I get 'unable to connect' in Firefox Android for this and many little blogs on HN lately, idk what's going on. Cloudflare blocking me (but not for all sites)? Geo-restriction (UK)?
It doesn't always 10x my development but on certain problems I can work 30x faster. In due time, this is only going to accelerate more as tooling becomes more closely integrated into dev workflows.
> This blog is now STATELESS. The entire post is contained in the URL that you are visiting now. All my "blog" is now is a hard-coded main page that contains links to posts I claim authorship of. Of course the entire post is contained in each of these links.
Watch out: virus/scam/spam sites can detect sites like yours and write tons of redirects, link them somewhere, and use your site's good reputation to get their scams on the home page. This is also a huge problem for redirect services.
If the wrong person publishes the wrong link, you can get your domain banned from Google and tons of other sites as a "security risk", which can spread to your email (if you use @joshcsimmons.com).
It's fine if you don't care about blacklists of course, but this kind of abuse can easily sneak up on you.
The client-side XSS is mostly harmless (assuming you don't have any other sensitive services running with cookies scoped to this domain), although it's technically a persistent XSS, which means it could be indexed by search engines.
But is there a server-side component to this? I noticed that the "disclaimer" is added in the source returned by the server, so I assume there is some code that checks whether the post is present on the home page? If so, that could be dangerous, if there is a bug in that code such that a malicious payload in the URL could get RCE in your server process.
I've just added some defensive programming to the site. Sorry to say. Appreciate that you hacked it with your image onerror, pretty clever.
TBH I haven't thought about most of these things. Nobody typically reads my blogs when I've made them before and this is likely the only interest it will get for quite a while.
So if the author fix a small typo in the post, they break all the links to it. The blog is not "stateless", it’s just that its state is stored in the homepage. Having all posts on that page with anchor links would achieve the same thing with shorter links that don’t depend on the content.
> Anything can be generated here. You could even host your own blog that uses my website as a renderer if you really wanted to. It supports markdown.
> Every post that I want to publicly claim authorship of lives at the root of this site. If you are reading a post that I have claimed it will look like this page. Posts of unknown authorship have a disclaimer at the top of the page.
>Posts of unknown authorship have a disclaimer at the top of the page.
Problem is, the posts can contain <script> elements. So it's easy to just write a little JavaScript that removes the disclaimer at the top. See this hastily-made, immature example of mine:
The only thing I can think of is if they want to share controversial posts while having the ability to deny that they wrote it (as long as they don’t actually create a link to it from their own site).
It’s not a good use case IMO, but that is all I can think of lol
Huh, cool. I think it's a pretty terrible idea, but I'm glad people are still doing fun/creative things with websites. Keeping the spirit of the early web alive. haha :)
> Every post that I want to publicly claim authorship of lives at the root of this site. If you are reading a post that I have claimed it will look like this page. Posts of unknown authorship have a disclaimer at the top of the page.
Very clever. For those wondering, this won't gunzip since it's compressed using zlib. you must do a chain like this: URL Decode -> Base64 Decode -> Zlib Inflate.
for sure, there's awareness and then there's disregard of any basic web security.
the second they start hosting any application/backend/cookie-enabled thing on this domain name, anyone could inject a script via their /post/ gzip-base64 scheme, and do bad things...?
I don't think html sanitization would go against the principle of this idea. just... at the very least strip the tags! :-)
It took a long time to change 100s of passwords and migrate off of LastPass, but I’m glad I did. Not sure why anyone would trust their security to them at this point.
I wanted to see what you could do to train GPT on custom data. Fine tuning was a dud but I was amazed at what composition tools like LangChain were able to accomplish even on a small dataset.
time to attach a twelve year old HP laserjet with ethernet interface, those things can churn out thousands of pages in a day in a law office environment.
SEEKING WORK | Based in Laramie, Wyoming looking for remote work
I'm looking to team up with an early stage startup to help them build their MVP to get them to their next round of funding.
I'm a full stack web and mobile application developer with over a decade of experience building a wide variety of apps for companies big and small. I've worked alone and I've also lead teams. I love Elixir & Phoenix, Ruby & Rails, React, React Native, Relay, and GraphQL.
I've got a portfolio at https://carterparks.com but I'd love to get on the phone to talk to you about your project. Shoot me an email: carter@carterparks.com.
SEEKING WORK - Rails/Elixir/React(Native) Full Stack Web (and Mobile) Developer
Location: Laramie, Wyoming, USA
Remote: Yes (but I'm happy to travel from time to time)
I've got over a decade's experience building innovative web applications using Ruby on Rails. Lately I've been increasingly interested in Elixir and Phoenix for building realtime applications. Also over the past several years, I've witnessed the heavy lifting move to the frontend and I've embraced React, Relay, GraphQL, and React Native on this path. I've worked on large teams, I've worked alone. As such, I've got experience across the full stack ranging from CSS pixel pushing all the way down to writing provisioning scripts for scaling servers.
Over the years, I've worked on a variety of projects from clients as big as a Fortune 50 company to early stage startups. Most recently, I've been working on an IoT/Mobile/Web platform for a very large company. I've spent many years in the eCommerce space helping streamline sales for hybrid online/B&M eCommerce companies. I've integrated with countless APIs.
I'm very interested in building cutting edge interesting apps. If you're looking to build another Facebook, I might not be for you.
I am in the early stages of growing my freelancing into an agency so I've also got a team on call for building out larger projects.
