HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dimitry12

no profile record

Submissions

Self-hosted disposable sandboxes with exe.dev-like UX

github.com
2 points·by dimitry12·3 เดือนที่ผ่านมา·1 comments

comments

dimitry12
·3 เดือนที่ผ่านมา·discuss
From Bitwarden official statement: https://community.bitwarden.com/t/bitwarden-statement-on-che...

"a malicious package that was briefly distributed"

"investigation found no evidence that end user vault data was accessed or at risk"

"The issue affected the npm distribution mechanism for the CLI during that limited window, not the integrity of the legitimate Bitwarden CLI codebase or stored vault data."

"Users who did not download the package from npm during that window were not affected."

Downplaying so hard it's disgusting. Bitwarden failed and became a vector of attack. A vendor who is responsible for all my passwords. What a joke. All trust lost: by the incident and comms-style. Time to move before they make an even bigger mistake.
dimitry12
·3 เดือนที่ผ่านมา·discuss
https://github.com/earendil-works/gondolin is another project addressing a similar use-case.
dimitry12
·3 เดือนที่ผ่านมา·discuss
(I am not the author of vmtree)

Would be pretty magical if when you need a sandbox, you just SSH into it and it's already there, right? exe.dev popularized this UX, but I self-host a lot of things already, so I wanted something similar, but on my own server, which has plenty of spare RAM and CPU cores.

I tasked Gemini DeepResearch with finding what I can use to glue together something like exe.dev. In a typical Gemini Deep Research fashion, it came back with a very obscure recommendation claiming everyone is using it. Repository had one fork and six stars at the time of search.

While obscure, Gemini IMO found a gem: https://github.com/kkovacs/vmtree

It's a collection of a few short bash scripts which automatically provision sandboxes using ssh as a trigger. It has other nice touches such as: controlling how sandboxes get cleaned up, and provisioning subdomains with or without HTTP authentication to expose services running inside the sandbox.

I love it. Mine is deployed entirely inside the VM (HTTPS and SSH DNAT'ed), and doesn't interfere with other VMs on my server.
dimitry12
·6 ปีที่แล้ว·discuss
Or keep the studies and make UBI non-permanent: much like cold-war brinkmanship - incentivizing recipients to always keep in mind the possibility of future work.

I understand it's much more stressful than permanent guaranteed UBI, but it's truer to the real intent of UBI (which I believe is reducing the friction when deciding to try new job or state or whatever in a pursuit of self-actualization).