Comment by lifthrasiir
1 month ago
I think this is especially problematic for Windows, where a simple and effective lightweight sandboxing solution is absent AFAIK. Docker-based sandboxing is possible but very cumbersome and alien even to Windows-based developers.
Windows Sandbox is built in, lightweight, but not easy to use programmatically (like an SSH into a VM)
WSB is great by its own, but is relatively heavyweight compared to other OSes (namespaces in Linux, Seatbelt in macOS).
I don't like that we need to handle docker(container) ourselves for sandboxing such a light task load. The app should provide itself.
>The app should provide itself.
The whole point of the container is trust. You can't delegate that unfortunately, ultimately, you need to be in control which is why the current crop of AI is so limited
fair point.
The problem is you can't trust the app, therefore it must be sandboxed.