frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

From Eurovision to NATO, Canada Edges Closer to Europe

https://www.newsweek.com/eurovision-nato-canada-edges-closer-europe-12181443
1•doener•13s ago•0 comments

GLP-1 implant is the latest bet to help patients maintain their weight loss

https://www.cnbc.com/2026/07/11/glp-1-implant-from-vivani-medical-aims-to-help-patients-stay-on-t...
1•gscott•3m ago•0 comments

Woodruff: You shouldn't trust trusted publishing

https://lwn.net/Articles/1081690/
2•jruohonen•3m ago•1 comments

Extension that replaces clickbait YouTube thumbs and titles via transcript

https://chromewebstore.google.com/detail/face-value/kogpodijhdpkdnahicgmnncdibiagkge
1•victor805•5m ago•0 comments

Trump says the US controls the Strait of Hormuz and should get paid for it

https://www.reuters.com/world/middle-east/trump-says-us-will-control-strait-hormuz-get-paid-it-20...
2•justacrow•5m ago•0 comments

From A.I To The Deep State, Michel Foucault foresaw it all

https://www.nytimes.com/2026/07/10/books/review/michel-foucault-ai-tech-power.html
1•bryanrasmussen•6m ago•1 comments

There Are Databases Everywhere for Those with the Eyes to See

https://buttondown.com/jaffray/archive/there-are-databases-everywhere-for-those-with-the/
1•ibobev•6m ago•0 comments

Build email automation in n8n that works – MailKite

https://mailkite.dev/blog/n8n-email-automation-webhook/
3•gabe_karina•7m ago•0 comments

The art and engineering of Sega CD Silpheed

https://fabiensanglard.net/silpheed/index.html
3•ibobev•7m ago•0 comments

Auth and Curl

https://taonaw.com/2026/07/10/auth-and-curl.html
2•speckx•8m ago•0 comments

Joys of cancelling a TBB task group

https://aras-p.info/blog/2026/06/28/Joys-of-cancelling-a-TBB-task-group/
2•ibobev•9m ago•0 comments

Show HN: Harpist – convert any website into a refined and documented API

https://harpist.site
2•sarreph•9m ago•0 comments

Omarchy 4 concerns, am I the only one?

3•shivc•9m ago•0 comments

Codex GPT 5.6 Sol Reduced to 258K Context Window

https://github.com/openai/codex/issues/32806
3•ex1box•9m ago•0 comments

Dell sued by Finnish company over $70M price increase for data centre servers

https://www.irishtimes.com/crime-law/courts/2026/06/15/finnish-company-sues-dell-over-70m-price-i...
5•Hamuko•9m ago•0 comments

Software freezes and energy powers on as US PE deal value falls 38% in Q2 2026

https://pitchbook.com/news/reports/q2-2026-us-pe-breakdown
2•toomuchtodo•11m ago•0 comments

LLM Honeypots: The Perfect Use for LLMs

https://alec.is/posts/llm-honeypots-the-perfect-use-for-llms/
2•arm32•11m ago•0 comments

Z.ai founder backs open-source AI as global security debate intensifies

https://www.business-standard.com/technology/tech-news/zhipu-founder-backs-open-source-ai-as-glob...
3•theanonymousone•12m ago•0 comments

Sysdig documents the first ransomware attack run end to end by an AI agent

https://www.yacnews.com/sysdig-documents-the-first-ransomware-attack-run-end-to-end-by-an-ai-agent/
2•ortr•12m ago•0 comments

Show HN: Hackney – Compare Uber, Lyft, Waymo, and Robotaxi Prices

https://hackney.app/
2•griffinli•12m ago•0 comments

Salience-Driven Development

https://www.wespiser.com/posts/2026-07-13-salience-driven-development.html
2•wespiser_2018•13m ago•0 comments

Tikos – Turn any study material into a question bank (local-first, open-source)

https://github.com/Dawnfz-Lenfeng/tikos
2•Dawnfz•18m ago•0 comments

The Death of Open Channels

https://doerpmund.com/musings/death-of-open-channels
2•felixdoerp•19m ago•0 comments

Precursor

https://blog.cloudflare.com/introducing-precursor/
9•AznHisoka•20m ago•2 comments

Indian scientists are mapping the brain's last frontier

https://www.bbc.com/news/articles/cg53l737v1qo
2•akbarnama•22m ago•0 comments

Sydney MP pushes to bring human composting to Australia as burial costs rise

https://www.abc.net.au/news/2026-06-25/sydney-mp-alex-greenwich-human-composting-bill-explained/1...
2•speckx•22m ago•0 comments

LinkedIn, a mass grave of ghost jobs, is now becoming a dating app

https://www.sfgate.com/tech/article/linkedin-dating-app-22340622.php
9•bookofjoe•22m ago•3 comments

Red Hat will support your RHEL forever now – for a price

https://www.zdnet.com/article/red-hat-enterprise-linux-forever-support/
3•CrankyBear•23m ago•0 comments

There's no way this bond market can fund the markets needs without higher yields

https://www.youtube.com/watch?v=W-Dxpp9YG3s
4•root-parent•24m ago•0 comments

Detained by settlers, US Democrat Ro Khanna now faces pro-Israel attacks

https://www.aljazeera.com/news/2026/7/12/detained-by-settlers-us-democrat-ro-khanna-now-faces-pro...
11•speckx•26m ago•0 comments
Open in hackernews

Show HN: Clawk – Give coding agents a disposable Linux VM, not your laptop

https://github.com/clawkwork/clawk
44•celrenheit•58m ago

Comments

prairieroadent•35m ago
why not just a docker container
matheusmoreira•5m ago
Because that means you are sharing kernel with the sandboxed agent. Virtualization presents an infinitely smaller attack surface.
ebeirne•29m ago
love what youve done here. i will be using this in the future.
matheusmoreira•28m ago
> clawk forward add my-project 3000

> clawk network allow my-project api.example.com

Can you describe the implementation details? How did you implement the firewall without root?

I vibecoded virtdev, a virtual machine orchestration project just like this one:

https://github.com/matheusmoreira/virtdev

It was designed to not require root, and the nftables firewall ended up becoming the only exception. I'm very curious about how you implemented this. Did you find a better way?

celrenheit•9m ago
Thanks! There's no packet firewall at all, no iptables/nftables. On macOS the VM's NIC is a Virtualization.framework file-handle device. The daemon runs gvproxy, which terminates the guest's connections and re-dials them as host sockets, so I filter with an allow-list right before the dial. One caveat, since you asked about root specifically: that's the macOS path, and it only works thanks to the fd NIC. Firecracker on Linux only speaks a TAP, which needs root, so there I do shell out to sudo, but just for the device. The filtering is still the same userspace allow-list.
bitwize•26m ago
Errbody gangsta until the agent figures out it's in a container and finds an exploit that lets it break out of container jail...
matheusmoreira•24m ago
I developed a VM project just like this one. Asked Fable to stress test it and try to break out of containment, and to my surprise it didn't manage to. Fable didn't get downgraded to Opus either, for some reason.

Would have thrown Mythos at it if I had access to it.

arcanemachiner•10m ago
Isn't Fable just Mythos + guardrails? Sounds like you did throw Mythos at it.
bad_haircut72•26m ago
Sprites from Fly io does this beautifully, claude comes preinstalled, its great
daitangio•24m ago
I am developing a super light similar thing here

https://github.com/daitangio/take-ai-control

It is docker + vscode friendly. I tested it with major systems (copilot, codex, Claude Code and pi.dev) Comments Wellcome!

felooboolooomba•23m ago
I use mkosi: https://github.com/systemd/mkosi

Which is just a front for systemd-nspawn. It's annoying you have to edit the config.nspawn to mount a directory if you start it with the "shell" command, instead of booting. But apart from that, it's brilliant.

NortySpock•14m ago
Have you seen https://news.ycombinator.com/item?id=48892015 and yoloai? https://github.com/kstenerud/yoloai

Seems like both projects are following very similar approaches.

guywithahat•8m ago
Funny that they're both written independently and in Go. Sometimes there's just a best way to do things I guess
rvz•12m ago
This is like the 30th AI sandbox project on Show HN. Why this one over the rest?
vqtska•10m ago
I still don't understand the point of all these VMs and containers for agents. Just create a separate user on your machine without sudo privileges, switch to it in your terminal and run all the agents you want without it being able to reach your files. What am I missing?
altcognito•8m ago
In a corporate environment they may not have that option
bheadmaster•8m ago
VMs and containers are fairly isolated and reproducible. A separate user on your machine still depends on the programs installed locally.
bpavuk•7m ago
you can also simply use Landlock and bwrap on Linux. Pi even has a plugin for that https://pi.dev/packages/pi-landstrip
petesergeant•4m ago
am I doing that once per project, or?
3form•3m ago
Well, for one, Debian and Debian-based distros make your home directory readable by everyone by default.

Security is riddled by traps. If you can afford best possible level of isolation, why not do it?

kstenerud•10m ago
yoloAI does something similar:

- Sandbox on Linux using Docker, Podman, containerd, gVisor, Kata, Firecracker

- Sandbox on Mac using Docker, Podman, Apple containers, Seatbelt, Tart (Tart lets you run simulators).

- Network restriction

- Secrets control (file mounts or credentials broker)

- NO ambient data (ENV is replaced with a minimal, local-to-sandbox one, no host-side filesystem access beyond what you explicitly allow)

- Workdir protection: Your work dir is never modified until you apply the changes, either standalone or as a git commit. You can also diff before applying.

- Uses copy-on-write if your filesystem supports it (most modern ones do)

- Has built-in support for claude, codex, gemini, aider, and opencode, but you can also launch it in "shell" mode and run whatever you want.

- Supports VS code tunnels, so you can remotely access in VS code if you don't want to use the terminal.

- Full lifecycle support: Launch, attach, stop, restart, wait, one-shot, clone, destroy

- MCP passthrough

- FOSS

https://github.com/kstenerud/yoloai

anoop_kumar•9m ago
why not just use something like smol VMs? So many VM's and I am confused on which one to use for what. I think we now need a VM orchestrator!
htrp•8m ago
how does this compare with the aws lambda microvms?
petesergeant•4m ago
Yet another one, only I wrote this one, so I prefer it: https://github.com/pjlsergeant/byre
aftbit•4m ago
Does Codex run its own sandbox? I see that sometimes it runs commands without asking, which then fail for some reason, and it asks to run them again "outside of the sandbox"
matheusmoreira•3m ago
You're missing the fact you'd be sharing a kernel with the sandboxed agent. Virtualization presents an infinitely smaller attack surface.