128
linuxxx
7y

Alright fuck it, let's release this fucker!

https://lynkz.me is the main domain. The interface is *usable* and nothing more than that. I'll invest more time in that soon but for now, hey, it works.

Api is located at https://api.lynkz.me.
Documentation for this (literally some echoes to the screen but it contains the needed information for now) is at that api url.

Found a bug or a security vulnerability? Please let me know!
Yeah I use mariadb but sql injection is luckily not possible due to quite some sanitization ;)

WARNING: if you make a shortened url and forget the delete key, you won't be able to delete it.

Let's see how this goes 😅

Comments
  • 3
  • 2
    Also love the (private) key system :D
  • 3
    I would expect the tag, please break it and let me know! I'm gonna use your (free?) service! (Free as in free beer, I hope)
  • 1
    And on that note, you definitely can open some special beer today 😉😉
  • 6
    @-ANGRY-CLIENT- One should be able to erase d footprint, even something as tiny as this imo! Without key I won't even delete anything by hand because I've got no way to verify that you're the creator then :)
  • 4
    @yendenikhil It'll deffo be free for now! No clue about the future but we'll see haha, let's first get known/users :P
  • 7
    Finally a privacy friendly (no tracking, I assume, also you can delete) and fast URL shortener. I will use it all the time now. The deleting thing is something I have seen nowhere and is a super good idea!
  • 0
    @linuxxx what about the other free too?
  • 1
    @cachoputa Still gotta find a way to not store ip addresses (in case of a serious cyber attack I need those) but except for that I solely store the things I literally have to store for this service haha.

    Thanks for the feedback, glad you like it! 😊
  • 1
    @linuxxx maybe hash them?
  • 0
    @cachoputa What do you mean with the other free too comment?
  • 1
    By the way, I'll regularly delete obvious spam/bogus links! Want to keep the db clean :)
  • 1
    @linuxxx free as in freedom, making it FOSS
  • 2
    @cachoputa Yeah wanna do that but if someone abused the application and I want to ban an up address which is hashed...

    Not sure on how to do that one yet :)
  • 1
    @cachoputa Thinking of a way to do that without releasing the entire source code as I want to keep a little bit for myself!
  • 1
    @linuxxx Would you need to store ip adresses if you route traffic through cloudflare? They handle ddos protection for you.
  • 1
    @olback Nope but don't they strip ssl at their level?
  • 0
    @linuxxx short answer is you can't, unless it is weak hashing without salting.
  • 0
    @linuxxx that sounds like some censor to me! (Deleting "spam")
  • 1
    @linuxxx you can choose proper licence (gpl 2 or 3) which enforces to add originator in licencing!
  • 0
    @linuxxx That's true. Do you store ips in a DB or just in your Ngingx access log?
  • 4
    @cachoputa Well I've got about 30 entries with test1-30.com, that's veeeery obviously spam, why'd I keep that?

    @yendenikhil It's a different reason haha, I'll explain later :)

    @olback That's a no go for me then, good to know at least! And both, going to turn them off in nginx soon though as CSF handles distributed attacks fairly well
  • 6
    Entirely forgot to explain the safe/preview mode.

    Want to click a lynkz.me link but wanna make sure there's no shady/weird url behind it?

    Go to https://lynkz.me/s/identifier and you'll get a preview of the link behind it!

    The /s/ also works with /safe/ and /preview/.

    Good luck with xss attacks, there are some heavy filters in the backend!
  • 4
    I can’t shorten https://lynkz.me

    :/
  • 3
    Where’s the dark theme?
  • 3
    @Gerrymandered awhhh poor you 😆

    And hadn't thought of that one yet 😅
  • 2
    @linuxxx I can help with the front end if you want some help. Let me know.
  • 2
  • 2
    📌
  • 1
  • 1
    @linuxxx put a listener or something on that level, when an ip’s hash is a flagged one, you put the id on the ban list (I guess storing spammers IP is okay) or just kick them out (which is a ban system), but you gotta be careful to not flag VPNs (you gotta let those poor people shorten their porn without their ISP knowing ;) )
  • 3
    @linuxxx

    >no dark theme

    Really dude?
  • 2
    @linuxxx I know of some services that allow you to add a plus sign to the identifier to get the save view. That would be a great shortcut.
  • 0
    @linuxxx where did you buy the domain?
  • 0
    @junners the internet ;)
  • 0
    Works nicely 😁
  • 0
    I can't shorten *.wien Domains lol
  • 7
    "Url already exists:"
    Fine, someone else wanted to share the same domain. But why should I want to reuse it? What if the other person deletes their url?
    -> The shortlink becomes totally useless to me :(

    Apart from that I really like it!
  • 2
    @holl very interesting point. @linuxxx if I'm experimenting with somewhat popular url (say devRant) and you wanna use it in your blog, you don't have any assurance about the longevity of the url. That can be a bummer and make me conscious to use the shortener!
  • 4
    I'd suggest to have input fields spanning the full width on mobile.
  • 4
    Btw. Is there any check/rate limit for tge delete key, or could one just brutefore all delete keys?
  • 0
    @Alice blimey your personal page is... Just as pink as I expected
  • 2
    Awesome, great work!!
  • 0
    Nice! Gonna use it in order to promote it :)
  • 2
    @linuxxx it could be free to play but then have loot boxes that you open for literal delete keys.
  • 0
    Amazing work my friend, keep it up. First privacy blog and now this :D
  • 2
    Why would you inform users of the activity of other users? The fact that you want to save storage on requests to shorten duplicate URLs is incompatible with providing a good user experience. You made the decision to give users the ability to delete their URLs. Given the fact that a user can then delete a URL that another user might be using (if they even can), you need to think of something a little more flexible.
  • 1
    JS form checking isn't a great idea either. I intentionally left the http:// off the string. This shouldn't matter.

    Also, the URL field needs to be much wider.
  • 1
    @bahua might just check on blur or so, if it has a "http(s?)://" infront but otherwise is a valid url, in that case just prepend https:// by js?
  • 1
    @Wack

    However. I personally would handle it all in the backend.
  • 1
    how about a temporary link? this (for example) can be done with a deleted_at column (datetime) then, once the date passes the link itself behaves as if it was deleted (soft-deleted) and to keep the Database clean you can run (once per day) a small clean script, that just checks if the deleted_at datetime has passed the current datetime

    Just giving you cool ideas to improve / extend the site (if you want to continue developing ofcourse)
  • 1
    @bahua that of course! Never trust the data a user can manipulate! However for a redirect you'll need the http, otherwise it'll just be a relative redirect and not to a external site...
  • 0
    @Wack

    Sure. When I say backend I am referring to the code behind the site, not the database.
  • 0
    Also, the bootstrap and jquery data amounts to almost 300k of data. This is excessive, and needs to be cut down to no more than 1 or 2k.
  • 0
    @bahua I have heavy validation in the backend, this features just makes that the server gets less to handle :)

    About the deletion thingy, this is intentional and a feature I personally miss in other url shorteners

    The www part, yup, on my list of to-solve's!
  • 0
    @bahua Agreed on the bootstrap part as well, I'll look into that later because for as long as this thing stays tiny I'd like to focus on features :)

    Informing users on the activity of other users, how am I doing that?

    Although you don't have to, do you also like something about the service or not at all? :)
  • 1
    @junners Namecheap :)
  • 1
    @Wack Nope no specific rate limiting on the keys, very good one, I could make those 'violations' into a longer/quicker ban. Thanks!
  • 4
    @yendenikhil @holl @bahua Creation restriction when the url already has been entered/exists has been lifted, thanks for the feedback on that one!
  • 0
    @Condor any suggestions? Because I entirely agree with you haha. Maybe email verification? But then I'd have to store possibly very identifying data...
  • 0
    @Condor Agree but even my parents regularly clean up cookies....
  • 0
    @Condor IP addresses can change easily as well... Still thinking :)
  • 0
    @Condor But what if your computer crashes or you want to remove a link around another computer?
  • 1
    @linuxxx

    I don't dislike it, but I doubt I will have much use for it, because of how long the URLs are.

    You are informing users of the activity of other users by informing them when a URL has already been shortened. In addition, any users who attempt to shorten that same URL afterward, after being rebuffed, will not trust this site, because they have no assurance that the shortened URL will not get deleted by the original user. So to avoid this problem, they will simply go somewhere else.
  • 0
    @linuxxx

    I personally dislike the idea of dumping processing onto the user. It's your site, and your hosting. It's your job to make it efficient, and you have abundant tools to do so. Dumping the expense on your users is not a great way to get them to use your product.

    Validating a string to make sure it's a URL, and generating a random string is not heavy work, and there is no reason it shouldn't be done entirely on the server side.
  • 0
    @bahua Have you seen my comment a little upwards about this? I removed the feature which disallowed the multiple times shortening of any url already since I thought this was a good point!

    So now you can generate as many duckduckgo shortened links as you want :P
  • 1
    @linuxxx

    Cool. That was an easy fix, and I'm glad you made it.
  • 1
    @bahua How am I dumping the processing at the users exactly?

    In case you didn't look at my previous comments replying to you:
    - a link/url can be shortened as many times as the database can basically handle
    - HAVING to enter http:// or https:// - on the top of my list to also allow www and none of the above
    - front end too heavy as for libs/size - I'm aware but it's not on the top of my list.
  • 0
    @linuxxx

    You are moving validation from your server to the user's computer with javascript. That is dumping processing on the users, and unnecessarily so, given the extremely simple nature of the tasks being performed..
  • 0
    @bahua Agree on processing on the users side but (once this works well) it should allow any valid url through and 'block' invalid ones anyways, which happens at the server side as well. It's a very tiny amount of processing which lifts load off of the server which doesn't matter now but if this would become a big thing then it would be useful.

    I don't agree on that this would be bad :)
  • 1
    @bahua and @linuxxx it is always trade off on what can be validate in client and server, there are many trade offs, like security, round time to from client to server and actual complexity of the operations. Ultimately everything (client side or server side) can be criticised. But it need valid explanation, and not just that client validations should be lighter to non existent! I prefer some client validations over the time of round trip delay (I may have slow connection, long ping ), but that's me! Also linuxxx is doing server side validations as the service is actually backed by API (opportunity to write your own client!)

    Just my two cents.
  • 1
    @yendenikhil

    Agreed, and I'm pushing too hard, considering I wouldn't use it anyway, because of the length of the generated URLs.
  • 0
    @bahua scalability perspectives, but fair enough :)
  • 1
    @linuxxx

    If you want a dark theme, just add these to your css file:

    .jumbotron.vertical-center{

    background: #777;

    }

    .container {

    background: #444;

    color: #eee;

    }

    Of course, you can change the color to whatever you wish, but these colors are easier on the eyes than the white, IMO.
  • 1
  • 2
    @linuxxx I like the delete key idea, although the whole thing is broken for me atm.

    But I had a few minutes to kill and I wrote some CSS for it. No bootstrap or anything. https://thimbleprojects.org/franga2...

    Feel free to steal it :D
  • 0
    @franga2000

    Those are some nice colors, and I really like the subtle shadow underneath the selected boxes!
  • 1
    @bahua Except for the domain name which is a little long (still searching for a good shorter one), do you also find the identifier too long? I've tried multiple shortener services but except for the domain itself they're all around (the 'identifiers') 6-7 characters and so are mine..
  • 1
    @retnikt @franga2000 Learned my lesson: don't deploy when tired and about to go to bed, made a stupid coding mistake aaaaaaand it's gone xD (didn't even notice myself)
  • 0
    @franga2000 Are you sure I could steal that? Because if so, I'll do that tonight! And if you'd like credit, we can think of something :D
  • 1
    @linuxxx

    My issue is not one you should worry about. I have my own shortener that of course anyone is free to use, but almost nobody does. As such, I get super short URLs with it.

    http://bu.tl/gX
  • 0
    @bahua Hmmm only two, I'd like to do that but I'd like for the service to grow big and then two characters is not enough I think :/
  • 1
    @linuxxx

    Sure, 2 character identifiers are only for 2-week expiring URLs. 3 characters are for permanent ones. If my site ever catches on, I can pretty easily scale it.

    2 = 3,969 possible URLs
    3 = 250,047 possible
    4 = 15,752,961 possible
    5 = just under a billion
  • 1
    ...and so on. bit.ly does 7, tinyurl does 5. Even if I went as high as seven (~4 trillion), I'm still coming in 2 characters under bit.ly.
  • 2
    @linuxxx I'd keep one and two chars reserved for yourself! And add them in backend 😈😈
  • 0
    @bahua I think 3 char is sweet spot. Personally.
  • 2
    @yendenikhil @linuxxx

    I absolutely intend to keep the shorter URLs for myself!
  • 1
    @bahua or auction them 😈😈😈
  • 2
    @linuxxx

    FYI: bi.tl is available.

    EDIT: scratch that. It appears that Timor l'Este updated its terms since I registered my domain in 2012. A whois on that domain reveals that registrations on two character domains are not allowed anymore. I'd better hold on to this forever!
  • 2
    @linuxxx go ahead. If you happen make an "about" page or info comment, I wouldn't mind a mention, but consider the code CC0. Unless you're planning to turn this into a billion dollar URL shortening startup... 😁
  • 0
    @franga2000 thanks for letting know! What's CCO by the way? 😅
  • 2
    @linuxxx Creative Commons Zero. It's a license that puts what's under it into the public domain in an explicit and universal way. It effectively means "anyone can do whatever they want with that code, it's no longer mine"
  • 0
    @franga2000 Ohhh, good to know, thanks!
  • 0
    Had problems with it, but it seems to work now: https://lynkz.me/hCRbPad
  • 0
    @linuxxx seems like you didn’t check the api’s echoes
  • 0
    @-vim- First one is okay...? Second one, good catch, thanks!
  • 0
    @-vim- Yeah I deployed before going to sleep without testing resulting in a 500 error throughout the day 😅
  • 5
    I had a college assignment to redesign any website. Guess what I chose to make -> http://afzalsayed.me/lynkz/

    Not my best work but then again it was a "college assignment". @linuxxx feel free to use it and any suggestons are welcomed :)
  • 2
    @skynet Man, you have no idea how much this means to me! Just the idea of someone choosing something I made to redesign... holy shit!

    Just wondering, how hard would it be to build in a simple top menu which would look okay enough?

    To male clear, I definitely have no right to ask you this and if it's a no, fully understandable!

    I'm going to combine your-and-@franga2000's layouts/designs together as they fit perfectly!

    I can use franga's layout with different colouring (still gotta think of a colour scheme) for general pages and the shadow-box effect and I can use your (skynet) main frontend (unLynkz, fucking genius!) for the front page!

    Thanks many times to you and @franga2000!

    I 😍 your design by the way, @skynet!
  • 2
    @skynet I really like your design too and I'm definitely bookmarking that font for a future project!
  • 1
    Hey @linuxxx , glad that you liked it. Also I'm in if you need any help with the front end. A simple top navbar with links might not require much time to implement
  • 0
    @linuxxx Might I suggest minimal color theme like this from my previous project?

    http://afzalsayed.me/err_404/
  • 1
    @linuxxx Awesome stuff!
    You can your time with this one, since it's not so important.
    Why does adding +'s at the end work?
    https://lynkz.me/Zb8TebX
    Works with
    https://lynkz.me/Zb8TebX+
    https://lynkz.me/Zb8TebX++ and so on.

    You can perhaps use this + to display the preview as @xenira has already suggested.
  • 1
    @0sAnd1s No clue, it's not supposed to work 😅
  • 0
    @skynet I personally want to go 'very modern' with colours like purple/pink/turqoise but not sure how good of an idea this is haha
  • 2
    @0sAnd1s '+' is a blank space in URL encoding. Maybe the server strips blank space(s) at the end of URL while handling such (http) requests
  • 0
    @skynet Interesting, thanks :D
  • 1
    @skynet The server strips question marks as well.
    I programmed the entire api to use get requests and found out while testing that that wasn't going to work 😥
  • 1
    Had some time to spare today so did this

    http://afzalsayed.me/lynkz/
  • 0
    @skynet I think you are calling the webpage created by @linuxxx instead of the API. It is good idea to call API!
  • 0
    @skynet 😍 holy shit that looks awesome! I'll definitely implement it somehow tomorrow, thanks an awesome lot!
Add Comment