HackerLangs
TopNewTrendsCommentsPastAskShowJobs

kernc

no profile record

comments

kernc
·há 3 meses·discuss
Why would they care to empower competitors?
kernc
·há 4 meses·discuss
`sandbox-venv` is a small shell script that sandboxes Python virtual environments in separate Linux namespaces using Bubblewrap (and soon using only command `unshare`, bringing the whole script down to effectively 0 deps).

https://github.com/sandbox-utils/sandbox-venv
kernc
·há 4 meses·discuss
Did you also manage to enable menu icons?
kernc
·há 4 meses·discuss
Let everyone be reminded how joyful GIMP 2.10 menus used to look ...

https://i.imgur.com/nVyMQBt.png
kernc
·há 5 meses·discuss
Probably not. Maybe Bubblewrap and sandbox-run. It's an anything-is-already-way-better-than-nothing type of thing.

[0]: https://github.com/containers/bubblewrap

[1]: https://github.com/sandbox-utils/sandbox-run
kernc
·há 5 meses·discuss
As a heads up and affirmation that the approach is correct, here's a small shell bubblewrap wrapper that boils the command line down to `sandbox-run claude --dangerously-skip-permissions`.

https://github.com/sandbox-utils/sandbox-run
kernc
·há 5 meses·discuss
Other actionable insights are:

- Merge amendments up into the initial prompt.

- Evaluate prompts multiple times (ensemble).
kernc
·há 6 meses·discuss
It being deprecated and all, didn't feel like wrapping it, but macOS supposedly has a similar `sandbox-exec` command ...
kernc
·há 6 meses·discuss
> Linux-only

What other dev OSs are there?

> once privileges are dropped [...] it doesn't appear to be possible to reinstate them

I don't understand. If unprivileged code could easily re-elevate itself, privilege dropping would be meaningless ... If you need to communicate with the outside, you can do so via sockets (such as the bind-mounted X11 socket in one of the readme Examples).
kernc
·há 6 meses·discuss
Since everyone tends to present their own solution, I bid you mine:

    sandbox-run npx @anthropic-ai/claude-code
This runs npx (...) transparently inside a Bubblewrap sandbox, exposing only the $PWD. Contrary to many other solutions, it is a few lines of pure POSIX shell.

https://github.com/sandbox-utils/sandbox-run
kernc
·há 7 meses·discuss
I wrote myself a handy and generalized bwrap-wrapping script: https://github.com/sandbox-utils/sandbox-run
kernc
·há 8 meses·discuss
No.1: Run untrusted code in a sandbox! https://github.com/sandbox-utils/sandbox-venv
kernc
·há 8 meses·discuss
Now that everyone is kindly on board, IBM can finally bury this standard. /s
kernc
·há 8 meses·discuss
What are the reasons for Snapchat? :.
kernc
·há 8 meses·discuss
> alias npm=...

I use sandbox-run: https://github.com/sandbox-utils/sandbox-run

The above simple alias may work for node/npm, but it doesn't generalize to many other programs available on the local system, with resources that would need to be mounted into the container ...
kernc
·há 9 meses·discuss
Local-first (on Lunix), POSIX shell: https://github.com/sandbox-utils/sandbox-run
kernc
·há 9 meses·discuss
A simple zero-config alternative using Linux-native containers seems to be sandbox-venv [1] for Python and sandbox-run [2] for npm ...

[1]: https://github.com/sandbox-utils/sandbox-venv [2]: https://github.com/sandbox-utils/sandbox-run
kernc
·há 9 meses·discuss
> This might be a red flag for Persona service itself as it might contain serious flaws and security vulnerabilities that Cyber criminals are relying on

Persona seems to rely solely on NFC with a national passport/ID, so simply stolen documents would work for a certain duration ...
kernc
·há 9 meses·discuss
You can use special a Unicode strikethrough glyphs such as available in https://efck-chat-keyboard.github.io
kernc
·há 10 meses·discuss
Is exactly why I composed bubblewrap-based sandbox-venv for Python: https://github.com/kernc/sandbox-venv

Dangerous times we live in.