
“Oh By” Is the Universal Shortener - rsync
https://0x.co/index.html
======
smt88
Don't use this or any other URL shortener for any reason. It degrades online
security[1], creates a bad UX, and breaks the web[2].

If you insist on using one, use one that is owned and maintained by a massive,
stable company, like Google[3]. Smaller services, with no culpable business
behind them, tend to die off[4][5].

1\.
[https://www.schneier.com/blog/archives/2016/04/security_risk...](https://www.schneier.com/blog/archives/2016/04/security_risks_11.html)

2\. [https://t37.net/why-link-shorteners-harm-your-readers-and-
de...](https://t37.net/why-link-shorteners-harm-your-readers-and-destroy-the-
web.html)

3\. [https://goo.gl](https://goo.gl)

4\. [http://www.webpronews.com/study-claims-61-of-url-
shorteners-...](http://www.webpronews.com/study-claims-61-of-url-shorteners-
are-dead-2012-05/)

5\. [https://bit.do/list-of-url-shorteners.php](https://bit.do/list-of-url-
shorteners.php)

~~~
rsync
Hi - a few things...

First, URL shortening is not what this tool is for.

It _will_ function as a URL shortener if you put in a URL and _tell it to_ ,
but again - that's not what it was built for.

Second, I tend to agree with the notion that URL shorteners are "bad for the
web". So, since we happen to have a (secondary) URL shortening function, I did
two things:

1\. Made a commitment with actual resources to keep 0x.co running
_forever_.[1]

2\. Had a short discussion with my friend Jason Scott[2][3] about giving
Internet Archive and Archive Team an easy port for download/archiving. In our
conversation he reiterated his (well known) position that URL shorteners are
bad in general, but less terrible if there is a published (and maintained)
spec for data exfiltration.

But _again_ ... URL shortening is NOT what this tool is for.

[1] simple, lightweight pages combined with massive, leftover rsync.net
bandwidth/hosting resources make this trivial.

[2]
[https://en.wikipedia.org/wiki/Jason_Scott](https://en.wikipedia.org/wiki/Jason_Scott)

[3] [http://ascii.textfiles.com/](http://ascii.textfiles.com/)

~~~
hga
Yes, this is _not_ a URL shortener per se, although it can obviously be used
as such.

Sad story, but I worked for a company named Netword exactly two decades ago
that was going to do this in a big way, even got one of the major SV
investment firms, Hambrecht & Quist, very interested (and their in with
Netscape, who they helped take public, would have been important), as in, we
launched, and they came to us....

But it was killed by devil investors who due to previous resource
misallocations and bad risk management (MPV, MPV, MVP!!!) had gotten their
hooks into the company about the time I started there. Weird and nasty
denouncement, 13 of us resigned in masse one day from our lawyer's office, we
had to fight to get our last paychecks (something state government enforcement
agencies have no humor about at all), etc. etc.

It a very good idea, I think, and who knows, maybe it's time has come. Mr.
rsync (who I'm a very happy customer of ([http://www.ancell-
ent.com/1715_Rex_Ave_127B_Joplin/images/](http://www.ancell-
ent.com/1715_Rex_Ave_127B_Joplin/images/) )), you're welcome to drop me an
email check my info) for what we figured out in that effort.

Note that we were going to do "Networds(TM)", as in "Intel annual report",
obviously one thing that made this less important was the increasing quality
of search engines. This isn't quite the same thing....

~~~
rsync
First of all, thanks for being our customer (at rsync.net, that is).

Yes, I'll email to hear your story - it would be interesting.

I think the key to what I'm trying to do here is keeping the product, and the
interface, extremely stripped down and simple - which causes costs to drop
dramatically (in terms of hosting, bandwidth, server costs, etc.).

Not having any advertisements or tracking or third party hooks, etc., makes
that much easier - and makes for a much nicer product. The revenue model is
selling custom codes, so _you are not the product_. The codes are.

~~~
hga
_The revenue model is selling custom codes,_ so you are not the product _. The
codes are._

That, BTW, was the business model of Netword, and in those gold rush days it
worked very well. Today, resources are so cheap it ought to work as well, even
if it doesn't really take off.

And you're welcome, and again, thanks for saving my email etc. from a
tornado....

------
geofft
How should someone unfamiliar with Oh By realize that the string "0x7DBZ3G" is
a thing they can look up? Is your plan to get sufficient popularity that
people will recognize them like they recognize URLs?

IIRC, the "Visit us on the World Wide Web at aitch tee tee pee colon slash
slash" days lasted quite a while. (Not to mention the "colon backslash
backslash" days.) I don't think I can just write "0x7DBZ3G" today (but maybe
in a few years!); I'd have to write some reference to
[http://0x.co/](http://0x.co/).

~~~
rsync
"Is your plan to get sufficient popularity that people will recognize them
like they recognize URLs?"

Yes, that is indeed the plan, and yes, that will be a challenge.

That's why we chose that domain name and that sort-of-phonetical-mouthing of
it ...

------
bunni
Don't think of this as a url shortener, my use case would be something like
pastebin or gist but with free private anonymous pastes. It also took me all
of 2 minutes to get a python implementation working with the API. One
suggestion, when I look up the codes if I include the 0x eg. "0xDV2HW7" or "0
x DV2HW7" it fails to lookup the code - it wasn't immediately obvious to me to
discard the 0x on lookup.

~~~
rsync
Hmmm .... we have it coded to accept _either_ :

[http://0x.co/EXAMPLE](http://0x.co/EXAMPLE)

or:

[http://0x.co/0xEXAMPLE](http://0x.co/0xEXAMPLE)

... so I wonder, how are you doing the lookup that it is failing without the
0x ?

EDIT: OH, ACTUALLY - are you looking up "0 x EXAMPLE", with the spaces in
there ? No, that won't work - we just have the spaces in place on the webpage
to make it easy on the eyes ... is that what you're doing ?

edit: and for anyone reading, you can do the lookup _even simpler_ with plain
old 'nc' \- you can specify [http://](http://) (non SSL) address if you need
to ...

~~~
cbhl
If you decide that spaces aren't valid identifiers in 0x codes, then it might
be worthwhile to strip all of them out when someone enters one.

~~~
rsync
Ok, we now ignore spaces in the code inputs, so it no longer matters if you
enter:

    
    
      7DBZ3G
      0x7DBZ3G
      0 x 7DBZ3G
    

... they all work the same way.

------
kqr
Question not covered by the FAQ: for the mathematically lazy, what kind of
size are we looking at in terms of "oh by" code space? How many documents can
be stored until codes become too long to store in the (human) working memory?

Will there be an option to generate a code "long enough" that it can not
easily be brute force guessed?

~~~
rsync
Right now, as in, launch day, we are handing out 6 character codes that are
0-9,A-Z (but excluding '0', 'o', 'x', '1' and 'l') ... so 31^6 codes.

But you can _purchase a custom code_ [1] and the price is based on the length
(shorter being more expensive) and the max size is 32 characters.

So you can choose what you like, and it's as low as $8/year if it's 9
characters or longer...

[1] [https://0x.co/custom.html](https://0x.co/custom.html)

------
rsync
There is an "HN FAQ" which we think addresses things HN folks will be
interested in, as opposed to the "civilian" FAQ.

Not at all related to rsync.net, but yes, I'm the rsync.net guy.

Happy to answer questions here.

------
cbhl
The codes in your FAQs (0x7DBZ3G, 0xDY34NK) don't actually lead anywhere --
that might get confusing if they get handed out (e.g. start linking to
malware) later.

~~~
rsync
Thanks - we'll get those populated after lunch here...

------
bobuking
Not working on Opera 12.16 (last Presto engine). Not working on Chromium 37

So.
[https://www.ssllabs.com/ssltest/analyze.html?d=0x.co](https://www.ssllabs.com/ssltest/analyze.html?d=0x.co)
\- and apache behind...

------
tokenizerrr
The time that is displayed should include the timezone. No idea what timezone
it's in, but it definitely isn't UTC.

------
chrismartin
Another curious rsync.net customer taking a look.

I think you're actually offering a key-value store (aaS) with a 4 KB maximum
page size, and one of the use cases happens to be a text/URL shortener.

It looks like someone is squatting on ox.co. You could contact them and hope
they haven't seen your project yet..

How are the codes derived?

~~~
rsync
"Another curious rsync.net customer taking a look."

Thanks for being our customer (at rsync.net).

"How are the codes derived?"

    
    
      # generate the ohby code
      use String::Random;
      my $pattern = new String::Random;
      my $size = 6;
      # don't use i,I,1,l,L,0,O,X,x etc..
      $pattern->{'A'} = [ 'A'..'H', 'J', 'K', 'M', 'N', 'P'..'W', 'Y' .. 'Z', '2'..'9' ];
      my $code = $pattern->randpattern('A' x $size);
    

(We disallow ILOX and 0 since that could get confusing)

Right now we are handing out random (free) codes that are 6 characters long,
but at some point I suppose we have to increase to 7 ... like ICQ ...

------
LeoPanthera
It seems like a bad choice of domain, given the example usage. "0x" will be
regularly confused with "ox", and ox.co is a completely different site.

------
fraXis
What language / framework is the backend programmed in?

~~~
rsync
perl.

Also: view source on any page to learn _just what kind_ of a website 0x.co is
...

------
wcf3
What does the public/private option do?

~~~
rsync
At some point (not now) we will present existing codes as a searchable
resource from the outside. I haven't decided what that presentation layer will
look like, but the idea is that a lot of Oh By Codes will contain important or
helpful information and benefit from being searchable.

But some won't. So if you want to keep the content of your code
private/unindexed/norobots, you would set that flag to "private".

I think the expiration pick-list is self-explanatory, yes ?

------
thde
Do you provide a .onion address?

