OpenDyslexic font option for dyslexic The Orbit readers

For those of you who have difficulty reading seriffed fonts, or who would prefer to use the OpenDyslexic font but aren’t on a computer you control, we’ve installed the ability to switch all the fonts on the site to something a little more readable for you.

Caveats:

– You must be logged in to the site, or else we don’t know to deliver the pages to you in that font. You may log in either with local credentials, or via the WordPress.com Single Sign On.
– This obviously only affects fonts that are text, not ones that are part of images like blog banners, etc.

When you’re logged in, click the Key icon and click Edit my profile. Or, go here. ETA: that will only work for some small fraction of you — best to use the key link or the WP Admin bar where it says “Howdy, Yourname”.) Choose an option (probably to use on both the website and the admin) under the OpenDyslexic header, scroll to the bottom, and click “update”.

From then on, any time you’re logged into the site under your account, you’ll have all the pages rendered to you with the OpenDyslexic font, like so:

opendyslexic-option-gretasblog

Additionally, since apparently this is not common knowledge among those who have need for such options, most modern browsers provide you with the ability to change the font size on the page you’re viewing. Either hold the Ctrl (or Command on a Mac) key on your keyboard, and use the mousewheel to zoom in and out, or hold Control and hit the Plus or Minus keys (next to the Backspace/Delete key, or on your number pad). This will work in Internet Explorer, Edge, Chrome/ium, Opera, Firefox and Safari, though the specific key combination may be different in your version, so look around in the View menu. Those of you who feel the font is too large (or, at least in one case, too SMALL, despite our default being significantly larger than many other sites) are encouraged to use that zoom function to set your browser settings to something comfortably readable. If you’re absolutely stumped for how to do so, let me know what browser you’re in, and I’ll try to find an option for you.

We take accessibility concerns very seriously here, and if you have any issues to report, please let us know however you can — either in comments on this post, by the email I’ve provided in my header, or by the tech issues form, for instance, but I’ll take bug reports by carrier pigeon if need be. We can’t accommodate every request, especially conflicting requests, so we aren’t about to make radical changes to our default theme that may alienate some other users without a very compelling reason to do so (so please keep your “can you change all the fonts everywhere to Papyrus 64pt red on dark-red” troll requests to yourselves, thanks!), but any issues with, for instance, screen reader software can be dealt with without impacting other readers negatively.

OpenDyslexic font option for dyslexic The Orbit readers
{advertisement}

CloudFlare plugin breaks WordPress repeatedly

Cloudflare is a reverse proxy service that protects hundreds of thousands of websites, The Orbit included, from attacks like DDoS, spam, brute force, and various other exploits. Without it, in the adversarial environment that the Internet happens to be for social justice oriented folks, we would be crushed under the weight of people desiring to silence us. So, they’re doing us a great service, and we are indebted to them.

HOWEVER.

Yesterday, after a major vulnerability was discovered in the Cloudflare plugin for WordPress, which could allow sites to be cross-site scripted (a method that might allow you to inject bad code into a site “from the side”), it seems as though they panicked and decided to encode *all* POST and GET data, which caused a major set of problems. People trying to edit posts found every non-alphanumeric character turned into an HTML entity (“:” instead of “:” for instance). Then those entities were being reencoded again (“:”).

Over and over and on and on, the posts were getting more and more corrupted. And that wasn’t the only thing that was busted — admins were being told they didn’t have permissions to access certain pages, because the links to those pages were having parts of themselves converted to HTML entities as well. End users could see the site, but admins were fully hamstrung. Greta was working on Steven Universe episode 8 and got stopped short, emailed me to find out what broke, and to my horror, the auto-updated plugin for Cloudflare was actually hampering my ability to do anything in the WordPress admin. I thought we were in serious trouble, but I tracked it back to the plugin which had just updated to version 1.3.21. I pulled out an older version from Sunday’s backups, 1.3.20, and the problem was resolved. Then I found out WHY they’d updated it, and apparently there are such hacks in the wild right now.

So. Rather than risk getting us hacked, when they quickly released 1.3.22 to fix how they broke half of WordPress, I let it install that version.

Overnight, they’ve since updated to 1.3.23 to fix how they send things back to Cloudflare to pre-detect spam. So they made a giant mess and they’re clawing back at it right now.

There’s a problem that several people are reporting presently, that they can’t post comments while not logged in by submitting their email addresses — because the email address never validates. Clearly this is because the Cloudflare plugin is trying to sanitize that variable as well, incorrectly. Other blogs are also having this issue, as seen here: ERROR: The email address isn’t correct. (4 posts) and here: ERROR: The email address isn’t correct. (3 posts). This problem isn’t just impacting The Orbit, but any WordPress site that uses Cloudflare.

But because of the terrible nature of what they’re fixing here, we kind of have to ride out this storm. I could try to implement my own bugfix for this, e.g. by removing email address validation, but that would have other negative impacts on the rest of the site.

For now, please log in to make comments. Sorry for the inconvenience. Hopefully they’ll fix this issue too, as soon as possible.

This is a disaster and it was entirely avoidable through proper QA of the plugin before it being released. The rapid fire nature of the plugin updates speaks to a sort of panic to address the initial vulnerability, which is laudable, but a lack of foresight as to what kind of impact specific changes might make to the rest of the service. Those of us who rely on the plugin should not be stuck choosing between being hacked, being entirely unprotected against DDoS and spam, or having people be able to comment.

UPDATE: they released an update which properly namespaces their variables and only sanitizes those variables, so things should finally be under control. This is why you don’t release plugin updates into production without testing.

Try again to comment, please, folks.

CloudFlare plugin breaks WordPress repeatedly

Working on front page featured images

The front page may be a bit spartan while I try to work out how to force it to use a specific size of thumbnail, and how to go back in time and force regeneration of that size of thumbnail across all images. Sincere apologies, mea culpa and all that.

construction photo

Update 12:32am CST
Aaaand, we’re clear! Front page is now pushing out the 512×240 images wherever it can be found.

Also, RSS feed icons should be on the top bar of every blog, next to the Search and Login icons.

Working on front page featured images

On the reported RSS issues

Since launch, there’ve been several reported issues with RSS, which I’ve scrambled to try to fix before they did too much damage. But, we keep getting new requests, because the theme apparently doesn’t do a very good job of keeping track of the links, so here’s what’s wrong presently and what I’m working on to fix it.

RSS logo

  • Individual author feeds polluted with whole-network posts – originally, we had installed a plugin that served the feed from /feed for the whole network, but it turns out that it was too greedy and it also grabbed every author’s /feed URL as well. Caching RSS feed sites like Feedburner and Feedly grabbed what was in those lists, and kept them. Unfortunately, there’s not much we can do about this but wait for those to expire.
  • As a side effect of this, the theme’s expectation that the front page blog list should be accessible at http://the-orbit.net/feed/, and WordPress treating that like its own blog, means that feed is empty. The whole-network feed is actually at http://the-orbit.net/network-feed/ and it serves content from every blog. I will set up an .htaccess rule to seamlessly redirect the top level feed to the network-feed URL.
  • Once I’ve done the above point, I can change the link in the header on the front page to /feed/, thus making it more apparent that that’s the RSS feed as the CSS that provides correct iconography only auto-senses that specific URL.
  • An SEO plugin was installed to help with Facebook linking not grabbing appropriate featured images. That plugin expects all the authors’ feeds to be at /feed too. Fixing the previous point will fix the front page.
  • Some browsers don’t even care about the auto-sense URLs, so putting a prominent RSS feed icon in the top bar of every blog would be preferable. I’ll be doing that as soon as possible, as soon as other fires are quenched.

If anything else comes up, feel free to leave a comment or contact us via the contact form here.
Photo by thewritingzone

On the reported RSS issues

So THAT’S what I’ve been up to.

I’ve sorta receded into the background lately, but with good reason. I’ve been doing the technical heavy-lifting for these new digs. They ain’t perfect, but a coat of spackle and primer and they’ll be fine.

Let me know if and when the seams start to show, either here or via the “Tech Issues?” link on every page. I’m especially interested in feedback from folks who use screen readers, because while I can sprinkle tags around and follow best-practices guides, I’m not exactly living in that mode and would love to hear from those of you who do.

There will be growing pains. There will be last-second alterations. There will be missing media, and stylistic problems, and edge cases we haven’t anticipated. But we’ve put a lot of effort into keeping all of that to an absolute bare minimum, and we’ll fix just about anything you point out as soon as possible.

It may be a while before I’m back to blogging regularly, mind you. I’ve got a lot on my plate most of the time anyway, and building and improving this place has kept me pretty occupied of late.

Welcome to The Orbit!

(Those of you visiting now because Hemant posted not an hour before I took the password box down — yeah. Greta accidentally posted her farewell post at FtB early but took it down almost immediately, but that was enough to tip someone to tip Hemant off. And the kickstarter isn’t live yet, but will be as soon as the video is complete. The social media blitz is actually scheduled for tomorrow morning, and I took the password box down early so I could get a few Jetpack and Google integrations complete before the REAL launch. Thanks for the advertising, Hemant. Wish he would have waited for the full launch, but hey. How was he supposed to know?)

We’re fully launched! Kickstarter is live! Welcome one and all!

So THAT’S what I’ve been up to.

Testing a site-wide posts plugin

I’ve got a few testbeds splattered across my site right now for the purposes of testing a plugin that I’d like to pressgang into use network-wide. One major problem we’ve had historically is a lack of visibility from one blog to another. With everyone lamenting that Ed Brayton is leaving, and that that’s the only blog they read (outside Pharyngula), those of us hardscrabble waifs fighting over the crumbs of traffic after the big men get their share, I’d like to make sure that the fact that we’re scrambling for those crumbs is perfectly apparent to everyone.

You eagle-eyed readers have probably noticed that I have three new pages on my blog: Random Network Posts, Last 50 Posts, and Last 2 Posts on Each Blog.

The first shows a completely random post from every single blog that is both public and not rated Mature (as Taslima and Maryam’s blogs are — by necessity, to keep Google from freaking out about their frequently posting things like pictures of acid attack victims, etc). The second shows a sort of feed-like view, with the last 50 posts across the network (and three more pages of 50 if you want to drill backward). The third is something approximating the old homepage, with the last two posts from every single blog — sadly, with no visual break between the blogs, and unfortunately, with the two posts reversed time-wise.

Also, my widget does something unique — it shows the latest post from the last ten blogs that have written a post, rather than displaying the last ten blog posts in toto. This still advantages frequent-posters like Pharyngula, in that it’ll probably always be in that top ten, but it doesn’t spam out the rest of us.

The visuals are absolutely shit, right now, though. It’s not suitable as a front page in its current form. But with some CSS massaging, and maybe hacking the plugin a bit to suit our needs, it could be pressganged to provide some serious and much-needed cross-site visibility.

What do you folks think? How could it be improved? What sorts of sorting schemes would you like to see? How useful do you think these are?

Testing a site-wide posts plugin

Pause for station identification

I have the Mock The Movie transcripts still to finish — CA7746 is sending me subtitle files galore, and I have yet to upload them because they’re always a bit of a pain to attach within WordPress and link appropriately. (The fact that I have to upload them as .txt instead of .srt is not the least problem.)

After that, as promised, I’ll be doing short reviews of my cornucopia of Steam games, starting with, oh, let’s say Mercenary Kings. And don’t worry, they’ll be reviews from my Evil SJW Perspective.

In the meantime, let me remind you where you are.

Welcome to Lousy Canuck.

I like turtles.

Pause for station identification

Blogkeeping

Over the next little bit I’m going to be catching up mostly with Mock The Movie transcripts that I’ve been neglecting to post. I’m also fundraising for Geek Girl Con, so expect a livetweeting of both the soundtrack and movie proper of Glitter when we hit $2000, and a livestream of Zelda 2: Adventure of Link once we hit $3000. Last I heard, we were at $1780, but that was around noon on Sunday. Not sure where we’re at now, but I’m hoping at least a hair more — maybe even to the Glitter goal already.

Once I’m caught up on MtM and the GGC AoW, I’ll make you go WTF with a BBQ of all the Steam games in my library. I’ve been hurting for content that won’t be particularly likely to draw people’s unmitigated ire, and I honestly don’t have a lot of resources for serious conflict lately (no, honestly, I don’t). So, I got this bright and probably delusional idea that perhaps since I have bought so many Humble Bundles, and perhaps since I’ve not really talked about many of them outside of maybe a tweet here or there, I could do proper reviews of them. I’m also considering doing long-plays of various video games and recording the results, hopefully with my musings on the problematic bits, or the design parts that need critiquing, intermingled.

As though talking about video games from a social justice perspective is a totally safe and conflict-free vocation. It’s certainly worth a try, though! Maybe it’ll keep me writing, even where every other time I open my big trap I make shit explode for, as far as I can tell, no properly-scoped reason. Maybe video games will be different, he said knowing full well Gamergate exists.

We’ll see how all of that goes!

Blogkeeping

My obligations.

Recently, Hemant Mehta has implied that I have an obligation to apologize to Ben Radford because with the settlement of the lawsuit he brought against Karen Stollznow, her original claims — which I’d detailed and scrupulously withheld judgment on the merits of, going so far as to expressly forbid “playing the villain ball” to explain any aspect of the case even in the comments — have been proven false. That I have an obligation that, because I’d given “near-daily updates” on the case when it broke, I should have been up to date on it as soon as the news broke and should have immediately posted and decried Karen’s lying liar-ness as far and wide as I’d discussed her original allegations.

I have no such obligation.

(Here’s Rebecca Watson’s excellently titled response, since she, like me, has nothing to apologize for either. Here’s also Stephanie Zvan’s devastatingly succinct point form reply to Mehta’s demands. They are both far better reads than this post, or Mehta’s.)

Continue reading “My obligations.”

My obligations.

#FtBCon 3: My facilitator track

The full schedule for FtBCon3 is at Lanyrd, and finding your way to the Google Event page (where the Hangout will be broadcasted) is as simple as going to the panel you want, and clicking on the Official Session Page. This will work even after the event was over hours ago, even if you’re a little late, even if you have used a TARDIS and gone to the distant future (assuming Google’s servers still exist). And if you’re early, you’ll probably see no video, or a countdown clock til go-live.

Q&A will be handled in the Pharyngula chat room, accessible by going to http://tinyurl.com/ftbcon.

Here are the sessions I’m facilitating, with the Google Event pages linked in the titles. All times are in Central.

Asexual Spectrum Atheists – Friday, 9pm-10:30pm
An asexual is someone who doesn’t experience sexual attraction. While it’s a simple definition, we will correct common assumptions, and explain the the asexual spectrum through our personal experiences. We will discuss obstacles faced by asexual-spectrum folk and why it’s important to be aware of it and talk about it. And completely unique to this panel, we’ll discuss the good and the bad of how our experiences intersect with atheism and skepticism. This is especially important considering that the asexual community is predominantly non-religious right now.

The Psychology of Trolls – Saturday, 10am-11am – panelist
Much has been made recently of trolling on the internet, and how it betrays the trolls’ sociopathy. Is there any truth in that? Why do trolls troll, otherwise? What traits do they have in common, and what tactics do they use as a result?

Fundraising for a Secular Cause: Because It Takes Money To Change the World – Saturday, 1pm-2pm
It takes money to scale an organization up from its seeds as a good idea into a major player with local and/or national impact. Organizing a successful conference entails similar costs. But fundraising is hard, and very few people enjoy asking others for money.
This panel will show you not only how to ask people for money, but also to understand who you should be asking in the first place! Presenters range from those serving as volunteer fundraisers for a local group, to organizers of highly successful conferences, to professional staff with responsibility for raising a million-dollar budget.

Student Advocacy and Why Students Need to be Involved in Politics – Saturday, 3pm-4pm
Cara and Dan will illustrate the how and the why of political activism, and how to make allies out of your state representatives, city council members, and school administrators.

Secular Cults – Saturday – 5:30pm-7pm
Not all cults are religious. Attributes of a cult include traits such as: unquestioning commitment to one or more leaders, who are considered unaccountable to any authorities; punishment of dissent; mind-altering practices such as meditation and chanting; and deceptive recruitment practices. Many organizations that are not overtly religious still exhibit many of these traits. In this panel we will discuss some examples of this phenomenon, such as the Amway and other multi-level businesses, the self-help movement, and some homeschooling organizations.

Evidence-Based Feminism 2 – Saturday – 7pm-8pm
HJ Hornbeck continues to put feminism’s claims under science’s microscope, this time by examining economic equality, representation, and that perennial favorite “rape culture.” Watching his previous talk is optional, but recommended.

Secular Asian Community – The binary nature of diversity discussions – Saturday 9pm-10:30pm
A panel of Asian freethought community members will discuss successes in making Asians more visible in the community, things the secular community could be doing better to make Asians feel more welcome, and the consequences of not building organized and humanist communities, such as the situation in China presently.

Questioning the Historicity of Jesus: Commentary and Q&A by Dr. Richard Carrier – Sunday 11am-12pm
Dr. Carrier will briefly discuss his new book On the Historicity of Jesus (published by the University of Sheffield), his online course on the topic, and some of the issues of debating the historical existence of Jesus, and then take live Q&A from the audience. Exactly the opposite of a Sunday sermon. On Sunday. At sermon time.

Teaching Critical Thinking – Sunday, 4pm-5pm
How can teachers use their role as educators to instill critical thinking and ideas like rationalism and empiricism? Are such approaches intrinsic to teaching or separate? We could also go into the ethics of where to draw the line between instructing and “preaching” but I’d actually prefer to stick to the praxis and methodology of bringing critical thinking into the classroom. How do we adapt assessments and assignments? How do we model thinking behaviors we’d like to see?

Digital Self-Defense – Sunday 6pm-7pm – panelist
Experts in various fields related to technology and intellectual property come together to discuss the art of self-defense on the internet. How do you protect yourself online from all manners of attack, be they hacks or legal threats?

And of course I’ll be in the last panel, the denouement of the con, Wrapping It Up.

#FtBCon 3: My facilitator track