Hacker News new | comments | show | ask | jobs | submit login
Show HN: Run Code Snippets in Any Language Inside Your Blog (tech.io)
75 points by theloup 10 months ago | hide | past | web | favorite | 13 comments

> Our platform uses Docker images to run the code

Hopefully you've already thought this through and you left out all of the copious complex security details of the sandboxing out of this announcement.

But just in case you haven't:

- containers don't provide the best sandboxing on their own

- if I get sufficient privilege in your container, I can read/write directly to the device nodes inside the container to impact the host

- you should also fear cryptocurrency miners burning your cycles

But, kudos to you -- this looks like a really neat feature. A quick skim of your homepage seems to suggest that sandboxing should be core to your product's success, so I'll just hope for the best. :)

I love this, but I worry about longevity -- if we convert all our code snippets to this, and then this dies, all the older blog posts become useless. You'd be surprised how many reads even 5+ year old blog posts can get.

One of the nice things about the way we do things with RunKit embeds (https://runkit.com/docs/embed) is that the code lives in your site, not on ours. The API generates the embed the same way something like highlight.js generates syntax-colored code on your site. That means if we're ever down, your site gracefully degrades to a not-runnable snippet, as opposed to merely disappearing like this seems to or with embedded gists.

RunKit is awesome, highly recommend it.

Given that every OS, even OpenBSD is frequently vulnerable to privilege escalation exploits, it always makes me nervous to run someone else's code.

repl.it has had this capability for a while, although the embedded environment can be a little heavy.


The code running part seems to have been hugged to death, but I like the idea. Any chance the snippets could be made to run locally, either on my own server, or better yet within the user's browser itself?

Well, there is http://code.runnable.com/ which does something similar. I don't remember if it outputted a dockerfile, but I do know it runs everything inside docker. I used to work at the company.

https://github.com/viebel/klipse but afaict it only supports certain languages and doesn't emulate a server environment.

How would one build something like this securely and ensure fairness to all those who wish to execute (avoid DOS)?

Surely there is more to it than just running the code in a Docker container, right?

Edit: I skimmed the article but I missed part. Apologies.

Did you read the linked article?

> Our platform uses Docker images to run the code, so you can use code snippets in virtually any technology. A lot of contributors have already made the most of our technology and have crafted playgrounds of impressive quality.

Emphasis added by me.

I did read that part but I also went to the website and tried the service and could only find out how to do it via the pre-made templates.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact