Saruman Vows Revenge on Israel | Main | People Considered Harmful (TypeKey Edition)
March 22, 2004
I Would Prefer Not To: More on TypeKey
SixApart released a FAQ related to TypeKey tonight.
I'm pretty satisfied with most of the answers, to the extent I'm from Oregon and we've got that snazzy new "We Love Dreamers" slogan here.
My satisfaction is largely limited to the technical answers they provided: It's single sign-in for weblog commenting, the user's "handle" seems to be detached from his/her actual "identity" (meaning there can be many, many Capt. Zaftoids instead of consigning users to an AOLesque "Zaftoid593" lameness of handle), and they promise to work really, really hard to make sure it's up most of the time, and that when it's not, they'll have some sort of fallback. We'll see how it all works out once they throw the switch and the infernal machine roars to life.
All in all, it seems Movable Type 3 will have a much more fine-grained comment management system, too. Almost all of MT-Blacklist's functionality seems to be there, with the exception of expression-based blacklisting, which I really don't want to see go:
In the past 12 days, the regexp-based blacklist has stopped 27 spam comments, while domain blocking has stopped 36. I'm surprised at how often one domain turned up in the logs (all but two of the domain-based rejections), but that tells me that blog spam, unlike e-mail spam, is still just warming up. When I see the same spam comment come in from twelve different "people" and as many different domains, we'll know comment spam has hit the big time.
The regexp-based blocking, once you discount the serial attacks from one offending domain, was more effective at sparing anyone on the puddingbowl server (there are eight blogs and seven users) from having to remove a single spam. I really hope MT-Blacklist continues to be maintained, even if it's just a supplement to what looks to be a much better set of tools in Movable Type 3.
All that said, I have my doubts that many (if any) of the eight weblogs hosted here will adopt TypeKey as a sole means of authentication: Requiring registration with a central service will mainly guarantee that casual commenters won't bother. My sense of things from the responses I got when I wrote users on this system and described TypeKey to them indicates that they believe a central sign-on would probably lower the number of comments they get, which are more valuable than worrying about the occasional troll or spammer.
More interesting to me will be how many other weblogs limit authentication to TypeKey.
Update
In the mixed news department, it looks like SixApart's learning a lot from the TypeKey matter. The FAQ announcement went from something written by people to something slightly more flattened out. Click the thumbnail for the diff'd version :nnw: spat out at me:
Comments
I'm distressed that if one wants one's weblog to have a locally-based comment reigstration method, instead of using the centralized TypeKey, we have to wait for third parties to write one. I don't udnerstand why they couldn't have built MT 3.0 with in internal comment registration option and also hooks for using TypeKey.
In many ways, I'm inclined to want comment registration, but there's no way I'll use a centralized service to do it.
Posted by: The One True b!X at March 22, 2004 11:46 PM
Hi, b!X. You've got a lot more commenters than any of us on the puddingbowl server (except maybe iceblog when it gets linked by the odd big site), so I see the allure.
Do you think you'll enable TypeKey authentication at all (since it can exist alongside other approaches), or when you say "no way" do you mean "not at all ever" (as opposed to "not as the sole means")?
Posted by: mph at March 23, 2004 12:07 AM
I don't have an answer to that. At the moment, since no locally-hosted auth system for MT 3 exists, the plan is not to have comment registration of any kind. If I had a local option to turn on for sure, I might consider being open to TypeKey auths, in case I had readers who alreadyused TypeKey, but I don't know.
In the main, I want locally-hosted auth first, then TypeKey can try to convince me about what they do.
Posted by: The One True b!X at March 23, 2004 8:51 AM