A new, cute way to fight with spam?

I ran across a site called ( today. In my personal opinion, it is an extent of url shorten (e.g:

You basically enter your email address and it will generate a shorten url for you with a simple mechanism to force users to choose the matched text block, a simplified version of captcha.

Looking to see this in action, give mine a try:

When clicking the text block, a POST request is made:

Obviously, captcha is the name and value of the captcha text, token appears to be a text-based (possibly) md5 hash (since it is 32bit and alphnumeric). My bet it is

md5(current time + salt). 

My quick attempt is it does not implement any

if(number of failures > predefined_number_attempts) {
  block_ip() OR user_has_to_wait(5mins)(); 

This introduces the opportunity for attackers to brute force the site, which makes this service absolutely no-sense.

Well, not exactly right, it seems to me this site is simply an attempt to explore a new way to reduce number of spam, with little effort (and added complexity for end users).
Most users for this site will be individuals and/or small businesses. So even if the site is breakable, any one really cares? It is only an email address that is intended to share with a group of interested parties.

Validation of XML with XSD with C#

So you seen the following warning message?

Warning 1 'System.Xml.XmlValidatingReader' is obsolete: 'Use XmlReader created by XmlReader.Create() method using appropriate XmlReaderSettings instead.' filename.cs 225 13 MonitoringFramework

private static bool isValidXML(string sXmlPath, string sXsdPath)
	bool isValid = true;
	XmlTextReader xReader = new XmlTextReader(sXmlPath);
	XmlValidatingReader xValidator = new XmlValidatingReader(xReader);
	xValidator.ValidationType = ValidationType.Schema;
	xValidator.Schemas.Add(null, sXsdPath);
		while (xValidator.Read()){}
	catch (Exception e)
		isValid = false;
	return isValid;

The above code produces the following warning:
System.Xml.XmlValidatingReader' is obsolete

What is the solution? Below is my take on this problem

public static Boolean isValidXml(string sXmlPath, string sXsdPath)
	bool isValid = true;
		XmlReaderSettings settings = new XmlReaderSettings();
		settings.Schemas.Add("", StringToXmlReader(sXsdPath));                
		settings.ValidationType = ValidationType.Schema;
		XmlDocument document = new XmlDocument();
		XmlReader rdr = XmlReader.Create(new StringReader(document.InnerXml), settings);
		while (rdr.Read()){}
		isValid = false;
	return isValid;

private static XmlReader StringToXmlReader(string input)
	return XmlReader.Create(new MemoryStream(Encoding.UTF8.GetBytes(input)));

How to get file extension in C#

It looks like this is a fairly popular interview question, particularly in junior or entry level .Net developer positions.

While there are tons way to do this, I am listing two common approaches.

  • The most common way is string manipulation:
    string file = "abc.xml";
    Console.WriteLine(file.Substring(file.LastIndexOf(".") + 1));
    /// Returns xml
  • .Net also has native class Path allows you to get file extension:
    /// Because Path.GetExtension returns extension ends with a dot, so you may want to get rid of it. 
    string file = "abc.xml";
    Path.GetExtension(file).Replace(".", "")
    /// Returns xml

Path also has a list of other handy file IO methods:

  • ChangeExtension(string path, string extension)
  • GetPathRoot(string path);
  • GetDirectoryName(string path);
  • GetExtension(string path);
  • GetFileName(string path);
  • GetFileNameWithoutExtension(string path);
  • GetFullPath(string path);
  • GetInvalidFileNameChars();
  • GetInvalidPathChars();
  • GetPathRoot(string path);
  • GetRandomFileName();
  • GetTempFileName();
  • GetTempPath();
  • HasExtension(string path);
  • IsPathRooted(string path);

More details are available at

Where is my drupal login page?

I constantly forget drupal login url, (by default, unless you have built custom aliases) /admin will simply shows a 403 (access denied) and /login returns a 404 (page not found), which is great from the security perspective.

The following are its login urls:

For personal blogs and small company sites, a good security practice is to grant access to a group of whitelisted users and deny the rest. In case you don't know, you can easily achieve this task in drupal, administer-> user management -> access rules. Below is my access rules, I only allow myself and blocks anyone else, which is represented as a percentage sign (%).

drupal access rules

^ Top of Page