Lots of constructive things I want to point out. Don't think I'm bashing on the idea... (But you did post it as a Show HN so like most hackers I tried and find out how things work).
- I successfully created an account without paying. (Contact me through my email if you want details. You can find it in my profile).
- You write all of your clients details to disk. I can view them all here. http://learnmoreabout.it/ I can also overwrite other peoples tests. (Not sure if you are aware of this). (Could also be used as a very easy denial of service vector killing available inodes)
- Being able to access stuff like this is wrong. http://learnmoreabout.it/usr/share/base-passwd/group.master
- You have an active RAM disk which is readable through HTTP. I've been able to download and mount and read from it.
- You've got an SQL injectable page. (Took a while to find one, but it's there)
- You are doing validation that should be done on the server, via the client. (ie. Checking that the name doesn't contain invalid character.). So this ends up with people writing to directories they shouldn't. See the file directory 'thisShouldNotBeHere' within your web accessible /usr directory? http://learnmoreabout.it/usr/share/mysql-common/
I've uncovered way more information than I ever should have been able to (it was almost as fun as the Strip CTF). If you want any advice, I'm always infront of an email client... (and PHP is my main language)
You are definitely at a very early MVP stage, but already I'm reminded of this blog post from last week: http://blog.ryankearney.com/2012/10/never-give-your-informat...
And, in case anyone says I should have followed responsible disclosure, I prescribe to the same ideals as Silhouette in this comment. http://news.ycombinator.com/item?id=4619657
First off let me appolgize about the sloppy coding. Unfortunately I'm not a programmer, I outsourced the programming.
The information you posted is invaluable and I'll drop you an email shortly to follow up.
I've been using the same technique to test a market and have been struggling to figure out how shady this is. One on hand, it does feel like we're deceiving people, on the other hand, what we're doing is actually benficial to consumers. If they signed up, that means they want what it is that you're trying to build and they're letting you know it.
Although chrisacky flagged up some major issues in security above, there is more than one server/ domain running the system which they didn't discover. Once there is around 50 users on a server / domain I've created a new one.So thankfully chrisacky only managed to discover a small amount of users active on the service currently.
Why do I expect a high churn rate? Well, there are two options. Either the splash pages created with quicklytest.it get some traffic or they don't. If they don't get traffic the user will get demotivated and stop. Cancel subscription. And if the user does drum up attention for his idea? Then he's going to replace the quicklytest.it page with his own thing. Again, cancel subscription.
I like the idea, but it will be very tough to make money from it.
[1] Percentage of subscriptions canceled each month
It might not hurt to look into a higher one-time price point or I suppose you could base expected revenue with the assumption that most people may cancel after a month or 2.
I have thought this too, however the barrier of a higher price point was too much to stop people making that initial purchase.
I have done exactly what you have suggested and predicted revenue from a 2 month turnover.
This is no means meant to be 'startup' in the massive growth sense.
I like to build products that are useful for people. If I can earn some beer money out of it at the end of them month then great.
It's not just startups that I'm targeting, but individuals who might have a couple of cool ideas that want to make that first step and see if they're as cool as what they thought.
https://github.com/skorokithakis/landing-page
It has email list subscription functionality, just drop two templates in, and you're done. It uses AppEngine, so it's pretty much free to host, and easily extensible.
I don't subscribe to the idea of landing pages for non existent products but I feel that if lot of new products start showing such a message when there aren't many technical reasons to do so, no one is going to believe about the queue thing anyway. OTOH, people might start using it as a filter instead!
(2) And if you actually do have a good idea, ins't using this more like "quicklyspill.it"?
Given what chrisacky observed, this is not even close to an "MVP" since it's not even close to being viable.
thank you for the feedback.
1) I believe that a landingpage can validate and 'idea' as you can use it to gage interest, via the visitor clicking through for information, time spent on the page, number of times the visitor returns etc.
2) I think it's fairly well documented that ideas on their own don't mean anything, they have little if no value. It's the execution that counts and if quicklytest.it is the first step in execution then great! It gets you out of the door.
