Plugin: Sexy Comments v1.4 Released!

[[innerindex]]

Introduction

This has been a long time coming and I am happy to announce the release of Sexy Comments v1.4! With this version comes a lot of changes…so be sure to read the installation section! Along with simple optimizations and general restructure, the following features are now available:

Feature List

  • Ajax comment preview (new feature)
  • Author post highlighting
  • Avatars
    • Either display/hide avatars
    • Select your avatar service of choice (Gravatar and MyBlogLog options are available)
    • Specify maximum avatar dimension (Gravatar Only)
    • Customize default/trackback avatars
  • Comment Reply-To (new feature)
  • Comment Themes (new feature)
  • CSS overriding
  • “Number of Comments” message customization
  • jQuery inclusion toggling

Installation & Upgrading

  1. Download Sexy Comments v1.4 from the WordPress plugin directory
  2. Unzip that little sucker
  3. Place sexy-comments folder in your wp-content/plugins directory (it should look like this: wp-content/plugins/sexy-comments/
  4. Log in to your WordPress plugin admin page and activate the plugin.
  5. In the plugin admin page, click the SexyComments sub-menu.
  6. Customize the settings until you have something that works for you.
  7. Locate your theme’s template file that displays comments (typically comments.php). Remove the comment output loop and replace with:
    < ?php sexycomments::show($comments); ?>
    
  8. If you plan to use the Ajax features or the Reply-To features, you will need to do two things.
    1. Enable jQuery and jQuery Form Extension via the Plugin > SexyComments administration page.
    2. Locate the template file that contains the comment submission form (typically comments.php near the bottom) and replace that chunk of code with:
      < ?php sexycomments::form(); ?>
      

    NOTE: Be sure not to touch the section that generates the form for adding comments! This plugin does not re-create the comment creation form.

  9. Lastly, consider disabling the plugin CSS and taking the example CSS provided and customize it to suit your theme’s color scheme.
  10. You should be all set, now! w00t w00t! Go make a MyBlogLog or Gravatar account if you don’t already have one and upload an avatar. Gravatar tends to be pretty flakey so I’d suggest using MyBlogLog.

FAQs

  • Q: What is this “comment loop” you speak of?

    A: Ah, yes. That thing. Well, its anatomy looks similar to this (there will be some variation from theme to theme):

    < ?php if ($comments) : ?>
    	<!-- some HTML is typically here -->
    
    	< ?php foreach ($comments as $comment) : ?>
            <!-- the output HTML of each individual comment -->
    
    	< ?php endforeach; /* end for each comment */ ?>
    	<!--...more HTML -->
     < ?php else : // this is displayed if there are no comments so far ?>
    	< ?php if ('open' == $post->comment_status) : ?>
    		<!-- typically a blank area or a place with a comment -->
    	 < ?php else : // comments are closed ?>
    		<!-- closed comments section -->
    	< ?php endif; ?>
    < ?php endif; ?>
    
    
  • Q: Ok…so I just upgraded to a new version and there is nothing in the SexyComments admin page…WTF?

    A: Yeah. Sorry about that. In this version, the directory structure has changed drastically and Sexy Comments should no longer live in wp-content/plugins/sexycomments.php OR wp-content/plugins/sexycomments/sexycomments.php, but instead it should be in wp-content/plugins/sexy-comments/. Make sure that the plugin is in the correct location of your plugins directory.

  • Q: What happened to sexycomments_print($comments)? I used to use that to get my comments to display…will it still work?

    A: Along with a directory structure overhaul, this version had a large code overhaul as well. The old function (sexycomments_print) is deprecated but will still work for the time being. I greatly urge you to move over to the new function call sexycomments::show($comments) as that is the new *impoved* function.

Slashdot: Would You Trust RFID-Enabled ATM Cards?

Slashdot posted an article on RFID-Enabled ATM Cards by one of its readers, race_k2. What is commonly the case, the comments at Slashdot tend to be more entertaining and occasionally more informative than the article itself. This article is highlighting some of the comments that have stood out to me thus far. But first, here’s some quotes from the article:

The Article

race_k2 writes:

“As a regular Slashdot reader I’ve followed the development and implementation of RFID devices in many ubiquitous areas such as clothing, passports and even people. Given that our environment is becoming increasingly tagged, often without our knowledge or consent, and can be monitored or hacked by anyone with the proper hardware, skills and motivation, I viewed the recent arrival of two new ATM cards containing RFID chips with skepticism. While this feature may bring the increased convenience of speedy checkouts, it is not something I am completely comfortable using and decided that the safety of my personal data was more important than the ability to buy things quickly. The vulnerable nature of RFID security coupled with recent, though unrelated, reports of a Possible Security Flaw In ATMs make me seriously question whether the marriage of wireless data transfer with personal finance is a wise application of technology.”

[…]

“My concerns were well received by representatives at Chase and after checking with a supervisor the rep said that a new chip-less card was on its way. On the other hand, the people at HSBC could not fathom why I would not want to have this fantastic new technology in my pocket everywhere I go. The customer service agent said that cards without RFID tags were simply unavailable and I could opt to not use the feature at checkout. The concept of unauthorized reading of the ATM card by a mobile RFID scanner fell on deaf ears and questions regarding the level of security on the RFID ATM card chips were not answered to the technical level that I was hoping for. The stated ‘Don’t worry, we use encryption’ did little to allay my concerns.

Is the unauthorized access of sensitive personal data on an ATM card chip by a home-brew RFID scanner a real possibility? Will we have to worry about the spread of RFID viruses to our back pockets and purses? Finally, are there any passive methods to permanently inactivate an RFID chip without having to resort to its removal or destruction?”

My Thoughts

Immediately upon reading the above article, I was irritated by the fact that these card companies aren’t even educating their customer service departments appropriately in order to field questions be people who are genuinely scared (and rightly so) of RFID chips in conjunction with finance. When race_k2 discussed his experience with HSBC, the fact that his questions were whizzing over the rep’s head and received dumb, uninformative answers is sad. Perhaps it was that specific representative…but I doubt it.

When companies (and governments) adopt such a risky technology in their product and don’t include an opt-out should publicly field questions in a highly visible ‘arena’ to bring the issues out in the open! This would help the company decide on the appropriate direction they should go with RFID as there may be issues they are avoiding due to ignorance; this would also help the consumers make decisions on the company immediately rather than wasting both the customer’s and the company’s valuable time.

That’s never going to happen…but it’d be nice :D Anyways…on to the comments:

The Comments

The article asked its readers for their opinions on the following questions:

  • How safe and secure are the RFID chips that are being embedded in debit and credit cards?
  • To add another issue on to the fire: Would you trust RFID technology on your cards?

Here are a couple responses that I found interesting:

These two comments were regarding the disabling of the RFID chips themselves. I’d be curious to know how effective/successful these ideas are.

  • Ice Wewe writes:

    Just wrap the card in Tin foil. You can keep the magnetic strip (assuming it still has one) uncovered so that you can still check-out the old way. That’s the only non-destructive way I’m aware of for disabling an RFID chip.

  • brunes69 writes:
    Nuke it

    An RFID chip will fry in seconds in a microwave. It takes much longer than that to affect the plastic. And the magnetic stripe will not be affected at all, until the plastic starts to melt.

    Putting the card in the microwave for 3-5 seconds should do the trick. The worst that can happen is you ruin your bank card, so just go to the bank and get another. They don’t cost anything.

This post raised my eyebrow:

  • value_added writes:

    Funny ha ha, yes, but has anyone noticed that many science-fiction movies of recent years have included as a plot device one of the characters embedded with some sort of implant (in the brain, under the skin, etc.) or added to some common item (clothing, watch, pen, etc.) that was carried around? I recently watched Jonathan Demme’s The Manchurian Candidate [imdb.com] on cable and it occurred to me that such a scenario doesn’t have to involve a conspiracy of the highest order to be successful or involve a high-concept goal; unwitting or passive acceptance would work just fine, and the goal can be mundane but similarly insidious.

    My guess is that monitoring technologies in various forms will increasingly become part of our daily lives. RFID chips, for example, seem destined to be everywhere [wikipedia.org], and while it’s up to each of us to be as vigilant as the article’s poster, the future will play out as a constant game of catch-up and workarounds for the select few in the know. Computers are part of our daily lives but knowledge of them is superficial at best. Should we expect the average person to have an inkling of how other technologies that come in smaller packages work?

    Have you scanned yourself, lately?

A comment on security:

  • arivanov writes:

    Not surprised about HSBC. In fact surprising about some sense from Chase.

    HSBC recently forced me to subscribe to the Verified by Visa marketing pseudosecurity garbageshiteware gimmick (the only one of cards I have that actually forced me to do so). During the subscription process I found out that the idiotic subscription interface does not maintain state with most non-mainstream browsers. In fact if you use Konqueror (or play around with your browser a bit) you can cruise through it with flying colours without it asking for verification information, passwords and the like. I was seriously tempted to go all the way and register a few cards for entertainment purposes, but end of the day decided not to.

    So I tried to get the wankers which run the “HSBC Goodness Gracious Me” call center to give me a security contact and a reference to report the bugs. Guess what – they neither understood the concept of “Your credit card interface has a major security flaw”, not could provide a contact. Still better then Amex though. Under similar circumstances 4 years ago when I tried to contact the Amex security dept with a similar bug they subscribed me to a mandatory 60 days of phone marketing and email marketing for good measure.

    Frankly – they have no clue. Banking security at its best. Understanding is not required, BS and ISO numbers are.

And of course, a rather humorous post after a tool posts his opinion:

  • The tool: Groo Wanderer writes:

    I would, but everyone seems to forget that you can have RFID and a PIN or other second form of ID. I would have no problem as long as there was an OPTION for a second method of authentication to be applied.

    Sure, it would cut down on convenience, but only a little, and would more than make up for it in added safety.

  • The level-headed responder: writes:

    Tell you what, why not post your card details here (including the three digits on the reverse), but NOT THE PIN, and we’ll see how many of us can buy something with it.

    Willing to stand by your statement? Are you sure you still don’t have a problem with other people having access to your card data?

And the comment that is one of my biggest concerns regarding RFID chips in ATM Cards is as follows:

  • inviolet writes:

    With an RFID-enabled credit card, the credit card company is the first line of defense against fraudulent usage. The customer is only secondarily responsible, and in any event does not lose any cash or interest. So, you can be certain that the security system and the implementation will be sound.

    With an RFID-enabled ATM card, all of that is reversed. A fraud will cause the customer to lose his or her cash and interest… and the customer must then fight with the bank to get them back. The bank has only secondarily responsibility, and therefore only secondary incentive, to get the plan right and to maintain the implementation. It’s like a config.rc file with the wrong default value: loss-paid-by = customer.

    It’s a given that few people in any organization (banks or otherwise) actually understand security, encryption, or the very pertinent issue of “identification versus authentication”. But even if Chase or whoever has done their research, the incentives for protecting customers from atm fraud are inherently perverse.

4 Million Dollar TV

Expensive TV

(found via Digg) Amazon currently has a $4 million tv up for sale. In all actuality, Trinet Electronic Networks seems to have entered an incorrect price for the 32″ LCD television which has sparked a few interesting comments:

Great value for your money
Eric Pheterson

I was kind of sketch about buying this specific unit because of the price, but the reviews and descriptions were promising. Once I got it, I opened the box and realized it’s covered in gold and has diamond studs all over it! It has an amazing picture, it’s definately a conversation piece!

What a great deal!!!!!
M. Elzinga

This is the best TV I have ever had!!! The TV is totally worth the 4 million I spent!!! I would totally suggest you buy this TV!!! It is an awesome deal!!!!!!

I would have given it one star
Dad

While I have never owned this tv, it is underwhelming for a price of over $4mm, truly amazing for such old technology.

Comments from Digg

I like how the “low price” indicator is shown! I guess I should buy 2 or 3…

No Free Shipping!!!???

I like the ‘Price at a Glance’ indicator in the top corner ‘List Price $2,699.95, New from $4,018,100.00. BARGAIN!!

No deal! I just bought an LCD TV for $3,500,000!

Boy, whoever did the data entry is sure to never hear the end of this :D