Tue, May 17, 2022Tips for safer social repl development
Replit makes coding into a social activity, in many different ways. You can easily share your repl with our vibrant developer community to receive feedback, tips, and kudos. Our multiplayer features allow you to write, review and debug your code together with buddies. And with access to the full power of the Internet and dozens of powerful programming languages, you can even write code that brings other users into your repl in real time. This isn’t a new feature. In fact, our co-founder Amjad Masad has written about how a 12-year old user of Replit hacked the first chat app and community space on Replit way back in 2018. Amjad also explains how it didn’t take long for spammers and other bad actors to find this chat room, and how that spurred the development of moderation features and filters. Today, you can find any number of multiplayer games, chatrooms, and other social apps on Replit, many of which have faced similar challenges to remain free of spam, profanity, and other abuse. So if you’re developing a repl with social features, what do you need to know? While it isn’t intended as a comprehensive guide, this blog post will point you in the right direction to stay a step ahead of users with mischievous or harmful intentions. Safety by design The very best way to avoid the abuse of your repl is to think about the ways in which it could be misused while you’re still planning it out, so that you can take proactive steps to avoid such misuse. Every app is different, so there’s no one-size-fits-all solution. But an example of a common safety feature for apps that allow messaging is to include rate limiting and filtering to prevent users from sending repeated, spammy, or abusive messages. If your repl also allows its users to chat with each other, allowing them to block unwanted communications is a good safety precaution to take. But an even better one may be to disallow direct messaging altogether, by limiting users to public group chats. This is an especially good idea if your repl is targeted at minors.
Sun, May 15, 2022Template Jam 2022
Since we introduced templates, many of you have asked to get in on the action. We have some amazing community templates already, but we want to get everyone involved. We've been hard at work revamping both the templates page and publishing flow so that everyone can create and publish a template. We're rolling this out over the next week, so keep your eyes peeled! To celebrate this new release, on May 23rd, we're bringing Template Jam back. This time there will be $10,000 USD in prizes and you'll have the power of Nix behind you. We're excited to see all the wonderful templates you create, and brand new ways for people to create on Replit. What are templates and how do I make one?
Mon, May 9, 2022Automating Minecraft on Replit
Replcraft is a library that allows you to automate parts of your base on a Minecraft server using code, directly from a repl. Replcraft allows you to get and place blocks, check for entities, move and craft items, read redstone, and more. This tutorial will cover a number of small projects you can build using Replcraft. If you'd be interested in joining an official Replit community Minecraft server, seeing more Minecraft-related content in the future, or you just want to leave general feedback, you can do so by commenting on this repl. Getting started Before you begin, you'll need a Replit account and a Minecraft account. To get started, fork the Replcraft template and join a Minecraft server running the Replcraft plugin. Next, create a special structure made up of a frame of iron blocks:
Wed, May 4, 2022Announcing Replit Ventures 2022
Apply to RV1 here Today, we are excited to announce Replit Ventures 2022 (aka RV1), and this year, we have huge news for our community: we are 10x’ing the program! Last year, we piloted the first Replit Ventures, and the results were enormous: 400+ applications in one week 6 teams selected $2,000 in Bitcoin or USD per selected team
Fri, Apr 22, 2022Winning projects of MadeWithReplit
Whats #MadeWithReplit? MadeWithReplit was our first ever ReplCon hackathon! Participants had the chance to win amazing cash prizes, share their work with the world, and hone their coding skills. We wanted this hackathon to celebrate and inspire our community members. As such, the prizes were $10k total, but making friends along the way and the pride of sharing inspired projects were priceless bonuses as well. Even more, there was no theme, so replers could code with unbounded creativity! Read on to check out our winning submissions! Honorable mentions Most Replity: ReplCraft
Mon, Apr 18, 2022How Do You Do, Fellow Teachers?
Hi everyone! I'm David Morgan (@LessonHacker), I'm stepping into the Teacher + Customer Success role and am ridiculously excited to be working at Replit and being part of this amazing community. I have been working as a secondary school Computer Science teacher in the UK for the best part of two decades, and am passionate about making CompSci education frictionless and accessible for all. I'm sure I had more hair on my noggin when I started teaching though… but, rather than blather on about myself, I thought that, by way of introduction and to show off my teacher-cred, I'd start off by showing you my favourite thing about Replit for teaching programming. Collaborate for the Win I don't think there's enough love given to the way that Replit multiplayer also allows collabotative communication between many users. As a teacher I find this sort of thing invaluable, and it's one of the big differentiators that makes Replit more powerful than any other IDE because you can collaborate on code exactly the same way you'd work on something like a Google Doc. Multiplayer is the superpower of Repls, and Teams for Edu turns multiplayer on by default.
Sun, Apr 17, 2022Your New Replit Profile
You may have noticed that the "My Repls" and "profile" pages look different. We decided to combine these surfaces into one unified page. The new profiles are fresh, more social, and more customizable than ever before. Go take a second and customize your profile! Add links, a banner, and pin your favorite Repl. What changed? We combined the My Repls and profile pages Live presence
- Sun, Apr 17, 2022
QLTY SZN 1
A commitment to quality One of our competitive advantages is making bets on technologies before the rest of the market catches on. One such bet we've made is on CodeMirror. We switched our editor from a proven but stagnant technology, Monaco, and towards CodeMirror. We know we made the right decision because: We can now make changes, most importantly bug fixes, much more quickly. The new search panel we were able to build is much better than the version that shipped with Monaco. The new editor's improved performance is already showing up in better user onboarding success. CodeMirror's extensibility will enable us to ship one of the most most long-awaited features: Themes!
Wed, Mar 30, 2022We Built a Search Engine
For the past few months, we have been building a Replit-native search engine. It is remarkably powerful, and we are really excited for you all to try it out. We believe that you should be able to find anything on Replit in less than 30 seconds. This might sound simple, but when you have 100 million+ Repls, it becomes complicated. :) When you search for something on Replit today, you'll see a page with relevant results from the following categories: Repls Templates Code (yes, code)
Mon, Mar 28, 2022Build a Speech-to-Text App with AssemblyAI on Replit
Transcription, or speech-to-text (STT), is a very helpful feature for various use cases, from AI assistants to video captioning. You can use it to create immersive virtual experiences and accessible interfaces unlike ever before. It’s no wonder STT-driven apps and services are in high demand. In this article, you’ll learn how to implement STT functionality in your own app with ease using AssemblyAI. Its API provides simple access to advanced AI models that can transcribe your audio or video files and even real-time streams. You’ll use AssemblyAI together with React, Next.js, and Replit to build a simple app for transcribing uploaded files. You can follow along with the repl here. What Is AssemblyAI Before diving in, take a moment to get to know AssemblyAI and its vast feature set. On top of both real-time and async transcription, AssemblyAI API provides many features related to general audio intelligence:
Fri, Mar 25, 2022Build Your Own Livestreaming Service with api.video
With the recent shift in the popularity of remote work environments, the demand for livestreaming services has increased. Even prior to the shift, many global companies have used livestreaming services for their organization’s all-hands meetings. api.video provides APIs and SDKs that make it easier to build your own livestreaming service and host it on your website. Additionally, they also provide solutions for uploading videos, encoding videos, video delivery, and video analytics. Here are some of the specific features of api.video: You can securely upload and store videos from your own user interface to api.video. The video can then be shared worldwide via their responsive video player. They also support progressive uploads that let you simultaneously upload large videos. You can customize your video player by choosing a video player theme, adding your own thumbnail image, and adding your own logo. You can create your own livestreaming service, which can either be done by using their API/SDK or by using their User Interface (i.e., you won’t have to code). You can access stats and analytics about your videos to learn more about your users and their engagement. Some of the use cases for api.video include:
Tue, Mar 22, 2022Making a Real-Time Chat App with Supabase on Replit
Firebase is arguably the most popular backend as a service (BaaS) offering. It’s created by Google and comes with almost everything you’d need to create a great app, including a database, file storage, user authentication, and real-time communication. However, it’s closed source, meaning all your and your users’ data is under Google’s control. That’s where Supabase can help. Supabase is an open source Firebase alternative that aims to provide a similar set of functionalities and development experience, without controlling your data. In this article, you’ll learn how to use Supabase together with Replit, a cloud-based IDE, to create a real-time chat app. You’ll see how powerful and versatile both Supabase and Replit are and how you can use them to create an amazing app in no time. You can follow along with the tutorial using this repl. How the Chat App Works Before diving into the code, let’s talk about the stack and how the chat works.
Mon, Mar 21, 2022Operating Principles
Mission first Computers are the most powerful tools to exist in the history of humanity. Sadly most people are mere consumers of these machines. Only a relative few–the professional software developer–can use this superpower to its fullest extent. It’s creating an unbalanced world where there are programmers, and then there are those who are programmed. The situation is analogous to literacy before the printing press, where only the powerful had access to books and written communication. The invention of the printing press led to democratic, scientific, and industrial revolutions, but it took about a century from creation to revolution, which meant that an entire generation of people had to grow up with new skills, outlooks, and ways of learning and communicating. Replit exists to enable the next billion software creators. Our bet is that if more people can it’s easier to create software more people would want to do it. If more people code, more people will be able to independently create and generate wealth on the internet, regardless of their background. If we’re successful, anyone who's willing to learn and generate good ideas will be wealthy. Advancing our mission is not only a business imperative—it’s also a moral one. Anything that distracts us from our mission will be ruthlessly cut. Think radical When we first put coding in the browser, people said it was stupid, and that nobody wanted what we were building. When we made coding multiplayer, they said no one would want to work this way. When we said we said learning and building is one and the same, no one wanted to fund us; they said we’re not focused enough. Every step of the way, we’ve questioned norms, we’ve taken contrarian technology bets that paid off years in the future, and we’ve hired people no one wanted to hire who are now industry leaders. We’re going to keep doing it especially when people tell us it sounds crazy.
Wed, Mar 16, 2022Reasons Not to Join Replit
We want the people at Replit to really love working here (we do!). To help you make an informed decision about whether that would be the case for you, we challenged ourselves to come up with a list of reasons someone wouldn’t want to join our team. We hope it’ll help you learn more about the way we work together and whether that’s the way you’d be excited to work, too. 1. You don’t think the internet should be an open platform Replit’s mission is to bring the next billion software creators online. To realize that mission, we need to be a place where all kinds of people, with all kinds of backgrounds, experiences, ideologies, and values are warmly welcomed.
Wed, Mar 16, 2022Escaping Dirty Pipe (a.k.a. CVE-2022-0847), mostly unscathed
You may have heard that there was a very critical Linux kernel vulnerability making the rounds. As with all important enough vulnerabilities, this one has a catchy name: Dirty Pipe (no logo, though). This blogpost attempts to explain how that vulnerability impacted Replit. The good news is that as far as we know, there weren't any successful exploitations of it! That article linked above has the full explanation and is definitely worth the read because it narrates the journey from discovery to fix. In case you're in a hurry, the short description of that vulnerability is that it allowed any user to temporarily overwrite any file in the filesystem, without requiring any write permissions to do so. Temporarily because it didn't actually change the file, just the in-memory page cache, so if the kernel was under any sort of memory pressure, those changes would go away. There were a few more restrictions (mostly about the position, alignment, and length of the write), but other than that this allowed the attacker to make all sorts of very scary modifications to the system. Notably, the proof-of-concept code allowed any user to open a root shell by overwriting a setuid binary that had privileges to "become" root by the mere act of invoking it. The moment our "security advocate" (in reality it's just one of our platform engineers in a funny disguise until we hire a full-time security engineer) realized that this was such a serious bug, we immediately tried the proof-of-concept code. And we were delighted that it didn't work! We very recently enabled the no new privs bit that negated the effects of the setuid bit, so the user was greeted with a normal shell instead of a root shell. This meant that the scariest part of this exploit (escalation of privileges) was not possible in our system. Furthermore, the container has a very limited set of capabilities, which meant that even if the root shell would have indeed been possible, the attacker would not have been able to make most changes to the system. Hooray for defense in depth! Our initial happiness quickly dissipated, though. Even if the proof-of-concept didn't quite work all the way, it still had an effect: the files were still rewritten. So what's the worse that an attacker could do with that newly found power? Since we use Linux containers (through Docker), that means that the files in the root filesystem are shared in read-only fashion among all the containers in a system. So what if we tried to overwrite an important binary that everybody used (say, /bin/sh)? Turns out that the page cache is shared among containers too, so the modifications were visible to all repls in that one machine! This means that if a malicious user wanted, they could have been able to surreptitiously make changes to the shell, which means that they could make any modifications to any repl that happened to be running in that same machine. Exfiltration of secrets, modification of files, anything. So we needed to patch this ASAP. Fortunately the kernel already had a patch available, so all we needed to do was to make a deployment and wait a bit. We got very lucky here, because this could be a very long battle to get mitigations in place, but the disclosure of this was well-coordinated. We were very happy that this moment was mostly anti-climactic. By the way, if you tried to open any C# repl between 2022-03-09 and 2022-03-11, you might have seen a warning about a kernel bug preventing those repls from running. It turns out that it's a different, unrelated issue. Two different kernel bugs in the same week? What are the odds!? But that's a story for another day.