But it’s not really anyone’s fault but the spammers. Yes, Six Apart could improve the load the scripts place on the servers, (and perhaps they are. Who knows? For a blogging company, their own blogs are very quiet. Sensibly, in my opinion, but that’s another story.) The targeting of MT, however, shows nothing more than its popularity. It’s certainly not a security issue on a par with Internet Explorer: the comment spam is only using a facility to the purpose to which it was built.
Eh? I’m not sure I am willing to concede this point: my own struggles with MovableType are still fresh in my mind.
The blithe statement that “[t]he targeting of MT, however, shows nothing more than its popularity” is disingenuous: why, after two years of this, has so little (anything?) been done about it? Why can’t admins reliably take evasive action?
There are two issues here for site hosting MT, both manifesting themselves in disproportionate system resource usage.
- MT is slow and gets slower as its content database grows. North of a couple thousand entries, things bog down, the rebuilds take ages, comments get repeated as users run out of patience with sites, browsers time out (try Safari and it’s hardcoded 30 second timeout on a big site).
- The system has not been designed or tested so much as built. Some of the simpler (and even recommended solutions) don’t work as documented (read: at all) and it makes me wonder what testing has been done with each new release.
The solutions to these are a. throw more resources at it, or b. tune the system with, say, mod_perl. Option a is not a realistic choice for hobbyists or hosting services who are unprepared for weblogs to become a regular item on the staff meeting agenda. Option b is sensible, on its face, until you realize that (for 2.x) some of the popular extensions/plugins (MT-Blacklist, for example) don’t work in a mod_perl environment. An even easier option — simply renaming the comment and trackback scripts — won’t work either in a mod_perl environment: there are some hardcoded references to those script names somewhere in the bowels of MT’s .pm files that preclude this working either.
I think Ben needs to re-examine this: does he really think MT’s problems are so trivial or at best, an artifact of their success?