Re: Introducing Diskuto - an embeddable comment system
Am 19.03.2017 um 12:13 schrieb MrSmith: On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote: Any comments suggestions and especially helping hands are highly appreciated! Would be nice to undo/change votes. I accidentally clicked -1 and can't undo it. Good point, I was a bit worried about this myself, and the fact that it directly occurred in practice suggests that this indeed needs to be improved.
Re: Introducing Diskuto - an embeddable comment system
On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote: Any comments suggestions and especially helping hands are highly appreciated! Would be nice to undo/change votes. I accidentally clicked -1 and can't undo it.
Re: Introducing Diskuto - an embeddable comment system
On 03/16/2017 06:23 AM, Sönke Ludwig wrote: The latest version now offers three embedding modes: https://github.com/rejectedsoftware/diskuto/tree/master/examples User accounts and simple moderation are also supported now. The embed-diet example shows how this can be plugged in. Nice. Very cool lib!
Re: Introducing Diskuto - an embeddable comment system
Am 17.03.2017 um 18:30 schrieb Suliman: On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote: Am 17.03.2017 um 16:42 schrieb cym13: On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote: Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce: Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a): Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow. I have deleted not only my comments, I can delete enyone comment Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107 You'll also want a CSRF token for that, checking that the user is the author isn't enough. True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work. IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways). Please add oAuth with Google instead anti-spam. I really captcha end other stupid system where computer make decision enough am I human or no. Also auth with Telegram is very good thing. I think it would enough for 90% of users. The idea is to allow anonymous comments, at least if a site wants to support it, because that can often reduce the initial entry barrier considerably, even compared against a convenient OAuth login. But the idea is that all kinds of authentication mechanisms can be plugged in using the relatively trivial `DiskutoUserStore` interface. So anyone can use their favorite means. I'd of course accept pull requests to include a range of default options, but I'll probably not have the time to do that myself.
Re: Introducing Diskuto - an embeddable comment system
On Friday, 17 March 2017 at 16:42:28 UTC, Sönke Ludwig wrote: Am 17.03.2017 um 16:42 schrieb cym13: On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote: Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce: Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a): Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow. I have deleted not only my comments, I can delete enyone comment Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107 You'll also want a CSRF token for that, checking that the user is the author isn't enough. True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work. IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways). Please add oAuth with Google instead anti-spam. I really captcha end other stupid system where computer make decision enough am I human or no. Also auth with Telegram is very good thing. I think it would enough for 90% of users.
Re: Introducing Diskuto - an embeddable comment system
Am 17.03.2017 um 16:42 schrieb cym13: On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote: Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce: Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a): Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow. I have deleted not only my comments, I can delete enyone comment Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107 You'll also want a CSRF token for that, checking that the user is the author isn't enough. True, I have that and some other standard measures planned, but for now I wanted to concentrate on getting the general functionality and layout done. On the "security" side, simple moderation and registered user support is now in but still needs some additions, and the spam filter integration still needs a little work. IMO, those are the most important things for the start, because realistically nobody is going to implement a CSRF attack against this in the foreseeable future, and even if, the impact would be extremely limited (since only posts of the last 15 minutes can be changed anyways).
Re: Introducing Diskuto - an embeddable comment system
On Wednesday, 15 March 2017 at 02:14:34 UTC, Sönke Ludwig wrote: Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce: Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a): Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow. I have deleted not only my comments, I can delete enyone comment Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107 You'll also want a CSRF token for that, checking that the user is the author isn't enough.
Re: Introducing Diskuto - an embeddable comment system
Am 16.03.2017 um 08:30 schrieb Sönke Ludwig: Am 15.03.2017 um 21:30 schrieb Nick Sabalausky (Abscissa): Nice. The only example code uses diet templates though, how would one embed this when not using diet? I'll add two more examples - one using only JavaScript to embed the comments, which also works for non-D applications, and one using `compileDietHTMLFile`, writing the HTML directly to an output range. The latest version now offers three embedding modes: https://github.com/rejectedsoftware/diskuto/tree/master/examples User accounts and simple moderation are also supported now. The embed-diet example shows how this can be plugged in.
Re: Introducing Diskuto - an embeddable comment system
Am 15.03.2017 um 21:30 schrieb Nick Sabalausky (Abscissa): Nice. The only example code uses diet templates though, how would one embed this when not using diet? I'll add two more examples - one using only JavaScript to embed the comments, which also works for non-D applications, and one using `compileDietHTMLFile`, writing the HTML directly to an output range.
Re: Introducing Diskuto - an embeddable comment system
Nice. The only example code uses diet templates though, how would one embed this when not using diet?
Re: Introducing Diskuto - an embeddable comment system
Just implemented a visual overhaul - the "reply" buttons are gone and are replaced by the comment text box itself. This results in a less noisy page and one less click to make a reply. Any opinions on replacing Disqus with this on http://dlang.org/library/?
Re: Introducing Diskuto - an embeddable comment system
On Wednesday, 15 March 2017 at 10:40:31 UTC, aberba wrote: The load balancer you were working on. Was it intended to handle DDoS attacks and what is the current status. Being somewhat resistant to DDoS attacks is one of the secondary goals, but by the nature of it it would be very limited in what it can achieve there. A large scale cloud based approach is the only real solution. The project is currently on hold. I'd still like to finish it, but I had to resort to other solutions for the time being (lack of time).
Re: Introducing Diskuto - an embeddable comment system
On Wednesday, 15 March 2017 at 08:57:53 UTC, Sönke Ludwig wrote: Improvements implemented by now: - Authorization and time limit (5min client facing, 15min server facing) is now enforced for editing and deleting comments - The page must be queried first before any action is allowed (prevents trivial command line batch "attacks", as well as trivial spam automation) - The main comment form is minimized by default (only the text area, single-line height) - Maximum height of comments limited (will show scroll bars if exceeded) - Temporal boosting limited to hours instead of days - E-mail and website length limited - Message contents don't overflow the content area - Displayed comment count corrected [...] The load balancer you were working on. Was it intended to handle DDoS attacks and what is the current status.
Re: Introducing Diskuto - an embeddable comment system
Improvements implemented by now: - Authorization and time limit (5min client facing, 15min server facing) is now enforced for editing and deleting comments - The page must be queried first before any action is allowed (prevents trivial command line batch "attacks", as well as trivial spam automation) - The main comment form is minimized by default (only the text area, single-line height) - Maximum height of comments limited (will show scroll bars if exceeded) - Temporal boosting limited to hours instead of days - E-mail and website length limited - Message contents don't overflow the content area - Displayed comment count corrected Some changes may require Ctrl+F5 to refresh the cache. Thanks to everyone who helped testing the boundaries so far! This definitely sped up the initial finalization phase by a large margin. There are still some open points, but this gets close to being a complete product: - Implement moderation (!) and user registration to avoid identity spoofing (pluggable source user database) - Additional heuristics to prevent batch operations from a single client, possibly just showing a CAPTCHA for IPs that show a high frequency of operations on the same topic(s) - Work out how to best limit the visual or functional nesting level of comments - Translations to more languages
Re: Introducing Diskuto - an embeddable comment system
Am 14.03.2017 um 20:09 schrieb aberba: On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote: So I was able to reserve the last two days to work on something new, and one thing that is currently rather lacking in the D/vibe.d web ecosystem is embedded commenting, be it for vibe.d's own blog engine [1]/[2] or for the DDOX based standard library documentation [3]. So I went ahead and created a little comment engine inspired by Disqus and Isso: [...] How deep (levels) can it handle sub comments? It's currently unlimited, but I guess that either a functional or a visual limit of some sort needs to be defined. I'd probably make that configurable, because the sweet spot depends on the intended purpose of the comment section - real discussions or mainly just answers+comments (StackOverflow) or comments+answers (blog).
Re: Introducing Diskuto - an embeddable comment system
Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce: Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a): Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time. I've noted the other issues and will tackle those tomorrow. I have deleted not only my comments, I can delete enyone comment Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it: https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107
Re: Introducing Diskuto - an embeddable comment system
Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):
On Tuesday, 14 March 2017 at 20:02:08 UTC, Daniel Kozak wrote:
Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a):
On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:
Sorry but I do not see it. Which one?
Looks like it have been deleted. Okay, 2k upvotes is too much. I'll
make it 100.
curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H 'Origin:
http://rejectedsoftware.com:10888' -H 'Accept-Encoding: gzip,
deflate' -H 'Accept-Language: cs-CZ,cs;q=0.8' -H 'User-Agent:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.1144' -H
'Content-type: application/json' -H 'Accept: */*' -H 'Referer:
http://rejectedsoftware.com:10888/' -H 'Cookie:
vibe.session_id=QVwY1IGbGeELZw0v77w74RdDbQOKTheyQx8gi3HAQOWi6PTEQoRAxbUWUFmmLNq95FE5nyZ1Og47SCeu5v6oog'
-H 'Connection: keep-alive' --data-binary
'{"id":""}' --compressed
Did you delete the comments yourself? The time limit for
deletion/editing currently isn't enforced on the server (ticket
already open), so anyone can delete their own tickets currently at any
time.
I've noted the other issues and will tackle those tomorrow.
I have deleted not only my comments, I can delete enyone comment
Re: Introducing Diskuto - an embeddable comment system
On Tuesday, 14 March 2017 at 20:02:08 UTC, Daniel Kozak wrote:
Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce
napsal(a):
On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:
Sorry but I do not see it. Which one?
Looks like it have been deleted. Okay, 2k upvotes is too much.
I'll make it 100.
curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H
'Origin: http://rejectedsoftware.com:10888' -H
'Accept-Encoding: gzip, deflate' -H 'Accept-Language:
cs-CZ,cs;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87
Safari/537.36 OPR/43.0.2442.1144' -H 'Content-type:
application/json' -H 'Accept: */*' -H 'Referer:
http://rejectedsoftware.com:10888/' -H 'Cookie:
vibe.session_id=QVwY1IGbGeELZw0v77w74RdDbQOKTheyQx8gi3HAQOWi6PTEQoRAxbUWUFmmLNq95FE5nyZ1Og47SCeu5v6oog' -H 'Connection: keep-alive' --data-binary '{"id":""}' --compressed
Did you delete the comments yourself? The time limit for
deletion/editing currently isn't enforced on the server (ticket
already open), so anyone can delete their own tickets currently
at any time.
I've noted the other issues and will tackle those tomorrow.
Re: Introducing Diskuto - an embeddable comment system
Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a):
On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:
Sorry but I do not see it. Which one?
Looks like it have been deleted. Okay, 2k upvotes is too much. I'll
make it 100.
curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H 'Origin:
http://rejectedsoftware.com:10888' -H 'Accept-Encoding: gzip, deflate'
-H 'Accept-Language: cs-CZ,cs;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11;
Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87
Safari/537.36 OPR/43.0.2442.1144' -H 'Content-type: application/json' -H
'Accept: */*' -H 'Referer: http://rejectedsoftware.com:10888/' -H
'Cookie:
vibe.session_id=QVwY1IGbGeELZw0v77w74RdDbQOKTheyQx8gi3HAQOWi6PTEQoRAxbUWUFmmLNq95FE5nyZ1Og47SCeu5v6oog'
-H 'Connection: keep-alive' --data-binary
'{"id":""}' --compressed
Re: Introducing Diskuto - an embeddable comment system
Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a): On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote: Sorry but I do not see it. Which one? Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100. Deleted :D
Re: Introducing Diskuto - an embeddable comment system
On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote: Sorry but I do not see it. Which one? Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100.
Re: Introducing Diskuto - an embeddable comment system
Dne 14.3.2017 v 20:17 Azbuka via Digitalmars-d-announce napsal(a): On Tuesday, 14 March 2017 at 14:26:35 UTC, Sönke Ludwig wrote: Yeah, still tweaking a few things here and there. Very helpful to have people try out weird things ;) I'm just not sure how well that will work after someone posts this to Reddit. My comment is most upvoted. Where can I get my medal? (Just runned a script, which makes POST requests to diskuto/up with id=) Sorry but I do not see it. Which one?
Re: Introducing Diskuto - an embeddable comment system
On Tuesday, 14 March 2017 at 14:26:35 UTC, Sönke Ludwig wrote: Yeah, still tweaking a few things here and there. Very helpful to have people try out weird things ;) I'm just not sure how well that will work after someone posts this to Reddit. My comment is most upvoted. Where can I get my medal? (Just runned a script, which makes POST requests to diskuto/up with id=)
Re: Introducing Diskuto - an embeddable comment system
On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote: So I was able to reserve the last two days to work on something new, and one thing that is currently rather lacking in the D/vibe.d web ecosystem is embedded commenting, be it for vibe.d's own blog engine [1]/[2] or for the DDOX based standard library documentation [3]. So I went ahead and created a little comment engine inspired by Disqus and Isso: [...] How deep (levels) can it handle sub comments?
Re: Introducing Diskuto - an embeddable comment system
Am 14.03.2017 um 14:48 schrieb Faux Amis: Started a temporary instance for hands-on testing: http://rejectedsoftware.com:10888/ Updated I see ;) Yeah, still tweaking a few things here and there. Very helpful to have people try out weird things ;) I'm just not sure how well that will work after someone posts this to Reddit.
Re: Introducing Diskuto - an embeddable comment system
Started a temporary instance for hands-on testing: http://rejectedsoftware.com:10888/ Updated I see ;)
Re: Introducing Diskuto - an embeddable comment system
Am 14.03.2017 um 12:17 schrieb Sönke Ludwig: So I was able to reserve the last two days to work on something new, and one thing that is currently rather lacking in the D/vibe.d web ecosystem is embedded commenting, be it for vibe.d's own blog engine [1]/[2] or for the DDOX based standard library documentation [3]. So I went ahead and created a little comment engine inspired by Disqus and Isso: https://github.com/rejectedsoftware/diskuto (screenshot inside) https://code.dlang.org/packages/diskuto It has a similar tree based structure with user voting, doesn't require registration and a basic set of functionality works without JavaScript support. Currently the only backend supported is MongoDB, but adding more is rather simple. Using NNTP as the target, as was discussed a few times in the past, is slightly tricky because editing and comment deletion needs to be supported. However, there is a limited time frame for those operations, so afterwards messages could be mirrored to a newsgroup safely (the other way around would of course always work). Any comments suggestions and especially helping hands are highly appreciated! [1]: https://github.com/rejectedsoftware/vibenews [2]: https://vibed.org/blog/ [3]: https://dlang.org/library/ Started a temporary instance for hands-on testing: http://rejectedsoftware.com:10888/
Introducing Diskuto - an embeddable comment system
So I was able to reserve the last two days to work on something new, and one thing that is currently rather lacking in the D/vibe.d web ecosystem is embedded commenting, be it for vibe.d's own blog engine [1]/[2] or for the DDOX based standard library documentation [3]. So I went ahead and created a little comment engine inspired by Disqus and Isso: https://github.com/rejectedsoftware/diskuto (screenshot inside) https://code.dlang.org/packages/diskuto It has a similar tree based structure with user voting, doesn't require registration and a basic set of functionality works without JavaScript support. Currently the only backend supported is MongoDB, but adding more is rather simple. Using NNTP as the target, as was discussed a few times in the past, is slightly tricky because editing and comment deletion needs to be supported. However, there is a limited time frame for those operations, so afterwards messages could be mirrored to a newsgroup safely (the other way around would of course always work). Any comments suggestions and especially helping hands are highly appreciated! [1]: https://github.com/rejectedsoftware/vibenews [2]: https://vibed.org/blog/ [3]: https://dlang.org/library/
