frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Same Surface, Different Weight

https://www.robpanico.com/articles/display/?entry_short=same-surface-different-weight
1•retrocog•1m ago•0 comments

The Rise of Spec Driven Development

https://www.dbreunig.com/2026/02/06/the-rise-of-spec-driven-development.html
1•Brajeshwar•5m ago•0 comments

The first good Raspberry Pi Laptop

https://www.jeffgeerling.com/blog/2026/the-first-good-raspberry-pi-laptop/
2•Brajeshwar•5m ago•0 comments

Seas to Rise Around the World – But Not in Greenland

https://e360.yale.edu/digest/greenland-sea-levels-fall
1•Brajeshwar•5m ago•0 comments

Will Future Generations Think We're Gross?

https://chillphysicsenjoyer.substack.com/p/will-future-generations-think-were
1•crescit_eundo•9m ago•0 comments

State Department will delete Xitter posts from before Trump returned to office

https://www.npr.org/2026/02/07/nx-s1-5704785/state-department-trump-posts-x
2•righthand•12m ago•0 comments

Show HN: Verifiable server roundtrip demo for a decision interruption system

https://github.com/veeduzyl-hue/decision-assistant-roundtrip-demo
1•veeduzyl•13m ago•0 comments

Impl Rust – Avro IDL Tool in Rust via Antlr

https://www.youtube.com/watch?v=vmKvw73V394
1•todsacerdoti•13m ago•0 comments

Stories from 25 Years of Software Development

https://susam.net/twenty-five-years-of-computing.html
2•vinhnx•14m ago•0 comments

minikeyvalue

https://github.com/commaai/minikeyvalue/tree/prod
3•tosh•18m ago•0 comments

Neomacs: GPU-accelerated Emacs with inline video, WebKit, and terminal via wgpu

https://github.com/eval-exec/neomacs
1•evalexec•23m ago•0 comments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

https://moli-green.is/
2•ShinyaKoyano•27m ago•1 comments

How I grow my X presence?

https://www.reddit.com/r/GrowthHacking/s/UEc8pAl61b
2•m00dy•29m ago•0 comments

What's the cost of the most expensive Super Bowl ad slot?

https://ballparkguess.com/?id=5b98b1d3-5887-47b9-8a92-43be2ced674b
1•bkls•29m ago•0 comments

What if you just did a startup instead?

https://alexaraki.substack.com/p/what-if-you-just-did-a-startup
5•okaywriting•36m ago•0 comments

Hacking up your own shell completion (2020)

https://www.feltrac.co/environment/2020/01/18/build-your-own-shell-completion.html
2•todsacerdoti•39m ago•0 comments

Show HN: Gorse 0.5 – Open-source recommender system with visual workflow editor

https://github.com/gorse-io/gorse
1•zhenghaoz•39m ago•0 comments

GLM-OCR: Accurate × Fast × Comprehensive

https://github.com/zai-org/GLM-OCR
1•ms7892•40m ago•0 comments

Local Agent Bench: Test 11 small LLMs on tool-calling judgment, on CPU, no GPU

https://github.com/MikeVeerman/tool-calling-benchmark
1•MikeVeerman•41m ago•0 comments

Show HN: AboutMyProject – A public log for developer proof-of-work

https://aboutmyproject.com/
1•Raiplus•41m ago•0 comments

Expertise, AI and Work of Future [video]

https://www.youtube.com/watch?v=wsxWl9iT1XU
1•indiantinker•42m ago•0 comments

So Long to Cheap Books You Could Fit in Your Pocket

https://www.nytimes.com/2026/02/06/books/mass-market-paperback-books.html
3•pseudolus•42m ago•1 comments

PID Controller

https://en.wikipedia.org/wiki/Proportional%E2%80%93integral%E2%80%93derivative_controller
1•tosh•47m ago•0 comments

SpaceX Rocket Generates 100GW of Power, or 20% of US Electricity

https://twitter.com/AlecStapp/status/2019932764515234159
2•bkls•47m ago•0 comments

Kubernetes MCP Server

https://github.com/yindia/rootcause
1•yindia•48m ago•0 comments

I Built a Movie Recommendation Agent to Solve Movie Nights with My Wife

https://rokn.io/posts/building-movie-recommendation-agent
4•roknovosel•48m ago•0 comments

What were the first animals? The fierce sponge–jelly battle that just won't end

https://www.nature.com/articles/d41586-026-00238-z
2•beardyw•56m ago•0 comments

Sidestepping Evaluation Awareness and Anticipating Misalignment

https://alignment.openai.com/prod-evals/
1•taubek•57m ago•0 comments

OldMapsOnline

https://www.oldmapsonline.org/en
2•surprisetalk•59m ago•0 comments

What It's Like to Be a Worm

https://www.asimov.press/p/sentience
2•surprisetalk•59m ago•0 comments
Open in hackernews

Claude Cowork runs Linux VM via Apple virtualization framework

https://gist.github.com/simonw/35732f187edbe4fbd0bf976d013f22c8
120•jumploops•3w ago

Comments

lysace•3w ago
Is there an easy way to do something similar for Claude Code? I'm growing tired of babysitting it to make sure it doesn't do anything bad.

Late adopter. Started last night. Stayed up four hours past my normal bedtime because I couldn't stop. (Ended up "building" a fancy .MOD player for DOS in Turbo C.)

Needed the Max 5x plan after two hours. (The 'Pro' plan should be renamed 'Sampler', made one-time and free with CC details.) Max 5x seems like it can sustain my current appetite.

I very quickly went from thinking it was overpriced (around 100 USD/month) to worrying that this pricing can't last. I think I get about 50 working hours per week with this plan. So, running the numbers I guess the hourly cost is about 50 cents.

cloudking•3w ago
/sandbox https://code.claude.com/docs/en/sandboxing
e12e•3w ago
> The sandboxed bash tool uses OS-level primitives to enforce both filesystem and network isolation.

As I can't trust Claude Code to use a correct shell, I don't know why I would trust this feature.

azuanrb•3w ago
Note that there are reports that it can disable sandbox, so personally I wouldn't trust this.
linkregister•3w ago
From within VSCode, you can run devcontainers, which bind mounts the project's directory into an isolated Docker container. Safe for --dangerously-skip-permissions

https://code.visualstudio.com/docs/devcontainers/containers

mbreese•3w ago
As a note, running devcontainers in VSCode is easy, but not required. There is also a CLI tool that uses the same specifications.

You can install it with brew or npm.

pwagland•3w ago
I assume that you are talking about the [devcontainers LCI](https://github.com/devcontainers/cli) when you say "a CLI"?
mbreese•3w ago
Yes. I probably should have included the link.

I stated using devcontainers through VSCode and find them incredibly helpful. It’s great for me to be able to load up exact coding environments on different computers. But, I only used them through VSCode.

When I wanted to branch out a bit (and especially using coding agents), I started using the CLI version more. I find devcontainers a great way to work with different coding projects and wanted to make sure people knew that there was a way to use them outside of VSCode.

bugglebeetle•3w ago
Tried this the other day and the setup on this is super cumbersome and requires you to constantly rebuild your entire dev and Claude Code environment every time you use a new container, including whitelisting URLs for package managers and the like.
andrewmutz•3w ago
There are techniques to mitigate this. You can reuse containers instead of creating a new one each time. You can mount in directories (like ~/.claude) from your local machine so you dont have to set claude up each time.
raphinou•3w ago
I use agents in a container and persist their config like you suggest. After seeing some interest I shared my setup at https://github.com/asfaload/agents_container It works fine for me on Linux.
giancarlostoro•3w ago
I mean, it depends on what you're doing but I force claude to always commit code every time it finishes a todo. It never seems to stop doing that, so I run it in dangerous mode on Zed. I get to review the code after the fact anyway.
pluralmonad•3w ago
The danger there is not that it commit bad things, but that as part of working the task it gets tricked into sending your env/secrets/credentials to prompt injectors. That would not show up in your commit diff.

Edit: At the very least, I would not allow it to do indiscriminate web searching.

adastra22•3w ago
Why are you running CC with prod credentials.
Someone•3w ago
The risk isn’t that it makes weird commits; it’s that it may decide to clean up stuff and delete more than desired.

- https://github.com/anthropics/claude-code/issues/4331

- https://github.com/anthropics/claude-code/issues/7787

- https://news.ycombinator.com/item?id=46268222

giancarlostoro•3w ago
You can roll back commits
weikju•3w ago
Not for changes made outside of the repo….
giancarlostoro•3w ago
I havent ever seen Claude do that so thats news to me, always asks for permission to go anywhere else.
weikju•2w ago
Sure, it tries really hard not to, but there might be some attack/malware/hidden prompt that does it, one day, out of the blue...
adastra22•3w ago
Not when it deletes .git. Or your home directory.
giancarlostoro•3w ago
Never had that happen but you should always push your commits.
adastra22•3w ago
It has happened. https://news.ycombinator.com/item?id=46268222
bs7280•3w ago
Simon Willison just posted about using claude in fly.io's dev sandboxes. I have not tried it yet but it looks promising.

https://simonw.substack.com/p/first-impressions-of-claude-co...

greggh•3w ago
Use a devcontainer. Claude Code's repo has one built specifically for it:

https://github.com/anthropics/claude-code/tree/main/.devcont...

avsm•3w ago
The Claude Code devcontainer works really well, especially the firewalling script! I had do a bit of GitHub Actions spelunking to figure out how to build binary images (with my own devtools preinstalled), which I wrote up here: https://anil.recoil.org/notes/ocaml-claude-dev

With this I have a nice loop where I get Claude to analyse its own sessions via a cronjob and rewrite my devcontainer Dockerfile to have any packages that I've started using during the interactive sessions. This rebuilds via GHActions and my fresh image the next day has an updated Claude and dev environment in a sandbox.

jmacd•3w ago
Docker desktop has a pretty nice sandbox feature that will also store your CC (and other) credentials, so you don't have to re-auth every time you create a new container.
avsm•3w ago
Funnily enough, we shipped the Docker Desktop VM a decade ago now (experience report at https://dl.acm.org/doi/10.1145/3747525). The embedded VM in DD is much more stripped down than the one in Claude Cowork (its based on https://github.com/linuxkit/linuxkit), and its more specialised to container workloads rather than just using bubblewrap for sandboxing (system services run in their own isolated namespaces).

Given how many products seem to be using this shipping-Linux-as-a-library-VM trick these days, it's probably a good time for an open source project to step up to supply a more reusable way of assembling this layer into a proper Mac library...

realityfactchex•3w ago
Isn't the easy way just a development VM? As in:

Install your OS of choice in a virtual machine, e.g. even hosted on your main machine.

Install the AI coding tool in the virtual machine.

Set up a shared folder between host+guest OS.

Only let the VM access files that are "safe" for it to access. Its own repo, in its own folder.

If you want to give the AI tool and VM internet access and tool access, just limit what it can reach to things it is allowed to go haywire on. All the internet and all OS tools are ok. But don't let this AI do "real things" on "real platforms" -- limit the scope of what it "works on" to development assets.

When deploying to staging or prod, copy/sync files out of the shared folder that the AI develops on, and run them. But check them first for subterfuge.

So, don't give the AI access to "prod" configs/files/services/secrets, or general personal/work data, etc. Manage those in other "folders" entirely, not accessible by the development VM at all.

Is that close?

c0balt•3w ago
Automating this setup is also somewhat easily possible with, e. G., Lima[0] or HashiCorp vagrant[1].

[0]: https://lima-vm.io/

[1]: https://developer.hashicorp.com/vagrant

w0m•3w ago
I'd just do it over a Docker mount (or equivalent) to keep it a bit more lightweight. Can keep the LLM running local; and teach it how to test/debug via instruction files.
mkagenius•3w ago
Did somewhat exactly that for apple container based sandbox - Coderunner[1]. You can use it to safely execute ai generated code via an MCP at http://coderunner.local:8222

A fun fact about apple containers[2], it's more isolated than docker containers as in it doesn't share the VM across all containers.

1. https://github.com/instavm/coderunner

2. https://github.com/apple/container

netcoyote•3w ago
Here are my open-source (MIT) solutions for Mac development:

SandVault [0]: Run AI agents isolated in a sandboxed macOS user account

ClodPod [1]: Run AI agents isolated inside an OSX virtual machine

0: https://github.com/webcoyote/sandvault

1: https://github.com/webcoyote/clodpod

WA•3w ago
Thanks for sharing. Which one do you use for what?
cyberpunk•3w ago
you can also just type “docker sandbox run claude” if you have docker desktop installed (or something along those lines)

edit: it only mounts $PWD

aprilnya•3w ago
Claude Code on web is okay in the meantime if you want to set it loose but not on your own machine.
sirmoveon•3w ago
Maybe not easy or for everyone but you can set a Virtualbox VM running a headless linux of your choice, install directory sharing like samba and your AI agents of choice. Then you can just have multiple SSH sessions to interact with the agents and `tail` logs.
colechristensen•3w ago
I built something to use for myself which is organized workspaces to work on many things with Claude in parallel with the ability to run things in VMs and linked web browsers all contained in one app. I built it mostly driven by trying to work on too many things at once and getting lost in a sea of windows and browser tabs.

It is not at all ready for public consumption (a face only a mother could love, in other words it's a bugridden mess), but I've considered polishing it and releasing it to the public either as open source or for profit.

Most of it is written with Claude and I've run into roadblocks with Claude being able to do too many things at once and am rewriting as several libraries to improve the focus for Claude agents.

zackify•3w ago
I have 30 lines of zsh and I just say "dev1" dev2 etc.

And it makes a new lxd container using my base image. Connects using tmux so I can resume anytime after closing the session.

Its like exe.dev or sprites without much effort if you want to self host.

bigyabai•3w ago
Genuine advice: supplement your Claude Code plan with a GLM Coding plan: https://z.ai/subscribe

GLM 4.7 is not a "Sonnet killer" but it will work just as well for sketching out easier projects, web design and terminal usage. After a while I cancelled my Claude Code plan because I simply didn't do anything that GLM couldn't hammer out equally as well.

Wowfunhappy•3w ago
Well, one very easy way would be to use the web version of Claude Code.
nullishdomain•3w ago
yolobox is the easiest I have found. Basically a batteries included image with a bit of sugar. https://github.com/finbarr/yolobox

`yolobox run claude` launches Claude Code with --dangerously-skip-permissions mode inside of a container with a good set of default tools included.

Jayakumark•3w ago
How about the windows App ?
dijit•3w ago
Is that even a sandbox?

I thought it was just a wrapper around an (old) existing tool that has been infinitely rebranded. Their old "remote desktop" program and some web listing capabilities to launch it in "rootless" mode.

perardi•3w ago
Yes, there is a sandbox.

https://simonwillison.net/2026/Jan/12/claude-cowork/

That’s the point of this gist, and the related blog post.

Also, it’s a bit of a stretch to call Claude Code, which isn’t even a year old…old.

dijit•3w ago
sorry, thought you meant the “Windows App” from microsoft.

https://apps.apple.com/us/app/windows-app/id1295203466

weikju•3w ago
Cowork is only available on macOS for now I think.