I argued for years that we had too few workers for our total project count and management argued that most projects were idle and so it was fine to have so many per worker.
I think web-based IDEs like GitHub Codespaces (but even VSCode with tunnels) is part of the solution because at the very least you can get an isolated dev environment per project. I've been advocating for this for as long as I remember.
Unfortunately, most developers don't like them so it is a though sell.
Why do most developers not like it? Is it because the browser is a terrible platform for text editors since there is no proper key mapping, or access to proper debuggers, or there is too much latency, and no access to cli tools?
You make it sound like you are surprised, but everyone who has tried this knows it's crap and a band aid at best.
What is a real text editor, by your estimation? NVim? Emacs? Genuinely curious.
I use VSCode/Codium since I maintain a GUI stack for general usage. But I have all the terminal tools installed for my work there as well. I hate customizing things too, which I find is necessary if you want to get the most out of terminal text editors. VSCode is pretty good out of the box, with terminal access and everything built in.
Jeez, I hope this doesn't turn into a text editor flame war...
I'll say my biggest recent gripe with VS Code, is since they started collapsing bits in the terminal, when I type a command and hit enter, if I start typing the next command before the first command is done, the input gets mangled.
It doesn't happen in MS Terminal (new Windows Terminal) and it doesn't happen in Tabby (which is also Electron+xterm.js), so it's a recent unique to VS Code bug... and it's annoying to no end for me. I actually rely on the integrated code terminal a lot.
Why would I ever want to use a browser based solution instead of local VMs? If you're worried about VM escapes then you have bigger problems (and hopefully a full time security team supporting you).
Edit: I realize in hindsight this comes across as overly negative. I think those are great solutions to have available for when you are working with a suboptimal local setup for whatever reason. I just don't think they're the default choice let alone any sort of ideal to strive for.
Is the theory here that the browser cannot be co-opted to infect web-based repositories?
Also: thinking of how yt-dlp can integrate with browser cookies now and the malware paths that opens up. (This is part of why Chrome wants HSM cookies, I expect: DRM and opsec!)
In this scenario the malware will not be on the device but in an isolated dev environment on a remote machine. So it will have access to whatever was configured in that repo but hopefully the project is isolated enough to ensure containment and prevent cross-pollination.
I don't think the cloud (someone else's computer) is the best solution. The sanitation problem can be mitigated by compartimentization but the cloud aspect also adds brittleness and new attack vectors.
Why not set up proper containers (or VMs) locally? And why not wait a little till local LLMs catch up?
Maybe just a personal itch, but having your dev environment elsewhere feels so gross to me..
This is the leg of the cycle when we go back to mainframes & centralized computing? With all the datacenter build out; why wouldn't you want your services adjacent to the LLM processing centers?
Unfortunately, most developers don't like them so it is a though sell.