Thank you for being generous with your resources… I hope that you will receive more than you need for your time and
energy. Keep at work!

Fun aside #3, Manila added some crazy HTML linebreaks to my post (all I entered was a series of hyphens which it retained).

Surely Harvard will see the light and move to MovableType or WordPress for this server?

Manila seems to represent most of the things that are wrong with the modern software industry.

A blog application, especially one as simple as Manila, could be built by a twelve year old with any scripting language and any SQL like database server. But instead of building on 30 years of RDBMS engineering and a decade of web server engineering, they have wasted their energy on building their own object database and web server.

Perhaps Manila would have been impressive in the early days of blogging but we are now in 2005, a full 5 years since blogging took off.

———————————————
As a fun aside, I just submitted this comment and Manila managed to lose it. Awesome. Luckily IE stored the post data.
———————————————

———————————————
Fun aside #2, I just tried to re-post (this time I forgot to enter my email address). It lost my comment again and displayed message telling me to enter my email address (despite no indication that Email is a required field or any indication that this is even used anywhere).
———————————————

Philip, I can’t offer you a comparison of MT and WP but I can say I am not particularly impressed with MT3’s anti spam technology after setting up some sites for my girlfriend (who gets quite a bit of comment spam). The best path available is to hand over user registration to Six Apart and require users to obtain a “TypeKey” account on the Six Apart servers. If you don’t want to do this (I don’t) you have to go into “comment moderation” mode, in which every single post must be approved. I opted for comment notification by email and now my inbox glogs up with notifications, almost all of which are spam. And that’s just for comments on my own posts, which are maybe 1/30th of the total site content.

I’m amazed that Six Apart has not come up with a better solution given that this is the one hard problem that needs solving in the world of weblogging, and they are trying to sell software against open source alternatives.

That said I always recommend TypePad, the hosting service run by Six Apart using Movable Type, to people looking for an easy weblog system. The Pro version is pretty cheap and in the FAQ they say they monitor for comment spam and delete much of it on your behalf, which I guess they can do because they can see what is being posted to a whole conglomeration of weblogs. You can also have your own domain name and such.

I dislike CAPTCHA and am much less likely to leave a message somewhere if I have to use it. Maybe I’m unusually lazy, but it seems like too much of the antispam effort is shifted my way in a CAPTCHA weblog setup, especially when less invasive means are available.

For example, here’s the URL of a post with the ask-a-simple-question antispam measure I wrote about above:

http://www.jesush.com/index.php?p=752

Note that you have to answer “No” to the question, or the post isn’t accepted. Answering “Yes” saves that answer to your cookie in the same way email and name are saved, so you’ll never have to set that manually again from your current computer (unless I have to change the question!)

Finally, I’d love to see you switch to WordPress for this blog–or some package that will tell commenters which markup they can use and make required fields obvious in the comment window.

Philip, I am a little surprised that Manila does not have this as a solution… it should be relatively trivial to program ; but if it isn’t, maybe you could cough up the $15 a month it takes to get a real host? You could use frames to hide the fact that you were no longer using Manila, and keep your current URL.

Philip, I’m the lead dev of WordPress, so you know what my answer will be, but if you’re interested in trying it out I’d be happy to set up an account for you to get a feel for the program.

I modified drupal to also ask a trivial question. It’s highly effective against comment spam. I submitted a patch to them that generalizes it. As long as each blogger thinks up their own question so there is no pattern, and is ready to change the question from time to time, this should work for some time to come.

Spammers could try to build databases of the questions and get in as much spam as possible before the question changes, but I think that’s not super effective and it’s a long way off. You should never do more against spam than you have to (ie. captchas are overkill), since every anti-spam trick has collateral damage.

Of course on very popular blogs it’s worth manual spamming. Only moderation can stop that, and one hopes not much of this is needed. The use of rel=nofollow should convince spammers that spamming for search engine rank is fruitless before too long.

I just added a CAPTCHA test to my blog for anonymous posters, so we’ll see how effective it is. I suppose there are already programs floating around the net that can decode the image. Also, relying totally on somebody to transcribe from an image denies those with vision disability to use. However, the system I have in effect now doesn’t require a “logged in” user to pass the test…

Adding special buttons or additional text can be easily spoofed by an automated script bot. And tracking by IP is a mistake too, as it seems these spam bots infest and infect machines all over the internets.