This feels like a weird response to a comment recommending how to approach getting a SOC2, that links to a blog post about Fly.io's SOC2.

The pitch isn't "don't get a SOC2", or "convince big paying customers that SOC2 isn't important". It's "don't worry about SOC2 until a big paying customer says they'll make big payments if you get it, and when you do worry about it, don't let SOC2 compliance trick you into doing bonkers infrastructure things"

> I’m saying I don’t think sandbox is a noun, I think it’s a verb.

You are incorrect.

You may just be using a personalized definition of that word, that differs from what it means.

https://en.wikipedia.org/wiki/Sandbox_(computer_security)

Notably, a sandbox exists to separate one thing from other things. Limiting/filtering/monitoring what the sandboxes thing can do are often components of that, but the underlying premise is about separation.

Containers, VMs, etc. are 100% examples of sandboxing based on the actual industry definition of the term.

Insofar as racism, homophobia, and sexism are unpopular political beliefs: yes.

Oh, also he doesn't really "contribute" to tech projects so much as "exists near/within them and writes long form ramblings".

What if I team up with another journalist, and I tell them about curl commands to run but never tell them that they're exploiting vulnerabilities in the company's website? That way they don't have the necessary intent and I never perform any illegal acts?

Do you think the judge would fall for it? Or would we have done a RICO?