[HN Gopher] Cactus Comments: Federated web comments based on Mat...
___________________________________________________________________
Cactus Comments: Federated web comments based on Matrix protocol
Author : decrypt
Score : 154 points
Date : 2021-03-07 00:14 UTC (22 hours ago)
(HTM) web link (cactus.chat)
(TXT) w3m dump (cactus.chat)
| imwillofficial wrote:
| I've wanted this so badly for my static site blog but never found
| an easy way. I'm so stoked.
| Normille wrote:
| Metamask doesn't like it: >Ethereum Phishing
| Detection >This domain is currently on the MetaMask
| domain warning list. This means that based on information
| available to us, MetaMask believes this domain could currently
| compromise your security and, as an added safety feature,
| MetaMask has restricted access to the site. To override this,
| please read the rest of this warning for instructions on how to
| continue at your own risk.
| Gys wrote:
| False positive? See
| https://news.ycombinator.com/item?id=26372767
| Arathorn wrote:
| This is really cool (and will finally solve the problem of
| matrix.org/blog not having any comments currently!)
| edent wrote:
| I'm currently using https://intensedebate.com/ which, while
| abandonware, allows people to comment anonymously or using their
| Twitter & Facebook accounts.
|
| How hard would it be to add non-Matrix accounts to this service?
| southerntofu wrote:
| Can't speak for the author about Cactus, but in my experience
| if you want to integrate with a lot of services for comments on
| your blog, you can use a widely-implemented protocol like
| webmention, along with a gateway like brid.gy for interfacing
| with centralized silos.
|
| Unfortunately Facebook shut down the brid.gy gateway a few
| years ago, but other silos still interoperate fine.
| [deleted]
| jaggs wrote:
| No WordPress plugin?
| Gys wrote:
| Yes: https://cactus.chat/docs/getting-started/integrations/
| imrehg wrote:
| Sidenote: The site has a small gotcha, in the demo page, if I
| type a text with a "?", when the question mark is typed the top
| right search field just gets activated and can't really type that
| character into the comment at all. It feels annoying user
| experience, though the actual comment service is great, checking
| whether I can use that on my site/blog instead of the current
| stuff.
| nickdothutton wrote:
| The web desperately needs a good comment system which is easy to
| onboard to, easy for casual commenters, and non-pathological in
| terms of advertising/data-gathering/advertising. I really hope
| one comes along.
| zaik wrote:
| This seems like an even better use of a state-synchronization
| protocol like Matrix than instant messaging, for which I think
| XMPP is a better fit.
| 177tcca wrote:
| It's not meant to be any one thing.
|
| That's its strength.
|
| Core to many usecases, many eyes, many industries' backing.
| southerntofu wrote:
| > It's not meant to be any one thing.
|
| Well more so than other federated protocols. matrix has a
| strong emphasis on resistance to censorship and network
| splits, at the price of metadata leakage. In contrast,
| AP/XMPP assume every server is a tiny kingdom (no content is
| owned by more than one server). matrix usecase is really cool
| but could have been built on top of existing federated
| protocols without reinventing a new ecosystem.
|
| Can't wait for proper interoperability between the three big
| federated networks (Matrix, XMPP, ActivityPub). The previous
| discussion on HN about this topic didn't go very far:
| https://news.ycombinator.com/item?id=26279906
| 177tcca wrote:
| There are already frameworks and services for making
| chatrooms and comments with Matrix protocol for using in
| centralized and decentralized webpages -- why someone would
| want to hack XMPP into there, besides loyalty and
| familiarity, is beyond me.
| southerntofu wrote:
| My point was not that a commenting system should be
| implemented using this or that protocol (though it's
| likely just as easy using established AP or web<->XMPP
| frameworks). In fact, i believe a public commenting
| system is a very valid usecase of matrix's censorship-
| resilient decentralized rooms even though i'm not
| entirely sure of the consequences of that in terms of
| moderation/spam.
|
| I was reacting to matrix being "not meant to be any one
| thing". I explicitly recall matrix being marketed by the
| community (maybe not the devs themselves) as a modern,
| censorship-resilient IRC replacement that fitted in a
| short (single?) specification and intentionally avoided
| the extensibility (and associated implementation/interop
| failures) of the XMPP protocol.
|
| When i say matrix is a more specific use-case than other
| federated protocols, i mean that decentralized rooms can
| be implemented as a consensus-reaching algorithm on top
| of any federated protocol, and that's in fact what matrix
| servers are doing under the hood. But supporting the
| usecase of least-metadata-leakage in a protocol designed
| for sharing state across many actors is arguably
| trickier.
|
| For example, i believe matrix doesn't currently support
| per-room nicknames which don't reveal your public address
| to all members of the room (only to chatroom admins for
| ban purposes). matrix has very interesting developments
| with or without this specific feature, but i was
| highlighting that matrix is not more generic/agnostic
| than other federation protocols (just like XMPP isn't a
| "universal" protocol either).
|
| Like i'm very interested in matrix P2P ecosystem there's
| some really amazing stuff being developed there
| (pinecone), but i must say the entire matrix selling
| pitch is very similar to the selling pitch of XMPP more
| than a decade ago: "a universal bridgeable messenger".
| Regarding the P2P example, XMPP had offline-first
| "zeroconf" federation (XEP-0174) drafted in 2006. Despite
| being far less advanced than modern matrix P2P, it was
| already very similar in spirit.
|
| So my central point i guess, is not that one protocol is
| better than the other. They all have very strong pros and
| cons depending on the actual usecase. Different users, or
| same users across different contexts/activities may
| prefer one technology or the other. My point is i believe
| it is our responsibility as technologists to ease their
| life and standardize things for more interoperability so
| users can have a choice between "the federated networks"
| and "centralized silos" instead of having a choice
| between "centralized silos" and "tiny federated islands
| that mostly don't talk to one another", adjusting the
| balance of power in our favor which is in the direct
| interest of everyone involved except the corporate
| silicon valley sociopaths.
|
| Cory Doctorow's latest talks have pretty compelling
| arguments for interoperability if you have some time to
| spare.
| imwillofficial wrote:
| XMPP has been effectively dead for awhile. Time to move on.
| MattJ100 wrote:
| And you're basing this on what?
|
| I do concede that XMPP is not the new shiny, but it is very
| far from dead.
|
| It powers more things than you realise, a few are listed at
| https://xmpp.org/uses/
|
| There is healthy growth in server count:
| https://blog.prosody.im/2020-retrospective/
|
| Development is very active, across a diverse range of
| projects: https://xmpp.org/category/newsletter.html
| imwillofficial wrote:
| Whoa I had no idea! Thanks for sharing!
| southerntofu wrote:
| Jabber/XMPP ecosystem is far from dead. If anything, my
| perspective as an end-user for quite a long time is there's
| been more community-oriented developments in the past few
| years, than in the entire previous decade.
|
| Some clients/servers are unfortunately unmaintained and the
| XMPP Standards Foundation has a neutral position which
| prevents it from advertising specific clients which have good
| UX and modern features. But modern clients like
| Conversations, Dino, Siskin and Gajim are certainly good
| messengers with hardware and feature support i haven't seen
| in other ecosystems (client & server side low resource
| requirements, good Tor support client, and vast plugin
| ecosystems) though there's some dearly-missed functionality
| (eg. groups of chatrooms like matrix spaces).
|
| If you're curious about interesting developments, libervia
| (ex salut-a-toi) is the only federated piece of software i
| know that is selfhosting its own development (forge). Tickets
| and merge requests for libervia are done via libervia itself.
| They've been doing that for almost 3 years now, using
| mercurial as a backend but implemented in a way that other
| DVCS backends can be supported. See my blogpost about
| decentralized forging for more context on that
| https://staticadventures.netlib.re/blog/decentralized-forge/
| imwillofficial wrote:
| Thanks for sharing!
| remram wrote:
| See also: Adding comments with Mastodon
| https://news.ycombinator.com/item?id=25570268
| rectang wrote:
| Looking through the docs, I don't see any mention of spam
| prevention or moderation. What tools are available or planned to
| help beleaguered site owners deal with the inevitable onslaught?
| michaelsbradley wrote:
| When I followed the link in Firefox with the MetaMask extension
| installed and enabled, I was greeted with MetaMask's _Ethereum
| Phishing Detection_ page:
|
| https://i.imgur.com/DSiut95.jpg
| michaelsbradley wrote:
| It seems to be a false positive in the phishing detector:
|
| https://github.com/MetaMask/eth-phishing-detect/issues/4749
| detaro wrote:
| looking at the GH issues on that extension, false positives
| seems to be the name of the game there...
| CA0DA wrote:
| I'm excited about this - tried the demo, how do I know the site
| is not stealing my password? Shouldn't this use OAuth to solve
| that issue?
| carlbordum wrote:
| You don't, you have to trust it just like any other Matrix
| client. Hopefully there will be OAuth or something similar in
| the Matrix spec in the future, so you can use less trusted
| clients. If you want to comment with your user, but don't trust
| the client, you can use any Matrix client with Cactus Comments
| by clicking "Use a Matrix client" :-)
| imwillofficial wrote:
| Because you don't login via the site, you have to go through
| Matrix' login flow, just like with any client.
| southerntofu wrote:
| Then why does the popup on Cactus ask for the password? If
| the matrix homeserver is responsible for the authentication,
| then cactus should probably only ask for a matrix identifier
| (user:server).
| [deleted]
| a1371 wrote:
| This is great! Any option to filter spam/hate speech
| automatically and not on the front-end?
| Shared404 wrote:
| This is an important question, I'm surprised to see it
| downvoted.
|
| That being said, I would imagine it would be done the same way
| as an automod type bot for any Matrix room. You'd probably have
| to implement it yourself though.
|
| Edit: That being said, I don't like the idea of automatic
| moderation. For small scale blogs, maybe just a manual approval
| of comments would be worthwhile.
| ta8645 wrote:
| I personally find "hate speech" nomenclature quite tedious, but
| dealing with undesired content is handled via the usual Matrix
| methods[1]... since that is what underlies Cactus. You may have
| to self host though, i'm not sure if Cactus themselves give
| access to these features if you rely on them for hosting.
|
| [1] https://matrix.org/docs/guides/moderation
| CameronNemo wrote:
| Matrix is currently working on improved moderation and
| curation methods, right? I saw a blog post published to that
| effect, in response to the last administration's anti-
| encryption putsch.
| nanna wrote:
| > I personally find "hate speech" nomenclature quite tedious
|
| I first encountered 'hate speech' as a wide eyed teenager in
| the 1990s on a gaming IRC room that I hung out in. Somehow my
| ethnic background came out, and it was bizarre: the entire
| room either turned against me with racist hate speech, adding
| that they knew where I lived based on my ip (didn't think
| this was possible, but then didn't know anyone to ask if it
| was) and would come beat me up or worse. Or they just went
| silent and wouldn't stand up for me. I asked the moderators
| to help and I don't think they ever replied; certainly they
| never did anything. It was terrifying, and it made me clock
| out of IRC and online gaming communities for good.
|
| So I wonder, to those who downvote someone asking about
| moderating (posts on your _own_ blog!) or just consider hate
| speech as a term to be 'tedius' : have you ever experienced
| it yourself?
| outime wrote:
| I didn't downvote and I'm very sorry you had/have to go
| through that. That being said, how I see it is that OP may
| be referring to the fact that the "hate speech" label is
| being overused similarly to "fascism" and other similar
| strong words.
| dane-pgp wrote:
| I can't speak on behalf of ta8645, but it's possible that
| they support banning people who harass or threaten
| violence, but don't think that banning an ever growing list
| of ideologically chosen words will do much to solve the
| underlying problems (and may in fact exacerbate them).
| southerntofu wrote:
| > So I wonder, to those who downvote someone asking about
| moderating
|
| I didn't downvote and i'm certainly in favor of strong
| moderation. However automated filters worry me as they have
| shown time and time again that regexes aren't as sharp as
| human moderators.
|
| For recent discussions about that on Lemmy, a federated
| Reddit replacement based on ActivityPub:
| https://lemmy.ml/post/55323 https://lemmy.ml/post/55143
| lrem wrote:
| Scanning through the doc, I don't see mention of setting a
| room to "each message needs approval". Have I missed it?
| paraknight wrote:
| Why tedious? It's a short, accurate, semantically unambiguous
| description of a non-partisan concept; speech expressing
| hate. It's the global minimum in tediousness for expressing
| that and much narrower and more objective than "undesired
| content".
| Proven wrote:
| Because it implies that current moderation features linked
| in his reply aren't enough and that "hate" speech should be
| somehow dealt with differently than other unwanted content.
| croes wrote:
| If words express hate is a matter of context not just
| words.
| claudiawerner wrote:
| >I personally find "hate speech" nomenclature quite tedious,
|
| Why? I think it's quite a useful term that's worthy of
| discussion from philosophical and legal perspectives. It
| pretty quickly identifies a range of related behaviors. But I
| am interested if you have less 'tedious' terms that describe
| the same thing.
| aabbcc1241 wrote:
| I imagine a share-able blacklist/whitelist system can helps
| Arathorn wrote:
| This is what matrix is working on (except greylists, not
| block/allow lists), and so would automatically apply to
| cactus.chat. https://matrix.org/blog/2020/10/19/combating-
| abuse-in-matrix...
| mindaugasdagys wrote:
| There is wide diversity of perceptions of what constitutes a
| hate speech. One size fits all solution seems hardly possible.
| An ecosystem of plugins / components for each user to choose
| may be way to go. Front end or back end would not matter as
| long as each individually user is shielded from an unwelcome
| content. Much like bayesian spam filers a personal client side
| AI model would lean evolve along with users attitudes and
| behaviours. Client side is also good for privacy.
| aabbcc1241 wrote:
| Appreciate this kind of decentralized, self-hosted
| project/platform/system
| southerntofu wrote:
| Hello, i just tested it and it's really cool! Do you have any
| idea about ActivityPub / XMPP PubSub gateways for
| interoperability? From a remote look, it appears mxtoot is a bot
| not a proper AP gateway, and bifrost doesn't support PubSub XEP
| which is used for microblogging/commenting. Supporting these
| protocols directly would also be an option, but i don't know an
| ActivityPub server that supports guest accounts (but XMPP servers
| do).
|
| Too bad cactus doesn't work without JavaScript. Would it be
| possible in the future to support submitting a comment via simple
| HTML form for older/slower clients? A related annoying detail,
| '?' key is hijacked by JavaScript so it's impossible to type it
| in the comment box ;-)
|
| Thanks for this demo i'm excited for the future of federated
| comments
| carlbordum wrote:
| Hi, I am one of the authors of Cactus Comments.
|
| Making Cactus Comments work without javascript would require a
| backend server. Right now, the frontend is actually just a
| special-purpose Matrix client that interacts directly with
| Matrix homeservers.
| southerntofu wrote:
| Hello, thanks for taking the time to reply. Isn't the
| matrix.org homeserver already a backend HTTP server? I'm
| unfamiliar with the matrix protocol, but isn't there a way to
| POST to homeserver directly so that it can authenticate and
| confirm with the user they intend to post this message?
___________________________________________________________________
(page generated 2021-03-07 23:03 UTC)