

Ask HN: What do you think of my group chat app? - nodnarb
http://yamr.net/

======
tptacek
The "user" cookie contains a base64'd username, the JSON responses include an
echoed User-Agent, and I can rotate the "roomids" parameter to retrieve
message logs from arbitrary rooms. Does security matter for this app?

~~~
nodnarb
Sorry, it's not really meant to be a secure chat. It's catered to people who
don't want to signup or install anything. Who just want to go to a link and
start chatting.

~~~
rincewind
Do you mean you can't have both?

~~~
tptacek
I'm not sure what combination of features you'd want to give up in order to
make the logs of a free web chat secure.

Still, it'd be worth putting up a notice somewhere that users can't expect
privacy from this site.

------
manvsmachine
I think that if this is intended to be anything more than a toy project, you
should change the name (<http://www.yammer.com>). Otherwise, nice job.

------
arnorhs
Great stuff

\- I love the signup "process" :)

\- I like the /anychatroom feature

\- I like the persistant nature of the chats

\- It's interface is amazingly simple/quirky - I love it

\- personally i don't care about security, as long as this is intended for
OPEN chats and chatrooms (twitter-esque) .. not some private closed sessions
between you and your secret lover...

cons

\- manvsmachine is right about the domain name.. could confuse some users

Idea

\- i don't know how long backwards you have the conversations open .. that
is.. can I scroll back and check what John was saying a few months ago? If so:
excellent! Then a permalink as in <http://yamr.net/chatroom#388332> as an url
to every single line of chat would be totally awesome

Good luck with this project!! I think it rocks

~~~
arnorhs
\- one extra downside: 10 second refresh-rate in a live conversation is very
long... I'd try to go down to at least 4-5 seconds (maybe at least for
registered users)

~~~
nodnarb
I like both ideas of perm-linking to a specific post and bringing the refresh
rate down for registered users. I'll see what I can do :)

------
pclark
paging axod to this thread. Am sure there is some form of collaboration
possible for web chat stuff.

few thoughts:

great signup form

the uploader squashed my non-square picture to a square :(

Privacy Policy. Especially if you're dealing with uploads and chat logs.

------
avibryant
Nice and lightweight, but useless (to me) if not secure. The latency is also
quite bad at the moment (10 seconds or so between me writing "ping" and seeing
"ack" from someone else in the room), but maybe that's due to heavy load right
now?

------
ruslan
Welcome to 1988. There are dozens of Web based front-ends to IRC available,
just install one and customize a little to meet web 2.0 "standards" and you
get all the millions of IRC users at your feet :-).

~~~
axod
I wouldn't say there are _dozens_ ;)

------
axod
Looks like a good start :) Wonder how you're planning to get users...

I got them by leveraging IRC, Campfire got them by having a popular blog to
sell to.

~~~
tptacek
Nobody in my company (there's quite a few of us) gives a shit about the SvN
blog; we use Campfire because it works, it's private, it has strong access
control, great searchable transcripts, and file upload/download.

I've ragged on 37s here before, and I don't like being put in the position of
sticking up for them, but I really think this meme about how 37s sells
everything because of their "popular blog" is getting stale. Obviously, the
blog helps them, but it doesn't hurt that they know what they're doing.

~~~
axod
OK, But in that case how did you find out about campfire? If it wasn't for
their blog posts making it here and Reddit, I probably would never found it.

------
trevorturk
Very cool! I think you could have a free service with an up-sell (more than 2
people, private rooms, etc) that made sense. Depending on how much it costs
for you to run the free site, I guess.

Is there a blog or somewhere to follow development?

~~~
nodnarb
No blog currently, just the front page for updates

------
tontoa4
I like the simplicity. Good job. Keep up the good work.

------
avibryant
One killer feature from Campfire that I would request is that when pasting an
image URL, the image gets inlined into the chat.

~~~
nodnarb
The only problem with this, is because the chat rooms are pretty open, porn
can be posted, making the site not safe for work.

~~~
rs
Moreover lets not forget XSS as well. Need to be careful.

Think if you're going to post an image URL, server will need to do some
validation that its an actual image and then spit it inline

------
run4yourlives
Not a bad little app, really. Nice job.

------
joshuarr
Users need to be able to set a handle.

------
chavarria
how do i hack a myspace account

