Comments API

I’m not sure quite what it will really be good for yet, but this Comments API proposal sounds cool anyway. Comments and an API are enough for me: I’ll worry about what it’s good for later.

The one problem I’ve got in terms of doing a dotcomments or Movable Type implementation is the lack of anything to use as a comment author identifier. Apps that don’t require a login to comment (like virtually everything I’ve ever used, except for playing around with Manila), end up getting a variety of names and email addresses for a single comment author. Retrieving all of Shannon’s comments around here would require a good memory and capi.getCommentAuthorIDByRegexp().


2002-07-27 05:28:43

Who, me?

Comment by HaloScan #
2002-07-27 14:22:31

An XML-RPC interface to a commenting script could also make it easy for malicious users to abuse it–ie: writing a program to flood scripts with posts would be that much easier through the use of such a universal interface and API.

Comment by Phil Ringnalda #
2002-07-27 22:29:19

Oh, not really. If you could post a new comment with just the blogID, it would certainly be a comment-spammer’s dream come true, but since you’ve got to have the (generally easily generated) blogID and the (nearly impossible to guess) postID to send newComment, it’s really not that prone to abuse: I could write a script (or even a HTML+JavaScript page) to post every couple of seconds, randomly changing the name/email/text just in case you are trying to avoid double posting by looking at the previous post in the thread (which, by the way, is a really good idea you ought to steal from YACCS) about as easily as doing an API client. I’d have to change the names of the vars in my post to switch from one comment system to another, but that wouldn’t be a really big deal.

I really wish you hadn’t started me thinking about how incredibly easy that would be. Maybe 15 minutes to do it in PHP, a bit longer to do something amusing like taking my names, emails, and text from blogs randomly selected from

Comment by HaloScan #
2002-07-28 00:32:25

Hmmm. This server is being a little fishy…I was just about to post my entry when it gave me DNS errors for around 5 minutes.

But anyway, here’s what I was about to post:

I really do need to implement some protection systems within the script to prevent double posting, posting huge posts, and or making multiple posts within a minute.

The HTML/javascript could work and PHP would definitely work for writing an automated comment poster/flooder and probably the only real way to make sure that one user doesn’t abuse the service would be to limit the number of posts per minute/hour/day by unique IP. Unfortunately, all these things do result in a performance hit to the server and so implementing protection has to be done carefully.

Just FYI–I have in the past created a Visual Basic application that used socket programming to make automated posts to a Forum. This kind of thing is unfortunately too easy to do.

P.S. Pls move the ”Forget me” button somewhere below the Post button. I keep hitting that instead of the post button. :-0

Comment by Phil Ringnalda #
2002-07-28 09:48:10

Although anything you do has some performance implications, you should be able to get away with a whole lot more when a comment is submitted than at any other time, just because it happens so rarely. It would be interesting to know numbers for a more typical blog, but the dotcomments installation that does comments for my Blogger FAQs got 612 requests for the comment count, 82 requests for comment threads, and zero comments submitted yesterday. Probably most people’s numbers aren’t that extreme, but still: optimize the hell out of the comment counts, and you can get away with a lot more anywhere else in your code.

Comment by HaloScan #
2002-07-28 14:16:40

Good point about people actually posting comments being relatively rare. Most of our traffic comes from the comment counting, then the actual loading of pages. I just installed a meatier traffic analyzer program (about 5 mins ago) so I can’t provide you with numbers yet but your number ratios seem pretty similar to my own site’s from what it’s got so far.

Trackback by nf0's Life #
2002-07-27 16:15:55

Comments API

Looks like there is a proposal for a comments API out there. I think this would be cool. There is room for abuse with such a system, but that’s true

Name (required)
E-mail (required - never shown publicly)
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <del datetime="" cite=""> <dd> <dl> <dt> <em> <i> <ins datetime="" cite=""> <kbd> <li> <ol> <p> <pre> <q cite=""> <samp> <strong> <sub> <sup> <ul> in your comment.