Do you know if there's a widely shared name for this pattern? I've been collecting examples of it recently - it's a really good idea - but I'm not sure if there's good terminology. "Credential injection" is one option I've seen floating around.
Not sure. I took this idea from the Deno sandboxing docs. They also do the exact same thing, different sandboxing mechanism though (I think Deno has it's own way of sandboxing subprocesses).
I'd feel safer with default-deny on reads as well, but I know from past experience that this gets tricky fast - tools like Node.js and uv and Python all have a bunch of files they need to be able to read that you might not predict in advance.
Might still be possible to do that in a DX-friendly way though, if you make it easy to manually approve reads the first time and use that to build a profile that can be reused on subsequent command invocations.
That being said, what the default DX shouldl be? What paths to deny by default? That's something I've been thinking about and I'd love to hear your thoughts.
That's a really tough question. I always worry about credentials that are tucked away in ~/.folders in my home directory like in ~/.aws - but you HAVE to provide access to some of those like ~/.claude because otherwise Claude Code won't work.
That's why rather than a default set I'm interested in an option where I get to approve things on first run - maybe something like this:
zerobox --build-profile claude-profile.txt -- claude
The above command would create an empty claude-profile.txt file and then give me a bunch of interactive prompts every time Claude tried to access a file, maybe something like:
claude wants to read ~/.claude/config.txt
A) allow that file, D) allow full ~/.claude directory, X) exit
You would then clatter through a bunch of those the first time you run Claude and your decisions would be written to claude-profile.txt - then once that file exists you can start Claude in the future like this:
zerobox --profile claude-profile.txt -- claude
(This is literally the first design I came up with after 30s of thought, I'm certain you could do much better.)
Fantastic! I like that idea. I'm also exploring an option to define profiles, but also have predefines profiles that ships with the binary (e.g. Claude, then block all `.env` reads, etc.)
This looks really good - the CLI interface design is solid, and I especially like the secrets / network proxy pattern - but the thing it needs most is copiously detailed documentation about exactly how the sandbox mechanism works - and how it was tested.
There are dozens of projects like this emerging right now. They all share the same challenge: establishing credibility.
I'm loathe to spend time evaluating them unless I've seen robust evidence that the architecture is well thought through and the tool has been extensively tested already.
My ideal sandbox is one that's been used by hundreds of people in a high-stakes environment already. That's a tall order, but if I'm going to spend time evaluating one the next best thing is documentation that teaches me something about sandboxing and demonstrates to me how competent and thorough the process of building this one has been.
UPDATE: On further inspection there's a lot that I like about this one. The CLI design is neat, it builds on a strong underlying library (the OpenAI Codex implementation) and the features it does add - mainly the network proxy being able to modify headers to inject secrets - are genuinely great ideas.
> There are dozens of projects like this emerging right now. They all share the same challenge: establishing credibility.
Care to elaborate on the kind of "credibility" to be established here? All these bazillion sandboxing tools use the same underlying frameworks for isolation (e.g., ebpf, landlock, VMs, cgroups, namespaces) that are already credible.
The problem is that those underlying frameworks can very easily be misconfigured. I need to know that the higher level sandboxing tools were written by people with a deep understanding of the primitives that they are building on, and a very robust approach to testing that their assumptions hold and they don't have any bugs in their layer that affect the security of the overall system.
Most people are building on top of Apple's sandbox-exec which is itself almost entirely undocumented!
The title of this piece differs from the HN title, but the HN title is a lot better. The original title is "The Biggest Con of the 21st Century: Tokens", subhead "How AI Companies Are Charging You More Without You Even Realizing It" - which is an absurd title because tokens are NOT the "biggest con" of anything, and AI companies make it very clear exactly how their pricing works.
I also don't like how this article presents numbers for language differences - in the "The Language Tax" section - but fails to clarify which tokenizer and where those numbers came from.
I've worked for 35ish companies (contract and fulltime), largely on the west coast of the US. I have experienced the lip service, from the vast majority. I have experienced maybe 2 or 3 earnest attempts at growing engineer skills through subsidized admission/travel to talks, tools, or invited instructors.
I've worked for five companies, on the same products (well, variations there-of over time), for 25 years, due to take-overs (I nearly left ~10 years ago due to management numskullery, but a timely buy-out of the bit I worked for fixed my problems while the rest of the company died off).
Hanging around for a while (a long while) doesn't necessarily mean dedication worth investing in, it could just be that I have a shocking lack of ambition :)
Consider the rate of job hopping that would be evident on that resume. I'm not sure how many companies would be willing to invest in sending a FTE who stays somewhere for likely less than a year to a conference or say "Ok, you an spend 20% of your time improving your skills."
What is more likely with the 35 number is that these are multiple simultaneous contracts. When working as a contractor you're fixing that problem or that project. The company isn't going to have you around for longer than a month after it's been fixed and documented.
There's no reason to spend company resources on training a person any more than there's reason for you to pay a plumber to be reading "learn to be an electrician in 10 days" while they're supposed to be working on fixing the sink or doing the plumbing for new construction.
This argument falls apart if you consider what field we're talking about. At what point would going to school for 5 years give you the whole education you actually needed? Does learning C in 1995-2000 prepare you for Rust in 2026? No, and it shouldn't, but work needs done, so _yes_ there is a dollar amount of value for educating your workforce that has already been vetted and already knows the context for your business goals. Asking what that number is completely misses the point.
Actually I found that if you have a pretty good understanding of the core parts of the C standard (e.g. the idea of the abstract machine, storage durations, unspecified vs undefined behavior, etc.) and working experience with the language, Rust is then quite natural. To first approximation, Rust basically makes lifetime management/ownership semantics that would be "good practice" in C into mandatory parts of the type system.
I agree - I was mostly trying to think of an example against OP's rather facetious attitude towards the time and effort required to maintain engineering performance.
In my experience, a lot of the Rust fighting with the borrow checker is really just enforcing better quality code I should've been writing anyway.
Point still stands. You're going to take up the mantle for suggesting a computer science degree from 2000 completely qualifies someone for work in 2026? No further education needed?
Why would a company you are consulting for invest in training you up exactly? They are paying a consultant with the expectation that they are bringing the knowledge.
Eh, consultants are brought in not for the knowledge or advice! Management already knows what todo and where to go- they just want somebody external sanctify the decision!
What exactly do you have in mind? The large companies I've worked at had book subscriptions, internal training courses, and would pay for school. Personally I don't see the point of any of it. For software engineering, the info you need is all online for free. You can go download e.g. graduate level CS courses on youtube. MIT OCW has been around for almost a quarter century now. IME no one's going to stop you from spending a couple hours a week of work time watching lectures (at least if you're fulltime). Now at least at my company, we have unlimited use of codex, which you can ask for help explaining things to you. I also don't really see how attending conferences relates to skill improvement. Meanwhile, I've been explicitly told by managers that spending half my time mentoring people sounds reasonable.
I can't understand what people are looking for when they talk about lack of investment into training for engineers. It's not the kind of job where someone can train you. It's like an executive complaining they aren't trained. You're the one who's supposed to be coming up with answers and making decisions. You need to spend time on self-motivated learning/discovering how to better do your work. Every company I've been at big or small assumes that's part of the job.
Putting people on projects they’re only partly qualified for, ideally with mentoring, and letting them learn even though it takes longer than having the mentor do it by themselves. Allowing people to fail and try again without risking their ratings or their career.
Book subscriptions and conference travel are quite cheap in comparison.
> For software engineering, the info you need is all online for free.
Guided learning with instant feedback can be much more efficient than just consuming and tinkering on your own. Depends on the topic, the teacher and situation of course. The quality of available material is also all over the place, and not every topic has enough material, or anything at all.
For foundational knowledge, there's been high quality information for free from MIT, Harvard, Stanford, Yale, etc. out there for years. Just look there first. If you're beyond that, you're beyond the canon that you can "learn" and closer to needing to follow/participate in SOTA R&D. And if you need a more structured environment, that's why people go to school. Engineering jobs expect you're at the level of someone who's completed undergrad, minimum. Part of an undergrad degree is getting used to seeking out resources yourself and learning from them instead of having a teacher spoon-feed it.
Again I just don't have any idea of what training people expect. The entire job is basically "we might have some idea of what we want to do, but no one here knows the details. Go figure it out."
What kind of guided learning would you want? How to solve problems? That's what 16 years of school was for!
In US you go to college for 4-5 years and pay $50k per year. Or more.
You pay to learn. A lot of money, a lot of time.
Then you get a job, where the idea is that you get paid for doing work and you expect the employer to do what?
You seem to expect that not only you won't be doing the things you're being paid to do but the employer will pay for your education on company's time.
How many weeks per year of time off do you expect to get from a company?
You'll either say a reasonable number, like 1 or 2, which is insignificant to the time you supposedly spent learnings (5 years). You just spend 250 weeks supposedly learning but 1 or 2 weeks a year is supposed to make a difference?
Or you'll say unreasonable number (anything above 2 weeks) because employment is not free education.
With 35 companies, that would be around 1-2 years per company on average if you are retired or near retirement. I doubt any company is seriously investing in a worker who would likely be gone the next year. Getting lip service seems already good deal at that point.
> I doubt any company is seriously investing in a worker who would likely be gone the next year.
There is a mismatch between how you would expect industry to work and what my last 30 years has taught me.
> With 35 companies, that would be around 1-2 years per company on average if you are retired or near retirement.
I have been at 4 companies for around 2 years or more. The rest of the positions were either contract or startup or contract-to-hire. The vast majority of engineers seem to settle in and suffer at terrible companies, rather than make moves to better jobs. They also tend to settle at whatever they are assigned and grow their skillsets by their employer's needs, rather than on their own.
Over the last 2 decades, if you stayed somewhere for over 2 years, you better have added concrete skills to your resume and have increased your compensation by over 10%. If that's not on track, look for another job, imo.
Contract-to-hire has been very popular. ie JPMC, credit, medical, adtech, games, big retail, subcontractor shops, to startups (4 of which were acquired). All initiatives to progress the careers of developers is applied more or less company wide because the line between contract-to-hire and fulltime is considered an engineering issue if there is more than hub. If you are a sole contributor, on some satellite project or still considered in training, you might not participate due to scheduling that had already been arranged, but the idea that contractors are excluded is more a possibility than a certainty. Most of the initiatives are little more than maybe someone talking with you every quarter, anyway.
> Getting lip service seems already good deal at that point.
It's strange that people are assuming engineers are treated special because of a resume that nobody looks at after an offer is made - having conducted hundreds of interviews. This must be a very rare thing some people may do.
I mean the comment says "contract" right there; you can easily be on a contract with multiple companies simultaneously. When I was freelancing full-time ca. 2010-2013 or so I often had 5-6 active contracts running simultaneously. I probably worked for 15-20 different companies total in that 3-4 year span.
Yes, likely, but make even less sense, as you can't except support for education as a freelancer. I mean a freelancers whole purpose is to sell skill and be gone when the job is finished. You are from the beginning just an expendable tool they don't want to polish outside the scope of the job.
These two statements go hand in hand though. While I do believe companies could take the altruistic take of training people whether or not they stay, and some places do, they're certainly not going to make the effort for someone who has clear markers of being someone who will leave anyway.
That's not how these initiatives are executed, unless the shop is very small. In which case, there's no concrete training offered anyway. If it's large, they don't want to allocate a lot of budget rather than starting a new hiring round. I would say the lack of in-job developer training (or resourcing) is due to multiple factors that results in a consistency rather than specifically targeting individuals.
It's not like I don't speak with ex-coworkers or run into them at times - eg one guy I taught Java to (at a position where java wasn't required except for a tiny tool), is the team lead at blizzard now. If I was made a pariah, I would hear about it over the years.
Every company I worked for didn’t give a shit about my skills. They just wanted to solve the problem in front of them and if they couldn’t then they would hire someone in with the right skills. Improving my skills was seen as a risk as I might leave.
Given the rest of the paragraph, I believe the parent is trying to say that merely improving developer skills is not valuable to the company, not that improving developer skills cannot provide value in terms of improved work product, morale, retention, etc.
The opposite is true in my case - though 1 organization that had a small budget for things like AWS certs. I remember almost everyone who would get those certificates would never really learn anything from it either. They would just take the exams.
Yes, these stories should scare you off of cloud services in general, not one particular vendor. The root problem is that you're storing valuable information on "someone else's computer." And that someone can decide to stop serving you for any or no reason at all, and you are without recourse. This should be totally unacceptable, but somehow the world has normalized it.
Don't keep anything in a cloud service that you couldn't live with losing, unless you keep a local backup. Including and especially your identity (E-mail) which unlocks all your accounts.
No, the root problem is you put all the eggs in one basket ignoring the folk wisdom that predates anything digital
> Don't keep anything in a cloud service that you couldn't live with losing, unless you keep a local backup.
Translated: so do keep everything in a cloud service, just backup it at a fraction of the effort with / insecurity / unreliability / unavailability of your own computer
Yes, and, importantly, have a plan to be able to log in to and reset your passwords through e-mail, on all your other services, if you suddenly lose you@yourcloudemail.com
I consider “cloud” to be a single (unreliable) basket. If you have your online stuff spread across 5 cloud providers, than any of them locking you out will disrupt you in some way.
This broad reclassification makes no sense. If you put literal eggs in 5 baskets, then any of them falling down will disrupt your eggs in some way. You're missing the whole point of the principle, which is that it will not disrupt you in the same big way of blocking all your digital life like in the example from the post!
This is really cool. I've built things on PostgreSQL ts_vector() FTS in the past which works well but doesn't have whole-index ranking algorithms so can't do BM25.
It's a bit surprising to me that this doesn't appear to have a mechanism to say "filter for just documents matching terms X and Y, then sort by BM25 relevance" - it looks like this extension currently handles just the BM25 ranking but not the FTS filtering. Are you planning to address that in the future?
I found this example in the README quite confusing:
SELECT * FROM documents
WHERE content <@> to_bm25query('search terms', 'docs_idx') < -5.0
ORDER BY content <@> 'search terms'
LIMIT 10;
That -5.0 is a magic number which, based on my understanding of BM25, is difficult to predict in advance since the threshold you would want to pick varies for different datasets.
I actually don't love this example either, for the reasons you mention, but at some point we had questions about how to filter based on numeric ranking. Thanks for the reminder to revisit this.
Re filtering, there are often reasonable workarounds in the SQL context that caused me to deprioritize this for GA. With your example, the workaround is to apply post-filtering to select just matches with all desired terms. This is not ideal ergonomics since you may have to play with the LIMIT that you'll need to get enough results, but it's already a familiar pattern if you're using vector indexes. For very selective conditions, pre-filtering by those conditions and then ranking afterwards is also an option for the planner, provided you've created indexes on the columns in question.
All this is just an argument about priorities for GA. Now that v1.0 is out, we'll get signal about which features to prioritize next.
While we’re talking about filtering — is there a way to set a WHERE clause when you’re setting up the index? I’ve been working on this a lot recently for a hybrid vector search in pg. One of the things that I’m running up against is setting a good BM25 index for a subset of a table (the where clause). I have a document subsets with very different word frequencies, so I’m trying to make sure that the search works on a set subset.
I think I can also setup partitions for this, but while you’re here… I’m very excited to start to roll this out.
Partitions would be one option, and we've got pretty robust partitioned table support in the extension. (Timescaledb uses partitioning for hypertables, so we had to front-load that support). Expression indexes would be another option, not yet done but there is a community PR in flight: https://github.com/timescale/pg_textsearch/pull/154
reply