Movable Type 3.33, and associated FTP problems

Movable Type 3.3 badge-type thingSix Apart have just released a new version of Movable Type (3.33) which contains several patches for a bunch of potentially nasty security holes. Given the problems I had upgrading to 3.3 in the first place, I wasn’t exactly relishing the idea of another install, but security comes first.

And, just like last time: HTTP 500 server errors as soon as I tried to log back in afterwards.

It looks like my problem isn’t related to Movable Type at all, though, but instead to the FTP upload process. I had grabbed the .zip version of the movable type package, unzipped it locally, and then uploaded all the individual files to my web server. My FTP client is FileZilla, and the server is running NcFTPd. With FileZilla set to use multiple simultaneous connections (for a faster upload) it would occasionally transpose the contents of two files.

This is very ungood. Not only does this lead to the obvious failure situation where an app doesn’t work because its internals are screwed up (the HTTP 500 server errors I was seeing), but there’s also the possibility of a silent failure, where everything still appears to work, but all is still not well. For example, a file containing passwords could be swapped with a simple HTML file so that they become publicly readable (and Google-able).

Curiously, the transposing of files doesn’t seem to be entirely random. When I first noticed the phenomenon, I tried re-uploading the pair of files that had been switched, and they ended up switched again. It was only when I dropped back to using a single connection (menu: Queue -> Use multiple connections) that the upload worked properly.

A quick search on Google showed that although this is uncommon, it’s not an entirely unknown problem. A few people have mentioned this happening with FileZilla (here and here, for example), but this also seems to be an occasional problem with CuteFTP, too: see this forum post.

The fact that the problem shows up on multiple clients makes me wonder if it’s the server that’s at fault. Alternatively, both CuteFTP and FileZilla could be using a very similar, but subtly wrong piece of code to do multiple simultaneous uploads. Very curious. But at least knowing what has gone wrong will make me feel much more at ease when the next MT upgrade comes around.