intertwingly

Based on the lively discussions of the past few days, it certainly appears that requiring a preview does not impede the flow of discussion.  Cool.

Spam also is way down, despite my having removed and relaxed a number of other defenses.  Notably, my spam throttle has not been activated for over two weeks.  Apparently some spammers do read weblogs and warnings deter these folks.

My initial implementation of requiring a preview was simply to omit the submit button from the page - the underlying code did not change.  Amusingly, about 40% of the spam I did receive did not do a preview first, indicating that they had bypassed the html pages.  This is easy enough to fix - a nonce is now provided on the preview form, and verified on the submit.

As currently implemented, nonces can only be used once, and expire after 30 minutes... so if more than 30 minutes elapses between preview and submit, then the submit will effectively be interpreted as a second preview, resetting the clock.