| ▲ | athrowaway3z 10 hours ago | |
You'd let the pro blackhat loose in your VM on your own system? No because it's a dumb question and you don't want any stranger inside your home network regardless of firewall. The comparison you get to make is in terms of the _extra_ security this project buys you. Might I remind you of two things: - You're advocating for installing random (?kernel) level software from the internet. That by itself is a real and larger treat than any potentially insecure things my `llm` user _might_ do in the future. - User accounts security was the goto method for security for a long time. Further isolation was developed to accommodate: 'root' access for tenants, and finer resource limits controls. Neither I care to give an LLM. So we only have build in firewall and sandbox duplication as the real feature. For the latter, my experience is that it's useless on a personal device, and slows down building or requires too much cache config. I'm not installing random crap, so i can live with the risk of lan exposure. I'm happy with the maintenance/complexity/threat matrix of useradd. | ||
| ▲ | dist-epoch 9 hours ago | parent | next [-] | |
> You'd let the pro blackhat loose in your VM on your own system? AWS/GCP/Azure allow that all day every day. | ||
| ▲ | rvz 6 hours ago | parent | prev [-] | |
Until you are (or if the agent runs) one privilege escalation away from the whole system being taken over. So useradd isn't enough. | ||