Please read: A personal appeal to Wikipedia founder Jimmy Wales

Dear Jimmy: fuck off.

I swear, I have spent so much time figuring out what to put in my ad blocker to make his face stop smirking out at me from every Wikipedia page that I'd rather bill him for my time than make a donation. (They are being "clever" with background images, making it hard to track down the URLs, and they change the pathnames all the time.)

Block these:\?title=Special:BannerController*/foundation/*/Fundraising

Tags: , ,

WordPress, WordPress, WordPress.

Apparently if you say the word "WordPress" your post gets copied and re-posted by a zillion different spam blogs. It's like calling Candyman. WordPress WordPress WordPress. My hovercraft is full of WordPress. Hello, spammers. Please know that I am never gonna give you up, never gonna let you down, never gonna run around and desert you.
Tags: , ,

Portal Gun video!

Volpin Props

Previously, previously, previously, previously, previously.

Tags: , , ,

Hello Giant

Yes, it is actually by Shepard Fairey:

Tags: ,

WordPress migration mostly complete

Well, that was relatively painless as such things go. I've gotten all of my posts and comments imported into, and I have it auto-crossposting to Livejournal and Facebook.

I had a hard time getting the built-in WordPress LiveJournal importer to work (LJ's servers kept timing out!) so I wrote my own: ljgrabber.

Problems remaining to solve:

  • It's not crossposting to Twitter yet because the plugin is failing for some mysterious way. Once the Twitter app redirects back to /blog/?oauth_token=... I just get a blank page, so I can't connect the app to WP.   Update: Got it working eventually.
  • I have not yet figured out a sensible way to have a program running on the same host as WordPress post a new blog entry. I could do this with XMLRPC if I considered leaving my plain-text password in a text file to be "sensible", but alas I do not.   Update: See my wppost and ljpost scripts.

  • I'm not entirely happy with how SFC posts to Facebook; it just extracts and posts plain-text, without attempting to provide a thumbnail image (e.g.) Sadly, I think the only way to get even close to full HTML into Facebook is to let them pull an RSS feed, which means your post might show up in a week if you're lucky.   Update: Later versions of SFC are a lot better.

These are the plugins I'm currently using, FWIW:

  • Akismet -- spam blocker.
  • JournalPress -- LJ crossposter, descended from LJXP.
  • More Fields -- lets me have easy-to-edit "Music" and "Location" fields.
  • Simple Facebook Connect and Simple Twitter Connect -- a bundle of related plugins:
  • SFC/STC Comments -- lets you use your FB/Twitter identity to post comments.
  • SFC Like Button -- does that, but required a bunch of CSS tweaking to make it look sane.
  • STC Publish -- cross-post to Twitter.
  • SFC Publish -- cross-post to FB. (Works, but I do it differently now.)
  • SFC Comments -- let commenters log in with their Facebook account.
  • STC Comments -- let commenters log in with their Twitter account. (This stopped working with a Twitter API change in 2012.)
  • wpuntexturize -- Prevents WordPress from shitting all over your perfectly good double-quotes and apostrophes by turning them into some Unicode nonsense.

In an ideal world, I'd go back and hack all of my existing LJ posts to do a 301 redirect to the new place, so that Google would eventually realize that it should return the pages in search results instead of the pages, but I'm pretty sure LJ's HTML sanitizer blocks any mechanism that would let me accomplish that. (Update: Instead I wrote a script to bulk-edit all of my old LJ posts to point here instead... maybe the search engines will pick up on that someday.)

I live in dread of the day when I reflexively click "upgrade" on something and all the places where I've made custom CSS tweaks get blown away. Is there some accepted way of dealing with that which is more clever than checking it all into CVS?   Update: Short answer: "no".

Update, 2-Dec-2010:

I've since added these plugins:

  • Avalicious: If you get a post from someone logging in with a Livejournal email or OpenID, this will give them their LJ avatar. Recommend you add curl_setopt($ch, CURLOPT_TIMEOUT, 1) before both calls to curl_exec() in plugins/avalicious/avalicious.php or it can slow things down.
  • Comment Reply Notification: Send commenters email when someone replies to them.

  • FetenWeb image_src Metatag: Adds a sane <link rel="image_src"> tag to all of your posts, so that when people share them on Facebook they show up with a reasonable thumbnail.   Update: Now redundant, as the new Simple Facebook Connect does this too.
  • HTML Emails: When WP sends you a notification of a new comment, this makes them prettier, and includes links.

  • Live Comment Preview: Puts a realtime-updating preview box below the comment-entry area. (I'm slightly worried by this, because it is client-side-only and doesn't do the same HTML-sanitization that WP does, but since you can only do injection attacks against yourself and not other people, I think it's safe. Dissenting opinions welcome.)

  • OpenID: Lets others post comments to your blog with an OpenID, and lets you log in elsewhere with your blog as your OpenID. It took me a while to realize that this was working because there's a syntax error in the source:
    - echo '{ valid:' . ( is_url_openid( $_REQUEST['url'] ) ? 'true' : 'false' ) . ', nonce:"' . wp_create_nonce('openid_ajax') . '" }';
    + echo '{ "valid":' . ( is_url_openid( $_REQUEST['url'] ) ? 'true' : 'false' ) . ', "nonce":"' . wp_create_nonce('openid_ajax') . '" }';

  • PubSubHubbub: Informs search engines that you've updated.

  • XRDS-Simple: This seems to be required before the OpenID plugin will allow you to log in elsewhere with your WP blog's OpenID identity. The trick appears to be to put this in your top-level /index.html file:
    <link rel="openid.server" href="">
    <link rel="openid.delegate" href="">
  • Configure Login Timeout: Lets you set the duration of your login cookie to something other than the default of 2 weeks.

  • Limit Login Attempts: Makes life harder for the botnets trying to guess your passwords.

  • And of course my own Base64 Shortlinks plugin.

Other notes:

  • I wish to allow commenters to post IMG and OBJECT tags. This is apparently rocket science.   Update: Kinda it is, yeah. You have to write a custom plugin whose purpose is to edit the hairy $allowedtags and $allowedposttags arrays.

  • I had been using All in One SEO Pack on someone's recommendation, but it appears that all that it does is add a <meta name="keywords"> link of my tags. Deleted.

  • I had been using W3 Total Cache, but further testing indicates that it is redundant and unnecessary. WP's built-in cacheing works just fine. Deleted.

  • I had been using WPTouch, a plugin for making the blog look "native" on an iPhone. I gave up on it because it was too much work to keep re-patching it at every release to get it to have the proper colors, etc. It doesn't have enough customization hooks, so I had to make changes to the source with every release. Also logging in with FB/Twitter didn't work, etc. So instead, I gave up on this plugin and instead just tweaked my CSS to make my existing theme resize properly on small displays, which is the Right Thing anyway.

If you're interested in the CSS hackery I did to bend the theme to my will, it is jwzblog.css. (A <link rel="stylesheet" goes in the Weaver 2010 Advanced prefs.)   Update: Nah, that's gone now. For a couple of years I had just been using the "Weaver 2010" theme plus a gigantic amount of CSS to bend it to my will, but in Dec 2012 I finally bit the bullet and wrote my own theme to simplify things and give me easier control.

Tags: , ,

Batman the Redeemer

Tags: ,

Who Wants to Be Mayor of San Francisco?

Tags: , ,

WordPress questions, part 2

I have largely bent WordPress to my will. I couldn't get the built-in LiveJournal importer to do anything other than sit there for an hour and then say "XML-RPC Request Failed", so I hacked my ljgrabber script to download my entire LJ plus comments and emit a "WordPress Extended RSS" file, which I was able to import.

Check it out: woo.

I haven't enabled commenting there yet because I'm still tweaking things, but poke around and let me know if you see anything broken. Suggestions on how to make it look better or be more usable are welcome.

I guess I'm gonna have to convert all my "previously" links to point here instead of to LJ by diddling the database directly, sigh...


  • I understand that using WordPress and/or its plugins means living in a world where you have to upgrade everything constantly. WP has plugin installation and upgrading built in, but -- WTF? -- it wants me to give it an FTP password to do so? (FTP still exists??) But this makes no sense at all: the WP install running on host X wants to download a file and then install it on host X by running FTP from host X, to host X? What am I missing? In what way is that not completely insane?

    So to install things I end up having to download and unzip them manually, and that's annoying. Why can't WP do this for me?

  • What comment-related plugins should I install to make it so that people can log in with Facebook and OpenID and stuff? I don't think I want to allow people to comment unless their email address has been validated by somebody, to avoid the usual drive-by shitcockery. (I've installed Akismet, but that's just a spam catcher.)

  • Should I look for a plugin for crossposting to Facebook and Twitter (and LJ, eventually), or just write my own?

  • There seem to be 30 different plugins to do any given thing (e.g., FB "Like" buttons). What's a good strategy for figuring out which ones are not gaping security holes?

  • Likewise, what plugins do you find useful?


Tags: , ,

WordPress questions

I think it's time to give up on Livejournal and host my blog on my own server. I imagine I'll still feed RSS into this account, but the ads that LJ's Russian Masters are apparently subjecting my readers to before they can post comments hurt me deep inside.

Anyway, WordPress seems to be what the kids are using today, so I've installed that and I'm playing around with it.


  • Does "livejournal-importer-0.3" actually work? It would appear not to. So what's the second-easiest way? Convert my LJ to an RSS feed and stuff that in? Or hack it out in the SQL database directly?
  • What is the WordPress theme that most closely resembles the theme of this here LJ? I was going to just add some CSS to the default "twentyten" theme, but it sets colors in no less than 83 places, which is just ridiculous. (When I edit "style.css" am I editing a generated file? Or did someone actually produce that monstrosity by hand?)

  • What is the done thing for commenting and spam avoidance? Should I just install whatever-plugin and force people to have Facebook accounts to comment? What are the sensible choices here?

  • Any WP-related security gotchas I should know about?

Tags: , ,

today's TSA comedy

Soldiers armed with deadly nail clippers:

A few minutes later, a guy empties his pockets and has a pair of nail clippers. Nail clippers. TSA informs the Soldier that they’re going to confiscate his nail clippers. The conversation went something like this:

TSA Guy: You can’t take those on the plane.

Soldier: What? I’ve had them since we left country.

TSA Guy: You’re not suppose to have them.

Soldier: Why?

TSA Guy: They can be used as a weapon.

Soldier: [touches butt stock of the rifle] But this actually is a weapon. And I’m allowed to take it on.

TSA Guy: Yeah but you can’t use it to take over the plane. You don’t have bullets.

Soldier: And I can take over the plane with nail clippers?

TSA Guy: [awkward silence]

This might be a good time to remind everyone that approximately 233 people re-boarded that plane with assault rifles, pistols, and machine guns – but nothing that could have been used as a weapon.

Schneier has a comprehensive round-up of recent absurdities.

Tags: ,

  • Previously