Sun, Apr 17, 2022QLTY SZN 1
A commitment to quality One of our competitive advantages is making bets on technologies before the rest of the market catches on. One such bet we've made is on CodeMirror. We switched our editor from a proven but stagnant technology, Monaco, and towards CodeMirror. We know we made the right decision because: We can now make changes, most importantly bug fixes, much more quickly. The new search panel we were able to build is much better than the version that shipped with Monaco. The new editor's improved performance is already showing up in better user onboarding success. CodeMirror's extensibility will enable us to ship one of the most most long-awaited features: Themes!
Wed, Mar 30, 2022We Built a Search Engine
For the past few months, we have been building a Replit-native search engine. It is remarkably powerful, and we are really excited for you all to try it out. We believe that you should be able to find anything on Replit in less than 30 seconds. This might sound simple, but when you have 100 million+ Repls, it becomes complicated. :) When you search for something on Replit today, you'll see a page with relevant results from the following categories: Repls Templates Code (yes, code)
Mon, Mar 28, 2022Build a Speech-to-Text App with AssemblyAI on Replit
Transcription, or speech-to-text (STT), is a very helpful feature for various use cases, from AI assistants to video captioning. You can use it to create immersive virtual experiences and accessible interfaces unlike ever before. It’s no wonder STT-driven apps and services are in high demand. In this article, you’ll learn how to implement STT functionality in your own app with ease using AssemblyAI. Its API provides simple access to advanced AI models that can transcribe your audio or video files and even real-time streams. You’ll use AssemblyAI together with React, Next.js, and Replit to build a simple app for transcribing uploaded files. You can follow along with the repl here. What Is AssemblyAI Before diving in, take a moment to get to know AssemblyAI and its vast feature set. On top of both real-time and async transcription, AssemblyAI API provides many features related to general audio intelligence:
Fri, Mar 25, 2022Build Your Own Livestreaming Service with api.video
With the recent shift in the popularity of remote work environments, the demand for livestreaming services has increased. Even prior to the shift, many global companies have used livestreaming services for their organization’s all-hands meetings. api.video provides APIs and SDKs that make it easier to build your own livestreaming service and host it on your website. Additionally, they also provide solutions for uploading videos, encoding videos, video delivery, and video analytics. Here are some of the specific features of api.video: You can securely upload and store videos from your own user interface to api.video. The video can then be shared worldwide via their responsive video player. They also support progressive uploads that let you simultaneously upload large videos. You can customize your video player by choosing a video player theme, adding your own thumbnail image, and adding your own logo. You can create your own livestreaming service, which can either be done by using their API/SDK or by using their User Interface (i.e., you won’t have to code). You can access stats and analytics about your videos to learn more about your users and their engagement. Some of the use cases for api.video include:
Tue, Mar 22, 2022Making a Real-Time Chat App with Supabase on Replit
Firebase is arguably the most popular backend as a service (BaaS) offering. It’s created by Google and comes with almost everything you’d need to create a great app, including a database, file storage, user authentication, and real-time communication. However, it’s closed source, meaning all your and your users’ data is under Google’s control. That’s where Supabase can help. Supabase is an open source Firebase alternative that aims to provide a similar set of functionalities and development experience, without controlling your data. In this article, you’ll learn how to use Supabase together with Replit, a cloud-based IDE, to create a real-time chat app. You’ll see how powerful and versatile both Supabase and Replit are and how you can use them to create an amazing app in no time. You can follow along with the tutorial using this repl. How the Chat App Works Before diving into the code, let’s talk about the stack and how the chat works.
Mon, Mar 21, 2022Operating Principles
Mission first Computers are the most powerful tools to exist in the history of humanity. Sadly most people are mere consumers of these machines. Only a relative few–the professional software developer–can use this superpower to its fullest extent. It’s creating an unbalanced world where there are programmers, and then there are those who are programmed. The situation is analogous to literacy before the printing press, where only the powerful had access to books and written communication. The invention of the printing press led to democratic, scientific, and industrial revolutions, but it took about a century from creation to revolution, which meant that an entire generation of people had to grow up with new skills, outlooks, and ways of learning and communicating. Replit exists to enable the next billion software creators. Our bet is that if more people can it’s easier to create software more people would want to do it. If more people code, more people will be able to independently create and generate wealth on the internet, regardless of their background. If we’re successful, anyone who's willing to learn and generate good ideas will be wealthy. Advancing our mission is not only a business imperative—it’s also a moral one. Anything that distracts us from our mission will be ruthlessly cut. Think radical When we first put coding in the browser, people said it was stupid, and that nobody wanted what we were building. When we made coding multiplayer, they said no one would want to work this way. When we said we said learning and building is one and the same, no one wanted to fund us; they said we’re not focused enough. Every step of the way, we’ve questioned norms, we’ve taken contrarian technology bets that paid off years in the future, and we’ve hired people no one wanted to hire who are now industry leaders. We’re going to keep doing it especially when people tell us it sounds crazy.
Wed, Mar 16, 2022Reasons Not to Join Replit
We want the people at Replit to really love working here (we do!). To help you make an informed decision about whether that would be the case for you, we challenged ourselves to come up with a list of reasons someone wouldn’t want to join our team. We hope it’ll help you learn more about the way we work together and whether that’s the way you’d be excited to work, too. 1. You don’t think the internet should be an open platform Replit’s mission is to bring the next billion software creators online. To realize that mission, we need to be a place where all kinds of people, with all kinds of backgrounds, experiences, ideologies, and values are warmly welcomed.
Wed, Mar 16, 2022Escaping Dirty Pipe (a.k.a. CVE-2022-0847), mostly unscathed
You may have heard that there was a very critical Linux kernel vulnerability making the rounds. As with all important enough vulnerabilities, this one has a catchy name: Dirty Pipe (no logo, though). This blogpost attempts to explain how that vulnerability impacted Replit. The good news is that as far as we know, there weren't any successful exploitations of it! That article linked above has the full explanation and is definitely worth the read because it narrates the journey from discovery to fix. In case you're in a hurry, the short description of that vulnerability is that it allowed any user to temporarily overwrite any file in the filesystem, without requiring any write permissions to do so. Temporarily because it didn't actually change the file, just the in-memory page cache, so if the kernel was under any sort of memory pressure, those changes would go away. There were a few more restrictions (mostly about the position, alignment, and length of the write), but other than that this allowed the attacker to make all sorts of very scary modifications to the system. Notably, the proof-of-concept code allowed any user to open a root shell by overwriting a setuid binary that had privileges to "become" root by the mere act of invoking it. The moment our "security advocate" (in reality it's just one of our platform engineers in a funny disguise until we hire a full-time security engineer) realized that this was such a serious bug, we immediately tried the proof-of-concept code. And we were delighted that it didn't work! We very recently enabled the no new privs bit that negated the effects of the setuid bit, so the user was greeted with a normal shell instead of a root shell. This meant that the scariest part of this exploit (escalation of privileges) was not possible in our system. Furthermore, the container has a very limited set of capabilities, which meant that even if the root shell would have indeed been possible, the attacker would not have been able to make most changes to the system. Hooray for defense in depth! Our initial happiness quickly dissipated, though. Even if the proof-of-concept didn't quite work all the way, it still had an effect: the files were still rewritten. So what's the worse that an attacker could do with that newly found power? Since we use Linux containers (through Docker), that means that the files in the root filesystem are shared in read-only fashion among all the containers in a system. So what if we tried to overwrite an important binary that everybody used (say, /bin/sh)? Turns out that the page cache is shared among containers too, so the modifications were visible to all repls in that one machine! This means that if a malicious user wanted, they could have been able to surreptitiously make changes to the shell, which means that they could make any modifications to any repl that happened to be running in that same machine. Exfiltration of secrets, modification of files, anything. So we needed to patch this ASAP. Fortunately the kernel already had a patch available, so all we needed to do was to make a deployment and wait a bit. We got very lucky here, because this could be a very long battle to get mitigations in place, but the disclosure of this was well-coordinated. We were very happy that this moment was mostly anti-climactic. By the way, if you tried to open any C# repl between 2022-03-09 and 2022-03-11, you might have seen a warning about a kernel bug preventing those repls from running. It turns out that it's a different, unrelated issue. Two different kernel bugs in the same week? What are the odds!? But that's a story for another day.
Wed, Mar 9, 2022Betting on CodeMirror
At Replit, our mission is to bring the next billion software creators online. In order to achieve that ambitious goal, we need to make sure that the experience of writing, running, and sharing code is as seamless as possible. At the heart of that experience is the editor itself. As a result, we dedicate a huge amount of time and energy to improving the stability, performance, and accessibility of our editor. Monaco For years, we had been relying on Monaco to power that experience. Monaco is the open source editor behind VS Code, written and maintained by Microsoft. At the time, the decision to adopt Monaco was an easy one. It was packed full of useful features that helped users navigate and write code quicker, had built in support for a large number of popular languages, and looked familiar to those coming from VS Code and other popular IDEs. These reasons, along with its growing open source community, quickly made Monaco the de-facto way to write code on the web.
- Tue, Mar 8, 2022
Hack Week 2022 Recap
Hey, everyone! I’m sure you all heard about the infamous, annual Replit Hack Week, but what exactly is it? Every year, we come together as a team to brainstorm, hack, and push the limits of our platform to set the tone for the year. During the first Hack Week last year, our team integrated Nix into Replit which transformed how we do infrastructure, packages, and languages. Nix also allows users to configure Replit to suit their needs. In line with our purpose for Hack Week ‘22, the theme for the year is “Community and Extensibility”.
Sun, Feb 27, 2022Kaboom Draw
Programming is hard, especially for beginners where the code <-> output feedback loop is cumbersome. People need to click run button, see output, change code, click run again see output. There are a lot of ideas that greatly improved this experience like live-reloading (a lot in the audio / visual context, and UI dev). However the most exciting idea I've seen is still the experiments done by Bret Victor, like in Learnable Programming. Seeing his experiements on combining live reload + sensible controls still takes my breath every time. You might know we're on the way of adopting Codemirror 6 to replace Monaco for a more extensible and maintainable editor (shoutout to Sergei for carrying us through this hard time!). One day I saw Faris made a css color picker codemirror 6 extension and it got me thinking, hmm CM6's extension system is really handy, what if we make some more sensible controls over all kinds of values, and make something like the Bret Victor experiments? Excited by the idea, I decided to do shove off some non-urgent tasks and do a little hack week on my own to jam out these thoughts. But first, gotta book a slot on the demo calendar: excited to excite Barron
Wed, Feb 23, 2022All New Repls are Powered By Nix
For the past year we have been working hard to integrate Nix into our platform and rebuild our existing language experiences with package from Nix. We are excited to announce that all new repls are now powered by Nix. In this post we'll talk about what this means for the future of the platform and all the work that it took to get here. With Nix you can easily create templates for languages Replit didn't support before, pull in more development tools than ever, and access any cli application in the shell without installing anything: Every new repl being powered by Nix means that we've be able to make vast improvements to our existing languages: Long awaited Node.js v16 support 100x faster Python package management
Thu, Feb 17, 2022Getting Started with Solidity on Replit
Have you ever wanted to quickly prototype an idea, reproduce a bug, or share a code demo? Maybe you just got an idea for a new smart contract that allows users to bet on soccer teams, and you want to quickly prototype this and share it with your teammates. In all of these instances, Replit is the perfect solution. Replit is a powerful online integrated developer environment (IDE) with a simple user interface that supports more than fifty programming languages. It also supports real-time collaboration, allowing for use cases like team member onboarding or hands-on learning for students. It integrates seamlessly with GitHub, allowing you to create repositories from a repl or load a repo from GitHub without any manual setup. Replit also gives you the power to share demos through a link that can be accessed by any device, anywhere in the world. In this article you’ll learn how to get started with Solidity on Replit. Solidity is a statically typed, curly-braces programming language designed for developing smart contracts that run on Ethereum. It can also be used by other blockchains for interoperability and easier migration. Getting Started with Solidity on Replit In this section, you’ll learn how to get started with Solidity on Replit and deploy your first smart contract.
Mon, Feb 14, 2022Make a Multiplayer Game with Kaboom.js and Heroic Labs
Many developers are familiar with Replit, the in-browser IDE. However, you may not know that it can be used to make full applications and games. With Kaboom, a JavaScript game-programming library that helps you quickly make fun games, and Nakama, an open source distributed server created by Heroic Labs, you can easily create a multiplayer game that runs on Replit. In this article, you’ll learn how to make a multiplayer game using Kaboom in Replit, utilizing Heroic Labs as the game server. If you want to check out the finished product or just follow along with this tutorial, you can use this REPL. What Are Multiplayer Games Multiplayer games are usually played as matches, where players join a match and compete for high scores or try to defeat each other in a battle royale with other players from all over the world. The action is happening in real time and can be played as a team or individual; Nakama can support both kinds.
Fri, Feb 11, 2022Announcing File Persistence in Hosted Apps… for Everyone!
Replit is your computer — for whatever you need to do. We announced last year that Hackers would be able to have their hosted apps be able to persist file changes since that made it possible to build a lot more apps. But we were not quite satisfied that only Hackers were going to get this new feature. Today we are announcing that we are opening this up for everyone! Why the change? Back in November, we knew that this new feature was going to have a small, but measurable, impact to our infrastructure. This meant that opening this up for everyone from the get-go was not ideal. We wanted to get this out to users as soon as possible, so we decided to be iterative. We crafted a plan to open this up for Hackers first to observe what a realistic load would look like, while pondering some potential optimizations that we could use to improve it. In addition, we added more monitoring just in case anything came up. After enabling this and blogging about it, we saw a very small difference between our predictions and reality. The plan had worked! And our hunch about something unexpected appearing was right on the money: the extra monitoring enabled us to find (and fix) an extremely low-probability bug that could only be observed when operating at Replit scale. With the new data, we could make data-driven decisions. We went through the planned optimizations and the additional load is now in a much better place, so we're comfortable opening this up for everyone.