

Hackerface: Rapportive for HN - harscoat
http://hackerface.com/

======
jchung
OP (or whoever authored the app), open your manifest.json file, go to line 20,
and edit the permissions line to remove the all-domain permissions. Here are
your current permissions:

    
    
      "permissions": [ "http://news.ycombinator.com/", "http://news.ycombinator.org/", "https://news.ycombinator.com/", "https://news.ycombinator.org/", "https://*/*", "http://*/*" ],
    

FTFY:

    
    
      "permissions": [ "http://news.ycombinator.com/, "http://news.ycombinator.org/, "https://news.ycombinator.com/, "https://news.ycombinator.org/],
    

I'm not going to read through all of your js to figure out what other domains
you really need. Kudos on the idea -- I like it. Just not ideal to ship an app
to this audience with the unnecessary security nail-biter during install. Fix
and push and you should be good to go.

EDIT: Format

~~~
taskstrike
The reason it needs all permissions is that some people have their own pages
and the data is on there. So you might need permission to crawl those
secondary pages for twitter and github (?)

At least I think that's how it works. I could be wrong.

~~~
ges
That's correct.

~~~
troels
Couldn't you set up a proxy and just whitelist that? Excellent piece of work
btw.

------
terhechte
I didn't install it, even though I like the idea, because it wanted access to
'data on all websites'. I don't know whether Chrome allows more permissive
permissions (like only HN), but trust is a rare good and I wouldn't allow a
random extension to see everything I browse to.

~~~
randomchars
It does allow permissions for specific site. I'm not sure how it works it
might be needed so it can get the data from external sites.

~~~
random42
you can allow access to finite set of websites in manifest.json while
developing the chrome plugin.

------
mullr
Might want to dial back the requested permissions on the manifest, you're
asking for access to 'data on all websites' right now.

~~~
justindocanto
Agreed on this.

Also just adding a comment to test this plugin out (requires hovering over a
username)

------
ges
Gwen here, I am building hackerface. Didn't quite expect it to land here
before I do some more testing but here it is! Re. the "all permissions" thing,
it is required to circumvent the same domain origin policy since the plugin
does bunch of GET requests to external websites to find information about you.
Working on improving the results and some nice new features right now.

~~~
typpo
Thanks for the great extension! My suggestion is to move extraction to your
server, which would solve the permissions and same origin policy problems.
We'd only have to give permission for your website, and as a bonus you can
cache extraction for quicker results.

~~~
ges
Thanks! That's something i'm looking at.

------
styluss
Is it easier to develop extensions for chrome than it is for firefox? I'm a
firefox user and only find this kind of extensions for chrome. Or are all the
cool kids using chrome these days?

~~~
fingerprinter
I've developed extensions/plugins for both browsers. Chrome is way easier, but
not as powerful. Firefox is much more obtuse, but also much more powerful.

In practice, I found developing for Chrome much more enjoyable. Developing for
Chrome felt like modern development whereas developing for Firefox felt very
heavy, verbose and overall frustrating.

~~~
icebraining
When you developed for Firefox, have you tried the new Addons SDK[1]? My
understanding is that its model resembles Chrome's.

[1]: <https://addons.mozilla.org/en-US/developers/docs/sdk/latest/>

~~~
patd
I'm currently porting my Firefox extension to the new Addon SDK. It does
indeed look more like the Chrome/Safari/Opera model and makes things easier
(like restartless addons which was hard to do before in Firefox).

------
pbiggar
A good start, but I think it misses the things I like about rapportive. The
most important thing in rapportive, IMO, is that you see a picture of the
person you're responding to. That causes you to respond to a person, rather
than just a "user" or "email address" - it forces you to acknowledge the
person at the other end, and encourages empathy for them.

This should automatically tell me the person I'm responding to if possible,
and show me a picture and context then. A picture (or gravatar) next to their
username would also be cool.

~~~
ges
It does load the profile of the person you reply to automatically now (refresh
your chrome extensions page).

------
olalonde
I did something similar a while ago albeit much less complete:
[http://syskall.com/hn-crunch-greasemonkey-script-for-
hacker-...](http://syskall.com/hn-crunch-greasemonkey-script-for-hacker-news)

It adds a little picture and info bubble next to the username of HN members
who have a CrunchBase profile (I manually compiled a non-exhaustive list here:
<https://github.com/olalonde/HN-Crunch/blob/master/hn.php#L5>).

------
moeffju
The script breaks on trying to view my own profile. The error is: "Uncaught
TypeError: Cannot call method 'split' of undefined" in chrome-
extension://daljejehnbbbhjlecjgafnnfgilbkdhj/script.mini.js:32

It also affects my userstyle for the topbar. Please don't break page styles :)
Namespace your CSS.

Also, please fix your permissions as noted by jchung and others. I installed
the extension only on my Chrome Canary because I was too lazy to check the
entire JS for security problems (or malicious intent).

With some fixes however, this would be really nice to have.

------
CWIZO
When I try to lookup myself all I get is "Found HN profile..." and that's it.

~~~
citricsquid
Same problem here, although I can find your profile now. I wonder if it's
relying on an external service and it takes time to generate. Maybe my name
will work in a few minutes.

edit: oh, maybe the problem is to do with the logged in users profile is
different (inputs vs. display) and because it's fetching locally it's seeing
the edit fields?

edit edit: I think that's it! I logged out and I can fetch my profile fine.

~~~
justindocanto
Hovering over yours kills this page for me in chrome for some reason. Asks me
to kill the page or wait, every time.

------
olalonde
Any plan to open-source this?

edit: After some digging I found this non-minified version on Github:
[https://github.com/Gwendall/hackerface/blob/gh-
pages/script....](https://github.com/Gwendall/hackerface/blob/gh-
pages/script.js) No license info though...

~~~
jaddison
Looks like that link has been taken down - the repo replaced by a newly
initialized one.

------
Timothee
Very well done!

Besides the all-domain permissions which you might want to constrain a bit,
I'd also remove the button which doesn't do anything. Chrome lets me hide it,
but you could make me forego that step too.

------
fredley
It would be nice to have an easier way to view your own profile (I expected
this when I went to my profile page, but it didn't happen).

------
Xorlev
Fancy, but as you may have discovered, blind link traversal is likely to come
up with tons of really bad data. If you follow a Google Plus link, you'll
inevitably get your own Google Plus information.

The company I work for does this as an API and I know the challenges behind
it, so for a JS project, nice work!

~~~
nicolethenerd
Aha! That explains why for some users, I'm seeing them listed as having my own
e-mail address.

------
kingsley_20
When I attempted to "facebook like" this page, the preview displays "Find MSN
Hotmail Hacker, Cash Advance and more at Hackerface.com. Get the best of Debt
Consolidation or Insu...". OP might want to fix that.

------
instakill
Quite cool, but when are you planning on changing the permissions?

------
josegonzalez
You should use localstorage to cache the results of your get requests.

------
brianr
Permissions issues aside, this is really awesome. Great work!

------
yesimahuman
Super cool, great job. I know I'l be using this extensively.

------
ejpastorino
I cancelled the installation when it askedd for permission to acces "your data
on ALL websites". It would be great to limit it to news.ycombinator.com and
just the sites it really needs to access. Why is it done this way?

------
pilom
"Can access your data on all websites. Allow?"

Umm, no.

------
ryangilbert
What font did you use for the "logo"?

~~~
hornbaker
Right click > Inspect Element > font-family: Dosis

------
apoorvamehta
Really well done. Thank you!

------
jcromartie
I don't know what rapportive is. I guess I'm not cool enough to understand
this headline.

~~~
polyfractal
Rapportive is a gmail extension. It shows the profile picture and various
social profiles of the person whose email you are reading or writing to.

You can just ask a question, you know. No need for pithy one-liners about
internet coolness.

