If anyone's looking to sandbox network, I've had good experience with pasta [1] networking. I make a pasta+bwrap sandbox and expose only specific services via local sockets to cross the boundary.

[1]: https://passt.top/passt/

One bad npm package can really ruin your day. These things for me only run in their own VM with it's own GitHub account and basically nothing else

I keep telling folks that they need to imagine LLMs (even "local" ones) as if you're farming it out to JS code running on some dude's browser somewhere: It can't keep a secret, and a determined person can make it emit anything they like.

We need to be asking what the most devious and malicious output could be, and whether what we do with that output (e.g. arguments to command-line tools) would still be safe.

I use a separate physical machine and a scoped token with access to a single repository at a time, and even then I worry about what hole I may have left open.

The general carelessness of the average user is baffling.

[flagged]