Implementing a barebone comment system is child's play.

Implementing a comment system with bells and whistles that is secure (ie, can't be used to screw up your server and attack your other users) is a different matter entirely.

Just because some guy does a 10 minutes demo showing how easy it is to create a comment system does not mean that what he just created is fit for a serious production web site. You are aware that quazillon web sites use cookies to authenticate you when you login right?

Disabling cookies for a web site where you do not need to log in is ok to an extent (especially now with client-side session storage, there is an easy way to store your preferences... though you are screwed for anything where your preferences needs to be figured out on the server side unless the web site is sophisticated enough to use a scheme other than sending cookies back and forth, many websites aren't).

Disabling cookies for a web site where you need to login is practically a guarantee that it won't work for you.

I'm sorry but rolling your own subsystem is almost always a bad idea. Using an existing package, provided it's a good package, is the best idea. If the point of your website isn't analytics, you're a dispstick for trying to implement your own analytics system, because it'll suck in comparison and take time away from your core user stories.

This is why we don't develop our own logging frameworks, MVC (or other display paradigm) frameworks, our own math libs, our own http servers, etc. Because we'll do it worse than the people just focusing on that. That's why FOSS shines, you can freely add this stuff (at times with provisions that you're giving your users the same freedoms) at no cost and often have a more robust system.

I often don't get paid just because I know how to code, I get paid for knowing how to put all the parts together into a robust system based on requirements. Then I "glue" them together with our app.

FWIW, I don't like tracking either, but with Ghostery and NoScript (and Adblock Plus as well) I literally never have to deal with it. I don't get the problem for technical users. Yes it sucks for 99% of everyone and no, you should not implement a software anal probe for every user of your site, but for someone who actually "knows" this stuff it's easy to turn off. No it's not, if you want to include the jQuery library version from the jQuery live site that's pretty smart, you get bugfixes for free. Your problem is that you're indiscriminately blocking everything when there's perfectly good blacklists out there.

Same here, I choose not to participate in social networking.

I allow first party cookies from websites on which I have account, of course logging in won't work if I block their cookies.

You know, on one hand: that actually sounds like pretty good idea (provided you keep your own copy as a backup in case the one from the jQuery org doesn't load).

At the same time, I'd be worried about them making a changes that breaks backward compatibility on some subtle way (deliberately or not) which might introduce unexpected bugs at an awkward time (as opposed to me updating the library manually and paying attention for potential problems when I do).

I mean, I do and will keep doing a reasonable amount of client-side testing anyways so I figure the copy of jQuery that I have is pretty bug free (or at least bug free for the usage I make of it).

You link to a specific version, only bugfixes and security fixes get made to release versions. This is how we do stuff on the interwebz these days:)

Yeah, clearly, the fact that I'm paranoid and do the bulk of my development offline limits the possibility of some interesting discoveries during development time :P.

I would find it hard as hell to develop offline, there's so many great tools and references out there. Hell, my build processes dynamically pull down libraries and resolve their dependencies automatically for me (plus source code and Javadoc if they exist), what you're describing sounds rather self limiting. Don't be afraid, there's no reason in this case. Just make sure you have a source code commit to someplace safe, at worst you lose a few hours or work.

If's not that bad for me.

I have a sizeable library (both physical books and pdf books), I use Python (documentation comes with the interpreter offline) and the web2py framework (official documentation is downloadable offline).

Additionally, I saved an offline copy of a few choice web pages and keep my other computer online in case I need to do a search.

At this point, I've read so many books that I've become very knowledgeable on the technologies I use the most (browser development, the web framework I use, Python, C++ in particular).

The technologies I use are so darn portable that I run the development version of my web server off a USB stick (if someone ever steals my laptop... not because they are out to get my work, but because a laptop is valuable, they won't get any of my work regardless).

Really, the main things I'm missing out are some of the facilities external services the framework has built-in facilities to interact with (captcha, Paypal, an external email server, a real certificate authority for TSL).

I've also toyed with the possibility of using OpenID for login (actually, as a user, I really like the concept, but I'm not sure how well it would go with some people).

I'll need to come around to those and I'll need to be online for that so what you are describing will have to become a reality (it's just a reality that I procrastinate in making).

When you work for a corporation (either permanently or on contract), you have a safety net, but as a lone developer with few financial resources to duke it out legally, I feel extremely vulnerable to theft and I definitely have some trust issues.

I trust (within reason) and love unconditionally 90%-95% of my follow humans (even if I feel that some are political morons), but I know that the remainder is significantly morally challenged (not saying they were born this way, but regardless, they became what they became) and a small percentage of those is rotten to the core so I don't like leaving the keys to my personal kingdom laying around. It feels like gambling.

When I hear about people breaking into computer systems and ruining people's lives for lulz, steal credit card info and hold services ransom at a critical time unless money is paid, it becomes plain to me that some people who are very technically intelligent have the moral/emotional IQ of a 3 years old and it's not a reassuring prospect.

I don't have the time or interest to dedicate as much energy on security as those creeps so I won't pretend that I can really beat them at their games if I leave too many doors open. However, I can limit their entry points and mitigate the damage they can do if they get in.