It's based on HashCash. The client performs a CPU-intensive task (it concatenates the URL, time accurate to the minute, and tries to find a number to tack onto the end that has a SHA1 hash with enough zeroes on the beginning). It's easy to tell (one hash and query to the clock), but hard to get (a ton of numbers won't generate enough zeroes).

If it doesn't work for you (or you found a weakness), let me know. Or just ignore this post if you don't care what I do with my blog.

Edit: On request, the JavaScript code is here. The perl comments script (contains the server-side part), has my reCAPTCHA key in it for the fallback, but here's one with the keys removed.