
Weblog.sh – hosted blogging from the command-line - mrzool
https://weblog.sh/
======
zx2c4
Another service using pathetic password hashing:

[https://github.com/hmngwy/weblog.sh/blob/master/lib/ssh/exec...](https://github.com/hmngwy/weblog.sh/blob/master/lib/ssh/exec.js#L231)

    
    
          else if(command[0] === 'password') {
    
            if(args.length===0) {
              stream.write('→ You need to specify a password.\n\r');
              stream.end();
              return;
            }
    
            var hash = require('sha256');
            var payload = args;
            var salt = schemas.randomString(32);
    
            userMeta.user.hash = hash(payload + salt);
            userMeta.user.salt = salt;
            userMeta.user.token = schemas.randomString(64);
    
            stream.write('… Saving new password'+LB);
            userMeta.user.save(function(err, saved){
              if(err){
                stream.write('→ Password update failed.'+LB);
              }
    
              var response = [];
              response.push("→ password for "+saved.username+" updated"+LB);
    
              stream.write(response.join(LB));
              stream.exit(0);
              stream.end();
    
            });
    
          }

~~~
vruiz
"pathetic" is a bit harsh. Yes, one should be using b/scrypt nowadays but at
least he's using salt and sha256 it's not md5. It could be better, but it
could also be much worse.

~~~
iancarroll
sha256 is not "better" than MD5 for password hashing; they're both incredibly
fast to brute force and both not meant for password hashing. bcrypt/scrypt,
configured correctly, are _much_ slower and _much_ more secure.

------
geocar
OSX user; registered as myself.

First impressions are not good.

• scp very slow; doesn't work

• vim scp:// doesn't work

• emacs tramp[1] definitely doesn't work (scpx says invalid command; ssh, scp
and sftp methods say "EDITOR SOON")

I noticed you're using ssh2js[2], but not using its built-in features for
getting the public key from the client.

I think this would make a much better experience than asking for a password
(that you don't echo, don't confirm, and annoyingly don't reset the terminal
state afterwards).

I also think you should look at getting the sftp subsystem working as it is
simpler and much more reliable than scp.

I hope you fix these things because I'd like to try it again.

[1]:
[http://www.emacswiki.org/emacs/TrampMode](http://www.emacswiki.org/emacs/TrampMode)

[2]: [https://github.com/mscdex/ssh2](https://github.com/mscdex/ssh2)

~~~
voltagex_
You might want to raise issues for these:
[https://github.com/hmngwy/weblog.sh](https://github.com/hmngwy/weblog.sh)

I don't know why they don't like to that from the front page.

------
voltagex_
>At the time of writing we are spending around $15 a month to keep the service
up. If 75 people donated 5 cents a week, we'd be sustainable. - 27/10/15

And yet I'm pessimistic it'll get that funding. I just don't know if it's
possible to make money writing software like this.

~~~
e12e
It would probably make more sense, and be more likely to get 15 people to
donate $10 a year (as a one-time donation, with a new 15 people donating $10
the next).

I'm also rather pessimistic about "making money" like this.

You'd have to sell a service for that to make any kind of sense. Target a
minimum of, say, 10$ user/year, or user/month (yes, those are two wildly
different prices, and two somewhat different level of "perceived value" you'd
need to provide).

Micropayments only make sense at massive scale - and you won't have that
starting out. If you cant build up to 10.000 users paying 10/year, you could
probably sustain a developer. Just make sure that doesn't generate work for 30
support staff. But "breaking even" (we won't have to stop because we're
burning money on hosting) is different from "making money".

It's probably a good idea to one, or the other. Not something in the middle.

Major caveat: I've only thought about pricing models, never found the
opportunity to try them out in practice.

~~~
voltagex_
Watch what happens over the next few months to PushBullet - they've learnt the
hard way that pricing is serious business. They had a base of users who were
used to a free product, then they tried to bring in a $40/year plan with no
middle ground.

[https://blog.pushbullet.com/2015/11/17/introducing-
pushbulle...](https://blog.pushbullet.com/2015/11/17/introducing-pushbullet-
pro/)

[https://www.reddit.com/r/PushBullet/comments/3t5ogz/introduc...](https://www.reddit.com/r/PushBullet/comments/3t5ogz/introducing_pushbullet_pro/)

------
crazydiamond
Tried it out. I keep `scp`ing a file, or editing it using `vim scp`, but on
browsing or publishing, I get an "Article does not exist".

~~~
OJFord
Me too. I love the idea though - I'll be back and donating if it improves.

------
carlesfe
Nice idea, I love it!

If you want a similar solution, but self-hosted, here's another commandline
blogging system contained in a single bash script:
[https://github.com/cfenollosa/bashblog](https://github.com/cfenollosa/bashblog)

~~~
neoeldex
This can be self hosted, not very nice to plug yourself like this.

------
axx
It would be neat to have different layouts to choose from (maybe similar to
jekyll with a "layout: xyz" parameter).

Besides that i really like the idea. Reminds me a little of the old-style BBS
communities. Even though i understand that people need to make money, a
project like this would gain much more from being open source. It would give
more people the possibility to run a service like this and everyone would
profit from further developments.

But that's up to you, and i'm absolutely fine with people making money from
webservices! :)

~~~
capitalsigma
This is open source, I have no idea what you're talking about:
[https://github.com/hmngwy/weblog.sh](https://github.com/hmngwy/weblog.sh)

~~~
axx
Oh, my mistake. Even better!

------
joelennon
Really like the concept. Hopefully you can work out the issues raised by
others, can't wait to see where this goes. Consider your current costs
covered.

------
tscosj
Wow, impressed by the platform. Posted the first draft from mobile, and it's
totally insane. One thing, the name sunsed is a bit messy to start with.

~~~
ne01
You just made my day! Thanks!! :) Yes, you are right the name SunSed is a
tricky name to start with specially for the sake of SEO. I also hope one day
autocorrect systems do not change SunSed to SunSet. By the way, it stands for:
SUN Shines Every Day. At least it's 6 letters and almost easy to remember.

~~~
capitalsigma
Why are you replying to comments about the link, not directed at you?

------
kaosjester
And there isn't a password reset option or password confirmation. Hope you
typed it right!

~~~
desireco42
Password is there just to let you upload certificate, hopefully you will not
use it

------
ilurk
I haven't tested it yet but this looks great! I was kind of looking for
something like this.

I'll give it a try in a week or so. Hopefully the problems will be fixed.

IMO the only thing missing is the ability to tag your entries. Maybe the site
could parse a markdown tag entry in the file. Something like:

# _tags_ #

programming

c++

network

------
Heqx
I think it'd be responsible to recommend generating a new key pair
specifically for this platform. Disregarding that, I think this is really
cool.

------
desireco42
This is similar to tilde, which is awesome idea. It should have some community
aspect to be succesful.

~~~
Fastidious
Can you elaborate more about tilde? Is there a webpage?

~~~
parennoob
[http://tilde.club/](http://tilde.club/), but they have a waitlist right now.

------
ne01
As someone who has spent the past two years and planning to spend at least the
next 5 years creating the best Blogging platform (SunSed.com) I have to admit
this idea is simple, refreshing and brilliant! I had a similar idea called
textBlock killed it in favor of SunSed. +1 for this project!

~~~
Andrenid
Signed up to try your site out. When I create my first blog, there's a typo,
just so you know:

> Choose your new bolg's template

~~~
ne01
Thanks! :)

------
apexkid
How to provide a key? Sorry I am noob please help.!

~~~
neoeldex
probably ssh-copy-id (I didn't test this though)

------
bresc
This is really awesome! I love it.

------
feld
This is totally going to pollute the search of the term "web logs"

~~~
pipeep
The term blog is derived from the concatenation of "web log".

~~~
feld
yes, and "blog" is a distinct term from "web log".

