Announcing my latest open source project, in collaboration with @carl

🌵 Cactus Comments - Federated web comments, based on the Matrix protocol.

Docs: cactus.chat/
Demo: cactus.chat/demo
Source: gitlab.com/cactus-comments

@asbjorn @carl is there a way to only post if you’re logged into a Matrix instance to prevent spam?


Short answer:
Not yet, but it is coming.

Long answer: Yes, in a pretty hacky way. You can do it in two ways:
- manually setting m.room.guest_access in all the comment section rooms you want to require authentication for
- disabling guest registration entirely for the default homeserver

But those hacks will both generate user-visible errors.

See this issue for progress on doing it "cleanly": gitlab.com/cactus-comments/cac

@federico3 @carl I think Matrix is a really good standard for all sorts of communication on the decentralized web.

ActivityPub is cool too, don't get me wrong. But Matrix is a bit more powerful in a batteries-included kind of way.

@asbjorn How hard would it be to embed this into blogs? Seems more useful than making people post from their Mastodon accounts.

@Zach777 it should be very easy to embed in a blog. That's the idea 😇

@asbjorn @carl

Does Cactus Comments create one Matrix chat room for every blog post?

@njoseph_1 Essentially, yes.

One comment section = one matrix room. Although you can show the same comment section on multiple pages if you want.

@asbjorn @carl @matrix

Based on your room analogy, it must be also possible to reply to other comments, right? I mean as user and not as an admin

@Mehrad @carl @matrix Of course!

The web client doesn't have UI for composing replies directly on the page (just yet), but you can reply using any other Matrix client, and it'll render just fine.

@asbjorn @carl This is really cool, but having to ask for the user's matrix username/pw on my blog is... 😬

I know matrix doesn't really have better options right now, but still, that feels super unsafe. Matrix desperately needs an oauth flow or something

@jfred Well, the client does include a link labeled "Use a Matrix client"

That'll let your users open the room via a pre-authenticated client of their choice.

@asbjorn Oh, good point! I think I missed that because the styling doesn't make it super obvious that it's a link, and I'm on a mobile browser where I can't just hover over it.

Is there a way to disable username/password auth entirely and rely solely on the user's client for submission? I'd rather not even ask for their creds.

(My current blog isn't a static site, so I don't currently have a use case for this, but I might in the future!)

@jfred Hahah, web styling isn't my strong side 😅 Thanks for the fedback!

There isn't a config option to disable the authentication bits per se, but you could always hide the elements you don't want by editing the CSS file.

@asbjorn No problem! :)

Good luck with the project, it looks really cool!

@jfred @asbjorn @carl

I was just about to open this as an issue as well. This is a huge security risk in offering (and normalizing) this "enter your matrix logins" functionality.

@mray @Bubu @jfred @carl If you look at the replies to Jon's post, you'll see that the client actually does include a matrix.to link 🏜️

@asbjorn @carl I wonder if this is the kind of thing that WordPress will end up doing with matrix.

@asbjorn @carl

So exciting! I wonder if Matrix will be able to integrate with ActivityPub instead of becoming two competing solutions

@asbjorn @carl using a chat for website comments seem wrong.

have you evaluated previous solutions like Isso, Commento, Staticman, webmentions? what is your opinion on them? why do you think your solution is better?


I don't think Matrix is strictly an instant-messaging system at all. I think it is (or has potential to be) a great general-purpose network for real-time JSON replication.

Actually we did compare other self-hosted solutions before beginning Cactus Comments. The fact that it's built on an open, federated standard gives it a lot of extra features. Client compabability, resiliency to downtime, privacy, identity defragmentation, are among those. Centralized solutions have disadvantages.

@davidak If you're more curious about my comparisons to other systems, I can share some excerpts from my BSc project, which I did on Cactus Comments. 🤗

Log ind for at deltage i konversationen

Nørrebro.space er et hyggeligt sted på nettet - uden reklamer eller unødvendig sporing. Ligesom virkelighedens Nørrebro, er alle velkomne her. 🇩🇰🐘 Nørrebro.space er et etisk socialt medie - fordi vi kan.