Thanks for the post. I see now that it's bananas, but I didn't quite get that from the blog post. You list the things this agent can do, but I immediately assumed it went in the other direction, because anything else would be bananas. The statement in the README put it more succinctly for me:

> A compromised remote could use the VS Code Remote connection to execute code on your local machine.

I feel like that "security note" should have a CVE number next to it.

That first paragraph (in your HN comment, not the blog post) would have read better with zero periods.

Glad to see one of my favorite blogs is still active. I was starting to get a little worried.

The first two blogs currently listed, McCord-Valim’s FLAME-Livebook-GPU and your post which has the word “murid”, truly captures the psychological arc of a developer.

Thanks!

That, or,

https://www.youtube.com/watch?v=DN1Foddvez8

More low effort posts please!

I can't tell you how much I love that this post has generated 156 comments and I have nothing to rebut about any of them. I'm sure they're all right!

Emacs is better than vi and spaces are better than tabs!!! (I just wanted to get that in as long as you're agreeing with all the comments.)

I second both of these

Both: http://ooxx.me/wp-content/uploads/2013/10/TabsSpacesBoth.png

Tabs for indenting, spaces for aligning.

Por que no los dos? You both it. GIVE ME BOTH! Both is good. Get you a dev who can do both.

FWIW, Emacs defaults to mixed for indentations that aren't a multiple of the tabstop.

Honestly, it's a great post, and I love the idea of low effort posts, so i hope you keep doing it.

It seems like ssh may be the problem. I feel like there should be a way to ask for a docker like experience when ssh ing. Tell it to use is specific APIs to prevent process or filesystem access outside a particular folder (possibly allowing system binaries, although that might complicate things and require vscode to push more stuff to client). Basic googling indicates some choot options in the ssh server but nothing is mentioned on 5he ssh client man page.

Although maybe the solution is to download a docker container on the remote (directly if it has access to dockehub or over an ssh connection if it doesn't) then run a docker container mounting the remote directory and connect to it over ssh.

The problem with only syncing files from the subdirectory is that you also want to be able to run &debug on the remote started by vscode. So plugins also need access to remote or to run remotely for some code observation that may be prohibitively expensive if run locally(pre sync of whole subdir)

If you’re ssh-ing as a normal user you should only be able to modify files in that users remote home directory. You don’t need all that docker stuff just stop using admin accounts for normal access.

There are ways to do this sort of thing with inetd, pam.d, etc.

« we’ve decided to just be a blog again, so: we had to learn this, and now you do too. »

This is, indeed, the way.

Good writing and fun, congrats! Is there a semi-hidden Monty Python reference in the middle?

Absolutely hilarious. My partner and I have this same conversation every two weeks.

You have definitely covered noodling