
Now: realtime Node.js deployments - hswolff
https://zeit.co/now
======
scriby
I used to use a project called now on npm that was abandoned a few years ago
([https://github.com/Flotype/now](https://github.com/Flotype/now)). I was
curious how this new project was using the same name on npm as the previous
now that I had used.

Looking at the npm release history, versions <= 0.8.1 are the old project, and
the new project picked up at 0.9.0 (should have been 1.0.0 I guess). This is
consistent with npm's statements about package name transfers during the
leftpad debacle, but there's just something weird about reusing package names
for totally different projects...

~~~
cphoover
> but there's just something weird about reusing package names for totally
> different projects...

Not only is it weird but it is inherently insecure.

Even NPM's solution:

> "If a package with known dependents is completely unpublished, we’ll replace
> that package with a placeholder package that prevents immediate adoption of
> that name. It will still be possible to get the name of an abandoned package
> by contacting npm support."

seems susceptible to social engineering. All it takes is for one heavily
depended upon package to become compromised by a malicious actor, and the
entire dependency graph is poisoned.

I'm not sure of a great solution, but it really makes you question the
soundness of the NPM ecosystem.

~~~
viperscape
I really see no good reason not to employ namespacing with immutable packages.
If a package is dropped, all is well still. If readoption is needed, people
can use the new package, similarly named. It obviously also allows for similar
but different named packages to exist, which I don't see as a problem. I can
usually find the top repo on github for instance, even with multiple forks. I
worry about Rust since they have decided against namespacing, even though some
suggested otherwise, early on..

------
mmaunder
Had to read three pages and still haven't quite confirmed that this is node.js
hosting. But based on the pricing page, I guess it is. Can you please just say
that? Just say "It's node hosting and the deployment system is fast." You
literally just stole some of my life.

~~~
gkoberger
Just to piggyback for people confused:

It's zero-configuration Node hosting, for permanent lightweight microservices
or temporary Node projects that need to be accessible online.

In other words, it's as close to uploading PHP files to a server that you'll
get with Node.

For people wondering, the creator is Guillermo Rauch, who is behind Socket.io
and LearnBoost (the company that brought us Express, Mongoose, Stylus, Jade,
etc... basically the entire Node stack)

~~~
mmaunder
Why not just upload node files to a server?

~~~
gkoberger
For PHP, you upload index.php, go to yoursite.com/index.php, and it works.
Node isn't like that at all. For example, here's the "Hello World" guide for
getting Node started:

[https://www.digitalocean.com/community/tutorials/how-to-
set-...](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-
node-js-application-for-production-on-ubuntu-14-04)

This is basically the problem `now` is solving... "what if Node was as easy as
PHP?"

~~~
smt88
> _For PHP, you upload index.php_

That's not inherent to PHP. It's just how most hosts are set up. The only
major difference is the order in which things are done (and the necessity to
have shell access to the host.)

The real comparison is this:

# PHP # 1\. Install a server 2\. (Possibly optional) Install a process manager
3\. (Possibly optional) Configure the process manager 4\. Configure the server
5\. Start the server 6\. Upload files

# Node # 1\. Install Node 2\. Upload files 3\. Start the server

~~~
goldbrick
So you have 3 configuration steps for PHP and none for Node? You're completely
full of it.

~~~
smt88
6 for PHP, 3 for node. There's an objective difference: node has a built-in,
production-ready server.

~~~
goldbrick
Silliness. Here's me building a production php server:

1) `apt-get install php5 apache2`

2) _upload index.php_

3) There is no step 3

------
seibelj
Red Hat Openshift has a solid free tier, free SSL, git push deployments, node
/ ruby / python / java / php / etc., mysql / postgres, redis. Why would I use
this over that?

[https://www.openshift.com/](https://www.openshift.com/)

~~~
creullin
Also, Openshift is only supporting Node O.10 right now...

~~~
seibelj
Valid point, but there is a fairly robust open source community that provides
many more packages (called cartridges in openshift lingo) than are officially
supported [0]

[0] [https://github.com/icflorescu/openshift-cartridge-
nodejs](https://github.com/icflorescu/openshift-cartridge-nodejs)

~~~
creullin
Ah cool. Kind of like a Heroku build pack. Still more effort than 'just
deploy' though.

------
Rauchg
CEO of [https://zeit.co](https://zeit.co) here! Happy to answer any questions
throughout the day :)

~~~
phelm
Not received my confirmation email yet, it has been > 10 minutes

~~~
js4all
Same here. There seem to be problems with the current spike.

~~~
js4all
I got mine now. It took nearly an hour. Despite that, my early tests ran
solid. The apps got hosted on AWS us-west-1.

------
bikamonki
The pricing structure is missing a couple of middle tiers and overall the
service lacks useful features. For instance: I could buy a $5/mo droplet in
Digital Ocean, one click install node, even use my own domain and manage
deployments/restarts almost as easy. For that money I get 1TB transfer and
20GB ssd and many more features (b/c I basically get a VPS where I can do
whatever). It takes me 10 min to setup the server and zero minutes to deploy
each new version (I use deploybot so every git push is really a deployment).

Some things are not clear:

"Dynamic realtime scaling" Forever? Unlimited? Say 1MM concurrent API calls
for $15/mo?

URLs change after each deployment? Do I need to update endpoints on all
clients?

------
dimgl
This looks cool. It's like [http://surge.sh](http://surge.sh) but for the
backend.

------
peterhadlaw
Off topic: Right when I saw the terminal, I instinctively typed "ls". Not sure
now if that's what triggered the animation or not but regardless it was a neat
occurrence (I also just want to leave it at that ;) ) Yayy muscle memory!

------
ajsharp
> You can think of 𝚫 now as a CDN for dynamic code (microservices and
> backends).

Mmmmmmmmmmmmmm not a CDN.

------
lucaspiller
> NOTE: npm start has to listen on a port. It can be any port!

Does this mean you forward port 80/443 to whatever port the app is listening
on, or I can have my app listen on random external ports?

~~~
Rauchg
Yes. Just do `app.listen()` or pick `3000` or `8080` or `80` or…

------
rubiquity
What makes the deployment "realtime"? Is it just that you get terminal output
of the deploy happening? That's been around for a while now. Or am I missing
something?

------
alanh
Is there really no way to delete a deployment?

~~~
alanh
This was an actual question, not a rhetorical question, if anyone from the
company is still here.

------
travjones
This looks very promising for the node community. I was wondering which cloud
infrastructure service they went with to power this. According to the FAQ,
they don't rely on just one. Very cool, and if implemented correctly, more
resilient.

    
    
      Multi-cloud.
      We don't depend on a single specific cloud provider, but abstract them instead.
    

P.S. Is the markdown parsing broken on the FAQ? Or is that part of the look
they're going for?

------
koolba
Does this support native modules and is it running on Linux 64?

If so it'd be an interesting "hack" to have it run arbitrary code. You could
have the default "npm run" script download a python/ruby/golang/foobar runtime
and kick start an app on the expected port.

------
yefim
Are these zero downtime deployments?

~~~
Rauchg
Yes. There's no downtime whatsoever because you don't overwrite or take down
anything. Your architecture is immutable.

You manage "upgrades" by changing pointers (aliases and DNS). We'll be
exploring this in upcoming posts.

~~~
yefim
It'd be so nice to have it automatically swap the DNS records over. Please
consider that as you keep building.

------
wesbos
Very cool! I was just saying how hard it is to get someone to deploy a quick
node app. Trying it with a React + Express app right now. Taking a while to
deploy but I assume you are getting hammered.

~~~
troncheadle
Once you've done it once it is very quick imo. Deploy 1 to Digital Ocean with
Node/Express/Mongo took me a work-night and deploy 2 and 3 took me < 15
minutes.

------
ptasci67
You don't really mention this in the pricing section but I assume for the paid
plan, it gives you the option to hide the /_src feature based on something
(IP, etc.)?

~~~
Rauchg
All `/_src` links will link to a secure portion of the site with login + 2FA.
Security is top of our mind.

------
rmanalan
Looks neat for demo apps. I did try it out on one of my simpler express based
apps and it failed during the npm install. Looks like this is possibly using
ied?

------
ludamad
20 free deploys a month? Is every update a deploy?

~~~
alanh
I think so, because I don’t think "updates" are a thing:
[https://news.ycombinator.com/item?id=11440659](https://news.ycombinator.com/item?id=11440659)

But I wish they would clarify this, either way.

------
dj_doh
Like these quick deployment solutions zeit.co/now and surge.sh Sacalbility and
security is something that needs to be attested.

------
wolframhempel
Does now only support HTTP/2 or could I also use TCP or WebSockets?

------
z3t4
Can you have database dependencies? Like a full-fledged SQL database?

------
ruffrey
Seems cool. After many years on node, and even writing a deployment service
once (paastor) - just plain VPS, nar to make an executable, then scp onto an
Ubuntu server, and scp a logrotate and upstart conf - that's all you need man.

------
rajahafify
What happened if you did a recursive now build?

------
gmmeyer
Is the now cli not open sourced?

------
zuck9
This has a great landing page.

~~~
alanh
No, it doesn’t. Elements of it are great. The design screams “We’re
programmers too,” which is great. But as the comments on this page attest,
this landing page does a simply horrible job of introducing what `now`
_actually does._

------
andrewvijay
Fantastic intro write up to read in a mobile browser. Wish many products get
to what matters like these in their descriptions. Interesting enough to try
immediately!

------
williamcotton
Hey man, keep up the good work. I'm sorry this forum is so filled with trolls
these days.

~~~
q3k
I'm sorry that you treat anyone with different viewpoints from yours as a
troll. Don't worry, I'm not taking this personally.

~~~
williamcotton
That you can't see how much of a dick you're being when you accuse someone of
playing "buzzword bingo" is proof to me that you can't be anything but a god
damned troll. This isn't about having different viewpoints. This is about you
objectively being an asshole.

Edit: Sorry, TRIGGER WARNING: Real things are being said.

~~~
andrewingram
If I were accused of buzzword bingo, i'd try to take it as good-natured
criticism that what I said was perhaps a little too filled with lingo to have
a solid meaning.

It's certainly possible to read this example as a trollish remark, there's
also a perfectly valid reading which interprets it as an attempt to provide
useful feedback. Since I assume neither of us knows q3k, we're not in a
position to know which is true, except for q3k telling us.

~~~
egeozcan
It becomes pretty clear that it's not a troll when one puts his/her best-
effort to interpret "realtime JavaScript cloud". It's a critic with a very
obvious point.

~~~
williamcotton
Oh yeah Einstein, what's the point he's trying to make then?

God, this forum is just like 100% assholes these days. You can't even fucking
see it either, can you? When was the last time you interacted with normal
people in society? Did you just start out with bitter criticism and attacking
their vocabulary?

~~~
dang
If it's possible to gently point out that you're repeating the behaviours you
deplore, I'd like to do so.

We all get how encountering wrongness and badness on the internet can put one
on tilt, and we've all been there, but it's necessary to stop.

~~~
williamcotton
Hey dude, follow the thread: I'm defending someone from a bunch of bullies.

I'm not repeating those behaviors at all. I'm just calling a spade a spade.

You seem to think that someone who picks a fight with a bully is somehow
guilty of also being a bully.

All you end up doing is passive-aggressively condoning their bullshit behavior
in the first place.

I'm guilty of being nothing more than a fed up son of a bitch with a rude
attitude. I can live with that.

You're morally bankrupt. Can you live with that?

~~~
dang
This is way over the line of what we ban people for. I don't want it to seem
personal (it isn't), so won't ban you, but if you keep doing this we'll have
to.

The rule is "Be civil" and it applies regardless of what you think other
people are doing.

~~~
williamcotton
I honestly think we should hash this out in person. I live in Bernal Heights
in San Francisco. My email address is williamcotton@gmail.com - I'd love to
buy you a coffee and a scone and talk about how differing cultures and classes
in America have different definitions of "being civil".

I'm like a living Rosetta Stone for rednecks and yuppies. I guarantee you'll
spend most of your time laughing and that you'll leave with a giant smile.
Hell, I might even bring my guitar along and pick a few songs out for you!

