
Scastie: use any Scala compiler and Scala library in the browser - heathermiller
http://scala-lang.org/blog/2017/05/19/scastie.html
======
atemerev
(naturally, the very first thing I tried to evaluate is
scala.io.Source.fromFile("/etc/passwd").getLines.mkString("\n") . Spoiler
alert: it works!)

~~~
masgui
It does and you are root. You are evaluating inside a docker container. It's
not a bulletproof method but it will stop a few. The instances evaluating your
code is also on a network not accessible from the internet. I'm not an expert
in security, if you have any advice on how we can improve our defence please
tell us.

~~~
atemerev
I am not a pentesting expert. My first reaction is to leave everything as is,
as it is a very cool to play with root access to docker containers (I managed
to reboot one, but a new one immediately appeared on page reload).

My worst concern now would be network security. With root access, it is
trivial to e.g. install spambots in all your containers (just checked, command
execution works, and external network access is enabled). I think it is a good
idea to at least disable networking. (Update: and use a minimal Docker image
like Alpine Linux).

Proof:

[__REDACTED__]

~~~
opportune
I agree with this. What's to stop me from opening a bunch of the containers
and using them to DDOS someone or to send out spam emails? I'm already playing
around with system commands and they seem to be entirely unrestricted.

Basically I can run any bash script, as is, with

    
    
        import sys.process._
        "BASH_COMMAND" !!
    

And I seem to be able to at least cause the containers to endlessly restart
quite simply.

------
atemerev
Hi Heather!

Looks like you've got a Hacker News effect on your shoulders. :) Servers seem
to be overloaded.

~~~
TeMPOraL
Nah, that's probably just Hacker Effect of people rebooting the container ;).

------
drewda
Seems like the Scala and SBT equivalent of
[https://npm.runkit.com/](https://npm.runkit.com/) (which allows in-browser
use of Node and NPM packages)

------
mark_l_watson
This looks cool, I just experimented with it. I am curious: what is the
business model for this? Server costs are probably fairly expensive.

~~~
masgui
We are the [Scala Center]([https://scala.epfl.ch](https://scala.epfl.ch)). We
are a non-profit organization. Our revenue is from donations. This service
will be forever free.

------
stephen123
Its great to see so much good stuff going on in Scala land!

------
wiradikusuma
I'm a Scala developer but I don't understand what is Scastie. How does it
benefit from the perspective of developers like me?

~~~
richardwhiuk
It's an interactive playground for Scala so you can share code and send it to
other people.

[https://scastie.scala-lang.org/](https://scastie.scala-lang.org/)

------
hayd
Will this allow running a play app? (with debug etc) ??

~~~
masgui
Yes it can run anything sbt can.

[https://scastie.scala-
lang.org/MasseGuillaume/62vmEr9XR0qDWw...](https://scastie.scala-
lang.org/MasseGuillaume/62vmEr9XR0qDWwimrO3r2Q)

------
freekh
This looks so cool!!! Can't wait to try it out!

------
aghll0ihph2bbe8
How am I supposed to dismiss this modal window?
[http://i.imgur.com/atx6KsX.png](http://i.imgur.com/atx6KsX.png)

~~~
masgui
hum this look like a but in safari
[https://github.com/scalacenter/scastie/issues/](https://github.com/scalacenter/scastie/issues/).
You can visit this link: [https://scastie.scala-
lang.org/MasseGuillaume/kHn9lemPTayxoY...](https://scastie.scala-
lang.org/MasseGuillaume/kHn9lemPTayxoY20e09uiw) and it will clear the modal.

