Slashdot videos: Now with more Slashdot!
He's got a point that many implementations make it hard to navigate the tree,
I don't even grant him that point. Hard compared to what? A flat list of posts that one should try to reconstruct the (naturally tree-shaped) discussion structure from? That's like saying we should be using square wheels because some round wheels make it hard to steer the car.
Is it because the developers are too lazy to add a minimal amount of recursion in their engine or . . . what?!
In this particular case it is because Jeff Atwood hates threading. I think it's a huge mistake and he never manages to argue this choice in a compelling way, but I guess it's an emotional thing after all.
Monitoring their blacklist for your IPs is not "hard"
Neither is distinguishing between "having open relays", "sending perfectly legitimte e-mail to addresses that have a new (domain) owner" and "sending spam", but they don't do it - you will always be slandered (called "spammer") and your business will be disrupted by their blacklisting, even if no spam e-mail was ever sent by your hosts. Last time I checked, they will even blacklist you for having a vacation responder at the address they send their probes to and on one occurrence they kept blacklisting us with the following reason (i.e. their probes that prolonged the blacklisting were these lines):
postfix/smtp[....]: XXXX: to=, relay=XXXX:25, delay=[...] status=bounced (host XXX said: 571 Your IP is BLACKLISTED at UCEPROTECT-LEVEL 1 - See: http://www.uceprotect.net/rblcheck.php?ipr=XXX (in reply to RCPT TO command))
So basically they extended the blacklisting because we were blacklisted, at least that was the reason in the logs (which we were supposed to use to find a problem on our side).
In fact the problem was that we had a registered user many years ago with a domain that had changed owner in the mean time and was used as a spam honeypot now - how do we "debug" that, let alone prevent it? And why do we need to "punished" with a blacklisting when we obviously did nothing wrong (or should we demand of our users to tell us when their e-mail provider sells a domain or goes belly-up?).
What is usually ignored by people in this thread is the simple fact that no spam e-mail is required to get you blacklisted, they don't seem to classify e-mail at all, that needs to be understood.
* you do not have to have spam originating from your system, it can be perfectly normal e-mail to an address used by someone you knew in the past, that is now used by someone else as a spam honeypot.
UCEprotect sucks. It's no wonder the people behind it are hiding their identities.
If you don't want to be blacklisted, then stop sending spam. Simple.
You're an ignorant fool. Unfortunately, too many sysadmins are just as ignorant, so they trust these badly-run, possibly with malicious intent, services. We've never sent 1 spam e-mail in 12 years doing business online and have been blacklisted several times by UCEprotect due to them recycling old domains (which were used by users to register on our site) for use as spam honeypots. They wasted countless hours of our time for nothing.
A commercial (or open source) forum suite has had way more eyes looking at it than your home-brewed solution.
That's both good (theoretically better code) and bad (large-scale attacks when some exploit is out in the wild). In practice, a decent programmer can write a safe, simple forum for themselves easily, while they will get hit regularly by exploits in phpBB etc. if they just trust such solutions instead.
They could start by actually deleting deleted content
They could, but why should they put themselves at a disadvantage over Google, every other corporation that buys such data and the NSA, who all most certainly do not delete stuff in the way you'd like them to?