In the never ending battle... BlogX rev 24... Now you can turn off links of any kind (other than the mail link) in comments, and I've also removed the web service interface for adding comments.

Source and Binaries.

Justin takes issue with my methodology for spam protection...

I spent about 90 minutes implementing the spam protection and a few other minor tweaks to blogx (like the ability to disable comments completely from the site.config file).

First, let me explain the goals of my spam protection. My goal was fairly simple, remove the maximum number of spam comments in my blog. I had two approaches in mind, 1) remove commenting from the site, 2) provide some security.

When I went down the security route, I actually figured that even plain text security (just making someone/thing read the text and parse out a word). I doubt anyone is really using a OCR system to post spam comments on my site. Without anything it is just too easy to post. If people start hacking on the site again, i'll just remove comments - no money is at risk here, i'm not going to spend sleepless nights trying to prevent spammers.

As for the process I use, it is a simple uniform gradient behind the text. Any artifacts are from the jpeg compression. The words are stored in a plain text file on the server, and I use System.Security.Cryptography.RandomNumberGenerator to pick the word. The only thing sent to the client is the offset of the word.

Simple threat modeling excercise... Of course, since I have a small dictionary on the server, it would be easy to visit the site often enough and form a complete duplicate of the words from the server. Since the offset is round triped to the client, both in the URL of the image and in the ViewState, these are both susceptible to attack. In addition, the image pattern is simple, as you point out, so OCR against it would be relatively straight forward.

With all of these threats, and basically no mitigations, it is pretty clear that someone can hack around my "security". The intent isn't to provide robust security that I would expect from a bank or anything else (I'm not even running HTTPs, I don't authorize commentors, etc.)... the goal is just to make my site less attractive to spammers.

I've made the text (hopefully) more readable and replaced the random number generation algorthim that I used... should be much better now.

Source and Binaries.

I added some basic comment spam protection (using a "security word" obuscated in an image)... I also added the ability to turn comments off with a simple site.config file change. Hopefully this will stop the spammers...

BlogX 22 Source and Binaries.

Craig asked me in mail, and on his blog, about the move from GDN to a .Text based solution...

When I first started working on BlogX I was just trying to understand blogging. After I made some progress I felt like sharing the source with everyone, and I really wanted to participate in a community development effort. Unfortunately a combination of my interest and a spike of work (uhm, yeah, the PDC took some time <G>) caused me to not make any more progress on BlogX.

I looked around for someone to take over for BlogX and Dare offered to take over. Dare surveyed the land and quickly realized that there were many blogging efforts going around - .Text and dasBlog being two of the major .NET based blogging solutions. Dare's decision, which I supported, was to instead of continuing yet another .NET blogging solution, to "close the doors" so to speak on BlogX.

The source is still freely available, and if anyone wanted to pick it up, they are more than welcome. However, right now I'm recommending people participate in either .Text or dasBlog if they want to contribute.

With massive appologies to the huge number of people that have joined the BlogX workspace, I have made a minor update to BlogX. Specifically, I had to make a patch to my RSS logic to start honoring the if-modified-since header... I was consuming massive bandwidth from Brian and I needed to fix this.

As always, source and binaries are available.

The BlogX GDN workspace now has the most members of any workspace... Paul's post talked about anybody can get a bunch of open source people engaged in a project at least temporarily, but it takes good design to keep them there...

I have always maintained that BlogX was never designed - I hacked it together over a week or so to solve my blog problem... I don't believe that BlogX is elegant or well implemented... I think it is simple? I hope that Dare is able to make sense of the code and do something interesting with the huge number of people that have showed so much interest in the project...

I have been doing a tremendously bad job of managing BlogX since I released rev 20. Given my responsibilities at work leading up to the PDC, and the new house, I don't think I will be a very good steward of the code for the rest of the year.

Happily Dare has agreed to take over. I'll still be somewhat involved, but I'm hoping that Dare can make some progress where I have failed to. We have over 250 people in the GDN workspace, so I'm really hoping that we can make some great progress.

The good news is that I'll have that much more time to make Longhorn great for the PDC!! :)

Simon Jefford is adding support for several standard blogging apis... KeithBa got a server and client setup program added...

Myself, I've been slacking off and not gotten anything done... should be back in a couple weeks and actually start making progress...

I finally gave up on ever understanding the hell of SourceForge... the GDN Workspaces stuff isn't the fastest, but it took less that 20 minutes to setup the project, upload my files, enlist, and build...

BlogX Workspace

The source code is there for the world - enlist, fix, enhance, extend...

As promissed, rev 20 - now with xhtml:body!

Also, I added support for "description" as a different field than "content" through the system. Since we are now going to have a real place to put content and description, then I don't need to keep stuffing the content into the description field in RSS.

So, if you favorite aggregator isn't showing the full text of my blog, send them a mail and get them to support <xhtml:body>!

Features:

• xhtml:body
• description
• "kill application" button on the wait dialog

Binaries and Source

<xhtml:body> support in RSS... thanks to Don and Sam for the proding...

Expect a public rev 20 of BlogX with this feature tomorrow...

There are a ton of features that I need to get to, however I have been working hard to try and get a new HTML viewing and editing codebase up and running... thankfully, that is now done!

Thanks to Nikhil Kothari and Andrew Lin for the great new editing and viewing code. It is a low level wrapper on MSHTML (from Nikhil) - totally awesome code, with XHTML support (from Andrew). Wahoo!

The HTML viewing and editing code is adapted from the ASP.NET WebMatrix codebase.

• WinBlogXControls & WinBlogX changes only (except for version number)
• New HTML Viewing control
• New HTML Editing control

Just for reference, the internal server that I'm hosting blogx is up to over 80 users!

Binaries and Source

Chris Brooks asked for some guidance on hosting multiple people with BlogX... currently I'm doing this in a totally brute force way... I have about 40 people hosted on a server at work. I create a vroot for each person, and then copy BlogX into their directory, and away they go. The nice thing about this is that each person can tweak the implementation if they way. Obviously this strategy wouldn't work for a publis hosting service - but that wasn't my design goal.

So far it is working pretty well. I have a single proc Intel P4/3.06Ghz 512MB machine running 40 people, and the machine isn't bogging down at all. I suspect that once we start getting more active bloggers that this won't scale, but for now I'm continuing with the "go simple" model.

Oh, almost forgot... added a feature to the WinForms client - basically it will auto-open the most recently opened blog when you startup. Since most people only have one blog, this removes something like 4 clicks from the startup sequence... wahoo!

Minor fixes...

• You can use "opml.txt" instead of "opml.xml"... the TXT version contains a URL, from which the OPML will be downloaded and rendered. (thanks to Joe Bork for the code!)
• You can add <EntryTitleAsLink>true</EntryTitleAsLink> to your site.config to get the titles of your entries rendered as permalinks (thanks to Brad Abrams for the suggestion!)
• All links are generated as fully qualified links

I am hosting around 40 people at work on BlogX, so we are running into more issues... Unfortunately I have people running a variety of builds of BlogX, so I really have to do an upgrade push to get them all on rev 18...

Binaries and Source

I made some minor tweaks and then had to get them to my work machine (hence, rev 16) and then I have a few more minor tweaks, but I wanted to get this published...

• Joe's ftp code is intergrated into BlogXRuntime, however I don't have a UI up and running for it... yet. (however, it doesn't delete, so I may need to harp on Joe for that).
• Added OPML support - you can have "Links" which are just a link of XML links, and then "Blogroll" which is your OPML list...
• Minor CSS tweaks and fixes... I added a readme, etc...

With the CSS changes, it means you should check out your site before blindly upgrading :-)

Note People have started talking about adding code to the project - that is great! Again, as soon as I get SourceForge figured out I will be hosting it there... Although the ease of use of GotDotNet is sounding really appealing...

Binaries and Source

I decided to host blogx source on SourceForge... I must not be that smart of a person... I haven't been able to figure out how to do it. I have my project, everything is approved... but I can't get WinCVS to connect up. I have PuTTy on my machine, and I tried to point WinCVS to it... ugh...

Ah! Luckily I found this, which should help. Scary thing is that it says (with the instructions) it will take at least 40 minutes, plus a six hour delay to get it up and running...

I just don't have the time right now... Once I get the 40 minutes plus six hours, i'll get this uploaded...

I'm trying to integrate Joe's uploader, however the problem seems to be that when I request a PASV ftp session, the address that he sends is my private network address, so of course, the server can't find me... boom!

Hmm... too bad I know nothing about ftp, or I could fix the code... guess it's time to start getting educated.

The addiction continues... I have several internal beta users at MSFT, and it looks like there are a couple of "real" people out there using it also. I have my hotmail filters a little too strong, or I would have fixed Chris Brooks' reported problem with my RSS link on permalink pages being broken (although it may be fixed... turns out releasing builds at 1:30am is bad).

Warning If you have a site that is working with rev 14 or before, be warning - rev 15 has a whole new CSS model.

Fil Fortes (someone that actually understands CSS) gave me a whole new mockup of what HTML I should be generating, so it can actually be configured with CSS correctly. Anyway, needless to say - if you drop rev 15 onto your site, you will need to update you blogx.css file, or be broken.

Warning There is a new SiteConfig file need - blogxfooter.format.html. I added this for parity with the header - everyone wants their footer to look different, so... there you are.

Anyway, the changes are:

• WinForms fixes (misc reported bugs from beta users, too early in the morning to remember them all)
• Added 80% of the work for Windows authentication... this would have been all done, except the winforms front end breaks with Windows auth on... doh!
• Complete change of the HTML structure outputed - now much more configurable with CSS!
• Added category RSS feeds

Sources and binaries

Oh, and for those of you that are interested, I have my SourceForge project started... I just need to upload the files!

Very cool... Justin has started using blogx...

I know, i keep promising to stop... anyway, rev 14 fixes a few issues found by Fil Fortes at work (basically configuring a new site would easily get you into a broken state)...

• Deal with authentication better (logout, stale cookie, etc.)
• Calendar selection bug
• Support for non-obfuscated email in comments (this is for the intranet scenarios)
• Added correct formatting of newlines in comments

Binaries and source

I added support to optionally ping weblogs.com... this is just a test to see if it works :)

uhm... ok... note to self - test before releasing! Found some blocking issues with the WinForms client (wouldn't shut down, etc.)... Also, made a change to unify the security model for the Web Service and ASP.NET front end... basically the web service now requires a username/password, instead of just a password.

Source and binaries

OK, I think I'm beginning to understand the basic features needed for this software. I'm getting a better picture of what I want the smart client vs. web client to do, etc. In this rev I did a bunch of really bad looking UI in the WinForms client piece, but at least it is consistently bad! :-)

The code is getting in really bad shape - standard thing that happens when you decide to just pump out code as fast as possible. If I want to keep going on this, I think I need to sit back and do an actual design for the system, and then write the code. Although this hack & slash is a lot of fun, this code is getting a little too spaghetti for me.

Anyway, new features:

• Web service for editing site configuration
• WinForms UI redesign
• WinForms editing of site configuration

Source and binaries

This will most likely be the last release in a while... i need to fish or cut bait here...

Totally trivial updates... I shouldn't really publish... however for some reason I am compelled to live up to my daily publishing pattern so far.

• Simple status bar added to WinBlogX
• Added bullet/number list formatted to editor
• Added cookie code for comment editting

Sources and binaries

I think this is pretty trivial... I believe I just need to write some ASP.NET code to persist a cookie, but I figure I'll ask before I spend too much time... Basically I want to make my comment editor persist your name/email/site so that you don't have to fill it out everytime...

OK, fixed a bunch of bugs that people reported. My RSS feed now validates (except for a validator bug that is reporting an escaped </p> as a relative URL). Fixes include:

• RSS feed only includes category (not dc:subject also)
• Comment page tells you no HTML allowed
• Comment page escapes email addresses
• Comment page has a specified rows & cols for textarea
• All pages use URL munging instead of query strings
• Fixed some spelling errors in the proxy project

Source and binaries

Rev 9 is available... mostly fixes in WinForms front end. Some people at work are going to try and use this, so I figured I needed to fix some of the major usability issues. Also fixed a few minor issues with the web forms front end.

I think I want to move the source code for BlogX up to some shared space... has anyone had any expierence with either sourceforge or gotdotnet workspaces... GDN seemed to offer a nice GUI interface, but WinCVS worked nicely also, and I seem to remember hearing that Sourceforge runs CVS over the internet (I can't validate because they are offline right now... not a good sign <G>).

Thoughts?

I guess another question - does anyone care if I put the source on a public server, or is dropping the source enough?

ok... first, I'm tired of the really long version numbers... I ran into an issue where I kept getting a null reference exception when I would try to get a new WinBlogX project (basically the link from the WinForms front end to a server). After some debugging I determined that if you have a WebMethod that returns an XmlSerializable object that has an Namespace="" in the attribute, the serializer crashes. Odd. I'll have to report this tomorrow.

Anyway, the work around was kinda nasty, but in the end it worked. Basically I return an XmlNode instead of the strongly typed RssRoot type. Everything works.

In addition, I updated the ASP.NET front end to use forms authentication. IBuySpy was the quick and dirty path to authentication magic. Wahoo!

Binaries and sources.

Sorry to be a bother, but here is yet another build. I ran into a bunch of issues with the winforms client's wait dialog, etc. Basically I'm forcing myself to use the winforms front end. I desparately need a real HTML editor and viewer... maybe that should be my next project?

Another weird thing... My performance varies wildly on the web service calls. Normally their are taking ~2s to complete, but once in a while I get a session that takes <100ms to make the request. I really don't know what is going on.

Oh well... anyway, there are also some totally minor webforms changes also.

Another day, another build... I moved all the configuration of the site into a separate directory... should make it easier for anyone to configure and/or update blogx...

Not sure how often people want to get builds... once a day is probably a bit much...

Final source for the day. This marks 1 week of working on the software. I think i'm going to slow down and not play with it for a while (or if I do, I won't be uploading it contastantly).

Added some more RSS features and made sure it works correctly in Syndirella. I still can't figure out why the WinForms front end is so slow once I go against my real server. The expierence of using the web services in IE is much faster than what I'm seeing. Oh well, it gives me something to work on.

Note the last post was done through the WinForms front end, this one was done through the WebForms front end. I love technology!

Wahoo! BlogX is now my primary software. I think this is good enough. You can get to the old homepage here, and all the comments, etc, are still live there - however I won't be adding new entries.

My new RSS feed is here.

I just tried (for the first time) using my WinForms front end across the internet. Queries are a bit slow. Running off local host is almost instantaneous, so I have to imagine that this is due to network issues. I'll probably have to tweak the application to do more automatic caching.

I'll post new source once I get the bugs ironed out from my live dogfooding!

Lots of changes here... Added a CRUD web service front end and a query web service front end. There are now 7 projects in the sources:

1. BlogCmd - command line radio to blogx converter
2. BlogXRuntime - data model, shared by all
3. BlogXServiceProxy - hand tweaked web service proxy
4. WeblogX - ASP.NET front end & web services
5. WinBlogX - WinForms front end (talks to web services)
6. WinBlogXControls - Shared controls between WinBlogX and WoodBlog
7. WoodBlog - "Legacy" WinForms front end

WoodBlog was done to directly whack on the XML files. This was more effiecient but it introduced the problem of two places you can edit (through the web and client). I decided to just go with a single data store, on the server, and then rewrite the client to talk through web services.

BlogXServiceProxy was needed because I wanted the objects seen on the client to be from BlogXRuntime. Since all the data model is XML Serializable, I just removed the XSD generated data classes and viola!

The WinBlogXControls currently contains an HTML editor and viewer. Both are actually the same control, and require VS.NET to be installed to use. I'm going to search around for the write code to do these correctly, but for now it works for me.

I have two web services exposed now - BlogXEditing and BlogXBrowsing. The browsing service is basically all the entry points you would need to write a browsing application. Including categories, etc. Right now it is still missing a "post a comment" on the browsing service. The editing service is a simple CRUD api set for manipulating the blog entries. Today it is secured with a crappy password argument on all the methods. I'll work on real security later.

Once I can get reliable FTP working for uploading new versions, I am ready to switch from Radio. My plan will be to keep the existing Radio HTML files up on the server so that permalinks work, but all new content will be on the BlogX version. However, I still can't make the switch because I'm having difficulties uploading my software.

Dare asked a good question in the comments below. What is the license for BlogX? I put a copyright at the top of each file, but I didn't think about enough of what I really want here. I guess I'm looking for a license that provides the following:

• Free (no charge) use by anyone with or without modification (free)
• Anyone using the source or binaries I provide must hold me harmless (no warranties)
• Any product that uses the source or binaries can use any license they wish (no viral licensing)
• No limitations on usage in acedemic or commercial spaces (for your use anywhere)

Given that it only took me ~15 hours of coding, I can't imagine there is all that much IP in the source, but I don't want this to come around and bite me in the ass. :)

Any suggestions on a good license? GPL won't work because of the viral stuff... MS Shared Source won't work because of the acedemic limitations... other suggestions?

Gary makes an interesting point... at a minimum why don't I use RSS 2.0 as the native XML format for my blogging tool... hmm...

At this point i'm convinced that the "per-day" or "per-entry" debate is largely moot... either way I'll end up with a cache for the other direction...

I'm not happy with the source, it's mostly slapped together on various late nights, but I figure there is nothing like a little peer review to clean your act you. You can download the source and binaries (one zip).

There are no instructions, almost no comments, no support, and no warrenties on any of this - it works on my machine, and that's all I can say :)

Please post feedback in the comments for this, or, of course, on your blog! :)

More web frontend work... referrers are now being tracked. I just write out the UrlReferrer and Url from the request when pages are hit. This seems like the wrong model... is there a better way to track referrers?

Also did some minor HTML cleanup (more divs, etc.) and also added support for navigation links like Radio has.

One of the designs that I'm not happy with is how i'm handling file path resolving. Right now I've got a static (re: global) delegate that is called to resolve files. This allows me to map this to a Server.MapPath in the web case, and a Path.Combine on the client. The problem is that the "map" ends up being per app domain - which works great for ASP.NET, but sucks for WinForms... At this point I'm not going to rewrite it, but I'm just not happy with the design.

Note I've created a BlogX category for tracking progress and comments on this specifically.