This is just a quick test post for the Twitter Tools 2.4 WordPress plug-in and its new Twitter OAuth mechanism. I “think” I have configured everything correctly and it should be using my URL Shortner/Redirection.
It’s probably a good thing I waited until today to write this; otherwise, it would have been full of many colorful words. 🙂 This is a follow-up to my last post. I tried to run NASCAR.COM’s RaceView during the Michigan race this past Sunday and all I got was either a window with “loading” at the bottom or just a solid white window. This occurred in both Firefox and Internet Explorer. I opened up the Java console in both Firefox and IE and it just had a Java error of a Null pointer assignment:
Yes, I did try to reload several times. So I gave up and just started PitCommand to listen to Dale Jr’s audio. I did have to start it in IE first before the audio would work in Firefox and I just didn’t care to investigate this further. I was frustrated and missing the race. Before you ask, I do meet their minimum system requirements.
Now, I don’t mind troubleshooting problems; however, I do not want to do it during the actual race! It totally ruins the fan’s experience. How can you expect fans to search knowledge bases and forums, reinstall Java, plug-ins, audio and video drivers, and do whatever else might be potentially involved? It boggles my mind that there isn’t a race simulator that we can test these applications with during the week. If I was a NASCAR website/TrackPass developer I’d scream for this. I am quite sure the website team has no desire to fix the software during races either (I only hope they at least have some internal system to do this). Normally I wouldn’t give a flying fruitcake about it, but I am paying more for TrackPass than I am for my webhosting here that my blog, among several other sites, is on. The IndyCar RaceControl works (yes, they do loose timing and scoring sometimes but that’s an issue at their end when it happens) and it’s free.
This will probably be my last season to subscribe to RaceView. If the preview works during next year’s Daytona 500 then I might reconsider; otherwise, I’ll just stick with the scanner.
I welcome any comments about other’s experiences and how you got it to work, if you did.
(If you’re having problems with RaceView, you might want to check out this post: Getting NASCAR RaceView Working with Internet Explorer 8)
During Sunday’s NASCAR race I was trying to get the audio working in NASCAR.COM’s PitCommand using Firefox (version 3.6.8 at the time). No such luck, even after disabling AdBlock Plus and enabling 3rd party cookies. So, I decided to try it in Internet Explorer 8. Naturally, it worked just fine. I tried it again in Firefox, and it worked! Hmm.. what’s going on here?
I knew that the audio stream was being handled by Windows Media Player since it was using the .ASX extension. I did have the Windows Media Player plug-in for Firefox installed. There’s an article at mozillaZine which gives information about it. In fact, my MIDI page is designed to work with it. Since it only worked after I tried it in Internet Explorer, I figured it must have triggered something or saved something into Temporary Internet Files that allowed it to then work in Firefox. Since WMP is a Microsoft program, it stores its files in IE’s Temporary Internet Files directory. So, I deleted the Temporary Internet Files using the Internet Explorer Control Panel applet. The audio quit working with PitCommand in Firefox again. I launched PitCommand in IE which worked and closed IE. The audio started working in Firefox. At this point I restarted Windows and went to Firefox first thing and the PitCommand audio worked.
It seems that some Javascript or other file that gets saved to Temporary Internet Files when using IE is letting the WMP Firefox plug-in to play the audio in this specific case. This leads me to believe that the code on NASCAR.COM’s site might be doing different things based on the browser it detects. Because I was sick of troubleshooting and missing the race I stopped here.
NASCAR.COM really needs to have a fake race stream during the week so that all of us, and them, can work on software issues then and not during the actual race! Who wants to do that? I also tried RaceView but it wouldn’t work in either Firefox or IE. I just got a blank page with a Java error on it. Early this morning I got a Java update (version 6, update 21) but I won’t be able to test that out till the next cup race. 😕
Wishing everyone a Happy (and safe) 4th of July weekend!! 🙂
This is a follow-up to the post I made a couple days ago about upgrading to WordPress 3.0 and looking for a new spam protection plugin that asked to solve a math problem. The one I chose was Block-Spam-By-Math because it seemed to work out of the box. Well, since then, I’ve learned that the plugin, as is, is not all it’s cracked up to be. I was still receiving numerous spam comments (which Akismet did catch). Due to the content of the comments, I could tell that these were automated or done by bots most likely and not humans. I, of course, understand that no plugin like this is going to stop an actual human hired to or set upon spamming blogs and galleries.
After examining how this plugin worked, it became rather obvious that it was pretty much useless. The plugin always performs addition and the two numbers to be added are there in the form with very recognizable field names and, well, it does have “X + Y” within the form text. A bot that knows how this plugin works and the field names it uses could easily parse the form’s contents to get the two numbers, add them together, and then supply the answer using an obviously known POST variable name. In fact, because the plugin adds the numbers that are submitted to it by the form, the bots can simply supply their own arguments for the plugin to use. All it has to do is use the correct POST field names. Since this is an established plugin on the WordPress site, I’m sure the blog spammers have learned to expect this plugin to be in use on WordPress blogs and have written their code to effectively get around it.
The solution that I wanted to use, which I do with my guest book on my main website, is to store the answer and/or the arguments on the server, such as in a session variable because these values are only known to the scripts running on the server; however, the way the plugin is written (or WordPress itself), the function that sets up the form is some how executed more than once when viewing a post thereby causing the values to change from what is presented on the form itself. Maybe it’s related to this theme’s possibility of having nested comments. This may explain why they perform the math on the values sent in by the form itself. So, what I did was to simply change the field names that it used to some random things I thought of to throw the bot’s parsing or string searching and posting functions off.
This has appeared to do the trick as I can now see spam attacks in my latest visitors log at my webhost resulting in 403 errors that this plugin generates on a failed response. This also proves that these attacks are coming from bots and not humans putting in the answers.
To make this change yourself, edit the /wp-content/plugins/block-spam-by-math/block-spam-by-math.php file and look for function add_hidden_fields() and function check_hidden_fields() and simply change the corresponding name and $_POST[] variables it uses:
In the code above you want to change the changemeX items. The original code and my new code has something other than what is shown here. To be even sneakier you could change them once a week or however often and there’s no need for them to be the same thing with 0, 1, and 2 after them. They just have to match each other in the functions. As I’m sitting here typing this, I just had another idea to try. 😉 Anyway, hopefully this well help cut down some of the automated comment spam attacks.
