Unfortunately, in 2026 even shoe companies are "AI companies"

Half a decade ago they were all blockchain companies. Before that I don’t remember, what was the buzzword, big data?

Extremely briefly: metaverse. But yeah before that big data and SaaS had quite a run.

"Cloud" for a bit too

And before that, dot-com: https://www.forbes.com/2001/01/09/0109zapata.html

Some things will never change

We will never learn our lesson. Humanity just keeps repeating the same mistakes. Remember Long Island Ice Tea / Blockchain?

A sucker is born everyday

One a day? I think we're up to over 4 a second.

https://worldstats.io/clock

Why not "2 Indian born people, 1 German born person, 1 Canadian born person, 1 Polish born person, 1 Ukrainian born person, and 2 US born people?"

"listless rednecks"

Yea, keep that same energy and see how it plays out.

Just so people know since the user above wanted to edit their comment away to hide how they really see things. It was this:

"They also pay the social security and Medicare taxes so listless rednecks can collect SSDI for being unable to work."

Offshoring isn't a given. It's simply permitted.

I guess if he told them "die slow motherfuckers" as he's told others that wouldn't be too intense for him.

What we need is a capabilities based security system. It could write all the python, asm, whatever it wants and it wouldn't matter at all if it was never given a reference to use something it shouldn't.

Isn't this already possible? Give it its own user account with write access to the project directory and either read access or no access outside it.

Unix permissions is not a capability system though. Capabilities are more like "here is a file descriptor pointing to a directory, you are not capable of referring to anything outside it". So closer to chroot, except you can have several such directory references at the same time.

You can always narrow down a capability (get a new capability pointing to a subdirectory or file, or remove the writing capability so it is read only) but never make it more broad.

In a system designed for this it will be used for everything, not just file system. You might have capabilities related to network connections, or IPC to other processes, etc. The latter is especially attractive in microkernel based OSes. (Speaking of which, Redox OS seems to be experimenting with this, just saw an article today about that.)

See also https://en.wikipedia.org/wiki/Capability-based_security

I have been putting my agents on their own, restricted OS-level user accounts for a while. It works really well for everything I do.

Admittedly, there’s a little more friction and agent confusion sometimes with this setup, but it’s worth the benefit of having zero worries about permissions and security.

Haha, you can already see wheel reinventors in this thread starting to spin their reinvention wheels. Nice stuff, I run my agents in containers.

There exist restricted Shells. But honestly, I don't feel capable of assessing all attack vectors and security measures in sufficient detail. For example, do the rbash restrictions also apply when Python is called with it? Or can the agent somehow bypass rbash to call Python?

https://en.wikipedia.org/wiki/Restricted_shell

Docker is enough in practice no?

in what specific ways did it go too deep? it's hard to understand when you're being so vague.

greatness is working illegally, tax evasion, defrauding consumers, and refusing to pay child support for all of your children.

Okay assuming you're right that society can offset this bad parenting.

Maybe a more prudent first step is giving these kids free breakfast, lunch, and dinner before putting state mandated age verification on a computer.

No argument here!