Local sandboxing on developer machinesEverything above is about server-side multi-tenant isolation, where the threat is adversarial code escaping a sandbox to compromise a shared host. There is a related but different problem on developer machines: AI coding agents that execute commands locally on your laptop. The threat model shifts. There is no multi-tenancy. The concern is not kernel exploitation but rather preventing an agent from reading your ~/.ssh keys, exfiltrating secrets over the network, or writing to paths outside the project. Or you know if you are running Clawdbot locally, then everything is fair game.
Include a link to your code (GitHub repo, gist, etc.)
,这一点在51吃瓜中也有详细论述
围炉之“炉”,从前是炭火炉,如今是电磁炉。不变的是在氤氲的热气里,一家人坐着塑料凳,在木桌前簇拥着,必须起身才够得到对角线的菜。夹肉的筷子频频打架,火锅沸腾到锅盖跳舞了才手忙脚乱地关掉,身后的电视机明明开了很大声音,却总是什么也听不清。
“阴伟达” 的出现,给了市场一丝幻想,但也暴露了公司的无奈,连小众赛道的早期药物都要拿来炒作,可见其业绩压力已经到了何等地步。