There's some negativity in the early comments here, but I'd like to applaud the effort of making this a dead-simple self-hosted, FTP-friendly solution. We need more experiments around federated self-owned networks which are appealing to end users.
A fun idea, a perfect name and I like the user experience. Take the advice about security and structure seriously, but you have something worth finishing here. Pop this up on GitHub, and I expect you'll find helpers with the code refactoring and feature requests.
Great idea, great that you shipped, now improve, improve, improve. Put the code on github and let people file issues and pull requests. Yes, many things in the code can be cleaned up, but kudos that you got it out there instead of having it run on just on your personal VPS.
We need more dead simple-to-install open source webapps, especially with a modern look!
The site looks nice, cool intro video and all - but when I tried it out locally (my PHP has "display_errors = on" and "error_reporting = E_ALL"), I saw error messages all over the place. "A session had already been started, ignoring session_start()" shows repeatedly, and various "undefined variable" / "undefined constant" messages. Not so pretty.
I too applaud the author for embracing the spirit of open-source; but I think now would be a great time for him/her to learn the super-basics of PHP (and programming in general) best practices. Develop with all errors being tracked and displayed! Don't use undefined variables or constants! Use tutorials / books that were written in 2014, not in 2003!
An idea. Okay so generally we can all agree that PHP is a very bad language, but you can use PHP to build great things too like ''dokuwiki'' for example.
So the idea is to package all the necessary parts of ''dokuwiki'' and make it installable by simply throwing or wgetting it into a PHP enabled dir. The first rule of software development is "don't write code, because there is already someone who solved a similar problem before you." Instead of writing a whole new blogging platform, see what you can build starting from a stripped-down ''dokuwiki''. Using the fs as the data store is a good pattern for usability.
Looks like HN traffic overwhelms once again - I'm getting a 503. The cached copy isn't particularly helpful since many of the main site images don't display.
> nemex doesn’t need a database. This means that you can easily download the zipped package, fire up your ftp-client of choice and copy the files to any directory on your web server. As soon as you successfully uploaded them, navigate to the /projects folder and set the permissions to 777. Open config.php in your nemex-folder and change USERNAME and PASSWORD to anything you want.
In 2014 a lot of us don't use shared servers anymore. Personally, for someone like me, throwing this up in my dokku sounds great. I don't think this is designed for the Enterprise.
Agreed that this is ugly. This project would make so much more sense if it were developed as a static site. I haven't looked at the codebase, but if it doesn't require a DB, can it not be ported to Jekyll or Pelican or so? Then it would be extremely easy to host it on S3 for peanuts..
The app needs write access to the /projects folder. Many shared hosts need 0777 because PHP runs as a different user than FTP. If you know what you're doing, you can always set it to the minimum required permissions.
What's wrong with the username and pass stored in a config file? Almost all PHP apps store their database credentials in a config.php as well.
I don't get it. 0777 is already the broadest permission you can give. So what is this minimum required permission?
I haven't done much FTP or shared hosts since, maybe, 7-8 years, but I remember Wordpress has the same 0777 is bad practice for many years and hasn't changed.
I've been having a change of heart when it comes to PHP recently. This kind of projects is exactly what PHP is for and is perfect for it. As ruby dev, before you start you need to do so much hand-waving that it kind of kills the joy of creation.
So congrats for this project and this messy creative code.
Great project. I'm definitely going to give it a shot as a Raspberry Pi hosted thing.
One comment on the site though - it would be really cool to be able to see a demo. I get a good vibe from the description/images, but a demo site would be great.
If all that was presented was effort and concept, it would be (mostly) praised. What I see people criticizing is the end result produced so far. Presenting criticism is not being a “douchebag”.
I have just downloaded and started using the "app" 10 minutes ago. It sounds like an app I have been searching for for a long time. After downloading I checked the codebase, as I usually do with every open source project I consider using - I have to agree to the other users: The code is really messy. I would suggest you to rewrite the whole app using an object oriented approach and dividing between HTML- and PHP-Code. Probably you can make use of something like Twig[1]. Do not create a file for every function of your system: Create a class for every object like "Dashboard", "Project" and "Node", then write an API to make their methods accessible from your apps javascript parts.
After checking out the code and realizing that it might have just been written by a beginner, I "installed" it locally: From a users point of view I have to say it is exactly what I need. I am able to post small snippets (called "nodes") to a project (kind of a category/idea). Thats all. Drag & Drop works - awesome. The design is simple but really neat! However to make this system perfect for me it needs to implement multi-user functionality, where I can chat with my friends about our current projects.
I think I would give this project another try, when you were able to refactor the whole code basis and add multi-user functionality.
Because you don't know what's lurking and waiting for you X-periods of time from now. Sure, it works now and that's probably all that matters for most. Others like reliable solutions that won't just up and corrupt themselves at some point.
However, I've often been amazed at how "messy" code is. Code that does what it needs to, and works. Early bird get's the worm, and I applaud this guy for throwing something out (something perhaps that we were too busy taking our time "working on to get clean and perfect"). I'm sure it'll get refined and refactored as time goes by, if people latch on.
Have you ever heard the catch-phrase, "What could POSSIBLY go wrong?" before?
Many have been burned by PHP experts before. This guy is a beginner. I really like the app design and idea but I can't find a reason to let protect my data or compromise my server. Might be cute to host it inside my firewall, though.
I care. As I am a developer I like to understand what the code does. If they would refactor this project to use 3-4 classes and a coherent structure it would make their code easier to overview and maintain.
I prefer the mix of a beautiful UI, a meaningful UX and a powerful codebase.
If it works but performs poorly due to poor design decisions I definitely care. Otherwise I'm with you -- I tend not to care about the skill level of the programmer as long as the application works and has no glaring security issues.
but it shipped. how many projects do each of us have that just sit in a repo somewhere that we never ship because "it's just not ready yet" or because we fear public scrutiny of our code. i'll speak for myself because there's easily a handful of projects that are probably ok to "ship" but that i let stagnate because i worried about this sort of comment.
and honestly, it doesn't matter. the author has no responsibility to you or to anyone to write hardened production-ready code. if his app gets rooted, it's on him, and it's honestly the responsibility of everyone that runs it to determine if that's a risk they're willing to live with.
but the quality of the code has little bearing on the fact that this product didn't exist some while ago and now it does. maybe it'll influence somebody to create a desktop version or to contribute some security fixes, or maybe it'll just spark some design discussion. it shipped and irrespective of its quality, it's making at least one person more productive.
Unescaped user input which reads/writes/etc to the filesystem. Intermix of PHP4/5 all over the place. Zero separation of presentation and business logic. It also has code which references a MySQL database and missing library files.
Can we just all collectively downvote this and/or change the title to "Daily WTF: ..."
Someone clearly made a project that works for what they want, so shame them? I'm pretty sure HN is supposed to more about learning and growth than about putting others down to show off your pre-existing knowledge, discouraging them from growth or discouraging others from helping them grow.
Your "criticisms" aren't even valid criticisms, they're hyperbolic. Zero separation of presentation and business logic? I looked at the code. Zero separation means everything is in one file. Yes, the author mixes presentation and logic in many instances, but where is the presentation code in the file node.php? Oh, look, some business logic is separated to its own file, just like one would expect with "zero separation". Seriously, why should we throw a hyperbolic insult that doesn't even address the problem? I can't think of any good reason to be destructive here.
EDIT: After discussing this more in replies, I found the guidelines for Show HNs. It looks to me like these comments violate the guidelines for Show HN comments. If HN is going to be comfortable place for people to share their work, this shit needs to stop. Every time I see shit like this I think about how little good it does to post a Show HN unless you already have a business behind the project. Even when there's low-hanging-fruit that one could easily help with, some "rockstars" would rather make insults than contributions.
You point out one example where it's somewhat separate and I can point out many where it's not. I can also point out numerous massive security flaws, utterly unused code, the obviously unprepared .DS_Store shit, and code which attempts to load missing libraries and SQL inserts when it's blatantly billed as "no database required"
This isn't some arbitrary work-in-progress "Show HN" project. It's being released and advertised as a fully working product which is quite the polar opposite, absolutely filled with security holes and should be approached with serious hesitation before someone were to actually utilize it.
I'd also argue every single one of my criticisms is incredible valid and hardly hyperbolic.
>You point out one example where it's somewhat separate and I can point out many where it's not.
That's great. You SAID "zero". And you pointed out zero examples to defend your statement. I pointed out one example that completely invalidates your statement, which is all that is needed. Because 1>0. Here, let me help. "Your application doesn't do a good job of separating business logic and presentation." Was that hard? I didn't say anything hyperbolic, I didn't recommend downvotes or call his application "WTF" in that statement. It WAS NOT HARD.
>I can also point out numerous massive security flaws, utterly unused code, the obviously unprepared .DS_Store shit, and code which attempts to load missing libraries and SQL inserts when it's blatantly billed as "no database required"
Did you do that, or did you try and insult the author? I see others in this thread pointing out specific issues that will help the author. You can't do that? Or is the author not worthy of your help, but somehow IS worthy of the time you spent to insult the author's project?
>I'd also argue every single one of my criticisms is incredible valid and hardly hyperbolic.
Sorry, but if you say "zero" and it's not true, that's hyperbole. It's either hyperbole or it's not, there's no such thing as "hardly hyperbolic." You exaggerated and you knew it was an exaggeration, OR you thought you were making a true statement. Either way, wrong.
My point is you are not offering anyone anything. Who do you help by insulting the author? The author? Or do you think you're protecting the world from bad software?
BTW, here's the rule I think you're violating:
>When disagreeing, please reply to the argument instead of calling names. E.g. "That is an idiotic thing to say; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
One could argue I'm breaking the same rule in arguing with you, though...
Sorry but I have to agree with meritt here. This a SHOW HN, and the project is not ready at all.
Even if one disegards bad architecture,the project suffers from too many security flaws. The creators should have a look at http://www.phptherightway.com/ which is really basic guidelines for any modern PHP project.
PHP suffers from bad rep because of developpers that clearly dont know what they are doing. They have client-side skills for sure.
But i would feel totally embarassed if someone linked to something i've made and that would look like the source code.
I'm not saying i'm a PHP "rockstar". But there are channels where beginners can get code reviews for free (IRC,reddit,...) before making a project official.
Or someone with the relevant domain knowledge could look at the ideas and consider whether this guy may be worth talking to or hiring onto the design team for a similar project. Otherwise some guidance would be nice.
The idea isn't to shove people out of the circle when they present something they've been working on.
1) please find a better way to inform the app developer security vuln
2) please don't stereotype or discriminate designers. There are designers that are way more conscious and way more knowledgeable about general web security best practice than many of the HN readers here. Professional sites like Google can have XSS. Don't be one of those ignorant thinking XSS is easy to solve. I bet you just created a new account so you can tell the world how much you think designers are incompetent regarding web security best practice. I bet you are also incompetent showing your true identity.
Is the code hosted somewhere on a VCS?