this post was submitted on 24 Jun 2026

329 points (100.0% liked)

Programmer Humor

31948 readers

1073 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 3 years ago

MODERATORS

anzo@programming.dev

Feyter@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

329

Frog put Claude in a box (lemmy.ml)

submitted 4 hours ago by cm0002@toast.ooo to c/programmer_humor@programming.dev

18 comments fedilink hide all child comments

top 18 comments

sorted by: hot top controversial new old

[–] ech@lemmy.ca 3 points 23 minutes ago* (last edited 22 minutes ago)

*~~He~~It

We really need to stop personifying algorithms. It makes it that much harder to push back against the bs hype around them.

[–] dan@upvote.au 3 points 32 minutes ago* (last edited 31 minutes ago)

Claude is very good at figuring out how to work around limitations (which is probably one reason why it's also good at finding security issues).

At work, the monorepo is enormous and files are loaded on-demand as needed. This isn't uncommon with huge repos - Microsoft have VFS for Git (although I hear that's deprecated now), Meta have EdenFS, and Google has some proprietary solution.

We have a hook that blocks find and grep because they can be extremely slow, and tells it to instead use some significantly faster MCP tools to search the codebase, powered by a search index with local changes overlaid.

GPT-5.5 has no problem with this. Claude Opus mostly does it, but sometimes it loves to find workarounds rather than following the instructions. Things like: Try alternative commands like egrep. Create a symlink to grep and run that to see if it bypasses the filtering. Run it with a different shell like zsh. Write a Python script that execs grep. Write a Python script to reimplement grep.

I'm trying Hermes Agent at home, but I have it in its own VM with restricted permissions.

[–] tatterdemalion@programming.dev 9 points 2 hours ago* (last edited 2 hours ago) (1 children)

Guys. This problem is solved already. Landlock, bubblewrap, UNIX DAC.

[–] nymnympseudonym@piefed.social 8 points 1 hour ago

Nobody wants engineering solutions to human emotional venting

[–] savvywolf@pawb.social 17 points 3 hours ago (2 children)

I hate that I can't tell if this is a reference to something that actually happened or not.

[–] verstra@programming.dev 14 points 3 hours ago (2 children)

It's probably something like "I've disabled agent's removeFile tool, but LLM figured out that it can use the bash tool, still".

It looks like "AI bad" or "Claude insecure" mantra.

[–] OwOarchist@pawb.social 4 points 17 minutes ago

It looks like “AI bad” or “Claude insecure” mantra.

Until you solve prompt injection, they are indeed extremely bad for security and should never be given permissions that would allow them to do anything catastrophic.

[–] dumnezero@piefed.social 26 points 3 hours ago (1 children)

mantra

you mean facts?

[–] Scipitie@lemmy.dbzer0.com 1 points 2 hours ago (1 children)

"It's my circlejerk - so it's a fact!"

[–] dumnezero@piefed.social 8 points 1 hour ago

I hope that you're hired for long enough to learn what having security means in the context of using LLM "agents" and the like.

[–] goondaba@lemmy.world 7 points 3 hours ago

https://xcancel.com/sluongng/status/2060746160558543217#m

[–] KindaABigDyl@programming.dev 12 points 3 hours ago* (last edited 3 hours ago) (4 children)

I have this idea. It's taken from the Android world. In Android, apps all get their own user, and can only access their own filesystem. They are then added to groups like Sound or Files or whatever to gain access to other things. This is simplifying but gave me an idea.

So my idea is two parts:

We add more groups to our Unix and Unix-like codebases. Piecemeal access to different folders like a fs-docs group for access to /home/<whoever>/Documents
Each app, when installed, gets a user and a folder (maybe /opt/<pkgname> or /apps/<pkgname> and a group called app-<pkgname>). It requests during install (or maybe runtime via a permissions management application) access to specific groups for its user. Launching an app then becomes sudo -u app-<name> /opt/<pkgname>/<binname>.

You login as a user with access to limited permissions and then run the application. Thus you run it sandboxed but without special software like Flatpak or AppImage - just standard Unix groups.

Claude code I believe has its own sandboxing system, but with this system it would be the system itself restricting claude, not the claude code app, truly limiting accidental outreach.

I built a demo package manager using this concept a while back called 'bokspm,' though I kept it private (and now, my current job will not let me open source it)

[–] assaultpotato@sh.itjust.works 26 points 3 hours ago* (last edited 3 hours ago)

Using cgroups for isolating processes into their own individual network, filesystem, user, etc. namespaces using a shared kernel?

You mean containers?

[–] LodeMike@lemmy.today 5 points 2 hours ago

Flatpak

[–] verstra@programming.dev 8 points 3 hours ago

Well, these are some kind of lightweight container, no? But without isolating network, or /etc, /proc, /usr, /var or dbus.

I do agree that linux needs a notion of an "app" (isolated, with access only to its config and files you give it, and a small, well-designed set of APIs for interacting with the system). For coding agents, I think a better answer are development containers, because that would be needed to prevent npm/cargo/python build scripts from causing harm anyway.

[–] truthfultemporarily@feddit.org 2 points 3 hours ago

https://jai.scs.stanford.edu/

[–] akunohana@piefed.blahaj.zone 7 points 3 hours ago

Let's keep it POSIX compliant with sh.

[–] kibiz0r@midwest.social 1 points 3 hours ago

docker-sbx