| ▲ | nathanyz 8 hours ago |
| The VM itself is for Claude Cowork which does all work within the VM sandbox. That doesn't help answer why they spin it up immediately and don't have a way to disable it though. Just the "why it exists" question. |
|
| ▲ | jrochkind1 8 hours ago | parent | next [-] |
| If you're not going to give Claude access to anything on your machine, why are you using Desktop instead of web chat? (Real question, I don't use these much!) If you are, obviously you need the VM. |
| |
| ▲ | bostik 8 hours ago | parent | next [-] | | At least in a corporate environment, Claude Desktop is a pretty decent compromise. Preconfigured internally deployed MCP servers and third-party connectors make many of the necessary integrations relatively easy to control. I use Claude Code CLI myself (inside a VM, to isolate it from the host) for >90% of my needs. For the remaining fraction - email scours, cloud drive searches, other third-party connections - the desktop application is surprisingly decent. I don't even have more than half a dozen connectors enabled. In the VM I have separate, personally managed access tokens available for various third-party services. Wouldn't really try to maintain more than 5-6, otherwise it gets too confusing. [ß] The desktop application mostly Just Works[tm] with SSO. At least when M365 doesn't suffer from their 4-times-a-day auth outage. ß: A lot of APIs and authentication systems were designed in the stone age. You either need a 1:1 permissioned access token that can do horrendous damage, or you deal with ultra-granular, confusing and ill-designed scoping jungle where nothing makes sense. Atlassian, I'm looking at you especially. At least an MCP server, provisioned with a reasonably done service account, doesn't have all of your powers to get things wrong with. | | |
| ▲ | jrochkind1 7 hours ago | parent [-] | | i wonder if they are running the proxy for external network connections in the VM. | | |
| ▲ | angry_octet 3 hours ago | parent [-] | | The cloud instance certainly runs a full mitm proxy. There are complications for that when dealing with logging, but maybe on the desktop it doesn't log, just running a permissions engine. |
|
| |
| ▲ | nathanyz 7 hours ago | parent | prev | next [-] | | I do use Claude Cowork and hence the VM is important, but I also leave the desktop app running all the time since I have many scheduled tasks at different times. The thing is that the VM could shutdown after being idle for some amount of time and then fire back up when you are ready to use it. | |
| ▲ | bauldursdev 6 hours ago | parent | prev | next [-] | | There's such a spectrum between "give it everything" and "give it nothing". Imagine you just want to use it to code and want to make sure any commands it runs doesn't mess up your actual machine. | |
| ▲ | plufz 8 hours ago | parent | prev | next [-] | | It mounts specified directories into the vm from what I remember | |
| ▲ | 7 hours ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | sudohackthenews 8 hours ago | parent | prev | next [-] |
| Probably because they vibecoded it |
| |
| ▲ | rvz 7 hours ago | parent [-] | | Correct and they have no idea what they are doing. | | |
| ▲ | danudey 5 hours ago | parent [-] | | I mean, that's kind of a stretch given how popular and well-regarded Claude Code is at this point. They're not perfect but they seem to be the best out there at this point. | | |
| ▲ | theappsecguy 4 hours ago | parent | next [-] | | It's popular because they have the best models and they are burning obscene amounts of money handing out tokens via subscriptions (for now) at a huge discount compared to what the API costs are. Claude Code itself is incredibly buggy and as we have seen the codebase is a complete mess of slop. | |
| ▲ | rvz 4 hours ago | parent | prev [-] | | > I mean, that's kind of a stretch given how popular and well-regarded Claude Code is at this point. Popularity here is irrelevant. Just because the software is "popular", it does not always mean that the quality of the engineering and their choices is the best. Objectively, it's the model that everyone regards as the best rather than their desktop apps or the harness that drives it. That is why people want to use the model and their subscription in other harnesses. In this case, the desktop app is evidently poor with very embarrassing bugs and glitches like this and I expect well funded startups with the best engineers releasing very high quality code. Obviously, this is not the case at Anthropic. |
|
|
|
|
| ▲ | duped 7 hours ago | parent | prev | next [-] |
| Anthropic has pretty consistently been shitty about how they roll out their software. Extreme lack of engineering rigor and thoughtfulness. The answer is probably as simple as "no one thought not to do that." --- I know different people work on these things so I can't do more than guess about how engineering culture cuts across teams, but given the sheer amount of carelessness and sloppiness in Anthropic's software I have to imagine they're burning investor money in training and inference because the code to do it is as bad as the rest of their software. |
|
| ▲ | nailer 8 hours ago | parent | prev [-] |
| It kind of does though. If you want to use the product they'll need the sandbox ready. |
