Get the top HN stories in your inbox every day.
tinyprojects
I'm a big fan of these tiny minimal websites. I've built something similar lets your create an online blog from your paper journal. I use it daily to write down my thoughts and I'm weirdly very consistent with writing knowing others are reading my stuff. Wondering if OP has noticed the same thing.
iechoz6H
And your "Most Popular" user type signs up for the GBP10/month account rather than the Free account?
selykg
Pricing seems high, but it does grant them a custom domain option so it's not a shocker someone would sign up to get that feature.
rodolphoarruda
This is really nice. I have always thought that the simplest way to publish a note was just throw a txt file into a folder that is synced to a website. I actually do that with keybase.io; now, this photo-to-publish idea is nice. Almost frictionless.
mthld
I really love the pricing model, refreshing:
> thoughts.page is free for anyone who makes less than $40,000 USD/year, and costs $5/month otherwise.
AgentME
It's a shame because its pricing structure works like how many people misunderstand taxes to work. If you earn $39,990/year and then get a $30/year raise, then you'll actually be set back to $39,960/year after you pay the new price for this service. You might have to awkwardly explain to your boss that you don't want that $0.015/hour raise. If instead the service worked like taxes by charging a percent of the money you make over $40k (and then limiting the value up to $5), then the price trap issue would be solved.
(This suggestion is a joke, I just have the issues of welfare traps and popular misunderstandings of taxes on my mind.)
eCa
From the pricing page:
it obviously isn't perfect — there are people making more than $40,000/year for whom $5/month is an undue burden, and there are people making less than $40,000/year who can easily afford $5/month. but it's not like i'm checking, it's basically pay-what-you-want with $40,000 as a suggested cutoff for paying.
gnulinux
This is very reasonable. I wish all small software shops acted like this. Reminds me of REAPER program which also has a reasonable pricing model like this giving you unlimited time to try and buy it once it's useful to you.
pattle
Yeah it's an interesting model. I'm guessing it works on an honour system as income isn't easily verifiable
qsort
It's basically 'pay what you want' with a super weird cutoff based on post-tax income.
I need to lose $4 by the end of the year! /s
londons_explore
In Norway, everyone's income is public information.
Other countries could do the same to make things more transparent.
Smithalicious
It's funny seeing different attitudes on that. I live in the Netherlands, so really not far away, and income is very private, almost taboo information here - something you'd only discuss with your best friends, if that. People would be horrified to have their income be public information!
(please don't use my comment as a soapbox to start a labor rights debate)
karencarits
It used to be public; the news papers had databases where you could look up individuals or list by location/birthyear/gender. Some even made maps, but they were a bit unpopular as it was suspected to be used by criminals. But knowing what politicians earned was nice and important, and news papers still report on "people of public interest"
Today, you have to login online and the person you look up can see your name in the log
daqhris
That is very interesting. It seems to me that the Norwegian society treats personal wealth information like what could happen with cryptos and blockchains.
Makes me want to dig deeper and understand the WHYs and HOWs it's been accomplished.
As someone born in a war-torn country, interpersonal trust is very hardly imaginable outside blood-linked relatives. Overall, in such a society there is a high degree of mistrust between individuals from different social classes or regions. Publicly displaying resources like yearly income is the last thing that would come to anyone's mind. As an adult, I have no concrete idea how much a sibling/parent makes per month. We've become so used to being vague while uncomfortably sharing our earnings.
A place like Norway seems like utopia to me. Does the government intervene by sharing citizen's reported income? Who gets to verify, record and archive such info? Is there a kind of punishment for liars/cheaters/abusers? Is the disclosure of personal income a strict legal obligation or a non-binding local tradition? I'm fairly puzzled.
zohch
> In Norway, everyone's income is public information.
> Other countries could do the same to make things more transparent.
What verifiable tangible benefits does this have?
randomlurking
Never heard of it, can’t really imagine how that would work out in other countries.
Is it a somewhat new regulation? Is it easy to access the information?
benbristow
Tbf in Norway everyone would be skint after a few beers regardless of their salary so you're all pretty even (jk, ofc.)
dinobones
Not very refreshing, considering the 100 total visitors this site will ever receive are likely highly paid folks in the software and technology industry, but it’s a nice gesture at least.
An0n1m1ty
This site is subject to severe XSS via the post mechanism. Just entering <script>alert(1)</script> works. So be careful when going to links. See https://hacker.thoughts.page for a demo
wesleyac
Hey! I'm the person who made this — I don't believe there's an actual problem here, since login cookies are set on the top-level domain (and thus are inaccessible to content on subdomains), and are HTTPOnly as well.
I do notice that Stripe sets a tracking cookie (which only happens for people who pay for the service, since I don't load the Stripe JS elsewhere), so you could track pageviews with that or something. That's unfortunate — I'll probably try to move the stripe stuff to a subdomain to avoid it — but I don't see it as a big problem.
The HTTP security model is pretty awful, so there may be something I'm missing, but I did think quite carefully about this, and allowing people to use arbitrary HTML and JS was an intentional choice.
Is there a particular threat model you see here?
y4mi
Just a heads up, a sister comment already pointed out the biggest "danger", but not what that means for your webapp:
Google will penalize your domain strongly as soon as anyone used your service for malicious content. You might even get blocked entirely if you are particularly unlucky.
That's also the reason why GitHub pages is hosted under github.io instead of GitHub.com for example.
dharmab
Safe Browsing is a must-consider for anyone hosting user-submitted content.
psychometry
>allowing people to use arbitrary HTML and JS was an intentional choice
Oh, you'll be reversing this choice VERY quickly if your product gets any traction, I assure you...
monkeynotes
I don't actually see a problem. It goes against my gut reaction but given the pages that are published are entirely isolated there is no more of a threat than someone publishing whatever they want on another web host. There is no user information to hijack, no cookies, no login buttons, no local storage, no auth etc.
Yes, the pages can publish illegal information, be set up as phishing hubs, but none of that is as a result of JS being executable. Web hosts all have exactly the same risks to deal with, their users can also host anything they wish.
The owner's challenge is with the content they are opening up to hosting, and it will become an overhead to police that. If they decide to add buttons like "report content" then those will be able to be hijacked by the publisher and become useless.
edoceo
You become a pastebin of malicious JS.
junon
https://nsfw-attack-demo.thoughts.page/
(not actually NSFW, just there to serve a point)
undefined
TicklishTiger
This is not called XSS.
This is just user generated html on subdomains.
Github does the same on github.io. Everybody can make a theirname.github.io page and alert whatever they like too.
So does Gitlab on yourname.gitlab.io, Wordpress on yourname.wordpress.com etc. It is a common practice.
y4mi
Agreed.
That's only an issue if this is possible for comments. The current behavior is working as intended I'd say.
_wldu
Tools such as Zap and Burp Suite are great for web devs who want to learn how to build secure websites. I highly recommend them:
xenocratus
The creators of Burp suite have some courses as well: https://portswigger.net/web-security
napolux
Plus there's no "nofollow" on links, doors opened for spammers!
xenocratus
Have you reported this to the creator? Their email is in a couple of places.
An0n1m1ty
Yes I have. And as they have noted in one of the comments above, they are currently looking for ways in which this could cause a threat
icy
Oh boy. Didn't think I'd see something like this in $CURRENT_YEAR.
qwerty456127
I wish there were kind of a Twitter where people would just post their thoughts (even those controversial), there would be no marketing of any kind, no personality and no flame wars. And all the posts would be organized by subjects.
rovr138
A blog?
qwerty456127
A microblog. But without strict length limits. Also without post titles. Without comments, responses and mentions. Without personal branding. Easy to discover together with many others. Easy to subscribe. Quick to read. Controversial thoughts allowed but guarded both against attacks by those who disagree/dislike and against abuse by bots/propaganda/marketing. Monetization/promotion not allowed.
jimkleiber
Sounds like how blogs used to be (and even how Twitter and others were, too).
I wonder if the lack of interaction will just make people try to build workarounds to interact in other ways. For example, AFAIK, early Twitter had people use RT and other techniques to spread and/or reply to tweets even though the platform didn't have those functions itself.
How do you imagine this platform would deal with that desire to interact more with each other?
mxuribe
I think that can be accomplished with wordpress (or a similar blogging platform)...i suppose it would simply take tweaking the template/site settings to not expose features like comments, post titles, etc. Maybe wordpress might be overkill, but i think what you desire is achievable with an existing blogging platform out there.
jmnicolas
It reminds of a spark file: https://lifehacker.com/defrag-your-brain-with-a-spark-file-5...
As usual I wouldn't put something so private in someone else computer. I don't even put my supermarket list on the cloud!
0xbkt
Did anyone else notice the reflow hack(?) using JS on the H1 title as well? As a backend guy, just curious whether this JS-assisted way of responsive Web development is commonplace/best practice, and if this is how it is usually done today.
I guess it is to keep the title and navbar buttons level on wide screens.
jameal
There's probably a way to achieve something similar (though not exact) with just CSS. Their approach allows those buttons to jut right up against the title no matter how wide it is.
Personally I would have just hardcoded the breakpoint where that reflow happens and made sure that those buttons can never overlap the main content area. My preference is to avoid relying on JS for layout, whenever possible, for the sake of simplicity.
renke1
Slightly off-topic, but I've noticed that the ToS is based on http://wordpress.com/tos which is licensed under CC. I wonder if it's safe to use and anyone else uses it with "success".
scrollaway
I used it at a previous startup which got up to 1MM ARR. It’s pretty great that it exists.
CorruptedArc
Here's mine if anyone's interested in seeing how it looks before making one:
elias.thoughts.page
Look or don't. It is your free will.
jiggunjer
is it just me, or is tweeting into the void kinda sad?
bdibs
It’s certainly healthier I’d bet.
zohch
I dunno, would need data on that. I would think tweeting into the void is more symptomatic.
throwdecro
> ...is tweeting into the void kinda sad?
No, I think it's brilliant. I think we'd see more interesting writing on the internet if it didn't always start with the goal of acquiring and maintaining an audience.
monkeynotes
Really? I don't know many authors who are motivated to write interesting content and then hide it / have zero idea if anyone is reading it.
throwdecro
It's not hidden. It's just not connected to an internet-style social network. Interest can still spread through word-of-mouth, even if the platform doesn't provide any tools for audience measurement and management. It's akin to a 'zine from the pre-internet days, except it doesn't cost as much money to distribute.
EDIT: A 'zine isn't a perfect analogy, since someone who published it would know how many they printed. A freely copyable newsletter would probably be a stronger analog.
BelenusMordred
How do new accounts start on twitter then?
ivanhoe
True, and also feels to me kinda egocentric to genuinely not care of any feedback or interaction with the reader, but I know a lot of people like that, so it probably is just us...
toastercat
Tweeting is just (micro)blogging. Does every blog without a comments section seem sad to you? That's silly.
numpad0
As long as it’s public, someone is going to link it and the community explains how it actually happened and how complete moron of you are, so you’ve got covered.
If you’re doing sudo cat | sed -e s/¥n/¥n#¥ / >> /etc/resolv.conf, that’s sad indeed
kilroy123
I feel the same.
databased
To me this is similar to journaling.
ramino
> i can appreciate the self loathing of someone who says they work on "merkle trees" instead of blockchain tbh
> like, yeah bro we all get what you're saying but i'm glad you at least realize you should be ashamed of it [1]
Thank god thoughts like these can finally be shared in a better way… cute project but by someone who apparently doesn’t appreciate what other people work on.
kixiQu
It's a joke.
benatkin
This one looks pretty good. I like that they let pages outside of thoughts.page into the webring.
Another nice minimalist one is https://micro.blog/ It has mentions, but "strong community guidelines that are enforced" (from the homepage).
Get the top HN stories in your inbox every day.
This really caught my eye.
I wrote a website almost exactly like this for myself. I've been using it for over a year. https://thoughts.learnerpages.com
Something about posting publicly, but not having any public interaction mechanism is super cathartic for me.
(I haven't signed up for thoughts.page, I'll probably write a comparison at some point, since I'm opinionated about this type of site.)