Hopefully you've already thought this through and you left out all of the copious complex security details of the sandboxing out of this announcement.
But just in case you haven't:
- containers don't provide the best sandboxing on their own
- if I get sufficient privilege in your container, I can read/write directly to the device nodes inside the container to impact the host
- you should also fear cryptocurrency miners burning your cycles
But, kudos to you -- this looks like a really neat feature. A quick skim of your homepage seems to suggest that sandboxing should be core to your product's success, so I'll just hope for the best. :)
I love this, but I worry about longevity -- if we convert all our code snippets to this, and then this dies, all the older blog posts become useless. You'd be surprised how many reads even 5+ year old blog posts can get.
One of the nice things about the way we do things with RunKit embeds (https://runkit.com/docs/embed) is that the code lives in your site, not on ours. The API generates the embed the same way something like highlight.js generates syntax-colored code on your site. That means if we're ever down, your site gracefully degrades to a not-runnable snippet, as opposed to merely disappearing like this seems to or with embedded gists.
The code running part seems to have been hugged to death, but I like the idea. Any chance the snippets could be made to run locally, either on my own server, or better yet within the user's browser itself?
Well, there is http://code.runnable.com/ which does something similar. I don't remember if it outputted a dockerfile, but I do know it runs everything inside docker. I used to work at the company.
> Our platform uses Docker images to run the code, so you can use code snippets in virtually any technology. A lot of contributors have already made the most of our technology and have crafted playgrounds of impressive quality.
Hopefully you've already thought this through and you left out all of the copious complex security details of the sandboxing out of this announcement.
But just in case you haven't:
- containers don't provide the best sandboxing on their own
- if I get sufficient privilege in your container, I can read/write directly to the device nodes inside the container to impact the host
- you should also fear cryptocurrency miners burning your cycles
But, kudos to you -- this looks like a really neat feature. A quick skim of your homepage seems to suggest that sandboxing should be core to your product's success, so I'll just hope for the best. :)