Many of these projects are set to compile only on the latest OS' which makes sandboxing even more difficult and impossible on VM, which is actually the red flag
So I sandbox but I don't get to the place of being able to run it
so they can just assume I'm incompetent and I can avoid having my computer and crypto messed up
I develop everything on Linux VMs, it has desktop, editors, build tools...
It simplifies backups and management a lot.
Host OS does not even have Browser or PDF viewer.
You could have a command like "python3.14" that will run that version of Python in a Docker container, mounting the current directory, and exposing whatever ports you want.
This way you can specify the version of the OS you want, which should let you run things a bit more easily. I think these attacks rely largely on how much friction it is to sandbox something (even remembering the cli flags for Docker, for example) over just running one command that will sandbox by default.
And I do sandbox everything, but its complicated
Many of these projects are set to compile only on the latest OS' which makes sandboxing even more difficult and impossible on VM, which is actually the red flag
So I sandbox but I don't get to the place of being able to run it
so they can just assume I'm incompetent and I can avoid having my computer and crypto messed up