So after only a year and two months, comments are finally reenabled here. I’m now using Akismet and Bad Behavior for spam blocking. Hopefully, it will work out well enough to leave it open (I didn’t like having to skim through 200 spams a day to find the on average 0 actual comments there).
I was getting about 200 spams a day to this blog, so I’ve turned comments off, hopefully temporarily. Sometime when I have more time, I’ll get a better solution in place (I’m out of school in a month, so probably then).
I’ve just enabled Bad Behavior here. If it gives you any problems, please contact me.
Okay. So you know how OpenID is an actually viable identification system? And you know how PGP/GnuPG have a concept of signing other people’s keys to establish trust paths?
Well, I was just thinking about blog comments, and a) how now that I have them re-enabled, I’m getting spam, and b) I’d like to enable OpenID, and I got an idea (which, if you read the first paragraph, you’ve probably already figured out). Why not extend OpenID to also allow trust paths? Basically, if I trust Anne to be a real person and not a spammer, and he trusts Ian, I can be pretty sure that Ian’s not a spammer. And if Ian’s server is compromised and a spammer starts sending stuff as him, or if he’s paid off by the Evil Spam Operators to “trust” them, then I can either blacklist Anne, blacklist Ian, nofollow Anne (so I trust him but don’t trust his contacts), or even just wait for Anne to take care of it.
Obviously it could be fleshed out a bit more (max depth for trust paths?) and in implementations too (temporary blacklist: blacklist Anne for 24 hours and renew automatically if I got any comments through his trust path that looked like spam, else re-trust), but it looks like a start.
Thoughts?
I needed to fix comments here, so I had a few choices. a) Figure out what was wrong, or b) just upgrade and let that fix it.
I upgraded. That fixed it.
As a downside, I no longer have the comment validation plugin. Someone should write a plugin that parses all input as HTML 5 and re-serializes it as valid whatever-language-you’re-using.
Edit: And let the blogspam begin! I’m holding all comments for moderation now. I think you can get around that by registering an account here or something (?) but I basically don’t care yet. Maybe I’ll look into it once I actually understand enough PHP to make changes.
Oh. I guess the reason no one’s left a comment on my blog in ages is that there isn’t a comments form.
I should fix that… today, probably. Right now I’m tired.
I just installed ComPreVal. Hopefully it should do the same pseudo-XHTML* checking and forced preview as what I had before, and hopefully without the backslash problem I had before. Bug me if anything’s broken.
* Pseudo because it’s text/html. If this for some reason offends you you can think of it as (pseudo-X)HTML. As to why I’m publishing anything at all with a text/html MIME type and an XHTML (Transitional, ewww) doctype, it’s because that’s how the CMS came, and I don’t have the skills to fix it… yet.
So apparently someone cracked into my blog and changed the front page. AFAICT they didn’t do anything else, so it was probably just a bug in an old version of wordpress. So I upgraded, hence the nice shiny new defaut layout.
Of course, now my comment validation plugin is gone. I wish they’d just sent me an email telling me to upgrade instead.
You know another thing that would be good in a blog? The ability to mark a comment as “troll”. Give it a bit of styling—perhaps a cartoonly little “Please don’t feed the trolls” sign, or give people the option to hide them altogether. On the other hand, I can see where a blog owner might be tempted to abuse that. Hmm.
Okay, so I fixed the comment backslash thing. It required removing addslashes(...) from something, amazingly enough.
I just hope I didn’t leave myself open to that SQL Injection Attack thingy that page was talking about…
Now I’m gonna go through every single comment ever posted and remove them all. Funness.
Edit: Well, that’s… kind of nice. Apparently due to some strange misconfiguration, the backslashes are removed automatically when I go to the comment editing form. Unfortunately, it removes legitimate ones, too (unless they were escaped by a false one). I hope I didn’t break anyone’s post.
It would be nice to be able to sandbox user comments so that they could include more than just plain markup. For styles this is trivial: provide a [this-comment] selector, and cut out any selector that doesn’t start with it (would fail IFF a future version of css introduced a parent selector, but even then could be easily fixed). For scripts, I’d assume it’s quite a bit less trivial. It would be really nice for us web geeks, though.
I even wish I could offer a bounty on this. It would really be worth it, I think, if it were done correctly. Unfortunately I’m too young for most things financial—credit card, paypal, etc. Oh well. Hopefully someone will find it an interesting challenge.
Someone should make a feedreader (plugin) that implements a pagerank equivelant in the little world made up of the feeds I read. So if someone links to a post on a blog I don’t have the feed for, or if someone whose blog I don’t read links to a post, those mean nothing, but if someone whose blog I do read links to a post by someone else whose blog I read, my reader recognizes that and tells me (non-intrusively, of course).
Just one of those pseudo-AI things that fits into “computers are supposed to make our lives easier”. I thought it might help this guy (via Anne).
Disclaimer: I don’t even use a feedreader, so perhaps I haven’t been talking. But I think it’s a valid idea, and I haven’t heard of it being implemented yet…
Okay, this putting-a-backslash-in-front-of-every-apostrophe in the comments has gone too far. It has now messed up someone’s <code>...</code> snippets, and so it is time to fix the problem once and for all.
Wish me (with my complete and utter lack of PHP knowledge) luck.
In my Perfect Weblog System (which has a great resemblance to Anne’s), the slug would be automatically generated from the title using (client-side) javascript. If the slug was changed on its own, whatever handler was causing the updating would be removed. If the slug field was cleared completely, the handler would be replaced, and it would go back to being based on the title.
Why? Because I don’t like having to think about slugs. And normally the title or something auto-generated on it is good enough, it’s just for those posts with really long or punctuation-intensive titles that that breaks down. But that’s often enough that I have to think about it every time (or, sometimes, not). So this is one of those little gradual enhancements using javascript you keep hearing about.
Actually, perhaps this isn’t part of the Perfect Weblog System, but rather the Perfect Weblog System’s UI. Anyway.
Edit: Via choan in the comments, it exists! Thank you! But shouldn’t you be using UTF-8? ;)
Apparently Wordpress breaks (outputs invalid (X)HTML) on <pre>x(newline)(newline)x</pre>, which I can’t show properly because then it would break (darn catch-22s…). And I can’t find the option to turn off auto-formatting and let me just type what I mean. So my last post is slightly semantically incorrect: instead of putting it all in one <pre> like I should have, it’s in several separate ones.
After a long stint at 0, my PageRank is suddenly 5. And yet Google shows no more pages linking to me than it did before. What’s up with that?
My site’s top level home page (http://dolphinling.net/) also has a pagerank of 5, and it only links here, so that might explain it… but how did it get that high? It’s only got 6 things linking to it (other than my weblog): 1 post on Daniel Glazman’s weblog, and 5 on Slashdot. Surely that’s not enough to get it a pagerank of 5? What am I missing?
Edit: Oh, now I see where I got linked too from. Somehow, even though I’m usually a dedicated reader of Anne’s hrefs, I missed two. Thanks Anne!
Thanks to this person too, whoever they are :-)
It appears comments are broken here. I tried posting one, and the preview just kept telling me to fill in my name and email, even though they were. That would explain, then, why I haven’t gotten any comments for a month and a half. I just wish someone had told me about it.
That wouldn’t explain, though, how someone did post a comment, which my going to reply to was the reason I found out about all this. Hmm….
Edit: it seems to have fixed itself. Yay.
Edit 2: Or perhaps not. <br> doesn’t work. Maybe some other things don’t?
Just saw a post by Dean Edwards on moderating only pingbacks and trackbacks. I’ve reopened them on my blog, and hopefully it’ll work :-)
Thanks Dean!
I got 7 trackback spams this morning. I’ve turned trackback off for now, but what I’d really like is for trackbacks to be held in a moderation queue, but comments not to be. Anyone have a plugin for that (or know of a better solution)?
Now that’s annoying… for some reason, WordPress doesn’t show the checkbox to post in sub-sub-categories, even in the edit area. I made a new “computers” category for my non-web computer posts and wanted to make web a subcategory of it, but when I did I couldn’t post in any of web’s subcategories. Oh, well.
Bad Behavior has blocked 328 access attempts in the last 7 days.