Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Val Town – A Cloud Scripting Site (val.town)
332 points by stevekrouse on Jan 11, 2023 | hide | past | favorite | 71 comments
Hey HN! We're so excited to show you Val Town (https://val.town)! A "val" is a JavaScript/TypeScript function or value that runs on our servers. We aim to get you from idea to running code in seconds: type code, run it, get its API endpoint, schedule it - all from the browser, in a couple keystrokes.

We're a startup of 4 people, mostly in NYC. We've been working on this for 6 months and are eager for feedback from the HN community.

Why do we need yet another online coding IDE? While researching devtools[1], I found myself wanting something halfway between Replit and Zapier: a tool that makes hosting, deploying, scheduling, and authenticating easy, but is first-and-foremost a programming tool.

We added `console.email` to the runtime to make it incredibly easy to email yourself. We don't have npm imports yet, but we do have a low-friction system that treats every user as a namespace, so you can refer to `@me.foo + 1` or `@yourFriend.bar()` right in your code. There are a lot of thorny implications this newfangled import scheme creates, but also many joyous and carefree coding experiences! One of my favorite features is that we store every evaluation, up and down the callstack, including inputs, outputs, logs, etc, which has been an amazing aid to debugging.

So far, Val Town is mostly used for what we're calling "programmatic notifications": query a data source for new items on an interval and email them to yourself.

Get notified when users you "follow" post on Hacker News: https://www.val.town/stevekrouse.hnFollowPollJob

Get notified when to close your window during fire season in SF: https://www.val.town/stevekrouse.aqi

Get notified when there are new citations on a paper: https://www.val.town/ernest.newCitationNotification

Subscribe to RSS feeds: https://www.val.town/stevekrouse.pollRSSFeeds

A good place to get started would be forking one of those vals and modifying it to suit your needs. Some folks are using the tool in other ways, such as in webhook contexts, and we encourage those uses as well. We'd LOVE to pair-program with anyone looking to try out the tool and give feedback. Email steve@val.town :-)

Main site: https://val.town Docs: https://val-town.notion.site/Val-Town-Docs-01c8eb9c534b48998... Discord: https://discord.gg/dHv45uN5RY Blog & Newsletter: https://val-town.notion.site/Blog-6d3ef714d0c849e9be71b3986a...

[1] - Whole Code Catalog: https://futureofcoding.org/catalog/




This is pretty neat!

I went ahead and dropped in a string tokenizer that I've been working on, and it worked straight away! (link: https://www.val.town/embed/catapart.magnitTokenize) I'm sure I'm doing it inefficiently, but it's pretty sweet that it just plain worked!

Thanks for building such an open platform! I know I can get some real value of utilities like this, so it's nice to know that there are folks out there willing to provide them! Hopefully any code I can add can be of use to someone!

edited to add: I also included a test of the tokenizer, if anyone was wanting to tokenize some strings with it: https://www.val.town/embed/catapart.testTokenizer


Congrats on the launch! I love this idea. It’s so simple but it immediately clicks. My instant reaction was thinking of the various ways I’d totally use this (and gladly pay for it, if reasonably priced).

A few things:

- Add support for user secrets.

- Work on pricing ASAP. You’ve built something dope. You can be paid for it. In fact, I prefer to pay, because it makes it easier for me to feel that the product won’t just disappear after I begin to use it and rely on it. I also just like knowing folks are compensated for the work they do.

- Due to the type of product this is, security should be the #1 priority here. I understand you’re in the early stages, but please make this a focus. V8 has pretty decent isolation, but honestly, for a product like this, WebAssembly is your friend — it was quite literally designed for this type of product. A side benefit of relying on WebAssembly is that you’ll be able to support as many languages/environments as you can get to compile.

Once again, dope work!


> Add support for user secrets.

They're under your username, in the link labeled Secrets. One can see them in use in the author's hackerNewsSearch which consumes an algolia key, and probably a bunch of others since there's a Twitter API example, too


> V8 has pretty decent isolation, but honestly, for a product like this, WebAssembly is your friend — it was quite literally designed for this type of product.

The big thing that WebAssembly allows you to do security-wise is to execute multiple untrusted programs securely in the same address space.

This is a new capability for some languages, but JS has supported it since day one. The most popular WebAssembly runtimes are already the JS runtimes – Cloudflare uses V8 isolates to run their edge workers, for example.

You could use a lighter weight and purpose built runtime for WebAssembly like wasmtime, but the immediate benefits of doing that are unclear to me


Thanks! Yeah we have made security our #1 after this launch went so much better than expected.

As someone else noted, we already have secrets on the platform, but I am eager to hear more about what you'd like to pay for it and what you'd expect to get in exchange. We are all ears on suggestions :)


I want to draw particular attention to the use case of following HN users. I've been using it for a couple of months, and been finding a lot more great comments here as a result. There's a separate front-end that's the best way to get started following people: https://www.hnfollow.com. And if you find yourself wishing it worked slightly differently for you, well you can go edit the underlying Val then.

Hit me up if you would like help setting this up for yourself and don't want to join the Discord or something. My email is in my profile. You basically need to create a new Val for yourself called `hackerNewsAuthors` that's just an array of HN username strings.


The backstory here is that when we saw how akkartik was using the tool, we decided to double down on this particular usecase and we built hnfollow.com as a showcase of what could be done with the tool, but holding your hand every step of the way.

We even posted it to HN but dang rightly rerouted us to this proper Show HN: https://news.ycombinator.com/item?id=33533830

In the meantime, we launched "Scheduled Val" which let you schedule a val with a single click, and it somewhat made hnfollow.com unnecessary because most of that tool helped you manage setting up an interval, tracking its ID, and cancelling it. Now you can just fork this single val to your account and the interval is synced to the val automatically: https://www.val.town/stevekrouse.hnFollowPollJob

The one extra step that akkartik alludes to is also important: you do need to define some folks to follow. How to handle-hold users through this process of forking + customizing vals is a real design challenge for us. Would love any suggestions!


Oooh I think this is great

Another one, as an example, check the FDA food and drug alerts for medicine you take. I guess the pharmacy should email you but who knows, it's just filtering an xml for a set of regex. I built a cheap example myself on a micro self hosted server I use for other things

Having quick and easy email behind a very simple url is great. Another usecase I use is I have a tiny http endpoint which just emails based on the url parameter (e.g. since it's only me my.server.com/email?msg=DONE_AI_training). Then I can use it to notify me when a long running job is done, using curl or the easy off the shelf requests that's in any language


I think I'll start using it but I'd like self hosting only because I want to set it and forget it for years potentially, and I don't want to have to check to make sure it's still working


I don't really see the utility of a tool like this + self hosting. If you want to self host your scripts just...open a text editor and start writing.


Yea, for self-hosted I've got 15 year old Perl scripts on cron still doing their thing.


I mean you're right, I coded it quick in bash. The actual `grep` is of course bulletproof but I don't have a bulletproof notification system. If I was on a local unix machine I'd use `mail` but I mostly check gmail. I can use a simple smtp bridge but it's not always reliable

I've been meaning to set up automated testing where it sends an email every day and then I use something like google apps script to make sure it goes through. Like a cronjob checker but for email, maybe it already exists


the utility would be the interface, this takes all the boilerplate out of the picture


This is a phenomenal mixture of abstraction, design, and state management to peel away infrastructure complexity.


This is super nice. Please let me pay so you don't disappear.

Are there any other services that make it this easy? DigitalOcean functions have a UI for quick prototyping but afaik Google Cloud, Vercel, Cloudflare etc wrap similar functionality inside projects or similar idiosyncrasies which adds friction if all you're after is a function and an endpoint.


Thanks for the offer! What would you want to pay and what would you expect to get in return?


Take a look at https://windmill.dev


Quick start -

click "new val"

type `console.email("hello from valtown", "valtown");` , see email in about 10 seconds, and the val link has a log of emails sent

new val, `export hackerNewsAuthors = ["stevekrouse", "dustingetz"];`

go here, click fork https://www.val.town/stevekrouse.hnFollowPollJob

run

i think the hook is running now, wait for steve to post again to see?

if someone is feeling motivated, maybe integrate a weather API and mail it every morning?


This is super awesome. A cloud cron builder and workflow builder is something the world really needs. If you add secrets and user accounts you're off to the races here.


Why call it a "Cloud Scripting Site" rather than a "Javascript Cloud Scripting Site"?

It's very specifically javascript so it seems odd to name it as if it's something broader.

(Or does "cloud scripting" already have a specific association with js that has somehow passed me by?)

EDIT - I guess "Typescript/Javascript Cloud Scripting Site" is a bit of a mouthful but still...


You're totally right. The main reason I left JavaScript out of the title is because many of our most passionate users didn't know JavaScript when they started using the product! This was a big surprise to us, but I think it goes to show that folks want a scripting platform, and are willing to learn the language of that platform if the tooling is good enough. So we decided to de-emphasize the JS part of the platform. Maybe we will change our mind on this...


I like this. It's like a modern version of webscript.io . The ability to provide form input / render HTML would be awesome.


Yes! I was a huge fan of webscript.io. Great feature request, too.


I love this idea and think there's a good chance I'll use it in the future.

Generally I use followthatpage.com for getting notified of changes on a few simple pages.

However, one idea that would be a pretty good use case of your tool is to get notified of new search results for any query on OpenLibrary.org .

For example, if I wanted to be notified if there are any new books added to OpenLibrary that mention "hackerNews" I could use this search https://openlibrary.org/search/inside?q=hackernews with this api call https://openlibrary.org/search/inside.json?q=hackernews

I probably won't build this now but if someone does please let me know.


I love the import/export model, it feels like one big living codebase everyone can contribute too.


Somehow I imagine this as a "Twitch Plays Pokemon" kind of a living codebase (or at least one branch of it). I saw an "export three = 1 + await @someone.add(1, 1)" and due to my love of open source, contributed to the wonderful mathematics library by implementing "export six = await @otherperson.three * 2". Curious to see how long a "leftpad" situation arises and breaks math :)


Looks nice. Is there any persistant key/value store?

I like your https://www.val.town/ernest.newCitationNotification but it works because the JSON returned by the API call happens to include a list of citations by date, rather than just returning a citation count.

If you had an API that just returned a count, how would I check to see if the count had increased since the last call?

For the air quality example, https://www.val.town/stevekrouse.aqi, what prevents the script from emailing you once per hour? During a file season that would be annoying.


Great questions! The short answer is yes: the val namespace can act as a persistent key/value store. Type write `@me.citationCount = 7` anywhere in your code, and that will work. The downside is that this is a global store of state, so it's harder to build composable functions that have persistent state. We're working on designs for this!

You are totally right about the fire season script getting annoying. We should probably also have some mutable state there so that it only notifies you once when it goes above the threshold and then once when it's back safe again.


> Type write `@me.citationCount = 7` anywhere in your code, and that will work.

That is elegant. I like it.

> only notifies you once when it goes above the threshold and then once when it's back safe again.

It might also be a good idea to add an argument to the email function to tell it not send an identical email to the previous email sent within a window (or ever). So just fire off your citation count email, knowing that you will only actually be send an email when count changes.

This simplifies the scripts, while offloading a bit more work and persistance to the API.


Seems very cool!

I gotta say hosting someone else's code seems very ballsy. Building a service like this is something I've considered before but always wonder, how do you make sure they're not doing unscrupulous activities?


Thanks!!

Excellent question. We're using a node sandboxing environment that nobody has been able to break out of yet, but we plan to move to a more secure isolation model very soon.

We're still small enough that we can keep decent tabs on what folks are doing with the platform, but it's only a matter of time before the DDOSers and crypto miners come looking for trouble...


Really cool concept, really enjoyed playing with this a few months ago and great to see so much progress - especially emails. I do think it will lower the bar for what's worth writing code for


Big fan of the idea!

I've been using Google Apps Script[1] for similar use cases but the limited feature set has been frustrating. Glad to see something more modern come up!

I wonder if HTML parsing is possible since there isn't npm support to import a parser yet. Maybe by dropping the parser as a separate val?

[1] - https://www.google.com/script/start/


Thanks! We manually added `parseXML` to our runtime, which uses fast-xml-parser from npm. Would that work for your usecase? I'm happy to manually add other npm modules by request until we figure out a longer-term solution. Your other idea of adding them as a val also works.


I really like this idea, some sort of mashup of simple cloud function website and social network. looks fun, time to build a game :)


Very fun so far! I have been having trouble deleting any existing val or writing to an exported val from an unexported val.

A specific example is one I made "@demo.newPaste", which seemed to fail to write to "exported @demo.pastes" until I also exported "@demo.newPaste". Is this maybe a mistake by me, a bug, or intended behavior?


Ah, excellent questions! You should be able to delete a val Delete button in the three-dots-menu in the top right corner of every val. You can either delete a specific version of a val or all versions.

I noticed that `@demo.pastes` has 41 versions. This is because every time your write to `@demo.paste` (as you do in `@demo.newPaste`), we create a new version of `@demo.paste`. You can click on the version number next to the val's name to view past versions. It seems that versions 19 through 41 are exported and the rest are private. (Vals are public or private but val versions are. Val versions are immutable, so you can only delete past versions or create new ones.)

You should be able to write to any val in your namespace from any val in your namespace, regardless of whether either are exported or not. Exported status only is relevant when it comes to using others' vals or others using yours. Let me know if you can create a repro of a bug where this isn't the case.

I'd also be happy to help on email or pair program sometime: steve@val.town :)


I love the whole "town" vibe with the ability to reference code written by other people.

Echoing others in this thread who say we'd love to pay for it. I think introducing private Vals may go against what you're going for, but I hope you find a good monetization strategy!


Thanks! Vals are private unless you add `export` at the beginning of the val, before its name. Is there anything else you'd expect to get if you paid for it? We're quite open to suggestions for paid plans :)


This is so awesome. Congrats Steve and team on this launch!

I'm excited to see what people build here.


Props for letting visitors see how it works without needing a login. Well done.


This looks really cool, I find the mix between Zapier and Code to be :chef-kiss:

Do you plan to allow for self-hosting? eg. An org that wants to have a private version of this, or even internal version of it.


Thanks! I would love to do self-hosting, but probably not any time soon. We're currently focused on making a delightful hobbyist product, and punting on all the business features for a while. We do hope to get there though!


I love the concept and will definitely try this out. Quick piece of feedback though – the "val.town" domain name isn't going to help with broader appeal for the product.


Wow this is just like my product BenkoBot only better! Nicely done


I've tried this out and it's very cool. I think one particular application is roll-your-own "social listening" which usually requires buying tools.


This right here is going to be big. Good job Steve and co :)


I ran a website called JavaScript Town when I was in high school in the 90s. Probably should have kept that online.


this is extremely cool — feels like a ton of new use cases will unfold as people explore it. congrats on the launch!



Excellent question! rolls up sleeves

I'm a big fan of pipedream, admirer of modal, and have played around with autocode. Telefunc is new to me; thanks for the pointer; it looks neat!

We're trying to be more lightweight and intuitive than autocode, more consumer-y and code-first than pipedream, less about ML than modal, and more browser-based than telefunc.

We see Val Town as the missing web/cloud programming environment. We want running code to be as easy as tweeting. Hopefully we'll get better at explaining our unique value prop over time. In the meanwhile here's the closest thing to a mission statement that we have: https://val-town.notion.site/End-programmer-Programming-a749...


This is super cool. I created a secret, but how do I access it in my val?


Thanks! You can do `@me.secrets.foo` to access a secret called `foo`. We should add this tip in a more accessible place on the site!


It seems similar to Deno Deploy, is that true? If so, how does it compare?


Yes, it is similar! We see Deno Deploy more as a competitor to AWS Lambda or Cloudflare workers, a true business-scale offering.

Val Town is more light, fun and social. It's meant to be used in personal and casual use-cases -- at least for now. We want to give off more GitHub vibes; less AWS vibes.


this seems like it could be a way better experience for writing airtable scripts - are there any examples/templates of this use case yet?


Great idea! We don't have any yet. I'd love to work with you on making some though. Email me at steve@val.town if you'd be interested in pair programming or otherwise collaborating :)


this seems super cool! how is this free?


Thanks! The short answer is that we're super small and folks are using us for really light use-cases. Our total server costs are less than $100 / month.

Eventually, we'll offer paid services for folks that want more processing power or other goodies, but we will always provide a generous free tier.


100$/month for a site that runs random people's code seems great ! Do you mind sharing some details ? What does your architecture look like ? How many "vals" do you have, and how many executions per day ?


We've got one node of 2 vCPU & 8192 MB on Northflank for $72 / month. We were getting away with 1 vCPU & 2048 MB, but increased it yesterday to be extra safe for this launch.

Our database on Supabase is $75 / month, and it's also way overkill but the dollars are small and we'd rather be safe.

So yesterday we were just under $100 / month, but today we're closer to $150.


This is really interesting, but... if you don't mind me asking, how do you prevent people from running malicious code on your server? Are you literally evaluating this code inside a Nodejs loop? It seems almost impossible to secure something like that.


I don't want to say too much, because I know our security isn't perfect, and some about of obfuscation adds some security. Once we move to a more secure model, I will happily tell you all what use used to use to sandbox code.

Soon we'll do real sandboxing, either ourselves through Docker, wasm, bubblewrap[1], etc, or an existing FaaS (Lambda, Deno Deploy, Cloudflare Workers) or FaaSaaS (Deno Subhosting)

[1] - https://github.com/containers/bubblewrap


FWIW Cloudflare offers Workers for Platforms, which I literally called "FaaSaaS" in my early design docs but for some reason that name didn't stick... :)

https://developers.cloudflare.com/cloudflare-for-platforms/w...


Amazing! We should chat :)


Fair enough. I guess a more basic question than how you're preventing people from probing for nodejs packages they could misuse would be the more pedestrian problem of how do you deal with runaway processes, especially if they end up blocking the event loop that should theoretically kill them. Mark/sweep from another process that restarts pm2 or whatever?

The reason I'm curious is that a lot of my private projects rely on evaluating code server side, but it's a big reason I'm not willing to share them with the public, because the overhead of watching for abuse would just make it.. not worth it. It falls into the category of "this is why we can't have nice things".

As a security challenge though (for the defender) I do love something like this. But I doubt dockerizing it would help against CPU abuse unless you want to spin up a docker vm for every request..


Congrats Steve! Keeping an eye on this


This is unique and exciting!


Is it open source?


We hope to make parts of it open-source! Just hasn't been a focus yet


Very cool idea!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: