frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Codex just found a "workaround" of not having sudo on my PC

https://twitter.com/i/status/2060746160558543217
94•thunderbong•1h ago

Comments

alephnerd•59m ago
This is a classic attack path that was already captured by plenty of EDRs/XDRs/CWPPs a couple years ago.
dangus•56m ago
Right, why is their login user in the docker group? Mine sure isn’t.
unglaublich•53m ago
Convenience. Want to run `docker run ...` without password, want IDEs and agents to be able to run containers...
tempest_•41m ago
For most CRUD apps running in docker its enough to just tell the "agent" to use podman.
awoimbee•41m ago
Use podman then, or rootless docker if you can make it work
oytis•52m ago
Rather, why do people still run agents as their own user. IMO, agent sessions should at least be containerised with just necessary code mounted.
throwaway613746•36m ago
People will more often than not, take the path of least resistance. Even if you tell them it's dangerous they will not care. People run this stuff on their primary workstation, unconfined, with permissions disabled because they don't want be bothered with accepting permission requests. This is all well and good until it decides to drop your production database or delete your home directory. Most of them don't even learn their lesson after that even.
ssl-3•33m ago
Safety and simplicity are concepts that often won't get along very well with eachother.
SoftTalker•3m ago
And containers were initially and primarily about convenience not security. They were a way to quickly launch a preconfigured environment to respond to demand or to eliminate the need to manualy configure dev and test environments and avoid the "works on my machine" phenomenon.
alephnerd•49m ago
Becuase a lot of devs don't know this stuff. There's a reason security engineers (as in SWEs who specialize in securing specific attack surfaces) remain in hot demand.
unglaublich•54m ago
This is why you need either a rootless container setup or user namespaces to remap the container user to irrelevant host users. https://docs.docker.com/engine/security/userns-remap/

Weak that this isn't the default.

fpoling•15m ago
User namespaces significantly rise the risk of exploits and many setups disable them. One may argue that Docker should have used them when they were available, but that would break too many useful setups involving privileged containers.
jjmarr•51m ago
Every time I try to install Docker there's a warning that being in the "docker" group is equivalent to having root access.

You should probably know about this workaround by now.

Youden•44m ago
I think that's distro-specific. Some set it up with more secure defaults (unix socket with permissions), others less (TCP socket).
cpuguy83•29m ago
No, docker access means root. You can use "rootless" mode, in this case it means root in a user namespace (that is not the "host" user namespace).
eddythompson80•25m ago
I don't really know of any distro that doesn't do that. All of Docker Inc. default installs and all of distros I know of don't automatically add you to the docker group. docker.com instructions has the infamous "linux post-install instructions" that explain and walk you though it.

The tragedy is of course that when security and usability collide, 80/20 rule will apply where 80% of people will pick usability over security. I have worked with many with the title >= "Senior Engineers" who saw that page, read the explanation, and still had no idea what the ramifications of their changes were. "Yeah sure it said any user in the docker group will be able to get root on the host, but aren't containers isolated?"

tmaly•50m ago
this is the new GTD
throwawaypath•48m ago
This has been a known Docker "feature" since the beginning, nothing new here. This pattern is used to configure host machines by some tools.
jmole•35m ago
clever girl...
cpuguy83•28m ago
Hold onto your butts.
nialse•34m ago
This was of course dependent on yolo mode, but automatic approval has also been pulling stunts like this. A recent example is data that was purposely kept away from Codex in a folder far far away. When it found a single reference it just went for the data when having an issue. Lesson learned, keep essential data and Codex separated on different machines. Codex remote ssh actually helps here.
eqvinox•21m ago
What in heaven's name is a "folder far far away"?

(It sounds like you put it on an SSD on an extension cord and moved it to the kitchen or something.)

embedding-shape•13m ago
Or, learn your local OS' permission system, have it in a directory right next to your banking credentials (or something even more outrageous) and nothing could go wrong even if you tried to.
dbacar•33m ago
This is one of the main reasons people like Podman. Docker has this "feature" but as far as I remember, it needed some obscure configuration. I guess they don't add it as default as it will break many current setups.
m463•24m ago
That and podman lets you configure away from docker.io.
AlexCoventry•23m ago
Run coding agents in a docker container with limited permissions. FWIW, I run it with

  --cap-drop=ALL
  --pids-limit=4096
  --runtime=runsc
chrisweekly•8m ago
Or put it in a microvm using eg smolmachines.
eddythompson80•22m ago
It would be cooler if the llm said something like:

> I noticed the machine doesn't have copy-fail patched, here is a quick workaround for not having root access for now.

> // TODO: find a better way to do this in the future.

felixgallo•15m ago
You should not be using docker with LLMs. You should be using VMs, which have a much, much smaller attack surface than Docker, and significantly more reasonable defaults.
embedding-shape•12m ago
The "attack vector" people try to protect themselves is "agent edited wrong file", not "LLM blew 0day on escaping sandboxing", containers are more than enough for what stupid stuff agents sometimes try, no need to go for a full-blown VM. Even UNIX permissions would be enough, but I think that's lost knowledge at this point.
fragmede•6m ago
Not if the host's version of .git is accessible inside the container via a bind mount.

Cloudflare Turnstile requiring fingerprintable WebGL

https://hacktivis.me/articles/cloudflare-turnstile-webgl-fingerprinting
328•HypnoticOcelot•5h ago•185 comments

1-Bit Bonsai Image 4B Image Generation for Local Devices

https://prismml.com/news/bonsai-image-4b
171•modinfo•5h ago•62 comments

Dav2d

https://jbkempf.com/blog/2026/dav2d/
347•captain_bender•8h ago•118 comments

Creatine raise brain energy levels and slow Alzheimer's cognitive decline by 30%

https://thesciverse.org/scientists-found-that-the-creatine-supplement-millions-take-for-muscle-ga...
310•MrJagil•3h ago•225 comments

The Speed of Prototyping in the Age of AI

https://darylcecile.net/notes/speed-of-prototyping-age-of-ai
59•mooreds•3h ago•40 comments

Codex just found a "workaround" of not having sudo on my PC

https://twitter.com/i/status/2060746160558543217
97•thunderbong•1h ago•32 comments

United Airlines 767 returns to Newark after Bluetooth name sparks alert

https://simpleflying.com/united-airlines-767-returns-newark-bluetooth-name-alert/
153•Eridanus2•7h ago•229 comments

Re: [PATCH] OOM_pardon, a.k.a. don't kill my xlock

https://lwn.net/Articles/104185/
28•luu•2h ago•19 comments

Restartable Sequences

https://justine.lol/rseq/
120•grappler•5h ago•30 comments

Show HN: Streambed – Stream Postgres to Iceberg on S3, Supports Postgres Wire

https://github.com/viggy28/streambed
13•vira28•1h ago•0 comments

Linux/M68k

http://www.linux-m68k.org/
19•doener•2d ago•4 comments

London's Free Roof Terraces

https://diamondgeezer.blogspot.com/2026/05/londons-free-roof-terraces.html
237•zeristor•12h ago•128 comments

The Website Specification

https://specification.website/
384•k1m•13h ago•164 comments

Steam Deck sells out in North America within 24 hours of price hike

https://arstechnica.com/gaming/2026/05/despite-price-hike-steam-deck-is-already-sold-out-in-north...
22•frutiger•59m ago•6 comments

Having your insulin pump die while you're on vacation

https://blog.lauramichet.com/what-its-like-to-have-the-machine-that-keeps-you-alive-die-while-you...
89•speckx•3d ago•107 comments

'Backrooms' Stuns with $81M Debut

https://variety.com/2026/film/box-office/backrooms-box-office-record-opening-weekend-obsession-ju...
16•mindcrime•42m ago•1 comments

Deflock hits 100k ALPRs Mapped in USA

https://deflock.org/
85•pilingual•3h ago•24 comments

Backpressure is all you need

https://www.lucasfcosta.com/blog/backpressure-is-all-you-need
92•lucasfcosta•7h ago•69 comments

What if remote working, not AI, is to blame for weak junior hiring?

https://www.ft.com/content/2205e2d0-50dc-4e80-9bf7-78d0272276c0
5•uxhacker•2d ago•2 comments

Daily pill can double survival time for deadliest cancer, trial shows

https://www.theguardian.com/society/2026/may/31/daily-pill-daraxonrasib-double-survival-time-panc...
109•c-oreills•4h ago•20 comments

FROST: Fingerprinting Remotely using OPFS-based SSD Timing [pdf]

https://hannesweissteiner.com/pdfs/frost.pdf
31•simjnd•6h ago•12 comments

Security Envelope Pattern collection – S.E.C.R.E.T

https://secret-archive.org/
76•ColinWright•2d ago•8 comments

Websites have a new way to spy on visitors: analyzing their SSD activity

https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-the...
39•Brajeshwar•3d ago•13 comments

I put a datacenter GPU in my gaming PC

https://blog.tymscar.com/posts/v100localllm/
212•birdculture•6h ago•139 comments

You weren't meant to have a boss (2008)

https://paulgraham.com/boss.html
91•downbad_•7h ago•94 comments

Show HN: Atomic Editor – Obsidian-style live preview for CodeMirror 6

https://kenforthewin.github.io/atomic-editor/
37•kenforthewin•7h ago•11 comments

Telli (YC F24) is hiring in engineering, design, and GTM [Berlin, on-site]

https://hi.telli.com/join-us
1•sebselassie•13h ago

A Gentle Introduction to Lattice-Based Cryptography [pdf]

https://cryptography101.ca/wp-content/uploads/lattice-based-cryptography.pdf
155•jayhoon•2d ago•16 comments

One year of Roto, a compiled scripting language for Rust

https://blog.nlnetlabs.nl/one-year-of-roto-the-compiled-scripting-language-for-rust/
104•Hasnep•2d ago•26 comments

Avian Visitors

https://theodore.net/projects/AvianVisitors/
108•fdb•13h ago•12 comments