
Show HN: Textdb.dev – simple data sharing for fun projects - bontaq
https://textdb.dev
======
bontaq
Made because I couldn't find a simple, no-sign-up service to sync a list of
names for a command line tool. And resubmitted because yesterday I goofed and
the curl commands listed didn't point to the right location, which really took
the fun out of it.

Favorite part of the project: trying out Phoenix's built in pub sub + live
view (the live view subscribes to a data/:id topic, which the api write
endpoint publishes to) to get that nice instant update on write if you have
the data open in the browser without polling.

It's also fun to see how fast it syncs multiple browser windows watching the
same data when you edit it in one window. That's not useful, but I give it 1
"neat".

~~~
chris_st
That's pretty cool! Are you doing anything like rate-limiting to prevent
abuse?

~~~
bontaq
Thanks 8), rate limiting is just the most basic of nginx configs to like, 10
requests / second / ip

~~~
sreekotay
Really simple cool! One minor thing on the IP rate limiting side.... LOTS of
mobile/cell users might end up NAT'ed behind a single IP. Just an FYI.

~~~
blisseyGo
That's a good point. How does one rate limit correctly in that case?

~~~
anderspitman
Rate limiting by data UUID might actually be pretty effective. I should add
that to patchbay.pub.

~~~
blisseyGo
That might be an issue if someone is using it to deliver lets say settings
json and multiple users try to request the file.

------
miki123211
It would be cool if it was possible to read the data not just by the ID, but
also by the hash of the ID.

That would let us serve stuff like version information and links to the latest
version, without the fear that somebody is going to reverse engineer our app
and replace the data with something malicious.

We, as the app author, would have the full key, so we could read and write,
whereas users would have nothing but the hash.

~~~
bontaq
That's a cool idea, I'd definitely like to add the ability to create a little
store with more safety, and that totally works with the goal of simplicity.
I'll give it a shot.

~~~
TedDoesntTalk
It's a cool idea, but the old anti-pattern about security through obscurity
applies.

~~~
bart__
I never really understood this argument, obscurity add an obvious layer of
protection, not impenetrable of course, but still valid. Why is this different
than an API key for example?

~~~
gregmac
If compromised, you can change an API key. The key is like a password, and
keeping that secret is important.

Where the "obscurity" aspect comes in, as an example, can be through the
mechanism used to generate and validate that key.

Let's say you decide you don't want to or can't store the keys, and don't want
a full pki system (public/private keys or certificates), so go with:
sha256(clientid + userid + "hardcoded secret"). Your security now 100% relies
on no one knowing that algorithm. If someone figures it out, you need to
release a new version of your software, invalidate ALL API keys, and for that
effort you still haven't done anything to prevent the same thing happening
again.

A good test of this is: if someone has your source code, can they break your
security mechanism? If yes, you're probably relying on security though
obscurity. By contrast, if you're using asymmetric encryption to generate
keys, it doesn't matter if someone knows that: if they don't have the private
key, they can't do anything. (This leaves aside the issue of storing your
private key or other secrets in source code, but I'd describe that as an
operational failure rather than a fundamental design problem).

~~~
Chickenosaurus
If a cryptographic hash function is used, the security of this scheme doesn't
rely on keeping the algorithm secret, though. Therefore, it's not security
through obscurity. Of course, weaknesses could still exist (e. g. a too small
input space because the ID that is hashed has too little entropy).

------
josefrichter
Whoever made this, I love you. I do a lot of prototyping in Framer, and this
just make simple prototypes that communicate with one another hell of a lot
easier!

~~~
StavrosK
You may also like this super simple MQ I wrote a while ago:

[https://www.stavros.io/posts/messaging-for-your-
things/](https://www.stavros.io/posts/messaging-for-your-things/)

~~~
canada_dry
+1

A handy substitute for mqtt since it doesn't allow a simple http get/post
method to set and query keys - something very useful with iot _stuff_!

------
bontaq
I see some of you are realizing that I haven't enforced any data url to be a
UUID, good on you. I hope it opens up new neat things like
[https://textdb.dev/data/hello-hackernews](https://textdb.dev/data/hello-
hackernews) or more creative ideas.

~~~
ASVVVAD
That's awesome! I was wondering if I had to go to
[https://textdb.dev](https://textdb.dev) using the browser to get an ID x)

~~~
bontaq
Nah it just gives you a more secret id, I'm happy to support people talking
about apples at
[https://textdb.dev/data/apples](https://textdb.dev/data/apples)

------
redm
I really like simple tools like this. Well done; I can see lots of uses for
this, especially with the Serverless/Jamstack surge.

I love the idea of Hashing and read/write keys mentioned in this comment:
[https://news.ycombinator.com/user?id=miki123211](https://news.ycombinator.com/user?id=miki123211)

I also like the idea of batch requests so you can pul multiple keys at once,
or set multiple keys at once. It seems better for everyone.

My only concern is that a small portion of users will undoubtedly try to abuse
this with high volumes or large objects, or both.

Have you published any limits on value key size, value size, read/write limits
for keys etc? It might be worth thinking about now before you have to shutdown
users or shutdown the service due to cost.

Congrats again!

~~~
bontaq
Thanks! So far the limits are about 500Kb, which is more than enough for what
this service is intended for.

The setting of multiple keys I'd have to think about, as it's already so easy
to acquire multiple keys -- ie I don't think I'd be saving or making anything
much faster by special handling for it. Pulling multiple keys is likewise,
you're free to do it in an async all.

------
ximm
This seems to be in a similar spirit to
[https://patchbay.pub/](https://patchbay.pub/).

I love these small services, but I still don't have an idea how they can be
scaled up: If you want to use them for anything serious you probably have to
prevent abuse and comply to all kinds of regulations.

~~~
anderspitman
I didn't design patchbay to scale. I think of it more as a hammer, or maybe a
Swiss army knife. Things can be useful without scaling.

------
berkas1
Hi, is the source code available? :)

BTW, the front page's HTML seems to have a <head> and <body> inside another
<body>.

~~~
bontaq
Sure, I just made it public over here:
[https://github.com/bontaq/textdb](https://github.com/bontaq/textdb)

Yeah I'm not sure why it's doing that, v annoying though

~~~
cocktailpeanuts
probably you have a layout bug. it's wrapping a layout within a layout.

~~~
bontaq
Yep that was it, ty, it should be fixed now

------
jwarren
I think this is really nice and smart. I would suggest left-aligning the text
in the edit/view mode for a few reasons:

1) It's a bit easier to read for longer text sources 2) It makes
writing/reading JSON/YAML/other data sources _much_ easier 3) lists are much
easier to parse

~~~
bontaq
I have added an option in the data view to customize text alignment, thanks
for the good idea

------
abathur
I'd already been pondering the paperclip-machine universe that could be
created by a Twitter bot that just pipes tweets to bash and posts the output.

Now it could just trawl Twitter for addresses at
[https://textdb.dev](https://textdb.dev), and throw the contents through bash,
post the result back to textdb, and tweet a new link... :]

~~~
lou1306
I'm pretty sure you could build a Turing machine with textdb as tape and a
Twitter bot as the tape head.

------
TedDoesntTalk
What language is this? I visited
[https://www.phoenixframework.org/](https://www.phoenixframework.org/) and
even watched a few minutes of a video but there's no mention of the
programming language. I suppose the language is called Phoenix?

~~~
detaro
It's Elixir.

~~~
TedDoesntTalk
huh. I would have thought
[https://www.phoenixframework.org/](https://www.phoenixframework.org/) would
mention Elixir then.

~~~
detaro
It does in a few places, not very obvious though, especially if you might not
know that "Elixir" is a programming language, agreed.

------
webmaven
Very cool! Do you have any sort of dashboard displaying stats for the service?
Simple totals would be interesting, of course (size, # of buckets, # of edits,
etc.), but I'd find histograms of edits etc. per bucket particularly
fascinating.

~~~
bontaq
I don't yet, but let me get back to you in a couple days. I think it'd be
interesting to all.

~~~
webmaven
_ping_

------
gmemstr
Is there an upper limit to the amount of data that can be stored on an
endpoint?

~~~
bontaq
There currently isn't, but it is intended for small amounts of data. Today or
tomorrow I'll probably put a cap at 500Kb or so, which is still a heckload of
data.

------
mkoryak
Can you add a link to your GitHub from the website?

I usually star things instead of bookmarking and others probably do too.

~~~
NetOpWibby
[https://github.com/bontaq/textdb](https://github.com/bontaq/textdb)

------
rendall
Is there a maximum file size limit?

~~~
rendall
This was answered here:
[https://news.ycombinator.com/item?id=23949917](https://news.ycombinator.com/item?id=23949917)

"There currently isn't, but it is intended for small amounts of data. Today or
tomorrow I'll probably put a cap at 500Kb or so, which is still a heckload of
data."

------
mhass
Very cool. Are you using just cowboy as a server or do you have nginx/Apache
in front?

~~~
bontaq
nginx is in front, but it's just doing a proxy and setting some headers, so
effectively cowboy's serving everything.

So far it's doing a great job too, CPU is at 2%, 1Gb free ram of the 4Gb
available, and a pretty constant 1Mbps outward, on the 20$/m digital ocean
droplet. I may have jinxed it by saying this though.

~~~
WrtCdEvrydy
This is fancy...

------
tannercollin
Great work! I wrote something similar at:

[https://reg.t0.vc](https://reg.t0.vc)

It's useful if you set up bash aliases like "push" and "pull" so you can
quickly move snippets of text across servers.

------
spery
Manually editing data has a bug. If you click cancel it will still update the
value.

~~~
bontaq
Thank you, fixed

------
unixfox
Alternative service except there is no live update:
[https://jsonbox.io/](https://jsonbox.io/)

------
jrott
Thank you for making this it's super handy.

------
WA
What’s the purpose of the read-only link if it has the same UUID?

~~~
bontaq
I just built it without a backfill, new data should have a full read-only hash
-- I'll try to backfill the data tomorrow

------
ximm
The HTML of the frontend is messed up (<head> is duplicated)

~~~
bontaq
Should be fixed now 8)

------
erezsh
Cool idea, nice implementation. But man, fix your README.md!

------
josefrichter
One more question: Does the data expire?

~~~
bontaq
Nope, especially seeing the current usage / data size I think it's perfectly
fine to hang around forever. I may eventually implement something to clean up
data with no reads for > 1 month, but again so far it looks fine to leave
things around.

------
known
Similar service [https://u.instacrypt.me/](https://u.instacrypt.me/)

~~~
mkoryak
No, it's not.

Your link is a message service that self destructs.

OPs link is a storage service

