Quick Thinking #
I'm currently managing a friend's WordPress blog while they bugger off on a round-the-world trip. Goodness me they get a lot of spam.
Within a minute or so of turning off Spam Karma (it causes problems with the comment count, apparently) I/he had 15 new comments, all spam. So, without FTP access I quickly put in a hack to the comments page thusly:
<textarea name="quack" id="comments"></textarea>
<script type="text/javascript">
document.getElementById('comments').name = 'comments';
</script>
Nice and simple - a bit of Javascript that renames the comments field so it can be submitted correctly (if you fail to run the script, the comment fails). I know there are accessibility issues and all the smartarses who turn off their Javascript are stopped from commenting, but desperate times call for desperate measures. It's quick & dirty, and for most people (this guy doesn't get a massive amount of traffic) it works OK.
Anyway, I went to bed last night feeling smug that I'd robbed a load of spammers of their precious links. This morning I took a look: 38 new comments. They've already made their way around it.
This suggests one of three things:
- The spammers caught the error and changed their behaviour to suit. Doubt it, it'd be easier for them to move onto other blogs.
- They execute Javascript (maybe it's a full-on Firefox session with a plugin script?. Likely, and rather smart!
- My code is rubbish and never worked in the first place. Never impossible.
Anyway, kudos to those guys for not being thwarted by a simple script! Now, let's see what happens when I get Spam Karma re-enabled or I activate Akismet...
Update 22 Sept: Ignore the above. My code is rubbish. If the spammers do a simple POST to the server they will succeed, since I'd never updated the server-side code to match the client. Best bet for this hack would've been to rename the field both on the form and in the server code to something unpredictable ('quack' is just fine...) and not bother with the Javascript, Spammers would ignorantly continue to assume the field is 'comments' and their posts would fail. Thanks Brian and Neil T
A while ago I wrote a blog host service which included a more sophisticated spam filter. It would scramble all the fields client-side, include a couple of hashes and would only accept the comment as-is if all the hashes matched the server's own records. It stopped blind POSTs and bots that did not use Javascript. It also cleverly spotted genuine users who might not have been able to run the Javascript (since there was a larger platform accessibility was a concern), and used timing information to identify real users (who take their time) versus bots (who tend to write/post immediately or in a regular pattern).
It worked for nearly 2 years without a single automated spam comment getting through (many tens of thousands were stopped; no false positives either). Manual spam got in, but was minimal. Finally the spammers changed their ways and (I guess) began using full browser sessions to post their spam - once they do that you need to start looking at content analysis or other methods.
Blog subscriptions #
Hurrah. Russell Beattie is back to blogging again. His blog has always been a quite reliable source for mobile news. Subscribed.
I also found a few more blogs today that seemed quite interesting. Subscribed to those too.
However, Freakonomics blog seems to have switched to condensed feeds since they moved to the New York Times. Since the majority of my reading is done on a phone on the train, I'm Unsubscribed. (and there's rather a lot of discussion about this on their blog).
Introspective #
This post has been brewing for a long time - but it's about time I wrote this down. Last December I had the pleasure of meeting Robert Scoble twice. In Ireland and London. Both times he was surrounded by other people equally keen on grabbing his ear for a few minutes. Poor bloke seemed to spend all evening without a moment to himself!
When Robert came by our part of the table in Ireland, the discussion led to feed readers. Most people voiced their support for various products, but I had a different view. I don't generally use an aggregator, so I said as much. 'Why?' asked the small group of people. I told them I prefer to read the site itself. I liked the designs of the sites and prefered to read articles on a full-blown HTML page, but struggled to give a clear reason.
Robert suggested this was a common view for advertisers (makes sense), but was quickly distracted by other people vying for his attention and went away.
That irritated me quite a bit. Not the response - it was my comment that irritated me. I couldn't believe that I gave such a vague and pathetic reason, that was easy to dismiss and didn't give much value to the conversation. The fact was, I don't use aggregators and I hadn't actually figured out why.
It actually took me a few months of playing with various aggregators; reading blogs day in, day out (as always) - this time with a view to actually figuring out what it is I did and didn't like about them. Another few months to get around to actually writing this....
Turns out, the main reason I don't use aggregators is - ironically - because they play such an important and regular part of my day if I do use them. The trouble is that in applications used so frequently, even the slightest kink becomes a regular irritation.
I've yet to find an aggregator I actually like and don't get annoyed with. FeedDemon kept demanding a NewsGator login (which I didn't want to give), and I couldn't disable the message without logging in.
Outlook 2007's feed reader seemed to miss half of all new posts, and refused to parse some feeds at all.
The reader in Flock was good for a while, but I kept getting 'Script is busy' error messages, and it wouldn't let me customise the refresh time (I've since found out how to do that).
I'm currently using FeedReader. It's okay, but can have a very slow interface at times. That said, it's growing on me.
Arguably, I've been using some products in beta so should expect to be burned at times. I might go back and try more stable versions, but am reluctant to go through the whole installation/transfer OPML/try out cycle again.
I'm quite keen to find a 'river of news' reader. I tend to read feeds quite regularly throughout the day, so it's easier for me to see the latest couple of new posts each time, rather than click through individual updated feeds.
I'm also keen on finding a reader that lets me 'mark all as read' (for both a particular feed, and across the lot). Most should already do this, but some can be suprisingly unresponsive and slow. Remember that, given my point earlier about using aggregators all the time, the program should respond immediately - and yes, my computer is quite fast with a lot of memory and very little in the background. Other programs blaze along.
Dunno - I'm probably being very fussy here, but this - I believe - more accurately represents why I don't use aggregators (for long).
Perhaps I'd be more driven to using one (and would 'get over' any issues) if I had more feeds to read. At the moment I have perhaps 15 or so; if I had 300+ it would be an issue. I can remember each URL I regularly visit, so it's not a problem to switch off the aggregator and just type each URL into Flock.
Finally, despite being a generally impatient user, I would be quite interested to give it all another go. If you have a favourite reader you think is quick off the mark, reasonably uncomplicated and has a 'river of news' view please let me know. In return I'll make more of an effort to document what I do and don't like about each program.
BBC - 'The Editors' blog #
The BBC have introduced a new blog, 'The Editors'. Editors from across the Beeb contribute articles and insights into their day-to-day decision-making and operations.
I rather like the style, and the articles so far have been quite engaging and interesting.
The latest article, discusses the Bush & Blair conversation caught on tape at the G8 Summit. A fairly casual, retrospective look at a piece of news (although really, does it really matter if Bush said 'shit'? That was the lead-in for the piece on the actual news)
Their blog system seems to have a slight niggle though - it currently reads 'Comments (6)' yet only one is displayed. The others are presumably awaiting moderation, but still it seems slightly odd to include those in the count.
Link Catchup #
Right, I haven't posted anything particularly interesting lately, so here's a bit of a catch-up:
- Google Spreadsheets is released, albeit to a limited group - looks like an interesting AJAX app. Bit on the thin side by the looks of things, but then how many people use Excel for anything more complicated than accounts or modelling?
- Portsmouth is set to become the first city in the UK to implement a city-wide 20mph speed limit.
- Windows Vista Beta 2 is now generally available - although it looks like their servers are swamped!
- The Tories could be offering spaces to bloggers at their annual conferences (nothing new - see also 2004 US Elections, but still something to keep track of)
- For those of you that are interested, the Blogtalk conference this year is Oct 2-3 at Vienna in Austria. I went a couple of years ago - it was a great conference and the city is gorgeous! Still in two minds about this year though.
- In other news I have just returned from a canal holiday. Photos soon!
Layout Snags #
Thanks to the awkwardness of a previous post, my layout went a bit weird. So, for the time being I've switch to a template that uses the entire screen. It might be boring, but it works!
Feed Reading with Mozilla #
Is it me or does the integration between Firefox and Thunderbird suck for feed reading? Considering the two are partnering applications from the same organisation, I'd have expected a greater deal of interaction between the two.
Furthermore, Firefox's handling of feed discoveries, although interesting, is ultimately irritating. If a website has an RSS or Atom feed available for subscription, you get a nice little orange icon inviting you to subscribe. It's neat, simple, but fails to accommodate for user choice.
I don't want to subscribe to feeds within Firefox - its way of displaying feeds (in the Bookmarks) is not useful to me. I want the feed to be added to Thunderbird, which does a much nicer job, but Firefox effectively locks me in to its own reader.
That's not a pleasant experience - despite the fact the subscription icon is right there in front of me I have to do one of two things: either I go looking on the page for a feed/RSS/Atom icon or link, or if that's not around I have to view the source.
My inconvenience quickly turns into annoyance. Today - I want to add my favourite blogs to the feed reader in Thunderbird. What should be an easy task (go to each site; click Subscribe) has the potential of becoming fairly time-consuming and tedious.
A one-off inconvenience is tolerable, but when it is multiplied or repeated daily, it quickly becomes an annoyance. That's the kind of effect bugs and missing functionality has on programs that are used many times daily.
There are always movements in major projects like these, and I have no doubt that others have picked up on this, criticised it, and at some point it'll be fixed - as has happened in so many ways in the past (and Firefox is of course much better for it).
In essence, this is about recognising how people use things daily, how they imagine features will work and how annoyed they can get if that feature works different to their expectations. I happen to think this is precisely one of the reasons why Google did so well - you want to do 1, 20, 50 searches a day? Google will do it consistently, straightforwardly and fast. It becomes a bread-and-butter application, as does the web browser, or the word processor, or the spreadsheet, or the photo editing program - depending on your day job. As long as they don't get in the way by faulty interaction, and do their job they stay in place.
These things must work smoothly to earn your appreciation, and to avoid frustration. It's a reminder of how vital human computer interaction is for products and services that are used regularly throughout the day.
All this over a little orange icon! I think I'm going to find another feed agent for autodiscovery.
BTW I'd be interested in knowing how IE7 and Safari deal with subscriptions - do they give a choice of reader packages? Could the Firefox orange icon just act as a URI with the feed: prefix - therefore invoking whichever application has been set up to deal with feed: URIs (Thunderbird does this, and Firefox could too).
Blog Search #
ZDNet have published a HitWise report showing the most popular destinations for 'blog search' from search engines.
Blogger is first at 26%, Blogwise second at 18%, GlobeOfBlogs is next at just shy of 5% - nice!
Wordpress 2.0 #
I may try switching to WordPress 2.0 some time later this week - expect wonkiness. I've already written most of the import script, so the transition should be fairly painless, but the new design (I'm not bothering right away to template) will be a bit of a shock.
Update - if you can read this the upgrade worked and the DNS switched has gone through. Excellent, now I just need to categorise everything.