April 20, 2026
Security
Somewhere along the way, during a settings page rebuild, the Akismet API key field quietly disappeared from the admin. Nobody noticed until the comment queue started filling up with the kind of enthusiastic pharmaceutical advertising that suggests the internet has given up on subtlety entirely. It's back now, and it has company.
SnapSmack's anti-spam stack now runs three layers deep. First, Akismet — the battle-hardened cloud filter that has been reading spam for longer than most current web developers have been working. It has processed north of 800 billion spam comments at this point and is, to put it politely, very good at its job. The API key goes in under Admin → Settings → Global Comments, there is a test button so you know immediately whether it's working, and then you mostly forget it exists. That's the goal.
Second layer: SnapSmack Shield. When a SnapSmack multisite installation bans a fingerprint — a browser signature, an IP hash, an email hash — that ban propagates automatically to every site in the network. Not the raw data. SHA-256 hashes only. No IP addresses leave your server. The hub maintains a central registry of consolidated hashes, distributes them to each spoke, and spokes block matching fingerprints silently before a comment is ever posted. It costs nothing extra and requires no configuration once multisite is running.
Third layer, and the one that required the most engineering: SMACK THE ENEMY. A distributed reputation network across all opted-in SnapSmack installations. Every site that opts in contributes anonymised fingerprint reports; the network scores each fingerprint by weighted site reputation, applies time decay so old reports fade, detects coordination clusters where the same bad actor is operating across multiple accounts, and issues a colour-coded threat level. Green is fine. Black means the network has seen this fingerprint at enough sites with enough frequency that auto-banning is entirely reasonable.
One anti-spam layer is not enough. Anyone who has run a public comment section for more than fifteen minutes already knows this. Three layers might be more than strictly necessary. It probably isn't.
April 17, 2026
Multisite
Managing three separate SnapSmack installations from three separate browser tabs, three separate logins, and three separate bookmark folders is the kind of administrative friction that makes you question every decision that led to running more than one site. The hub/spoke multisite architecture exists because that situation is deeply, unnecessarily stupid.
The hub is a SnapSmack install that knows about all the others. Spokes register with a one-time token, exchange Bearer keys, and from that point forward the hub can see the entire fleet from a single dashboard: version, post count, pending comments, last backup, disk usage, whether anyone is online. When a spoke goes quiet the hub marks it offline and stops bothering it until it comes back.
The useful parts go further than a status board. The hub can push posts from one site to any spoke — image, EXIF, title, all of it — which is how cross-posting a texture from foundtextures.ca to a secondary site takes thirty seconds instead of a morning. The blogroll sync pushes the hub's link list to all spokes in one button press. The fleet stats page rolls up traffic across all sites into a single view: combined daily sparkline, per-spoke share bars, top referrers across the whole network.
The thing that gets used most often is the SSO drill-through. There is a REMOTE LOGIN button next to each spoke on the hub dashboard. Click it. The hub generates a one-time token, bounces the browser to the spoke with that token in the URL, and the spoke validates it, burns it, creates a session, and drops the admin into the spoke dashboard — already logged in. No username. No password. Five seconds. It sounds like a small thing. It is not a small thing.
April 16, 2026
Security
The obvious troll countermeasure is the IP ban. The IP ban works until the troll discovers VPNs, which takes approximately four minutes. Then you're banning a new IP every other day and achieving nothing except an ever-growing ban list and a gradually deteriorating mood.
Browser fingerprinting goes further. A modern browser leaks a lot of information: screen resolution, installed fonts, canvas rendering characteristics, timezone, language preferences, hardware concurrency, GPU model. None of these are individually identifying. Combined, they produce a signature that is specific enough to distinguish one visitor from another across sessions even when the IP address changes. When someone is banned on SnapSmack, the ban includes their fingerprint hash. A VPN changes the IP. It does not change the browser.
But fingerprints can be spoofed with enough effort. Which is why there is a third detection layer that does not depend on anything technical at all: semantic analysis. The system stores the text of every comment posted through a SnapSmack install and builds a TF-IDF vector from it — a mathematical representation of how someone writes. Their vocabulary, their idioms, the phrases they reach for, how they structure a sentence. When a new comment arrives, its vector is compared against all prior submissions. A cosine similarity above 55% means this new account writes like an existing banned account. The comment gets flagged before a human looks at it.
A VPN does not change how you write. Neither does a new email address. People have characteristic patterns of expression that persist whether or not they think they're being clever. The system exploits this quietly and without announcement. There is also a keyword and phrase ban list, with exact match, substring match, and regex match, and two severity levels: flag for review or reject silently. Silent rejection tells the troll their comment posted successfully. It did not. This is considered appropriate.
April 15, 2026
Tools
There is a mental model that treats a photo blog as a website. It is not. It is an archive. An archive that represents years of work, thousands of images, and decisions about what is worth keeping. The difference matters most when the server hosting provider sends an email with the subject line "Important: Your Account" and you realise you have no idea when you last backed anything up.
Smack Up Your Backup — SUYB — is a Windows desktop application that solves this without requiring any familiarity with rsync, cron, or the FTP client you installed in 2019 and have not opened since. Connect it to a SnapSmack site, configure a Google Drive service account, and it pulls the full recovery kit, packages it into a versioned ZIP, and pushes it offsite. The recovery kit is a self-contained archive: all images, the MySQL dump, configuration. Everything needed to restore a complete installation to a different server from cold, with no data loss.
SUYB also supports Backblaze B2 for object storage and can manage multiple profiles — one per site, each with its own cloud destination. The hub/spoke discovery feature connects to a hub install, finds every spoke in the network, and creates profiles for all of them automatically. Running a fleet backup then becomes a matter of running each profile in sequence rather than logging into every site individually.
The photos on a hard drive are yours. Hard drives have a mean time between failures measured in years, which sounds fine until you think about how many years of photos are on there. Google Drive is backed by infrastructure that costs more to run per day than most photographers spend on gear in a career. The redundancy is someone else's problem. That is the correct arrangement.
April 14, 2026
Tools
There are people who can look at a CSS file and immediately understand what colour the background will be. There are also people — a much larger group — who want to move a slider and see what happens. Oh Snap! exists for the second group, and also for the first group on days when they would rather not.
Oh Snap! is a desktop application for designing SnapSmack skins. Open it, connect it to a live SnapSmack site via API key, and it pulls the active skin's manifest, CSS, and CSS variable definitions and builds a control panel from them automatically. Colour pickers for background colours. Range sliders for typography sizes. Select inputs for layout options. Every change updates a live preview in an embedded browser frame — not a screenshot, not a mock, an actual rendering of the skin with real content pulled from the site. The preview shows three view modes: single post, archive grid, and landing page. Three viewport widths: desktop, tablet, mobile.
There is an AI assistant built into the bottom of the application. Describe what you want in plain English — "warm charcoal background, amber accent colour, more breathing room between archive tiles" — and the assistant returns a set of CSS variable overrides which are applied directly to the preview. It supports Claude, Gemini, GPT-4o, and local Ollama models. The resulting overrides can be pushed to the live site immediately or exported as a CSS file.
The push-to-site feature is the important one. Finishing a skin in Oh Snap! and clicking Push sends the CSS variable overrides to the live SnapSmack install, where they are stored in the database and injected after all other skin CSS. The change is live in seconds, without uploading a file, without touching the server, and without breaking anything — because variables are overrides, not rewrites. The skin's own defaults remain intact underneath.
April 13, 2026
Media
The old archive management page was a list. A long list. With a search box. On a site with fourteen hundred published posts, it was the kind of interface that makes you feel productive for approximately thirty seconds before you realise you have no practical way to find the image from three years ago that you half-remember had orange in it and was definitely a rust shot of some kind, probably from the rail yard, possibly from 2023.
The Media Gallery replaces this with a proper digital asset manager: an AJAX-driven grid with lazy-loaded thumbnails, full-text search across titles, descriptions, and tags, and filter combinations for album, category, status, camera model, date range, and colour palette. Multiple images can be selected with rubber-band drag or keyboard shortcuts. Inline quick-edit opens a panel for updating title, status, tags, categories, and albums without leaving the grid. Bulk operations — publish, draft, assign category, assign album — apply to the whole selection at once.
Alongside the gallery is a canvas-based photo editor accessible from any edit page. Non-destructive in the sense that it operates on the web copy and regenerates thumbnails rather than touching the original file. It handles the operations that come up constantly: crop with freeform or fixed aspect ratios, rotate, flip, brightness and contrast, sharpening, black and white conversion using the luminosity method. Full undo stack. Saves at full resolution. It is not Lightroom. It is not trying to be. It handles the things you should not need to open Lightroom for.
EXIF copyright embedding was added at the same time: a pure PHP binary IFD0 writer, no external dependencies, that stamps the artist and copyright fields into every image uploaded through the web interface. The fields are configured once in Global Settings. After that it runs silently. If someone lifts an image and strips the filename, the EXIF data goes with it.
April 12, 2026
Tools
Photographing textures is meditative. Uploading fourteen hundred of them one at a time through a web form is the opposite of meditative. It is the kind of task that makes a person briefly consider whether the photos needed to be on the internet at all and then, in a darker moment, whether anything needs to be on the internet at all. Smack Your Batch Up — SYBU — exists so this never has to happen again.
SYBU is a Windows desktop application. It connects to a SnapSmack site via API key, reads a Google Drive folder, and processes each image in the queue: reads EXIF data for camera model, focal length, and date; sends the image to Google Gemini for a descriptive haiku-style title (SnapSmack's native title format — four lines, image-driven, no filler); uploads to Drive; creates the post on the blog. The entire pipeline runs unattended. Walking away while it works is the point.
The AUDIT tab shows the state of the archive: how many posts have Drive links, how many are missing, how many share a title with another post. The REPAIR tab fixes what the audit finds. Rename Drive Files renames every Drive file to its post ID, giving the folder a stable, sortable naming scheme. Re-enrich Duplicate Titles downloads each flagged image from Drive, sends it back through Gemini with a uniqueness constraint, and updates the blog title. Backfill Missing Drive Links automatically searches Drive for files matching each post's title and saves the URL directly — no manual entry required if the file is there to be found.
The tool exists because batch operations that used to mean a morning of repetitive clicking now mean starting a job before bed and finding it finished in the morning. Whether that frees up time for more photography or more paddleboarding is left as an exercise for the operator.
April 10, 2026
Design
The worst thing about most photo blogging platforms — after the algorithm, after the ads, after the platform's unilateral right to delete your account — is that every site using the same theme looks identical. The default skin is the default skin. A thousand photographers, one aesthetic. It signals nothing about the work itself.
SnapSmack's skin system is built around the idea that a skin is a complete, self-contained design: its own CSS, its own layout templates, its own options. A skin manifest declares what it can do — colour variables, typography options, layout modes, feature flags — and the admin exposes only those controls, compiled into a CSS blob that is injected after the skin's own stylesheet. No skin CSS is in the core. No core CSS is in the skins. The boundary is real and enforced.
The skin gallery ships skins as signed packages distributed from Smack Central. Installing a skin is a download and a click. Removing it doesn't break anything; the core falls back gracefully. The base release includes two skins: 50 Shades of Noah Grey, a dark editorial skin built around a specific grey palette, and New Horizon, a clean light skin with strong typographic structure. The gallery currently holds another seven stable and beta skins, with more in development.
The archive layout is independently configurable from the skin: square crop, letterboxed crop, or masonry flow. Visitors can toggle between modes if the site owner enables multiple. The calendar engine — an opt-in sidebar panel with month navigation and recent posts, declared in the skin manifest — overlays any layout without touching the skin itself. The skin controls how the site looks. The owner controls how the archive works. They are different concerns and they are correctly separated.
April 8, 2026
Admin
The full SnapSmack admin is a lot. There are pages for skin configuration, CSS overrides, script injection, static page appearance, archive appearance, solo image appearance, multisite management, backup configuration, troll control, API keys, and a forum. Presenting all of that to someone who has just installed SnapSmack for the first time and wants to post a photo is an error in judgment.
The admin now starts in Big Wheel mode. Big Wheel shows the essentials: Dashboard, New Post, Manage Archive, Categories, Signals, and the help and settings sections. That is the complete list of things a new user needs for the first hundred posts. Everything else — the skin tooling, the custom CSS editor, the script injector, the multisite management, the full security stack — is hidden until it is needed.
At 100 published posts, the dashboard shows an offer card explaining Pimpmobile mode and what it unlocks. Accepting switches the admin immediately. Declining defers it; the offer comes back every 100 posts thereafter. After three declines it moves to every 200 posts. After the second decline at that cadence, a permanent "Leave Me Alone" option appears. The mode is also manually toggleable at any time from the bottom of the sidebar, in both directions, with no migration and no consequences. Big Wheel and Pimpmobile use the same database, the same settings, the same everything. The only difference is what the sidebar shows.
The reasoning behind the unlock threshold is straightforward: 100 posts means the site is real. The person running it has committed. They have been through the process enough times to know what the workflow is and what is missing from it. That is the right moment to say "here is a lot more you can do with this." Not before.
April 7, 2026
Roadmap
There are three ways to share photos on the internet and SnapSmack currently does one of them. A single image: title, haiku description, download link, EXIF data, one photograph that stands on its own. That is the original SnapSmack use case and it will always be the core one. But it is not the only one.
SMACKEDAROUND is carousel posting mode. A set of related images — the morning's shoot, a series that only makes sense as a group, a before-and-after — presented together as a single post with navigation between frames. Different database structure, different editor, different skin requirements, different archive layout. Incompatible with single-image mode, which is why it installs separately. At six megabytes, running it in a subdirectory alongside a standard SnapSmack install is not a significant imposition. Both can share a domain.
SMACKTALK is long-form photo essay mode. This is the WordPress replacement. Not a content management system in the general sense, not a blogging platform that happens to support images — a tool for writing essays where the photographs and the words are equals, where placement, sizing, and caption matter as much as the image itself. The editor handles this. The skin system is designed for it. It will be in beta for a while, possibly a long while, and the beta warning will not be gentle about the implications of running beta software on a production site. The people who need it most are already comfortable with that tradeoff.
All three modes share the same security stack, the same backup tooling, the same multisite architecture, and the same skin engine — with skins declaring which modes they support. The work done to make SnapSmack stable and defensible carries forward. What changes is what gets posted, and how.
That is the plan. Plans change. The important thing is that the work is not going backward toward any platform that serves ads between someone's photographs, decides algorithmically who sees them, and reserves the right to delete the entire account if the wrong word appears in the wrong post at the wrong moment. That direction is closed. The only direction is forward and self-hosted.
