Fixing WPMU 2.8.4 and the ignored Banned Email Domains option

wpmufunctions_iconI’ve been having a heck of a time battling sploggers at UCalgaryBlogs.ca – roaches that create accounts and blogs so they can foist their spam links to game Google (thanks for providing spammers with such a powerful incentive, Google).

There’s an option in WordPress Multiuser to ban email domains – provide the domains, one per line, into a text box, and it will reject any roaches trying to create accounts from those domains.

The biggest offenders have been myspace.info and myspacee.info – and although they’ve been in my Banned Email Domains list for months, they just keep getting through. I figured there was some exploit they were using, but couldn’t find a thing.

So, today, I took a look through the code of WPMU 2.8.4, to see if I could find what was going on. Turns out, it’s a really simple fix. There’s a function in wp-includes/wpmu-functions.php, called is_email_address_unsafe() – it’s supposed to check the contents of the Banned Email Domains option field, and reject addresses from the flagged domains.

Except it wasn’t. Rejecting, I mean. It was letting everyone through, because of a simple bug in the code. It was written to treat the value of the option as an array and to directly walk through each item of the array. But, the option is stored as a string, so it needs to be converted to an array first. Easy peasy. Here’s my updated is_email_address_unsafe() function, which goes around line 880 of wpmu-functions.php:

function is_email_address_unsafe( $user_email ) {
    $banned_names_text = get_site_option( "banned_email_domains" ); // grab the string first
    $banned_names = explode("\n", $banned_names_text); // convert the raw text string to an array with an item per line
    if ( is_array( $banned_names ) && empty( $banned_names ) == false ) {
        $email_domain = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) );
        foreach( (array) $banned_names as $banned_domain ) {
            if( $banned_domain == '' )
                continue;
            if (
                strstr( $email_domain, $banned_domain ) ||
                (
                    strstr( $banned_domain, '/' ) &&
                    preg_match( $banned_domain, $email_domain )
                )
            )
            return true;
        }
    }
    return false;
}

The fix is in the first 2 lines of the function – getting the value of the string, and then exploding that into the array which is then used by the rest of the function. I’ve tested the updated function out on UCalgaryBlogs.ca and it seems to work just fine. Hopefully the fix will get pulled into the next update of WPMU so everyone with Banned Email Domains can breathe a bit more easily.

Liveblogging from Twitter to a post on my blog


1:06:20 PM: If this works, all of my tweets will be gathered into a single updating blog post, until I send the liveblog stop code.

1:14:35 PM: now, if this works, it’d be even cooler if I could have it pull all tweets based on a hashtag – either my one, or everyone’s.

1:17:46 PM: hmm… Could it be passing over tweets that start with @jimgroom – that could be a killer feature. wish I’d thought of that…

1:19:31 PM: yeah. the twitter –> blog liveblogging plugin seems to skip tweets that start with @ but includes all others. #hashtags?

1:23:00 PM: OK. This Twitter Liveblog thing is pretty fracking slick. I think I’m going to try this for the next event I’m at. Very cool.

1:32:20 PM: that’s interesting – my tweets getting pulled into a single updating blog post, with comments happening on the blog post as well.

1:34:24 PM: http://twitpic.com/jinnt – How does it handle links? Twitpics?

1:45:33 PM: New post: Trying WP to Twitter (http://cli.gs/G1LhR)

1:55:14 PM: this liveblogging thing looks really promising. I’ll definitely keep it handy…

Social capital as real capital?

I posted this on a course blog, but it’s not public so I’m reposting it here.

I just ran a silly experiment to see what dollar value people somehow attach to social capital. Technorati offers a utility to generate a dollar value to see what “your blog is worth” – again, a silly number, but perhaps an interesting way to view the abstracted concepts that compose “social capital”.


My blog is worth $125,327.88.
How much is your blog worth?

I think I’m almost ready to retire. Technorati says my blog is worth over $125,000 US.

Of course, it’s a completely silly and relatively arbitrary dollar value. There’s no way anyone would pay me anything for my blog. That’s just plain ridiculous. BUT, the calculation is based on the value of the website WeblogsInc.com when it was purchased by AOL back in 2005. Loosely, what it’s doing is calculating the “value” of a Technorati rating (which includes the number of websites linking to a site, and their value, etc… in a similar way to Google’s PageRank algorithm) and then calculating the value of a given website (usually a blog) based on that base value. The description from the blog post that Technorati used to create the algorithm:

In acquiring Weblogs Inc., AOL has now provided us with some numbers traditional media are willing to pay for a blog. Looking at the numbers above, one can try to guess at the value of a link from an external site. a single link on the weblogsinc network represents 0.002258559942180087 percent of the overall network. At the different rumored price points from AOL, it looks as follows:
Link $25 million value 30 million value 40 million value
1 $564.64 $677.57 $903.42
I don’t know if those values are based on any real rationale but it’s nice to dream up the value of one’s blog based on this. Should we now assume that traditional media companies are willing to pay between $500 and $1000 per site that links into a blog? Not quite. The incremental value is in the size of the network and the underlying tools. Jason and Brian have been working on developing a blog authoring technology, called BlogSmith, that sits at the core of their network and one has to believe that AOL saw some value in the software too. However, one can easily say that blog valuations are going to be easier to make after this deal since it provides the first yardstick in that space.

So, it’s a calculation of what “traditional media” outlets would pay for a website based on the number of links tracked through Technorati. Not a real world representation of “social capital” but maybe a simple, concrete way to think about the abstract concepts (even though the dollar values are insanely inflated).

Battlestar Galactica Ringtones for iPhone

1_clumsyphones_adamaOK. I’m a dork. I made some ringtones today to use on my iPhone, based on short clips from Battlestar Galactica. Maybe someone else will find them useful. Please don’t sue me. They were all made from very short sound clips I found online.

BSGRingtones

I’m using “BSG – Phone Ring” as my ringtone (it’s the sound the telephones make on the ship) and the others are handy alarm notification sounds.

Download the ringtones

Red Dawn

200px-Red_dawnIt’s time to pick up the Formative 10 Films series, after abandoning it after the fourth entry…

Red Dawn. 1984. A bunch of misfit high school kids work together to defend their town from an invading Russian military force. Patrick Swayze as the cool older brother. Charlie Sheen. Lea Thompson (I had such an ’80s crush on Lea…). Jennifer Grey. What’s not to love? WOLVERINES!

I was in grade 10, a misfit outcast just starting high school, and watched this movie maybe a dozen times. It was set in small town redneck Colorado. Which felt not too different from Calgary…

There was something about the threat and horror of nuclear war, “the enemy” on North American soil, and an underground guerilla resistance movement that stopped and repelled the invaders that captured my imagination. It’s something that would be simply taught in history class for anyone growing up in Europe – but here, safe in Canada, we’ve never had to put much serious thought into aggressive invading armies (well, not for a few years, anyway, but we showed them! shakesfist)

I guess what caught me was the forced self reliance, the adaptability, the absolution of caste, and the need to work together to survive. Sure, the movie was violent, but it was a guerilla war movie. It needed to be violent. The fact that it wasn’t a shiny, happy, “good guys always win” story was important, too. The Wolverines didn’t magically kick Soviet ass, as they would have in a Jerry Bruckheimer or Michael Bay film. They struggled. They died. They sacrificed. And in the end the remaining survivors withdraw in the hopes of finding others.

Growing up in Canada, I wasn’t living in daily fear of Soviet invasion, or nuclear warheads raining out of the skies. We figured if anything went down, we’d likely be catching the debris as Reagan’s Star Wars™ shield zapped Soviet missiles over Canadian airspace. Boom and sizzle, sure, but not invading occupation forces. During the olympics in ’88, the Soviet team pins and jackets were the hottest items for trade. Everyone wanted to get Soviet stuff, and meet the athletes. Certainly no fear, at least.

And now I see they’re doing a remake of the movie, due out in 2010. Not sure how I feel about that. The TV series Jericho, which was a thinly veiled revamping of Red Dawn, didn’t do so well.