This is really cool to see, but also somewhat depressing because it reminds me that I spent about 500 hours of my free time building the same thing, and even had it deployed at codetrain.io for a while, but then lost interest and now my code's wasting away in a private bitbucket repo.
Before I shut mine down it could run 13 or so different languages, spin up collaborative REPLs for Node.js/Python/Ruby, and organize snippets into tutorials/lessions, etc. It was awesome, but now sits in my side project graveyard. It's a shame really.
This is very cool. I'd really love to see a "how it works" blog post, particularly for the runnable snippets, and what your approach to protecting it from abuse and hacking is.
Great, would be nice to have and updated clang (seems to be using 3.5.1) and python3 (using 3.4.3). Generally its nice to point out the version of the compiler it's using somewhere as a note.
This. Awesome service, but pleasefortheloveofgod don't let people run arbitrary code inside Docker, unless you don't mind them getting out into the parent OS and messing around. You want VMs for that. (Yeah, that's much more resource intensive. Safely running arbitrary code is hard.)
This looks like a very interesting project, but I think choices made for data storage (PostgreSQL + CouchDB) is quite odd.
To me the obvious choice for this would be to use a DVCS repo for each "glot", and create files inside it, just like Gist does. I personally would prefer this be mercurial repos' but I'd probably just make it support git too.
I'd probably also use libvirt rather than Docker specifically, to allow for more flexible setups.
FYI - This is the work of one guy only not multiple, just thought i mention it as people refer to the dev in plural.
And my guess as to different parts of the application has been developed in different languages and to the use of two db's are for educational purposes.
There are a lot more problems than you think with letting users have arbitrary code execution. And no, Docker is not an acceptable security solution for this, since it's most certainly possible to break out of containers. Even if you're using a dedicated VM, this is not a good idea. And from a brief look at glot-code-runner, it doesn't seem like there's even that much built in to protect against various forms of use.
A more sane design would be to use something like emscripten to enable all these different languages to run in the browser.
"Docker is not an acceptable security solution for this, since it's most certainly possible to break out of containers."
Could you point to some resources that show that it is possible to break out of Docker containers? I understand that there have been bugs in the past that have caused this (using that to conclude that glot.io shouldn't use Docker is a bit like saying OpenSSL is now useless because of heartbleed) but it seems unlikely that breaking out of containers is possible due to the way Docker is designed.
Most of the vulnerabilities you mention are actually kernel vulnerabilities. While they affect Docker, they more accurately affect everything that uses "Linux containers". Although, Docker did have a bad history of security bugs with symlinks.
But given the fact that Linux doesn't have real containers, I feel very conflicted about opening that up to the internet.
We built something like this for our our data science platform (https://civisanalytics.com/products/end-to-end-data-science/), but the containers run on a group of workers that are isolated in one VPC per customer. And even that is for enterprise customers where you have some layer of accountability - I can't imagine opening it up to the wild internet.
Thank you for this! Going to share it with the rest of my team right now. I always need a tool like this and had been using http://codepad.org/ until now. This interface is much slicker.
This is excellent! Reminds me of a tool I wrote a few years back that only supported 4 languages that we used at my past company. Great to see this open sourced!
nice, you can even require other files in JS - although it would be nice to be able to customize the file names - but still very useful for the kind of thing I would normally use a gist for.
Edit: I do wish it had a more recent version of node though (currently v0.12.7)
> Ace is used as the code editor. Make sure to check out the leftmost and rightmost tabs, where you can select language version, set a custom run command and change the editor keybindings.
Yes. Usually when I build an application I'd use a single database. While I don't think in the end it would matter for PostgreSQL or CouchDB, two databases is a bit much. Just curious as why they use two databases that can accomplish the same task (from what I can tell from my limited digging into the project).
People not using a relational DB drives me nuts when it clearly is the right tool for the job. Possibly that is his issue. Something that is a perfect match for a relational DB and instead use a "NON-SQL" DB for a project.
Doesn't look like it. The containers don't have network access, either so putting something like `npm install left-pad && node main.js` as the run command won't work.
I wrote up the Perl 6 entry. It's relatively trivial to add languages to the project you just need to have a link to a docker registry with the version of R you want. The rest is basically just bits of boiler plate in the other repositories for the project.
Before I shut mine down it could run 13 or so different languages, spin up collaborative REPLs for Node.js/Python/Ruby, and organize snippets into tutorials/lessions, etc. It was awesome, but now sits in my side project graveyard. It's a shame really.
Glad to see glot.io getting more attention.