Ask HN: Feedback on project

20 points by iSloth ↗ HN
Looking for any constructive feedback on my little php/MySQL project http://whatportis.com - negative or positive comments are all welcomed.

Thanks!

37 comments

[ 2.7 ms ] story [ 63.7 ms ] thread
Some general feedback:

- on the statistics link the top ports to their info.

- provide more information, like how to open or forward ports etc

- your url format would be so much easier if you could just type whatportis.com/xxxx or whatportis.com/keyword rather than the index.php stuff

- it's not clear you can search for software that uses a port, you do say name but it would be more clear if it said something like "80, http, world of warcraft" or whatever

- "is this port open on my computer/server/whatever"

Thanks, you can actually search using the URL, for example http://whatportis.com/80 or http://whatportis.com/http, just need to edit the page so it passes the variable like this, not through the usual GET syntax like it is at the moment.

A few of the things I know need doing are:

- More content for the users and also the search engines as they dont appear to index much of the site, may be even remove the javascript tabs and have distinct pages to help the search engines a bit more...

- Edit the search page to pass variables through the URL (cleanly)

- Some how improve the search system, very basic search at the moment and probably returns too many results for some parameters.

I do agree the statistics page defiantly needs some work doing to it, such as there is the same port listed a few times in the top 5 as there is so many records for it.

Really like the 'this port is open on my computer' although dont want to look like I am attacking all of my users with port scans, so might make that a manual click to check.

Searching from the home page will now use the correct URL format, and not index.php?port=XXX
Nice tool. I would love access to the API once its public to write a bash script that allows you to search from terminal.

Suggestion: - statistics: top 5 ports show only 2 distinct ports. it would be better IMO to show 5 distinct ports

I'm confused. If you're on a terminal using bash, I guess you're in a POSIX system... why not using grep $PORT /etc/services?
That reminds me of another place to find some more ports to add, completely forgot about that file :)
> Nice tool. I would love access to the API once its public to write a bash script that allows you to search from terminal.

    > cat /etc/services | grep " 80/tcp"
    http 80/tcp www www-http # WorldWideWeb HTTP
Cat is useless in that line:

   $ grep " 80/tcp" /etc/services 
   http            80/tcp          www www-http    # WorldWideWeb HTTP
http://partmaps.org/era/unix/award.html#cat
It's not useless. With cat, I don't have to remember the order of grep's arguments.
Interesting. With grep you need at least something to search (one argument), don't you? If you don't provide another argument to say "where", it reads from standard input (as most unix commands).

But you already know that because you're using it that way with cat. How can you don't remember then the order of the arguments?

There:

> {1} With grep you need at least something to search (one argument), don't you? {2} If you don't provide another argument to say "where", it reads from standard input (as most unix commands).

And ‘find’ is the other way around.

I just don't see any reason to not to use cat. It's not like grep will use fseek() to speed anything up, if I call it with file URI instead.

I too would cat the file first, just get in the habit of doing it.
Thanks! distint ports are defiantly on the to do list.

The API is actually live using JSON and someone has written an Android App for it already, just need to document it and make it public.

Distinct and clickable "Top 5 Ports" has now been added :)
hey,

The nav at the top, right hand background-image isn't rendering on my ff5/win7 ".details .tabnav li a span".

as so: http://imm.io/7KxD

Also, I'd stay well away from centered text if I were you. And the Red highligthed text is quite disconcerting seeing as they arn't hyperlinks.

Hope that helps :) even if its not technical feedback.

Thanks for the input/images, looks like the layout needs fixing sooner than I thought, I would like to go for something CSS, clean and basic.

Taking inspiration from something like server fault, however I am not a designer and finding a template that matches that is hard :)

Cheers, missed out my SQL cleaner in a few places, should be a lot better now :) will give it another check soon.
"my SQL cleaner"

Warning bells. Correct practice is to use PDO or MDB2 and prepared statements for SQL access. You should never need a "SQL cleaner".

I have to second prepared statements. You wont have to change your code too much to use them and they are way too important not to use. They can even lead to speedups if you're going to reuse queries.
The errors shown on the site was actually from a misguided hack I performed to log all search variables into a database, unfortunately I forgot to apply the correct SQL protection techniques that I normally do throughout the rest of the site and created the vulnerability slaps self on head.

Apologies for the confusion I am not actually using a SQL cleaner, in-fact with brutal honesty I don’t actually know what one is. I was using the term to reference my usual methods/techniques for keeping SQL ‘clean’ from injection attempts.

I am fairly happy with my current SQL setup and the way it protects from injection, obviously when I code it correctly, however I will certainty look into using fully prepared SQL, currently I do something ‘similar’ using my objects so it would probably be very easy to implement.

Thanks for all of the feedback so far and pointing out the flaws, in fact the logs I have gotten from people ‘testing’ my SQL protection has helped a lot!

I am fairly happy with my current SQL setup and the way it protects from injection

In all seriousness: you shouldn't be, because it clearly doesn't protect in all cases. ("Failed to wrap a query in a magic function to make it sort of safe" is part of "all cases.") You have demonstrated, by neglecting to use your "correct SQL protection techniques," why non-prepared statements are absolutely terrible. You cannot have the error you just did if you train yourself not to use direct SQL queries, regardless of library. Querying via MDB2 or PDO (or doctrine-dbal, which is a superset of PDO) means you have to intentionally and willfully do something very out-of-the-ordinary to pass in raw data as a SQL query, instead of being forced to wrap your queries in some slipshod, maybe-works-maybe-doesn't homegrown function that has not been rigorously tested.

Don't reinvent the wheel. Safe SQL queries are a solved problem.

I do agree that I should consider implementing none direct SQL, however I am 'faily happy' with my current set-up as it does work and protect (when used correctly).

I will certainly look at none direct SQL, however I just don't feel it's my number 1 priority at the moment, especially when the template isn't even rendering in some browsers.

Why is all of this text images? :/ Also, ripe for SQL Inject

Web fonts > Cufon

Have fixed a lot of the SQL flaws thanks.

Not sure what you mean by the images? you want more? and less text?

No, I just prefer native web fonts to cufon. And you're still not escaping at least one of your queries properly unless you fixed it in the last 10 minutes.
Hopefully it has been fixed, gone through all the searches over the past hour and can't see any that are still getting through.
You must have really just fixed it. I'm not seeing the sql errors anymore.
Indeed - Feedback is only useful when you act on it ;)
Why canvas for rendering text?
The design is 'temporary' and off themeforest just to get the hack/project live and on the web - I don't like most of TF's designs however this did seem more minimal than most.

Preferably I would like something with less javascript and a lot more clean, just need to find a designer :)

Competition? What about just "Contest"

For a minute I thought you were posting about competing services, then I saw the page and was like "How is this a competition?" It should be something like contest > X entries for following, Y for each port you enter. Weight X and Y however.

I also agree, fonts need help.

Contest idea is great, will work on improving that now :)
Just wanted to leave a quick message, thanks everyone!

This is probably some of the most helpful feedback I have gotten in a long time, on any project :)

  $ grep 10080 /etc/services
  amanda          10080/udp   # Amanda 
  amanda          10080/tcp   # Amanda 
Incidentally, you're lacking this one too.
I think the design would benefit GREATLY from some whitespace, and using native fonts instead of cufon.

If you're interested in better web fonts, look at Google Web Fonts.