Technology is changing how people interact with government forever, says a prominent homeland security consultant.

InFederal Computer Week on Monday, W. David Stephenson argues that emergent behavior enabled by the convergence of personal communications and publishing technology with massive private and government data sources will “empower individuals in their relations with governments.”

Stephenson cited examples of New York City’s plans to allow mobile phone users to send text and multimedia messages to 911 and 311, as well as a private project in Washington, D.C., which publishes District-provided road work data overlaid on a Google map, as two examples of the changes in the way citizens interact with government.

Displays showing the status of potholes repairs subtly, but effectively, keep the city’s Department of Public Works on its toes. That example also illustrates an important aspect of the Web 2.0 world. Some call it “sousveillance,” which happens when people turn the tables and monitor government.

Also, the growing scientific understanding of the principle of swarm intelligence is an important aspect of this potential transformation of government. The term suggests that groups of people may be capable of a higher level of collaborative behavior than could be predicted from the abilities of individual members. — Federal Computer Week

In the past, Stephenson has also cited how private citizens collaborated during the aftermath of Hurricane Katrina to share information, help reunite families, and pick up the slack where government failed.

Smart mobile phones, PDAs and other communications devices, all connected to Web 2.0 applications on the Internet, have the potential to utterly transform the way people react to natural disasters, terrorist attacks, or even ordinary fender benders, Stephenson argued, as people collaborate with each other to find solutions.

“These devices have transformed our daily lives and the media,” Stephenson said in an e-mail. “It’s inevitable that they will have the same impact on government.”

Stephenson also has had a long-running weblog which he recently relaunched, along with a new RSS feed. For those of you who have wondered where he disappeared to, Stephenson said he’s trying to move all of his old content from Userland to the WordPress platform.

“Unfortunately those who have subscribed to my blog in the past don’t know that, because, with everything else, the blog feed changed,” Stephenson said.

Most of you, my loyal readers, don’t actually realize I have, at last count, four blogs where I cover various topics. If you’re looking for something new and interesting to read, check these out:

IO ERROR (this site)

I started this site right after the bungled 2004 elections, and if you go back and read the posts from November you’ll see why. I generally talk about homeland stupidity, technology, and anything else that catches my interest. Though as one of my readers noted, I say very little about my nonexistent personal life.

Lunacy Unleashed

This is my newest blog, where I talk mostly about WordPress and Bad Behavior issues, programming, and maybe on occasion a personal note. If you’re subscribed here for WordPress or Bad Behavior information, you should be subscribed there as well. It’s hosted on Matt Mullenweg’s WordPress.com project.

Make Stupidity History

Dedicated to the eradication of stupidity worldwide. Read all about the stupid things people do, and things you can do to combat stupidity and raise the overall intelligence level of humanity. Everyone is welcome to contribute; just register and write an article!

Phone Watch

Keeping an eye on the telecommunications industry and bringing you, the telephone consumer, news you can use. Also features tips, tricks and articles to help you get the most out of your telephone service and save money. I’m still building this site, and not nearly all the information I have is posted there yet, so keep an eye on it.

There you have it, enough reading material to keep you fast asleep entertained for a while.

After much yelling, screaming, gnashing of teeth, and maybe a bit of bribery, I finally managed to get myself an account on WordPress.com.

This means, among other things, I can finally keep all my WordPress-related ramblings separate from my main blog here, as well as provide a solution for people wanting to subscribe solely to Bad Behavior announcements.

Visit Lunacy Unleashed and read all about WordPress.com and WordPress 1.6. Be sure to subscribe there for further WordPress and Bad Behavior announcements and information!

Feeds: Lunacy Unleashed; Bad Behavior (there’s nothing in that one yet).

Are you a Google AdSense publisher? Do you worry about accidentally clicking on your own ads and being thrown out of the program? I have a solution for you.

Today I’ve released a Greasemonkey script for Firefox which prevents you from clicking on your own Google AdSense ads. The script prevents clicks on both ad units and link units. You can still click on others’ AdSense ads, however.

The script requires that you be running Firefox as well as the Greasemonkey extension. Note that it has only been tested with Greasemonkey 0.5 and I cannot guarantee that it will work on previous versions. If not, the script will warn you that your version of Greasemonkey is too old, and will not prevent any clicks.

Shortly after you install it, it will ask you to enter your AdSense publisher ID. This is the pub-**************** number from your AdSense code and is used to determine which ads to prevent accidental clicks from.

Once you have Firefox and Greasemonkey, download the script.

Forbes magazine has named WordPress Best of the Web in its Blog Tools category, saying that version 1.5 puts it squarely ahead of Movable Type.

Forbes was impressed with the wide variety of plugins and themes available, but reserved special praise for the WordPress community. “If you have a question, either check the documentation wiki (to which anyone can contribute) or ask at the support message board. We had an obscure question answered within an hour.”

Read more: Forbes Best of the Web: WordPress

Received via Piece of Shep

Anyone with a blog has noticed that trackback spam is on the rise. The usual PPC spammers have figured out how to send trackbacks and bypass many blogs’ spam filters. But there’s a new kind of trackback spam out there.

Let’s review what a trackback is supposed to be used for. A trackback is sent by a blogger who references another blogger’s post in their own post. It notifies the original blogger that someone has written an article and linked to them, and provides an automated reciprocal link. This is generally a win-win situation for both parties as people who read either blog can become aware of the other and find out more information. When used in this way trackback is a great way for your blog (and the other blog!) to receive wider exposure.

Trackback spam, on the other hand, takes advantage of the situation to create a one-way link from the blog receiving the trackback to the spammer’s site. The spammer has not linked to the blog, and the blogger doesn’t want to create a link to the spammer. (At least, not without being compensated for the link.) The spammers hope to drive traffic to their sites and thus gain revenue.

Therefore, the easiest and most effective way to stop trackback spam is to check the linked site, and ensure that it links to your blog. For instance, Spam Karma 2 does this and it is completely effective at stopping trackback spam.

Lately I have been seeing a lot of people sending trackbacks from their own blogs, but not linking to mine. I have taken the time to contact them and explain the situation, and all but one placed the link. I then released their trackback from moderation. But it’s that one who I want to talk about today. When I contacted him about the issue, he simply deleted my message and did nothing. I was not amused, and did not release his trackback from moderation.

If you hope to drive additional traffic to your blog through trackback, be sure you provide a link to the blog you are sending the trackback to! Not only is it the right thing to do, it will prevent your trackback from being marked as spam.

In the future I will keep a complete list of any blogger who sends trackback spam here. With nofollow on the link. The list currently is:

• Update: See below; this list is now empty.

Bruce Schneier, author of the Blowfish encryption algorithm and Applied Cryptography, turned me on to this article on encrypting RSS using Bloglines, Greasemonkey and Blowfish. Unlike other proposals for serving encrypted syndicated content, this actually works today.

The method allows you to freely intermix encrypted and non-encrypted content within the same feed, and even within the same item within the feed. The content is decrypted using a Greasemonkey script when viewed in Bloglines.

Howie at The Jawa Report goes off on some blog commenters who got a little out of hand the other day.

I noted that the thread was accumulating comments left and right. We were picking up new readers. All our statements and comments were being read not only by regulars here but also potential new readers as well. People from all over the world. Then came the insults to the queen and the profanity. Personally I thought that the insults the queen were particularly in bad taste considering the events of the day. After that it became the Greg and Carlos show. Other comments especially from new readers seemed to vanish. I think Mike’s thread could have easily went over two hundred comments had we just thought about it for a few more seconds before we hit that post button. See not only did Mike loose readers so did you. I know several of you like to go around and piss on every post like a dog on patrol. That is fine and dandy with me. For the most part I enjoy most of it. If you would just take a couple minutes to consider what thread you are on and also that you are shitting in your own nest. You not only drive off Mike’s readers, which was totally unfair to him. You also drive off readers of your own comments and ideas.

I have a couple of thoughts of my own:

Blog comments are one of the most powerful tools of self-expression on the Internet, second to blog posts. Your thoughts and ideas can receive exposure to dozens, hundreds or even thousands of people all over the world. Maybe tens or hundreds of thousands if you get really lucky. Do you really want 100,000 people to think of you as a complete tosser?

The other thing is, that blog you’re commenting on belongs to someone else, who usually is investing a lot of time and money to keep it up and running. They’re usually looking for intelligent discourse, or at least something funny. It’s like being a guest in someone’s home. You don’t generally take a dump on their carpet or tag their walls.

This is just an extension of what Internet veterans call netiquette. Someone want to write up a Netiquette for Blogs?

The Electronic Frontier Foundation (EFF) has added a section on labor law to its Legal Guide for Bloggers first published last month.

Whenever there’s talk about blogging horror stories, inevitably the conversation turns to people getting fired for blogging. What kinds of things can your boss fire you for? Aren’t there laws to protect you for whistle-blogging about the rotten things your company is doing to the environment? If you use your work computer to blog, does your employer have the right to monitor you? What about if you’re working from home, using your own laptop? — Electronic Frontier Foundation

If you are blogging in the U.S., this is required reading to ensure that you remain within the law, or at least know what may happen if you stray into the many gray areas.

More info: EFF press release

It appears that Technorati is somehow confusing the tags of my posts, and in many cases the tags for one post get associated with the previous post. Apologies to those of you looking for something and finding something else! If this is happening to you, try going to the post immediately following the one you arrived at, and it will probably be the one you want.

The tags appear in the correct <content:encoded> section of the feed, so I’m not quite sure what’s going on. Hopefully this will get fixed soon.

To help sort this out I have redirected Technoratibot to the original RSS2 feed rather than the FeedBurner feed which most everyone else gets. Hopefully this will improve the situation, and if it does, I’ll update this post.

Update 4 July: This did indeed fix the problem, whatever it is. Technoratibot can’t seem to get the right tags in the FeedBurner feed, but it gets them right from the WordPress feed. Technorati is aware of the issue and I’ll update again when I am aware of a fix. Also, other people are having the same problem, and not with FeedBurner feeds.

Update 5 July: Well it appears I was wrong. Technorati still is associating the tags with the wrong posts, even on the original WordPress feed. I suspect it’s falling back to the XHTML, which is tricky at best. Though the feed is plain old RSS2 and should be easy enough to parse. So I dunno what’s going on.

Update 8 July: I received a response from Technorati that the issue should be fixed. I did some quick spot checks and it seems that my new posts have the correct tags, though posts made while the trouble was occurring now have both the correct tags and the wrong tags. I can live with that.

For quite a while now I have been interested in VoIP and the effect it is having and will continue to have on telecommunications and society at large. But I have a little problem keeping up with VoIP news: I have so many newsfeeds in my feed reader now that I can barely keep up with the news I work with for this site!

The typical RSS aggregator software presents feed items one at a time, and not necessarily ordered by date; they may be ordered by feed instead. This is fine, but it can make it difficult and fairly time-consuming to keep up with a lot of news. I use Liferea, which is an excellent feed reader, because it supports interleaving news items. But with 28 feeds and new ones getting added almost every day, it’s starting to get a little out of control. There has to be an easier way to watch a lot of news items from multiple sources at once.

As it turns out, there is. With MagpieRSS and a small aggregator script you can turn WordPress into an RSS aggregator, and all your posts will be ordered by date and interleaved. Just the way I want it.

To test this concept I’ve created VoIP Blog and fed it several sources of VoIP related news from all over the Internet. It appears to be working quite well; I can go through a week’s worth of news in just a few minutes to find anything of interest. In addition I can post my own original content in WordPress static pages, and some of that is on the way.

I expect this little test will make it much easier for me to both keep up with VoIP news and to write about VoIP. And if VoIP is something you’re interested in, it’ll make it much easier for you to keep up as well. In the near future I plan to move all the newsfeeds I use for this site into a WordPress blog as well, and see how well it works out. Since I’m spending a lot of time just reading through news in the feed reader, I expect this to save me a lot of time in the long run. Not to mention provide raw access to the news for anybody who wants it.

Update: If you’re wanting to do this, I would recommend FeedWordPress instead.

This is a quick hack that lets the WordPress built-in search facility search posts and pages. By default, WordPress searches only posts. It was created against WordPress 1.5.1.2, but should work with previous versions if applied in the right place. Download the patch here.

If you can’t patch for some reason, you can apply the changes manually. Edit the wp-includes/classes.php file, and somewhere around line 500 you should see the following:

    if ($this->is_page) {
      $where .= ' AND (post_status = "static")';


Immediately after this, add these two lines:

    } elseif ($this->is_search) {
      $where .= ' AND (post_status = "publish" OR post_status = "static")';

This patch has been submitted for inclusion in a future version of WordPress.

Update: It seems this hack has been done before. My hack is a little cleaner, though. And someone else turned it into a plugin. Oh well, life goes on.

It’s been about four months now since Google introduced nofollow to the web. Since then it’s been adopted by every major blogging platform, as well as many other wiki, forum and CMS platforms. Now that nofollow is everywhere, it’s time to take a good hard look at whether it’s actually been effective at its stated purpose of stopping comment spam.

I will show today that Google’s nofollow initiative has not resulted in a reduction of link spam, but instead has had much more insidious effects on the Internet.

What is nofollow?

Before I can show you anything, we must be clear on what nofollow is, and what it is not. In short, nofollow is a link relationship which one can add to any hyperlink on a Web site. When added, it looks much like this:

<a rel="nofollow" href="http://www.google.com/">Google</a>

The rel="nofollow" tells search engines not to count this link as an inbound link to the target web site. It does not prevent the search engine from following the link, as it seems to imply. The search engine is still free to follow the link and index the content on the target web site, but for the purposes of counting inbound links (and PageRank) the link should not be factored into that calculation.

The intended effect of this is that any link containing rel="nofollow" will allow both users and search engines to reach the site, but the existence of the link will not increase the ranking of the site in participating search engines. Aside from Google, so far MSN and Yahoo! are participating. Others may be as well.

Comment spam

Comment spam is the problem which led to the introduction of nofollow. Many types of software, including blogs, wikis, forums, and some CMS software, allow the general public to post comments, and in some cases, to post top-level articles (what these are and how they appear depends on the software). In the beginning, this was good; it led to a lot of interactivity between a site and its readers. However, soon spammers discovered that most of these systems allowed them to post links to their own sites, and thus began posting spam.

In case you’ve never seen one, here is an example of a comment spam:

In the ordinary, everyday understandings of the words involved, to say that someone survived death is to contradict yourself; while to assert that all of us live forever is to assert a manifest falsehood, the flat contrary of a universally known truth: namely, the truth that all human beings are mortal. For when, after some disaster, the ‘dead’ and the ’survivors’ have both been listed, what logical space remains for a third category? by buy viagra

Comment by phentermine — 3/24/2005 @ 6:03 pm

The two links go to various spamvertised sites, and I’ve omitted them here. Sorry if you were actually looking for Viagra or phentermine.

There are two main reasons spammers target blogs, wikis, forums and CMS. In no particular order, the first is to create additional inbound links to their sites, in order to raise the sites’ rankings in search engines. The second is to create additional inbound links to their sites, in order to entice users to purchase their products.

Nofollow: the final solution to comment spam

If you’re a blogger (or a blog reader), you’re painfully familiar with people who try to raise their own websites’ search engine rankings by submitting linked blog comments like “Visit my discount pharmaceuticals site.” This is called comment spam, we don’t like it either, and we’ve been testing a new tag that blocks it. From now on, when Google sees the attribute (rel=”nofollow”) on hyperlinks, those links won’t get any credit when we rank websites in our search results. This isn’t a negative vote for the site where the comment was posted; it’s just a way to make sure that spammers get no benefit from abusing public areas like blog comments, trackbacks, and referrer lists. —Google

Google’s promise was: by tagging spammers’ links with nofollow, their sites would decrease in rank in their search engine. It was quite surprising how quickly virtually everyone in the blogging community signed on. I recall a few people raised concerns as to whether it would actually cause spammers to stop, and I was one of them, but that didn’t seem to stop anyone. MovableType, WordPress, Blogger, Flickr, you name it, everybody was adding nofollow. Even Slashdot. Who are they trying to stop, the Gay Nigger Association of America? (Yes, that last link has a rel="nofollow" on it.)

MSN quickly signed on to the nofollow initiative, and Yahoo joined as well. People all over the Internet started rejoicing: the comment spam problem had been solved! Or had it?

Why nofollow doesn’t stop spam

If you’ve been running a blog, you are quite well aware that nofollow has done little or nothing to stop comment spam. In some cases they are hitting blogs so hard as to generate denial of service conditions, even when the blogs use rel="nofollow"!

I am so sick of the damn spammers. Spammers are teh sux0r. Spammers are a festering boil on the ass of the Internets. I wouldn’t let a spammer kiss my butt with a pair of wax lips from ten feet away. If I ever see a spammer bleeding in a ditch, I will not be a Good Samaritan, I will kick him in the head, cover him up with dirt, and leave him there to rot. —Dougal Campbell

Why is this? Where did nofollow fail? It prevents spammers from getting PageRank, doesn’t it?

Yes, nofollow prevents spammers from getting PageRank. But they want traffic on their web sites. How they get it is irrelevant, except as a means to an end: bringing in users and taking their money. Indeed, shortly after Google launched nofollow, The Register published an interview with a link spammer. It goes into great detail as to how link spammers operate, and it is required reading if you want to understand why nofollow has failed, how to actually stop link spam, or both. As is my usual style, I’ll post a few choice cuts. Quotes are from the link spammer, “Sam,” interviewed in the article.

“You could be aiming at 20,000 or 100,000 blogs. Any sensible spammer will be looking to spam not for quality [of site] but quantity of links.”

This is Rule #1 for a link spammer. Post the link in as many places as you can, to bring in as many people as possible.

When a new blog format appears, it can take less than ten minutes to work out how to comment spam it. Write a couple of hundred lines of terminal script, and the spam can begin. But you can’t just set your PC to start doing that. It’ll get spotted by your ISP, and shut down; or the IP address of your machine will be blocked forver by the targeted blogs. So Sam, like other link spammers, uses the thousands of ‘open proxies’ on the net. These are machines which, by accident (read: clueless sysadmins) or design (read: clueless managers) are set up so that anyone, anywhere, can access another website through them. . . . Sam’s code gets hundreds of open proxies to obediently spam blogs and other sites with the messages he wants posted.

Most link spammers, manual or automated, use open proxies to disguise the source of their spam. It’s rare to receive link spam that did not originate from an open proxy. Yes, I’ve been tracking this.

When Sam spams tons of blogs and sites with links to his sites – which are affiliates of bigger PPC sites – people see the links and, seeking some porn, pills or casino action, click through to his site, and from there to the parent site, which pays Sam for each person landing there. The PPC sites can see revenues of £100,000 to £200,000 per month, says Sam. He gets a slice of that – and he wants it to stay that way.

Aha! We get to the heart of the matter. Our link spammer cares about click-throughs. Nofollow is completely irrelevant to click-throughs. Remember, it affects search engines, not users. Now, you may never follow a spammed link and buy something from one of these sites, but there are many users reading your blog (and others’ blogs) who will indeed patronize these sites if they happen to run across one from comment spam.

Will the initiative by Google, Yahoo and MSN, to honour “don’t follow” links defeat Sam and his ilk? “I don’t think it’ll have much effect in the short, medium or long term. The search engines caused the problem . . . and they’re doing this to placate the community. It won’t work because most blogs and [forums] are set up with the best intentions, but when people find hard graft has to go into it they’re left to rot. To use this, they’ll all have to be updated. The majority won’t be. And there’ll just be trackback spamming.”

Straight from the spammer’s mouth. He doesn’t care about nofollow. It isn’t stopping him. Not only do people click through anyway, many sites he spams don’t have nofollow implemented, so it doesn’t affect his search engine rankings too much.

What nofollow really stops

From the beginning, people began questioning the use of rel="nofollow", whether it would be effective at stopping comment spam, and what other effects it might have.

I’m deeply mystified by the hallelujahs bursting forth about Google’s rel="nofollow" method of preventing comment spam. . . .

If rel="nofollow" works, if it’s applied universally, it will actually have the reverse effect. It actually gets less effective the more it is implemented. Why? Because the comment spamming sites are in competition with each other, and not with any legitimate businesses. They’re not so much trying to get the best pagerank for their term, as trying to get a better one than their rivals. That’s a key distinction. If the playing field is levelled by rel="nofollow", then everyone involved will be forced to try all the harder to get their links out there. The blogosphere will be hit all the harder because of the need to maximise the gains. As there’s no more effort in hitting 6 million blogs as there is in hitting 1 million, this really won’t bother the spammers one bit. All it does is shift the problem from the high pagerank blogs we here might have, with rel="nofollow", custom sanitize settings, and mt-blacklist in full effect, all the way over to the less technically adept. And that is one enormous customer service problem heading towards Blogger, 6A and the rest.

. . . forcing comment spammers to cast a wider net will cause them to target the long tail of people who have no idea what to do but come screaming at tech support, or slagging blogs off to their friends.

That would be a disaster. — Ben Hammersley

Hammersley didn’t even mention the effect nofollow would have on legitimate bloggers who use comments and trackbacks to interlink their blogs. However, The Register did:

It’s effectively declaring PageRank™ dead for weblogs, in an attempt to stem the problem [of comment spam].

“If such a tag were used widespread against comments and trackbacks, then wouldn’t this end up kneecaping blogs, by killing their intricate networks of interlinks?”

Indeed, this has already begun to happen. If your blog software inserts nofollow, then in order for you to give another blog Google juice, you have to go out of your way to link to them without nofollow, such as in your blogroll. It is no longer enough that your reader left an insightful comment or a trackback to his blog with more information. Now, as far as Google juice is concerned, it is as if all of your readers were never there and you had received no comments or trackbacks at all.

That’s what Google wanted all along.

For years Google has been plagued by blog noise, the phenomenon where blogs’ articles, comments and trackbacks will show as highly ranked for search results. While they have tried many approaches to dealing with this problem, none have worked out very well — or at all.

But is blog noise a problem at all? Sven-S. Porst doesn’t think so, and neither do others. The counter-argument is that blogs often are the search results people need.

One of the keys to being found on Google is that the webmaster has to want the page to be found. And most of what one would normally consider “primary source material” doesn’t want to be found. . . .

With most of the good reading material unavailable for free, what’s left? — Calico Cat

What’s left is the poor vilified blog and the thousands upon thousands of bloggers who work hard every day to bring useful content to the Web that wouldn’t otherwise be there.

Stopping nofollow

As we’ve seen, rel="nofollow" is Google’s way of having bloggers effectively delist themselves from search engines under the guise of protecting them from comment spam. If you want your site to have more Google juice, and who doesn’t, people have to link to you without rel="nofollow". It’s that simple. Nofollow hurts the entire blogosphere, and if carried to its extreme, will result in most blogs being relegated to obscurity as they drop out of the top 100 search engine results.

When you’re ready to get rid of rel="nofollow", first urge your blogging software developers to drop rel="nofollow" from their software. Then (if applicable) install a plugin or extension which removes rel="nofollow" from your blog, or remove the plugin or extension which added it. If you’re on a hosted blogging site such as Blogger, LiveJournal or MSN Spaces, your only immediate recourse will likely be to switch to another platform.

For Movable Type, simply disable and remove the nofollow plugin. For WordPress, install the NoNofollow plugin and set the number of days to 0 (zero). Update: Mark Jaquith has posted his Screw Nofollow plugin for WordPress which is smaller and less complicated.

And if you want to actually see how prevalent rel="nofollow" is, you can use Firefox, and add this bit of CSS to your chrome/userContent.css file:

a[rel~=nofollow] { color: red !important; background: black !important; text-decoration: blink !important; }

Unfortunately, I don’t know of any way to cause Internet Explorer to show rel="nofollow" links. If you do, please leave a comment below.

And finally, stopping comment spam

No article on rel="nofollow" would be complete without mention of how to stop comment spam. As I’m a WordPress user, much of my research in this area has been focused on stopping WordPress comment and trackback spam. However, I do have one thing of interest to Movable Type users.

Bad Behavior Blackhole is a DNS-based blackhole list which lists sources of comment spam and open proxy servers. Bad Behavior Blackhole intends to have the most complete list of open proxies available anywhere as well as automated removal for any legitimate user who happens to get stuck with a dynamic IP address a spammer once used. A WordPress plugin is available which looks up addresses in Bad Behavior Blackhole, and it is trivially easy to convert MT-DSBL to use Bad Behavior Blackhole; just replace “list.dsbl.org” with “dnsbl.ioerror.us”. I recommend for best coverage that you use both, though, and that’s probably not a trivial hack, unfortunately.

For WordPress, Bad Behavior (which is different from Bad Behavior Blackhole) analyzes incoming requests and determines if they are spambots; if they are found to be automated spambots, they are blocked before they can ever read your site to find the comment form! I’m not aware of any similar solution for Movable Type, unfortunately. In addition, WP-SpamAssassin uses SpamAssassin to analyze comments; this has been ported to Movable Type.

See also Movable Type anti-spam plugins and WordPress anti-spam plugins.

Comments and trackbacks are welcome and will be posted without rel="nofollow".

I was just about to go to bed, when this person logged in to IRC and started asking… No, that’s not right. Started whining…

Ostensibly, he wanted to enter into some sort of business arrangement with WordPress, to send him sales leads. But we found out he had no product and a serious need for therapy.

A complete log of an hour of wasted time follows.

If you’re a regular visitor you’ve probably noticed the nice login form in the sidebar, which if you happen to login, will show your user name and user controls. It should work with most themes with little or no tweaking. Enjoy!

Update: This hack is no longer necessary; you can now use a beautiful widget to add the login form to your sidebar.

Update: Level 0 users always get redirected to /wp-admin/profile.php. There’s nothing I can do about this since it’s hard-coded into WordPress. Level 1 and above will return to the same page they logged in from. There is a bug open for this. Also on logout, you will always be redirected to /wp-login.php. There is a bug open for this as well.

Update 15 April: XeroCool has posted a modification for the login form for the Blix theme. I’m not sure if it works, since his own form seems to be a little misaligned. Unfortunately, even in 2005, we still can’t just write perfect XHTML and CSS and expect all browsers to render it properly. I’ll continue to keep you updated, and watch the comments section!

Update 21 April: Mark Jaquith has updated the two bugs above with patches which fix those issues, so hopefully these will be resolved in time for WordPress 1.5.1. I have also updated the code below to work with the patched WP code.

Update 25 June: I have updated the tabindex so as not to conflict with the WordPress default themes.

 <li id="login">
<?php
  global $user_ID, $user_identity;
  get_currentuserinfo();
  if (!$user_ID):
?>
  <h2><?php _e('Login'); ?></h2>
    <form name="loginform" id="loginform" action="<?php echo get_settings('siteurl'); ?>/wp-login.php" method="post">
    <div><label><?php _e('Login') ?>:<br /><input type="text" name="log" id="log" value="" size="20" tabindex="7" /></label><br />
    <label><?php _e('Password') ?>:<br /> <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="8" /></label><br />
    <label><input type="checkbox" name="rememberme" value="forever" tabindex="9" /> <?php _e("Remember me"); ?></label><br />
    <input type="submit" name="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="10" />
    <?php wp_register('', ''); ?>
    <input type="hidden" name="redirect_to" value="<?php echo $_SERVER['REQUEST_URI']; ?>"/></div>
    </form>
<?php
  else:
?>
  <h2><?php echo $user_identity; ?></h2>
    <ul>
    <?php wp_register(); ?>
    <li><a href="<?php echo get_settings('siteurl') . '/wp-login.php?action=logout&amp;redirect_to=' . $_SERVER['REQUEST_URI']; ?>"><?php _e('Logout'); ?></a></li>
    </ul>
<?php
  endif;
?>
 </li>