More On TypeKey

Submitted by Morbus Iff on Fri, 2004-04-09 00:15

A thread I started on mt-dev eventually devolved into a discussion on TypeKey, with respected developer Timothy Appnel asking for solutions from the whiners:

Fair enough. You wouldn't be the only person to have the concerns you raise in your weblog posts, but let me ask this while we are on the topic: what is the better solution for both weblog publishers AND readers?

My replies, disjointed and sleepy:

Honestly, like others, I haven't really sat down and thought about the answer, but I know that the proposed TypeKey system isn't the answer I was looking for. Have there *really* been that many complaints about per-blog-registration systems? I mean, people sign up for Mailman lists all the time where there's "yet another password". People sign up for various types of forum software where there's "yet another password". No one, in the vast history of forum or mailing list software, has been inspired enough to "solve" these complaints, so I can't imagine that the complaints about "yet another password" were that loud. Per-blog-registration-systems would have simply followed the status quo, and that's a-ok in my book.

And then, an afterthought:

Continuing on in that vein, I can't imagine that a centralized system is the right way to attack this problem: it just means a single point of failure in the whole system. Regardless of whether TypeKey fails or allows all comments when it's "down" (an inevitability which you will never dissuade me from), it still means: TypeKey is down. Blogger is slow. Blogger is down. Wow, the exact reason Movable Type got popular in the first place: Blogger pissed everyone off.

Blogger was slow because it was popular. TypeKey is gonna be borked the minute spammers think it is effective, and spammers have a lot more resources than bloggers (another maxim that'd be tough to dissuade me from, since there's a good chance a typical cable-using Win user is probably trojan'd with an SMTP server already).

This is why Vipul's Razor is stronger than plain old Bayesian, why distributed DNSBL's are (or would be --EDITED FOR BLOG) stronger than a singly hosted one, blah blah blah: it's multiple machines, multiple efforts, against the same thing spammers are throwing at us: multiple machines, multiple methods of attack (ever heard the mod_proxy trick? that's a good one).