On Tuesday, 14 March 2017 at 20:02:08 UTC, Daniel Kozak wrote:
>
>
> Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a):
>> On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:
>>
>>> Sorry but I do not see it. Which one?
>>
>> Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100.
>>
> curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H 'Origin: http://rejectedsoftware.com:10888' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: cs-CZ,cs;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.1144' -H 'Content-type: application/json' -H 'Accept: */*' -H 'Referer: http://rejectedsoftware.com:10888/' -H 'Cookie: vibe.session_id=QVwY1IGbGeELZw0v77w74RdDbQOKTheyQx8gi3HAQOWi6PTEQoRAxbUWUFmmLNq95FE5nyZ1Og47SCeu5v6oog' -H 'Connection: keep-alive' --data-binary '{"id":"xxxxxxxxxxxxxxxxxxxxxxxx"}' --compressed

Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time.

I've noted the other issues and will tackle those tomorrow.

Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):
> On Tuesday, 14 March 2017 at 20:02:08 UTC, Daniel Kozak wrote:
>>
>>
>> Dne 14.3.2017 v 20:54 Azbuka via Digitalmars-d-announce napsal(a):
>>> On Tuesday, 14 March 2017 at 19:39:08 UTC, Daniel Kozak wrote:
>>>
>>>> Sorry but I do not see it. Which one?
>>>
>>> Looks like it have been deleted. Okay, 2k upvotes is too much. I'll make it 100.
>>>
>> curl 'http://rejectedsoftware.com:10888/diskuto/delete' -H 'Origin: http://rejectedsoftware.com:10888' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: cs-CZ,cs;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.1144' -H 'Content-type: application/json' -H 'Accept: */*' -H 'Referer: http://rejectedsoftware.com:10888/' -H 'Cookie: vibe.session_id=QVwY1IGbGeELZw0v77w74RdDbQOKTheyQx8gi3HAQOWi6PTEQoRAxbUWUFmmLNq95FE5nyZ1Og47SCeu5v6oog' -H 'Connection: keep-alive' --data-binary '{"id":"xxxxxxxxxxxxxxxxxxxxxxxx"}' --compressed
>
> Did you delete the comments yourself? The time limit for deletion/editing currently isn't enforced on the server (ticket already open), so anyone can delete their own tickets currently at any time.
>
> I've noted the other issues and will tackle those tomorrow.
I have deleted not only my comments, I can delete enyone comment

Am 14.03.2017 um 21:56 schrieb Daniel Kozak via Digitalmars-d-announce:
> Dne 14.3.2017 v 21:24 Sönke Ludwig via Digitalmars-d-announce napsal(a):
>>
>> Did you delete the comments yourself? The time limit for
>> deletion/editing currently isn't enforced on the server (ticket
>> already open), so anyone can delete their own tickets currently at any
>> time.
>>
>> I've noted the other issues and will tackle those tomorrow.
> I have deleted not only my comments, I can delete enyone comment

Okay, that was supposed to be implemented before 1.0.0, but then I forgot about it:
https://github.com/rejectedsoftware/diskuto/blob/d8376f3e54a03574f69af13a0b41b5e994b6ce44/source/diskuto/web.d#L107

Am 14.03.2017 um 20:09 schrieb aberba:
> On Tuesday, 14 March 2017 at 11:17:57 UTC, Sönke Ludwig wrote:
>> So I was able to reserve the last two days to work on something new,
>> and one thing that is currently rather lacking in the D/vibe.d web
>> ecosystem is embedded commenting, be it for vibe.d's own blog engine
>> [1]/[2] or for the DDOX based standard library documentation [3]. So I
>> went ahead and created a little comment engine inspired by Disqus and
>> Isso:
>>
>> [...]
>
> How deep (levels) can it handle sub comments?

It's currently unlimited, but I guess that either a functional or a visual limit of some sort needs to be defined. I'd probably make that configurable, because the sweet spot depends on the intended purpose of the comment section - real discussions or mainly just answers+comments (StackOverflow) or comments+answers (blog).

Improvements implemented by now:

- Authorization and time limit (5min client facing, 15min server facing) is now enforced for editing and deleting comments
- The page must be queried first before any action is allowed (prevents trivial command line batch "attacks", as well as trivial spam automation)
- The main comment form is minimized by default (only the text area, single-line height)
- Maximum height of comments limited (will show scroll bars if exceeded)
- Temporal boosting limited to hours instead of days
- E-mail and website length limited
- Message contents don't overflow the content area
- Displayed comment count corrected

Some changes may require Ctrl+F5 to refresh the cache.

Thanks to everyone who helped testing the boundaries so far! This definitely sped up the initial finalization phase by a large margin. There are still some open points, but this gets close to being a complete product:

- Implement moderation (!) and user registration to avoid identity spoofing (pluggable source user database)
- Additional heuristics to prevent batch operations from a single client, possibly just showing a CAPTCHA for IPs that show a high frequency of operations on the same topic(s)
- Work out how to best limit the visual or functional nesting level of comments
- Translations to more languages

On Wednesday, 15 March 2017 at 08:57:53 UTC, Sönke Ludwig wrote:
> Improvements implemented by now:
>
> - Authorization and time limit (5min client facing, 15min server facing) is now enforced for editing and deleting comments
> - The page must be queried first before any action is allowed (prevents trivial command line batch "attacks", as well as trivial spam automation)
> - The main comment form is minimized by default (only the text area, single-line height)
> - Maximum height of comments limited (will show scroll bars if exceeded)
> - Temporal boosting limited to hours instead of days
> - E-mail and website length limited
> - Message contents don't overflow the content area
> - Displayed comment count corrected
>
> [...]

The load balancer you were working on. Was it intended to handle DDoS attacks and what is the current status.

On Wednesday, 15 March 2017 at 10:40:31 UTC, aberba wrote:
>
> The load balancer you were working on. Was it intended to handle DDoS attacks and what is the current status.

Being somewhat resistant to DDoS attacks is one of the secondary goals, but by the nature of it it would be very limited in what it can achieve there. A large scale cloud based approach is the only real solution.

The project is currently on hold. I'd still like to finish it, but I had to resort to other solutions for the time being (lack of time).

Just implemented a visual overhaul - the "reply" buttons are gone and are replaced by the comment text box itself. This results in a less noisy page and one less click to make a reply.

Any opinions on replacing Disqus with this on http://dlang.org/library/?

Nice. The only example code uses diet templates though, how would one embed this when not using diet?

Am 15.03.2017 um 21:30 schrieb Nick Sabalausky (Abscissa):
> Nice. The only example code uses diet templates though, how would one
> embed this when not using diet?

I'll add two more examples - one using only JavaScript to embed the comments, which also works for non-D applications, and one using `compileDietHTMLFile`, writing the HTML directly to an output range.