

Show HN: My first Rails app helps you motivate yourself to get things done - jasonshen
http://rewardbox.herokuapp.com/

======
alinajaf
Hi Jason,

Great work! The website has a great feel to it and it seems like a good first
project to get out in the open. Definitely looks/works a gazillion times
better than my first website!

There's an issue I'd like to point out that I've seen come up over and over
again with people like yourself who've taught themselves to code via
treehouse, codecademy or some of the other webdev-education based startups.
I've met developers with 10+ years of experience who make the same error
though, so I wouldn't beat yourself up too much about it.

This may have been deliberate, but it appears as though you can view all the
rewards on the site (including other users) simply by modifying the URL. It
also seems like you can modify or delete any of the rewards on the site too
(try changing the form action/fields using chrome web inspector and submit the
form). Since this is your first rails app and I'm assuming you're not hoping
it's going to hold any sensitive data, this isn't that big a deal.

Do keep in mind though that in its current state, it's trivial to create a
script that deletes all the rewards on the website or worse, fills all the
reward info with spam data.

For the last person I pointed this out to, I put together a gist of what the
before => after of the code should look like for fixing this
<https://gist.github.com/Najaf/5431024> (tl&dr, you need to whitelist those
params and implement authorization).

If you'd like any further help with this, feel free to ping me via email.

Best of luck!

~~~
jasonshen
That's super helpful and thank you for the very kind and welcoming way you
delivered that feedback. I wish more HN comments were this nice. It takes
longer to write but is more likely to be implemented.

edit - Made the update! Sorry anyone who went to the site when it was down for
20 seconds

prev edit - ans -> and

~~~
jlogsdon
Check out CanCan[1] for authorization. It's pretty simple to get started with,
but provides a lot of power for controlling who can access what.

[1] <https://github.com/ryanb/cancan>

~~~
alinajaf
Seconded! Using current_user.rewards.find(...) is a good stopgap if you're not
keen on going as far as using cancan.

This won't take care of the parameter whitelisting for you though.

------
jasonshen
I estimate spending about 100 hours over 4.5 months (~45mins a day) learning
how to program using teamtreehouse.com and railstutorial.org. It's been tough
but super rewarding. Would love your feedback and happy to answer any
questions!

------
hello_newman
Hey Jason!

I think this is a great idea. This is just my opinion, but I would love to
give you some feedback:

1\. I love the design. I might be biased because I am a huge fan of white
space. The white with the subtle green really pops. Love that.

2\. The idea itself is great in my opinion. When I do my prep work for Dev
Bootcamp, I do something similar. I study for x amount of time or try to
finish x amount of problems (we're talking genrally 60-120 minutes) then I
reward myself with my ecig. I might be biased again, because my reward is
nicotine vapor, but I use a similar approach.

3\. I love this idea. But aside from that, what was your motivation to learn
to program? The reason I ask, is because I dropped out of college to go to Dev
Bootcamp and become an apprentice software engineer. I am an avid reader of
your blog, and you mention you are a Stanford alum running a start up. Because
of that, what made you think learning to program would be a good investment?
This is not judgmental, I am just curious about your motivation to do this.

Overall, keep up the awesome work! It's pretty cool your 100% self taught
relying only on treehouse and railstutorial.

[edit for spacing]

~~~
jasonshen
Thanks for the kind words and feedback!

1) My cofounder Randy really emphasizes whitespace and being as minimal as
possible. His argument is that the less you do, the harder it is to fuck it
up. So thanks.

2) I could see an e-cig being a great reward because it's a discrete unit and
something you really want. Though (and you've probably thought about this)
it'd probably be ideal if you found a different reward/habit all together. And
you could use this app to do that! =)

3) I wrote an entire post about this, but essentially, I think it's foolish to
work in technology and not make an investment to continually increase your
understanding and skill in technology. I'm also working on improving my
marketing and sales skills, but coding is at the core of our internet/tech
industry. Would you make someone an Army General if they didn't have any
combat experience?

More here: [http://www.jasonshen.com/2013/when-software-is-eating-the-
wo...](http://www.jasonshen.com/2013/when-software-is-eating-the-world-you-
better-start-making-dishes/)

------
rhapsodyv
I don't like reward driven systems.

Did you read Punished By Rewards from Alfie Kohn[1]?

I discovered this book from this Aaron Swartz post on productivity[2].

[1] <http://www.alfiekohn.org/books/pbr.htm>

[2] <http://www.aaronsw.com/weblog/productivity>

------
jknightco
Great job! I have a huge personal interest in motivation and the science
behind it, its always fun to see how people try to bring it into technology. I
think there's still a lot of room for motivational-tech.

That said, this reward style finds significant problems in the literature.
Expected rewards act like a chemical fix (quite literally, in terms of how
they work in the brain), that require larger and larger doses over time, and
eventually crowd out the will to do the behavior on your own. I'd be
interested to see how using something like this would work long term. I know
its rather simple in its current form, but so are most of the examples
researchers use in the laboratory.

Regardless of the science, great job on finishing and launching your first
Rails app. My only technical note: your images are a bit pixely on my Retina
display. Other than that it looks great!

~~~
jasonshen
Thanks for the feedback! Yeah, there is something about a dosage / acclimation
effect that can be dangerous about any kind of positive action.

I think that using a variable reward system keeps the brain excited (because
you don't know what you are going to get) and even extremely simple and low
cost variable rewards have helped drug addicts stay sober:
<http://www.ncbi.nlm.nih.gov/pubmed/16203960>

~~~
jknightco
Interesting study, I hadn't seen that one. I think one of the problematic
points is this though: "...the chances of winning prizes increased with
continuous time abstinent." They're literally upping the "dosage" over time.
Also, the variability is in the chance of receiving a reward or not. I think
that's a crucial element: rewards work well when they're not guaranteed. My
final observation regarding the study is that it only lasted 12 weeks. I'd be
worried that the reward group might have a higher percentage of post-program
relapse than the non-reward group, as there is significant literature behind
the idea that once rewards are stopped the desired behavior stops as well.

I appreciate the study! Always interested in reading more about human
behavior.

------
hawkharris
Great work, Jason! The app is fun and easy to use.

------
_lex
This is pretty cool Jason. It's clearly not perfect, but that's a feature
rather than a bug - it means you launched at the right time.

