Automatticians hanging out at True’s office, with Domas, and grabbing dinner.
Yonkers Graveyard and Dinner
Visiting Glenda’s grandmother’s grave in Yonkers and exploring the nearby grounds, family dinner with her brother Gil and mother.
With Barry in NYC
Lunch with Abrahamsons, Central Park, BBQ with Barry and Catherine.
Flickr Code
Flickr has open sourced their uploader on their new code site, which has all the nice bits you’d expect including a WordPress-powered blog. Hat tip: Ryan Schwartz.
Slow-boiled Frog
After we had a late breakfast the other day troublemaker John Roberts informed that the story about throwing a frog into hot vs cold water, that I love to use, is totally false. The blog he linked has an entire category chronicling the slow-boiled frog showing up in the news. I stand corrected!
Papal WordPress
The United States Papal visit has a WordPress.com blog. Nice! I’m going to be in New York City this weekend at the same time, maybe see mass in Yankee stadium?
On Sphere
Sphere has found a home at the prescient AOL, as talked about on their blog, GigaOM, and Techcrunch. Sphere is a great company and the folks who made this happen at AOL will look like rockstars as the team continues to execute on their vision of tying the web together through lateral navigation. Disclosure, as it says on my about page, I was an advisor to Sphere and we’re cousins in the True family.
SecurityFocus SQL Injection Bogus
Since people are asking, this so-called alert on Security Focus appears to be completely false and has no information that an attacker or the WordPress developers could use. It is completely content-free, except for making claims that every version of WP since 2.0 is vulnerable.
Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.
A valid security report looks like this, it usually includes sample code and a detailed description of the problem. The WP security team was notified of the KSES problem and it was fixed in 2.5. You can impress your friends by saying whether a security report is valid or not, so it’s a good critical facility to pick up.
All that said, there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google. (Google will drop your site if it contains links they consider spammy, you’ll remember this is one of the main reasons I came out against sponsored themes.) Google has some guidelines as well, what to do if your site is hacked. If I were to suggest WordPress-specific ones, I would say:
Any color schemes?
I’m just curious if any plugins or such have taken advantage of the admin color scheme switcher in version 2.5 yet? I’d like to highlight some in the plugin directory.
Philidelphia and Temple Awards
At and around Temple University in Philidelphia for the aforementioned award.
Global Convergence Forum Day 2
Accenture Global Convergence Forum, day 2. Catamaran ride; Mango’s; Delano.
Accenture GCF208 Day 1
Accenture Global Convergence Forum 2008 in Miami, Florida. Conference; Devitos; Delano hotel.
Around SF
Dim sum and wandering around San Francisco.
WP Meetup in Philadelphia
I’m being honored by the Temple Fox School IT Awards so I’ll be in Philadelphia next week. I extended my trip so we can do a WordPress meetup on Thursday night, April 10. The current plan, thanks to Alex Hillman, is meeting at National Mechanics at 6PM.
New bbPress
Why Blog? Book Deal
Why Blog? Reason No. 92: Book Deal – New York Times. Talks about two WordPress.com blogs – Stuff White People Like and I Can Haz Cheezburger.
OpenID and Spam
Magnolia is going to be restricting their signups to only OpenID users:
Why? Because 75% of new accounts being created there lately have been created by spammers using automated tools. Spammers took over Ma.gnolia. Now, the company is using OpenID as a system of 3rd party verified identity and using the superior spam blocking skills of services like Yahoo! and AIM to clean up the Ma.gnolia ranks. Spamfighting could be the incentive that puts many other vendors over the edge to leverage OpenID.
At best this is a Club solution, meaning it’ll be effective as long as Magnolia is not a worthwhile enough target or not enough people use the technique.
Anyone advocating that a Yahoo, Google, or AOL account is going to stop spam signups, sploggers, or anything of the sort is out of touch with the dark side of the internet. The going rate for a valid Google account is about a penny each. For $100 get a text file with 10,000 valid logins and passwords, and go to town. We used to require email verification to signup for WordPress.com, and the vast majority of splogs were coming from Gmail or Yahoo email addresses, hundreds of thousands of them. Myspace and ICQ are both good examples of completely closed identity systems with registration barriers but still overrun with spam.
Each of the big guys probably has an anti-abuse team larger than all of Magnolia fighting these spam signups, but it obviously hasn’t been effective. In theory you could blacklist OpenID providers but who’s going to block Google and Yahoo and even if they did they’re just pushing the problem outward, to the point where spammers eventually run their own identity providers, and if you think they won’t come from millions of unique registered domains look at your comment spam queue.
OpenID has a ton of promise for the web — let’s not hurt it by setting people up for disappointment by telling them it’s a spam blocker when it’s not. Regardless of registration, identity verification, or CAPTCHA, you still need something working at the content level to block spam.
New BuddyPress Site
The new BuddyPress site is up and includes the key ingredients of an open source project: mailing list, bug tracker, and SVN. No official release of anything yet, but if you’re interested in following the development you should join the mailing list. The site itself is, of course, powered by WordPress.
Catching up on March
March is almost over, but email-wise I’m just getting started. Between the travel, conferences like SxSW and WordCamp, the 2.5 release, and the wisdom tooth stuff I’ve got stuff backed up even from Febuary. I’m back home this week so I’ll be doing as much catch-up as possible. If you get a response to an old email from me, that’s why.
Consistent Hashing
Programmer’s Toolbox Part 3: Consistent Hashing. It would be interesting if something like this could be folded into the currently random slave server selection for HyperDB.