Niels’ Homepage

One of the reasons I don’t provide a comment facility is that it is very hard to prevent spammers from abusing your weblog. The easiest way to prevent spamming is to work with a registration system: you can only post a comment if you have registered. This has the disadvantage that anonymous people, or people who accidentally came at your site and found something interesting, can’t post comments.

One method of making it possible for anonymous users to post comments is asking the user to type in the text appearing in a so-called CAPTCHA. But if the captcha is too simple the spammer’s automated systems will recognize the text in the picture and are then still able to log in and put spam in the comments. Captchas also have the disadvantage that people that have to rely on, for example, braille readers, cannot post anonymously.

Apart from the braille readers I think the captchas can be best implemented in the following manner:

1. Make sure that the letters in the captcha are all of a different color and are overlapping. Overlapping letters make it harder for OCR software to guess the ‘word’.
2. Don’t always ask the user to type in the whole word, but rather one of the following questions:
   1. Type in all letters from the captcha (mentioned that already, just being complete).
   2. Ask the user to provide a subset of the letters in the captcha. For example the first and the third letter. The subset should not be fixed, but be chosen at random.
   3. Ask the user to provide the color of one or more of the letters in the captcha. Since not all the weblog readers will be native speakers of your weblog’s language, it would be best to provide check boxes so that language mistakes can be prevented.

This ofcourse combined with the possibility to create user accounts so that if a spammer succeeds in breaching these barriers, the decision can always be made to shut off anonymous posting.

Another possibility is to also work with a blacklist that contains words and sites that are not allowed to appear in a comment.

Creating captchas on the fly might not always be possible. Especially not since I will be relying on Bash. So it might be a nice idea to write a tool that can create a lot of captchas and a list with the text and colors that are used in each off-line. These can then be sent to the site and the comments plugin would only have to choose a random captcha and a random question (see above) and check the answer with the information from the file. If these ‘standard’ captchas are refreshed on a regular basis it should provide some nice protection from the spammers.

It seems that the tools from ImageMagick provide all the functionality needed so I will have a look at them this weekend.

This blog entry will not be very subtle. So for all Bono and Alicia Keys fans out there:

Stop Reading. I mean it!

Normally I have a live and let live philosophy. But after hearing what Bono and Alicia Keys did to the song “Don’t Give Up” I felt the urge to write a blog.

After hearing the song I came to a simple conclusion: Bono is not able to put emotion into his voice if he is not screaming and Alicia Keys is all bling-bling. And by bling-bling I mean that it is shiny but worthless. She cannot hold a note and always has to ad-lib in between. But to me ad-libbing (can I say that?) is a sign of being a singer of limited capability (unless done by a singer of great capability, ofcourse). The combination of the two sounds really bad compared to the original.

My idea of a cover is always: if you cannot improve on the original then do not cover a song.

A small suggestion to Bono and Alicia Keys: Remove this single from the market and donate the money it would generate from your own pockets. It can’t be that much since no one in their right mind would buy this. So remove it and donate. It is a win-win situation. The charity wins and we win (and you have learned never ever to do this again).

Use Bourne Shell/BASH/Korn Shell/etc. as your CGI language? To me it would be the perfect fit with NanoBlogger to do my server side scripting. A short (but crude) example:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

#!/bin/bash
 
echo "Content-type: text/html"
echo ""
 
cat << EOF
<html>
<head><title>Your environment variables</title></head>
<body>
EOF
 
env
 
cat << EOF
 
</body>
</html>
EOF
exit 0

Put this in in a file called test.cgi and put that file somewhere in a directory where your web page is hosted. Make sure that the following is set on test.sh:

chmod 755 yourdir
chmod 755 yourdir/test.cgi

Now point your browser to http://www.yourdomain.com/<yourdir>/test.cgi and behold, a nice overview of the environment variables your provider provides for you!

I think this is the perfect way to make a NanoBlogger powered site more interactive. Here are some nice examples of the things that can be done using Shell CGI scripting.

Although a comments addition for NanoBlogger can be found here I think I could give it a shot to implement the same functionality using Shell scripting. Not that I am opposed to using PHP and MySQL, but using Shell scripts seems a bit more pure to me in combination with NanoBlogger.

If there are any disadvantages and reasons why Shell scripting should not be used for this I would be glad to hear about it.

Update:
I renamed test.sh to test.cgi as my browser suggested to download the script rather then being executed on the server. And quotes have been put around “Content-type: text/html”. It is probably not necessary, but I like consistency.