Exe.dev - Hacker News

Posted by achairapart 12/26/2025

https://blog.exe.dev/meet-exe.dev

457 points | 297 commentspage 2

jauntywundrkind 12/27/2025|

I really enjoyed using this service. I signed up on my phone two nights ago, (using termux + ssh) and then used the builtin web agent to setup a small webapp. I was up and running with an HTTPS server in minutes, since all the HTTPS certs are automatically taken care of.

I'm not using it yet, but the way that it handles sharing looks incredibly sweet: an excellent way to take "home-cooked software and bare-foot developers" "perfect software: an audience of one" from one to a few / many people. Just sharing links that people can easily sign into, without having to build a whole auth system seems ridiculously easy here, and that is super cool. You don't have to think about it, you can just build your app: this fills a huge gap that makes making connected online software so much easier. https://outofdesk.netlify.app/blog/perfect-software https://news.ycombinator.com/item?id=46334206 https://exe.dev/docs/sharing

I used the included Shelley agent, which has a perfectly adequate simple web ui, to do all development. It was able to debug a bunch of pretty gnarly problems, using screenshots & scrolling down to get check it's work.

My output is a super simple site, very close to vibe coded, in ~90 minutes, but I quite enjoyed setting up a little guestbook project here: https://nan-falcon.exe.xyz/

llmslave2 12/27/2025||

I'd be interested if I knew who was behind the company and could reasonably trust that I wasn't going to get my data stolen etc.

crawshaw 12/27/2025||

Hello, I am behind this company. My co-founder Josh Bleecher Snyder has also been hanging around the internet for a while. There are several of us hacking away. It is very early days, we have a lot of work to do to earn your trust but it is my intention to do so.

tekacs 12/27/2025||

Pulled from your Github, just to make it easier for folks to make sense:

> David Crawshaw - before this, CTO and co-founder of Tailscale

> Josh Bleecher Snyder - was a Director of Engineering at Braintree, amongst other things

farslan 12/27/2025||

Both are also early Go engineers and developers who hacked on the Go stdlib for years. Most people in the Go community know them. Great people, and the idea speaks for it. I wish them best of luck.

jeffrallen 12/27/2025||

The devs are long time Go and Tailscale hackers, and have earned my trust several times over. They will earn yours too, I bet.

llmslave2 12/27/2025||

Yeah it sounds pretty promising. Will def keep an eye out. Even just knowing who the humans behind the project goes a long way.

copperx 12/27/2025||

This is freaking fantastic. However, as a community college instructor I would like to have this self-hosted on a computer in campus. Excluding the CLI niceties, etc., it shouldn't be to hard to get a similar setup with Docker et al, right? (not for production)

integralid 12/27/2025|

It's not possible to run real VMs with docker (though you can get something similar with qemu). VM isolation is also much stronger than docker's, and VMs tend to be much more secure.

But if you just need a shell then yes, you can make something similar with docker.

sznio 12/27/2025||

Looking at the pricing plan, even the cheapest one is overkill. I don't need that much. 2GB memory with a 6VM limit would be plenty.

pingiun 12/27/2025||

How do you proxy the SSH connections? I thought you could not do hostname-based proxying with the SSH protocol

crawshaw 12/27/2025||

[exe.dev co-founder here] You are right, you cannot! It was quite a bit of work. We have a blog post in the works that should come out in a couple of weeks with all the details.

dangoodmanUT 12/27/2025||

I was just sufficiently nerd sniped by this, so let me know if I’m close:

Based on what the commenter below found about sshpiper I believe that you use the ssh identity + the ip from the slot to resolve the vm target. sshpiper knows how to route the ssh identity + slot ip to the correct VM. I suspect you have a custom sshpiper plugin to do that routing.

You use the slot record indirection so you can change the ip of a slot without having to update everyone’s A records across the customer base. It also makes it easy to shuffle around vm-slot mappings within a customer. I haven’t tested, but I’m guessing this dns server is internal (coredns?), and the ips too.

I did something similar (ip + identity routing) for a project a few weeks ago. Yours is a lot more elegant with the dns indirection.

I’m no ssh expert, but in theory you should be able to ssh -J exe.dev myvm.exe.xyz for a one-liner? Or maybe you don't even need it, if that DNS server within the ssh exe.dev is the same as the public DNS. Pardon for not testing it yet!

chiragjn 12/27/2025|||

Would be interested in this too, I did some work in the past to make it work via Envoy proxy using HTTP CONNECT but that requires plugging in proxytunnel[0] or nc on client side.

  > $ nslookup abc.exe.xyz  
  > abc.exe.xyz canonical name = s001.exe.xyz.  
  > $ telnet s001.exe.xyz 22  
  > Trying 100.20.12.135...  
  > Connected to s001.exe.xyz.  
  > Escape character is '^]'.  
  > SSH-2.0-SSHPiper

Looks like it uses sshpiper[1]?

[0] https://github.com/proxytunnel/proxytunnel

[1] https://github.com/tg123/sshpiper

dizzled 12/27/2025||

Looks like it's a combination of SSH server IP address + public key.

Each VM you create (up to 25 of them) gets a different CNAME record of the form s0NN.exe.xyz where NN ranges from 01 to 25. Each of these names, from s001.exe.xyz to s025.exe.xyz, resolves to a different IP address.

Therefore the individual VM can be distinguished this way, and the account they are associated with can be identified using the SSH public key that is used to authenticate.

idorosen 12/27/2025||

Interesting interface. Some feedback:

  - Email delay to Gmail inboxes for verifying an SSH key used via SSH via email is longer than the timeout of the "Waiting for verification email..." stage in the SSH key registration. Wait longer or provide a non-email way to authorize a new key. You could imagine a few ways to do this: Allow users to add/delete SSH keys from the website or exe.dev shell; create a bearer token/random string that I can generate from the exe.dev shell or website to associate a new SSH key; SSH key signatures (existing key signs new key); SSH CAs (like @cert-authority); etc.
  - SSH U2F/FIDO2 authentication support has become mainstream, and offers you a way to have homogeneous auth across web and SSH interfaces. Maybe consider unifying authN this way?
  - exe.dev ssh interface does not allow me to list SSH keys, only to delete them. Consider moving all authN/authZ functionality into an "auth" subcommand/submenu (like you have for "share") and support SSH pubkey CRUD in there.
  - You make some strong assumptions about email addresses that aren't true -- what happens on email address changes, lost email access, etc. This will become more important when you start billing (and possibly costly).
  - How do I manage persistent disks? Any way to attach them to a different VM after I'm done with them on the original one? Is there always a single PD per VM or can these be managed separately? What about data or database volumes? Can PDs be attached to one or multiple VMs at a time?

At what scale do you break even on fixed costs (wages, rents, etc.)?

Balinares 12/27/2025||

In which country are the VMs hosted? Do you have a warrant canary? Where's the AUP and how much peeking into customer VMs and storage do you do to enforce it?

system33- 12/27/2025||

They terminate TLS. It seems like you wouldn’t want to use this service even if all those questions were answered to your satisfaction.

steeleduncan 12/27/2025||

None of this actually matters. If you want to keep your data private, host it on your own hardware. Countries, company policies, etc are all essentially irrelevant

ricardobeat 12/27/2025||

I really like the concept, the persistence (with backups!), pre-installed agents, and how easy it is to go from experiment to a live server.

The downsides:

- usage-based pricing would be nice, $20/month is pretty steep to start, but also no room to scale up?

- 100GB/month is only 300k views for a small-ish page or API, 10k req/day is a tiny amount of traffic. Can't make anything public with that. Even the smallest servers at Hetzner have unlimited bandwidth

jeremyjh 12/27/2025||

Those limits make it pretty clear it’s not really meant for hosting a production app. It’s for sharing something you’ve developed with friends/colleagues, or maybe a low traffic webhook handler for some personal thing. I made an Alexa skill for my kids once and it is perfect for that kind of project.

pwdisswordfishy 12/30/2025||

$240/yr is not "perfect" for a toy/hobby project.

mmcclure 12/27/2025||

This is very cool, but goodness I wish they'd give an option for a password-based login after the initial verification. In ~10 minutes of playing with it I had to go through 4 email confirmation steps.

I'm very much into the product itself, but that would get extremely tiresome if I was trying to use it consistently. I assume I have to be using it wrong in some way for there to be that much friction...

crawshaw 12/27/2025|

[exe.dev cofounder here] Hi! Thanks for the feedback. I am deeply allergic to passwords and so I am trying to delay adding them. Did you try our passkey support?

natrys 12/27/2025|

Very impressive demo. From VM curation to vibe coding something running on port 8000 in Shelley just worked in minutes. I imagine quite a few technically impressive things happening under the hood, would be interested in reading more about those.

Small nit: I think you should make it more clear in the docs (if not in the landing page) that one can just use any key with the ssh command the very first time and it automatically gets registered. Also on the web UI one should have the ability to add the ssh keys. I logged into the web UI first, and was a bit confused.

I think the pricing is alright for the resource and remote development features, though might be a bit much if someone doesn't need higher level of resources for deploying something that's mostly already developed.

Anyway, this reminds me of a product called Okteto that had similar UX. They were focused on leveraging k8s for declarative deployment. But for some reason they suspended their managed cloud/SaaS offering for individual/non-enterprise clients, I wonder if it was because they couldn't make the pricing work. Hope that doesn't happen here.

More comments...