Preventing Blog Comment spam

*doh* Two days after I install a WordPress plugin for image authentication from Keith McDuffee. I run across this smart fix for stopping wordpress comment spam.

< location /blog/wp-comments-newpost.php >
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^.**
RewriteRule ^.*
< /location >

It makes complete sense, people should only be posting to your blog if they are already on your blog. This should really be part of wordpress IMO. I mean I guess part of blogger API could be (or maybe already is) the ability to comment on posts, so one could post a comment from an rss reader, rather than from a web browser, but I’ve never seen an rss reader which implements this. This kind of restriction is probably just fine.

I checked my wordpress, in my case it is wp-comments-post.php which accepts posts, not -newpost.php like above, and of course I’m not at, but John C. Dvorak is the one getting the word out about the fix from Mark Perkel at

I’ll probably get around to installing this in a few days. For now the image auth plugin is working great.

RE: A View from Elsewhere

John MontGomery has some crazy ideas aobut what he calls “Open collaboration”, but what he is really talking about is community driven projects and open source.

While I have no problems with his 4 categories, his examples show an extreme lack of knowledge about the history of open source, the web, and unix.

Cloners, e.g. Linux
When developers see a feature or an application that looks interesting one of the avenues they explore is to copy as closely as possible the interesting thing (and typically to make the source code available).

True, although this discount the inovations that Cloners are allowed to pursuit because they aren’t squashed by management in some planning meeting, or by a senior developer who doesn’t understand some new technology.

My coworker points out that “if he means Linux the kernel, ok. But if he means Linux the experience, no way” and continues to site package management, command line experience and how it is different from traditional commercial unix.

Standards-Built, e.g. Apache
Apache was created by members of the IETF mostly as an implementation of the HTTP specification to verify that HTTP was, in fact, implementable and to create an implementation with which to test compatibility. There are many examples of this kind of cooperative development to create a reference implementation.

This is just a false representation of history. Apache was “a – patch – y” web server. It started as a set of popular patches for the NCSA httpd server which was the reference implementation. Keep in mind this was during the time of HTTP 0.9 and upcoming 1.0. There were no “web standards” organizations. The web was in its infancy. I don’t know how one could call this ‘Standards-Built’ other than following what everyone else was doing. The 1.0 RFC wasn’t published until 1996, Apache was started in 1995. See the details of How Apache Came To Be

Competitive Devaluation, e.g. Eclipse
Companies like Microsoft and Macromedia have some substantial advantages over IBM in the development tools area and IBM, despite many attempts and acquisitions, was never able to create a compelling-enough product to compete with these companies while still charging for its software. So it created a development tool shell and released it under an Open Source license and encouraged a community to grow around it, attempting to unify the development tools segment.

Have you heard of WebSphere? IIRC WebSphere server and tools are in the top two or three as far as commercial Java platforms go. Instead I would argue that Eclipse has failed to compete with WebSphere, JDeveloper or whatever Borland offers.

Invention, e.g. Perl
Not quite like anything that came before, though clearly anchored in a combination of a more powerful shell environment and the C programming language. There are lots of examples, though few as notable (and universal) as Perl.

Perl was far from new when it was new. It stemmed from awk. Now I’ll admit that perl5 and perl6 have very little in common from awk, but the roots are still shared. While perl is now used as a general purpose language, it still came from “Practical Extraction and Reporting Language”. It is very easy to suggest that had awk evolved and changed it would be much like perl would be today.

Meh. Standard Microsoft FUD. MS feeds it to their folks who know nothing about the background of what they are being feed, it gets filtered down telephone style(yes the childs game) and you get kids arguing on slashdot, or in their blogs, like me.

Oh shit, I’m a stupid internet arguing kiddie.

Mono doesn’t need DAAB, and 3 rounds with ADO.NET

I recently posted about how the MS patterns and practices License sucks, and how I’d like to use DAAB with Mono. Well, the license still sucks, but I found Mono’s Provider Factory. This looks good enough. It may not be all of what DAAB is, but it is an excellent alternative. It even does important things which DAAB neglects, namely exposing an IDbDataAdapter factory.

I went 3 rounds with ADO.NET today and lost. But it was the most educational 3 rounds ever. It was like when Rocky fought Apollo Creed and lost at the beginning of the movie, but trained and got smart and got quick and became a tank, a steel Italian tank. Then at the end of the movie Rocky went a full 15 rounds with Apollo and won. That kid has heart. Well, I won’t be going 15 rounds. I’ll win in a KO in the first round next time. ADO.NET is mine. Now don’t get me wrong, this was not ADO.NET 101. I’ve used ADO.NET for almost a year now. I’ve use DataReader to just read things in an old school way (reminicent of PHP) and DataAdapter to fill a DataSet. What I had not done was use a CommandBuilder to actually do the CUD part of CRUD. Well, using CommandBuilder with DAAB was obviously not something the DAAB designers intended, its no problem, an easy work around. However, I’m working on syncronizing two tables in two different databases. CommandBuilder doesn’t expect that you will want to update an identity column.

I’m not entirely sure at this point, but I think I can just add the identity column as a Parameter to the InsertCommand of my DataAdapter. It should work, I just have to work out the kinks. If not, I can just create all my own Commands for use with the Adapter, but I’d rather just augment what CommandBuilder does. Either way it is just another days work.

RE: Hello, World!

Hi Scott!

Hello, World! was the subject of Scott’s post detailing the day we met. Well Scott, I don’t think I argued with you much about having a consistent ownership model, but I may have said that garbage collection helps. I was wrong.

I’m sitting here with perfmon open watching my .NET application use between 30-70% of its time in GC. I must assume that the other 30% of the time is spent in malloc. In this case I have no consisten ownership model. Assuming these perf counters are correct I’m allocating ~ 90MB/s, which means i’m deallocating at the same rate and spending nearly half of my time doing this memory management. Ugh. Thanks but no thanks.

I suppose the pro-GC thought behind this is that it is a waste of my precious paid developer time to further optimize this situation. After all, the other 20%-50% of the cycles are spent actually doing what the program is supposed to do, so why spend $$$ on making it run faster? IMO, It is this attitude that gives us all the slow software we have today. You unbox your super fast 1.0THz Intel/AMD Hybrid 512bit CPU with 1PBytes RAM and it still takes 5 minutes to boot and 90 seconds to load java when you browse to a webpage with an applet. I’m not much of a pedant, but the little part of my that is, won’t let me not optimize this a bit.

Thanks Scott. I’m now thinking about memory management in my managed memory apps. My productivity may slow down at first while I add this to my list of things to think about, but I’m sure It will be second nature soon enough. If it comes back like riding a bike, I’ll be semi-pro just like when I used to write C code.

Those bastards Microsoft and their anti-open source open source


That you have no right to combine or distribute the Software or modifications with other software or content that is licensed under terms that seek to require that the Software or modifications (or any intellectual property in it) be provided in source code form, licensed to others to allow the creation or distribution of derivative works, or distributed without charge.

The MS patterns and practices Enterprise Library is an awesome library. DAAB alone makes it worth using. The above clause is a load of shite. MS is marketing this library as open source. If you ask your average dot net junkie about open source, they will bitch and moan about how software is supposed to be sold, and it is their livelyhood and they have a wife and kids and all that. Then in the same breath, they will point to cases like this and say, “See, Microsoft does open source, when it makes sense.” What a load of malarchy. Microsoft is playing the role that the white man played to the natives of the Americas. We are your friend, see we aren’t bad, and then WHACK. No more open source.

So I’ve stopped using this stupid library wherever I can.

You know I like Microsoft, but I’ve not bought thier products personally in over 10 years.

I post here about using Microsoft products fairly often. I thought I should mention that have not personally purchased a Microsoft Product since, well. Never. The subject says over 10 years. I say that because 14 years ago my father purchased a 486-33Mhz 4MB Desktop computer for the family at my prodding. It case with MSDOS 5.0. It was paid for. Since then (at least since age 18) I’ve always had a job which purchased software for me. I also started using Linux somewhere around age 17 or 18. When Windows XP came out, I won a free version of the Professional Edition in some web drawing contest. So I started using Microsoft operating systems again. I didn’t realize that what I was using had a $300 street value. Its $199 for the upgrade version, $299 for the full version for Windows XP Pro.

That ridiculously high price is exactly the reason I’m a fan of opens. At work, I love using Visual Studio.NET. I even use the Enterprise Architect edition (I have no idea what that means) from an MSDN Subscription. This brings up the absolutely importance of Mono, MonoDevelop, and the tools on which the Mono team are working.

What is so great about VSTSE w/PS? I cannot imagine. I can imagine that MS is scared right now. The open source community has such a strong community with excellent collaboration tools that Microsoft can understand how to get that level of productivity out of their developers. What is more, as a tools provider, Microsoft can’t figure out how to get their customers that level of productivity either. $10,939 for a single copy of some developer software? Think about that for a second. $10k per person? (Assuming I understand the license agreement.) As a professional programmer I just have to think, where does that $10k come from? Its $10k that my employer is spending on me, which I will never see. As an open source advocate I simply don’t understand why my company needs to spend $10k on me to enable me to do at work, what I do at home for free when I write open source code. It almost makes me angry. It almost makes me think that Microsoft doesn’t care about its developers, regardless of the propaganda coming from Scoble and places like Dot Net Rocks.

Ohio Linux Fest was a great event. I awoke at 4:50am on Saturday morning. Chris stopped by at 5:10 and we were on the road by 5:20. We arived at the Convention Center in Columbus at about 8:30. We were damned hungry. We got some food at the food court where I somehow recognized Joe Gasiorek from behind. No, not that behind, from the back of his head. He was sitting down with his powerbook. After some small talk and catching up, Jorge Castro, Brian Clark, Aaron Thul, and some other guys showed up. It was good to run into them so early in the day. The openning keynote was… Well… not to belittle the sponsor, but I think it was a little out of place given the audience. It is true that IBM’s POWER architecture is great, but this was not a typical corporate Linux conference. It was Ohio Linux Fest. Where were the jugglers and mimes that I’ve come to expect from a festival? The presentations through out the morning were great. Although I have to admit by noon I was bored of presentations and really decided to focus on the more social aspects of the event. I started to just mingle and see who I could talk to. I had an interesting conversation with a couple of guys outside. One guy had come upon an IBM mainframe and was looking to get rid of it. Sounds like he got a hell of a deal. The other guy worked in Fort Wayne and knew people from TriState University in Angola, IN. That is near the birthplace of my parents and I have lots of family in that area. My father and uncle are both graduates of TriState’s Engineering school. It was interesting to hear the state of the schools Computer and Network systems. It was also interesting to talk to the LinuxBox people. I’ve walked by the LinuxBox countless times in Ann Arbor and it took me a trip to Columbus to ever talk to anyone from there. We closed out the night with Dinner and returned for the Reception. Jorge drank a lot. We left early to drive home and be in bed by 2am. It was a very long, 21hr day.

Thanks to all the organizers for inviting us all. Its good to see Sean Harsy and those Ohio folks serious about Linux and community.