Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Ursprung, a complete blog without a back end area (onli.github.io)
8 points by onli on Dec 16, 2015 | hide | past | favorite | 19 comments

With little modification of the base HTML template you'll be able to use all themes from http://websitesfortrello.github.io/classless/. It would be great if you could contribute there too.

I will look into it. I don't oversee yet how much work that would be, but to offer a real design selection and not just a design mechanism is something I wished for, this might be it. Thanks for the link.

Even if you find it is not useful, please leave some comments about what you think of the idea and how it could be improved.

How does that "Bayes filter" helps fighting spam? I'm interested.

That is based on the experience with a plugin I wrote before for another, classical PHP blog engine, serendipity.

It is basically the same method used for email spam filters (though that are not always bayes filters anymore). Users mark comments as spam or ham, and when a new comment arrives you look at the words in it, calculate their spamminness rating using the bayes algorithm, and can then predict whether a comment is spam or not.

In blogs that works great. Ursprung combines that with a honeypot, a field hidden with css in the comment form that if filled out will dismiss the comment.

I have a small helpdesk software[1] that can sometimes get an awfully enourmous amount of spam. It is behind Mailgun, so it should get spam protection from Mailgun, but that doesn't really works, so I wander what could I do to prevent spam myself.

After reading about the Gmail spam protection I thought it was impossible to do anything against spam, because what Gmail does is not really possible to common people.

So I would like to know from you, that is much more experienced than I, what are my possibilities?

Also, isn't there a hosted service, SaaS or something, that offers filters and allow for feedback (users marking messages as spam), like a pay-as-you-go trained Bayes filter?

[1]: https://boardthreads.com

That's right, you can't beat the scale of gmail.

But you can run a filter yourself, and because your personal filter will be more adapted to the specific spam you get, the results can be suprisingly good. https://spamassassin.apache.org/ is one of the old ways of doing that, it should work fine for your scenario.

> Also, isn't there a hosted service, SaaS or something, that offers filters and allow for feedback (users marking messages as spam), like a pay-as-you-go trained Bayes filter?

Yes, tailored for blog-comments even. It is called akismet and run by Automattic, the company behind Wordpress, see https://akismet.com/. It is very effective and a good solution without costs if you are willing to give the comment data to an US-entity, which is very critical in Europe where I live. Though you can't train it yourself from outside of Wordpress, to my knowledge.

For mails there are several spam filter services, like http://www.mailroute.net/, but I do not have any experience with them.

I think Mailgun runs SpamAssassin on their side, but that's what fails so heavily.

When you train it yourself this could be a different story. However, I do not use a spam filter for mails anymore and can't be absolutely sure. I just know that the idea can work fine for blog comments and their spam.

Do take a look at my service - http://blogspam.net/

It is designed for realtime testing of blog-comments as spam/ham. There are a lot of options, and it has been in use for a couple of years.

That looks nice. It is good to have another option than akismet for that, especially an open source one we could host ourself if necessary. And do I see that right that no API key is necessary?

How do you protect yourself against spammers falsely classifying their comments as ham?

I'm not sure I want to integrate that for ursprung. So far, the local methods were enough (and the bayes filter easy to provide via a gem), if that changes for me or others I will reconsider. But serendipity (http://www.s9y.org/) should get a plugin for that. that is certainly used in places where more options would help. I'll look into it.

I've had a few people self-host their own instances, and I like that this is possible. As you say this is key-free, which with the benefit of hindsight was perhaps a mistake, but nowadays I'm happy enough with it.

Spammers would need to train their comments as ham for every domain - since if bayasian testing is done it is done on a per-site basis. I think that's probably the biggest reason why they've not bothered.

> since if bayasian testing is done it is done on a per-site basis.

Oh, I did not realize that. That at the same time is totally cool and will help to tailor the filter, and misses some potential by not having the global spam characteristics.

I added the plugin to my todo-list. Not having to force the user to bother with an Api-key alone is worth the effort.

Yeah other tests are global, based on the shared submissions. But that one has to be site-specific, because some sites talk about cheap cameras, and others about medical-drugs. So the databases shouldn't pollute.

You might look at my (external) service:


It provides an API you can use to test if a blog-comment is spam or not.

This is awesome!

Looks like a nice alternative to ghost.


I think I started before Ghost existed, but it went in a similar direction later on, possible that it influenced me. The big differences apart from the programming would be that there is no backend, that it is a way smaller project, that it has more features of a real blog at the same time (comments, trackbacks and pingbacks) while not having the cool editor.

What do you mean with "there's no backend"? Of course there's a backend!

Backend not in the programmatical sense. Blog engines like Wordpress, also Ghost, have a backend/admin area that is invisible to normal readers, where the blog owner or whoever is logged in with enough rights can write an entry or change the settings, stuff like that. This has nothing of that. The moment you are logged in, the entry editor get shown directly on the blog, settings that can be manipulated (which are very few so far, by design) are controlled next to their UI representation with now shown controls.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact