I love breaking things and I've noticed that user are able to intercept the UID / ID of the received messages in the Websocket and edit / spoof past messages from other users.
edit: And editing other user names and rooms settings.
Thanks for catching that! One thing I really wanted for the project was not having to sign in to use, but that's been causing a lot of security holes like this. Gonna try to fix everything soon
Out of curiosity, what are the motivation(s) for not requiring users to sign in? Is it just lowering the barrier to entry, or are you concerned with privacy?
I'm really not knowledgeable about firestore, firebase or even authentification systems but couldn't an user request a secret key that the user will use to authentificate itself when sending a message into the websocket (that will not be transmitted to the other users)?
For the login-gate, I'm pretty sure 99%+ of the visitor would have not created an account. Even without the login, the HN room shared in that thread was kind of inactive.
Since the rooms are "private' by default (secret token in the URL), authentification is now really necessary for casual usage.
Yes you could generate a rsa key pair in the browser and send a tuple of user id (or just a nonce) and public key to the server as a form of automatic registration. The client could prefix each chat with the user if/nonce and sign it with the private key before sending it to the server. From then on the server could simply retrieve the public key it has associated with the user id prefix and reject any messages that fail signature validation.
This could also work in a peer-to-peer context by only using the server for public key registration (i.e. by chat room). All messages would go directly between clients and the server would never receive chat messages.
I tried my hand at something similar using a sleep music themed YT channel and website. Couldn't get things to click. And FB ended up blocking my site on the sharing debugger.
I think there's a line where it stops being reasonable. If I know every comment on a Show HN is going to be blatant self promotion, I'm not going to view those posts even if the OP is interesting to me.
> Show HN is for something you've made that other people can play with. HN users can try it out, give you feedback, and ask questions in the thread.
> On topic: things people can run on their computers or hold in their hands. For hardware, you can post a video or detailed article. For books, a sample chapter is ok.
I am glad to see work from other hacker news members. When it isn't interesting to me, I find something else on the internet or IRL that is.
Great point. While not everything is appropriate to share in response to someone else's "Show HN" post, I've definitely seen (and appreciated) others linking similar projects. It usually is in the context of saying something like:
- I tried this too, and can appreciate that you solved way harder things than we expected to have to deal with
- I had this idea too but like your execution
I think it's very fitting, especially since we are celebrating not just the idea, but the execution that someone did to be able to show it off here.
Maybe there should be a weekly/monthly “Show HN” (like the who’s hiring thread) where everyone can promote what they’re working on. Doesn’t have to be new things, even progressive updates would do.
Hey @dang, how does a free-for-all self promotion thread sound (minus the spam)
Could the CPU load be reduced? If I am only on the page, not even playing any music yet (probably because something is blocked), I get 1 core up at 100% CPU load. This can't all be for an animated background image, can it?
To go in the opposite direction, if you wanted to add an option for people fine with large CPU/GPU expenditure (i.e., if this were playing on a dedicated TV in an actual café), it might be fun to add a WebGL canvas and make lofi/vaporwave-inspired effects [0].
I actually really like this feature when playing music for a whole room on my OLED TV. People like watching the fancy graphics and I get to dodge a tiny little bit of burn in.
It might be cool to needlessly spin up a CPU/GPU for no reason other than not being familiar with a more effectient method of doing something? I don't know where you come from, but that's not my definition of cool at all
Hinted at with lower bandwidth requirements, but the biggest win with video is their stellar compression. GIFs store every single color value, which is why they get so huge so quick.
If it's only a few frames you might be able to arrange them vertically in a PNG and animate background-position to get the same effect for cheaper.
Correction: you want to use transform to force creation of a new rendering layer, then when adjusting the rendered position of the element using transform will not cause a repaint.
It appears that every GIF frame is a Chrome paint (which makes sense) but a way to make the GIF static or turn off the GIFs would reduce paints down to basically nothing.
Hey, just wanted to let you know I've just pushed a "low-energy" mode that will remove some elements and effects on screen. On my Mac (MBP with M1 chip) it makes the webview go from 40% CPU to around 10-15%.
Since we're making a list https://plaza.one is good for obscure vaporwave. I've heard songs that I absolutely have not been able to find elsewhere on the internet.
Nice concept, love the aesthetic! It was too CPU intensive for me on a laptop so I sourcedived to find the list of svideos which appear to be the following https://rentry.co/txqrq . I personally use
for listening to such streams. Unfortunately, as "youtube-dl --list-formats" will tell you, the live streams don't have separate audio tracks (which normal YouTube videos do) so this only helps with CPU savings but not bandwidth (you can choose a lower bitrate stream though).
Works under Windows 10 command prompt too after changing the single quotes out for double quotes, very nice. Had been keeping a browser tab with the YouTube stream open, but this is undoubtedly going to be easier on battery.
(edit) I think the man page would really imply it is redundant, but when trying with just --no-video and no $DISPLAY (e.g. ssh'd to a machine with speakers but no X server running), it picks up vo=gpu (accelerated video decode) from my mpv.conf and runs with a warning:
[vo/gpu] Failed initializing any suitable GPU context!
Error opening/initializing the VO window.
I found then lost the reference to lofimusic.app, and could't find it again until today, so I'm overjoyed to stumble upon it again, as well as this new thing!
I like it a lot and it is very responsive. One thought though, is there any way to reduce the amount of JS/ trackers you are using? UBlock blocking is at 10% and it is still working fine.
Can't have contributions when the images likely aren't even under a license that would allow use like this. I guess it's better not to say where they are from and hope people don't notice...
The image of the girl lying on the floor is a screencap from the "Whisper of the Heart" movie. I doubt it's licensed. Various "lo-fi" YouTube channels used to do that as well, but got copyright strikes and changed to original artwork.
> Dimitri chose the character of Shizuku Tsukishima from the Studio Ghibli film Whisper of the Heart as the face of the channel, with footage of her studying or writing used in the streams. When the popularity of the streams ultimately led to some getting taken down for copyright violations, Dimitri decided to maintain the Ghibli-esque aesthetic but with an original character and put out a call for artists.
Yes, although I’d note that among people who listen to lofi music, the “anime girl studying with rain outside the window” animation is an extremely well known meme.
The streams are just the name as a youtube video. For example if you click the "lofi hip hop radio - beats to relax/study to" in the bottom left (r what ever you are on) you'll see all the streams. Copying that name and pasting it in Youtube will show you the stream.
Though I do agree a link to them (since there is no mention of Lofi Girl anywhere for example) would be nice.
The project has a better chance of survival if it follows the rules of the platform sourcing their content. I think that warning somebody that they're standing on a cliff edge is the polite thing to do, even if the cliff is man-made.
I love that these type of apps are popping back up. However, I fear that the RIAA is going to ruin all the fun like they've done in the past. I used to run a site in which we just played random music with no ads/no revenue. We still got a cease and desist letter giving us no choice but to shut it down. I get why they exist, but they are more about stomping out sites rather than working them to figure out a path that is lucrative for everyone involved.
Unfortunately the only way to get around this is to have agreements in place with independent artists for the site that you could then provide to the RIAA when they come knocking. If you post music by artists signed to a label it's out of the artists' hand even if you attempt to put something in place directly with the artist. The RIAA is aggressive and well funded. Their entire objective is to make sure artists get paid whenever their music is played regardless of whether the site is free/no ads.
EDIT: Spotify, Apple Music, Pandora, etc do not provide APIs to embed their players into other sites without some sort of licensing agreement in place.
What does "in this room: 25" mean? The number remains the same when I change the station. Is there only a single room and I changed the station for everybody? Or are there 25 people in every room (=station)? :-)
It's the current visitors. I liked the word "room" to make you feel like you're in good company, but maybe it'd be better to just write "live now". What do you think?
What do you call the art style like this? It reminds me of a game called Va11-halla. I kind of like it, but it's frustrating that I can't name what it is. I see random Japanese texts here and there that are obviously made by non-Japanese people (they're awkward). "Foreigner's image of Tokyo's city life"?
Love that when I add it to the home-screen it has an icon. And, when I open it from that home-screen icon it has no navigation bar.
I desperately with that more people would exploit the web technologies for more of these sort of apps.
If I can play Cyberpunk 2077 on my iPhone through the Stadia web app, what isn’t possible?
Nice one, but my CPU fans got really loud (normally this loud when I play games) xD. I'm not a web developer, but I'm pretty sure this is something that can be fixed :)
Who gets credit for the artwork? It's really cool. I feel like all the channels/music are getting pulled from live lofi streams that I listen to on YouTube on a day-to-day. But the artwork isn't the same; so was that original for this project? Any idea how they're made?
Any plans to include a small chat feature? I normally don't like using chats on websites at all but for some reason I would absolutely love to interact with other people that are listening to the same music at the same time as me.
I guess that's when you double down and just scrape Invidious[1] for the audio files.
edit: The Firefox extension "Privacy Redirect"[2] also uses Invidious to automatically redirect all youtube links, and does similar things for pages like reddit and twitter to their respective "mirrors".
For anyone else wondering "what the heck is invidious?", from their github[1]: "Invidious is an alternative front-end to YouTube." Cool!
But man, classic open source: the front page of those docs says nothing about what the heck the project is, just a list of URLs to visit, and the main website[2] is just an under-construction page with a link to the github repo.
Wow, I had no idea about Invidious. This perfectly solves my use case of needing a REST API to get MP3 urls for YouTube videos. I was looking into building or finding a REST API for youtube-dl, but this seems a lot easier.
The mirrors frequently go offline from being blocked though, so it may be easier to rely on youtube-dl depending on how likely it is that you will be rate-limited.
You could of course also try and set up your own, private Invidious instance and see what mileage you get from that.
yep, I was trying to make some recreations of DVD menus a few years ago and decided to host on youtube so it could be easily added to.
Iirc my hack to hide the UI was replacing pausing videos with an infinite loop of a millisecond (which was buggy as hell). VideoJS with the youtube plugin was able to hide most everything else.
This is tight. I love the little touches like the pomodoro timer and discoverable keyboard shortcuts. The UI is so cohesive as well, and has everything you need and nothing you don't.
May I also suggest the [freeCodeCamp.org Code Radio][1]. They actually had a [recording artist contribute and curate most of the beats under a creative license][2].
Nicely done. Reminds me of an idea I think would be really cool, a site sort of like tiktok, but instead of focusing on original content, it focused on letting you find interesting video clips to pair with your own music. Sort of like how spotify has gifs now, except you could customize them for your own music and share them with others.
This is reminiscent of the YouTube channels with slight (ie 10 second) animated loops like Lofi Girl. I have used these videos for deep work sessions and will certainly use your site as well. Congratulations on your work!
The site's artwork is amazing. Love the details. It seeems that the transition effect when changing channels is generated and genuine each time, instead of randomly selected from a library.
I listen to https://youtu.be/fTS1JbEtSWs for background. Not only is it great background but I've found so many beautiful tracks through it over the years. Here's two:
I really like the video filter effect. Clever use of layered background images to achieve that VHS aesthetic.
Just a tip to reduce CPU usage: it's probably better to replace the large GIFs with videos. WebM not only has a much smaller file size but also makes the fans spin less. Most "GIFs" you see these days (e.g. on social media or Slack) are actually videos.
Nice project :) For my own use, I keep a list of such youtube stations in a file and use a script to play through them (I can specify by srl no., shuffle, play a random station etc). Much more lighter on the system as I use mpv to just play the audio stream. Also, allows me to repurpose the script for various lists for various genre.
For the "Lo-fi" part, I was going to write an explanation, but the first few paragraphs of https://en.wikipedia.org/wiki/Lo-fi_music explain it better than I would have.
Small correction: goes back to the mid-90's as a distinct thing, and you could hear that type of beat in songs even earlier than that. DJ Shadow brought it into general consciousness with his 1996 release: Endtroducing, but others were doing similar before. Back in the mid-to-late 90's, we were calling it "Trip-Hop". Though that was a broader term than lofi, which seems more specific.
Maybe the ultimate origination were in groups like De La Soul and PM Dawn. They had vocals, but their beats were often super chill.
I would disagree that Trip-hop is more broad. Trip-hop seems much more specific.
As far as Endtroducing being the first instrumental hip hop album, I guess one could argue that. However, it's a bit like saying that Iggy Pop and the Stooges were the first punk band. Either way, even though both movements come from an earlier time it didn't get much attention until the following decade. It would be akin to arguing that grunge isn't a genre from the 90s because Dinosaur Jr. was around in 87.
I actually have been working on something related but not exactly - mine is more generally a Youtube video zapper. Works well for music and also for other genres, was a fun quarantine project.
Nice work! I'm starting a similar coworking stream on twitch today, also with lofi music but instead of gifs I share my screen and pomodoro timers. https://www.twitch.tv/pomber__
Very nice execution. Love the aesthetic. IMO the source attribution could still be better. For example I follow one of the sources (RyanCelcius). Many of their original playlist visuals (e.g. rare tapes series) stand on their own merit and deserve to be seen.
In case anyone is interested, you can get most of these exact same playlists by searching “chillhop music” on Apple Music. Probably on Spotify and others too. Very nice background music for coding (for me anyway).
I guess one advantage of this is it might use less energy than streaming on Youtube directly? Haven't done comparison yet though to quantify CPU resource utilization and power consumption.
I would pay a subscription fee if someone could locate and repurpose the old playlist/soundclips from musicforhackers.com - awesome streaming music site back in the '00's.
That’s real slick. Royalty free Lofi is 90% of my music consumption anymore since the RIAA decided they don’t want their artists to be relevant to anyone who is big on streaming.
Okay no. This is garbage engineering. And yes I mean that - it doesn't get much worse.
It would be better if this wasn't a site you're supposed to stay hours on.
This embeds a YT video that is streaming in HD quality in the background, even though it's only showing me a gif, so it's already murdering my bandwidth to do something we could achieve with 30kb/s nowadays.
But because that isn't enough, this site is enough to get the fans of my laptop going. I'll probably be adding 20s to every bigger recompilation just to listen to music.
The stations are actually YouTube streams, if you open dev tools you can get the stream ID from the YouTube thumbnail that gets preloaded by the YouTube library.
Well it's not like I know a hundred lofi songs by heart or subscribe to lofi news but it serves as a nice background when I'm working alone in my apartment.
Yeah, that's pretty much it; lofi is loud enough to drown out intermittent noise in the area, while monotonous and simple enough to allow you to concentrate on whatever you're doing instead of on the music.
I like it, but I use it moreso for when I want to tune out noises in my surroundings with something other than say, "bird noises" or "distance thunderstorm".
Yes exactly, I usually listen to it when studying. With it on 25% volume and noise cancelling headphones it tunes out the world very nicely while avoiding dead silence.
https://lofi.chat/r/Hacker-news-310e9120
Good vibes only