I'm mainly addressing sandboxing by running stuff in Claude Code for web, at which point it's Anthropic's problem if they have a sandbox leak, not mine.
It helps that most of my projects are open source so I don't need to worry about prompt injection code stealing vulnerabilities. That way the worst that can happen would be an attack adding a vulnerability to my code that I don't spot when I review the PR.
And turning off outbound networking should protect against code stealing too... but I allow access to everything because I don't need to worry about code stealing and that way Claude can install things and run benchmarks and generally do all sorts of other useful bits and pieces.
This is my favorite yet of the genre of "OK, coding agents got good in November" posts. It starts with relatively simple examples (YouTube metadata scraping) and by the end Max is rewriting Python's skikit-learn framework in Rust and making it way faster.
> But the practical limitation is language support. You cannot run arbitrary Python scripts in WASM today without compiling the Python interpreter itself to WASM along with all its C extensions. For sandboxing arbitrary code in arbitrary languages, WASM is not yet viable.
Can you clarify what your disagreement is? The statement you're responding to seems to be that you can't necessarily run arbitrary code in arbitrary languages because it's only possible if the runtime is supported, and you're giving examples of two specific languages that had explicit extra work done to support them, which sounds pretty much exactly like what they're stating.
From what I can tell, the point they're making is that if you want a sandbox that you can put whatever you want into and have it work without it having explicit support provided for that language in the form of recompiling the runtime, it's not going to work. If someone is expecting to be able to throw stuff they already have into a sandbox as-is and have it work, WASM is not what they're looking for (at least not today).
Is the support for Python code provided as a Rust library by any chance, where you could do something like pass in a simple python function, run it in wasmer, and then get back the result? I know a lot of complications would come into play around supporting C-based dependencies and support for the WASM APIs for stuff like I/O, but I recently was looking into this for a use case where the goal is to be able to prevent stuff like direct use of I/O in favor of only supporting a few specific APIs provided directly to a WASM engine for the code it's executing, and the conclusion I reached was that the only viable options for that currently available would require either shelling out to something external or manually loading in a WASM-compiled interpreter and implementing the glue code to use that to execute Python myself.
That is a good call out and I missed to consider the options you pointed. When I am back on keyboard I will add an updated note with a link to your comment. Thank you!
Well that's embarrassing! I reported it as if it wasn't a joke. I thought the joke issue was this one about translating everything to Chinese: https://github.com/tldraw/tldraw/issues/8092
If it was a joke (the test suite issue), then it was a really shit joke. It reads more like backtracking, I don't think _you_ should feel any embarrassment.
Did any of the blockchain initiatives ever go anywhere? I understood that's why they renamed the company to Block, but did that end up a similar rebrand to Facebook -> Meta?
They are heavily invested in Bitcoin and still offer and improve their Bitcoin services. It’s not really “blockchain.” They’re not a crypto company. They are ideologically dedicated to Bitcoin.
I don't think so. I know a couple people that worked in TBD (the bitcoin org) and everyone said it was directionless. Eventually the CTO ~abandoned that org and took on that Goose AI project.
The bought $170m of bitcoin at $50k a pop when their stock was $250, now it’s $67k and their stock is $67 (in after hours trading), so I guess it went pretty far in that respect.
A fun hobby I picked up during Covid was trying to cook food from countries I had never been to - since traveling anywhere wasn't an option.
Pick a country, research what food it has that you've never tried, find a few online recipes and YouTube guides and give it a go.
This was a ton of fun. I have no idea if anything I cooked was even remotely like the authentic original, but it was still a very rewarding exercise.
If you live somewhere with a lot of international supermarkets (the SF Bay Area is great for those) it also gives you an excuse for a shopping adventure for ingredients.
Yeah, doing a small thing daily can add up so fast.
When I started my niche-musueums.com website I bootstrapped it by posting a new museum I had been to every day for a month. It took 15-30 minutes a day and within a few weeks I had a site I was really proud of.
I think the key is to give yourself permission to stop without feeling guilty about it. Any time I start a new streak like this I deliberately tell myself that it's not going to be forever and I can stop any time for any reason.
The title of the linked article is "Vibe Coding and the Maker Movement" but the title on Hacker News is "Will vibe coding end like the maker movement?" - I think the original title should be restored.
Incompatibilities don't matter much provided your error messages are actionable - an LLM can hit a problem, read the error message and try again. They'll also remember that solution for the rest of that session.
It helps that most of my projects are open source so I don't need to worry about prompt injection code stealing vulnerabilities. That way the worst that can happen would be an attack adding a vulnerability to my code that I don't spot when I review the PR.
And turning off outbound networking should protect against code stealing too... but I allow access to everything because I don't need to worry about code stealing and that way Claude can install things and run benchmarks and generally do all sorts of other useful bits and pieces.
reply