Recently, I have got several spams at approx. 1,000 per day. I am clueless how do they appear on my site. I've used reCAPTCHA, I've used mollom, I've used blockanonymouslink, but the spam still coming through.

The strangest thing is that when I ask my friend to try to post spam on my site, the spam countermeasure works just fine but the real spam keep appearing. I felt a little bit hopeless so I contact my dear friend sugree and ask for help. He came up with the solution really fast. From the log, the spam is coming from the staging site that I forgot to turn it of. It is the staging when I convert my drupal 5 to drupal 6. I also think that it is the reason why my post keeps getting "unformat" for the last few days as well.

Anyway, I have destroy that staging site and hope that that would solve the problem.

I posted my slides on my web as a pptx file a few weeks ago. Suddenly after that, students gave some comment that when they downloaded the file, the file came as .zip. Even though the file on the server is not zipped and is name exactly as .pptx. Of course, I have tested my upload, but only on Firefox, which definitely has no problem. From the student comment, I tried it on IE and managed to duplicate the error. My first thought is that it must be something about the MIME type. The problem is I don't know the correct mime type of the pptx file.

Googling around leads me to this post on Drupal website. In short, I have to add these lines to /etc/mime.types so that Apache sends the appropriate MIME type to IE7. I wonder why IE bothers to change the file extension after all.

application/vnd.ms-word.document.macroEnabled.12                docm
application/vnd.openxmlformats-officedocument.wordprocessingml.document     docx
application/vnd.openxmlformats-officedocument.wordprocessingml.template     dotx
application/vnd.ms-powerpoint.template.macroEnabled.12              potm
application/vnd.openxmlformats-officedocument.presentationml.template       potx
application/vnd.ms-powerpoint.addin.macroEnabled.12             ppam
application/vnd.ms-powerpoint.slideshow.macroEnabled.12             ppsm
application/vnd.openxmlformats-officedocument.presentationml.slideshow      ppsx
application/vnd.ms-powerpoint.presentation.macroEnabled.12          pptm
application/vnd.openxmlformats-officedocument.presentationml.presentation   pptx
application/vnd.ms-excel.addin.macroEnabled.12                  xlam
application/vnd.ms-excel.sheet.binary.macroEnabled.12               xlsb
application/vnd.ms-excel.sheet.macroEnabled.12                  xlsm
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet       xlsx
application/vnd.ms-excel.template.macroEnabled.12               xltm
application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx

Anybody could notice that there are at least two urls that direct to this page. Originally, I registered for http://www.nattee.net/ and http://our.obor.us/. Both works well thanks to Drupal site configuration method. Drupal use name based resolution. All I have to do is to edit the setting.php to point to the same database for both of the name. Users can access my site using any of these urls and drupal simply direct it to the same place (because all information is stored in the database).

The problem is that the module from drupal that access these API does not allow me to authenticate with the API using different certificate for different host name. This is definitely not the bug of drupal because what I did in the first place is a workaround, not a recommended way. I personally says that the two urls use the same database which is originally intended to be used for single url.

The problem started when I was trying to use off-site module, e.g., Google Analytic, reCAPTCHA or mollom. These APIs require some security measurement. The APIs are available for the registered site only and they all adopt the name based identification. The method they adopt is that the RSA key is provided to the site owner and the site must supply the key when communicating with the APIs providers. Different keys are issued for different host name. In short, each call of this APIs must come from the correct URL.

RewriteCond %{HTTP_HOST} ^our\.obor\.us$ [NC]
RewriteRule ^(.*)$ http://www.nattee.net/$1 [L,R=301]

The first line simply matches the content of HTTP_POST variable with our.obor.us (using regular expression) as a first token. Then [NC] flag indicates that case is irrelevant. The second line simply match everything after the host name and prefixes it with http://www.nattee.net/. The $1 is back reference to the first line and [L,R=301] means that this line is the last rule to apply and apache should send the redirect command to the client.

That's all.

Now, it came across my mind that mod_rewrite would solve the problem. mod_rewrite is an apache module rewrite the name of the url, perfectly what I want. After reading some document, all I need to do is to put these two lines on the .htaccess

Originally, I wish to solve the problem by redirecting anything from http://our.obor.us/ to http://www.nattee.net/. The problem is that GoDaddy won't allow so, (they actually have this option but when I turned it on, nothing happens). For about a year after I adopt reCAPTCHA, nobody can post comment on http://our.obor.us/.

Just set up LDAP authentication. Now, anybody who has an account on CP department can authenticate to my website. All student are encouraged to log in before posting any comment in the forums.

It turns out that Sky is based on Theme Setting API which is also used in several themes, though they are not as highly configurable as Sky. However, it seems that I prefer Twilight over Sky but I still have to manually edit the font to be as I like.