Hacker News new | comments | show | ask | jobs | submit login
Show HN: bash.rocks – A bash interpreter in the browser (bash.rocks)
58 points by wsxiaoys 9 days ago | hide | past | web | 20 comments | favorite

Hey HN, bash.rock is my latest side project, a bash interpreter in cloud, it comes with many utilities like curl, Python, ImageMagick, jq, etc.

Below are some snippet I created:

Generate random corporate bullshit: https://bash.rocks/w3nEB9

Compress png to webp: https://bash.rocks/YBbaJG

Generate gif with curl, jq and ImageMagick: https://bash.rocks/NBXQ3w

Any suggestions / feedback welcome! :)


A more interesting feature I haven't fully finished is to turn your random bash snippet into an HTTP web service, like https://bash.rocks/Gxlg31/3/api?url=i.imgur.com/1uYroRF.gif

which makes an obvious premium feature in future :p

What would make it really powerful/useful is toggle that switches the current source to an interactive mode that runs new lines as you press enter.

Seems like an interesting project! Unfortunately it doesn't show any output for me. I can see in the network inspector that the GET to /stdout returns the text, but it's not shown on the screen.

I'm on Firefox 49 on Debian, by the way.

Very cool! The image integration is especially neat.

What does the backend look like?

It's a Cloud Function running in Cloud, with customized node package dependencies (so I could pull stuff like jq, webp in).

Thanks to a fully managed container environment, I don't have to worry too much about security stuff.

Hey - founder & CEO of Codenvy, also project lead for Eclipse Che - a workspace server and cloud IDE. We have learned a little bit about what it takes to run environments in the cloud and then present development experiences for languages in the browser.

Congrats to @wsxiaoys for launching a new project. Anyone who takes the time to launch projects are doing a labor of love and commitment, so that deserves credit and recognition!

Some observations that you may want to think about: a) The time to execute a simple bash command "echo 'hi'" was a few seconds. This tells me that you are probably spinning up a new Docker container on-demand after the user says "run". This will not really make the product usable over time. You'll eventually find that people will expect their environment to be loaded and running the moment their end user session has started. This way you can use Docker exec or other mechanisms (in Che we replaced Docker exec with a custom agent that runs inside the container that gives us fine-grained control over how processes are executed within the container). When a user says "run" you can then guarantee instant execution and then control how results are streamed.

b) I wrote most of the CLI for Eclipse Che and Codenvy (in bash!!). So learned that a few project / framework concepts are essential. In particular a project structure that allows you to source different files / or libraries will become important. Also, BATS for unit testing is essential to anyone maintaining bash scripts. Few people use BATS, but it's a life saver, so having automatic structuring of BATS tests as users creates bash files would be awesome.

c) Have you seen the language server protocol? No one has built a language server yet for Bash. It would be awesome to have symbol lookup, referencing, and auto-complete services within your editor. You could use a Monaco editor with a bash language server to give contextualized intelligence to your bash program for the developer. You could even go so far as to offer line by line debugging with it :)

Thanks for your contributions to the community!

Seems like a cool idea, but clicking on this link will immediately download a file to your computer: https://bash.rocks/KJKEk3

(it's just a snippet from /dev/urandom, but it looks like it could be any arbitrary file that's within the size limits)

For example, https://bash.rocks/jJg193 shows that it is possible to download any arbitrary data with no prompt (here it's the eicar test file)

EDIT: where can I contact the author? I found a very bad security bug; I can see what commands other users are running

Right now it is simply loading stdout / stderr with iframe, sometimes content will be interpreted as binary flow so browser will tries to download it.

I'll try fix this in next iteration. (and i just fixed the /tmp :)

So it's not bash, but a full Linux (?) environment with bash as the shell and some programs installed by default.

For node.js, there's also cash [1], shelljs [2], and an initial bash syntax parser [3], which actually implement POSIX shell subsets in Javascript (unlike this project, which I understand calls out to a server-side bash process). Though cash and shelljs work synchronously only, which make them usable for build scripts etc. but not web services.

[1]: https://github.com/dthree/cash

[2]: https://github.com/shelljs/shelljs

[3]: https://github.com/dthree/vorpal

I was hoping for WebAssembly - that is, a bash interpreter really running in the browser. Of course, that would be a lot more ambitious, since unless you wanted to be limited to bash builtins, you’d also need some kind of kernel and the ability to run other processes…

(Yes, I’ve seen jslinux.)

Neat, but what is the practical use? I already have a shell on my computer.

One feature I'm planning is to let you deploy your snippet as an service, like https://bash.rocks/Gxlg31/3/api?url=i.imgur.com/1uYroRF.gif

With this and maybe a crontab enhance, this could be somehow useful for daily automation.

can someone explain me how can this exist without being a security nightmare? From what I saw it's on a read only filesystem which looks like a great idea but what else?

It's implemented on Google cloud as a cloud function.

So, for whoever made this, the risk would be mostly about running up their bill I suppose? Some risk to Google if it's possible to escape their container, though I suppose they've done a bit of work in that space.

Does each session run in an isolated container? Because I wonder, what's stopping an attacker from exhausting system resources, messing with other users stuff, etc.?

Yes it's a cloud function, an isolated docker container running node.js

Ah yeah, the fork bomb.

Modern kernels provide the pids cgroup, which specifically protects against forkbombs. Most container runtimes support it as well.

Can we get fish instead of bash?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact