Recovered from the Wayback Machine.
Sometimes I think we technical folk are too clever for our own good. The more gimcracks we put into out tools, the more gimcracky things crawl through. We tweak just to tweak, and add far more moving parts to applications than are needed, or even desired.
In addition to making things more complicated than they need to be, we also forget that there are non-technical folks out there who don’t like to have things “done” to them. However, they’re forced into a role of passivity because we bring our shovels in and proceed to bury them with words until they retreat back into their proper role. We are the doers, they are the donees.
I started the For Poets sites specifically to bridge the gap between the technologist and non-technologist, though I lost my mad energy burst earlier and haven’t finished all the planned essays. This week without fail, unless I fail in which case not this week, Semiotics of I (with fresh inspiration from Spirited Away), and The Ten Command(ment)s of Unix. A new one, too, called Walking in Simon’s Footsteps: or What’s a nice XML boy like you doing in an RDF joint like this?.
(If the weather clears though, and the waters recede, all bets are off. I need my walks. And I have a trip to take to Texas.)
The thing is, a passive role for non-techies isn’t always the fault of the Alpha Geeks; non-techies need to make a choice about how passive they’re going to be. When a techie says do this or that, the non-techie should ask why, and keep asking why until they understand it. No one is incapable of understanding the basics of online technology, if they’re interested enough, and persistent enough. Besides, aren’t all you non-techs getting tired of being donees?
If you’re a weblogger, know the technology surrounding you, and control it, don’t let it control you.
Case in point was our little vig-rx friend. It’s easy to find weblogs to spam when they’re so accessible using simple services, at Google and half a dozen other places. Google and public RSS aggregators provide links to specific URLs, and even comments, which just makes the spammers job so much easier.
I talked about a quick and dirty fix for vig-rx. It uses a hidden field embedded in the comments form in my pages, existence of which is then verified when a posted comment is received by the Movable Type code. This will prevent anyone from using global comment posting based on a standard posting format for MT comments. This would, for instance, prevent the comment spam that occurred with my Faux photoblog this morning.
For MT users, and other weblog tools that use an individual entry identifier for a page name, one thing that could slow comment spamming is changing the file names of the individual entries to using keywords or entry titles – in other words, removing that tasty little entry identifier from the page name. Without including the entry identifier in the name of the page, it can’t be discovered in the page URL and used to post spam to your comments.
However, this only goes so far, because any spammer with the intelligence above an amoeba can grab the HTML for your entry, find the comment form in it and dig out the entry identifier within the form. Come to think of it, any spammer can also dig out my little hidden field hack and build a comment post containing my comment form fields (and all default values). Piece of cake, I can do it, most web developers can do it. And there’s nothing illegal about this. Nothing at all. After all, we open the door, we invite people in. That’s the problem with all this stuff – it’s not brain science to do the technology. All you need is an open door to the data, and we practically beg people to take our data. Please take our data, the hits feel so good.
Yesteryear when the hordes were at the gate we pulled up the drawbridge and manned the battlements with boiling oil ready to pour. Now, the drawbridge is down and we’re using the oil to fry donuts to go with the coffee we’re giving to the barbarians we invite in.
Back to my friend vig-rx: To work around the comment spamming hacks, some folks force a time period between a specific IP address first accessing a page, and a comment being posted. The thought behind this one is that automated tools would post a comment within seconds or microseconds of accessing the page, or not access the page at all; however people have to have time to read the contents.
Well, think again about this being a good idea. I timed the page access and the time the comment post was made last night with our friend vig-rx (really, I like this guy – he’s potentially clever). The first time there was a 2 minute delay, the second close to three minutes. Of course, this could mean ‘vig-rx’ is a person using a persona, reading the content and then posting their little hypertext link bit bucket as a sort of thank you.
Yeah, and pigs fly.
Don’t want to pick on weblog comments, only. RSS (and most likely Pie/Echo/Atom) is another open door. We’ve found that when we provide full content, our weblog entries are being posted elsewhere online, rather than being used as links to our pages. Then we find that links are being made directly to our photos – a process called hotlinking, which I discussed in a previous essay.
To prevent full content republication, we provide excerpts, which means that people who want to read the content offline, can’t; and to prevent hotlinking, we build in checks in our htaccess files to make sure images are accessed only from our own domains – also preventing photo access to our friends who are hosted at sites that don’t allow photo uploads.
Now there’s a new one, and, just like RSS, it’s coming from the ‘good guys’. By request, Brent Simmons is implementing HTML differences in NetNewsWire, a popular Mac-based RSS aggregator. With this, every edit you make to your writing will be persisted and color coded. In fact, it works just like Mark Pilgrim’s Winer Watch, which was the inspiration for this idea. I imagine that other aggregators will also add this feature. I can see their busy little fingers at the keyboards now.
The only way you can control this is to not provide content or excerpts, a solution I just implemented in my RSS files. My feeds are still perfectly valid, as neither content nor excerpts are required. Sorry for those of you who miss the excerpts in your aggregators. However, I really don’t like the concept of ‘marked edits’.
Since the techs are taking away my control, I guess I’ll have to remove the data.
Now there’s discussion about using RSS for email. What we need is to find hobbies for all the techs out there so they stop tweaking with the technology, making simple things break, and using things the way they weren’t originally designed. Perhaps petit point, or maybe badminton. Meg wrote about this when she was mucking around with OPML this weekend:
Maybe if the format you’re using requires you to change it to represent your data, you’re not using the right format in the first place.
Which makes me realize that I think some of the problems we’ve had in the weblog community around formats like RSS and OPML might stem from the fact that we use them in manners for which they weren’t designed. But that seems like a topic for another day’s rant.
Meg got it one – if you have to change the format to capture your data, perhaps you’re using the wrong format. Database people and business application developers have known this forever – it’s called business domain scope. Now, what will it take for the Alpha Geeks in this neighborhood to get it? A shot of female hormones? Or our private email encoded in RSS, pulled into an aggregator, marked for edits, attached to class penis enlargement spam, signed with the name vig-rux posted in a comment of weblogs found from scarfing your FOAF file?
Come on, non-techs and techs both. Say, “Enough already”. Let’s spend a little time closing the barn doors before we buy more horses, shall we?
You know, I’m writing a lot about metablogging lately. Hmm. Enough already.
(BTW, I edited this posting six times after the original writing – can you imagine how colorful it would be in a Burningbird Watch?)
( Update/No/Update Make that eight edits! I’m getting more colorful by the moment. A veritable rainbow. They’ll have to invent colors just for watching me edit. In addition to pink for deletion, green for addition, there will be a Burningbird orange for “hacked to pieces”.)