A place for developers to talk about building on Farcaster.

/dev

I'm surprised that in 2024 we still run so much random crap unprotected. All dev tools should be sandboxed somehow.

IDE plugins, homebrew, every package used by the app you're building, etc, etc., all with full access to your machine. 😱

IHMO dev containers is the best way. 

It gets a bit awkward when you need docker, but there are solutions (docker-in-docker, etc).

I'm surprised that in 2024 we still run so much random crap unprotected. All dev tools should be sandboxed somehow.

IDE plugins, homebrew, every package used by the app you're building, etc, etc., all with full access to your machine. 😱

IHMO dev containers is the best way. 

It gets a bit awkward when you need docker, but there are solutions (docker-in-docker, etc). 

https://containers.dev/

Permissionless public infrastructure. Contributing to Optimism at OP Labs. 
🇨🇦🏔️ https://www.pauldowman.com

Yeah this x 100. I am finding it can be a bit painful to work in the container but worth it for the peace of mind. Does docker in docker work well enough in a container? That has its own security compromises but way better than the status quo.

I've used docker-from-docker, it worked well. It lets docker tools inside the container use the system docker (magically hooks up the socket file to communicate).

IIRC if you have write access to the system docker socket, you basically have root access to the host system, no?