undefined

points

[-]

>does this limit the agent's ability to run standard Linux tooling? Or are you relying on the AI to just figure out the BSD/macOS equivalents of standard commands?

Slightly counterintuitively, Apple Containers spawns linux VMs.

There doesn't appear to be any way to spawn a native macOS container... which is a pity, it'd be nice to have ultra-low-overhead containers on macOS (but I suspect all the interesting macOS stuff relies on a bunch of services/gui access that'd make it not-lightweight anyway)

FYI: it's easy enough to install GNU tools with homebrew; technically there's a risk of problems if applications spawn commandline tools and expect the BSD args/output but I've not run into any issues in the several years I've been doing it).

by selkin18 hours ago|

prev|

[-]

Not sure if it's intended, but Apple Container is a microvm, providing mich better isolation than containers (while retaining the familiar interface)

by TheDong15 hours ago|

parent|

[-]

"much better isolation than containers"

If you've got an exploit for docker / linux containers, please share it with the class.

What I'm saying is that in practice, containers and VMs have both been quite secure.

Also, you can configure docker to run microvms too https://github.com/firecracker-microvm/firecracker-container...

by selkin3 hours ago|

parent|

[-]

We want to protect against the unknown, not the known. The less surface area, the better, and containers have much wider surface area than VMs. Both had their faults, of course.

by ohyoutravel21 hours ago|

prev|

[-]

[flagged]

by reassess_blind19 hours ago|

parent|

[-]

What makes you think it's an AI comment?

by yomismoaqui19 hours ago|

parent|

[-]

Maybe what you are responding to is the AI comment? Or am I?

by cadamsdotcom20 hours ago|

prev|

[-]

If only there were some way to answer your own question. Maybe with some kind of engine that searches.