Introducing lambda-comments
7 minute read

I’d like to introduce a new open-source project which I hope will be useful to people who would like to add comments to their blog or website.

The project is called “lambda-comments”, and you can find the project page on GitHub.

Static Site Generators

There are many ways to build a blog. WordPress is by far the most popular open-source blogging software. Many people choose to not build their own blog and instead publish their writings on a platform such as Medium.

For those that like to maintain control, an increasingly popular alternative is to use a static site generator such as Jekyll, and host the site for free using a service such as GitHub Pages.

This blog is currently being built using a Go-based static site generator called Hugo and it is hosted on Aerobatic.

Check out StaticGen for a nice list of static site generator projects.

As for hosting companies, you have a lot of easy and cheap options. Amazon S3 is inexpensive and gives you a lot of control. Surge is a popular service (run by friends of mine) and they’ve got a great CLI tool that makes publishing almost instantaneous. People think of Firebase from Google as a real-time database service, but they’ve got a great static website publishing system as well. Netlify and Aerobatic are advanced solutions that can automatically rebuild your static site on their servers, separate assets out onto a global CDN, and they offer lots of other nice features that web consulting shops and agencies would find useful.

Commenting Systems - Hosted vs. Self-Hosted

If you are using WordPress, there’s a database always running behind the scenes and it has support for self-hosted comments built-in.

Static sites, on the other hand, are not rendered from a database. So many blogs hosted on static sites do not have comments. Often this is just a conscious decision by the blog author so that they don’t have to deal with malicious user-submitted content.

Many bloggers decide to have conversations off of their blog – and in social media instead. There are usually more people interacting with Twitter, Facebook, LinkedIn or Hacker News at any particular moment. Social media conversations tend to get lost in the noise over the time, whereas blog comments will always be discoverable via search engines for as long as the blog post exists.

Most static sites that do have comments use a hosted service. Disqus is the most popular hosted service, but there are many others. Disqus is free and it has many nice features. It’s easy to integrate into a blog – simply drop their html snippet into the right template, and their JavaScript loads and shows the comments and comment form on your pages.

However, not everybody wants to use a hosted service provided by a third-party. Privacy and data sharing are important issues on the modern Internet. If you haven’t tried out Brett Gaylor’s “Do Not Track” online documentary, do it now!

Hosted commenting services do have a lot of features, and many offer some degree of configurability and customization. But no proprietary service can offer the amount of flexibility that a self-hosted open-source solution can provide.

Self-hosting means that the data is on your own servers (or servers you rent in the cloud). You don’t have to worry about the hosted service being “sunsetted”, the “platform risk” of the service being radically changed with short notice, or having the formerly free service converted into a paid service when the VC money dries up. If you compare, you’ll find that the “terms of service” for a cloud provider such as AWS are quite different from the terms for a special-purpose comment hosting service. (No, I haven’t read them)

For the truly paranoid, the national security spooks in various countries are going to focus less attention on small self-hosted systems than on the big services they can easily subpoena for bulk data collection. Dictatorships will find that it’s more effort to censor a bunch of individual websites and APIs than to just block the big ones that are ‘inconvenient’. And if you are truly trying to hide something from somebody, there’s nothing stopping you from running your self-hosted comments on Tor .

Open-source Commenting Systems

If you Google for ‘open source disqus alternatives’, you’ll find some great-looking projects such as Isso and HashOver. They can be installed on a Linux virtual machine running in the cloud - a $5/month virtual machine should do the trick.

But $5/month is still a pretty pricey solution for comments on a static site, which might be hosted entirely for free otherwise. Plus, there are servers to maintain, and system administration skills to master, and security patches to continually apply. Take this blog for example, I typically only write a post every month or so, and I don’t expect that there’s going to be a lot of people leaving comments. Ideally, the cost per comment should be low.

Last year, Amazon announced AWS Lambda, which allows you to host code in the cloud that can run in response to events. If the code only needs to run for 30 seconds to respond to an event, then you only have to pay for 30 seconds of compute time. It’s a perfect model for a self-hosted blog comment system.

So that’s what I am introducing today. lambda-comments is an open-source self-hosted blog comment system that can be deployed to Amazon, and it hopefully will cost less than a dollar a month to operate.

Spam and Abuse

I’m old enough to remember when spam and abuse was not a big problem on the Internet. However, these days, it’s an awful mess.

In order to keep the initial implementation simple and to encourage people to leave comments without a lot of friction, lambda-comments allows for anonymous commenting. It also optionally allows people to leave their name and to link to their own or other websites.

In this very first implementation, there is no attempt to try to verify that people are who they say they are, so it is wide open to the abuse vector of somebody attempting to impersonate somebody else. For a lighter traffic “gentle” community, this is probably not a problem, and can be easily policed. I’m hoping this blog fits that model. For some other types of higher-traffic, open communities, this design decision would be entirely wrong, and a more strict solution will need to be built.

Right now, lambda-comments can be configured to use Akismet from Automattic (the WordPress company) as a first line-of-defense against blog spam. As there is no moderation queue yet, if the comment is flagged as spam, it just won’t be accepted. In the future, I’d like to implement a moderation queue so that comments that are falsely flagged as spam can be accepted.

Lastly, if you want to read a great article about commenting systems and abuse, go read “The dark side of Guardian comments”.

Try it out!

This blog post is the very first time I’ve deployed the commenting system ‘in-the-wild’. Try leaving a comment below!

Better yet, see if you can set it up yourself on your own AWS account and on your own blog. It’s a little bit complicated, but it should be do-able.

I’d love to hear any success stories (or failure reports) in the comments below! See if you can be the first to get it working!

Also, if you like it, please be sure to give the project a GitHub star!

Portland IndieWeb Summit 2016

In other news, I bought a ticket for the IndieWeb Summit in Portland, Oregon on June 3-5, 2016. So if you’re going to be there, I’m hoping to show off the project. Also, I’m always available in Vancouver, Canada, and I’m frequently in Seattle. I’d love to meet for coffee or beer.

And be sure to check out my current contract availability by clicking the ‘+’ in the upper left corner of the page!

Follow-up post: A day on the Hacker News home page: lambda-comments