3) a low barrier to a signup for those who don't (you barely even need an e-mail address)
4) an API
The downside right now is that you have to leave the page to comment, but I don't think it's a big deal. It probably lowers engagement a little, but I find that the most commens happen on other aggregators like HN, no matter which service you use for comments.
I also use reddit's RSS feeds, since a few people asked for that.
Reddit has its share of immature users and a culture of snark, but my subreddit has managed to steer clear of that.
There is another big (in my eyes) downside to using Reddit for such purpose: Reddit threads are automatically archived after six months, at which point no new comments can be added to them. Of course nothing stops a user from creating a fresh thread, but that leads to fragmentation of comments and if you want to somehow mitigate this, it introduces additional effort.
Disqus was a lot better before they spent a bunch of time and money building out live updates. Does anyone actually like that feature? Having posts move down the screen at random intervals as you're trying to read them is incredibly frustrating. Every time I have to click "pause live updates" I wonder why not just turn that off for good.
I'm using Facebook comments for a new project I'm starting, but I would really prefer to be using reddit. Has anyone seen a way to embed reddit comments onto a web page that isn't too hacky? -iframes, etc. I have a subreddit created for my site already, but I really don't want to just link to the discussion pages like you're doing.
I could have sworn I had seen a few articles a couple of years back saying reddit was getting into the embedded comments game like Facebook and Disqus, but I haven't seen them around anywhere.
Reddit dev here. I made one of our current oembeds. I have thought for a while that it would be neat to offer one for a subreddits top posts. A comment tree embed would be cool too. I don't know if mods would be fans of it letting users add comments from it though.
Maybe I'll play with this during our company hackathon next week.
I wish Reddit would embrace commenting and could compete with Disqus. I think bloggers especially have more trust in reddit, if would work fast and doesn't load a lot of crap like disqus it would bring a good chunk of new users to reddit and also be beneficial to bloggers themselves.
I imagine embeds would be enabled/disabled per subreddit so mods wouldn't have to deal with it if they didn't want to. A blog that wants to add comments from Reddit would start their own subreddit.
As a former moderator of a default subreddit, I don't think you know what you're talking about here. AutoMod is a useful tool but can only implement basic rules—it's more a supplement to human moderators. And people of course care about things that aren't their jobs.
If it's a new project, I wouldn't worry about the extra click until you start getting some comments (yeah I realize it's a bit circular, but true). My experience is that you will get comments from the aggreggators that the traffic came from, e.g. HN. And maybe Twitter and Facebook.
Most people aren't used to posting comments on websites anymore. But I do get a few comments on Reddit, and it has been worth it.
> For unauthenticated requests, the rate limit allows you to make up to 60 requests per hour. Unauthenticated requests are associated with your IP address, and not the user making requests.
In this case, all the comments for an issue are returned with a single API call, making the limit a nonissue (unless someone is binge-reading more than a post a minute)
Also, it may be a good idea to sanitize the comment.body_html. That seems XSS abuseable.
> Also, it may be a good idea to sanitize the comment.body_html. That seems XSS abuseable.
GitHub handles sanitizing comment HTML automatically. They use a fairly strict[1] whitelist of tags/attributes that are allowed through. Anything that's not allowed gets escaped.
Is the rate limit per API key, or per IP address sending the request? If it's counted by API key (which it sounds like it is), then the comments should stop working after 60 site visitors in an hour... But, if that's the case, wouldn't the influx of visitors from HN have already broken it?
It's per IP so if the loading is done in a distributed fashion, say via AJAX, it'll work fine.
I'm not aware of rate limits for individual repos. I think they can set it up if they want but it's not enabled by default. I remember a package manager hammering GitHub with anonymous requests that they limited but that was a special case.
> making the limit a nonissue (unless someone is binge-reading more than a post a minute)
The one issue that jumps to mind is for CGNAT'ed users if that rate limit is for site wide un-authed requests. CGNATing cell users is pretty popular here in the UK.
Barely similar, and also helpful for static sites: an 3rd-party (and open source/self-hostable) option to password-protect (HTTP Basic Auth) files on S3:
Would be great if could have JavaScript which would perform the PR directly from user's browser to github instead of going through static man in the middle.
This is cool. I like the simplicity and DIY approach.
I've done something similar with my blog. [1] It's not using Disqus or any heavyweight 3rd party solution for comments.
Instead, I've created something very simple, similar to GitHub Issues frontend UI and backend, and used that. The backend is completely pluggable (it's an interface [2]), so it can be implemented by talking to real GitHub API [3], or any custom implementation you want. My blog uses a simple JSON files implementation, so I can avoid a heavyweight database dependency.
Oh, and I've also implemented reactions. Not just 6, all of them. [4]
I do use GitHub for authentication though, I don't want to make people come up with yet another password.
Well... they have to make money to pay bills and make a return for investors - they're not an altruistic charity. The trackers appear to feed into behavioral targeting companies who probably pay for it.
Their pricing page clearly says the free version is ad supported, paid versions can turn off ads.
But it is sad how 'ads' is now synonym for 'behavioral analysis and internet wide tracking'. On blogs and the like, they instead could show ads that are related to the blog, not the specific reader.
Basically the reason that doesn't happen is because such a business model of matching blog one by one with advertizers doesn't scale - neither for the buyer, not for the seller.
The person making such a market cannot make a living out of it without automation unless the blog comes off the bat with millions of viewers (think top YouTube channel content creators who get sponsorship). With automation comes the need for tracking.
Almost always this has a highly enforced anonymity - since the behavioral signal is more valuable than knowing who exactly you are.
They could do one tracking request and fan out to different tracking systems on the backend. Doesn't solve the privacy issue, but solves the loading issue.
To me this feels like something GitHub would approve of. GitHub Issues intentionally gives users a lot of freedom so they can use it however they want. Unlike competitors who forced you to do something a certain way.
This is creative, and if your blog is hosted via GitHub Pages, then using Issues to discuss the content is not far-fetched at all.
Yes. I see a way GitHub could turn the Issue feature into a more flexible service that explicitly allows this kind of use cases. However, as of now, there was no explicit wording that encourages creative use of Issues and its API.
While GitHub may keep silent now as there are not many people doing this, if in the future the "hacks" become more popular, we could see GitHub taking a stance on this.
I certainly hope GitHub can gives some explicit consent to these use cases, which could lead to an entire set of new services that GitHub can offer (like what Google is doing currently).
I remember that when people started to use GitHub for other things besides code GitHub released a blog post telling it liked the idea, and started to display formatted CSV, YAML front-matter, GeoJSON, PDF and who knows what else.
I was totally sold with github as comments, but then I saw you need to leave the page to comment. That's really unfortunate! If we could get a minimalist, not tracking widget that would be ideal.
I think expecting your users to have a GitHub account to leave comments is a terrible idea. Normal non-developers do not have, do not want, and should probably not be enticed to, make a GitHub account for purposes that have nothing to do with GitHub. Not to mention that unless GitHub themselves state that this is perfectly acceptable, they could take steps at any time to counter/block such usage.
I totally get the concern as Disqus is a third party with their own monetization and ad goals. But it still seems a bit abusive of GitHub as a free service?
Worth noting that hackers who use workarounds like this are doing it for the fun and since it looks like an unmonetized personal blog, OP presumably would prefer not having a monthly bill for servers.
For any serious project, I agree that discourse is a great option or maybe a custom built comments solution depending on the use case.
The blog itself is hosted on GitHub in accordance with their terms of service, and the comments are rate-limited by existing policies. So it seems like intended use.
It's nice to have the content and the comments handled by the same provider, so that they are available under the same circumstances.
Because Disqus is free and takes just a few seconds to add the snippet of JS code to your site to work whereas Discourse requires a 2GIG server at $10-$20 a month and then usually hours of configuration.
Discourse may or may not be good system but I find it sad that it has such huge requirements compared to old school php forums like phpbb, smf, vbulletin etc...
Discourse really isn't very good. If you want a more powerful forum system that doesn't need as much CPU power, get SMF or Xenforo or MyBB or something. If you want some new fancy thing, get NodeBB. Many of the sites that used to use Discourse are moving to NodeBB.
We don't see many NodeBB sites in the wild. If you want an old-schoool, traditional PHP / MySQL system, XenForo is a good choice, but there are a lot of critical security exploits, so stay up to date.
I came to say the same thing. This option works great.
You can embed your comments as needed... customize / configure Discourse as needed... it's easy to work with (even across pages hosted on different URLs -- if you can set a Canonical you can call the right comments)... easy to add signups to your CRM... my clients running this setup have been very happy with it.
Disqus... you leave the site, you leave the branded design, to create an account and sign in... it's trash for real sites.
GitHub... seems like shoehorning in something not quite right. "Paint the cat orange and call it a tiger..."
Better: Load Disqus comments on demand when pressing a button. Have seen this approach on some websites. The usage of GitHub for comments seems really wrong for me. Then better opt out with a system like Isso.
I was quite amazed at the number of trackers listed. But on my own blog, where Disqus is used, I never see most of them. The only domains loaded are from disqus or Google Analytics.
Interesting, Domains like connect.facebook.net or rc.rlcdn.com don't show up in the Chromium network connection list, even in an anonymous session (so that all extensions are disabled).
Found this: https://blog.disqus.com/protecting-users-privacy-on-disqus My browser didn't send a DNT header with the request though. The blogpost seems to be a bit of a joke when comparing it to the list of trackers reported by pingdom.
This is a problem that Google Wave solved really nicely. You could embed a "Wave" at the bottom of each post on your blog/s. All of them then appeared in your Wave client in one place and you could reply/admin from there (or on the blog/s themselves).
UX is nice, though I wouldn't call it efficient (off-site AJAX calls just to fetch a few blobs of text that should be a property of the site anyway). Then again, Disqus is not a comment system, it's a social network, so - tracking aside - it's fine if you care about its extra features (mostly site cross-marketing).
I've decided to move my blog to a GitHub + Gist since it's easy to crosslink and include code snippets. Visitors can write comments with their Github account and don't have to leave the site. The Github stars (likes) are also very nice :-) As "Index" I use a special Github Repo with link collection (date, title, url) to my Gist blogs and use Twitter to promote my blogs. Of course you could use the Github JSON API and jQuery to integrate it into youre website :)
I think the one tweak I need to make is keeping a copy of the blog index in the README.md for the main project. That way watching the project will effectively provide notification of new content.
It looks like GitHub caches this really aggressively, as there are more comments showing up on the issue than on the article page. That may be a major downside to this technique.
just posted that I found a serious bug in the github comment API last month and to my knowledge this hasn't been fixed yet, or at least their support hasn't acknowledged that it's fixed yet. The bug affects pages with 500+ comments, it will return duplicate comments instead of the unique set of comments. For example if you had comments: [1,2,3,4], it would sometimes return [1,1,3,4].
I've had an idea for a potential free solution that should be easy to implement if anyone has more time than me:
A one-click setup simple enough for non-technical users.
Instructions should be along these lines:
1. Sign up for AWS if you haven't already got an account
2. Generate a keypair and run our setup/load our template/whatever (I'm a bit hazy on AWS automation but I would imagine there's a fairly obvious way to do this. The new CodeStar thing looks like it might fit the bill)
3. Place this snippet of javascript in your page
The service would use Lambda and DynamoDB to to handle storing/serving the comments. Costs would be fairly minimal for low-traffic sites.
Rough guess is that this would be no more than a few days to a couple of weeks work for someone. Am I over-optimistic?
So either someone does this to scratch an itch or we fund it via Patreon/Kickstarter.
I've had an idea for a potential free solution: www.wordpress.com
Nevermind. It's not an idea, it's a real product.
You're gonna have a very hard time if you want to run instances, lambda and dynamodb in the cloud only to run a blog with comments. First, it's really complex to setup, even for an experienced dev. Second, it's gonna costs a ton of money and you'll be at the mercy of your traffic.
This wasn't a solution for "a blog with comments" - it was a solution for a pluggable comments app that you could add to any site even static html. We were talking about Disqus so I was thinking about what Disqus brings to the table.
> First, it's really complex to setup, even for an experienced dev.
The whole point of the idea was that the setup would be templated. That's why I spelt out the steps I envisaged the end-user having to perform. Did you miss that part?
> Second, it's gonna costs a ton of money and you'll be at the mercy of your traffic.
This depends on traffic and my hunch is that it would be quite affordable for most low/medium traffic blogs. Lambda is dirt cheap and Dynamo has a very generous free allowance. Also see the suggestion below and my reply. The comments section would only need to be generated when a comment was posted and the html fragment could be stored in a free CDN.
This could work, but only if you could automate billing caps too. I imagine for a low-traffic blog this could easily fit within free-tier requirements, but you don't want to suddenly get a bill when a page gets HN'd or something. Ideally the service should just fail when it hits free-tier limits and you can use the local js to display "Comments unavailable due to high traffic" or whatever.
If any of this is not automatable it fails as an idea, because configuring AWS requires a colossal amount of effort from someone who hasn't already used it.
Spending limits are far more complicated than they might seem since these services are designed to be billed by usage and many accrue charges even in a steady state.
What exactly is supposed to happen when the billing limit is hit? Delete everything? That's the only way to actually stop billing completely and I'm not sure who would actually want that.
No service that I know of deletes everything even when there are billing issues. No public access is nearly equivalent from the end user's perspective, and usually there is a grace period before everything is deleted. All in all it is an interesting conflict of interest on the cloud provider's part.
I'd go one step further and would generate structured files with the comments, which are stored in an HTTP-enabled S3-bucket, so the website showing the comments can still rely solely on static resources for comment display and only requires AWS Lambda/DynamoDB for posting new ones.
Great idea. Don't forget that Dynamo has a generous free allowance. I'm not sure how much you'd save. Maybe instead of S3 you could use a free CDN such as Cloudflare.
Disqus runs ads white-labeled through adsnative.com - and this is a programmatic ad network that uses real-time bidding to run auctions and get ads as the page loads - which come with numerous adtech networks attached in those tags. None of those listed are malware or outright harmful but they are all adtech companies in some aspect (ad serving, data tracking, verification, etc).
Disqus without ads and without real-time comments is pretty fast, but those days are long gone and they're also full of spam. It's also such easy spam to catch that it feels like they just stopped caring and are cashing in as long as they can.
Also why not just use Gists? I've seen a few people use them as a standalone blog pages with markdown files, and it also has an API available.
I'm not sure if this is really relevant, but recently I've been looking into something similar: trying to find a decent, self-hosted, simple "real-time chatbox" to add to my site instead of the various online options. Anyone know of something good for this?
BTW, if I open a page from disqus.com (1) with theirs comments I don't see those strange requests but if I open a page from someone's website (2) they are there!
I've made the decision to remove comments from my personal blog[1], and use Pull Requests and Issues for substantive discussion. "Chat" kinds of discussions are better off on social media like Twitter, or in specific communities, like HN.
I don't know if Disqus requests so much tracking. Currently, I am setting up a personal blog and looking for a comment system for it. There are two choices: Disqus and Twitter. Why? Disqus is free and easy to put it to whatever blog platforms you use and Twitter is free too, I think many people have it. After reading this, I think GitHub is not a good place to give a comment because somebody who doesn't have account must register first. I am talking about "non-developer" reader.
Does anybody here use Twitter as a blog comment system? I would like to know your experience since some of people usually use it for their blog.
Dumb question: Why don't people just slap a little PHP + MySQL comment section (or similar) onto their site? It takes little skill to do that and has the benefit that you control everything because all requests go to you and you can manage the tables yourself.
I think using Google's implementation winds up being enough, but anything homebrew/self-hosted (to avoid tracking) is usually not going to protect high-value targets. Any recommendations would be appreciated!
>but anything homebrew/self-hosted (to avoid tracking) is usually not going to protect high-value targets.
Is it really realistic to expect advanced attacks on CAPTCHAs with visual recognition or Mechanical Turk? I think you'd have to be a very high value target. I wrote a little PHP captcha when I was 15 and I've been using it ever since, and I never got any spam on my (admittedly very low-traffic) sites.
I actually wanted to implement visual perturbations based on perlin noise, but I really never got around to doing that. Would be an exciting little project.
I wonder the same thing. This seems like a solution in search of a problem. For your average blog, a spam filter plus a moderation queue for first-time posters works just fine.
Also, if a site asks me to use someone else's credentials to comment, I probably won't bother. Why should my hobby-coding account on Github, or my spam-catching account on Gmail, be linked to your blog about philately or bird-watching?
I think Disqus also just has a lot of UI issues. For sites that I visit which used to implement their own comment system and switched, it has only been for the worse. You could argue that the opposite should be true since comments are Disqus's job and they can focus on doing just that thing well. But sites where people regularly comment are communities. Each wants things to work a little differently to match how the community functions. But besides that there are more basic things it simply doesn't handle well like paging and collapsing.
Dear god that is an absolutely insane amount of 3rd party tracking. You would think Disqus would aggregate all the tracking into one service they control and then distribute it out (and also, it would only be one thing that needs to be blocked with uBlock Origin. Two problems solved!)
I ended up using Reddit for blog comments:
http://www.oilshell.org/blog/2016/12/29.html
Reddit has:
1) a good commenting interface
2) many existing users with accounts
3) a low barrier to a signup for those who don't (you barely even need an e-mail address)
4) an API
The downside right now is that you have to leave the page to comment, but I don't think it's a big deal. It probably lowers engagement a little, but I find that the most commens happen on other aggregators like HN, no matter which service you use for comments.
I also use reddit's RSS feeds, since a few people asked for that.
Reddit has its share of immature users and a culture of snark, but my subreddit has managed to steer clear of that.