alt Hacker NewsI am so sick of the ‘sandboxed’ AI-infra meme. A container is not a sandbox. A chroot is not a sandbox. A VM is also not a sandbox. A filesystem is also also not a sandbox. You can sandbox an application, you can run an application in a secure context, but this is not a secure context the author is describing, firstly, and secondly they haven’t described any techniques for sandboxing unless that part of the page didn’t load for me somehow.
Replies
jakobem • yesterday at 10:44 PM
Didn’t mean to say this is a sandbox, it certainly isn’t, this is just an illustration on how to bridge the gap and make things available in a file system from the source of truth of your application.
There is tons of more complexity to sandboxing, I agree!
➕ show 1 reply
lagniappe • yesterday at 11:09 PM
Please brother may i have some pledge unveil
Wait, can you provide the positive definition for "sandbox" you're relying on here?