Show HN: Kvak.io – Online Notepad

(kvak.io)

90 points | by levmiseri 1331 days ago

30 comments

  • phelm 1330 days ago
    • levmiseri 1330 days ago
      Thanks! Will address this today.
    • mobilemidget 1330 days ago
      yes, please enable https for this. Looks nice and simple
  • andrewla 1330 days ago
    A possible security concern is that this can store arbitrary HTML, including script.

    http://kvak.io/?n=f9f2o1r2pd64

    • natpalmer1776 1330 days ago
      Ironic how you posted a note without a password so anyone immature enough (me) could just tamper with your example.
      • andrewla 1330 days ago
        That breaks the visitor counter, since it relied on updating the underlying document to update the counts!

        I was going to go ahead and hide the lock button entirely to avoid this attack, but decided I would get some work done today instead.

        EDIT: after a bit more hacking, I removed the password and hid the lock button. Nothing that would stop a determined adversary :) (Also, I kept the Khajit change in your honor)

        • levmiseri 1330 days ago
          Great. Thanks!

          Fix for this incoming. I don't want to limit HTML insertion in general, but I'll make sure scripts are not possible.

  • levmiseri 1331 days ago
    A lightweight online note-pad for any quick text-sharing needs. Let me know what you think or if you find any use for it!
    • breck 1331 days ago
      Neat! I like how it's lightweight, not enough lightweight stuff on the web nowadays (except for HN). Allowing the option to set human readable permalinks might be useful.
  • tomw1808 1331 days ago
    I like the unintrusive UI, but what I would really like is markdown support. I am not sure if that fits _your_ initial idea, but I'm a tech person, so, for me that's a must.

    Also, add https, because google will punish you.

    Otherwise, well done.

    • stevekemp 1330 days ago
      I created https://markdownshare.com/ to allow anybody to create/share/render markdown.

      Unfortunately these kind of sites are an abuse magnet, so it is in the process of being retired.

      I think any sustainable site/service like this has to be self-hosted, or come with a subscription. Because otherwise dealing with all the bots, spam-submissions, and other abuse is just too depressing.

      • rozab 1330 days ago
        Have you seen clientside-encrypted pastebins like 0bin[0]? The idea is to absolve the host of legal responsibility, since they can't even access the data without the decryption key in the URL.

        [0]: https://github.com/sametmax/0bin

      • tobeagram 1330 days ago
        MarkdownShare looks like a pretty neat service, I'm sorry to hear that people took advantage of it!

        Interesting that you mention a subscription service would more sustainable. I'm actually building a markdown note-taking app [1], that is based around a note-card format. We are currently developing a way to share a markdown card with a secure link.

        [1] https://supernotes.app

      • tealpod 1330 days ago
        I know exactly what you mean. I made https://Write.wtf majority of it is just junk.
        • abi 1330 days ago
          Neat. Have you implemented any anti-spam controls? How much does it cost to keep it running?
      • Jaruzel 1330 days ago
        Can you expand on the types of abuse you saw? Was it all just spam, or was some of it legitimately 'dodgy' ?
        • stevekemp 1330 days ago
          A combination of (bot) IP addresses making 20+ requests a second, to post SPAM. Half the abuse was people just making lots of requests in short spaces of time, the other half was just people submitting spam, more slowly. I added rate-limiting to deal with the worst offenders, but mostly they'd keep POSTing away, ignoring the error-codes I was sending.

          All submissions would get a random ID, something like this example chosen at random:

          https://markdownshare.com/view/b5abadcc-c0fb-473e-a34d-f27c0...

          There were numerous bots who'd try to spider/probe the site collecting all the links. Handling millions of 404s a month wasn't much of a pain, because the service was pretty efficient, but it was just another source of annoyance.

          Finally, and God only knows how, I'd get a ton of DCMA takedown notices for alleged copyright infringement. That's what pushed me over the edge into first of all making it read only, and secondly planning to kill it at the end of the year.

          • abi 1330 days ago
            What do people gain from spamming your service? Referring especially to the ones that kept going despite error codes being sent their way.
            • stevekemp 1330 days ago
              Just bots spamming forms I guess, hoping to get indexed and ranked on google.

              The same thing you see on random blogs, I don't think there's anything specific about my service in particular - just badly coded bots that don't have retry logic and blindly spam the same content to thousands of sites that accept comments, content, and pingbacks.

              • abi 1330 days ago
                Ahhhh they are trying to collect backlinks. That makes sense.
          • Jaruzel 1330 days ago
            Wow thanks for that. Makes one stop and think before coding anything similar. :(
      • putsjoe 1330 days ago
        Would a captcha have helped?
        • stevekemp 1330 days ago
          I suspect it would have helped initially, but then it becomes an arms-race.
  • donmb 1330 days ago
    What would help a lot, if you could customize the generated parameter in some way. Together with the password feature noone could "hack" into it anyways.
    • donmb 1330 days ago
      Also you could easily get rid of the "?n=" param I guess and just build a slug like http://kvak.io/fsf2o1r6yw5
      • levmiseri 1330 days ago
        Both great ideas. Getting rid of "?n=" is definitely coming (current links will of course keep working). Custom URL is also now on the list of next improvements.
        • donmb 1330 days ago
          cool, looking forward :) I will abuse this then as a grocery shopping list to share with my girfriend
  • zserge 1330 days ago
    That's cool! Reminds me of old notepad.cc and https://onthesamepage.online/ with very similar mechanics and philosophy, but for visual drawing.
  • benrbray 1330 days ago
    Have you considered using ProseMirror [1]? It's a nice wrapper around contenteditable that makes things like inline math editing [2] much easier to set up.

    [1] https://prosemirror.net/ [2] https://github.com/benrbray/prosemirror-math

  • g105b 1330 days ago
  • monkeydust 1330 days ago
    This could be handy when you post on a forum or underneath a new article. Sometimes you want to go into more depth but technically limited on space or frankly it would be too much. You could have a link to note for those that wanted to read more. Would like it if I could host on my server, and had markdown (as said) plus some basic tracking info - # clicks etc.
  • grandpaa 1330 days ago
  • tleb_ 1330 days ago
    Looks nice! You seem to be missing an about page and a privacy-related page though. What tech stack is behind?
  • rammy1234 1330 days ago
    It doesn't work for me after I enter a password to lock it. I cannot type in anything.
  • soared 1329 days ago
    Does anyone know of a replacement for the chrome extension papier? Made a new tab in chrome into a persistent notepad. I built all my note taking around it and my only option seems to side load it from now on.
  • maelito 1331 days ago
    What what the name of the similar service launched a few years ago by telegram ?
  • baxtr 1330 days ago
    Very interesting tool. I wonder what the business model behind this might be. How do you intend to make money? Do you even want to make money with this?
    • levmiseri 1330 days ago
      I don't intend to make money out of this. A happy little side project that's easy to maintain and improve over time.
  • andrewinardeer 1330 days ago
    Down?

    > Not Found on Accelerator > Description: Your request on the specified host was not found. Check the location and try again.

  • skapadia 1330 days ago
    Can you describe the tech stack behind this?
    • levmiseri 1330 days ago
      The entire thing is just a vanilla HTML/CSS/JS connected with Firebase.
  • berkas1 1329 days ago
    Could you make it redirect to https automatically please? Will the source code be available?
  • leokennis 1330 days ago
    This is a great way to quickly share text between my personal phone and my work machine :)
  • vishnuharidas 1330 days ago
    Password for editing is not worth it, but a password for reading will be totally worth it.
  • davidcollantes 1330 days ago
    Will love to self host something like this. Would you be willing to open source it?
  • nurettin 1330 days ago
    I can't help but notice that this was done in django.
    • levmiseri 1330 days ago
      It was not. If the code suggests that, then it's just because I'm not a very good developer. All basic HTML/CSS/JS + Firebase.
      • nurettin 1330 days ago
        Oh, I didn't read the code, the favicon shown by my browser confused me.
  • donmb 1330 days ago
    This is amazing. As simple as it can be. Good job!
  • ellis0n 1330 days ago
    Would be great with client side encryption
  • ian0 1330 days ago
    This is really good, extremely simple.
  • useless_foghorn 1330 days ago
    adding a QR code generator would make this super mobile friendly.
  • ahstilde 1330 days ago
    reminds me of shrib.com/
  • scott31 1330 days ago
    Why should I use this when there is HN for collaborative discussion?