Comment by progval

15 hours ago

Most programmers and power users install large dependency trees with npm/pip/bundler/... on the same user account as their main browser on a regular basis. Even on Linux where it's easy to create new user accounts. This isn't much different.

Two bads doesn't give you one good.

  • No, but when you’re arguing that common practices followed by pretty much everyone is “bad”, it’s hard to muster much urgency.

    Yeah, we should do this differently. We should probably also eat healthier and get to the gym more.

    • Running LLMs with some form of sandboxing is much easier than eating healthy or going to gym. Speaking as someone that is procrastinating lifting weights but found 15 minutes to lock down Claude.

  • no, but it does give one multiple vectors for exfiltration of your data which is a good thing for the scammers of the internet. A bad thing if you naively designed your package management system. Sadly, it's only going to get worse.

Is there a general workflow for this? I usually do pip under my user. I had not thought to do a su then do my venv and pip. Heck, are we at the point where we shouldn't even do that and everything should be done in a vm container?

  • > Heck, are we at the point where we shouldn't even do that and everything should be done in a vm container?

    This is the premise of Qubes OS. It's gotten decently usable, I'd estimate about as good as Linux a decade ago. https://www.qubes-os.org/

    • +1 for qubes. with some effort you can get a really nice stack with segmented git, disposable coding agents, package cachers, firewalls, and network visibility.

It's much different.

The dependency trees have a whole system that's evolved for decades. The same code goes into many computers. Many people read the source, security firms look for vulnerabilities, etc.

Language models are a completely new paradigm. The code it writes on your machine is the only instance of that code. It does far more than anybody could ever keep track of.

It's much harder to detect problems, and nobody to hold accountable for them.

It has never been easy to create separate users on Linux, certainly not for tasks where you need to switch between contexts.

Docker was amongst the biggest steps forward on this in a long time.

  • I meant for CLI tasks. Just "adduser" and "sudo -u <user> bash".

    • And when you want to share some but not all files with that one user but not other users you created for similar purposes?

      And when you want the outputs of that user back to your main user?

      And when you want that user to access some shared credentials for external services, but not all?

      It’s not the account setup that’s hard, it’s the workflow of spreading a single real-world across multiple accounts.

      8 replies →

  • It has always been very easy to create separate users on Linux and certainly for tasks where you need to switch between contexts.

    Linux is a unix, so has always been multi-user and sharing any data between processes is facilitated in all manner of ways. So context could be shared over files or unix-domain sockets or shared memory or tcp or udp sockets or via message passing or … a bunch of other ways. That has been the case since 1996 or so when I started using it certainly.

  • unix (and linux) has always been multi user. It is as easy as it gets for multi-user workflows in every context. It was, literally, built for it.

    You can run each of your virtual desktops as their own user. You can run individual apps on the same desktop as different user accounts. Hundreds of separate users can login to the same computer. My own computer, right now, has 40 different user accounts running stuff in the background.

    I can't even think of a scenario where using separate users is difficult.

    • > You can run each of your virtual desktops as their own user. You can run individual apps on the same desktop as different user accounts.

      Literally never have I ever seen any of the desktop environments integrate this conveniently, albeit CLIs are better in that regard. "You can" isn't the same as "it's the idiomatic approach to doing X". Same with installing packages in a per-user way, so a bad package can't harm anything outside of its sandbox (which in practice you achieve with containers, but those can be inconvenient to work with and you'd probably want VMs for more security anyways). You can have many users, sure, but all it takes is one bad system-wide package, one bad script executed as root (e.g. install scripts, compromised packages) or even not being careful enough with file permissions and things go wrong.

      Contrast that to Qubes: https://doc.qubes-os.org/en/latest/introduction/intro.html#q...

      Now that was literally built for such a use case (it's based on isolated VMs and works well with Linux distros inside those, really cool project).

  • I do not know since when (I am using it for couple of years), but in Arch, it is very simple to have two X sessions (by using "log out" > "switch user") for two different accounts, so switching it's just a Control-Alt-F7 away.

    Additionally, one can make the main user part of the group of the development user, so that you can read/write easy in the development user account and it is even easier to share stuff.

    • It doesn't really matter which distribution you use, you can use approximately all the software with any distribution.

      They mostly differ a bit in how they are configured and what package manager they use and how they roll out updates. (And in what's installed by default.)

    • Multiple X sessions has been possible for decades. I think its possible with Wayland too.

      You can also start applications as another user so you do not even need multiple sessions.

      There are quite a lot of privilege escalation attacks so I am not sure this is sufficiently solid.

      3 replies →

  • sudo useradd -m [username] ?

    su [username] ?

    Or am I understanding your idea about switching context wrong?

    • This doesn't really when the CLI tool needs to access any data in your /home. There isn't a straightforward way using standard POSIX tools to share a directory with another user. (Of course it's possible, but it's not easy.)

      5 replies →

  • While I agree, containerization is awesome, on linux, you can just create a devUser and `sudo devUser theThing`

    • not the same thing. Containerization prevents devUser from accessing your machine root with its root. By containerizing, if devUser tries to sudo or su and gets a root, it will only be their root and not your root. Read up on cgroups.

      4 replies →

Most programmers use docker or don't install extensions unapproved by their company.

  • That's patently not true, source, me, a DevOps manager who has had to roll out proper docker and security policy for devs for the past 10 years :)

    • Your anecdote does not make GP's comment "patently untrue". It's just a counter-example, and we don't know how prevalent your scenario is compared to GP's.

      (And I agree with the GP. I'm fairly cynical about most developers' security stance and threat model. Source: my own usage patterns.)

      2 replies →

  • I think you should clarify that with “most programmers I work with”.

    • He should clarify that "most" can be easily replaced by "all" as it was determined by statistical pool of whopping 1 person - himself.

      And also clarify that it's all lie. He just want to tell the anonymous crowd "look, I'm better than you".

      7 replies →

  • In my experience more than 9/10 programmers I've worked with have never used Docker before and of those who have, the majority have never used Docker for anything personal.

    If I hand them an image for a Dev Container, sure, they might use it, but it becomes "a thing we need to do, to compile our code in our IDE" not a tool they would use for isolation*.

    *) OP seemed to imply that containerization would be nice for safety and security compared to bare metal, but containers were never built for isolation in the first place, mind you. They are namespaces and chicken-coop-like-jails at best.