code, open source comments edit

I have a few great openings available that I have to share with you.  These are really great positions working with really interesting and smart people all over the world. 

Some of the outstanding benefits include:

  • Work from home.
  • Work for a great project lead (me!).
  • Work with an international team of really great developers.
  • Work on a product used by thousands of people and seen by many more.
  • Work tasks are pretty much self-directed.  Nobody is looking over your shoulder.
  • Set your own schedule and work at your own pace.
  • Interesting cutting-edge ASP.NET work. 
  • Gain great experience working on a product and increase your marketable skills.

Some of the interesting projects include:

  • Building a next-gen plugin architecture.
  • Localization and Internationalization.
  • Advanced Skinning architecture.
  • General application architecture and API improvement.
  • Streamlined UI design using AJAX.
  • Advanced Bayesian statistical analysis coding.
  • Windows CardSpaces and Infocard.

For such a great opportunity, I must warn you about a few of the downsides.

  • No health care
  • No Pay

I have a gut feeling that second downside is going to be a bit of a deal breaker for a lot of people.  But did I mention you can work as many or as few hours as you wish?

As you probably figured out already, I am attempting to recruit people to contribute to the Subtext Project.  I have to cut down the number of hours I put into the project for the rest of the year and into the first couple months of the next year for a couple reasons I will mention later.  I’ll still be heavily involved, but won’t be able to contribute as much code as I have been.

Why Accept No Pay For Work?

I’ve written on this a bit before.

In truth, there are many reasons people work on open source software, and they are not all the same. Many just find it fun to work on something more interesting than the boring data-in data-out systems they build at work. Some want to have a hand in building a better mousetrap. Many enjoy participating in a community and perhaps gaining a bit of recognition among their peers.

However there is another angle I want to promote.  It can help you get a better job.  On one hand, it helps you get experience in skillsets you might not otherwise exercise at your current job.

37signals, that über hot company right now, see Open Source contributions as a great way to judge a potential candidate.

Open source is a gift to those who need to hire technical people. With open source, you can track someone’s work and contributions — good and bad — over a lengthy period of time.

That means you can judge people by their actions instead of just their words. You can make a decision based on the things that really matter:

In fact, they only hire people they know through open source. Most companies aren’t that extreme, but trust me, it’s a serious turn on to a potential employer.

Hmmm… I’m Intrigued. What Do You Need?

Great!  Glad you asked!

We have a great team as it stands, but we can always use more help in any and every area.  Everyone is welcome to contribute to anything. Even so, I would like to have a few people step up and become responsible for a few areas.  That person doesn’t necessarily have to do the work in the respective area, but just take ownership of getting people to contribute and get it down.  Basically I want to decompose Subtext into multiple smaller projects. Here are some of our needs: 

Documentation Guru:We need someone to be in charge of documentation.  This would include making sure our project website is up to date.  It can also include generating NDoc documentation and posting it on our site, etc…  In fact, it’d be nice to have our project website redesigned to be a better resource for Subtext users.

Build and Deployment Master: Right now, this has been handled by a combination of Me, Steve Harman, and Simone (Simo) Chiaretta.  Unless Simo wants this title, I think it’d be nice to have one person be responsible for maintaining our Continuous Integration and built scripts as well as our final deployments.

QA Manager and Testers: We need more people to help out with QA before we release builds, but one person to manage this process. I have someone in mind for this, but I thought I’d put it out there since we could use more help in this area.  This would include helping us increase our unit test coverage and start getting WATIR tests going.  After the last error plagued release (my fault), I want to get more serious in this area.

Developers, Developers, Developers: And of course, we need more developers!  We have several ongoing mini-projects we could use help in.  Simo is chugging away on our new plugin framework, but I know he’d appreciate some help as well as someone to start writing some initial plugins to deploy with Subtext.

I have a new skinning architecture I want to get in place, but I won’t have the time to implement it, though I can describe it to anyone who will listen in great detail.

Robb Allen is working on our new membership provider.  I’m sure he’d love to have some help finishing the integration with Subtext.

And there are many more minor tasks that we’d like to get done such as general bug fixes, feature requests, code refactorings.  I’d like to clean up some of our data access architecture to streamline it a bit. Maybe even evaluate using Subsonic.

Wrap Up

To be clear, any and all contributions are worthy and helpful.  I may be ambitious asking for volunteers to take on these specific management roles, but it’s worth a try.

However, if you have some time to contribute, but don’t want to take on a management role, don’t let this dissuade you.  For example, if you don’t have time to help manage the QA process, but can do testing for a bit here and there when we are preparing a release, please jump on in! 

If you are interested in joining in the efforts, start by subscribing to thesubtext-devs mailing list and we’ll get you going.

comments edit

A while ago I mentioned that my company, in collaboration with Shepard Associates built two websites for a medical device company using DotNetNuke (aka DNN).

Well we just learned that the client’s websites we built won three WebAwards from the Web Marketing Association. Cool!

I will admit, I don’t know much about the association or their awards.  It just feels good to see our hard work (by our I mean everyone involved including the client and Shepard) recognized.  Especially considering the torturous work it took to coerce, fight, and bend DNN to obey our will in order to implement these sites.

comments edit

I love Halloween because it makes for great parties. What makes a party great? Costumes! This past weekend I drove up from Los Angeles to San Jose to stay with my friend Kyle and his wife Cara. That evening we drove up to San Francisco to attend a house party in a large four story house in the hills. It was about the perfect size for the 100+ people in attendance, and they hade a few top-notch local DJs spinning.

Unfortunately, I didn’t bring my camera so I had to rely on “donated pics”. I usually am a total shutterfly. Of course, not having my camera gave me more time to enjoy the party. Click on a pic for a larger version.

Hunter S. Thompson and Noam
Chomsky Group of people outside the

My buddy Kyle went as Noam Chomsky, which was a hit of a costume, as simple as it was. It’s rather freaky to see a black and white 2-D face on a normal body. The face looked almost disembodied. The first pic with Hunter S. Thompson just cracks me up. What a literary powerhouse! I went as the thoroughly unimaginative “Kung-Fu guy”. The necklace I’m wearing is made up of miniature skulls of my enemies. Yes, I fight those crazy Lilliputians.

The DEA agent was probably one of my favorite costumes, just for the chill he sent down the spine of some partygoers.

Steve Irwin, the Crocodile

As expected, someone with showed up in a Crocodile Hunter costume, though I don’t understand the red wig. We also had Cartman and his favorite snack in attendance.

Inside the
party The

Finally, the governator showed up, but he was inappropriately dressed. I had to black out that portion of his costume. Let’s just say, it took a pretty big circle to black that portion out. Good going Guv’nor!

Pimpula and

The beaker costume above was one of my favorites.  She and her boyfriend both were beakers. Apparently the sight of them making out was disturbing.  That’s my friend Jason aka Count Pimpula on the right with his girl Rocel.

comments edit

Jeff Atwood points out several problems with using blacklists (specifically Akismet) to prevent comment spam.  He makes the following point:

The core problem is relying on a single method of defense against spam.

Absolutely.  Subtext employs several measures against comment spam, mostly of a heuristic nature.  The latest release adds Akismet support as well as Visible and Invisible CAPTCHA.

The funny thing about CAPTCHA and especially Invisible CAPTCHA is the number of people who claim it won’t work and is broken. As Jeff points out, this may be true among researchers, but it is not the case in the wild.  However let me back up his post with some numbers.

For the past four days, I have not emptied my blog spam folder, just to see what gets put in there.  So far, in that time, my blog has received 1441 comments, trackbacks, etc…  Of those, 1407 have been flagged as spam by Akismet or marked as spam by me.  Of those, only one was a comment.  The rest were trackbacks/pingbacks.

So as far as I am concerned, Invisible CAPTCHA is working well so far.  And it has the benefit of being usable, assuming you can do simple math.

So assuming that CAPTCHA, for now, is the best approach to fighting comment spam, we need to deal with its critical weakness.

The real problem is how do we enable CAPTCHA for trackbacks?

I wrote about this problem before when I discussed my qualms about CAPTCHA.

The reason I didn’t mention CAPTCHA is that it would be ineffective for me.  Much of my spam comes in via automated means such as a trackback/pingback .  The whole point of a trackback is to allow another computer to post a comment on my site.  So telling a computer apart from a human in that situation is pointless.

I mentioned this to Atwood who pointed out that trackbacks and pingbacks are indeed automated, but they are left on behalf of a user.  This is true.  When I write a blog post, Subtext will look at all the links in my post and attempt to trackback each one for me.

Unfortunately, the trackback and pingback APIs have no facility for dealing with CAPTCHA. Unless there were a community effort to revise these specs (I would be happy to join in), CAPTCHA for trackbacks and pingbacks are not gonna happen.

Even with such a community effort, implementing CAPTCHA for trackbacks is going to be a lot of work for blog implementers.  In part, this is indicative of a usability issue with CAPTCHA based approaches.  CAPTCHA requires human intervention.  This makes integrating CAPTCHA with something like trackbacks hard work, whereas if someone comes up with a better automated filter, integrating that is easy.

So for the time being, we have two choices.

  1. Abandon Trackbacks/Pingbacks
  2. Find better ways to filter trackbacks and pingbacks.

I know many have decided to simply abandon trackbacks.  I understand this choice, but I personally am not ready to throw in the towel just yet.  Trackbacks can and do add a lot of value to discussions that occur via blogs.  So far, Akismet has allowed me to reclaim trackbacks.

What is the next step? Well I agree with Jeff:

Akismet is a fine addition to our anti-spamming toolkit. But that doesn’t mean it’s a good idea to outsource your entire anti-spam effort to a single website, either. Anti-spam security starts at home. For best results, use defense in depth and combine local anti-spam measures, such as CAPTCHA, with Akismet as a backup.

Though I think we need to start working on some better non-CAPTCHA filters to combine with Akismet.

comments edit

Steve Harman points out another bug in the upgrade process.  I feel really terrible that this one slipped through, though as far as I can tell so far, it may be mostly cosmetic in its effect.  It apparently converts some comments to trackbacks.  While this is not desirable behavior, since we show both comments and trackbacks in the comment section, it might not have a huge negative effect.

Unfortunately, I am in San Jose right now, so I can’t update the release with a fix yet. Hopefully Steve can handle it. Smile

comments edit

In the essay entitled Hold the Mayo, 37signals points out the obvious fact that most surveys ask users what features they want added to a product.  They rarely ask what features they want removed.

I have in the past asked users for permission to remove features, but I’ve never taken the extra step of asking users, which features would they like removed.  So here I go. 

Which feature(s) would you like to see removed from Subtext?

I think a natural response I will receive is the question, Why would you ever want to remove a feature?

Features have many hidden costs.  Even relatively simple features.  I am going to tell a short story about one such occurrence that happened in Subtext.  I won’t name names and this is not meant to call anyone out for public embarrasment or chastisement.  I have probably been more guilty of this than anyone.

Not too long ago, someone checked in a control into Subtext that displays recent comments, just as we were close to preparing a release.  I was a little miffed at the time because I was not expecting anyone to add features at the time.

However this was a pet feature and some of the devs really wanted it in the system.  Besides, it’s such a small feature, what could go wrong?  So I let it in not wanting to be a hard-ass about it.

The recent comments control is a pretty simple control in concept.  When added to the main skin template, it simply displays recent comments left on various blog posts.  Sounds simple, no?

However, as with any feature, the devil is in the details.  Several problems immediately became apparent as we tested the release, and one problem affected me in a later release.

  1. The control let you truncate comments after a certain number of characters.  However it didn’t strip HTML out, so if it truncated a comment in the middle of a tag, it would completely mess up the whole page.
  2. The control bypassed our provider model and made stored proc calls directly.
  3. The control displayed all feedback for a blog, even ones that were left via the Contact Page, thus potentially displaying private messages.
  4. Recently, I tried to append a little HTML comment after messages that had been processed by Akismet to make it easy to see that Akismet was indeed working by viewing source.  Comments aren’t being stripped by the Recent Comments control, so the site was broken in a way that I had not anticipated. It took a long time before I realized what was happening.

So for a relatively small feature, a lot of development time and effort was used up in supporting it.  I am glad we have the feature now, I really like it and plan to add it to my own blog at some point.

But the main point still stands, every feature is like an iceberg. When scoping it out in your head, you typically only think of the top part that sticks out above the water.  However, the real effort is in the part under water that supports the whole thing.

Iceberg Photo from

So if there is a feature in your product that provides very little bang for the support buck, consider getting rid of it.

So again, Which feature(s) would you like to see removed from Subtext?

comments edit

Real Now that 37signals have put their book Getting Real online for free, I’ve finally gotten around to start reading it. And so far, I **love it. I think there are a lot of great lessons, reminders, ideas in here that will help me make products I work on that much better.

I have a premonition, even before writing this, that a lot of people will tell me that the book is crap because they don’t believe in functional specifications and even Joel believes in functional specifications. As the authors point out in their Caveats, disclaimers, and other preemptive strikes page, their techniques don’t apply to everyone (though probably to more people than one would think). Also, their ideas are not an all or nothing affair. Gotta have your functional specs, then by all means keep doing it. Don’t throw out the baby with the bathwater.

Open Source projects are probably in the best position to make use of their guidelines, though I am sure many more projects would be made much better by getting real. Subtext will most certainly gain from many of these approaches. My hope is to use Subtext as a testing ground for the principles in Getting Real, and then using its success to show my clients that they don’t need to be so rigid about product development. We’ll see.

As you might guess, many of my upcoming blog posts will focus on some of these topics.

comments edit

Wallet Well if you’re the punk malcontent who found my wallet yesterday, you go on a shopping spree…at Rite Aid, Vons, and Ralphs (a convenience store and two grocery stores). 

Really, if you’re going to try and spend my hard-earned credit, at least go buy something decent like a stereo system.  There’s a Best Buy just down the street that isn’t much further away than the local Vons.

I mean who spends $103 at a Rite-Aid?!  Who!?  I really mean it. Who? I’d like to know because I want my wallet back.  And to the store clerks there, doesn’t it even slightly ring the suspicion bell in your head when someone tries to buy $103 worth of anything at Rite-Aid?  I didn’t even know you could buy that much stuff at a Rite-Aid. I figured buying out everything in the store would lighten your wallet by about $70, tops.  Maybe he bought the cash register too.

Did you even look at the guy and compare his picture to the Id, my Id, he presented?  There’s not a lot of hapas running around L.A. so I doubt he looked that much like me, assuming it was a “he”.

Anyways, yesterday on a short walk, I dropped my wallet.  A really comical mistake like you see in the cartoons. I put my wallet in my side cargo-short pocket, which unbeknownst to me, had a huge gaping hole in it.  I returned back to the area literally 10 to 15 minutes later, and it was gone.  And then the charges started showing up in my account as I frantically called to close my cards.

Anyways, that’s why I rushed out a new release of Subtext last night.  I figure follow something bad with something good.  Oh, and I bought a lottery ticket.  I know, the chances are pretty much nill. But what were the chances I’d put a wallet in a pocket with no bottom?  This is a chance for the world to get back to even terms with me. Wink

comments edit

As I mentioned in my last post, someone reported a bug with deleting posts in the admin tool.  That posts also describes a quick and dirty workaround.

However, I fixed the bug and updated our current 1.9.2 release at SourceForge.  The existing URL to download the release is still valid.  The full version number for this release is

To find out which version of Subtext you are running, just log into your admin and look in the bottom left corner.  You should see the version there.


If you downloaded Subtext 1.9.2 before I applied the update, then you will probably see version in there.  If so, you have two options.  You can either apply the quick and dirty patch mentioned in my last post, or you can download the latest build and update the Subtext.Framework.dll file in the bin directory.

However, this latest update also includes some CSS fixes for the KeyWest skin in IE 7 designed (and fixed) by Robb Allen.  So if you are using that skin, you should download and apply this update.

comments edit

Someone reported that they cannot delete posts in the just released Subtext 1.9.2. I am mortified that we do do not have a unit test for this function!  To our defense, we did start with 0% code coverage in unit tests and have now reached 37.9% and rising!

I have a quick fix if this problem affects you. I am also currently building a more permanent fix which I will release soon.

Run the following query in Query Analyzer (don’t forget to hit CTRL+SHIFT+M to replace the template parameters before executing this).

    @ID int
    , @BlogID int = NULL

DELETE FROM [<dbUser,varchar,dbo>].[subtext_Links] 

DELETE FROM [<dbUser,varchar,dbo>].[subtext_EntryViewCount] 

DELETE FROM [<dbUser,varchar,dbo>].[subtext_Referrals] 

DELETE FROM [<dbUser,varchar,dbo>].[subtext_Feedback] 
WHERE EntryId = @ID

DELETE FROM [<dbUser,varchar,dbo>].[subtext_Content] 


TO [public]

Sorry for those that this affects. Like I said, we’ll have a bug fix out soon.

comments edit

Making the world safe for trackbacks again!

UPDATE: A bug was reported that blog posts could not be deleted. We have updated the release files with a fixed version. There’s also a quick and dirty workaround.  You only need to apply the fix if you downloaded and installed Subtext before this update message was posted.  See here for details.

Well it took me a little longer than anticipated, but I finally teased out the remaining show stopper bugs and put the finishing touches on Subtext 1.9.2. If you plan on upgrading to Subtext 1.9.2, please consider reading this entire post carefully. If not, at least remember to backup your database and site first before upgrading!

What happened to 1.9.1? Long story for another time. We are skipping from 1.9 to 1.9.2. Here is a list of releases so far just in case you were curious. UPDATE: I had only listed the versions that required an automatic upgrade. Here is the complete list with the ones in bold required an automatic database update:

  • Subtext 1.0
  • Subtext 1.5
  • Subtext 1.5.1
  • Subtext 1.5.2 
  • Subtext 1.9
  • Subtext 1.9.2

As you can see, our version numbering has been a bit less than consistent. But starting with 2.0, we should stay a bit more consistent. With the launch of IE 7, don’t be surprised if we come out with a 1.9.3 version that just includes fixes to the skins. Volunteers for that effort are welcome.

New Features

The reason we call this the “Shields Up” edition is that the focus has been on dealing with Comment Spam. I had few interesting ideas I could not implement in time, but I did implement three key features that have really made a huge difference in regards to comment spam, and may not necessitate my other ideas.

Akismet Support

Subtext now has full integrated support for Akismet spam filtering. Not too long ago, I released an Akismet API so that others can use it for spam filtering. Scott Hanselman Members of the DasBlog team implemented it for DasBlog (in their source control tree. Not yet released.) and has nothing but praise for it, saying it has completely eliminated comment spam for him.

Now let me explain what I mean by full integrated support. When you enable Akismet and are looking at approved comments in the feedback section, if you notice something that should have been filtered as spam, you can check it and click the Spam button. That will then report a false negative to Akismet, indicating that they failed to mark this item as spam and then move the item to the new Trash folder.

Likewise, if you notice an item that is flagged as spam, but should not have been, you can check the item and click Approve which reports a false positive to Akismet. By doing so, you will be training Akismet to become more adept at filtering spam.

Note, to enable Akismet, you must sign up for anAkismet API keyand supply that key to Subtext via the admin section. In order to get this key, you have to register for a user account, whether or not you plan to use a Wordpress blog.

Another note, Akismet may not work in Medium Trust scenarios. So if you host your site with a hosting provider such as GoDaddy, WebHost4Life, etc… who run their sites in Medium trust, Akismet might not work for you. I wrote about the problem here.

In the comments to the aforementioned post, Scott Watermasysk points out a promising approach. Have your hosting provider set up a proxy which can be used to make requests. To that end, I did add some Web.config appSettings for enabling proxy support: ProxyHost, ProxyPort, ProxyUsername, ProxyPassword.

If specified, all web requests for subtext will use this proxy.

Invisible Captcha

Not too long ago, I released a lightweight invisible CAPTCHA validator control. As far as I can tell, it has worked pretty well at keeping out automated comment spam. But as I also warned, it did nothing to stop Trackback/Pingback spam. Hence the need for Akismet support.

Invisible CAPTCHA is probably not necessary given the Akismet support, but since Akismet is not enabled by default and Invisible CAPTCHA is, it will provide some relief until you get your Akismet API key, if you so choose.

If Invisible CAPTCHA causes problems for you for some reason, you can turn it off for the entire site (no per-blog setting) via Web.config.


Some of you twisted my arm, so I am complying. I love my users so I gotta keep them happy. We now have support for the standard visible CAPTCHA you know and love.

Time Zone Fix

This topic gets its own special treatment because it is both a bug fix and a new feature. Not too long ago I mentioned some work I did for DasBlog regarding daylight savings time.

Long story short, there was no way in the .NET framework to convert from one arbitrary timezone to another. The way this manifested in Subtext is that users who had their blog hosted in another timezone always had incorrect timestamps on their blog posts.  This fix resolves that issue.

Previously, Subtext only stored a timezone offset for each timezone. For example, the offset for Pacific Standard Time (PST) is -8. However that is not accurate enough to be correct. For example, at the time of this blog post, the offset is actually -7 because of Daylight Savings Time.

Likewise, choosing -7 for a timezone is not accurate because Arizona does not observe daylight savings, but Mountain Time does. The only way to really get this accurate is to store the actual timezone and not just the offset. So that is what Subtext now does.

We now list every timezone (at least every one I could extract from the Windows XP registry). There is no natural integer identifier for a timezone, so based on a suggestion by someone at Microsoft, I used the hash code of the timezone’s Standard Name. This is the only guaranteed consistent unique identifier for a timezone. So when you upgrade to 1.9.2, we try and update your offset to the most likely timezone id. Obviously, we can’t be perfect about this, so after you upgrade, you probably want to login and configure your blog with the correct timezone if we chose unwisely.

Other Release Note Items

  • Feature [1565237] Support referencing External CSS
  • Feature [1577073] Flag All, Destroy All options
  • Fixed [1584075] Disabling trackbacks didn’t disable trackbacks properly.

Upgrade Instructions and Warnings

If you are upgrading from Subtext 1.5 or below, then please read this important note on upgrading. Subtext 1.9.2 runs on ASP.NET 2.0, so upgrading from 1.5 and below(which ran on ASP.NET 1.1) takes a few additional steps than normal.  As always, don’t forget to merge your web.config customizations into the new web.config file.

Also, for all people upgrading to 1.9.2. The Subtext 1.9.2 upgrade process performs a major database schema change, moving all comments and trackbacks into a new subtext_Feedback table. We’ve tested this over and over again working out all the kinks we could find, but we can’t guarantee that it will be 100% perfect. Thus backup your database first before upgrading!

Also, as I mentioned in the previous section, after you upgrade, please check the timezone setting in the admin section.

Lastly, in order to improve the commenting experience, we’ve added a tiny dash of Ajax using the MagicAjax control for leaving comments on a blog. However, this does not work well with the excellent ReverseDOS because ReverseDOS acts before the request is passed on the our code. If you plan on using Akismet, it is recommended that you turn off ReverseDOS support in the Web.config. In fact, the web.config file that comes with 1.9.2 disables ReverseDOS. I’ve been in contact with the ReverseDOS creator, Michael Campbell, about these issues and he has plans to work together to address them. But like all things, life comes first.

Even though Akismet does a great job with comment spam, I still think ReverseDOS is worthwhile and a nice complement to Akismet. However, we need tighter control of when ReverseDOS is triggered in the request pipeline in order to integrate it into Subtext’s existing spam filtering functionality.


Ok, enough talk already, where do I download this sucker?  The download is hosted by SourceForge here: [DOWNLOAD]

comments edit

Dan Appleman takes the .NET focused custom search engine idea one step further by grabbing a great domain name for his search engine.  Now why didn’t I think of that!  Sometimes that’s all it takes between a search engine that will get used alot (his) and one that won’t (mine).  I’d be happy to throw my support over to his, though I’m keeping my baby.  The one key difference is I plan to leave my search engine open for others to contribute sites.  Perhaps the two will complement each other.

And no, the domain name is not the only reason. This guy *is* Dan Appleman after all! He wrote the Visual Basic Programmer’s Guide to the Win32 API which allowed me to feel like a real programmer despite using VB back in the day.  For this, I owe him a debt of gratitude as I was thus equipped to stand up to the C++ snobs.

Now we just need someone to help spruce up the logo.

Tags: Custom Search, Search, .NET, Dan Appleman

comments edit

Chameleon Having trouble sleeping lately. Thought I’d start an intermittent blog series about the questions that keep me up at night.

For example, this question popped in my head tonight and would not let me rest.

What the hell is a Karma Chameleon?

Ponder amongst yourselves.  I bid you adieu.

comments edit

UPDATE: A bug was reported that blog posts could not be deleted. We have updated the release files with a fixed version.  There’s also a quick and dirty workaround.

Reading over my last blog post, I realized I can be a bit long winded when describing the latest release of Subtext. Can you blame me? I pour my blood, sweat, and tears (minus the blood) into this project.  Doesn’t that give me some leeway to be a total blowhard? Wink

This post is for those who just want the meat. Subtext 1.9.2 has the goal of making the world safe for trackbacks and comments.  It adds significant comment spam blocking support.  Here are the key take-aways for upgrading.

  • As always, backup your database and site first before upgrading.  We implemented a major schema change which requires that the upgrade process move some data to a new table.
  • If you are upgrading from Subtext 1.5 or earlier, read this.
  • Instructions for upgrading.
  • Instructions for a clean installation. This is easier than upgrading.
  • When upgrading, make sure to merge your customizations to web.config into the new web.config.
  • If you use Akismet, make sure not to use ReverseDOS until we resolve some issues.
  • After upgrading, login to the admin and select the correct timezone that you are located in.

Download it here.

comments edit

In response to question about integrating my custom search engine with the browser, Oran left a comment with a link to a post on how to implement searching your FogBugz database in your browser via the OpenSearch provider, which is supported by Firefox 2.0 and IE7.

So I went ahead and used this as a guide to implementing OpenSearch for my custom search engine on my blog.  When you visit my blog, you should notice that the the search icon in the top left corner of your browser is highlighted (screenshot from Firefox 2).

Open search

Click on the down arrow and you will see my own search engine Haack Attack in the list of search providers.


Now you can search using Haack Attack via your browser.  Implementing this required two easy steps.  First I created an OpenSearch.xml file and dropped it in the root of my website. Here is my file with some of the gunk removed from the url.

<?xml version="1.0" encoding="UTF-8" ?>
  <ShortName>Haack Attack</ShortName>
  <Tags>Software Development C# ASP.NET</Tags>
    Search the web for relevant 
    .NET and software development content.
  <Url type="text/html" 
    StuffOmitted&amp;q={searchTerms}" />

Remember to make sure to use &amp; for query string ampersands, as this is an XML file.  Also, if you are using your own Google Custom search engine, the actual template value looks something like: &q={searchTerms}&sa=Search&cof=GFNT%3A%23000000%3BGALT%3A%23000066% 3BLH%3A23%3BCX%3AHaack%2520 Attack%2520The%2520Web%3BVLC% 3A%23663399%3BLW%3A100%3BDIV%3A%23336699%3BFORID%3A0%3BT%3A%23000000 %3BALC%3A%23660000%3BLC %3A%23660000%3BS%3Ahttp%3A%2F%2Fhaacked%2Ecom %2F%3BL%3Ahttp%3A%2F%2Fhaacked%2Ecom%2Fskins%2Fhaacked%2Fimages%2F Header%2Ejpg%3BGIMP%3A%23000000%3BLP%3A1%3BBGC%3A%23FFFFFF%3BAH%3Aleft& client=pub-7694059317326582

So be sure to change it appropriate to your own search engine.

The second step is to add auto-discovery. I added the following <link /> tag to my blog.  The bolded sections you would obviously want to customize for your own needs.

<link title="Haack Attack" 

So give it a try and let me know what you think. Be sure to add sites you think are relevant to this searh engine.

comments edit

The Viper
RoomLast night I went to the “World Famous Viper Room”.  Gotta respect that their website makes sure to mention the World Famous part.  I suppose you’d have to have a real club inferiority complex to promote your club as The In This Neighborhood Sorta Famous Viper Room.

Anyways, the purpose of my visit was to see my soccer (sorry, football) teammate and team captain Pete perform in the acoustic lounge, an intimate (read tiny) lounge downstairs from the main room.

Pete’s the one from Glasgow with a heavy Scottish brogue.  We can hardly understand him most of the time, though I’m getting better at it.  Usually I just nod my head in agreement.

After our last game we asked Pete if he’d get us on the guest list.  “Not after that performance I won’t.” was his reply…I think.  He was referring to the 12 to 1 drubbing received at the hands of Hollywood United.  This is the team fielding 9 internationally capped players and two World Cup players, one of whom was on the winning squad of the 1998 champions.

In contrast, we are fielding one internationally capped player who played for the Cayman Islands.  We should be making some acquisitions for the next season that should help.  Our goal for the next season is to keep them in the single digits.  Incremental improvements, ya know?

comments edit

Beta Google just launched a neat build-your-own-search-engine feature.  You can choose sites that should be emphasized in the search results, or even restrict search results to that list.

It offers a lot of customization, but I seemed to have run into a problem in which it doesn’t seem to be saving the images for my profile for some reason. 

One particularly neat feature is the ability to allow others to collaborate on the search engine.  For example, check out my search engine called Haack Attack the Web.  I entered a few .NET and software development focused websites to the list of sites to search, restricting results to just those sites.

Feel free to add your favorite websites to the search engine.  I think I’ll actually find this as a useful first stop for finding .NET content.

The next step is to integrate this into the search features for Firefox and IE7.  Anyone want to help?

code, tech comments edit

Space Shuttle
Landing Jeff Atwood writes a great post about The Last Responsible Moment. Take a second to read it and come back here. I’ll wait.

In the comments, someone named Steve makes this comment:

This is madness. Today’s minds have been overly affected by short attention span music videos, video games, film edits that skip around every .4 seconds, etc.

People are no longer able to focus and hold a thought, hence their “requirements” never settle down, hence “agile development”, extreme coding, etc.

I wonder what methodology the space shuttle folks use.

You shouldn’t humor this stuff, it’s a serious disease.

Ahhhh yes. The Space Shuttle. The paragon of software development. Nevermind the fact that 99.999% of developers are not developing software for the Space Shuttle, we should all write code like the Shuttle developers. Let’s delve into that idea a bit, shall we?

Invoking the Space Shuttle is common when arguing against iterative or agile methodologies to building software. Do people really think hey, if agile wont work for the Space Shuttle, how the hell is it going to work for my clients widget tracking application?Gee, your widget app is doomed.

The Space Shuttle is a different beast entirely from what most developers deal with day in and day out. This is not to say that there aren’t lessons to be learned from how the Shuttle software is built, there certainly are. Good lessons. No, great lessons! But in order to make good use of the lessons, you must understand how your client is very different from the client to the Shuttle developers.

One reason that the requirements for the Space Shuttle can be more formally specified beforehand and up front is because the requirements have very little need to changonce the project is underway.When was the last time the laws of gravity changed? The Shuttle code is mostly an autonomous system, which means the “users” of the code is the Shuttle itself as well as the various electronic and mechanical systems that it must coordinate.  These are well specified systems that do not need to change often, if at all, in the course of a project.

Contrast this to business processes which are constantly evolving and heavily people centric. Many times, the users of a system aren’t even sure about how to solve the business problem they are trying to solve with software.  This is partly why they don’t exactly know what they want until they have the solution in hand. We can wave activity diagrams, list of requirements, user stories and use cases in front of them all day long, but these are rough approximations of what the final system will do and look like. It’s showing the user a pencil sketch of a stick figure and hoping they see the Mona Lisa.

Later in the comments, the same guy Steve responds with what we should do with users to focuse them.

​1) what do you want it to do?\ 2) understand the business as much as you can\ 3) draw a line in the sand for that which you can safely deliver pretty soon\ 4) build a system that is extensible, something that can be added on too fairly easily, because changes are coming (that is agile-ness)\ 5) charge for changes

And I agree. One of the common misperceptions of agile approaches is that you never draw a line in the sand. This is flat out wrong. You do draw a line in the sand, but you do it every iteration.

Unlike the BDUF Waterfall approach which requires that you force the user to spew requirements until he or she is blue in the face, with iterative approaches you gather a list of requirements and prioritize them according to iterations.  This helps a long way to avoiding poor requirements due to design fatique. The user can change any requirements for later iterations, but once an iteration has commenced, the line in the sand is drawn for that iteration.

To me, this sounds like the last responsible moment for deciding on a set of requirements to implement. You don’t have to decide on the entire system at the beginning. You get some leeway to trade requirements for later iterations. You only are forced to decide for the current iteration.