1. the browser downloads generic JS libraries from the main site
2. these libraries then decode the fragment part, and transform it into the UI
If that's correct, someone still has to host or otherwise distribute the libraries - hence why you need the app to use it while offline (it ships the libraries).
This is not criticism, I'm just trying to get my head around how it works.
Crazy to hear someone reading about something today, that been around since the 90s and probably is one of the first parts you touch when doing web development, but I guess you're just another one of the 10K lucky ones :) (https://xkcd.com/1053/)
Yes, it's not communicated very clearly.
You still have to share the link somewhere, why not just share a block of text (invitation, campaign, whatever) directly instead?
I think its just for fun :)
There are also the Pico-8 cardridge format, where a game is stenographically embedded in a PNG https://github.com/l0kod/PX8
And the Piet and Pikt esolanguages where the visuals are the code: https://esolangs.org/wiki/Piet https://github.com/iamgio/pikt
> present everywhere
> Still here when the internet isn't
I'm afraid the OP may not have full understanding of how internet works. This is either some kind of a post irony, or some vibe code fever dream.
Either way, I'm deeply confused.
Besides loading the frontend resources, is there anything else that wouldn't work? Seems like a simple idea, so as long as the assets could be loaded, you'd be able to "load" the "apps", wouldn't you?
Now for online, the data is in the URL already, publicly available (unless shared privately), and the "loader" is still served from the server, so you have to trust the server not to exfiltrate the data.
Literally says in the submission title and the website itself: An entire website encoded in a URL.
And yes, the domain part of the URL might not work, but whatever URL you use locally would work just as well if you switch the domain, unless I'm missing something.
> Now for online, the data is in the URL already, publicly available (unless shared privately), and the "loader" is still served from the server, so you have to trust the server not to exfiltrate the data.
Yes, the data is in the URL, seems to be the single point of this entire project. I don't seem to find any "server" doing anything of worth here, all the meat really sits in the client-side code, which you can serve however you like, might even work through file://, haven't tried it myself.
It is very much not, open the network tab on any of the examples, behold.
Ok, using https://nowhr.xyz/s#yzXyzs8PcDbxyQ_0KbYMzzRNytKNyE0JDM0x8zT2... as found in the HN comments as an example.
Not a single one of those requests contain the string "This is a message site. I guess. Just checking.", or did I miss something? All it seems to load is the "website loader", which is the part that decodes the URL (locally) and displays you "the website".
So assuming you have local access to the loader and you have the parts from the URL, you'd be able to load it.
I'm not sure if y'all are consciously misreading how this is supposed to work, or if I'm misunderstanding what y'all are complaining about. It's not "A public internet website can be loaded if you're not connected to the public internet", it's "websites loaded in this way can be loaded this way as long as you have the loader".
this works as a "url" in both chrome and safari:
data:text/html, <html contenteditable><head><title>notes</title></head><body><textarea rows=36 cols=140></textarea></body></html>data:text/html,<pre onkeyup="(function(d,t){d[t]('iframe')[0].contentDocument.body.innerHTML = d[t]('pre')[0].textContent;})(document,'getElementsByTagName')" style="width:100%;height:48%;white-space:pre-wrap;overflow:auto;padding:2px" contenteditable></pre><iframe style="width:100%;height:48%">
javascript:(function(){navigator.clipboard.writeText(`${window.location}#:~:text=${escape(window.getSelection().toString())}`);%20console.log("copied!");%20})();
For example it will give you this: https://news.ycombinator.com/item?id=47888337#47888930#:~:te...
But would this mean encoding the entire dist folder after build step?
> Private through physics. Not through policy.
Goodness, LLM really convinced itself this was groundbreaking.
You could describe a .html file sitting on your computer with all of the same marketing bluster.
Someone has to send it to you all the same, and you might as well not rely on some random internet service to render it??
So, its just like sending your sites link through email/whatsapp or any other channel. I don't know what the real usecase for this idea could be!!!!
Now, the idea that entire apps can be shared via a link in a Signal chat or a QR code on a flier is a fascinating bit of compression and potential for archiving.
Imagine games shared on paper QR codes at a meetup.
Oh but here’s the rub, do you trust the arbitrary code you just scanned off of a QR code? TLS has become a proxy for trusted authorship. “Well if it’s really coming my bank then it’s probably safe”
Markoff•1h ago
A URL fragment is the part after #. The HTTP specification prohibits browsers from sending fragments to servers. The server that delivers the page never receives the content, never knows which site you are viewing, and has no way to find out. No content is collected, stored, or logged. The privacy is structural.
A site that was never put on a server can never be taken off one. There is no account to suspend, no host to pressure, no platform that can decide your content should not exist. Each copy of the link is a complete copy of the site data.
Site creators can encrypt the URL itself with a password. Even possessing the link reveals nothing about what is inside.
https://github.com/5t34k/nowhere
card_zero•1h ago
brazzy•1h ago
Technically true, practically a lie. Because that server delivers the Javascript which decodes and presents the content, and that Javascript absolutely has the ability to inspect, modify/censor, and leak the content (along with fingerprints of the browser).
> no host to pressure, no platform that can decide your content should not exist.
Except for https://nowhr.xyz, which becomes a single point of failure for all of these sites...
wateralien•1h ago
embedding-shape•1h ago
Unless that site A is encoded in a format that only one other site B on the internet can decode and "serve" (even if it's all client-side) so whoever wanted to block site A would just block site B as a whole.
jdiff•1h ago
oersted•50m ago