Never understood the need for disqus, it is always blocked like every other 3rdparty service but when i see it blocked i never understood why someone uses an external service for a simle discussion in a CMS. How is it that this part is outsourced frequently on blogs, news posts, etc. where traditionally the CMS itself just showed the comments section? Why? I just never enable disqus because it kind of feels stupid to me.
1. I host a static blog. this is not just for simplicity and cheaper hosting but also for security - running your own wordpress/php thing makes you into a huge target to get hacked with whatever zero-day was discovered in WP in the last four hours. some of us don't have time to upgrade/babysit wordpress twice a week. Running a standalone comment system would again open my system up to a whole world of potential vulnerabilities I'd rather not have to babysit.
2. a comment system in particular is like mecca for spammers, who are constantly, relentlessly trying to take advantage of such systems. Even if there were an open source comment system I could run myself, you still need to integrate with some larger-world "spam database" type of thing, to identify trends - with wordpress I used to use Askimet. So you need a 3rd party service anyway, why not just put the whole comment thing into it and have them handle the whole thing.
basically with disqus I can plug it into any old blog, not look at it for 6 months, and when i come back, it's still running, hasn't allowed my server to get hacked and isn't loaded with spam.
Don't get me wrong, i can understand your reasons, but if you think your blog content is worth a commenting system, someone might find it upsetting that you are sending him to some external, tracking, data leeching entity where he even may need to create a new account, give away his email address just for your laziness to maintain a blog software (which _really_ is not that hard).
You will hopefully understand then that i don't like the idea of sending some service data (the information that i am browsing your blog is not something some other party needs to know, let alone my comment and potentially other data). Even worse, a non-tech-savy person may not even recognize that he is surfing two different websites in one and where he is sending data to. Then again, you probably don't care about my comment. But so much for my feelings about disqus and what i think about it.
> someone might find it upsetting that you are sending him to some external, tracking, data leeching entity where he even may need to create a new account, give away his email address
I'm not at all happy about those things, but this is an issue of tradeoffs - the blog I'm talking about isn't my key business, it's merely a side thing for occasional announcements. My key software project is SQLAlchemy, I run my own Trac instance, and I regularly have to babysit it for when it is getting spammed or crawled or slowing down my server or whatever - but I want to own that data and not give it for free to github, so I make the effort. Similarly, I run my own Jenkins servers instead of relying on Travis and I host them on my own EC2 instances. Services and data which are important to me I self-host. Blog comments for me are not.
If I were running a political blog where I'd like to invite lively discussion from a wide variety of individuals, then I'd probably want to take the effort to self-host. But as we all know, if my political blog is visited by folks the US government wants to know about, I will be coerced into secretly sending all my data to the NSA in any case.
> just for your laziness to maintain a blog software (which _really_ is not that hard).
Of course it's not that hard - but when you say something is "really not that hard", you have to consider that as an OSS developer, I am babysitting literally dozens of technical streams, including services and hosting for my projects and technical issues for all kinds of people every single day, all of which is effort I put out for free, save for whatever I get on gittip. Every new service or software I have to host and babysit adds to what is already a formidable amount of plates to keep spinning - so those things that I do self-host have to be worth it. I write only a handful of blog posts a year which are themselves of little consequence and entirely technical. Nobody needs to comment on them and the people who do are certainly technical.
The existing solution, WordPress, is far too difficult to maintain, and it is some of the worst written software in history - I wrote about the many issues I had with it here: http://techspot.zzzeek.org/2010/11/21/how-coders-blog/ .
I'm in no way implying that a self-hosted comment server isn't a fantastic idea and something sorely needed - if a non-commercial, privacy-oriented organization wanted to host and maintain it for free use by others, I'd switch from Disqus immediately.
And that is just a "apt-get install xyz" away. That's no big effort.
All in all, what you are telling me is that your own blog post is important enough for you to not just use wordpress.com, blogger, tumblr or whatever is out there but that your visitors privacy is non-important to you. But you're a tech-savy developer, you're on "hacker news", you should care for at least some basic amount of privacy! ;)
> i never understood why someone uses an external service for a simle discussion in a CMS
While Django/Rails indeed make it simple to implement per-article comment threads, the hard part is not the collection, storing, and display of comments. It's the fact that you're accepting content from people you don't know or trust and publishing it.
- Can people leave comments anonymously? Few blogs think this is a good idea anymore. So now you need a user identity system.
- Does that mean you're going to have your own user management just for leaving blog comments? Probably not. You don't want to have to manage password reset emails, for example. Letting someone else manage that is more sane. Someone like Facebook/Twitter/Google/Yahoo.
- So do you write integration with all of them yourself? Bleh.
- Then someone leaves a comment. Is it spam? You need integration with Akismet or a similarly powerful engine to help stem that tide. Doing it entirely manually is a huge time sink.
- But not all bad comments are spam. Some of them are ascii-art genitals. Sometimes people just use your comment thread as a soapbox for their personal crusades or get into pissing matches with each other. If you have many comments at all, you need a moderation system to prevent them from creating a hostile atmosphere that drives nice people away.
- You have to ensure that people can't use your comment form to inject a XSS attack onto your page, or exploit some security bug in your web framework to take control of your server.
So people save some sanity by just using a 3rd party blogging service entirely (Blogger, Tumblr, Wordpress.com), or embedding Disqus, or putting a link at the bottom of the post saying "Discuss on Hacker News".
Edit: added the "like social networks" example in the second bullet that was in my head but didn't get into the text.
You let it sound as if it would be such a great hazzle to setup a website, yet websites and comment sections existed for so much longer then disqus. And guess what, spam also existed back then!
Ok, i get it, people are just to lazy to do that work (but they find the time to integrate disqus...) but from my point of view they are leading me to a website i don't want to use at all. Disqus is like a hidden website embedded in the one i want to visit. The difference is that I know that and i block that. Other people use that service and might not even recognize that they are leaving their tracks on some other website they don't even know about. And in contrast to the usual ad/cookie tracking they might even leave their email address there.
And seriously... an easy to setup CMS, that has a "user identity system, optional openID, an anti spam measure like recaptcha"? Does such a feature-beast even exist amongst the quadrillion CMS that exist since the dawn of time? (<-- sarcasm)
When i go to blogger or tumblr or wordpress and leave a comment i am aware that i leave a comment on that site, and only on that site. That's a big difference. To me at least.
From my point of view the hoster of a website is somewhat responsible for my user data. He shall not send my password to some other party, or he shall not send my email to some other party, etc. Using disqus only shows that he doesn't really care to the extent i would wish my data to be handled.
Of course it is up to me to use disqus, but, as i mentioned, 99% of people wouldn't know what is happening.
> Of course it is up to me to use disqus, but, as i mentioned, 99% of people wouldn't know what is happening.
Not intending to sound ofensive nor harsh but 99% of people don't really care with what is happening.
And... as an experienced sysadmin (+15 years), I really disagree that get a VPS+Nginx+Apache+WP+MySQL+OAuth+Akismet running, and them, maintening it long term is as trivial as some Github/Tumblr pages (or a static site generator) with a pasted JS in the bottom of the theme file.
People don't really care because they don't "get" new technology. That doesn't mean you shouldn't care. One could even say that it is up to us (the tech-savy hacker news surfing sysadmins) to do the right thing.
As an experienced sysadmin you are telling me that setting up some basic blog with commenting takes a long time? Why would you even need nginx?! (or apache for that matter)
I would love to have something that includes a 3rd party thread in the article. For example, when the article gets posted to Hacker News or Reddit, then include those discussions in the article and make it part of the system. That way, I can read the article and still participate in the discussion on my favorite social network without having to open multiple windows or dance around between sites.
I can understand that simple reason of course. But 1. many obviously dynamic sites use disqus anyway and 2. why would i want to split my own content (blog + discussion) when obviously i want to have a dynamic site? Ok, some people don't care, some people only have static webspace.. to me it seems strange anyway. _Especially_ since this seems to be about an open source alternative for self hosting (so, you have a static blog but still host a dynamic comment section? wtf?)
And you lose commenters (like me) and give away control over parts of your site as well as content.
Also by the time you outsource a comment system due to CPU your site probably is big enough for a "real" CMS.. or atleast better hardware, it's not like a good vserver is expensive nowadays.
Not everyone is a knowledgeable web developer, or is interested in the security maintenance of a custom solution, of which you have even less knowledge about the data they collect.
For example, I have a friend who runs a small business selling music samples. He uses WordPress because it is a simple solution that can do a lot for him without a super amount of technical savvy.
I think WordPress is disgusting, but the point is, there is a market for these products. If you feel strongly against this trend, you should consider developing one that drives your vision that has similar practical value.
> How is it that this part is outsourced frequently on blogs, news posts, etc. where traditionally the CMS itself just showed the comments section? Why?
That's an excellent question.
- Commenting systems are hard to write.
- Increased need for realtime and on-demand content loading, whereas parent system might be written in a primarily blocking language.
