Hacker News new | comments | show | ask | jobs | submit login
Show HN: Shortly, a serverless pastebin (lucaspiller.github.com)
58 points by lucaspiller on Apr 12, 2012 | hide | past | web | favorite | 30 comments

Inspired by ZeroBin I started to wonder whether you could create a pastebin service with no server side component. Shortly (yeah I'm not really sure what is with the name) is the result of that.

Data is compressed using the deflate algorithm, then base64 encoded to ensure it can be stored safely in a URL. It is then set as the window.location.hash of the current page. Testing with various URL shorteners has shown that they don't care about long URLs generated by this. I still need to add checks to ensure that the URL isn't too long (I'm looking at you IE), but as a quick proof-of-concept I'm happy with what I've come up with. I'm wondering whether the same idea could be used to share data in other formats...

I use the same method for share links in http://padhacker.net, a server-less JSFiddle-type of tool. The data is just JSON, but I've been toying with adding arbitrary binary files. The link fragments explode with even small images. Some sort of chunking might be able to address this, with part of the fragment pointing to the next short URL in the series. (I recall seeing a project on top of bit.ly doing exactly this, but can't seem to find it.)

Great idea. Most URL shorteners offer APIs. Why not automatically create a short URL?

Shortly is catchy.

Brilliant idea, by the way.

Someone made a service like this last year (http://hashify.me).

HN submission: http://news.ycombinator.com/item?id=2464213

In the same vein, http://hashify.me/ stores markdown documents in URL and uses bitly for "persistence". Previous discussion here http://news.ycombinator.com/item?id=3407197/

Hashify.me lets you store an entire webpage in a url. As I recall it links bitly addresses. This lets you store up to 22500 characters.

Now you combine that with this in a bookmarklet / plugin. Add some obfuscation so bitly or whatever url shortener you use has a hard time detecting you and so the wrong anchor or no anchor shows an innocuous page.

Now the host isn't aware of the existence of the data nor is the encryption being done using server side code.

I am of course probably missing a huge flaw, so someone tell me why this won't work and how to fix it.

why not sending this directly?


    data:text/html;charset=utf-8,Hi HN

datauri encoded would be larger (this is deflated before being based64 encoded), and the formatting for the docuent needs to be encoded within the URL where as this doesn't. Plus it doesn't make a cool HN story :P

Hrm, if you add a link shortening service you can host the pastebin http://bit.ly/IcBhvN

Well that was disappointing. I was hoping for a distributed P2P object store.

I'm being pedantic, but this is not a server-less pastebin. A server must still serve the HTML page and the javascript used to decode its content.

A truly server-less pastebin would use the `data:` URL scheme to encode the html & js script boilerplate in addition to its content.

Well yes, and no. All paste data is stored in the URL, and the algorithm for encoding/decoding is known[1]. Github-hosted tool provides only the default implementation.

You're right, data: would be more pure, but AFAIR it has some limitations.

[1] - https://github.com/lucaspiller/shortly

Well, the thing I thought of by "server-less" was P2P. A P2P pastebin would be very interesting.

Nice service, I like the idea very much.

One problem I noticed with it though: It does not work correctly with Japanese text. I can input & "save" Japanese, but upon opening that link the text will not be displayed correctly.

JavaScript's stuck with UTF-16, so apps assuming bytes not shorts will mangle text.

This is cool!

I think you should implement the hash-based encryption key support from Zerobin, though. That way you could send around the message or the message and the key, as you choose.

This could be extended by adding file upload support. What impact would this have under a SOPA-world?

Sweet hack. Would be cool if there was a way to make it secure as well...

What kind of security risk do you have in mind?

Take a look at this:


A lot of ciphers have been ported to JavaScript now:


Why would you want a pastebin app to encrypt your stuff for you? A pastebin is a place where you just post something for random folks to view. It's like imgur for text. Yeah, there's ezcrypt, but I honestly don't see the point.

If you want to password-protect your paste, you are free to pass it through GPG before posting it. Much better security than trusting a third party's JS library which may have been modified in transit or even contain a back door.

And what benefit do you imagine that conferring?

By encrypting the data before turning into a URL neither the server, nor anyone who obtains that URL would be able to read the message without knowing the password.

Kinda like how ezcrypt works? https://ezcrypt.it/

As I understand it this is exactly how Zerobin works. The server stores the encrypted data, and the key is passed in the URL only.

Previous discussion about cryptography implemented in Javascript:


It links here:


so, basically you are abusing link shorteners for data storage :)

i would like something like this for binary data, with the option to specify a filename, as that is something the data url scheme does not provide.

I'm running several URL shorteners and I don't mind.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact