I think it's a decent approach, in spirit. Don't use the domain name as suggested; come up with your own algorithm based on the website or whatever else. Combining a fixed string with a variable component based on the website is easy to remember and different from site to site. It's not too hard to make to make all your passwords long and complex with this approach, too. For most purposes- Thumbs up!
I think it all comes down to how you do the combining.
For example, if you take a fixed secret string, append the site name, SHA256 the whole mess, and then derive a password from the hash, that's reasonably secure and only requires you to memorize one secret. The downside is that you need to perform SHA256 whenever you want the password for a particular site.
But if you take a fixed password and merely concatenate something derived from the site name to get the site-specific password, that's not secure. You're counting on the attacker not figuring out your "something derived from" and that's security by obscurity. (Unless your algorithm involves mixing in some hard-to-guess secret, but then you're back at my suggestion above with a bit of extra stuff tacked on.)
This was just a response to the "'Aunt Tillie'-types" comment and replies. I'm not trying to preach to the HN reader. If the average user were setting a password for their google account, and their fixed string was U$erN4m3* and their variable component was the URL backwards moc.elgoog, to create the password U$erN4m3*moc.elgoog they are far, far beyond typical password security. You, Sir, with due respect, are correct, but are a few steps past practical or easy to remember.
