Comments on weblogs
As the question of comments on weblogs has come up I thought I’d post an explanation of why this weblog doesn’t have comments.
John Gruber, author of Daring Fireball, had some interesting things to say on the topic in the "Daring Fireball Live" podcast that was produced in Macworld San Francisco earlier this year. I’ve transcribed the relevant snippet from about the 55 minute mark, with some minor edits for clarity (seeing as this was a live, unscripted podcast and not polished writing):
Gruber: One of the complaints I used to get all the time back in 2002, 2003 is, "You don’t have comments on your website. You know your site is not really a blog because it doesn’t have comments", and I would just email them back and say, "OK, it’s not a blog".
The accusation whenever I write something that calls somebody a jackass or is rather harsh to somebody I occasionally get accusations that I’m a coward, that I’m afraid of having comments. Well it’s not like me not having comments keeps you from calling me a jackass. I mean, you know, there’s the whole internet out there. It’s not about being afraid of criticism.
The basic idea is that I wanted to write a site where, somebody who it was meant for, the reader I write it for is a second version of me who never quite off the "you know I should do a weblog", which is what I’d been doing up until 2002 for quite a long time, thinking, "I should write a weblog I really should".
And so I have this version of me and I’m writing for him. He’s interested in the exact same things I’m interested in, he reads the other same websites I read, and my thought is I’m writing for him and I want him to like this website so much that he reads it from the top to the bottom, and he reads everything I write. He reads every word of it, and he goes through the menu, and every single word, I mean literally: the copyright statement, what software I use to use this, he’s read it all. And it’s easy to see it all, it’s easy to know how much of it there is.
And if I turned comments on that goes away. It’s not that I don’t like sites with comments, but when you read a site with comments, it automatically puts you the reader in a defensive mode where you’re saying, "What’s good in this comment thread? What can I skim?" and you’re automatically in skimming mode.
And it’s totally egotistical, I mean, I want Daring Fireball to be a site that you can’t skim if you’re in the target audience for it; that it’s a site where you say, "Oh, a new article from john, I gotta read it", your deadlines go whizzing by because you need to read what I wrote.
I mean that’s what I want and if I turned comments on I feel like it’s sort of like two different directions. You get to the end of my article and then all of a sudden you’re like, "Let’s see if anybody interesting, if I see any names I know".
So that’s really it. Sometimes a design decision is what you don’t put in as opposed to what you put in, and that’s more or less why there’s no comments.
I partly share John’s reasoning on this one. I’m not really writing this weblog for anybody but others exactly like me, people who are interested in what I’m interested in, think like I think, and would like to know things which I know. Often I write stuff not because I feel I have to say it, but because I’d like it if someone said it to me.
But another reason I have which John doesn’t mention is that I’m simply not interested in having the kind of "conversation" that you have with anonymous strangers on the Internet in weblog comments. The "conversations" I like to have on the Internet are either with people that I personally know (via chat or email, for example), or with people who share a specific interest in a very specific technical topic (as is the case on mailing lists).
And as John says, it’s not fear of people disagreeing with me. It’s not that I wish to avoid criticism; it’s that I think that the act of arguing is almost always a poor use of time (see this image; beware: it’s politically incorrect): I say "A", you say "B", and in 99% of cases at the end of all this I continue believing "A" and you continue to believe "B". I figure that if people feel strongly enough about what I’ve written that they feel compelled to contact me then my email address is plastered all over this website. In this way the feedback that does reach me tends to be the kind that I am more likely to be interested in. And as John says, if you want your comments to be public then there’s the whole Internet out there.
A particularly good example of this is the storm-in-a-teacup caused by my WordPress article. I criticize WordPress, the author provides a reasoned response, and then dozens of pseudo-anonymous observers decide to jump in on the discussion. I am just not interested in sinking down into the endless black well that this kind of discussion represents, and I am even less interested in actually hosting such arguments on my own weblog.
If I wanted an example of why I’m don’t have comments on my weblog then I couldn’t hope for a better example than this case in point, being as it is a very pro-WordPress site, and I had just criticized WordPress.
Insults
- "he crazy"
- "that Vincent guy is a bit of a moron"
- "He sounds like an idiot with an axe to grind"
- "stupid post"
- "inflamatory nonsense"
- "What a loser. Sounds like he’s got an axe to grind"
- "immature bashing"
Religious/emotional reactions
Although many comments stopped short of insulting me, there where lots which responded in emotional terms rather than with fact-based arguments:
- "Pure blasphemy if you ask me"
- "nevertheless I love wordpress"
- "I loved Wordpress before this blog post and now I also have the upmost respect and admiration for the developers behind it"
- "HAHA… check and mate. I LOVE WORDPRESS! RAH RAH RAH!"
- "I still love WordPress."
- "loyal wordpress user"
- "I love the WP Community"
- "I love WP"
I think that concepts such as "loyalty" are misplaced when it comes to choosing software upon which you depend. You should be deciding on technical merits, not warm and fuzzy feelings. Generally, arguments which contain the word "love" will be more convincing if you replace the emotional reference with a factual description of a characteristic of the software.
Misunderstandings
I have to take the blame for many of the misunderstandings evinced in many of the comments. I think that if people misread my argument in a subtle way then it’s an indication that I could have expressed myself more clearly:
- "I can see why it was necessary for him to link to his own KB, instead of just linking directly to wordpress.org"
I often link to articles in the Knowledge Base rather than linking directly to an external site because it allows me to provide annotated links rather than plain ones, although in the case of the WordPress there is nothing much to see (other than the category link which itself reveals quite a few WordPress-related articles).
- "Did the WP team steal his first born or something?"
Lots of people got the impression that I was angry, "harsh" or "whining" and I didn’t mean to convey either of those emotions. That’s one of the problems of cold, dry text on the Internet without any accompanying extra-verbal clues such as tone of voice. I guess I should have been a little more careful with my tone.
Another thing that people may not realize is that I was a WP user for quite some time (from back around the 1.5 days up to but not including 2.1.3) and I did enjoy using it; it was just that the security thing started to exasperate me to the point where I decide to let it go. I actually switched to WP initially, like many others, because of the commercialization of MT. But when I set up the weblog for wincent.dev I decided to use MT because it seemed technically superior for mission-critical applications whereas WP still seemed the best for personal or hobbyist use (and I continued to use it on personal projects).
- "He’s also ignored the way you guys handle crises like security issues. You’re generally open, honest and totally trustworthy."
This misses the entire point of my post, which is all about the handling of security issues. I’ve now explained this multiple times (here, here and here).
- "I have tried MT and blogger before, but I simply find Wordpress easier to control and maintain."
Yes, no arguments there. The WP upgrade process is much easier, especially when using Subversion (info). The MT upgrade process is considerably more painful (example). But MT’s technical advantages (the ability to produce a totally static weblog) in my specific usage context make it the choice for me, despite its other problems.
Totally mistaken
Related to the category of "misunderstandings" is the category of "totally mistaken". These are comments by people who didn’t misread my argument but instead inferred something completely unrelated, mistaken and in no way connected with the content of my post.
- "Uh-oh, I smell a publicity whore…"
- "there’s always going to be a few people that take an unpopular position to get a little attention"
- "he obviously thinks far higher of his reputation and himself than he ought"
- "People like that will take potshots at WP, and you all out of some desperate hope to gain some traction."
- "Who wants to bet Wincent still uses IE6?"
Well, I’m a Mac OS X user, so no, I’m not "still using IE6", although my personal browser selection has little to do with the unrelated topic of web application security.
Many of these comments speculate about me trying to get attention through my post but that certainly wasn’t my goal. I had no idea that Michael Tsai would pick up my article, and that from there it would reach Daring Fireball, and from there elicit a response from Matt. This was just me posting my opinions to my humble little weblog with its small readership. If I was still a WordPress user I would’ve had different goals and would’ve chosen different channels in an effort to get the WP team to tighten up their processes; but I am not a WP user and I merely wanted to spend five minutes penning a quick expression of my disappointment ("look, I decided to drop WordPress a while back and looks like things are continuing as they were before").
- "It’s unfortunate that their ill researched and poorly written post has had the attention it has"
I don’t know if an opinion can be "ill researched". All of the information about WordPress security track record is out in the open and I provide links to it where appropriate. I draw my own conclusions from that track record. I don’t think this qualifies as "ill research". And "poorly written"? I think the only reason my post got the attention it did, given that I am a total "nobody" in the WP-o-sphere, is that it was evidently well-written. You may not agree with my opinions, but the argument is reasonably well expressed.
About comments being disabled
- "The fact that they hide behind an excuse like disabling comments 'for security' underscores the fact that they are not only cowards"
- "what’s the point of a blogging system that’s only secure if you disable comments?"
- "who’d need stupid things like comments on a blog?"
- "And blog with disabled comments?"
- "It’s also interesting to note that a similar WP-hating blogger linked from Wincent’s (http://fukamachi.org/wp/2007/06/21/yet-another-wordpress-exploit/) has seen fit to disable comments on that particular point after a couple of comments dismantling his post. I can understand disliking WP, but squashing any opposing opinions? Very mature."
It’s worth clarifying here that comments were not specifically disabled for my post; comments have never been enabled on my weblog. Likewise, comments were not disabled "in order to make MT more secure"; rather, I chose to not enable comments for the reasons already mentioned at the start of this post and the added security is just a secondary benefit.
On the logo
One more thing and then I’ll shut up. Is it me or does Wincent’s logo look an awful lot like WordPress’s?
One more thing and then I’ll shut up. Is it me or does Wincent’s logo look an awful lot like WordPress’s?
Ironic but not surprising given the number of organizations out there whose names start with "W" and who have chosen logos which are variants on the "W inside a circle" theme. Out of curiosity I thought I’d look and see which logo predates the other.
The earliest appearance of the WordPress logo that I could find in the archives was back on 27 December 2005.
Looking back in the archives for the Wincent logo the earliest appearance I could find was back on 27 September 2003.
Rational responses
Unfortunately there were far too few of these. Matt’s own response was one of them. Here’s another example from the visitor comments:
- "Frankly I see both sides of this story. I thought that Wincent’s points were actually quite valid, though his conclusion seemed harsh. And as a new user of Wordpress, I found them of concern. Your response also had merit."
On table based layout
- "His table-layout blog isn’t too notable" (Matt)
- "was the jab about his table-based design really necessary?"
- "I loved the barely concealed 'table-layout blog' at the start of your post."
- "I can’t take anything seriously from someone who still uses tables as their primary layout method."
When people try to undermine my credibility because of my old-school layout, I think they only make their own argument look weaker. Why spend time looking at my HTML source trying to find extraneous details which can be used to disparage me? Why not just address my textual arguments, seeing as they’re the only thing that matters?
If people knew me better then they wouldn’t hold it against me for using a table-based layout in 2007. I’m not somebody who chose tables out of ignorance, rather I am an informed, technical user who made the decision (back in 2004 when the site was designed) for a number of reasons: namely, I wanted an extremely clean and simple design, I wanted maximum compatibility with legacy browsers, due to time constraints and a lack of artistic ability I didn’t start with a clean state but instead modified one of the default templates, and I had no plans or need to pursue maximal separation of layout/presentation from content at that point.
Things change, newer browsers gain market share, CSS support improves, and of course the sites that I have worked on since then haven’t used tables for layout. But "if it ain’t broke, don’t fix it"; the table based layout is not going to go away until some point in the future in which the site is totally redesigned. In the meantime, it has no relevance whatsoever to the validity of the content I post there.
Parting words
- "With MT4 poised for release, you can prolly expect more of this kind of mudslinging."
This again quite misses the point: I’m no MT fanboy, rather I am someone who has used both MT and WP and is disappointed with the approach to security taken by the WP team. I recommend MT for those for whom security is important, and I specifically abstain from recommending WP to non-technical users who are unlikely to have the expertise to upgrade or realize the importance of doing so.
I personally am looking forward to the day when I am neither an MT nor a WP user. I am tired of running so many third party applications (forums, bug trackers, mailing lists, weblogs, wikis etc) and having to be constantly updating them, not to get features (that would be optional) but to patch security holes (not optional). For some time now I have been dedicating some of my spare time to learning Rails so that I can eventually replace all of the third-party stuff I use with a single in-house solution; not a Swiss Army Knife of web applications that does everything all the other apps do, but an extremely simple, tailored solution that does exactly what I need and nothing more. Then my third-party security concerns will be focussed on a single point of possible failure (Rails itself), and of course, my own code.