Exe.dev
exe.devhttps://blog.exe.dev/meet-exe.dev
https://exe.dev/docs/how-exedev-works
https://exe.dev/docs/pricing That must be worst website ever made. Zero information available on mobile. I thought it is some kind of portfolio site that does not work on mobile. Not a mobile issue. I am on desktop and had no idea what this service was because nothing on the initial UI explained what we were looking at. I went and double-checked when people here were talking about pricing and VMs. From the home page, I figured it was some text-based game or experiment and closed the page. It looks like some people who work there are watching this thread, so to them I say: You have got to explain what this is, not just say "the disk persists..." and expect people to dig deeper. Most aren't that curious. >From the home page, I figured it was some text-based game or experiment and closed the page. Same, my first thought was that it's some pentesting game where you're given a VM and your task is to somehow break it. The line "the disk persists. you have sudo" sounds like game rules. It's odd to see how people are not accustomed to plain websites anymore. You click the 'About' link in the footer, and get a direct explanation of what it is, pricing and the entire documentation. What is the purpose of the landing page of this site, if it conveys nothing? Sure, 'about' explains what it is, but then from there I need to go back to a page that's called 'all docs' to see the link to pricing. Don't defend this. It's not plain. It's obtuse. A properly designed plain site will have the following text front and centre on it's hero: "virtual machines in the cloud with persistent disks and sudo, starting from $20/month." why do we need to click anything? Why wouldn't the relevant information be there in the initial view? Gatekeeping mechanism. This effectively filters useless traffic and trash contacts. You’re right that it probably filtered out a lot of traffic. Traffic that may have converted to users if they didn’t meet such a useless landing page Even the 'About' page doesn't have much information either though All the About page contains is: > exe.dev is a subscription service that gives you virtual machines, with
persistent disks, quickly and without fuss. These machines are immediately
accessible over HTTPS, with sensible and secure defaults. You can share your
web server as easily as you can share a Google Doc. With built-in optional
authentication, so you can focus on your thing. > Your VMs share CPU/RAM. Create as many VMs as you like with the resources
you have. You truly, honestly believe that to be the real problem? Come on. You don't need to do whatever this is. The website has a huge `ssh exe.dev`, so I'd expect that running that works, but: you don't need to register the key. just have some sort of key. I thought it was one of those game sites where you had to "hack" it every step of the way to advance the next level. It's kind of funny our experiences are so diffent. I almost immediately surmised it's some sort of on the fly generated vm you can access via a ssh jumpserver. Which it is! It's actually really neat. It's quite obvious that the authors want us to just ssh into it and try it out first. > I almost immediately surmised it's some sort of on the fly generated vm you can access via a ssh jumpserver How? It just says `ssh exe.dev`. Unless you are clairvoyant. "ssh exe.dev" is exactly the Linux command you would use to connect there via ssh. And it's stylized like command prompt. The question wasn't "how to ssh into a server", it was "how did you figure out what it it from looking at the website" Because it literally tells you what to do How to ssh into a server isn’t a question, it’s a command. Being pedantic, I meant statement not command. "exe.dev is a subscription service that gives you virtual machines, with persistent disks, quickly and without fuss." scroll down and hit the
"about" link. I do agree though the landing page could be more resourceful. I'm not going to SSH to a random server. That's my point, the home/landing page tells you nothing other than "try to ssh into this van" All a malicious website has to do to be convincing is to have a more conventional landing page then? The disk and sudo mentioned are good enough clues, then you have the about. Where did I say that, that wasn't a topic I just commented on the *entirety* of the content on the landing page. > The disk and sudo mentioned are good enough clues I mean, you do you and let's agree to disagree about a good landing page UX. tbh maybe this service doesn't want you as a customer if you can't figure this out. it seems like you'd be an above-average support burden Are you honestly suggesting that startups should be picky about taking on customers? That’s probably the oddest thing to read on a tech VC forum. The lading page was garbage. It’s forgivable because designing goods landing pages is hard. But inventing wacky ideas about why a bad landing page might have some hidden genius, isnt constructive feedback Why are you giving in to such a troll/AI/low effort comment. If the page was some genius implication and I were too stupid to get it then his comment had a good point. The page has a random ssh command and this dude thinks it's genius. You made me lol > I'm not going to SSH to a random server. Opening a random website likely exposes you to more risk. Likely? Definitely. Except it doesn't trigger the keyboard on my phone and I can't interact with it. It's not interactive. It's just an extremely brief brochure for the actual service, which is available via SSH. All the useful copy is under the About link at the bottom, which is so light as to fail WCAG contrast standards. Ah, that makes sense, thank you! You are not the target audience if "how" was not apparent to you I am the target audience and I still had no idea what the site was promoting from just the landing page. Someone else said it's not actually interactive. So which is it? The "how" is very obvious, but not the "why". I'd assume this much would be very apparent from the OPs complaint, but apparently not I guess... I became target audience after I had a cup of coffee... I mean, I've done engineering work for the last 15 years on most layers of the stack. Seeing an ssh command into a fancy url does not tell me anything about what that is going to accomplish. But yeah, you must be right. Yep, with no privacy policy published. Exactly. Agree, I finally found information via Homepage -> blog -> docs -> "all docs" button: Which has an about and pricing etc. That is very counterintuitive to just find out what this is. I was confused too. I first thought I should open up my terminal and just enter `ssh dev.exe` and this would be some kind of ssh-based interface? Honestly my first thought is that it would be one of those cool dev hack / art projects like the old starwars traceroute to 216.81.59.173 It didn't read as a company with products at all to me from the front page. Just a cryptic " The disk persists. You have sudo." with links to "Login" and "About * Blog * Discord" --- no pricing link, which made me think it was a weird hobby / art. ssh exe.dev works I wouldn’t go that far but some link to pricing and documentation would be useful. I have absolutely no idea what the offering is here without those pieces of info. Their pricing page says that it's currently a free trial. That link isn’t really easy to find from the home page is a large part of the gripe here. You have to click About in the footer, remain curious enough to click All Docs on that page (which Pricing isn’t usually a part of “docs”), then all you get is a Pricing paragraph that says “Plan options for individuals, teams, and enterprises.” Not very helpful until you realize the heading text “Pricing” is a plain colored link to this pricing page with more info. The whole UX of this site is garbage and what has fostered so many gripes here. Yeah. I managed to backtrack my way to the pricing through the about page. It's really annoying when you're interested in a product but can't find a price. The exact text on mobile is > ssh exe.dev > The disk persists. You have sudo. I've seen enough of these kinds of services in my lifetime that I also immediately knew what it was, for example sdf.org, which is one of the OG services, and various "tilde" services like tilde.town. I thought the same, but it’s not quite like either of those things. It has their same benefits but way more flexibility with its VM model. It offers auth, and will forward most ports for developer access. All this was totally lost on me from looking at the website. “I already have tilde and sdf, I don’t need this.” If I hadn’t looked into the comments I would still think that. I can see > ssh exe.dev > The disk persists. You have sudo. on mobile It is showing non-stop loading blink but nothing happens. And cannot open keyboard if that is needed. It is like big CTA but does not do anything. Very strange landing page for maybe cool product. It’s not a loading blink, it’s just some text telling you what the service is it's a cursor ready blink I think knowing what the ssh command does is a pretty low bar for this platform That as my first thought too. Landing page may as well be an empty page Hyperbole much? I'm on mobile and think it's great. I wish more websites were like this. Just straight to the point instead of all the regular marketing fluff you need to decipher. pricing information and what it does/how it works is not marketing fluff It is not ”to the point”. I thought it was a web game. Agreed.
Target audience will understand instantly This thread seems to reflect how the HN audience has shifted — less commenters know what `ssh example.com` does and more commenters concerned about privacy policy. i'm not sure what you mean; the demo runs with the ssh command in the centre, there's an 'about' link at the bottom, and that links to a docs index it's fiine i think Come on guys, it literally says 'ssh exe.dev' Yeah, and it really is not I would want to do, just like diving into unknown water that sparkles weird.. It's an instinct, can get past it but to get more info about the service... nah. That's okay, you're not in the target audience is all. If their target audience is someone who remotes into a random machine because a opaque landing page them to, it's probably not gonna work very well. Those people are too busy sniffing glue. It would be funny if it was literally the best website I've seen in like a year... ... which it is. Did you try clicking one link into "about" and reading one paragraph of text? So I tried this the other day after Filippo Valsorda, another Go person, posted about it. My reaction was 'whoa, this really makes it easier to start a quick project', and it took a minute to figure out why I felt that way when, I mean, I have a laptop and could spin up cloud stuff--arguably I already had what I needed. I think it's the combination of 1) really quick to get going, 2) isolated and disposable environments and 3) can be persistent and out there on the Internet. Often to get element 3, persistent and public, I had to jump through hoops in a cloud console and/or mess with my 'main' resources (install things or do other sysadmin work on a laptop or server, etc.), resources I use for other stuff and would prefer not to clutter up with every experiment I attempt. Here I can make a thing and if I'm done, I'm done, nothing else impacted, or if it's useful it can stick around and become shared or public. Some other environments also have 'quick to start, isolated, and disposable' down, but are ephemeral only, limited, or don't have great publishing or sharing, and this avoids that trough too. And VMs go well with building general-purpose software you could fling onto any machine, not tied to a proprietary thing. This is good stuff. I hope they get a sustainable paid thing going. I'd sign up. Also, though I realize in a sense it'd be competition to a business I just said I like: some parts of the design could work elsewhere too. You could have an open-source "click here to start a thing! and click here to archive it." layer above a VM, machine, or whatever sort of cloud account; could be a lot of fun. (I imagine someone will think "have you looked at X?" here, and yes, chime in, interested in all sorts of potential values of X.) > persistent and public I don't think that it's actually public? From one of their explainers, no public IP is assigned, so you'll need to ar least have to use an additional service like Cloudflare Tunnel to use it for hosting anything. [exe.dev co-founder here] You can make it public! Our TLS proxy supports it, and supports CNAME rules (plus a top-level trick) to let you put a domain name on it. To make the HTTP server on port 8000 of your VM public run: Any plans to support non web stuff? For non-web stuff you will need a static IP. We plan to support that in the near future: https://github.com/boldsoftware/exe.dev/issues/6 Could also support sni/sslh style stuff to support more protocols without static IP. We could! Do you have any in mind? I can file issues for them. I'd love to see XMPP support especially, which I know sslh supports. FWIW, here are (mostly) their agent's tips for other agents from exploring a mostly-new system including tidbits like how to get recent Node: https://s3.us-east-1.amazonaws.com/1FV6XMQKP2T0D9M8FF82-cach... It's very much a snapshot of what happens to come on a new VM today, and I put a little disclaimer in it to try to help tools get unstuck if anything there proves to be outdated or a flat-out (accidental) lie. The individual plan says: — $20/month — 25 VMs — 2 CPUs — 8GB RAM — 25GB disk — 100GB bandwidth Is this 2 CPUs/8GB RAM per VM (in other words, 50 CPUs/200GB RAM)? If so, this is an unbelievable bargain (too good to be true?); other cloud providers charge hundreds of dollars per month for an equivalent VM. If, OTOH, it's 2 CPUs/8GB total, Hetzner offers an equivalent VM for about $5/month (with much more disk and bandwidth), and I'm not sure what the exe.dev value proposition is. (I'm also not sure why one would want to split 25 VMs across so few shared CPUs/such little memory.) No I apologize for the confusion (exe.dev person here). What is different about this service is you get dedicated resources that you share between your VMs. The initial allocation is conservative, we want to give people more (or drop the price). The goal is to reduce the marginal cost of creating a VM to zero. Instead of installing a container manager or using Unix users, just make another VM. (I will get a better version of this table online tonight.) You guys really need to work on simplifying your communication on your website. I was also very confused about how the 8GB - whether it is per VM, shared etc. I thought it was pretty clear from their documentation. And it solves an issue I have. They’ve found a customer in me. >Instead of installing a container manager or using Unix users, just make another VM. What is the advantage of this? Unless you need something exotic like different kernel configurations per instance, what's the problem with using containers on the same instance? BTW, a Hetzner dedicated server with 2 CPUs/8GB RAM that would let me run my own hypervisor is about $14 USD/month. For anyone who's a big enough power user to care about the distinction of running distributed workflows on VMs versus containers, I'm not sure that an extra $5/month is worth your "hypervisor as a service." But then again, HN commenters infamously poopooed Dropbox [0], so what do I know? :-) Containers aren’t enough for me. I like to do things like create TUN devices, run docker compose, etc. I believe the VM is a fundamentally better abstraction. Consider this: sometimes when you are using a VPS, you start a new project and say to yourself, "I should put this on a new VPS." Not all the time, but it does happen. And when it does, we are faced with the problem that starting a new project immediately costs us $X/month. I would like a new project to initially cost nothing. > create TUN devices Is that possible and useful with exe.dev? The docs say: On the networking side, we don't give your VM its own public IP. Instead, we terminate HTTPS/TLS requests, and proxy them securely to your VM's web servers. For SSH, we handle ssh vmname.exe.xyz. > run docker compose You can run multiple compose stacks in a single VPS. > you start a new project and say to yourself, "I should put this on a new VPS." I never did that. Tun devices are possible and useful on exe.dev today, because it means, for example, you can install the full copy of Tailscale. But to your point: if a single VPS meets all your needs and you do not feel constrained by the marginal cost of another VPS then the exe pricing model is not going to bring you much value. Perhaps the automatic TLS termination and auth proxy with link sharing is useful. But if not, then it sounds like you are well served by existing products. Is exe.dev just a better version of sketch.dev or do they both have a different use case? > dedicated
Are plan CPUs pinned/reserved (dedicated) or time-shared with other customers under load, and what contention should I expect? Is rsync installed in the stock vm environment by default? Asking for a friend… [exe.dev co-founder here] Would love it if Tailscale came pre-installed! Or even better: some simple way to make it so every VM I start up is automatically/easily part of my Tailnet. p.s. thanks for making Tailscale. And I'm loving exe.dev so far! [exe.dev cofounder here] That's a good idea! I will add it to a list I have for exeuntu. Automatic login would be really nice, let me see if I can figure out how to do that. Thanks for trying exe.dev! emacs! The docs remark “VMs share the resources allocated to the user” so I interpret as resources allocated to your account, VMs provisioned within those limits. The value proposition appears to be CLI cred. That's decent value considering the price of a vps is close for much more work. The only difference is the bandwidth: vps in europe givr you 10 tiles that, unmeterred. Very cool for training: I can make people log into those vm and deploy nginx just for learning. It's not actually a VM - it's a container, and they are fundamentally different. This feels like false advertising. I guess the question is: can I run systemd services ob their VMs? If not, then yeah that’s false advertising. But my perception from the homepage is you can. Am I wrong? You have got to make a better website design. I'm a very curious person so was able to figure out what this was but you cannot expect all visitors of your website to be that way. Also, stop charging for SSO/OAuth2 integration. Seriously. There's a huge list of services that stupidly charge for SSO/OAuth integration at https://sso.tax, and this list needs to get smaller, not grow. SSO doesn't cost anything to implement. Especially if I'm the one hosting it on my own infrastructure. [exe.dev co-founder here] Hi. Re: oauth2, the last product I built, Tailscale, only did auth by oauth2. I chose this because 1. businesses need it anyway, and 2. passwords are terrible. But it was a choice that does not come for free. I dread a page of buttons for third-party services, and the control I give them over my life. I hate that I never know if I should log in with GitHub, or Google, and for a dozen services I have multiple accounts because I got lost in the miasma of oauth2. Still, it was better than passwords! But since the last product I built, the world has changed. We have passkeys now. Which are superior in every way for individuals using a third-party service. You get better UX. You get better privacy. It is a fundamentally better technology. I did not list SSO under teams because I want to "tax" people. I did it because SSO only makes sense for businesses, where an administrator controls accounts, and can delete yours when necessary. There, oauth2 is the best technology we have. But for individuals, it is a dead technology. I am reluctant to make everyone's exe.dev experience worse for legacy tech. Appreciate you not following Tailscale's authentication many SSO provider approach. It makes sense for teams/business, (Tailscale's customers) but creates some confusion and extra friction for casual homelab users like me. I have a note in 1Password for tailscale.com just titled "USE GITHUB AUTH". Passkeys work great for me and I greatly prefer them. Exe.dev I think is the first service I've seen that's so passkey centric and it makes a lot of sense. "We" don't have passkeys now. Many functional android devices are not being upgraded to the latest Android versions, and simply will never get true passkey support that isn't locked away inside of Google's vault. Passwords are much better than the OAuth2 coolaid, and passwords will still be better as long as older devices can't support passkeys due to arbitrary restrictions. I don't see how Oauth2 is a legacy technology. It will never be until all of the problems of passkeys are solved. And I very much wouldn't just dismiss oauth2 as something only businesses have, because Oauth2 does have its uses where it can convey information a passkey cannot. The only people who care about SSO are large enterprises. Coincidentally, large enterprises also are the only customers that make SAAS profitable. Every other plan is part of the sales funnel to the big enterprise contracts. > The only people who care about SSO are large enterprises. I can't tell if this is sarcasm or not. I'm going to assume that it is, in fact, sarcasm. Because this is definitely untrue in reality. Is this meant as sarcasm? I run a bunch of services for friends and family, things like Immich, wallabag, mealie etc. Less than 10 users, but do you expect me to crate and maintain separate accounts for each one for every service? The SSO tax is stupid. If your whole business model is based on putting SSO behind a paywall, it’s a sign of a broken business model. I signed up and started a VM. Didn’t really expect the default chat interface at boot. I’m currently on my iPad and would probably have bookmarked it for later, but now I’m playing with it. Cool idea :) Edit: it comes out of the box with screenshot capabilities. The defaults on this are very well considered. Im impressed within the first 15 min.
Edit2: this is very neat. I will be recommending it to my non-coder friends who don’t really have the local setup to use Claude but would like to try a Claude-like tool. This is cool. I am currently using GitHub codespaces and I would love a version of it with nothing but a web based terminal. I don't need all the other windows they put around it. This might be it. Trying my way around it now. Not sure what is going on: [exe.dev co-founder here] Hi there, I am not sure exactly where you are, but your VM is ubuntu derived and definitely starts with apt and bash. Perhaps try `ssh yourvm.exe.xyz`? Thanks for trying it! I can't use a native ssh client. I am using a browser. I clicked on "Shell" on top of the screen. Oh, I think I found a real shell now! You have to click "VMs" then on the VM and then "Terminal". Yay, this is great! While at tailscale you built sketch.dev only to actually build this product ? Love it. Ultimate yak shave.
Kind of how like Antithesis was the product inside foundationdb. What you connect to first is the exe.dev jump server/management interface. You can ssh into your vm from there. Try typing help Nmap 52.35.87.134 (exe.dev)
Returns many open ports I wish they'd auto auth you with Github based on your pubkey, in a similar spirit to `ssh whoami.filippo.io`[1]. That would remove so much signup friction. SSH is really the only protocol you can do shenanigans like that over, it's a shame not to use them. [1] (seems overloaded right now) https://words.filippo.io/whoami-updated/ That is neat trick, and interesting to know that's how ssh git@github.com works, but that does not feel practical for a real usecase. Aside from relying on a scrape of the Github users API (there's no "look up user by pubkey" API), what if I wasn't expecting to automatically log in with Github? Wouldn’t that be solvable with subdomains? Eg ssh crabmusket.github.exe.dev Absolutely. For example, if I use specific SSH keys for specific hosts. Oh I’m going to need more info than this. It’s a service that provides persistent disk and VM’s but doesn’t tell you what those shared resource limits are, what the pricing is, or anything other than to ssh in… Hello, an exe.dev person here. There are some very early docs, exe.dev/docs (which are also accessible over ssh once you ssh in). There is a lot more to come, very early days, please bear with us. I was not expecting to see it here today. I have played with it and it's so easy get started with that now I want a quick-project idea as an excuse to use it! I'm sure you've thought of this, but: lots of people have some amount of 'free' (or really: zero incremental cost to users) access to some coding chat tool through a subscription or free allowance like Google's. If you wanted to let those programs access your custom tools (browser!) and docs about the environment, a low-fuss way might be to drop a skills/ dir of info and executables that call your tools into new installs' homedirs, and/or a default AGENTS.md with the basic info and links to more. And this seems like more fuss, but if you wanted to be able to expose to the Web whatever coding tool people 'bring', similar to how you expose your built-in chat, there's apparently an "agent control protocol" used as a sort of cross-vendor SDK by projects like https://willmcgugan.github.io/toad-released/ that try to put a nice interface on top of everything. Not saying this'd be easy at all, but you could imagine the choice between a few coding tools and auth info for them as profile-level settings pushed to new VMs. Or maybe no special settings, and bringing your own tools is just a special case of bringing your own image or setup script. But, as y'all note, it's a VM. You can install whatever and use it through the terminal (or VSCode remoting or something else). "It's a computer" is quite a good open standard to build on. Is the chat descended from Sketch? Thanks! We are thinking a lot about how to prepopulate VMs. The first thing we are going to start with is a fast ‘clone’ command, so you can preconfigure a base VM then make as many as you like. Lots of other ideas floating around too. Re sketch: the code is not the same but the agent is deeply inspired by it. Eg the screenshot support, which just seems obvious to us. Philip has done the heavy lifting here, he hangs out in the discord if you want to chat about it. Prelaunch scripts. Snapshots. There’s plenty of ways to prepopulate a vm. What’s tricky is replicating that so it’s available across the “nodes” they have. Man, this brings me back. Kudos to you guys! Just find a better solution than Ceph or minio. When you create a new exe.dev VM, you can tell Shelley what it's for. I've had fun results from, "surprise me". Also, telling Shelley to get inspiration from the VM name can be fun. This kind of stuff is right up my wheelhouse so curious how. I love the idea of just ssh in and do your thing. I’ll bookmark and come back when there’s some more info. Things are going to move fast… i got to try exe a while back and i have to say, the "Login with exe" [1] is probably the most magic thing i've seen since tailscale :) The problem without having consent is that it's easy to track who is using your service. Because there's no consent, they can redirect you to login and back, and grab your identity, without you doing anything other than loading the page. That's called forward auth - or proxy auth You can do the same thing - with the added burden of actually having to set it up once ... After you set it up, it's however just as trivial to add new systems like with this linked example. I got pretty much everything I'm self-hosting like that via keycloak (which itself let's me do social with via GitHub and Google etc pp) and a very similar nginx config like it's shown in these docs. But the initial setup took multiple hours, even if the adding new services which support forward/proxy auth is extremely easy now. (Jellyfin sadly doesn't as an example) Just saying it in case you want to check it out. I think it's fantastic they added that/provide this to their platform - it's a wonderful value-add I think running and managing and possibly misconfiguring a keycloak java monolith would be exactly what I'd want to avoid which is why it's cool that they offer this. There are a lot other identity providers around you can pick from, I merely mentioned it as I personally use it, as it's so easy to run and integrate with social auth - and comes with features such as simple password-less auth. The forward auth/proxy auth is not a keycloak feature, it's a proxy feature, which just need some identity provider. If you look for the mentioned term via Google or AI/llm you will find multiple options, some of which are as easy to setup as a simple docker run cmd with an open port I.e. https://docs.goauthentik.io/add-secure-apps/providers/proxy/... Dang, everything about this feels really well considered. Semi-throwaway, nearly bare-metal machines that I can put on the internet with basically 0 config? I'll take [exe.dev co-founder] Or don't throw them away! The disk persists. And thank you! Sorry if I missed this in the docs, but how robust is the persistence? ie is it the disk that comes with a standard AWS VM? or is it a share backed by e.g. Ceph with multiple redundant copies? Details coming in the next few weeks. The contents are regularly replicated to a disk cluster, though we have some more experimentation to do before we commit to exactly how frequently. This space has a lot of trade-offs, we believe we have found a new and interesting one. This is freaking fantastic. However, as a community college instructor I would like to have this self-hosted on a computer in campus. Excluding the CLI niceties, etc., it shouldn't be to hard to get a similar setup with Docker et al, right? (not for production) It's not possible to run real VMs with docker (though you can get something similar with qemu). VM isolation is also much stronger than docker's, and VMs tend to be much more secure. But if you just need a shell then yes, you can make something similar with docker. I really enjoyed using this service. I signed up on my phone two nights ago, (using termux + ssh) and then used the builtin web agent to setup a small webapp. I was up and running with an HTTPS server in minutes, since all the HTTPS certs are automatically taken care of. I'm not using it yet, but the way that it handles sharing looks incredibly sweet: an excellent way to take "home-cooked software and bare-foot developers" "perfect software: an audience of one" from one to a few / many people. Just sharing links that people can easily sign into, without having to build a whole auth system seems ridiculously easy here, and that is super cool. You don't have to think about it, you can just build your app: this fills a huge gap that makes making connected online software so much easier. https://outofdesk.netlify.app/blog/perfect-software https://news.ycombinator.com/item?id=46334206
https://exe.dev/docs/sharing I used the included Shelley agent, which has a perfectly adequate simple web ui, to do all development. It was able to debug a bunch of pretty gnarly problems, using screenshots & scrolling down to get check it's work. My output is a super simple site, very close to vibe coded, in ~90 minutes, but I quite enjoyed setting up a little guestbook project here: https://nan-falcon.exe.xyz/ I'd be interested if I knew who was behind the company and could reasonably trust that I wasn't going to get my data stolen etc. Hello, I am behind this company. My co-founder Josh Bleecher Snyder has also been hanging around the internet for a while. There are several of us hacking away. It is very early days, we have a lot of work to do to earn your trust but it is my intention to do so. Pulled from your Github, just to make it easier for folks to make sense: > David Crawshaw - before this, CTO and co-founder of Tailscale > Josh Bleecher Snyder - was a Director of Engineering at Braintree, amongst other things Both are also early Go engineers and developers who hacked on the Go stdlib for years. Most people in the Go community know them. Great people, and the idea speaks for it. I wish them best of luck. The devs are long time Go and Tailscale hackers, and have earned my trust several times over. They will earn yours too, I bet. Yeah it sounds pretty promising. Will def keep an eye out. Even just knowing who the humans behind the project goes a long way. Interesting interface. Some feedback: > What is exe.dev? > exe.dev is a subscription service that gives you virtual machines, with
persistent disks, quickly and without fuss. These machines are immediately
accessible over HTTPS, with sensible and secure defaults. You can share your
web server as easily as you can share a Google Doc. With built-in optional
authentication, so you can focus on your thing. > Your VMs share CPU/RAM. Create as many VMs as you like with the resources
you have. Source: https://exe.dev/docs/what-is-exe Looking at the pricing plan, even the cheapest one is overkill. I don't need that much. 2GB memory with a 6VM limit would be plenty. I really like the concept, the persistence (with backups!), pre-installed agents, and how easy it is to go from experiment to a live server. The downsides: - usage-based pricing would be nice, $20/month is pretty steep to start, but also no room to scale up? - 100GB/month is only 300k views for a small-ish page or API, 10k req/day is a tiny amount of traffic. Can't make anything public with that. Even the smallest servers at Hetzner have unlimited bandwidth Those limits make it pretty clear it’s not really meant for hosting a production app. It’s for sharing something you’ve developed with friends/colleagues, or maybe a low traffic webhook handler for some personal thing. I made an Alexa skill for my kids once and it is perfect for that kind of project. How do you proxy the SSH connections? I thought you could not do hostname-based proxying with the SSH protocol [exe.dev co-founder here] You are right, you cannot! It was quite a bit of work. We have a blog post in the works that should come out in a couple of weeks with all the details. I was just sufficiently nerd sniped by this, so let me know if I’m close: Based on what the commenter below found about sshpiper I believe that you use the ssh identity + the ip from the slot to resolve the vm target. sshpiper knows how to route the ssh identity + slot ip to the correct VM. I suspect you have a custom sshpiper plugin to do that routing. You use the slot record indirection so you can change the ip of a slot without having to update everyone’s A records across the customer base. It also makes it easy to shuffle around vm-slot mappings within a customer. I haven’t tested, but I’m guessing this dns server is internal (coredns?), and the ips too. I did something similar (ip + identity routing) for a project a few weeks ago. Yours is a lot more elegant with the dns indirection. I’m no ssh expert, but in theory you should be able to ssh -J exe.dev myvm.exe.xyz for a one-liner? Or maybe you don't even need it, if that DNS server within the ssh exe.dev is the same as the public DNS. Pardon for not testing it yet! Would be interested in this too, I did some work in the past to make it work via Envoy proxy using HTTP CONNECT but that requires plugging in proxytunnel[0] or nc on client side. Looks like it's a combination of SSH server IP address + public key. Each VM you create (up to 25 of them) gets a different CNAME record of the form s0NN.exe.xyz where NN ranges from 01 to 25. Each of these names, from s001.exe.xyz to s025.exe.xyz, resolves to a different IP address. Therefore the individual VM can be distinguished this way, and the account they are associated with can be identified using the SSH public key that is used to authenticate. unlike others, i like the site and the initial prompt. Lost me at "verify email" though. Why get so creative, yet limit yourself to archaic "email". Why do *YOU* the provider need me to have an email or a phone? Look, mullvad can provide vpn services without email or all that nonsense. If you want people who will use ssh to order things, these are the same people that would get your service because you're not asking for dumb things like email. It's the first thing you ask of potential users, and it's an obstacle preventing them from giving you their money! You can issue users a recovery/access key and/or let them user their ssh public key and trust they know how to manage that on their own. If you have messages for them, display that when they login. This sort of stuff differentiates your service, ssh does too, but it's cosmetic and gimmicky. I would prefer a rest-api over ssh anyways, but ssh is cool too. You can’t host compute for anonymous users. I mean you can, but you won’t for long due to the abuse that will inevitably come with it. That you are responsible for. And anyway, it’s not always going to be free. What are the abuse risks of compute versus vpn? Mullvad is doing it already. Their payment information doesn't need to be "anonymous". I have hosted websites while paying for the domain, vps hosting and all that it entails entirely with BTC, not once using payment information associated with me. But you know what was required of me even then? A damn email address!! Getting a usable e-mail and phone is a few cents spent on one of the many shady SMS-reception services. Yes, that is why they always require a credit card as well. I'm sure exe.dev will be no different soon but they are trying this in alpha to get feedback and traction; just hoping they won't attract the notice of the barbarian hordes right away. I run https://pico.sh where we don’t ask for email. Even on our website we instruct users to generate a token so if they do lose their key they can use it to recover their account. People regularly lose their ssh keypair and also don’t generate a token. I think using email as a form of recovery is totally fine and regardless when you have to pay for the service you’re going to give up your email (and other personal info) via payment processor I would eventually want even payment processors to stop asking for email. They have my address and government id, for any liability related reasons. ideally, we would use federated auth, where auth providers aren't using email at all. I'd imagine the complexity of your backend is simpler too as a result. And kudos on your service, I'll keep it mind next time I'm picking a provider. It isn't a free service -- only during the alpha you get access to an "Individual" account which would normally run $20/mo once the test period is over. Yes, it should be paid of course. Matter of fact, please charge me more for the privilege of not being asked email,phone, credit cards. Just take my money, and feel free to take whatever steps you think are needed to make sure abuse isn't taking places. I champion requiring a "deposit" where if abuse took place the user would forfeit it. But, my original comment is strictly about email. Even if you asked for a government-id and credit-card payment, I won't object. Just please, no email! I think that leaves: how would you prefer to recover your account if you lost access? same way I would with my email provider. But I'd expect a recovery code of some sort that i could save. How would you normally recover an account? Email? So, if my email is compromised, everything gets compromised? That's not sane at all. You should normally have MFA, and if you can recover your MFA/2FA with email, it's just an over-engineered inconvenience. The way it's done right, the MFA recovery code servers as a general account recovery code as well. You save that somewhere safe and offline. In this case, they use ssh public keys, so there is no need for all that, just add a spare public key to authorized_keys, and keep it's private key offline and safe, ideally in an HSM. This is a service for technical people, so all that works, for general consumer service, you give them a choice. Either they choose to use a recovery key, a recovery email/phone...or recovery via payment. Let them pay $1 for recovery, proving they control the original method of payment (KYC not crypto). But if nothing else, users should be able to choose recovery code instead of email. It's more secure, because you're not relying on a 3rd party service to also be secure. I don't like them much, but recovery questions have also been used, but if you think about it, those are not that different from recovery codes, they're just more guessable. Recovery codes aren't one string, they're usually multiple, so if users chose, they can split up their storage. For added reliability, you can require validation of recovery codes periodically, after a successful sign-in. Very impressive demo. From VM curation to vibe coding something running on port 8000 in Shelley just worked in minutes. I imagine quite a few technically impressive things happening under the hood, would be interested in reading more about those. Small nit: I think you should make it more clear in the docs (if not in the landing page) that one can just use any key with the ssh command the very first time and it automatically gets registered. Also on the web UI one should have the ability to add the ssh keys. I logged into the web UI first, and was a bit confused. I think the pricing is alright for the resource and remote development features, though might be a bit much if someone doesn't need higher level of resources for deploying something that's mostly already developed. Anyway, this reminds me of a product called Okteto that had similar UX. They were focused on leveraging k8s for declarative deployment. But for some reason they suspended their managed cloud/SaaS offering for individual/non-enterprise clients, I wonder if it was because they couldn't make the pricing work. Hope that doesn't happen here. In which country are the VMs hosted? Do you have a warrant canary? Where's the AUP and how much peeking into customer VMs and storage do you do to enforce it? They terminate TLS. It seems like you wouldn’t want to use this service even if all those questions were answered to your satisfaction. None of this actually matters. If you want to keep your data private, host it on your own hardware. Countries, company policies, etc are all essentially irrelevant In https://blog.exe.dev/meet-exe.dev s/cloud computing should like/cloud computing should be like/ This is very cool, but goodness I wish they'd give an option for a password-based login after the initial verification. In ~10 minutes of playing with it I had to go through 4 email confirmation steps. I'm very much into the product itself, but that would get extremely tiresome if I was trying to use it consistently. I assume I have to be using it wrong in some way for there to be that much friction... [exe.dev cofounder here] Hi! Thanks for the feedback. I am deeply allergic to passwords and so I am trying to delay adding them. Did you try our passkey support? I normally try to stick to serverless with SST for quick projects because I like that they scale to $0, but this is enticing. Shelley is a great feature and must have well-designed system prompts and tools for testing the website built-in. It just one-shotted a volunteer management app and with just one more click in the console I can expose it to the public. Just setup an account and started a VM, but it's hanging when trying to access it while waiting on the public key response. Web based terminal not loading either. Guessing the site is getting the hug-of-death from HN users? Took a bit, but now I'm in! So far, loving this service. i tried this and it's pretty cool, that being said for my use case of spinning up many agents working on my app I'd need a way to specify the docker images that get started with each new VM i cannot find a way in the docs to start new VMs with a bootstrap script that starts a bunch of services for me and runs a specific docker image my use-case is that I want a full developer environment for every branch of my project, so i can vibe code on many VMs at a time EDIT: Just realised there's an image one can pass to the new command. Still it's not clear to me whether private images would be supported and what registry this is using: exe.dev ▶ help new Command: new Create a new VM Options:
--command container command: auto, none, or a custom command
--env environment variable in KEY=VALUE format (can be specified multiple times)
--image container image
--json output in JSON format
--name VM name (auto-generated if not specified)
--no-email do not send email notification
--prompt initial prompt to send to Shelley after VM creation (requires exeuntu image) [exe.dev cofounder here] Thanks for the feedback! We do not support private registries yet but it is very much on our mind, it is one of the first things business customers ask for so we know we have to build it. We are also exploring alternatives for pre-configuring your VM. (Because we make lots of VMs and feel this too, so it is very much on our mind.) One is a sub-second VM "clone" feature, so you can configure a base VM to use as an image. The clone idea sounds awesome! It’s kind of like what Devin does for setting up new machines for each task I've tried this out and I could definitely see myself using it. Could use it as a form of build machine or even distribute some of my infra onto them maybe. I don't work with agents very much but still, this is neat and I hope it gets better! Definitely going to give this a try. One thing I'm curious about--where are the servers? And if I want to choose hosting geographically close to me, how do I do that? Are they actually VMs, or are they containers? Some kind of special container like gvisor? Firecracker microvms? Hello, an exe.dev person here. They are VMs, on a crosvm-derived VMM. So I consider them "actually VMs", though we do not currently support custom kernels. You can do VM things in there, like create TUN devices, etc. Thanks. So KVM I assume. Congratulations on your launch. Any plans for public IPs? Thank you! Yes, KVM. And public IPs are very useful and we want to do them. We will have to charge and/or limit them, unlike VMs, unfortunately, because IPv4 is scarce. (I am busy trying to buy some right now.) You can follow along here: https://github.com/boldsoftware/exe.dev/issues/6 Not super important to me (and you state explicitly it may change) but your docs are a little out of date here, I think. crosvm versus Cloud Hypervisor / Kata Containers, is, I think, different? Yes our docs are out of date we are not using Kata, thanks. Looks good! Though not a fan of 100GB and egress charges. Is there a way to hardcap that? I guess I could implement something VM side but that’s a bit convoluted Is it possible to use a ChatGPT subscription with the bundled Codex CLI or do we have to use an API key? Quite cool! I'd love an easy way to connect to and run an existing GitHub/GitLab repo in a VM and spin it up, and iterate on that and be able to open PRs etc from there. Seems it's overloaded now. I like the UX though. My usual question with any hosting is how do you avoid this being abused by hackers, scammers, etc.? Right now it's easy to just create any VMs for free based on a mail account, that seems ripe for exploitation (maybe it's down now cause someone's exploiting it?) As a test I used their Shelley coding agent to vibe-code a multiplayer Queen of spade game : https://extra-crimson.exe.xyz/ Tried both librewolf and edge and couldn't create a new VM via browser. https://exe.dev/create-vm returns a 303 see other, but then no VM is displayed This is cool! Check out https://zo.computer – a similar concept, with an IDE-like web UI I'm trying to set it up but getting this error: > ssh exe.dev Please complete registration by running: ssh exe.dev
Connection to exe.dev closed. Anyone get a similar issue? Might be a good place for yunohost/coolify style services, especially if you have multiple separate entities - though probably tricky to do inbound mail because of IP allocation? This is awesome. I just maxxed out my tokens in Shelley, but was able to vibe code this Rails app that lets anyone register an aircraft and then fly it in a synchronized world interfaced through a Garmin G1000 knock off. Sign up (feel free to use a fake email address) and set up a flight now and let's see how many aircraft we can get going! If this is a cool idea let me know and I'll probably end up paying to continue developing this :) Nice one. Love the coding agent web ui. I used https://temp-mail.org as I didn't want to use a real email. Enjoy my creation https://love-storm.exe.xyz:8001 Nobody can see this until you make the website public. (Test with a browser’s Incognito mode.) Ah ok, and now it is died and not sure how to resurrect. But the prompt was
"Poo emoji generator" so try that if you want to experience the fun. This is awesome. Would love to see a slimmer tier closer to a DO droplet or Hetzner instance that's ~$5-8 / month. [exe.dev co-founder here] Thank you! Not to give too many secrets away, but my hope is to follow a business model I have been part of before, and make it as cheap as possible for individuals so they encourage their employers to buy it for work. So I would very much love to get cheaper. The two constraints are that, one, when small underlying resources are expensive (we hope to fix that soon by not being small!), and two, we do not want to make the resource allocation so small that the VM feels unpleasant to use. So there is a floor on how small we make them. That said, I very very much want to drop prices. We started with conservative numbers. With Shelly (and assuming a decent number of tokens) $20 is very good I think. But not everyone wants an AI. I build a website using this interesting product, for anyone who want to checkout what it could be built also it's a bad ui meme access denied. same now should be good, I forgot to enable nginx service The description of authentication mechanism is confusing me. it’s over ssh, but how is this integrated? > Private by default, share with discord-style links exe.dev takes care of TLS and auth for you. By default only you can reach your HTTP services, and you have easy mechanims to share them with friends and colleagues. Is anyone with access to a link able to get in? I also don't understand this: Everyone with the right domain can ssh-in the vm? Edit: Answered below, thank you. You ssh in with any key, and it asks you for an email to verify. You're then at a exe.dev console. There are a couple different link patterns: Thanks! love the idea, looking forward to playing with this. I understand now from comments that this was brought to this site sooner than intended, sorry if I asked in a rude way. That's brilliant UX. I was vibe coding a webpage in minutes, and I could immediately check the results. Does anyone know e.g. a small systemd-nspawn oneliner to SSH in securely? There's nothing dangerous about SSHing into an untrusted server unless you're using the same keys for everything. Remote resources only get your public key. It’s meant to be shared! Hence the word “public.” The threat is having a private key stolen, in which case, having multiple keys can mitigate the amount of damage a threat actor can do. However, to steal your private key would involve a successful attack against your client, not against any server you might have given the public key to. There is also the threat of the server sending a data sequence that exploits a vulnerability in your terminal. It has happened before, but it’s rare. Always encrypt your SSH private key! It shouldn’t be so easily stolen. Should I still be trying Sketch.dev, or is this just the better version of it? [exe.dev co-founder here] This grew out of our work on sketch. We built a container-based system for it, and found ourselves saying "I wish we just had a computer." This is our answer to that. If you are interested in our work and agents, I would suggest trying Shelley, the little agent we have in exe.dev. There has been some discussion about what to do with sketch on its discord channel, but we won't be putting energy into it going forward. (A blog post with far more details is in the works.) I'm not a fan of making ssh the primary access mechanism for a service. Just make a simple Web panel for managing VMs, and actually explain on the service on the Web page. I find ssh faster and easier. Anyway it's a good differentiator, there are plenty of web panels already. Super cool. I can't justify investing time in it at the planned pricing but I'll keep an eye on it if they can hack together a more competitive VPS option. Seems like a great tool but login not working for me, am I doing something wrong? ```
ssh exe.dev
Please complete registration by running: ssh exe.dev
Connection to exe.dev closed.
``` Other than a quick boot, what separates this from going on a VPS provider and spinning up servers? Simpler and easier seems to be the answer. How much does it cost to spread 8gbs RAM across some VMs? Most providers require additional of how many VMs over how many hours, what the specs kf each are specifically, etc. Then once you have it you're setting up an SSH key or shared password depending on use and they make the authentication simpler as well. Maybe wouldn't be great for a huge business but it's you just wanted the ability to play with an isolated server, it might be worth it. Looks like it's AWS backed judging by IPs. Or at least the proxy part I really like the experience, after being a stuck I just tried to ssh from my termux on phone and it really worked! Absolutely awesome Hmm, looking through how-exedev-works, it seems like what you call VM is more like a container, i.e. it doesn't run its own kernel? Sort of a container which "feels like" a VM? Reminds me of Virtuozzo / OpenVZ VM approach which was popular ~20 years ago when RAM was expensive... very cool idea and concept :) some feedback: No matter what i do, i can't ssh into VM that i created
Local terminal; always timeout
built in terminal; SSH handshake failed: ssh: handshake failed: EOF shelley agent seems to be install, but it always shows isn't running. Likewise. I think it might be experiencing a hug of death :) very cool, my only reason for not using it is latency. recommendation: look up user's ip and geo location, spin up VM in a datacenter with lowest latency. Are there any fundamental differences between E2B and this? Hello, exe.dev person here. I have not used E2B (though I really like their web site), though it looks like there are quite a few differences. Our disks are persistent (without manual snapshotting), we have a TLS proxy by default with built-in auth and link sharing. It also looks like they have many features we do not have (yet). I believe the target use is also quite different. You can use exe.dev VMs for running your agent. But you can also use it for hosting your site. E.g. blog.exe.dev is an exe.dev VM. Thanks for the response. In the "How exe works" page, it's mentioned that exe runs on bare metal with Kata containers, how is it different from firecracker? Were there any advantages? The mention of Kata is out of date, we are fixing that, thanks! Our underlying VMM is very similar to firecracker (same upstream source). We believe our advantages are in how we run it. Several blog posts are in the works about technical details! I just tried this, genuinely groundbreaking! So quick to spin a VM and get going just to be clear, this is total resources for all the vm right ? like you give 2 cpu. 8gb memory for 20vms. Which I believe you wont be able to use 20 of them at the same time if they share 2 cpu only I'm confused, what is this? Cloud Vagrant ? > exe.dev is a subscription service that gives you virtual machines, with persistent disks Thanks, I couldn't figure out what the hell was wrong. The front page is just... not helpful. Given the amount of pushbash how everyone feels about this, it should be removed from HN frontpage! Thanks. I feel like I expect home pages to contain at least a modicum of information. And three seconds spent thinking about accessibility would have told them that light gray links on a white background are a terrible idea... Apologies for the vagueness of the home page, we were not expecting to be here today. There is a little more info in our first blog post https://blog.exe.dev/meet-exe.dev and docs, but far needs to be written. (We have also built some interesting tech behind this that we are excited to write up, I have a doc two pages long of blog posts we want to write.) The blog doesn't work on Firefox on Android for me https://blog.exe.dev/meet-exe.dev Secure Connection Failed I just tried this out in Firefox on macOS and there are no issues, so this might have something to do with our LetsEncrypt wildcard cert and the CA roots installed on Android. Could you tell me what version of Android you are using? Moto g stylus 2025 - Android 15 - metro by T-Mobile stock os Firefox nightly 148.01a I'll check for updates Edit: still broken 148.0a1 (Build #2016134322), 757b8230f44e4152aeb7b9031ff95219471ab993
GV: 148.0a1-20251226204324
AS: 148.20251224050247
OS: Android 15 Edit: also same on OnePlus Nord N30 147.0b7 (Build #2016133535), 455e50920c4926534376b719df4cf1ed714bc61d
GV: 147.0-20251222164020
AS: 147.0
OS: Android 14 Works fine to me too. Looks like you're the only person that reports that. Are you sure this is not something on your end? What TLS error do you get? Untrusted CA? Works fine on Firefox/Android here I am not sure. I even tried Google Chrome This site can’t provide a secure connection
blog.exe.dev sent an invalid response.
ERR_SSL_PROTOCOL_ERROR https://i.imgur.com/HOwb7g3.jpeg also tried mozilla firefox on desktop Secure Connection Failed An error occurred during a connection to blog.exe.dev. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG try another network. i often get SSL errors due to false positives in my internet provider's "virus protection" Wow, spectrum is really terrible For anyone else like me, you can read the article at Oh, we're doing Fly again? Cool! I don't mean that sarcastically -- making it dead simple to get a VM at a domain or IP in a few seconds is good and useful. We should keep trying this idea, because every time it gets easier. On a side note, a lot of people in this thread are doing a sort of "I don't get it, your website sucks" but it's like, come on dude! Just read the site! It takes less time to read the pricing, docs, and FAQ than it does to post about how you don't get it. I think I get more what they're going for now. A technical person can setup a server for themselves and setup services to work for multiple projects. But its complex to get everything right. Trying to reuse a server, setting up routing, domains, and so on can be tedious. I guess they abstract that problem. The wild card domains -> VM is a neat mapping. Then making it easy to use your resources and dispose of VMs. I guess its an innovation at the resource management layer where you create / manage VMs. It's interesting they choose to give away individual plans. That's very generous. Though I'd feel bad using any of their resources. Who puts pricing under docs/ ? I like it. Great cli design. its so cool! Is there a reason for the lack of IPv6 support? [exe.dev co-founder here] It is planned! The reason we have not got to it yet is it needs to be very different than IPv4 support. We have spent a lot of time on machinery to allow `ssh yourmachine.exe.xyz` work without having to allocate you an IPv4 address. The mechanisms for IPv6 can and should be different, but they will also interact with how assigning public static IPv4 addresses will work in the future. We do not want to end up in the state AWS is in, where any production work requires navigating the differences between how AWS manage v4 and v6. And that means rolling out v6 is going to be a lot of work for us. It will get done. I added a public tracking bug here: https://github.com/boldsoftware/exe.dev/issues/16 So it's...cloud servers? What am I missing here? Looks like a trap at first. Who succesfully connecter ? If we're just throwing out ssh targets, there's also funky.nondeterministic.computer ssh exe.dev gives me login required. What am I doing wrong? It's a VM hosting service folks. I don't really see what's so different about this than any other dedicated server provider... I can sign up to any host right now and get an email with access to the server details... Like, what am I missing here? Err it doesn’t work on mobile [exe.dev co-founder] Hi! There is a mobile site. It is not super visible right now but you can use it to create VMs (and even build something on them with our agent if you like). If you ran into a particular bug I would love to get it in the issue tracker so we can fix it. really cool stuff! See also, for comparison: https://www.val.town/ Val.town seems to be serverless, where as this is explicitly a server. One is really a subset of the other though, so I suppose if you're deploying ts functions to a service/server, and your execution costs match up with the tiers here, exe.dev could be cheaper. "VM creation is temporarily unavailable. Our apologies!" Awesome project which I first thought might have something to do with microsft .exe format but not that big of a deal and I find this project really cool and I had thought about similar project like these so kudos that you built something like this! I mean it and I wish the best of luck for the project That being said, I tried to look at it for asap golang project deployments and I am the creator of https://spocklet-pomodo.hf.space/ a single main.go + single dep multiplayer pomodoro (please note that it was one shotted out of curiosity and also frustration as https://cuckoo.team would sometimes glitch for me) That being said, I face the issue where I can't have a go.mod or run go mod tidy because I face this error exedev@crimson-cobra:~$ go mod tidy
go: finding module for package github.com/gorilla/websocket
go: pomodo imports github.com/gorilla/websocket: module github.com/gorilla/websocket: Get "https://proxy.golang.org/github.com/gorilla/websocket/@v/lis...": dial tcp: lookup proxy.golang.org on 1.1.1.1:53: read udp 10.42.0.45:33739->1.1.1.1:53: i/o timeout Hope that the project fixes this and wishing best of luck to the project. I am a little busy right now with studies but your idea truly inspired me and perhaps I want to create a similar thing or collaborate on it with you too so I will join discord hopefully sooner than later. I am looking further into it and seeing if I can fix that error as I would love to host some exe.dev's services and wishing the best of luck for the project and hope that it becomes sustainable enough. Out of curiosity, if I may ask, what is the tech stack behind this which generates the vm's. Is it libvirt or firecracker perhaps? For my own use cases, I recently rediscovered incus and even ran it on cachyos on my desktop to try it out and there were some hiccups partially because I was running it on non standard debian/ubuntu but I am overall very pleasant with incus but still, I am interested in what tech stack you used so please discuss!! Also what cloud provider are you using. Pro tip but if you are looking for something cheap, either go with ovh or upcloud. I really really love hetzner a lot too. (Hey hetzner_OL if you are reading this, love hetzner, have a nice day and hope your christmas was good:) But still hetzner is a little admittedly more strict than ovh but maybe hetzner can respond to it as I know that their policy can ban accounts if someone abuses and considering that you provide compute (to even free) chances of abuse can rise but overall hetzner's the cheapest so I hope hetzner team might make an special exception/response to your post/my comment. I am imagining a github private action which ssh's into this and then updates and runs a simple shell script which can be a reinstall state every time someone updates something in git to get git-ops style workflow. If someone implements it for exe.dev, just credit me :) (if you so wish)
`
An amazing product overall. 7/10 due to that one hiccup which saddened me a bit (but which I have faith can be fixed) but its a 9-10/10 potential and that means a lot and a 7/10 at launch is pretty good Please just tell me every decision/question I had in depth since I love details about projects like these ^^ Another minor suggestion I can have is having asciinema gif too to showcase what it does for some people. To me I only understood to run the command ssh exe.dev which then helped me learn but the only way I understood what exe.dev does beforehand was reading the comments on HN An asciinema can go a long way in this journey, perhaps, let me know your thoughts. And have a nice day! One thing I am wondering tho is if you are gonna open source the project, one project which feels similar to your project which is open source is this https://github.com/ekzhang/ssh-hypervisor that runs on top of firecracker [exe.dev co-founder here] As of the past few minutes, some of our VMs are having intermittent network access issues. Working on it now. UPDATE: this is fixed now. talk about a shitty website Thanks! We've added those links to the top text above. this post is downvoted, but these links are the meat everyone is complaining about missing Please don't comment about downvotes. This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html. If the downvotes were inappropriate, other users will usually correct them. In this case the comment ended up being heavily upvoted. Unfortunately, complaints like the one you added don't get garbage-collected when that happens, so they linger on, adding noise to the thread. Is that the OpenBSD logo they're using?! No, it's a reference to the OpenSSH one. $20 a mo seems overpriced. This seems to be a honeypot for associating your SSH public key with other identifying details. Hardly, you can use .ssh/config to configure an SSH key just for this service. It is a paid service, delivering a valuable developer tool, and which indeed uses ssh keys for authentication. So, exactly what you said, but for the benefit of the user, and for the profit of the company, by offering an excellent product. (I am a happy customer of their previous product, Sketch.dev.) This costs twice as much as something like Hetzner for the same resources. What’s the benefit?
Why put an SSH command in a huge banner if I have to go around and register before I can use it anyway? SSH keys are required to access exe.dev.
ssh exe.dev share set-public <yourvmname>
Our base image is most of an Ubuntu server. We trim out, for example, systemd features that are designed for working with system hardware, and then add a lot of standard software, as our block device cloning is a lot faster and more efficient than apt. So you will find vim, git, go, curl, sqlite3, etc all installed. If you think something obvious is missing please let us know! exedev@scarlet-canyon:~$ rsync --version
rsync version 3.2.7 protocol version 31
Copyright (C) 1996-2022 by Andrew Tridgell, Wayne Davison, and others.
What is "exe.dev repl"? Am I not in a shell? me: apt install apache
the shell: exe.dev repl: command not found: "apt"
Damn, it seems the "shell" is not a Linux shell? me: bash
the shell: exe.dev repl: command not found: "bash"
At what scale do you break even on fixed costs (wages, rents, etc.)? - Email delay to Gmail inboxes for verifying an SSH key used via SSH via email is longer than the timeout of the "Waiting for verification email..." stage in the SSH key registration. Wait longer or provide a non-email way to authorize a new key. You could imagine a few ways to do this: Allow users to add/delete SSH keys from the website or exe.dev shell; create a bearer token/random string that I can generate from the exe.dev shell or website to associate a new SSH key; SSH key signatures (existing key signs new key); SSH CAs (like @cert-authority); etc.
- SSH U2F/FIDO2 authentication support has become mainstream, and offers you a way to have homogeneous auth across web and SSH interfaces. Maybe consider unifying authN this way?
- exe.dev ssh interface does not allow me to list SSH keys, only to delete them. Consider moving all authN/authZ functionality into an "auth" subcommand/submenu (like you have for "share") and support SSH pubkey CRUD in there.
- You make some strong assumptions about email addresses that aren't true -- what happens on email address changes, lost email access, etc. This will become more important when you start billing (and possibly costly).
- How do I manage persistent disks? Any way to attach them to a different VM after I'm done with them on the original one? Is there always a single PD per VM or can these be managed separately? What about data or database volumes? Can PDs be attached to one or multiple VMs at a time?
Looks like it uses sshpiper[1]? > $ nslookup abc.exe.xyz
> abc.exe.xyz canonical name = s001.exe.xyz.
> $ telnet s001.exe.xyz 22
> Trying 100.20.12.135...
> Connected to s001.exe.xyz.
> Escape character is '^]'.
> SSH-2.0-SSHPiper
exe.dev ▶ doc how-exedev-works
How exe.dev works (how-exedev-works) - press q to exit
You're an engineer. We're engineers. Let's talk about what's going on under the hood.
An "exe.dev" VM runs on a bare metal machine that exe.dev rents. We happen to use Kata Containers and Cloud Hypervisor, but that's a bit of an implementation detail (and may change!).
With most providers, your VM starts with a "base image" and is given a block device. Exe.dev instead starts with a container image (by default, "exeuntu"), and hooks up an overlay filesystem to the VM. This makes creating a new VM
take about two seconds. In exchange, we lose some flexibility: you don't get to choose which filesystem you're using, nor which kernel you're using.
On the networking side, we don't give your VM its own public IP. Instead, we terminate HTTPS/TLS requests, and proxy them securely to your VM's web servers. For SSH, we handle ssh vmname.exe.xyz.
exe.dev ▶ doc sharing
Sharing (sharing) - press q to exit
You can share your VM's HTTP port (see the http proxy documentation /proxy) with your friends. There are three mechanisms:
1. Make the HTTP proxy public with share set-public <vm>. To point the proxy
at a different port inside the VM, run share port <vm> <port> first.
Marking it public lets anyone access the server without logging in.
2. Add specific e-mail addresses using share add <vm> <email>. This will
send the recipient an e-mail. They can then log into exe.dev with that e-mail,
and access https://vmname.exe.xyz/.
3. Create a share link with share add-link <vm>. The generated
link will allow anyone access to the page, after they register and login.
Revoking the link (which can be done with the remove-link command)
does not revoke their access, but you can remove users who are already
part of the share using share remove <vm> <email>.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
ssl labs says everything is fine The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
