Welcome to the new Creativity Hacker. If you remember the old site, things will look very different this time around, but there’s method beneath the madness. Follow me down below the fold to find out how I’m organizing things this time around. And more importantly, why.
Having had my web site hacked a couple of years ago, I abruptly lost all enthusiasm for running one, so after I locked it down, I took a few years to think about what to do. In that time, I’ve realized that for 98% of what I truly want my website to be, there is zero reason to give anybody access to changing the site from within the site itself. Even I don’t have such powers. And by not letting anybody change anything, the site can be remarkably secure against hackers. Not 100%, but much, much closer than any system that includes interactive editing features as part of the design.
But that missing 2%? Man, that’s an important chunk. It’s the whole human conversation part - the comment system. I’m not willing to give that up, but it does seem like a paradox, doesn’t it? How do you let people add comments to a site without letting them change anything?
How The Magic Is Done
For non-programmers this might seem like a magic trick, but basically, the answer is to use a 3rd party service. It looks like you’re editing a comment here on CH, but behind the scenes, your comment is being stored on my service partner’s computers, in their database. I then pull the comments from there and show them here. (The partner is GraphComment and you can check their privacy policies here.)
Why do it this way? Well, two reasons. First, because it means I don’t have to add user accounts and editing tools to CH myself. And that means, I don’t have to spend any time thinking about how to guard those tools from hackers. You’d be shocked to know how much time that adds up to in a year. Time that I would much rather put into doing these projects and talking to you guys about them.
Now this solution doesn’t mean that hackers are no longer trying to break in, of course, so the second reason for going with a 3rd party is that I’m paying those guys to fight the war for me. And since it’s their actual, full time job to do so, they’re much better at it than I have ever had the patience to be.
The downside is that instead of asking you to create an account here on CH, I’m asking you to create one with my service partner instead, and this is not a step I take lightly. But as I outlined above, I think your credentials are actually safer being managed by those full-time professionals than they would be guarded by an amateur (me) who hates everything to do with fighting that war in the first place.
I’ve put a lot of thought into how to choose that partner, and decided to go with one that lets you decide who to ultimately trust. When you register, you can either use your email address directly, which means you’re trusting my partner service to keep the hackers away from your personal credentials; or you can sign in with your existing Google or Facebook accounts, which means you’re trusting the G/FB folks to protect it. I don’t know where you come down on which of those groups to trust, but at least it’s you making the decision. (And let’s be real: the worst choice would be trusting me, which is why I’ve taken that option off the table.)
Finally, remember that whenever I comment on the site, I’m using them too. I wouldn’t ask you to trust them if I wasn’t willing to do so myself. And after being signed up for several months now, I still haven’t received any spam from them or noticed any security problems, so I take that as a very good sign.
Anyway, I hope this gives you enough to understand the tradeoffs and make an informed choice for yourself.
See ya in the comments?
