HackerTrans
TopNewTrendsCommentsPastAskShowJobs

corv

1,163 karmajoined hace 12 años

Submissions

A field guide to sandboxes for AI

luiscardoso.dev
3 points·by corv·hace 6 meses·0 comments

comments

corv
·hace 5 horas·discuss
A successful example of reigning in progress: electric bicycles intentionally speed limited for safety
corv
·hace 9 días·discuss
Netherlands actually
corv
·hace 16 días·discuss
The 'flash vs html5' chart looks strange juxtaposed with that conclusion
corv
·el mes pasado·discuss
Less space than a nomad. Lame.

To be fair, I find the term to be as contrived as “performant”
corv
·hace 3 meses·discuss
The iPad + keyboard combo is typically as heavy or even heavier than a laptop. It's certainly more expensive and restrictive. I have agree with the author's thesis here
corv
·hace 3 meses·discuss
As a Pythonista I tend to agree. I had high hopes for Mojo but it's taking its due time to become usable outside the narrow focus of GPU programming, whereas Nim fits multiple niches surprisingly well.
corv
·hace 3 meses·discuss
https://flugschriften.com/wp-content/uploads/2020/07/flugsch...
corv
·hace 4 meses·discuss
Really enjoying this so far!

I’ve replaced about 900 lines of raw SQL and got validation and dashboard for free.

The only gotcha I ran into is that Ty didn’t recognize some of the generated types, but that’s also a young project so I’m willing to turn a blind eye.

Really solid, thank you
corv
·hace 4 meses·discuss
This wasn't a judgement on systemd but the fact stands that Linux has long abandoned POSIX compatibility, udev being another prominent example.

I'd say this is what ultimately drives monoculture, which is a shame because diversity from glibc (e.g. musl et al.) and other major components could make critical infrastructure more resilient overall
corv
·hace 4 meses·discuss
Systemd comes to mind, although it wasn’t as dominant initially
corv
·hace 5 meses·discuss
Python is obviously too slow for web-scale
corv
·hace 5 meses·discuss
When their questionnaire asked me for feedback I specifically mentioned that I hoped they would not reduce visibility to the point of Github Actions.

I guess that fell on deaf ears.
corv
·hace 5 meses·discuss
I’ve heard this before that common doses are unnecessarily high but why is that? Patents?
corv
·hace 6 meses·discuss
Really goes to say something about starving artists
corv
·hace 6 meses·discuss
I happen to use a Mac, even when targeting Linux so I'd have to use a container or VM anyways. It's nice how lightweight bubblewrap would be however.

Consider one wanted to replicate the human-approval workflow that most agent harnesses offer. It's not obvious to me how that could be accomplished by dropping privileges without an escape hatch.
corv
·hace 6 meses·discuss
I like the bubblewrap approach, it just happens to be Linux-only unfortunately. And once privileges are dropped for a process it doesn't appear to be possible to reinstate them.
corv
·hace 6 meses·discuss
You're right that blocking on every operation would defeat the purpose! Shannot is able to auto-approve safe operations for this reason (e.g. read-only, immutable)

So the agent can freely explore, check logs, list files, inspect service status. It only blocks when it wants to change something (install a package, write a config, restart a service).

Also worth noting: Shannot operates on entire scripts, not individual commands. The agent writes a complete program, the sandbox captures everything it wants to do during a dry run, then you review the whole batch at once. Claude Code's built-in controls interrupt at each command whereas Shannot interrupts once per script with a full picture of intent.

That said, you're pointing at a real limitation: if the fix genuinely requires a write to test a hypothesis, you're back to blocking. The agent can't speculatively install a package, observe it didn't help, and roll back autonomously.

For that use case, the OP's VM approach is probably better. Shannot is more suited to cases where you want changes applied to the real system but reviewed first.

Definitely food for thought though. A combined approach might be the right answer. VM/scratch space where the agent can freely test hypotheses, then human-in-the-loop to apply those conclusions to production systems.
corv
·hace 6 meses·discuss
Thank you, good to know it landed :)
corv
·hace 6 meses·discuss
I'm pursuing a different approach: instead of isolating where Claude runs, intercept what it wants to do.

Shannot[0] captures intent before execution. Scripts run in a PyPy sandbox that intercepts all system calls - commands and file writes get logged but don't happen. You review in a TUI, approve what's safe, then it actually executes.

The trade-off vs VMs: VMs let Claude do anything in isolation, Shannot lets Claude propose changes to your real system with human approval. Different use cases - VMs for agentic coding, whereas this is for "fix my server" tasks where you want the changes applied but reviewed first.

There's MCP integration for Claude, remote execution via SSH, checkpoint/rollback for undoing mistakes.

Feedback greatly appreciated!

[0] https://github.com/corv89/shannot
corv
·hace 6 meses·discuss
Looks like the underdog beats it handily and easier deployment to boot. What's the catch?