Show HN: I made an in-browser code editor with code replay and REPL
logicboard.comI made a Logicboard.com — A collaborative code editor with code-replay feature.
Code-replay lets you run the coding session like a movie, I wrote a blog post on how I implemented this: https://logicboard.com/blog/code-replay
You can try out the demo here: https://logicboard.com/demo/:replay
And play around with the code editor here: https://logicboard.com/demo/
Logicboard also has an REPL shell, just type "start()" and hit enter in the output area.
This allows outbound network access, allows program execution (within the container) and more.
You might want to restrict some of these things before Amazon shuts your account down for abuse requests.
You're basically handing everyone on the internet an EC2 instance to do literally anything with -- it'll be minutes to hours before this gets abused.
`uname` output from the container for example: Linux a976bf3f5ff7 4.14.193-113.317.amzn1.x86_64 #1 SMP Thu Sep 3 19:08:08 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
We do something similar for our Interactive projects at datawars.io. It took less than a week until we found out that someone was mining bitcoin in our project notebooks :)
We've restricted all outbound traffic since then.
As nacs said, this is a really bad idea - you should take it offline or prevent network access ASAP.
I just ran a couple of Python scripts that grabbed the ec2 instance metadata and the HN front page.
My editor https://webide.se/ use operational transform for undo/redo, collaboration, and code replay for macro and tutorials. I think Heroku also started out as an editor, but pivoted to "code-execution as a service".
Just to add to the other voices: executing untrusted code can be extremely dangerous. There’s so many ways to shoot yourself in the foot. I’m not sure if container boundaries are sufficient but each repl shouldn’t share a namespace with the others at the very least.
That said it’s pretty smooth and actually usable on mobile. Pretty polished too.
I'm curious if anyone would like to use the code-execution as a service. It's basically a websocket based API where you send a blob of code and get execution result as response.
In case of REPL, you send STDIN to websocket and get STDOUT as response. All code execution happens in separate Docker containers.
Docker containers probably aren’t enough isolation. But throw some firecrackervm in the pot and you’ve got a stew going.
Repl.it uses Docker containers too, only recently started work on moving to better isolation mechanisms like VMs
At replit every repl is indeed a docker container, but that is absolutely not the primarily isolation mechanism. Here’s a comment from CEO @amasad to that effect in 2019 (so, even more secure now I am certain) https://news.ycombinator.com/item?id=19215175
I'm using https://github.com/live-codes/livecodes to just move it all completely into the client with a replit-like alternative thing we're working on
This would be interesting to me. There are a few options now, like Judge0, but the language versions are pretty out of date. Self-hosting is not a good time investment at the moment.
Email me at hn at vikas.sh if you have a service. I'd need an SLA for sure, and multi-file support would be nice to have.
We serve production code execution use cases (mainly Python) with Jamsocket: https://jamsocket.com/
We've been running it for over a year and would be willing to talk about an SLA. Each instance gets its own gvisor-sandboxed runtime and we do some network isolation on top of that. (We also have some crypto miner mitigation, because if you provide free compute to strangers they will manage to find you.)
> I'm curious if anyone would like to use the code-execution as a service.
I am sure there are many whom would. Some may use it ethically, but many will not.
All will place liability on the service.
I built this with AWS Lambda. Relevant info if someone else wanted to try my approach to build such a service: https://mattslifebytes.com/2023/04/14/from-rebuilds-to-reloa...
> In case of REPL, you send STDIN to websocket and get STDOUT as response.
I wonder if repl.it ever did this, or if they've always used WebAssembly? (They definitely use wasm now.)
Nope, every repl is running in a docker container on a GCP vm, with various other security measures. See: https://news.ycombinator.com/item?id=19215175
I believe the very first version of replit was all in-browser, but no longer
> Nope, every repl is running in a docker container on a GCP vm, with various other security measures.
Wow, that's a change. I remember using replit with Python compiled to wasm. It was neat for a few seconds.
Where is the code being executed?
Appears to be an EC2 instance
It's executed in a Docker container inside an EC2 Instance.
Nice use of phoenix liveview (I'm assuming). The app is really smooth, and executes rust faster than the official rust playground
Thanks! It doesn't use Liveview but the execution backend is Phoenix + Erlang.
Is that code mirror?
Yep, Codemirror + Firepad
I'm creating a product with an editor.
I'm interested to know whether you evaluated alternatives such as Monaco by Microsoft/VSCode? From my research it seems to be the one that's "ahead" by whatever metrics you'd go off other than age.
I'm interested to know what challenges you faced if any as well? Thanks!
Monaco doesn't work on mobile, if you care about this.
Interesting. What do you mean by "doesn't work"?
Not responsive? Bad touch controls?
Codemirror is different?
Monaco does not support mobile (touch) use, but CodeMirror does actively maintain mobile (touch) support. https://github.com/microsoft/monaco-editor/issues/246