Pretty much the only comment/form spam I get is of the variety that ends with:

Best site in bleep! My thnx to webmasters.

The rest of the message is usually different. Two recent examples are "Excellent site you have! Awesome content. Thank you." and "Thanks for nice and actual info' Be the Best!". These examples don't have any URLs in them, but many often do. I suspect the ones without URLs are a sort of ping/robot system that is going around testing for new places to submit.

The "From:" address is fairly consistent as well. It's nearly always from a mail.com address, though there are exceptions such as a recent one that came from [email protected].

What is this spam?? A search on Google only comes up with fellow blogger John Bokma's site, plus 37,800 other pages probably containing actual comment spam. John has logged a ton of different URLs and IP addresses of this spammer (nicknamed "Bleep"), and has concluded Bleep is actually comprised of a small botnet. He also describes Google's apparent inaction towards stopping this spammer on Blogspot.

I have a theory that Bleep isn't just a single spammer, but perhaps the default output of some kind of comment spam software used by hundreds of different spammers.

I'm rather interested to get my hands on some comment spam software - not to actually spam but just to see how the thing works to get some ideas of how to fight comment spam - but it seems impossible to find it. Searching on "comment spam" just brings up web pages against spam. Plus, I'm pretty sure whoever writes the software wouldn't name it "Comment Spam 2000" or something. It probably has a name like "Web Advertiser 2000" that makes it sound not-so-evil.

Does anyone have any info on this Bleep bot? Or any ideas of where I can find comment-spamming software?

I mentioned in my review of dict.cc that I loved the ability to turn off ads. Unfortunately, now that ability is gone. There used to be is a large Adsense banner across the top of the page with a link to "Remove Ad". When you clicked the link, the ad would disappear. I guess it used a cookie to remember your preference so that the next time you went to the site, the ads would be gone. Now, there are just ads on the side with no way to hide them. Update: the banner and Remove Ad link is still there, just not on the home page!

The ability to disable ads is great from a visitors perspective. People already use adblock software to block ads that they don't want to see and will never click on. Allowing visitors to customize a web site is not only helpful but generous as well. This also solves the dilema of sites which want to make a bit of money but don't want to ruin the experience of their loyal visitors.

On a related note, I'm thinking of bringing back the Adsense ads (with a Remove Ads link) to see how they peform. I had taken them off back in December when I was only making a few cents per week, but my traffic situation has since changed. If anybody has any objections, speak now or forever hold your peace. :)

Update: I've put back the ads with a 'Remove Ads' link, and wrote a follow-up explaining how.

I was just reading on the Ajaxian a quote from an article Why XHR should become opt-in cross-domain, so I started thinking, isn't there a way around this already?

A quick explanation of what I'm talking about: XMLHttpRequest (the function behind Ajax) will only let you connect to URLs on the same domain as the page you're on. This means the Ajax happening on xyz.com can only connect to URLs on xyz.com. Even if XYZ wanted to use Ajax to pull some data from foobar.com, they wouldn't be able to.

Now there is already one popular way around this. You can make a proxy page that gets the data for you. Using the same example, XYZ could make a URL like xyz.com/json_proxy that pulled data over from foobar.com behind the scenes, thus making the foobar.com data available on xyz.com. The problem with this is, XYZ would have to handle double the bandwidth of this data unnecessarily. This can be a big problem for smaller companies.

I have an alternative solution to this problem. Instead of using XMLHttpRequest to load the data, we can just use <script> tags instead. These don't have the same cross-server restrictions as XMLHttpRequest. In fact, this is how Adsense works. You stick a <script> tag on the page which executes JavaScript coming from Google's server, and this writes out the ads on the page.

To add a <script> tag to our page, we only need to call this function:

function addScript(url) {
    var script = document.createElement('script');
    script.src = url;
    document.body.appendChild(script);
}

If we have a URL that returns some JSON data, we just pass that URL to this function and the page will load that data. Well, not entirely. There's a few things we need to do different. With JSON, you have some data like:

{
   "firstname": "Jesse",
   "lastname": "Skinner"
}

and then use XMLHttpRequest with eval() to assign it to a variable. If you just stuck a script tag on the page to load this, nothing would happen. It would just load and the JavaScript parser would say "Great, nice little piece of data." But it's not going to assign it to a variable, so you'll have no way to access it.

There's actually no way around this unless you change what is returned by the JSON data URL. This is the special trick. We would need the JavaScript to execute some function or assign the data to a variable. It would need to look like this:

json_callback({
   "firstname": "Jesse",
   "lastname": "Skinner"
});

Now, we just need to make a simple function called json_callback() that takes the data and does something with it. Voila! Cross-server JSON.

Rather than hardcode some callback function name, it would probably be better to add an optional "callback" parameter that would specify the function name. If the callback parameter is missing, the server can return standard ol' JSON.

Let's say our simple JSON example above came from "foobar.com/data?format=json". If example.com was kind enough to provide this flexibility, they could add the parameter so that "foobar.com/data?format=json&callback=my_json_callback" formats the data as a function call, passing the data object to my_json_callback().

Now, we just need to wait for web APIs with JSON to start supporting this parameter.

Update: I've since discovered that Yahoo!'s JSON API already provides a 'callback' parameter exactly as I've described above, and I suspect that other APIs out there may support this as well. Either I'm psychic or there are time travellers working at Yahoo! ;) Here are the details from Yahoo!

I've come across two JavaScript games in the past couple of days that have really impressed me:

1. Lemmings! Seriously, it's nearly identical to the original lemmings game. It can run a bit slow but otherwise it's really impressive (via jim)
2. A 3D Dungeon game from brothercake. This is a really cool usage of CSS border polygons and JavaScript to make a 3D world.

Just a few fun examples to demonstrate the potential of JavaScript and CSS beyond Ajax, drag-and-drop and yellow-fade techniques - though of course nothing beats Buzzword Hellfire ;). Anyone have any more?

Big news: I'm quitting my job, moving back to Canada (with Svea of course) and taking the plunge into fulltime web development freelancing. This is something I've wanted to do for a long, long time (like seriously 10 years).

I'll be available to do any sized projects, from debugging CSS to adding Ajax functionality to full-blown database-driven web applications in PHP or Ruby on Rails. I love doing it all, and I love the variety. I think that's why freelancing is going to be very fun for me. I also plan to have more time to work on my own projects and get some very interesting things started. Stay tuned for more on that.

You can probably expect the content of this blog will start to include stuff about freelancing and self-employment. Hopefully I can help someone out by passing along any painful lessons learned. I'd also love to hear your stories and advice about going it alone.

Anyway, if you'd like me to help you out with JavaScript, Ajax, CSS or whatever else, drop me a line.