
NeoCities - kyledrake
http://neocities.org
======
slg
Don't use this for anything you view as important. I just checked and there is
no collision detection for usernames. You can signup for an account using any
name and your account will seemingly just replace the previous created
account. That is a big enough and obvious enough flaw that it also makes we
wonder if this is just a phishing expedition or a way to mine email addresses.

~~~
kyledrake
I just fixed it. It was a change I did last night to fix a save bug. My
apologies about that, it wasn't a good bug, but hopefully it's the last
security-related one. Probably goes without saying, but this is definitely a
beta project. I'm doing a lot of other things to protect this kind of attack
(filename scrubbing, bcrypt passwords), so I'm pretty red in the face about
how dumb this one was.

If you find any other bad bugs, please let me know (@kyledrake on Twitter)
instead of, you know, trashing other people's work. I'm finding the duplicate
sites right now and taking care of it. Thanks, and again my apologies.

This is not an email phishing expedition. I don't even require you to enter
your email address to make a site.

~~~
slg
You are right, I should have reached out to you directly with this issue. I
took the easy route and didn't put in any effort to track you down, for that I
am sorry. However, I take exception to you categorizing my post as "trashing
other people's work."

I feel that I also have a responsibility to publicize such a glaring security
hole in your site. This is the number 1 link on HN at the moment. Thousands of
people are going to be signing up. I think they have the right to know that a
bug like this exists. Like I said in my initial post, a bug this big seemed to
be a sign of a bigger problems. I had suspicions the site was malicious and at
that point my priority was to point out those suspicions to the HN community.

~~~
kyledrake
Here, I'll do one better: If anyone is concerned about the nature/security of
the site, here is the source code to NeoCities, ready for anyone to do a full
security audit: [https://github.com/kyledrake/neocities-
web](https://github.com/kyledrake/neocities-web)

Pull requests welcome!

~~~
csense
Why did you choose Ruby as the language?

~~~
thomasfl
I think it's a pure joy to read the ruby source. Allthough ruby is not fast,
it's got some of the simplest most elegant frameworks out there. Sinatra is
not much more than a router config file with some logic. Sequel is the
simplest database orm and migration tool around. And slim makes very readable
templates. All frameworks perfect for the first minimum viable product. If
this site takes off, I would perhaps pay someone to rewrite some bottlenecks
of it in java.

~~~
csense
> it's a pure joy to read the ruby source

If you like it so much, here's a copy-paste from the project for your
edification [1]:

    
    
      def new_tags=(tags_string)
        tags_string.gsub! /[^a-zA-Z0-9, ]/, ''
        tags = tags_string.split ','
        tags.collect! {|c| (c.match(/^\w+\s\w+/) || c.match(/^\w+/)).to_s }
        @new_tag_strings = tags
      end
    

I don't mean to pick on this project in particular. In fact, this project as a
whole is quite possibly the _cleanest_ Ruby code I've ever seen.

That being said, Ruby's syntax makes me want to gouge my eyes out. There's
equal signs, unquoted regular expressions, exclamation points, absolute value
bars, and at signs all over the above code. You can't even sort-of follow what
this code is doing without searching through the manual every third character.
Ruby syntax is worse than C++ and almost as bad as Perl.

Someone tried to explain Ruby syntax to me last week [2], and I'm not sure if
I understood it more, or less, as a result, because my conclusion was that
_Ruby 's syntax is so bad, the language shouldn't even be able to exist!_
I.e., there are a large number of syntactical ambiguities, so writing a parser
for it should be completely impossible!

[1] [https://github.com/kyledrake/neocities-
web/blob/933c3549264e...](https://github.com/kyledrake/neocities-
web/blob/933c3549264ee809c0e09f0af73cdd2f2236a63d/models/site.rb#L53)

[2]
[https://news.ycombinator.com/item?id=5872899](https://news.ycombinator.com/item?id=5872899)

~~~
pak
Ruby's syntax is beautiful once you've realized two things:

1\. How blocks work, and how their minimalist syntax is beautiful. You see
absolute value bars but believe me, getting used to that barebones function
syntax is a gift. (No other programming language that I know of has an
absolute value operator with vertical bars so it is not as hard as you think.)

2\. Every time you see a dot, do NOT think attribute access. Think message
sending a la Smalltalk.

Suddenly then, things like the tags.collect! line become pretty for
encapsulating a callback on one line unlike the ugly function() {} crud of
JavaScript, and things like defining a newtags= method become sensible,
because _everything_ including traditional attribute getting and setting
reduces to message passing.

~~~
whimsy
> Every time you see a dot, do NOT think attribute access. Think message
> sending a la Smalltalk.

Huh. You just rekindled my interest in learning Ruby. Learning Smalltalk was
pretty mind-expanding.

------
networked
Hi, Hax0r N3ws!

Check out my all-new website showing some _oldskool JScripting skillz_ at
[http://cd.neocities.org/](http://cd.neocities.org/). You can trick your
friends by directing them there.

P.S.: Just checked and it actually works with _Internet Exploder 6.0_ in an
_M$ Windoze 98_ VM, which I had running in VMWare Player 5.0.2 with my PC's
physical DVD drive connected. Should work as long as your Win9x or pre-SP2 XP
has WMP 7 installed.

P.P.S.: Do post here if it works for you!

------
big_lou
PEOPLE. This is clearly not intended as a business. Stop asking about the
"business model." It strikes me as just being a cool side project that enables
people to make websites. That's it.

Yeesh.

~~~
LandoCalrissian
I'm pretty sure that's exactly what it is. This is just for fun, I don't think
they are looking for VC money or anything crazy.

~~~
belorn
As someone who has a 1gb/s flat rate at home, I have thought about doing
something similar. It really isn't that expensive to have a bit of network and
a server that gives out static content.

~~~
noir_lord
Til someone puts something copyright or worse on it.

~~~
belorn
We were talking about the expenses of running the service, and not the legal
space around hosting user generated content.

The legal questions are interesting, through it highly depend on the country
and political tendencies from one year to the next. In theory, I could run
this kind of service in Sweden, and only remove content on order by a judge.
In theory. In practice, there might not be any difference between hosting user
generated content and simply having a website up hosting in ones own name.

------
workhere-io
HN is supposed to be (partly) about the joy of building stuff, and yet this
entire thread is all about people pointing out flaws, missing features and
minor annoyances instead of saying, "Good job!".

Give the guy a break and a chance to get the project off the ground.

------
jstalin
I just had to do it:

[http://jstalin.neocities.org/index.html](http://jstalin.neocities.org/index.html)

It's going to play audio if you clink the link, unless you're using click to
play

~~~
Samuel_Michon
Also, backstory:
[http://mike.winterdiamond.com/history.php](http://mike.winterdiamond.com/history.php)

~~~
darseex
You'd think he'd have learned his lesson about god-awful site design.

~~~
PavlovsCat
You'd think people would have learned that the internet is all about me, and
that I prefer content over packaging :(

------
kybernetyk
Oh man, I'm sorry for OP because of all the negativity in this thread.

I think his service is kinda cool in a twisted way and I can totally see me
building a little 'old school' homepage on it.

/edit: I did build a homepage:
[http://kybernetyk.neocities.org](http://kybernetyk.neocities.org) I feel
better now ;)

~~~
Luyt
I wonder whether this 'negativity' is really negativity, or just well-meant
criticism, testing and validating the idea, maybe even playing advocate of the
devil. From what I've seen in the past years, the HN community is unlikely to
produce a page with tons of similar 'Nice job!' postings.

~~~
cytokine_storm
Well the top post about a security flaw and the creator's superb response was
what I was looking for to confirm some kind of semi-legitimacy before I post a
link to facebook.

------
zephjc
I think people are aiming to create the original geocities experience too:
Examples:

[http://poeks.neocities.org/](http://poeks.neocities.org/)

[http://skry.neocities.org/](http://skry.neocities.org/)

[http://jeremy.neocities.org/](http://jeremy.neocities.org/)

~~~
stinky613
Haha, wow. It's like going to a civil war reenactment where everyone adhere
strictly to period customs and vernacular.

Unfortunately they forgot center tags and to capitalize all of their HTML. I
was going to say it's missing a table-based layout, but then I recalled that
the height of geocities' popularity was earlier than I remember seeing table-
based layouts everywhere.

It's really not very assuring when they state on the front page that they
"hope" they can get enough money each month so they can pay the server bills.

~~~
kyledrake
The site will very easily pay for itself with donations. It's not that
expensive to serve static HTML, especially when you are using Nginx and
sendfile.

~~~
stinky613
That wasn't really my point. It doesn't inspire confidence when the host says
"hey! put your stuff here! I'm not sure that I can pay the bills each month
but I sure hope we can. Oh--and I have no idea how this will scale."

It's all understandable. But even if it's free and even if my content is
stupid, I'd still feel a little uncomfortable because of how much doubt _the
owner_ expresses over the viability of the service.

~~~
zaius
Really, that's what all startups are doing. At least he's being honest about
it.

------
brudgers
GeoCities clipart backgrounds still available!

[http://www.geocities.com/clipart/pbi/backgrounds/](http://www.geocities.com/clipart/pbi/backgrounds/)

~~~
scottluptowski
Holy nostalgia trip

------
toni
I've hacked a little script together[1] for uploading all the files in a
directory into NeoCities. Handy if you are working on your site and want to
upload everything in one go.

Set your username and password at the beginning of the script and run it with
the path to the directory as an argument:

./neocities-uploader.php /path/to/my/site

[1] [https://github.com/pwlin/neocities-
uploader](https://github.com/pwlin/neocities-uploader)

------
ErikAugust
More fun: [http://login.neocities.org/](http://login.neocities.org/)

------
egeozcan
Let's say I like cats:
[http://egeninwebsayfasi.neocities.org/](http://egeninwebsayfasi.neocities.org/)

------
ibudiallo
I think its a nice website, don't be discouraged by the comments you get here.
HN can be awful with this, but if you parse through all the bad mouthers you
may find some gold :)

------
will_brown
It is very refreshing that a side project/start-up related post has made it to
number 1 spot on HN. And this is coming from someone who posted a Bee article
that made it to the front page today.

kyledrake if any negativity on this thread gets to you, something tells me it
will not, just ask yourself how many others have posted their side project on
HN that made it to #1, I know I have not and that is why I created this
account to begin with - to share my start-up with a start-up community.

------
mperham
Add a premium tier, even something as simple as integrated web analytics.
Donations are charity. If you want this to be a sustainable business, ask for
people to pay for value.

~~~
stinky613
I was thinking about this too. I agree that counting on donations in
sufficient quantity and regularity is like buying lotto tickets to pay your
electric bill.

And if they add a premium tier... well then that kind of kills their
differentiation, doesn't it? They're aiming for the niche of free, modest,
simple, laissez faire vis-a-vis content. When you take 'free' out of the mix
then you're in the arena of commoditized cheap hosting; inertia would be the
only reason for someone to upgrade their free account to a premium plan.

~~~
unknownian
Yep, services that are about uncensorship generally don't do paid tiers. See:
4chan, Rizon, groups that release pirated videos, etc.

------
rozap
guys i just made mine here
[http://rozap.neocities.org/index.html](http://rozap.neocities.org/index.html)
and it is best so you all can stop making them because it will fail to surpass
my creation.

------
LandoCalrissian
[http://nick.neocities.org/](http://nick.neocities.org/)

Already worth the price of admission. This is a really fun idea.

------
fragmede
Oh man, it _is_ just like the 90's: unicode usernames are not allowed. Welcome
to the past!

~~~
farinasa
I can't even put a unicode bullet on the page. Maybe I should be using double
tildes or something.

------
lotharbot
It's never too early for scams.

[http://secure.neocities.org/](http://secure.neocities.org/)

"Security page. Please enter your password here."

~~~
davorak
I see login.neocities.org is taken as well.

~~~
sirclueless
[http://signin.neocities.org/](http://signin.neocities.org/)

------
kwntm
I love the browser editor you made. Very easy to get up and running fast.
It'll be a useful tool for teaching, and also for small js projects. Fun
project- Thanks!

------
ddinh
It's definitely an awesome project, but I just don't see the advantage of
NeoCities over hosting a website on Github or BitBucket yet, especially since
those sites offer unlimited space and store all the old versions of your
website for you. Some differentiation with those services is needed - for
example, a privacy policy guaranteeing true anonymity (no IP address stored,
no cookies) or a more layperson-accessible website creator.

~~~
brennannovak
Those have significant learning curves to people who don't speak web-l337 yet.
Remember before you knew how to code? What version control was, and
documentation was scary? Angelfire & GeoCities is where I learned to code HTML

------
therandomguy
I wanted to share this with a co-worker. Asked him, "you remember geocities?".
He didn't. Because it was probably before he was born. I'm so old.

------
dj2stein9
Ah, this site was fun while it lasted
[http://fuckthensa.neocities.org/](http://fuckthensa.neocities.org/)

------
Yhippa
Don't show this one to grandma:
[http://payment.neocities.org/](http://payment.neocities.org/)

------
jgallant
[http://remy.neocities.org](http://remy.neocities.org) Don't forget the hot-
linked images.

~~~
acomjean
awesome! This century penguin gifs replace dancing hamsters!

------
leke
Great news! [http://420.neocities.org/](http://420.neocities.org/)

~~~
leke
Hmmm... Even though index.html page was overwritten, it still displays the old
index page.

Here is an updated version.

[http://420.neocities.org/index.html](http://420.neocities.org/index.html)

------
cheapsteak
What's with all the FBI seizure images?

~~~
thejacenxpress
I noticed that too haha. What's nick been up to?

------
zrail
How do you plan on keeping out spam?

~~~
talles
Ya, looks like most of the pages are garbage right now.

~~~
alanfalcon
Don't worry, Dade Murphy will clean up.

    
    
      Next, enter a password. This will be used to allow you to login. Minimum 5 characters. If you don't make it a good password, Dade Murphy from the movie Hackers will come in and steal your "garbage files".

------
mustafakidd
"We've come full circle"

I love getting old and seeing technology continually reinvent itself.

------
m-r-a-m
I think I captured the essence of my geocities/tripod/etc experience...
[http://ramige.neocities.org](http://ramige.neocities.org)

I really like this and I'll probably use it for something real.

------
numbsafari
"uncensored"

Good luck with that.

~~~
gboudrias
Just make sure you don't sleep with a girl without wearing a condom and you
should be fine.

------
deadfall
How are you moderating the content? Are you doing it yourself? Are you putting
together a flagging system? Do you need help? I am looking for another side
project to work on.

~~~
sejje
"uncensored"

------
benjamincburns
I wonder how long it'll take for Yahoo to send a C&D...

~~~
drgath
For what?

------
vyrotek
I'm guessing pointing a CNAME to this is not supported?

------
eksith
The sad thing is that now there are lots of squatters creating "under
construction" pages and the like instead of actually putting content. Trying
to emulate Geocities without actually doing so (a lot of them did have those
banners, but they also had content).

Oh well.

Here's mine : [http://eksith.neocities.org](http://eksith.neocities.org) (Also
people are forgetting, it's .org _not_ .com)

------
donohoe
My three quick contributions:

[http://qz.neocities.com/](http://qz.neocities.com/)

[http://scientists.neocities.com/](http://scientists.neocities.com/) (Back to
the Future)

[http://fometer.neocities.org/](http://fometer.neocities.org/)

I've had issues uploading CSS, JS and manifest (for offline) files - anyone
else?

------
markdown
> The file uploader will automatically scrub any characters not matching: a-z
> A-Z 0-9 _ - .

What about '<>/{};:[]=+~' ?

All of which are useful in html/css

------
cabalamat
There is a bug on your dashboard; the html for viewing a page is:

    
    
        <a href="http://meowcat.neocities.org/index.html"
        target="_blank">View <br></a>
    

Unfortunately, this means that I cannot click with the middle mouse button to
bring up the page in a new tab. Please remove the extraneous target="_blank"
code.

~~~
corin_
What browser? Middle mouse click works fine on links regardless of target in
most browsers I'm used to (certainly in FF, Chrome, IE on Windows).

~~~
cabalamat
Firefox 21 on xubuntu 12.04

------
mixedbit
Good luck with the project!

I hope we will soon see these pathetic Facebook like buttons replaced with
good old JavaScript guest counters (only half-joking).

------
delmarc
Also please send an email once the account has been made... I know i made a
page... but never received anything about it...

------
delmarc
Need a Password retrieval system and the sign up page needs a verify password
field... I already lost my password...

------
serf
I like the idea, but GeoCities left a bad taste in my mouth. What makes this
site any more maintainable than GeoCities was? The fact that it's donation
based and not at the whims of a corporate entity is reassuring, but other than
that it seems as if the footing would be even less stable. Am I wrong?

------
SteroidsLove
stevejobs.neocities.org

------
brennannovak
I am interested to see where this goes!

------
serf
I like looking through the "Browse Existing Sites" and looking at all the
emerging sites. I especially like the ambiguous "enter credit card and
expiration date" sites that are nothing but a form and submission button.

------
jneal
Decided to create something from scratch in the text editor. I must say I like
the editor. Had to include a slight ode to the fallen geo(.*)

[http://jneal.neocities.org/](http://jneal.neocities.org/)

------
return0
Hosted in the US. At least geocities didn't live long enough to make it into
prism

------
damian2000
Good luck with this. Just a minor comment on your animated favicon.ico icon
... it would look a lot better if you used a transparent colour for the
outside of the globe. Currently its white, which looks a little bit crappy.

------
j546
Has anyone actually had success maintaining a business with the donation
model?

~~~
fragmede
Hi,

You may be interested to learn about non-profits organizations, many of which
have donations as their primary source of income.

[http://en.wikipedia.org/wiki/Nonprofit_organization](http://en.wikipedia.org/wiki/Nonprofit_organization)

------
nperez
Since this takes me back to the good old days of marquee tags, I made this
fine work of art. [http://hello.neocities.org/](http://hello.neocities.org/)

------
pronoiac
Hah! I've been playing with Jekyll and Pelican and other static site
generators, and one of the thoughts I had was "if Geocities were still around,
I could host pages there."

------
rschmitty
Plays nice with [http://divshot.github.io/geo-
bootstrap/](http://divshot.github.io/geo-bootstrap/)

------
conanbatt
Reading the comments you can see instant cybersquatting.

Man i hate that -.-

------
TazeTSchnitzel
Not neocities, but a friend recently put this geocities-esque page up:

[http://cats4gold.net/](http://cats4gold.net/)

------
orangethirty
Love this. Its geocities 2.0. Now, where do I find old gifs?

 _Edit_

Found them. Check out mah page.

[http://notme.neocities.org](http://notme.neocities.org)

------
spiritplumber
This is adorable!!!!

------
andysum
This is incredible! Here's my site:
[http://andy.neocities.org](http://andy.neocities.org)

------
colbyaley
This is so awesome.

------
mmcclellan
That's funny. I searched that domain name on domize around a month ago too.
Though mine was going to be S3 and Route53 using boto.

------
callmeed
This is really cool. What's your tech stack look like? Are you using Nginx to
serve up the static files?

------
Aynatix
[http://timnova.neocities.org](http://timnova.neocities.org)

------
oakaz
How can I upload my files with CuteFTP?

------
jjp9999
Kind of funny. Looks like the first site on their examples page was seized by
the FBI.

------
songzme
wow! This is super simple to use! 10 minutes into it, I now have a splash page
of myself! [http://songz.neocities.org/](http://songz.neocities.org/)

------
senthil_rajasek
Can you add a akismet style spam filtering to kill spammy pages?

------
cabalamat
Will it be possible to upload websites using rsync?

------
bobdvb
No censoring? So what about child abuse images?

~~~
exodust
What _about_ child abuse images?

No censorship means no censorship.

It doesn't mean the provider of neocities couldn't be ordered to remove the
illegal content and hand over all details about the person who uploaded it.

"No censorship" doesn't mean criminals will be protected by neocities. It
doesn't mean that child abuse images can't be dealt with in accordance with
the law.

Remember that the internet is not classified like movies and TV. There is no
requirement to put "Rated R18+" on a website. As it should be.

All he is saying is that Neocities basically has the same censorship rules as
the internet itself. In other words, no censorship.

A murderer can turn their PC into a server and self-publish images of his
victims for all to see. They will get caught, and the server shut down, but
the point is he didn't need to go through a censorship body to get the images
published. Exactly how it should be.

------
ianb
No API? Sigh. It could be a nice backing host for a through-the-browser CMS –
a little OAuth, a little CORS, and it could work pretty nicely.

~~~
big_lou
Maybe there will be an API. The project is one month old.

------
rsync
export function ? Given the fate of the original geocities, it would seem to
be very helpful...

~~~
icebraining
File → Save Page As.

------
ForFreedom
How do you pay without adverts?

~~~
aranjedeath
[http://www.textfiles.com/thoughts/advertising.html](http://www.textfiles.com/thoughts/advertising.html)

------
vulgrin
-1 for not re-implementing <blink> tag

------
shtylman
Just use github pages.

~~~
deadfall
But there is no browsing feature which is pretty entertaining. I love seeing
all the designs and creativity.

------
rfnslyr
This thread is hilarious.

------
iframe
this reminds me GeoCities :')

------
timmillwood
_sigh_

~~~
d33d33
cool idea, but seems the server has some problems uploading (2-8kb) files? or
is that the heavy traffic? anyway, get some error messages, but files are
uploaded. savings seem to take a while...better keep your code in another
editor, too

edit: ps: internal server error

~~~
ArekDymalski
Same here. Internal Server Error. That's a huge nostalgia strike ;)

------
csomar
_There are 61054 web site spaces remaining. After that, we need your help to
get another server._

Does that mean he's running 61k sites on a single server? Even if each site
gets one single visitor per day, that 61k visitors for the Server. There is no
way the server can manage that traffic.

Sorry, but do you really want a static site? Just pay for a good one.

~~~
SomeCallMeTim
A $20/month Linode can handle 4k static pages per second on Nginx. I've heard
tell of people pumping the cheap Linode server up to 30k views/second, but I
haven't been able to break 4k.

Assuming text pages, the full 61k sites could be accessed every 15 seconds. If
the pages have nontrivial graphics, then you're (as others have mentioned) far
more likely to be bandwidth-limited. If the site has an unmetered 10Mbps
connection, then it could serve 1Mbyte per second: If each of those 61k pages
contained 1MB of data, then it would STILL be able to serve (at most) 86k
pages per day.

It's likely that most of the pages hosted will be accessed less than once a
day, though. Power law distribution of the long tail [1] and all that. And a
megabyte is a lot of data for a single web page; I would imagine that with a
10Mb limit on the entire site, it's not going to be a place to host sites with
tons of images.

[1]
[https://en.wikipedia.org/wiki/Long_Tail](https://en.wikipedia.org/wiki/Long_Tail)

