| ▲ | k8sToGo 7 hours ago |
| Why do people run and install these agents locally? No container nothing. I am running Opencode in WSL2 with the windows mounts disabled. |
|
| ▲ | butlike 7 hours ago | parent | next [-] |
| So the idea is that these should be treated as programs in an extremely low trust environment, akin to running malware in a VM? |
| |
| ▲ | jack_pp 7 hours ago | parent | next [-] | | yes, this is basically experimental tech, if used with open source harnesses. if used with proprietary harnesses, treat as actual malware. | | |
| ▲ | k8sToGo 7 hours ago | parent | next [-] | | Technically open source harness like opencode is more "malwarey" than claude code for example because its default permissions are very open. | | |
| ▲ | arandomhuman 5 hours ago | parent [-] | | I disagree with this, Claude code does many malware like things and has its source obfuscation. Plan mode doesn’t even work. |
| |
| ▲ | butlike 7 hours ago | parent | prev | next [-] | | I never thought about it in that extreme, but just today the google results ai gave me conflicting information from one search to another. Maybe I should start. P.S. the conflicting information was Keith Richard's age. One search said he was 37 Dec 18 1981, the other said he was 37 in 1980. | |
| ▲ | advael 7 hours ago | parent | prev [-] | | I treat all proprietary software as malware, though of course the risk surface varies |
| |
| ▲ | Demiurge 7 hours ago | parent | prev [-] | | Yes, I think if agents as interns with enough smarts to be dangerous. |
|
|
| ▲ | Anon1096 6 hours ago | parent | prev | next [-] |
| If the agent you are running really wanted to it could easily find a way to mount the windows folders and read them all. WSL isn't a security boundary, you are only barely more protected than people running grok in their home directory. |
| |
| ▲ | k8sToGo 6 hours ago | parent [-] | | it is not about "security" but it is more about confinement. And how could it do that without sudo rights? | | |
| ▲ | arandomhuman 5 hours ago | parent [-] | | Still, you are barely more protected than someone running this as non root at home. By your same logic you could “confine” the agent to any arbitrary directory on your filesystem and say it’s sufficient. | | |
| ▲ | k8sToGo 5 hours ago | parent [-] | | Yes, that is exactly the point I am making. The agent / cli is confined within the WSL2 environment. How is it "barley" protected? Neither you nor the other guy have yet answered this question. I never claimed WSL2 is a security sandbox. I am saying running it in a container or WSL2 allows you to severly limit the blast radius. I am not expecting the agent to be malicious, but I am expecting it to do unexpected things. | | |
| ▲ | arandomhuman 4 hours ago | parent [-] | | That’s a fair approach, thanks for elaborating. I think the main point of contention is there is an expectation this software should be more reliable, that doesn’t take away from your approach, running close sourced software like a harness (or operating system) is asking for problems. |
|
|
|
|
|
| ▲ | denysvitali 7 hours ago | parent | prev [-] |
| Same reason one uses VSCode locally |