Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Ugliest.app – Ugly but good app platform (ugliest.app)
441 points by bloopbloop10000 10 months ago | hide | past | favorite | 155 comments

Made a quick ugly nostalgic website: https://ugliest.app/l/faf7f8c5-cd2c-47ab-9cb8-f6daf27f74d6/T...

Warning: May contain sound

Edit: Accidentally left the token on the URL I posted and got pwned... :)

This needs a 'Best viewed in Chrome 86 on iMac Pro' banner.

Or the dinosaur Mozilla banners...

No blinking? So disappointed.

Maybe a Java applet as well?

A little late with the reply, but here[0] was one of our resources for our computer graphics class when we were learning flash.

[0] https://web.archive.org/web/20080726043830/http://www.heathe...

You're missing a visit counter.

Im pretty sure I included one under the fire GIF. But might not be rendering on every browser.

You're right. On Chromium it renders all right. Beautiful work.

Nicely done. Is it still possible to change the cursor appearance? Might want to look into that.

Missed opportunity. Unfortunately, I have no idea how to edit this site anymore because I didn’t save the edit link.

And cursor trails!

The 8-bit Led Zeppelin really ties it together.

I appreciate the tasteful pwning as well! This is great.

Can you add a gif to let us know what webring you are in please?

Please include the mandatory marquee

This made my day. Thanks.

hahahah I love this


Heads up for the creator: putting everything under ugliest.app allows pages to read the same cookies across different "apps". If anyone plans to use the platform for production (which you appear to welcome), nothing substantial can be done.

I forgot what made github.com switch to github.io. Something similar but totally separate.

> I forgot what made github.com switch to github.io. Something similar but totally separate.

Yep, here's the link that explains it all:


> I forgot what made github.com switch to github.io. Something similar but totally separate.

Same reason: to prevent user-generated/user-hosted content from being able to read GitHub.com cookies.

Not quite, they couldn't read the cookies. But they could mess with the cookies on github.com somewhat.

The fully writeup is here: https://github.blog/2013-04-09-yummy-cookies-across-domains/

There's also the added benefit of being able to list the github.io domain on the Public Suffix List [1], which means that no cookies can be set for the top level domain, only the *.github.io subdomains. This prevents the platform users from accidentally revealing their cookies to every other app under the top level domain.

EDIT: to ellaborate for the interested, the Public Suffix List is used by browser vendors to decide what part of the URL is considered the TLD for display and cookie security purposes (and I imagine others).

[1] https://publicsuffix.org/

Have I missed some major news about this attack? As far as I know, you're not able to read, just rewrite (or append?) the already existing cookies.

EDIT: The linked Github article states exactly that, is it out of date?

The localStorage and indexeddb limits will also apply (10MB and 50MB on Chrome).

Heres my ugliest messageboard. Warning: no filtering, no moderation, no protection against any kind of abuse.

EDIT: new link, new messageboard, slightly harder to break https://ugliest.app/l/e93dbf19-2cf4-4f6e-82a9-a763bb8fde6f/m...

well... that was spammed pretty bad in less than 5 minutes. mission aborted.

edit: annnnnnnd it's back!

Fastest website death I've seen. You deserve an achievement.

What was the spam? Copyright infringement? Hate speech? Illegal pornography?

hate speech + porn

That died quickly, sad. :(

bloopbloop10000 - can we get an atomic increment operator? would love to add upvotes

it needs upvotes, deletion is only an option when at 0.

also: template: :12:48: executing "" at <insert "posts">: error calling insert: table "posts" doesn't exist

yea that was me defeating a delete bot :)

@bloopbloop10000 is there a way to html escape in the template language?

HTML is now automatically escaped to protect the innocent

looooooool that would have made my life so much easier. hope you enjoy my alternative solution

nvm I figured out a solution

This thing is fun. I like. It was tense waiting to see live responses.

Oh man. No protections against abuse for sure!

oh put it back up!

working on it

it's back!

That was fun

haha I agree for the couple mins it survived :)

now I'm afraid to open it lol

it's back! enjoy

You should add a message length limit.

done - but since no server side controls it's not possible to completely enforce

added a 1024 character limit for each form field on the server side

nice! thanks

I was trying to save a photo there, but it doesn't work due to this update lol

This is like Firebase but actually fun!

Jokes aside though, I think there's a real use-case for something like this: Small multi-user CRUD apps, most often for a confined audience that don't warrant whipping up some kind of web server software and deploying it to a VM or a lambda function or whatever. Just create some tables, write some markup and you're done. Share the URL, it's live!

You could also use it for stuff like simple form submissions in otherwise static sites (à la Netlify) or website hosting in general. Just have your static site generator spit out an ugliest.app bundle and deploy it using curl. You get some dynamic content generation for free!

Hopefully this does not sound insane but I think this idea of "something like Access, kind of, but on the web" is brilliant and necessary. I don't wanna tell you what to do but maybe open sourcing this would be beneficial? Judging by how fast you've been fixing bugs and adding features in the comments I figure the code is not a mess. People might just prefer contributing that one feature they were missing instead of writing their own web server for their tiny app.

> something like Access, kind of, but on the web

I do a little tech consulting on the side (mostly web dev, but sometimes just regular "IT stuff" too)...and I've had clients who i know would be a pain if i conduct the usual process for developing an app/website for them...and often (to save myself from headaches) try to look for a solution for them that is something like Access (or super Excel) but for the web...and haven't found one that is nicely balanced yet. This kind of thing - if it evolves a little more on the ugliness side - might eventually fit the bill. (To clarify: i have no care about the ugly aspect, but the same annoying clients who would benefit from this paradigm are the same ones who criticize apps because they're not "pretty enough"...So, there's that to consider.)

Exactly! As for the visual aspect, you can do whatever you want on your own pages. Just the handful of pages that make the editor are "ugly" (unless you can smuggle something like a user stylesheet into your client's browser). The question is if your client would use the editor themselves in the first place. It's not rocket science but that templating language might be a bit more daunting to a general audience than Access.

Have you tried AirTable?

I have noticed AirTable but I've never tried it. Maybe it's good but on the spectrum of customization AirTable seems closer to Excel or Google Sheets than Access or something custom-made.

Another important aspect is data protection. For my last "just CRUD" project I had to implement at-rest encryption where PII is only accessible with the user's password[1]. Something like that would be possible in JavaScript in an ugliest.app but if I'm not mistaken not in AirTable. Most businesses would probably be fine with it but I'm always a bit uncomfortable entrusting someone else with any unencrypted customer data, especially PII. (But I'm not saying AirTable doesn't do its job protecting customer data.)

[1] It just so happens that this was part of my undergrad thesis project so you can read up on the encryption scheme: https://github.com/T0astBread/thesis/releases/latest/downloa... (section 4.4.2 "Personally Identifiable Information").

I've heard the name but never tried it. I'll give it a go; thanks!

Appears to have been flagged by google. Links are show Deceptive Site warning in Google Chrome on Android due to possible Phishing.

Dang. It's really hard to put something online that lets anybody be creative without someone coming in, using to do bad things, and getting the whole site blocked by google.

I guess nothing is going to change too since this conveniently serves to entrench the big platforms.

I'm getting the same thing on Firefox now.

Looks like it's back to normal now. I'm no longer getting this warning.

Same on mobile safari


I created an app. How do I get 100M USD series A funding round?

To maximise your valuation, just make sure you don’t have any customers or revenue.

And you need to involve AI somehow to revolutionize a particular industry

Don't forget blockchain! AI powered block chain powered AI

Ha, my company is doing exactly that rn

Have it be multicloud and serverless.

I truly want to believe that you just wrote "not found"

maybe google acquired them

I mean, the ultimate "fake it till you make it" power move would be to go straight to the "Our Incredible Story" acquisition/aquihire claim on your homepage linking straight to a Google Graveyard project, right?

(Then start posting on your LinkedIn about your new "career" hand building replica Inuit whalebone and sealskin canoes using traditional methods...)

I was hacked bruh

Depends on what colour sleeve you chose to premiere your new MacBook Air in at the local coffee roastery.

Rewrite it in Strategic communication [0]

[0]: https://github.com/rotoclone/strategic-communication

No React, Kubernetes nor micro services?

Sorry, not gonna fund that, it’s not scalable enough.

stealth mode

This is cool, but it seems to be broken. I tried to create a table called `test`, but I got `something went wrong but we won't say what`. It's also not clear to me what to do with a table (I don't see any options to add columns or data).

EDIT: Maybe it's just being hugged to death. Just about every action is throwing the aforementioned error now.

EDIT2: This would be really cool if it were self-hosted (obviously without the auto-deletion)!

You have to click the Docs link to see how you can read from and write to tables using a template syntax and HTML forms.

> I tried to create a table called `test`, but I got `something went wrong but we won't say what`

That means it got an error while running git.

Sorry about that! Everything should be working now

It's actually beautiful.

Truly minimal.

"However many requests per second we feel like serving"

probably closer to the truth of competing cloud providers than it has any right to be

I believe you got hacked. Perhaps you shouldn't have shared the link with the token included.

Oh they put a password in a url. Doh, didn't spot that!

It’s a shame you’ve chosen to delete everything after 24 hours. I understand why though. Maybe just make no guarantee that the apps will stay live, so I can share what I make with friends?

I like the plain design, very austere and to the point. It would be good if your copy was just as blunt and frank, tell us why it’s good and why we should use it

OP here— you make a good point about sharing with friends. Added a button to make apps last forever!

amazing, cheers! great work

> something went wrong but we won't say what

I think you got the big hug

Well, that's ugly alright!

I don't get it. Why has everything to be called an "app" nowadays?

All in all I have so many questions – Let's start with: "WHY, tho?"

> I don't get it. Why has everything to be called an "app" nowadays?

Because that's what people have decided. It is what it is.

> All in all I have so many questions – Let's start with: "WHY, tho?"

Why not?

I personally quite like the aesthetic.

Safari on iOS 14.1 started throwing “Deceptive website” warning for the domain. It worked fine (i.e. no warning) an hour ago.

Ditto on Chrome with an all-red screen and "Deceptive site ahead".

looks like phishers have already started using it

real sad

I love this, but it doesn't look like server-side language is Turing complete. It can only read, write, and delete rows; branches on admin; and returns a random number. Is it possible to extend the language in a way defining functions, if stmt and for loops are possible?

Since it already has if, I wonder if I can branch on things other than "admin".

EDIT: I stand corrected, looks like using `range .. end` you can actually loop.

EDIT2: if also works:

    {{ if (rando 0 1) }}
    {{ else }}
    {{ end }}
prints a or b non deterministically.

EDIT3: I wish it supported operations like equality, addition, <, > etc

It supports eq (==), ne (!=), gt (>), ge (>=), lt (<), le (<=).

Awesome! I wish all functions were documented. Is this a programming language that I can google by name? I intentionally created some errors and googled the error messages but didn't find anything. Is this a homebaked PL?

It should be called webpage or website instead of app?

Nothing about the word "application," even when looking only at definitions related to computer software, suggests a particular platform, architecture, language, etc.

We qualify with "native" when we want to say that a given app was written specifically to execute on a certain system rather than on many systems as made possible by emulation, virtualization, web browsers, etc. so I would agree if this claimed to make ugly native apps.

Well it passes the Little Bobby Tables test... I created an app named "Robert'); DROP TABLE Students;--"

Ported my personal website onto it: https://ugliest.app/l/52ea894c-4a52-447c-ac4f-a3766315d905/t...

Added ugly to the name because why not

This sounds like a cool side project to implement when learning a new language/framework.

I actually like the spartan no BS.

Reminds me of expages.com from back in the 90s. Creating a website was simple. The "login" page to create an expage was the same as the sign up, so you could easily create new websites on the expage.com domain.

My friends and I built huge networks of Expage websites. Even the popular kids in school made their own sites. Being linked to by certain people was a big deal.

I credit Expage as being one of the main reasons I got into software development.

How do you use the tables feature?

Made a quick photo booth app here: https://ugliest.app/l/586157ce-2924-4cb5-92d5-8bce59c5e40d/c...

The platform is good, but there are something I wanted: 1. Handling queries in js 2. event triggers 3. elements manipulation

I used a hacky way to chunk the photos into 50parts and save them in the tables.

how long do you think that it will take for someone to post a picture of their genitalia?

Will the code for this platform be open sourced?

I love the simplicity of this. If it had a proper editor, I could totally see using this for small prototype webapps.

In the spirit of procrastination, redid our landing page as ugly https://ugliest.app/l/7658c63c-e4d5-43e3-89d6-42e095ed5b25/Q...

honestly good enough for 99% use cases

Using textarea breaks the page editor. Also, 'back to app'-link doesn't work.

Thanks! Fixed both!

Is the source code public? If not, do you have plans to make it open-source? I'm impressed at how fast you've been able to fix bugs and implement new features and I'd like to see how it works :)

Not sure what's ugly about it: it looks nicer and cleaner than most of the websites I see. I'm also not quite sure what's an "app platform", but this seems to be some sort of a web publishing service, and there's a bug on page creation: it leads to a 404 error page (possibly it requires JS, but doesn't say so, and works without it otherwise).

Edit: Noticed the docs page [1]. There's some scripting, so the uploaded pages are rather PHP-style scripts/apps, hence the "app platform", probably. Might be useful to link the documentation from the main page.

[1] https://ugliest.app/docs/pages.html

Hmm this is useless and wonderful at the same time. Problem is, I'm a writer, not a developer. Can anyone link to a sample app that a development deprived luddite like me can digest?

I would like to know the design of the multi tenant architecture.

Completely serious: in addition to "pages", if there was the ability to define "endpoints" that respond with JSON, I'd be in!

Added `tojson` just for you :)

Sweet! Thanks!

Where are the docs for the table API?

Nice work! How can I call the insert/select/update APIs in JS?

using hidden forms and use js to submit?

Nice work! The application is good, but GUIDs in the URL is bad...

Custom domains are in the backlog :)

Will you support custom domains? I love this platform tbh

best thing I've seen all week long! open source it?

I see why it's ugly - why is it good?

Maybe because it is simple and free. Not agreeing with the author here just trying to understand where they might be coming from.

Somehow got listed as being deceptive.

geocities sends their regards :)

The mvp of mvp's

it's beautiful :,)

the mvp of mvp's

pretty ugly



Nice try.


This is huge!

took too long to load, next!

people should just start immediately posting a screenshot or a screen record as their first comment because thats all I want to see usually anyway

It loads in two seconds, so I hope this was ironic. Also, plain html is almost always going to be smaller than an image file.

Hi, it periodically got hugged to death and this. Assuming the creator wasn't monitoring all server traffic as part of their outreach campaign, flippant messages like mine can help to show the reality of people being bounced quickly and fix their server infrastructure or code.

Flippant messages like yours do not provide any value and do not help any more than ”Seems like it was hugged to death”. Pretty much anything that is not protected by ”cloudflare & co” will be hugged to death by HN

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact