Honestly, one thing I don't understand is why agents aren't organized with unique user or group permissions. Like if we're going to be lazy and not make a container for them then why the fuck are we not doing basic security things like permission handling.
Like we want to act like these programs are identical to a person on a system but at the same time we're not treating them like we would another person on the system? Give me a fucking claude user and/or group. If I want to remove `git` or `rm` from that user, great! Also makes giving directory access a lot easier. Don't have to just trust that the program isn't going to go fuck with some other directory
The agents are being prompted to vibe-code themselves by a post-Docker generation raised on node and systemd. So of course they emit an ad-hoc, informally-specified, bug-ridden, slow reimplementation of things the OS was already capable of.
su: user claude does not exist or the user entry does not contain all the required fields
Clearly you're not asking that...
But if your question is more "what's stopping you from creating a user named claude, installing claude to that user account, and writing a program so that user godelski can message user claude and watch all of user claude's actions, and all that jazz" then... well... technically nothing.
But if that's your question, then I don't understand what you thought my comment said.
Yeah, that is what I meant. I mean, it's kind of the system administrator's/user's responsibility to run processes in whatever user context they want. I don't wonder why, like, nginx doesn't forcefully switch itself to an nginx user. Obviously if I want nginx to run in some non-privileged context (which I do), then I (or my distro, or my container runtime, or whatever) am responsible for running nginx that way.
Similarly, it's not really claude-code's job to "come with" a claude user. If you want claude code to run as a low-privilege user, then you can already run it as a low-privilege user. The OS has been providing that facility for decades.
Probably because Linux doesn't really have a good model for ad-hoc permission restrictions. It has enough bits to make a Docker container out of, but that's a full new system. You can't really restrict a subprocess to only write files under this directory.
For plain Linux, chmod, chmod's sticky bit and setfacl provide extensive ad hoc permissions restricting. Your comment is 4 hours old, I'm surprised I'm the first person to help correct its inaccuracy.
This doesn't meet the requirement. It doesn't restrict a certain subprocess to only write in a certain directory. You are just saying these things to quickly shut down the uncomfortable thought that Linux can't do something.
Or perhaps you need to go read my original comment again as you missed the premise. But if you feel you have perfect memory then perhaps look at something like firejail or read more about systemd.
But your premise of Linux "can't" do something is rather absurd. It's Linux, you can do anything, even if no one has done that thing before.
The reason people didn't respond earlier is because they probably assumed it a waste of their time. I know I have wasted mine
You chose to respond to a question I posed, with an extremely poor answer. I was very specific about restricting a certain subprocess to only write to a certain directory. Your answer does not do that. I pointed that out. Now you are defending that answer by claiming you were actually answering something else entirely. This is nonsensical.
Not really, kerosene is pretty close to heavy fuel oil on density.
Planes run on kerosene because it's universal enough, hard to run them on heavy fuel, and there is issue with high emission of the HFO over population centers which isn't as much of a problem in middle of sea
Most people aren't getting drunk every time they drink.
Try wine and grape juice side by side. Baring truly awful wine, the wine will taste better (I suppose you could have awful grape juice too, but, you get the idea).
Sure, but it's a taste people have spent a couple thousand years working on, and it's remained popular through huge changes in culture and diet. People clearly like it.
> Try wine and grape juice side by side. Baring truly awful wine, the wine will taste better
The unfermented juice of wine grapes has many similarities to the wine it would produce if fermented. "Grape juice" is usually pretty one note, just sweet.
I wouldn't be so sure... I'm certain my own would increase. (Assuming 'get you drunk' means something like 'contain ethanol' i.e. no 'buzz' or whatever but also no adverse effect on liver, the next day, ...).
If you want a cold drink that isn't sweet, your choices are pretty much alcohol, alcohol-free alternative, water.
>If you want a cold drink that isn't sweet, your choices are pretty much alcohol, alcohol-free alternative, water.
Uh, no.
There's also seltzer, flavored seltzer, flavored water, iced tea, iced coffee, herbal infusions (like hibiscus, rooibos, honeybush, etc), broth, milk and plant based milk alternatives, and fermented drinks like kombucha + kefir. That's just off the top of my head.
Hibiscus even has the benefit of helping regulate blood pressure.
I almost never drink sweet drinks or plain water and rarely drink alcohol. My fluid consumption is almost entirely: hot tea, iced tea, kombucha, and hibiscus infusion. Sometimes seltzer. Sometimes coffee.
I guess simply 'milk' I also missed, which is a bit sweet of course but I wasn't intending to lump it in with fruit juices and added-sugar drinks.
I did almost mention jaljeera, but thought that might be a bit niche. It is also often sweetened though. I've never known not-sweet lassi though? Salted lassi is still sweet underneath, like salted caramel, ime. We could count it with the sweet-ish milk drinks, anyway.
Lassi is a traditional drink where I’m from and contains only salt traditionally. Sweetened lassi is a relatively recent restaurant-led innovation. When I was a kid “lassi” meant salted; you had to specify “sweet lassi” for the sweetened version.
To be fair, the concept of iced tea as an objective desire is considered the provenance of blasphemous original sin by a not insignificant percentage of natives where the parent hails from.
That seems unlikely. Non alcoholic drinks are already an enormous market, and people would have less reason to limit consumption with the health downside removed.
Think of it as one layer of abstraction above the model under discussion. Like a hyperparameter. In later years, students get taught the same topics again, with the hyperparameter tuned to be more realistic.
not the OP, but I think they meant to imply that the AU government is grifting. It does look like attaching a $520k bill to the man's freedom. Totally not part of the punishment...
In this case, they're vaguely gesturing towards the "money being better spent elsewhere", instead of making a cost-benefit analysis including the time value of money.
Do you see how the argument is overly general? You can use it to shoot down anything that's not immediately useful. It's especially silly at the level of nations, which can obtain money much more easily than a random individual. Cash flow is much less of a problem at that level. The way it's phrased exploits people's tendency of thinking about a nation's budget like their own household budget, only bigger.
Not defending the overall claim, but there's a plausible reason why being underwater matters: the mammalian diving reflex. Holding your breath on land is not the same.
