If you are a VSCode hater (like me), you can achieve the same thing using the open-source, Microsoft-built, official devcontainer CLI [0], which is exactly what VSCode uses under the hood. You don't get automatic port forwarding with this tool, which includes SSH Agent forwarding, so you'll likely want to pair this with installing SSH into your devcontainers, or using some other tool that does the job. I built a tool [1] to do the port forwarding part, which I'd like to be more magic like VSCode's but haven't put the effort into doing, since it works for my purposes.
Using these, I can SSH into my devserver, use the devcontainer CLI to open a tmux session with iTerm2 Tmux integration, and it feels just like a local window. Combine that with Neovide and remote Neovim over the same channel, and I have a native-feeling dev environment running on a remote devcontainer in a nearby data center.
Not loving that the devcontainers CLI is node. The appeal of devcontainers is to limit the amount of code I have to trust on my host. Give me a small static binary I can deploy to new systems.
I ssh into my server, then use the devcontainer cli tool to open a shell in the dev container. Found that easier than installing ssh in every container, especially when there's lots of them. I made a simple command line tool for helping the process, so I don't have to type out any long commands. If I run it it will list the running dev containers and I give them each a number to I don't have to use the full ID.
I like the CLI for commands, but would rather work with an agent chat interface for vibing, which unfortunately I’m becoming increasingly reliant on, even though it’s gotten me into trouble with larger projects.
I have many environments locally, some dependent on others, and some require local databases. I use containers in production, but not always locally.
It’s almost a hellscape situation for trying to setup a fully isolated dev environment. I might be able have have some future generation of Claude convert my existing dev setup to something isolated with k8s. But, I don’t have the power to run such an environment locally, with all of the apps and services. I’d need to set my dev environments up in the cloud, but I don’t have enough money to pay for that, and it wouldn’t even work in some circumstances, because some things must run locally.
So, instead I run Cursor AI with various MCP servers, I approve tool calls, I don’t have things isolated, and I know this will eventually bite me.
Oh the gitlab link is really really really cool. I can't express in words how happy I am since I know about iroh and I always wanted to create such a tool myself too but never could figure out iroh.
Now the way I did port forwarding was really wild and really complicated and I think that it might demand a blog post if I am being honest, but yes this project is absolutely godsend. Thanks!!
I have actually been working on something similar but instead of Docker, I am using Apple’s builtin container[1] support to run shell commands and code with real OS-level isolation. It’s fast (spawns in milliseconds) and integrates nicely with things like Claude Code and the Gemini CLI. I open sourced it as CodeRunner[2]. Would love to hear what people think or chat about how it compares.
I have enjoyed running Claude Code in a container. The biggest advantage for me isn't security though, it's how easy it becomes to spin off agents to work in the background.
I use a simple script that copies my working directory into a container, prompts Claude Code, and then either saves a planning document locally, or opens a pull request in GitHub for me to review.
I quite like this because it makes starting agents when I have ideas really frictionless, and then I can easily discard the results and try again if it went off the rails. The Max plan makes me not worry about the cost of this whole process as well.
I also set up containers initially out of caution, but honestly, I've never seen Claude Code do anything that git couldn't easily reverse, so I'm not that worried about that any more.
> I've never seen Claude Code do anything that git couldn't easily reverse, so I'm not that worried about that any more.
I had one agent that installed something with pip and used it to rewrite my git history. It used the wrong flag and what was left was one file. I am glad I caught it before auto-commit and push triggered. It was one of my hobby projects, so not a huge deal. I can't imagine the fallout of this happening in a work environment.
Yes please, more containers-first thinking for all things AI. The fact that this has been largely absent from most discussions and demos regarding agents and vibe-coding seems like a big red flag to me. I mean if we're going to YOLO the code, perhaps we should at least pay some attention to the dev / test harness?
It's worth thinking about reproducibility even if you're not concerned about security. We would not have to argue so much about the effectiveness of something like vibe-coding if everyone could simply share process/tooling without tons of custom setup. And even if you're not worried about filesystem sandboxing and leaking secrets like ssh keys, even if versioning with git is enough of an undo button for you.. who wants to clutter their whole system with a ton of new language stacks and/or weird dependencies for every small experiment? Most experiments with the new hotness are going to fail, so we should expect to do a lot..
Containers bring their own set of problems, there are some examples brought up in this thread, mainly around communication with the host OS.
I‘d argue the reproducible parts of vibe coding (agentic engineering) setups are just text files. Many people use a mix of web apps (AI studio), Mac apps (Wispr Flow), and other UI tools (repo prompt) in their workflow which can’t be put in a container anyway - well, reasonably at least.
If you want security, containers won’t get you that far. You’ll need to use a VM.
But if you give Claude Code access to your GitHub repo, what else is there worth protecting, that’s not protected by keychain & sudo?
And you don't need to stop there. Claude Code also has great open alternatives you can run in any environment you like, with any model, and under economic arrangements you define. See https://oss-ai-swe.org/ for a few. My current favs are OpenHands and Codex CLI.
Containers do seem to work really well for agents. It lets them run in parallel! Giving them sudo also lets them do interesting things you wouldn’t want them doing on your desktop, eg. installing tools or debugging with tcpdump. (I am working on agent-in-a-container: sketch.dev)
Letting Claude Code loose on my home folder feels bad yes. Would using a separate user account solve it? I.e. keep git repos in for example /home/claude and run claude as that user? Or am I missing something?
This is exactly why I’m using chatGPT codex over Claude Code (even though I suspect CC might be better). Each chat runs in its own cloud based container. There’s no risk of exposing secrets/deleting files/breaking environment. I can run 3 in parallel while I continue to code locally. It works in a branch and integrates via PR. It’s a great DevEx.
Someone please build a nice macOS app using hypervisor framework that lets me do this locally :)
Honest question: why do people prefer developing code inside a docker? I get the benefits of docker as a deployment unit, but wouldn’t configuring a dev container and using it a hassle nonetheless, compared to not doing them at all?
Personally I don’t trust running npm/pip/gradle/etc in my own machine. I feel more secure running them in containers or VMs. Some IDEs like jetbrains’ support remote development (it’s not perfect but better than risking my own machine)
If you’re like me and want to maintain a clean dev machine. I don’t want my machine to get in my way when I need to get work done. That means I don’t want some X messing things up somewhere that I didn’t know about. Older I get my memory isn’t as sharp and things like this matter.
If you are using Claude Code on macOS running it in a devcontainer has a few upsides like fewer cli tool call failures, meaning less waiting time and less context window spam.
But there are some things you lose as well @ ergonomics:
- "done" notifications are not working by default (might be possible trigger and send to host using hooks feature)
- more difficult to give playwright a session (need to get cookies into playwright in the container)
- can't easily paste screenshots into the devcontainer (Claude Code has to take a screenshot or you have to put it into a mounted dir)
and of course the usual advantages of using containers still apply (dependency management, reproducibility and so on).
I still wonder though if nix would allow me to remove the container overhead (they do noticeably tax the macbook battery).
I use VMs myself. I use Proxmox and have it setup so that I can spin up a fresh VM in around 10-20 seconds when needed. I also like that I can take snapshots.
I really want to limit the amount of software I am installing on my main system due to possible security issues.
This setup is also compatible with GitHub CodeSpaces, which I think is an exceptionally nice development experience if you are on something like a Chromebook, and gives you isolation from your local network. Also lets you share your app running in dev-mode with anyone for feedback, without having to poke holes in your network or whatever. Also also, you can use the Cline extension in this environment if you still want the cursor-style copilotey experience.
From what I can gather, this is part of the idea/appeal behind something like https://phoenix.new/. The AI Agents have total control over the environment and can use all of the associated system tools as a result, without putting your own machine at risk. Once things are kinda working, you can pull it out and work locally.
Is this level of fear typical or reasonable? If so, why doesn’t Anthropic / AI code gen providers offer this type of service? Hard to believe Anthropic is not secure in some sense — like what if Claude Code is already inside some container-like thing?
Is it actually true that Claude cannot bust out of the container?
Just a month ago, an AI coding agent deleted all the files on someone's computer and there was a little discussion of it here on HN. Support's response was basically "yeah, this happens sometimes".
HN thread (flagged, probably because it was a link to some crappy website that restates things from social media with no substantive content of its own): https://news.ycombinator.com/item?id=44262383
I haven't found that to be the case. I have used cc within an container and on the host machine and it has been fine. Any command that could cause changes to your system you MUST approve when using it in agent mode.
You either have the option of approving each command manually, or you can let it run commands autonomously. If you let it run any commands then you have the risk of it doing something stupid (mainly deleting files).
You also have MCP tools running on your machine, which might have security issues.
I have personally never seen claude (or actually any AI agent) do anything that could not be fixed with git. I run 24/7 in full permissions bypass mode and hardly think about it.
Anyone with more than one toolbox knows that fear isn't required. Containers are about more than security, including stuff like organization and portability.
> If so, why doesn’t Anthropic / AI code gen providers offer this type of service?
Well perhaps I'm too much the cynic, but I'm sure you can imagine why a lack of portability and reproducibility are things that are pretty good for vendors. A lack of transparency also puts the zealots for "100x!", and vendors, and many other people in a natural conspiracy together, and while it benefits them to drum up FOMO it makes everyone else burn time/money trying to figure out how much of the hype is real. People who are new to the industry get leverage by claiming all existing knowledge does not matter, workers who are experienced but looking to pivot into a new specialization in a tough job market benefit from making unverifiable claims, vendors make a quick buck while businesses buy-to-try and forget to cancel the contract, etc etc.
> Is it actually true that Claude cannot bust out of the container?
Escaping containers is something a lot of people in operations and security have spent a lot of time thinking about long before agents and AI. Container escape is possible and deadly serious, but not in this domain really, I mean all your banks and utility providers are probably using Kubernetes so compared to that who cares about maybe leaking source/destroying data on local dev machines or platforms trying to facilitate low-code apps? AI does change things slightly because people will run Ollama/MCP/IDEs on the host, and that's arguably some new surface area to worry about. Sharing sockets and files for inter-agent comms is going to be routine even if everyone says it's bad practice. But of course you could containerize those things too, add a queue, containerize unit-tests, etc
Of course. Also with regular customer projects. Even without AI--but of course having an idiot be able to execute commands on your PC makes the risk higher.
> If so, why doesn’t Anthropic / AI code gen providers offer this type of service?
Why? Separate the concerns. Isolation is a concern depending on my own risk appetite. I do not want stuff to decide on my behalf what's inside the container and what's outside. That said, they do have devcontainer support (like the article says).
>Hard to believe Anthropic is not secure in some sense — like what if Claude Code is already inside some container-like thing?
It's a node program. It does ask you about every command it's gonna execute before it does it, though.
>Is it actually true that Claude cannot bust out of the container?
There are (sporadic) container escape exploits--but it's much harder than not having a container.
You can also use a qemu vm. Good luck escaping that.
Or an extra user account--I'm thinking of doing that next.
I don't get these posts. I'm using claude --dangerously-skip-permissions all day and haven't had a single issue. In my experience it doesn't just randomly start erasing your hard drives. Also having a proper CLAUDE.md probably helps.
You ignore safety features unless you have already experienced disaster? Do you wear a seat belt? Run all commands as root?
The history of computing says that everything is a porous security boundary just waiting for a motivated individual to attack it. Defense in layers, especially in the wild west of AI where everybody is playing move fast and break things at breakneck speed.
I understand some of the motivation for this post but in my view it's exaggerated because Claude code does a good job asking for permissions and in the (reasonable)worst case you can probably get an old state from github. If for some reason Claude (or someone) wants to take over your whole system I'm not sure if Dockers would stop it
I started working with VSCode in container ~3 years ago [1], at first I just felt I'd like to have control over the environment but later it made more sense when I switched to codeium windsurf [2]- I thought it's safer not to let agent loose in my filesystem
I put in a full day trying to get Claude Code and VSCode to work inside Docker. I wasn't able to get the window to properly display in my wayland session.
I don't know if it's appropriate for your case, but devcontainer <https://devcontainer.community/awesome>, code-server, or Eclipse Theia are basically VSCode over http and will mimick the GitHub.dev experience. I'm guessing a lot of your heartburn was trying to get the graphical parts of Electron to operate inside docker but it's really not good at that
I did see the VSCode part, but it might interest you that the JetBrains products also have an rpc style development setup through Gateway, where the product runs effectively headless in the container and just sends the display commands to your local IDE to handle latency sensitive GUI operations
You need to share the wayland socket (how programs talk to the compositor) with the container in docker. I’ve seen a script that does that on GitHub but I can’t remember the name. Distrobox and Toolbx also does this, but they also share your home directory with the container because that’s where all your config are.
I use DevPod [1] to run Claude Code within Docker-based dev container environments, and it's been fairly seamless. It lets me run environments locally and focus Claude's context on just the repo I want it to work on.
Bluefin distro is container/isolation oriented (sort of required given the immutable nature and not wanting to do too much layering) and includes a lot of options to implement a dev environment, including devpod and distrobox/toolbox.
Another idea is to develop in a KASM rootless docker workspace, where distrobox/toolbx can also be at your disposal. KASM workspaces are accessible thru the web, so you can work from anywhere.
The immutable nature of ideas like Bluefin and KASM encourage the user to use brew for package management, which would stay persistent under /home/linuxbrew
I can highly recommend bubblewrap for sandboxing -- configuration is just CLI arguments, one per a mounted path; I use a little script that mounts CWD, claude stuff, and XDG data directories in RW, and the rest in RO.
To me it seems like the only reason to fiddle with docker is if your dev env is already in a container
Another advantage of running claude inside a container is that you can use "--dangerously-skip-permissions" and let it do a thing in full autonomy for 2 hours. With a good prompt, abundant feedback like centralized logging and tests and a clear Claude.md, it can get pretty far on its own.
What drives this degree of user-experience complexity? Is there a targeted workflow that VsCode and Claude did not include in their GUI, that motivates this solution. Is it a tinkerer mindset, where setting this up is a fun activity for the author and readers?
This is my approach but it wasn’t all smooth especially with MCPs. And Docker wants you to install their Desktop software which is crap. I am not touching that thing. Yes, devcontainer extension is a thing but it’s a simple tool. We need something robust OOTB.
Mount them to the local filesystem, maybe even as read-only so Claude cannot modify them.
It actually makes bootstrapping the dev env so much easier too, basically just take a template .devcontainers and you're golden. After that just tell Claude what files you want to mount to the filesystem and restart
i don’t get the worry. i run these models all day without any sandbox and even leave them running while i walk away. i haven’t had a rm -rf kind of situation ever or even a hint of model going towards it. even gemini 2.5 at it’s lowest doesn’t do that.
Just because unintended things aren't happening right now, doesn't mean they won't happen. We are in the honeymoon phase of this technology where mass exploitation isn't yet being attempted.
However, if you are familiar with Pliny the Liberator's work, essentially all modern models are easily jailbroken, such that the original prompt can be overridden. All it will take for your agent is to download a malicious payload, perhaps disguised as a relevant library or documentation for the task at hand, and it can be running whatever the attacker tells it.
An 'rm -rf /' would be a pretty mild outcome. The more likely one would be the attacker silently installs malware on your machine.
I mistakenly started Claude in my root dev folder in dangerously skip mode the other day. Asked it to fix my playwright tests. All hell broke loose and I couldn't stop it. Lol. Eventually got it shut down and all was fine. Scared me though. There's a hook you can easily implement for RM -rf, see indydevdan on YouTube, he has a nice repo of it.
I would like to run everything in container and fire up two or three CC at once. It might be best actually. Right now I'm doing local dev with many services in one container and Claude sometimes doesn't use the container properly. I probably waste a lot of cycles with CC relearning my setup often as it struggles through it.
same, it actually annoys me when some calls need sudo access and I need to handle it manually, I have no idea what people are doing with those tools to fear destructive actions on the system
Yeah, I don't think you deserve the down votes for expressing an opinion (except maybe that it doesn't add a lot to the conversation), but speaking from personal experience, the whole AI coding thing has been pretty amazing for me.
I'm technical, I can read code (even write some of it), but actually completing things or getting started on serious projects is really hard: partly because I am not a professional develop (and so everything is hard) and partly because of time constraints. AI agents address both of these concerns very well and I've been able to produce things I wouldn't have thought possible. Are they ready for Prod? Maybe not, but at least they WORK and that's soo much more than anything I've managed in the past.
CGamesPlay|7 months ago
Using these, I can SSH into my devserver, use the devcontainer CLI to open a tmux session with iTerm2 Tmux integration, and it feels just like a local window. Combine that with Neovide and remote Neovim over the same channel, and I have a native-feeling dev environment running on a remote devcontainer in a nearby data center.
[0] https://github.com/devcontainers/cli
[1] https://gitlab.com/CGamesPlay/qtm
3eb7988a1663|7 months ago
macrolime|7 months ago
churchsor_ai|7 months ago
I have many environments locally, some dependent on others, and some require local databases. I use containers in production, but not always locally.
It’s almost a hellscape situation for trying to setup a fully isolated dev environment. I might be able have have some future generation of Claude convert my existing dev setup to something isolated with k8s. But, I don’t have the power to run such an environment locally, with all of the apps and services. I’d need to set my dev environments up in the cloud, but I don’t have enough money to pay for that, and it wouldn’t even work in some circumstances, because some things must run locally.
So, instead I run Cursor AI with various MCP servers, I approve tool calls, I don’t have things isolated, and I know this will eventually bite me.
shepherdjerred|7 months ago
https://devpod.sh/
unsupp0rted|7 months ago
What are some reasons to hate VSCode?
Imustaskforhelp|7 months ago
Now the way I did port forwarding was really wild and really complicated and I think that it might demand a blog post if I am being honest, but yes this project is absolutely godsend. Thanks!!
belter|7 months ago
https://vscodium.com/
lvl155|7 months ago
snthpy|7 months ago
mkagenius|7 months ago
1. Apple container: https://github.com/apple/container
2. CodeRunner: https://github.com/BandarLabs/coderunner
Caveat: You need M1/M2/M3/M4 mac for this to work. MacOS 26 is optional but recommended.
singularity2001|7 months ago
sothatsit|7 months ago
I use a simple script that copies my working directory into a container, prompts Claude Code, and then either saves a planning document locally, or opens a pull request in GitHub for me to review.
I quite like this because it makes starting agents when I have ideas really frictionless, and then I can easily discard the results and try again if it went off the rails. The Max plan makes me not worry about the cost of this whole process as well.
I also set up containers initially out of caution, but honestly, I've never seen Claude Code do anything that git couldn't easily reverse, so I'm not that worried about that any more.
eMPee584|7 months ago
m_kos|7 months ago
I had one agent that installed something with pip and used it to rewrite my git history. It used the wrong flag and what was left was one file. I am glad I caught it before auto-commit and push triggered. It was one of my hobby projects, so not a huge deal. I can't imagine the fallout of this happening in a work environment.
manmal|7 months ago
anon7000|7 months ago
extr|7 months ago
photonthug|7 months ago
It's worth thinking about reproducibility even if you're not concerned about security. We would not have to argue so much about the effectiveness of something like vibe-coding if everyone could simply share process/tooling without tons of custom setup. And even if you're not worried about filesystem sandboxing and leaking secrets like ssh keys, even if versioning with git is enough of an undo button for you.. who wants to clutter their whole system with a ton of new language stacks and/or weird dependencies for every small experiment? Most experiments with the new hotness are going to fail, so we should expect to do a lot..
manmal|7 months ago
I‘d argue the reproducible parts of vibe coding (agentic engineering) setups are just text files. Many people use a mix of web apps (AI studio), Mac apps (Wispr Flow), and other UI tools (repo prompt) in their workflow which can’t be put in a container anyway - well, reasonably at least.
If you want security, containers won’t get you that far. You’ll need to use a VM.
But if you give Claude Code access to your GitHub repo, what else is there worth protecting, that’s not protected by keychain & sudo?
intellectronica|7 months ago
manmal|7 months ago
crawshaw|7 months ago
kaffekaka|7 months ago
eblanshey|7 months ago
- /home/me -- 660 default permissions
- /home/me/project -- owner "claude", add "me" to "claude" group
- symlink /home/claude/project to /home/me/project
- Run claude in different user session
- Use CTRL+ALT+F2 to immediately switch between my main and claude sessions. Claude continues working in the background.
scosman|7 months ago
Someone please build a nice macOS app using hypervisor framework that lets me do this locally :)
hintymad|7 months ago
tkiolp4|7 months ago
blurrybird|7 months ago
Containerisation solved the "Works on my machine" gap between local and prod. This is just solving for the same gap between Dev 1 and Dev 2.
magic_hamster|7 months ago
lvl155|7 months ago
dboreham|7 months ago
unknown|7 months ago
[deleted]
tosh|7 months ago
But there are some things you lose as well @ ergonomics:
- "done" notifications are not working by default (might be possible trigger and send to host using hooks feature)
- more difficult to give playwright a session (need to get cookies into playwright in the container)
- can't easily paste screenshots into the devcontainer (Claude Code has to take a screenshot or you have to put it into a mounted dir)
and of course the usual advantages of using containers still apply (dependency management, reproducibility and so on).
I still wonder though if nix would allow me to remove the container overhead (they do noticeably tax the macbook battery).
artdigital|7 months ago
tkiolp4|7 months ago
graton|7 months ago
I really want to limit the amount of software I am installing on my main system due to possible security issues.
arscan|7 months ago
abrookewood|7 months ago
tartakovsky|7 months ago
Is this level of fear typical or reasonable? If so, why doesn’t Anthropic / AI code gen providers offer this type of service? Hard to believe Anthropic is not secure in some sense — like what if Claude Code is already inside some container-like thing?
Is it actually true that Claude cannot bust out of the container?
pxc|7 months ago
Just a month ago, an AI coding agent deleted all the files on someone's computer and there was a little discussion of it here on HN. Support's response was basically "yeah, this happens sometimes".
forum post: https://forum.cursor.com/t/cursor-yolo-deleted-everything-in...
HN thread (flagged, probably because it was a link to some crappy website that restates things from social media with no substantive content of its own): https://news.ycombinator.com/item?id=44262383
Idk how Claude Code works in particular, though.
tosh|7 months ago
https://docs.anthropic.com/en/docs/claude-code/devcontainer
and an example repo
https://github.com/anthropics/claude-code/tree/main/.devcont...
kxrm|7 months ago
unknown|7 months ago
[deleted]
Revisional_Sin|7 months ago
You also have MCP tools running on your machine, which might have security issues.
extr|7 months ago
photonthug|7 months ago
Anyone with more than one toolbox knows that fear isn't required. Containers are about more than security, including stuff like organization and portability.
> If so, why doesn’t Anthropic / AI code gen providers offer this type of service?
Well perhaps I'm too much the cynic, but I'm sure you can imagine why a lack of portability and reproducibility are things that are pretty good for vendors. A lack of transparency also puts the zealots for "100x!", and vendors, and many other people in a natural conspiracy together, and while it benefits them to drum up FOMO it makes everyone else burn time/money trying to figure out how much of the hype is real. People who are new to the industry get leverage by claiming all existing knowledge does not matter, workers who are experienced but looking to pivot into a new specialization in a tough job market benefit from making unverifiable claims, vendors make a quick buck while businesses buy-to-try and forget to cancel the contract, etc etc.
> Is it actually true that Claude cannot bust out of the container?
Escaping containers is something a lot of people in operations and security have spent a lot of time thinking about long before agents and AI. Container escape is possible and deadly serious, but not in this domain really, I mean all your banks and utility providers are probably using Kubernetes so compared to that who cares about maybe leaking source/destroying data on local dev machines or platforms trying to facilitate low-code apps? AI does change things slightly because people will run Ollama/MCP/IDEs on the host, and that's arguably some new surface area to worry about. Sharing sockets and files for inter-agent comms is going to be routine even if everyone says it's bad practice. But of course you could containerize those things too, add a queue, containerize unit-tests, etc
dannymi|7 months ago
Of course. Also with regular customer projects. Even without AI--but of course having an idiot be able to execute commands on your PC makes the risk higher.
> If so, why doesn’t Anthropic / AI code gen providers offer this type of service?
Why? Separate the concerns. Isolation is a concern depending on my own risk appetite. I do not want stuff to decide on my behalf what's inside the container and what's outside. That said, they do have devcontainer support (like the article says).
>Hard to believe Anthropic is not secure in some sense — like what if Claude Code is already inside some container-like thing?
It's a node program. It does ask you about every command it's gonna execute before it does it, though.
>Is it actually true that Claude cannot bust out of the container?
There are (sporadic) container escape exploits--but it's much harder than not having a container.
You can also use a qemu vm. Good luck escaping that.
Or an extra user account--I'm thinking of doing that next.
ed_mercer|7 months ago
nikolayasdf123|7 months ago
if it did, it would be too late, wouldn't it?
adastra22|7 months ago
Yet. You haven't had a single issue yet.
3eb7988a1663|7 months ago
The history of computing says that everything is a porous security boundary just waiting for a motivated individual to attack it. Defense in layers, especially in the wild west of AI where everybody is playing move fast and break things at breakneck speed.
singularity2001|7 months ago
dist-epoch|7 months ago
thisistemp001|7 months ago
[1] https://github.com/grzegorzk/vscode_in_podman
[2] https://github.com/grzegorzk/codeium_windsurf_in_podman
jMyles|7 months ago
mdaniel|7 months ago
I did see the VSCode part, but it might interest you that the JetBrains products also have an rpc style development setup through Gateway, where the product runs effectively headless in the container and just sends the display commands to your local IDE to handle latency sensitive GUI operations
skydhash|7 months ago
dymk|7 months ago
ubj|7 months ago
[1]: https://devpod.sh/
indigodaddy|7 months ago
https://docs.projectbluefin.io/bluefin-dx/
Another idea is to develop in a KASM rootless docker workspace, where distrobox/toolbx can also be at your disposal. KASM workspaces are accessible thru the web, so you can work from anywhere.
The immutable nature of ideas like Bluefin and KASM encourage the user to use brew for package management, which would stay persistent under /home/linuxbrew
https://hub.docker.com/r/linuxserver/kasm
https://kasmweb.com/docs/latest/how_to/docker_in_kasm.html
https://gist.github.com/jgbrwn/28645fcf4ac5a4176f715a6f9b170...
thelittleone|7 months ago
anuramat|7 months ago
To me it seems like the only reason to fiddle with docker is if your dev env is already in a container
BiteCode_dev|7 months ago
the__alchemist|7 months ago
lvl155|7 months ago
twalla|7 months ago
hosolmaz|7 months ago
globular-toast|7 months ago
restrictedolly|7 months ago
ffsm8|7 months ago
It actually makes bootstrapping the dev env so much easier too, basically just take a template .devcontainers and you're golden. After that just tell Claude what files you want to mount to the filesystem and restart
khalic|7 months ago
Also can we please differentiate vibe coding and prompt based development.
There is a difference between prompting "write me a website" and just using the LLM for typing faster than you do.
asadm|7 months ago
has anyone faced this?
FlyingAvatar|7 months ago
However, if you are familiar with Pliny the Liberator's work, essentially all modern models are easily jailbroken, such that the original prompt can be overridden. All it will take for your agent is to download a malicious payload, perhaps disguised as a relevant library or documentation for the task at hand, and it can be running whatever the attacker tells it.
An 'rm -rf /' would be a pretty mild outcome. The more likely one would be the attacker silently installs malware on your machine.
swader999|7 months ago
I would like to run everything in container and fire up two or three CC at once. It might be best actually. Right now I'm doing local dev with many services in one container and Claude sometimes doesn't use the container properly. I probably waste a lot of cycles with CC relearning my setup often as it struggles through it.
Yiin|7 months ago
adastra22|7 months ago
hmcamp|7 months ago
chickenzzzzu|7 months ago
[deleted]
rane|7 months ago
If there's a post about Zig, you don't see people saying how they don't use Zig.
abrookewood|7 months ago
I'm technical, I can read code (even write some of it), but actually completing things or getting started on serious projects is really hard: partly because I am not a professional develop (and so everything is hard) and partly because of time constraints. AI agents address both of these concerns very well and I've been able to produce things I wouldn't have thought possible. Are they ready for Prod? Maybe not, but at least they WORK and that's soo much more than anything I've managed in the past.
cdelsolar|7 months ago
eabeezxjc|7 months ago
[deleted]
pjmlp|7 months ago
60's movements would not be possible in current times.
wutwutwat|7 months ago
would not be possible, indeed