tl;dr: if you do a blog post and you enable comments (great), please disable comments when you're done paying attention to your post.

Hi folks,

If you do blog posts, please help us figure out a better plan going forward.

My hobby this past weekend was cleaning up spam comments from the blog. The spam is now gone, and there remain approximately 740 (!) non-spam comments that are in the 'unpublished' state, across dozens of blog posts.

In the medium to long term, our infrastructure for handling spam comments will get better, since Mike's friends are working on migrating the blog to a newer Drupal and hosting it in a place that will get updates more consistently.

In the mean time though: (and probably these plans will serve us well post-migration too)

A) I think our #1 problem is when people do a blog post, allow comments, maybe process and respond to comments for a while, but then forget about the post and let the spam comments pile up. The spam comments then make it harder for other people to find real comments, and things spiral out of control.

A2) So if you're doing a blog post, and you want to interact with users, please do enable comments! Just be sure to deal with comments as they show up, and switch the post back to 'read only' when you're no longer planning to deal with them.

A3) I don't want to force all people who write blog posts to be the ones who will handle the comments. What a great role for our teams! Maybe each team should self-organize to have a plan for responding to comments on their posts? The small teams can ask the larger ones for help; it will work best if people (1) communicate and (2) give advance warning for posts that will need extra attention.

B) During this spam purge I turned off new comments on posts from:

ailanthus alison arma art asn boklm gk isabela isis karsten mikeperry nickm phoul sukhbir weasel

Most of those posts still have unapproved comments though. If you want, you could go back to your posts and approve some old comments, to help put a dent in that 740 figure.

C) Who is still handling blog comments? I think it's down to just Georg, with Mikeperry temporarily on it because he just did a post? Once upon a time it was just me, and then Yawning took a shift for some months, and then for a while we had a "if you do a blog post, you need to either disable comments, or handle the comments for your blog post" policy -- and then I fear it's falling back to just Georg.

D) To be clear, I'm not saying we should approve all of the non spam posts. Some of them are crazy distracting multi page rants, for example, and if our goal is to have a focused discussion of the topic of that blog post, it makes no sense to approve everything that isn't selling shoes.

I think Georg and I feel strongly that it's valuable to have a way of interacting with our users that doesn't require them to sign up for the full modern cloud identity infrastructure in order to participate.

In summary: If you want to help, please do!

--Roger