[HN Gopher] My cheapskate commenting system
___________________________________________________________________
My cheapskate commenting system
Author : bradley_taunt
Score : 120 points
Date : 2022-02-04 13:10 UTC (2 days ago)
(HTM) web link (tdarb.org)
(TXT) w3m dump (tdarb.org)
| WalterBright wrote:
| I use something similar, but instead use a bit of javascript to
| obfuscate it so the email harvesters won't send me spam.
| SkeuomorphicBee wrote:
| The problem with this approach is that most people don't have a
| mail app set up on their computers (I'm guessing on phones it
| works flawlessly). Pretty much everyone uses a webmail now a
| days, so "mailto:" links simply don't work for most people, they
| just open a default mail client which the user doesn't use and
| never setup. So you end up with a confused user unable to
| comment.
| dredmorbius wrote:
| Joseph Wood Krutch: "There's nothing like a good bad dirt road
| to screen out the faintly interested and to invite in the
| genuinely interested."
|
| Often recast as "bad roads make good filters".
| CraneWorm wrote:
| I don't see a problem, did you try to use it?
|
| For me it opens "Choose an application to open the mailto
| link." all listed options open webmail clients.
| lelandfe wrote:
| Given the scenario outlined by the parent comment, this would
| indeed be a problem on macOS.
| oneeyedpigeon wrote:
| mailto: links open up gmail for me. Not sure when or how I
| configured this, but it works like a breeze.
| yosamino wrote:
| Gmail configured it for you. This is implemented as an API[0]
| that can be called from a site's javascript code, like this:
| navigator.registerProtocolHandler("mailto",
| "https://webmail.example.com/handler=%s")
| [0] https://developer.mozilla.org/en-
| US/docs/Web/API/Navigator/registerProtocolHandler
| roywashere wrote:
| Yes! And it is recently - ish new but great!!
| woodruffw wrote:
| I use neomutt, but, if I remove it, `mailto:` links get
| properly routed to my browser and webmail provider instead.
| Works on both macOS and Linux.
| scary-size wrote:
| I'm just running a single contact form on my blog. Messages
| aren't displayed on articles. Users don't even have to include
| their email if they don't want to. The comment is stored in a
| file on disk by a very simple fastCGI script. The rest of the
| blog is static [1]
|
| [1] https://franz.hamburg/writing/boring-website.html
| baxtr wrote:
| Can someone come-up with an open-source HN like commenting
| system? It's really the best I know.
| dredmorbius wrote:
| Find out what dang's annual rate is, for starters.
|
| He (and apparently an additional moderation team) are the
| secret sauce behind the site. Along with the member cohort.
| cpach wrote:
| I'm not sure exactly what you mean, but "News" is a HN-like
| open source web application:
| https://github.com/arclanguage/anarki/tree/master/apps/news
|
| The Lobste.rs source is also open source:
| https://github.com/lobsters/lobsters
| prisout64 wrote:
| I Love this. Will try it out on my personal blog soon, as well as
| utterances. I get that some people don't want to have a github
| account and email seems like a great alternative.
| iqanq wrote:
| What a GDPR nightmare.
| dxld wrote:
| > Art. 2 GDPR: This Regulation does not apply to the processing
| of personal data: [...] (c) by a natural person in the course
| of a purely personal or household activity
| iqanq wrote:
| The fact that the database is connected to the internet and
| shows the real names of people publicly means that this
| article is unrelated.
| kilroy123 wrote:
| That is a valid concern. I had someone send a GDPR request to
| have their data removed, on my small website / newsletter.
|
| It does and can happen. Albeit, not often.
| t0astbread wrote:
| If you mean complying with requests for deletion, exports of
| personal data or name updates I suppose that can be handled via
| email as well. Since it's all manual I would assume you can
| just update the files and re-generate the site.
|
| The only real problem is verifying the legitimacy of requests.
| How do you know for sure that an email containing a GDPR
| request came from the same person that also sent the comments?
| I guess you could come up with some rules. For example, if the
| request was signed with the same GPG key as the original
| comments or if a request passes DMARC...
|
| I'm curious to hear what the author thinks of that!
|
| Addendum: If you track your website's sources in a public VCS
| and include comments in there you probably have to run a
| "filter-branch" (or whatever your VCS has for that) over it to
| purge PII from the version history.
| fit2rule wrote:
| mro_name wrote:
| why?
| defanor wrote:
| The cons of the email option can be mitigated by setting a mail
| archiver (as used for mailing lists). Since it's about avoiding
| setting any software on a remote system, one can run its
| update/maintenance bits locally, along with other website
| generation/upload software.
| bin_bash wrote:
| Storing website comments in Github issues is probably against the
| ToS anyways isn't it?
| blondin wrote:
| > E-mail. It's just plain e-mail.
|
| came to the same realization. it dawned on me that we have done
| it before in the past with "contact me" and "guestbook" forms.
|
| email providers could repurpose their service around this. it
| would be awesome to manage comments natively and easily from your
| inbox. plus you can take your email messages and contacts with
| you.
|
| it is full of potential.
| TomGullen wrote:
| Interesting solution however I would however be worried about
| potential confusion around implicit expectation of privacy when
| users send an email - this is the first time I've seen this
| barrier being broken down in this way.
| southerntofu wrote:
| Congratulations on your system!
|
| > Must be manually curated and posted
|
| Well sure but you can make that semi-automated using a TUI/WebUI
| to filter out obvious spam then review comments individually
| before pushing a batch to your publishing pipeline. For example,
| by importing the maildir entries into your SSG directory, or by
| forwarding the selected comments to a localhost address not
| reachable from the outside where the maildir will be
| automatically picked up by a script.
|
| > No notifications
|
| for me i don't have notifications of email but that's a feature
| not a bug. i could set up some easily on my smartphone. and you
| could do the same, or you could use something like sendxmpp to
| keep you updated on a chat account.
|
| > No "built-in" reply functionality
|
| Why not? Just assign every article a uniqueID, and every approved
| message a uniqueID based on a hash of publishing date and
| commenter email and use a mailto URI for the reply link where
| subject = "articleID-commentID" and body = explanation to not
| change the message title and about privacy policy. That's how
| email-based bugtracking systems like debbugs work to keep track
| of relations between messages. You could even make opt-in for
| receiving (approved) replies via email maybe by adding "Can't
| wait to hear from you!" at the end of the body...
|
| I can't find the source right now but if you ask cmccabe from
| rawtext.club (can also be found on other tildeverse IRC chans)
| he's got a nice/flexible email treatment pipeline using simple
| scripts that could be very well adapted to this usecase. Demo?
| Send "pepperoni" subject to frisbee+pizza@rawtext.club ;-) ;-)
| derekzhouzhen wrote:
| You can use mine:
|
| https://roastidio.us/claim
|
| It will send emails to you and let you choose which one to show
| the world. All email addresses are hidden so everyone stay
| anonymous.
| swyx wrote:
| if you want a quick and easy way to put comments into a small
| free postgresql instance including auth you can try
| https://github.com/malerba118/supabase-comments-extension
| kiwicopple wrote:
| There is also this neat recursive CTE for creating threaded
| comments in Postgres:
| https://github.com/lawrencecchen/threaded-comments/blob/main...
| rognjen wrote:
| I did _exactly_ the same thing. My blog runs on Jekyll too. I had
| Disqus but it was spammy.
|
| I've found that I get most comments on hacker news though ;)
| rambambram wrote:
| I'm building a comment system along the same concept right now.
| The best part for me is - well, I hope so - that it filters quick
| and angry comments. Like OP suggests: visitors going through this
| small hoop probably leave interesting comments. Didn't know about
| lowtechmagazine having this kind of comments system, but that's
| definitely an endorsement for the concept, if you ask me. To
| filter spam, I base my system on the spam-filtering contactform I
| already have.
|
| Besides: OP, I 'follow' your website by RSS now. Or should I send
| you an email to tell this!? ;)
| k3vinw wrote:
| I'm surprised nobody mentioned procmail.
|
| Could help automate some tasks for you. Maybe even some kind of
| review/publish mechanism depending on how far you wanted to
| automate things.
| swyx wrote:
| procmail became unmaintained 20 years ago
| (https://marc.info/?l=openbsd-ports&m=141634350915839&w=2)
|
| what's the latest hotness?
| dxld wrote:
| I use maildrop with a .mailfilter file, works fine but it's
| not exactly new either :)
| jb1991 wrote:
| If I had a blog, I would skip any kind of commenting system
| altogether and just post a link to every article I write to HN,
| and include a link to the discussion on HN in the article, and
| let HN be my commenting system. It would probably get more
| visibility, have better discussions, and even if the link was
| never seen by anyone on HN, it would still offer a place for
| discussion for a while. You would have the benefit of letting the
| HN community be a filter of who gets to respond, which I think is
| a pretty good filter.
| dredmorbius wrote:
| Using a microblogging platform such as Mastodon as your
| commenting system is an option.
|
| I'd still plan on curating those comments, probably through a
| mix of filters, allowlists/blocklists, and manual processing.
| istjohn wrote:
| With regard to the concerns that this use of HN may be
| unwelcome, perhaps there is an opportunity here for a 3rd party
| website designed for this usecase. But maybe we're just
| redesigning Disqus at that point?
| rogual wrote:
| Not sure, but it might get you banned. HN rules say it's okay
| to post your own stuff "occasionally". Don't know how they
| interpret it, though.
| jb1991 wrote:
| Indeed. Apparently I need to read the manual.
| dredmorbius wrote:
| HN admins are pretty responsive on that.
|
| Since a lot of the awareness comes from reader reports, what
| HN members have as thresholds has a lot to say about this.
| I'd strongly recommend keeping at or below a 1:10 ratio.
| helsinkiandrew wrote:
| Wouldn't posting everyone of your posts to HN be against the
| guidelines:
|
| "Please don't use HN primarily for promotion. It's ok to post
| your own stuff occasionally, but the primary use of the site
| should be for curiosity."
| jb1991 wrote:
| Well there goes that idea.
| superkuh wrote:
| My favorite way to implement and simply/safely self host a web
| comment system is to log all POSTs that include a string like,
| /@say/ in the URL to a unique log file on disk. This txt file is
| then the comments and included via server side includes for
| minimal attack surface with just enough features to do what's
| needed. This means you have to actually control the webserver but
| in this context I think that's reasonable.
| rambambram wrote:
| Before I clicked the post I thought it was your system. Don't
| know if I can call your comment system "cheapskate" though, but
| I already told you I like it!
| istjohn wrote:
| How do you handle comment spam?
| chrismorgan wrote:
| On the markup: don't nest buttons and links, they don't play well
| together--the combination messes up various tooling, including
| screen readers (or so I'm told), and definitely messes up
| keyboard navigation with Tab and expected interactivity. Use one
| or the other. A link, most likely, so people can easily copy it:
| <a href="mailto:hello@tdarb.org?subject=RE:%20My%20Cheapskate%20C
| ommenting%20System">Comment via email</a>
|
| You might hope that you could make it a full form, with a body
| field and all: <form
| action="mailto:hello@tdarb.org" target="_blank"> <input
| type="hidden" name="subject" value="RE: My Cheapskate Commenting
| System"> <textarea name="body"></textarea>
| <input type="submit" value="Comment via email"> </form>
|
| ... but in practice, application/x-www-form-urlencoded turns
| spaces into +, but + is ambiguous in mailto: URIs
| <https://datatracker.ietf.org/doc/html/rfc6068#section-5> and
| generally interpreted as + rather than space. I don't believe
| there's any way to instruct browsers to emit %20 instead. As
| https://url.spec.whatwg.org/#concept-urlencoded says, "the
| application/x-www-form-urlencoded format is in many ways an
| aberrant monstrosity". I love it when language like that gets
| into specs, even if it's only in non-normative notes. (The body
| field is probably not universally supported either, but with
| spaces being turned into plus signs, the absence of the body
| don't signify so much.)
|
| (If inspecting RFC 6068 carefully, you'll note that line breaks
| also have to be encoded %0D%0A (); that one isn't a problem, as
| HTML form data serialisation normalises that way already
| <https://html.spec.whatwg.org/multipage/form-control-
| infrastr...>--which I've seen trip up more than one char-count-
| limit implementation, with the server seeing two-char line breaks
| and the client seeing one-.)
| rheide wrote:
| I reached the same conclusion for my own static blog. One step
| beyond just having an email link is to run an AWS lambda that
| takes a web form post and sends you an email with the contents.
| That way you can add a captcha (hCaptcha seems like a good
| alternative to Google), and your email address doesn't float
| around on the public internet. It's fairly low maintenance and
| easy to replace if you ever did want to step away from AWS.
| mro_name wrote:
| why would I use 'my' email address?
|
| The blog is on a domain, that comes with tons of email
| adresses. Doesn't it? So just invent a dedicated one that well
| may float. Change once appropriate.
|
| Catching a form-post on the server doesn't take AWS (unless you
| only ask the Amazon evangelists). 50 lines of bash cgi do it
| for me.
| throwthere wrote:
| lambda functions are arguably a lot simpler and easier to
| toss in the static site mix than a server properly configured
| for cgi.
| mro_name wrote:
| you are definitively not on shared hosting webspace, are
| you?
|
| What is your baseline and how is that simpler?
| throwthere wrote:
| These kinds of static sites are generally served from a
| shared host like GitHub Pages, Netlify, etc. The baseline
| is configuring Jeykyll or whatever the first time.
|
| imo lambda/serverless can get overdone and too
| complicated but it works well for one-off services like
| this.
| mro_name wrote:
| ah - I would never have thought of putting something that
| invites comments on a web space with TOS of e.g. github.
|
| You want a custom domain anyway, don't you? The space
| won't be an issue then, is it?
| masklinn wrote:
| Hell you could use the post-id as the address, making
| dispatch even easier.
|
| The next step would probably be to use a mailing list program
| for the comments, allowing subscriptions / notifications.
| mro_name wrote:
| indeed, or websub comments from other places. Or
| Activitypub...
|
| Each microblog is a comment system - just reverse from what
| a blog wants.
|
| The Fediverse really could help if just somebody would
| implement such a comment engine. But that engine has to be
| deployed decentral. On each blog.
| masklinn wrote:
| > The Fediverse really could help if just somebody would
| implement such a comment engine. But that engine has to
| be deployed decentral. On each blog.
|
| I'm really not sure what you mean with that. The old
| blogs generation had a pingbacks system, but it's really
| not suitable for commenting: that is usually not
| moderated by the target, it requires having set up your
| own blog, it's really inconvenient for discussions when
| you have to keep jumping through (unless you use a
| federation tool but then it's back to centralisation),
| and it can be awkward to reply through a blog post as the
| reply might not rise to that level of interest to your
| own subscribers, plus the subject at hand might not be
| one you aim to cover in your normal posting.
| mro_name wrote:
| the fediverse promises to connect across instances.
|
| Imagine your blog is one, too and can receive likes and
| replies just like any other fediverse instance. Each
| comment is both on the commenters fediverse profile as
| well as under the blog article that it refers to.
| masklinn wrote:
| That's about what I expected, and really mostly awful for
| the reasons explained above (and then some).
| mro_name wrote:
| so do I [1] and I render them in an iframe straight from the
| comment feed. Wouldn't have to be email, could be a web form or
| be aggregated from HN or alike as well.
|
| [1] https://blog.mro.name/2019/05/wp-to-hugo-making-of/
| karaterobot wrote:
| > Those willing to write me a personal e-mail in order to share
| their thoughts on my stupid little blog probably have something
| interesting to say.
|
| Neat. I expect it would also reduce low-quality content, because
| (optimistically) commenters are making a more human connection by
| directly emailing the author and asking him to do a little work,
| and (pessimistically) they know they can't get past the content
| filter, and nobody will ever read their screed if it's too nasty.
|
| I've run a blog for over 17 years, and haven't turned comments on
| for over 16 of them. I don't consider the pluses worth the
| minuses. But, this method never occurred to me.
| woodruffw wrote:
| Very cool. I've thought about doing exactly this, with a Google
| Group and a cronjob that checks for new postings every few
| minutes.
___________________________________________________________________
(page generated 2022-02-06 23:01 UTC)