
Moot 1.0 launches with embeddable forums and commenting without iframes - tipiirai
http://moot.it/?hackernews
======
Irregardless
Interesting to see the creator of 4chan working on a more conventional forum
platform...

~~~
courtneycouch0
Mr. Poole has no relation to this.

~~~
Irregardless
Then that makes your choice of name very interesting, because the conventional
meaning of 'moot' is 'irrelevant' (unless you're British).

Something seems fishy here.

~~~
kmfrk
Irregardless. :P

(Not that I don't agree with you.)

------
davekt
For 3rd party widgets, I actually prefer iframe for security. The same domain
policy makes it more difficult for xss in the iframe to compromise the parent
page. For HTML5 sandbox iframes, the security boundaries are even more strict
and tunable.

There are some disadvantages to current iframes that Moot addresses like the
lack of CSS cascading from parent page to iframe. The seamless iframe spec
addresses this issue, but it's not widely adopted yet.

~~~
tipiirai
Moot uses IFRAME for the authentication since that's the on that needs
security.

~~~
davekt
An example attack iframes would make more difficult is XSS in the comment
fields, e.g. an attacker bypasses sanitization and injects js into a page.
With a sandbox iframe, the comments section could be restricted from
compromising the top level page, e.g. stealing cookies, redirecting, etc.

~~~
tipiirai
You mean someone could put JS into the comment box and inject it into the page
somehow?

~~~
davekt
Correct. If the 3rd party js properly sanitizes user input, this xss attack is
moot. However, browsers love to eval stuff (<http://html5sec.org/>), and
sandbox iframes provide good defense in depth. Secure programs like qmail have
been using separate, sandboxed processes forever, but this secure design model
has only recently been possible in the browser thanks to iframes and
postMessage
([http://www.cs.berkeley.edu/~devdatta/papers/LeastPrivileges....](http://www.cs.berkeley.edu/~devdatta/papers/LeastPrivileges.pdf)).

------
kmfrk
This looks seriously interesting. It could be everything I've wanted Disqus to
be - and their service has only really gotten worse over time.

Don't know about the forum aspect, but the comments design is great. I hope
you can enforce whether it is linear or threaded from an admin point of view.

~~~
courtneycouch0
Yes, you pick whether your comments are linear or threaded and you can mix and
match (use threaded in some places, and linear in other places). It's
configured simply by how you embed it.

~~~
kmfrk
I was wondering, with the JS and all, how are the forums from an accessibility
perspective?

------
Narretz
Wow, seems to cover a lot of use cases. I wonder how it compares to
discourse.org

What confuses me a little is the part in the manifesto, where they basically
claim, Moot will reduce trolling and memes and make conversation more
meaningful. I think that any technical platform can be compromised, no matter
how sophisticated. Sure, you can reduce trolling by voting etc., but how is
technology supposed to help if the users themselves are not providing enough
meaningful content?

~~~
EvilTrout
Discourse founder here. I tried their demo forum but it currently isn't
responding. Probably too much load from HN although their home page claims
they can handle 1k posts per second (trollface).

From a cursory point of view, it seems to have more in common with Disqus than
Discourse. It's embeddable, doesn't allow rich posts or markdown or our
support for embedding videos, github, wikipedia, amazon, etc.

It's also closed source, although it is free and they claim they'll never
insert ads.

I have no idea about their support for the other challenges we've faced such
as infinite scrolling that is compatible with the back button.

I am skeptical of redis as their only data store. We use redis too in
Discourse but this would demand that all forum content can fit in memory at
once, and there is a chance if a server crashes you'd lose so. Not to mention
querying it is much more difficult especially when filtering.

Either way, we're glad to have the competition!

~~~
tipiirai
Nice!! I can clearly see from your tone that we're now competitors :)

As you can see, we specifically _don't_ allow images, rich text editing or
videos. We want to focus on content and the discussion. Our minimal design
emphasizes this.

We also think that infinite scrolling is bad UI design. We had it on our early
versions but took it away. Much clearer without - you should try too! But of
course, the more we differ the less we compete with each other.

~~~
EvilTrout
Nothing personal, just as makers of forum software, anyone else who makes some
is a competitor by definition, even if we are both free products.

I'm happy to have many others in the forum space as it legitimizes our cause
and pushes everything forward. Our main goal is to modernize forum software
and so is yours, so we're fighting the same battle here.

Also there's no way we're backing down on infinite scrolling :)

~~~
courtneycouch0
Totally agreed. We were excited when you guys launched for the same reasons.
Further validates the space! There simply needs to be more options, and it's
great that there are people getting interested and creating products in this
area.

------
trumbitta2
This appears amazing and promising. I'd really like to witness the rising of a
proper competitor for Disqus.

~~~
JLehtinen
And of course Moot also offers forums, which Disqus does not.

------
polskibus
By "You will have full access to your data at all times (*)" - do you mean for
the user or for the site that embedds a forum or maybe both? Do you plan for
data export for both user and site ?

~~~
tipiirai
Data export is coming for the site. For user.. yea, good idea, we can do it
but it's not on our roadmap yet.

------
kmfrk
Problems with log-in, and when I manage to log in, my posts get canned due to
server problems.

Any scoop on the problem? Is it traffic or something in the code?

~~~
tipiirai
We're not seeing anything unusual on the server side. Can you post your issue
here:

<http://moot.it/issues/>

Please describe what steps you did to get the error.

THANK YOU!

~~~
kmfrk
I would, but the reports bug out, when I try to send them. :P

~~~
courtneycouch0
I suspect it's a websocket upgrade issue that you must be having.

Please email support@moot.it if you can with details! This is the first public
availability for moot so it's not too unexpected to have a few bumps.

------
pn1000
Will you offer the ability to backup comments / forums in the future?

~~~
tipiirai
Yes. Data export is coming. The first blog entry says it:

<http://moot.it/blog/release/beta.html>

~~~
pn1000
Thanks. I am going to try it out.

------
overload118
This is awesome. How are you able to offer it for free?

~~~
tipiirai
Our infrastructure is designed from the ground up to handle the kind of spikes
and massive loads that viral and social sites tend to generate. A million
init- requests costs us very little. We can cover the expenses with paid
products that are introduced later: these paid products allow private posts
and custom branding for example.

The features you see on our site now will always be free.

~~~
courtneycouch0
crumbling? median api response times are 1.446ms at the moment and basically
all our servers are completely idle. Any issues would be new bugs for us to
track down!

~~~
jsherer
I'm getting a lot of "We're experiencing problems and this post was not saved.
Please copy/paste this post somewhere and try posting later. Sorry!"

~~~
courtneycouch0
If I could ask a quick favor from you:

Can you create an account and try to post on our sandbox forum:
<http://moot.it/demos/forum.html>

We have quite a bit more logging there. The production system is not showing
any errors.

If you could do that THANKS! If not, sorry that you are having some issues!

