Remix.run Logo
exitb 7 hours ago

Intricate sandboxing is a real solution in the same way bulletproof backpacks are a real solution to school shootings.

bdavbdav 7 hours ago | parent [-]

It’s not that intricate. A very simple docker and alias setup will get you an ephemeral container with your Claude (or whatever) config and the current wd bind mounted in. That’s a pretty good start.

Or, the internal sandboxing.

Yizahi 2 hours ago | parent [-]

You can sandbox a software codebase, you can sandbox a directory with documents. You can't sandbox internet access for any real network task. You can't sandbox any shared or public service. You can't sandbox you actual accounts to non-local services.

Sure, for IT crowd containers are a no-brainer and due to existence of validation software like compilers, linters, interpreters, analyzers etc. using LLMs is efficient, safe and rational.

But the problem is that they are also advertised to the remaining 99% of population too. You can't sandbox a bank, a broker or an exchange. You can't sandbox your email, calendar and other such tools (you can, but not in any way that will be used by non-IT people in any real work conditions). You can't sandbox messengers, social networks etc. And the list goes on. These people will either use so called "agents" in production under root, so to speak, or they won't use "agents" at all. They have no safety option, and they aren't properly informed about that by the peddlers of the LLM rapture.