I broke the threaded comments (you can still comment, but there won’t be any threading) again while fixing the xml-rpc vulnerability. If you run WordPress you need to fix it too.
I really need to upgrade my comment engine to use openid and a normal captcha script that will have decent usability (and not forget all the input if somebody makes a typo).