This is a
trial balloon. What I am trying to explore is what would
happen if I were to convert the act of posting a comment into
request/response interaction. I would very much like to do
this in a way that does not significantly inhibit the
sponteneity that an comment system which does not require prior
I also have a number of ideas relating to the insertion of
tailored warnings on the preview page for conditions that can be
easily detected. These conditions could include: as postings
to older blog entries, posts that are nearing the point of
and the providing of URLs to pages which do not appear to be
weblogs (missing autodiscovery tags or the like).
Such warnings could simply be informational - posts that violate
these conditions could still be allowed. However, I am
considering have one or more of these conditions trigger some
action (perhaps as simple as adding a checkbox) that would require
some additional interaction on the user's part. Such
additions could even be variable or random. Probing or
otherwise getting this interaction wrong could also be factored
into the throttling algorithm.
Think Before You Speak
Sam Ruby is conducting a test to see how people feel about being required to preview their blog comments prior to posting them. Since Sam's test system seems to be only allowing preview, and not post, I'll comment here.......
The preview works fines...no problem. I would think however, that trying to block comments that provide "URLs to pages which do not appear to be weblogs (missing autodiscovery tags or the like)" would be fraught with peril. This sounds like something another Mark warns about.
OK, an initial implementation of my preview required functionality is complete. Other than requiring a preview, most of you should not see any different behavior. I've also relaxed my spam throttle to allow three comments - this allows the first to g...
Contrary to popular belief, the user agent for most of the comment spams is "IE". I do not believe this to be a spoof - too many other corroborating factors are often present. I can often track an initial referral from a google query with some combination of the words "weblog" and "query", followed by a fetch of favicon.txt, comment_form.js, blog.css and other paraphernalia.
My initial implementation only provides warnings about blacklists and throttles. I do not plan to put up one of those "can you read this bitmap" things, my plans are to be considerably less obtrusive, and any additional checks will not be applied indiscriminately, but only to those for those posts for which there appears to be reasonable cause for suspicion.
My guess is that wire protocols (SOAP, REST), will soon require full authentication. I've got some prototypes planned for that too, and I will provide more details as I get further along.
Based on the lively discussions of the past few days, it certainly appears that requiring a preview does not impede the flow of discussion. Cool. Spam also is way down, despite my having removed and relaxed a number of other defenses. Notably, my spa...
Nice. OK, an initial implementation of my preview required functionality is complete. Other than requiring a preview, most of you should not see any different behavior. I've also relaxed my spam throttle to allow three comments - this allows the...
With the recent announcement of the Movable Type 3.0 Developer Edition, the blog world is buzzing with all kinds of recommendations for switching away from MT. I'm not sure whether this site will remain on MT 2.661, upgrade to the......