It's always nice when a respected memeber of the blogging community hits the sauce, particularly when i have no idea if he's actually for something or just being horribly sarcastic.
At issue is a centralized comment authentification system for (a future version of) Moveable Type. Considering that i don't use Moveable Type, i'm having a really hard time trying to come up with a valid reason to use it, but that's probably just me.
My guess is that the system will work by 302'ing content through Typepad so that the user's ID can be verified and a proper registration cookie can be passed along back to the MT system. Nice, but… it does mean yet another login for me to remember. i could do something vaguely similar now by simply requiring folks to register before they comment, set up a probation period where i approve any new comment before it gets posted, and set the expiry cookie ID to be something horrific (like 40 years or so), but that 's way the heck too much work.
i'm a realist. i have maybe five or six readers, several thousand very confused folks who stumble here looking for ASCIi Sex, and quite possibly the internet's first negative pagerank. My comments have been spammed three times, and appropriate action was taken, mostly because i don't get that many comments to begin with.
It also strikes me that something like this could be easily circumvented. You could either spoof the origin IP and do a modified dictionary attack on the blog entry point. Heck, add it to a spam zombie attack and you can do it both remotely and in a distributed manner. Or you can simply sign up thousands of bogus verified entries and just spam away. Or you could wait for the APi to come out, crack it and realize that folks simply aren't going to update as often as they should. Or you could come up with a method that (hopefully) Six Apart hasn't already thought of and built in appropriate security measures to prevent.
Ultimately, it's an arms race. i just think that the best option is to make comment spamming less appealing for folks to abuse.
Well, that and to see what Mr. Pilgrim's been ordering.
And see if it comes in a double.
