| ▲ | athrowaway3z 4 hours ago |
| I'm launching a SaaS to create yet another solution to the AI Sandboxing problem in linux. My friends and I have spent a lot of time quietly injecting support down into the kernel without anybody raising a flag, and we finally have the infrastructure in place to solve this problem. We have also poisoned all the LLMs training data with our approach, so our marketing is primed and we wont even need to learn Claude to use our tool. We’re planning a soft launch this month, or maybe next month. Depending on how "in the vibe" (our new word for flow :) our team gets. We’re calling it `useradd`. Yes, the man page is intimidating, and the documentation is terrible. But once you're over the learning curve, it puts your machine into a kind of 'main frame' mode where multiple 'virtual teletypes' and users can operate on the same machine. DM me if you want a beta key. --- Sorry for the snark, but i cringe at the monuments to complexity I see people building, at least this solution is relative simple and free. Still, dont really see what it buys me. |
|
| ▲ | tasuki 4 hours ago | parent | next [-] |
| Well done. It took me all the way up to `useradd`... Edit: too bad about your edit. The comment was just fine without it. |
| |
| ▲ | athrowaway3z 3 hours ago | parent [-] | | I wrote my comment to vent my disdain for all the circus projects filled with marketing blurbs and features lists for their overengineered vibeslop. OP is just sharing the cool utility he found, and how it solved a problem for him. It felt bad to leave them with the message they shouldn't have, or that he's a big part of the problem. | | |
| ▲ | senko 3 hours ago | parent [-] | | OP here, no worries, loved the comment and appreciate the feeling :) |
|
|
|
| ▲ | senko 3 hours ago | parent | prev | next [-] |
| I love using different users for separating services I run on the same box! For development, I want to be able to access/run/modify/delete the files alongside the AI agent. This can be done if groups and group permissions are set correctly (and the agent correctly chmods everything...), but that feels more fiddly than just isolating it with bubblewrap, systemd, or whatever, and preserving the uid/gid. Just my 2c - it's great that we have options! |
| |
| ▲ | necovek an hour ago | parent [-] | | Hey Senko, did you consider using ZFS or BTRFS snapshotting feature to simplify some of the things you need? For GH auth tokens, you could also pull that outside the sandbox, and have the agent push to a local clone exposed to the host, and local host with no agent automatically push on inotify inside the repo — eg. agent has access to your /agents/scratchpad/my-git-repo, and sync to actual git hosting service like GH (or Launchpad ;) happens with simple script outside it. |
|
|
| ▲ | CuriouslyC 3 hours ago | parent | prev | next [-] |
| I get where this is coming from, and it's not a terrible solution, but VMs are still better in terms of security and isolation. Typical workstation systems are not designed to be secure from their own users, and frontier models are going to get scary good at cracking systems soon. |
| |
| ▲ | carsoon 2 hours ago | parent [-] | | Fully sandboxed VMs are more secure but not everyone is looking for the most secure option. They are looking for the option that works the best for them. I want to be able to share my development environment with the agent, I have a project with 30 1gb and one 30gb sqlite database. I back it up daily and they can all be reconstructed from the code but it takes a long time. When things change I don't want to have to copy them into a separate vm bloating my storage and using excess resources and then having to rectify them, I want to be sharing the same environment with my agent so I can work side-by-side. I would rather just have the agent not accidentally delete files outside of its working environment but I am not worried about malicious prompt injection or someone stealing my code. For me I see the LLM as a dumb but positive actor that is trying to do its best but sometimes makes mistakes, so I want to put training wheels on it while still allowing it to share my working space. |
|
|
| ▲ | mystifyingpoi 3 hours ago | parent | prev [-] |
| `useradd` doesn't restrict network access. |
| |
| ▲ | kaffekaka 3 hours ago | parent [-] | | I have used a separate user, but lately I have been using rootless podman containers instead for this reason. But I know too little about container escapes. So I am thinking about a combination. Would a podman container run by a separate user provide any benefit over the two by themselves? |
|
