If you're on Linux, I've tried to build an easy yet secure way to isolate your system from your coding projects with containers. See https://github.com/evertheylen/probox
Interesting to see Marko and Solid topping the performance metrics. Ryan Carniato* was a core team member of Marko and started Solid. I wouldn't be surprised if SolidStart can eventually lower its bundle size further.
The article is a bit disappointing in that it focuses too much on bundle size. Bundle size is important for sure, especially in rural areas with poor mobile signal, but time-to-interactive is imho more important, and that's where resumable frameworks like qwik and marko6 shine
Solid is great for raw rendering speed, but it hydrates just like react (unless you use an islands framework on top like astro which has its own limitations), while qwik and marko are resumable out of the box
Great piece of software. For me its killer feature is automatically passing through exposed ports in a container, so you don't have to recreate the container with different -p options. (See https://evertheylen.eu/p/probox-intro/#network)
> does your project attempt to provide any isolation security-wise?
Considering that they provide Docker-in-Docker by default, this would have to be a "no" right now. Having the ability to launch Docker containers is equivalent to having root access on the Docker host by default.
(Most people use containers in a limited way, where they should do just one thing and shouldn't require systemd. OTOH I run them as isolated developer containers, and it's just so much easier to run systemd in the container as the OS expects.)
I actually run code-server (derivative of VSCode) inside the container! But I agree that there can be many gotchas, which is why I try to collect as much feedback as possible.
If you are on Linux, I'm writing a little tool to securely isolate projects from eachother with podman: https://github.com/evertheylen/probox. The UX is an important aspect which I've spent quite some time on.
I use it all the time, but I'm still looking for people to review its security.
I agree with you that VMs would provide better isolation. But I do think containers (or other kernel techniques like SELinux) can still provide quite decent isolation with a very limited performance/ease-of-use cost. Much better than nothing I'd say?
I would kinda disagree with this. The whole 'better than nothing' is what gave a huge chunk of people a false sense of security wrt containers to begin with. The reality is that there is no singular create_container(2). Much of the 'security' is left up to the runtime of choice and the various flags they choose or don't choose to enable. Others in this thread have already mentioned both bubblewrap and podman. The fact that the underlying functionality is exposed very differently through different 'runtimes' with numerous optional flags and such is what leads to all sorts of issues because there simply was no thought to designing these things with security in mind. (We just saw CVE-2025-9074 last week). This is very different than something like the v8 sandbox or gvisor which was designed with certain properties.
This is also my impression. Containers aren't full-proof. There are ways to escape from them I guess? But surely it's more secure practically than not using them? Your project looks interesting I will take a look.
I do too, but I found it non-trivial to actually secure the podman container. I described my approach here [1]. I'm very interested to hear your approach. Any specific podman flags or do you use another tool like toolbx/distrobox?
What I do is look for a `.podman` folder, and if it exists, I use the `env` file there to explicitly bind certain ports. That does mean I have to rebuild the container if I need to add a port, so I usually bind 2 ports, and that's generally good enough for my needs.
I don't do any ssh in the container at all. I do that from the host.
The nice thing about the `.podman` folder thing is that I can be anywhere in a subfolder, type `gg pod`, and it drops me into my container (at whatever path I last accessed within the container).
No idea how secure my setup is, but I figure it's probably better than just running things unfettered on my dev box.
Yeah props to the `pasta` tool, it solves a specific problem really well.
Nice script! I considered a similar approach that's based on "magic" files in the filesystem before, but it was difficult to get the security right. In your case I believe a malicious script can just overwrite .podman/env and it will be sourced by the host the next time you start the container.
I'm happy to discuss this more, feel free to reach out at [email protected]. I'm particularly interested in trying automated ways to try to break out of a container (like https://github.com/brompwnie/botb), this would benefit any containerization project.
Why don't we embrace proportional (i.e. not monospace) fonts more for coding? IMHO, they are a big step up when it comes to legibility. I personally switched after I noticed reading stuff in the sidebar (which is usually in a proportional font) felt more comfortable than reading code.
You can't use it for a terminal of course, and occasionally I find comments relying on monospace alignment. Other than that I see no downside to proportional fonts.
I use Input, which gives more room to special characters and is pretty nice overall: https://input.djr.com/
I fully agree that proportional fonts are nicer to read, even for code. When I tried to use it, I got annoyed by Go, which autoformats code with spaces to align stuff and that looks very ugly with a proportional font. The solution would be elastic tabstops [1], but that seems just to be a concept without actual support in any editor.
If you use a true proportional font, you give up aligning code elements other than basic indentation. For most people, that's too much to give up.
I do like quasi-proportional fonts like Iosevka Aile, where very wide or very narrow characters are allowed something more like their natural widths. I think, though I'm not sure, that the widths are worked out so that "Wl" (wide + narrow) is the same length as "xx" (2 x normal), for example. My experience using Iosevka Aile in Emacs is that things usually-but-not-always align like they're supposed to, which is a better trade-off than fully proportional fonts.
> If you use a true proportional font, you give up aligning code elements other than basic indentation.
Have you ever gotten deep into how tab stops work in Word?
The deeper you go the more you realize fun things like Tables are as much "Tab Stops with Borders" as they are a separate concept to Word. The UI/UX of both reflect each other.
WYSIWYG word processors and design tools have lots of ways to align proportional fonts.
The big thing is that to do it well they need a ton of metadata: this "paragraph" has tab stops at 1", 2", 4", and 5.5", two of the stops are right-justified and one is centered. Word makes it surprisingly easy to edit all of that metadata easily and visually in the Ruler up top.
If you are sticking to plain text documents that are easy to source control, where and how do you store that metadata? How do you keep it from being a distraction from the code you want to write?
It's not an insurmountable problem, we could do some really cool things if we tried. One half-baked thought off the top of my head here is that I bet you could do something rather cool with easily embedded CSS Grid descriptions in nearby comments and Tab/Newline-delimited sequences auto-populating cells in the grid. Given how much of our code is HTML rendered anyway and how ubiquitous HTML renderers are in our digital lives, CSS Grid isn't the worst model to reuse for something like this, and might be something someone could build a prototype with relatively quickly.
Typos feel way harder to spot in proportional fonts. Maybe because proportional fonts are easier to read so your brain subconsciously ignores them. And typos, like a misplaced or forgotten comma, can cause some of the most annoying bugs. Also, most editors still mostly operate on individual characters. With a fixed width font I can immediately see how many cursor up and cursor left commands I need to send to move the cursor to a specific position in the text.
> Why don't we embrace proportional (i.e. not monospace) fonts more for coding? IMHO, they are a big step up when it comes to legibility.
No, according to what seems to be the common definitions in this thread (dunno if that's the "official" one, or if such a thing even exists), they're better for readability, not legibility. And I agree with user bjourne's comment[1], "Typos feel way harder to spot in proportional fonts." What we need for coding is mainly legibility, not readability.
Well, at least usually, while writing and editing. For getting an overview of a large codebase, the increased readability of a proportional font might be better. (So what we really need may be a quick way to switch our editor or IDE between proportional and non-proportional fonts.)
You know, I've heard this idea about proportional fonts before and have been intrigued by the idea. I use Neovim running inside Alacritty as my code editor, though, so unsure if it'll work for me or not.
Going to check that font out - thank you for the suggestion. :)
That is the problem, though. I edit with neovim inside of wezterm. The few times I've seen proportional used for code, I've thought that it looked interesting but realistically, I live in a vt100 universe and all things considered, it's really not that bad.
I'm interested in Atkinson Hyperlegible Mono as a programming font. I think monospaced is a defining characteristic of programming fonts. Basically, legibility is just different for programming and text (although I clearly read too much Verdana).
Well, the alignment is a pretty significant downside.
There are now some excellent mono faces that have broken from a lot of the traditional monospace design elements and that look and feel very much like proportional fonts. Quadraat sans mono, cartograph cf, triplicate, I've seen a good homebrew alegreya sans mono variant too. I don't know of any free ones, though inconsolata-g is well in that direction. But I expect more of this trend over the next few years.
Which IDE or editor are you viewing this proportional font in?
A proportional font in Emacs doesn't look right to my eye. My guess is that there are subtleties in the spacing between letters when a browser or a book publisher renders the text that Emacs does not know about.
Isn't it the opposite; use proportional fonts in the terminal but not code, where alignment matters? I am giving it a try, and I like it on first impression.
Some people use proportional fonts in their IDEs, and have been for decades. It's just not exactly a mainstream practice. (I seem to recall that Microsoft used proportional fonts in their IDEs in the 90's. Or maybe I'm thinking of Visual Basic? Not sure.)
The main reason I have felt no inclination to use proportional fonts when coding is that proportional fonts tend to be _very_ bad at distinguishing homoglyphs and that is the _last_ thing you want when trying to find the syntax error or undefined variable. Although I will admit that I haven't look very hard for a proportional font that's actually meant for programming.
The other reason is that sometimes I read code where someone has created an ASCII diagram in the comments, or have other structures or whitespace where vertical alignment matters. (This used to be highly popular in C, although it's viewed as a bad practice in "modern" times.)
I find monospace code very easy to read, so I guess at the end of the day, proportional fonts have a few disadvantages with no real upside. For me at least.
> I seem to recall that Microsoft used proportional fonts in their IDEs in the 90's. Or maybe I'm thinking of Visual Basic? Not sure.
What's the distinction you're making here; are you saying Visual Basic isn't an IDE? Because AFAICS it very much is. (Or was, whatever. For its time, not even a bad IDE AFAICR.)
#/media/File:Acme.png){kind=link}
reply