Hacker News: kernc

New comment by kernc in "Issue links now open in a popup"

kernc — Sun, 26 Apr 2026 16:03:05 +0000

Why would they care to empower competitors?

New comment by kernc in "Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised"

kernc — Thu, 26 Mar 2026 10:30:54 +0000

`sandbox-venv` is a small shell script that sandboxes Python virtual environments in separate Linux namespaces using Bubblewrap (and soon using only command `unshare`, bringing the whole script down to effectively 0 deps).

https://github.com/sandbox-utils/sandbox-venv

New comment by kernc in "GIMP 3.2 released"

kernc — Sat, 14 Mar 2026 21:55:11 +0000

Did you also manage to enable menu icons?

New comment by kernc in "GIMP 3.2 released"

kernc — Sat, 14 Mar 2026 21:46:25 +0000

Let everyone be reminded how joyful GIMP 2.10 menus used to look ...

https://i.imgur.com/nVyMQBt.png

New comment by kernc in "Show HN: I Built a Sandbox for Agents"

kernc — Tue, 03 Feb 2026 21:32:22 +0000

Probably not. Maybe Bubblewrap and sandbox-run. It's an anything-is-already-way-better-than-nothing type of thing.

[0]: https://github.com/containers/bubblewrap

[1]: https://github.com/sandbox-utils/sandbox-run

New comment by kernc in "Sandboxing AI Agents in Linux"

kernc — Tue, 03 Feb 2026 20:06:11 +0000

As a heads up and affirmation that the approach is correct, here's a small shell bubblewrap wrapper that boils the command line down to `sandbox-run claude --dangerously-skip-permissions`.

https://github.com/sandbox-utils/sandbox-run

New comment by kernc in "How does misalignment scale with model intelligence and task complexity?"

kernc — Tue, 03 Feb 2026 02:22:14 +0000

Other actionable insights are:

- Merge amendments up into the initial prompt.

- Evaluate prompts multiple times (ensemble).

New comment by kernc in "Running Claude Code dangerously (safely)"

kernc — Tue, 20 Jan 2026 16:09:57 +0000

It being deprecated and all, didn't feel like wrapping it, but macOS supposedly has a similar `sandbox-exec` command ...

New comment by kernc in "Running Claude Code dangerously (safely)"

kernc — Tue, 20 Jan 2026 15:31:15 +0000

> Linux-only

What other dev OSs are there?

> once privileges are dropped [...] it doesn't appear to be possible to reinstate them

I don't understand. If unprivileged code could easily re-elevate itself, privilege dropping would be meaningless ... If you need to communicate with the outside, you can do so via sockets (such as the bind-mounted X11 socket in one of the readme Examples).

New comment by kernc in "Running Claude Code dangerously (safely)"

kernc — Tue, 20 Jan 2026 15:08:21 +0000

Since everyone tends to present their own solution, I bid you mine:

    sandbox-run npx @anthropic-ai/claude-code

This runs npx (...) transparently inside a Bubblewrap sandbox, exposing only the $PWD. Contrary to many other solutions, it is a few lines of pure POSIX shell.

https://github.com/sandbox-utils/sandbox-run

New comment by kernc in "GitLab discovers widespread NPM supply chain attack"

kernc — Fri, 28 Nov 2025 18:18:32 +0000

I wrote myself a handy and generalized bwrap-wrapping script: https://github.com/sandbox-utils/sandbox-run

New comment by kernc in "Shai-Hulud Returns: Over 300 NPM Packages Infected"

kernc — Mon, 24 Nov 2025 15:36:23 +0000

No.1: Run untrusted code in a sandbox! https://github.com/sandbox-utils/sandbox-venv

New comment by kernc in "Firefox 147 Will Support the XDG Base Directory Specification"

kernc — Thu, 20 Nov 2025 17:11:17 +0000

Now that everyone is kindly on board, IBM can finally bury this standard. /s

New comment by kernc in "Optimism associated with exceptional longevity (2019)"

kernc — Wed, 05 Nov 2025 14:42:57 +0000

What are the reasons for Snapchat? :.

New comment by kernc in "NPM flooded with malicious packages downloaded more than 86k times"

kernc — Fri, 31 Oct 2025 02:46:40 +0000

> alias npm=...

I use sandbox-run: https://github.com/sandbox-utils/sandbox-run

The above simple alias may work for node/npm, but it doesn't generalize to many other programs available on the local system, with resources that would need to be mounted into the container ...

New comment by kernc in "Show HN: Katakate – Dozens of VMs per node for safe code exec"

kernc — Wed, 22 Oct 2025 08:45:13 +0000

Local-first (on Lunix), POSIX shell: https://github.com/sandbox-utils/sandbox-run

New comment by kernc in "I almost got hacked by a 'job interview'"

kernc — Wed, 15 Oct 2025 17:47:34 +0000

A simple zero-config alternative using Linux-native containers seems to be sandbox-venv [1] for Python and sandbox-run [2] for npm ...

[1]: https://github.com/sandbox-utils/sandbox-venv [2]: https://github.com/sandbox-utils/sandbox-run

New comment by kernc in "I almost got hacked by a 'job interview'"

kernc — Wed, 15 Oct 2025 17:41:27 +0000

> This might be a red flag for Persona service itself as it might contain serious flaws and security vulnerabilities that Cyber criminals are relying on

Persona seems to rely solely on NFC with a national passport/ID, so simply stolen documents would work for a certain duration ...

New comment by kernc in "I almost got hacked by a 'job interview'"

kernc — Wed, 15 Oct 2025 17:34:19 +0000

You can use special a Unicode strikethrough glyphs such as available in https://efck-chat-keyboard.github.io

New comment by kernc in "Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised"

kernc — Wed, 17 Sep 2025 15:48:38 +0000

Is exactly why I composed bubblewrap-based sandbox-venv for Python: https://github.com/kernc/sandbox-venv

Dangerous times we live in.