Lunacy Unleashed

Notes from the field in the War on Spam

Comments, pings closed due to spam

Comments and pings on this blog are closed until further notice.

This was, I regret to say, a last resort measure. I tend to dislike blogs which don’t accept comments and trackbacks. So why close comments?

Continue reading

October 16, 2006 Posted by | Akismet, Bad Behavior, | Comments Off on Comments, pings closed due to spam

Give your blog design a spring cleaning

There’s too much stuff on your blog.


It’s okay, though. I’m not mad at you.

In fact, not only is there too much stuff on your blog, it’s poorly organized, difficult to see, and a real pain in the ass just to look at. And it’s not doing me any good when I visit your blog.

This rant came about as I was viewing one of my blogs on my new Palm T|X handheld, and trying to cut its download time down. This threw me into a whole new world: that of mobile computing. You see, on a mobile device, there’s very limited screen space, and anything more than minimal user input is a real pain in the ass. So the more stuff that appears on your blog, the worse off you are. And sidebars are the kiss of death.

But even without the constraints of the mobile devices, blog clutter and bad design are serious problems. Let’s take an example:

Below the Beltway Screenshot Below the Beltway Screenshot Below the Beltway Screenshot

Now this blog has excellent content. Unfortunately, the blog’s design has several problems, all of which compound the others to make it very difficult to deal with.

First off, it has a color scheme with poor contrast. It uses a dark blue background, light blue links, and black borders. The effect of the color choices leads people to look not at the content, but at the borders! It takes an amazing amount of will to actually focus on the content, and to focus on links takes even more concentration. So the choice of colors does not naturally lead a reader to where the blogger presumably wants the reader.

Second, it uses a three-column layout. A three-column layout can be done well, but it rarely is. Instead, people usually use three-column layouts so that they can get many more links to many more places onto every page. That’s what this blog does.

What the hell is this crap? — Butt-head

What’s so wrong with lots of links to lots of places? Too much clutter. This blog contains no fewer than six blogrolls with literally hundreds of links to other blogs in its two sidebars, and in the format and colors used, they are all but indistinguishable. Who is really going to wade through all of those links in all of those blogrolls? It’s certainly important to promote one’s blog, and to help promote others, but at a certain point it becomes excessive, and nobody pays attention to it.

Or they do what I did the first several times I saw this blog, and others with similar problems: they leave without reading anything.

And then there are the ads. In the right-hand sidebar, one can see ads from Amazon and Google, but the ads are very poorly integrated into the site. So they are almost certainly getting much less attention than they otherwise would. This has a direct negative impact on the income this blogger makes from his blog.

Oh, and I have one more bone to pick, and that’s with those chicklets. You know, the little buttons inviting you to subscribe to every feed aggregator service you’ve ever heard of, and a few dozen you’ve never heard of. It’s been my experience that almost nobody ever clicks on them. As you can see, this person doesn’t seem to have had much luck getting people to subscribe to his RSS feed, despite being very well linked to. (You don’t get to be a Large Mammal in TTLB unless you’re fairly decent sized.) (And they could also be subscribed to his Atom feed, and not showing in that count, a side effect of using Blogger.) But the buttons, when all thrown together, are just plain ugly. I’ve theorized that one would get better results with just one or two buttons, and that seems to be playing out fairly well for me. Even if it doesn’t, my site looks a lot better for not having the chicklets.

After studying real users in the real world, I’ve found that they have a much better time with simpler, cleaner looking sites. So I’ve tried to keep the clutter and extra features to a minimum. Of course, with a blog, you have extensive navigational controls which are going to take up quite a bit of space. But all the rest can go, as I discovered. Or almost all.

Now pick up your PDA or smartphone and use its built-in Web browser to visit . Hopefully you do this after viewing it in your Web browser. If all goes well, you’ll see a radically different site; it’s been stripped of almost everything, is about five times smaller, downloads much faster, and dare I say it, I think I like it stripped down.

Perfection is achieved, not when there is nothing more to add, but when there is nothing more to take away. — Antoine de Saint-Exuper

What’s cluttering up your blog theme? Is it easy to read? What can you get rid of to improve your blog’s appearance and usability?

March 28, 2006 Posted by | Blogging, Design, WordPress, | 11 Comments

2005 will be a bit longer this year

For the first time since 1998, the year will be about one second longer, as scientists agreed to add a leap second to the year.

Among other things, this means you start the 10-second countdown to midnight at 11:59:51 pm.

The once-common “leap second” is the first in seven years and reflects the unpredictable nature of the planet’s behavior.

The International Earth Rotation and Reference Systems Service in Paris keeps track of time by measuring the Earth’s rotation, which varies, and by an atomic clock, which is unwavering. When a difference in the two clocks shows up, the IERS adds or subtracts a second to the year.

For the first time since 1998, the IERS will sneak in an extra second this year to get time back in synch, officials said in a statement Monday.

On Dec. 31, the clock will read like this as it leads into Jan. 1, 2006:

23h 59m 59s … 23h 59m 60s … 00h 00m 00s. Normally, the seconds would roll from 59 directly to 00. — Live Science

Since 1972, when the technology had advanced sufficiently to keep accurate time, scientists have added 22 leap seconds. This weekend’s will be the 23rd.

December 27, 2005 Posted by | Uncategorized, | Comments Off on 2005 will be a bit longer this year

Bad Behavior 2 Update

Make a Donation.

I’m finally making progress on getting Bad Behavior 2 debugged and in some sort of releasable shape. I was hoping to have it ready by now, but I had computer problems earlier in the week and spent most of a day and night working that out.

So I’ll be spending this weekend and probably Christmas Day working on Bad Behavior 2. Such is my life.

This is the third in a series of updates on the roadmap to Bad Behavior 2, the next major version of the Web’s premier link spam killer for PHP-based sites of all types.

The Bad Behavior API and callback layers are complete; the core code is now completely independent of the host application, which should make it much easier to port to other PHP-based systems. As proof of concept I’m developing an ExpressionEngine extension, in addition to the traditional WordPress plugin and MediaWiki extension. Other platforms should be able to get on board pretty quickly.

The first pre-release code should be out sometime this weekend, sleep and cash flow permitting. Those of you who are porting to other platforms will be able to work from this codebase with minimal or no changes through the final 2.0 release.

Remember, Bad Behavior is a user-driven project. If you feel that Bad Behavior has been useful to you and want to support its continued development, feel free to send along your holiday wishes. Yes, I know ’tis the season to max out the credit cards. Still, providing you with software that worries about spam so you don’t have to is what I do. And without your support, I’ll have to go do something else. (Thanks again to those of you who already contributed!)

December 23, 2005 Posted by | Bad Behavior, Blog Spam, Spam, WordPress, WordPress 2.0, | 3 Comments

Welcome to the Coke side of life

The Coca-Cola Company will introduce a new advertising slogan in 2006, along with new energy drinks and sodas.

Next year, it will introduce Coca-Cola Blak, a coffee-flavored drink that will be marketed as an energy beverage and soda. Coca-Cola will also debut an advertising slogan, “Welcome to the Coke side of life,” in 2006. . . .

Coca-Cola Blak will debut in France in January and move into other countries, including the U.S., next year. . . .

The company continues to make new soft drinks. It is developing a citrus-flavored energy soda called Vault in addition to Coca-Cola Blak.

Earlier this year, the company introduced calorie-free Coca-Cola Zero, which tastes similar to Coca-Cola Classic, and it reformulated Diet Coke with Splenda sweetener.

Coca-Cola recently started selling black cherry vanilla-flavored Coke and Diet Coke and said it will stop selling Diet Coke with Lemon, Vanilla Coke and Diet Vanilla Coke because of weak demand. — Bloomberg News

You heard it here first.

December 8, 2005 Posted by | Coca-Cola, | 1 Comment

Syndic8 and PubSub blocked by Bad Behavior 1.2.4

I’ve received several reports that the crawlers used by Syndic8 and PubSub are being blocked by the latest version of Bad Behavior.

The denial message reads, Header ”Pragma” without ”Cache-Control” prohibited for HTTP/1.1 requests.

(This is part of a series of new tests for spambots which claim to use the HTTP/1.1 protocol but actually do not do so properly.)

The trouble has been traced to a problem with those particular bots, and Syndic8 and PubSub have been notified.

Until they are able to fix their bots, you can add them to Bad Behavior’s whitelist.

Update: If you’re being blocked by Bad Behavior, don’t comment here. Read this.

December 4, 2005 Posted by | | 21 Comments

Bad Behavior 2 Roadmap Update

Make a Donation.

About a month ago I posted a roadmap for the next major version of Bad Behavior, the PHP-based automated link spam killer. Now it’s time for an update.

First off, I mentioned in a comment on a prior post that I would be waiting to see the next version of ExpressionEngine before I went very far with the next version. Though I was told a beta would be available in November, I have yet to see it. If I don’t see it in the next few days, Bad Behavior will move forward, without support for ExpressionEngine.

Second, I have the basic structure of Bad Behavior laid out. It consists of two components: a core consisting of the test suite itself, and a glue component for each host platform. I’m also planning an administrative interface that will hook into each host platform, though I am not sure if this will be ready for all platforms at the time of release. Finally you’ll be able to configure Bad Behavior and view its activity within WordPress, MediaWiki, or whatever platform.

Third, the architecture is in place for Bad Behavior to show more informative error messages, each one including a unique key which either the user or the blog admin can look up to determine what went wrong and how to fix it. While all of the keys have been set, the documentation for each remains to be written. Bad Behavior will now serve errors such as 400 and 403, depending on the request, rather than 412.

And I’m experimenting with automated methods of detecting spam attack runs which may originate from dozens of different IP addresses and have somewhat different signatures. I may call for some assistance with this in the near future, and this isn’t likely to make it into 2.0, but it is in the works.

Finally, this post wouldn’t be complete without a mention of something strange that happened when I posted last month:

Without any further contributions to Bad Behavior development, I’ll work on it in my limited free time, and it’ll take somewhere around six months. If I were to receive, for instance, $500 in contributions, I could devote a significant amount of time to it, and complete it within the next month. Hey, don’t laugh, that’s only a few cents per user.

I didn’t expect to receive much of anything, and I had just picked the number out of thin air. The surprise was that I actually received $490! Clearly I didn’t complete it within a month, but that’s mostly due to my decision to wait for ExpressionEngine. I’m not waiting on them any longer, so you should expect an early Christmas present sometime within the next couple of weeks.

Be sure and review the roadmap and comment on it now, before I go too far and any necessary design changes become difficult or impossible.

And I wouldn’t mind if you want to contribute that last $10 either. It is my birthday, after all. 🙂

November 29, 2005 Posted by | Bad Behavior, Blog Spam, Spam, WordPress, WordPress 2.0, | 1 Comment

Google Analytics restricts new sign-ups

After Google started offering its Google Analytics service for free early last week, so many people signed up that even Google, who has thousands of servers, was caught off-guard.

Today they’ve emailed everyone this special notice:

Hello Google Analytics User,

This is a quick update to address some issues you may be seeing in your Google Analytics account and what we’re doing to respond.

First, due to extremely high demand, we’ve temporarily limited the number of new signups as we increase capacity. This allows us to focus on our primary objective–to provide a great user
experience for our existing users.

Next, here is current information on the most common questions we’re receiving:

  1. The ‘Check Status’ button is being reworked to check for properly installed tracking code. This should be fixed by the end of November.
  2. The ‘+Add Profile’ link has been temporarily removed until we increase capacity. We’ll alert all current users when the feature is restored.
  3. While we increase capacity, you may see longer than normal delays in data showing up in your reports. All data continues to be collected and no data has been lost.

For additional help with your Google Analytics account, we encourage you to browse or search our online Help Center at

Thanks for your patience as we improve Google Analytics and add resources to ensure a high-quality service.


The Google Analytics Team

It’s about time they informed everyone what was going on. Something like this should have been sent out last week.

November 24, 2005 Posted by | Google, Google Analytics, | 2 Comments

WordPress 2.0 Beta 1 Released

WordPress 2.0 Beta 1 was quietly released early Saturday morning. So quietly that this is probably the first post about it anywhere.

Previously known as 1.6, lead developer Matt Mullenweg decided that the changes to WordPress were extensive enough to warrant a major version number change.

I’ve been running it at Make Stupidity History for some time, and while there are certainly still a few bugs to iron out, it’s probably almost ready for prime time.

It is certainly ready for plugin authors to start working with and updating their plugins. Many plugin authors will find that their plugins are broken in 2.0 and need to be updated, due to the extensive internal changes.

If you need help with it, post in the Beta forum.

Download WordPress 2.0 Beta 1.

Update: I received word that several people posted about the beta before I did. But none of them offered nearly as much useful information about it. 🙂

November 19, 2005 Posted by | WordPress, WordPress 2.0, | 16 Comments

Akismet – Automattic Kismet

Last week I told you all about Automattic Spam Stopper, the new anti-spam solution for WordPress from Matt Mullenweg. There’s been some new news, and you’re going to hear it here first.

First off, the plugin has been renamed to Automattic Kismet, or Akismet for short.

Second, it now requires a API key, which you can find on your Profile page. (Click My Dashboard, then Profile.) If you don’t have a account, you won’t be able to use Akismet at this time, until you somehow finagle yourself an account. The fastest way is probably to use Flock. You don’t actually have to blog at to use Akismet, you just need the account to get the API key. You can use the API key at more than one blog, too.

Matt plans to have Akismet free for personal use, and charge “pro” bloggers $5 per month for the service. He’s defined pro bloggers as anyone making over $500 per month from their blogs. He also has a program set up for large enterprise installations, though I only know of one customer for that right now. However, anyone who participated in testing Akismet prior to today will be grandfathered in and have a free enterprise account forever.

Akismet is surprisingly effective at stopping spam. After having built a sufficiently large corpus of spam to draw from, it’s killing about 99.9% of incoming spam, and has a false positive rate less than 0.1%. However, when the central service goes down, all comments go into the moderation queue. The service has had some downtime, and on the sites where I’ve been testing Akismet, I’ve had to watch the moderation queue fairly closely. Matt says he’s working on new more reliable hosting for the service.

So where does Akismet fit into the overall spam prevention picture?

Akismet has a great advantage over most anti-spam solutions: by seeing incoming spam from all over the Internet, it can identify new spam very quickly, perhaps as soon as seconds after a spam run begins, once it’s in wider usage. It also is better in spam management, having to sort through hundreds of spams to find a legitimate one that might have been blocked by mistake. It presents spam in a compact format that makes it pretty easy to scan through and spot legitimate comments.

However, Akismet has a couple of drawbacks which are common to most anti-spam solutions for WordPress, and a couple of unique drawbacks of its own. The obvious ones are that it’s a for-pay solution for many people who might want to use it. It uses a central server which is subject to downtime. Though Matt hasn’t said much about the secret sauce, it definitely analyzes the content of incoming posts. And finally, it does nothing to keep the spammers from using up your bandwidth and database space.

For most people running a personal WordPress blog, Akismet is the ideal second line of defense. It will entirely replace plugins such as wp-hashcash, Spam Karma 2, AuthImage, etc. In fact, it makes most other anti-spam plugins entirely redundant.

The one anti-spam plugin which Akismet will not make redundant is Bad Behavior. There are several reasons for this. Bad Behavior is a first line of defense, stopping spammers before they can read your site at all, waste your bandwidth, or drop junk in your database. This is especially important for self-hosted sites, or sites hosted on dedicated or virtual dedicated servers, where CPU time and bandwidth are precious. Like most other anti-spam plugins, Akismet does not and cannot conserve its users’ bandwidth, CPU and disk usage from a spam attack. Bad Behavior does, meaning it will continue to be an integral part of most people’s anti-spam arsenals.

You may not think this is important, especially if you have never received a large amount of spam at once. But the day is coming when you will, and having that first line of defense can mean the difference between your site staying up, and your Web host shutting off your site. Spammers can easily hit you so hard as to create denial-of-service conditions, and Bad Behavior has been proven to mitigate this effect. In fact, it’s even stood up to the Slashdot effect without blinking.

I should disclaim at this point. I am involved in the development of Akismet, having rewritten a significant amount of the code from the time it was known as ASS, and integrating CJD’s Spam Nuker into the plugin. I continue to remain involved with Akismet as long as there’s work to do on it (and there are a couple of bugs I need to fix).

As I said yesterday, however, I remain committed to the development of Bad Behavior. It is still sorely needed as a first line of defense for WordPress, not to mention all of the other platforms on which it now runs.

What the future holds? Nobody can say for sure, but I predict that for WordPress users wanting to remain spam-free, the combination of Akismet with Bad Behavior will prove to be a double whammy to blog spammers. For everyone else, Bad Behavior remains the first line of defense, and Matt has said that Akismet could be ported to other platforms as well. Someone else, I think, will have to take up that challenge. My hands are full already. 🙂

P.S. Matt’s started a web site for Akismet, where you can find more information.

October 26, 2005 Posted by | Akismet, Blog Spam, Spam, WordPress, | 15 Comments