Sandboxing scenarios - vs motivate nation state - vs script kiddie, griefer -...
Sandboxing scenarios
- vs motivate nation state
- vs script kiddie, griefer
- vs an AI that doesn't really understand the consequences of its actions
- vs a known sort of commercially motivated malice (ransomeware, API key stealing)
By default we run with no sandboxing and rely on social signals for trust.
Self-replies
For people just trying out a new library/app
docker- you've eliminated 95% of people willing to try your app
VM- 99%
RestrictedPython - 99.99%
Pyscript - 5%, I think most people could click a link and look at a library/apps behavior.
A useful app is an expensive signal (would DPRK make a useful app to steal your API keys? It is easier to just lie about an apps usefulness and immediately steal your API keys on first run)
After that tho, people drop the sandbox and now your library/app runs with full permissions and trust.
What would be cool is pipx/uv secure mode
pipx run foobar --secure-ish
uv run foobar --secure-ish
That would disable subprocess, native interop, etc. That would have an impact, my app is going to get ~52 installs per year