Rubenerd logo


Feedback on static comments

Last Thursday I put out an RFC on comment systems, and how I’d include them again on this statically-generated blog. I got some great feedback!

Here’s the thing: don’t do it

I sensed a theme in many of the comments. I’ll let Daniel W. summarise much of the sentiment:

For the love of god, DON’T DO BLOG COMMENTS!

His argument was that the world has become even less civil and more spammy since I turned off blog comments here years ago, and that I’m not missing much.

At the time I argued spam had got too much, but I also disabled comments for all the unhelpful people who couldn’t see the forest for the trees. It was frustrating getting mired down in pointless minutea when the broader point of a post was being ignored.

Specifically about anime, Daniel continued:

Blogging about anime in 2018, that’s a paddlin’. People shitpost you for everything and think they are clever. It’s so tiring. Fuck that.

Anime/otaku/weeb stuff was always a side show here, so I never had the noteriety or internet fame to attract those sort of comments. But who knows now?

Your comments have been heeded! Thank you for putting some perspective on this.

The third way

But what if I want to go in full tilt and enable comments here? My concern was I had two choices: go back to a dynamic CMS, or include a JavaScript client like Disqus. I didn’t like either.

Turns out, there’s a third way I hadn’t considered: accept comments with a web form, backed by a script that appends them to the right post, and regenerates the site. Huge thanks to Jim Kloss from Whole Wheat Radio, and William Hales from Halestrom for cluing me into this now obvious idea, and for taking the time to dive into it.

I love it for a few reasons:

  • It keeps the site static, which means fast and easy.

  • I can write the scripts I need in Perl, still my first love after all these years and many other languages later. Or even shell scripts, as William suggests.

  • I can use a FreeBSD jail and rate-limit on IPs to keep spam down, or even queue posts for me to release manually every few days.

From Jim’s email:

If comments are just data appended to the original static data, the issue is how to append data as though you had included it in the original data. You receive additional data (comments) and type at the bottom of the original data. So the question (I assume) is how/where to collect the data and then automate the typing. Could you have a “drop box” where data could be deposited on your site then a cron-like task that tacks it onto posts? How would the new data be identified so it gets tacked onto the correct post? How could the depositing of this additional data be made a fun and safe process for the writer? Could you just collect comments from Twitter, email, drop box, phone messages, audio, etc. and append them? Something even more creative … a global blob where ALL comments are gathered, unassociated with their original, except for however the reader/commenter wants to join them in their own mind? FUN!

Merci! He’s in France right now :). It would require me to generate the site on the server, rather than locally and push with rsync. But that’s a long overdue change anyway, so I could see this working.

For those who didn’t know Whole Wheat Radio, Jim knows all to well the idea of a drop box system; WWR had this awesome feature where you could call in phonegrams that would be queued and played live on the air.

William’s blog post was similarly amazing, with screenshots and stores of hidden bodies. He implemented a static site comment system on Haelstrom, and even thought through the issues with spam and abuse. The whole thing is worth a read, but these were my favourite lines:

Ruben Schade is asking for advice about adding a comment system to his blog? You fool! I’m only too willing to give it.

Suggested solution: write a small .cgi script that handles accepting comments and generating .html files containing nothing but them. Then [iframe] or similar them in to your main pages, so you don’t have to modify your main pages (or touch your vcs) when a comment gets added.

Until then: don’t throw databases at problems your filesystem will happily solve.

Using this as an exercise

I realised while writing this post that soliciting comments and getting email had been a fun exercise itself. Maybe I’m overthinking this, and I should just keep it there.

The main downside there is people may not be enthusiastic about commenting if they either need their own blog to link back to mine, or to write me an email. But as Jim says:

I read you daily and have frequent knee-jerk reactions to comment – and therefore sorta appreciate not being able to comment because by now I’d have made a fool of my myself

I don’t think there was ever a risk of that :).

Moving from 1Password for KeePassXC

This post was originally written on the 12th of April, but wasn’t pushed for some reason.

1Password is the best password manager available. It’s the most user friendly, auto-fills the most intelligently, and has the cleanest interface. It’s also from Canada, where they pay millions for our shared royal family to tour around as well. God save the Queen, who lives somewhere else!

It’s also not cross-platform. Their support team said they’d never say “never” to a Linux port, and therefore the potential to run it on FreeBSD without Wine, but that was eight years ago. Now that I use FreeBSD on the desktop again, I’m after alternatives.

KeePassXC icon

KeePassXC fits the bill. KeePass is the defacto standard now, and KeePassXC is broadly the latest maintained version. In short, they’ve done a great job.

What’s particularly nice about KeePassXC is its official Firefox plugin that negates the need for KeePassHTTP for password auto-fill. You:

  1. unlock your KeePassXC database;
  2. enable the Firefox browser integration;
  3. install the Firefox plugin;
  4. go to a site in Firefox and authorise it; and
  5. henceforth, choose your login from a dropdown on forms. Boom!

On the FreeBSD side, it’s available in the ports tree and only really brings in some Qt dependencies. That would have bugged me a decade ago when I was trying to keep my desktop environments limited to Qt on KDE or GTK on Xfce, but ain’t nobody got time for that now. If YubiKey support is needed, you’ll need to make config and build.

There seems to be growing interest in migrating from 1Password Vaults to KeePass databases, based on blog posts and Github projects. For now I’ve been manually migrating things across as an excuse to clear out old cruft.

If it works well over the next month or so, I’ll channel the licence fee or a few months of subscription eels I would have spent buying 1Password for my dad on a donation to them instead :).

RFC: Comment systems

This throwaway line on my recent post about replacing social networks with RSS generated some interest:

And maybe… I need to re-enable blog post comments again.

But not for the reasons I thought. Re-enabling something again sounds like something Yogi Berra would say. It’s completely superfluous to mention, unless I had disabled blog comments once before. Which I hadn’t. So why am I even bothering to

@Georgina posted this comment on The Twitters:

@Rubenerd If you did enable comments on your blog again you’ll definitely see my face there on occasion 😉 Funnily enough I was reading a friend’s blog and she was not too chuffed about the growing number of monetised blogs, missing the days when people actually wrote about life.

That’s a good point, I hadn’t even considered all those paid blogs regurgitating the same stuff everywhere. In my head those aren’t blogs, they’re something else.

As for enabling comments, it raises a key concern: I statically generate my site, like a gentleman. It means my posts, themes, and other site assets are all in version control. I don’t need databases or an interpreter or server-side caching to limit hits to the software; the pages themselves are the cache. But it limits what I can do.

If I wanted to enable blog comments again, there are really only two choices:

  1. Implement something like Disqus on my static pages, which is reasonably the only game in town. I don’t like this because I dislike JS, and I’m concerned about tracking.

  2. Run a CMS again. This is a big jump in terms of server requirements, and negates all the convenience and performance of static sites, but puts the code server-side where it belongs.

I’m torn. I’m leaning towards 2, but 1 would let me flip the switch today. Maybe I’d include 1, but have instructions on how to block it? Or research Disqus alternatives?

Or if I went with 2, what would I do? I’d want something that runs on Postgres at a minimum, but none of the popular blog platforms support it without potentially breakable shims. Or do I roll my own?

Loyal Rubenerd readers, whaddya reckon?

Vertel Etherwave

A borked PDF render of Etherwave

You’ve heard of vapourwave, but have some Vertel Etherwave which:

comes with QoS guarantees around packet loss, latency and jitter and provide organisations with control and management options that just don’t exist in Layer 3 VPNs.

Through no fault of theirs, I liked that Firefox took their guarantees around jitter and did that to the PDF! It’s as if Firefox has a sense of humour boolean in about:config.

Forcing Xen ACPI shutdown

Xen's Panda mascot

If you’ve got a Xen domU misbehaving, you can force an ACPI shutdown with the -F option.

For example, say you have the following:

Name                  ID   Mem VCPUs  State Time(s)
Domain-0               0 59839    16 r----- 14529.0
borked-windows-server 32  4096     1 r-----     0.1

To force shutdown domain 32:

# xl shutdown -F 32  
==> /usr/lib/xen-4.9/bin/xl: invalid option -- 'F'
==> unknown global option

Or at least, I thought we could. Since when was -F an invalid option? Surely it wasn’t a regression, or compatibility issue between the xm and xl toolstacks. I thought xl was broadly a drop-in replacement?

Hey, wait a minute:

# xl -F shutdown 32
==> Shutting down domain 32

I swear half my problems stem from misordered parameters. You should see me with dd when I’m alone at night, it’s late, and the decaf coffee failed to placebo effectavise. I’m fairly sure that isn’t a word.

In my defence, force is an action to be applied to shutdown, so it looks like it should follow. There’s also precedent for this order, for example:

# diskutil unmount force
# zfs umount -f
# luxadm remove_device -F enclosurename,[f|r]slot#
# birdistheword --force

The beige 5.25 inch Zip Insider

Speaking of eBay learnings, TiL that Iomega made a beige 5.25” Zip Insider drive. From stevencasteel’s PowerComputing tower auction:

The beige Zip Insider drive

It was either made without bromides, or was added later to the machine, or it just aged much better than the original bezel did!

The vast majority of Zip drives were 3.5 inch beige IDE units. Iomega briefly made rather handsome 5.25 inch blue SCSI units to match their external drives, which I was super lucky to grab at auction this time last year:

The blue Zip Insider drive

But I had no idea that larger unit also came in beige. I suppose it makes sense; the blue was fetching but didn’t match the cases at all at the time. Or today’s modern PC cases, which like the Model T come in any colour you want as long as its black.

Replacing social networks with RSS

The imitable Screenbeard over at The Geekorium wrote a post in response to my farewell to Digg Reader last week. I’ll admit, it was fun reading someone’s response like this; it reminded me of the blogosphere of old. Yes the term was a bit cringe, but it described something real.

And that was a large part of the thrust of his post. Having given up on Facebook and Twitter, he’s now left with the prospect of what to do next. Like my beloved Digg Reader, he found Fever has been retired, and his mobile reader Press is de-facto abandonware.

To the first point about social networks, I find myself in a similar situation. It’s a grim situation, and I share his distaste and lack of patience for self hosted services that don’t function nicely.

I was one of the first Aussies and Singaporeans on Twitter; bit of a humble brag, but it means I have so many varied people from everywhere on there that continue to make my life a delight. For conferences like AsiaBSDCon, it was invaluable.

Facebook was easier to abstain from precisely because it never got its claws in me. I have all my high school and university friends on there, but they know if they want to contact me, they email or tweet. Or poke me on LinkedIn, another site I log into maybe twice a year.

(I first wrote about going away from Facebook a decade ago, though back then it was as much because of oneupsmanship as privacy. I’ve barely touched my account since, but I haven’t deleted it. Wonder why I can’t?)

Which gets to the crux of the issue: it’s all about people and stories. The Screenbearded gentleman mentioned he’d been trying RSS which satisfies the latter, but how do we address the former?

I feel a sense of kinship among bloggers now, perhaps because so many of our former compatriots have stopped writing, shrinking the pool further. It does feel lonely being outside the wall sometimes; Facebook sure sounds like they’re having lively discussions and fun sometimes.

Screenbeard used the term federated. I like this. Decentralised alternatives are a step in the right direction, but we need distributed networks. And in a small way that’s what blogs are; a federated network of self-maintained, self-controlled sites.

In the words of Sheryl Crow, I have the feeling, I’m not the only one.

In the meantime, I’m going to fire up Ansible and a Joviam FreeBSD VM to get Tiny Tiny RSS going again. It may not be the prettiest around, but it does have a certain classic Google Reader look going which I like, and works with my mobile apps. It also has the largest install base among self-hosters, which I’m hoping will ensure its long term survival and viability. Bonus points for Postgres. If I like it, you bet I’ll be becoming a Patron.

And maybe… I need to re-enable blog post comments again.