[gopher_space]

Once I noticed that models will treat lack of superuser access as an obstacle I moved all of the agent crap to its own machine. Watching some mid-tier offering chain together tools like its a gorilla escaping the zoo and I'm just not going to deal with that situation.

[overfeed]

I'm more worried about my `~/.aws` and `~/.ssh` folders. People who use IDE-based AI tooling with IDEs that support dev-containers have no excuse for not leveraging dev containers, both for preventing agents losing your data and defending against secrets-harvesting supply-chain attacks

[l23k4]

Using containers as a security boundary is inexcusable.

[overfeed]

That entirely depends on one's threat-model. Also, containerization is 100x better than rawdogging.

[l23k4]

> That entirely depends on one's threat-model

I think not, virtualization has such low overhead now that there's just no excuse. It's generally trivial to switch from containers to VMs.

[koolala]

It is excusable if all you care about is blocking sudo access while letting the ai use a pseudo sudo.

[rafterydj]

Could you elaborate on this?

[l23k4]

The cost-benefit ratio of using VMs over containers is very high. You trade negligible overhead for an actual security boundary.

Containers don't provide good isolation and tend to be trivial to break out of.

[sersi]

It's why all of my agent run in a vm. I refuse to have it run on my own machine. Claude code once managed to render the vm unbootable, I was back in action 5 minutes later after regenerating the vm

[mancerayder]

What were you trying to tell it to do?

I recently took the risk there by having it run xattr commands to fix some MacOS bug with Tahoe that broke auto update for what seems like all software.

[sersi]

oh I just told it it could install any dependencies it needed. To be fair, the VM runs arch linux and well arch does come with foot guns.