiles

RI, RDI

RI,
WI

User
profiles

  /DatePicker

RI

RI

 

  /ftb

RI

RI

 

  /images

RI

RI

 

  /logs

RI, RD

RI,
W

Log
files

  /SiteConfig

RI, RD

RI,
W

Config
and error pages

  /smilies

RI

RI

 

  /themes

RI

RI

 

Legend:
R=Read, RI=Read (inherited), W=Write, WI=Write (inherited), RD=Deny read, RDI=Deny
read (inherited)

Please
note that on Windows Deny ACLs have always preference over Allow ACLs.

This weblog is sponsored by DasBlog. [Less]

How To Secure Your dasBlog Installation

Posted over 2 years ago by Admin

How
To Secure Your dasBlog Installation

Posted
by Alexander Groß http://www.therightstuff.de/

http://www.therightstuff.de/2007/06/08/How To ... [More] Secure Your DasBlog Installation.aspx  



 

DasBlog has
a pretty large user base, and while browsing some dasBlog sites I occasionally check
if they're set up securely. It's not that dasBlog is inherently insecure, but some installations
allow for information leakage and most users aren't even aware of this.

Basic
setup

There
are a couple of locations where you can set up security
for any ASP.NET application:

       NTFS
security,

       IIS
virtual directory and folder security,

       web.config <authentication> element
or a HttpForbiddenHandler for
certain ASP.NET file extensions.

Note
that web.config settings
only apply to file extensions mapped to ASP.NET on Windows Server 2003 and before.
I am working on IIS 6 here and while I like my security settings in (mostly)
one place I usually go with a generic read access configuration in IIS and
set the more fine-grained settings using NTFS.

When
deploying dasBlog to your web server you will likely enable read access
to the dasBlog folder for the IUSR
and NETWORK SERVICE accounts

on
the NTFS Security tab. This gives the IIS and ASP.NET runtimes the rights they
need to work. On the /logs, /content and /SiteConfig directories
you will also need to enable change access for the NETWORK SERVICE account since this
is where dasBlog stores its working data. (dasBlog is represented by the IIS worker
process identity, which is NETWORK SERVICE on Windows Server 2003 and ASPNET on Windows 2000
and XP.) If anything is set up incorrectly you'll see the configuration
error page

when
you're trying configure your blog or post a blog entry.

Folder

IUSR
access

NETWORK
SERVICE access

Notes

/dasBlog
root

R

R

 

  /bin

RI

RI

Contents
protected by ASP.NET

  /content

RI

RI,
W

Blog
posts, comments, trackbacks

    /binary

RI

RI,
WI

Binary
content, i.e. images and enclosures

    /profiles

RI

RI,
WI

User
profiles

  /DatePicker

RI

RI

 

  /ftb

RI

RI

 

  /images

RI

RI

 

  /logs

RI

RI,
W

Log
files

  /SiteConfig

RI

RI,
W

Config
and error pages

  /smilies

RI

RI

 

  /themes

RI

RI

 

Legend:
R=Read, RI=Read (inherited), W=Write, WI=Write (inherited)

The
/logs folder

Sometimes
when I visit a random dasBlog site I try to download one of dasBlog's log files
which are located in the /logs folder.
Since IUSR's read access is most likely inherited (RI) in this folder, anonymous users
can download log files. The log file name format is publicy available so, for
example, the /logs/2007-06-08-referrer.log.zip file
contains the referrers for today. This information
leakage

could
be easily mitigated by denying IUSR read access to the /logs folder.
However, I've found at least three high-traffic blogs where this was not the
case (I e-mailed the owners, things are fixed now).

Themes

Another problem
that came
up recently on the developer mailing list

was
how to keep blog
templates

private.
Since we already incorporate the HttpForbiddenHandler for *.blogtemplate files
and IIS
doesn't serve files when there's no MIME type available

this
is really a non-issue. The template's manifest file, however, will be served but that
should not bother you since there's no valuable information in it.

Special
Case: The /content folder

One
rather interesting place is the /content folder.
Your posts, comments and blogged binary content like images are stored there. The /content/binary subfolder
holds images and enclosures, i.e. basically everything you attach to a certain post. The /content/profiles folder
serves as a container for user profiles stored in <Username>.format.html files.
Please note that *.format.html files
are always templated and served through FormatPage.aspx,
that is, are never accessed by IUSR directly.

With
the basic setup above, read access for anonymous users is enabled in the /content folder
and its subfolders. Thus, anonymous users are able to get the raw post data by requesting
the *.dayentry.xml and *.dayfeedback.xml files
for a certain date, i.e. /content/2007-06-08.dayentry.xml.
Again, the file name pattern is no secret.

This
last piece of public information should only be served through certain channels like
the templated font page or RSS. Because of dasBlog's folder structure securing the /content folder
it is kind of tricky:

       First,
deny read access to the /content folder
for the IUSR account.

       In
the next step, open the security tab of the /content/binary folder
and break NTFS inheritance there copying all existing ACLs.

       Delete
the Deny ACL for IUSR.

Secure
Configuration

In
the end the NTFS security settings that work best for me look like this: (Changes
red)

Folder

IUSR
access

NETWORK
SERVICE access

Notes

/dasBlog
root

R

R

 

  /bin

RI

RI

Contents
protected by ASP.NET

  /content

RI, RD

RI,
W

Blog
posts, comments, trackbacks

    /binary

R

R,
W

Binary
content, i.e. images and enclosures

    /profiles

RI, RDI

RI,
WI

User
profiles

  /DatePicker

RI

RI

 

  /ftb

RI

RI

 

  /images

RI

RI

 

  /logs

RI, RD

RI,
W

Log
files

  /SiteConfig

RI, RD

RI,
W

Config
and error pages

  /smilies

RI

RI

 

  /themes

RI

RI

 

Legend:
R=Read, RI=Read (inherited), W=Write, WI=Write (inherited), RD=Deny read, RDI=Deny
read (inherited)

Please
note that on Windows Deny ACLs have always preference over Allow ACLs. [Less]

Tag Cloud

Posted over 3 years ago by Tom Watts

A relatively new macro that does not have much detail about the support it requires
is the <%drawTagCloud()%> macro or Tag
Cloud.

This Macro will not work unless you include the appropriate CSS class codes ... [More] called
by your theme template CSS file.

For example something like this:

.smallestTag {
 font-size: 0.8em;
}
.smallerTag  {
 font-size: 1.0em;
}
.smallTag {
 font-size: 1.2em;
}
.mediumTag {
 font-size: 1.4em;
}
.largeTag {
 font-size: 1.6em;
}
.largerTag {
 font-size: 1.8em;
}
.largestTag {
 font-size: 2.0em;
}

For more detail on this macro and the others available see this Macro
Link. [Less]