This is great! Any option to filter spam/hate speech automatically and not on the front-end?
See also: Adding comments with Mastodon https://news.ycombinator.com/item?id=25570268
Sidenote: The site has a small gotcha, in the demo page, if I type a text with a "?", when the question mark is typed the top right search field just gets activated and can't really type that character into the comment at all. It feels annoying user experience, though the actual comment service is great, checking whether I can use that on my site/blog instead of the current stuff.
This is really cool (and will finally solve the problem of matrix.org/blog not having any comments currently!)
Hello, i just tested it and it's really cool! Do you have any idea about ActivityPub / XMPP PubSub gateways for interoperability? From a remote look, it appears mxtoot is a bot not a proper AP gateway, and bifrost doesn't support PubSub XEP which is used for microblogging/commenting. Supporting these protocols directly would also be an option, but i don't know an ActivityPub server that supports guest accounts (but XMPP servers do).
Too bad cactus doesn't work without JavaScript. Would it be possible in the future to support submitting a comment via simple HTML form for older/slower clients? A related annoying detail, '?' key is hijacked by JavaScript so it's impossible to type it in the comment box ;-)
Thanks for this demo i'm excited for the future of federated comments
Hi, I am one of the authors of Cactus Comments.
Making Cactus Comments work without javascript would require a backend server. Right now, the frontend is actually just a special-purpose Matrix client that interacts directly with Matrix homeservers.
Hello, thanks for taking the time to reply. Isn't the matrix.org homeserver already a backend HTTP server? I'm unfamiliar with the matrix protocol, but isn't there a way to POST to homeserver directly so that it can authenticate and confirm with the user they intend to post this message?
The web desperately needs a good comment system which is easy to onboard to, easy for casual commenters, and non-pathological in terms of advertising/data-gathering/advertising. I really hope one comes along.
Looking through the docs, I don't see any mention of spam prevention or moderation. What tools are available or planned to help beleaguered site owners deal with the inevitable onslaught?
I’ve wanted this so badly for my static site blog but never found an easy way. I’m so stoked.
I'm excited about this - tried the demo, how do I know the site is not stealing my password? Shouldn't this use OAuth to solve that issue?
Because you don’t login via the site, you have to go through Matrix’ login flow, just like with any client.
Then why does the popup on Cactus ask for the password? If the matrix homeserver is responsible for the authentication, then cactus should probably only ask for a matrix identifier (user:server).
On a second look, I agree.
You don't, you have to trust it just like any other Matrix client. Hopefully there will be OAuth or something similar in the Matrix spec in the future, so you can use less trusted clients. If you want to comment with your user, but don't trust the client, you can use any Matrix client with Cactus Comments by clicking "Use a Matrix client" :-)
I'm currently using https://intensedebate.com/ which, while abandonware, allows people to comment anonymously or using their Twitter & Facebook accounts.
How hard would it be to add non-Matrix accounts to this service?
Can't speak for the author about Cactus, but in my experience if you want to integrate with a lot of services for comments on your blog, you can use a widely-implemented protocol like webmention, along with a gateway like brid.gy for interfacing with centralized silos.
Unfortunately Facebook shut down the brid.gy gateway a few years ago, but other silos still interoperate fine.
Matrix is adding support for client-specific SSO identity providers: https://github.com/matrix-org/matrix-doc/blob/t3chguy/msc/mu...
This allows homeservers to specify trusted providers to prove identity with, which clients can then offer to their users to log in with. See this in action already with Element, the flagship Matrix client: https://app.element.io/#/login
You'll see that several social networks as well as Github/GitLab are offered to login with.
When I followed the link in Firefox with the MetaMask extension installed and enabled, I was greeted with MetaMask's Ethereum Phishing Detection page:
It seems to be a false positive in the phishing detector:
The detector is about twenty (inefficient) lines. Cauctus was flagged because it's similar "cactus" is similar to "auctus", which is on their known good list of domains they're checking for impersonations of.
https://github.com/MetaMask/eth-phishing-detect/blob/master/...
looking at the GH issues on that extension, false positives seems to be the name of the game there...
Metamask doesn't like it:
>Ethereum Phishing Detection
>This domain is currently on the MetaMask domain warning list. This means that based on information available to us, MetaMask believes this domain could currently compromise your security and, as an added safety feature, MetaMask has restricted access to the site. To override this, please read the rest of this warning for instructions on how to continue at your own risk.False positive? See https://news.ycombinator.com/item?id=26372767
Appreciate this kind of decentralized, self-hosted project/platform/system
This seems like an even better use of a state-synchronization protocol like Matrix than instant messaging, for which I think XMPP is a better fit.
It's not meant to be any one thing.
That's its strength.
Core to many usecases, many eyes, many industries' backing.
> It's not meant to be any one thing.
Well more so than other federated protocols. matrix has a strong emphasis on resistance to censorship and network splits, at the price of metadata leakage. In contrast, AP/XMPP assume every server is a tiny kingdom (no content is owned by more than one server). matrix usecase is really cool but could have been built on top of existing federated protocols without reinventing a new ecosystem.
Can't wait for proper interoperability between the three big federated networks (Matrix, XMPP, ActivityPub). The previous discussion on HN about this topic didn't go very far: https://news.ycombinator.com/item?id=26279906
There are already frameworks and services for making chatrooms and comments with Matrix protocol for using in centralized and decentralized webpages — why someone would want to hack XMPP into there, besides loyalty and familiarity, is beyond me.
My point was not that a commenting system should be implemented using this or that protocol (though it's likely just as easy using established AP or web<->XMPP frameworks). In fact, i believe a public commenting system is a very valid usecase of matrix's censorship-resilient decentralized rooms even though i'm not entirely sure of the consequences of that in terms of moderation/spam.
I was reacting to matrix being "not meant to be any one thing". I explicitly recall matrix being marketed by the community (maybe not the devs themselves) as a modern, censorship-resilient IRC replacement that fitted in a short (single?) specification and intentionally avoided the extensibility (and associated implementation/interop failures) of the XMPP protocol.
When i say matrix is a more specific use-case than other federated protocols, i mean that decentralized rooms can be implemented as a consensus-reaching algorithm on top of any federated protocol, and that's in fact what matrix servers are doing under the hood. But supporting the usecase of least-metadata-leakage in a protocol designed for sharing state across many actors is arguably trickier.
For example, i believe matrix doesn't currently support per-room nicknames which don't reveal your public address to all members of the room (only to chatroom admins for ban purposes). matrix has very interesting developments with or without this specific feature, but i was highlighting that matrix is not more generic/agnostic than other federation protocols (just like XMPP isn't a "universal" protocol either).
Like i'm very interested in matrix P2P ecosystem there's some really amazing stuff being developed there (pinecone), but i must say the entire matrix selling pitch is very similar to the selling pitch of XMPP more than a decade ago: "a universal bridgeable messenger". Regarding the P2P example, XMPP had offline-first "zeroconf" federation (XEP-0174) drafted in 2006. Despite being far less advanced than modern matrix P2P, it was already very similar in spirit.
So my central point i guess, is not that one protocol is better than the other. They all have very strong pros and cons depending on the actual usecase. Different users, or same users across different contexts/activities may prefer one technology or the other. My point is i believe it is our responsibility as technologists to ease their life and standardize things for more interoperability so users can have a choice between "the federated networks" and "centralized silos" instead of having a choice between "centralized silos" and "tiny federated islands that mostly don't talk to one another", adjusting the balance of power in our favor which is in the direct interest of everyone involved except the corporate silicon valley sociopaths.
Cory Doctorow's latest talks have pretty compelling arguments for interoperability if you have some time to spare.
XMPP has been effectively dead for awhile. Time to move on.
And you're basing this on what?
I do concede that XMPP is not the new shiny, but it is very far from dead.
It powers more things than you realise, a few are listed at https://xmpp.org/uses/
There is healthy growth in server count: https://blog.prosody.im/2020-retrospective/
Development is very active, across a diverse range of projects: https://xmpp.org/category/newsletter.html
Whoa I had no idea! Thanks for sharing!
Jabber/XMPP ecosystem is far from dead. If anything, my perspective as an end-user for quite a long time is there's been more community-oriented developments in the past few years, than in the entire previous decade.
Some clients/servers are unfortunately unmaintained and the XMPP Standards Foundation has a neutral position which prevents it from advertising specific clients which have good UX and modern features. But modern clients like Conversations, Dino, Siskin and Gajim are certainly good messengers with hardware and feature support i haven't seen in other ecosystems (client & server side low resource requirements, good Tor support client, and vast plugin ecosystems) though there's some dearly-missed functionality (eg. groups of chatrooms like matrix spaces).
If you're curious about interesting developments, libervia (ex salut-à-toi) is the only federated piece of software i know that is selfhosting its own development (forge). Tickets and merge requests for libervia are done via libervia itself. They've been doing that for almost 3 years now, using mercurial as a backend but implemented in a way that other DVCS backends can be supported. See my blogpost about decentralized forging for more context on that https://staticadventures.netlib.re/blog/decentralized-forge/
Thanks for sharing!
No WordPress plugin?
I personally find "hate speech" nomenclature quite tedious, but dealing with undesired content is handled via the usual Matrix methods[1]... since that is what underlies Cactus. You may have to self host though, i'm not sure if Cactus themselves give access to these features if you rely on them for hosting.
[1] https://matrix.org/docs/guides/moderation
> I personally find "hate speech" nomenclature quite tedious
I first encountered 'hate speech' as a wide eyed teenager in the 1990s on a gaming IRC room that I hung out in. Somehow my ethnic background came out, and it was bizarre: the entire room either turned against me with racist hate speech, adding that they knew where I lived based on my ip (didn't think this was possible, but then didn't know anyone to ask if it was) and would come beat me up or worse. Or they just went silent and wouldn't stand up for me. I asked the moderators to help and I don't think they ever replied; certainly they never did anything. It was terrifying, and it made me clock out of IRC and online gaming communities for good.
So I wonder, to those who downvote someone asking about moderating (posts on your own blog!) or just consider hate speech as a term to be 'tedius' : have you ever experienced it yourself?
> So I wonder, to those who downvote someone asking about moderating
I didn't downvote and i'm certainly in favor of strong moderation. However automated filters worry me as they have shown time and time again that regexes aren't as sharp as human moderators.
For recent discussions about that on Lemmy, a federated Reddit replacement based on ActivityPub: https://lemmy.ml/post/55323 https://lemmy.ml/post/55143
I had a similar situation happen to me on this very site. I was expressing my concerns about the master/slave terminology and got totally ganged up on, so much so that I abandoned my account that incident occurred on.
I'm really sorry to hear that happened to you here. All these 'free speech' threads seem to attract the most toxic HN users.
I didn’t downvote and I’m very sorry you had/have to go through that. That being said, how I see it is that OP may be referring to the fact that the “hate speech” label is being overused similarly to “fascism” and other similar strong words.
I can't speak on behalf of ta8645, but it's possible that they support banning people who harass or threaten violence, but don't think that banning an ever growing list of ideologically chosen words will do much to solve the underlying problems (and may in fact exacerbate them).
Why tedious? It's a short, accurate, semantically unambiguous description of a non-partisan concept; speech expressing hate. It's the global minimum in tediousness for expressing that and much narrower and more objective than "undesired content".
If words express hate is a matter of context not just words.
Because it implies that current moderation features linked in his reply aren't enough and that "hate" speech should be somehow dealt with differently than other unwanted content.
Matrix is currently working on improved moderation and curation methods, right? I saw a blog post published to that effect, in response to the last administration's anti-encryption putsch.
>I personally find "hate speech" nomenclature quite tedious,
Why? I think it's quite a useful term that's worthy of discussion from philosophical and legal perspectives. It pretty quickly identifies a range of related behaviors. But I am interested if you have less 'tedious' terms that describe the same thing.
Scanning through the doc, I don't see mention of setting a room to "each message needs approval". Have I missed it?
There is wide diversity of perceptions of what constitutes a hate speech. One size fits all solution seems hardly possible. An ecosystem of plugins / components for each user to choose may be way to go. Front end or back end would not matter as long as each individually user is shielded from an unwelcome content. Much like bayesian spam filers a personal client side AI model would lean evolve along with users attitudes and behaviours. Client side is also good for privacy.
This is an important question, I'm surprised to see it downvoted.
That being said, I would imagine it would be done the same way as an automod type bot for any Matrix room. You'd probably have to implement it yourself though.
Edit: That being said, I don't like the idea of automatic moderation. For small scale blogs, maybe just a manual approval of comments would be worthwhile.
I imagine a share-able blacklist/whitelist system can helps
This is what matrix is working on (except greylists, not block/allow lists), and so would automatically apply to cactus.chat. https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix...