from Hacker News

New startup sells coffee through SSH

by ethanholt1 on 5/1/24, 6:26 PM with 407 comments

by rvnx on 5/1/24, 6:52 PM
One safety tip: disable SSH Agent Forwarding before you connect, otherwise the remote server can theoretically reuse your private key to establish new connections to GitHub.com or prod servers (though this host is unlikely malicious).
https://www.clockwork.com/insights/ssh-agent-hijacking/ (SSH Agent Hijacking)
by miki123211 on 5/1/24, 8:13 PM
I can't test this due to the product being out of stock, but I wonder what their approach to PCI compliance is.
Processing credit card data has a high compliance burden if you're unwilling to use a secure widget made by an already-authorized provider like Stripe. That's for a good reason, most web and mobile apps are designed such that their backend servers never see your full credit card number and CVV. You can't do this over SSH.
I also wonder whether you could even do this if you had to handle PSD2 2-factor authentication (AKA 3d Secure), which is a requirement for all EU-based companies. This is usually implemented by displaying an embed from your bank inside an iframe. The embed usually asks you to authenticate in your banking app or enter a code that you get via SMS.
You can take the easy way out of course and make the payment form a web page and direct the user to it with an URL and/or a Unicode-art rendition of a QR code.
by PaulDavisThe1st on 5/1/24, 7:50 PM
A lot of people don't know that before Amazon started, there was a company out of Portland, OR called Bookstacks selling books via a telnet interface. In the early days, Bezos was quite worried about their potential to get "there" first (wherever "there" was going to be). It was a fairly cool interface, at least for 1994.
[ EDIT: worried to the point that we actually implemented a telnet version of the store in parallel with the http/html one for a few months before abandoning it ]
by thdxr on 5/1/24, 7:28 PM
hey! i'm one of the people who worked on this, we actually launched a few days ago and sold out quite quickly - we'll remove the email capture so you can poke around
we'll be back in a few weeks with proper inventory and fulfillment
we'll also be opensourcing the project and i can answer any questions people have about this
by thisisauserid on 5/1/24, 6:59 PM
Is it /usr/locally grown and single .'ed? How quickly can they mv it to my ~?
by Shakahs on 5/1/24, 6:55 PM
I'm curious how they built this. It's SSH but the IP address is Cloudflare's edge network. It could be using CF Tunnel to transparently route all the SSH sessions to some serving infrastructure, but I didn't know you could publicly serve arbitrary TCP ports like that. Building it in serverless fashion on CF Workers would be ideal for scalability, but those don't accept incoming TCP connections.

by 9front on 5/1/24, 11:50 PM

  ┌──────────┬────────┬─────────┬───────┬────────────────────┐
  │ terminal │ s shop │ a about │ f faq │ c checkout $ 0 [0] │
  └──────────┴────────┴─────────┴───────┴────────────────────┘
 
 
  nil blend coffee
 
  whole bean | medium roast | 12oz
 
  $25
 
  Dive into the rich taste of Nil, our delicious semi-sweet
  coffee with notes of chocolate, peanut butter, and a hint
  of fig. Born in the lush expanses of Fazenda Rainha, a
  280-hectare coffee kingdom nestled in Brazil's Vale da
  Grama. This isn't just any land; it's a legendary
  volcanic valley, perfectly poised on the mystical borders
  between São Paulo State and Minas Gerais. On the edge of
  the Mogiana realm, Fazenda Rainha reigns supreme, a true
  coffee royalty crafting your next unforgettable cup.
 
 
  sold out!
 
 
 
  ────────────────────────────────────────────────────────────
  + add item   - remove item   c checkout   ctrl+c exit

by tonymet on 5/1/24, 6:46 PM
I long for an alternate dimension where terminal-based internet like Minitel dominated .
Something like hypercard implemented with 80x24 ncurses UI
by pimlottc on 5/1/24, 7:18 PM
> # use the command below to order your delicious 12oz bag of Nil Blend coffee
> ssh terminal.shop
Oops, I thought I was supposed to enter it directly into the prompt on the webpage. The styling makes it look like an interactive console, I figured they included an embedded javascript SSH client for users who might not have one.
by latexr on 5/2/24, 12:32 PM
Reminded me of Hacker Scripts, specifically `fucking-coffee`:
> this one waits exactly 17 seconds (!), then opens a telnet session to our coffee-machine (we had no frikin idea the coffee machine is on the network, runs linux and has a TCP socket up and running) and sends something like `sys brew`. Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 (!) seconds before pouring it into a cup. The timing is exactly how long it takes to walk to the machine from the dudes desk.
https://github.com/NARKOZ/hacker-scripts
by raggi on 5/1/24, 11:14 PM
Before a bunch of you run off and make more of these “because it’s cool”, they’ll likely lose access to stripe once stripes security team pay attention and realize that this can be trivially man in the middled and doesn’t actually offer the equivalent protection to https.
I wrote up a little demo and explainer at
```
   https://mitm.terminal.shop.rag.pub
  
   ssh mitm.terminal.shop.rag.pub
```
by Repulsion9513 on 5/1/24, 7:27 PM
PSA to anyone making a public SSH service: List the fingerprint, not the host key, thanks. (Or better yet list both!)
by tithe on 5/1/24, 6:28 PM
Hmm, a CLI interface for consumer purchasing.
Can I pipe that order through to a payment processor and delivery method? Script my meals for the week?
by lambdaxyzw on 5/2/24, 9:21 AM
>is ordering via ssh secure?# you bet it is. arguably more secure than your browser. ssh incorporates encryption and authentication via a process called public key cryptography. if that doesn’t sound secure we don’t know what does.
Strong disagree. The encryption is the easy part, the hard part is the symmetric key exchange. And PKI used by browsers is much more robust for this usecase then TOFU model of ssh. Of course the proper way to fix this is checking the ssh key fingerprint, but almost nobody does this.
by orblivion on 5/1/24, 7:10 PM
So unless you mean to exclusively sell coffee to users who don't have a white terminal background, you may want to consider your color scheme. I was missing the white text.
(I know this is considered an atrocity by some, but I happen to not really care enough about my terminal color to change the default)
by low_tech_punk on 5/1/24, 10:25 PM
"Shell company" takes on a new meaning!
by sva_ on 5/1/24, 6:45 PM
Really cool interface. Is there any list of such servers publicly available through ssh?
by wrs on 5/1/24, 6:42 PM
Love the idea! Congratulations (?) on being sold out!
My constructive feedback is that the text contrast is so low (in iTerm2 anyway) I can barely read anything. I thought only web pages had that problem, but I guess sufficiently sophisticated TUI apps have designer color problems too! What's next, incredibly tiny terminal fonts? (jk, designers...sort of)
by manicennui on 5/1/24, 8:32 PM
I really like Fellow Drops: https://fellowproducts.com/pages/fellow-drops
It is SMS based. Each week they offer a different bean from a different roaster, and you reply with the number of bags you want. I've discovered a number of great roasters this way.
by lxe on 5/1/24, 6:36 PM
Interesting. I like this. No need for a cookie banner.
by exabrial on 5/1/24, 7:29 PM
The authenticity of host 'terminal.shop (172.65.113.113)' can't be established. ED25519 key fingerprint is SHA256:TMZnO7N8mmR/Pap3urU2P4uBNuhxuWtDUak0g9gyZ8s
That's a bit different than the key listed
by 1970-01-01 on 5/1/24, 6:52 PM
Reminds me of
"Before Google, Sergey Brin tried (and failed) to let us order pizza by fax"
https://news.ycombinator.com/item?id=5264626
by rrr_oh_man on 5/1/24, 8:48 PM
I might be horribly out of touch, but... is $25 for a 12oz bag of not-totally-horrible coffee beans really a normal price?
by TaylorAlexander on 5/1/24, 6:39 PM
Reminds me of my friend’s zine-via-telnet: https://anewsession.com/
by geuis on 5/1/24, 10:06 PM
If you're looking for a movie to enjoy with your coffee, https://ascii.theater/
```
  ssh -a -i /dev/null -o StrictHostKeyChecking=no watch.ascii.theater
```
by Dig1t on 5/1/24, 6:36 PM
It's sold out and the only option if you actually connect via ssh is to give them your email address so they can send you updates.
by aftbit on 5/1/24, 6:58 PM
Ah lame, they won't even let you browse since they're sold out.
by nerdjon on 5/1/24, 6:39 PM
Was kinda hoping this was some place selling made coffee, but I do realize the reach of that would be small.
But I do kinda like the idea of something as... niche as this popping up in a highly tech area and then offering the ability to buy and get your coffee without ever seeing someone.
Like you just walk into a room with a rotating door (like one you might see at a doctors office for samples) or something like that.
Feels very... introvert and would be kinda fun.
by toddmorey on 5/1/24, 6:47 PM
The founders have a great (if conversational and sometimes off topic) podcast about development topics:
https://podcasts.apple.com/us/podcast/how-about-tomorrow/id1...

by 9front on 5/1/24, 11:46 PM

From the FAQ:

  will Nil make me a better developer?
  legally we cannot guarantee that it will, but...

  is it true your coffee contains the sweat of @theprimeagen?
  we can neither confirm nor deny these rumors.

  is it true your coffee contains the tears of @thdxr?
  yes, this is true.

by mebazaa on 5/1/24, 6:37 PM
Reminds me of prose.sh. Turns out, there’s a lot you can do if you SSH keys as an authentication mechanism!
by aprilnya on 5/1/24, 11:53 PM
FAQ:
> is ordering via ssh secure? you bet it is. arguably more secure than your browser. ssh incorporates encryption and authentication via a process called public key cryptography. if that doesn’t sound secure we don’t know what does.
Doesn’t TLS use public key cryptography too?
by yegle on 5/1/24, 7:02 PM
It would be awesome if I can do something like this:
> ssh terminal.shop "register foo $pubkey"
> ssh foo@terminal.shop "set shipping address to $addr, credit card info $info, email address $email"
> ssh foo@terminal.shop "order one 12oz light roast"
by dancemethis on 5/1/24, 10:42 PM
Claim to be ethical, yet don't deliver in the country the coffee is actually made.
by hk1337 on 5/1/24, 7:11 PM
Reminds me of the pizza cli app that would order Domino's Pizza.
EDIT Pizza Party is what I am thinking about.
https://www.youtube.com/watch?v=J691aLfkWP0
by melodyogonna on 5/1/24, 7:12 PM
Prime and Teej streamed the development
by arianvanp on 5/1/24, 8:06 PM
Another service that is completely controlled through a ssh tui : https://nixbuild.net
by raytopia on 5/1/24, 7:18 PM
This is really cool. I wonder how they pipe the data to stripe?
As an aside kind of funny to see this pop up. I was just talking about if anyone was doing ordering through a cli a while ago: https://news.ycombinator.com/context?id=39817617
by zachlatta on 5/1/24, 9:26 PM
I love this. If you love this, you might also like a game I built a while ago:
```
    $ ssh sshtron.zachlatta.com
```
by worker_thread on 5/1/24, 9:19 PM
I am very curious how this is built, I would like to build similar SSH interactive experiences. Any resources and how to get started would be really appreciated. (I know how to setup a basic TCP server that listens on SSH port, but I really don't know how to implement navigation etc for the SSH experience)
by mynameisnoone on 5/2/24, 6:59 AM
While it's cute, it's a small business not a startup and still a gimmick that doesn't solve the problem that coffee is a commodity and so the business is fundamentally not defensible. It's equivalent to being a meal kit business, which is one notch away from being a restaurant.
by archgoon on 5/1/24, 6:54 PM
Since I can't currently order, can someone say how the ordering process works? Do they send back a link to be used with stripe? Or do they try to handle everything within the terminal? The latter seems to invalidate their claim that this is just as secure as using a web browser.
by langcss on 5/2/24, 2:43 AM
Is this a reverse-Dropbox play? Make something need ssh, rsync, etc. that didn't need it before.
by pahool on 5/1/24, 6:46 PM
$25 for 12 oz? Yikes!
by cbhl on 5/1/24, 7:29 PM
Looks like they're sold out now.
The "enter your email for restock updates" part of the screen showed up as white-on-white on my light-mode-by-default Gnome Terminal on my first try and so I was slightly confused; sshing from `uxterm` worked fine though.
by low_tech_punk on 5/1/24, 7:59 PM
How does scaling work for SSH? e.g. How many concurrent connections can the server handle?
by doawoo on 5/1/24, 10:14 PM
Neat — big fan of TUIs! But I’m an even bigger fan of coffee… so show me where that coffee actually is sourced from…
Did you go and source it from farms? Is this sourced from another company? Whose blend? Do you provide the roast date on the bag?
by pmarreck on 5/1/24, 8:00 PM
I love TUI's. And now that Sixel exists, we can even have images in the Terminal.
The massive simplification this provides over rendering HTML/CSS should be attractive to startups.
Now I wish we had a CLI/TUI for things like Amazon...
by poopsmithe on 5/1/24, 8:55 PM
So cool! Congrats on selling out!
I was curious to see if I could connect using mosh. I could, but I wasn't able to use the hotkeys to browse the different screens like I was when I connected via ssh.
by kobieps on 5/1/24, 7:09 PM
I would not be upset if the entire internet went back to this.
by dingosity on 5/1/24, 10:30 PM
Happy to see this didn't work
```
    scp foo.txt terminal.shop:.
```
I was worried for a second they hadn't thought of that.
by normsbee on 5/1/24, 6:57 PM
This is so cool! Just imagine a world where you can run `getcoffee latte` and have a latte show up at your door 20 minutes later.
by semessier on 5/1/24, 6:43 PM
I wanted to ask if they do telnet/finger also, but there is no email listed.
by wuj on 5/2/24, 9:05 PM
Cool concept, but quite limiting if you are selling a mass-market product.
by matt3210 on 5/1/24, 11:28 PM
Slack preview link shows up weird. It shows as follows
> wip: terminal (initial commit)
by whimsicalism on 5/1/24, 6:48 PM
They sold out in 15 minutes? Or this is email/ip addy harvesting?
by bascope24 on 5/2/24, 6:05 AM
This is really cool. Which tech does it use for ecommerce functions?
by mhh__ on 5/1/24, 8:30 PM
I've been toying around with an ssh based casino recently.
by k8svet on 5/1/24, 7:38 PM
Man, consumerism is a powerful drug. Just one gimmick needed.
by ayman_saleh on 5/1/24, 7:49 PM
This is genius!
Not sure how the stripe payments intake work but very cool!
by willcipriano on 5/1/24, 7:09 PM
Looking forward to reading about this incredible journey
by nunez on 5/1/24, 10:36 PM
This is cool; I wish they had decaf single origin!
by yalok on 5/1/24, 8:11 PM
I would really like to see a decaf option there.
by amelius on 5/2/24, 6:46 AM
Does ssh have a good payment system built in?
by bee_rider on 5/1/24, 7:52 PM
Are the beans any good, what kind of roast?
by skilled on 5/1/24, 6:39 PM
Kind of disappointed that there is no option for commands like “ls” or “whoami”. I think it would be a nice addition, especially if this inspires other people to launch similar pages for other types of products.
by cat_plus_plus on 5/1/24, 6:51 PM
Scared to order after xz exploit...
by einpoklum on 5/2/24, 9:30 AM
Hey terminal.shop, Y U No T? :-(
by gnabgib on 5/1/24, 6:31 PM
Page title: wip: terminal
by latentsea on 5/2/24, 12:28 AM
Who has this problem?
by colesantiago on 5/1/24, 6:40 PM
zero interest rate startups are still in fashion I see.
by cozzyd on 5/1/24, 6:55 PM
hopefully using a java implementation of an ssh server
by atleastoptimal on 5/2/24, 8:32 AM
ok cool gimmick but why? is it special coder coffee?
by glonq on 5/1/24, 7:30 PM
sure, but can I sudo a sandwich ?
by kolinko on 5/1/24, 6:53 PM
Sold out :(
by botsone on 5/2/24, 9:37 AM
CHROOT
by fagrobot on 5/2/24, 2:41 AM
suuuuper gay
by qxfys on 5/2/24, 7:30 AM
now, I want to sell ketchup over SSH.
by I_o_IllI__o_I on 5/1/24, 11:15 PM
Not to dunk on the coffee which I haven't tried but this seems like a viral ad? I get it's cool that this actually works, but in practice how is it different to selling coffee through an API through a generic web interface served by shopify? In the end in both ways they are selling you coffe beans for money. It's still cool to see it in your terminal though.
by nescioquid on 5/1/24, 6:38 PM
This seems obligatory: https://tldp.org/HOWTO/Coffee.html
by huhuhu111 on 5/1/24, 11:15 PM
They are missing out.. There are some Tor customers out there...
by dwhly on 5/2/24, 2:58 PM
"STRONG KEYS, STRONG COFFEE"