WordPress

Daniel Jaikut reports that WordPress 2.6 will disable the Atom & XMLRPC protocols by default. These APIs are used by applications such as MarsEdit to let you post from your desktop. If you want to use a desktop blogging app, you need to go into the settings and explicitly enable remote posting. Hopefully, upgrading an old WordPress site will keep it enabled.

The developers feel that those APIs “expose a potential to be a security risk“. As far as I know, none of the recent WordPress attacks have involved XMLRPC.

I almost never make a blog post through the web interface; I do all of my blogging with MarsEdit (which I’m now using to write this post). I’m sure the majority of serious bloggers use a desktop client such as MarsEdit or Ecto rather than the web interface, so this will be an inconvenience for all but the most casual users. Since many people will re-enable XMLRPC, any security improvement will be negated.

A better solution would be to require a client key, as Flickr does, which you need to explicitly allow before that client can post to your blog.

I didn’t really like the modified Barthelme theme I was using, so I switched to Chris Pearson’s Cutline theme. I think this theme looks a lot cleaner and easier to read. The theme already supports random images, so I just enabled that feature and added 12 of my favorite photos for the header.

I got bored with the plain text theme I was using, so I switched to a modified version of Barthelme theme, which maintains the minimalism of my old theme but adds a bit more color. I added a slight gradient to the sidebar to perk it up a little bit while still keeping a clean look.

Today marks the fifth birthday of WordPress. For those of you in San Francisco, the developers are throwing a party at 111 Minna, starting at 9PM tonight.