Hacker News new | past | comments | ask | show | jobs | submit login
Glow: Markdown reader for the terminal with a TUI and encrypted cloud stash (github.com/charmbracelet)
283 points by tobypadilla on Oct 17, 2020 | hide | past | favorite | 69 comments

> Glow works with the Charm Cloud to allow you to store any markdown files in your own private collection.

Why would I want to store my files on someone else’s computer rather than in a git repo on mine?

Since you're already storing your notes in Git, I think GitJournal [0] might be useful for you. It's an open source mobile first markdown based notes app integrated with Git. (I'm the author)

[0] https://GitJournal.io

Thanks for sharing that. Just downloaded it. I've been planning on building a similar app.

The killer feature I need is a share target so I could select a snippet of text, hit share, and paste it into a particular note.

This already works in Android. Or do you mean in iOS? Either way, would you mind opening on a bug on GitHub - I'll be happy to implement it.

Please make a browser client with the same interface! :)

On it. But not this month. The underlying technology's web support is still in beta (Flutter).

Also, sadly GitHub and GitLab only have all/none access to private repos. OAuth access to specific repos isn't a thing. So Desktop support is more important for me.

Also, here is another similar project - https://github.com/taniarascia/takenote

Any plans to distribute via f-droid?


Yup - https://github.com/GitJournal/GitJournal/issues/29

The two main blockers are moving away from Firebase analytics (not open source) and setting up an alternative payment method.

It's something I want to get done by the end of the month [0]

[0] https://gitjournal.io/blog/2020-10-01-sept-update/

Probably the same reasons you may prefer Google Drive over Microsoft Office.

That said, I would definitely prefer pointing Glow to any standard git repo. This gives it all the security Charm is claiming to offer, versioning, etc, essentially for free. (Obviously that defeats the purpose of Glow being a marketing tool for Charm)

For what it's worth, you don't need to use the Charm Cloud features. If you run `glow` in a directory, it will recursively search subdirectories for markdown files and display them for viewing in the TUI. Stashing will encrypt them then push them to the Charm Cloud though.

This is by no means a feature request but it could be useful if Glow provided a way to configure alternative stashing methods (i.e. "stash via Charm or stash via some shell script you give me"). There would still be a lot of pull towards Charm but users who wanna do it themselves can also use the stash feature.

- You might switch between several computers throughout the day.

- You might believe the cloud folks do better backups than you.

Sure, but having been burnt by Keybase and others in the past, there's no way I'm adding another closed-source single-provide blackbox server endpoint to my daily routine.

While this looks like a really neat utility, I'll pass until there's a self-hosted option under a free license.

To each their own.

As one of the Charm co-founders, I think that's fair! That being said, others have asked us about this recently as well. I'll paste a reply I made the other day on Reddit:

Your concerns are well founded! I've certainly been burned by services disappearing...

It's a compromise to have a business model that allows us to develop Charm full-time vs. being completely open source. Our plan is to have a business model similar to GitHub: free and low cost services for individuals with enterprise hosting options (colo or hosted by us).

One thing that I think we should do is allow for a very easy export of all of your data. We can build that into glow and charm (vs. having to email us and ask for it or some other draconian option).

This is very much a 1.0 release of the Charm Cloud and one of the reasons we wanted to ship it early was to get feedback from the community and build out the features our users want. Your point is a great one that we should solve for ASAP. A glow export feature that spits out a .tar.gz of all your stashed markdowns seems like a great idea.

We're also open sourcing the libraries we use to build glow and charm, most of which don't require the Charm Cloud. We just made our TUI framework Bubble Tea open source for instance:


We also have a library for applying JSON stylesheets to Markdown called Glamour that is independent of the Charm Cloud (and currently in use in GitHub's cli):


Thanks for your question, it's a problem worth addressing.

Please consider having an open source self-host option and a paid cloud service. Many people (and enterprises) doesn't want to spend time securing and maintaining servers. If your company disappears there is the self-host option as backup. This model seems to work well for Ghost and Gitlab.

Also bitwarden is doing something similar!

FWIW, I get the impression that they want to charge money soon. Keybase never really wanted to bother with that and the implicit SLAs that come with it? Charging money is a great way to actually guarantee it will be around for a while longer than your typical ad or VC funded 'free' service.

I feel like the major problem with E2EE cloud services is getting apps to adopt it. For example, I like bear editor, but I don't like their encryption model. I like standard notes & inkdrop's E2EE encryption models, but I don't like them as editors that much since a bunch of their energy is probably being consumed by encryption stuff. It feels like the engineers who make good UIs have a hard time doing well on the security standpoint and the ones who bother to make things secure have a hard time dealing with making good UIs.

I want something that the bear's of the world will adopt and then they don't have to think about E2EE anymore.

I've switched to Ghost for my business precisely to support this model. And since I don't want to spend time maintaining servers, I pay them handsomely.

Thanks for following up!

Well-structured exports is certainly something that I think will make a lot of people more confident (and also a necessity if you intend to have first-class support for EU customers with any kind of individual identifiers, with GDPR and all).

I’d still put a dogfed (same as you run yourselves, possibly missing select enterprise-targeted features) FOSS self-hosted server version.

Look at Hashicorp for a great example of that this works in practice when you're targeting a techy audience!

I’m sure a lot of your potential customers are happy to pay exactly because they want someone else to take care of all the technicalities - and on the other end of the spectrum (and I’m sure you’ve thought of this already) you have the enterprises that for legal or compliance reasons simply have to own the whole stack - and there you’ll have free users providing back tutorials, documentation, bug report and the occasional PR that you’d otherwise have to do yourselves or neglect. Just food for thought :)

Thank you and sanbor for the detailed reply. I think it's really interesting. We can't promise anything now but it's definitely something we can look into. I self-host Sourcegraph and Gitea and enjoy the freedom (and can also see why someone would pay to not self-host).

- I do switch between several computers throughout the day. That's what network file systems are for.

- ‘Cloud folks’ might have more stable hardware and software, but have built themselves a deadly reputation for unreliable policies.

I think I'm having flashbacks :P https://news.ycombinator.com/item?id=9224

This definitely goes both ways. I’d wager GP falls in the same category as I do in that Dropbox is not an option for them. Their security track record isn’t really stellar.

Encrypting the data before uploading to Dropbox should make their security almost irrelevant? The issue I have with these anti-cloud sentiments is that they more or less give a moat to the established players like OneDrive or Google Drive or Dropbox. There has to be a better way to reduce the risk of alternative cloud services.

That’s very valid nuance. But I also think that alternative cloud services can be successful without having to keep their server-side implementation closed and protected.

I absolutely agree that there’s a need for the middle ground.

I’d also say that I think nobody really cares if GH is running vanilla git, or which SMTP and IMAP server Fastmail is using; perhaps the important thing is that there exists at least one maintained fully API compatible open alternative, not necessarily 100% identical to the software run by the hosted, or even primarily developed or maintained by them.

(And, well, the insight that can be derived from metadata is not to be dismissed, so I wouldn’t agree on “almost irrelevant”)

Well, you can mitigate the metadata issue various ways too: putting all secrets in one encrypted file, hashing/encrypting file names or whatever.

I'm sympathetic to the idea that a company is going to be better at doing backups and maintenance than I am, but for the first point: it sounds like they're using the local machine's SSH key to wrap a symmetric key[1]. Unless you're sharing the same SSH key across all of your machines, this tool probably isn't very useful when switching between computers.

Edit: It looks like they generate their own SSH key instead of using an already present one[2]. So you'd presumably need to copy that to each machine that you'd want to use so that it can unwrap the real (cloud-stored) decryption key.

[1]: https://github.com/charmbracelet/charm#how-it-works

[2]: https://github.com/charmbracelet/charm/blob/master/keygen/ke...

Hi! I'm one of the Charm co-founders.

We actually issue a new Charm specific SSH key for you. We then allow you to link machines together with our `charm` account utility. The symmetric keys used to encrypt data are encrypted for each public key linked to your account so you can access your data from multiple machines.

Thanks for the explanation! Glad to hear you've thought out and handled the linking process.

Just out of curiosity: have you seen or considered age[1] for the symmetric pair? I've used it on a few projects where cryptographic flexibility wasn't necessary.

[1]: https://github.com/FiloSottile/age

We actually ended up making our own encryption library that's based on age, it's called sasquatch (built by our team member muesli):


Also valid for git. Sync to github or whatever and you have the same secure cloud. Which would an editors point to automate this BTW.

Major difference here is that GH (in terms of git repo hosting and interaction) have API-compatible free and open implementations - there’s no vendor lock-in (apart from the network effect if you count that, which I don’t)

I agree. The whole "encyrpted stash" and "cloud" thing is totally unnecessary. It is an amazing tool without all that noise.

I prefer to do this directly in vim with Goyo: https://github.com/junegunn/goyo.vim

Vim can't highlight Markdown correctly because it does highlighting via regexps. For correct parsing and thus for correct highlighting of Markdown you need a real parser. See e.g. this:


Is this limitation of most general code editors? Has neovim fixed this?

Neovim has an experimental language parser which is still in its early days, but might just help:


Specifically, for Markdown: https://github.com/ikatyang/tree-sitter-markdown

Neovim will have treesitter in the next major release, so yes probably.

Yup, same. Excellent plugin.

If you have Pandoc installed, you can get just the rendering/reading with something like

      pandoc -i file.md | w3m -T text/html

And couple it with entr to emulate live preview

pandoc is great :)

Somewhat related: there is a Pandoc "writer" on GitHub that pretty prints most formats supported by Pandoc (including Markdown, of course).


I contributed some changes back in 2019. The writer is written in Lua and the lead maintainer seems happy to welcome PRs.

Thanks for pointing that out. (I've been using `pandoc -t html | elinks -dump -stdin` in my ~/.lessfilter)

I've done something similar but as a python flask app that uses a web browser as a reading/writing platform, that keeps it's (unencrypted) stash in a local directory (it's a 'localhost only' webservice).

It's functional but crude so nothing on github just yet ;)

Hehe, since we're on the topic of shameless plugs, I have one in typescript - it's ready and I'm using it extensively. Serves locally as you described by using --serve


The Charm project looks awesome, almost get a feel for “post web apps” there. Interesting.

On windows I use Typora. Since I use markdown lists as a journal and project notes, I'm usually doing it on windows.

Very nice tool. One issue is that the color scheme doesn’t work well with a white background, or a monochrome display.

One of the authors here: it should actually automatically detect your background color and adjust its theme to it. Alternatively you can pick a different style with `-s`, or even write your own one!

-s light works for me

Is there a way to set a default?

Absolutely love this, very well done!

This is way fancier than my project, which renders markdown (or anything pandoc can read) as a man page:


Note that you can actually get colour and proper italics and boldface out of groff (specifically grotty). They are actually in there in the vanilla tool, but are disabled by overrides on several operating systems.

* http://jdebp.uk./Softwares/nosh/italics-in-manuals.html

Love this. Instant install.

I love using glow as a markdown previewer for my file manager lf. But what the hell is up with everything else they are trying to do. Just be a good markdown viewer!

Looks great! Love CLI/TUI.

That said, can someone please post a summary of what charm.sh is about? I don't use javascript and nothing comes up on the page.

In disabled JavaScript and I can read the page fine.

turn on javascript?

I don't use a browser with javascript. I cannot turn it on.

so what is stopping you from using a modern browser like firefox to view the site with javascript?

This is cool, but I want to run my own server.

A text file in git or syncthing does the same.

I want this as an editor, with VIM support :)

I've installed it and I felt the same as what you mentioned :)

Then I saw Goyo Vim plugin

What does this do that Vim doesn't, for you?

This doesn’t seem to let me edit, for starters.

Its backed up to the cloud out of the box.

There's no Cloud it's just someone else's computer


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact