The most common spam blocking technique for web forms used nowadays are captchas. I think this is the most effective way, too, as it is difficult to process and read the captcha images automatically and it is quite expensive in terms of CPU and memory resources.

There are a lot of alternative way out there, more or less brilliant, more or less useful. All of those anti spam measures I know not using captchas would not work if they would find a wide usage, as with a little bit more of spam bot intelligence they would be useless.

• Referrer check: A simple one, known to not work as this can be (and is actually) faked easily in automatic HTTP requests.
• Using a token as described here years ago using the user session is easy to break implementing sessions and cookies into the spam bot.
• A mathematical question: This is used in Flatpress’ accessible antispam plugin and there is an extension for Typo3 implementing this, too. It is not widely used in comparison to captchas and this might be the reason that it might work for some cases. It would be easy to break.

Especially the last one is, in my eyes, nonsense. It requires user interaction where there is absolutely no need to. This is no turing test, this is a simple calculation test. And who is faster in simple calculations than computer programs? The only problem for a computer program would be to read the problem. Of course, this could be made difficult hiding it in a separate element somewhere in the html document, using CSS and JavaScript to display it to the human user where it should appear. Although this may reduce the accessibility.

There is another way to achieve the same level of spam protection making it significantly more user friendly:

<form name="commentform">
    <label for="intput_a">Name:</label><input name="intput_a" type="text"/>
    <label for="intput_b">Email:</label><input name="intput_b" type="text"/>
    <label for="intput_c">Web:</label><input name="intput_c" type="text"/>
    <label for="intput_d">Leave this field empty!</label><input name="intput_d" type="text"/>
    <label for="intput_e">Comment:</label><textarea name="intput_e"></textarea>
</form>

Know what I mean? Why asking the user to put something and why not asking him to explicitly put nothing?

You could use CSS to hide the label and input which should be left empty so that a normal user won’t be bothered. You could even leave the label text out and hide the input with CSS if you assume that all user agents visiting your site support a basic kind of CSS.

Spam bots will try to fill something in this field and so you can recognize easily the spam entries. I use this method on a site with not so few traffic, so this is not just a gedankenexperiment, it works. Of course, it is not as solid as captchas, but faster, easier and more user friendly. And it is at least as good as the mathematical problem measure, if not better.

P.S.: Sorry that I still have the math question in my blog comment form. I did not write the Flatpress plugin implementing the empty field yet. But I will.

As I want to reduce my webhosting and server accounts, I need a kind of gallery software written in PHP for my photos to replace Gallery2. I don’t like Gallery2, and it is big, needs a lot of memory and is damn slow. I collected some requirements I have (no hierarchical storage but tag/keyword based, fast, PHP, themable, no MySQL required, SQLite or flat file based, searchable, …) and I did not find any PHP gallery out there matching those. (If you have an idea, please tell me!)

Designing a flexible System:
Our one-eyed cat on
Head First’s Design Patterns

So I started to write a generic system (second try, I have some nice ideas but the implementation lacks of some concrete content, a nice overhead, little more at the moment) to built a gallery on top of. And, what I did, too, was looking for existing PHP frameworks which could help me. There is a huge list of usable MVC frameworks on Wikipedia.

[Read More…]

I tried it using a proxy to tunnel git through a firewall as described here and here, but without success. Maybe I didn’t try hard enough. But I found this mail on the comp.version-control.git mailing list explaining how to use git with a SOCKS. It works.

As the link to the connect.c file there is broken, you can use the link to connect.c on the page linked above.

Update: You may need to set and export the proxy variable every time before pulling.

export GIT_PROXY_COMMAND=/path/to/myproxy

I took part in a little photo competition (without prices, just for fun) with the topic “structures” at a local photo club. Alltogether we had about 40 photographs to review, all of them mounted in passe-partouts. Great and really beautiful photos, you could have put all of them in a public exposition. It was hard to select only a few of them.

I presented three, two black and white photos shot with my D90 which I considered quite good, photographically.

None of them were selected. The snow photo did not get any points, the other one at least some. The third photo was selected as 8th. This was interesting for me as I only include this photo because the structures of the ice are interesting, but photographically I did not consider it worth to mention.

This was shot with my old Nikon F50 a few years ago with a Tamron 28-200 and a close up lens in the pyrenees. There where shadow in the valley so the aperture was as open as possible. The leaf is outside the sharp plane and the sharpness is dropping off visibly towards the corners. The negative was scanned with a Crystalscan negative scanner (with ICE technology) and sharpened dramatically afterwards. There is visible color noise, especially in the darker and unsharp areas, but the quality is ok to print it on A4 or even a bigger as the observation distance will be at least 0.5m.

As I would like to do more with C++ I had a look at Nokia’s Qt Creator. I tried the Qt Designer plugin for eclipse a few months ago yet and I liked the design approach, better than the Netbeans GUI creator (Mantisse). This time I didn’t build a GUI, I just wrote a little testing program in C++.

It is usable, but not comparable with the developing comfort that comes with eclipse. The auto completion of fields and methods is great and quick. But I wondered why the Qt classes do not appear in the auto completion list. And, it is damn slow compiling and running or debugging. And there is no built in output console as I am used to have with eclipse. Starting a console application on Windows launches the Windows CMD.

Summarizing my concerns:

• No built in command line (at least not on Windows)
• No tabbed window/editor switching. There are drop down lists which need at least one click more
• Very slow on building and running the application being developed.
• The Qt classes does not seem to appear in the autocompletion.

I think I still prefer the Eclipse CDT.