Thanks for the mention! I love seeing examples of what people are building out there. Some crafty visitor was spamming the list with scripted entries and the updates were buttery smooth :)
Why not just use a simple csrf stored in a session? You already have an "authenticiy_token" in the request data, why not use it, or add another value for csrf?
Cool idea. Seems pretty similar to http://www.tweetspiration.com/. After putting a decent spam-filter on this, maybe there's a way to introduce crowd-supported mechanics (ala upvotes, comments, relevant mentions/hashtags)?
I guess that it isn't something you intended, but you've build great entertainment site. As your user I want you to archive these pearls of humour and let me upvote'em. Time to pivot ;)
you should add an algorithm to filter out the spam and make an app out of this. you could change the theme every day, e.g. tomorrow it could be "if I had [..] I would [..]", etc.
I like it. To limit spam, use twitter for auth and connect ideas to twitter profiles, then let people flag other people as spam - and hellban their account.
If you don't want auth, you can still just let people flag spam and hellban machines spitting out spam.
Edit: You can also use basic ratelimiting - maybe only allow 1 post per 10 seconds.
Just rate limit (one word, two words?) to 1 per 30 (10 seems not enough, dunno) seconds and not allow more than 3 of the same strings repeated sequentially.
Everyone's talking about auth to limit spam, but I think a more interesting approach is to let people click to flag spam, then train up a little naive Bayes classifier.
Is it odd that I find the exercise to prevent the spam far more interesting than the product itself (not a criticism)? No traditional captchas, no oauth tie-ins... just good-old-fashion machine learning, graph analysis, hellbanning, negative captchas, etc
45 comments
[ 3.7 ms ] story [ 104 ms ] threadcan totally see this taking off
If you don't want auth, you can still just let people flag spam and hellban machines spitting out spam.
Edit: You can also use basic ratelimiting - maybe only allow 1 post per 10 seconds.
EDIT: Very sad. Nothing more to say.