
Butterfly: Your everyday terminal in your web browser - p4bl0
http://paradoxxxzero.github.io/2014/02/28/butterfly.html
======
chjj
Just a note to the author if they are reading: you might want to remove that
OSC code for inline HTML.

There are reasons dynamic codes like those don't exist. Good reasons. (In my
own naivete, I once thought an OSC code to access scrollback would be a good
idea. You can imagine how insecure that was). It's not a good idea to run any
programs in this terminal until that OSC code is either removed or the HTML is
somehow sanitized.

~~~
panzi
What's OSC? Open Sound Control? Open Source Code? I'm not familiar with that
acronym.

~~~
chronomex
It's a type of terminal escape code, designed to interact with the terminal
emulator's environment.

[https://en.wikipedia.org/wiki/ANSI_escape_code#Non-
CSI_codes](https://en.wikipedia.org/wiki/ANSI_escape_code#Non-CSI_codes)

------
p4bl0
To use this on a remote server without making it listen to the wild, keep it
listening on localhost only and on your computer you could for instance launch
this:

    
    
        ssh -Nf -L 9999:localhost:57575 remote-server
    

and then you can go to [http://localhost:9999/](http://localhost:9999/) with
ssh taking care the encrypted connection between you and the remote-server.

~~~
gingerlime
not being funny, but isn't the purpose of a web-based terminal to help give
you access to a terminal-like environment when you _don 't_ have access to a
standard terminal / ssh?

~~~
bdunbar
A use case (warning I've not thought his out very deeply)

Abe has shell access via 'ssh' to Server. He wishes Bob and Carol to have
access to the server but for whatever reason they don't have SSH.

Abe shells in, does the trick for Bob and Carol. Bob and Carol can use the
web-based ssh and are happy campers.

Or.

Abe controls the server via Puppet [Chef, Ansible]. Something you can do with
Puppet is disallow SSH access - one does this to remove the temptation to
'cheat' and hand-config the system. Abe has the ability with Puppet to exec
this command to let Bob or Carol (or Abe) into the system 'in case of
emergency'.

------
bct
At least one major security issue has already been discovered & fixed:
[http://www.reddit.com/r/linux/comments/1z6gif/butterfly_your...](http://www.reddit.com/r/linux/comments/1z6gif/butterfly_your_everyday_terminal_in_your_web/cfr1c7m)

------
jackmaney
It's a shame that this doesn't work in Windows, where a real terminal is
desperately needed.

~~~
chjj
tty.js[1] works on windows (the backend is linked to the winpty library). I'd
normally feel like I'm tooting my own horn by inserting this here, but it
looks like the clientside part of Butterfly is a fork of my term.js[2]. I'm
not sure if python's implementation of pty's handles some kind of workaround
specifically for windows.

[1] [https://github.com/chjj/tty.js](https://github.com/chjj/tty.js) [2]
[https://github.com/chjj/term.js](https://github.com/chjj/term.js)

~~~
ubershmekel
I wanted to try but got errors.

MSBUILD : error MSB3428: Could not load the Visual C++ component
"VCBuild.exe". To fix this, 1) install the .NET Framework 2.0 SDK, 2) install
Microsoft Visua l Studio 2005 or 3) add the location of the component to the
system path if it is installed elsewhere.
[E:\dev\node\term.js\node_modules\socke t.io\node_modules\socket.io-
client\node_modules\ws\build\binding.sln] MSBUILD : error MSB3428: Could not
load the Visual C++ component "VCBuild.exe". To fix this, 1) install the .NET
Framework 2.0 SDK, 2) install Microsoft Visua l Studio 2005 or 3) add the
location of the component to the system path if it is installed elsewhere.
[E:\dev\node\term.js\node_modules\socke t.io\node_modules\socket.io-
client\node_modules\ws\build\binding.sln]

------
panzi
I don't quite understand the use of it. iPython Notebooks I get. They really
give you something you don't get in a terminal widow, but I take my yakuake
everyday before a web based terminal. It integrates better in the desktop
environment, has global hotkeys, can be scripted via D-bus, doesn't need a
server to run and has no potential security issues a web server based terminal
has etc.

------
mediocregopher
This is super-cool. Not sure it's recommendable to use it in place of ssh, but
maybe with ssl+http-auth it could be workable? It definitely adds some
convenience for when I'm away from one of my boxes and I don't want to deal
with putty.

As per all HN comments, one downside is that it kind of messes up with my vim
colors, but that may be that my vim colors are messed up to begin with.

~~~
fafhrdius
Can you point the advantages of this being "super-cool", i am afraid I'am bit
puzzled :s

~~~
riskable
Well right off the bat: You don't have to install anything. You also don't
need to worry about updating a thousand clients if a security problem crops up
--you just update the server and you're done.

Also, in terms of "why" there's all sorts of neat things you can do with a web
browser that aren't so easy with regular terminals. For example, displaying
inline images (if you code it right). Gate One can display images, PDFs, and
play back sound files right there in your terminal if you do something as
simple as 'cat somefile.png' or 'cat somefile.ogg'.

Source to Gate One (also has some screenshots of the aforementioned features):
[https://github.com/liftoff/GateOne](https://github.com/liftoff/GateOne)

The other nice thing is that you can use it through basically any proxy server
(provided it doesn't "speed bump" you--breaking WebSocket connections).

~~~
panzi
For these things (embedding audio etc.) I think iPython is better.

------
peapicker
I think I'll stick with the Chrome ssh plugin.

~~~
code_duck
I think I'll just stick with pressing alt-tab to Terminal.app.

------
zeckalpha
Too bad AjaxTerm was abandoned:
[https://github.com/ingydotnet/ajaxterm](https://github.com/ingydotnet/ajaxterm)
If it wasn't, it likely would be this today.

~~~
riskable
You want to know what AjaxTerm would be like today? Look at Gate One:
[https://github.com/liftoff/GateOne](https://github.com/liftoff/GateOne)

When I wrote my first web-based terminal (Escape From The Web) it was based on
AjaxTerm. It kinda sucked for more than one terminal at a time so I went back
to the drawing board and wrote Gate One. It turned out great (if I do say so
myself!) and soon it will support running X11 applications as well (see:
[http://youtu.be/6zJ8TNcWTyo](http://youtu.be/6zJ8TNcWTyo))

------
chrisBob
The security of this worries me. I would have to understand their code very
well before I would be comfortable running a program that gives root access to
anyone over a web browser.

~~~
andreastt
The easy solution is to set up an iptables route for disabling all non-
loopback connections and traffic for port 57575.

~~~
cjbprime
That doesn't help if the vulnerability involves taking over your machine via
JS on an untrusted page, causing your own browser to conduct the exploit
against your terminal.

------
jsmeaton
I really like the quick history selection feature, and now I want it in
iterm2. Browser based terminal isn't something I'd be likely to use, but
congrats on writing it.

------
Touche
Locks up the browser if you try to `exit`

------
creack
docker run -p 0.0.0.0:57575:57575 creack/butterfly

------
fsiefken
This would be nice to get working in ChromeOS, would it be possible to start
this at runtime? Which files should be edited? I've got a dual-boot Chromebook
machine so I can mount the ChromeOS partitions with Linux.

------
unclesaamm
To make it start on boot in Ubuntu:

Put this into /etc/init/butterfly.conf:
[http://pastie.org/8825201](http://pastie.org/8825201)

------
kernel_panic
This is really cool! Would be great to get this on places like
[http://www.runnable.com](http://www.runnable.com)

------
sdonnahue
Check out [http://terminal.com/](http://terminal.com/) You can instantly clone
real machines there.

------
cyberpanther
Great job! I've been using tty.js for a while but it is a little unstable and
I love Python so this is a perfect fit.

------
deefour
Does anything like the quick history select or the google-instant style auto-
complete/suggestion exist for zsh?

~~~
vdm
[https://github.com/zsh-users/zsh-history-substring-
search](https://github.com/zsh-users/zsh-history-substring-search)

------
fiatjaf
Beautiful, but if it isn't secure for managing servers and remote machines,
what is the point of it?

------
ngoldbaum
'sudo pip install', really?

~~~
hcarvalhoalves
It's a system-wide tool, there's nothing wrong with installing it with _sudo
pip install_ if you want it on your PATH.

~~~
hdevalence
Yes, there is: system packages should by installed with the system's package
manager. Otherwise, you have two systems managing the same set of files,
causing tears and suffering.

Packages not installed with the system's package manager should be installed
elsewhere, e.g., a local install in a user's home directory, or (in the worst
case) /usr/local or /opt.

~~~
lucian1900
pip installs in /usr/local, actually. It's not quite as bad as it looks.

~~~
hdevalence
Thanks for the correction.

------
jyz
This is insanely cool, for mobile?

~~~
drdaeman
I fail to see anything cool here. What's the point of using browser for UI
layer if you need a backend app anyway?

Or, if you intend to use that remotely - Atwood's law aside - what's the point
of replacing already well-working client apps, usually, with old trusty
OpenSSH client under the hood, with some browser-based kludges? (For example,
you'll have to reinvent auth.)

------
mason240
The browser is the OS.

------
softvar
Really Awesome! No more switching back and forth

~~~
spektom
How switching between browser tabs is different from switching between
applications?

------
hiphopyo
Reminds me of some ezine from the 90s.

~~~
emddudley
I really love that ASCII butterfly... more console tools should have ASCII
art.

~~~
smprk
Your comments led me to discover Figlet
([http://www.figlet.org](http://www.figlet.org)) and ASCII art generator
([http://patorjk.com/software/taag](http://patorjk.com/software/taag)).

Weekend customization times! :-)

