Show HN: I made Devzat – It's like Discord but in the terminal, over SSH

391 points by quackduck ↗ HN
Run `ssh devzat.hackclub.com` to try it out! The repo is here: https://github.com/quackduck/devzat (golang). It has markdown and emoji support, DMs, channels, and it can show images too. You can send code, and it gets syntax highlighted (you can change the theme). You can ping people like so: @user and it sends them a \a, which should play an audible sound if the terminal allows it. There's inbuilt games and rainbow names and a lot of other small things I don't remember right now.

You might find the auth system interesting: it's based on a hash of ssh pubkey (bans use that and a hash of IP, so it isn't so easy to get around a ban)

Also an interesting issue: bots that go around trying to brute force ssh into random IPs with common usernames. My current solution is banning if rapid successive joins are detected.

153 comments

[ 45.5 ms ] story [ 230 ms ] thread
I just get "Permission denied (publickey)". The README says to just run ssh-keygen, but I already have an RSA key. Does this server only support ed25519 or something?
Using the following helped me join: ssh devzat.hackclub.com -p 443

... to get around my firewall!

I think you are correct. Was able to get in by first doing `ssh-keygen -t ed25519` to create new private/public keys (be careful not to overwrite ssh keys that you are already using for other things!). RSA support is being phased out in various places.
Just confirming that I had to do this first and it started working. It was originally giving me the Permission Denied (publickey) error.
This is your week to learn about .ssh/config files.
this is mostly a certain crypto lib's fault (maybe stdlib, let me check)
Ugh. That’s not specific to one language either. Changing CA certs or enabling OCSP is often a case of configuring the same thing in several places or multiple libraries. Identity certs doubly so. If memory serves I spent more time on that than the rest combined.
Love the fact that there are currently more people on the server than likes on this post :D

You might wanna take a look at https://github.com/charmbracelet/bubbletea ad specifically https://github.com/charmbracelet/soft-serve for v2.

IRC style commands that are only sent to the sender would also be nice as current version is a bit spammy with help and user commands.

idk if i wanna make this a TUI tbh, i've seen those libs before. I don't think they support output to an io.Writer / term.Terminal though
+1 for charm bracelet, those libs are great. Plus the website is amazing
What is discord? Yes, I’ve heard of the company, but haven’t used it. You might do better with “chat” as more folks know what that is.
I imagine the selection of people who would use Devzat's feature set are at least passingly familiar with Discord.

People who aren't familiar with Discord but that would still use text chat over SSH are probably more likely to use IRC.

I still remember when Discord was primarily a voice chat (later, with screen sharing features too), essentially a replacement for TeamSpeak/Mumble/Ventrilo, not IRC or XMPP MUC.

Looks like those days it's more of a Slack/Gitter/IRC alternative.

Discord is one of the most popular chat platforms. Imagine IRC, but more modern and the developers actually care about UX.
I struggle to use Discord precisely because of the UX. and I say that with years of IRCing in a terminal with a black background. I vastly prefer Slack's theme.

Discord's dark & light themes are too hard on my eyes. They feel like the designers have never worked on a 13" MBP and only large monitors w/ non-retina displays.

LOL @ the developers caring about UX. I can't count how many times I tried to find some functionality only to have to google how to do it.
The only time I've does this it turned out that a feature didn't exist to do what I wanted, but you must admit the UX of creating a new IRC server is a million times worse than creating a new discord server.
For one you're actually not making a discord server, so there is that.
That's an implementation detail. Having servers automatically provisioned for you is more convenient for users.
But unfortunately it is highly censored. And if you're part of any community that is banned, your account is banned as well. It happens often. Something I experienced, as a former member of a nootropics server.

I don't find the service very trustworthy, but I think that if you're a gamer, it may work out just fine for you.

I agree that I wish their rules were more lax, but a trust and safety ban of a server doesn't necessarily ban everyone from the server. Just recently a server I was in got a trust and safety ban and no one got banned. The server just disappeared.
Reminds me of a time when a dedicated anti-malware server was temporarily deleted (probably due to the amount of malware samples being sent)
I got banned for demonstrating spectre and meltdown to a work audience, during the presentation.

FML.

All the topics mentioned in this subthread sound like my kind of thing. It's sad that Discord bans for that.

If you ever want to resume your communities elsewhere, perhaps check out Matrix (https://matrix.org/)? If you have the know how to host your own server, you can host a community without the risk of being shut down by an external party. People from other servers can still join because the network is federated.

Post a video of a demo of it. Might drain attention :)
Good idea, idk how to make good videos, probably an asciinema would be good
ASCII Enemas should be a last resort. When all else fails.
Looks cool, joined and made friends with a french dude. Totally forgot how cool irc-like minimalism can be sometimes.
I like it. A few observations:

* Hangman doesn't give you credit for all instances of a letter when you guess it

* Starting a new game of hangman (maybe also TTT?) interrupts/erases the previous one, if there's one in progress

* Images can be anything and aren't filtered - troll users could present some nasty stuff

* User settings don't persist (e.g., nickname)

sixel appears to be too large... it would be better if it made small outputs
sixel is super experimental
still, thanks for supporting sixels :)
I'm not good at handling user data so I haven't added persistence, could in the future

IDK how to filter images oof

Wdym by that first point? (Hangman is case sensitive)

For Hangman, I started a game with the word as "panda." There are two "a" characters. The person who guessed "a" only revealed one of them.

The rules of Hangman are that every letter guessed reveals all instances of that letter in the word.

that's super strange, that usually works
Lots of fun, but the issue with the images (is this the problem?) needs to be fixed. And the command issue where everyone sees the output - I wonder how hard that would be to address. Neat app!
Everyone seeing output is an intentional choice. What's the problem with images?
I really dig this, but if I issue a command like cd, the output should only be showed to the person who issued the command.

but this is really fun! nice job!

That was an intentional choice
What if you want to just say one of the commands? IMO, there should be some sort of prefix (like '/') before commands to disambiguate.
any prefix would make a command not a command, kinda like how people on twitter add a random character before a tweet starting with a user mention
I really like it, it seems like a great alternative to slack for a team that just wants non-notification chat
Heck yeah, feel free to email me updates (you can find my email on my github) if you decide to try it out
After living through Google Chat going down while handling a server incident at work, I created an internal, encrypted chat system in order to have an alternative in case our regular communications channel is down.

However the actual chat part of it is very barebones with a simplistic JSON-based protocol and a simplistic IRC-like interface - quite unlike devzat.

I wonder how hard it would be to untangle the authentication and transport bits from devzat and plug in our own proprietary auth/transport.

I don't think it wouldn't be hard, since there isn't really much auth (just some key and IP stuff), so you'd mainly have to add your own. Feel free to email me (my email's on my github) with updates / questions if you do decide to try it out!
Would an internal Matrix homeserver meet that need?
Or an internal IRC server.

Or a Zulip server.

Matrix is overkill if you're never going to federate it.

What makes you say that?
Matrix is a joy when not federated fwiw, given all the stuff that could slow it down (talking to other people’s servers) isn’t happening :)
make sure one's ssh-agent forwarding is off when connecting to strange hosts :)
Also make sure you're not exposing an identifying public key to a service you intended to use anonymously.
Are you telling me that everyone who clones a repo from GitHub via SSH is in fact authorizing GitHub to use their private key? Why hasn't anyone made a slick web page with a catchy name like AuthBleed or SecretAgent to describe that one yet?
The default OpenSSH settings are safe. You have to explicitly whitelist servers or domains in `.ssh/config`, but if you were to blatantly blast:

Host * ForwardAgent yes

The scenario you talk about is certainly possible, especially since OpenSSH does not require a "tap" for each authorization once the agent is unlocked. (Side note: this is one thing hardware u2f keys absolutely got correct).

Is this working now? I logged on and can't do anything and nothing seems to be happening, i just get a snippet of text starting "38m earlier"
Same for me, I'm guessing it's hugged from all the YC traffic.
sorry, i have no idea why it went down lol, i've fixed it now
yeah, I think I broke you system - completely stopped for me
> It's like discord but in the terminal, over SSH

so it's IRC?

idk, i didn't exist when IRC was the hip thing
You might wanna check it out. Things like code quotes and expand/collapse would be cool to add to an IRC client. I think some clients already support emoji as it's just UTF8?

It's common for IRC users to use IRC from a terminal client on their desktop. If they have a remote server they'll ssh into a box and use their terminal client there. They'd also use a screen session to keep their IRC client running 24/7 so they can keep receiving messages. Or they'll keep an eggdrop bot on a server somewhere, which is basically a sorta IRC proxy that they connect to from any IRC client and can keep their user online in the background.

Here's some stuff on IRC: https://github.com/ircdocs/modern-irc | https://ircv3.net/ | https://wiki.wireshark.org/IRC

Looks like there's some discord<->IRC gateways: https://github.com/sjwhitak/discord-irc-matrix https://github.com/qaisjp/go-discord-irc https://discordrc.com/

Here's some IRC stuff in Go: https://github.com/khlieng/dispatch https://github.com/ergochat/ergo https://github.com/go-irc/irc https://github.com/search?q=go+irc

Interesting. Btw, by support emoji I mean things like ":rocket:", ":fire:", etc do what they should: using emojis by copy pasting or using a system emoji picker gets tiring
(comment deleted)
Great post! Minor nit: eggdrop is an old bot written in TCL. People use "bouncers" like BNC and ZNC to proxy IRC through a shell to keep themselves connected, and other features.

I don't know why we keep reinventing IRC.

IRC never used SSH.
not directly, no, but one of the most common ways to maintain a persistent IRC session is to ssh to a server somewhere (typically not on a residential or dynamic internet connection) and then run your CLI irc client like ircII, bitchx or irssi inside of a gnu screen session, or inside of tmux.
More like a BBS partyline. IRC requires a custom client, not just a terminal connection.
i had been using telnet for irc in the 90s a lot, it doesn’t really require any custom client
This is fun. Well done!
Thanks, I see you had the same username on Devzat
Back in the mid 90's, I used to hang out on what was called vrave, a telnet based chat hosted at hyperreal.org (Apache's' Brian Behlendorf's rave archive/culture site).

This is definitely making me nostalgic for it.

Strange. I reported to Brian for years. He’s moved on, for now, I guess?
I think most ravers from that time period have moved on. :)
I'm glad it reminds you of something you liked :)
My first Unix account was on hyperreal.org, given to me by Brian Beulendorf so I could put up the Dance Music Business Resource.

The same machine also hosted apache source code repositories.

Oh, hi Jon! It's Chris, from the 90s

I used to live in your basement!
> Also an interesting issue: bots that go around trying to brute force ssh into random IPs with common usernames. My current solution is banning if rapid successive joins are detected.

I should've read this before trying to connect 100 usernames in parallel.

(comment deleted)
LMAO, send me your ID and I'll unban you (if you got banned)
I've just spent an hour on here when I should really be sleeping. Reminded me a lot of public IRC channels back in the day, surprised how fun it was to hang out with everyone. :)
Im not a command liner but was curious to check this out. I tried running ssh-keygen and the "Enter file in which to save the key (C:\Users\.../.ssh/id_rsa):" prompt appears and I lose ALL keyboard input to the command line. No CTRL C, no text, no enter. Cant do anything. Anyone aware of what the problem is?

Windows 10 PowerShell

> Anyone aware of what the problem is? Windows 10 PowerShell

That seems like the most likely problem, yes.

(comment deleted)
> bans use that and a hash of IP

Why hash it? There are <2^32 IP(v4) addresses, so it would be trivial to crack the hash.

I'm in the terminal / chat right now. This is giving me major 90's nostalgia! Incredible.
Yeah, same here -- serious 90's nostalgia in the best way. This is awesome.
thanks, i'm glad you guys like it :)
Me too, using irssi.
yep, same. Just something about terminal chat clients. I wish Discord would allow you to create a terminal client where you didn't have to do all kinds of workarounds.
If I remember correctly there is such a thing on GitHub, although it is against Discord's ToS. I have a Discord bot that I have written in two different languages as well. It would not be difficult to turn either of them into a pretty TUI. I probably would give Tk a chance, too. It is very lightweight, and can be made really pretty with ease.
Holy crap, moderation is hard.
One thing you might consider doing is using https://github.com/USER.keys to verify the identity of the person connecting. Then use the GitHub API to verify they have at least N followers and has existed for N days. It would be wonderful to have a social network for open source developers on the command line.
Joined but got banned pretty quickly after not saying a word :(
Could you send your ID (the hash in the message it gives you)? There's been too much spam for me to be an accurate filter, I'm really sorry