digitalmars.D.announce - Introducing Diskuto - an embeddable comment system
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (21/21) Mar 14 2017 So I was able to reserve the last two days to work on something new, and...
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (3/24) Mar 14 2017 Started a temporary instance for hands-on testing:
- Faux Amis (1/3) Mar 14 2017 Updated I see ;)
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (4/7) Mar 14 2017 Yeah, still tweaking a few things here and there. Very helpful to have
- Azbuka (4/7) Mar 14 2017 My comment is most upvoted. Where can I get my medal?
- Daniel Kozak via Digitalmars-d-announce (2/9) Mar 14 2017 Sorry but I do not see it. Which one?
- Azbuka (3/4) Mar 14 2017 Looks like it have been deleted. Okay, 2k upvotes is too much.
- Daniel Kozak via Digitalmars-d-announce (2/6) Mar 14 2017 Deleted :D
- Daniel Kozak via Digitalmars-d-announce (11/15) Mar 14 2017 curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H 'Origin:
- =?UTF-8?B?U8O2bmtl?= Ludwig (6/24) Mar 14 2017 Did you delete the comments yourself? The time limit for
- Daniel Kozak via Digitalmars-d-announce (2/28) Mar 14 2017 I have deleted not only my comments, I can delete enyone comment
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (4/13) Mar 14 2017 Okay, that was supposed to be implemented before 1.0.0, but then I
- cym13 (3/21) Mar 17 2017 You'll also want a CSRF token for that, checking that the user is
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (10/28) Mar 17 2017 True, I have that and some other standard measures planned, but for now
- Suliman (6/45) Mar 17 2017 Please add oAuth with Google instead anti-spam. I really captcha
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (9/48) Mar 17 2017 The idea is to allow anonymous comments, at least if a site wants to
- aberba (2/9) Mar 14 2017 How deep (levels) can it handle sub comments?
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (6/16) Mar 14 2017 It's currently unlimited, but I guess that either a functional or a
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (25/25) Mar 15 2017 Improvements implemented by now:
- aberba (3/18) Mar 15 2017 The load balancer you were working on. Was it intended to handle
- =?UTF-8?B?U8O2bmtl?= Ludwig (8/10) Mar 15 2017 Being somewhat resistant to DDoS attacks is one of the secondary
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (4/4) Mar 15 2017 Just implemented a visual overhaul - the "reply" buttons are gone and
- Nick Sabalausky (Abscissa) (2/2) Mar 15 2017 Nice. The only example code uses diet templates though, how would one
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (4/6) Mar 16 2017 I'll add two more examples - one using only JavaScript to embed the
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (5/11) Mar 16 2017 The latest version now offers three embedding modes:
- Nick Sabalausky (Abscissa) (2/6) Mar 17 2017 Nice. Very cool lib!
- MrSmith (3/5) Mar 19 2017 Would be nice to undo/change votes. I accidentally clicked -1 and
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (4/9) Mar 21 2017 Good point, I was a bit worried about this myself, and the fact that it
So I was able to reserve the last two days to work on something new, and one thing that is currently rather lacking in the D/vibe.d web ecosystem is embedded commenting, be it for vibe.d's own blog engine [1]/[2] or for the DDOX based standard library documentation [3]. So I went ahead and created a little comment engine inspired by Disqus and Isso: https://github.com/rejectedsoftware/diskuto (screenshot inside) https://code.dlang.org/packages/diskuto It has a similar tree based structure with user voting, doesn't require registration and a basic set of functionality works without JavaScript support. Currently the only backend supported is MongoDB, but adding more is rather simple. Using NNTP as the target, as was discussed a few times in the past, is slightly tricky because editing and comment deletion needs to be supported. However, there is a limited time frame for those operations, so afterwards messages could be mirrored to a newsgroup safely (the other way around would of course always work). Any comments suggestions and especially helping hands are highly appreciated! [1]: https://github.com/rejectedsoftware/vibenews [2]: https://vibed.org/blog/ [3]: https://dlang.org/library/
 Mar 14 2017
Am 14.03.2017 um 12:17 schrieb Sönke Ludwig:So I was able to reserve the last two days to work on something new, and one thing that is currently rather lacking in the D/vibe.d web ecosystem is embedded commenting, be it for vibe.d's own blog engine [1]/[2] or for the DDOX based standard library documentation [3]. So I went ahead and created a little comment engine inspired by Disqus and Isso: https://github.com/rejectedsoftware/diskuto (screenshot inside) https://code.dlang.org/packages/diskuto It has a similar tree based structure with user voting, doesn't require registration and a basic set of functionality works without JavaScript support. Currently the only backend supported is MongoDB, but adding more is rather simple. Using NNTP as the target, as was discussed a few times in the past, is slightly tricky because editing and comment deletion needs to be supported. However, there is a limited time frame for those operations, so afterwards messages could be mirrored to a newsgroup safely (the other way around would of course always work). Any comments suggestions and especially helping hands are highly appreciated! [1]: https://github.com/rejectedsoftware/vibenews [2]: https://vibed.org/blog/ [3]: https://dlang.org/library/Started a temporary instance for hands-on testing: http://rejectedsoftware.com:10888/
 Mar 14 2017
Started a temporary instance for hands-on testing: http://rejectedsoftware.com:10888/Updated I see ;)
 Mar 14 2017
Am 14.03.2017 um 14:48 schrieb Faux Amis:Yeah, still tweaking a few things here and there. Very helpful to have people try out weird things ;) I'm just not sure how well that will work after someone posts this to Reddit.Started a temporary instance for hands-on testing: http://rejectedsoftware.com:10888/Updated I see ;)
 Mar 14 2017
On Tuesday, 14 March 2017 at 14:26:35 UTC, Sönke Ludwig wrote:Yeah, still tweaking a few things here and there. Very helpful to have people try out weird things ;) I'm just not sure how well that will work after someone posts this to Reddit.My comment is most upvoted. Where can I get my medal? (Just runned a script, which makes POST requests to diskuto/up with id=<your comment id>)
 Mar 14 2017
Dne 14.3.2017 v 20:17 Azbuka via Digitalmars-d-announce napsal(a):On Tuesday, 14 March 2017 at 14:26:35 UTC, Sönke Ludwig wrote:Sorry but I do not see it. Which one?Yeah, still tweaking a few things here and there. Very helpful to have people try out weird things ;) I'm just not sure how well that will work after someone posts this to Reddit.My comment is most upvoted. Where can I get my medal? (Just runned a script, which makes POST requests to diskuto/up with id=<your comment id>)
 Mar 14 2017
On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:Sorry but I do not see it. Which one?Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100.
 Mar 14 2017
Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a):On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:Deleted :DSorry but I do not see it. Which one?Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100.
 Mar 14 2017
Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a):On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H 'Origin: http://rejectedsoftware.com:10888' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: cs-CZ,cs;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.1144' -H 'Content-type: application/json' -H 'Accept: */*' -H 'Referer: http://rejectedsoftware.com:10888/' -H 'Cookie: vibe.session_id=QVwY1IGbGeELZw0v77w74RdDbQOKTheyQx8gi3HAQOWi6PTEQoRAxbUWUFmmLNq95FE nyZ1Og47SCeu5v6oog' -H 'Connection: keep-alive' --data-binary '{"id":"xxxxxxxxxxxxxxxxxxxxxxxx"}' --compressedSorry but I do not see it. Which one?Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100.
 Mar 14 2017
On Tuesday, 14 March 2017 at 20:02:08 UTC, Daniel Kozak wrote:Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a):Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow.On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H 'Origin: http://rejectedsoftware.com:10888' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: cs-CZ,cs;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.1144' -H 'Content-type: application/json' -H 'Accept: */*' -H 'Referer: http://rejectedsoftware.com:10888/' -H 'Cookie: vibe.session_id=QVwY1IGbGeELZw0v77w74RdDbQOKTheyQx8gi3HAQOWi6PTEQoRAxbUWUFmmLNq95FE nyZ1Og47SCeu5v6oog' -H 'Connection: keep-alive' --data-binary '{"id":"xxxxxxxxxxxxxxxxxxxxxxxx"}' --compressedSorry but I do not see it. Which one?Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100.
 Mar 14 2017
Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):On Tuesday, 14 March 2017 at 20:02:08 UTC, Daniel Kozak wrote:I have deleted not only my comments, I can delete enyone commentDne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a):Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow.On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H 'Origin: http://rejectedsoftware.com:10888' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: cs-CZ,cs;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.1144' -H 'Content-type: application/json' -H 'Accept: */*' -H 'Referer: http://rejectedsoftware.com:10888/' -H 'Cookie: vibe.session_id=QVwY1IGbGeELZw0v77w74RdDbQOKTheyQx8gi3HAQOWi6PTEQoRAxbUWUFmmLNq95FE nyZ1Og47SCeu5v6oog' -H 'Connection: keep-alive' --data-binary '{"id":"xxxxxxxxxxxxxxxxxxxxxxxx"}' --compressedSorry but I do not see it. Which one?Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100.
 Mar 14 2017
Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow.I have deleted not only my comments, I can delete enyone comment
 Mar 14 2017
On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:You'll also want a CSRF token for that, checking that the user is the author isn't enough.Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow.I have deleted not only my comments, I can delete enyone comment
 Mar 17 2017
Am 17.03.2017 um 16:42 schrieb cym13:On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work. IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways).Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:You'll also want a CSRF token for that, checking that the user is the author isn't enough.Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow.I have deleted not only my comments, I can delete enyone comment
 Mar 17 2017
On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:Am 17.03.2017 um 16:42 schrieb cym13:Please add oAuth with Google instead anti-spam. I really captcha end other stupid system where computer make decision enough am I human or no. Also auth with Telegram is very good thing. I think it would enough for 90% of users.On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work. IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways).Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:You'll also want a CSRF token for that, checking that the user is the author isn't enough.Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow.I have deleted not only my comments, I can delete enyone comment
 Mar 17 2017
Am 17.03.2017 um 18:30 schrieb Suliman:On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote:The idea is to allow anonymous comments, at least if a site wants to support it, because that can often reduce the initial entry barrier considerably, even compared against a convenient OAuth login. But the idea is that all kinds of authentication mechanisms can be plugged in using the relatively trivial `DiskutoUserStore` interface. So anyone can use their favorite means. I'd of course accept pull requests to include a range of default options, but I'll probably not have the time to do that myself.Am 17.03.2017 um 16:42 schrieb cym13:Please add oAuth with Google instead anti-spam. I really captcha end other stupid system where computer make decision enough am I human or no. Also auth with Telegram is very good thing. I think it would enough for 90% of users.On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote:True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work. IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways).Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:You'll also want a CSRF token for that, checking that the user is the author isn't enough.Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow.I have deleted not only my comments, I can delete enyone comment
 Mar 17 2017
On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote:So I was able to reserve the last two days to work on something new, and one thing that is currently rather lacking in the D/vibe.d web ecosystem is embedded commenting, be it for vibe.d's own blog engine [1]/[2] or for the DDOX based standard library documentation [3]. So I went ahead and created a little comment engine inspired by Disqus and Isso: [...]How deep (levels) can it handle sub comments?
 Mar 14 2017
Am 14.03.2017 um 20:09 schrieb aberba:On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote:It's currently unlimited, but I guess that either a functional or a visual limit of some sort needs to be defined. I'd probably make that configurable, because the sweet spot depends on the intended purpose of the comment section - real discussions or mainly just answers+comments (StackOverflow) or comments+answers (blog).So I was able to reserve the last two days to work on something new, and one thing that is currently rather lacking in the D/vibe.d web ecosystem is embedded commenting, be it for vibe.d's own blog engine [1]/[2] or for the DDOX based standard library documentation [3]. So I went ahead and created a little comment engine inspired by Disqus and Isso: [...]How deep (levels) can it handle sub comments?
 Mar 14 2017
Improvements implemented by now: - Authorization and time limit (5min client facing, 15min server facing) is now enforced for editing and deleting comments - The page must be queried first before any action is allowed (prevents trivial command line batch "attacks", as well as trivial spam automation) - The main comment form is minimized by default (only the text area, single-line height) - Maximum height of comments limited (will show scroll bars if exceeded) - Temporal boosting limited to hours instead of days - E-mail and website length limited - Message contents don't overflow the content area - Displayed comment count corrected Some changes may require Ctrl+F5 to refresh the cache. Thanks to everyone who helped testing the boundaries so far! This definitely sped up the initial finalization phase by a large margin. There are still some open points, but this gets close to being a complete product: - Implement moderation (!) and user registration to avoid identity spoofing (pluggable source user database) - Additional heuristics to prevent batch operations from a single client, possibly just showing a CAPTCHA for IPs that show a high frequency of operations on the same topic(s) - Work out how to best limit the visual or functional nesting level of comments - Translations to more languages
 Mar 15 2017
On Wednesday, 15 March 2017 at 08:57:53 UTC, Sönke Ludwig wrote:Improvements implemented by now: - Authorization and time limit (5min client facing, 15min server facing) is now enforced for editing and deleting comments - The page must be queried first before any action is allowed (prevents trivial command line batch "attacks", as well as trivial spam automation) - The main comment form is minimized by default (only the text area, single-line height) - Maximum height of comments limited (will show scroll bars if exceeded) - Temporal boosting limited to hours instead of days - E-mail and website length limited - Message contents don't overflow the content area - Displayed comment count corrected [...]The load balancer you were working on. Was it intended to handle DDoS attacks and what is the current status.
 Mar 15 2017
On Wednesday, 15 March 2017 at 10:40:31 UTC, aberba wrote:The load balancer you were working on. Was it intended to handle DDoS attacks and what is the current status.Being somewhat resistant to DDoS attacks is one of the secondary goals, but by the nature of it it would be very limited in what it can achieve there. A large scale cloud based approach is the only real solution. The project is currently on hold. I'd still like to finish it, but I had to resort to other solutions for the time being (lack of time).
 Mar 15 2017
Just implemented a visual overhaul - the "reply" buttons are gone and are replaced by the comment text box itself. This results in a less noisy page and one less click to make a reply. Any opinions on replacing Disqus with this on http://dlang.org/library/?
 Mar 15 2017
Nice. The only example code uses diet templates though, how would one embed this when not using diet?
 Mar 15 2017
Am 15.03.2017 um 21:30 schrieb Nick Sabalausky (Abscissa):Nice. The only example code uses diet templates though, how would one embed this when not using diet?I'll add two more examples - one using only JavaScript to embed the comments, which also works for non-D applications, and one using `compileDietHTMLFile`, writing the HTML directly to an output range.
 Mar 16 2017
Am 16.03.2017 um 08:30 schrieb Sönke Ludwig:Am 15.03.2017 um 21:30 schrieb Nick Sabalausky (Abscissa):The latest version now offers three embedding modes: https://github.com/rejectedsoftware/diskuto/tree/master/examples User accounts and simple moderation are also supported now. The embed-diet example shows how this can be plugged in.Nice. The only example code uses diet templates though, how would one embed this when not using diet?I'll add two more examples - one using only JavaScript to embed the comments, which also works for non-D applications, and one using `compileDietHTMLFile`, writing the HTML directly to an output range.
 Mar 16 2017
On 03/16/2017 06:23 AM, Sönke Ludwig wrote:The latest version now offers three embedding modes: https://github.com/rejectedsoftware/diskuto/tree/master/examples User accounts and simple moderation are also supported now. The embed-diet example shows how this can be plugged in.Nice. Very cool lib!
 Mar 17 2017
On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote:Any comments suggestions and especially helping hands are highly appreciated!Would be nice to undo/change votes. I accidentally clicked -1 and can't undo it.
 Mar 19 2017
Am 19.03.2017 um 12:13 schrieb MrSmith:On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote:Good point, I was a bit worried about this myself, and the fact that it directly occurred in practice suggests that this indeed needs to be improved.Any comments suggestions and especially helping hands are highly appreciated!Would be nice to undo/change votes. I accidentally clicked -1 and can't undo it.
 Mar 21 2017








 
  
  
 
 Daniel Kozak via Digitalmars-d-announce
 Daniel Kozak via Digitalmars-d-announce 