[HN Gopher] Show HN: Markdown HN profiles at {user}.at.hn
___________________________________________________________________
Show HN: Markdown HN profiles at {user}.at.hn
Very opportunistic toy project as I saw the domain was up for
grabs: 'at.hn' is a little site where people can have their own
subdomains for whatever their HN username is (opt-in only by adding
a slug to your bio). It doesn't really do much. Just shows your HN
bio rendered as markdown plus meta stuff. I'm thinking of adding an
aggregated user listing on the homepage so people can explore
profiles. There's a bunch of interesting people on HN but
discoverability is a bit longwinded. I'm wondering what other
features people want. Otherwise shall likely leave it as-is. I
remember hnbadges was a thing for a while, but can't remember what
happened to it. Did people like that? Anyway, at.hn's on github if
people want to contribute. - https://github.com/padolsey/at.hn
Author : padolsey
Score : 406 points
Date : 2024-06-10 12:19 UTC (10 hours ago)
(HTM) web link (at.hn)
(TXT) w3m dump (at.hn)
| udev4096 wrote:
| This is awesome! How are you handling the addition of subdomains?
| INTPenis wrote:
| I'm not the author but anything like this is likely done with a
| wildcard DNS entry. So basically *.at.hn points to a server
| app. This app can then see which domain was requested and do
| whatever it wants with this string, like treat it as a
| username.
| OptionOfT wrote:
| In Cloudflare (for example) you can put in:
| example.com -> 1.2.3.4 *.example.com -> CNAME
| example.com
| INTPenis wrote:
| I'm getting Internal server error 34. Which is one I'd never seen
| before. ;)
| Draiken wrote:
| Same here... HN kiss of death maybe? Too bad. Looks fun.
| FredPret wrote:
| All three of us have capital letters in our usernames and
| empty profiles, and an internal server error.
| JimWestergren wrote:
| Same for me, also using capital letters ...
| yellow_lead wrote:
| When I refresh I get
|
| > Internal Server Error 34
|
| Cool idea though, will try again later.
| Black616Angel wrote:
| Does this not work with upper case letters? I only get "Internal
| Server Error 34".
| padolsey wrote:
| Yikes you're right. I need to come up with a way to solve that.
| Maybe a param or path to lock in the username like
| abc.at.hn/Abc ... I'll have a go. EDIT: for now I'm tired and
| off to bed but if someone has a graceful/simple way to handle
| the non-lowercase usernames, please come forward.
| diggan wrote:
| > if someone has a graceful/simple way to handle the non-
| lowercase usernames, please come forward.
|
| Graceful? No. But simple? Yes.
|
| Scrape every single username on HN to some local storage
| (even a file on disk would be enough, HN is relatively tiny),
| then lowercase all of them into a second column in the file.
| Refresh this file once per day.
|
| Now you have a map of UserName <> username that you can use
| for lookups :)
| tracker1 wrote:
| HN seems to support using lowercased names for the
| /user?id=(lowercased-name) ... if you just need to translate
| for lookup. Not sure about things like underscores or other
| characters.
| IanCal wrote:
| That's a cool idea, I like it. Will check it out when it's up and
| running again.
|
| If this slips of the first page, I hope you get to resub when
| things are a little more stable.
| user_7832 wrote:
| Nice project, just wanted to mention that Ducky looks like he has
| quite a personality!
|
| Btw what do you mean by > Note: Outgoing links are rel=nofollow
| unless you're >200 karma (anti spam)?
|
| I guess the links aren't hyperlinked or something?
| Retr0id wrote:
| nofollow is basically just a hint to search engines that site A
| doesn't necessarily endorse site B by linking to it
| latexr wrote:
| https://en.wikipedia.org/wiki/Nofollow
|
| > nofollow is a setting on a web page hyperlink that directs
| search engines not to use the link for page ranking
| calculations.
| mike-cardwell wrote:
| There seems to be some weird encoding issues and failure to
| convert URLs to links properly, for my profile - https://mike-
| cardwell.at.hn/ - Also, some of the indenting and white space is
| broken making the PGP signature invalid
| padolsey wrote:
| Whoops. Yeh I'm working on the encoding thing atm. Thank you
| for flagging! EDIT: I'm relying on the 'marked' npm package for
| markdown and it is handling the linkification of URLs,
| sometimes badly. Shall work on it.
| diggan wrote:
| Since marked doesn't do it for you, make sure you sanitize
| the user input (the text on the user profiles) before
| rendering it to visitors.
|
| Some libraries for doing that with good defaults:
|
| - https://github.com/cure53/DOMPurify
|
| - https://github.com/apostrophecms/sanitize-html
|
| - https://github.com/bevacqua/insane
|
| (right now your site looks vulnerable to XSS)
| padolsey wrote:
| Yeh I'm sanitizing already thankfully. I've fixed the
| decoding issue, but I'm expecting some % of users to be
| borked for a whole other variety of quirky reasons.
| diggan wrote:
| Nice :)
|
| Ah, I bet you discovered that subdomains aren't case-
| sensitive while HN usernames are case-sensitive, didn't
| you? :)
| Edd1CC wrote:
| HN usernames aren't case-sensitive:
|
| > That username conflicts with an existing one. Names are
| case-insensitive. Please choose another.
| Retr0id wrote:
| They're case-sensitive for the purpose of scraping a
| profile page.
|
| https://news.ycombinator.com/user?id=Retr0id - 200
|
| https://news.ycombinator.com/user?id=retr0id - 404 (Edit:
| 200 now?)
| michaelmior wrote:
| That second one doesn't give me a 404 but correctly shows
| your profile.
| Retr0id wrote:
| Weird, it also works for me now, I could've _sworn_ it
| didn 't work before.
|
| The firebase API on the other hand remains case-
| sensitive:
|
| https://hacker-news.firebaseio.com/v0/user/Retr0id.json
| => full response
|
| https://hacker-news.firebaseio.com/v0/user/retr0id.json
| => null
| diggan wrote:
| I think maybe you're thinking about the "threads"
| list/page:
|
| - https://news.ycombinator.com/threads?id=Retr0id - Works
|
| - https://news.ycombinator.com/threads?id=retr0id -
| Doesn't work
|
| Which somehow I guess the API is using.
| Retr0id wrote:
| Possibly, although according to this[0] the main profile
| URL used to be case-sensitive too. It must've changed
| recently, but I have no idea when.
|
| [0] https://github.com/keybase/keybase-issues/issues/939
| tracker1 wrote:
| maybe wrap it in three backticks on a line before and after?
| tracker1 wrote:
| For example... Markdown Content
| ... ``` -- BEGIN PGP...
| https://news.ycombinator.com/user?id=yourname
| yourname.at.hn --- signature ```
| trustinmenowpls wrote:
| The link to your public key is missing the colon after the
| https
| mike-cardwell wrote:
| Good catch. Thanks
| latexr wrote:
| > opt-in only by adding a slug to your bio
|
| I really like this. It's respectful of people's wishes to not be
| added to any random site, and at the same time the way to give
| consent advertises the service.
|
| Ethical and effective business practice? Yes, please. If only all
| things posted to HN were like this.
|
| PS: It says something about my disillusionment with most software
| projects these days that I have nothing but praise to give to
| this one, yet all the while I can't shake the feeling of "I hope
| I don't regret those words". Anyway, that's a "me" problem.
| Congratulations on the launch, and best of luck.
| dylan604 wrote:
| > It says something about my disillusionment with most software
| projects
|
| My disillusionment is I don't trust any of you. My devices have
| so few apps, that it could almost be mistaken for a clean
| install. In coding, I use very few libraries because I don't
| trust anyone. I don't have time to read all of the code of the
| dependencies. Also, by using libraries, I don't learn how to do
| what is needed to be done. I hate black boxes. Between bad
| packages including malicious/bad dependencies in an otherwise
| acceptable package or flat out devs pushing something that
| looks useful for the sole purpose of pushing bad code, it's
| just not worth my time.
|
| Not sure if disillusionment is the right word though. It's
| close, but the lack of trust doesn't come through.
| jstanley wrote:
| I updated my profile but I don't see any change on my at.hn page
| - how long does it cache for?
| padolsey wrote:
| I don't see a change in your profile. See here:
| https://hn.algolia.com/api/v1/users/jstanley I can't see
| 'jstanley.at.hn' in there at all [..?]
| jstanley wrote:
| That doesn't seem to be necessary, https://jstanley.at.hn/
| works fine?
| gabrielsroka wrote:
| It's running the script tag from your profile.
| <script>alert(1)</script>
|
| Are you testing it?
| jstanley wrote:
| Yes, it's updated now.
| sccxy wrote:
| You failed at step 1 of instructions...
|
| > To opt-in, paste "{your username}.at.hn" anywhere in your
| profile's 'about' section.
| jstanley wrote:
| OK, that doesn't actually appear to be necessary because mine
| works without opting in.
|
| "2. Go to https://{username}.at.hn?refresh." did the trick.
| michaelteter wrote:
| And are you prepared to respond to GDPR and other jurisdiction
| requirements of data collection and management?
| p-o wrote:
| Aren't you jumping the gun a little bit? While it's a valid
| question, it's very premature.
| Symbiote wrote:
| It's not premature; it's something to consider whenever
| sharing people's personal data on the internet.
|
| The GDPR does not apply "in the course of a purely personal
| or household activity and thus with no connection to a
| professional or commercial activity" [1].
|
| However, that does not extend to generally sharing the
| information on the internet [2] as that's no longer _purely_
| personal.
|
| [1] https://gdpr-text.com/read/recital-18/
|
| [2] https://law.stackexchange.com/questions/92229/what-does-
| hous...
| dylan604 wrote:
| How does the fact that the user opts-in for the service by
| manually adding the tag to their profile so that
| information they personally added could be shared get
| considered by the GDPR?
| d1sxeyes wrote:
| Not sure and IANAL but the GDPR text is a bit weird on
| that. Article 9 has section e) which says that
| information 'manifestly made public' relating to 'special
| categories' is excluded.
|
| What's weird is there seems to be no such exclusion for
| personal information which does _not_ relate to special
| categories.
|
| Having this 'opt-in' certainly seems to tick the box for
| consent.
|
| However, if reproducing information from a publicly
| available bio would fall foul of GDPR requirements, then
| I think there are bigger fish to fry than a hobby project
| made by a guy who at least seems to trying to respect
| people's preferences.
| Symbiote wrote:
| Although I wrote "it's something to consider", from what
| I can see the developer has already considered this
| sufficiently for the scale of the project.
| padolsey wrote:
| My hope is that, since it's opt-in, and people are publicly
| publishing this stuff, It'd be alright. Dunno.
| stickfigure wrote:
| You will get haters and armchair lawyers no matter what you
| do. Ignore the trolls.
| d1sxeyes wrote:
| Usual note that IANAL, but looks like this service is opt-in,
| and only relists data which is already public on a user's HN
| profile.
|
| If a user removes the reference from their bio, then the user's
| profile will be essentially inaccessible through the service
| (although technically the cached version would still be on the
| server. Adding a check to delete the file which matches the
| user's hashed ID here[0] would take care of profile deletions
| on subsequent accesses.
|
| Failing all that, a user could request deletion and OP could
| delete the user's file manually.
|
| There's nothing that seems overly onerous to implement to be
| (at least) GDPR compliant.
|
| [0]https://github.com/padolsey/at.hn/blob/d4ca6702c558edf736652
| ...
| jdiez17 wrote:
| No action is needed if OP doesn't store unnecessary info or use
| spyware
| longerd2 wrote:
| [click with mouse wheel](javascript:alert(2))
| mattigames wrote:
| It not working
| xyst wrote:
| The 2 letter domain must have been a premium.
|
| Cool project.
| padolsey wrote:
| $100 but worth it for the fun!
| dylan604 wrote:
| that's a steal. I can spend that in a single night at the
| pub, so yeah, for what it is it is a no-brainer.
|
| the only hesitation is how stable is the 'hn' TLD?
|
| Edited for ID10T too early in the morning issue
| qingcharles wrote:
| I think you mean "hn" tld?
| dylan604 wrote:
| oops, yeah, but still, same question
| stickfigure wrote:
| Probably not very:
| https://github.com/stickfigure/blog/wiki/Beware-cutesy-
| two-l...
|
| But probably sufficient for a project like this.
| slig wrote:
| Looks like it's $64 on Regery.
| xalava wrote:
| Fun idea!
|
| - The first bullet point does not seem to be recognised (on your
| profile and mine). - webp images do not work?
| padolsey wrote:
| Bullet point issue ~fixed just now. Thanks for flagging! Webp,
| hmm, looks visible here..
| ecmascript wrote:
| https://ecmascript.at.hn/?refresh
|
| Pretty cool, my bio will draw some attention. You have been
| warned.
| pmx wrote:
| By attention he means it redirects to adult content.
| ecmascript wrote:
| Not really, unless you have visited the site before. I guess
| you already have accepted the warning on their front page
| lol.
|
| Sad that you are a party pooper tho! I was being nice and
| warned you and here you are, removing the fun.
| pmx wrote:
| It's not fun when people end up with that domain in their
| history on corporate networks. Fun would be redirecting to
| a rickroll, what you did is malicious.
| ecmascript wrote:
| C'mon mate, it's just a redirect to a nsfw website. Not
| the end of the world. I also did warn about it so if you
| work in such a crappy environment and click on a link
| with a warning you'll have to suit yourself.
| tomaytotomato wrote:
| Well played, thankfully I know the keyboard shortcut to close a
| tab rapido!
| padolsey wrote:
| Well I mean... I like the idea of you having autonomy over your
| own bio .. :P I kinda want to see how this xss vuln plays out.
| ecmascript wrote:
| Haha yeah, I realized he fixed the obvious one with
| javascript injection but since markdown doesn't convert html
| I figured a normal html redirect would work and it did!
| padolsey wrote:
| Cheeky. Fixed lol
| neogodless wrote:
| Has this already been cleaned up? I opened the link and it
| did not redirect. I viewed source and I do not see "<meta
| http-equiv="refresh"...." in there.
|
| (Using Firefox)
|
| EDIT: nvm I see my sibling comment just now.
| ziml77 wrote:
| Kinda minor thing, but the generated HTML isn't technically
| valid. The meta and style tags are supposed be inside the head
| tag (as supported by the MDN docs on the tags and the errors
| shown when you view source in Firefox).
| pietmichal wrote:
| Don't worry, WebKit devs will update Quirks.cpp soon!
| willvarfar wrote:
| so perhaps some kind of collaborative filtering or cohort graph
| or AI summary can be added on top of this? What other users often
| comment on the same kinds of stories? Who often replies etc? What
| kind of stories do they engage with? Etc.
| valtlfelipe wrote:
| Great idea! Love the simplicity.
| Brajeshwar wrote:
| Man, that is a costly domain TLD to be playing around with. Nice
| 2-character domain you got. Best of luck and have fun.
| padolsey wrote:
| I'm chuffed as it was only $100 ! :p
| jonplackett wrote:
| What's the renewal cost?
| notpushkin wrote:
| I've just checked yc.hn on a random registrar and it says
| 60 EUR/year. I think it's not as costly as it seems!
|
| https://tldes.com/hn
|
| https://tld-list.com/tld/hn
| abcd_f wrote:
| .hn is a tld of Honduras.
|
| Renewal and registration fees seems to be the same, so it's not
| bad.
| hhh wrote:
| .hn is an expensive tld, and none of the 2-character repeating
| domains are available either.
| EGreg wrote:
| Watch out and take care!
| longerd2 wrote:
| Usernames in domains means, in many cases, the ISP learns peoples
| usernames.
| mcny wrote:
| instead of going to dang.at.hn directly, I am archiving it at
| https://archive.ph/wip/0acmv so only me, and the fine folks at
| archive.today, and of course everyone on HN will have access to
| dang's username :D
| diggan wrote:
| > so only me, and the fine folks at archive.today, and of
| course everyone on HN
|
| + the rest of the ~20 organizations/domains being called from
| that page: https://i.imgur.com/CYSDJp0.png
| lofenfew wrote:
| might be slightly easier to set up DoH with a service you
| trust as the provider. Most browsers have a setting for it.
| stevekemp wrote:
| It looks like dang has a page despite having no slug on his
| profile page:
|
| https://dang.at.hn/
|
| https://news.ycombinator.com/user?id=dang
|
| Unless of course he added it, and later removed it?
| diggan wrote:
| The wording of:
|
| > To opt-in, paste "{your username}.at.hn" anywhere in your
| profile's 'about' section.
|
| Is slightly incorrect, I think.
|
| Everyone seems to visible by default, opted-in or not.
|
| However, the ?refresh thing is locked down so you need to opt-
| in before. But by default, every user page is accessible on
| at.hn, even if you don't have the link in your profile.
| geertj wrote:
| Mine is not visible, and I did not opt-in.
| jerbear4328 wrote:
| Mine is visible, oddly. I didn't opt in, either.
| flawn wrote:
| i think the dev of at.hn just added him for testing reasons.
| jimbobthrowawy wrote:
| pg was added too, first one I tried. I had assumed it was a
| growth-strategy thing, but testing makes more sense.
|
| Surprised to see one of these kinds of sites be opt-in. Most
| things I see using HN data are real loosey goosey about it.
| smileybarry wrote:
| I assume his profile was used by @padolsey as a test and
| manually opted-in
| ilaksh wrote:
| How hard is it to export all of the comments someone has written
| on HN? I have been thinking about converting my HN comment
| history into something like a blog. Each entry would show the
| title of the submission, link if applicable, and the comment and
| link to comment thread.
|
| Maybe you could provide that service for a small fee.
|
| https://github.com/runvnc/hncomments
| koolala wrote:
| too hard? too easy? i dont know?
| notpushkin wrote:
| Not that hard: https://news.ycombinator.com/threads?id=ilaksh
| fragmede wrote:
| Yeah but that's paginated by id.
| opjjf wrote:
| The Hacker News BigQuery data makes this quite easy:
|
| select * from `bigquery-public-data.hacker_news.full` where
| `by` = 'ilaksh' and type = 'comment' order by timestamp desc
|
| EDIT: seems this is out of date
| hipadev23 wrote:
| Clickhouse has an updated dataset: https://play.clickhouse.co
| m/play?user=play#U0VMRUNUICogRlJPT...
| SushiHippie wrote:
| Or using the algolia API like so:
|
| https://news.ycombinator.com/item?id=40634899
| SushiHippie wrote:
| Using the algolia api
|
| https://hn.algolia.com/api/v1/search?tags=author_ilaksh,comm...
|
| You'll need to paginate it, as it's limited to 50 results per
| page, like so: https://hn.algolia.com/api/v1/se
| arch?tags=author_ilaksh,comment&hitsPerPage=50&page=1
| thekingshorses wrote:
| https://hn.premii.com/#/profile/ilaksh/comments
|
| HN has API.
| arp242 wrote:
| I wrote a simple program a while ago to just download all of
| https://news.ycombinator.com/threads?id=arp242, with my cookie
| set. Upshot of this is that it will include scores and flagged
| comments, which public sources won't have. It's useful to
| filter comments.
|
| To be honest I don't remember what the exact status is; it
| should work because I have a large TOML file with all my
| comments. But I don't recall if there's anything "TODO" or if I
| just forgot to publish it.
|
| Need to put your cookie in the variable at the top.
|
| https://gist.github.com/arp242/4f88069cdc8166d21aa26daac7ffe...
| HeatrayEnjoyer wrote:
| How do you access the flagged comments?
| arp242 wrote:
| It's just listed under your "threads", like any other
| comment:
| https://news.ycombinator.com/threads?id=HeatrayEnjoyer
| crazygringo wrote:
| Genuine question, how is that any different from just your list
| of comments on HN? What you're describing seems pretty
| identical to:
|
| https://news.ycombinator.com/threads?id=ilaksh
|
| Is it just that you want to host it on your own domain?
| GeoAtreides wrote:
| > export all of the comments someone has written
|
| Please remember that users gave a license to their content only
| to HN, not everyone. Using their data without their consent
| might come afoul of copyright laws.
| splatzone wrote:
| Nice implementation!
| max_ wrote:
| My username has an underscore, _
|
| so it doesn't show up.
|
| Oooops ....
| neilv wrote:
| Just be a little careful, or the OnlyFans people might hear
| there's a new "social" where they can promote.
|
| (For example: LLM-assisted forum presence, combined with profiles
| with oh, hey there, I have an OF, lol, combined with tech
| industry disposable incomes... I'd guess would pick up a couple
| new whales worth the effort. Now that Reddit presumably has been
| picked clean.)
| deadbabe wrote:
| Around here I think you'd have better luck selling tiny cute
| looking computers with tiny screens and open source hardware.
| jpmattia wrote:
| Tastes around here definitely vary. I prefer _curvy_ monitors
| with _big_ CPUs.
| ht85 wrote:
| Does your curvy monitor support touch?
| rrr_oh_man wrote:
| It also has 4 ports
| 8n4vidtmkvmk wrote:
| Man oh man, do I have the CRT for you!
| dcminter wrote:
| Uh ... do you have a link for this? Just (mostly) joking...
| aspenmayer wrote:
| https://tinycircuits.com/
|
| One of their projects, TinyTV, previously on HN:
|
| https://news.ycombinator.com/item?id=25690234
| ynac wrote:
| https://sdf.org/store/
| lloeki wrote:
| and cooling systems.
|
| https://onlyfans.web.cern.ch/
|
| EDIT: oh it disappeared... https://web.archive.org/web/202310
| 10131612/https://onlyfans....
| LordDragonfang wrote:
| Nothing stops people from doing that in their profiles now...
| and it's not like this is even an official hn feature, so
| either way they're linking to an external site.
|
| HN has better moderation than any other site I'm aware of, I
| trust it to be robust against that kind of spam.
| lja wrote:
| Any OF models would be met with HN users over-explaining their
| own economics to them and how it's a terrible business that'll
| never work. These models will also learn they don't even have a
| moat to differentiate themselves from other offerings and
| should keep their development jobs. :)
| EGreg wrote:
| I can see both groups working with models and curves
|
| Just different types
|
| https://www.youtube.com/shorts/AE4IxYq4nig
| SkyPuncher wrote:
| This is a punny comment
| derefr wrote:
| I don't think people discovering these profiles _on_ HN is
| the concern here.
|
| The true problem with OF models is due to an iterated mutual
| tit-for-tat strategy between OF models and popular groups on
| social media platforms:
|
| 1. OF models (or people acting on their behalf) want to
| promote themselves using popular groups/pages/channels on
| social-networks -- they spam posts to these places, seeming
| to be authentic engagement, in ways that get people curious
| to look at their profile; and where their profile on the
| social network then directs those people to their OF profile.
|
| 2. The popular groups/pages/channels on social networks are
| inundated by spam from these OF models, and so attempt to use
| automated measures to detect and block posts from posters who
| link to OF on their profiles.
|
| 3. OF models/their agents try to work around this by
| _indirecting_ their OF profile behind "make an About You
| page with links" services like carrd.co.
|
| 4. The popular SN groups respond by also blocking profiles
| containing links to these "About You page" services (because,
| keep in mind, the SN profile already works as an "About You
| page", so there's no _need_ to link to one of these external
| "About You page" services -- you could just put the same
| links you'd put on such a page into your SN profile instead.
| The only people who do link to "About You page" services from
| their SN profiles, are OF models.)
|
| 5. And OF models/their agents try to work around _this_ , by
| finding ever-more-obscure "About You page" services -- and/or
| profile pages on other, more obscure social-media services,
| to use _as_ an "About You page" -- to get ahead of this
| moderation.
|
| This at.hn service would sadly be exactly the kind of service
| referenced in step 5.
| mistrial9 wrote:
| agree completely except the last sentance.. smells like a
| cheap backdoor to auto-profiling plus shenanigans
| immediately following that
| sizzle wrote:
| I used to enjoy visiting link.tree links to find ways to
| support content creators but now it's a way to disseminate
| their OF spam
| B1FF_PSUVM wrote:
| > tit-for-tat strategy between OF models
|
| groan.
| jjmarr wrote:
| Aella already has a stranglehold on the HN demographic.
| rmbyrro wrote:
| I think the median HN user is a lot healthier than you suggest.
| Pr0ject217 wrote:
| Internal Server Error 34
| nanochess wrote:
| Really nice! For a moment I thought it was official. Anyway I've
| edited my bio and have been waiting like 20 minutes for it to be
| updated in the site.
| SushiHippie wrote:
| You need to go to
| https://nanochess.at.hn?refresh
|
| I did so, and it updated your bio :)
| hunkins wrote:
| Love it, great work!
| barbazoo wrote:
| So often I see people sharing something that seems driven mostly
| by the availability of some domain, instead of being idea first,
| then domain. I find that an interesting niche of human history.
| Brajeshwar wrote:
| I own phone.wtf and I crafted my phone usage pattern into a
| message to fit within the domain narrative. ;-)
___________________________________________________________________
(page generated 2024-06-10 23:01 UTC)