

My weekend project: anonymous, realtime message board with socket.io - ecto
http://oak.io/about
This is just a simple node app on a small Joyent server!
======
opendomain
Do NOT go to this service! It does not filter JavaScript and so is succeptble
to XSS and other hacks. I sent on and clicked on a chat named 'Natalie
portman' and it can up with an alert box that said 'no chance bro' and kept on
popping up and I had to shut down my browser. Other than that - pretty kewl!
Is the code open source?

~~~
ecto
I actually got tricked by that too haha. I went into the database and deleted
that, and pushed a fix to production.

~~~
mkramlich
You are now totally qualified to start a Bitcoin bank.

~~~
nicoviarnes
I laughed a bit.

------
joshryandavis
It is a fun little site, I really enjoyed playing with it. You really need to
add some spam prevention, title & comment length limits, fix exploits, etc.

I wanted to play around with it some more, but it's just pure spam now.

~~~
ecto
Thanks! I really hate spammers :\

------
ecto
This is just on a small Joyent server, running one process. I started it
Friday night so there's still a few holes.

~~~
sudonim
Yeah, like it's not anonymous. Someone figured out that you can see all ip
addresses (tied to comments) when you open up firebug.

~~~
ecto
I fixed that actually. You can still get around my fix but I will fix the fix
later.

~~~
nsmartt
So it's totally anonymous except you store the IP addresses, huh?

~~~
ecto
Correct.

~~~
nsmartt
Pretty misleading.

The whole point of your experiment was to see how people would act if
completely anonymous, right? They aren't. So your experiment is flawed.

~~~
voxx
Seeing as how there aren't terms of service maybe YOUR flawed. It's a web app
that never guaranteed your privacy.

~~~
nsmartt
"oak is an experiment. what will people act like if they are _truly
anonymous_?" His words.

Note that I'm not "mad." I only pointed out that it was misleading.

------
shousper
It's like real-time reddit.. its be fun, but probably hard to make
constructive, lol

I like it, and envy the fact you could just create this on a whim over a
weekend. I wish I had that kind of discipline when it comes to some of my
spontaneous ideas!

------
DigitalSea
This is actually a lot of fun man, kudos.

~~~
ecto
Thanks! I had a lot of fun writing it!

~~~
DigitalSea
Are you planning on open sourcing the code via Github or something? I haven't
built a Node app myself just yet, would be interesting to see how you did it.

~~~
ecto
I think I might! The code is still kind of gnarly right now but I'll clean it
up this week and decide then.

------
bromagosa
Cool one!

It'd probably be a good idea to crop titles and contents if they exceed a
particular length.

~~~
ecto
Doing this right now!

~~~
ecto
Pushed a limit of 200 chars

~~~
zxcvb
Might want to stop same IP from posting over and over again...

~~~
ecto
I added a limit of 15 posts per minute for now

~~~
galetoquantico
What if you try 1 post per 30 seconds ?

------
ecto
I just added a basic spam detector and truncated title lengths :|

~~~
ecto
Also I had to upgrade my RAM pretty fast haha. Should be better now.

------
brettbergeron
Nice work dude! This is like 4chan, but real-time :D

~~~
ecto
I'll take that as a compliment haha.

------
vics
Nice MVP with critical mass reached.

------
ma2xd
What kind of server do you use?

~~~
ecto
This is just a single process on a Joyent SmartMachine. It's the first time
I've used them and I've been pleased!

------
biwuchen
nice

------
biwuchen
cool

------
pcopley
So you built 4chan without the user base.

------
voxx
lol the xss possibilities on this thing are making me drool a bit

and that guy is not going to get banned

~~~
ecto
I patched up the ones that were apparent, but I'm sure there's still some
open.

~~~
voxx
oh trust me, there are still plenty. depending on how you handle the spamming
and stuff, I might even contribute the ones I find myself.

