I wanted to make its VM/machine our default secure agent sandbox, but I couldn’t figure out how to isolate this VM from the host properly. This thread prompted me to find the issue though, and I saw this was recently implemented!
https://github.com/orbstack/orbstack/issues/169
Yep! Still refining it but isolated machines now have fine-grained settings for filesystem mounts, network isolation, SSH agent forwarding, and CPU/memory/disk limits
True, but I actually had no idea that it was the soft parts rather than the hard parts that had been fossilized. (I haven’t verified it yet.) Either way, it didn’t read like a bad faith interpretation/comment.
It wasn't written to be one. If the author went to the trouble of making a 3D space filled with many shells, knowing the actual shell was most likely a different shape would be something they would probably want to know, so the position of their fossil could be placed more accurately in the graphed space.
I’ve seen a few smug “all your eggs in one basket” comments here.
I’m aware of some companies hosting their own metal and infra, but I’m not aware of large companies mitigating risk by hosting on separate cloud providers as a fallback mechanism. We might disagree with cloud provider choice, or think they should have been hosting their own metal, but that’s still an “all your eggs in one basket” choice, right?
Heck, they might even have multi-region fallback with GCP, but if GCP bans your account, that doesn’t matter.
Are there good examples of running a company of railway’s size so redundantly that their host could nuke one of their accounts and they’d just keep on trucking?
I appreciate it. That's my belief as well. Very easy to write a post like, "Just use multiple clouds!" or to claim to have done it with a small project. But it's hard for me to imagine the benefits outweighing the extremely massive complexity costs at a certain scale.
Fascinating! Do you have a way to detect/flag malicious stuff by any chance? (Seems like a good vector for prompt injection, but maybe no more than any other internet site?)
We've configured our Hetzner servers with terraform, so we can easily spin up a new one in case we notice that we need another slave to handle extra work (1-2 mins). Ansible is responsible for configuring the server, installing all the required packages and software (not all our infrastructure is deployed with Kamal, for instance we have clickhouse instances, DBs, redis etc and normal app slaves). TLDR; it helps us have a new instance up an runing in minutes, or recreating our infrastructure for a new client environment
I was literally was just looking at GitHub dataset availability and musing on this. A star from karpathy is worth a lot more than a star from open_claw_dood that just created his account 5 min ago.
In general, I’ve been dissatisfied with GitHub’s code search. It would be nice to see innovation here.
Yes…mistakes are inevitable, and I get not expecting or demanding perfection. But the subtext here is that this is unlikely to be a mistake, and much more likely to be fraud.
There are incentives for these spreadsheets having the values that they do, and also there is no conceivable way that the values are correct, and on top of that, the most likely ways to get these values are to copy and paste large amounts of numbers, and even perturb some of them manually.
If you see this in accounting,(where there are also mistakes), it’s definitely fraud. (Awww man - we accidentally inflated our revenue and profit to meet expectations by accidentally duplicating numerous revenue lines and no one internally caught it! Dang interns!)
If you see it in science, you ask the authors about it and they shrug and mumble a semi plausible explanation if you’re lucky? I can totally imagine a lab tech or grad student making a large copy paste mistake. I can’t imagine them making a series of them in such a way that it bolsters or proves the author’s claim AND goes completely undetected by everyone involved.
> I can’t imagine them making a series of them in such a way that it bolsters or proves the author’s claim AND goes completely undetected by everyone involved.
The small minority of cases that do fit this pattern get selected to be on the front page of HN. So we aren't drawing from a random sample of mistakes. All the selection effects work against the more common categories of mistakes showing up on the HN front page, such as author disinterest, reader disinterest, to rejection by the journal, to a lack of publicity if the null result is published. The more reliable tell that it's a fraud is that the authors didn't respond when the errors were discovered.
I'm unclear what's being asked. Zellij is just a TUI-based terminal multiplexer like tmux and screen, you either run it locally and SSH within it to a remote machine, or SSH to a remote machine and run Zellij from within the remote connection.
I wanted to make its VM/machine our default secure agent sandbox, but I couldn’t figure out how to isolate this VM from the host properly. This thread prompted me to find the issue though, and I saw this was recently implemented! https://github.com/orbstack/orbstack/issues/169
reply