Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Hocus – self-hosted alternative to GitHub Codespaces using Firecracker (github.com/hocus-dev)
291 points by hugodutka on April 3, 2023 | hide | past | favorite | 53 comments



I believe this kind of service is the way forward when it comes to developer tooling. But paying $39/mo/user for having the right to deal with the deployment myself for a tool that is still alpha is pretty high. I understand the (tremendous) value prop, but that's the kind of price I'd be expecting from a SaaS version, not from a self-hosted app. Although not giving a discount for self-hosting and a price per user is the "modern" way to do open source (see gitlab or mattermost), it still feels a bit wrong.

Anyway, excuse my old man rant, awesome work and good luck making a business out of it! I'll give it a try.


For me it's a different issue. To me, Developer Tools are very personal, and I've come to view using non-free IDEs as a waste of time in the long-run. If I'm going to set it up for myself individually, I want the whole thing to be open source*.

* It has the dreaded "View License" on GitHub


It was this philosophy that kept me away from JetBrains IDE's for years. Eventually, someone talked me into giving it a try and there was no going back for me! Basically ALL the other software I run, from the OS on up, is FLOSS, but I happily pay to run WebStorm for my JS/TS development! The value provided to me is light-years ahead of the Eclipse/VSCode flavor of the month.

I remain a firm proponent of FLOSS, but I am also realistic about the value of truly great proprietary software!


> I remain a firm proponent of FLOSS, but I am also realistic about the value of truly great proprietary software!

This mirrors my own experience with JetBrains products, in particular with their Java IDE in large enterprise projects (4000+ source files). NetBeans kept freezing when I tried to use code search, whereas Eclipse seemed to randomly crash. I also recall the data source and MyBatis XML integration (with plugins) being better in IntelliJ IDEA as well - even though the startup indexing is slow and I also needed to increase the max memory for the IDE, same as with others (a few GB per instance). Aside from that I might just like the NetBeans UI a bit better but the language support isn't there.

This was a few years ago, but JetBrains still seems to have great code completion, tools to explore the codebase (dependency graphs, ER diagrams for DBs), as well as support for most of the popular stacks out there, which is why I use their Ultimate tools package with everything. Only Fleet was buggy when compared with VSC, but it was tech preview when I tried it. Oh and the PyCharm experience with Python and venv was a bit off when there were build errors (they weren't displayed prominently when you used the context option to install dependencies), but Python in general seems to have issues on Windows sometimes with compiling drivers or whatever.

Edit: oh wait WebStorm had issues with refactoring in a few thousand line long AngularJS controllers in one legacy project.

To me it feels like software like that should be free, but sadly that's not the world we live in. I personally lucked out with their student offering, graduation discount and recurring discounts. For smaller projects I still do some editing in VSC, not a Vim/Emacs user personally. Cloud based dev tools seem... interesting?


Calling VSCode a flavour of the month seems a bit harsh. It’s old enough to be well into elementary school, and it seems at such low risk of being dethroned that it’s probably going to play a big part in Microsoft’s re-attempt at world domination.


Ah that is poor wording on my part! By "flavor of the month", I was referring to the many VS Code variants (e.g. VSCodium, GitHub Codespaces, etc). For better or worse VS Code has become the Chrome of the IDE world with a staggering market share!


Since JetBrains' base IDE is open source, you are not too far away from pure FLOSS.

https://github.com/JetBrains/intellij-community


Basically it's like Chromium.


It was JetBrains that led me to developing the opinion that IDEs should be open source - at least the ones I use.


Why, because it's so good that you'd pay any price?


Heck nah. After using it for a while I realized I didn't like it too much, so I switched. The 5% of the time when I wanted to use it take advantage of the muscle memory I developed while migrating to the other IDE (at the time, MacVim), I couldn't, unless I wanted to pay or keep an old version around...


If you're saying that you've got muscle memory for JetBrains keyboard shortcuts and you want them elsewhere, most IDEs let you configure them. There is a JetBrains-style keymap for VSCode, for example.


> * It has the dreaded "View License" on GitHub

Do you mean that the license is not a commonly recognized open source license?


Thanks! The pricing is there mostly to set expectations for the future. The current release works (for the most part) for individual users and it would not support a team well. Hocus is free for up to 3 users, so we expect people who deploy the alpha version not to pay a thing.


For a self-hosted solution that pricing is a complete non-starter.

I have a team of 30 devs, so it would be $1,200/mo. That's on par with GitHub's enterprise plan plus Codespaces instance usage.

There's no way I could consider this for my company at that price.


Hocus is more cost-efficient when you need larger instances. If you need 8 CPU cores ($0.72/hour on Codespaces) and a single dev uses their IDE for 4 hours a day on average, Codespaces itself would come out to about $0.72 * 4 * 5 * 4 * 30 = $1728 a month. But that gives me the idea that maybe we should introduce cheaper pricing plans but with limits on VM resources - pay less if you have lower compute requirements.


Maybe I'm confused here, but wouldn't I still be paying instance costs on top of your per-seat license?

256 cores would be about $2.50 to $5/hr in AWS depending on reservations and how much you're able to oversubscribe. That's another $1,500 to $3,000/mo on top of your $1,170/mo.

If you're paying for the compute then cool, that's a good price. If this is self-hosted though then I can't really see why I would bother unless I had no choice but to self host and cobbling together a simpler if less ideal solution isn't allowed.


I believe it's a step backwards. If I cannot open your project locally in my favorite IDE, then you are handcuffed to a specific vendor... and that will hurt you in the long run.


It doesn't mean you can't open the project locally. If you want to install the necessary dependencies and tools, you can still do that.


Why isn't this just wrapped in a single docker image or docker compose? Why do you need all these scripts? Just curious. I get its checking for docker and dependencies, but can you just get rid of the dependency problem by embedding in the docker file and have a single set of docker files that do all this work? Leverage compose after?


We made these custom deployment scripts to walk the user through the installation process and make it more organized. We could just use plain docker compose but then we would have less control over what we show to the user - things like helpful error messages. For example we detect if you have KVM support enabled and if not, we suggest you should enable it in BIOS. Under the hood these scripts are just wrappers for docker compose with guardrails.


Ah, great to see this here!

Disclaimer: Know the authors, who are extremely bright engineers.

Based on my discussions with one of them, Hugo, re the architecture a couple weeks ago, I really think you should take a look at this if you want to do auto-provisioned dev environments in a self-hosted fashion, they know what they're doing.


Pretty nice, I have two questions:

1. Comparing to something like GitPod (which lets you run on your own instances as well), where do you think Hocus shines?

2. Given you're leveraging Firecracker for isolation, and Firecracker doesn't support GPUs, I assume that adding GPU-enabled machines isn't on your near-term roadmap?


Thanks!

1. GitPod doesn't officially support self-hosting anymore - https://news.ycombinator.com/item?id=33907897. When they did, it was extremely hard to set up. In fact we tried to do it at my previous company several times and failed. Hocus is designed with self-hosting in mind, and we want to make deployment and management straightforward. And from an end user's perspective there are 2 main advantages:

- Hocus dev envs are VMs instead of containers, so you can run anything you want inside. For example Kubernetes or nested KVM.

- Workspaces start in <5 seconds, while Gitpod can take a minute or longer.

2. Actually we are exploring moving to Cloud Hypervisor or QEMU, so we may support GPUs sooner than later. If you have a specific use case in mind, feel free to contact me - contact info is in my profile. I'd be happy to hear why you need them.


Thanks - that's super helpful.

1. Good to know about GitPod - I haven't looked at it for a while so looks like I was outdated. The rest of what you said is good too.

2. This is mostly for ML development, where GPUs are sadly often required even for dev work.


How does this compare to https://coder.com?


Coder lets you describe a set of Terraform templates for your development environments. Your team members then manually spin up new VMs on e.g. AWS from these templates.

With Hocus you specify your dev env right alongside your code in your Git repository with a hocus.yml file (https://hocus.dev/docs/hocus-yml). Hocus is deployed on a set of servers you manage (only 1 server during alpha). It has a built-in CI system that watches your repository for new commits and continuously builds the environment - we call this process a prebuild. You can specify that your dependencies should be installed and your code should be compiled during a prebuild. You can also describe tasks that should run when you open a dev env - for example automatically starting the app you are working on. Once a prebuild is ready you can spin up a new dev env - which we call a workspace - and connect to it automatically with your IDE. We also have a VSCode extension that automatically opens terminals connected to those tasks from hocus.yml. All this combined allows each team member to connect to a fresh, ready-to-code dev env anytime they want, whether they are reviewing a PR or writing code themselves.


I really wish you had used one of the existing standards in place like .devcontainer or a Devfile. Frustrating to see a solution emerge that uses its own declarative devenv standard. Portability is also an important feature and I wish the industry would converge on one or two.


I didn't look at it thoroughly, but it looks really cool and I'll probably give it a proper try at some point. Judging by your comment only...

> watches your repository for new commits and continuously builds the environment

That feels wrong to me. For example, what happens if I want to check out a 1 year old commit and edit it? Will the dev environment that was used at the time be available or will it be rebuilt? If it gets rebuilt, there's no way I get any guarantees it's going to work.

IMHO most of the industry is getting it wrong when it comes to dev environments and build systems. I've always called it butterfly effect builds. You make a commit and it triggers a ton of non-repeatable builds. There's not much value in doing that for every commit IMO. What happens when something like an APT mirror fails and the whole system grinds to a halt? What happens when a runtime or dependency gets updated and breaks at exactly the worst time during the week?

I'd rather see something on a (calendar) schedule with the potential to trigger a manual build if needed. For example, skim this [1] article. That's always made sense to me and, in the context of a dev environment, why not build the base dev environment once a week (or day) and only layer in the resources / code on-demand? IE: Build the things I don't control on a calendar schedule and only build on-demand for changes that are part of my project (using the base env).

The way I've always envisioned it is to have a stable env build once per month or per week. It's fast enough to keep everything rolling in terms of being current, yet slow enough that I'm not spending time wondering if a problem I'm debugging is caused by a change in my dev environment. I try to do the same thing as dedicated build containers for projects, but it's hard because everything is tunnel visioned on per-commit re-builds these days.

1. https://phauer.com/2019/no-fat-jar-in-docker-image/


> what happens if I want to check out a 1 year old commit and edit it?

Your dev environment is version controlled too because it lives in your repository. You would run a prebuild for that old commit and get a dev env from that time. It would only break if your old dev env can no longer be built, for example if it depended on some external resource which is no longer available on the internet.

> I'd rather see something on a (calendar) schedule with the potential to trigger a manual build if needed.

That's actually on our todo list, but it didn't make it into the 0.1 release. This feature is especially useful for monorepos, where rebuilding everything on every commit is too much.


> It would only break if your old dev env can no longer be built, for example if it depended on some external resource which is no longer available on the internet.

That's what I was getting at. Version controlling a config doesn't make a build deterministic when it depends on transient resources that aren't in version control.

There's nothing repeatable about a container style build. They can change between runs that are 5 seconds apart. I see a lot of Docker builds where the author claims they're repeatable because they're version controlled and then they start with 'apt-get update && apt-get upgrade'.

At least you don't claim yours repeatable, but I'd much rather build my dev environment on the first Monday of every month, check it in to an artifact repository, and use that for a full month. The re-build would be similar to (using Docker as an example):

    FROM mygroup/myproject:2023.04
    RUN git checkout ...
That way when I go back to a commit that's a year old I re-use the exact environment that was in use at the time, If I want an updated dev environment I create a branch and update the version of the dev environment.

From the perspective of being the developer, I'd rather specify a release cadence and have the matching dev environment used. Ex: monthly, weekly, daily, ci. IMO container like systems that are used as part of the dev / build chain should be promoted and reused, not comitted and rebuilt. The only person using a CI based build environment should be the person responsible for maintaining it. Everyone else should be on a slower cadence.

It's seems so weird to me to come to HN and see people livid about Windows auto-updates and then having no problem with their dev and build tools (potentially) change 50 times a day.

To put it another way, would you auto-update VS Code, your runtime, and your dependencies every time you commit to Git? If not, why build the auto-magical dev environment so it works like that? Maybe I'm misunderstanding what it does. Admittedly, I didn't try it out yet.


What would be the future plan here? Any hosted commercial offerings? I am asking to understand whether one could use and depend upon it for few years.


A hosted offering is not on our radar right now. Currently we want to monetize by selling seat-based licenses for larger teams.


I run a software licensing/distribution API (https://keygen.sh) that may be able to help you once your self-hosted licensing requirements expand over the next couple years. Reach out if you ever need anything or just want to talk licensing best practices.

We're going to be going source-available under ELv2 soon as well. Good to see more companies lately using the Elastic license.


Thanks, this looks useful. We will consider using keygen in the future.


It seems the future plans (short and long-term) are already outlined in the README itself.

    - Ease of deployment and management are central goals of Hocus, with minimal assumptions made about the underlying OS and hardware.
    - Hocus should provide a native development experience with performance on par with bare-metal development.
    - Hocus should be scalable to accommodate large teams, with support for thousands of users and heavyweight repositories. We're not there yet.

    Roadmap

    - Add basic single node support
    - Optimize single node storage usage, performance, and reliability
    - Add permissioning for teams, admins, and regular users
    - Add multi-node support
    - Add support for more IDEs, particularly JetBrains


You can get close to this without licensing/fees by standing up a K8s cluster and running devspace


Not really, if you develop inside containers in k8s then you will have a hard time: - Installing something into the container - Run docker/podman/k8s etc...


Are you planning on using any fancy tricks to optimize large repos? I have open sourced some code I was playing with for fun here which allows you to mount a git repo as a read only FUSE file system: https://github.com/gravypod/gitfs

You can really lower IOPS/memory/disk usage with an approach like this.


We definitely want to optimize Hocus for large repos. We have some ideas how to reduce disk usage by stacking qcow2 files, but we haven't settled on anything specific yet. Thanks for the link!


This seems to be at the same level of how Meta manages their dev environments. You pick the environment right from VS code and it spins up an environment.

I think

> Add multi-node support

will be important for non trivial project development where the 2 distinct environments might be needed to talk to each other like say for prototyping or "sharing configs"..


By multi-node support we mean the ability of Hocus to manage multiple machines, so you can run dev envs on more than one server and handle more concurrent users. These environments would not communicate with one another. From the end user's perspective using a multi-node deployment vs a single-node deployment would not differ. If you needed 2 distinct environments I would suggest using virtualization within a single dev env.


I see Docker listed as a requirement, and I am familiar with Docker. The repo mentions using Firecracker, a microVM that I've only ever heard of. What is the relation, if any, between these two? Is this a wrong question: if this uses Firecracker why is Docker involved?


We use Firecracker to provider greater isolation and more capabilities in dev envs. For example, one thing you often want in your dev env is to run Docker containers, but to do that you need some permissions that usually only a root user has. If we used Docker to virtualize dev envs then we would have several options to enable that:

- make dev envs privileged containers, effectively giving any random user root control over the machine where Hocus is hosted

- mount the Docker agent from host into the container, but that also allows the user to gain root control over the host machine

- use Linux user namespaces, and give you a root user with limited capabilities inside your dev env. That's actually what Gitpod - another Github Codespaces alternative - does. That root can't do everything though. It can't run Kubernetes, LocalStack, or the Elastic stack, because it can't modify some system limits.

A dev env backed by Firecracker is a full-fledged virtual machine that has none of the aforementioned drawbacks. It has some performance tradeoffs though, but we are working to minimize them as much as possible.


OK thanks for that. I am tinkering with it and noticed that it makes use of KVM and just found out that WSL2 has KVM support so I'm going to give it a try there and see what breaks, ha!

https://serverfault.com/questions/1043441/how-to-run-kvm-nes...


Firecracker is the VM powering AWS Lambda, it is maintained by Amazon. It is pretty decent and popular in certain areas. I believe Fly.io is using them behind them too.


It has special optimizations for reducing cold start.


Docker is used for running the control plane.


That's right! Docker is used to simplify deployment, so other components, like the agent, are also containerized.


This is actually something I wish we had at my previous company. Setting up the environment was a pain, and very few people knew how to run all the tests (integration tests really). I am willing to give Hocus a go.


This looks excellent! I have to try spinning it up in my homelab to see how well it works for my needs.


Very intrigued. With the real VM isolation, I wonder if I could use this as a way of dipping my toe into the Nix pool.

Have you given any thought to offering pre-baked development templates? For example, here is a standard Django build with poetry + js utilities + Postgres drivers + jq, etc.


That's something we would love to do in the future. For now extending the base development template so that it has the most popular programming languages already installed is on top of our todo list.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: