Haibane.info

I was out of town this weekend, to celebrate my daughter’s first birthday in Chicago with my parents, so I figured that I’d throw a fun post up on the blog for you all to enjoy. Unfortunately, Akismet seems to have decided to stage a coup in my absence and tried to eat everyone’s comments, which seriously blunted what would have been a really fun thread. I just returned home and found Akismet drooling like Smaug over its hoarded commentary, loath to release them until I forced it to my will. Maybe it’s time to look at serious spamtrap alternatives.

In the meantime, how about that wacky telescope thingy, eh? (sigh). I know. Thread’s dead, baby.

I thought I was done with this, but it seems that Wordpress v2.3.3 did not fix the injection spam loophole; I was just hit by another injection spam attack on my previous post (now cleaned up). I’ve closed user registration on the blog for now, though of course you needn’t register to comment thanks to the captcha plugins I have installed. I suggest that all WP bloggers do the same and keep an eye out for injection spam by monitoring your RSS feed.

I’ve upgraded to v2.3.3 which closes a security hole that was permitting spammers to “inject” spammy links directly into posts via xmlrpc.php, and thereby avoid the “nofollow” attribute that is automatically applied to links in comments (ie, the usual mechanism to deprive comment spammers of the PageRank mojo they seek). The spam was surrounded by “noscript” HTML tags, which meant that they were invisible in the browser, thus hiding the links from detection and removal. However, since RSS feedreaders do not interpret javascript, the spam was revealed, and I am grateful to Dave and to Gothmog for alerting me to the problem.

If you have a WP blog you should upgrade ASAP to the latest version. FYI to all the otaku blogs I link to on my blogroll here, I have not noticed any spam links via your feeds, though I am a bit behind on my reading. You all should upgrade asap.

I’ve added ScottSM’s WP_Folksonomy plugin to this blog. This means that you, the readers, now have the power to tag any post you please. I realize that this is a bit like giving the inmates the keys to the asylum, but I’m the least sane among ye, so I look forward to your impositions of order on my chaos.

I mentioned earlier that I was using Peter’s Anti-spam Math plugin to allow for freer commenting (after inspiration from Shamus). I was also using the WP-Deadbolt plugin to add a blacklist to the blog registration page. However, I left a comment at Peter’s asking if he could add the same captcha functionality to the registration page as well. He responded almost immediately and sent me a link to the new beta of his plugin, which adds the captcha to the registration page as desired and which also implements a domain-based blacklist for registration email addresses to boot! I just installed it and am really impressed. If you have a WP blog and allow users to register, give this a whirl and let Peter know if you come across any bugs.

This guide on hacking wordpress templates is the best I have seen. It’s succinct and covers enough breadth to be of general use without ranging too far afield into esoterica.

Until now, I’ve required users to be registered on the blog in order to leave comments. I’ve realized however that this does act as a deterrent to people who would impulsively comment but don’t want to load a few extra screens. So, I have taken a cue from Shamus and installed a captcha plugin. I’m using a derivative of the one he uses, called Peter’s Math Anti-Spam Plugin, and again taking a cue from Shamus I’ve configured it so it shows exactly the same math problem every time. (Incidentally, please assume completeness of the Real numbers before answering. Thank you.)

If you are a registered user, and are logged in (use the handy login form on top of sidebar) you won’t ever see the captcha. I am still disabling all pingbacks and trackbacks, and have also installed a domain blacklist to prevent spammy email addresses from registering (mostly mail.ru. Sorry, Russian Haibane fans). And I’ve got Akismet purring along in the background. Spam hasn’t really been a problem until now and if this (marginally) more open scheme results in a big increase in spam from registered bots, then I’ll yank it.

Haibane.info is now running version 2.3.1. The 2.3.x upgrade brings tag functionality to the Wordpress core. At present I only have one tag, “wordpress” - I need to sit down and think about a strategy for making best use of this functionality. As it turns out, it also breaks my blog in an interesting way… and leaves me highly skeptical of whether tags are meaningfully different from categories at all, despite the prevailing dogma that insists they are truly separate things. (more…)

I’ve drastically pruned my blogroll to just the same anime blogs that I subscribe to in my feedreader. Long-overdue links to Nick, Ubu, and Author were added, and if you’re a regular commenter here with a blog of your own, let me know so I can do the needful.

I also filled out XFN relationships where appropriate (if you’ve ever linked to/emailed me, you’re at least an acquaintance. If you’ve kicked me off your web forum or sent me Firefly DVDs, you’re a friend Wordpress supports XFN natively so might as well do my part for the Semantic Web and make Tim Berners-Lee happy.

Oh, and if you noticed any Wordpress theme wierdness, that was just me pushing the big red button I wasn’t supposed to push. I think I should roll my own theme template, as I’ve hacked on the default quite a bit now. I’ll wait till after the WP 2.3 upgrade on monday.

Astro mentioned that my site was still buggy - the main problem is that WP 2.2 added native support for Widgets, which breaks when combined with my preferred theme K2’s implementation of “sidebar modules” (also a form of widgets). The long and short of it is that I have to wait until the K2 people release a new version (the latest nightly build did nothing for me). Until then I am going a bit retro; I’m using the Widgets because they are there but I really miss K2’s SBM functionality, it’s so much more powerful. Wouldn’t it be nice if K2 could spin off SBM as an extension to Widgets so all of this would be theme independent?

anyway, gripes aside, everything works now (since I’m giving up on K2 for the present). So comment away!