slg 13 years ago

Don't use this for anything you view as important. I just checked and there is no collision detection for usernames. You can signup for an account using any name and your account will seemingly just replace the previous created account. That is a big enough and obvious enough flaw that it also makes we wonder if this is just a phishing expedition or a way to mine email addresses.

  • colbyaley 13 years ago

    Too good to be true, you ask?

  • ErikAugust 13 years ago

    I'm logged in as "www" right now.

    • arkitaip 13 years ago

      Sorry, I probably overwrote your stuff :/

    • slg 13 years ago

      Funny enough, that is exactly how I found the problem. I created a www account (I am almost ashamed to say that was my first instinct, try to break the system before you decide the system is worthy of your use). I ended up logging out and I couldn't log back in with the same password. In hindsight, someone must have created another www account after I did and before I tried to login again. I then tried creating another www account and it worked. I then logged out and tried registering with a different username twice just in case www was a special case. The same thing happened, the second account just replaced the first account.

      • the1 13 years ago

        haha I created www account, too.

    • zetx 13 years ago

      Ah, that explains why my password stopped working ;)

  • daviddoran 13 years ago

    I thought david.neocities.org should have been taken, now that you point it out.

  • ErikAugust 13 years ago

    It appears now people have caught on quick - and are replacing sites that people actually worked on with "SITE HACKED" messages.

    That is pretty frigging mean to exploit such an obvious problem!

  • kyledrake 13 years ago

    I just fixed it. It was a change I did last night to fix a save bug. My apologies about that, it wasn't a good bug, but hopefully it's the last security-related one. Probably goes without saying, but this is definitely a beta project. I'm doing a lot of other things to protect this kind of attack (filename scrubbing, bcrypt passwords), so I'm pretty red in the face about how dumb this one was.

    If you find any other bad bugs, please let me know (@kyledrake on Twitter) instead of, you know, trashing other people's work. I'm finding the duplicate sites right now and taking care of it. Thanks, and again my apologies.

    This is not an email phishing expedition. I don't even require you to enter your email address to make a site.

    • clauretano 13 years ago

      Not only does this trigger GeoCities nostalgia, it calls back to the days when betas were really betas.

      • sneak 13 years ago

        Just wait until one unknown day without notice or fanfare it disappears from the 'net forever!

    • bound008 13 years ago

      slg: just make sure you back up your site to multiple floppies and you'll be fine.

    • slg 13 years ago

      You are right, I should have reached out to you directly with this issue. I took the easy route and didn't put in any effort to track you down, for that I am sorry. However, I take exception to you categorizing my post as "trashing other people's work."

      I feel that I also have a responsibility to publicize such a glaring security hole in your site. This is the number 1 link on HN at the moment. Thousands of people are going to be signing up. I think they have the right to know that a bug like this exists. Like I said in my initial post, a bug this big seemed to be a sign of a bigger problems. I had suspicions the site was malicious and at that point my priority was to point out those suspicions to the HN community.

      • kyledrake 13 years ago

        That wasn't directed at you, it was a general comment. I was referring to the person(s) that defaced other people's sites. Sorry if it came off any other way. :)

      • kyledrake 13 years ago

        Here, I'll do one better: If anyone is concerned about the nature/security of the site, here is the source code to NeoCities, ready for anyone to do a full security audit: https://github.com/kyledrake/neocities-web

        Pull requests welcome!

        • mattl 13 years ago

          Can you put up a license for it?

        • slg 13 years ago

          Good to see. This is the way to respond to these type of mistakes, be completely transparent. Now if only the NSA subscribed to the same plan...

          And since it wasn't directed toward me, I guess we all can forget my little rant regarding the "trashing" comment.

        • egeozcan 13 years ago

          Hey, I'll try to hunt this down for you but just to give you a heads up, the server gives me a 500 internal server error when I use characters like "ğ" or "ü".

        • csense 13 years ago

          Why did you choose Ruby as the language?

          • thomasfl 13 years ago

            I think it's a pure joy to read the ruby source. Allthough ruby is not fast, it's got some of the simplest most elegant frameworks out there. Sinatra is not much more than a router config file with some logic. Sequel is the simplest database orm and migration tool around. And slim makes very readable templates. All frameworks perfect for the first minimum viable product. If this site takes off, I would perhaps pay someone to rewrite some bottlenecks of it in java.

            • csense 13 years ago

              > it's a pure joy to read the ruby source

              If you like it so much, here's a copy-paste from the project for your edification [1]:

                def new_tags=(tags_string)
                  tags_string.gsub! /[^a-zA-Z0-9, ]/, ''
                  tags = tags_string.split ','
                  tags.collect! {|c| (c.match(/^\w+\s\w+/) || c.match(/^\w+/)).to_s }
                  @new_tag_strings = tags
                end
              

              I don't mean to pick on this project in particular. In fact, this project as a whole is quite possibly the cleanest Ruby code I've ever seen.

              That being said, Ruby's syntax makes me want to gouge my eyes out. There's equal signs, unquoted regular expressions, exclamation points, absolute value bars, and at signs all over the above code. You can't even sort-of follow what this code is doing without searching through the manual every third character. Ruby syntax is worse than C++ and almost as bad as Perl.

              Someone tried to explain Ruby syntax to me last week [2], and I'm not sure if I understood it more, or less, as a result, because my conclusion was that Ruby's syntax is so bad, the language shouldn't even be able to exist! I.e., there are a large number of syntactical ambiguities, so writing a parser for it should be completely impossible!

              [1] https://github.com/kyledrake/neocities-web/blob/933c3549264e...

              [2] https://news.ycombinator.com/item?id=5872899

              • dragonwriter 13 years ago

                > equal signs

                I fail to see how using equal signs for assignment (or for defining assignment methods) is a problem with syntax, rather than an enhancement to clarity.

                > unquoted regular expressions

                What's wrong with that? Regexes are a different type than strings. Why should they look like strings?

                > exclamation points

                ...again, so, what?

                > absolute value bars

                vertical bars used to set off block argument lists aren't absolute value bars. (Neither are vertical bars used for logical-or.)

                > at signs

                Again, so?

                > You can't even sort-of follow what this code is doing without searching through the manual every third character.

                Yes, I can, and not just "sort-of follow" it.

                > Ruby syntax is worse than C++ and almost as bad as Perl.

                There's no accounting for taste, I suppose.

                > there are a large number of syntactical ambiguities, so writing a parser for it should be completely impossible

                As Ruby does exist, and is parsed, this is clearly not the case. That said, ruby's syntax is not optimized for machine parsing, its designed to be ruby-developer-friendly rather than ruby-parser-developer-friendly.

                If you want something optimized for the developer of the language's parser, look to Lisp.

              • vinceguidry 13 years ago

                What's difficult about that function? It's terse, but very understandable.

                Oh, the inability to parse Ruby shouldn't be held against it. It has (at the least) a context-sensitive grammar. So do lots of languages, including HTML and perl.

                Not being able to parse it doesn't really mean what you think it means. It just means that in order to figure out what it does programmatically, you have to evaluate it. Its unparseability makes certain things impossible, like writing a perfect syntax highlighter. Also makes building certain tools you'd normally see in an IDE difficult.

              • fghfg 13 years ago
                    // Parse tags string.
                    // Example:
                    // "tag1, tag2" => {"tag1", "tag2"}
                    // "tag1, very long tag" => {"tag1", "very long"}
                    string[] NewTags(string tags_string)
                    {
                        //Allow only letters, numbers and spaces in tag.
                        tags_string = new string(tags_string.Where(c => char.IsLetter(c)
                            || char.IsNumber(c) || c == ' ' || c == ',').ToArray());
                
                        //Separate multiple tags with commas.
                        string[] tags = tags_string.Split(',').Select(s => s.Trim()).ToArray();
                
                        //Two word per tag maximum (extra words in a tag will be removed).
                        for (int i = 0; i < tags.Length; i++)
                        {
                            List<string> validWords = new List<string>();
                            string[] wordsInTag = tags[i].Split(' ');
                            if (wordsInTag.Length > 2)
                            {
                                tags[i] = wordsInTag[0] + " " + wordsInTag[1];
                            }
                        }
                        return tags;
                    }
              • eksith 13 years ago

                This is on the same league with arguing against Esperanto in favor of Interlingua. You'll never get anywhere with people with the "so what?" or "no it's just you" mindset as in their capacity, they're not capable of (or unwilling?) to entertain perspectives beyond their own.

                That said, I do really enjoy reading this code. It's indeed very, very clean!

              • Jeremysr 13 years ago

                I don't know if this works for everyone, (and I hate to appeal to magic), but I'm pretty sure it was http://mislav.uniqpath.com/poignant-guide/book/chapter-3.htm... that gave me a visceral understanding of Ruby's syntax. For example, the slashes surrounding the Regexp are like pins that you stick the Regexp onto the paper with, and it lights up if the pattern matches. The at signs stand for "ATtribute". Exclamation/question marks have meanings analogous to their natural language counterparts. And the vertical bars form a little chute that the block variables slide down into the block through. It's really fun.

              • pak 13 years ago

                Ruby's syntax is beautiful once you've realized two things:

                1. How blocks work, and how their minimalist syntax is beautiful. You see absolute value bars but believe me, getting used to that barebones function syntax is a gift. (No other programming language that I know of has an absolute value operator with vertical bars so it is not as hard as you think.)

                2. Every time you see a dot, do NOT think attribute access. Think message sending a la Smalltalk.

                Suddenly then, things like the tags.collect! line become pretty for encapsulating a callback on one line unlike the ugly function() {} crud of JavaScript, and things like defining a newtags= method become sensible, because everything including traditional attribute getting and setting reduces to message passing.

                • whimsy 13 years ago

                  > Every time you see a dot, do NOT think attribute access. Think message sending a la Smalltalk.

                  Huh. You just rekindled my interest in learning Ruby. Learning Smalltalk was pretty mind-expanding.

              • whimsy 13 years ago

                > there are a large number of syntactical ambiguities, so writing a parser for it should be completely impossible

                Keep in mind that while your protest does sound intuitive - e.g. that Ruby can be syntactically ambiguous, ergo it is unparseable, it turns out that that doesn't stop us from writing a parser. We can parse most things even if we can't parse the "general case." When we DO encounter something unparseable, the compiler can a) guess or b) fail, hopefully with a message that will help us investigate and rectify the failure.

                You point out that Perl's syntax may be worse than Ruby's, and I assume that implies that it is more syntactically ambiguous, ergo, writing a parser should also be impossible for Perl. It turns out that Perl is provably unparseable in the general case - in fact, it's been done rather rigorously: http://www.jeffreykegler.com/Home/perl-and-undecidability

                Regardless of Perl's general unparseability, we have compilers for Perl and even large projects manage to compile to what appear to be functional executables. The same is true for Ruby.

                I wrote this comment mostly a reminder that while something may appear to be insoluble, we may be able to solve for sufficient cases that we don't care about the rest, particularly if we have an oracle to fix the number of cases that we can't solve. (In this case, the oracle is the developer.)

          • kyledrake 13 years ago

            It's what I know. And very productive in general. Nginx and the kernel (sendfile) does all the heavy lifting of serving the static files.

        • catshirt 13 years ago

          great response. the bug's existence alone made me question the project intent and viability. even though i probably won't read your code, just making the source available mitigated my biggest concerns.

        • fragsworth 13 years ago

          I don't think it's a smart idea to publish the source code to your site (especially while on the front page of Hacker News) until you've spent a significant amount of money on auditing the security internally to the point that others are comfortable with a public release.

          Now it looks like something happened, and you've got no site, and thousands of people trying to access it!

          • contingencies 13 years ago

            Disagree! Publishing is laudable. Paying customers might tip the scales otherwise, but apparently that's not yet an issue.

        • pak 13 years ago

          You are the man for doing this. If only others, including myself, were so brave for every web project that they attempt.

        • weland 13 years ago

          I can't believe what I just witnessed. Something expressing a valid concern in a somewhat uncivilized manner, the developer answering in a nice way, the original poster apologizing and the developer linking to the source code to quench other similar concerns. WHAT HAS THE INTERNET COME TO?

          Cheers to you, fine folks!

      • Dylan16807 13 years ago

        Honestly, the way your first post is worded is harsh enough to come across as 'trashing'.

      • eclipticplane 13 years ago

        I don't think he was saying you were trashing his work, more that people were using that exploit to trash other people's sites on NeoCities.

      • genesee 13 years ago

        I'd just like to point out that when he said "trashing other people's work," he was likely referring to people overwriting others' pages, not your comment.

      • BHSPitMonkey 13 years ago

        You really attributed the duplication/overwrite bug to malice?

      • davidjgraph 13 years ago

        > I feel that I also have a responsibility to publicize such a glaring security hole in your site.

        It's a static web site hosting, exactly what "security holes" could we be talking about? Not theoretical holes, that you could technically exploit on the 45th blue moon of the century, things that might actually happen.

      • rictic 13 years ago

        I read the "trashing other people's work" comment as referencing smashing someone's site by registering an account over theirs, not publishing the bug on hacker news.

      • nicholassmith 13 years ago

        Responsible security disclosure would say you've got a responsibility to make the bug known. Making it public should only happen after you've made the creator aware.

        I can understand why the developer viewed you as 'trashing' his work, you claimed it as a phishing expedition. That'd make the best of us upset. I see you've sorted it out between you which is great, and I hope others look at this exchange and get some good takeaway from it.

    • gohrt 13 years ago

      > hopefully it's the last security-related one

      Guaranteed not.

      I don't mean for you in particular, security requires constant vigilance.

      • kyledrake 13 years ago

        Correction: the last one that's that bad. That was pretty bad.

    • belorn 13 years ago

      On the issue of security, any possibility for HTTPS in the future?

    • Zimahl 13 years ago

      hopefully it's the last security-related one

      Not to nit-pick, but it's never the last security-related bug :)

    • _pmf_ 13 years ago

      > Probably goes without saying, but this is definitely a beta project.

      It indeed goes without saying, since you don't mention this on the site.

    • sneak 13 years ago

      What are you doing to make sure your site (and your users' URLs) will be around in five years? How about fifteen?

      (I'm not just being snarky, I have run a freenet out of pocket for sixteen years because people's urls and email addresses are important to not lose.)

    • reidrac 13 years ago

      Open source your code and you may get some extra eyeballs to avoid this kind of issues.

  • revelation 13 years ago

    Back then, this wasn't called collision detection, but proper database design. I can not even begin to fathom how you can inadvertently introduce this by fixing a save bug.

    • MarkHarmon 13 years ago

      Proper database design does not mean the problem couldn't happen. Consider this scenario. The database has a unique constraint on the name but the code ignores the result and overwrites the directory anyways. It wouldn't cause this exact problem but it is similar.

    • hnriot 13 years ago

      Clearly you are inexperienced in database design. There are plenty of explanations which if you had a clue would spring to mind.

      • asax 13 years ago

        Out of curiosity, can you give an example?

  • davidbanham 13 years ago

    This is not for anything important. It is for blink tags and under construction graphics.

  • sneak 13 years ago

    Don't use this for anything you view as important. Hosting that doesn't use a domain name that you control means that when the donation bucket is empty and the service goes under, your traffic and pagerank and brand is now lost forever.

networked 13 years ago

Hi, Hax0r N3ws!

Check out my all-new website showing some oldskool JScripting skillz at http://cd.neocities.org/. You can trick your friends by directing them there.

P.S.: Just checked and it actually works with Internet Exploder 6.0 in an M$ Windoze 98 VM, which I had running in VMWare Player 5.0.2 with my PC's physical DVD drive connected. Should work as long as your Win9x or pre-SP2 XP has WMP 7 installed.

P.P.S.: Do post here if it works for you!

big_lou 13 years ago

PEOPLE. This is clearly not intended as a business. Stop asking about the "business model." It strikes me as just being a cool side project that enables people to make websites. That's it.

Yeesh.

  • LandoCalrissian 13 years ago

    I'm pretty sure that's exactly what it is. This is just for fun, I don't think they are looking for VC money or anything crazy.

    • belorn 13 years ago

      As someone who has a 1gb/s flat rate at home, I have thought about doing something similar. It really isn't that expensive to have a bit of network and a server that gives out static content.

      • noir_lord 13 years ago

        Til someone puts something copyright or worse on it.

        • belorn 13 years ago

          We were talking about the expenses of running the service, and not the legal space around hosting user generated content.

          The legal questions are interesting, through it highly depend on the country and political tendencies from one year to the next. In theory, I could run this kind of service in Sweden, and only remove content on order by a judge. In theory. In practice, there might not be any difference between hosting user generated content and simply having a website up hosting in ones own name.

  • joshaidan 13 years ago

    In other words, Yahoo! will eventually end up buying it.

  • rollo_tommasi 13 years ago

    I think you're underestimating the lucrative "disoriented time-traveler" market.

workhere-io 13 years ago

HN is supposed to be (partly) about the joy of building stuff, and yet this entire thread is all about people pointing out flaws, missing features and minor annoyances instead of saying, "Good job!".

Give the guy a break and a chance to get the project off the ground.

jstalin 13 years ago

I just had to do it:

http://jstalin.neocities.org/index.html

It's going to play audio if you clink the link, unless you're using click to play

  • jmathai 13 years ago

    Please state a warning that it is going to play audio when you click the link.

kybernetyk 13 years ago

Oh man, I'm sorry for OP because of all the negativity in this thread.

I think his service is kinda cool in a twisted way and I can totally see me building a little 'old school' homepage on it.

/edit: I did build a homepage: http://kybernetyk.neocities.org I feel better now ;)

  • omd 13 years ago

    Nah, OP seems to be doing just fine. I feel more sorry for the people who forgot how to laugh.

    Here's mine (NSFW-ish): http://nl.neocities.org

  • Luyt 13 years ago

    I wonder whether this 'negativity' is really negativity, or just well-meant criticism, testing and validating the idea, maybe even playing advocate of the devil. From what I've seen in the past years, the HN community is unlikely to produce a page with tons of similar 'Nice job!' postings.

    • cytokine_storm 13 years ago

      Well the top post about a security flaw and the creator's superb response was what I was looking for to confirm some kind of semi-legitimacy before I post a link to facebook.

zephjc 13 years ago

I think people are aiming to create the original geocities experience too: Examples:

http://poeks.neocities.org/

http://skry.neocities.org/

http://jeremy.neocities.org/

  • stinky613 13 years ago

    Haha, wow. It's like going to a civil war reenactment where everyone adhere strictly to period customs and vernacular.

    Unfortunately they forgot center tags and to capitalize all of their HTML. I was going to say it's missing a table-based layout, but then I recalled that the height of geocities' popularity was earlier than I remember seeing table-based layouts everywhere.

    It's really not very assuring when they state on the front page that they "hope" they can get enough money each month so they can pay the server bills.

    • kyledrake 13 years ago

      The site will very easily pay for itself with donations. It's not that expensive to serve static HTML, especially when you are using Nginx and sendfile.

      • Simucal 13 years ago

        Does Nginx use sendfile under the hood or is it something you would use separately?

      • stinky613 13 years ago

        That wasn't really my point. It doesn't inspire confidence when the host says "hey! put your stuff here! I'm not sure that I can pay the bills each month but I sure hope we can. Oh--and I have no idea how this will scale."

        It's all understandable. But even if it's free and even if my content is stupid, I'd still feel a little uncomfortable because of how much doubt the owner expresses over the viability of the service.

        • zaius 13 years ago

          Really, that's what all startups are doing. At least he's being honest about it.

        • kyledrake 13 years ago

          Fair. Sorry about that.

          I have a lot of experience scaling web applications, I've been doing this for over 14 years. I should probably highlight that somewhere.

          I've already gotten enough donations today to run the server as-is for 8 months! I also found a sweet deal with a reliable dedicated provider via a tip that will cost substantially less than my intial estimates.

  • kyledrake 13 years ago

    There definitely needs to be some polish to the initial site I think. We have been talking about making something similar to Twitter Bootstrap that's designed for HTML newcomers, so that even really basic sites have a base-level good look to them. We're also talking about a WYSIWYG HTML editor, but we decided that we would launch to the tech crowds first, who have experience with HTML and are comfortable dealing with no initial boilerplate frameworks, and would appreciate the value of what we're trying to provider here (an open canvas).

    That said, I don't care if people use it for Geocities parodies. I think Geocities sites are a lot more interesting than the bland, drab Facebook profile layout that everybody is forced into with no ability to change in any meaningful way.

  • vec 13 years ago

    Needs more <frame>s! And I count a grand total of zero <blink> and <marquee> tags. C'mon people, if you want to party like it's 1999 you've got to step up your game!

  • orblivion 13 years ago

    "HACKED site down." kyledrake do you see this?

toni 13 years ago

I've hacked a little script together[1] for uploading all the files in a directory into NeoCities. Handy if you are working on your site and want to upload everything in one go.

Set your username and password at the beginning of the script and run it with the path to the directory as an argument:

./neocities-uploader.php /path/to/my/site

[1] https://github.com/pwlin/neocities-uploader

ibudiallo 13 years ago

I think its a nice website, don't be discouraged by the comments you get here. HN can be awful with this, but if you parse through all the bad mouthers you may find some gold :)

will_brown 13 years ago

It is very refreshing that a side project/start-up related post has made it to number 1 spot on HN. And this is coming from someone who posted a Bee article that made it to the front page today.

kyledrake if any negativity on this thread gets to you, something tells me it will not, just ask yourself how many others have posted their side project on HN that made it to #1, I know I have not and that is why I created this account to begin with - to share my start-up with a start-up community.

mperham 13 years ago

Add a premium tier, even something as simple as integrated web analytics. Donations are charity. If you want this to be a sustainable business, ask for people to pay for value.

  • stinky613 13 years ago

    I was thinking about this too. I agree that counting on donations in sufficient quantity and regularity is like buying lotto tickets to pay your electric bill.

    And if they add a premium tier... well then that kind of kills their differentiation, doesn't it? They're aiming for the niche of free, modest, simple, laissez faire vis-a-vis content. When you take 'free' out of the mix then you're in the arena of commoditized cheap hosting; inertia would be the only reason for someone to upgrade their free account to a premium plan.

    • unknownian 13 years ago

      Yep, services that are about uncensorship generally don't do paid tiers. See: 4chan, Rizon, groups that release pirated videos, etc.

  • ics 13 years ago

    I think donating a dollar for a custom visitor counter would be the perfect option... doesn't really set apart anyone, still provides a bit of fun.

fragmede 13 years ago

Oh man, it is just like the 90's: unicode usernames are not allowed. Welcome to the past!

  • farinasa 13 years ago

    I can't even put a unicode bullet on the page. Maybe I should be using double tildes or something.

lotharbot 13 years ago

It's never too early for scams.

http://secure.neocities.org/

"Security page. Please enter your password here."

  • citricsquid 13 years ago

    A couple of years back there was a website I use that switched to usernames as sub domains and I managed to break it by using "webmail" as a username, another user took "ns1" and "ns2" and now my first port of call on sites like this always checking out "webmail", "ns1" and "ns2". So childish but good harmless fun.

  • nickodell 13 years ago

    login.neocities.org payment.neocities.org

kwntm 13 years ago

I love the browser editor you made. Very easy to get up and running fast. It'll be a useful tool for teaching, and also for small js projects. Fun project- Thanks!

ddinh 13 years ago

It's definitely an awesome project, but I just don't see the advantage of NeoCities over hosting a website on Github or BitBucket yet, especially since those sites offer unlimited space and store all the old versions of your website for you. Some differentiation with those services is needed - for example, a privacy policy guaranteeing true anonymity (no IP address stored, no cookies) or a more layperson-accessible website creator.

  • brennannovak 13 years ago

    Those have significant learning curves to people who don't speak web-l337 yet. Remember before you knew how to code? What version control was, and documentation was scary? Angelfire & GeoCities is where I learned to code HTML

therandomguy 13 years ago

I wanted to share this with a co-worker. Asked him, "you remember geocities?". He didn't. Because it was probably before he was born. I'm so old.

cheapsteak 13 years ago

What's with all the FBI seizure images?

  • thejacenxpress 13 years ago

    I noticed that too haha. What's nick been up to?

zrail 13 years ago

How do you plan on keeping out spam?

  • talles 13 years ago

    Ya, looks like most of the pages are garbage right now.

    • big_lou 13 years ago

      Maybe that's because it was made public basically an hour ago

    • alanfalcon 13 years ago

      Don't worry, Dade Murphy will clean up.

        Next, enter a password. This will be used to allow you to login. Minimum 5 characters. If you don't make it a good password, Dade Murphy from the movie Hackers will come in and steal your "garbage files".
  • belorn 13 years ago

    Through the captcha on the registration page?

    Recaptcha might not be enough in the long run, but it will be enough in the short run.

mustafakidd 13 years ago

"We've come full circle"

I love getting old and seeing technology continually reinvent itself.

m-r-a-m 13 years ago

I think I captured the essence of my geocities/tripod/etc experience... http://ramige.neocities.org

I really like this and I'll probably use it for something real.

numbsafari 13 years ago

"uncensored"

Good luck with that.

  • gboudrias 13 years ago

    Just make sure you don't sleep with a girl without wearing a condom and you should be fine.

deadfall 13 years ago

How are you moderating the content? Are you doing it yourself? Are you putting together a flagging system? Do you need help? I am looking for another side project to work on.

  • sejje 13 years ago

    "uncensored"

benjamincburns 13 years ago

I wonder how long it'll take for Yahoo to send a C&D...

  • drgath 13 years ago

    For what?

vyrotek 13 years ago

I'm guessing pointing a CNAME to this is not supported?

eksith 13 years ago

The sad thing is that now there are lots of squatters creating "under construction" pages and the like instead of actually putting content. Trying to emulate Geocities without actually doing so (a lot of them did have those banners, but they also had content).

Oh well.

Here's mine : http://eksith.neocities.org (Also people are forgetting, it's .org not .com)

markdown 13 years ago

> The file uploader will automatically scrub any characters not matching: a-z A-Z 0-9 _ - .

What about '<>/{};:[]=+~' ?

All of which are useful in html/css

cabalamat 13 years ago

There is a bug on your dashboard; the html for viewing a page is:

    <a href="http://meowcat.neocities.org/index.html"
    target="_blank">View <br></a>

Unfortunately, this means that I cannot click with the middle mouse button to bring up the page in a new tab. Please remove the extraneous target="_blank" code.

  • corin_ 13 years ago

    What browser? Middle mouse click works fine on links regardless of target in most browsers I'm used to (certainly in FF, Chrome, IE on Windows).

    • cabalamat 13 years ago

      Firefox 21 on xubuntu 12.04

mixedbit 13 years ago

Good luck with the project!

I hope we will soon see these pathetic Facebook like buttons replaced with good old JavaScript guest counters (only half-joking).

delmarc 13 years ago

Also please send an email once the account has been made... I know i made a page... but never received anything about it...

delmarc 13 years ago

Need a Password retrieval system and the sign up page needs a verify password field... I already lost my password...

serf 13 years ago

I like the idea, but GeoCities left a bad taste in my mouth. What makes this site any more maintainable than GeoCities was? The fact that it's donation based and not at the whims of a corporate entity is reassuring, but other than that it seems as if the footing would be even less stable. Am I wrong?

brennannovak 13 years ago

I am interested to see where this goes!

serf 13 years ago

I like looking through the "Browse Existing Sites" and looking at all the emerging sites. I especially like the ambiguous "enter credit card and expiration date" sites that are nothing but a form and submission button.

jneal 13 years ago

Decided to create something from scratch in the text editor. I must say I like the editor. Had to include a slight ode to the fallen geo(.*)

http://jneal.neocities.org/

return0 13 years ago

Hosted in the US. At least geocities didn't live long enough to make it into prism

damian2000 13 years ago

Good luck with this. Just a minor comment on your animated favicon.ico icon ... it would look a lot better if you used a transparent colour for the outside of the globe. Currently its white, which looks a little bit crappy.

pronoiac 13 years ago

Hah! I've been playing with Jekyll and Pelican and other static site generators, and one of the thoughts I had was "if Geocities were still around, I could host pages there."

conanbatt 13 years ago

Reading the comments you can see instant cybersquatting.

Man i hate that -.-

mmcclellan 13 years ago

That's funny. I searched that domain name on domize around a month ago too. Though mine was going to be S3 and Route53 using boto.

callmeed 13 years ago

This is really cool. What's your tech stack look like? Are you using Nginx to serve up the static files?

oakaz 13 years ago

How can I upload my files with CuteFTP?

jjp9999 13 years ago

Kind of funny. Looks like the first site on their examples page was seized by the FBI.

senthil_rajasek 13 years ago

Can you add a akismet style spam filtering to kill spammy pages?

cabalamat 13 years ago

Will it be possible to upload websites using rsync?

bobdvb 13 years ago

No censoring? So what about child abuse images?

  • exodust 13 years ago

    What about child abuse images?

    No censorship means no censorship.

    It doesn't mean the provider of neocities couldn't be ordered to remove the illegal content and hand over all details about the person who uploaded it.

    "No censorship" doesn't mean criminals will be protected by neocities. It doesn't mean that child abuse images can't be dealt with in accordance with the law.

    Remember that the internet is not classified like movies and TV. There is no requirement to put "Rated R18+" on a website. As it should be.

    All he is saying is that Neocities basically has the same censorship rules as the internet itself. In other words, no censorship.

    A murderer can turn their PC into a server and self-publish images of his victims for all to see. They will get caught, and the server shut down, but the point is he didn't need to go through a censorship body to get the images published. Exactly how it should be.

ianb 13 years ago

No API? Sigh. It could be a nice backing host for a through-the-browser CMS – a little OAuth, a little CORS, and it could work pretty nicely.

  • big_lou 13 years ago

    Maybe there will be an API. The project is one month old.

rsync 13 years ago

export function ? Given the fate of the original geocities, it would seem to be very helpful...

vulgrin 13 years ago

-1 for not re-implementing <blink> tag

shtylman 13 years ago

Just use github pages.

  • deadfall 13 years ago

    But there is no browsing feature which is pretty entertaining. I love seeing all the designs and creativity.

rfnslyr 13 years ago

This thread is hilarious.

iframe 13 years ago

this reminds me GeoCities :')

timmillwood 13 years ago

sigh

  • d33d33 13 years ago

    cool idea, but seems the server has some problems uploading (2-8kb) files? or is that the heavy traffic? anyway, get some error messages, but files are uploaded. savings seem to take a while...better keep your code in another editor, too

    edit: ps: internal server error

    • ArekDymalski 13 years ago

      Same here. Internal Server Error. That's a huge nostalgia strike ;)

csomar 13 years ago

There are 61054 web site spaces remaining. After that, we need your help to get another server.

Does that mean he's running 61k sites on a single server? Even if each site gets one single visitor per day, that 61k visitors for the Server. There is no way the server can manage that traffic.

Sorry, but do you really want a static site? Just pay for a good one.

  • citricsquid 13 years ago

    Assuming you're not being sarcastic: a small vps could serve an order of magnitude more visitors per day than that when it's just static files, many orders of magnitude more on a well configured server and many many many times more than that on a powerful server. The bottleneck for this will probably be bandwidth.

  • showerst 13 years ago

    Aside from the other evidence that this is terribly thought out, serving 61,000 static pageviews (or if average pages per visitor is more like 2: 120,000) shouldn't be a problem on even a cheap server.

    Even with uneven traffic that's probably 4-5 pageviews/second at most. The cheapest linode or AWS instance can handle that for serving static files.

  • egonschiele 13 years ago

    Nginx can handle 61k views/day easily. Now if each of those sites get 61k views each...

  • spullara 13 years ago

    That is an amusingly small amount of traffic. A typical server should be able to handle thousands of requests per second. See the web framework benchmarks. When you add in the fact this is serving static pages you will likely blow out the bandwidth first. Put it behind cloudflare or another cdn and you should only need a second server for availability.

  • SomeCallMeTim 13 years ago

    A $20/month Linode can handle 4k static pages per second on Nginx. I've heard tell of people pumping the cheap Linode server up to 30k views/second, but I haven't been able to break 4k.

    Assuming text pages, the full 61k sites could be accessed every 15 seconds. If the pages have nontrivial graphics, then you're (as others have mentioned) far more likely to be bandwidth-limited. If the site has an unmetered 10Mbps connection, then it could serve 1Mbyte per second: If each of those 61k pages contained 1MB of data, then it would STILL be able to serve (at most) 86k pages per day.

    It's likely that most of the pages hosted will be accessed less than once a day, though. Power law distribution of the long tail [1] and all that. And a megabyte is a lot of data for a single web page; I would imagine that with a 10Mb limit on the entire site, it's not going to be a place to host sites with tons of images.

    [1] https://en.wikipedia.org/wiki/Long_Tail

  • throwaway420 13 years ago

    That's probably a marketing ploy.

    Quick, sign up right now or you'll miss out!

    Get it?

  • zobzu 13 years ago

    it can probably serve anywhere from 20k to 200k view per second. 61k per day sounds kinda easy. lol. Even my laptop can do it in that range.

    its static pages.