HackerLangs
TopNewTrendsCommentsPastAskShowJobs

kernc

no profile record

comments

kernc
·3 maanden geleden·discuss
Why would they care to empower competitors?
kernc
·4 maanden geleden·discuss
`sandbox-venv` is a small shell script that sandboxes Python virtual environments in separate Linux namespaces using Bubblewrap (and soon using only command `unshare`, bringing the whole script down to effectively 0 deps).

https://github.com/sandbox-utils/sandbox-venv
kernc
·4 maanden geleden·discuss
Did you also manage to enable menu icons?
kernc
·4 maanden geleden·discuss
Let everyone be reminded how joyful GIMP 2.10 menus used to look ...

https://i.imgur.com/nVyMQBt.png
kernc
·5 maanden geleden·discuss
Probably not. Maybe Bubblewrap and sandbox-run. It's an anything-is-already-way-better-than-nothing type of thing.

[0]: https://github.com/containers/bubblewrap

[1]: https://github.com/sandbox-utils/sandbox-run
kernc
·5 maanden geleden·discuss
As a heads up and affirmation that the approach is correct, here's a small shell bubblewrap wrapper that boils the command line down to `sandbox-run claude --dangerously-skip-permissions`.

https://github.com/sandbox-utils/sandbox-run
kernc
·5 maanden geleden·discuss
Other actionable insights are:

- Merge amendments up into the initial prompt.

- Evaluate prompts multiple times (ensemble).
kernc
·6 maanden geleden·discuss
It being deprecated and all, didn't feel like wrapping it, but macOS supposedly has a similar `sandbox-exec` command ...
kernc
·6 maanden geleden·discuss
> Linux-only

What other dev OSs are there?

> once privileges are dropped [...] it doesn't appear to be possible to reinstate them

I don't understand. If unprivileged code could easily re-elevate itself, privilege dropping would be meaningless ... If you need to communicate with the outside, you can do so via sockets (such as the bind-mounted X11 socket in one of the readme Examples).
kernc
·6 maanden geleden·discuss
Since everyone tends to present their own solution, I bid you mine:

    sandbox-run npx @anthropic-ai/claude-code
This runs npx (...) transparently inside a Bubblewrap sandbox, exposing only the $PWD. Contrary to many other solutions, it is a few lines of pure POSIX shell.

https://github.com/sandbox-utils/sandbox-run
kernc
·7 maanden geleden·discuss
I wrote myself a handy and generalized bwrap-wrapping script: https://github.com/sandbox-utils/sandbox-run
kernc
·8 maanden geleden·discuss
No.1: Run untrusted code in a sandbox! https://github.com/sandbox-utils/sandbox-venv
kernc
·8 maanden geleden·discuss
Now that everyone is kindly on board, IBM can finally bury this standard. /s
kernc
·8 maanden geleden·discuss
What are the reasons for Snapchat? :.
kernc
·8 maanden geleden·discuss
> alias npm=...

I use sandbox-run: https://github.com/sandbox-utils/sandbox-run

The above simple alias may work for node/npm, but it doesn't generalize to many other programs available on the local system, with resources that would need to be mounted into the container ...
kernc
·9 maanden geleden·discuss
Local-first (on Lunix), POSIX shell: https://github.com/sandbox-utils/sandbox-run
kernc
·9 maanden geleden·discuss
A simple zero-config alternative using Linux-native containers seems to be sandbox-venv [1] for Python and sandbox-run [2] for npm ...

[1]: https://github.com/sandbox-utils/sandbox-venv [2]: https://github.com/sandbox-utils/sandbox-run
kernc
·9 maanden geleden·discuss
> This might be a red flag for Persona service itself as it might contain serious flaws and security vulnerabilities that Cyber criminals are relying on

Persona seems to rely solely on NFC with a national passport/ID, so simply stolen documents would work for a certain duration ...
kernc
·9 maanden geleden·discuss
You can use special a Unicode strikethrough glyphs such as available in https://efck-chat-keyboard.github.io
kernc
·10 maanden geleden·discuss
Is exactly why I composed bubblewrap-based sandbox-venv for Python: https://github.com/kernc/sandbox-venv

Dangerous times we live in.