Posts in the Tools Category

Okay, so it’s been almost three months since the last time I updated S5.  During that interval, I’ve been quite busy, but I still feel disappointed that I haven’t put more energy into the project.

As a partial salve, I’ve made a few changes to the S5 information pages.  The main page now has links to the latest official version and latest revision, as well as quick links to useful information.  I updated the FAQ a bit as well, to clarify the licensing situation.  At some point, I hope to create a separate page that contains a feature list, but that’s on a back burner right now.

What I really want to do is finally make S5 1.1 a full, final reality.  Therefore, I’m pushing it to version 1.1rc1 with the knowledge that there’s a new bug to be addressed.  In Safari 1.3 (and I assume 2.0 as well, though I haven’t had a chance to install Tiger yet to find out) the arrow keys double-advance, or even more.  So if you hit the “right” or “down” arrow keys, you’ll jump forward two slides; “up” or “left” moves you back two slides.  On incremental slides, you’ll advance to the end of the slide, or the next incremental element.  The space bar doesn’t evince the same problem.

I assume this is a keystroke handling problem, but I’m not entirely sure—the behavior of incremental slides makes me wonder if maybe it’s something else.  Either way, if we can get that fixed and don’t uncover any other major problems, I’d be happy to call this bad boy done.  Help, as always, is welcomed and appreciated.

Update: Pritt left a comment on another post providing a solution for the Safari bug.  Look for 1.1rc2 shortly!

• S5 1.1rc1 was published on Monday, May 30th, 2005.
• It was assigned to the S5 and Tools categories.
• There have been nine replies.

Thanks to the good offices of Server Logistics (providers of the Complete MySQL package) and Jonas Luster (who gave me the database import command I actually needed) I brought my local copy of WordPress back up to speed last night and was able to test the Gatekeeper update script.  Thus, WP-Gatekeeper RC2 makes its debut.

Here’s what changed:

• Added “reset to default” links for the challenges and the markup template on the management page.  Remember that if you say “OK” to the pop-up dialog box, the data will be reset to install default and there’s no going back.
• Fixed a bug where logged-in users still had to answer the Gatekeeper challenge.  Now there should be no challenge for logged-in users.  This assumes that your install allows people to register and log in, of course.  (Thanks, ColdForged!)
• Tweaked the scanning routines to be more cross-platform friendly, the form scanning to be kinder to 1.5 themes that were ported from 1.2 installs, and fixed (I think) a slash-insertion bug that could affect the markup template.  (Thanks, Scott!)
• Added theme-root support.  (Thanks, Terrence!)
• Changed the gatekeeper_default_template option to be called gatekeeper_markup instead.

That last change was the original motivation to create the update script, since the plugin would break without updating the option name.  While I was at it, I decided to throw in routines to let users of the 1.0b1 version migrate their challenges over to version 1.5 and then delete the old tables.

So if you’ve run any previous version of WP-Gatekeeper, you’ll need to download and run the update script.  It’s called wp-gk-rc2-update.php.  To run it, uncompress the archive and drop the PHP file into your main WordPress directory, then load it up in a Web browser.  From there, the script should walk you through the update procedure.  If you’ve only ever used  GK 1.5 RC1, then it will be two steps and painless.  If you were running 1.0b1, then it’ll be three or so steps and still painless.  (Unless of course I have bugs, in which case there may be pain.)

Basically, you’ll need to run the updater either immediately before you install the RC2 plugin, or immediately after.  In the interval between the two, there will be trouble.  I’m sorry, but I don’t know of a way toclose that window.  My recommendation is to run the update script and then drop the plugin into your plugins directory as soon as the updater finishes.  However many seconds passes between the two will be the window of possible breakage.

So there you have it.  Assuming no problems are encountered, the plugin will reach 1.5 final within the next week.  Let me know if you hit any roadblocks or see ways in which the code can be improved.

Update: problems have been encountered.  The automatic-placement routines seem to have failed, so no challenge will appear unless you use the gatekeeper_pose_challenge() call in your comment form template.  This means nobody will be able to post unless they’re logged in (and maybe not even then).  I’ll post an update as soon as I figure out what’s failing and how to fix it.  Sorry for any inconvenience!

• Gatekeeper 1.5 RC2 was published on Thursday, March 10th, 2005.
• It was assigned to the Tools and WordPress categories.
• There have been fourteen replies.

I have two coding projects going, and both are for the moment stalled.  Maybe you can help.

The more recent of the two is WP-Gatekeeper, which is almost ready to go from RC1 to RC2 except for one tiny little problem: I upgraded my local copy of MySQL, and it blew away my WordPress database.  So I mysqldumped the database from meyerweb.com, copied it down to my hard drive, and tried to mysqlimport it.  And tried, and tried, and tried, until eventually my eyes started bleeding.  No dice.  Therefore, no possible chance of my testing the update script, which is necessary because it actually deletes tables from the 1.0b1 version of Gatekeeper.  I don’t want to put it out into the wild without making sure that it deletes the right tables, and no others.

Obviously, without a successful import of the dump file, I can’t test the script.  I’ve read the MySQL documentation, and done everything it says to do.  It fails.  I tried logical variants, in case there was something the documentation was leaving out.  No dice.  Then I tried illogical variants, including some SQL statements that included words I wouldn’t ordinarily type, let alone say out loud.  The error message is basically always the same, and it never helps.  It goes something like this:

~/mw > mysqlimport -u root meyerweb meyerweb20050309.sql.dump 
mysqlimport: Error: Table 'meyerweb.meyerweb20050309' doesn't exist,
 when using table: meyerweb20050309

Well, no kidding, geniuses; there is no table called that, because it’s the name of the dump file, not anything in the database.  And yes, when I dumped the DB from meyerweb, I did it so that it contained the CREATE and USE directives at the top of the dump file.  They don’t seem to make any difference at all.

Plus all that was after I reinstalled MySQL about seventeen times because it refused to start up even though the installation was supposed to be point-and-click.  Eventually I switched to a different, third-party install package, and it went like a charm.  Serves me right, I suppose, for assuming that the MySQL.com folks could put together an install package that actually works.  At this point, as far as I’m concerned, MySQL is the rotted corpses of the maggots that once infested the corn inside a pile of moose droppings.

Not that I’m bitter that this wasted four hours of my life or anything.

The other project is, of course, S5.  It’s currently stuck at 1.1b5, because there’s this problem in Firefox for Windows that I simply cannot figure out.  I commented on it a little over a month ago; the basic problem is that when viewing the testbed slide show in Firefox for Windows, it seems to “jiggle”, apparently from constant re-scaling of the fonts.  I can’t figure out how to stop it.

So any ideas, anyone?  At this stage, that’s pretty much the last major problem before going final.  Safari still blocks use of Page Up and Page Down when in the outline view, but that’s something I can live with.  The nervous-twitch display in Firefox for Windows isn’t acceptable in a non-beta version.

I’ll still be using S5 1.1b5 for my SXSW presentations, but that’s okay because I’ll be using Firefox for Macintosh, which doesn’t appear to suffer from the same problem.  If it does start having problems, I’ll just switch to Safari.  No big deal.

Anyway, that’s where things stand on those two projects.  Hopefully I’ll get over the roadblocks soon, and be able to get them moving again.

• Stuck was published on Wednesday, March 9th, 2005.
• It was assigned to the S5, Tools, and WordPress categories.
• There have been twenty-three replies.

Now playing: WP-Gatekeeper 1.5 RC1, a complete overhaul of the Gatekeeper plugin.  This version is compatible with WordPress 1.5, and is basically plug-and-play.  Why “basically”?  Because like Windows, there are situations where the plug doesn’t lead straight to play—but more on those in a bit.

First, if you’re using the default WordPress template or a template that uses the same markup, then literally all you have to do is install and activate the plugin.  The challenge will be placed into the comment form using the same markup patterns used for the other inputs (name, email, and so on).  In fact, this will happen for any theme that uses the same markup as the WP 1.5 default.  In cases where the plugin can’t find the appropriate markup pattern, it will insert the challenge just after after the textarea element in the comment form.

So suppose that you’ve completely altered your comment form markup, and what’s more, you don’t want the challenge appearing after the textarea element.  No problem: insert a call to gatekeeper_pose_challenge at whatever point in the form you want the challenge to appear, surround it with whatever markup is needed, and you’ll be good to go.  That’s the kind of situation where you have to do a little more work than simple plug-and-play.  Otherwise, the installation should be quick and painless.

There is a potential exception: non-UNIX servers.  I think I have things set up so it shouldn’t matter, but I may well be wrong, not having other servers on which to test.  So if you run into trouble, disable the plugin and everything should go back to normal (unless you added gatekeeper_pose_challenge to your comment forms, in which case you’ll have to remove those too).  Let me know if you hit trouble, and we’ll see about getting it fixed before going final.

I’m running GK 1.5 on meyerweb now, and everything seems to be proceeding without incident.  My upgrade problems earlier today were due to forgetting to pull out the hooks I’d hacked into wp-comments-post.php and other files for the old version of Gatekeeper.  Those hooks are no longer needed in GK 1.5, and leaving them in place broke commenting.

If you were thinking about using Gatekeeper but were put off by the long DIY instructions in the old version, then now’s the time to try it out.  It’s easy to install, and even easier to back out if you run into trouble.

I’d like to thank Scott Sauyet for helping me with a number of the new routines and features in GK 1.5, including the use of the built-in options table instead of having to set up a separate table for Gatekeeper, the form-scanning routines, and more.

• Gatekeeper 1.5 RC1 was published on Monday, March 7th, 2005.
• It was assigned to the Tools and WordPress categories.
• There have been twelve replies.

And now, S5 1.1b5: try the testbed online, or download the 208KB ZIP file).  There is one functional change since S5 1.1b4: the Home and End keys now jump to the first and last slides, respectively, when in the slide show view.  In outline view, S5 will ignore those keystrokes (as it does all keys other than “T”) and allow the browser to do whatever it usually does.  This is actually an addition, as neither key was being used in previous versions of S5.

There is still a major conflict between S5 and the AdBlock extension for Firefox/Mozilla.  I don’t know what’s causing it, but I do know that if you’re running AdBlock and you load up an S5 presentation, you’re likely to find yourself trapped in the presentation, unable to use the back button or do much of anything else short of quit the program.  Don’t say I didn’t warn you.  I’ve started a thread in the AdBlock forum about it, and hopefully a solution will be found.  I will not delay finalizing 1.1 for this, however.  If a solution comes up after that and it calls for modifications to S5, then I’ll release a 1.1.1 version for AdBlock users.

A similar problem in Safari is still hanging about: in the outline view, the Page Up and Page Down keys are ignored.  I still have no idea why.  If anyone can find a solution, please let me know.

The PNG transparency fix introduced in 1.1b4 is still restricted to foreground images (i.e., those brought in via an img element).  In the default directory, there are two .htc files.  v1.1b5 uses pngbehavior.htc.  The other file, iepngfix.htc, can theoretically confer alpha-channel recognition to background PNGs in IE/Win.  I was unable to make this work, but the pieces are all there to experiment and find the fix I missed.  The behaviors need to be attached using addRule calls in slides.js; there’s one there already.  Hopefully a fix can be found in time to make it into 1.1 final.

Speaking of which, this is the last beta version before going final—I need to get it out the door so I can concentrate on other things for a bit.  Bug reports beyond the AdBlock problem are welcome, and fixes even more so.  I’m still open to feature requests for versions beyond v1.1, of course.

• S5 1.1b5 was published on Thursday, February 3rd, 2005.
• It was assigned to the S5 and Tools categories.
• There have been twenty-nine replies.

As promised, I now draw back the curtain on S5 1.1b4 (try the testbed online, or download the 263KB ZIP file).  Here are the changes from 1.1b3:

• “Meta” keys—function keys, command, control, alt, and option—should no longer be trapped by keys().  Thus, for those of you who discovered that you couldn’t use command-W to close the window in Firefox/OS X, that should be fixed; hitting F11 to invoke full-screen mode should also work; and so on, and so on.

• While I was at it, I restructured keys() so that the only keystroke S5 pays attention to when in the outline view is “T”, to let you toggle back to the slide show view.  Anything else gets passed up by S5.  Despite this, Safari is still ignoring Page Up and Page Down while in the outline view.  I can’t for the life of me figure out why.

• At the suggestion of Romain Herault, I’ve modified clicker(e) so that it will ignore clicks inside of embed and object elements.  This will allow you to interact with an embedded object, like a Flash file or a video, without advancing the slide show.

  I’m aware that some people have run into problems adding videos to their presentations, but I’m not at this point able to take on the task of analyzing the problems and figuring out potential solutions.  If someone else wants to work on fixes, there’s every chance I’ll be able to get fixes into the next version of S5, but very likely not this one.  I have a similar stance regarding the long pause of unstyled content while the presentation loads.  If someone devises a fix, I’ll study it for inclusion in the next version.  I personally don’t have a problem with the pause, but I realize there are those who’d like to eliminate it, and if it can be done without causing problems I’ll certainly add it.  Just likely not in this version.

• PNG alpha channels are now honored in IE/Win, if only for img elements and not backgrounds.  You can see this happening on slide 5 of the testbed.  Woohoo!  This happens thanks to Erik Arvidsson’s pngbehavior.htc, a copy of which now resides in the default directory.  It may one day be replaced with IE7, but we’ll burn that bridge when we come to it.

  The one sort-of drawback to using this approach is that it seems to require that the call to pngbehavior.htc sits in an embedded style sheet, or else nothing happens.  This may very well have to do with the way the JavaScript monkeys around with external style sheets during startup.  If any of you IE/Win JS gurus can figure out a way to get the behavior to fire without having to embed it into the presentation, that would be stellar.  If not, it’ll just be documented as a “leave this in if you’re using alpha PNGs; otherwise you can take it out” thing.

One thing I’m still thinking about changing is the handling of the Home and End keys.  Right now, they move you forward or backward by one slide, just like the arrow keys and several others.  I’m thinking of making them jump to the first or last slide instead.  I’m hesitant because making the change means it would be much easier for a presenter to accidentally jump to the beginning or end of a slideshow with a single keystroke, and you can already easily jump to any slide by typing the slide number and hitting Return.  On the other hand, it’s a functionality that makes general sense, and it makes it much easier for a presenter to intentionally jump to the beginning or end of a slideshow with a single keystroke.  What are your opinions?

At this point, I would anticipate that 1.1 will have one more beta version to eliminate any bugs that are discovered as well as adopt any optimizations, and then it’ll go final.  I know there have been other feature requests (and may be more on this post, which is fine) but it’s really late in the beta cycle to add anything else.  Any new features will have a chance to get into the next version.

• S5 1.1b4 was published on Friday, January 28th, 2005.
• It was assigned to the S5 and Tools categories.
• There have been twenty replies.

So when I said on Monday:

Got feedback?  Let’s hear it?

…what I actually meant was:

Got feedback about the code or how the package works once it’s installed in WordPress?  Let’s hear it.

I should have realized that otherwise, the comments would turn into an argument about comment spam, fighting it, ways the general idea could be defeated, and more.  Which they did.

Look, folks, despite what some people might tell you, I’m not so arrogant as to think that I could single-handedly solve the comment spamming problem for all time.  Even if I were, I very much doubt I’d be so clueless as to think that WP-Gatekeeper was that solution.  And if both those things were the case, I’m pretty darned near certain I would have very explicitly made the claim of having beaten the spammers.  Likely in big, boldfaced, red, capitalized, blinking letters, plus a background MIDI of “We Are The Champions”.

WP-Gatekeeper is not going to stop every possible comment spam attack, human or automated, for the rest of time.  Neither is any other defense you can name, without exception.  There may be measures that currently have 100% resistance to scripted attacks.  They will one day fail—I can pretty much guarantee it.  Even today, they are defeatable by actual humans sitting at computers and posting comment spam on every site they find.  That kind of spamming is very, very rare, but it happens.  I had such an incident within the last month.  If I hadn’t been keeping a close eye on new comments just then, I’d likely have missed it completely.

I’m fully aware that there are ways a spambot could defeat WP-Gatekeeper.  At the moment, none of them can.  That will one day change, of course, assuming challenges become at all popular.  Comment spam and the fighting thereof is a dance, a tennis match, an arms race.  Neither side will ever win.  As one side adopts a new tactic, the other side will move to counter it.  The countermeasure will itself be countered.  And so it goes.  Eventually, either spambots or spam defenses (or the two in combination) will become so advanced that they’ll gain self-awareness, and then we’ll all be royally hosed.

I know this.  You know this.  Let’s move on from there, okay?

In the end, the goal is to add another arrow to the quiver at the disposal of spam fighters.  Think this approach is wrongheaded, annoying, or otherwise pointless?  Fine.  Don’t use it.  For those who want to add this kind of capability—and since I instituted it on meyerweb, I’ve had not a single piece of spam make it onto the site or hit the moderation queue, whereas in my pre-defense days, I’d get at least twenty every day—then the package is there.  You can combine it with other defenses, if you like, for even more coverage.  I may upgrade it in the future, depending how far I get in learning PHP, mySQL, and form handling, and what feedback I get from people who know PHP better than I do.  I may not, in which case the system as it stands is effective, and probably will be for a while.  Even if I do one day abandon further development, the code is out there for someone else to improve if they so choose.

In the meantime, if there’s anyone who is using WP-Gatekeeper or has looked at the code, and has feedback on the coding or the way it works for the administrator of a WP blog, please feel free to share.  Also, if anyone can point me to an example of PHP code for collecting all of the HTTP_VARS that are returned by an XHTML form and then looking through them, even when the variable names aren’t necessarily known ahead of time, I’d really like to see it.  Thanks.

• Gatekeeper In Perspective was published on Wednesday, January 26th, 2005.
• It was assigned to the Tools and WordPress categories.
• There have been twenty-six replies.

In my post on rel="nofollow", I mentioned the use of easily human-comprehensible challenge questions like “What is Eric’s first name?” as a way to defeat spambots.  There were two points made in the comments that I had considered but hadn’t brought up, given that they were tangential to the point of the post.  They were:

1. Spammers could set up a database of questions and answers used on sites.  They might or might not share it with each other, but the point is that if I set up “What is Eric’s first name?” as the sole challenge, the human running the spambot could build the ability to answer the question into the spambot, thus defeating it.  Quite true.
2. In order to make it more difficult to do this, there could be a set of challenges from which one is picked randomly.  So I might have three challenges asking for the first names of myself, Kat, and Carolyn.  Every time a comment form is delivered to a browser, one of the three challenges, picked at random, is included.  This would make it more difficult for a human spammer, since he (or she) would have to find all of the challenge questions. work out the responses, and build them all into a database, keyed to each site’s domain.

So over the weekend, I built as a proof of concept (and also as an exercise in learning more about how PHP, mySQL, and WordPress work) a WordPress package to do what described in the second point above.  It’s called WP-Gatekeeper, available from my WordPress Tools page, and if you’re brave you can give it a try.  Why brave?  Because the installation involves hacking a few WP files and adding a new entry to the admin menu, not to mention firing up a plugin.  And if you do it in the wrong order, you can break commenting for a short period.  There are DIY installation instructions on the WP-Gatekeeper page, for those who still want to proceed.  You also need to be brave because if you install it, you’re running code written—well, actually, adapted—by someone with only beginner-to-intermediate PHP skills.  I’ve been testing it locally and everything seems fine, but this is even more “use at your own risk” software than usual.  Got it?  Good.

Accordingly, WP-Gatekeeper is currently considered beta software.  I’m making it available now in the hopes that people more experienced than I with PHP and WordPress can take a look, hack on the code, and make it more efficient and the whole package easier to install.  I’m already aware that in WP 1.5, adding the admin page is much easier and doesn’t require hacking files, but I wrote WP-Gatekeeper in 1.2 and want it to work there, since that’s the latest public version.  Thus, any optimizations should work in 1.2.  When 1.5 (or whatever the next version number is) comes out, then I’ll worry about it.

Of course, there’s still nothing that prevents a spammer from registering questions and answers into a database, but the admin page makes it easy for a blogger to add, remove, modify, and re-key the challenges.  That will make tracking them more difficult, so long as a blogger puts effort into maintaining the list of challenges.  It gets back, in the end, to maintaining your blog.  The more maintenance you put into something, the better its shape will stay.

I’m also interested in suggestions for how the overall system could be made harder to bypass with a bot, and easier for a WP admin to run.  One feature I plan to add before going final is the ability to have the keys replaced on a regular basis, with the interval (daily/weekly/monthly/etc.) set by the admin.  The  other driving consideration here is that the system should be fully capable of working even if JavaScript is disabled.  It’s an accessibility thing; just go with me on this.  (Accessibility is the main reason I did this rather than install an image CAPTCHA solution, as it happens.)

Got feedback?  Let’s hear it.

• WP-Gatekeeper was published on Monday, January 24th, 2005.
• It was assigned to the Tools and WordPress categories.
• There have been sixty-eight replies.