Threads for floppydiskette

  1. 1

    Thanks for sharing.

    Would be interested to know why Redux vs React.Context (in my case, by the time I needed the app-scope state sharing, React.Context was already available, so I never got a chance leverage Redux).

    I also use ReactRouter, primarily because it has integration for React-native. It is elegant, in my view. For more complex styling I use React-Bootstrap.

    But overall, I also tend to pick components that can work with React Native and React Native web – so that I can reduce my ‘cognitive load’ required to maintain web and mobile end-user apps for the same system.

    May be this is outside of your scope, but would be interesting to understand if the proposed directory structure can be extended to handle code sharing between react native (mobile) and web apps (eg sharing some navigation logic, forms, and having different styling). In my experience, this is somewhat ‘non-obvious’ (but I also conceded that I might have not solved it in the best way).

    1. 2

      Sorry, I missed this post.

      Regarding Context vs. Redux, I originally used Context when it was new, but I was using Context with React classes. In that time, you could only consume one Context per class component, and that was a problem, so I eventually refactored everything to use Redux.

      Later, Hooks came out, and multiple Contexts are now able to be used in functional components, so that solves that issue. However, Redux comes with a lot of great things like time travel debugging and the Redux DevTools that make development so much easier. I would still use Redux for the main state management, and I use Context for smaller contained widgets.

      As for code sharing, I think a 3rd library to share between web and mobile for React components would make the most sense.

    1. 2

      Well, you’re using jQuery and tags in HTML files so…sure. You don’t need Webpack. You also have a Python app, not a JavaScript-based SPA.

      1. 8

        Those are orthogonal though. There’s nothing that dictates that one needs webpack when using, say react vs jQuery for example. The point of the post stands.

        What puzzles me is that they use jQuery. You don’t need jQuery. Browser JavaScript APIs are well standardized and already include most, if not all jQuery functionalities. Perhaps with a little bit less syntax sugar.

        Old school simple script tags are underrated. I made a simple game last year in JavaScript using only a single HTML file and a single script. No npm modules, no libraries. I think the work of setting up/understanding the whole load of glue and piping of “modern JavaScript” alone would require more effor than the whole project.

        1. 1

          Yep the jquery is just for sugar syntax. As it’s already included by some libraries, I’m just too lazy to use the Browser API …

      1. 7

        Isn’t it funny that when I think about writing web project I would much rather use PHP than JS (I am not kidding).

        JS is a crazy ecosystem and it is hard to defend it. Of course, vanilla JS used for it’s purpose is… not that terrible (although still WebAsm is superior).

        I am sorry if my opinions might cause disagreements, but JS is an ecosystem that has evident problems and saying ‘people just do not understand’ does not quite cut it.

        1. 3

          I work every single day in NodeJS and PHP. I will tell you one thing, if I am going to build any web service I am not going to reach for NodeJS. I always thought it made more sense to use tools like PHP-FPM and NGINX to get a web application off the ground than NodeJS, the Express.js package, a process manager for the service, and NGINX to proxy into.

          I do a lot of AWS Lambda work though and I have seen first hand why the IO on NodeJS is so highly regarded.

          I like writing code in both, and achieving the specific business goals with both, but I see they have their own strengths.

          1. 2

            You can run a Node server without an nginx proxy. I just deploy a Node server in a Docker container and you don’t need the process manager or nginx.

          2. 3

            I am sorry if my opinions might cause disagreements, but JS is an ecosystem that has evident problems and saying ‘people just do not understand’ does not quite cut it.

            This seems valid. While neither the language nor the ecosystem are without controversy, it would be far easier to defend the language than to defend the ecosystem. However, both are rapidly improving—I’m excited to see what Deno will do to the ecosystem.

            1. 2

              With such I am always worried with adding standards routine. Of course, if JS issues will be solved and the ecosystem stops being an annoyance and gets straightforward, then I will retract all my points as being dogmatic is not beneficial to anyone.

          1. 4

            As long as HTTP is supported, everything is alright. I guess at some point web browsers will stop processing js served through HTTP, so that the “this site is insecure” icon will lose its meaning and civilized people can get back to plain http for simple static sites (instead to resorting to gopher and whatnot).

            1. 8

              I like the idea of removing JavaScript from plain HTTP. Give us back the Simple Web!

              1. 5

                It seems to me that there is a large portion of the web/browser community that would rather just drop support for HTTP altogether. Hopefully they won’t do that, because IMHO we need simpler protocols and tech, not more complex. Modern trends like HTTP/2, Kubernetes and whatnot are all adding complexity, while practically no new inventions reduce it. Sooner or later it will be impossible to understand how it all works, even dedicated experts will only understand a tiny portion of all the moving parts.

                1. 2

                  What does enabling JS have to do with the move from HTTP to HTTPS? HTTPS is about encrypting the requests/responses, not preventing XSS.

                  1. 4

                    I can’t speak for anyone else, but I’m thinking of events like the one that took down GitHub a few years ago.

                    It’s not technically the same scenario, since they injected the scripts through an ad network rather than a MITM attack, but it does match a general rule: allowing third parties to inject arbitrary JavaScript into your web site is no better than running Windows 98 on the public internet. Even if there’s nothing valuable on the computer, the computer itself is valuable enough to hack.

                    And everyone should be running an ad blocker, of course. The web really is this era’s equivalent to the DOS-based family of Windows.

                    1. 3

                      I am a vocal proponent of using HTTP and not using HTTPS for displaying unsecure static data to the world. The increased complexity of HTTPS and its need to depend on third parties are too strong inconveniences for such a basic usage. I argue that my website is a sand castle in the beach, for everyone to look at, and I do not really care if some random visitors (“attackers”, if you want) come and put their name or whatever they want on it.

                      The invariable reply to my pleas is that using HTTP can not only be used by others to mis-represent my work (which I do not care about), but that it is actually evil. The reasoning is that some man in the middle can attack the communication channel and inject evil code that will “steal the credit cards” of my readers, and that this theft will be entirely my fault for providing an insecure channel. I find this argument particularly offensive and complete bullshit, but I have heard it so many times that I guess that many people are worried about that. Since you cannot realistically steal credit cards without javascript or some form of scripting, I would be really happy if browsers blocked scripting over http. This will make http great again for personal static sites.

                      1. 3

                        I’ve legit seen ISPs in certain regions inject ridiculous ads and track the content of HTTP pages people visit.

                        1. 3

                          I’m thinking less about stealing the credit cards and more about redirecting traffic to malicious servers which can install malware. https://theintercept.com/2014/03/12/nsa-plans-infect-millions-computers-malware/

                    1. 3

                      I keep everything in markdown files in one folder. https://github.com/nikitavoloboev/knowledge

                      ~/Dropbox/Write/knowledge master 
                      
                      ❯ loc 
                      
                       Language             Files        Lines        Blank      Comment         Code
                      
                       Markdown               796        26586         4256            0        22330
                      

                      22330 lines of content so far (calculated with loc tool).

                      In future want to move stuff from wiki to Learn Anything system I am building (https://github.com/learn-anything/learn-anything).

                      For now I access everything using Alfred workflow (https://github.com/nikitavoloboev/alfred-my-mind)

                      I also use gitupdate tool to automatically push changes to github with names of files changed as commit message. `+v key pressed will run a macro to automatically do it. It’s pretty neat system but I want to make it better in time.

                      1. 2

                        Thanks for this. I’m working on a notes app, and I want it to just use GitHub as the database in this type of format, so this is some inspiration.

                        The problem I had with putting all my articles and content online is that hundreds of people would fork the whole repo, change the name, and deploy the site. I don’t care about copyright and intellectual property or anything like that, but you get a lot of duplicated data on the internet, and I would often have hiring managers email me to tell me that someone ripped off my site and claimed it as their own.

                        I decided to move the content side of it to private submodules, so the data is still available online but you don’t end up with a bunch of clones of your content all over the web.

                        1. 1

                          @nikivi: It was reading your website that inspired me to put all my notes online. I have not been able to do it as yet, finalising the system that I want to use. Thanks!

                        1. 3

                          I have some questions, but I’ve made my own comments below too.

                          Can you elaborate on the following statement? I ask because the solution is probably highly personal to you, but I also appreciate the desire to understand how others take notes (“I don’t know what I don’t know”). Are you in school or work, and is your system to cover all uses?

                          I recently realized that I am not good at keeping track of what I learn, and that makes it harder to connect ideas and remember facts

                          What specifically are you trying to track? Do you have examples of facts and details you struggle to remember?

                          Personally, I’ve never found a tool that works better than a paper notebook for long-term notes. When I do take electronic notes I strongly prefer actionable, or group-wide notes that aren’t restricted to me. During my career I’ve also encountered pathological note-takers who have lots of notes, but not a lot of the output they (or others) actually desired. When selecting a tool you have to understand what you are actually optimising. It’s perfectly fine to take notes if you are anxious about not remembering something, but lots of people take notes assuming they’ll drive progress.

                          Actionable notes for me are the TODOs that come from meetings, observations from code reviews, IM conversations, hallway discussions, etc. Often they are composed of the problem statement and stakeholders, and sometimes (potential) solutions. The vast majority of these should go somewhere other than your own notes, especially if like me, you experience anxiety. In work, I either put these notes in an email to the stakeholders, or they go into the bug tracker. Both move the item forward and make it visible to other people so they can take action.

                          I frequently mentor people and discover that they are sitting on a number of actions which are tied up in their notes. The longer they stay stuck there, then the harder it is to make progress on them. There will be lots of cases where individuals have a unique perspective noted down not shared. Over time sharing these proactively will help establish your reputation. There are obvious anti-patterns to sharing like including irrelevant stakeholders, or putting actions on others that haven’t signed, but these are relatively easy skills for most people to learn.

                          When it comes to learning, there is a lot to be said about teaching others. Whether it’s pulling your notes together into a blog posts, report, or training session for colleagues, most people need take some action to connect notes together. The act of reorganising notes can sometimes be helpful here, but the value generated from that activity is rather limited. I find that going from notes to a test of a talk for a small audience to my real talk to be a very powerful tool. You have to organise any notes and resources into a presentation/demo, then you get feedback to fill in gaps or see things that you hadn’t connected before, and then you feel comfortable presenting to that large organisation. This pattern can be applied to documentation, writing an annual review, or any process that relies on knowledge you’ve built up.

                          1. 2

                            Completely agree. I’ve never been a note-taker - if I do jot something down, it’s hasty and illegible. Yet I started a blog to teach what I learned in web development and it’s become very popular over the years. Anything I want to remember and make sure I understand, I write a tutorial or article about. If I need to remember, I just google it and my post comes up. All attempts I’ve ever made to become a proper note taker have failed. Somehow, knowing that I’m teaching allows me to take very good notes, but if I’m trying to do it for my own records it’s just a lazy mess.

                            Nonetheless, I am building a web based note-taking app (https://takenote.dev) in the hopes that if I make it myself, simple and available on the web, it will actually fit my needs.

                          1. 9

                            Another reason, from the opposite point of view, is that static site generators are often an unnecessary burden. You can just write the HTML5 directly, very easily. Most tags do not need to be closed in modern html, and it is just as readable as markdown. No need to write your text in a slightly different language and then compile it.

                            1. 4

                              To be honest, I find writing HTML for prose painful; it’s hard to write and hard to read, and there are a bunch of caveats you need to be careful about (like writing < as &gt;). Writing stuff like <strong>bold</strong> or <code>quote me</code> just takes too much time when writing; I want to focus on actually writing content, not typing HTML tags. For me, the biggest advantage of Markdown is that it gets out of my way and allows me to focus on the actual content – which is already hard enough – instead of the syntax.

                              YMMV, and whatever works for you of course, but I think this is the added value for a lot of people.

                              1. 1

                                Prose rarely has boldface or other fancy stuff. If you need to use it too much, then you are doing something wrong. That said, you can use the “i” and “b” tags which are shorter. The only thing that I find annoying when writing html prose is “p” the paragraph tags. I would prefer if a blank line started a paragraph. But I can live with those.

                                In the cases when you need some markup, html5 tables are actually easier than markdown tables, and lists and links are mostly equivalent.

                                1. 2

                                  Maybe prose is the wrong word (not native speaker 😅); I mostly mean stuff like articles (i.e. longer versions of comments on Lobsters) where various forms of formatting are fairly common. Common enough for me to be distracted by it, anyway.

                                  I actually find tables to be one of the more ugly parts of HTML; so many tags, and often not that readable as source code.

                                  1. 3

                                    Regarding tables, notice that with HTML5 you don’t need to close any table tags besides “table”. It’s actually cleaner than the many flavors of markdown tables.

                              2. 3

                                Maybe I’m just old-fashioned, but that’s what I do. I write the HTML by hand. It’s not difficult and my site is very fast.

                                1. 7

                                  How do you handle HTML that should be common to all pages, like the <head> section or the top nav? Do you copy it over to each new page’s source, or do you have some kind of preprocessor to keep it defined separately?

                                  1. 7

                                    I saw a post (maybe on here) a while ago where the author said that they write their HTML by hand and they were asked how they manage these bits of common markup. Their response was that they explicitly do not make sure every page has the same header/footer/layout. When starting a new article, they would start by copying a previous post and then tweak the design. The upshot is that a user can follow the evolution of the design from older posts to newer posts, and the design can even be adjusted to better match the content of each individual article. I don’t think I’d like it if every website worked like this but it’s a neat idea for a personal website.

                                    1. 11

                                      That was my post :-) You can look at the different articles here on my site to see an example of the difference in styling.

                                      1. 2

                                        On the subject of this thread, I’m a tablet hater and I think “SSH is painful on tables” is an argument against modern day tablet UIs.

                                        Now, a shameless plug: my generator supports extracing metadata from HTML natively. ;) The blog index at https://soupault.neocities.org/blog/ is autogenerated. The config basically says “use <h1> for the post title, <time id="post-date"> for the date and first paragraph for excerpt”. However, ["p#post-excerpt", "p"] means “use <p id="post-exceprt"> if it’s present, else just use the first paragraph”, so I can use any paragraph for the blog index page, not just the first.

                                        `dump_json = “index.json” saves extracted metadata to a file, that’s what I generate an Atom feed from with a script.

                                        1. 1

                                          Now, a shameless plug: my generator supports extracing metadata from HTML natively ;) The blog index at https://soupault.neocities.org/blog/ is autogenerated.

                                          As far as static site generation, I think this is a much better idea than YAML front matter. I do a similar thing, except not for my index page, only for my RSS feed, which is generated on the fly with a PHP script (example).

                                          I chose PHP specifically because I wanted to avoid local generation. There are just two many drawbacks, like the fact that you can’t update your site on another system, where your generation tools aren’t installed or even supported.

                                          1. 1

                                            Ah, the feed is dynamically generated. For some reason I thought you wrote a local feed generator in PHP.

                                            If you find yourself working on random machines often, that’s a valid concern indeed. Soupault itself is “download the executable and run” for all major OSes, though my Atom feed generator script is not. CI deploys can also solve that problem though.

                                    2. 4

                                      I used to do that for my site years ago. When it got to a certain size, I decided to do something about it and converted my entire site to XML and use XSLT to convert it to HTML. The XSLT handles the generation of each page and ensure all the links work properly. I use CSS to handle the style, and rsync to move the files to the server.

                                      For my blog I wrote my own blogging engine (that I’ve been using for 20 years now), with three ways to import new entries:

                                      1. a web page with a textarea entry field
                                      2. via email (my preferred method)
                                      3. via a file on the server

                                      Each entry is stored as a separate HTML file; it’s the blogging engine that strings all the entries together for a view. I used to write each entry in HTML, but for the past year I’ve been using a custom markup (that’s geared toward how I write and is a mashup of Markdown and Org Mode) but saving the resulting HTML.

                                      1. 1

                                        Good question. At the moment, I copy from an existing page in the same directory location and edit the content. When I need to change something for all pages, if I can, I use the “find and replace all” tool in my editor (VS Code) to do the change in bulk. If I can’t use that, then I have to tediously go page by page and make the change, and verify they are all the same.

                                        My site is still small and simple- but today I was thinking about how I’d like to write my own little preprocessor to handle that stuff. As I start adding more pages to my site, it’ll become too annoying to do it by hand. Once I have that little tool though, as long as I stay with my “simple” themes, I’ll be fine. I don’t have any intention currently to make it complicated (ex- my site has no JS).

                                        1. 3

                                          check out m4, a pre-processor capable of doing exactly what you want, built into *nix. :) That said, if you want to write one, don’t let me stop you!

                                          1. 1

                                            Oh perfect, thank you! I’ll check it out.

                                            1. 3

                                              you can see a very, very simple way to use it for html here: https://gitlab.com/aslrocks/aslrocks/-/blob/master/bin/convert_html and the template is there as well, obviously.

                                        2. 1

                                          One of my blog setups was HTML written in Pug: it had a master.pug with the html root and a block body-section down below, then post.pug would extend ./master.pug on the first line and fill in block body-section, leaving another block for me to define in a blog post.

                                          Each post would look like extends ../post and then it would just define block post. This isn’t maybe exactly what you had in mind, but I find using Pug a pretty reasonable way to write HTML. Right now I blog via markdown/hugo, but I consider switching back to my Pug setup.

                                        3. 2

                                          That sounds painful. It would be better to write markdown and at least generate HTML from it and upload those files manually, if nothing else.

                                      1. 1

                                        Generators have a more extensive array of capabilities than asynchronous functions, but are capable of replicating similar behavior. Implementing asynchronous programming in this way can increase the flexibility of your code.

                                        I’d be sad if I saw a PR where someone had used generators to replace an async/await function, without extremely good cause (which the article doesn’t go into, and I can’t think of one, and even if I could I’d try to find a way to not use generators). Talk about a great way to confuse your colleagues.

                                        Generators also suck to step through in a debugger if you’ve compiled them down to ES5.

                                        1. 2

                                          The article explicitly states that replacing async/await with generators is not something to be done in production, it’s simply a theoretical exercise to display some of the capabilities of generators. The benefits of generators come with working with infinite data streams and being able to easily close a generator, as canceling a promise is not always very simple.

                                          1. 1

                                            The article explicitly states that replacing async/await with generators is not something to be done in production, it’s simply a theoretical exercise to display some of the capabilities of generators

                                            To nitpick, that’s not how I read what it says, which is this:

                                            Note that this implementation is for demonstrating how generators can be used in place of async/await, and is not a production-ready design. It does not have error handling set up, nor does it have the ability to pass parameters into the yielded values. Though this method can add flexibility to your code, often async/await will be a better choice, since it abstracts implementation details away and lets you focus on writing productive code.

                                            That’s a little weaker than “replacing async/await with generators is not something to be done in production, it’s simply a theoretical exercise to display some of the capabilities of generators” 😀

                                            Anyway, it was a good article, well written, and thanks for submitting it to the site. Don’t take my complaining too seriously, I just wouldn’t want to see anyone replacing async/await (or promises) with their own generator-based implementation in real-world code without a really good reason.

                                            1. 2

                                              The way I read that paragraph is “this is for demonstration purposes only, this is not production level code, and you should probably just use async/await instead”, but it’s interesting to know that some people did not read it that way, so I’ll incorporate that knowledge into future writings.

                                              Generators were around for a small period before Async/await though, so people were experimenting with stuff like this. And thanks for the compliment! 🙂

                                        1. 1

                                          This is a good writeup, thank you!

                                          I don’t think I’ve ever really encountered generators in the wild with anywhere near the popularity or utility of Promises or async/await . Still, a very helpful writeup that helped me a lot. :)

                                          1. 2

                                            Glad you liked it! Generators are definitely not a drop in replacement for async/await, but they do have some unique features that it’s nice to be aware of.

                                          1. 8

                                            Tech tutorials on Medium are the worst. I don’t have an account so I always get the paywall, and it’s annoying enough to have to open an incognito window or another browser that I usually just keep looking for another answer.

                                            I get why non-tech writers would use something like Medium, but I wish more developers who write would just set up their own site and use Netlify. I think writing in markdown is a much more pleasant experience, too.

                                            1. 5

                                              The lack of proper syntax highlighting is a real deal breaker for me as an author. You are left with screen grabs of your editor window or “HOSTED WITH HEART BY GITHUB” gists embeds everywhere, which are terribly painful to work with.

                                              1. 2

                                                Agreed. I have no idea why anyone uses it for any writing that involves code.

                                                1. 1

                                                  Because it’s by far the easiest option. I don’t have to fart around with anything.

                                                  1. 1

                                                    What about dev.to? Just as easy, no paywall.

                                              2. 1

                                                I don’t have an account so I always get the paywall, and it’s annoying enough to have to open an incognito window or another browser that I usually just keep looking for another answer.

                                                You might like the Cookie AutoDelete extension.

                                                1. 1

                                                  Me too, I have to open medium links in a private tab. Not only to avoid the paywall but also to escape from the Google Accounts 3rd party cookie, which is impossible to block on Firefox for iOS.

                                                  Now, on my phone, I don’t even click on Medium links anymore.

                                                1. 11

                                                  it was cheaper, many could afford it. 90US$ compared with 150US$ (Game Gear) and 180US$ (Lynx)

                                                  Are we sure that’s not the bigger reason why? I remember the “user experience” of GameBoy Color where you needed to plug in a light to shine on the front of the screen. The battery life argument is strong, yes, rechargeables being kinda rare back then, but I feel like price is the elephant in the room.

                                                  I think a much better supporting example would be the UX of automatic transmissions versus stickshift, like in the Chevy Corvette Z06. Or VCRs vs Tivo. Or why the-year-of-linux-on-the-desktop gets stuck at Mac’o’clock (for me, anyway).

                                                  1. 7

                                                    On top of that, I remember this from an old Sega Power book (roughly):

                                                    Ah, the Game Gear. If you like paying for batteries, there’s no better investment you can make.

                                                    It drank batteries, six at a time. The Game Boy would just keep going and going and going.

                                                    1. 3

                                                      I remember taking the Game Gear on a family road trip as a kid…one Game Gear, between four kids, with no extra batteries. That was a solid 30 minutes of fun.

                                                      1. 1

                                                        Check out the WonderSwan. It was created by the same person as the gameboy after he left Nintendo. Uses a single AA battery and last forever. That man knew what he was doing.

                                                    1. 1

                                                      Nice summary. How do you feel about … moving away from JavaScript? Such as switching to Elm[1]?

                                                      [1] Or reasonml, purescript, ghcjs, …

                                                      1. 1

                                                        Haven’t looked too much into it as it hasn’t come up. Do you recommend it? I’ve mostly just been writing JavaScript and TypeScript.

                                                        1. 1

                                                          It will be a gateway drug to awesome things FP in the frontend world. I never looked back. Started with Elm; now I have settled with GHCJS – so I write Haskell in both frontend and backend (with seamless code sharing between them), example app: https://github.com/srid/slownews

                                                      1. 1

                                                        Finally, I didn’t get into transitions and animations, but I think those are overall less important than

                                                        I think you accidentally a few words ;)

                                                        1. 1

                                                          Whoops! Thanks. :)

                                                          1. 1

                                                            give some of tips and tricks

                                                            And here :)

                                                            So good I’m reading again ;)

                                                        1. 1

                                                          I’m not 100% sure I’ve got this right, but I think the section on specificity might be clearer if it included !important in the tuple, because it doesn’t really override everything, it’s just the highest level of specificity.

                                                          Understanding specificity as taking the rule with the max specificity, where specificity is just a 5-tuple of !important and the number of selectors of each kind is nice, though. That’s very easy to reason about. Thanks for introducing that idea to me!

                                                          1. 1

                                                            Good idea.

                                                            1. 1

                                                              Thinking about it some more, it’s actually a 6-tuple because rule order matters too.

                                                              You don’t say in your guide how order is determined if you have multiple style sheets. I think sheets are ordered based on the timestamp of when the style element or link element is added to the page (rather than distance to the root element in the dom or time that the sheet is parsed (which may be out of order due to async loading)). But again, not sure.

                                                            2. 1

                                                              Here’s a classic from 2005 on specificity: https://stuffandnonsense.co.uk/archives/css_specificity_wars.html

                                                              1. 1

                                                                Either working on my React/Redux/TypeScript note-taking app project that will sync to GitHub gist, TakeNote, or writing a presentation on Vue I have to do next week at a JS Meetup.

                                                                1. 1

                                                                  “Comments disabled.”

                                                                  Whaat!? I gotta write and submit a comment to out? Oh well. Here it is again:

                                                                  Looks similar to the simple one Bruce Schneier had on Movable Type on his blog. Originally, it just required a name, email address, and optional web site. After lots of spam, they added a field where you just type in one word. The moderator said it cut back on automated spam significantly. Here’s what it looks like in case you want to experiment with any of those features:

                                                                  https://www.schneier.com/blog/archives/2019/08/friday_squid_bl_690.html#comments

                                                                  Note: Comment field is on the bottom of the page.

                                                                  1. 2

                                                                    Heh, sorry, that post got way too popular and full of trolls for me to keep up with. Haven’t had a single problem with automated spam, but I’d probably have to implement moderation to prevent trolling. The opposite of what you suggest, a honey pot where an invisible field won’t let you submit if it’s filled out, is also effective.

                                                                    1. 1

                                                                      I figured. It’s all good. The hidden field was another idea we discussed. I don’t have any data on it, though.

                                                                  1. 2

                                                                    This is pretty great and I agree with the author that Disqus sucks. However, they (and similar services) do provide solutions that this and other roll-your-own services miss.

                                                                    The first is spam protection. Anything on the internet is going to be spammed to hell and back, especially if there is no authentication. Spam is cheap and will overwhelm any attempt at manual moderation. It doesn’t matter how small and obscure the page is - it will get spammed.

                                                                    Trolling. Anonymous comments are dangerous. Maybe for technical articles they might be OK for a limited audience but anything political (or even not) will attract trolls. Trolls don’t need a reason, they see any writable space as their personal playground.

                                                                    XSS protection. Security headers are supposed to help here but a proper commenting system filters out malicious text before it hits the database.

                                                                    It’s a sad fact that anything exposed on the Internet today needs to include these things right from the start. You can be sure that Disqus handles all sorts of terrible traffic every day.

                                                                    I don’t want to dump on the link though. It is a great tutorial and a useful start.

                                                                    1. 4

                                                                      Yeah. Regarding XSS and database protection, I’m using parameterized statements and displaying the output as textContent on an element, so not worried there. Unless someone specifically writes a script to spam my site, I don’t foresee regular bot spam being an issue, especially with rate limiting. Trolling however, is a huge issue. This can be combated with moderation, but that might be more upkeep than I’m willing to put into it.

                                                                      1. 2

                                                                        Looking again, I think you are right: there doesn’t appear to be any issues with XSS.

                                                                      2. 1

                                                                        [deleting duplicate comment]

                                                                      1. 8

                                                                        My commenting solution is:

                                                                        Mail me at martin@arp242.net or create a GitHub issue for feedback, questions, etc.

                                                                        Seems to work fairly well. People email me, anyway.

                                                                        Stuff also ends up on Lobsters, HN, Reddit, etc, which I link if the discussions are worthwhile.

                                                                        Personally I’m not too keen on the “comments on everything” model. I much prefer high-effort commentary/discussion, rather than “quick comments”. I also prefer to integrate valid/reasonable feedback in the article itself, rather than having it sit in a comment at the bottom.

                                                                        1. 6

                                                                          That doesn’t achieve the same goal though. Comment systems allow readers to interact with the author and other readers. E-mailing the author only allows interaction with the author.

                                                                          1. 1

                                                                            You can do that with the GitHub comments and Lobsters/HN/Reddit discussions. There’s also stuff like https://utteranc.es to integrate GitHub comments directly on a (static) website.

                                                                          2. 5

                                                                            Agreed. I’ll probably end up doing something like that.

                                                                            Nice article here, btw: https://arp242.net/censorship.html