babloo/blyat spammer attack on many WordPress blogs

I’ve learned recently that a number of WordPress powered blogs (including xkcd) were hit by some kind of spammer attack (bablooO aka babloo-O).

It injected many spam links into the database before the “read more” part of a post.

I am trying to figure out how this happened so it can be prevented from happening again, if it’s a plugin vulnerability or from WP’s xmlrpc.

So if anyone has more details please let me know. I do know it was not tied to any specific version, I have found the signature on WP 2.3 2.5 2.7 & 2.7.1

(sometimes the signature says “blyat” instead of “babloo”)

bbPress still deleted from Wikipedia

bbPress is approaching 10,000 active installs and millions of users by my (heavily researched) estimation and yet it’s still deleted from Wikipedia. However BuddyPress which definitely has less than a thousand active installs, features it’s own page. Go figure.

Wikipedia has pages on ultra obscure fonts that aren’t even in use anymore from ancient Windows 3.1 applications, but a dedicated bbPress page is excessive to the editors?

wolfram alpha is not just hype, it’s amazing

From a programmer’s perspective this is the most amazing thing I have ever seen done on a PC:

http://www.wolframalpha.com/screencast/introducingwolframalpha.html

keep watching, even 5-10 minutes in, it just keeps getting more and more impressive…

(among other things it can casually compute fluid dynamics, tell you where things are in space, mix colors, weather for any location at any time in history, whoa it’s staggering)

Swine Flu 2009 Epidemic Map on Google

Apparently USA media outlets are neglecting to include the word “emergency” from the World Health Organization’s press release about the spread of Swine Flu.

I guess check this daily and decide for yourself how bad it is:

swine flu map on google maps (replaced with better map 5/2)

ps. Tamiflu can pretty much stop it from having symptoms more than a cold but a full treatment costs $100 plus a doctor’s office visit to get the prescription, so good luck to those without insurance like me… btw in India it’s only $60 and they have a generic version coming out for $30 but you won’t likely see it in the USA because corporations need their profits no matter how ill you are

Apple claims it invented and owns automatic software updates

I don’t care how much you love your mac, Apple is just as evil as Microsoft:

June 1995: Method and apparatus for automatic software replacement

Software patents are asinine and should not be legal.
I hope someone easily proves prior art and makes Apple waste their profits from overpriced hardware on patent/legal fees. The only reason why this really matters right now is Apple has started to threaten developers like the W3C

WordPress 2.8 might break login compatibility (again)

Remember how they changed the login cookie in WordPress 2.5 ?

Then they realized they got the security model wrong so they changed it again in 2.6 causing more backward compatibility problems. (then they finally added HttpOnly in 2.7)

So since it’s all working/stable now, guess what, they are tampering with it again:
Continue reading ‘WordPress 2.8 might break login compatibility (again)’

First ever TalkPress powered website?

Unless I missed an announcement somewhere,
I think I’ve found the first ever TalkPress powered website:

http://ask-the-expert.health.com/

Looks really nice. I believe it quietly went live in the middle of March.

TalkPress is essentially Automattic hosted bbPress forums,
just like what WordPress.com is to WordPress blogs.
(it uses WordPress.com global logins/cookies)

Matt first mentioned TalkPress a year ago.

update: Yup, I did indeed miss an announcement, here it is:
http://watershedstudio.com/blog/2009/03/healthcom-on-talkpress-vip/

Reduced CPU load with PHP 5 vs PHP 4

Flickr admin have an interesting WebOps Visualizations Pool and they posted something fascinating. After switching to PHP 5 last week (I am assuming 5.2.9 from 4.4.9) they immediately noticed a reduction in CPU load. They claim the number of Apache connections per second remained persistant after the switch so it was not simply because of a reduction in traffic.

If PHP 5.3 doesn’t go final/gold anytime soon I may just have to try the RC.

PHP 5.3 goes RC1 !

Somehow this happened so quietly that I missed it a couple days ago!
PHP 5.3 has hit release candidate 1. (download)

This is exciting because it’s going to be a “free” 15%-20% performance boost over 5.2 for many programs like WordPress and bbPress. It’s the version I am waiting for to finally replace PHP 4.4

What’s new in 5.3 [PDF] http://ilia.ws/files/phpquebec_php53.pdf

How to fix Internet Explorer 8 messing up WordPress themes

Here’s a mini-plugin (single line of code actually) that will prevent the new IE8 (aka Internet Explorer 8 ) from messing up your carefully crafted WordPress or bbPress design.

<?php if (strpos($_SERVER['HTTP_USER_AGENT'],"MSIE 8")) {
header("X-UA-Compatible: IE=7");} ?>


Make a mini-plugin out of it and activate.
(you might be able to put it into functions.php if that executes before other data is sent but I am uncertain – for the extremely lazy you could in theory put it as the very very first line of header.php in your template)

I also have it listed as a more formal plugin over here

For those that don’t want to install IE8 permanently to just test their webpages, this version will run in it’s own virtual box so it doesn’t affect the rest of your system:
http://start-o.xenocode.com/layers/ie8/8-0-0-0__2/ie8.exe
There’s no install, it just runs instantly from that one file.

Some Tech Tips to find a better WordPress or bbPress Host

I’m going to reprint some advice here that I shared on bbPress.org as there is a great deal of confusion and misguided ideas over how to find a good host for WordPress or bbPress.

A quick google shows there are dozens of “Top 10″ lists of hosts. Some are dubious with commission links and others that as well intentioned as they are, focus on non-technical aspects that don’t matter much in the end.

There is a MASSIVE amount of competition in the hosting world and virtually everyone offers things like “uptime guarantees” and seductive low prices to try to grab customers. In the end it doesn’t matter. You can go with a provider that’s been highly recommended and have the worst experience, or try one out that others have complained about and have a good experience.

Continue reading ‘Some Tech Tips to find a better WordPress or bbPress Host’

Firefox plugin to detect when website sessions in use?

update: presenting my very first firefox plugin!
http://bbshowcase.org/firefox/website-sessions-detector.xpi
Detects if any of several session types are in use on a website. It has some room for improvement but the fact that it works at all is good start…

—–
I dislike the use of sessions to track users between web pages because it slows things down on active websites and if cookies are disabled, they can create a mess when they get appended to the URL. They are also useless across multiple servers if they aren’t stored in a common memory pool (memcached, etc).

Here are some common session names:
ASP uses “ASPSESSIONID”
PHP uses “PHPSESSID”
.NET uses “ASP.NET_SessionId”
JSP uses “JSESSIONID”
ColdFusion uses “CFID”
(let me know if you are aware of others)

I try to avoid using sessions in my bbPress plugins but there are two (Human Test & OpenID) where I’ve been too tired (aka too lazy) to come up with a complex way around them that would involve mysql tables, etc. However I try to make sure that sessions are not activated when not needed (in most cases, only during registration. But there is a popular third-party plugin that I’ve taken over ownership for (bb-topic-views) that uses sessions all the time when reading topics to prevent re-counting on multiple pages of the same topic.

Continue reading ‘Firefox plugin to detect when website sessions in use?’