
RunJS - tnorthcutt
https://projects.lukehaas.me/runjs
======
fiberoptick
The third demo screenshot [1], which contains a toy implementation of AES in
CBC mode, is a great example of why cryptography is hard to get right.
Implementation is best left to cryptographers.

AES-CBC requires a random IV to be used as a nonce on a per-message basis,
otherwise the entire scheme breaks. The toy example given on this website uses
the deprecated Node.js createCipher [2] API which does not take such an IV. In
fact, the docs and runtime even warn that using CBC mode with the createCipher
API is dangerous!

As the code is currently written, an attacker observing multiple encrypted
messages under the same key could probably decrypt all messages!

[1]
[https://projects.lukehaas.me/runjs/images/runjs3.png](https://projects.lukehaas.me/runjs/images/runjs3.png)

[2]
[https://nodejs.org/api/crypto.html#crypto_crypto_createciphe...](https://nodejs.org/api/crypto.html#crypto_crypto_createcipher_algorithm_password_options)

~~~
rubyn00bie
I totally understand why you're saying what you are, you want folks to be
safe... but I think this approach from cyptographers hurts the rest of us, in
that most of us will at some point say, as a result of comments like this,
"I'm not a cryptographer, I cannot do this correctly... so fuck trying." I
think critiquing this crypto used would be more relevant if he was
implementing his own and not using using an outdated library.

Instead of linking to proof about how right you are, since you obviously are,
perhaps next time you could link to resources for us plebs to stay up-to-date.
How do you keep tabs on "all the things" like this?

/shrug just my two cents.

~~~
Waterluvian
Cryptography is like civil engineering or surgery. If you're going to do it in
production, you need to do it right.

I think it's akin to a family physician saying, "this is best left to the
surgeons."

Don't be fooled that just because you can write code, you can do crypto. But
also, you can learn and you can also completely mess around in a safe, non-
production environment.

Maybe my analogy is a bit weak.

~~~
nicoburns
I think your analogy is pretty spot on. Cryptography is an additional skill on
top of general programming, and it's a difficult one to master. And if you
haven't mastered it, then you shouldn't be trying to do it in important
situations (assuming there is an alternative).

------
gavinpc
This kind of as-you-type evaluator is extremely valuable to me. I've written a
few tools to support this in emacs, and I use the JS one all the time.[0]

I also wrote one for Graphviz (which outputs to an SVG buffer), and sometimes
I'll put the output from the JS playground in `play-graphviz` mode so I can
see real-time graph output from JS (by writing code to print dot graphs). ATM
I don't know any other tools that can do that sort of thing, let alone compose
independent ones to that end. Long live Emacs!

[0] [https://bitbucket.org/gavinpc/play-modes/src/default/js-
play...](https://bitbucket.org/gavinpc/play-modes/src/default/js-play/js-
play.el) (There is an odd bug in OSX where the first character of the input is
eaten, so I always begin these "playgrounds" with "/// playing with
<whatever>". There are some other oddities which I should document.)

------
BucketSort
Why did you decide to make this as a standalone application instead of making
it as a plugin to an existing editor? Seems like a lot of work for what seems
to be a custom repl.

~~~
Cieplak
Guessing it’s an Electron app, in which case it’s more along the lines of a
desktop-packaged website.

~~~
noir_lord
Quokka.js works nicely in vscode which means I'm only running one electron app
not two (not that I care about electron memory usage, as long as the
application feels fast I don't mind if it's 15Mb of memory or 150Mb, I have
32768 in my laptops and 65536 in my desktops).

~~~
ptspts
8192 MiB, or even 4096 MiB in a laptop is still common nowadays, and single
Electron apps using 256 MiB is not unusual.

------
drinchev
That's awesome. I have always wanted something like this. I was even looking
for some sublime text plugins that evaluate code on the go, but was out of
luck.

Some use cases :

\- Coding interview

\- Stack Overflow answers playground

\- Instead of "node -pe ..."

~~~
pault
There are many vscode plugins that will evaluate code and display the results
inline (the build in debugger does this too if you pause execution). You can
find them pretty easily in the visual studio marketplace.

~~~
antonkm
Which one is your personal favorite?

------
blondin
i like this idea so much. i wish the author the best of luck, i will be
following development. some basic features are missing: autocompletion, in-
editor help and documentation, and my own nitpicking favorite: font size!! --
i know, i know, there is that zoom in thing that seems to work sometimes...

i grew up with environments like QBasic and TurboPascal. they had everything
you needed to learn and master specific languages? all in one package.

JavaScript is so lucky to have such easy integration with the electron stack.
and with all the bad rap electron apps have been getting, this is just 160MB
unzipped. the closest we have for Python is the mu editor. that editor is half
a Gb unzipped!!

also, could it be that adding more features and library would make the size go
up? who knows? anyways, looks good.

------
castis
Being an electron app, Im surprised it only consumed 150 mb of ram and spawned
4 processes just by opening it.

~~~
andremendes
Is it a good number for Electron apps? Is it ok nowadays? 150MB seems too much
for me. I also thought that by using Electron an app would be readily portable
but I could only find Mac binaries.

~~~
ronsor
150MB is really good for an Electron app

~~~
devcpp
Oh my God I thought he was kidding. How did it get to this? And how do we
solve this?...

~~~
arcticwombat
How did it get go this?

Well that's what you get when the "solution" is to embed a webserver, a
browser, a native executable to show that browser, and the server runs Node...

The solution is simple, stop shoving square pegs in round holes, and learn an
appropriate language rather than shoehorn JS everywhere.

~~~
bdcravens
> learn an appropriate language rather than shoehorn JS everywhere.

Being that this app's sole purpose is to evaluate JS, this may be a situation
where JS isn't being shoehorned

~~~
arcticwombat
By the looks of it, only the console (Or equivalent) is used for output, so
bundling an entire browser seems way overkill for the output.

There's plenty of ide-libraries in other languages to replace the one used by
runjs.

~~~
bdcravens
You'd still have to bundle a JS engine. Presumably you could build a
traditional UI app and include V8, but I still think this isn't a bad use case
for Electron (but I agree there are many apps where it isn't the best choice)

~~~
arcticwombat
I'd imagine that the browser is the resource-heavy part of the application,
Nodejs doesn't use hundreds of mb's of RAM in my experience, at least not
while doing very little background work.

To me it would make sense to build a real desktop application and bundle
whatever JS engine you want to use, pipe and process the output as any other
application.

You'd end up with a much smaller application (Download size), more resource-
efficient, and less reliance on things like the bundled browser.

~~~
qudat
> You'd end up with a much smaller application (Download size), more resource-
> efficient, and less reliance on things like the bundled browser.

None of these things I care about. I care about whether or not it serves a
purpose to me. If it does, I'll use it. If it doesn't, I won't. You might have
other priorities and that's your prerogative.

------
simplify
Also consider flems.io , a similar evaluate-as-you-type but for JS, HTML, and
CSS.

------
wootie512
Learning some JS to help out on a project. Having a good time playing around
with this as I read through a JS intro book. Nice and easy to check things out
as I work my way through code examples throughout book.

------
Fudgel
Somewhat similar:
[https://github.com/princejwesley/Mancy](https://github.com/princejwesley/Mancy)

------
tyingq
_" RunJS will auto-evaluate your code as you type"_

Interesting. Is it in some kind of sandbox, or can I accidentally remove
files, etc?

Edit: Oh, it's an ios app?

~~~
fareesh
macOS app

~~~
josteink
Well that certainly makes it worthless to 90% here then.

~~~
coldtea
More like to 60% here. A shitload of devs use OS X -- and the platform has
come quite high on the kind of HN crowds, more so than on the generic public
(as is evident by the speakers and even attendants on most dev conferences).

~~~
fareesh
In my specific case (maybe my case is the majority, maybe not), I run macOS
only because I want a no-nonsense laptop that just works. For the combination
of good hardware, good display and good build quality, I found the Macbook Pro
(2015ish) to be the best bet at the time, and it has served me well thus far.

Prior to that I was using a very cheap but sturdy Samsung with Linux on it.

On the Desktop I run Linux and Windows (only for Steam every now and then).

------
filleokus
This could be useful! I hate typing in some random chrome window for just
testing out something super simple.

It is however surprisingly slow to execute the code on my machine. At first I
thought it was the auto run delay, but even when running it manually it takes
≈ 0.9 seconds. Not really a problem, but I expected it to be quicker.

~~~
jacobolus
Let me recommend Observable notebooks,
[https://beta.observablehq.com](https://beta.observablehq.com)

------
snarfy
It's all fun and games until you write out a destructive line of code.

~~~
ehsankia
I don't know this, but Chrome DevTools' eager evaluation uses a pretty smart
V8 internal tooling to figure out if your statement has a side effect, and
only evaluates it if it does not.

[https://www.youtube.com/watch?v=GCOiVEQNmpQ](https://www.youtube.com/watch?v=GCOiVEQNmpQ)

------
sebringj
Thank you, this seems very useful and much nicer than doing a jsfiddle as you
can work locally. There's nothing wrong with reposting good work as I would
have missed it otherwise. Bravo.

------
dangom
Pretty cool. Only issue is not being able to exit from an infinite loop.

let x = 2; for (let y=0; y < 10; x++){ console.log(x) } x

~~~
wvenable
The next feature should be detecting whether or not there is an infinite loop
and warn you before running it.. /s

~~~
ClassyJacket
I know this is a joke about the halting problem, but _some_ kinds of infinite
loop can be detected.

------
zaro
Why is Nan === NaN; false considered a quirk? It works like so in every
language I have ever used.

------
rc-1140
So LINQpad but:

\- for Javascript

\- only for Mac

\- evaluates JS as you type

?

~~~
rpeden
It reminds me more of Light Table than LINQpad or RoslynPad.

------
a_rahmanshah
It's pinned in my dock! <3

------
3dfan
I was interested to try it. Clicked into the code 'Uhh.. this is ... an
image?' Saw the 'DOWNLOAD RUNJS' button. Smiled. 'Download? That reminds me of
the 80s where we traded software on floppy disks'. And I was reminded of...

YOUR AMIGA IS ALIVE. BUT IT IS INFECTED BY A VIRUS.

Thanks for the nostalgica.

If you ever decide to make it available in the browser, I will try it.

~~~
emmelaich
I had the opposite reaction - mine was 'thank god this is not yet another
thing I have to be online for'

------
Nicksil
Previous submissions this week:

[https://news.ycombinator.com/item?id=18832420](https://news.ycombinator.com/item?id=18832420)

[https://news.ycombinator.com/item?id=18841842](https://news.ycombinator.com/item?id=18841842)

------
paulddraper
Ah, JavaScript, only for Mac.

What a weird world this is.

~~~
peyloride
+1

