Wow, so, I might have shut down the whole room by typing in the chat <script>window.close();</script> That room is a giant XSS disaster waiting to happen.

Yes, you did. I wouldn't recommend going to the site on your own machine because of the security hole. They should fix this as soon as possible.

Yeah, I fixed that. It was just a weekend hack. I think the Goatse guy forced my hand

Thanks for fixing it, and sorry about the window.close() thing :P Very cool; its mind-blowing how simple the code is. Can you post some of the server-side code?

Don't worry about it. It was pretty funny.

I'm going to probably release a NodeJS/Socket.IO version then do a blog post comparing the two and release all of the source code. Should have the Node one up in a day or two.

You did, it closes now almost immediately after opening.

Its not working for me Brian, which is a shame as I was going to draw some male genitalia.

Don't worry, I got you covered

Only works with WebSocket browsers. You'll need Chrome or Safari

Nice hack. In case you are using Node.js in the back end, you might want to check out socket.io. Provides Websocket support as well fall back transports for browsers that don't support WS.

I'm using EventMachine with em-websocket for the backend. I might convert it to Node w/ Socket.IO to see if there is a performance difference.

I got chrome here somewhere, thanks for the TIP.

But it is not working with iPad's safari version

Really nice to interact live with strangers like this! I always thought HN guys were a bit more matured, it was funny to see every other 2nd doodle was of a dick!

Nice alternative: http://mrdoob.com/125/Multiuser_Sketchpad_HTML5

Looks like 40 concurrent users is the max. Process crashed but its back up now

Can you spawn a new whiteboard when more than 40 users join?

The error was due to a bad string message not parsing properly. I fixed it in the client and should be fine for new users now.

But performance gets pretty crappy at about 40 concurrent users anyway. :p

Firefox 4 Beta 8+ users can enable websockets by toggling network.websocket.override-security-block in about:config. It still doesn't work in the latest nightly, though, as I can't draw anything.

Websockets were disabled in Firefox 4b8+ because of supposed security problems in the protocol.

I just removed logging, which was causing the process to block so it could write to STDOUT. That should increase performance with tons of users.

I see you are a Rails dev. I imagine in the backend it's something more than a Rails app. What's your stack like?

I'm using EventMachine with em-websocket. But I might rewrite it in NodeJS to give that try with Socket.IO

Pretty cool. It'd be nice if you could change your color -- I was yellow and that was hard to see.

The colors are assigned based upon a mod of your SID. So just refresh the page if you want a different color

This is cool. However the HN crowd seem to be just drawing deformed penis pics on it.

you might want to escape those text messages.

Yeah I know, I was eating lunch when it went crazy

Doesn't work for me Chrome 9.0.597.98 beta on Ubuntu :( Possibly because all HTTP traffic has to go through a proxy server, the company block all outbound traffic, and require a proxy server.

The websocket is also on port 8080 so that could be an issue

I took a quick look. It's a cool demo but it's inappropriate to link to it here when there are obvious XSS issues.

Cool. only one wiener on the whiteboard now. I can see this descend into chaos in a few hours.

Whiteboard doesn't work very well with trackpads...

XSS fixed (I hope)

3 letters: XSS

yeah, it was pretty hackish not to plug that. But it should be plugged now

That's awesome – nice work.

ok, that's kind of cool. Thanks for fixing the XSS.

Fun!

So fun drawing trollfaces