[overbytecode]

This is literally all I can think about these days. I’m getting paranoid and I want to start my OS from a clean slate and use sandboxing for every project. I spend so much time auditing random scripts and libraries because I run them on my laptop.

But sandboxing options aren’t that great right now. Docker doesn’t cut it because it isn’t a security sandbox, and full blown VMs with vagrant have too much friction and needs lots of resources.

I think this is something where Firecracker (Amazon’s lightweight VM) can really shine. But it needs a better a DevEx to act as a disposable/reusable environment that’s easy to start up, easy to specify dependencies. Maybe something uniting firecracker and nix would be the sweet spot for both isolation and reproducibility.

I’m rambling but it feels like this should be a solved problem, maybe it is and I don’t know where to look.