
Show HN: Shortly, a serverless pastebin - lucaspiller
http://lucaspiller.github.com/shortly/#TVO7jtwwDOz9FQSuSLPwLoIgRboAFyQHpMqjSClLtCWsJBoitc7+fShp75BOGJPDmSH901OReIfAYICx3LBEZIbdsOAScseCxRm+6Ke7+JA38GbfMTNQBvEINgbMAhwcnsBk10FnxDRWFiroIIzS3z++z9P09ATf6IAgcFC58jQ9P4otpb3oeG2o3CZ1JlyjEQQTNypBfDo1OMNiGD9+AMyWnDYI6ZNrwcZrjX7H1+FsVmwes3psCuBF2rTOwihg+huOkB0dcyRrJFCevWEPtA6PtZRmcjcbqoPnsK7YgaXQoRmxhnJTrW94DCkIv7YLiYltNkTMm/gTeDpQEwVTqGpk7y+XC1hvirHS2BgxcfOkLhpBQc0mYXYPO5DM35BqmuGz9IJEqY3VZ0uAXwWr7Uxjaz2glYodjF3gfzp0Otor19RvwT0i7aDWG90VwtbCivFtwZrEH6qq5T50hnwdWzNdCTfdWn+HSArXEpVZ5elyAnPVa1mqjOrA+d0wYnWtM/xClka1BJm1v1/VbEl3JP5B3enaAanSBlOVQcszNFWWanSg5nILdhxgUk9qQkNq10DF6UNdOlU5qJtQxbq5eZzqVzX9km8Ub+imyYvs/Ol83rS6LiopnWNVzXuIEcuZx//0Dw==9
======
lucaspiller
Inspired by ZeroBin I started to wonder whether you could create a pastebin
service with no server side component. Shortly (yeah I'm not really sure what
is with the name) is the result of that.

Data is compressed using the deflate algorithm, then base64 encoded to ensure
it can be stored safely in a URL. It is then set as the window.location.hash
of the current page. Testing with various URL shorteners has shown that they
don't care about long URLs generated by this. I still need to add checks to
ensure that the URL isn't too long (I'm looking at you IE), but as a quick
proof-of-concept I'm happy with what I've come up with. I'm wondering whether
the same idea could be used to share data in other formats...

~~~
alecperkins
I use the same method for share links in <http://padhacker.net>, a server-less
JSFiddle-type of tool. The data is just JSON, but I've been toying with adding
arbitrary binary files. The link fragments explode with even small images.
Some sort of chunking might be able to address this, with part of the fragment
pointing to the next short URL in the series. (I recall seeing a project on
top of bit.ly doing exactly this, but can't seem to find it.)

------
johtso
Someone made a service like this last year (<http://hashify.me>).

HN submission: <http://news.ycombinator.com/item?id=2464213>

------
nigma
In the same vein, <http://hashify.me/> stores markdown documents in URL and
uses bitly for "persistence". Previous discussion here
<http://news.ycombinator.com/item?id=3407197/>

------
lsiebert
Hashify.me lets you store an entire webpage in a url. As I recall it links
bitly addresses. This lets you store up to 22500 characters.

Now you combine that with this in a bookmarklet / plugin. Add some obfuscation
so bitly or whatever url shortener you use has a hard time detecting you and
so the wrong anchor or no anchor shows an innocuous page.

Now the host isn't aware of the existence of the data nor is the encryption
being done using server side code.

I am of course probably missing a huge flaw, so someone tell me why this won't
work and how to fix it.

------
est
why not sending this directly?

<http://en.wikipedia.org/wiki/Data_URI_scheme>

    
    
        data:text/html;charset=utf-8,Hi HN

~~~
JoshTriplett
<http://caniuse.com/#feat=datauri>

~~~
lucaspiller
datauri encoded would be larger (this is deflated before being based64
encoded), and the formatting for the docuent needs to be encoded within the
URL where as this doesn't. Plus it doesn't make a cool HN story :P

------
zitterbewegung
Hrm, if you add a link shortening service you can host the pastebin
<http://bit.ly/IcBhvN>

------
TazeTSchnitzel
Well that was disappointing. I was hoping for a distributed P2P object store.

------
SeoxyS
I'm being pedantic, but this is not a server-less pastebin. A server must
still serve the HTML page and the javascript used to decode its content.

A truly server-less pastebin would use the `data:` URL scheme to encode the
html & js script boilerplate in addition to its content.

~~~
TeMPOraL
Well yes, and no. All paste data is stored in the URL, and the algorithm for
encoding/decoding is known[1]. Github-hosted tool provides only the default
implementation.

You're right, data: would be more pure, but AFAIR it has some limitations.

[1] - <https://github.com/lucaspiller/shortly>

------
replax
Nice service, I like the idea very much.

One problem I noticed with it though: It does not work correctly with Japanese
text. I can input & "save" Japanese, but upon opening that link the text will
not be displayed correctly.

~~~
TazeTSchnitzel
JavaScript's stuck with UTF-16, so apps assuming bytes not shorts will mangle
text.

------
vessenes
This is cool!

I think you should implement the hash-based encryption key support from
Zerobin, though. That way you could send around the message or the message and
the key, as you choose.

------
xiaomei
This could be extended by adding file upload support. What impact would this
have under a SOPA-world?

------
aba_sababa
Sweet hack. Would be cool if there was a way to make it secure as well...

~~~
kijin
What kind of security risk do you have in mind?

~~~
wavephorm
Take a look at this:

<http://www.vincentcheung.ca/jsencryption/>

A lot of ciphers have been ported to JavaScript now:

<http://code.google.com/p/crypto-js/>

~~~
Ralith
And what benefit do you imagine that conferring?

~~~
wavephorm
By encrypting the data before turning into a URL neither the server, nor
anyone who obtains that URL would be able to read the message without knowing
the password.

~~~
prurigro
Kinda like how ezcrypt works? <https://ezcrypt.it/>

~~~
lucaspiller
As I understand it this is exactly how Zerobin works. The server stores the
encrypted data, and the key is passed in the URL only.

------
_quasimodo
so, basically you are abusing link shorteners for data storage :)

i would like something like this for binary data, with the option to specify a
filename, as that is something the data url scheme does not provide.

~~~
NameNickHN
I'm running several URL shorteners and I don't mind.

