Hacker News: molson8472https://news.ycombinator.com/user?id=molson8472Hacker News RSShttps://hnrss.org/hnrss v2.1.1Fri, 05 Jun 2026 04:25:03 +0000<![CDATA[New comment by molson8472 in "Running Claude Code dangerously (safely)"]]>Once approval fatigue and ongoing permission management kicks in, the temptation is strong to run `--dangerously-skip-permissions`. I think that's what we all want - run agents in a locked-down sandbox where the blast radius of mistakes and/or prompt injection attacks is minimal/acceptable.

I started running Claude Code in a devcontainer with limited file access (repo only) and limited outbound network access (allowlist only) for that reason.

This weekend, I generalized this to work with docker compose. Next up is support for additional agents (Codex, OpenCode, etc). After that, I'd like to force all network access through a proxy running on the host for greater control and logging (currently it uses iptables rules).

This workflow has been working well for me so far.

Still fresh, so may be rough around the edges, but check it out: https://github.com/mattolson/agent-sandbox

]]>Tue, 20 Jan 2026 17:17:55 +0000https://news.ycombinator.com/item?id=46694641molson8472https://news.ycombinator.com/item?id=46694641https://news.ycombinator.com/item?id=46694641<![CDATA[New comment by molson8472 in "Crystal 0.29"]]>I must have been living under a rock for the past five years, because Crystal went completely unnoticed until last week. As a long time Ruby programmer, I'm eager to give it a try.

]]>Thu, 06 Jun 2019 01:17:36 +0000https://news.ycombinator.com/item?id=20110705molson8472https://news.ycombinator.com/item?id=20110705https://news.ycombinator.com/item?id=20110705<![CDATA[New comment by molson8472 in "How the Valley treats experienced people"]]>Nailed it.

]]>Sun, 30 Dec 2018 17:28:52 +0000https://news.ycombinator.com/item?id=18790217molson8472https://news.ycombinator.com/item?id=18790217https://news.ycombinator.com/item?id=18790217<![CDATA[Show HN: Pollse, our weekend Rails Rumble submission]]>Article URL: http://tectonics.r13.railsrumble.com/

Comments URL: https://news.ycombinator.com/item?id=6586601

Points: 2

# Comments: 1

]]>Mon, 21 Oct 2013 16:33:31 +0000http://tectonics.r13.railsrumble.com/molson8472https://news.ycombinator.com/item?id=6586601https://news.ycombinator.com/item?id=6586601<![CDATA[New comment by molson8472 in "Software Development Estimates: Where Do I Start?"]]>I really like this statement: "Every new piece of software is a machine that has never been built before. The process of describing how the machine works is the same as building the machine."

That's probably the best way of relating the problem to non-engineers that I've heard.

]]>Mon, 16 Sep 2013 05:35:57 +0000https://news.ycombinator.com/item?id=6391819molson8472https://news.ycombinator.com/item?id=6391819https://news.ycombinator.com/item?id=6391819<![CDATA[Nothing To Hide? Good, Because You Can't.]]>Article URL: https://medium.com/surveillance-state/6957a3ef4139

Comments URL: https://news.ycombinator.com/item?id=5906663

Points: 2

# Comments: 0

]]>Wed, 19 Jun 2013 16:51:19 +0000https://medium.com/surveillance-state/6957a3ef4139molson8472https://news.ycombinator.com/item?id=5906663https://news.ycombinator.com/item?id=5906663