Not a mobile issue. I am on desktop and had no idea what this service was because nothing on the initial UI explained what we were looking at. I went and double-checked when people here were talking about pricing and VMs. From the home page, I figured it was some text-based game or experiment and closed the page.
It looks like some people who work there are watching this thread, so to them I say: You have got to explain what this is, not just say "the disk persists..." and expect people to dig deeper. Most aren't that curious.
>From the home page, I figured it was some text-based game or experiment and closed the page.
Same, my first thought was that it's some pentesting game where you're given a VM and your task is to somehow break it. The line "the disk persists. you have sudo" sounds like game rules.
It's odd to see how people are not accustomed to plain websites anymore. You click the 'About' link in the footer, and get a direct explanation of what it is, pricing and the entire documentation.
It's kind of funny our experiences are so diffent. I almost immediately surmised it's some sort of on the fly generated vm you can access via a ssh jumpserver. Which it is! It's actually really neat. It's quite obvious that the authors want us to just ssh into it and try it out first.
I wouldn’t go that far but some link to pricing and documentation would be useful. I have absolutely no idea what the offering is here without those pieces of info.
I was confused too. I first thought I should open up my terminal and just enter `ssh dev.exe` and this would be some kind of ssh-based interface? Honestly my first thought is that it would be one of those cool dev hack / art projects like the old starwars traceroute to 216.81.59.173
It didn't read as a company with products at all to me from the front page. Just a cryptic " The disk persists. You have sudo." with links to "Login" and "About * Blog * Discord" --- no pricing link, which made me think it was a weird hobby / art.
I've seen enough of these kinds of services in my lifetime that I also immediately knew what it was, for example sdf.org, which is one of the OG services, and various "tilde" services like tilde.town.
I thought the same, but it’s not quite like either of those things. It has their same benefits but way more flexibility with its VM model. It offers auth, and will forward most ports for developer access.
All this was totally lost on me from looking at the website. “I already have tilde and sdf, I don’t need this.”
If I hadn’t looked into the comments I would still think that.
Hyperbole much? I'm on mobile and think it's great. I wish more websites were like this. Just straight to the point instead of all the regular marketing fluff you need to decipher.
This thread seems to reflect how the HN audience has shifted — less commenters know what `ssh example.com` does and more commenters concerned about privacy policy.
Yeah, and it really is not I would want to do, just like diving into unknown water that sparkles weird.. It's an instinct, can get past it but to get more info about the service... nah.
So I tried this the other day after Filippo Valsorda, another Go person, posted about it. My reaction was 'whoa, this really makes it easier to start a quick project', and it took a minute to figure out why I felt that way when, I mean, I have a laptop and could spin up cloud stuff--arguably I already had what I needed.
I think it's the combination of 1) really quick to get going, 2) isolated and disposable environments and 3) can be persistent and out there on the Internet.
Often to get element 3, persistent and public, I had to jump through hoops in a cloud console and/or mess with my 'main' resources (install things or do other sysadmin work on a laptop or server, etc.), resources I use for other stuff and would prefer not to clutter up with every experiment I attempt.
Here I can make a thing and if I'm done, I'm done, nothing else impacted, or if it's useful it can stick around and become shared or public. Some other environments also have 'quick to start, isolated, and disposable' down, but are ephemeral only, limited, or don't have great publishing or sharing, and this avoids that trough too. And VMs go well with building general-purpose software you could fling onto any machine, not tied to a proprietary thing.
This is good stuff. I hope they get a sustainable paid thing going. I'd sign up.
Also, though I realize in a sense it'd be competition to a business I just said I like: some parts of the design could work elsewhere too. You could have an open-source "click here to start a thing! and click here to archive it." layer above a VM, machine, or whatever sort of cloud account; could be a lot of fun. (I imagine someone will think "have you looked at X?" here, and yes, chime in, interested in all sorts of potential values of X.)
I don't think that it's actually public? From one of their explainers, no public IP is assigned, so you'll need to ar least have to use an additional service like Cloudflare Tunnel to use it for hosting anything.
[exe.dev co-founder here] You can make it public! Our TLS proxy supports it, and supports CNAME rules (plus a top-level trick) to let you put a domain name on it. To make the HTTP server on port 8000 of your VM public run:
It's very much a snapshot of what happens to come on a new VM today, and I put a little disclaimer in it to try to help tools get unstuck if anything there proves to be outdated or a flat-out (accidental) lie.
Thank you! This is a very useful one-pager, answers many questions I had I couldn't find in their documentation (being on mobile I couldn't test with SSH).
Is this 2 CPUs/8GB RAM per VM (in other words, 50 CPUs/200GB RAM)? If so, this is an unbelievable bargain (too good to be true?); other cloud providers charge hundreds of dollars per month for an equivalent VM.
If, OTOH, it's 2 CPUs/8GB total, Hetzner offers an equivalent VM for about $5/month (with much more disk and bandwidth), and I'm not sure what the exe.dev value proposition is. (I'm also not sure why one would want to split 25 VMs across so few shared CPUs/such little memory.)
No I apologize for the confusion (exe.dev person here). What is different about this service is you get dedicated resources that you share between your VMs. The initial allocation is conservative, we want to give people more (or drop the price).
The goal is to reduce the marginal cost of creating a VM to zero. Instead of installing a container manager or using Unix users, just make another VM.
(I will get a better version of this table online tonight.)
You guys really need to work on simplifying your communication on your website. I was also very confused about how the 8GB - whether it is per VM, shared etc.
>Instead of installing a container manager or using Unix users, just make another VM.
What is the advantage of this? Unless you need something exotic like different kernel configurations per instance, what's the problem with using containers on the same instance?
BTW, a Hetzner dedicated server with 2 CPUs/8GB RAM that would let me run my own hypervisor is about $14 USD/month. For anyone who's a big enough power user to care about the distinction of running distributed workflows on VMs versus containers, I'm not sure that an extra $5/month is worth your "hypervisor as a service." But then again, HN commenters infamously poopooed Dropbox [0], so what do I know? :-)
The docs remark “VMs share the resources allocated to the user” so I interpret as resources allocated to your account, VMs provisioned within those limits.
I signed up and started a VM. Didn’t really expect the default chat interface at boot. I’m currently on my iPad and would probably have bookmarked it for later, but now I’m playing with it. Cool idea :)
Edit: it comes out of the box with screenshot capabilities. The defaults on this are very well considered. Im impressed within the first 15 min.
Edit2: this is very neat. I will be recommending it to my non-coder friends who don’t really have the local setup to use Claude but would like to try a Claude-like tool.
You have got to make a better website design. I'm a very curious person so was able to figure out what this was but you cannot expect all visitors of your website to be that way.
Also, stop charging for SSO/OAuth2 integration. Seriously. There's a huge list of services that stupidly charge for SSO/OAuth integration at https://sso.tax, and this list needs to get smaller, not grow. SSO doesn't cost anything to implement. Especially if I'm the one hosting it on my own infrastructure.
[exe.dev co-founder here] Hi. Re: oauth2, the last product I built, Tailscale, only did auth by oauth2. I chose this because 1. businesses need it anyway, and 2. passwords are terrible.
But it was a choice that does not come for free. I dread a page of buttons for third-party services, and the control I give them over my life. I hate that I never know if I should log in with GitHub, or Google, and for a dozen services I have multiple accounts because I got lost in the miasma of oauth2.
Still, it was better than passwords!
But since the last product I built, the world has changed. We have passkeys now. Which are superior in every way for individuals using a third-party service. You get better UX. You get better privacy. It is a fundamentally better technology.
I did not list SSO under teams because I want to "tax" people. I did it because SSO only makes sense for businesses, where an administrator controls accounts, and can delete yours when necessary. There, oauth2 is the best technology we have. But for individuals, it is a dead technology. I am reluctant to make everyone's exe.dev experience worse for legacy tech.
"We" don't have passkeys now. Many functional android devices are not being upgraded to the latest Android versions, and simply will never get true passkey support that isn't locked away inside of Google's vault.
Passwords are much better than the OAuth2 coolaid, and passwords will still be better as long as older devices can't support passkeys due to arbitrary restrictions.
Appreciate you not following Tailscale's authentication many SSO provider approach. It makes sense for teams/business, (Tailscale's customers) but creates some confusion and extra friction for casual homelab users like me. I have a note in 1Password for tailscale.com just titled "USE GITHUB AUTH".
Passkeys work great for me and I greatly prefer them. Exe.dev I think is the first service I've seen that's so passkey centric and it makes a lot of sense.
I don't see how Oauth2 is a legacy technology. It will never be until all of the problems of passkeys are solved. And I very much wouldn't just dismiss oauth2 as something only businesses have, because Oauth2 does have its uses where it can convey information a passkey cannot.
The only people who care about SSO are large enterprises. Coincidentally, large enterprises also are the only customers that make SAAS profitable. Every other plan is part of the sales funnel to the big enterprise contracts.
I run a bunch of services for friends and family, things like Immich, wallabag, mealie etc. Less than 10 users, but do you expect me to crate and maintain separate accounts for each one for every service?
The SSO tax is stupid. If your whole business model is based on putting SSO behind a paywall, it’s a sign of a broken business model.
This is cool. I am currently using GitHub codespaces and I would love a version of it with nothing but a web based terminal. I don't need all the other windows they put around it. This might be it.
Trying my way around it now. Not sure what is going on:
me: apt install apache
the shell: exe.dev repl: command not found: "apt"
What is "exe.dev repl"? Am I not in a shell?
me: bash
the shell: exe.dev repl: command not found: "bash"
[exe.dev co-founder here] Hi there, I am not sure exactly where you are, but your VM is ubuntu derived and definitely starts with apt and bash. Perhaps try `ssh yourvm.exe.xyz`?
While at tailscale you built sketch.dev only to actually build this product ? Love it. Ultimate yak shave.
Kind of how like Antithesis was the product inside foundationdb.
I wish they'd auto auth you with Github based on your pubkey, in a similar spirit to `ssh whoami.filippo.io`[1]. That would remove so much signup friction.
SSH is really the only protocol you can do shenanigans like that over, it's a shame not to use them.
That is neat trick, and interesting to know that's how ssh git@github.com works, but that does not feel practical for a real usecase. Aside from relying on a scrape of the Github users API (there's no "look up user by pubkey" API), what if I wasn't expecting to automatically log in with Github?
Oh I’m going to need more info than this. It’s a service that provides persistent disk and VM’s but doesn’t tell you what those shared resource limits are, what the pricing is, or anything other than to ssh in…
Hello, an exe.dev person here. There are some very early docs, exe.dev/docs (which are also accessible over ssh once you ssh in). There is a lot more to come, very early days, please bear with us. I was not expecting to see it here today.
I have played with it and it's so easy get started with that now I want a quick-project idea as an excuse to use it!
I'm sure you've thought of this, but: lots of people have some amount of 'free' (or really: zero incremental cost to users) access to some coding chat tool through a subscription or free allowance like Google's.
If you wanted to let those programs access your custom tools (browser!) and docs about the environment, a low-fuss way might be to drop a skills/ dir of info and executables that call your tools into new installs' homedirs, and/or a default AGENTS.md with the basic info and links to more.
And this seems like more fuss, but if you wanted to be able to expose to the Web whatever coding tool people 'bring', similar to how you expose your built-in chat, there's apparently an "agent control protocol" used as a sort of cross-vendor SDK by projects like https://willmcgugan.github.io/toad-released/ that try to put a nice interface on top of everything. Not saying this'd be easy at all, but you could imagine the choice between a few coding tools and auth info for them as profile-level settings pushed to new VMs. Or maybe no special settings, and bringing your own tools is just a special case of bringing your own image or setup script.
But, as y'all note, it's a VM. You can install whatever and use it through the terminal (or VSCode remoting or something else). "It's a computer" is quite a good open standard to build on.
Dang, everything about this feels really well considered. Semi-throwaway, nearly bare-metal machines that I can put on the internet with basically 0 config? I'll take
Sorry if I missed this in the docs, but how robust is the persistence? ie is it the disk that comes with a standard AWS VM? or is it a share backed by e.g. Ceph with multiple redundant copies?
You can do the same thing - with the added burden of actually having to set it up once ... After you set it up, it's however just as trivial to add new systems like with this linked example.
I got pretty much everything I'm self-hosting like that via keycloak (which itself let's me do social with via GitHub and Google etc pp) and a very similar nginx config like it's shown in these docs.
But the initial setup took multiple hours, even if the adding new services which support forward/proxy auth is extremely easy now.
(Jellyfin sadly doesn't as an example)
Just saying it in case you want to check it out.
I think it's fantastic they added that/provide this to their platform - it's a wonderful value-add
I think running and managing and possibly misconfiguring a keycloak java monolith would be exactly what I'd want to avoid which is why it's cool that they offer this.
The problem without having consent is that it's easy to track who is using your service. Because there's no consent, they can redirect you to login and back, and grab your identity, without you doing anything other than loading the page.
I really enjoyed using this service. I signed up on my phone two nights ago, (using termux + ssh) and then used the builtin web agent to setup a small webapp. I was up and running with an HTTPS server in minutes, since all the HTTPS certs are automatically taken care of.
I'm not using it yet, but the way that it handles sharing looks incredibly sweet: an excellent way to take "home-cooked software and bare-foot developers" "perfect software: an audience of one" from one to a few / many people. Just sharing links that people can easily sign into, without having to build a whole auth system seems ridiculously easy here, and that is super cool. You don't have to think about it, you can just build your app: this fills a huge gap that makes making connected online software so much easier. https://news.ycombinator.com/item?id=46334206https://exe.dev/docs/sharing
I used the included Shelley agent, which has a perfectly adequate simple web ui, to do all development. It was able to debug a bunch of pretty gnarly problems, using screenshots & scrolling down to get check it's work.
My output is a super simple site, very close to vibe coded, in ~90 minutes, but I quite enjoyed setting up a little guestbook project here: https://nan-falcon.exe.xyz/
Hello, I am behind this company. My co-founder Josh Bleecher Snyder has also been hanging around the internet for a while. There are several of us hacking away. It is very early days, we have a lot of work to do to earn your trust but it is my intention to do so.
This is freaking fantastic. However, as a community college instructor I would like to have this self-hosted on a computer in campus. Excluding the CLI niceties, etc., it shouldn't be to hard to get a similar setup with Docker et al, right? (not for production)
It's not possible to run real VMs with docker (though you can get something similar with qemu). VM isolation is also much stronger than docker's, and VMs tend to be much more secure.
But if you just need a shell then yes, you can make something similar with docker.
[exe.dev co-founder here] You are right, you cannot! It was quite a bit of work. We have a blog post in the works that should come out in a couple of weeks with all the details.
I was just sufficiently nerd sniped by this, so let me know if I’m close:
Based on what the commenter below found about sshpiper I believe that you use the ssh identity + the ip from the slot to resolve the vm target. sshpiper knows how to route the ssh identity + slot ip to the correct VM. I suspect you have a custom sshpiper plugin to do that routing.
You use the slot record indirection so you can change the ip of a slot without having to update everyone’s A records across the customer base. It also makes it easy to shuffle around vm-slot mappings within a customer. I haven’t tested, but I’m guessing this dns server is internal (coredns?), and the ips too.
I did something similar (ip + identity routing) for a project a few weeks ago. Yours is a lot more elegant with the dns indirection.
I’m no ssh expert, but in theory you should be able to ssh -J exe.dev myvm.exe.xyz for a one-liner? Or maybe you don't even need it, if that DNS server within the ssh exe.dev is the same as the public DNS. Pardon for not testing it yet!
Would be interested in this too, I did some work in the past to make it work via Envoy proxy using HTTP CONNECT but that requires plugging in proxytunnel[0] or nc on client side.
> $ nslookup abc.exe.xyz
> abc.exe.xyz canonical name = s001.exe.xyz.
> $ telnet s001.exe.xyz 22
> Trying 100.20.12.135...
> Connected to s001.exe.xyz.
> Escape character is '^]'.
> SSH-2.0-SSHPiper
Looks like it's a combination of SSH server IP address + public key.
Each VM you create (up to 25 of them) gets a different CNAME record of the form s0NN.exe.xyz where NN ranges from 01 to 25. Each of these names, from s001.exe.xyz to s025.exe.xyz, resolves to a different IP address.
Therefore the individual VM can be distinguished this way, and the account they are associated with can be identified using the SSH public key that is used to authenticate.
- Email delay to Gmail inboxes for verifying an SSH key used via SSH via email is longer than the timeout of the "Waiting for verification email..." stage in the SSH key registration. Wait longer or provide a non-email way to authorize a new key. You could imagine a few ways to do this: Allow users to add/delete SSH keys from the website or exe.dev shell; create a bearer token/random string that I can generate from the exe.dev shell or website to associate a new SSH key; SSH key signatures (existing key signs new key); SSH CAs (like @cert-authority); etc.
- SSH U2F/FIDO2 authentication support has become mainstream, and offers you a way to have homogeneous auth across web and SSH interfaces. Maybe consider unifying authN this way?
- exe.dev ssh interface does not allow me to list SSH keys, only to delete them. Consider moving all authN/authZ functionality into an "auth" subcommand/submenu (like you have for "share") and support SSH pubkey CRUD in there.
- You make some strong assumptions about email addresses that aren't true -- what happens on email address changes, lost email access, etc. This will become more important when you start billing (and possibly costly).
- How do I manage persistent disks? Any way to attach them to a different VM after I'm done with them on the original one? Is there always a single PD per VM or can these be managed separately? What about data or database volumes? Can PDs be attached to one or multiple VMs at a time?
At what scale do you break even on fixed costs (wages, rents, etc.)?
In which country are the VMs hosted? Do you have a warrant canary? Where's the AUP and how much peeking into customer VMs and storage do you do to enforce it?
None of this actually matters. If you want to keep your data private, host it on your own hardware. Countries, company policies, etc are all essentially irrelevant
I really like the concept, the persistence (with backups!), pre-installed agents, and how easy it is to go from experiment to a live server.
The downsides:
- usage-based pricing would be nice, $20/month is pretty steep to start, but also no room to scale up?
- 100GB/month is only 300k views for a small-ish page or API, 10k req/day is a tiny amount of traffic. Can't make anything public with that. Even the smallest servers at Hetzner have unlimited bandwidth
Those limits make it pretty clear it’s not really meant for hosting a production app. It’s for sharing something you’ve developed with friends/colleagues, or maybe a low traffic webhook handler for some personal thing. I made an Alexa skill for my kids once and it is perfect for that kind of project.
This is very cool, but goodness I wish they'd give an option for a password-based login after the initial verification. In ~10 minutes of playing with it I had to go through 4 email confirmation steps.
I'm very much into the product itself, but that would get extremely tiresome if I was trying to use it consistently. I assume I have to be using it wrong in some way for there to be that much friction...
[exe.dev cofounder here] Hi! Thanks for the feedback. I am deeply allergic to passwords and so I am trying to delay adding them. Did you try our passkey support?
Very impressive demo. From VM curation to vibe coding something running on port 8000 in Shelley just worked in minutes. I imagine quite a few technically impressive things happening under the hood, would be interested in reading more about those.
Small nit: I think you should make it more clear in the docs (if not in the landing page) that one can just use any key with the ssh command the very first time and it automatically gets registered. Also on the web UI one should have the ability to add the ssh keys. I logged into the web UI first, and was a bit confused.
I think the pricing is alright for the resource and remote development features, though might be a bit much if someone doesn't need higher level of resources for deploying something that's mostly already developed.
Anyway, this reminds me of a product called Okteto that had similar UX. They were focused on leveraging k8s for declarative deployment. But for some reason they suspended their managed cloud/SaaS offering for individual/non-enterprise clients, I wonder if it was because they couldn't make the pricing work. Hope that doesn't happen here.
unlike others, i like the site and the initial prompt.
Lost me at "verify email" though. Why get so creative, yet limit yourself to archaic "email". Why do *YOU* the provider need me to have an email or a phone?
Look, mullvad can provide vpn services without email or all that nonsense. If you want people who will use ssh to order things, these are the same people that would get your service because you're not asking for dumb things like email. It's the first thing you ask of potential users, and it's an obstacle preventing them from giving you their money!
You can issue users a recovery/access key and/or let them user their ssh public key and trust they know how to manage that on their own. If you have messages for them, display that when they login. This sort of stuff differentiates your service, ssh does too, but it's cosmetic and gimmicky. I would prefer a rest-api over ssh anyways, but ssh is cool too.
You can’t host compute for anonymous users. I mean you can, but you won’t for long due to the abuse that will inevitably come with it. That you are responsible for. And anyway, it’s not always going to be free.
What are the abuse risks of compute versus vpn? Mullvad is doing it already. Their payment information doesn't need to be "anonymous". I have hosted websites while paying for the domain, vps hosting and all that it entails entirely with BTC, not once using payment information associated with me. But you know what was required of me even then? A damn email address!!
I run https://pico.sh where we don’t ask for email. Even on our website we instruct users to generate a token so if they do lose their key they can use it to recover their account.
People regularly lose their ssh keypair and also don’t generate a token. I think using email as a form of recovery is totally fine and regardless when you have to pay for the service you’re going to give up your email (and other personal info) via payment processor
I would eventually want even payment processors to stop asking for email. They have my address and government id, for any liability related reasons. ideally, we would use federated auth, where auth providers aren't using email at all. I'd imagine the complexity of your backend is simpler too as a result.
And kudos on your service, I'll keep it mind next time I'm picking a provider.
It isn't a free service -- only during the alpha you get access to an "Individual" account which would normally run $20/mo once the test period is over.
Yes, it should be paid of course. Matter of fact, please charge me more for the privilege of not being asked email,phone, credit cards. Just take my money, and feel free to take whatever steps you think are needed to make sure abuse isn't taking places. I champion requiring a "deposit" where if abuse took place the user would forfeit it.
But, my original comment is strictly about email. Even if you asked for a government-id and credit-card payment, I won't object. Just please, no email!
Hello, an exe.dev person here. They are VMs, on a crosvm-derived VMM. So I consider them "actually VMs", though we do not currently support custom kernels. You can do VM things in there, like create TUN devices, etc.
Not super important to me (and you state explicitly it may change) but your docs are a little out of date here, I think. crosvm versus Cloud Hypervisor / Kata Containers, is, I think, different?
exe.dev ▶ doc how-exedev-works
How exe.dev works (how-exedev-works) - press q to exit
You're an engineer. We're engineers. Let's talk about what's going on under the hood.
An "exe.dev" VM runs on a bare metal machine that exe.dev rents. We happen to use Kata Containers and Cloud Hypervisor, but that's a bit of an implementation detail (and may change!).
With most providers, your VM starts with a "base image" and is given a block device. Exe.dev instead starts with a container image (by default, "exeuntu"), and hooks up an overlay filesystem to the VM. This makes creating a new VM
take about two seconds. In exchange, we lose some flexibility: you don't get to choose which filesystem you're using, nor which kernel you're using.
On the networking side, we don't give your VM its own public IP. Instead, we terminate HTTPS/TLS requests, and proxy them securely to your VM's web servers. For SSH, we handle ssh vmname.exe.xyz.
I think I get more what they're going for now. A technical person can setup a server for themselves and setup services to work for multiple projects. But its complex to get everything right. Trying to reuse a server, setting up routing, domains, and so on can be tedious. I guess they abstract that problem. The wild card domains -> VM is a neat mapping. Then making it easy to use your resources and dispose of VMs.
I guess its an innovation at the resource management layer where you create / manage VMs. It's interesting they choose to give away individual plans. That's very generous. Though I'd feel bad using any of their resources.
Just setup an account and started a VM, but it's hanging when trying to access it while waiting on the public key response. Web based terminal not loading either. Guessing the site is getting the hug-of-death from HN users?
> exe.dev is a subscription service that gives you virtual machines, with
persistent disks, quickly and without fuss. These machines are immediately
accessible over HTTPS, with sensible and secure defaults. You can share your
web server as easily as you can share a Google Doc. With built-in optional
authentication, so you can focus on your thing.
> Your VMs share CPU/RAM. Create as many VMs as you like with the resources
you have.
Might be a good place for yunohost/coolify style services, especially if you have multiple separate entities - though probably tricky to do inbound mail because of IP allocation?
i tried this and it's pretty cool, that being said for my use case of spinning up many agents working on my app I'd need a way to specify the docker images that get started with each new VM
i cannot find a way in the docs to start new VMs with a bootstrap script that starts a bunch of services for me and runs a specific docker image
my use-case is that I want a full developer environment for every branch of my project, so i can vibe code on many VMs at a time
EDIT: Just realised there's an image one can pass to the new command. Still it's not clear to me whether private images would be supported and what registry this is using:
exe.dev ▶ help new
Command: new
Create a new VM
Options:
--command container command: auto, none, or a custom command
--env environment variable in KEY=VALUE format (can be specified multiple times)
--image container image
--json output in JSON format
--name VM name (auto-generated if not specified)
--no-email do not send email notification
--prompt initial prompt to send to Shelley after VM creation (requires exeuntu image)
[exe.dev cofounder here] Thanks for the feedback! We do not support private registries yet but it is very much on our mind, it is one of the first things business customers ask for so we know we have to build it.
We are also exploring alternatives for pre-configuring your VM. (Because we make lots of VMs and feel this too, so it is very much on our mind.) One is a sub-second VM "clone" feature, so you can configure a base VM to use as an image.
I normally try to stick to serverless with SST for quick projects because I like that they scale to $0, but this is enticing. Shelley is a great feature and must have well-designed system prompts and tools for testing the website built-in. It just one-shotted a volunteer management app and with just one more click in the console I can expose it to the public.
Seems it's overloaded now. I like the UX though. My usual question with any hosting is how do you avoid this being abused by hackers, scammers, etc.? Right now it's easy to just create any VMs for free based on a mail account, that seems ripe for exploitation (maybe it's down now cause someone's exploiting it?)
[exe.dev co-founder here] Thank you! Not to give too many secrets away, but my hope is to follow a business model I have been part of before, and make it as cheap as possible for individuals so they encourage their employers to buy it for work. So I would very much love to get cheaper.
The two constraints are that, one, when small underlying resources are expensive (we hope to fix that soon by not being small!), and two, we do not want to make the resource allocation so small that the VM feels unpleasant to use. So there is a floor on how small we make them.
That said, I very very much want to drop prices. We started with conservative numbers.
The description of authentication mechanism is confusing me. it’s over ssh, but how is this integrated?
> Private by default, share with discord-style links exe.dev takes care of TLS and auth for you. By default only you can reach your HTTP services, and you have easy mechanims to share them with friends and colleagues.
You ssh in with any key, and it asks you for an email to verify. You're then at a exe.dev console.
There are a couple different link patterns:
exe.dev ▶ doc sharing
Sharing (sharing) - press q to exit
You can share your VM's HTTP port (see the http proxy documentation /proxy) with your friends. There are three mechanisms:
1. Make the HTTP proxy public with share set-public <vm>. To point the proxy
at a different port inside the VM, run share port <vm> <port> first.
Marking it public lets anyone access the server without logging in.
2. Add specific e-mail addresses using share add <vm> <email>. This will
send the recipient an e-mail. They can then log into exe.dev with that e-mail,
and access https://vmname.exe.xyz/.
3. Create a share link with share add-link <vm>. The generated
link will allow anyone access to the page, after they register and login.
Revoking the link (which can be done with the remove-link command)
does not revoke their access, but you can remove users who are already
part of the share using share remove <vm> <email>.
Thanks! love the idea, looking forward to playing with this. I understand now from comments that this was brought to this site sooner than intended, sorry if I asked in a rude way.
I've tried this out and I could definitely see myself using it. Could use it as a form of build machine or even distribute some of my infra onto them maybe. I don't work with agents very much but still, this is neat and I hope it gets better!
Simpler and easier seems to be the answer. How much does it cost to spread 8gbs RAM across some VMs? Most providers require additional of how many VMs over how many hours, what the specs kf each are specifically, etc. Then once you have it you're setting up an SSH key or shared password depending on use and they make the authentication simpler as well. Maybe wouldn't be great for a huge business but it's you just wanted the ability to play with an isolated server, it might be worth it.
I don't really see what's so different about this than any other dedicated server provider... I can sign up to any host right now and get an email with access to the server details... Like, what am I missing here?
Remote resources only get your public key. It’s meant to be shared! Hence the word “public.”
The threat is having a private key stolen, in which case, having multiple keys can mitigate the amount of damage a threat actor can do. However, to steal your private key would involve a successful attack against your client, not against any server you might have given the public key to.
Definitely going to give this a try. One thing I'm curious about--where are the servers? And if I want to choose hosting geographically close to me, how do I do that?
I'm not a fan of making ssh the primary access mechanism for a service. Just make a simple Web panel for managing VMs, and actually explain on the service on the Web page.
I'd love an easy way to connect to and run an existing GitHub/GitLab repo in a VM and spin it up, and iterate on that and be able to open PRs etc from there.
Super cool. I can't justify investing time in it at the planned pricing but I'll keep an eye on it if they can hack together a more competitive VPS option.
This is awesome. I just maxxed out my tokens in Shelley, but was able to vibe code this Rails app that lets anyone register an aircraft and then fly it in a synchronized world interfaced through a Garmin G1000 knock off. Sign up (feel free to use a fake email address) and set up a flight now and let's see how many aircraft we can get going! If this is a cool idea let me know and I'll probably end up paying to continue developing this :)
I have not used E2B (though I really like their web site), though it looks like there are quite a few differences. Our disks are persistent (without manual snapshotting), we have a TLS proxy by default with built-in auth and link sharing.
It also looks like they have many features we do not have (yet).
I believe the target use is also quite different. You can use exe.dev VMs for running your agent. But you can also use it for hosting your site. E.g. blog.exe.dev is an exe.dev VM.
Thanks for the response. In the "How exe works" page, it's mentioned that exe runs on bare metal with Kata containers, how is it different from firecracker? Were there any advantages?
Thanks, I couldn't figure out what the hell was wrong. The front page is just... not helpful. Given the amount of pushbash how everyone feels about this, it should be removed from HN frontpage!
Thanks. I feel like I expect home pages to contain at least a modicum of information. And three seconds spent thinking about accessibility would have told them that light gray links on a white background are a terrible idea...
Apologies for the vagueness of the home page, we were not expecting to be here today. There is a little more info in our first blog post https://blog.exe.dev/meet-exe.dev and docs, but far needs to be written.
(We have also built some interesting tech behind this that we are excited to write up, I have a doc two pages long of blog posts we want to write.)
No matter what i do, i can't ssh into VM that i created
Local terminal; always timeout
built in terminal; SSH handshake failed: ssh: handshake failed: EOF
shelley agent seems to be install, but it always shows isn't running.
[exe.dev co-founder here] This grew out of our work on sketch. We built a container-based system for it, and found ourselves saying "I wish we just had a computer." This is our answer to that.
If you are interested in our work and agents, I would suggest trying Shelley, the little agent we have in exe.dev. There has been some discussion about what to do with sketch on its discord channel, but we won't be putting energy into it going forward.
(A blog post with far more details is in the works.)
very cool, my only reason for not using it is latency. recommendation: look up user's ip and geo location, spin up VM in a datacenter with lowest latency.
[exe.dev co-founder here] It is planned! The reason we have not got to it yet is it needs to be very different than IPv4 support. We have spent a lot of time on machinery to allow `ssh yourmachine.exe.xyz` work without having to allocate you an IPv4 address. The mechanisms for IPv6 can and should be different, but they will also interact with how assigning public static IPv4 addresses will work in the future.
We do not want to end up in the state AWS is in, where any production work requires navigating the differences between how AWS manage v4 and v6. And that means rolling out v6 is going to be a lot of work for us. It will get done.
I guess I'm the only one that appreciates the extremely minimal site design. Main page was interesting, clicked about, understood the idea, clicked login, enjoyed having no password, added a passkey, spun-up a server.
Did have an issue with auto-generated server name being taken (and similar names being taken). So there could be even less friction on that aspect. But I like the idea of not talking/listing features or showing diagrams, just give me access.
I mean I do need to know pricing, usage limits, uptime etc. But just let me easily find that after giving access.
Oh, we're doing Fly again? Cool! I don't mean that sarcastically -- making it dead simple to get a VM at a domain or IP in a few seconds is good and useful. We should keep trying this idea, because every time it gets easier.
On a side note, a lot of people in this thread are doing a sort of "I don't get it, your website sucks" but it's like, come on dude! Just read the site! It takes less time to read the pricing, docs, and FAQ than it does to post about how you don't get it.
[exe.dev co-founder] Hi! There is a mobile site. It is not super visible right now but you can use it to create VMs (and even build something on them with our agent if you like). If you ran into a particular bug I would love to get it in the issue tracker so we can fix it.
Val.town seems to be serverless, where as this is explicitly a server. One is really a subset of the other though, so I suppose if you're deploying ts functions to a service/server, and your execution costs match up with the tiers here, exe.dev could be cheaper.
Awesome project which I first thought might have something to do with microsft .exe format but not that big of a deal and I find this project really cool and I had thought about similar project like these so kudos that you built something like this!
I mean it and I wish the best of luck for the project
That being said, I tried to look at it for asap golang project deployments and I am the creator of https://spocklet-pomodo.hf.space/ a single main.go + single dep multiplayer pomodoro (please note that it was one shotted out of curiosity and also frustration as https://cuckoo.team would sometimes glitch for me)
That being said, I face the issue where I can't have a go.mod or run go mod tidy because I face this error
exedev@crimson-cobra:~$ go mod tidy
go: finding module for package github.com/gorilla/websocket
go: pomodo imports
Hope that the project fixes this and wishing best of luck to the project. I am a little busy right now with studies but your idea truly inspired me and perhaps I want to create a similar thing or collaborate on it with you too so I will join discord hopefully sooner than later.
I am looking further into it and seeing if I can fix that error as I would love to host some exe.dev's services and wishing the best of luck for the project and hope that it becomes sustainable enough.
Out of curiosity, if I may ask, what is the tech stack behind this which generates the vm's. Is it libvirt or firecracker perhaps?
For my own use cases, I recently rediscovered incus and even ran it on cachyos on my desktop to try it out and there were some hiccups partially because I was running it on non standard debian/ubuntu but I am overall very pleasant with incus but still, I am interested in what tech stack you used so please discuss!!
Also what cloud provider are you using. Pro tip but if you are looking for something cheap, either go with ovh or upcloud.
I really really love hetzner a lot too. (Hey hetzner_OL if you are reading this, love hetzner, have a nice day and hope your christmas was good:)
But still hetzner is a little admittedly more strict than ovh but maybe hetzner can respond to it as I know that their policy can ban accounts if someone abuses and considering that you provide compute (to even free) chances of abuse can rise but overall hetzner's the cheapest so I hope hetzner team might make an special exception/response to your post/my comment.
I am imagining a github private action which ssh's into this and then updates and runs a simple shell script which can be a reinstall state every time someone updates something in git to get git-ops style workflow. If someone implements it for exe.dev, just credit me :) (if you so wish)
`
An amazing product overall. 7/10 due to that one hiccup which saddened me a bit (but which I have faith can be fixed) but its a 9-10/10 potential and that means a lot and a 7/10 at launch is pretty good
Please just tell me every decision/question I had in depth since I love details about projects like these ^^
Another minor suggestion I can have is having asciinema gif too to showcase what it does for some people. To me I only understood to run the command ssh exe.dev which then helped me learn but the only way I understood what exe.dev does beforehand was reading the comments on HN
An asciinema can go a long way in this journey, perhaps, let me know your thoughts.
And have a nice day! One thing I am wondering tho is if you are gonna open source the project, one project which feels similar to your project which is open source is this https://github.com/ekzhang/ssh-hypervisor that runs on top of firecracker
Hi there u/Imustaskforhelp - Thanks for the holiday greetings! I hope you also had a good Christmas.
I am not a part of the abuse team here at Hetzner, and unfortunately therefore cannot make a decision either way. I suggest that you write directly to our support team/abuse team and describe your intended use case in as much detail as possible. They may have some follow-up questions for you and will be able to give you a clear yes/no answer. --Katie
POST /gateway/llm/_/gateway/fireworks/inference/v1/chat/completions HTTP/1.1
Host: 169.254.169.254
User-Agent: Go-http-client/1.1
Content-Length: 491
Accept: application/json
Authorization: Bearer implicit
Content-Type: application/json
Accept-Encoding: gzip
{"model":"accounts/fireworks/models/qwen3-coder-480b-a35b-instruct","messages":[{"role":"user","content":"Generate a short, descriptive slug (2-6 words, lowercase, hyphen-separated) for a conversation that starts with this user message:\n\nhello\n\nThe slug should:\n- Be concise and descriptive\n- Use only lowercase letters, numbers, and hyphens\n- Capture the main topic or intent\n- Be suitable as a filename or URL path\n\nRespond with only the slug, nothing else."}],"max_tokens":8192}
And, perhaps of more interest, actual conversations which start with the system prompt:
POST /gateway/llm/_/gateway/fireworks/inference/v1/chat/completions HTTP/1.1
Host: 169.254.169.254
User-Agent: Go-http-client/1.1
Content-Length: 10513
Accept: application/json
Authorization: Bearer implicit
Content-Type: application/json
Accept-Encoding: gzip
{"model":"accounts/fireworks/models/qwen3-coder-480b-a35b-instruct","messages":[{"role":"system","content":"You are Shelley, a coding agent and assistant. You are an experienced software engineer and architect. You communicate with brevity.\n\nYou have access to a variety of tools to get your job done. Be persistent and creative.\n\n
...
Truncated as it's huge, but here's a copy of the request data: https://victory-george.exe.xyz. Interesting to see the range of tools offered by the agent.
Turns out the request is coming from localhost because it's being forwarded over SSH. Their HTTP proxy causes a new SSH connection to be made to the VM:
Connection from 10.42.0.1 port 37456 on 10.42.1.75 port 22 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version Go
debug1: compat_banner: no match: Go
Which then requests a local TCP connection, in this case to port 8000:
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype direct-tcpip rchan 0 win 2097152 max 32768
debug1: server_request_direct_tcpip: originator 0.0.0.0 port 0, target 127.0.0.1 port 8000
debug1: connect_next: start for host 127.0.0.1 ([127.0.0.1]:8000)
debug2: fd 7 setting O_NONBLOCK
debug2: fd 7 setting TCP_NODELAY
debug1: connect_next: connect host 127.0.0.1 ([127.0.0.1]:8000) in progress, fd=7
debug3: fd 7 is O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 0: new direct-tcpip [direct-tcpip] (inactive timeout: 0)
debug1: server_input_channel_open: confirm direct-tcpip
debug3: channel 0: waiting for connection
This is in contrast to a normal SSH shell session:
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new session [server-session] (inactive timeout: 0)
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
Also there's a funny little Easter egg within the SSH connection to exe.dev, if you look closely. I don't want to spoil it for anyone, but it was nice to see.
That must be worst website ever made.
Zero information available on mobile.
I thought it is some kind of portfolio site that does not work on mobile.
Not a mobile issue. I am on desktop and had no idea what this service was because nothing on the initial UI explained what we were looking at. I went and double-checked when people here were talking about pricing and VMs. From the home page, I figured it was some text-based game or experiment and closed the page.
It looks like some people who work there are watching this thread, so to them I say: You have got to explain what this is, not just say "the disk persists..." and expect people to dig deeper. Most aren't that curious.
>From the home page, I figured it was some text-based game or experiment and closed the page.
Same, my first thought was that it's some pentesting game where you're given a VM and your task is to somehow break it. The line "the disk persists. you have sudo" sounds like game rules.
It's odd to see how people are not accustomed to plain websites anymore. You click the 'About' link in the footer, and get a direct explanation of what it is, pricing and the entire documentation.
10 replies →
The website has a huge `ssh exe.dev`, so I'd expect that running that works, but:
Why put an SSH command in a huge banner if I have to go around and register before I can use it anyway?
1 reply →
I thought it was one of those game sites where you had to "hack" it every step of the way to advance the next level.
It's kind of funny our experiences are so diffent. I almost immediately surmised it's some sort of on the fly generated vm you can access via a ssh jumpserver. Which it is! It's actually really neat. It's quite obvious that the authors want us to just ssh into it and try it out first.
> I almost immediately surmised it's some sort of on the fly generated vm you can access via a ssh jumpserver
How? It just says `ssh exe.dev`. Unless you are clairvoyant.
26 replies →
Yep, with no privacy policy published.
1 reply →
Agree, I finally found information via
Homepage -> blog -> docs -> "all docs" button:
https://exe.dev/docs/list
Which has an about and pricing etc.
That is very counterintuitive to just find out what this is.
I wouldn’t go that far but some link to pricing and documentation would be useful. I have absolutely no idea what the offering is here without those pieces of info.
Their pricing page says that it's currently a free trial.
https://exe.dev/docs/pricing
1 reply →
Yeah. I managed to backtrack my way to the pricing through the about page.
It's really annoying when you're interested in a product but can't find a price.
I was confused too. I first thought I should open up my terminal and just enter `ssh dev.exe` and this would be some kind of ssh-based interface? Honestly my first thought is that it would be one of those cool dev hack / art projects like the old starwars traceroute to 216.81.59.173
It didn't read as a company with products at all to me from the front page. Just a cryptic " The disk persists. You have sudo." with links to "Login" and "About * Blog * Discord" --- no pricing link, which made me think it was a weird hobby / art.
ssh exe.dev works
The exact text on mobile is
> ssh exe.dev
> The disk persists. You have sudo.
I've seen enough of these kinds of services in my lifetime that I also immediately knew what it was, for example sdf.org, which is one of the OG services, and various "tilde" services like tilde.town.
I thought the same, but it’s not quite like either of those things. It has their same benefits but way more flexibility with its VM model. It offers auth, and will forward most ports for developer access.
All this was totally lost on me from looking at the website. “I already have tilde and sdf, I don’t need this.”
If I hadn’t looked into the comments I would still think that.
I can see
> ssh exe.dev
> The disk persists. You have sudo.
on mobile
It is showing non-stop loading blink but nothing happens.
And cannot open keyboard if that is needed. It is like big CTA but does not do anything.
Very strange landing page for maybe cool product.
2 replies →
That as my first thought too. Landing page may as well be an empty page
Hyperbole much? I'm on mobile and think it's great. I wish more websites were like this. Just straight to the point instead of all the regular marketing fluff you need to decipher.
pricing information and what it does/how it works is not marketing fluff
1 reply →
It is not ”to the point”.
I thought it was a web game.
Agreed. Target audience will understand instantly
This thread seems to reflect how the HN audience has shifted — less commenters know what `ssh example.com` does and more commenters concerned about privacy policy.
i'm not sure what you mean; the demo runs with the ssh command in the centre, there's an 'about' link at the bottom, and that links to a docs index
it's fiine i think
Come on guys, it literally says 'ssh exe.dev'
Yeah, and it really is not I would want to do, just like diving into unknown water that sparkles weird.. It's an instinct, can get past it but to get more info about the service... nah.
2 replies →
It would be funny if it was literally the best website I've seen in like a year...
... which it is.
Did you try clicking one link into "about" and reading one paragraph of text?
So I tried this the other day after Filippo Valsorda, another Go person, posted about it. My reaction was 'whoa, this really makes it easier to start a quick project', and it took a minute to figure out why I felt that way when, I mean, I have a laptop and could spin up cloud stuff--arguably I already had what I needed.
I think it's the combination of 1) really quick to get going, 2) isolated and disposable environments and 3) can be persistent and out there on the Internet.
Often to get element 3, persistent and public, I had to jump through hoops in a cloud console and/or mess with my 'main' resources (install things or do other sysadmin work on a laptop or server, etc.), resources I use for other stuff and would prefer not to clutter up with every experiment I attempt.
Here I can make a thing and if I'm done, I'm done, nothing else impacted, or if it's useful it can stick around and become shared or public. Some other environments also have 'quick to start, isolated, and disposable' down, but are ephemeral only, limited, or don't have great publishing or sharing, and this avoids that trough too. And VMs go well with building general-purpose software you could fling onto any machine, not tied to a proprietary thing.
This is good stuff. I hope they get a sustainable paid thing going. I'd sign up.
Also, though I realize in a sense it'd be competition to a business I just said I like: some parts of the design could work elsewhere too. You could have an open-source "click here to start a thing! and click here to archive it." layer above a VM, machine, or whatever sort of cloud account; could be a lot of fun. (I imagine someone will think "have you looked at X?" here, and yes, chime in, interested in all sorts of potential values of X.)
> persistent and public
I don't think that it's actually public? From one of their explainers, no public IP is assigned, so you'll need to ar least have to use an additional service like Cloudflare Tunnel to use it for hosting anything.
[exe.dev co-founder here] You can make it public! Our TLS proxy supports it, and supports CNAME rules (plus a top-level trick) to let you put a domain name on it. To make the HTTP server on port 8000 of your VM public run:
5 replies →
FWIW, here are (mostly) their agent's tips for other agents from exploring a mostly-new system including tidbits like how to get recent Node: https://s3.us-east-1.amazonaws.com/1FV6XMQKP2T0D9M8FF82-cach...
It's very much a snapshot of what happens to come on a new VM today, and I put a little disclaimer in it to try to help tools get unstuck if anything there proves to be outdated or a flat-out (accidental) lie.
Thank you! This is a very useful one-pager, answers many questions I had I couldn't find in their documentation (being on mobile I couldn't test with SSH).
The individual plan says:
— $20/month
— 25 VMs
— 2 CPUs
— 8GB RAM
— 25GB disk
— 100GB bandwidth
Is this 2 CPUs/8GB RAM per VM (in other words, 50 CPUs/200GB RAM)? If so, this is an unbelievable bargain (too good to be true?); other cloud providers charge hundreds of dollars per month for an equivalent VM.
If, OTOH, it's 2 CPUs/8GB total, Hetzner offers an equivalent VM for about $5/month (with much more disk and bandwidth), and I'm not sure what the exe.dev value proposition is. (I'm also not sure why one would want to split 25 VMs across so few shared CPUs/such little memory.)
No I apologize for the confusion (exe.dev person here). What is different about this service is you get dedicated resources that you share between your VMs. The initial allocation is conservative, we want to give people more (or drop the price).
The goal is to reduce the marginal cost of creating a VM to zero. Instead of installing a container manager or using Unix users, just make another VM.
(I will get a better version of this table online tonight.)
You guys really need to work on simplifying your communication on your website. I was also very confused about how the 8GB - whether it is per VM, shared etc.
2 replies →
>Instead of installing a container manager or using Unix users, just make another VM.
What is the advantage of this? Unless you need something exotic like different kernel configurations per instance, what's the problem with using containers on the same instance?
BTW, a Hetzner dedicated server with 2 CPUs/8GB RAM that would let me run my own hypervisor is about $14 USD/month. For anyone who's a big enough power user to care about the distinction of running distributed workflows on VMs versus containers, I'm not sure that an extra $5/month is worth your "hypervisor as a service." But then again, HN commenters infamously poopooed Dropbox [0], so what do I know? :-)
[0] https://news.ycombinator.com/item?id=9224
4 replies →
> dedicated Are plan CPUs pinned/reserved (dedicated) or time-shared with other customers under load, and what contention should I expect?
Is rsync installed in the stock vm environment by default?
Asking for a friend…
4 replies →
The docs remark “VMs share the resources allocated to the user” so I interpret as resources allocated to your account, VMs provisioned within those limits.
That's decent value considering the price of a vps is close for much more work.
The only difference is the bandwidth: vps in europe givr you 10 tiles that, unmeterred.
Very cool for training: I can make people log into those vm and deploy nginx just for learning.
The value proposition appears to be CLI cred.
It's not actually a VM - it's a container, and they are fundamentally different. This feels like false advertising.
I guess the question is: can I run systemd services ob their VMs? If not, then yeah that’s false advertising.
But my perception from the homepage is you can. Am I wrong?
I signed up and started a VM. Didn’t really expect the default chat interface at boot. I’m currently on my iPad and would probably have bookmarked it for later, but now I’m playing with it. Cool idea :)
Edit: it comes out of the box with screenshot capabilities. The defaults on this are very well considered. Im impressed within the first 15 min. Edit2: this is very neat. I will be recommending it to my non-coder friends who don’t really have the local setup to use Claude but would like to try a Claude-like tool.
You have got to make a better website design. I'm a very curious person so was able to figure out what this was but you cannot expect all visitors of your website to be that way.
Also, stop charging for SSO/OAuth2 integration. Seriously. There's a huge list of services that stupidly charge for SSO/OAuth integration at https://sso.tax, and this list needs to get smaller, not grow. SSO doesn't cost anything to implement. Especially if I'm the one hosting it on my own infrastructure.
[exe.dev co-founder here] Hi. Re: oauth2, the last product I built, Tailscale, only did auth by oauth2. I chose this because 1. businesses need it anyway, and 2. passwords are terrible.
But it was a choice that does not come for free. I dread a page of buttons for third-party services, and the control I give them over my life. I hate that I never know if I should log in with GitHub, or Google, and for a dozen services I have multiple accounts because I got lost in the miasma of oauth2.
Still, it was better than passwords!
But since the last product I built, the world has changed. We have passkeys now. Which are superior in every way for individuals using a third-party service. You get better UX. You get better privacy. It is a fundamentally better technology.
I did not list SSO under teams because I want to "tax" people. I did it because SSO only makes sense for businesses, where an administrator controls accounts, and can delete yours when necessary. There, oauth2 is the best technology we have. But for individuals, it is a dead technology. I am reluctant to make everyone's exe.dev experience worse for legacy tech.
"We" don't have passkeys now. Many functional android devices are not being upgraded to the latest Android versions, and simply will never get true passkey support that isn't locked away inside of Google's vault.
Passwords are much better than the OAuth2 coolaid, and passwords will still be better as long as older devices can't support passkeys due to arbitrary restrictions.
Appreciate you not following Tailscale's authentication many SSO provider approach. It makes sense for teams/business, (Tailscale's customers) but creates some confusion and extra friction for casual homelab users like me. I have a note in 1Password for tailscale.com just titled "USE GITHUB AUTH".
Passkeys work great for me and I greatly prefer them. Exe.dev I think is the first service I've seen that's so passkey centric and it makes a lot of sense.
I don't see how Oauth2 is a legacy technology. It will never be until all of the problems of passkeys are solved. And I very much wouldn't just dismiss oauth2 as something only businesses have, because Oauth2 does have its uses where it can convey information a passkey cannot.
Great answer, thanks for following up with your reasoning.
The only people who care about SSO are large enterprises. Coincidentally, large enterprises also are the only customers that make SAAS profitable. Every other plan is part of the sales funnel to the big enterprise contracts.
> The only people who care about SSO are large enterprises.
I can't tell if this is sarcasm or not. I'm going to assume that it is, in fact, sarcasm. Because this is definitely untrue in reality.
Is this meant as sarcasm?
I run a bunch of services for friends and family, things like Immich, wallabag, mealie etc. Less than 10 users, but do you expect me to crate and maintain separate accounts for each one for every service?
The SSO tax is stupid. If your whole business model is based on putting SSO behind a paywall, it’s a sign of a broken business model.
This is cool. I am currently using GitHub codespaces and I would love a version of it with nothing but a web based terminal. I don't need all the other windows they put around it. This might be it.
Trying my way around it now. Not sure what is going on:
What is "exe.dev repl"? Am I not in a shell?
Damn, it seems the "shell" is not a Linux shell?
[exe.dev co-founder here] Hi there, I am not sure exactly where you are, but your VM is ubuntu derived and definitely starts with apt and bash. Perhaps try `ssh yourvm.exe.xyz`?
Thanks for trying it!
I can't use a native ssh client. I am using a browser. I clicked on "Shell" on top of the screen.
Oh, I think I found a real shell now! You have to click "VMs" then on the VM and then "Terminal".
Yay, this is great!
While at tailscale you built sketch.dev only to actually build this product ? Love it. Ultimate yak shave. Kind of how like Antithesis was the product inside foundationdb.
What you connect to first is the exe.dev jump server/management interface. You can ssh into your vm from there. Try typing help
Nmap 52.35.87.134 (exe.dev) Returns many open ports
I wish they'd auto auth you with Github based on your pubkey, in a similar spirit to `ssh whoami.filippo.io`[1]. That would remove so much signup friction.
SSH is really the only protocol you can do shenanigans like that over, it's a shame not to use them.
[1] (seems overloaded right now) https://words.filippo.io/whoami-updated/
That is neat trick, and interesting to know that's how ssh git@github.com works, but that does not feel practical for a real usecase. Aside from relying on a scrape of the Github users API (there's no "look up user by pubkey" API), what if I wasn't expecting to automatically log in with Github?
Absolutely. For example, if I use specific SSH keys for specific hosts.
Wouldn’t that be solvable with subdomains? Eg
ssh crabmusket.github.exe.dev
Oh I’m going to need more info than this. It’s a service that provides persistent disk and VM’s but doesn’t tell you what those shared resource limits are, what the pricing is, or anything other than to ssh in…
Hello, an exe.dev person here. There are some very early docs, exe.dev/docs (which are also accessible over ssh once you ssh in). There is a lot more to come, very early days, please bear with us. I was not expecting to see it here today.
I have played with it and it's so easy get started with that now I want a quick-project idea as an excuse to use it!
I'm sure you've thought of this, but: lots of people have some amount of 'free' (or really: zero incremental cost to users) access to some coding chat tool through a subscription or free allowance like Google's.
If you wanted to let those programs access your custom tools (browser!) and docs about the environment, a low-fuss way might be to drop a skills/ dir of info and executables that call your tools into new installs' homedirs, and/or a default AGENTS.md with the basic info and links to more.
And this seems like more fuss, but if you wanted to be able to expose to the Web whatever coding tool people 'bring', similar to how you expose your built-in chat, there's apparently an "agent control protocol" used as a sort of cross-vendor SDK by projects like https://willmcgugan.github.io/toad-released/ that try to put a nice interface on top of everything. Not saying this'd be easy at all, but you could imagine the choice between a few coding tools and auth info for them as profile-level settings pushed to new VMs. Or maybe no special settings, and bringing your own tools is just a special case of bringing your own image or setup script.
But, as y'all note, it's a VM. You can install whatever and use it through the terminal (or VSCode remoting or something else). "It's a computer" is quite a good open standard to build on.
Is the chat descended from Sketch?
3 replies →
This kind of stuff is right up my wheelhouse so curious how.
I love the idea of just ssh in and do your thing. I’ll bookmark and come back when there’s some more info. Things are going to move fast…
Dang, everything about this feels really well considered. Semi-throwaway, nearly bare-metal machines that I can put on the internet with basically 0 config? I'll take
[exe.dev co-founder] Or don't throw them away! The disk persists. And thank you!
Sorry if I missed this in the docs, but how robust is the persistence? ie is it the disk that comes with a standard AWS VM? or is it a share backed by e.g. Ceph with multiple redundant copies?
1 reply →
i got to try exe a while back and i have to say, the "Login with exe" [1] is probably the most magic thing i've seen since tailscale :)
[1] https://exe.dev/docs/login-with-exe
That's called forward auth - or proxy auth
You can do the same thing - with the added burden of actually having to set it up once ... After you set it up, it's however just as trivial to add new systems like with this linked example.
I got pretty much everything I'm self-hosting like that via keycloak (which itself let's me do social with via GitHub and Google etc pp) and a very similar nginx config like it's shown in these docs.
But the initial setup took multiple hours, even if the adding new services which support forward/proxy auth is extremely easy now.
(Jellyfin sadly doesn't as an example)
Just saying it in case you want to check it out.
I think it's fantastic they added that/provide this to their platform - it's a wonderful value-add
I think running and managing and possibly misconfiguring a keycloak java monolith would be exactly what I'd want to avoid which is why it's cool that they offer this.
1 reply →
The problem without having consent is that it's easy to track who is using your service. Because there's no consent, they can redirect you to login and back, and grab your identity, without you doing anything other than loading the page.
I really enjoyed using this service. I signed up on my phone two nights ago, (using termux + ssh) and then used the builtin web agent to setup a small webapp. I was up and running with an HTTPS server in minutes, since all the HTTPS certs are automatically taken care of.
I'm not using it yet, but the way that it handles sharing looks incredibly sweet: an excellent way to take "home-cooked software and bare-foot developers" "perfect software: an audience of one" from one to a few / many people. Just sharing links that people can easily sign into, without having to build a whole auth system seems ridiculously easy here, and that is super cool. You don't have to think about it, you can just build your app: this fills a huge gap that makes making connected online software so much easier. https://news.ycombinator.com/item?id=46334206 https://exe.dev/docs/sharing
I used the included Shelley agent, which has a perfectly adequate simple web ui, to do all development. It was able to debug a bunch of pretty gnarly problems, using screenshots & scrolling down to get check it's work.
My output is a super simple site, very close to vibe coded, in ~90 minutes, but I quite enjoyed setting up a little guestbook project here: https://nan-falcon.exe.xyz/
I'd be interested if I knew who was behind the company and could reasonably trust that I wasn't going to get my data stolen etc.
Hello, I am behind this company. My co-founder Josh Bleecher Snyder has also been hanging around the internet for a while. There are several of us hacking away. It is very early days, we have a lot of work to do to earn your trust but it is my intention to do so.
Pulled from your Github, just to make it easier for folks to make sense:
> David Crawshaw - before this, CTO and co-founder of Tailscale
> Josh Bleecher Snyder - was a Director of Engineering at Braintree, amongst other things
1 reply →
The devs are long time Go and Tailscale hackers, and have earned my trust several times over. They will earn yours too, I bet.
Yeah it sounds pretty promising. Will def keep an eye out. Even just knowing who the humans behind the project goes a long way.
This is freaking fantastic. However, as a community college instructor I would like to have this self-hosted on a computer in campus. Excluding the CLI niceties, etc., it shouldn't be to hard to get a similar setup with Docker et al, right? (not for production)
It's not possible to run real VMs with docker (though you can get something similar with qemu). VM isolation is also much stronger than docker's, and VMs tend to be much more secure.
But if you just need a shell then yes, you can make something similar with docker.
Looking at the pricing plan, even the cheapest one is overkill. I don't need that much. 2GB memory with a 6VM limit would be plenty.
How do you proxy the SSH connections? I thought you could not do hostname-based proxying with the SSH protocol
[exe.dev co-founder here] You are right, you cannot! It was quite a bit of work. We have a blog post in the works that should come out in a couple of weeks with all the details.
I was just sufficiently nerd sniped by this, so let me know if I’m close:
Based on what the commenter below found about sshpiper I believe that you use the ssh identity + the ip from the slot to resolve the vm target. sshpiper knows how to route the ssh identity + slot ip to the correct VM. I suspect you have a custom sshpiper plugin to do that routing.
You use the slot record indirection so you can change the ip of a slot without having to update everyone’s A records across the customer base. It also makes it easy to shuffle around vm-slot mappings within a customer. I haven’t tested, but I’m guessing this dns server is internal (coredns?), and the ips too.
I did something similar (ip + identity routing) for a project a few weeks ago. Yours is a lot more elegant with the dns indirection.
I’m no ssh expert, but in theory you should be able to ssh -J exe.dev myvm.exe.xyz for a one-liner? Or maybe you don't even need it, if that DNS server within the ssh exe.dev is the same as the public DNS. Pardon for not testing it yet!
Would be interested in this too, I did some work in the past to make it work via Envoy proxy using HTTP CONNECT but that requires plugging in proxytunnel[0] or nc on client side.
Looks like it uses sshpiper[1]?
[0] https://github.com/proxytunnel/proxytunnel
[1] https://github.com/tg123/sshpiper
Looks like it's a combination of SSH server IP address + public key.
Each VM you create (up to 25 of them) gets a different CNAME record of the form s0NN.exe.xyz where NN ranges from 01 to 25. Each of these names, from s001.exe.xyz to s025.exe.xyz, resolves to a different IP address.
Therefore the individual VM can be distinguished this way, and the account they are associated with can be identified using the SSH public key that is used to authenticate.
Interesting interface. Some feedback:
At what scale do you break even on fixed costs (wages, rents, etc.)?
In which country are the VMs hosted? Do you have a warrant canary? Where's the AUP and how much peeking into customer VMs and storage do you do to enforce it?
They terminate TLS. It seems like you wouldn’t want to use this service even if all those questions were answered to your satisfaction.
None of this actually matters. If you want to keep your data private, host it on your own hardware. Countries, company policies, etc are all essentially irrelevant
I really like the concept, the persistence (with backups!), pre-installed agents, and how easy it is to go from experiment to a live server.
The downsides:
- usage-based pricing would be nice, $20/month is pretty steep to start, but also no room to scale up?
- 100GB/month is only 300k views for a small-ish page or API, 10k req/day is a tiny amount of traffic. Can't make anything public with that. Even the smallest servers at Hetzner have unlimited bandwidth
Those limits make it pretty clear it’s not really meant for hosting a production app. It’s for sharing something you’ve developed with friends/colleagues, or maybe a low traffic webhook handler for some personal thing. I made an Alexa skill for my kids once and it is perfect for that kind of project.
$240/yr is not "perfect" for a toy/hobby project.
This is very cool, but goodness I wish they'd give an option for a password-based login after the initial verification. In ~10 minutes of playing with it I had to go through 4 email confirmation steps.
I'm very much into the product itself, but that would get extremely tiresome if I was trying to use it consistently. I assume I have to be using it wrong in some way for there to be that much friction...
[exe.dev cofounder here] Hi! Thanks for the feedback. I am deeply allergic to passwords and so I am trying to delay adding them. Did you try our passkey support?
Very impressive demo. From VM curation to vibe coding something running on port 8000 in Shelley just worked in minutes. I imagine quite a few technically impressive things happening under the hood, would be interested in reading more about those.
Small nit: I think you should make it more clear in the docs (if not in the landing page) that one can just use any key with the ssh command the very first time and it automatically gets registered. Also on the web UI one should have the ability to add the ssh keys. I logged into the web UI first, and was a bit confused.
I think the pricing is alright for the resource and remote development features, though might be a bit much if someone doesn't need higher level of resources for deploying something that's mostly already developed.
Anyway, this reminds me of a product called Okteto that had similar UX. They were focused on leveraging k8s for declarative deployment. But for some reason they suspended their managed cloud/SaaS offering for individual/non-enterprise clients, I wonder if it was because they couldn't make the pricing work. Hope that doesn't happen here.
unlike others, i like the site and the initial prompt.
Lost me at "verify email" though. Why get so creative, yet limit yourself to archaic "email". Why do *YOU* the provider need me to have an email or a phone?
Look, mullvad can provide vpn services without email or all that nonsense. If you want people who will use ssh to order things, these are the same people that would get your service because you're not asking for dumb things like email. It's the first thing you ask of potential users, and it's an obstacle preventing them from giving you their money!
You can issue users a recovery/access key and/or let them user their ssh public key and trust they know how to manage that on their own. If you have messages for them, display that when they login. This sort of stuff differentiates your service, ssh does too, but it's cosmetic and gimmicky. I would prefer a rest-api over ssh anyways, but ssh is cool too.
You can’t host compute for anonymous users. I mean you can, but you won’t for long due to the abuse that will inevitably come with it. That you are responsible for. And anyway, it’s not always going to be free.
What are the abuse risks of compute versus vpn? Mullvad is doing it already. Their payment information doesn't need to be "anonymous". I have hosted websites while paying for the domain, vps hosting and all that it entails entirely with BTC, not once using payment information associated with me. But you know what was required of me even then? A damn email address!!
2 replies →
Getting a usable e-mail and phone is a few cents spent on one of the many shady SMS-reception services.
1 reply →
I run https://pico.sh where we don’t ask for email. Even on our website we instruct users to generate a token so if they do lose their key they can use it to recover their account.
People regularly lose their ssh keypair and also don’t generate a token. I think using email as a form of recovery is totally fine and regardless when you have to pay for the service you’re going to give up your email (and other personal info) via payment processor
I would eventually want even payment processors to stop asking for email. They have my address and government id, for any liability related reasons. ideally, we would use federated auth, where auth providers aren't using email at all. I'd imagine the complexity of your backend is simpler too as a result.
And kudos on your service, I'll keep it mind next time I'm picking a provider.
It isn't a free service -- only during the alpha you get access to an "Individual" account which would normally run $20/mo once the test period is over.
https://exe.dev/docs/pricing
Yes, it should be paid of course. Matter of fact, please charge me more for the privilege of not being asked email,phone, credit cards. Just take my money, and feel free to take whatever steps you think are needed to make sure abuse isn't taking places. I champion requiring a "deposit" where if abuse took place the user would forfeit it.
But, my original comment is strictly about email. Even if you asked for a government-id and credit-card payment, I won't object. Just please, no email!
5 replies →
Are they actually VMs, or are they containers? Some kind of special container like gvisor? Firecracker microvms?
Hello, an exe.dev person here. They are VMs, on a crosvm-derived VMM. So I consider them "actually VMs", though we do not currently support custom kernels. You can do VM things in there, like create TUN devices, etc.
Not super important to me (and you state explicitly it may change) but your docs are a little out of date here, I think. crosvm versus Cloud Hypervisor / Kata Containers, is, I think, different?
1 reply →
Thanks. So KVM I assume. Congratulations on your launch. Any plans for public IPs?
1 reply →
I think I get more what they're going for now. A technical person can setup a server for themselves and setup services to work for multiple projects. But its complex to get everything right. Trying to reuse a server, setting up routing, domains, and so on can be tedious. I guess they abstract that problem. The wild card domains -> VM is a neat mapping. Then making it easy to use your resources and dispose of VMs.
I guess its an innovation at the resource management layer where you create / manage VMs. It's interesting they choose to give away individual plans. That's very generous. Though I'd feel bad using any of their resources.
Just setup an account and started a VM, but it's hanging when trying to access it while waiting on the public key response. Web based terminal not loading either. Guessing the site is getting the hug-of-death from HN users?
Took a bit, but now I'm in! So far, loving this service.
> What is exe.dev?
> exe.dev is a subscription service that gives you virtual machines, with persistent disks, quickly and without fuss. These machines are immediately accessible over HTTPS, with sensible and secure defaults. You can share your web server as easily as you can share a Google Doc. With built-in optional authentication, so you can focus on your thing.
> Your VMs share CPU/RAM. Create as many VMs as you like with the resources you have.
Source: https://exe.dev/docs/what-is-exe
In https://blog.exe.dev/meet-exe.dev
s/cloud computing should like/cloud computing should be like/
Might be a good place for yunohost/coolify style services, especially if you have multiple separate entities - though probably tricky to do inbound mail because of IP allocation?
i tried this and it's pretty cool, that being said for my use case of spinning up many agents working on my app I'd need a way to specify the docker images that get started with each new VM
i cannot find a way in the docs to start new VMs with a bootstrap script that starts a bunch of services for me and runs a specific docker image
my use-case is that I want a full developer environment for every branch of my project, so i can vibe code on many VMs at a time
EDIT: Just realised there's an image one can pass to the new command. Still it's not clear to me whether private images would be supported and what registry this is using:
exe.dev ▶ help new
Command: new
Create a new VM
Options: --command container command: auto, none, or a custom command --env environment variable in KEY=VALUE format (can be specified multiple times) --image container image --json output in JSON format --name VM name (auto-generated if not specified) --no-email do not send email notification --prompt initial prompt to send to Shelley after VM creation (requires exeuntu image)
[exe.dev cofounder here] Thanks for the feedback! We do not support private registries yet but it is very much on our mind, it is one of the first things business customers ask for so we know we have to build it.
We are also exploring alternatives for pre-configuring your VM. (Because we make lots of VMs and feel this too, so it is very much on our mind.) One is a sub-second VM "clone" feature, so you can configure a base VM to use as an image.
The clone idea sounds awesome! It’s kind of like what Devin does for setting up new machines for each task
I normally try to stick to serverless with SST for quick projects because I like that they scale to $0, but this is enticing. Shelley is a great feature and must have well-designed system prompts and tools for testing the website built-in. It just one-shotted a volunteer management app and with just one more click in the console I can expose it to the public.
Looks good!
Though not a fan of 100GB and egress charges. Is there a way to hardcap that?
I guess I could implement something VM side but that’s a bit convoluted
I'm trying to set it up but getting this error:
> ssh exe.dev
Please complete registration by running: ssh exe.dev Connection to exe.dev closed.
Anyone get a similar issue?
Seems it's overloaded now. I like the UX though. My usual question with any hosting is how do you avoid this being abused by hackers, scammers, etc.? Right now it's easy to just create any VMs for free based on a mail account, that seems ripe for exploitation (maybe it's down now cause someone's exploiting it?)
This is awesome. Would love to see a slimmer tier closer to a DO droplet or Hetzner instance that's ~$5-8 / month.
[exe.dev co-founder here] Thank you! Not to give too many secrets away, but my hope is to follow a business model I have been part of before, and make it as cheap as possible for individuals so they encourage their employers to buy it for work. So I would very much love to get cheaper.
The two constraints are that, one, when small underlying resources are expensive (we hope to fix that soon by not being small!), and two, we do not want to make the resource allocation so small that the VM feels unpleasant to use. So there is a floor on how small we make them.
That said, I very very much want to drop prices. We started with conservative numbers.
With Shelly (and assuming a decent number of tokens) $20 is very good I think. But not everyone wants an AI.
The description of authentication mechanism is confusing me. it’s over ssh, but how is this integrated?
> Private by default, share with discord-style links exe.dev takes care of TLS and auth for you. By default only you can reach your HTTP services, and you have easy mechanims to share them with friends and colleagues.
Is anyone with access to a link able to get in?
I also don't understand this: Everyone with the right domain can ssh-in the vm?
Edit: Answered below, thank you.
You ssh in with any key, and it asks you for an email to verify. You're then at a exe.dev console.
There are a couple different link patterns:
Thanks! love the idea, looking forward to playing with this. I understand now from comments that this was brought to this site sooner than intended, sorry if I asked in a rude way.
Nice one. Love the coding agent web ui. I used https://temp-mail.org as I didn't want to use a real email.
Enjoy my creation https://love-storm.exe.xyz:8001
Nobody can see this until you make the website public. (Test with a browser’s Incognito mode.)
Ah ok, and now it is died and not sure how to resurrect. But the prompt was "Poo emoji generator" so try that if you want to experience the fun.
I've tried this out and I could definitely see myself using it. Could use it as a form of build machine or even distribute some of my infra onto them maybe. I don't work with agents very much but still, this is neat and I hope it gets better!
Other than a quick boot, what separates this from going on a VPS provider and spinning up servers?
Simpler and easier seems to be the answer. How much does it cost to spread 8gbs RAM across some VMs? Most providers require additional of how many VMs over how many hours, what the specs kf each are specifically, etc. Then once you have it you're setting up an SSH key or shared password depending on use and they make the authentication simpler as well. Maybe wouldn't be great for a huge business but it's you just wanted the ability to play with an isolated server, it might be worth it.
If we're just throwing out ssh targets, there's also funky.nondeterministic.computer
Tried both librewolf and edge and couldn't create a new VM via browser. https://exe.dev/create-vm returns a 303 see other, but then no VM is displayed
I don't really see what's so different about this than any other dedicated server provider... I can sign up to any host right now and get an email with access to the server details... Like, what am I missing here?
As a test I used their Shelley coding agent to vibe-code a multiplayer Queen of spade game : https://extra-crimson.exe.xyz/
I build a website using this interesting product, for anyone who want to checkout what it could be built
https://road-kernel.exe.xyz/
also it's a bad ui meme
access denied.
same
1 reply →
Does anyone know e.g. a small systemd-nspawn oneliner to SSH in securely?
There's nothing dangerous about SSHing into an untrusted server unless you're using the same keys for everything.
Remote resources only get your public key. It’s meant to be shared! Hence the word “public.”
The threat is having a private key stolen, in which case, having multiple keys can mitigate the amount of damage a threat actor can do. However, to steal your private key would involve a successful attack against your client, not against any server you might have given the public key to.
2 replies →
Definitely going to give this a try. One thing I'm curious about--where are the servers? And if I want to choose hosting geographically close to me, how do I do that?
I'm not a fan of making ssh the primary access mechanism for a service. Just make a simple Web panel for managing VMs, and actually explain on the service on the Web page.
I find ssh faster and easier. Anyway it's a good differentiator, there are plenty of web panels already.
Quite cool!
I'd love an easy way to connect to and run an existing GitHub/GitLab repo in a VM and spin it up, and iterate on that and be able to open PRs etc from there.
Super cool. I can't justify investing time in it at the planned pricing but I'll keep an eye on it if they can hack together a more competitive VPS option.
Seems like a great tool but login not working for me, am I doing something wrong?
``` ssh exe.dev Please complete registration by running: ssh exe.dev Connection to exe.dev closed. ```
This is cool! Check out https://zo.computer – a similar concept, with an IDE-like web UI
This is awesome. I just maxxed out my tokens in Shelley, but was able to vibe code this Rails app that lets anyone register an aircraft and then fly it in a synchronized world interfaced through a Garmin G1000 knock off. Sign up (feel free to use a fake email address) and set up a flight now and let's see how many aircraft we can get going! If this is a cool idea let me know and I'll probably end up paying to continue developing this :)
https://exexe.exe.xyz/cockpit
Are there any fundamental differences between E2B and this?
Hello, exe.dev person here.
I have not used E2B (though I really like their web site), though it looks like there are quite a few differences. Our disks are persistent (without manual snapshotting), we have a TLS proxy by default with built-in auth and link sharing.
It also looks like they have many features we do not have (yet).
I believe the target use is also quite different. You can use exe.dev VMs for running your agent. But you can also use it for hosting your site. E.g. blog.exe.dev is an exe.dev VM.
Thanks for the response. In the "How exe works" page, it's mentioned that exe runs on bare metal with Kata containers, how is it different from firecracker? Were there any advantages?
1 reply →
I really like the experience, after being a stuck I just tried to ssh from my termux on phone and it really worked! Absolutely awesome
That's brilliant UX. I was vibe coding a webpage in minutes, and I could immediately check the results.
Is it possible to use a ChatGPT subscription with the bundled Codex CLI or do we have to use an API key?
> exe.dev is a subscription service that gives you virtual machines, with persistent disks
Thanks, I couldn't figure out what the hell was wrong. The front page is just... not helpful. Given the amount of pushbash how everyone feels about this, it should be removed from HN frontpage!
Thanks. I feel like I expect home pages to contain at least a modicum of information. And three seconds spent thinking about accessibility would have told them that light gray links on a white background are a terrible idea...
Apologies for the vagueness of the home page, we were not expecting to be here today. There is a little more info in our first blog post https://blog.exe.dev/meet-exe.dev and docs, but far needs to be written.
(We have also built some interesting tech behind this that we are excited to write up, I have a doc two pages long of blog posts we want to write.)
8 replies →
very cool idea and concept :)
some feedback:
No matter what i do, i can't ssh into VM that i created Local terminal; always timeout built in terminal; SSH handshake failed: ssh: handshake failed: EOF
shelley agent seems to be install, but it always shows isn't running.
Likewise. I think it might be experiencing a hug of death :)
Should I still be trying Sketch.dev, or is this just the better version of it?
[exe.dev co-founder here] This grew out of our work on sketch. We built a container-based system for it, and found ourselves saying "I wish we just had a computer." This is our answer to that.
If you are interested in our work and agents, I would suggest trying Shelley, the little agent we have in exe.dev. There has been some discussion about what to do with sketch on its discord channel, but we won't be putting energy into it going forward.
(A blog post with far more details is in the works.)
I just tried this, genuinely groundbreaking! So quick to spin a VM and get going
Hmm, looking through how-exedev-works, it seems like what you call VM is more like a container, i.e. it doesn't run its own kernel?
Sort of a container which "feels like" a VM? Reminds me of Virtuozzo / OpenVZ VM approach which was popular ~20 years ago when RAM was expensive...
Looks like it's AWS backed judging by IPs. Or at least the proxy part
just to be clear, this is total resources for all the vm right ?
like you give 2 cpu. 8gb memory for 20vms. Which I believe you wont be able to use 20 of them at the same time if they share 2 cpu only
Why do you think that? the VMs are more like containers so yeah you can run 20 at once but they will all share 2 cpu
very cool, my only reason for not using it is latency. recommendation: look up user's ip and geo location, spin up VM in a datacenter with lowest latency.
So it's...cloud servers? What am I missing here?
Looks like a trap at first. Who succesfully connecter ?
I'm confused, what is this? Cloud Vagrant ?
here's the issue
1. the home page should have a link to all docs
2. about page docs link should be a link to all docs, not a link to itself
Is there a reason for the lack of IPv6 support?
[exe.dev co-founder here] It is planned! The reason we have not got to it yet is it needs to be very different than IPv4 support. We have spent a lot of time on machinery to allow `ssh yourmachine.exe.xyz` work without having to allocate you an IPv4 address. The mechanisms for IPv6 can and should be different, but they will also interact with how assigning public static IPv4 addresses will work in the future.
We do not want to end up in the state AWS is in, where any production work requires navigating the differences between how AWS manage v4 and v6. And that means rolling out v6 is going to be a lot of work for us. It will get done.
I added a public tracking bug here: https://github.com/boldsoftware/exe.dev/issues/16
I like it. Great cli design. its so cool!
I guess I'm the only one that appreciates the extremely minimal site design. Main page was interesting, clicked about, understood the idea, clicked login, enjoyed having no password, added a passkey, spun-up a server.
Did have an issue with auto-generated server name being taken (and similar names being taken). So there could be even less friction on that aspect. But I like the idea of not talking/listing features or showing diagrams, just give me access.
I mean I do need to know pricing, usage limits, uptime etc. But just let me easily find that after giving access.
It's a VM hosting service folks.
Who puts pricing under docs/ ?
Oh, we're doing Fly again? Cool! I don't mean that sarcastically -- making it dead simple to get a VM at a domain or IP in a few seconds is good and useful. We should keep trying this idea, because every time it gets easier.
On a side note, a lot of people in this thread are doing a sort of "I don't get it, your website sucks" but it's like, come on dude! Just read the site! It takes less time to read the pricing, docs, and FAQ than it does to post about how you don't get it.
Err it doesn’t work on mobile
[exe.dev co-founder] Hi! There is a mobile site. It is not super visible right now but you can use it to create VMs (and even build something on them with our agent if you like). If you ran into a particular bug I would love to get it in the issue tracker so we can fix it.
ssh exe.dev gives me login required. What am I doing wrong?
See also, for comparison: https://www.val.town/
Val.town seems to be serverless, where as this is explicitly a server. One is really a subset of the other though, so I suppose if you're deploying ts functions to a service/server, and your execution costs match up with the tiers here, exe.dev could be cheaper.
really cool stuff!
"VM creation is temporarily unavailable. Our apologies!"
talk about a shitty website
Awesome project which I first thought might have something to do with microsft .exe format but not that big of a deal and I find this project really cool and I had thought about similar project like these so kudos that you built something like this!
I mean it and I wish the best of luck for the project
That being said, I tried to look at it for asap golang project deployments and I am the creator of https://spocklet-pomodo.hf.space/ a single main.go + single dep multiplayer pomodoro (please note that it was one shotted out of curiosity and also frustration as https://cuckoo.team would sometimes glitch for me)
That being said, I face the issue where I can't have a go.mod or run go mod tidy because I face this error
exedev@crimson-cobra:~$ go mod tidy go: finding module for package github.com/gorilla/websocket go: pomodo imports
github.com/gorilla/websocket: module github.com/gorilla/websocket: Get "https://proxy.golang.org/github.com/gorilla/websocket/@v/lis...": dial tcp: lookup proxy.golang.org on 1.1.1.1:53: read udp 10.42.0.45:33739->1.1.1.1:53: i/o timeout
Hope that the project fixes this and wishing best of luck to the project. I am a little busy right now with studies but your idea truly inspired me and perhaps I want to create a similar thing or collaborate on it with you too so I will join discord hopefully sooner than later.
I am looking further into it and seeing if I can fix that error as I would love to host some exe.dev's services and wishing the best of luck for the project and hope that it becomes sustainable enough.
Out of curiosity, if I may ask, what is the tech stack behind this which generates the vm's. Is it libvirt or firecracker perhaps?
For my own use cases, I recently rediscovered incus and even ran it on cachyos on my desktop to try it out and there were some hiccups partially because I was running it on non standard debian/ubuntu but I am overall very pleasant with incus but still, I am interested in what tech stack you used so please discuss!!
Also what cloud provider are you using. Pro tip but if you are looking for something cheap, either go with ovh or upcloud.
I really really love hetzner a lot too. (Hey hetzner_OL if you are reading this, love hetzner, have a nice day and hope your christmas was good:)
But still hetzner is a little admittedly more strict than ovh but maybe hetzner can respond to it as I know that their policy can ban accounts if someone abuses and considering that you provide compute (to even free) chances of abuse can rise but overall hetzner's the cheapest so I hope hetzner team might make an special exception/response to your post/my comment.
I am imagining a github private action which ssh's into this and then updates and runs a simple shell script which can be a reinstall state every time someone updates something in git to get git-ops style workflow. If someone implements it for exe.dev, just credit me :) (if you so wish) ` An amazing product overall. 7/10 due to that one hiccup which saddened me a bit (but which I have faith can be fixed) but its a 9-10/10 potential and that means a lot and a 7/10 at launch is pretty good
Please just tell me every decision/question I had in depth since I love details about projects like these ^^
Another minor suggestion I can have is having asciinema gif too to showcase what it does for some people. To me I only understood to run the command ssh exe.dev which then helped me learn but the only way I understood what exe.dev does beforehand was reading the comments on HN
An asciinema can go a long way in this journey, perhaps, let me know your thoughts.
And have a nice day! One thing I am wondering tho is if you are gonna open source the project, one project which feels similar to your project which is open source is this https://github.com/ekzhang/ssh-hypervisor that runs on top of firecracker
Hi there u/Imustaskforhelp - Thanks for the holiday greetings! I hope you also had a good Christmas. I am not a part of the abuse team here at Hetzner, and unfortunately therefore cannot make a decision either way. I suggest that you write directly to our support team/abuse team and describe your intended use case in as much detail as possible. They may have some follow-up questions for you and will be able to give you a clear yes/no answer. --Katie
[exe.dev co-founder here] As of the past few minutes, some of our VMs are having intermittent network access issues. Working on it now.
UPDATE: this is fixed now.
Some actual details here:
https://exe.dev/docs/how-exedev-works
https://exe.dev/docs/pricing
Thanks! We've added those links to the top text above.
this post is downvoted, but these links are the meat everyone is complaining about missing
Please don't comment about downvotes. This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html.
If the downvotes were inappropriate, other users will usually correct them. In this case the comment ended up being heavily upvoted.
Unfortunately, complaints like the one you added don't get garbage-collected when that happens, so they linger on, adding noise to the thread.
[dead]
[dead]
Also curious about Shelley, their LLM agent. Turns out it makes requests to a proxy for https://fireworks.ai APIs via http://169.254.169.254/gateway/llm, such as:
And, perhaps of more interest, actual conversations which start with the system prompt:
Truncated as it's huge, but here's a copy of the request data: https://victory-george.exe.xyz. Interesting to see the range of tools offered by the agent.
Turns out the request is coming from localhost because it's being forwarded over SSH. Their HTTP proxy causes a new SSH connection to be made to the VM:
Which then requests a local TCP connection, in this case to port 8000:
This is in contrast to a normal SSH shell session:
Also there's a funny little Easter egg within the SSH connection to exe.dev, if you look closely. I don't want to spoil it for anyone, but it was nice to see.
[dead]
[flagged]
"Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something."
https://news.ycombinator.com/newsguidelines.html
Gen z often says 'I need a sudo access'.
Is that the OpenBSD logo they're using?!
No, it's a reference to the OpenSSH one.
$20 a mo seems overpriced.
This seems to be a honeypot for associating your SSH public key with other identifying details.
It is a paid service, delivering a valuable developer tool, and which indeed uses ssh keys for authentication.
So, exactly what you said, but for the benefit of the user, and for the profit of the company, by offering an excellent product.
(I am a happy customer of their previous product, Sketch.dev.)
Hardly, you can use .ssh/config to configure an SSH key just for this service.
This costs twice as much as something like Hetzner for the same resources. What’s the benefit?