We anthropomorphize these agents in every other way. Why aren't we using plain ol' unix user accounts to sandbox them?
They look a lot like daemons to me, they're a program that you want hanging around ready to respond, and maybe act autonomously through cron jobs are similar. You want to assign any number of permissions to them, you don't want them to have access to root or necessarily any of your personal files.
It seems like the permissions model broadly aligns with how we already handle a lot of server software (and potentially malicious people) on unix-based OSes. It is a battle-tested approach that the agent is unlikely to be able to "hack" its way out of. I mean we're not really seeing them go out onto the Internet and research new Linux CVEs.
Have them clone their own repos in their own home directory too, and let them party.
Openclaw almost gets there! It exposes a "gateway" which sure looks like a daemon to me. But then for some reason they want it to live under your user account with all your privileges and in a subfolder of your $HOME.
> for some reason they want it to live under your user account
The entire idea of Openclaw (i.e., the core point of what distinguishes it from agents like Claude Code) is to give it access to your personal data, so it can act as your assistant.
If you only need a coding agent, Openclaw is the completely wrong tool. (As a side note, after using it for a few weeks, I'm not convinced it's the right tool for anything, but that's a different story.)
I tried this with Claude code on macOS. I created a new agent user and a wrapper do run Claude has that user, along with some scripts to set permissions and ownership so that I could run simple allow/deny commands. The only problem was that the fancy oauth flow broke. I filed an issue with Anthropic and their ticket bot auto closed it “for lack of interest” or whatever.
I fiddled with transferring the saved token from my keychain to the agent user keychain but it was not straightforward.
If someone knows how to get a subscription to Claude to work on another user via command line I’d love to know about it.
I ended up creating an LXC on my homelab and providing it access there, with a self-hosted gitea server but that's only for side projects that I want to host, not develop actively.
Oh that’s an idea. I was going to argue that it’s a problem that you might want multiple instances in different contexts but sandboxing processes (possibly instanced) is exactly what systemd units are designed to deal with.
This is a good time to reflect on how business actually works (as opposed to how hopeful consumers wish it would work).
A business exists because its shareholders invest capital with the expectation of a return. As a result, nearly all businesses go through similar lifecycles. The stages are launch, growth, maturity, decline, and sometimes renewal. There is a lot of capital injected in the early stages and to capture market share the firm often produces the best product it can.
Once the market share is acquired, the business puts up moats if it's able, and then it enters the MATURITY phase. That's where the Windows business is. In the maturity phase a business focuses on TAKING PROFITS wherever it can find them. This includes but is not limited to cutting back on its investment in product, as much as it can. If it can cut budgets and quality and give that money to the shareholders it will. If it can inject ads into the product or resell your data it will.
The very purpose of a business is to reach maturity and then take profits.
That's capitalism. The investors provided the capital. In the end, they gets what they wants.
Now if a company leans into this dynamic as hard as Microsoft has, you should know what's coming. No one should be surprised - maybe they're scared of the Neo right now and there'll be a few years of reprieve, but they're a mature firm, they're in profit taking mode, and the goal in this phase is not to make Windows as great as possible, it's to squeeze as much money out of it as they can.
The next stage is decline -- where the squeeze gets so hard that the business actually collapses. All businesses fail sooner or later. Everything becomes lawyers and accountants slicing it up, selling it off, and sometimes it gets restructured and reborn, sometimes it doesn't. This can take years or it can take decades but it's basically a bumpy downhill road from maturity to that point. If you stick around at this point and keep using Windows, keep in mind that's what you opted into. There isn't really any other way. It's just business.
Intriguingly, free software in its more elemental forms doesn't appear to follow this lifecycle. It's not for profit and there are no investors to satisfy. Contributors who build the software do it mainly out of self-interest: they build what they want to use, and as a result they may come and go at any time. But the software remains there, and you are welcome to tinker with it, too.
I'd argue that although publicly-traded businesses do usually go through that cycle (I would say that it's not ALL, but it's certainly MOST, because I can't come up with a counterexample), privately-owned businesses are more likely to avoid it. For example, McMaster-Carr. Privately-owned, with just a few owners rather than a large number of shareholders. And as far as I know (never having been one of their customers myself, just hearing testimonials), they're still just as good at making quality products that their customers want as they were a hundred twenty-five years ago when they got started. No "TAKING PROFITS" stage, and no subsequent decline.
But it does seem like publicly-owned companies go through those stages. It may be shareholder pressure, but part of it also appears to be when they get people in upper management who went to business school to get an MBA, rather than who have been with the company for years. I don't know what makes MBAs so prone to the nonsensensical pursuit of short-term profits that tank the company, rather than the greater (in the long run) long-term profits available by just continuing to make good products that customers want, but it shows up often enough (in many industries) that I'm starting to think of it as "MBA syndrome". And if a company is publicly-traded and run by MBA-style management? Sell your shares now and get out while you still can, is my advice.
Ive found it useful to regard MBAs and the entire pipeline from education to managing companies for MBAs akin to a clergy class.
They spend so much time and effort learning the scripture and then are praised as having some sort of intimate knowledge of business practices and working towards the ever growing prophet (read: profit).
Their forecasts akin to divination (but with charts and graphs, oh my!)
In this context, it's helped me understand, or at least create a useful caricature of what must be going on in those spaces where everyone drinks the kool aid of "there is only the next quarter".
This cultural shift exists and it will intensify as long as consumer prices and cost of living continue to rise at the same time corporate profit margins do. This is a simple, easy link to make, pretty much everyone's now aware and has stopped buying the excuses. Consolidation and an increase in straight up, unpunished criminal monopoly and cartel activity within corporate America have given rise to this new culture. Luigi Mangione will not be the last of his kind.
I mean it's a title. Titles are under no obligation to condense the entire content of the article into one sentence. People who want to comment on the article should read it first, and then write in good faith.
The problem lies in the HN comments which have taken that title and interpreted it through the lens of unrelated political arguments: class warfare, anti-offshoring, etc. etc. I don't think any title would be immune from these people. They're just angry because the Internet has its hooks in their brain, and they're going to post about it.
His points are good and people would be wise to read the article and take them to heart. His key points are:
1) If you're a rent seeker, current trends will probably see you lose out to a bigger and more powerful rent seeker. He's probably right about that.
2) Creating more value than you consume is a great form of self-preservation, when you do this no one wants to get rid of you.
None of it's political. It's just good advice for life. I hereby forbid the masses from responding to these points with political rage bait.
HN has better moderation than a lot of places but from my vantage point the entire Internet is sinking into this garbage - we're more aware of the problem these days, at least, but everything and everywhere is more consumed by political hot takes than ever before.
If there was tech that forced commenters to read the article before they could comment on it - now THAT would be a valuable innovation!
> 1) If you're a rent seeker, current trends will probably see you lose out to a bigger and more powerful rent seeker. He's probably right about that.
> 2) Creating more value than you consume is a great form of self-preservation, when you do this no one wants to get rid of you.
> None of it's political. It's just good advice for life. I hereby forbid the masses from responding to these points with political rage bait.
They’re both tautologies. No new or useful info to glean. I didn’t need some highly intelligent security researcher to explain these things that are explained by intuition by anyone with an above room temp IQ.
There must surely be more to this, and given how many of his other recent blogs are a mix of political rant and a screed against da haterz. I suspect it’s a lot more political on his side than you think.
> If there was tech that forced commenters to read the article before they could comment on it - now THAT would be a valuable innovation!
lol, gotta love people who whine about HN quality and then just write pointless crybaby paragraphs like this. If you can’t beat em, join em I guess.
I appreciate that there are people out there working on stuff like /e/OS, but the number one question I have when I learn about a mobile OS that isn't iOS or "Googled" Android is: will the banking and payment apps I need to operate in the modern world run on this OS?
A lot of people don't think this way because they haven't had any problems. But then one day it happens to you and you realize, ok, this is the one thing that matters - you're in a cashless store and the only way you can pay for your meal is to use Approved Apple or Approved Google operating systems.
Where I live, the app my electricity utility provides for viewing and paying my account DISABLES ITSELF FOREVER if you so much as enable USB debugging on your phone (even after you've disabled it again).
To their credit Graphene maintains a global database of which of these apps work and don't. They're the only ones I know of so a thousand upvotes to Graphene OS.
But for my banks, the records in that database are grim. They won't run on Graphene, and they don't respond to reports about it.
One of my banks just discontinued its web UI because "people don't use it anymore, they use the app only."
This is how they're going to get us, folks. This is how we're going to lose it all. Writing code alone will not solve this. It will require some kind of collective action to defend our liberties. Some parts of the world are already lost. So this situation will likely come to a jurisdiction near you eventually: to make a transaction you will need permission from Google, Apple, Visa, Mastercard, or it won't happen. Then that four company list will start to shrink.
> the app my electricity utility provides for viewing and paying my account DISABLES ITSELF FOREVER if you so much as enable USB debugging on your phone (even after you've disabled it again).
These are self-inflicted problems by these apps. Nothing to do with the OS. These apps simply don't work. Complain to the companies that push these broken apps to you.
Would you buy a microwave oven that kills itself if you play the wrong kind of music in your kitchen?
The problems may be inflicted by these apps but the reality is that in many cases you're stuck with them. Electric company freezes your account if you enable USB debugging? Well, you can't choose a new electric company. We can complain to these vendors all we want but they just ignore us.
So these problems become problems of the OS, not because the OS has a problem, but because it affects the reality of using the OS.
It obviously depends on where you live. In my country you certainly con choose a new electric company. I mention that because we really should use consumer choice to overcome these types of problems where we can. Ie if you can switch to a bank/electricity provider/whatever that has a less terrible app it’s really good to do so.
I agree on principle. I'm not sure if everywhere in the US is like this, but everywhere I've lived in California basically had a monopolistic electric and gas provider.
For things where we do have a choice, yes I agree.
Is it such a burden to write them a letter stating, "Because you have decided to disable my electronic access, I am notifying you that I withdraw my consent to e-delivery. Please provide me statements and directions to mail you a check for payment." Maybe spend 20-30 min to find the specific laws that give you the right to do that and remind them of their timelines to comply.
Send a letter like that certified. It gets attention, and the time to write and mail a check really isn't, if you batch your bills, more than using an app.
We do have ways to push their inconvenience back on them.
It is great that you have the right in your jurisdiction to do that. Where I am, they just shut off your power if you don't pay.
It's a big and hairy world out there. Having lived on three continents and traveled to some pretty wild places, I always get a kick out of seeing which rights people have and assume that the rest of the world also has.
This a pretty general recipe to make a company care.
A Professional letter letting them know that you know your rights, and that they know your rights (Them getting your letter is your proof of that) is what the beginning of someone losing his bonus for a compliance incident looks like.
Companies don't care about you, or even shareholders, they care about the incentives of leadership.
Not everyone has the time and resources to battle their utilities and bank(s). I know it’s important and sustained effort is necessary even if it’s hard, but we are talking about massive populations here and most people simply can’t or won’t fight that battle on their own. Organizing a large pushback is also a huge effort. And at the end of the day, there is an easy solution for folks: buy a “proper” smart phone that “just works” because it solves the problem now.
We’ve gotten to the point where unfortunately it is a luxury to fight for your privacy and consumer rights.
Yes that is correct. So what do you suggest people do? What is a realistic way to move the needle? Because I can tell you now that (as I detailed in another comment) asking someone to change their banks, utilities, etc. to accommodate their smartphone choice is not a serious suggestion, nor is asking everyone to wage war with all the services they engage with. They’re simply not going to do it no matter how many passionate speeches or flippant comments you throw out there. They’re going to buy the thing that solves the immediate problem of not having access to critical services in their lives. If their amazing open source phone can’t pay their bills, it’s going in the bin.
To be clear I want the same thing you do. But just going “do it it’s important” is not going to make it happen.
Well, we gotta choose our battles, right? It's easy to get collective support for visible oppression and fascism. Everyone sees it on the news. It's hard to get support for "lemme use a smartphone that isn't apple or android." the average person doesn't care.
Not saying that we should just give up. But as the above poster said, it's a luxury that takes a lot of time and resources.
Perhaps, but a recent example is ICE in Minnesota. The administration tried its best to spin it to match its propaganda but many people saw through it.
Not sure where you live but in much of California, there are no alternatives for most utilities. Water, gas, electric often only have one singular provider in many regions.
Fair enough, although barring VPN use is quite a bit different from forcing an app that requires Play Services or iPhone. A VPN isn't as legitimate a need to pay a utility bill in the same way paying without an Android or iOS phone can be.
Fair enough, although barring VPN use is quite a bit different from forcing an app that requires Play Services or iPhone. A VPN isn't as legitimate a need to pay a utility bill in the same way paying without an Android or iOS phone can be.
> I don’t see why not. It entirely depends on why someone needs a VPN.
Nah, not really. Using a VPN is a luxury, a preference. You're arguing that using a VPN should be a right in a discussion about people not being forced to use specific Apple or Google services, which is an entirely different thing.
You’re implying we have more choice than we do and asking “the average joe” to change banks to accommodate their smartphone is not a serious suggestion.
My utility company, for instance, literally won’t let you navigate their site with a VPN running. These kinds of practices are commonplace and becoming standard.
I promise your electric company accepts payments outside of an app on your phone. I further promise that other banks are available that don't have terrible apps. These problems are way more surmountable than you're painting them here.
The alternative they accept is traveling down to their office and handing them cash, no joke. Phone app or cash. No website, never has been one. No snail mail because they "modernized" and discontinued it some time ago.
But I'm OK because one of my banking apps has some method of reading my contract number from the disabled electricity company app, and telling me how much I should pay and then it fires off a payment to them. Even though I can no longer use the electricity app directly because I enabled USB debugging once, the banking app is somehow still able to pick up this info from it.
Of course, said banking app refuses to run on Graphene or any of these other Google Play-less OSes, and the bank doesn't respond to inquiries about that issue, multiple people have tried.
The other bank I use does respond, and says they'll never run on "alternative OSes" because "alternative OSes are too insecure." They don't respond to followups.
I'm just saying man. A lot of people think this stuff is trivially solved because there is an option available to them in their home country. You don't know how big and nuts this world of 8 billion people and 200 countries is. This stuff varies beyond imagination, sometimes for the much worse.
Yeah I don't understand it either. Why can't you just use a card? Also, are cashless stores a real, developed thing? I've never encountered one in Europe.
My main takeaway from all of this is that Hegseth seems deeply unfit for his job. First there was the Signal leak and now this.
Look, Anthropic is not going to be designated a supply chain risk. 80% of the Fortune 500 have contracts with them. Probably a similar percentage of defense contractors. Amazon is a defense contractor for example. They'd have to remove Claude from their AWS offerings. Everyone running Claude on AWS, boom gone. The level of disruption to the US economy would be off the charts, and for what? Why? Because Hegseth had a bad day? Because he's a sore loser?
If he's decided he doesn't like the DoW's contract then he can cancel it, fine. To try and exact revenge on the best American frontier model along with 80% of the Fortune 500 in the process, to go out of his way to harm hundreds or perhaps thousands of American firms, defies all reason. This is behavior you would expect any adult would understand as petty and foolish, let alone one who's made it to the highest ranks of government.
So I think it's just not going to happen, Trump's statement on the matter notably didn't mention a supply chain risk designation. This suggests to me that Hegseth went off half cocked. The guy is a liability for Trump at this point, I'm guessing he won't last much longer.
My first reaction is that this is an insanely bad law:
* The signal has to be made available to both apps and websites
* So if you dutifully input valid ages for your computer users, now any groomer with a website or an app can find out who's a kid and who isn't. You just put a target on your kid's back.
* A fair share of parents will realize this, and in order to protect their children, will willfully noncomply. So now we'll have a bunch of kids surfing the net with a flag saying they're an adult and it's okay to show them adult content.
* Some apps/websites will end up relying on this signal instead of some real age verification, which means that in places like porn sites where there's a decent argument for blocking access from kids, it'll get harder. Or your kid will get random porn ads on websites or something.
So basically unless this thing is thrown out by the courts, California lawmakers have just increased the number of kids who get groomed and the number of kids who get shown porn.
I'm not sure what the solution is, but to steel man a bit, the alternative is kids have access to all the adult spaces, where they will be groomed. A website/app serving grooming content to a kid is just so incredibly unlikely compared to a kid being groomed as the result of having unrestricted access.
Since I do not see a solution, and you see identifying children as a risk, what do you see as a solution for kids being in the same spaces as adults? Do you see a reasonable implementation to separate them, that doesn't have the "we know which accounts are children" problem? Maybe there's something in between?
Also, I think it's important to understand the life of a modern child, who's in front of a screen 7.5 hours a day on average [1], with that increasingly being social media, half having unrestricted access to the internet [2].
I hate government control/nanny state, but I think 5 year olds watching gore websites, watching other children die for fun, is probably not ok (I saw this at the dentist). People are really stupid, and many parents are really shitty. What do you do? Maybe nothing is the answer?
So say one of the 50% of children that have unrestricted access goes somewhere they shouldn't, or interacts with people they shouldn't. How is it detected so the parents can be held liable? What does the implementation look like to you?
As the problem is adults trying to groom kids, the answer is robust detection and enforcement of the current anti-grooming laws.
It's ironic that people supposedly care about this when there's also a child rapist/murderer being kept safe as President without being held accountable for his crimes.
I suppose this law could be used as a defense against getting caught grooming minors - "I thought they were adult as surely a kid wouldn't be able to access that chat group"
How, exactly, does one accomplish "robust detection of a child"? I assume your answer would include complete surveillance of all internet communication? Could you expand on your idea of the implementation?
Sorry if I wasn't clear - I am proposing that the adults face the robust detection and enforcement of anti-grooming laws. One method is to set up honey-pots with law enforcement officers playing the part of an innocent child (i.e. avoiding entrapment) and then throwing the full weight of the law behind any adult showing predatory behaviour.
What I propose is rather than putting all the effort into preventing children from entering dangerous adult spaces, it's better to put the effort into ensuring that sex criminals are prosecuted and trying to make adult spaces less dangerous.
I think an obvious problem for this method is scaling, partly from grooming not being a local phenomenon. It would require worldwide cooperation, especially in a few countries that are statistical offenders.
Instead, websites should voluntarily put content ratings on their own stuff--most would because either they don't intend to harm children, or from societal pressure.
Then, software on the user's computer can filter without revealing any information about the user.
> So if you dutifully input valid ages for your computer users, now any groomer with a website or an app can find out who's a kid and who isn't. You just put a target on your kid's back.
I'm not going to say that's impossible but the number of sites that do the right thing and reduce risk are going to vastly outnumber that. And 90% of those kids already have targets on their backs by virtue of the sites they visit.
> What risk exists from sites that are doing to do the right thing?
To be clear, I'm talking about sites for adults that are doing their best right now, but have no idea who is 18 and who is 8. If they have communication between users, it's not set up to be filtered and moderated in a way that protects an 8 year old. If they could cut out a big majority of 8 year olds with the flip of a switch, that would be a good thing.
That's a lot of risk that exists right now and could be reduced.
> This smells strongly of I just made it harder for those that do the right thing and did nothing to solve any problem.
There is no meaningful difficulty in storing two bytes of extra data on the OS account and turning it into a two bit flag that programs can access and pass on to websites. And for most websites that let users communicate it makes their job a lot easier, even if the flag isn't always right.
I think there's room for both visions. Big Tech is generating more toxic sludge than ever, and yeah sure this is because they're greedy, but more precisely the root cause is how they lobbied Washington and our elected officials agreed to all kinds of pro-corporate, anti-human legislation. Like destroying our right to repair, like criminalizing "circumvention" measures in devices we own, like insane life-destroying penalties for copyright infringement, like looking the other way when Big Tech broke anti-trust laws, etc.
The Big Tech slop can only be fixed in one way, and actually it's really predictable and will work - we need to fix the laws so that they put the rights and flourishing of human beings first, not the rights and flourishing of Big Tech. We need to fix enforcement because there are so many times that these companies just break the law and they get convicted but they get off with a slap on the wrist. We need to legislate a dismantling of barriers to new entrants in the sectors they dominate. Competition for the consumer dollar is the only thing that can force them to be more honest. They need to see that their customers are leaving for something better, otherwise they'll never improve.
But our elected officials have crafted laws and an enforcement system which make 'something better' impossible (or at least highly uneconomical).
Parallel to this if open source projects can develop software which is easier for the user to change via a PR, they totally should. We can and should have the best of both worlds. We should have the big companies producing better "boxed" software. Plus we should have more flexibility to build, tweak and run whatever we want.
In my opinion people are fixating a little too much over the automation part, maybe because most people don't have a lot of experience with delegation... I mean, a VP worth his salt isn't generally having critical emails drafted and sent on his behalf without his review. It happens with unimportant emails, but with the stuff that really impacts the business far less often, unless he has found someone really, really great
Give me a stack of email drafts first thing every morning that I can read, approve and send myself. It takes 30 seconds to actually send the email. The lion's share of the value is figuring out what to write and doing a good job at it. Which the LLMs are facilitating with research and suggestions, but have not been amazing at doing autonomously so far
You might be right, but not for long. Once my agent is interacting directly with your agent (as opposed to doing drafts of your work on your behalf), expectations will shift to 24/7 operation.
This is uncharted territory and very interesting..
We humans live with a strong requirement of reputation management which shapes the way that we do things.
Once we have agents openly do things on our behalf but not in our voice, it will be interesting to see how of subpar performance or bad etiquette gets accepted just because agents don't have an individual personal reputation to maintain
There's no rude way to call an API. As more of human communication and commerce gets refactored into cold agentic interactions, the issue of reputation just vanishes.
But there's more than shifting etiquette standards at stake. Every BigCorp is currently reworking their APIs to be agent-friendly. CAPTCHAs and "Contact Sales" forms are being ripped out because they have no place in a world where the customer expects a complete transaction in the next 300 milliseconds. Agentic customers will demand agentic support, or else they'll take their RPCs elsewhere.
So what happens when you're CEO of BigCorp, and 90% of your customers are code, served by code, and the rest are messy humans who forget their passwords, complain that your website layout is confusing, and demand to speak to the manager? Is that last 10% worth keeping? Can you imagine Amazon in 2030 deprecating support for human customers?
Maybe this sounds cool, especially if OpenClaw agents have been doing all your domestic online chores for the past couple years. But along the way social grace was refactored out.
You take a life-saving prescription drug via an off-label usage, and your employer's PBM updates to Care Schema 2.3, which makes it semantically impossible to get a refill. Or you bend down to get the mail on your front porch, the wind slams your front door shut, and your fingerprint no longer works to open the door, because as of noon, your mortgage payment was past due. You could easily pay, but your phone is inside, next to your sleeping infant's crib. The system is operating as designed.
This is how the world would work when it's intended for agentic interactions and humans are an afterthought.
They look a lot like daemons to me, they're a program that you want hanging around ready to respond, and maybe act autonomously through cron jobs are similar. You want to assign any number of permissions to them, you don't want them to have access to root or necessarily any of your personal files.
It seems like the permissions model broadly aligns with how we already handle a lot of server software (and potentially malicious people) on unix-based OSes. It is a battle-tested approach that the agent is unlikely to be able to "hack" its way out of. I mean we're not really seeing them go out onto the Internet and research new Linux CVEs.
Have them clone their own repos in their own home directory too, and let them party.
Openclaw almost gets there! It exposes a "gateway" which sure looks like a daemon to me. But then for some reason they want it to live under your user account with all your privileges and in a subfolder of your $HOME.
reply