For the best experience on desktop, install the Chrome extension to track your reading on news.ycombinator.com
Hacker Newsnew | past | comments | ask | show | jobs | submit | history | more fnoef's commentsregister

I wonder why everyone seems to go with Vagrant VMs rather than simple docker containers.


Thank you, good question! My original implementation was actually a bunch of manifests on my own microk8s cluster. I was finding that this meant a lot of ad-hoc adjustments with every little tweak. (Ironic, given the whole "pets vs cattle" thing.) So I started testing the changes in a VM.

Then I was talking to a security engineer at my company, who pointed out that a VM would make him feel better about the whole thing anyway. And it occurred to me: if I packaged it as a VM, then I'd get both isolation and determinism. It would be easier to install and easier to debug.

So that's why I decided to go with a Vagrant-based installation. The obvious downside is that it's harder now to integrate it with external systems or to use the full power of whatever environment you deploy it in.


Thank you.

I peeked at the Vagrantfile, and I noticed that you rsync the working directory into the VM. I have two more questions.

1. Is it safe to assume that I am expected to develop inside the VM? How do run IDE/vim as well as using Claude code, while the true copy of the code lives in the VM?

2. What does yolo-cage provide on top of just running a VM? I mean, there is a lot of code in the GitHub. Is this the glue code to prepare the VM? Is this just QOL scripts to run/attach to the VM?


1. It's designed to give you an experience identical to using the Claude Code CLI in every respect, but with a much smaller blast radius. It's not currently set up to to work with your IDE. In that sense, it's a niche solution: I made it because I was trying to use a lot of agents at once, and I found that the rate-limiting factor was my ability to review and respond to permission pop-ups.

2. The VM is, in some sense, packaging. The main value adds are the two indirections between the agent and the outside world. Its access to `git` and `gh` are both mediated by a rules-based dispatcher that exercises fine-grained control in excess of what can be achieved with a PAT. HTTP requests pass through a middleware that block requests based on configurable rules.


Thanks!


See: A field guide to sandboxes for AI¹ on the threat models.

> I want to be direct: containers are not a sufficient security boundary for hostile code. They can be hardened, and that matters. But they still share the host kernel. The failure modes I see most often are misconfiguration and kernel/runtime bugs — plus a third one that shows up in AI systems: policy leakage.

¹ https://www.luiscardoso.dev/blog/sandboxes-for-ai


Theoretically, they have a smaller attack surface. The programs inside the VM can't interact directly with the host kernel.


I find using docker containers more complex - you need a Dockerfile instead of a regular install script, they tend to be very minimal and lack typical linux debugging tools for the agent, they lose state when stopped.

Instead I'm using LXC containers in a VM, which are containers that look and feel like a VM.


Would it be appropriate to use :surprised_pikachu_face:?

I meant, I no longer know who to trust. It feels like the only solution is to go live in a forest, and disconnect from everything.


There is a coalition for independent tech research that was formed, because researchers saw exactly this problem. https://independenttechresearch.org/about-us/


This has been my default expected reaction since Nov 2024. So I'd say so.

Also feel you wrt living in a forest and leaving this all behind.


> It feels like the only solution is to go live in a forest, and disconnect from everything.

As much as I approve of living in forests, you don't need to go that far. Tech bros are fond of things being "frictionless," so add some friction. Delete the social media apps from your phone and use their websites instead. Don't bookmark the sites, but make yourself type in the URLs each time you want to visit. If each visit is intentional, instead of something you do automatically when you're bored, you'll have a better experience.


I always knew that "Unlimited PTO" is beneficial to the company rather than its employees. It's the same trick of "we offer [20% lower base salary than market rate] + 2.79% equity" - it sounds like you could break the bank from equity by earning less actual money, but in reality, most of this equity does not worth the bytes it occupies on the servers.


I noticed an interesting pattern. People who “made it” usually by working high paying jobs for the neofeudal lords, suddenly gain moral compass and tell the rest of us to not work for said neofeudal lords, because “money is not important”, and apparently you can buy a place to live or food to feed your family simply by having principles.


I agree with your point, and superficially OP is a prime example.

Not to excuse the guy, but I think that, looking deeper, the situation with geohot is more involved. He grew up in a lower-middle-class household and was lucky to be a smart kid in a time when being a nerd could be a ticket out.

I guess not unlike many of us here on HN.

Unlike many of us, his explorations in the corporate world were all short stints. If I’ve kept tabs correctly, he never stayed longer than a year. Sometimes only for weeks.

Apart from that, I often take the pattern you noticed more as confession, penance, and a "tell your children not to walk my way" kind of message. Maybe I read this stuff too generously.


Sure, self awareness is important. When you tell your kids not to walk your way, you take accountability. You say that what you did was bad, and you are accountable for it. You also acknowledge that what you did brought you to where you are, but given the chance you would take a different way. It’s not bad to have moral principles after you’ve done what you fight against, as long as you do it with accountability and self awareness.

OPs post had neither.


Then he should know better the line he’s selling.

“Opt out of capitalism” doesn’t work when you’re trying to feed your family. He offers no alternative, speaks from a place of safety with no acknowledgment that the people he’s addressing don’t have the same safety net as he does.[0]

He’s not wrong. We are all fucked. But if it were as simple as “not participating” (whatever that means), then we wouldn’t be.

[0]: to be fair he does address others at tech companies, maybe he assumes that everyone working in big tech has a safety net, which is perhaps not as unreasonable as I first thought.


It’s remarkably easy to tell others not to do what you did.


I also chuckled when an ex-Facebook employee whose blog is popular on HN lectured us on "web page annoyances that I don't inflict on you here".


it's simply the principle of fuck you money

that's why they are also more egocentric, racist, etc. When people do not feel the threat of society it is easier to have opinions that verge out of the norm or could restrict further employment (and also opinions that are wrongfully or rightfully policed in society)


Money is less important once you've already paid off your mansion.


Probably not a popular opinion but this is why capitalism works. We all work to compete for what is best for US and our Family, not what someone tells us to work on because they think they know whats better, they don't.


Read this one: http://geohot.github.io/blog/jekyll/update/2021/06/23/pieces...

>Capitalism is so rigged it isn’t fun anymore.


"Capitalism is so rigged it isn’t fun anymore. I wish you short sighted fucks in the PMC could actually do something about it. "

You have a link that is not garbage writing? IMO this isn't worth reading.


Welp, I'm worried. I like Astro, but maybe it's time to make my own SSG, to not ever end up in the hand of a few big-sharks that consolidate and enshittify everything.


jumped on the same train, still using astro in production but on the side im using Elixir to create an SSG to use moving forward for anything new.


Fork it and call it Cosmo


It’s not only about the .env, but also intellectual property, algorithms, even product ideas.

Moreover, let’s say you run a dev server with watch mode, and ask claude to implement a feature. Claude can generate a code that reads your .env (from within the server) and send to some third party url. The watch mode would catch it and reload the server and will run the code. By the time you catch it, it’s too late. I know it’s far fetched, and maybe the paranoia is coming from my lack of understanding these tools well, but in the end they are probabilistic token generators, that were trained on all code in open existence, including malware.


> Claude can generate a code that reads your .env (from within the server) and send to some third party url.

Again - sandboxes. If you either block or filter the outbound traffic, it can't send anything. Neither can the scripts LLMs create.


It’s better to just ban social media all together. It clearly doesn’t provide enough good value to society, regardless of age.


You just expressed that opinion on social media. There's no reasonable definition of social media that wouldn't include Hacker News.


Isn’t it ironic that it’s posted on medium?


It looks this way at first glance, but at the end of the article is a link to the original:

> If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

> https://pluralistic.net/2026/01/14/sole-and-despotic/#world-...

This is a case of Publish on your Own Site, Syndicate Elsewhere - https://indieweb.org/POSSE


I don't know, I

******* SUBSCRIBE TO TREETALKER'S COMMENTS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! *******

sometimes like reading things

******* SUBSCRIBERS ENJOY AN AD-FREE EXPERIENCE *******

on Medium and Substack.

******* INTERESTED IN MORE TREETALKER CONTENT? *******


Hell no. I would mess with my stuff, no AI, no bullshit, just fun programming. But I would also do things for myself: better health, better food, better socialization.


Liquid glass is a piece of crap from Apple. I didn’t update my iPhone, nor my Mac. I will hold for as long as possible, and will consider switching away from the apple ecosystem if they do not address this fiasco of an update.


I still call it liquid ass.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search:

HN For You