OpenDyslexic font option for dyslexic The Orbit readers

For those of you who have difficulty reading seriffed fonts, or who would prefer to use the OpenDyslexic font but aren’t on a computer you control, we’ve installed the ability to switch all the fonts on the site to something a little more readable for you.


– You must be logged in to the site, or else we don’t know to deliver the pages to you in that font. You may log in either with local credentials, or via the Single Sign On.
– This obviously only affects fonts that are text, not ones that are part of images like blog banners, etc.

When you’re logged in, click the Key icon and click Edit my profile. Or, go here. ETA: that will only work for some small fraction of you — best to use the key link or the WP Admin bar where it says “Howdy, Yourname”.) Choose an option (probably to use on both the website and the admin) under the OpenDyslexic header, scroll to the bottom, and click “update”.

From then on, any time you’re logged into the site under your account, you’ll have all the pages rendered to you with the OpenDyslexic font, like so:


Additionally, since apparently this is not common knowledge among those who have need for such options, most modern browsers provide you with the ability to change the font size on the page you’re viewing. Either hold the Ctrl (or Command on a Mac) key on your keyboard, and use the mousewheel to zoom in and out, or hold Control and hit the Plus or Minus keys (next to the Backspace/Delete key, or on your number pad). This will work in Internet Explorer, Edge, Chrome/ium, Opera, Firefox and Safari, though the specific key combination may be different in your version, so look around in the View menu. Those of you who feel the font is too large (or, at least in one case, too SMALL, despite our default being significantly larger than many other sites) are encouraged to use that zoom function to set your browser settings to something comfortably readable. If you’re absolutely stumped for how to do so, let me know what browser you’re in, and I’ll try to find an option for you.

We take accessibility concerns very seriously here, and if you have any issues to report, please let us know however you can — either in comments on this post, by the email I’ve provided in my header, or by the tech issues form, for instance, but I’ll take bug reports by carrier pigeon if need be. We can’t accommodate every request, especially conflicting requests, so we aren’t about to make radical changes to our default theme that may alienate some other users without a very compelling reason to do so (so please keep your “can you change all the fonts everywhere to Papyrus 64pt red on dark-red” troll requests to yourselves, thanks!), but any issues with, for instance, screen reader software can be dealt with without impacting other readers negatively.

OpenDyslexic font option for dyslexic The Orbit readers

CloudFlare plugin breaks WordPress repeatedly

Cloudflare is a reverse proxy service that protects hundreds of thousands of websites, The Orbit included, from attacks like DDoS, spam, brute force, and various other exploits. Without it, in the adversarial environment that the Internet happens to be for social justice oriented folks, we would be crushed under the weight of people desiring to silence us. So, they’re doing us a great service, and we are indebted to them.


Yesterday, after a major vulnerability was discovered in the Cloudflare plugin for WordPress, which could allow sites to be cross-site scripted (a method that might allow you to inject bad code into a site “from the side”), it seems as though they panicked and decided to encode *all* POST and GET data, which caused a major set of problems. People trying to edit posts found every non-alphanumeric character turned into an HTML entity (“:” instead of “:” for instance). Then those entities were being reencoded again (“:”).

Over and over and on and on, the posts were getting more and more corrupted. And that wasn’t the only thing that was busted — admins were being told they didn’t have permissions to access certain pages, because the links to those pages were having parts of themselves converted to HTML entities as well. End users could see the site, but admins were fully hamstrung. Greta was working on Steven Universe episode 8 and got stopped short, emailed me to find out what broke, and to my horror, the auto-updated plugin for Cloudflare was actually hampering my ability to do anything in the WordPress admin. I thought we were in serious trouble, but I tracked it back to the plugin which had just updated to version 1.3.21. I pulled out an older version from Sunday’s backups, 1.3.20, and the problem was resolved. Then I found out WHY they’d updated it, and apparently there are such hacks in the wild right now.

So. Rather than risk getting us hacked, when they quickly released 1.3.22 to fix how they broke half of WordPress, I let it install that version.

Overnight, they’ve since updated to 1.3.23 to fix how they send things back to Cloudflare to pre-detect spam. So they made a giant mess and they’re clawing back at it right now.

There’s a problem that several people are reporting presently, that they can’t post comments while not logged in by submitting their email addresses — because the email address never validates. Clearly this is because the Cloudflare plugin is trying to sanitize that variable as well, incorrectly. Other blogs are also having this issue, as seen here: ERROR: The email address isn’t correct. (4 posts) and here: ERROR: The email address isn’t correct. (3 posts). This problem isn’t just impacting The Orbit, but any WordPress site that uses Cloudflare.

But because of the terrible nature of what they’re fixing here, we kind of have to ride out this storm. I could try to implement my own bugfix for this, e.g. by removing email address validation, but that would have other negative impacts on the rest of the site.

For now, please log in to make comments. Sorry for the inconvenience. Hopefully they’ll fix this issue too, as soon as possible.

This is a disaster and it was entirely avoidable through proper QA of the plugin before it being released. The rapid fire nature of the plugin updates speaks to a sort of panic to address the initial vulnerability, which is laudable, but a lack of foresight as to what kind of impact specific changes might make to the rest of the service. Those of us who rely on the plugin should not be stuck choosing between being hacked, being entirely unprotected against DDoS and spam, or having people be able to comment.

UPDATE: they released an update which properly namespaces their variables and only sanitizes those variables, so things should finally be under control. This is why you don’t release plugin updates into production without testing.

Try again to comment, please, folks.

CloudFlare plugin breaks WordPress repeatedly

Front page broken briefly…

I’m not sure how, but performing some fairly standard WordPress operations ended up effectively destroying several tables on the main blog which runs the front page operations. I’m restoring them from backups, though AWS’ backups strategy involves creating a whole new DB instance so it’ll take a little longer than I’d like. Luckily, all the individual blogs are fine while the front page is a mess.


*Update* All clear. Front page’s mangled tables restored from backup. Still can’t find the exact reason they corrupted to begin with, but nightly backups are working just fine, so that’s good at least.

*Update 2* Wonderful, there were side effects that deleted many images from the S3 storage. We know what happened, and how to prevent it from happening again, but in the meantime, fixing this particular mess involves re-uploading the now-missing images. Everyone affected knows about it and will be fixing as soon as they can. Shaking out the bugs, just shaking out the bugs…

Photo by Freidwall

Front page broken briefly…

Working on front page featured images

The front page may be a bit spartan while I try to work out how to force it to use a specific size of thumbnail, and how to go back in time and force regeneration of that size of thumbnail across all images. Sincere apologies, mea culpa and all that.

construction photo

Update 12:32am CST
Aaaand, we’re clear! Front page is now pushing out the 512×240 images wherever it can be found.

Also, RSS feed icons should be on the top bar of every blog, next to the Search and Login icons.

Working on front page featured images

On the reported RSS issues

Since launch, there’ve been several reported issues with RSS, which I’ve scrambled to try to fix before they did too much damage. But, we keep getting new requests, because the theme apparently doesn’t do a very good job of keeping track of the links, so here’s what’s wrong presently and what I’m working on to fix it.

RSS logo

  • Individual author feeds polluted with whole-network posts – originally, we had installed a plugin that served the feed from /feed for the whole network, but it turns out that it was too greedy and it also grabbed every author’s /feed URL as well. Caching RSS feed sites like Feedburner and Feedly grabbed what was in those lists, and kept them. Unfortunately, there’s not much we can do about this but wait for those to expire.
  • As a side effect of this, the theme’s expectation that the front page blog list should be accessible at, and WordPress treating that like its own blog, means that feed is empty. The whole-network feed is actually at and it serves content from every blog. I will set up an .htaccess rule to seamlessly redirect the top level feed to the network-feed URL.
  • Once I’ve done the above point, I can change the link in the header on the front page to /feed/, thus making it more apparent that that’s the RSS feed as the CSS that provides correct iconography only auto-senses that specific URL.
  • An SEO plugin was installed to help with Facebook linking not grabbing appropriate featured images. That plugin expects all the authors’ feeds to be at /feed too. Fixing the previous point will fix the front page.
  • Some browsers don’t even care about the auto-sense URLs, so putting a prominent RSS feed icon in the top bar of every blog would be preferable. I’ll be doing that as soon as possible, as soon as other fires are quenched.

If anything else comes up, feel free to leave a comment or contact us via the contact form here.
Photo by thewritingzone

On the reported RSS issues

So THAT’S what I’ve been up to.

I’ve sorta receded into the background lately, but with good reason. I’ve been doing the technical heavy-lifting for these new digs. They ain’t perfect, but a coat of spackle and primer and they’ll be fine.

Let me know if and when the seams start to show, either here or via the “Tech Issues?” link on every page. I’m especially interested in feedback from folks who use screen readers, because while I can sprinkle tags around and follow best-practices guides, I’m not exactly living in that mode and would love to hear from those of you who do.

There will be growing pains. There will be last-second alterations. There will be missing media, and stylistic problems, and edge cases we haven’t anticipated. But we’ve put a lot of effort into keeping all of that to an absolute bare minimum, and we’ll fix just about anything you point out as soon as possible.

It may be a while before I’m back to blogging regularly, mind you. I’ve got a lot on my plate most of the time anyway, and building and improving this place has kept me pretty occupied of late.

Welcome to The Orbit!

(Those of you visiting now because Hemant posted not an hour before I took the password box down — yeah. Greta accidentally posted her farewell post at FtB early but took it down almost immediately, but that was enough to tip someone to tip Hemant off. And the kickstarter isn’t live yet, but will be as soon as the video is complete. The social media blitz is actually scheduled for tomorrow morning, and I took the password box down early so I could get a few Jetpack and Google integrations complete before the REAL launch. Thanks for the advertising, Hemant. Wish he would have waited for the full launch, but hey. How was he supposed to know?)

We’re fully launched! Kickstarter is live! Welcome one and all!

So THAT’S what I’ve been up to.


I added the Recent Posts link to the top menu, and somehow that broke some piece of hard-coding somewhere that was giving that menu the appropriate style. I’m trying to figure out what is going on right now, but clearly there’s some dark magic somewhere in the underpinnings of this site. I’ve also let our web guy know, and am waiting on him to get back to me with a “duh, this is how you do it” message. I blame the theme, right now. I might just add a CSS hack in case things in that menu area are ever improperly classed, and be done with it. Not sure how to proceed yet.

[ETA: Uh, and now it’s working, without having edited any CSS or anything. There’s clearly some odd caching going on that I stumbled across.]

Meanwhile, there’s still the matter of the broken SocialConnect Facebook login. It’s been broken for almost a month. I didn’t touch THAT, I swear.

[ETA: and now I will! Apparently I can fix things just by poking them and lamenting publicly that they didn’t work.]


Testing a site-wide posts plugin

I’ve got a few testbeds splattered across my site right now for the purposes of testing a plugin that I’d like to pressgang into use network-wide. One major problem we’ve had historically is a lack of visibility from one blog to another. With everyone lamenting that Ed Brayton is leaving, and that that’s the only blog they read (outside Pharyngula), those of us hardscrabble waifs fighting over the crumbs of traffic after the big men get their share, I’d like to make sure that the fact that we’re scrambling for those crumbs is perfectly apparent to everyone.

You eagle-eyed readers have probably noticed that I have three new pages on my blog: Random Network Posts, Last 50 Posts, and Last 2 Posts on Each Blog.

The first shows a completely random post from every single blog that is both public and not rated Mature (as Taslima and Maryam’s blogs are — by necessity, to keep Google from freaking out about their frequently posting things like pictures of acid attack victims, etc). The second shows a sort of feed-like view, with the last 50 posts across the network (and three more pages of 50 if you want to drill backward). The third is something approximating the old homepage, with the last two posts from every single blog — sadly, with no visual break between the blogs, and unfortunately, with the two posts reversed time-wise.

Also, my widget does something unique — it shows the latest post from the last ten blogs that have written a post, rather than displaying the last ten blog posts in toto. This still advantages frequent-posters like Pharyngula, in that it’ll probably always be in that top ten, but it doesn’t spam out the rest of us.

The visuals are absolutely shit, right now, though. It’s not suitable as a front page in its current form. But with some CSS massaging, and maybe hacking the plugin a bit to suit our needs, it could be pressganged to provide some serious and much-needed cross-site visibility.

What do you folks think? How could it be improved? What sorts of sorting schemes would you like to see? How useful do you think these are?

Testing a site-wide posts plugin

Pause for station identification

I have the Mock The Movie transcripts still to finish — CA7746 is sending me subtitle files galore, and I have yet to upload them because they’re always a bit of a pain to attach within WordPress and link appropriately. (The fact that I have to upload them as .txt instead of .srt is not the least problem.)

After that, as promised, I’ll be doing short reviews of my cornucopia of Steam games, starting with, oh, let’s say Mercenary Kings. And don’t worry, they’ll be reviews from my Evil SJW Perspective.

In the meantime, let me remind you where you are.

Welcome to Lousy Canuck.

I like turtles.

Pause for station identification


Over the next little bit I’m going to be catching up mostly with Mock The Movie transcripts that I’ve been neglecting to post. I’m also fundraising for Geek Girl Con, so expect a livetweeting of both the soundtrack and movie proper of Glitter when we hit $2000, and a livestream of Zelda 2: Adventure of Link once we hit $3000. Last I heard, we were at $1780, but that was around noon on Sunday. Not sure where we’re at now, but I’m hoping at least a hair more — maybe even to the Glitter goal already.

Once I’m caught up on MtM and the GGC AoW, I’ll make you go WTF with a BBQ of all the Steam games in my library. I’ve been hurting for content that won’t be particularly likely to draw people’s unmitigated ire, and I honestly don’t have a lot of resources for serious conflict lately (no, honestly, I don’t). So, I got this bright and probably delusional idea that perhaps since I have bought so many Humble Bundles, and perhaps since I’ve not really talked about many of them outside of maybe a tweet here or there, I could do proper reviews of them. I’m also considering doing long-plays of various video games and recording the results, hopefully with my musings on the problematic bits, or the design parts that need critiquing, intermingled.

As though talking about video games from a social justice perspective is a totally safe and conflict-free vocation. It’s certainly worth a try, though! Maybe it’ll keep me writing, even where every other time I open my big trap I make shit explode for, as far as I can tell, no properly-scoped reason. Maybe video games will be different, he said knowing full well Gamergate exists.

We’ll see how all of that goes!