Readit News logoReadit News
hallak commented on DrawAFish.com Postmortem   aldenhallak.com/blog/post... · Posted by u/hallak
dmje · 21 days ago
…if you had RSS…
hallak · 21 days ago
I was 15 years old when they killed google reader, so can you blame me for forgetting about RSS?

Added :) https://aldenhallak.com/blog/rss.xml

hallak commented on DrawAFish.com Postmortem   aldenhallak.com/blog/post... · Posted by u/hallak
vicdemydov1 · 21 days ago
Great post-mortem, especially since it's a vibe-coded app.

Curious if you were inspired by Lego's build-a-fish* exhibit at the Lego House? I visited recently and it is ridiculously addictive to see a fish you create swim with others :)

https://www.youtube.com/watch?v=KYs3ne0HCwM

hallak · 21 days ago
Oh! I hadn't seen this. I was more inspired by the St Louis aquarium (where you color a fish and it swims) and Google's Quickdraw (a memory from like 2016)
hallak commented on DrawAFish.com Postmortem   aldenhallak.com/blog/post... · Posted by u/hallak
thehamkercat · 21 days ago
You can also upvote any fish without auth, limit is 20 votes per minute per IP

POST https://fishes-be-571679687712.northamerica-northeast1.run.a... {"fishId":"xxxx","vote":"up"}

hallak · 21 days ago
That's actually intentional desgin - I think you can like a fish a little or like a fish a lot, and therefore should be able to upvote/downvote to your hearts content :)
Posted by u/hallak 21 days ago
DrawAFish.com Postmortemaldenhallak.com/blog/post...
hallak commented on Show HN: Draw a fish and watch it swim with the others   drawafish.com... · Posted by u/hallak
sw030695 · 22 days ago
It looks like this has been hijacked by some edgy online communities.

Is there some sort of overlap between HN and cesspits like 4chan? Or did this get posted elsewhere?

hallak · 22 days ago
Unfortunately got posted to some heinous websites... and I made the mistake of using a very simple username and password that's been leaked 100 times for my admin account. I was going to "change it later"...

Anyway, working on the rollback now. A nice guy from here reached out and reported some small vulns I involuntarily committed.

hallak commented on Show HN: Draw a fish and watch it swim with the others   drawafish.com... · Posted by u/hallak
sometimes_all · 24 days ago
I keep getting this error on both Safari and Firefox:

Uncaught (in promise) Error: Fish model not loaded verifyFishDoodle https://drawafish.com/src/js/app.js:514 <anonymous> https://drawafish.com/src/js/app.js:170 EventListener.handleEvent* https://drawafish.com/src/js/app.js:168

Edit: Never mind, I had to wait till the model loaded. Took some time though. Fun project nevertheless!

hallak · 24 days ago
This is an issue that many are seeing, it has to do with how the model is loaded / how the submission logic works without it. I think I know the fix, but am currently getting slammed at my big boy job and so I can't fix it until I'm free in the evening ...
hallak commented on Show HN: Draw a fish and watch it swim with the others   drawafish.com... · Posted by u/hallak
Feathercrown · 24 days ago
No mobile support?
hallak · 24 days ago
There is mobile support... but it currently loads a 40mb model which doesn't work so great in a lot of places where you will use a phone. I meant to allow you to submit anyway, but I didn't test enough. Sorry...
hallak commented on Show HN: Draw a fish and watch it swim with the others   drawafish.com... · Posted by u/hallak
rafram · 24 days ago
You still should not be building HTML and JS using string interpolation.
hallak · 24 days ago
Absolutely! I've removed all references of HTML and JS using string interpolation.

(jk)

This is definitely a drawback with with vibe-coding. I never really write like HTML5 style code - at work I always use typescript with heavy ESLint, so never have to worry about this.

I figured the string sanitization in the backend would take care of any XSS vulns, which was my main concern. But I will have to read into the dangers of string interpolation which I admit I do not remember too much about (outside of the XSS stuff I tried to mitigate).

Thanks for giving the opportunity to learn... :)

hallak commented on Show HN: Draw a fish and watch it swim with the others   drawafish.com... · Posted by u/hallak
andy99 · 24 days ago
The website is great!

> I built a basic CNN trained against penises

After seeing it in action, my second thought (first was just watching my fish) was that I was amazed at the good behavior of the users because I would have expected a lot of penises floating around. Now I understand. Nicely done!

hallak · 24 days ago
Actually most people aren't trying to submit bad fish! I was surprised to, it's really like 95/5 good to bad submissions. People seem to follow the rules on average :)
hallak commented on Show HN: Draw a fish and watch it swim with the others   drawafish.com... · Posted by u/hallak
rafram · 24 days ago
> exercise in vibe-coding

The code shows it... Your escaping routine seems OK, but you really __should not__ be building HTML and JS(!) using raw string interpolation. Or letting the client decide whether the submission needs moderation.

hallak · 24 days ago
I don't let the client decide whether the submission needs moderation :)

There's a very slightly different model in the backend that sends things to the mod queue. Strings are also sanitized there. But copilot really wanted to add all that logic to the frontend too and I thought it was funny

h

u/hallak

KarmaCake day535April 7, 2023
About
https://aldenhallak.com
View Original