Trackbacks Are Dead


Jeff Atwood has a recent post on why he finally gave up and disabled Trackbacks on his blog. My blog is the tiniest fraction of his and I had to disable trackbacks just for sheer spam volume back in October (inspiring an anti-spam rant of my own).

Jeff lays the blame for Trackbacks' demise on Six Apart--the outfit that created the standard in 2002. Ah, those heady glory days when you still had to explain to people what a blog was. Trackbacks were a great idea. They still are a great idea. But Jeff is right, the simplicity of the standard has left it wide open to abuse and that abuse has killed them dead.

So my question is (to Jeff or anyone else), how would you alter the design to make the standard more robust?

My initial take on it was to alter the standard to incorporate a public key exchange and a signature. But then I realized that, hey, spammers can create asymmetric keys as well as anyone else can. In other words, the problem isn't being able to authenticate the link--it's being able to evaluate the linked post.

Jeff's current stop-gap of finding links to his posts through Technorati seems like a reasonable short-term solution. Introducing a third party is problematic, though, because it leads to inevitable issues in finding a trustworthy third party that will carry the authentication burden for you (as well as traffic and processing costs as people ping them for link verification). Indeed, Akismet (a popular stab at trackback filtering) has those same third-party screening issues and isn't substantively different from Jeff's use of Technorati.

I suspect that the problem might not even be in bad design by Six Apart, however. The thing that makes Trackbacks so popular and led them to be so widely adopted is that it allows the creation of inter-post linkages from unaffiliated sources with very little effort. I'm afraid that any solution to the trackback problem is going to necessarily involve increasing the effort of unaffiliated linking to a point where it becomes much less attractive.

A Stab in the Dark

That said, here's two thoughts about potentially rewarding avenues for solving the problem picked up from spam solutions in other realms.

First from email spam, and recognizing that I'm pretty thoroughly ignorant of the underlying mechanisms involved in Bayesian content analysis, I wonder if there might be some useful application for content analysis here. Spammers are increasingly sophisticated in overcoming content analysis, though. Trackbacks may be easier to analyze, though, because they have an easily available comparison text (the originating post). It may be easier to compare your post with that of the linker and come up with a tougher analysis than you can in, say, a lone email. I don't know about that.

Second, the key to the success of spamming is that they have such a very low cost per "signal" (email, comment, trackback, what have you). Their only incremental cost is bandwidth to find blog posts and to send trackback signals. Raising those costs can have a significant effect on spam. This is essentially the key to Captcha's success in curbing comment spam. If a trackback request prompted a user-interactive Captcha-like query, that alone may well be enough to stem the vast majority of trackback spam. Perhaps a design amendment that included a short interaction on a trackback ping would be successful in cutting spam back to manageable levels.

In looking at those two ideas, it occurs to me that the main problem with a Bayesian solution is that it places the burden (both in implementing the Bayesian algorithms and in processing the incoming links) squarely on the target of the spam. This can lead to an unwanted side-effect by leaving your blog much more open to another Internet dirty trick--denial of service attacks. Frankly, you don't even have to deny service to affect a lot of private bloggers--attacks that increase their bandwidth usage would be as unwelcome to many as a full-on denial might be. After all, it doesn't cost you extra hosting fees when your blog goes down.

So maybe that means I only really have one thought/solution/suggestion. Bayesian analysis would be cool for the AI geeks, but not terribly practical in the constrained environment confronting most bloggers. I wonder what it'd take to create a Captcha mechanism in trackback notification?

21. December 2006 11:59 by Jacob | Comments (2) | Permalink

Blogging Software Update

Well, I still haven't chosen what blog software I want to use in a new home. So many to chose from and none are a perfect fit. The comments left by Scott Hanselman, Phil Haack, and Dave Burke were good ones and point out the connectedness of the blogosphere (is that word accepted enough to forgo the quotes now?)

Since I gave DasBlog such short shrift in my original post, I spent some quality time with it. DasBlog has some really strong points in its favor. For one, it has a very active developer community, though that isn't as apparent as it is with Subtext. DasBlog 1.9 was released today and I'm even mentioned in the release announcement (it's always nice to see your name in print--even virtual print).

I am leaning towards DasBlog now. Two bonuses of using it: no tricky database settings (it uses XML files stored in the web file system), and a really flexible plug-in system (they call them macros, but they're actually compiled .NET assemblies with a standard interface and config-file usage).

Not that I've decided to use it. Or not. I'm not generally this indecisive. I think...


Technorati tags: , , , ,
22. September 2006 18:38 by Jacob | Comments (0) | Permalink

Blogging Software

It's always the little things that chafe, you know? I mean, for the most part I'm happy with Windows Live Spaces, but there are little things that bug me from time to time so I find myself getting antsy. On the plus side, I like the modules and the freedom to place them where I want them. I like the book list (but I'd like it better if I could a) put it in the order I want and b) could rate the books listed there). I like my links.

But I find that I keep wanting things I get with more of a hosting service. I want more control. I'm a tinkerer, what can I say? So I've been looking at blogging software a bit. Since I have an account at Go Daddy, I'd like to find something that I can use there, and I'd like very much for it to be created in ASP.NET. It'd be nice if it was open source as well, if only so I can tweak and explore at my own capricious whim. Also, as long as I'm putting together a wish-list, how about if it could be programmed in ASP.NET 2.0? I mean, master pages and application themes with skinning support is, uh, lacking an appropriate white-guy expression, "da shiz".

The front-runners in the .NET space for blogging software appear to be SubText and DasBlog--both are branches from their progenitor .Text which appears to be defunct. Unfortunately, since .Text was originally ASP.NET 1.1, both SubText and DasBlog are rooted in that technology. They both support custom themes, but they had to hack ASP.NET 1.1 to do so--mostly with custom controls.


I was originally drawn more to DasBlog because I've become a fan of Scott Hanselman--first from his podcasts, Hanselminutes, but later to his blog (which actually uses DasBlog, kudos for eating the dinner you've made). He's one of those over-producers who seems to have his hand in on fifteen million things at a time and is able to simultaneously talk about it all.

However, DasBlog's main website is frequently down, and there doesn't appear to be a lot of action in the form of improvements, releases, news, or updates. Which makes me wonder if it isn't a dying product, suffering from Scott's hyper interests.


SubText is developed by another blogger I like, Phil Haack. Phil also lives in the house he built so you'll hear his experiences with SubText on his blog sometimes. I was intrigued to see him announce that SubText 1.9 has been released recently. SubText 1.9 is a project conversion to ASP.NET 2.0 so I was reasonably excited to see its release.

So excited that I went ahead with an install. It was a painful experience. Not because SubText isn't a pretty good product, but an install on a cheap Go Daddy account is a step or three down from the expected configuration. The main blockage is that while Go Daddy gives you dbo (owner) privileges on your database, you have highly restricted rights on the master database. Unfortunately, the install assumes that you can use a select on a master location to see if a table already exists and that select blew chunks.

One advantage of open source, though, is that someone reasonably competent (or simply lucky as is more likely my case) can dig through the install process and see what needs to happen. Since I could see that the table didn't exist, I ran the script manually. Unfortunately, since the install tracks installation stage in memory instead of checking the database, I ended up having to do the entire install manually instead of just that first step. Ouch.

So it was a hack, but it appears to have succeeded. I'm not entirely happy with the implementation, though, because while SubText is now ASP.NET 2.0, it doesn't actually use the new  master page and theme features. Those may be implemented in future, but since that's a relatively fundamental alteration, it would break a lot of things--particularly a lot of user-created theme files. Creating work for yourself is one thing, but making your users go back and re-do all the custom themes they so generously contributed to your project is going to be a hard sell when there isn't a well established benefit. Indeed, the roadmap implies that if it happens, it's at least two releases away (and frankly, 2.1 looks a little daunting to me and should probably be cut down some if they want to take less than a year with it).


One of Phil's more endearing traits is a kind of perverse generosity that led him to advertise for a competitor (while throwing down the gauntlet of course). Since I'm not entirely happy with SubText, I thought that I'd give SUB (Single-User Blog) a look-see.

Frankly, I like SUB. It's pretty simple and since it's done from scratch in ASP.NET 2.0, it has all the goodies I've been looking for and some I had thought of but didn't figure I could get.

Unfortunately, SUB has two draw-backs that make me hesitate. The first is that it is, as its title clearly states, single-user. One thing I came to like about SubText is that you can support more than one blog from an installation. Indeed, I was able to point both domains I had registered with Go Daddy to the same location, have them run the exact same files, and yet have each site perfectly individualized (it does this by checking the incoming URL address to know which blog settings to use).

The second draw-back has to do with my personal tastes in programming, so I'm going to leave that for another post.

So what?

I've no idea what I'll end up doing with my blog(s). Since one of them is a new one for Cawti, I'll have to make some relatively irrevocable choices really soon here. I'm feeling all Frankensteiny, thought, so I may just mash pieces of lots of different things together so I can terrorize intolerant villagers. Yeah, that sounds fun...


7. September 2006 03:44 by Jacob | Comments (0) | Permalink


<<  September 2017  >>

View posts in large calendar