

I made a browser-based chat app. Based on node.js and nodechat. - isaacsu
http://twich.me/hackernews

======
keyle
That was fantastic and fast, but it definitely needs Flood control
<http://www.irchelp.org/irchelp/mirc/flood.html> and
<http://en.wikipedia.org/wiki/Internet_Relay_Chat_flood>

~~~
isaacsu
Definitely needs flood control. Thanks for the ref. I'll read up on it.

------
dprice1
I got a series of "lol" popup dialogs, then was pushed out of the room and
returned to Hacker News. I was fairly frightened by this turn of events and
won't return using my normal browser without some assurances that I'm not
going to be victimized. I guess I'll fire up a virgin firefox profile and try
some more.

On the user interface side, it would make sense if any line starting with "/"
was interpreted as a command (legit or not). Otherwise, you'll have a lot of
"/help" and so forth in the channels. Especially since "/print" _is_ a valid
command.

Update: Not sure, but I think someone has now injected some JS which causes
everyone else in the channel to continuously spam it with the word "crash".
Good times...

------
davi
wow too bad it tanked so quickly with spammer types

very cool and thought provoking. BTW, I was "foo". :)

Feature request: When I log out & come back to a room, the conversation should
still be there.

edit: interesting, someone just downvoted a bunch of comments here. HN has
grown large and attractive to idjits. I upvoted the zeros back to ones.

~~~
isaacsu
Re: spam Well I was half expecting it. I suppose now we sorta know how it
holds up to heavyish traffic, even if it's spam...

Thing is twich rooms don't hold any history. it works more like throwaway
chatrooms atm.

Persistent rooms - I'm strongly considering implementing down the road.

------
isaacsu
You can spawn your own twich room by just linking to

<http://twich.me/any_room_name> or <http://2wi.ch/any_room_name>

Works on iOS and Android too.

Comments and feedback appreciated.

~~~
jasonz
looks great, can I control who is in my room if I make one?

~~~
profitoftruth85
This should definitely be a feature. Also, when somebody posts it scrolls down
to the bottom. Sometimes the bottom half of the window showing the chat turns
black and blocks out the text in opera on mac.

------
rksprst
Bug (or feature I guess): if I scroll up and someone posts, it autoscrolls me
down to the page.

~~~
entropie
Annoys me too. But overall, a nice thingy.

~~~
isaacsu
Agreed, the User Experience definitely needs a lot more work. Thanks for
feedback.

------
carbocation
If someone types an extended string of unbroken characters, you should break
that string for them. If you don't, the horizontal autoscroll bar appears and
actually blocks the 1 most recent comment.

------
jerf
Unless you've fixed a XSS bug in the hour since it was posted here, kudos on
being the first Node.js chat site I've seen like this that was not vulnerable
to XSS discoverable within ten seconds.

~~~
zepolen
The actual app is pretty well xss proofed.

But, unfortunately if you go to this link...

    
    
        http://twich.me/<script>alert(document.cookie);</script>
    

(had to stick it in code block because HN auto marks it as spam)

~~~
jerf
Ah, alas, I stand corrected. That's a 10-second one. I didn't do much more
than a 10-second pass, that's usually sufficient.

~~~
zepolen
Unfortunately there was also another one in the youtube embedding feature,
took half an hour to find :)

------
heyadayo
Open sourced code or it didn't happen.

~~~
fuelfive
bump

------
akkartik
How's it different from <http://github.com/ry/node_chat>?

Here's my clone with a shared jukebox: <http://github.com/akkartik/node_chat>

~~~
jackowayed
infinte rooms. so you just go to twitch.me/foobar and send other people that
link. You're chatting with just those people.

Sure, you could host node_chat yourself, but a) then you have to host
node_chat yourself, and b) if you found yourself in a situation where you
wanted 2 rooms open at once, you'd have to start up another instance of
node_chat.

~~~
akkartik
Ah.

------
KingOfB
Great work, was fun till the spammers showed up.

You leaning towards open sourcing it or selling access to chat servers?

~~~
isaacsu
Thanks. Yeah I'll definitely have to work on the spamming. Leaning towards
open sourcing it and maybe run a hosted service.

------
mike-cardwell
Beautiful.

However, your restrictions on names are too strict. I should be able to use
the name 話筒. Nice that I can use chinese characters in the chat room name
though.

Do you have any intention to monetise this? If so, do you have any ideas you'd
be willing to share?

------
mike-cardwell
Also, do you intend on making it possible to use without javascript enabled?
An iframe for the chat input and one for the output each doing long polls with
meta refreshes should do it. Considerably less efficient of course, but opens
the app to more users...

------
RiderOfGiraffes
Can't read the dark grey on black.

------
isaacsu
hi everyone. suggestion: start your own twich by just linking to
<http://twich.me/[roomname]>

and post the link to get others chatting with you. it's getting too crowded in
the main room.

------
statictype
Interesting because injecting script tags shows them properly escaped but also
seems to be evaluating them. Not sure how both can happen at the same time.

------
denik
here's another long polling chat, in Python and with source code:
<http://chat.gevent.org>

------
d0m
Really out of subject; but those colors are pretty cool. I wish I had a theme
like that for Textmate or IRC.

~~~
isaacsu
Color scheme is homage to original nodechat demo which uses the same.
<http://chat.nodejs.org/>

------
chegra
Love it, I'm at <http://twich.me/chegra>

------
jarin
I love the embedded YouTube :)

------
woogley
I think I would be more impressed if this used WebSockets or something. How
many Node chat apps have we seen? .. Actually, how many AJAX chat apps have we
seen? I'd like to see a different network project, or at least one that uses
sockets instead of AJAX polling ..

~~~
jacquesm
Would you like a pony too?

How about you build one?

------
kwamenum86
Still vulnerable to XSS...

------
lalalala
for (i=0;i<=500;i++) { $('input#entry').val('kjhjkh' + i); $('input#entry-
btn').click(); } or you could just push it to the url

heaps of people have injected js too

~~~
netaddict
while(1){ $('input#entry').val('hahaha'); $('input#entry-btn').click();}

------
isaacsu
hmm... someone's stress testing <http://2wi.ch/hackernews> atm. let's adjourn
someplace else. suggestions?

~~~
zepolen
Slight bug: you can pass in %31 as your nick which makes it '1' bypassing the
3char limit.

~~~
isaacsu
Thanks for picking that up. I would've never picked it.

~~~
bl4k
you need to re-evaluate how you are handling characters. you aren't escaping
and encoding properly. there is no point in just smashing the little bugs that
people bring up because it will still leave other things open. time to re-
eval.

~~~
Terretta
> _"you aren't escaping properly ... re-eval"_
    
    
      eval(eval(escape(string)))  ?

------
Mpdreamz
Love the BitchX inspired theme :)

------
butu
I love this one!!! I can start the group chat in a second!!!

