Not a mobile issue. I am on desktop and had no idea what this service was because nothing on the initial UI explained what we were looking at. I went and double-checked when people here were talking about pricing and VMs. From the home page, I figured it was some text-based game or experiment and closed the page.

It looks like some people who work there are watching this thread, so to them I say: You have got to explain what this is, not just say "the disk persists..." and expect people to dig deeper. Most aren't that curious.

It's kind of funny our experiences are so diffent. I almost immediately surmised it's some sort of on the fly generated vm you can access via a ssh jumpserver. Which it is! It's actually really neat. It's quite obvious that the authors want us to just ssh into it and try it out first.

Agree, I finally found information via

Homepage -> blog -> docs -> "all docs" button:

https://exe.dev/docs/list

Which has an about and pricing etc.

That is very counterintuitive to just find out what this is.

I wouldn’t go that far but some link to pricing and documentation would be useful. I have absolutely no idea what the offering is here without those pieces of info.

I was confused too. I first thought I should open up my terminal and just enter `ssh dev.exe` and this would be some kind of ssh-based interface? Honestly my first thought is that it would be one of those cool dev hack / art projects like the old starwars traceroute to 216.81.59.173

It didn't read as a company with products at all to me from the front page. Just a cryptic " The disk persists. You have sudo." with links to "Login" and "About * Blog * Discord" --- no pricing link, which made me think it was a weird hobby / art.

The exact text on mobile is

> ssh exe.dev

> The disk persists. You have sudo.

I've seen enough of these kinds of services in my lifetime that I also immediately knew what it was, for example sdf.org, which is one of the OG services, and various "tilde" services like tilde.town.

I can see

> ssh exe.dev

> The disk persists. You have sudo.

on mobile

That as my first thought too. Landing page may as well be an empty page

Hyperbole much? I'm on mobile and think it's great. I wish more websites were like this. Just straight to the point instead of all the regular marketing fluff you need to decipher.

This thread seems to reflect how the HN audience has shifted — less commenters know what `ssh example.com` does and more commenters concerned about privacy policy.

i'm not sure what you mean; the demo runs with the ssh command in the centre, there's an 'about' link at the bottom, and that links to a docs index

it's fiine i think

Come on guys, it literally says 'ssh exe.dev'

It would be funny if it was literally the best website I've seen in like a year...

... which it is.

Did you try clicking one link into "about" and reading one paragraph of text?

> persistent and public

I don't think that it's actually public? From one of their explainers, no public IP is assigned, so you'll need to ar least have to use an additional service like Cloudflare Tunnel to use it for hosting anything.

FWIW, here are (mostly) their agent's tips for other agents from exploring a mostly-new system including tidbits like how to get recent Node: https://s3.us-east-1.amazonaws.com/1FV6XMQKP2T0D9M8FF82-cach...

It's very much a snapshot of what happens to come on a new VM today, and I put a little disclaimer in it to try to help tools get unstuck if anything there proves to be outdated or a flat-out (accidental) lie.

No I apologize for the confusion (exe.dev person here). What is different about this service is you get dedicated resources that you share between your VMs. The initial allocation is conservative, we want to give people more (or drop the price).

The goal is to reduce the marginal cost of creating a VM to zero. Instead of installing a container manager or using Unix users, just make another VM.

(I will get a better version of this table online tonight.)

The docs remark “VMs share the resources allocated to the user” so I interpret as resources allocated to your account, VMs provisioned within those limits.

That's decent value considering the price of a vps is close for much more work.

The only difference is the bandwidth: vps in europe givr you 10 tiles that, unmeterred.

Very cool for training: I can make people log into those vm and deploy nginx just for learning.

The value proposition appears to be CLI cred.

It's not actually a VM - it's a container, and they are fundamentally different. This feels like false advertising.

[exe.dev co-founder here] Hi. Re: oauth2, the last product I built, Tailscale, only did auth by oauth2. I chose this because 1. businesses need it anyway, and 2. passwords are terrible.

But it was a choice that does not come for free. I dread a page of buttons for third-party services, and the control I give them over my life. I hate that I never know if I should log in with GitHub, or Google, and for a dozen services I have multiple accounts because I got lost in the miasma of oauth2.

Still, it was better than passwords!

But since the last product I built, the world has changed. We have passkeys now. Which are superior in every way for individuals using a third-party service. You get better UX. You get better privacy. It is a fundamentally better technology.

I did not list SSO under teams because I want to "tax" people. I did it because SSO only makes sense for businesses, where an administrator controls accounts, and can delete yours when necessary. There, oauth2 is the best technology we have. But for individuals, it is a dead technology. I am reluctant to make everyone's exe.dev experience worse for legacy tech.

The only people who care about SSO are large enterprises. Coincidentally, large enterprises also are the only customers that make SAAS profitable. Every other plan is part of the sales funnel to the big enterprise contracts.

[exe.dev co-founder here] Hi there, I am not sure exactly where you are, but your VM is ubuntu derived and definitely starts with apt and bash. Perhaps try `ssh yourvm.exe.xyz`?

Thanks for trying it!

What you connect to first is the exe.dev jump server/management interface. You can ssh into your vm from there. Try typing help

Nmap 52.35.87.134 (exe.dev) Returns many open ports

That is neat trick, and interesting to know that's how ssh git@github.com works, but that does not feel practical for a real usecase. Aside from relying on a scrape of the Github users API (there's no "look up user by pubkey" API), what if I wasn't expecting to automatically log in with Github?

Hello, an exe.dev person here. There are some very early docs, exe.dev/docs (which are also accessible over ssh once you ssh in). There is a lot more to come, very early days, please bear with us. I was not expecting to see it here today.

[exe.dev co-founder] Or don't throw them away! The disk persists. And thank you!

That's called forward auth - or proxy auth

You can do the same thing - with the added burden of actually having to set it up once ... After you set it up, it's however just as trivial to add new systems like with this linked example.

I got pretty much everything I'm self-hosting like that via keycloak (which itself let's me do social with via GitHub and Google etc pp) and a very similar nginx config like it's shown in these docs.

But the initial setup took multiple hours, even if the adding new services which support forward/proxy auth is extremely easy now.

(Jellyfin sadly doesn't as an example)

Just saying it in case you want to check it out.

I think it's fantastic they added that/provide this to their platform - it's a wonderful value-add

The problem without having consent is that it's easy to track who is using your service. Because there's no consent, they can redirect you to login and back, and grab your identity, without you doing anything other than loading the page.

Hello, I am behind this company. My co-founder Josh Bleecher Snyder has also been hanging around the internet for a while. There are several of us hacking away. It is very early days, we have a lot of work to do to earn your trust but it is my intention to do so.

The devs are long time Go and Tailscale hackers, and have earned my trust several times over. They will earn yours too, I bet.

It's not possible to run real VMs with docker (though you can get something similar with qemu). VM isolation is also much stronger than docker's, and VMs tend to be much more secure.

But if you just need a shell then yes, you can make something similar with docker.

[exe.dev co-founder here] You are right, you cannot! It was quite a bit of work. We have a blog post in the works that should come out in a couple of weeks with all the details.

Would be interested in this too, I did some work in the past to make it work via Envoy proxy using HTTP CONNECT but that requires plugging in proxytunnel[0] or nc on client side.

  > $ nslookup abc.exe.xyz  
  > abc.exe.xyz canonical name = s001.exe.xyz.  
  > $ telnet s001.exe.xyz 22  
  > Trying 100.20.12.135...  
  > Connected to s001.exe.xyz.  
  > Escape character is '^]'.  
  > SSH-2.0-SSHPiper

[0] https://github.com/proxytunnel/proxytunnel

[1] https://github.com/tg123/sshpiper

Looks like it's a combination of SSH server IP address + public key.

Each VM you create (up to 25 of them) gets a different CNAME record of the form s0NN.exe.xyz where NN ranges from 01 to 25. Each of these names, from s001.exe.xyz to s025.exe.xyz, resolves to a different IP address.

Therefore the individual VM can be distinguished this way, and the account they are associated with can be identified using the SSH public key that is used to authenticate.

They terminate TLS. It seems like you wouldn’t want to use this service even if all those questions were answered to your satisfaction.

None of this actually matters. If you want to keep your data private, host it on your own hardware. Countries, company policies, etc are all essentially irrelevant

Those limits make it pretty clear it’s not really meant for hosting a production app. It’s for sharing something you’ve developed with friends/colleagues, or maybe a low traffic webhook handler for some personal thing. I made an Alexa skill for my kids once and it is perfect for that kind of project.

[exe.dev cofounder here] Hi! Thanks for the feedback. I am deeply allergic to passwords and so I am trying to delay adding them. Did you try our passkey support?

You can’t host compute for anonymous users. I mean you can, but you won’t for long due to the abuse that will inevitably come with it. That you are responsible for. And anyway, it’s not always going to be free.

I run https://pico.sh where we don’t ask for email. Even on our website we instruct users to generate a token so if they do lose their key they can use it to recover their account.

People regularly lose their ssh keypair and also don’t generate a token. I think using email as a form of recovery is totally fine and regardless when you have to pay for the service you’re going to give up your email (and other personal info) via payment processor

It isn't a free service -- only during the alpha you get access to an "Individual" account which would normally run $20/mo once the test period is over.

https://exe.dev/docs/pricing

Hello, an exe.dev person here. They are VMs, on a crosvm-derived VMM. So I consider them "actually VMs", though we do not currently support custom kernels. You can do VM things in there, like create TUN devices, etc.

Took a bit, but now I'm in! So far, loving this service.

[exe.dev cofounder here] Thanks for the feedback! We do not support private registries yet but it is very much on our mind, it is one of the first things business customers ask for so we know we have to build it.

We are also exploring alternatives for pre-configuring your VM. (Because we make lots of VMs and feel this too, so it is very much on our mind.) One is a sub-second VM "clone" feature, so you can configure a base VM to use as an image.

[exe.dev co-founder here] Thank you! Not to give too many secrets away, but my hope is to follow a business model I have been part of before, and make it as cheap as possible for individuals so they encourage their employers to buy it for work. So I would very much love to get cheaper.

The two constraints are that, one, when small underlying resources are expensive (we hope to fix that soon by not being small!), and two, we do not want to make the resource allocation so small that the VM feels unpleasant to use. So there is a floor on how small we make them.

That said, I very very much want to drop prices. We started with conservative numbers.

I also don't understand this: Everyone with the right domain can ssh-in the vm?

Edit: Answered below, thank you.

You ssh in with any key, and it asks you for an email to verify. You're then at a exe.dev console.

There are a couple different link patterns:

  exe.dev ▶ doc sharing
  Sharing (sharing) - press q to exit
                                                                                                                                                                                                                                                 
  You can share your VM's HTTP port (see the http proxy documentation /proxy) with your friends. There are three mechanisms:                                                                                                                     
                                                                                                                                                                                                                                                 
  1. Make the HTTP proxy public with share set-public <vm>. To point the proxy                                                                                                                                                                   
  at a different port inside the VM, run share port <vm> <port> first.                                                                                                                                                                           
  Marking it public lets anyone access the server without logging in.                                                                                                                                                                            
  2. Add specific e-mail addresses using share add <vm> <email>. This will                                                                                                                                                                       
  send the recipient an e-mail. They can then log into exe.dev with that e-mail,                                                                                                                                                                 
  and access https://vmname.exe.xyz/.                                                                                                                                                                                                            
  3. Create a share link with share add-link <vm>. The generated                                                                                                                                                                                 
  link will allow anyone access to the page, after they register and login.                                                                                                                                                                      
  Revoking the link (which can be done with the remove-link command)                                                                                                                                                                             
  does not revoke their access, but you can remove users who are already                                                                                                                                                                         
  part of the share using share remove <vm> <email>.

Nobody can see this until you make the website public. (Test with a browser’s Incognito mode.)

Simpler and easier seems to be the answer. How much does it cost to spread 8gbs RAM across some VMs? Most providers require additional of how many VMs over how many hours, what the specs kf each are specifically, etc. Then once you have it you're setting up an SSH key or shared password depending on use and they make the authentication simpler as well. Maybe wouldn't be great for a huge business but it's you just wanted the ability to play with an isolated server, it might be worth it.

access denied.

There's nothing dangerous about SSHing into an untrusted server unless you're using the same keys for everything.

I find ssh faster and easier. Anyway it's a good differentiator, there are plenty of web panels already.

Hello, exe.dev person here.

I have not used E2B (though I really like their web site), though it looks like there are quite a few differences. Our disks are persistent (without manual snapshotting), we have a TLS proxy by default with built-in auth and link sharing.

It also looks like they have many features we do not have (yet).

I believe the target use is also quite different. You can use exe.dev VMs for running your agent. But you can also use it for hosting your site. E.g. blog.exe.dev is an exe.dev VM.

Thanks, I couldn't figure out what the hell was wrong. The front page is just... not helpful. Given the amount of pushbash how everyone feels about this, it should be removed from HN frontpage!

Thanks. I feel like I expect home pages to contain at least a modicum of information. And three seconds spent thinking about accessibility would have told them that light gray links on a white background are a terrible idea...

Likewise. I think it might be experiencing a hug of death :)

[exe.dev co-founder here] This grew out of our work on sketch. We built a container-based system for it, and found ourselves saying "I wish we just had a computer." This is our answer to that.

If you are interested in our work and agents, I would suggest trying Shelley, the little agent we have in exe.dev. There has been some discussion about what to do with sketch on its discord channel, but we won't be putting energy into it going forward.

(A blog post with far more details is in the works.)

Why do you think that? the VMs are more like containers so yeah you can run 20 at once but they will all share 2 cpu

[exe.dev co-founder here] It is planned! The reason we have not got to it yet is it needs to be very different than IPv4 support. We have spent a lot of time on machinery to allow `ssh yourmachine.exe.xyz` work without having to allocate you an IPv4 address. The mechanisms for IPv6 can and should be different, but they will also interact with how assigning public static IPv4 addresses will work in the future.

We do not want to end up in the state AWS is in, where any production work requires navigating the differences between how AWS manage v4 and v6. And that means rolling out v6 is going to be a lot of work for us. It will get done.

I added a public tracking bug here: https://github.com/boldsoftware/exe.dev/issues/16

[exe.dev co-founder] Hi! There is a mobile site. It is not super visible right now but you can use it to create VMs (and even build something on them with our agent if you like). If you ran into a particular bug I would love to get it in the issue tracker so we can fix it.

Val.town seems to be serverless, where as this is explicitly a server. One is really a subset of the other though, so I suppose if you're deploying ts functions to a service/server, and your execution costs match up with the tiers here, exe.dev could be cheaper.

Hi there u/Imustaskforhelp - Thanks for the holiday greetings! I hope you also had a good Christmas. I am not a part of the abuse team here at Hetzner, and unfortunately therefore cannot make a decision either way. I suggest that you write directly to our support team/abuse team and describe your intended use case in as much detail as possible. They may have some follow-up questions for you and will be able to give you a clear yes/no answer. --Katie

[exe.dev co-founder here] As of the past few minutes, some of our VMs are having intermittent network access issues. Working on it now.

UPDATE: this is fixed now.

Thanks! We've added those links to the top text above.

this post is downvoted, but these links are the meat everyone is complaining about missing

Also curious about Shelley, their LLM agent. Turns out it makes requests to a proxy for https://fireworks.ai APIs via http://169.254.169.254/gateway/llm, such as:

    POST /gateway/llm/_/gateway/fireworks/inference/v1/chat/completions HTTP/1.1
    Host: 169.254.169.254
    User-Agent: Go-http-client/1.1
    Content-Length: 491 
    Accept: application/json
    Authorization: Bearer implicit
    Content-Type: application/json
    Accept-Encoding: gzip

    {"model":"accounts/fireworks/models/qwen3-coder-480b-a35b-instruct","messages":[{"role":"user","content":"Generate a short, descriptive slug (2-6 words, lowercase, hyphen-separated) for a conversation that starts with this user message:\n\nhello\n\nThe slug should:\n- Be concise and descriptive\n- Use only lowercase letters, numbers, and hyphens\n- Capture the main topic or intent\n- Be suitable as a filename or URL path\n\nRespond with only the slug, nothing else."}],"max_tokens":8192}

    POST /gateway/llm/_/gateway/fireworks/inference/v1/chat/completions HTTP/1.1
    Host: 169.254.169.254
    User-Agent: Go-http-client/1.1
    Content-Length: 10513
    Accept: application/json
    Authorization: Bearer implicit
    Content-Type: application/json
    Accept-Encoding: gzip
    
    {"model":"accounts/fireworks/models/qwen3-coder-480b-a35b-instruct","messages":[{"role":"system","content":"You are Shelley, a coding agent and assistant. You are an experienced software engineer and architect. You communicate with brevity.\n\nYou have access to a variety of tools to get your job done. Be persistent and creative.\n\n
    ...

Turns out the request is coming from localhost because it's being forwarded over SSH. Their HTTP proxy causes a new SSH connection to be made to the VM:

    Connection from 10.42.0.1 port 37456 on 10.42.1.75 port 22 rdomain ""              
    debug1: Local version string SSH-2.0-OpenSSH_9.9                                   
    debug1: Remote protocol version 2.0, remote software version Go                    
    debug1: compat_banner: no match: Go

    debug1: Entering interactive session for SSH2.                                    
    debug1: server_init_dispatch                                                       
    debug3: receive packet: type 90                                                    
    debug1: server_input_channel_open: ctype direct-tcpip rchan 0 win 2097152 max 32768
    debug1: server_request_direct_tcpip: originator 0.0.0.0 port 0, target 127.0.0.1 port 8000
    debug1: connect_next: start for host 127.0.0.1 ([127.0.0.1]:8000)                  
    debug2: fd 7 setting O_NONBLOCK                                                    
    debug2: fd 7 setting TCP_NODELAY                                                   
    debug1: connect_next: connect host 127.0.0.1 ([127.0.0.1]:8000) in progress, fd=7
    debug3: fd 7 is O_NONBLOCK                                                           
    debug3: fd 7 is O_NONBLOCK                                                          
    debug1: channel 0: new direct-tcpip [direct-tcpip] (inactive timeout: 0)           
    debug1: server_input_channel_open: confirm direct-tcpip                         
    debug3: channel 0: waiting for connection

    debug1: Entering interactive session for SSH2.                                     
    debug1: server_init_dispatch                                                       
    debug3: receive packet: type 90                                                     
    debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
    debug1: input_session_request                                                      
    debug1: channel 0: new session [server-session] (inactive timeout: 0)
    debug2: session_new: allocate (allocated 0 max 10)                                 
    debug3: session_unused: session id 0 unused                                          
    debug1: session_new: session 0                                                      
    debug1: session_open: channel 0                                                    
    debug1: session_open: session 0: link with channel 0                               
    debug1: server_input_channel_open: confirm session                                 
    debug3: send packet: type 91                                                        
    debug3: receive packet: type 98                                                    
    debug1: server_input_channel_req: channel 0 request pty-req reply 1
    debug1: session_by_channel: session 0 channel 0                                    
    debug1: session_input_channel_req: session 0 req pty-req                           
    debug1: Allocating pty.

"Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something."

https://news.ycombinator.com/newsguidelines.html

Gen z often says 'I need a sudo access'.

No, it's a reference to the OpenSSH one.

It is a paid service, delivering a valuable developer tool, and which indeed uses ssh keys for authentication.

So, exactly what you said, but for the benefit of the user, and for the profit of the company, by offering an excellent product.

(I am a happy customer of their previous product, Sketch.dev.)

Hardly, you can use .ssh/config to configure an SSH key just for this service.