
Show HN: Dply – Free temporary Linux servers - OwainX
https://dply.co
======
OwainX
This is a project I've been working on for a while. Dply allows you to quickly
create a temporary cloud server (1CPU/512MB RAM/20GB SSD) for free. You can
have one free server running at any time. Log in with your Github account and
it will allow you to create your server using your Github ssh-key. Servers are
free for 2 hours and expire after that time (unless you choose to add more
time via credit card or bitcoin). It's a quick and easy way to demo some code
on a live server or just play around with a few popular Linux distros.

We also provide the ability to create a button for your project allowing you
to let people create a server with your service/project running on it for free
to try it out. Create a yaml or bash user-data script and others can launch
servers with it.

For the last 11 years on and off I've run a small Linux distribution. I work
for a well known cloud host by day but in talking with users learned that it's
a hassle sometimes to create an account, billing profile and all that when you
just need to quickly test or share something so I built this in my free time.

Do you expect to make money on this?

Honestly, no idea. I have a decent credit grant that will cover free 2 hour
servers for a while so it was worth trying out.

How do I log into my server?

All servers are created with ssh-key authentication only. You are provided the
option to select from the ssh keys on your Github account when you create a
server. Your key will be applied to the "root" account.

I am happy to answer any questions about dply.co and would love any feedback.

~~~
netrap
The server name field might be better suited to be a white box like the rest
of the options after you click New Server. Nice idea. Might want to have some
kind of vetting of accounts if it gets bigger.

~~~
robotresearcher
Strongly agree. I missed the server name field and got an error about the
syntax for server names instead of 'you didn't enter a server name' error.
Field should be visually similar to the other fields.

~~~
lemiffe
Same here

------
emilburzo
Very nice project, a lot of times I wished there was something to start a
server for a quick ssh/ping/traceroute/debug from outside my network.

Well done!

A few security aspects that I've noticed so far:

\- calling the action(s) with an id that doesn't exist will show a pretty
useful stacktrace, it should probably be disabled for production

\- calling the action(s) with ids close to my server, I can do things to other
people's servers (presumably, I didn't confirm the action for any of those,
but I can at a minimum see what others have named their servers)

Not trying to be abusive, I just want to make sure we find the security bugs
before the bad guys do, because I really like what you've built here.

~~~
OwainX
Thanks. We also received a ticket about these issues and have deployed fixes.
You discover all kinds of things when you go from 15 users to 700 in a matter
of an hour or two :)

------
andrewthetechie
I work with OwainX and he is having some issues with his HN account right now
(he's blocked from commenting?).

He wants to make sure that everyone knows he's heard your suggestions and
comments and is working on them.

An Expire Now option for free servers should be coming later today!

------
fenollp
CircleCI gives you 30 minutes of playtime on a 32 cores, 60GB RAM VM. All you
have to do is log in with GitHub, start a build of any of your public repo &
click "Rebuild with SSH".

(No affiliations, I just find this mind blowing)

~~~
tedmiston
Great tidbit. Perhaps it's just not well known.

Edit: Multiple machines if your build is in parallel. Nice.

> Parallelism and SSH Builds

> If your build has parallel steps, we launch more than one VM to perform
> them. Thus, you’ll see more than one ‘Enable SSH’ and ‘Wait for SSH’ section
> in the build output.

[1]: [https://circleci.com/docs/ssh-build/#parallelism-and-ssh-
bui...](https://circleci.com/docs/ssh-build/#parallelism-and-ssh-builds)

------
darkstar999
It could use a 'destroy' button (on the page where it shows "add time",
"reboot", "rebuild"). This could save you some money.

~~~
andrewthetechie
I work with OwainX and he is having some issues with his HN account right now.
He wanted to make sure that you know he heard your comment and an Expire Now
option is coming for servers on the free plan later today!

------
jcrawfordor
I've seen a number of services just like this that come and go because of the
persistent abuse problems this kind of thing attracts. Perhaps using github
for authentication will help but I'm skeptical of how far it will get you. Do
you have any other novel strategies to reduce the abuse problem?

~~~
jpalomaki
What kind of abuse has caused problems for the other services?

~~~
jcrawfordor
A very obvious case would be people sending email - spammers are always
hunting to find ways to get their traffic out from IPs without reputation
problems. They'll send email from this service and then the services IP
addresses will become blacklisted - or more likely the underlying service
provider will kick them out to protect their IP space.

That's just the most trivial issue, though, and can be part way resolved by
host blocking outbound in 25. You'll also get botnet C&C, hosting of illegal
content, use to mask scanning traffic, etc. All of these are sometimes
operated by people who do not have a problem with ephemeral services and will
happily automate creating new accounts and setting up new "temporary" servers.
Using github for authentication will partially help as github no doubt has
mechanisms in place to limit automatic account creation, but I'd only trust
that so far.

~~~
onetwotree
Looks like they already do that according to the FAQ.

------
martin-adams
Sounds pretty cool. I was confused where to get the pricing with the text
"Keep it longer for as little as $2 via Credit Card or Bitcoin". I had to go
to the FAQ to know how much time $2 gave me.

This is definitely for work you could live without, i.e. don't use it for
production services. The automatically deleted approach as the first message
does lower the trust of stuff not disappearing under your feet.

I think the homepage could do with explaining who it's intended for.

~~~
mSparks
I actually think its a great model.

easy to deploy, easy to clean up afterwards. exactly how "Cloud" should be.

------
Filligree
Would it be possible to add NixOS as an option?

I'd find that very useful for demonstrating it to people, which... okay, might
not be why you're running this. Nowadays I'm handing out shell accounts to my
own server, which is mostly fine, but misses out on some of the functionality.

~~~
OwainX
Dply is built on the DigitalOcean cloud which doesn't allow custom OSes so we
are somewhat limited in that regard. As others have written scripts to convert
a DigitalOcean droplet to Arch and Alpine we are experimenting with making
those options available. It appears this exists:
[https://github.com/jeaye/nixos-in-place](https://github.com/jeaye/nixos-in-
place) which might make NixOS possible as well. We will be carefully reviewing
these options as just because there is a hacky way to convert a droplet on DO
doesn't mean it'll result in something suitable for re-use or work as expected
with cloud-init and ssh key insertion on Dply.

------
AndrewVos
I kept on getting the "Server name must be etc.". Took me a while to realise
that there's a server name field at the top of the page. Maybe make it look
like the other fields?

~~~
JorgeGT
I also fell for this. The input field should probably be made more obvious
(lighter background) because at first it looks like a cosmetic spacing rule.

~~~
oneeyedpigeon
It's sort-of using material design, but in this context the text field should
probably have a 'placeholder' to make it clearer.

------
Ivoah
Is it possible to destroy a server before it's time is up? What if I made a
server, but now want to try out a different one without waiting 2 hours.

~~~
nixgeek
I think DigitalOcean probably bills Dply for one hour minimum so if you could
immediately destroy and recreate then you'd quickly add up to a lot more OpEx.

~~~
OwainX
DigitalOcean does it's billing based on a per-minute basis based on their
hourly rates. We have already implemented a feature in our backend code to
allow users to "expire" free servers and are working on adding that to the
dashboard UI and this option should be available this weekend.

~~~
nixgeek
That's not what their website claims.

 _How am I billed?_

Each Droplet is billed per hour up to its monthly cap.

 _Do I have to pay the cost of the server every time I create a new one?_

No—you only need to pay for 1 hour of usage. For example, spinning up a new
512MB server just to test something for a couple of minutes will only cost you
$0.0074

[https://www.digitalocean.com/pricing/#business](https://www.digitalocean.com/pricing/#business)

------
staticelf
Cool idea and service, however, I would think this is going to be used a lot
for abuse and since you are targeting people who only need a server for a very
short span of time I doubt many will continue and actually paying for the
service.

But I hope you will succeed because there will probably come a time when I
need something like this.

------
Procrastes
First impressions:

* I love this idea. This is basically what I use Digital Ocean for, and this reduces the steps.

* I would like to see bitbucket sign-in and keys support.

* I missed the server name field on my first pass. My eyes were drawn to the drop-downs. So when I hit the submit I got an error and, even then, it took me a moment to see where the servername should go.

* I probably wouldn't have noticed the "create a button" if I hadn't read about it here.

* I agree with others that a "destroy" option would be nice.

* The button is cool.

This whole approach makes me want to start embedding cloud-init scripts in all
my repositories. But then I loose using cloud-init for pulling down my
personal dotfiles and preferred packages. I'll have to think about how to
solve that.

Great idea! I hope this takes off.

~~~
OwainX
Thanks. A lot of this feedback I've been hearing from others today. We'll be
updating the serer name field to stand out visually better and doing updates
to the home page and informational pages to both highlight the button
capability and better present details like pricing. An "expire now" option for
servers on the free plan will be in place this weekend which will allow you to
delete a free server before it expires.

------
PetahNZ
Ever wanted to find out what happens when you rm -rf / \--no-preserve-root

Well now you can find out.

~~~
welly
brb, off to rm -rf / \--no-preserve-root.

Edit.

ls -al / ls: command not found

etc.

~~~
ben0x539
That's what echo * is for!

------
accnt
First, on the FAQ's section "How do I connect to the ssh service on my
server?" is a typo: > An ssh-key is required to connnect to your server.

Second, any plan other login/signup methods?

Cool idea, I'll play with it.

~~~
OwainX
No plans for different login methods anytime soon. The Github integration also
handles the ssh key management so we don't have to store anyone's keys in our
database or worry about updates on their key in Github not being immediately
reflected. We'll get that typo fixed :)

------
antouank
Great. Free VPN on demand :)

~~~
therockspush
Exactly what I did. Good practice for getting a server setup quickly.
[https://medium.com/@therockspush/setting-up-a-free-cloud-
bas...](https://medium.com/@therockspush/setting-up-a-free-cloud-based-
vpn-d2f35f893515#.yk3onrgys)

~~~
antouank
It can be more automated. Here's what I do.

[https://gist.github.com/AntouanK/190a8e255f0d370ec875f80eaa3...](https://gist.github.com/AntouanK/190a8e255f0d370ec875f80eaa3fc9f4)

Lines 1-9 can be the cloud-init you pass to the server. Lines 12-15, run them
one by one. Done.

------
kordless
I did something very similar a few years ago with
[http://stackmonkey.com](http://stackmonkey.com). Note the site's cert is
currently invalid and there are no pool controllers running, so you can't
start a server until someone starts a pool controller. The idea was to tie
starts of instances to something decentralized (Bitcoin) and then securely
fetch the configuration data from somewhere you control. Thinking IPFS for
that in the next iteration.

------
achr2
The pricing seems very fair, you should make it more prevalent.

~~~
OwainX
For the initial release we focused on extreme simplicity in our design. It's
easier to add things than remove them. We'll be making updates to the homepage
and informational pages in the coming weeks to make information more prevalent
and respond to feedback and suggestions like this one.

------
p4bl0
If like me you are wondering about the prices, I finally found the FAQ (link
in small font at the bottom of the page) and there is the relevant
information:

    
    
        2 Days: $2
        1 Week: $3
        1 Month: $10
        6 Months: $50
    

So, if you need a long term server (which is not what this service is intended
for) it's a lot more expensive than other cheap VPSs (it's easy to find OpenVZ
VPSs for as little as $15/yr).

~~~
http-teapot
The price reinforces the idea of free temporary Linux servers with short TTL.
I think it's smart and the price point could possibly make up for the money
lost providing a free service. I am curious as to how it'll turn out
financially.

~~~
OwainX
That's the real test here. A 2 hour instance is dirt cheap and each paid
server covers the cost of at least 100 free ones but until the data starts
rolling in we don't know what the base conversion rate will be and whether
this can be self-sustaining in the long run.

------
kingosticks
Is the paid version supposed to work yet? I just tried to create a 2 day
instance and clicking the "pay with card" button doesn't do anything.

On a related note, does anyone know a good way to pay USD for things like this
with a foreign (e.g. UK) bank account. If I use my UK VISA I get stung by my
bank's criminal conversion change/rate. This is rarely something I need to do
but it has arisen a few times now.

~~~
lexalizer
There are a number of UK credit cards offering 0 fee payments overseas(Aqua,
Post Office, I think AMEX). There is also a credit card from Halifax offering
a good deal on withdrawals, but apparently, it's hard to get. In addition to
that, there are a number of companies offering prepaid cards such as Revolut
and another one which I can't remember now.

~~~
kingosticks
I've not heard of Revolut so I'll look into them, thanks.

I had a look at Monzo before but there was (and still is) a huge waiting list.

------
djent
Great service! I needed a free host to demo a class project. Works great, but
the user script didn't setup right... maybe I just didn't know how to use it
but I tried to follow your example. Would be great to be able to test that
before running up a server.

Edit: [http://198.199.73.132:8080](http://198.199.73.132:8080) if you want to
check it out in the next hour and a half

------
paradite
I am not sure what's the use case for this.

For deployment of small web apps, you have heroku, GAE and now, all of which
offer "permanent" hosting.

~~~
jimmytee
It seems to be great to host Demos for open source projects on there!

------
kaizoku111
For those who want Arch Linux, you can just run this script:
[https://github.com/gh2o/digitalocean-debian-to-
arch](https://github.com/gh2o/digitalocean-debian-to-arch)

------
hellofunk
This comes at a time when, as a Linux newbie, I am curious about exploring the
range of various Linux distros and GUIs out there. Would this be a nice tool
to see the differences in the windowing interface of various Linux distros and
learning more about navigating Linux through X windows, KDE, Gnome, etc, vs
just using a command line?

~~~
Shengbo
These are servers, so you most likely won't get a GUI.

~~~
SOLAR_FIELDS
Could definitely set up some script that goes and sets up a gui from a package
repository - but the other comment is right, virtualbox is way better for this
kind of thing.

------
tluyben2
Ah! Brilliant, I was looking for this recently but could not find a reason why
someone would make this though. Thanks!

------
robputt796
Really wanted to give this a go but unfortunately when I try and create a
server it doesn't do anything, just refreshes to the main dashboard. No error
or any other detail is shown. But overall nice idea, would probably use it to
provide demos of a script / project for a fixed 2 hour window.

~~~
robputt796
ok, seems to be fixed now... it's simple, and effective.

------
kentwistle
I selected the wrong SSH key to add to my server and now have to wait 2 hours
to rectify my mistake.

Cool service though!

------
ovao
Nice service! I could see this being really useful for web scraping or for
offloading compilation. (Or any relatively short computation, really.)

I caught a bit of an awkward sentence on the FAQ though: "Unless specifically
specified otherwise.."

Just "specified" will do :)

~~~
vidyesh
Wouldn't web scraping be considered abusive usage as it is frowned upon by
most websites?

~~~
ovibos
IMO scraping is only abusive if the site explicitly asks to not be scraped
(via the site's robots.txt)

------
gravypod
> Your new server's first two hours are FREE. Keep it longer for as little as
> $2 via Credit Card or Bitcoin. Your server is deleted automatically when its
> time runs out, never incur unexpected bills.

How much longer? This can't be $1/HR

~~~
pkd
2 Days: $2 1 Week: $3 1 Month: $10 6 Months: $50

From [https://dply.co/help/faq](https://dply.co/help/faq)

------
wheelerwj
You should disable bitcoin somehow, or this will end very, very badly for you.

~~~
OwainX
Part of the goal in the beta is to improve the abuse processes and profiling
abusive users based on the small amount of data we collect (Github account/ssh
keys) with the goal of creating a process that lets us effectively block
abusive users without creating higher barriers for others to get started.
We'll be tweaking things as we go and whether to keep the Bitcoin option will
depend on what the measurable effect of it turns out to be.

In the future if abuse becomes a problem we may consider things like requiring
a certain amount of history in the Github account.

~~~
wheelerwj
If that's the angle you are going to take, you should send me a message, will
at the company I work for, bitaccess.co

We have a lot of experience mitigating fraud and identifying fraudulent
accounts. Might be able to give you a few pointers and save you some time.

------
znpy
If you need temporary linux servers, check out linuxacademy.com.

I have a paid account and besides accessing the content, i can spin up to six
virtual machine to test stuff, at no extra cost besides the montly fee.

------
creullin
Pretty cool! Spun up a new server in like 30 seconds. I can see this being
helpful for small POC's and the like.

I'd say a good next step would be to add some more user-data example scripts
for common setups.

Awesome job!

~~~
OwainX
We may create a community repository of user-data scripts allowing you to
check a "Share this with the community" option on the Dply button creation
page. For now, DigitalOcean has a nice Github repository of user-data scripts
you can use:
[https://github.com/digitalocean/do_user_scripts/](https://github.com/digitalocean/do_user_scripts/)

------
d--b
Aren't you guys worried that this is going to be used for hacking?

~~~
OwainX
Of course we are. The two things this MVP/Beta is testing are:

1.) Our backend abuse procedures and methods for profiling abusive users to
keep them from coming back.

2.) Whether enough people will choose to keep a server by adding more time to
pay for the free ones. Each paid server covers the cost of over 100 free 2
hour servers.

We will continue to adjust things based on what we learn and in the future we
may add things like a requirement of a certain level of activity and history
on Github. Combined with being able to profile abusers this would create a
high barrier to entry for anyone wanting to abuse the service without adding a
big barrier for legitimate users.

------
nik736
I am not really sure how this works exactly but since they are receiving my
email and ssh keys from GitHub, can't they simply use it for malicious
purpose?

~~~
transitorykris
They have access to the public key, not the private key. If you're
sufficiently paranoid you could imagine someone acquiring gtihub.com and
waiting for `git origin add` typos (let's hope you're also paranoid enough to
not ignore new/unknown server keys being added to your known_hosts file).

~~~
vuanotine
[https://github.com/transitorykris.keys](https://github.com/transitorykris.keys)

------
djhworld
I'm wondering what the digital ocean terms and conditions are around this,
Dply looks like it is subcontracting their infrastructure, is that allowed?

~~~
OwainX
DO absolutely allows (and encourages) resellers and SaaS platforms on their
service. My day job is with DO and Dply was built as a side project to meet
some needs I have heard from developers, students, and open source projects.

Dply operates with DO's blessing but is otherwise unrelated in any official
sense. We launched under a credit like those offered in the Hatch program for
startups:
[https://www.digitalocean.com/hatch/](https://www.digitalocean.com/hatch/)

------
petters
Just tried this and I really like it. I hope this is here to stay. The Dply
button could be huge!

------
hoschicz
Have you evaluated using containers for this type of workloads? You could save
a fuckton of money this way.

~~~
OwainX
Containers and container services are great but sometimes you need a full
server and doing a PaaS with containers has it's own challenges to ensure
isolation, have network setup work easily and other factors. I use containers
for some of my own stuff but other things are just better with a full VM.

------
VertexRed
The biggest issue that I can see with this is abuse.

Do you have a way of preventing email spam and outgoing DoS attacks?

~~~
OwainX
SMTP ports are blocked and we recommend using a transactional mail service if
your server needs to send mail.

We're implementing a number of things to profile abusers and prevent abuse on
the platform and will be strictly enforcing policies against abuse. The lack
of an API and prohibition on automating the creation of servers combined with
required Github profile for ssh keys help to make the service unattractive for
most abuse cases. Our goal is to use these methods to prevent abuse while
keeping a very low barrier to entry for legitimate users.

------
libeclipse
Doesn't work for me. I seem to be getting a 403 forbidden code when I
authorise it.

~~~
OwainX
This is the only report of this that we've seen and checking our web server we
weren't able to find any 403's being returned today. If you see this again,
please open a ticket by clicking the question mark in the corner of any page
so we can investigate.

------
wyldfire
This is a really neat service. Thanks, I probably will get some leverage out
of this.

------
echeese
Is this from Diply? It uses the same logo font and everything.

~~~
tobltobs
That is the Pattaya font on Dply, which itself is a version of Lobster, which
was/is a very popular font for Logos and websites. You will be very busy if
you accuse every project which uses Lobster to be a ripoff of Diply. What do
you mean with "everything"? The use of the color blue?

~~~
Exuma
How do you not see the similarity between "Diply" and "dply" that uses the
identical font and a similar color...

~~~
tyingq
It honestly seems like a coincidence to me. Using a popular font (Lobster) for
your logo means your logo will look like other people's logos.

As for "similar color", the dply logo appears to be black. There is some blue
(not the same blue) on the page, I guess?

~~~
Exuma
Diply's brand color is blue: [http://diply.com/](http://diply.com/)

~~~
tyingq
Right, and dply's is black. So, I'm curious why "blue" is being mentioned at
all. Because dply has some blue (not the same blue) on the page?

~~~
Exuma
[https://dply.co/how](https://dply.co/how)

Every link on the page is blue, as well as hovering (which is why I said their
'brand' color not their logo color)

~~~
tyingq
Right. But not the same blue.

[http://i.imgur.com/Pnu6uU3.png](http://i.imgur.com/Pnu6uU3.png)

So, two websites, using the same font for their logo, and both using some
shade of blue somewhere on the page?

------
homerguy69
Is there no way to manually delete an instance?

~~~
OwainX
There will be soon. We've already implemented an "expire now" function in the
backend for servers on the free plan and are working on adding it to the UI.
We're hopeful that this feature will be available this weekend.

------
maerF0x0
if i can pay with bitcoin, whats to stop me from doing bad things with these
servers?

~~~
OwainX
Without going into too much detail we keep track of users, profiling things
like ssh keys and github accounts, IP addresses and activity in order to make
sure that abusers, once identified cannot come back. All payments are non-
refundable (though if we break something we'll credit the time back in almost
all cases) so if you pay with bitcoin and abuse the service you'd be out the
money with no server left to show for it. The ephemeral nature of Dply servers
means that verified cases of abuse will usually result in server deletion and
account locking.

If even with the processes we have in place, abuse becomes an issue we could
require that the Github account used has a certain amount of history and
activity (doing more to profile the user that way). All these things combined
with no API and automation of creation being disallowed makes for a low ROI on
an abuser's time compared to other services already available.

------
traviswingo
Well done!

~~~
OwainX
Thanks!

------
throwaway123dse
Do you support freeBSD?

~~~
OwainX
We'll be enabling FreeBSD soon

~~~
_paulc
Was just about to ask for this - thanks for supporting. Very cool service btw.

------
debt
this is awesome! great work.

------
emcrazyone
"Dply blocks common SMTP ports by default in order to prevent abuse of the
platform and be able to provide servers for free."

Why do this over simpler bandwidth throttling say after a certain threshold
has been met?

~~~
giosch
Because no spam is better than a low volume of spam

~~~
OwainX
Absolutely. Keeping costs low is key to having this model work. Each paid
server can cover the costs of a lot of free ones but abuse policy enforcement
takes people and that's much more expensive. There are quite a few
transactional mail providers who offer APIs that can be used for most purposes
where mail sending is needed.

