I believe there is a unwritten constitution for all webmasters, and the most important two should be not trick or mislead the readers and show credit for other author's work. In fact, anyone with basic moral value will tell himself NOT do any of those 2 things.
Exceptions always occur, in programs and in life.
Wordpress.com.cn [ref="nofollow" PR]
According to iLEMONed The admin of wordpress.com.cn zhuozr sent out a bunch of spam ask people to join wordpress.com.cn.
The spam is in English, a extremely broken English(mine English sounds professional). Thx for my friend iStef, I can get a original copy:

hi,

wordpress.com.cn is an online blog community for those who want to give and get support on their journeys. No matter the plan you chose use the community to blog about your diet experiences. Post your daily food jounrals, your reciepe ideas, vent about the day, celebrate your victories or just read and offer supprt for those that need it. Anyway you participate I hope you join our supportive blog community!

wordpress.com.cn is free.It’s simple! Sign up to start blogging or simply read and offer support.

It’s called WordPress
It’s available for people, just like you and me

xD... I'm laughing my ass off. Rule 1: Don't send out English spams when you are trying in search for Chinese users.
I really don't get it, why would zhuozr do something like this? For fame? For money? Both possible. But his doing is completely unconstitutional! I'm pissed!
First, all the theme credit and wordpress credit can no where be found. Even though I'm no wordpress fan, I'm still enraged by this act for one simple reason--zhuozr don't have respect for the work of others, he just use other's work without even a small thanks1! Their "official support forum"'s article are copied all over the net.
Secondly, he does not take the criticize well, and attacks anyone who work against him. He commented in a few Chinese blog, one of them literally called iStef poor like himself is a millionaire. His mind can be translated into some naive baby talk "I got the money, I got the power. Bloggers can not harm me, you guys are NOTHING! NOTHING! Muhahahahahahahaha"

Usually, I don't call people names... but such a douche is unforgivable.

zhuozr have a great domain
zhuozr had a chance to create a cool blog service provider that runs on wordpress.
If zhuozr just create a site like wordpress.com and reserve all the credits, maybe wordpress.com.cn is a nice blog service provider instead of a site powered by wordpress2 that's getting flamed by some of the most powerful Chinese bloggers.

Let's take the event as a warning, don't let popular site's domain get ported in China poorly. One day, I will fight the war when drupal.com.cn or mgccl.com.cn become the next victim of those Shadow Hunters.

1. 1. not even in a abbreviated form, thx
2. 2. and a douche

Today, I browsed the Top 'page not found' errors page in my blog so I can setup some redirections. Two of those entries are very unusual.

The wp-comments-post.php is a file usually used in wordpress to submit a comment, it's common someone will access that script, but it is uncommon to access it directly since that page does not make sense to humans.

The other one features "/phpbb". spambot mistake that as where phpbb is installed. That post is 5 months old and not popular posts, it's only logic to assume spambot is the one that views that page.

That's pretty much explains why there is so little spam in my site now(I didn't even implement CAPTCHA!) , the spambots that visit my site are mostly ones made to target wordpress and phpbb. Glad I made the switch :)

After using Wordpress for around 5 months, I finally made the change because of the high CPU usage from wordpress.
Serendipity, Drupal or wait for next version of Wordpress to come out are the 3 choices I'm facing. There is no harm by trying the first two, so I ported my post in both Serendipity and Drupal.
The decision was hard, but I finally made my choice by selecting Serendipity for these reasons.
1. I don't see any report of Serendipity ever uses 100% CPU
2. Serendipity have a non-php-script-based template system(so does Drupal)
3. Serendipity are made for blogs, unlike Drupal, which is more toward a portal system.
4. I can't wait two days for wordpress 2.2 to come out!

I tired Serendipity first, just to see if I would like it or not. Serendipity compare to Wordpress, it's ease of use drop down to the dump.
Use the defult theme browsing the admin panel is as painful as browing the Drupal admin panel, because the UI is mind blowing(not in a good way). Wordpress, having dash board with huge buttons, clearly wins out in this.

Few seconds though exploring in the plugins, I found a plugin that implement one of the cutest feature--download plugins directly from the Serendipity respitory. But sadly it isn't working that well. I tried to download GeSHi plugin and it paused at inno.php for like 5 minute until I finally can't wait and download it from it's official site directly.

Anyway, I have to use the next week(mon-fri) fix all the problem from porting things from wordpress to Serendipity.

If you are using wordpress 2.12, you could get some XSS in your site
http://www.yourdomain.com/?year=xss%3C/title%3E%3Cbody%20onmousemove=document.write(document.cookie);%3E%3C/body%3E
Thx for Simon show me the code :hot:
The original post for this XSS are here from ChX Security

Basically, just read this post Timeline Archive View For WordPress and then do some improvement by following my article.
First, we don't want to generate a XML file every time, so make it generate one XML file and let the Timeline uses that XML file. Here is the code, put this code in the wordpress root, this is the modified version of the original one from Crickets Chirping:

if (empty($wp)) {
    require_once('wp-config.php');
    wp('feed=atom');
}
$more = 1;
$data = '<data>';
$my_query = new WP_Query('showposts=50');//change the number for showposts
//to how many post you want to show on the timeline.
 
while ($my_query->have_posts()){
	$my_query->the_post();
    $data .= '<event 
        start="';
        ob_start();
    	$data .= get_post_time('M d Y H:i:s \G\M\T', true);
    	ob_end_clean();
        $data .= '"
        isDuration="false"
        title="';
        ob_start();
        the_title_rss();
        $data .= ob_get_contents();
        ob_end_clean();
        $data .= '"
        link="';
        ob_start();
        permalink_single_rss();
        $data .= ob_get_contents();
        ob_end_clean();
        $data .= '">';
 
	ob_start();
	the_excerpt_rss(40, 1);
	$cool = ob_get_contents();
	ob_end_clean();
	$data .= str_replace('>','&gt;',str_replace('<', '&lt;',$cool));
	$data .= '</event>';
}
 
$data .= '</data>';
$fname = "timeline-xml.xml";//name of the file
$fhandle = fopen($fname,"w");
fwrite($fhandle,$data);
fclose($fhandle);

And that generate a XML file in the server. Make the Timeline API link to that XML file
Now we just want to run it every one hour(or what ever you think it's fit), do that by configure the cron job or using a fake cron script like WP-cron.