Recently in Housekeeping Category

I was reminded by a commenter that I've missed my blogaversary.

Four years ago yesterday I began this blog.

Time sure flies by.

Thanks to search engines that found the site. Thanks to feedburner for letting me know how many people have subscribed via RSS (or ripped the site off via RSS). Thanks to the readers and to the commenters. Thanks to MovableType for providing the software.

Here's to another year securing computers and data.

I have installed the AJAX comment system. It has the side effect of requiring javascript being enabled in your browser to submit a comment.

I've also re-enabled anonymous comments. Hopefully the javascript will throwoff some of the automated comment spammers.

I've seen a press release from Yahoo stating they are implementing an OpenID beta at the end of the month. Hopefully shortly after that there will be a plugin to make using Yahoo accounts to comment here just as easy as using AIM accounts.

My MovableType spam defenses have kind of run amok. It was letting through a ton of spam which led me to disable anonymous comments. For its next trick it decided to trash valid comments.

The first method used for trashing valid comments was a rule that http:// shouldn't appear in the commenter's name field. That wasn't a problem until openID. The crappy OpenID plugin I'm using doesn't put the OpenID displayname in the name field. Instead it pulls a URL including the name and the server. A quick tweak to the ruleset fixed that problem.

The next issue I found was when my own comments were getting blocked (when using a test account not my regular comment account which is set up as a trusted commenter). The Spamhaus zen filter was blocking me. Back in July, MovableType reported that one of the old blocklists was going away and they recommended using zen.spamhaus.org instead. Since I like spamhaus I accepted that recommendation uncritically. Now I find out that "ZEN is the combination of all Spamhaus DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, the XBL and the PBL blocklist". The problem is the PBL is he policy block list. Its like the DUL. Its designed to prevent end users from sending mail directly to recipient mail servers. They should go through the ISP mail server. That is not the sort of list you should be using with HTTP. Endpoint computer should be browsing directly to my website and making comments.

A better Spamhaus list to use is the XBL. Be aware however that according to Spamhaus, "The XBL contains mostly dynamic IP addresses, meaning the user you would be blocking is probably not going to be the user with the exploited computer. Please do not block innocent users."

You're probably better off forcing the user to prove they are human with a Captcha rather than using (misusing) block lists.

I've enabled feedburner. The way its setup you dont have to change your config. It should redirect transparently. Let me know in the comments if you see any issues.

I decided to upgrade from the Movable Type template that I've been using since version 2.6. You should now be able to use OpenID and Live Journal logins when commenting in addition to the typekey logon you could use before.