Exe.dev - Hacker News

Posted by achairapart 16 hours ago

https://blog.exe.dev/meet-exe.dev

302 points | 154 commentspage 2

adtac 9 hours ago|

i got to try exe a while back and i have to say, the "Login with exe" [1] is probably the most magic thing i've seen since tailscale :)

[1] https://exe.dev/docs/login-with-exe

dangoodmanUT 1 hour ago||

The problem without having consent is that it's easy to track who is using your service. Because there's no consent, they can redirect you to login and back, and grab your identity, without you doing anything other than loading the page.

ffsm8 9 hours ago||

That's called forward auth - or proxy auth

You can do the same thing - with the added burden of actually having to set it up once ... After you set it up, it's however just as trivial to add new systems like with this linked example.

I got pretty much everything I'm self-hosting like that via keycloak (which itself let's me do social with via GitHub and Google etc pp) and a very similar nginx config like it's shown in these docs.

But the initial setup took multiple hours, even if the adding new services which support forward/proxy auth is extremely easy now.

(Jellyfin sadly doesn't as an example)

Just saying it in case you want to check it out.

I think it's fantastic they added that/provide this to their platform - it's a wonderful value-add

sureglymop 8 hours ago||

I think running and managing and possibly misconfiguring a keycloak java monolith would be exactly what I'd want to avoid which is why it's cool that they offer this.

ffsm8 7 hours ago||

There are a lot other identity providers around you can pick from, I merely mentioned it as I personally use it, as it's so easy to run and integrate with social auth - and comes with features such as simple password-less auth.

The forward auth/proxy auth is not a keycloak feature, it's a proxy feature, which just need some identity provider. If you look for the mentioned term via Google or AI/llm you will find multiple options, some of which are as easy to setup as a simple docker run cmd with an open port

I.e. https://docs.goauthentik.io/add-secure-apps/providers/proxy/...

pingiun 6 hours ago||

How do you proxy the SSH connections? I thought you could not do hostname-based proxying with the SSH protocol

crawshaw 6 hours ago||

[exe.dev co-founder here] You are right, you cannot! It was quite a bit of work. We have a blog post in the works that should come out in a couple of weeks with all the details.

dangoodmanUT 1 hour ago||

I was just sufficiently nerd sniped by this, so let me know if I’m close:

Based on what the commenter below found about sshpiper I believe that you use the ssh identity + the ip from the slot to resolve the vm target. sshpiper knows how to route the ssh identity + slot ip to the correct VM. I suspect you have a custom sshpiper plugin to do that routing.

You use the slot record indirection so you can change the ip of a slot without having to update everyone’s A records across the customer base. It also makes it easy to shuffle around vm-slot mappings within a customer. I haven’t tested, but I’m guessing this dns server is internal (coredns?), and the ips too.

I did something similar (ip + identity routing) for a project a few weeks ago. Yours is a lot more elegant with the dns indirection.

I’m no ssh expert, but in theory you should be able to ssh -J exe.dev myvm.exe.xyz for a one-liner? Or maybe you don't even need it, if that DNS server within the ssh exe.dev is the same as the public DNS. Pardon for not testing it yet!

chiragjn 5 hours ago|||

Would be interested in this too, I did some work in the past to make it work via Envoy proxy using HTTP CONNECT but that requires plugging in proxytunnel[0] or nc on client side.

  > $ nslookup abc.exe.xyz  
  > abc.exe.xyz canonical name = s001.exe.xyz.  
  > $ telnet s001.exe.xyz 22  
  > Trying 100.20.12.135...  
  > Connected to s001.exe.xyz.  
  > Escape character is '^]'.  
  > SSH-2.0-SSHPiper

Looks like it uses sshpiper[1]?

[0] https://github.com/proxytunnel/proxytunnel

[1] https://github.com/tg123/sshpiper

dizzled 1 hour ago||

Looks like it's a combination of SSH server IP address + public key.

Each VM you create (up to 25 of them) gets a different CNAME record of the form s0NN.exe.xyz where NN ranges from 01 to 25. Each of these names, from s001.exe.xyz to s025.exe.xyz, resolves to a different IP address.

Therefore the individual VM can be distinguished this way, and the account they are associated with can be identified using the SSH public key that is used to authenticate.

copperx 10 hours ago||

This is freaking fantastic. However, as a community college instructor I would like to have this self-hosted on a computer in campus. Excluding the CLI niceties, etc., it shouldn't be to hard to get a similar setup with Docker et al, right? (not for production)

integralid 5 hours ago|

It's not possible to run real VMs with docker (though you can get something similar with qemu). VM isolation is also much stronger than docker's, and VMs tend to be much more secure.

But if you just need a shell then yes, you can make something similar with docker.

reactordev 16 hours ago||

Oh I’m going to need more info than this. It’s a service that provides persistent disk and VM’s but doesn’t tell you what those shared resource limits are, what the pricing is, or anything other than to ssh in…

crawshaw 15 hours ago|

Hello, an exe.dev person here. There are some very early docs, exe.dev/docs (which are also accessible over ssh once you ssh in). There is a lot more to come, very early days, please bear with us. I was not expecting to see it here today.

twotwotwo 14 hours ago|||

I have played with it and it's so easy get started with that now I want a quick-project idea as an excuse to use it!

I'm sure you've thought of this, but: lots of people have some amount of 'free' (or really: zero incremental cost to users) access to some coding chat tool through a subscription or free allowance like Google's.

If you wanted to let those programs access your custom tools (browser!) and docs about the environment, a low-fuss way might be to drop a skills/ dir of info and executables that call your tools into new installs' homedirs, and/or a default AGENTS.md with the basic info and links to more.

And this seems like more fuss, but if you wanted to be able to expose to the Web whatever coding tool people 'bring', similar to how you expose your built-in chat, there's apparently an "agent control protocol" used as a sort of cross-vendor SDK by projects like https://willmcgugan.github.io/toad-released/ that try to put a nice interface on top of everything. Not saying this'd be easy at all, but you could imagine the choice between a few coding tools and auth info for them as profile-level settings pushed to new VMs. Or maybe no special settings, and bringing your own tools is just a special case of bringing your own image or setup script.

But, as y'all note, it's a VM. You can install whatever and use it through the terminal (or VSCode remoting or something else). "It's a computer" is quite a good open standard to build on.

Is the chat descended from Sketch?

crawshaw 13 hours ago|||

Thanks! We are thinking a lot about how to prepopulate VMs. The first thing we are going to start with is a fast ‘clone’ command, so you can preconfigure a base VM then make as many as you like. Lots of other ideas floating around too.

Re sketch: the code is not the same but the agent is deeply inspired by it. Eg the screenshot support, which just seems obvious to us. Philip has done the heavy lifting here, he hangs out in the discord if you want to chat about it.

jeffrallen 7 hours ago|||

When you create a new exe.dev VM, you can tell Shelley what it's for. I've had fun results from, "surprise me".

Also, telling Shelley to get inspiration from the VM name can be fun.

reactordev 15 hours ago|||

This kind of stuff is right up my wheelhouse so curious how.

I love the idea of just ssh in and do your thing. I’ll bookmark and come back when there’s some more info. Things are going to move fast…

dominicm 10 hours ago||

Dang, everything about this feels really well considered. Semi-throwaway, nearly bare-metal machines that I can put on the internet with basically 0 config? I'll take

crawshaw 10 hours ago|

[exe.dev co-founder] Or don't throw them away! The disk persists. And thank you!

steeleduncan 5 hours ago||

Sorry if I missed this in the docs, but how robust is the persistence? ie is it the disk that comes with a standard AWS VM? or is it a share backed by e.g. Ceph with multiple redundant copies?

crawshaw 4 hours ago||

Details coming in the next few weeks. The contents are regularly replicated to a disk cluster, though we have some more experimentation to do before we commit to exactly how frequently. This space has a lot of trade-offs, we believe we have found a new and interesting one.

jauntywundrkind 15 hours ago||

I really enjoyed using this service. I signed up on my phone two nights ago, (using termux + ssh) and then used the builtin web agent to setup a small webapp. I was up and running with an HTTPS server in minutes, since all the HTTPS certs are automatically taken care of.

I'm not using it yet, but the way that it handles sharing looks incredibly sweet: an excellent way to take "home-cooked software and bare-foot developers" "perfect software: an audience of one" from one to a few / many people. Just sharing links that people can easily sign into, without having to build a whole auth system seems ridiculously easy here, and that is super cool. You don't have to think about it, you can just build your app: this fills a huge gap that makes making connected online software so much easier. https://outofdesk.netlify.app/blog/perfect-software https://news.ycombinator.com/item?id=46334206 https://exe.dev/docs/sharing

I used the included Shelley agent, which has a perfectly adequate simple web ui, to do all development. It was able to debug a bunch of pretty gnarly problems, using screenshots & scrolling down to get check it's work.

My output is a super simple site, very close to vibe coded, in ~90 minutes, but I quite enjoyed setting up a little guestbook project here: https://nan-falcon.exe.xyz/

llmslave2 15 hours ago||

I'd be interested if I knew who was behind the company and could reasonably trust that I wasn't going to get my data stolen etc.

crawshaw 15 hours ago||

Hello, I am behind this company. My co-founder Josh Bleecher Snyder has also been hanging around the internet for a while. There are several of us hacking away. It is very early days, we have a lot of work to do to earn your trust but it is my intention to do so.

tekacs 15 hours ago||

Pulled from your Github, just to make it easier for folks to make sense:

> David Crawshaw - before this, CTO and co-founder of Tailscale

> Josh Bleecher Snyder - was a Director of Engineering at Braintree, amongst other things

farslan 9 hours ago||

Both are also early Go engineers and developers who hacked on the Go stdlib for years. Most people in the Go community know them. Great people, and the idea speaks for it. I wish them best of luck.

jeffrallen 7 hours ago||

The devs are long time Go and Tailscale hackers, and have earned my trust several times over. They will earn yours too, I bet.

llmslave2 6 hours ago||

Yeah it sounds pretty promising. Will def keep an eye out. Even just knowing who the humans behind the project goes a long way.

minimal_action 5 hours ago||

I built a similar infrastructure, a bit more human friendly, for spinning up AI agents' sessions for scientific work rather than web dev. Also with Share link for the sessions. (https://ai-archive.io)

dependency_2x 5 hours ago||

Nice one. Love the coding agent web ui. I used https://temp-mail.org as I didn't want to use a real email.

Enjoy my creation https://love-storm.exe.xyz:8001

skybrian 3 hours ago|

Nobody can see this until you make the website public. (Test with a browser’s Incognito mode.)

icedrift 4 hours ago|

Super cool. I can't justify investing time in it at the planned pricing but I'll keep an eye on it if they can hack together a more competitive VPS option.

More comments...