Most of us install Docker just to run a project locally, and is part of a long checklist of things to install. We can't expect everyone to be an expert on the hundreds of apps/tools/packages that get installed on a machine. It's like expected people to read, and understand, all the terms of service shoved in front of us on a daily basis.

That's why adding your user account to the docker group is a separate step that explicitly does not happen as part of the installation: https://docs.docker.com/engine/install/linux-postinstall/

> Warning

> The docker group grants root-level privileges to the user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.

wait so just being lazy and using sudo on Docker commands instead of figuring things out actually means I'm being safer? awesome.

funily less is often more in security while ur devving. but its best to be aware rather than lucky :p

No, because a malicious AI agent could just replace the sudo binary in your path with one that collects your password and uses it to execute arbitrary code as root. Nothing short of sandboxing everything or just never using AI agents or proprietary software will prevent this.

Once I noticed that models will treat lack of superuser access as an obstacle I moved all of the agent crap to its own machine. Watching some mid-tier offering chain together tools like its a gorilla escaping the zoo and I'm just not going to deal with that situation.

I'm more worried about my `~/.aws` and `~/.ssh` folders. People who use IDE-based AI tooling with IDEs that support dev-containers have no excuse for not leveraging dev containers, both for preventing agents losing your data and defending against secrets-harvesting supply-chain attacks

Using containers as a security boundary is inexcusable.

That entirely depends on one's threat-model. Also, containerization is 100x better than rawdogging.

It is excusable if all you care about is blocking sudo access while letting the ai use a pseudo sudo.

Could you elaborate on this?

It's why all of my agent run in a vm. I refuse to have it run on my own machine. Claude code once managed to render the vm unbootable, I was back in action 5 minutes later after regenerating the vm

What were you trying to tell it to do?

I recently took the risk there by having it run xattr commands to fix some MacOS bug with Tahoe that broke auto update for what seems like all software.

My agent has access to my email, my messages, my work, my finances, my life. But thank god it doesn't have access to root on my machine.

As always. XKCD: https://xkcd.com/1200/

Sigh. What ever happened to the principle of least privilege and why arent we applying it to AI agents. They ought to be locked in a box and not capable to act outside designated task.

If malicious AI has replaced the sudo binary, then it can already run arbitrary code as root. No need to "collect your password" then

It could just alias sudo on your ~/.bashrc. No need to replace the actual file on /usr/bin/sudo or wherever you have it. I would only need to be able to run arbitrary code as you.

> Nothing short of sandboxing everything or just never using AI agents or proprietary software will prevent this.

Using open-source (non-proprietary) software won’t necessarily save you either. XZ is open-source and it was basically dumb luck that we weren’t all infected. Same with the myriad exploits to NPM.

This feels like using Docker is just inherently unsafe.

The fact that Docker is unsafe was one of the core motivations for Podman.

Was gonna say, "why not podman?"

No, using AI tools not in an effective sandbox is inherently unsafe.

Both can be true.

That’s what rootless docker is for

rootless docker's networking (slirp4netns) is still terribly buggy and in edge cases often locks up using 100% CPU until you discover that your laptop is a lapwarmer and kill it

I found it pretty reliable and use it across all my docker projects, development and production.

Yes, that's why they warn you about it.

This feels like using sudo is just inherently unsafe.

This but unironically. There's no way to ensure that nobody overwrote your .profile or .bashrc with a backdoored sudo that steals your password, or runs your command and then runs an evil command afterwards.

`which sudo`?

`/usr/bin/sudo`?

If they can override sudo, they can override which.

Then use the absolute path.

if you use \which it'll always be a shell built-in ;) though someone can put a different shell in your .zshrc

  $ which() { echo foo; }
  $ \which
  foo

The backslash only prevents alias expansion.

`exec /tmp/fake-bash` in bashrc to intercept everything?

It is. That's why SELinux and AppArmor were invented.

Instead of having "root" and "user", both of these provide sets of permissions that can be granted to apps.

In this case, SELinux would've stopped this. Codex could've still relabelled the files when mounting but this can be blocked for sensitive directories like /etc.

This feels like using a computer is inherently unsafe.

On the plus side, once we outlaw them we'll shut down the ability for conspiratorial thinking to spread easily and the world will slowly heal from the last couple of decades (the previous one in particular).

Hooray! We're finally doing something about the harms of social media. Smash your computer today!

Safety meeting. Nobody works, nobody gets hurt.

I think we're only a few decades away from these things being said unironically.

It's already here, mobile OSes are just computers with ton of guardrails and you can't do whatever you want with it, for the sake of security. I mean we almost got an Android where you can't install the APK you want.

Where's that guy with the ButlerianJihad username when you need him?

Well in 2026 most likely this step was also done by an agent with --dangerously-skip-permissions

And containers were supposed to make things safer ...

Huge design mistake if you ask me.

i don't see how it's a design mistake, linux allows more footguns in general to not decrease utility. Allowing you to manually give root prompt access (with warnings!) to a non-root user is one of them.

you can also just not run docker as root and not add normal users to the docker group

> And containers were supposed to make things safer ...

No. Containers are a slight improvement over the .tar.gz software distribution method we had a few decades ago.

(And I mean "slight" literally - a Docker container is just a .tar.gz with a bundled bash script that runs in a chroot.)

That's true, the majority of people probably install software without much thinking; but it's also true that it's always better to have at least some high level understanding how the specific piece of software works. What access the given software has, will it send something over the network or work locally; that kind of stuff.

As for Docker, I would assume everyone who ever tried to bind-mount a volume for writing from inside the container (on Linux*) then were surprised to see root-owned files in their bind-mounted directory. For me personally, that was the moment I realized that containers, by default, have root access to the filesystem. No written warning serves better than the need to chown some root-owned files.

* Not on macOS. On macOS Docker basically runs in a VM, and there's no root access to the host filesystem from what I understand.

[edit: formatting]

Docker relies fundamentally on the Linux kernel. Since macOS does not have a Linux kernel, you have to run Linux in a VM first and then run Docker on top of that.

So, you may get filesystem access inside the VM. Breaking out of the VM may be a different matter.

Precisely. There is nothing preventing you from doing the same in Linux: rather than installing docker, install docker on a Linux VM (ie. using KVM).

Conversely, docker containers don't actually exist on MacOs. Docker desktop is merely a way to emulate docker on apple hardware.

Most people buy scissors just to cut some paper. We can't expect everyone to recognize that they are sharp.

To be fair, I struggled since forever to understand this root group thing and didnt bother to add to docker group. This workaround give me a better understanding, like seeing someone cut themselves on a scissor

Man no wonder ai wows a lot of HN posters. This can't be the default attitude of developers today.

If you’re a software engineer then yes, I can and do expect you to understand all that.

The very basic thing about software engineering is to know what the f you're using to build your project. You don't need to be an expert but if you're blindly installing whatever you want on your machine from a "checklist of things to install" without absolutely having no idea what the things being installed are, it is 100% on you. You don't need to be an "expert" to understand this, you need to be "somewhat competent," and that is a very low baseline tbh.

> Most of us install Docker just to run a project locally

There's your mistake.

(Akshually using Docker is the real mistake, but that ship has sailed, no fixing these people now.)

  > Most of us install Docker just to run a project locally

If you're on linux can I encourage people to move to systemd?

I'll admit, systemd is a bit more annoying, but the main annoyance is that there aren't the pre-built images that you can just set and go. That same capability exists with systemd (via `importctl` and `machined`), but those configurations don't already exist. But on the plus side, I've been working with systemd since pre-LLM days and I feel that they are pretty good at dealing with these configurations[0]. Now, with that out of the way...

Systemd already is working with your OS. So you get nice things like virtual machines (`systemd-vmspawn`), containers (`systemd-nspawn`), and portables[1] (`systemd-portabled`) (not to mention `homed`!). I've found these to be fairly easy to setup and quite natural if you're already used to the linux ecosystem. I've never been great at docker, but these have felt much more natural to me. So different strokes for different folks. There's definitely a learning curve, but that's also true for docker or any other container system. Importantly, I find security easier to handle with systemd because I can use `systemd-analyze` and the control settings are almost identical across VMs, spawns, and portables. So makes for less learning and greater control.

Definitely not for everybody, but I think is also a tool that's underappreciated.

[0] And I don't feel this way about bash scripting! The advantage here is that these systemd configuration files are fairly boilerplate. Enough that I stash templates in my dotfiles and copy paste them when I build new services, timers, machines, whatever. So perfect type of LLM task. 90% of the time. But hey, we're also on HN and I'm talking to the nerds. Systemd isn't for everyone

[1] https://systemd.io/PORTABLE_SERVICES/ also see https://github.com/systemd/portable-walkthrough Portables are actually often what people want with what they're doing with docker.

EDIT: I very frequently will spawn a machine to run a program that's on a different base distro. Not because I can't run/don't know how to run debs or rpms on arch based distros (I do), but because frankly, it is often easier to just spawn a container after I've already made the first image (cloning images is trivial).

I too have learnt to like systemd.

But what is the relevance here? In what way is it a replacement for docker?

  > In what way is it a replacement for docker?

Look at the man pages for `machinectl` (then `systemd-nspawn`, `systemd-vmspawn`, and if you want `systemd-portabled`). This is a replacement for docker.

These are container tools offered by systemd.

The problem is that the tooling for creating, importing, and managing images is not as good with systemd vs Podman/Docker. There's also no clear path to import images from the Docker ecosystem, at least as far as user experience goes. I know how to do it, but the number of extra steps involved always drives me back to Podman.

I don't really find them that bad but I'm still going to maintain my "different strokes for different folks" position. Might be bad for you and good for others. More options isn't a bad thing

The systemd suite of container tools treat containers like mini VMs and expect a full init system. They are not designed for ephemeral single-process app containers like docker containers.

podman is supposedly a replacement for docker.

There's plenty of container technologies and I'd be happy to see more of them used. Podman isn't for me, but it is a great option for others. Regardless, I think it is relatively unknown that systemd can be used for creating containers.

> coming from a finance background, I didn't find the book in general to be particularly insightful

Because you already knew that stuff, or because it's wrong?

Info like this is useless without context like, how much revenue does the company earn? How many engineers do they employ? etc.

to grok or from?

I wouldn't normally side with a cable company, but they're up against Sony Music, so I'll allow it. See: https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...

I don't know maybe just be worried instead about being on the side of justice and what is right and not be so worried if that side has people you don't like on it.

a lot of people determine what is right by who is on that side - the right side is the group that they identify with, and the wrong side is the group they dislike.

And you get the hilarious (if not sad) situations often, where the exact same actions is wrong if committed by one group, and right if done by some other group.

Maybe I dislike a party because they're wrong, not that I think they're wrong becuase I dislike them? I usually don't have any reason to like or dislike a party until I see behaviour.

Some people think that justice should be blind, and that’s long been an ideal in the US.

I'm just so sick of people in our tribe who REFUSE to ever name their enemies. We're doing everything in good faith against people who hate us and want us to die. It's silly, and standing on some principle of equality while we continually lose over and over is sad to watch

It's a matter of integrity. Support or oppose whoever you like, but if you change your principles based on the person in question, then you don't have principles at all.

Are you pro or anti touchdown? Do you support or oppose winning? Is supporting my allies winning and enemies losing wrong?

Why not, people are different and principles can account for that. It might mean that your alignment isn't fully lawful.

What happens is that it takes the form of attributing bad things to enemies and good things to allies, such that you are blind to where your allies are not your allies. If your allies are acting opposed to your interests but you like them because they signal to you as an in group, then you are being fooled by them. Thus, it is good to actually evaluate things on their merits once in a while.

The "blind" ones are people like you! doing everything in good faith against people who aren't and fundamentally oppose you and your existence. Foolish!

It is only foolish if you would be happier as a cynic.

Sitting down at a table to play poker and refusing to acknowledge the rest of the players are trying to take your money isn't "avoiding cynicism" it's just being a mark

But approaching every social interaction as a zero-sum game where you are competing with others is not only cynical but exhausting and makes one unbearable to be around. If you want to do that, then I guess you will be in good company hanging out with the bad-faith liars you feel are worth destroying your own values to combat.

have fun continuing to lose in a noble fashion

Support your allies, yes.

Think everything they do is right? Hell no.

And every once in a while you need to check if your list of allies should change.

doesn't that undermine the entire reason to have laws? if they are really just excuse to punish our enemies and reward our friends, why even bother with the pretense of a trial?

The reason we have laws is to protect the powerful from mobs right?

Laws protect interests of the ruling class. If interests are insufficient reason, then what is sufficient?

It leads to keeping the bad people on your "side" just because they share some of the values

> It takes a certain kind of educated liberal bubble to think that is "hilarious"

No, the hilarious part is that the "educated liberal bubble" will do exactly that thing, and then wonder why everyone else is seeing them as crazies; because they'd rather side with bad actors on their side purely because other side is attacking them, no matter the reason.

And of course, not only them. It's natural human herd behavior. And it leads to absolutely terrible end results

The crime is the crime. No matter the leaning of the criminal

Its "valid" to do anything in this context weirdo, it isnt like a veridical thing!

"It is valid to love my mom, even when she makes me clean my room. This is the thing liberals will never understand."

Don't you have some "cathedral" you gotta go neckbeard on about somewhere else? Perhaps a divorce court hearing?

Wow you got my demographics and political opinions wrong entirely! We almost certainly vote for the same people. I'm just so sick of people in our tribe who REFUSE to ever name their enemies. We're doing everything in good faith against people who hate us and want us to die. It's silly, and standing on some principles while we continually lose over and over is sad to watch

> not be so worried if that side has people you don't like on it.

I think the point is that they don't like Sony music because they are so often on the wrong side, this time included.

Presumably the parent’s objection to ISPs and copyright cartels is precisely that they are so frequently (and to such a large degree) unjust. FWIW, I don’t think the parent’s objection was subtle about that point, I’m frankly not sure how it was overlooked.

Frankly, I don't see how you can't parse that their point, as written, is "I'm on the side of bad guy A because bad guy B is worse than bad guy A" which is completely orthogonal to "A is in the right and B is in the wrong".

If you look at the whole scenario, this will mean that Cox won't pass $1 billion dollars of punitive fines off to their customers, because, after all, the customers generate the money.

In reality, this would have made their innocent customers pay for the crimes of their guilty customers and made both Sony, and in the long run, Cox richer, because once paying an extra $5/month becomes normalized, then there's no way they're going to go back down in price just because the fine is paid off, any more than the government will ever stop charging tolls on a toll bridge that was paid for by tolls no matter how many times the cost of the toll bridge is paid off.

I said "allow it". It was mainly about my feelings. I can feel what I want. It also just so happens that Cox was in the right and Sony Music was in the wrong.

Because I'm a native English speaker and "worse" is definitely not orthogonal to "in the wrong".

It really has nothing to do with Sony as such though. This is a common finding; 9:0 is also a clear message. If service providers are held accountable then arms producers also have to be held accountable. Or politicians who drive up prices via racket scheme such as a certain guy using orange powder on his wrinkly face. Someone is stealing money from stock exchange - that is also becoming increasingly clear from the trading pattern. Krugman pointed this out not long ago, without naming anyone specifically but I guess we can kind of infer who was meant.

It's always seemed fundamentally flawed to me that the exchange laws are designed to prevent people benefitting from insider information but then the entire purpose of the stock exchange is to make money by leveraging information asymmetry to make choices other rational actors wouldn't make because you have more knowledge or data than they do.

It's a very "leverage your info to make money no wait not like that" scheme. I think I just don't understand what the difference is between an insider who sits on a board (illegal) or has a nephew who's an SVP at the company (illegal) and a politician setting the laws that shape the whole industry (legal apparently?) or gets tips from same (legal apparently?).

> I think I just don't understand what the difference is between an insider who sits on a board (illegal) or has a nephew who's an SVP at the company (illegal) and a politician setting the laws that shape the whole industry (legal apparently?) or gets tips from same (legal apparently?).

This example is just standard issue corruption. Politician gets to exempt themselves, so they do.

> It's always seemed fundamentally flawed to me that the exchange laws are designed to prevent people benefitting from insider information but then the entire purpose of the stock exchange is to make money by leveraging information asymmetry to make choices other rational actors wouldn't make because you have more knowledge or data than they do.

Insider trading laws are designed to prevent people that can affect business outcomes from benefiting by affecting those outcomes. For example, a senior executive screwing up a crucial delivery to gain money from short positions.

The idea is society benefits from the assumption that all executives are ideally holding long positions on their business.

The problem with insider trading is that incentivises people with power to do unlikely things with that power because private knowledge of the upcoming unlikely event is unusually profitable, especially if it is destructive. This ship may have sailed.

That's why i would rather see insider trading made legal, but transparent.

Instead of quarterly filings, if you are considered an insider (or is affiliated with one), you are required to have your trades be instantly reported and be public the nanosecond you make them. You are allowed to make use of the insider info, as long as you adhere to these transparency measures.

> ...you are required to have your trades be instantly reported and be public the nanosecond you make them.

That doesn't do anything at all to remedy the situation. Better would be to require trades by insiders (and the particulars of those trades) to be locked in and publicly announced at least seven calendar days in advance. You need not announce the reason for the trade, but you must announce the amount of whatever it is you're selling and/or buying and the date at which the transaction will happen.

Yes, I'm aware of the whole "scheduled stock sale" thing that folks at a certain level have to do when trading in the stock & etc of the company they work for. IMO, that should be mandatory for all employees and their families.

It makes more sense when you realize that insider trading laws came after it was a problem, not before.

Before the insider trading laws, the stock market was much more volatile and was more akin to gambling for people out of the know. For people in the know, it was an easy way to extract wealth from those on the outside just looking at the numbers and publicly available information.

I don’t think the American right wing has any concerns about being perceived as inconsistent. They will reverse their positions overnight if it suits them, as they have illustrated every week for since the start of 2025 (most recently “no new wars / america first” to cheerleading the war in iran.

Cox cable pays legislators to limit people’s access to wired broadband internet service at their home (by banning government internet utilities), allowing them to charge higher prices due to having a monopoly. And they provide substandard asymmetric broadband because their customers have no choice.

Proof: compare the quality and price of their service in neighborhoods with access to fiber to the home as opposed to just having access to Cox via coaxial cable.

I realize I'm in the minority but I side with whomever I think is right under the law, regardless of my (sometimes extreme) feelings about the parties and even about the law.

A case only reaches the Supreme Court if there is confusion over who is right under the law. The Supreme Court decision itself is not a definitive guide to which side is right under the law, as they’ve overturned themselves multiple times. So how do you decide which party to side with?

Your view on the law seems a bit alien to me. My opinions on what the rules of the law should roughly look like, are largely independent of who specifically is involved in a legal dispute. Sure I guess if Hitler was being sued and the only way to stop him was this lawsuit by Sony, I would probably concede that on balance it's better to have a slightly worse legal standard around copyright. Otherwise, I think having a law that best reflects my moral views and creates the best incentives for society in general, far outweighs how i feel about the plaintiffs.

As for how I arrive on my views, it's obviously not an entirely rational process, but the rules you get from viewing property rights and self-ownership as fundamental seem to lead to the most preferable outcomes to me. If I were forced to adopt a more deontological philosophy, it's also the one that has the fewest obviously absurd conclusions, though not entirely. From this it's, in my opinion, pretty obvious to be skeptical of copyright law more generally (Ayn Rand would disagree) and therefore I welcome any precedent that weakens it.

I just told you: I side with whomever I think is right under the law.

And your first sentence is not remotely true--or rather, it is quite conceptually confused. Whose "confusion" are you talking about? Not mine, generally. There are of course disagreements about which side is right under the law, but often those disagreements are a result of bad faith--take just about every case Trump has ever appealed up to the SCOTUS. And many of the decisions made by the current crop of right wing ideologues on the Court are made in bad faith, especially Alito, Thomas, and Gorsuch, in that order of corruption. Many of the "disagreements" are based on bogus "textualism" and "originalism" frameworks that are applied completely ad hoc and hypocritically and were invented by conservatives solely in order to provide them with a basis for making rulings based on their ideology (the historical record is quite clear on this).

Anyway, the point was that I decide based on my view of the law, not who the parties are. Since you seem to completely miss the point, have poor reading comprehension, and are just adding muddle, I won't comment further.

Right. The law is an objective concept, so clear that there can be no confusion, and even apparent disagreement with your objective perception is really just people lying. I’m not missing your point, you’re just disagreeing with mine.

So many strawmen. The only lies here are about what I said.

> The law is an objective concept

I didn't say that or anything like it and I don't believe it.

> so clear that there can be no confusion

I didn't say that or anything like it and I don't believe it.

> and even apparent disagreement with your objective perception is really just people lying.

I didn't say that or anything like it, said nothing about having "objective perception", and said nothing about disagreement with this nonexistent thing, and said nothing about anyone lying.

I made no claim to objectivity, said nothing about clarity of law, or anything else that you're dwelling on here, only that I make decisions based on my own understanding--my phrase was "I think". And yes, you did miss or ignore my point and continue to ignore it while inventing supposed points of mine that have nothing to do with me (further instances of "have poor reading comprehension, and are just adding muddle"). My only point was that who I side with isn't based on what I think of the parties involved.

And what point of yours am I disagreeing with? You said

> A case only reaches the Supreme Court if there is confusion over who is right under the law.

This is factually false, as I and others pointed out. This is all I disagreed with. It's also not relevant to what I had written ... I'll stipulate it to be true if that helps. It's certainly true if "only" is replaced with "sometimes". As I noted, there is typically disagreement about who is right under the law, but "confusion" need not be present. Sometimes SCOTUS--especially this SCOTUS--invites cases from parties they are ideologically aligned with just so they can reinterpret the law to agree with their preferences. Of course, the other party normally disagrees, but even that doesn't always hold, especially with this administration, which is happy to reverse cases brought by their predecessors.

> The Supreme Court decision itself is not a definitive guide to which side is right under the law, as they’ve overturned themselves multiple times.

I agree with the basic point (while not technically accurate ... due to Marbury v Madison, the law is what the SCOTUS says it is), but it's not relevant to anything I said.

> So how do you decide which party to side with?

As I told you: based on what I think. Can I be wrong about the law? Of course. But again, my fallibility and the court's fallibility and whether my thinking aligns with the thinking of the court etc. ad nauseam is not what I was talking about ... what I was talking about was considering the law rather than who the parties were. That's it; that's all. And I made this crystal clear. Whoever it is you think you're disagreeing with, it's not me. You want to have an argument about whether one can make objective decisions about the law, but I never claimed any such ability. All I said is that I side with who ==> I <== think (a fallible process, certainly) is right under the law, NOT WHAT I THINK OF THE PARTIES--not which party I think is more evil, which was the conversation I responded to. That was it---a point about my own behavior. That's all.

JFC ... over and out forever. (If I accidentally see this thread again I shall avert my eyes.)

> You can't just throw software at this

Ok, let's not try improving systems, how's that working out?

> It doesn't matter how much cheap hardware you throw at the unwashed masses.

> Apple Announces New Mac Sales Record Following MacBook Neo Launch

Yeah, it apparently matters at least a little

This.

Maybe it's not the cheap hardware? I don't know?

But when you put the following assertions out there:

>Tahoe/iOS26 are still the most godawful buggy pieces of software Apple ever created

and

>It doesn't matter how much cheap hardware you throw at the unwashed masses

with the market data being what it is.

I guess I'm just saying those statements definitely go under the old Abe Lincoln admonition that at times "Both may be, but one MUST be, wrong."

What was that sales record?

They needed to rename the company anyway to get away from bad press. It worked. I think they're quite happy with their current name.

Yup. The Facebook brand was long dead, and Meta is a good tech name even outside of AR/VR or metaverse. The fact that no one calls the company Facebook anymore shows that the rebrand was successful.

Very few outside of tech call it Meta. Just like no one calls Alphabet "Alphabet", they just say "Google".

It's very different though. Alphabet was created more for financial book keeping. Google apps have no Alphabet branding. On the other hand, Meta was created because the Facebook brand was down in the rabbit hole, almost every product of it has the Meta branding prominently displayed.

Anecdotal but my parents know about Meta, because they use FB/Messenger daily. They have no idea what Alphabet is.

>> The fact that no one calls the company Facebook anymore shows that the rebrand was successful.

Don't they? I have to remind myself that it's actually called Meta, I always call it facebook.

I still see people refer to “FAANG” regularly. Though, there have been times I’ve read “MAANG”… doesn’t quite feel the same.

I’ve heard MANGA suggested as the acronym with Facebook’s new name. Though maybe it should be MAAAN, said in a tone of exasperation at tech company activities

> It worked.

Debatable.

I think it’s the latter

> * Runs using WebAssembly when in `--safe` mode

Why is safe mode opt-in?