1040 points by jart 1355 days ago | 224 comments on HN
| Mild positive Editorial · v3.7· 2026-02-28 11:47:05 0
Summary Free Expression & Digital Access Acknowledges
This is a technical release notes article for redbean 2.0, a cross-platform webserver distributed as a single executable file. The content engages moderately with human rights principles through open source distribution and permissive ISC licensing supporting freedom of expression (Article 19), comprehensive educational examples enabling participation in software development (Article 27), privacy-protecting sandboxing features (Article 12), and security mechanisms reflecting community duties (Article 29). The overall orientation is mildly positive toward human rights values through technical practices rather than explicit advocacy.
Really impressive feature additions since the first time I heard of it. Is Lua backend-able? I've been looking for a langage since PHP, the node ecosystem seems too volatile to me.
So many great features in this release. Love the .args and subprocess support. I have been toying with redbean on and off, and I have been wanting to see if I could kludge together a poor man's long running job (scheduled) runner (something like Celery).
Redbean is amazing. I was able to run some TLS stress tests against it (where you setup a handshake and just disconnect). I was able to pump out about 1200 connections per second between my desktop and laptop on 1gb ethernet. I only had 5 handshake errors.
Maybe Cosmopolitan Libc can be developed to become a full-featured glibc replacement like Musl and what LLVM libc is going to target? To be able to link with large C++ codebases it is still missing a ton of small cruft...
It’d be fun to add raft support so that multiple readbeans could share state such as monkey patching updates and other useful distributed features. On bare metal this could be a whole stack in a tiny bin.
> Thanks to Linus Torvalds, we not only have a consensus on architecture, but we've come pretty close to having a consensus on the input output mechanism by which programs communicate with their host machines, via the SYSCALL instruction.
Could someone explain this? I cannot find any information online
This is so amazing - I had to give it a shot. There have only been a couple of projects I’ve ever gotten excited about on HN and this is certainly one of them!!
I’m curious if any other users ran into issues with MacOS running 2.0? I may have just missed a step, but I started an issue nonetheless.
It's not often these days that a project pops up where I start thinking about re-imagining our whole build/deployment strategy around it. This project easily hits that high watermark. I'm already thinking about how we re-architect a few existing projects around it to reap the benefits. Very excited to do some new projects with this as well and get to understand it in more detail. Many thanks!
PHP support would be beyond amazing, what would be required (top-level) to get that working/usable?
I've been following this project but am curious about what are the actual use cases apart from being able to send a portable web site around?
If you're running a production web server you're not really switching OS's often. Something like nginx is battle tested so what would be the benefits of using redbean?
It is a marvelous piece of technology but I am struggling to see the use cases right now.
If you like this, you should support Justine & the project, if you can spare a few bucks a month:
> Funding for the development of redbean was crowdsourced from Justine Tunney's [GitHub sponsors](https://github.com/sponsors/jart) and [Patreon subscribers](https://www.patreon.com/jart). Your support is what makes projects like redbean possible. Thank you.
Wait, you reimplemented most of GNU Readline in a single file with no dependencies? Appreciate you started from someone else's library, but yours actually looks feature complete! Wow.
I've been having a lot of fun with this developing tiny webapps using Fullmoon[1]. I love Lua, but I frequently bounce between a Windows PC and a Linux PC. Having redbean + Fullmoon has made it a breeze switching back and forth without having to deal with system Lua installs. SQLite and the thorough amount of built-ins[2] is also a dream. Lua also has a lovingly awesome hobbyist community, so having another outlet for me to leverage that ecosystem is great.
Try hitting ctrl+shift+r in your browser. Sometimes browsers don't respect the cache headers which say 1 hour max and I haven't figured out why. This new release includes functions like setitimer() to help the primitives be there for anyone wanting to use Lua to build something like Celery.
Yes and some of the largest web infrastructures in the world run on it! I'm not sure if it's still true, but it's my understanding that CloudFlare runs it at the edge globally. I personally know of several other _very large services_ running it at massive scale.
In my experience Lua in nginx is such a pleasure to work with. It's all transparently async using nginx's event loop. You just write regular procedural code in Lua and the runtime handles yielding/resuming for you automatically. There's no special async/await stuff. Just write your Lua code and the runtime figures out the yield points internally. It's a breath of fresh air.
Lua also powers itch.io! [0] Leafo, the creator, has also built Moonscript [1], a language that compiles to lua, and Lapis [2], a web-framework for Lua and Moonscript. I am always fascinated by his productivity.
In my GitHub profile photo https://github.com/jart you'll see me holding a stuffed toy I call greenbean which has been cute little work desk companion of mine for some time. Later on I came into possession of a stuffed red lobster. A Chinese friend of mine suggested the name redbean as a companion for greenbean. Later in 2020 I was writing demo programs to showcase the capabilities of Actually Portable Executable. When I decided I wanted to write an HTTP server, redbean was looking up at me on my desk. That's when the idea clicked and it's been redbean ever since.
Half a percent is small but there should ideally be zero errors. Could you file a report so we can fix that?
Part of what makes the redbean TLS stack fast is I spent some time hacking on MbedTLS to improve its performance. One of things that's counter intuitive about crypto code is assembly can be safer in additional to being faster, since it helps guarantee the compiler doesn't add branches, for things like bit overflow carrying in arithmetic operations. One example is https://github.com/jart/cosmopolitan/blob/master/third_party... which I wrote to make the NSA curve much faster. I've been meaning to upstream into MbedTLS. Another thing I added is https://github.com/jart/cosmopolitan/blob/master/libc/nexgen... which greatly improves the performance of RSA multiplication using Intel's ADX ISA. But C crypto code can be beautiful too! For example, I found Everest (curve25519) particularly impressive, since they solve overflow in a different way, and as such, it's quite possibly the only large piece of C/C++ code I've ever seen that contains zero conditional branches and zero pointers. https://github.com/jart/cosmopolitan/blob/master/third_party... The closest thing I've found to measuring the performance impact of my changes is by recording how long the MbedTLS test suite takes to run. The speedup for suite_ssl is 13.11x faster, RSA is 1.91x, ECP is 1.86x, and ECDSA is 2.84x.
A syscall is a method for calling a kernel routine to do something outside the current process.
All i/o (network, filesystem, ipc), memory allocation, process interaction, signals, etc go through syscalls. open(), read() and write() are all syscalls.
If the syscall interface exists then the only thing left to do is to execute the program -- which depends on the cpu executing the machine instructions. If the machine instructions are for the wrong cpu then emulation may come into play.
It might help to understand API vs. ABI with respect to the C language and CPU architectures.
I put definitions here awhile ago, and mentioned the Actually Portable Executable project as an example of taking the ABI philosophy to an extreme, and ignoring APIs (source code).
It's unfortunately not explained well in many places, and even experienced C programmers don't understand the details. You won't learn about this in a C programming book, because it's not really part of the C language proper. It sits at an awkward spot between the language, the CPU, and the operating system.
----
The relation to Linus Torvalds is that historically Unix kernels were developed in a single tree and there was no stable ABI. For example I believe OpenBSD and NetBSD are still like this. But Linux is different in that the kernel maintained a stable ABI, and you can run different user utilities on top, without necessarily recompiling them against headers.
This is a high priority item. It sounds like you're using a recently released Mac OS X version. One of the great fears has always been the possibility of Apple breaking the UNIX system interface, like they did to the Go team in the past. So I'd like to get any issues resolved here as quickly as possible. I left a comment on the GitHub issue about next steps.
You're not alone. Maybe it's lack of knowledge on my part... but too much around node / npm, still seems like copy/pasting random incontations into the command line to try and solve whatever problem I have at a specific time. There is lot's of good in there, but somethings just don't work how you think they will.
For instance, we've been building a totally static site recently in node/npm/js/posthtml and posthtml has a concept of "local variables". A project called posthtml-expressions in theory allows you to put "expressions" into "HTML" modules (if's, loops, etc.), but it only works with "globally" defined variables. i.e. you can't define a variable locally to a component, you need to define it "globally" in the project, which IMO defeats the whole purpose of the project. Nowhere is this easily explained or defined in their documentation. The first thing I want to do is define a property/attribute inline to a component, otherwise I end up with word soup of global variables - $page_1_title, $page_2_title, etc., rather than <component title="xxx">. Bizarre. No idea what the point is if I can't declare variables "locally" to said component? And this is the feeling I've got of lots of NPM packages - there is just no cohesion between things. I love the work people have done, it's literally saved me hundreds of man hours, but I've also spent untold hours wrestling with things that seem obvious to me, that should work, which frankly just don't work how I expect. Maybe it's me?
redbean was originally intended as a locally running web server, sort of like an Electron competitor, where you launch your GUI in Chrome, rather than linking a copy of Chrome into your executable.
We live in a fragmented o/s world. If you're someone like me then you've got a Macbook from the office, a Windows PC for games, a Linux workstation for compiling code, a FreeBSD server, an OpenBSD router, etc. When you're dealing with so many different systems, sometimes just having something as simple as a sed command that works reliably the same seems like an impossible ask. Now we've got an entire app platform that works on the lion's share of PCs/servers in a small 1mb file.
It's also a question of being able to distribute code. I used to work on the TensorFlow team. We were tasked with building an open source library that people on pretty much every platform imaginable would use. It broke my brain just how difficult it was for us to ship open source binaries that actually work and don't cause an avalanche of GitHub issues. Even just working on more than a few Linux distros felt like an impossible ask back then. Now that I've figured out how to do it for every distro and seven operating systems total in just one file, I wish I could go back in time and use tools like redbean and Cosmopolitan Libc to fix all the things with TensorFlow that I wish I could have done. It'd've been a different project.
Could you join our Discord and help troubleshoot the issue with me? https://discord.gg/EZwQUAcx Normally when it fails to run, it's because WINE is installed to binfmt_misc or WSL needs to have binfmt_misc disabled. But it looks like it ran the script in your case. Could you try downloading https://justine.lol/ape.elf and letting me know if that runs? It should, since it's designed to work and is regularly tested on CentOS5. It's also possible you might have a different shell installed.
Most languages expect you to have a high quality web server between the outside world and your code. Nginx, Apache, IIS, etc are extremely well tested and secure. They can serve up assets fast, cache, and much more.
A popular way to host now is to have an nginx server or process that accepts requests from the outside and then makes a request to a less capable web server for the app internally to provide a response, also known as proxying. This provides a clear barrier with outside world in one very concise config file.
What redbean apparently has is a sufficiently high quality web server included, so they can handle requests from top to bottom in one package (vertically integrated).
I could see usage for web developers who would like to develop in Windows (natively without WSL) and then deploy it in a Linux server by just copying files via SFTP.
I think this is awesome too, but I’m at a loss to describe where I could replace already built services. Can you share some perspective on specific things that you see this can do that is amazing?
Content emphasizes open source distribution with permissive ISC licensing that enables free use, modification, and sharing. Transparent technical documentation published without access barriers exemplifies freedom of expression.
FW Ratio: 60%
Observable Facts
Page explicitly states 'redbean is permissively licensed under the ISC license' and 'The source code is available on GitHub.'
Entire technical documentation published freely accessible without authentication or paywalls.
Article demonstrates detailed disclosure of technical methods, implementation details, and capabilities.
Inferences
Permissive ISC licensing and public GitHub source enable freedom to use, study, modify, and distribute software.
Publishing comprehensive technical documentation without access restrictions reflects commitment to information freedom.
Content includes extensive educational material: detailed code examples, 'Further Examples' section with demo scripts, comprehensive API documentation, and REPL usage demonstrations. These enable participation in software development and scientific computing.
FW Ratio: 60%
Observable Facts
Page includes 'Further Examples' section with explicit references to demo Lua scripts (unix-dir.lua, unix-webserver.lua, binarytrees.lua) and GitHub repository links.
Content provides extensive code examples and detailed API documentation covering Lua, Unix system calls, MaxMind geolocation, and cryptographic functions.
Article includes detailed REPL demonstrations, benchmarking examples, and system programming examples.
Inferences
Educational examples and accessible API documentation enable developers to participate in advanced software development.
Comprehensive technical coverage and demo scripts support participation in systems programming and scientific computing.
Content describes privacy-protecting features including sandboxing via unix.pledge() and SECCOMP BPF that prevent unauthorized access to system files. These mechanisms reflect protective intent.
FW Ratio: 50%
Observable Facts
Page describes 'unix.pledge() system call' and 'SECCOMP BPF' for sandboxing on Linux and OpenBSD platforms.
Content includes example code demonstrating sandbox restrictions that prevent access to /etc and other protected system directories.
Inferences
The inclusion of sandboxing and access control features indicates recognition of privacy and system integrity concerns.
Detailed explanation of how privileges can be reduced suggests developer awareness of privacy protection responsibilities.
Content discusses security and resource protection features (unix.pledge(), unix.setrlimit()) that prevent abuse and protect shared resources, reflecting duties toward community safety.
FW Ratio: 50%
Observable Facts
Page describes 'unix.pledge()' for sandboxing and 'unix.setrlimit()' for resource consumption limits.
Content discusses preventing abuse stating 'to reduce privileges on forked workers' and 'limit on how many resources a connection is allowed to use.'
Inferences
Resource limits and sandboxing reflect recognition of duties to prevent harm to shared systems.
Security features indicate awareness of community responsibilities in distributed computing environments.
Website structure provides free downloads, references GitHub for source code, uses permissive licensing, and presents content without paywalls or authentication requirements. Distribution model maximizes information freedom.
GitHub links and available demo files enable readers to access and participate in software development. Open source structure supports scientific and technological participation.
build 1ad9551+j7zs · deployed 2026-03-02 09:09 UTC · evaluated 2026-03-02 13:57:54 UTC
Support HN HRCB
Each evaluation uses real API credits. HN HRCB runs on donations — no ads, no paywalls.
If you find it useful, please consider helping keep it running.