Hey HN,
I’m the author, Haven has been my side project for a little while. The core idea is that we should be able to make it easy for anyone to host their own private webpage as an alternative to centralized social media.
A lot of the decentralized community seems to have chosen federated models as the solution to “self-hosting is hard”. I’m trying something different. With core web technologies as the foundation, my mom or my wife’s grandmother can visit my site with any web browser and I’m still able to exclude the rest of the world. For technical people, self-hosting is made easy with a one-line AWS deployment script, and an install script for the Raspberry Pi Zero W. I’d like less-technical people to be able to use this too so I’m exploring providing paid hosting as a service.
I think of Haven as a Facebook-alternative, but probably not a Twitter alternative. I see Facebook as selling itself more as “stay in touch with your friends and family” where Twitter is more about “see what interesting people are saying”. The latter has discovery as a core component. With Haven everything is private so discovery wouldn’t make any sense.
There’s nothing new here in terms of technology--server-side rendered web pages using Ruby on Rails, no javascript frameworks, RSS using HTTP basic auth. But also no analytics libraries or ad-tracking. Pages are lightweight and load really fast. I’ve even provided a limited ability to add custom CSS so you can really make your page your own.
I would love any feedback you want to share. Both from a technical or installation side, feedback on the public webpage, as well as thoughts on communities that might be interested to learn about Haven.
Thank you!
How is it secured and made private?
Found the code. Looks like basic auth. And, I can't find any password hashing -- are they being stored in the clear?
Also the author checked in a credentials and a master key to github
Rails uses the "master key" to let you check in encrypted database credentials. I don't use that but Rails still requires a key for deployment--so I just checked in a key. Rails is really designed for a codebase that matches to a single deployment so this is a bit of a workaround.