I am so sick of the ‘sandboxed’ AI-infra meme. A container is not a sandbox. A chroot is not a sandbox. A VM is also not a sandbox. A filesystem is also also not a sandbox. You can sandbox an application, you can run an application in a secure context, but this is not a secure context the author is describing, firstly, and secondly they haven’t described any techniques for sandboxing unless that part of the page didn’t load for me somehow.
Didn’t mean to say this is a sandbox, it certainly isn’t, this is just an illustration on how to bridge the gap and make things available in a file system from the source of truth of your application.
There is tons of more complexity to sandboxing, I agree!
To me ‘a sandbox’ is a secured context, which is specific to whatever is in it. It is not a generic thing unless we are literally referring to a real-world box with sand in it, and I’ve kinda hit the breaking point with the term in tech. ‘A sandboxed application’ to me is an instrumented and controlled deployment of an application that can only make the sys/network/ipc calls the deployer expects and appreciates, which are then themselves filtered and monitored. A sandboxed deployment of an application? Sure. That’s a thing to me. But each application needs different privileges and does different things. Sandboxing an application may involve lots of different technologies. Eg the way I think about it, things like seccomp, apparmor, et al also aren’t themselves ‘sandboxes’, they’re enforcement mechanisms which rely on knowing and configuring them to monitor and enforce what the app should and shouldn’t do. A lot of things that assist with sandboxing may also be combined in different ways to get to a more secure environment, in which the app is sandboxed.
Notably, a sandbox exists to separate one thing from other things. Limiting/filtering/monitoring what the sandboxes thing can do are often components of that, but the underlying premise is about separation.
Containers, VMs, etc. are 100% examples of sandboxing based on the actual industry definition of the term.
I’m saying I don’t think sandbox is a noun, I think it’s a verb. I also don’t get why this is such an issue to you? A container simply is not a sandbox by itself. The collection of technologies that can sandbox can be used to sandbox a container, or an app running in a container, or whatever you want. A door lock isn’t security, a door lock is used to lock your door, which gives you part of a security strategy. Same principle.
He's obviously right about the noun/verb thing. You can just look this up on Google Scholar. I think you're sort of broadly wrong about how fussy the definition of a "sandbox" is, but you're at least saying something coherent there, even if it's an idiosyncratic definition.
I already gave you a link above with a definition of sandbox, the noun, and a list of example technologies that it applies to.
If you’re going to get fired up about people you feel are misusing this term, and then ignore citations about its actual definition, I think the ball’s in your court to back up your claim.
I mean… I’m flattered you think I’m making some kind of statement here but there is no claim. I literally stated an opinion I hold in a comment on HN, I didn’t write a you a thesis. Followed by explaining further the details of that opinion.
I’ve asked what background leads to your conclusion, because if you have eg written some sandboxing tooling, I’d be curious to give it a look. Always up to learn things, and I am more than a little baffled by how upset the comments I’m replying to here sound. You’ve linked me to Wikipedia, and another commenter asserts I can ‘just look it up on google scholar’. That seems pretty dismissive and reductive overall.
I recently had a question about what AI sandboxes use and I think Modal uses gvisor under the hood and I think others use firecracker/generally favour it as well
Firecracker kind of ends up being in the VM categories and I would place gvisor in a similar category too under the VM
There is also https://github.com/Zouuup/landrun Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel.
Your mileage may vary but I consider firecracker to be the AI sandbox usually. Othertimes it can be that they abstract on a cloud provider and open up servers in that or similar (I feel E2B does this on top of gcp)
A lot of these "ai sandbox" conversations target code that is already running in a public cloud. Running firecracker doesn't give you magical isolation properties vs running an application in ec2 - it's the same boundary. If you're trying to compare to running multi-tenant workloads in containers on the same vm vs different tenants on different vms - sure that's an improvement but no one said you had to run containers to begin with.
Furthermore, running lots of random 3rd party programs in the same instance, be it a container, or an ec2 vm, or a firecracker vm all have the same issues - it is inherently totally unsafe. If you want to "sandbox" something you need to detail what exactly you are wanting to isolate.
A lot of people might suggest not being able to write to the filesystem, read env vars, or talk over the network but these are table stakes for a lot of the workloads that people want to "isolate" to begin with.
So not only is there this incorrect view that you are isolating anything at all, but I'm not convinced that the most important things, like being able to run arbitrary 3rd party programs, is even being considered.
Who cares if they’re wrong? The point is respect for their opinions and feelings since you’ll have to work with them for twenty years. If you respect them, you get to do what you want to do and they won’t fuck with you or shoot down your proposal.
To be clear this is Japan we’re talking about with the twenty years part. The same thing applies in the US but on smaller timescales though. If people feel appreciated and respected and you have good relationships, they will basically back whatever you want.
To be clear I'm describing a point of view, but not always ascribing to it.
I tend to lean towards thinking backchanneling makes sense as a general vibe, if only because it's a way of doing things that lets people have dignity, and the costs _can be_ low.
I think this is a very naive take. Japanese people will blame you for any failure regardless if you respect them or not. And many times failures happen in japan exactly because people are sitting around doing nothing without acting even when it's urgent to make decision. Backstabbing and toxicity is the major feature of japanese business culture
The thing that makes someone trustworthy is taking accountability for your own self and actions, but having boundaries such that you don’t take accountability for the selves and actions of others. That’s basically all I want to see from a manager, a direct report, or a peer.
Not really if they don’t have any security or even devsecops yet… if they just have devs and those devs are people who are relatively junior / just out of school, I could unfortunately absolutely see this happening
Literally all they have to do is make sure all women have maternity leave, and paid childcare for the first three years, and set limits on how high prenatal and birth medical bills can be. You’d think a bunch of supposedly “pro” “natalists” who are “pro” “life” in or adjacent to the government would be gagging at the bit to make it as easy as possible to have babies.
I live in Czechia where basically everything you demand is law of the land, no one except rare uninsured foreigners faces any medical bills at all, we don't even have tuition etc., but our birth rate still isn't stellar. It moves the needle only by a few tenths of a kid, compared to our European peers, and our absolute birth rate is comparable to the US one.
I don't believe it is about the money anymore. People love sex, but they don't necessarily want to have children, and once efficient contraception and sex education is available to everyone, the subset of "unwanted kids", which might have been more than half of all kids born 100 years ago, mostly disappears. What remains are the "wanted kids", and the harsh truth is that quite a lot of people want 0 or 1 kid at most.
People also aren't even having that much sex lately. The epidemics of loneliness is real. Tell me how you are going to have kids if you never have a BF/GF. That is not something money can cure, this is a deep societal dysfunction mediated by smartphones.
Are you thinking of a certain study? Meta analysis is mixed on your proposals. There have been some countries where more leave and financial assistance increases births, but causality is unknown. And those births were in some countries among older parents more financially established, not the young couples who would benefit the most. In other countries there’s been no found correlation. The infamous Spanish study found more paternity leave to decrease fertility. :)
State-provided benefits not driving fertility makes some intuitive sense. The countries with high birth rates are not the wealthy and comfortable ones.
Not so sure that is enough… 5 days of work then 2 days of taking care of kids and cleaning and laundry? It takes months between me and my wife getting a couple of hours for ourselves.
Only thing I think could help is going back to the traditional housewife/houseman with grandparents. Then it would work to get 3+ kids. But right now with increasing cost and rising pension age that seems like a dream.
A productive country will wrangle out the time from its productive members and let the non productive members have kids… which might not be the best approach in the long run.
This thing where we outsource childcare to poorly paid strangers is a social experiment.
Funding that with public money to increase adoption even further is another social experiment.
These social experiments may turn out to be brilliant successes in the long run, I have no idea and I’m not stating any opinion there.
But, the people who call themselves conservatives, probably want to conserve the old practice, instead of trying out more new practices. That is basically what they do.
/fit/ and /mu/ were good to me in my late teens, and /ck/ is the reason I actually asked my roommate’s mom to show me cooking basics when I was in college!
Well as shown by the original Communists, total redistribution just lets greedy people on the inside skim off the top. A taxation system with a properly constructed social safety net on the other hand, which is what I think you’re describing, is one where the wealthiest pay in the most and the least wealthy receive sufficient aid to get by.
LLMs are not a miracle, they are a type of tool. The hype I am angry about is the “black magic? Well, clearly that can solve every problem” mode of thought.
