

Nemex – A tiny app that helps you to track and curate ideas and projects - rootinier
http://beta.nemex.io/

======
stasm
There's some negativity in the early comments here, but I'd like to applaud
the effort of making this a dead-simple self-hosted, FTP-friendly solution. We
need more experiments around federated self-owned networks which are appealing
to end users.

Is the code hosted somewhere on a VCS?

------
Procrastes
A fun idea, a perfect name and I like the user experience. Take the advice
about security and structure seriously, but you have something worth finishing
here. Pop this up on GitHub, and I expect you'll find helpers with the code
refactoring and feature requests.

------
jstsch
Great idea, great that you shipped, now improve, improve, improve. Put the
code on github and let people file issues and pull requests. Yes, many things
in the code can be cleaned up, but kudos that you got it out there instead of
having it run on just on your personal VPS.

We need more dead simple-to-install open source webapps, especially with a
modern look!

------
jaza
The site looks nice, cool intro video and all - but when I tried it out
locally (my PHP has "display_errors = on" and "error_reporting = E_ALL"), I
saw error messages all over the place. "A session had already been started,
ignoring session_start()" shows repeatedly, and various "undefined variable" /
"undefined constant" messages. Not so pretty.

I too applaud the author for embracing the spirit of open-source; but I think
now would be a great time for him/her to learn the super-basics of PHP (and
programming in general) best practices. Develop with all errors being tracked
and displayed! Don't use undefined variables or constants! Use tutorials /
books that were written in 2014, not in 2003!

------
michaelmior
After reading the site, I'm not really sure what this is.

~~~
8ig8
Came back with the same feeling. My guess is that it is a self-hosted personal
notebook of sorts that supports Markdown entries and photos. Maybe?

------
ivan_ah
An idea. Okay so generally we can all agree that PHP is a very bad language,
but you can use PHP to build great things too like ''dokuwiki'' for example.

So the idea is to package all the necessary parts of ''dokuwiki'' and make it
installable by simply throwing or wgetting it into a PHP enabled dir. The
first rule of software development is "don't write code, because there is
already someone who solved a similar problem before you." Instead of writing a
whole new blogging platform, see what you can build starting from a stripped-
down ''dokuwiki''. Using the fs as the data store is a good pattern for
usability.

------
ivan_ah
1\. plz remove junk files from the zip file:

    
    
       inflating: nemex/php/zipProject.php
       inflating: __MACOSX/nemex/php/._zipProject.php   <---
    
    

2\. provide a real download link --- I want to copy paste and wget from my
server but when I right-click copy link I got
[http://beta.nemex.io/#download](http://beta.nemex.io/#download) ... I had to
manually deduce the correct url is
[http://beta.nemex.io/php/download.php](http://beta.nemex.io/php/download.php)
...

~~~
lucaspiller
Is there a tool that automatically strips this? I keep finding this in
Wordpress plugins and themes I download...

~~~
ivan_ah
On the command line, this should work for tgz:

    
    
        COPYFILE_DISABLE=1 tar cvzf release.tgz file1 dir1 dir2 ...
    

or for zip:

    
    
        zip -r -X release.zip  folder_to_compress
    

via [http://unix.stackexchange.com/questions/9665/create-tar-
arch...](http://unix.stackexchange.com/questions/9665/create-tar-archive-of-a-
directory-except-for-hidden-files) and
[http://coolestguidesontheplanet.com/how-to-compress-and-
unco...](http://coolestguidesontheplanet.com/how-to-compress-and-uncompress-
files-and-folders-in-os-x-lion-10-7-using-terminal/)

------
mcescalante
Looks like HN traffic overwhelms once again - I'm getting a 503. The cached
copy isn't particularly helpful since many of the main site images don't
display.

~~~
sgerhard
We are back, does it work for you?

------
sgerhard
[http://neonelephant.de/webprinter.html](http://neonelephant.de/webprinter.html)
<\- Use this tool to send feedback :)

------
adestefan
> nemex doesn’t need a database. This means that you can easily download the
> zipped package, fire up your ftp-client of choice and copy the files to any
> directory on your web server. As soon as you successfully uploaded them,
> navigate to the /projects folder and set the permissions to 777. Open
> config.php in your nemex-folder and change USERNAME and PASSWORD to anything
> you want.

Ugh.

~~~
sgerhard
What's wrong with that?

~~~
Fastidious
He doesn't like it. Me neither. 777? Too liberal, really not needed. Username
and password on a configuration file? Ugh.

~~~
phoboslab
The app needs write access to the /projects folder. Many shared hosts need
0777 because PHP runs as a different user than FTP. If you know what you're
doing, you can always set it to the minimum required permissions.

What's wrong with the username and pass stored in a config file? Almost all
PHP apps store their database credentials in a config.php as well.

~~~
yeukhon
I don't get it. 0777 is already the broadest permission you can give. So what
is this minimum required permission?

I haven't done much FTP or shared hosts since, maybe, 7-8 years, but I
remember Wordpress has the same 0777 is bad practice for many years and hasn't
changed.

777 is never a good option.

[1]:
[http://codex.wordpress.org/Changing_File_Permissions#Shared_...](http://codex.wordpress.org/Changing_File_Permissions#Shared_Hosting_with_suexec)

Anyway, these days, for a couple dollars you can have a really really good
cloud hosting service.

------
desireco42
I've been having a change of heart when it comes to PHP recently. This kind of
projects is exactly what PHP is for and is perfect for it. As ruby dev, before
you start you need to do so much hand-waving that it kind of kills the joy of
creation.

So congrats for this project and this messy creative code.

------
Sir_Cmpwn
Thanks for using video in place of GIFs!

------
nichodges
Great project. I'm definitely going to give it a shot as a Raspberry Pi hosted
thing.

One comment on the site though - it would be really cool to be able to see a
demo. I get a good vibe from the description/images, but a demo site would be
great.

------
rmorabia
The site is officially broken from an overload of HN requests.

------
fiatjaf
I think it may be a good thing, but all these boggy unrequested animations are
destroying my eye. Where is the play button? I don't want animations!

------
atmosx
I like the idea and can't wait to try it. I was using Evernote to track down
projects, but this one might be a better fit! Thanks!

------
MattGrommes
This looks cool. I wonder if it could be made to run on Heroku? I gave up my
personal server awhile back to run everything virtually.

------
hmans
"As soon as you successfully uploaded them, navigate to the /projects folder
and set the permissions to 777."

------
atmosx
Can't upload images unfortunately. Something goes wrong with the session.

------
3nki
I can't get it to upload any images, from either mobile or desktop.

------
sgerhard
Servers should be back shortly ._.

------
whyubeh8r
You guys are douchebags for shaming his ambitious effort. This tool is awesome
in concept.

~~~
teddyh
If all that was presented was effort and concept, it would be (mostly)
praised. What I see people criticizing is the _end result_ produced so far.
Presenting criticism is not being a “douchebag”.

------
kekub
I have just downloaded and started using the "app" 10 minutes ago. It sounds
like an app I have been searching for for a long time. After downloading I
checked the codebase, as I usually do with every open source project I
consider using - I have to agree to the other users: The code is really messy.
I would suggest you to rewrite the whole app using an object oriented approach
and dividing between HTML- and PHP-Code. Probably you can make use of
something like Twig[1]. Do not create a file for every function of your
system: Create a class for every object like "Dashboard", "Project" and
"Node", then write an API to make their methods accessible from your apps
javascript parts.

After checking out the code and realizing that it might have just been written
by a beginner, I "installed" it locally: From a users point of view I have to
say it is exactly what I need. I am able to post small snippets (called
"nodes") to a project (kind of a category/idea). Thats all. Drag & Drop works
- awesome. The design is simple but really neat! However to make this system
perfect for me it needs to implement multi-user functionality, where I can
chat with my friends about our current projects.

I think I would give this project another try, when you were able to refactor
the whole code basis and add multi-user functionality.

Good luck anyways.

PS: This post lead me to create a HN account.

[1] [http://twig.sensiolabs.org/](http://twig.sensiolabs.org/)

~~~
ohitsdom
You won't use it until the code is refactored? If it works, who cares if it is
a mess and was written by a "beginner".

~~~
kekub
I care. As I am a developer I like to understand what the code does. If they
would refactor this project to use 3-4 classes and a coherent structure it
would make their code easier to overview and maintain. I prefer the mix of a
beautiful UI, a meaningful UX and a powerful codebase.

~~~
GrinningFool
As a developer I challenge you to understand what it does - and how- even
though it's messy.

------
Scottymeuk
Oh god, the code is awful

~~~
meritt
Unescaped user input which reads/writes/etc to the filesystem. Intermix of
PHP4/5 all over the place. Zero separation of presentation and business logic.
It also has code which references a MySQL database and missing library files.

Can we just all collectively downvote this and/or change the title to "Daily
WTF: ..."

~~~
mfisher87
Someone clearly made a project that works for what they want, so shame them?
I'm pretty sure HN is supposed to more about learning and growth than about
putting others down to show off your pre-existing knowledge, discouraging them
from growth or discouraging others from helping them grow.

Your "criticisms" aren't even valid criticisms, they're hyperbolic. _Zero_
separation of presentation and business logic? I looked at the code. Zero
separation means everything is in one file. Yes, the author _mixes_
presentation and logic in many instances, but where is the presentation code
in the file node.php? Oh, look, some business logic is separated to its own
file, just like one would expect with "zero separation". Seriously, why should
we throw a hyperbolic insult that doesn't even address the problem? I can't
think of any good reason to be destructive here.

EDIT: After discussing this more in replies, I found the guidelines for Show
HNs. It looks to me like these comments violate the guidelines for Show HN
comments. If HN is going to be comfortable place for people to share their
work, this shit needs to stop. Every time I see shit like this I think about
how little good it does to post a Show HN unless you already have a business
behind the project. Even when there's low-hanging-fruit that one could easily
help with, some "rockstars" would rather make insults than contributions.

[https://news.ycombinator.com/showhn.html](https://news.ycombinator.com/showhn.html)

~~~
meritt
You point out one example where it's somewhat separate and I can point out
many where it's not. I can also point out numerous massive security flaws,
utterly unused code, the obviously unprepared .DS_Store shit, and code which
attempts to load missing libraries and SQL inserts when it's blatantly billed
as "no database required"

This isn't some arbitrary work-in-progress "Show HN" project. It's being
released and advertised as a fully working product which is quite the polar
opposite, absolutely filled with security holes and should be approached with
serious hesitation before someone were to actually utilize it.

I'd also argue every single one of my criticisms is incredible valid and
hardly hyperbolic.

~~~
mfisher87
>You point out one example where it's somewhat separate and I can point out
many where it's not.

That's great. You SAID "zero". And you pointed out zero examples to defend
your statement. I pointed out one example that completely invalidates your
statement, which is all that is needed. Because 1>0\. Here, let me help. "Your
application doesn't do a good job of separating business logic and
presentation." Was that hard? I didn't say anything hyperbolic, I didn't
recommend downvotes or call his application "WTF" in that statement. It WAS
NOT HARD.

>I can also point out numerous massive security flaws, utterly unused code,
the obviously unprepared .DS_Store shit, and code which attempts to load
missing libraries and SQL inserts when it's blatantly billed as "no database
required"

Did you do that, or did you try and insult the author? I see others in this
thread pointing out specific issues that will help the author. You can't do
that? Or is the author not worthy of your help, but somehow IS worthy of the
time you spent to insult the author's project?

>I'd also argue every single one of my criticisms is incredible valid and
hardly hyperbolic.

Sorry, but if you say "zero" and it's not true, that's hyperbole. It's either
hyperbole or it's not, there's no such thing as "hardly hyperbolic." You
exaggerated and you knew it was an exaggeration, OR you thought you were
making a true statement. Either way, wrong.

[http://dictionary.reference.com/browse/hyperbole](http://dictionary.reference.com/browse/hyperbole)

My point is you are not offering anyone anything. Who do you help by insulting
the author? The author? Or do you think you're protecting the world from bad
software?

BTW, here's the rule I think you're violating:

>When disagreeing, please reply to the argument instead of calling names. E.g.
"That is an idiotic thing to say; 1 + 1 is 2, not 3" can be shortened to "1 +
1 is 2, not 3."

One could argue I'm breaking the same rule in arguing with you, though...

~~~
aikah
Sorry but I have to agree with meritt here. This a SHOW HN, and the project is
not ready at all.

Even if one disegards bad architecture,the project suffers from too many
security flaws. The creators should have a look at
[http://www.phptherightway.com/](http://www.phptherightway.com/) which is
really basic guidelines for any modern PHP project.

PHP suffers from bad rep because of developpers that clearly dont know what
they are doing. They have client-side skills for sure.

But i would feel totally embarassed if someone linked to something i've made
and that would look like the source code.

I'm not saying i'm a PHP "rockstar". But there are channels where beginners
can get code reviews for free (IRC,reddit,...) before making a project
official.

They need to find a proper developper

~~~
Scottymeuk
This ^

------
justanautist
dat XSS:
[http://yournemexurl/nemex/index.php?view=%3Cscript%3Ealert%2...](http://yournemexurl/nemex/index.php?view=%3Cscript%3Ealert%28%22XSSTEST%22%29;%3C/script%3E)

Looks like it was written by designers...

~~~
yeukhon
This is ridiculous.

1) please find a better way to inform the app developer security vuln

2) please don't stereotype or discriminate designers. There are designers that
are way more conscious and way more knowledgeable about general web security
best practice than many of the HN readers here. Professional sites like Google
can have XSS. Don't be one of those ignorant thinking XSS is easy to solve. I
bet you just created a new account so you can tell the world how much you
think designers are incompetent regarding web security best practice. I bet
you are also incompetent showing your true identity.

