[SpaceNoodled]

This feels like using Docker is just inherently unsafe.

[LeFantome]

The fact that Docker is unsafe was one of the core motivations for Podman.

[Leynos]

Was gonna say, "why not podman?"

[hgomersall]

No, using AI tools not in an effective sandbox is inherently unsafe.

[cassianoleal]

Both can be true.

[vitally3643]

Yes, that's why they warn you about it.

[dymk]

That’s what rootless docker is for

[antonkochubey]

rootless docker's networking (slirp4netns) is still terribly buggy and in edge cases often locks up using 100% CPU until you discover that your laptop is a lapwarmer and kill it

[Helmut10001]

I found it pretty reliable and use it across all my docker projects, development and production.

[itintheory]

This feels like using sudo is just inherently unsafe.

[gruez]

This but unironically. There's no way to ensure that nobody overwrote your .profile or .bashrc with a backdoored sudo that steals your password, or runs your command and then runs an evil command afterwards.

[zahlman]

`which sudo`?

`/usr/bin/sudo`?

[bestham]

If they can override sudo, they can override which.

[antonkochubey]

if you use \which it'll always be a shell built-in ;) though someone can put a different shell in your .zshrc

[jolmg]

  $ which() { echo foo; }
  $ \which
  foo

The backslash only prevents alias expansion.

[bandie91]

`exec /tmp/fake-bash` in bashrc to intercept everything?

[zbentley]

Then use the absolute path.

[jjmarr]

It is. That's why SELinux and AppArmor were invented.

Instead of having "root" and "user", both of these provide sets of permissions that can be granted to apps.

In this case, SELinux would've stopped this. Codex could've still relabelled the files when mounting but this can be blocked for sensitive directories like /etc.

[alsetmusic]

This feels like using a computer is inherently unsafe.

On the plus side, once we outlaw them we'll shut down the ability for conspiratorial thinking to spread easily and the world will slowly heal from the last couple of decades (the previous one in particular).

Hooray! We're finally doing something about the harms of social media. Smash your computer today!

[LeFantome]

Safety meeting. Nobody works, nobody gets hurt.

[DANmode]

Ah yes, it’s the conspiratorial thinking dividing society,

not humans being humans,

not the people at the highest echelons of society being corrupt (Epstein called).

It’s the people trying to piece that evil together so they know what to tell their kids - they’re the problem.

Sure.

[b65e8bee43c2ed0]

I think we're only a few decades away from these things being said unironically.

[TheRoque]

It's already here, mobile OSes are just computers with ton of guardrails and you can't do whatever you want with it, for the sake of security. I mean we almost got an Android where you can't install the APK you want.

[rmunn]

Where's that guy with the ButlerianJihad username when you need him?