Show HN: Markdown HN profiles at {user}.at.hn

Original Article ↗ Hacker News Discussion ↗

Overall reception

  • Many commenters find the idea fun, simple, and well-executed; some even initially assumed it was an official HN feature.
  • Several praise the opt-in model as respectful and ethical, though there’s lingering distrust of software projects in general.

Technical implementation & subdomains

  • Subdomains are presumed to be handled via wildcard DNS (e.g., *.at.hn → single app that parses the requested subdomain as username).
  • Example Cloudflare setup with an A record plus wildcard CNAME is discussed.

Bugs, edge cases & UX

  • Multiple users get “Internal Server Error 34,” often with mixed‑case usernames or empty profiles.
  • Uppercase usernames and underscores cause issues due to case sensitivity in APIs and case-insensitive DNS; the author is looking for a graceful solution.
  • Encoding and markdown quirks break PGP blocks, bullet lists, and some URLs; link auto-detection by the marked npm package is unreliable.
  • Caching means profiles don’t update immediately; using ?refresh forces an update.
  • Some report that pages work without adding the opt‑in slug; behavior seems inconsistent and partly due to temporary testing and stale states.
  • WebP support and HTML validity (meta/style tags outside <head>) are briefly questioned.

Security & sanitization

  • There are concerns about XSS from unsanitized profile content; commenters provide sanitization libraries.
  • A concrete example shows a <script>alert(1)</script> tag initially executing, implying earlier gaps in sanitization, later claimed to be fixed.

Privacy, legal, and data use

  • GDPR applicability is debated: some argue opt‑in and public data re-use is likely fine; others stress that it’s still data processing and should be considered.
  • Suggestions include deleting cached profiles when users remove the slug.
  • Another thread debates copyright: HN’s license grants rights to Y Combinator, not necessarily to third‑party scrapers, though many argue de facto acceptance via the official API and existing mirrors.
  • Concern is raised that putting usernames into domains exposes them to ISPs and other DNS observers.

Extensions & related ideas

  • Ideas include exporting all HN comments as a blog, linkblogging via favorites + RSS, adding analytics or “cohort graph” views of user interactions, and karma/upvote–downvote ratios.

Domain & ecosystem tangents

  • The .hn TLD (Honduras) and the short at.hn domain are discussed as relatively costly but acceptable for a hobby project; renewal appears moderate.
  • Some worry about TLD stability but consider it sufficient for this use.
  • A tangent explores how OF‑style spam might try to exploit such profile services, with debate over how serious a risk this is on HN.