The iPad + keyboard combo is typically as heavy or even heavier than a laptop. It's certainly more expensive and restrictive. I have agree with the author's thesis here
As a Pythonista I tend to agree. I had high hopes for Mojo but it's taking its due time to become usable outside the narrow focus of GPU programming, whereas Nim fits multiple niches surprisingly well.
I’ve replaced about 900 lines of raw SQL and got validation and dashboard for free.
The only gotcha I ran into is that Ty didn’t recognize some of the generated types, but that’s also a young project so I’m willing to turn a blind eye.
This wasn't a judgement on systemd but the fact stands that Linux has long abandoned POSIX compatibility, udev being another prominent example.
I'd say this is what ultimately drives monoculture, which is a shame because diversity from glibc (e.g. musl et al.) and other major components could make critical infrastructure more resilient overall
I happen to use a Mac, even when targeting Linux so I'd have to use a container or VM anyways. It's nice how lightweight bubblewrap would be however.
Consider one wanted to replicate the human-approval workflow that most agent harnesses offer. It's not obvious to me how that could be accomplished by dropping privileges without an escape hatch.
I like the bubblewrap approach, it just happens to be Linux-only unfortunately. And once privileges are dropped for a process it doesn't appear to be possible to reinstate them.
You're right that blocking on every operation would defeat the purpose! Shannot is able to auto-approve safe operations for this reason (e.g. read-only, immutable)
So the agent can freely explore, check logs, list files, inspect service status. It only blocks when it wants to change something (install a package, write a config, restart a service).
Also worth noting: Shannot operates on entire scripts, not individual commands. The agent writes a complete program, the sandbox captures everything it wants to do during a dry run, then you review the whole batch at once. Claude Code's built-in controls interrupt at each command whereas Shannot interrupts once per script with a full picture of intent.
That said, you're pointing at a real limitation: if the fix genuinely requires a write to test a hypothesis, you're back to blocking. The agent can't speculatively install a package, observe it didn't help, and roll back autonomously.
For that use case, the OP's VM approach is probably better. Shannot is more suited to cases where you want changes applied to the real system but reviewed first.
Definitely food for thought though. A combined approach might be the right answer. VM/scratch space where the agent can freely test hypotheses, then human-in-the-loop to apply those conclusions to production systems.
I'm pursuing a different approach: instead of isolating where Claude runs, intercept what it wants to do.
Shannot[0] captures intent before execution. Scripts run in a PyPy sandbox that intercepts all system calls - commands and file writes get logged but don't happen. You review in a TUI, approve what's safe, then it actually executes.
The trade-off vs VMs: VMs let Claude do anything in isolation, Shannot lets Claude propose changes to your real system with human approval. Different use cases - VMs for agentic coding, whereas this is for "fix my server" tasks where you want the changes applied but reviewed first.
There's MCP integration for Claude, remote execution via SSH, checkpoint/rollback for undoing mistakes.