% Comment Systems
% Michael Stone
% April 10, 2011

## Comment Systems

These days, I mostly write to work out the consequences and limitations of my
ideas and to stimulate conversation on topics of interest to me. As a result, I
am deeply interested technologies like email, wikis, collaborative editors, and
web sites that can be used to facilitate written conversation. Unfortunately, I
have not yet found a comment facility that meets my aesthetic standards for
software design. Here are some reflections on what I'm looking for...

## The Problem

Comment systems need to provide affordances for leaving comments, for
moderating comments, and for reading comments while simultaneously protecting
moderators and readers from dangerous inputs, from spam, and, when possible,
from threats to availability and integrity.

## The Approaches

### Email

Since I already have semi-adequate tools for handling email, it would be nice
to be able to reduce the "comment system" problem to the previously solved
problem of carrying on conversations in that medium. In particular, I had hoped
I would be able to make use of the [mailto URI scheme][mailto] (along with
other pre-existing mailing list software) to make it easy for would-be
commenters to engage with me by including in each page a mailto link with body
set to the plain-text source of the page.  Unfortunately, the maximum length
for mailto URIs is far too short -- less than 2K.

[mailto]: http://tools.ietf.org/html/rfc2368

### Web-server Logs

Since my web-server already logs requests, it would likely be straightforward
to arrange to for comments written in a comment-form to be transmitted to me as
query-string arguments appended to an easy-to-grep-for URL. This approach has
the appealing advantage of letting me fall back on my web server's log-rotation
facilities. Unfortunately, it would also require web-server specific processing
code and it would probably wind up mixing my comment stream with a bunch of
unrelated data.

### Third-Party Hosted Services

There are several contemporary hosted services (operated by by third parties
like Disqus) which I might be able to incorporate into my site, if I were
willing to agree to their Terms of Service and if I were willing to expose my
visitors to whatever content my "partner's" servers decided to supply. However,
since I have no personal relationships with any of the operators of these
services, I have trouble convincing myself that I'll be happy with this option
in the long term.

### Existing Comment Systems

Similarly, if I were willing to put up with the quirks, run-time requirements,
and security records ([wordpress CVEs]) of existing comment systems, then I'd
be all set. (Sigh.)

[wordpress CVEs]: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wordpress

## tbd.

Add approaches based on `seccomp`, `selinux`, fresh partitions (or
loopback-mounted files), and dependent types.