

WebSocket whiteboard with chat - bcardarella
http://184.106.155.145/ws.html
Just something I built to play around with the tech. Its using EventMachine for the server. Because its only using WebSockets and a more abstract layer like Socket.IO it will only work in Chrome / Safari. (or if you have WebSockets enabled in FireFox but I didn't test it)<p>The board will auto-clear every 5 minutes.<p>Have fun!
======
yahelc
Wow, so, I might have shut down the whole room by typing in the chat
<script>window.close();</script> That room is a giant XSS disaster waiting to
happen.

~~~
bcardarella
Yeah, I fixed that. It was just a weekend hack. I think the Goatse guy forced
my hand

~~~
yahelc
Thanks for fixing it, and sorry about the window.close() thing :P Very cool;
its mind-blowing how simple the code is. Can you post some of the server-side
code?

~~~
bcardarella
Don't worry about it. It was pretty funny.

I'm going to probably release a NodeJS/Socket.IO version then do a blog post
comparing the two and release all of the source code. Should have the Node one
up in a day or two.

------
PHPAdam
Its not working for me Brian, which is a shame as I was going to draw some
male genitalia.

~~~
bcardarella
Only works with WebSocket browsers. You'll need Chrome or Safari

~~~
demodifier
Nice hack. In case you are using Node.js in the back end, you might want to
check out socket.io. Provides Websocket support as well fall back transports
for browsers that don't support WS.

~~~
bcardarella
I'm using EventMachine with em-websocket for the backend. I might convert it
to Node w/ Socket.IO to see if there is a performance difference.

------
BuddhaSource
Really nice to interact live with strangers like this! I always thought HN
guys were a bit more matured, it was funny to see every other 2nd doodle was
of a dick!

------
eik3_de
Nice alternative: <http://mrdoob.com/125/Multiuser_Sketchpad_HTML5>

------
bcardarella
Looks like 40 concurrent users is the max. Process crashed but its back up now

~~~
kvdr
Can you spawn a new whiteboard when more than 40 users join?

~~~
bcardarella
The error was due to a bad string message not parsing properly. I fixed it in
the client and should be fine for new users now.

But performance gets pretty crappy at about 40 concurrent users anyway. :p

------
cookiecaper
Firefox 4 Beta 8+ users can enable websockets by toggling
network.websocket.override-security-block in about:config. It still doesn't
work in the latest nightly, though, as I can't draw anything.

Websockets were disabled in Firefox 4b8+ because of supposed security problems
in the protocol.

------
bcardarella
I just removed logging, which was causing the process to block so it could
write to STDOUT. That should increase performance with tons of users.

~~~
xutopia
I see you are a Rails dev. I imagine in the backend it's something more than a
Rails app. What's your stack like?

~~~
bcardarella
I'm using EventMachine with em-websocket. But I might rewrite it in NodeJS to
give that try with Socket.IO

------
mtinkerhess
Pretty cool. It'd be nice if you could change your color -- I was yellow and
that was hard to see.

~~~
bcardarella
The colors are assigned based upon a mod of your SID. So just refresh the page
if you want a different color

------
stewsnooze
This is cool. However the HN crowd seem to be just drawing deformed penis pics
on it.

------
sciolistse
you might want to escape those text messages.

~~~
bcardarella
Yeah I know, I was eating lunch when it went crazy

------
sfphotoarts
Doesn't work for me Chrome 9.0.597.98 beta on Ubuntu :( Possibly because all
HTTP traffic has to go through a proxy server, the company block all outbound
traffic, and require a proxy server.

~~~
bcardarella
The websocket is also on port 8080 so that could be an issue

------
delano
I took a quick look. It's a cool demo but it's inappropriate to link to it
here when there are obvious XSS issues.

------
yardie
Cool. only one wiener on the whiteboard now. I can see this descend into chaos
in a few hours.

------
laskito
Whiteboard doesn't work very well with trackpads...

------
bcardarella
XSS fixed (I hope)

------
nor-and-or-not
3 letters: XSS

~~~
bcardarella
yeah, it was pretty hackish not to plug that. But it should be plugged now

------
s_m
That's awesome – nice work.

------
tybris
ok, that's kind of cool. Thanks for fixing the XSS.

------
Vivtek
Fun!

------
robwgibbons
So fun drawing trollfaces

