Wordpress spam comment hole and fix

I had comments turned off in Gordon’s Shares [1], but on a rare visit to my admin Dashboard I found 15,000 spomments in the Pending queue [2]. They looked to be all spam, there were several from today, and they were largely related to old posts.

That was a surprise. The blog has comments disabled, there’s no way in the UI to create a comment; I presume the attackers were leveraging an API bug. So in addition to confirming the Commenting was disabled, I also restricted the (disabled) commenting to registered users (which would be me). That seems to have fixed the problem.

[1] Mirrors/archives [1] my pinboard shares. Current setup is a bit different than 2012:

• Pinboard shares to ADN via Pourover and RSS.
• Pinboard shares to Twitter and WordPress via IFTTT

[2] I used the Delete All Comments plugin to clear out the 15K — it transiently tied down my database but it worked.

Update 10/9/2014

Stunningly, this is working as designed (via @martinsteiger)

If you have unchecked Allow people to post comments on the article on the Options > Discussion panel, then you have only disabled comments on future posts.

This is the kind of thing that gives open source a bad name -- and it doesn't say much for the tech journalists who praise the WordPress organization either. Looks like a great way to do a DOS attack on a WordPress site -- fill up database storage with spomments.

Happily my workaround works perfectly.

ptel Real Paygo fatal flaw: it's a prepay plan that runs up overage fees

One of the reasons we use prepaid plans for the kids is that there should be a natural limit on overages. If Apple’s mediocre iPhone Cellular data controls break down, perhaps due to the iOS 7.1.2 cellular data bug [1], our losses are capped.

Not so with ptel Real Paygo, a service I recently compared to H2O mobile. My son’s cellular data was disabled two days ago, and when I inspected his account I found this notice:

His did make use of that data, perhaps due to an iOS 7.1.2 bug (thanks Apple) [1]. He still shouldn’t have run up an actual overage however. ptel should have run his account to zero and then cut off service. Instead they ran up the equivalent of 3 years of his typical usage - perhaps due to problems in ptels accounting infrastructure (in which case the honorable thing would be for them to “eat” the overages they didn’t block).

I haven’t bothered pursuing this with ptel — I’d been planning to switch my sone back to H2O wireless after H2O provided a profile to enable 4G data services on the AT&T network. So I abandoned the ptel number. He doesn’t get that many phone calls, so reactivating iMessage on these MVNO networks is the primary pain. I’m just glad this didn’t happen to my daughter. Changing her phone number would be a Richter 10 crisis.

I hope H2O doesn’t have the same abominable practice. Google searches didn’t turn up anything about this practice, but I might not have the right search terms.

[1] My son ran through 1.2 GB of Podcast data on his prepaid account. I have screenshot evidence that Podcasts.app was set not to use Cellular data, and when I inspected his phone changes to the cellular data controls were restricted. Nonetheless, Podcasts.app cellular data access was enabled. I’ll keep an eye out for a class action suit …

iOS 7: Apple may have broken Safari by changing iCloud sync behavior

My son’s iOS 7 Safari began loading very slowly and crashing on bookmark entry.

Disabling Safari sync in iCloud settings fixed the problem.

I assume Apple has made changes to iCloud as part of their general iOS 8 screwup, and those changes are now impacting iOS 7 users.

iOS: When enabling iMessage get directed to turn on cellular data even when it's already enabled

iOS: When enabling iMessage get directed to turn on cellular data even when it’s already enabled … You probably have Cellular data disabled for Settings. Even though it’s enabled for iMessage you need to also enable it for Settings. It’s a misguided error response, the code wasn’t updated to manage iOS 7 cellular data control.

AirPlay is not compatible with Extend Network -- at least on my AirPort Express

After much suffering I discovered AirPlay is not compatible with "Extend Network" on my @2012 AirPort Express.

Would be helpful if Apple documented this.

When I enabled Network Extension I had frequent dropouts. Switched to Join Network and it's fine.

Maybe my location is pathological, but I bet I'm not alone.

Blogger's BlogThis! bookmarklet has largely disappeared from the web.

Google still hosts the BlogThis! bookmarklet at https://www.blogger.com/blog-this.g but they've removed all documentation. Google Search finds old posts, bad links, and splogs. If you drag above to your toolbar I think it will work (did for me). I am seeing new issues with Blogger's perennial line feed problem, so maybe that's part of the removal. [1]

In a similar vein the Blogger online documentation of limits doesn't mention the now 5 year old limit on search -- only the past 5000 posts are searchable within blogger.

On the one tentacle I'm surprised Blogger still works -- Google deprecated it years ago. On another, my RSS feeds are busier than ever, and Google has quietly returned to blogs for its external communications -- tacitly abandoning G+.

Interesting ride on the pseudo-IndieWeb of Blogger, one of the last remnants of pre-Evil Google. I've been using WordPress for years for my microblog posts and I'm happy to report that the migration tool continues to be updated (though last I looked it was still WP 3.5, we're on 4.0 now).

[1] One of the original sins of the personal computer was the CRLF, LF, CR division between DOS, Mac and Unix. Extra blank lines with various combinations of editing tools is the price paid for Bill Gate's CRLF blunder. He should send us all checks by way of compensation.

Tivoli Radio - spending $150 to get a 1960s radio is very 2014

Ten (ten!) years I wrote in this blog …

Gordon's Tech: Tivoli PAL (or iPAL): the iPod speaker accessory of choice?

… At $130 the price isn't bad. It's not as flash as some of the iPod speaker accesories, but it's ruggedly made and comes with a great radio. It might be interesting to pair this with an Airport Express and use it as a convenient iTunes and iPod extension….

Today, ten years later the iPal features are identical but the price has gone up by $90. Despite the price bump and complete lack of feature change the product remains popular.

Capitalism isn’t supposed to work this way. We should have been inundated by Chinese clones; but instead we are swamped by much cheaper products with inscrutable interfaces. (The latter is why we bought the Tivoli.)

In any case I didn’t buy the iPAL, i bought the battery-less Model One for $140 on Amazon. It has the layout of a $10 radio from 1960 - speaker, volume, rotary tuner, AM/FM switch. The only concession to the past 55 years is an Aux setting (I lied, it’s OFF/FM/AM/AUX).

It’s so retro it’s fashionable. My 12 yo wants one bad.

The back ports do show it’s bit more serious than a 1950 knock-off. Here’s a pro picture from Amazon that obscure’s the “made in China” letters and hides some screw heads ..

and here’s the real thing, which doesn’t look nearly so pretty …

 

The radio comes with an (undocumented and easy to miss) coax connector with a 3 foot long external antenna wire. If you plug it in, do switch from internal to external. (In my photo you’ll see it’s set to internal even though an external antenna is connected. I only noticed the switch as I was editing the photo!).

There’s a (stereo) headphone jack, a 12V connector (not sure for what), a record out (!) separate from the headphone jack, and an aux in. The power cable, by the way, is very long and comes with a hefty ferrite core which may or may not help with power line hum.

The aux-in on my device is for the AirPort Express AirPlay output - just as I wrote 10 years ago. Unfortunately, it’s not working very well in our kitchen. I’m getting periodic drop outs, and the microwave completely kills any wifi. As best I can tell it should be working — but the Airport Express I’m using is at least 5-6 years old. I’m going to order a modern Airport Extreme to free up a 2-3 yo Airport Express and try that instead.  (I am annoyed that AirPlay/WiFi is not working as advertised, but I’m not surprised. We Apple veterans don’t really expect our Apple gear to work. Apple is only better than all the alternatives.)

If newer AirPort Express still fails I’ll return the Extreme (yay Amazon) and buy a Bluetooth dongle instead.

Tivoli does make a BT version of this devices for $100 more, but the Amazon reviews are damning, particularly this one …

After the Tivoli was initially paired with my mom's iPod, it would autoconnect with it every time she wanted to use the bluetooth function. However, when I paired it with my iPhone as well, that autoconnect feature fell by the wayside and every time the bluetooth function was used, you had to re-connect the device manually. Not really a big deal, but it was pretty cool when the Tivoli connected automatically. Just to be sure, I got in touch with Tivoli and they said that once the unit is paired with more than one device, it loses its autoconnect capabilities. They also said there was no way to reset it to factory settings.

This review is a few years old, so maybe Tivoli has fixed their BT problem, but they’re clearly technically incompetent. I decided to go for the simple device they seem to know how to make with AirPlay then, if that fails, an external bluetooth dongle.

The sound and tuner are both fine. So if it keeps working we’re happy — though it’s weird that we have to spend so much to buy something simple:

Capitalism is not working as expected.