Comments | d_blogs: Standalones

dimrub in d_blogs

Standalones

Mar 30, 2008 13:22

While we were all scratching our collective head, the world seems to have moved someplace, and we'd better catch up. More and more of my friends are moving to standalone blogs. While the combination of RSS (or, rather, Atom) and OpenID and OPML (through which one can recreate one's friend list in a matter of seconds on any new RSS aggregator) gives ( Read more... )

Comments 11

ex_ex_zhuzh March 30 2008, 12:38:54 UTC

High availability and failover do require security, and I'm inclined to think commenting does too. Comments in standalone blogs usually don't have digital signatures, but they really should, because a blog owner can fake any comment exchange he wishes. Likewise, a mirror owner can mirror posts that never were. Or something.

dimrub March 30 2008, 12:56:45 UTC

This is all true, however, based on the current state of affairs concerning availability of PKI solutions (e.g. integration of browsers with client side certificates and availability of smart cards bearing those certificates) and concerning the usability of the existing solutions, I don't think strict security is feasible, unless very serious limitations are placed on functionality. OTOH, authenticity of comments, though desirable, is by no means a blocker: while I wouldn't want anyone to make up conversations with me as a participant, I won't mind it that much either.

ex_ex_zhuzh March 30 2008, 13:09:45 UTC

It is possible to authenticate comments on the server side. It could work more or less like OpenID.

Ouch, I think I've just invented something interesting.

dimrub March 30 2008, 13:11:40 UTC

Let me know when you want to make it public :)

Thread 9

vitus_wagner March 30 2008, 14:23:56 UTC

My latest idea about limited availability - use OpenID auth for limited feeds. If RSS aggregator is integrated with your blog server and its OpenID producer, it would have no problem to impersonate you using OpenID.

vitus_wagner March 30 2008, 14:26:41 UTC

About comment notification - LJ is hostile site for LJR user. If site carrying copy of the blog, is cooperative with original site, there is no problem to add client-side script to the page, which would request comment number from original site as text, not picture (which would save about 90% of comment notification traffic).