I can't test this due to the product being out of stock, but I wonder what their approach to PCI compliance is.
Processing credit card data has a high compliance burden if you're unwilling to use a secure widget made by an already-authorized provider like Stripe. That's for a good reason, most web and mobile apps are designed such that their backend servers never see your full credit card number and CVV. You can't do this over SSH.
I also wonder whether you could even do this if you had to handle PSD2 2-factor authentication (AKA 3d Secure), which is a requirement for all EU-based companies. This is usually implemented by displaying an embed from your bank inside an iframe. The embed usually asks you to authenticate in your banking app or enter a code that you get via SMS.
You can take the easy way out of course and make the payment form a web page and direct the user to it with an URL and/or a Unicode-art rendition of a QR code.
A lot of people don't know that before Amazon started, there was a company out of Portland, OR called Bookstacks selling books via a telnet interface. In the early days, Bezos was quite worried about their potential to get "there" first (wherever "there" was going to be). It was a fairly cool interface, at least for 1994.
[ EDIT: worried to the point that we actually implemented a telnet version of the store in parallel with the http/html one for a few months before abandoning it ]
hey! i'm one of the people who worked on this, we actually launched a few days ago and sold out quite quickly - we'll remove the email capture so you can poke around
we'll be back in a few weeks with proper inventory and fulfillment
we'll also be opensourcing the project and i can answer any questions people have about this
Is it /usr/locally grown and single .'ed? How quickly can they mv it to my ~?
I'm curious how they built this. It's SSH but the IP address is Cloudflare's edge network. It could be using CF Tunnel to transparently route all the SSH sessions to some serving infrastructure, but I didn't know you could publicly serve arbitrary TCP ports like that. Building it in serverless fashion on CF Workers would be ideal for scalability, but those don't accept incoming TCP connections.
ββββββββββββ¬βββββββββ¬ββββββββββ¬ββββββββ¬βββββββββββββββββββββ
β terminal β s shop β a about β f faq β c checkout $ 0 [0] β
ββββββββββββ΄βββββββββ΄ββββββββββ΄ββββββββ΄βββββββββββββββββββββ
nil blend coffee
whole bean | medium roast | 12oz
$25
Dive into the rich taste of Nil, our delicious semi-sweet
coffee with notes of chocolate, peanut butter, and a hint
of fig. Born in the lush expanses of Fazenda Rainha, a
280-hectare coffee kingdom nestled in Brazil's Vale da
Grama. This isn't just any land; it's a legendary
volcanic valley, perfectly poised on the mystical borders
between SΓ£o Paulo State and Minas Gerais. On the edge of
the Mogiana realm, Fazenda Rainha reigns supreme, a true
coffee royalty crafting your next unforgettable cup.
sold out!
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
+ add item - remove item c checkout ctrl+c exitI long for an alternate dimension where terminal-based internet like Minitel dominated .
Something like hypercard implemented with 80x24 ncurses UI
> # use the command below to order your delicious 12oz bag of Nil Blend coffee
> ssh terminal.shop
Oops, I thought I was supposed to enter it directly into the prompt on the webpage. The styling makes it look like an interactive console, I figured they included an embedded javascript SSH client for users who might not have one.
Reminded me of Hacker Scripts, specifically `fucking-coffee`:
> this one waits exactly 17 seconds (!), then opens a telnet session to our coffee-machine (we had no frikin idea the coffee machine is on the network, runs linux and has a TCP socket up and running) and sends something like `sys brew`. Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 (!) seconds before pouring it into a cup. The timing is exactly how long it takes to walk to the machine from the dudes desk.
Before a bunch of you run off and make more of these βbecause itβs coolβ, theyβll likely lose access to stripe once stripes security team pay attention and realize that this can be trivially man in the middled and doesnβt actually offer the equivalent protection to https.
I wrote up a little demo and explainer at
https://mitm.terminal.shop.rag.pub
ssh mitm.terminal.shop.rag.pubPSA to anyone making a public SSH service: List the fingerprint, not the host key, thanks. (Or better yet list both!)
Hmm, a CLI interface for consumer purchasing.
Can I pipe that order through to a payment processor and delivery method? Script my meals for the week?
>is ordering via ssh secure?# you bet it is. arguably more secure than your browser. ssh incorporates encryption and authentication via a process called public key cryptography. if that doesnβt sound secure we donβt know what does.
Strong disagree. The encryption is the easy part, the hard part is the symmetric key exchange. And PKI used by browsers is much more robust for this usecase then TOFU model of ssh. Of course the proper way to fix this is checking the ssh key fingerprint, but almost nobody does this.
So unless you mean to exclusively sell coffee to users who don't have a white terminal background, you may want to consider your color scheme. I was missing the white text.
(I know this is considered an atrocity by some, but I happen to not really care enough about my terminal color to change the default)
"Shell company" takes on a new meaning!
Really cool interface. Is there any list of such servers publicly available through ssh?
Love the idea! Congratulations (?) on being sold out!
My constructive feedback is that the text contrast is so low (in iTerm2 anyway) I can barely read anything. I thought only web pages had that problem, but I guess sufficiently sophisticated TUI apps have designer color problems too! What's next, incredibly tiny terminal fonts? (jk, designers...sort of)
I really like Fellow Drops: https://fellowproducts.com/pages/fellow-drops
It is SMS based. Each week they offer a different bean from a different roaster, and you reply with the number of bags you want. I've discovered a number of great roasters this way.
Interesting. I like this. No need for a cookie banner.
The authenticity of host 'terminal.shop (172.65.113.113)' can't be established. ED25519 key fingerprint is SHA256:TMZnO7N8mmR/Pap3urU2P4uBNuhxuWtDUak0g9gyZ8s
That's a bit different than the key listed
Reminds me of
"Before Google, Sergey Brin tried (and failed) to let us order pizza by fax"
I might be horribly out of touch, but... is $25 for a 12oz bag of not-totally-horrible coffee beans really a normal price?
Reminds me of my friendβs zine-via-telnet: https://anewsession.com/
If you're looking for a movie to enjoy with your coffee, https://ascii.theater/
ssh -a -i /dev/null -o StrictHostKeyChecking=no watch.ascii.theaterIt's sold out and the only option if you actually connect via ssh is to give them your email address so they can send you updates.
Ah lame, they won't even let you browse since they're sold out.
Was kinda hoping this was some place selling made coffee, but I do realize the reach of that would be small.
But I do kinda like the idea of something as... niche as this popping up in a highly tech area and then offering the ability to buy and get your coffee without ever seeing someone.
Like you just walk into a room with a rotating door (like one you might see at a doctors office for samples) or something like that.
Feels very... introvert and would be kinda fun.
The founders have a great (if conversational and sometimes off topic) podcast about development topics:
https://podcasts.apple.com/us/podcast/how-about-tomorrow/id1...
From the FAQ:
will Nil make me a better developer?
legally we cannot guarantee that it will, but...
is it true your coffee contains the sweat of @theprimeagen?
we can neither confirm nor deny these rumors.
is it true your coffee contains the tears of @thdxr?
yes, this is true.Reminds me of prose.sh. Turns out, thereβs a lot you can do if you SSH keys as an authentication mechanism!
FAQ:
> is ordering via ssh secure? you bet it is. arguably more secure than your browser. ssh incorporates encryption and authentication via a process called public key cryptography. if that doesnβt sound secure we donβt know what does.
Doesnβt TLS use public key cryptography too?
It would be awesome if I can do something like this:
> ssh terminal.shop "register foo $pubkey"
> ssh foo@terminal.shop "set shipping address to $addr, credit card info $info, email address $email"
> ssh foo@terminal.shop "order one 12oz light roast"
Claim to be ethical, yet don't deliver in the country the coffee is actually made.
Reminds me of the pizza cli app that would order Domino's Pizza.
EDIT Pizza Party is what I am thinking about.
Prime and Teej streamed the development
Another service that is completely controlled through a ssh tui : https://nixbuild.net
This is really cool. I wonder how they pipe the data to stripe?
As an aside kind of funny to see this pop up. I was just talking about if anyone was doing ordering through a cli a while ago: https://news.ycombinator.com/context?id=39817617
I love this. If you love this, you might also like a game I built a while ago:
$ ssh sshtron.zachlatta.comI am very curious how this is built, I would like to build similar SSH interactive experiences. Any resources and how to get started would be really appreciated. (I know how to setup a basic TCP server that listens on SSH port, but I really don't know how to implement navigation etc for the SSH experience)
While it's cute, it's a small business not a startup and still a gimmick that doesn't solve the problem that coffee is a commodity and so the business is fundamentally not defensible. It's equivalent to being a meal kit business, which is one notch away from being a restaurant.
Since I can't currently order, can someone say how the ordering process works? Do they send back a link to be used with stripe? Or do they try to handle everything within the terminal? The latter seems to invalidate their claim that this is just as secure as using a web browser.
Is this a reverse-Dropbox play? Make something need ssh, rsync, etc. that didn't need it before.
$25 for 12 oz? Yikes!
Looks like they're sold out now.
The "enter your email for restock updates" part of the screen showed up as white-on-white on my light-mode-by-default Gnome Terminal on my first try and so I was slightly confused; sshing from `uxterm` worked fine though.
How does scaling work for SSH? e.g. How many concurrent connections can the server handle?
Neat β big fan of TUIs! But Iβm an even bigger fan of coffeeβ¦ so show me where that coffee actually is sourced fromβ¦
Did you go and source it from farms? Is this sourced from another company? Whose blend? Do you provide the roast date on the bag?
I love TUI's. And now that Sixel exists, we can even have images in the Terminal.
The massive simplification this provides over rendering HTML/CSS should be attractive to startups.
Now I wish we had a CLI/TUI for things like Amazon...
So cool! Congrats on selling out!
I was curious to see if I could connect using mosh. I could, but I wasn't able to use the hotkeys to browse the different screens like I was when I connected via ssh.
I would not be upset if the entire internet went back to this.
Happy to see this didn't work
scp foo.txt terminal.shop:.
This is so cool! Just imagine a world where you can run `getcoffee latte` and have a latte show up at your door 20 minutes later.
I wanted to ask if they do telnet/finger also, but there is no email listed.
Cool concept, but quite limiting if you are selling a mass-market product.
Slack preview link shows up weird. It shows as follows
> wip: terminal (initial commit)
They sold out in 15 minutes? Or this is email/ip addy harvesting?
This is really cool. Which tech does it use for ecommerce functions?
I've been toying around with an ssh based casino recently.
Man, consumerism is a powerful drug. Just one gimmick needed.
This is genius!
Not sure how the stripe payments intake work but very cool!
Looking forward to reading about this incredible journey
This is cool; I wish they had decaf single origin!
I would really like to see a decaf option there.
Does ssh have a good payment system built in?
Are the beans any good, what kind of roast?
Kind of disappointed that there is no option for commands like βlsβ or βwhoamiβ. I think it would be a nice addition, especially if this inspires other people to launch similar pages for other types of products.
Scared to order after xz exploit...
Hey terminal.shop, Y U No T? :-(
Page title: wip: terminal
Who has this problem?
zero interest rate startups are still in fashion I see.
hopefully using a java implementation of an ssh server
ok cool gimmick but why? is it special coder coffee?
sure, but can I sudo a sandwich ?
Sold out :(
CHROOT
suuuuper gay
now, I want to sell ketchup over SSH.
Not to dunk on the coffee which I haven't tried but this seems like a viral ad? I get it's cool that this actually works, but in practice how is it different to selling coffee through an API through a generic web interface served by shopify? In the end in both ways they are selling you coffe beans for money. It's still cool to see it in your terminal though.
This seems obligatory: https://tldp.org/HOWTO/Coffee.html
They are missing out.. There are some Tor customers out there...
"STRONG KEYS, STRONG COFFEE"
One safety tip: disable SSH Agent Forwarding before you connect, otherwise the remote server can theoretically reuse your private key to establish new connections to GitHub.com or prod servers (though this host is unlikely malicious).
https://www.clockwork.com/insights/ssh-agent-hijacking/ (SSH Agent Hijacking)