61 comments

[ 4.0 ms ] story [ 129 ms ] thread
A lightweight online note-pad for any quick text-sharing needs. Let me know what you think or if you find any use for it!
Neat! I like how it's lightweight, not enough lightweight stuff on the web nowadays (except for HN). Allowing the option to set human readable permalinks might be useful.
What what the name of the similar service launched a few years ago by telegram ?
I like the unintrusive UI, but what I would really like is markdown support. I am not sure if that fits _your_ initial idea, but I'm a tech person, so, for me that's a must.

Also, add https, because google will punish you.

Otherwise, well done.

I created https://markdownshare.com/ to allow anybody to create/share/render markdown.

Unfortunately these kind of sites are an abuse magnet, so it is in the process of being retired.

I think any sustainable site/service like this has to be self-hosted, or come with a subscription. Because otherwise dealing with all the bots, spam-submissions, and other abuse is just too depressing.

MarkdownShare looks like a pretty neat service, I'm sorry to hear that people took advantage of it!

Interesting that you mention a subscription service would more sustainable. I'm actually building a markdown note-taking app [1], that is based around a note-card format. We are currently developing a way to share a markdown card with a secure link.

[1] https://supernotes.app

I know exactly what you mean. I made https://Write.wtf majority of it is just junk.
Neat. Have you implemented any anti-spam controls? How much does it cost to keep it running?
Would a captcha have helped?
I suspect it would have helped initially, but then it becomes an arms-race.
Have you seen clientside-encrypted pastebins like 0bin[0]? The idea is to absolve the host of legal responsibility, since they can't even access the data without the decryption key in the URL.

[0]: https://github.com/sametmax/0bin

Can you expand on the types of abuse you saw? Was it all just spam, or was some of it legitimately 'dodgy' ?
A combination of (bot) IP addresses making 20+ requests a second, to post SPAM. Half the abuse was people just making lots of requests in short spaces of time, the other half was just people submitting spam, more slowly. I added rate-limiting to deal with the worst offenders, but mostly they'd keep POSTing away, ignoring the error-codes I was sending.

All submissions would get a random ID, something like this example chosen at random:

https://markdownshare.com/view/b5abadcc-c0fb-473e-a34d-f27c0...

There were numerous bots who'd try to spider/probe the site collecting all the links. Handling millions of 404s a month wasn't much of a pain, because the service was pretty efficient, but it was just another source of annoyance.

Finally, and God only knows how, I'd get a ton of DCMA takedown notices for alleged copyright infringement. That's what pushed me over the edge into first of all making it read only, and secondly planning to kill it at the end of the year.

Wow thanks for that. Makes one stop and think before coding anything similar. :(
What do people gain from spamming your service? Referring especially to the ones that kept going despite error codes being sent their way.
Just bots spamming forms I guess, hoping to get indexed and ranked on google.

The same thing you see on random blogs, I don't think there's anything specific about my service in particular - just badly coded bots that don't have retry logic and blindly spam the same content to thousands of sites that accept comments, content, and pingbacks.

Ahhhh they are trying to collect backlinks. That makes sense.
This is amazing. As simple as it can be. Good job!
This could be handy when you post on a forum or underneath a new article. Sometimes you want to go into more depth but technically limited on space or frankly it would be too much. You could have a link to note for those that wanted to read more. Would like it if I could host on my server, and had markdown (as said) plus some basic tracking info - # clicks etc.
Password for editing is not worth it, but a password for reading will be totally worth it.
Down?

> Not Found on Accelerator > Description: Your request on the specified host was not found. Check the location and try again.

Looks nice! You seem to be missing an about page and a privacy-related page though. What tech stack is behind?
Can you describe the tech stack behind this?
The entire thing is just a vanilla HTML/CSS/JS connected with Firebase.
What would help a lot, if you could customize the generated parameter in some way. Together with the password feature noone could "hack" into it anyways.
Also you could easily get rid of the "?n=" param I guess and just build a slug like http://kvak.io/fsf2o1r6yw5
Both great ideas. Getting rid of "?n=" is definitely coming (current links will of course keep working). Custom URL is also now on the list of next improvements.
cool, looking forward :) I will abuse this then as a grocery shopping list to share with my girfriend
This is really good, extremely simple.
Why should I use this when there is HN for collaborative discussion?
(comment deleted)
This is a great way to quickly share text between my personal phone and my work machine :)
(comment deleted)
It doesn't work for me after I enter a password to lock it. I cannot type in anything.
Would be great with client side encryption
A possible security concern is that this can store arbitrary HTML, including script.

http://kvak.io/?n=f9f2o1r2pd64

Ironic how you posted a note without a password so anyone immature enough (me) could just tamper with your example.
That breaks the visitor counter, since it relied on updating the underlying document to update the counts!

I was going to go ahead and hide the lock button entirely to avoid this attack, but decided I would get some work done today instead.

EDIT: after a bit more hacking, I removed the password and hid the lock button. Nothing that would stop a determined adversary :) (Also, I kept the Khajit change in your honor)

Great. Thanks!

Fix for this incoming. I don't want to limit HTML insertion in general, but I'll make sure scripts are not possible.

I can't help but notice that this was done in django.
It was not. If the code suggests that, then it's just because I'm not a very good developer. All basic HTML/CSS/JS + Firebase.
Oh, I didn't read the code, the favicon shown by my browser confused me.
Very interesting tool. I wonder what the business model behind this might be. How do you intend to make money? Do you even want to make money with this?
I don't intend to make money out of this. A happy little side project that's easy to maintain and improve over time.