A few years back, there was a huge scandal over wasteful military spending when someone looked at the line item for
the toilet seat for the head on a P-3 Orion patrol plane, and saw it was $900. “NINE HUNDRED DOLLARS for a toilet seat?” the
scandalized cried. Of course, it was never pointed out that the toilet seat was, in fact, the enclosure for the whole toilet system,
in addition to being the toilet seat, and it had to pass MilSpec. And it certainly wasn't the kind of seat you'd want to bolt to
your household toilet–it was a bit too, er, robust.
The software world is full of $900 toilet seats–things that we build to be mission-critical and bullet-proof that become too
complicated for any sort of general application. And it appears, as I continue to review the specs from Liberty Alliance, that they
have turned federated identity management into a $900 toilet seat.
Dave Winer responded to
my earlier line of reasoning on identity systems, and his comments were pretty much in line to what I got from other people–and with my underlying
suspicions. In the aggregate, the comments regarding an identity framework like Liberty Alliance clustered around three points:
- It's scarily complex, in ways that it just doesn't need to be
- It uses SSL communications, which is overkill for lightweight applications like comment authentication
- It's only implemented in .Net and Java–where's the Python/Perl implementation?
In short, it would be like using a
MOAB bomb to kill a cockroach: theoretically effective, but not necessarily optimized for the task.
But is any level of authentication appropriate to the task? And if you've got enough comment traffic to justify putting
authentication on top of comments, why the hell are you using a weblog to host them–when a discussion board
with user authentication would be more appropriate?
Unless your're Presidential timber, odds are that your comment stream
averages under 6 per post. If you run a tumbleweed-infested blog like mine, you're lucky to get one comment a
month. Sometimes, it's even a relief to get comment spam, because you know that your site is actually visible to
someone in the outside world.
Let's face it–the problem isn't really comment spam. The problem is that, as one friend of mine says, “Comments suck.” Moveable Type's
implementation of comments is to be commended in that it allows you to turn off comments after a while, or delete
undesired comments; but it puts comments under a well-known CGI script called mt-comments that is just aching for
robots to exploit it. Don't believe me? Google it. There are 1.8 million
instances of URLs with mt-comments out there for a comment spammer to exploit, and the format of the POST is pretty generic
across all of them.
The easiest solution to comment spam? I call it the Bill O'Reilly Memorial Three Step “Shut Up!” solution:
- Send the editor an e-mail notifying him or her about a new post, with
- Within the e-mail, include a link that, if clicked upon, automatically deletes the post.
- Add a setting to the weblog configuration that shuts comments for a post off after a user-selectable period of time.
Those features would reduce the work of catching and eliminating comment spam by 80%. And they don't require authentication.
So, does that mean there's no call for cross-site authentication in the blogging world? No. But
there's no need for most people to implement TypeKey (or “You Know Me”, or whatever) on their weblog.