from Hacker News

Developing inside a virtual machine

by disintegrator on 12/29/24, 5:51 PM with 143 comments

  • by cranium on 1/2/25, 4:28 PM

    (Tangentially related) I had to run the desktop version of Excel to develop a quick VBA macro for a client. Problem: I've been developing on a Linux box for years and the idea of leaving my cozy dev environment for a plain Windows install gave me chills.

    After failing to install Windows in a VM (thanks TPM), I found a way to run Windows apps nearly natively (https://github.com/winapps-org/winapps). It works by starting a Windows docker image and streaming the application frame with RDP. As the RDP client handles the copy/paste and other niceties such as shared directories, it's way easier to integrate in my env than the other options.

  • by nneonneo on 1/1/25, 11:58 PM

    You can use pbcopy/pbpaste in a Linux VM on Mac by making a shell script wrapper in the VM that calls “ssh mac-host pb{copy|paste}” - that is, basically ssh back from the guest to the host to use its clipboard. It’s seamless and fast since it’s basically a local network connection.

    My specific setup is that I use an authorized_keys entry on the host that restricts the guest to running a specific command, which limits what a compromised guest can do to the host. The command is set to a script that has a list of specific permitted actions. This is a good option if you’re looking for a bit of additional isolation between host and guest.

  • by apt-apt-apt-apt on 1/2/25, 2:32 AM

    I accidentally typed 'npm install axioss' (extra s typo) this morning.

    When it successfully installed, it was terrifying to think that all source code, private files were instantly shared with malicious actors. Not only that, there was the prospect of having to somehow wipe and ensure all files were clean, reinstall the OS, and the possibility of some bootloader remnant still lurking.

    In this case, it seems that a security package had replaced a previous malicious package, making this instance benign. But it feels like I am only one typo away from an absolute catastrophe every time I install a package.

    VM seems like a good way to add some protection.

  • by Abishek_Muthian on 1/2/25, 8:49 AM

    I do a switcharoo, I develop for iOS inside a macOS VM with Linux host.

    After a 5 years hiatus I started developing mobile apps again and I was frustrated to learn that Apple doesn't allow renewing the developer license on web anymore, I don't own a Mac and even Apple developer app on iPhone didn't allow me to renew my license.

    After I signed into a macOS VM, I was able to renew my license through Apple Developer App on iPhone as macOS version of the app requires T2 chip.

    Now I have PTSD flashbacks of why I left mobile development in first place.

  • by TowerTall on 1/2/25, 6:39 AM

    I run my entire work computer inside of a VM. I work from home and have a powerfull desktop i use for my private stuff hooked up to my 3 monitors. My work pc is a vmware vm running inside of vmware pro. I can minimize the work vm and work it out my sight or I can selective choose that the vm should use 1, 2 or 3 monitors and it is easy to switch back and forth between work and private without have any work related data on my private desktop. The work vm is domain joined, o365 enterprise joined and loocked down in ridicilous ways by cooperate IT but now i can run that from my private powerfull PC without worring that corp IT messes up my private computer.

  • by moritonal on 1/1/25, 10:07 PM

    Thr Dev Container ecosystem for VsCode really is quite impressive at the moment. All your dev dependencies, wrapped up in a docker image per repo.

  • by mongol on 1/1/25, 10:23 PM

    I do something similar but using WSL on Windows. But something I really, really hate is dealing with special certificate handling required to pass the corporate Zscaler proxy. I think it works somewhat transparent on the Windows host, but repeating the setup in every VM is such a pain.

  • by disintegrator on 1/2/25, 12:51 AM

    Author here. Thank you for all the tips. I especially like the idea of using ssh from guest to host to enable pbcopy/pbpaste and open.

    Now I know what all the WSL users experience seamlessly with their setups. Glad I have something that comes close.

  • by mmwelt on 1/2/25, 2:26 AM

    This all looks fine for developing server apps that don't need a GUI, particularly as long as 3D accelerated graphics aren't needed. You don't even need to be using/developing a 3D game or application, just using a modern GUI without too much lag now seems to require 3D acceleration.

  • by crabbone on 1/2/25, 9:42 PM

    But why tho?

    The only kind of plausible explanation the author gives is that it's "more secure" because the imaginary attacker will have to take an extra step to get the password from the VM instead of the host OS? -- This seems like such an inconsequential / worthless benefit to jump through the hoops of running things in a VM...

    Like... I wasn't sold on this approach from the get go, and this pitch makes it sound like I was right all along?

    Other non-starter "bonuses" include not installing developer tools on your laptop that you have for... drum roll... development. Why? It's sole purpose is to be used for development, why not install development tools on it? Just doesn't make any sense...

  • by zokier on 1/2/25, 6:34 AM

    I use similar setup on Windows (with vmware/virtualbox/hyper-v at different times), which kinda highlights one additional upside: it doesn't matter that much what the host system is, you can do your work all the same regardless if it is macos/windows (or even linux). As long as it can run the vm and vscode, you are good to go. Although admittedly Apple going with aarch64 throws a small wrench in the equation.

    It is especially nice in corporate environment, where the host system is generally managed by IT and the devices are largely impersonal (standardized configuration, standardized software). You can carve out a corner to make your own and work there. <insert rant on ineffective corporate IT>

  • by gbraad on 1/2/25, 5:04 PM

    Consider using tailscale drives to expose certain folders using webdav. Have been doing this for de containers and VMs since it got demoted and since has replaced using winscp or other ways to share files

  • by tkiolp4 on 1/1/25, 11:06 PM

    Why does the author need a “remote ssh” plugin in their VSCode? I usually develop inside a VM as well, with my IDE running in the host… but what I do is to mount a shared directory for the code between the host and the VM. Works pretty fast.

    Don’t understand the need for Tailscale either. When I’m running services or dbs inside the VM, I can easily access them if needed from the host (either by IP or by the hostname I gave to the VM on start up)

  • by lizknope on 1/2/25, 12:57 PM

    Are most companies this flexible in allowing developers to install whatever they want?

    > My physical machine is a 2023 MacBook Pro with M2 Pro CPU

    > I’m using VMWare Fusion Pro

    > Quite often I’ve found developers frowning up Ubuntu and preaching for folks to use NixOS, Arch, Debian or other distros. The reality for me was Ubuntu was the fastest way to get set up and now

    I'm in integrated circuit / semiconductor design. At every big company over the last 30 years we are given a computer and we can change the desktop environment but we aren't installing our own operating system.

    The people I know in software have a common OS, compiler, and build environment. They aren't dictating what text editor you use but you aren't working on projects individually but together.

    So if everyone at the author's company is doing their own thing do they have problems integrating all the code together? "Oh you used version 2.3.4 but I used version 2.4.7 which fixed this issue, what are we using to ship with?" Or is this not a problem?

  • by sushidev on 1/2/25, 7:04 AM

    Started using code-server on a remote server. Pretty good. Going to switch working like that. Its a bit like remote vscode only that the vscode ui is also remote and served via a web browser. Coming from intellij I was surprised that the user experience in terms of responsiveness is actually better with the remote setup. IntelliJ these days just lagging on everything.

  • by raihansaputra on 1/2/25, 2:10 AM

    Are you installing the project dependencies on the VM directly or in a docker container? I'm curious how well docker on top of the Ubuntu vm works. Orbstack is great for personal use, but some companies don't want to pay for it, and this might be an alternative to have a better docker experience on macOS.

  • by mrbluecoat on 1/1/25, 10:42 PM

    If you like NixOs and virtual development environments, perhaps try https://www.jetify.com/devbox or https://flox.dev/

  • by tonymet on 1/2/25, 1:09 AM

    Windows 11 and WSL manages this well . For those developing linux apps & containers using VS Code, you'll find the Windows 11 experience to be very good. You can code against WSL which offers the more popular distros, or use HyperV to run your own custom VMs.

  • by Too on 1/2/25, 12:19 PM

    Any benefit of using a VM over docker container here? Since you seem to use the terminal only, without any graphical applications. Containers should be more lightweight and dockerfiles allow quick and reproducible changes to the guest OS.

  • by arkh on 1/2/25, 8:02 AM

    > I’ve found developers frowning up Ubuntu and preaching for folks to use NixOS, Arch, Debian or other distros.

    My setup is mostly one VM per project group / online identity. Most of them using Ubuntu. The problem is when I want to work on an old project to check how it likes new technology I tend to stumble into the "you should have kept the OS up to date" problem. Ubuntu does not make it easy to upgrade if you miss more than a year of update.

    And even if you keep up to date, they tend to break things often (loved the X11 to weyland switch when working with screen capture libraries) so new VMs are using debian.

  • by nkko on 1/3/25, 4:33 PM

    An alternative approach we're working on is Daytona (https://github.com/daytonaio/daytona) - it orchestrates dev environments on your infrastructure or even on your local machine. Oh, and it is Apache 2.0. The interesting bit is how it handles any IDE integration and various providers for running your dev envs on.

    Disclosure: I work on this project

  • by dsfsaff on 1/1/25, 10:29 PM

    I have used a Virtual Box VM with a Ubuntu guest for years and it has worked great. It's as close to the VM's in prod you can get.

  • by jareklupinski on 1/1/25, 10:12 PM

    is there a way to forward usb/serial ports from my local machine to the dev container?

    maintaining consistent firmware development environments using containers is a great idea, and current solutions involving proxying the compiled binary work well for flashing quickly, but switching back and forth between UART and Serial Debug is always more convenient when the IDE can handle it all

  • by pjmlp on 1/2/25, 8:02 PM

    At work, development with VMs has been a given since the early days of Amazon EC2 in 2010.

    Likewise when Windows 7 came out, I stop bothering with dual booting hassles and using VMare Workstation instead for whatever Linux.

    The exception being a netbook from the Asus Linux netbooks glory days, a price category nowadays replaced by tablets.

  • by amelius on 1/1/25, 10:13 PM

    Beats developing inside a docker container.

  • by rcarmo on 1/2/25, 9:42 AM

    I use Proxmox on my LAN and RDP connections to Linux and Windows desktops of various kinds. It’s great.

  • by secondcoming on 1/2/25, 1:30 PM

    If you're using a personal device for developing your employer's code always use a VM. You can just nuke the whole thing when your employment ends and not have to worry about any of their IP remaining on your machine.

  • by mootoday on 1/2/25, 9:27 AM

    Pretty sure you'd have a more lightweight experience with https://www.jetify.com/devbox.

    Happy to set it up and demo if you can share (or DM) a repo URL.

  • by firesteelrain on 1/2/25, 12:00 AM

    We have been developing code inside VMs for over 15 years at my company with various flavors of VMware on the backend and lately more moving to Azure. I assumed this was normal.

    We reach our VMs via VDI.

  • by pshirshov on 1/2/25, 11:02 AM

    I use Nix for exactly the same purpose (dependency management for code generators), that's much more efficient and easier to maintain than VMs.

  • by urronglol on 1/2/25, 1:20 PM

    Devcontainers running as non root. Trivial t set up. Don’t need to fanny around with a Vm

  • by hrtk on 1/2/25, 4:11 AM

    Have you tried Lima?

  • by TacticalCoder on 1/2/25, 12:30 PM

    Curiosity: is anyone here developing inside a VM, with GPU passthrough, and with the monitor directly connected to the GPU used by the VM? (as in: showing the UI of the VM, without any need for RDP or the like)

    Such a setup works (I'd know for I have one at home doing just that but it's not my main PC) but how's it like to work like that?

    The GPU hooked to the hypervisor can either be on another monitor or on another input (in the latter case you'd "go" to the hypervisor by changing the monitor's input).

  • by tonymet on 1/2/25, 2:16 AM

    For the rest of you, don't be fooled by Darwin, it's a dusty BSD in Linux clothing