Mastodawn

Maybe not-so-hot take: the AI agents we have cannot be trusted, and must be put in a cage.

https://metallapan.se/blog/2026-04-27-agent-in-prison/

AI agents belong in prison

Last Friday, Opus, which I had allowed `terraform plan` permissions to help troubleshoot some integration, suddenly asked to do `terraform apply` even though the plan showed that a production database would get deleted and recreated (😱), even if I had explicitly instructed it to help me investigate only, and change nothing. Because it at least asked, catastrophe was averted, but it did get my pulse up. The problem of course is not really the model, any model can go off the reservation. The problem was that I had given the agent (part of) my own access for a bit of convenience - and if you run your LLM with access to ~/.ssh, ~/.config/gcloud, ~/.aws, and your kubeconfig, it may hallucinate your production env away.

Metallapan AB

Gea-Suan Lin Mar 6

https://blog.gslin.org/archives/2026/03/07/12921/macos-%e4%b8%8a%e7%94%a8-sandbox-exec-%e9%9a%94%e9%9b%a2/

macOS 上用 sandbox-exec 隔離

#agent #app #apple #bubblewrap #bwrap #coding #design #exec #guide #linux #macos #sandbox #SandboxExec #security

macOS 上用 sandbox-exec 隔離

上上禮拜看到「sandbox-exec: macOS's Little-Known Command-Line Sandboxing Tool (via)」這個感到興趣，主要是因為有跑 coding agent 的需求，在 Linux 上可以透過 bubblewrap 隔離 (參考「Linux 下用 bubblewrap (bwrap) 跑 Claude Code」)，但 macOS 上沒有 bubblewrap，所以需要另外找工具，看起來就是這個了。 Hacker News 上有人提到 deprecated 的問題，從 2017 年就已經是 deprecated 了...

Gea-Suan Lin's BLOG

UrlRoulette Feb 20

Our Weekly Update #62 is live! 🎥✨

Watch now: https://youtu.be/1NfNykcpIks
Don’t forget to subscribe & hit the bell 🔔!

Subscribe to our weekly newsletter!
👉 https://urlroulette.net/newsletter/subscribeform 🚀

#bubblewrap #homepage #comics #virtualracing #flighttracker

🔗 UrlRoulette TV Episode #62! 🌟

YouTube

Show thread

Yann Büchau

Feb 18

Now I'm thinking about a new strategy:

- stop service
- make #btrfs snapshot (seconds at max)
- restart service
- run #borgBackup from snapshot, but via #bubbleWrap so it sees it as the original path and inodes for consistency&performance!
- run as many borg backups as desired to any remote, even in parallel, as the service is running again

Thoughs?

#nixos

Gea-Suan Lin Feb 16

https://blog.gslin.org/archives/2026/02/16/12894/linux-%e4%b8%8b%e7%94%a8-bubblewrap-bwrap-%e8%b7%91-claude-code/

Linux 下用 bubblewrap (bwrap) 跑 Claude Code

#bubblewrap #bwrap #claude #code #linux #security

Linux 下用 bubblewrap (bwrap) 跑 Claude Code

避免 Claude Code 在全自動模式下 (--dangerously-skip-permissions) 爆炸的時候把一堆東西給弄炸，一般會用 container 環境包起來，不過在 Linux 下可以用 bubblewrap 這樣更清量的工具限制，調整了一陣子，算是穩下來了，我會包一個 ~/bin/claude...

Gea-Suan Lin's BLOG

AI Sparkup Feb 7

AI 에이전트 코드 실행의 딜레마, 샌드박싱으로 안전하게 해결하는 법

AI 에이전트가 생성한 코드를 안전하게 실행하는 샌드박싱 기법. bubblewrap 로컬 격리와 Deno Sandbox의 네트워크 제어·시크릿 보호를 소개합니다.

https://aisparkup.com/posts/8954

UrlRoulette Feb 5

🔗 UrlRoulette URL of the Day #430! 🌟

Virtual bubble wrap - burst them all!
Online bubble wrap popping, a stress-relief satisfying web app. Pop bubbles non-stop.

This is our URL of the day 👉 https://urlroulette.net/ui/3m46tG3xrpCW 🚀

#bubblewrap

UrlRoulette - Link of the Day

Submit URL for the next visitor and be redirected to the previous visitor's URL! Subscribe to our newsletter and get top URLs delivered to your email address!

UrlRoulette

alip Feb 2

Would you be interested in cooperating to build the next #dangerzone #flatpak #snap #ai/#gpu #rustlang #sandbox (insert-hype-here) based on #sydbox rather than #bubblewrap #firejail #snap-confine #gvisor (insert-sandbox-here)? We have #sydbox the application kernel, pandora the automatic profile writer, and syd-tui as a basic tui frontend using #ratatui, however we lack more practical tooling for wider adoption. Dreams, ideas, plans, all sorts of feedback, and contributions are equally welcome!