Sandboxing. LLM shouldn't be able to run actions affecting anything outside of your project. And ideally the results should autocommit outside of that directory. Then you can yolo as much as you want.
The danger is that the people most likely to try to use it, are the people most likely to misunderstand/anthropomorphize it, and not have a requisite technical background.
I.e. this is just not safe, period.
"I stuck it outside the sandbox because it told me how, and it murdered my dog!"
Seems somewhat inevitable result of trying to misapply this particular control to it...
If they're that unsafe... why use them? It's insane to me that we are all just packaging up these token generators and selling them as highly advanced products when they are demonstrably not suited to the tasks. Tech has entered it's quackery phase.
If chainsaws, plasma cutters, industrial lathes, hydraulic presses, angle grinders, acetylene torches, high-voltage switchgear, forklifts, tower cranes, liquid nitrogen dewars, industrial centrifuges, laser cutting systems, pneumatic nail guns, wood chippers, arc furnaces, motorcycles, wall outlets, natural gas stoves, pressure cookers, ladders, automobiles, table saws, propane tanks, swimming pools, garbage disposals, mandoline slicers, deep fryers, space heaters, extension cords, bleach/cleaning chemicals, prescription medications, kitchen knives, power drills, roof access, bathtubs, staircases, bicycles, and trampolines are that unsafe… why use them?
If all those things suddenly appeared for the first time on a Tuesday afternoon, like to many people how LLMs did, then there will be a lot of missing fingers before we figure out what kind of protections we need in place. Don’t get me wrong, the industry is overhyping it to the masses and using the wrong words while doing so, like calling an arc welder “warmth at the push of a button”, but it’s still useful for the right situation and with the right protective gear.
I've been using bubblewrap for sandboxing my command line executables. But I admit I haven't recently researched if there's a newer way people are handling this. Seems Firejail is popular for GUI apps? How do you recommend, say, sandboxing Zed or Cursor apps?
Sandboxing. LLM shouldn't be able to run actions affecting anything outside of your project. And ideally the results should autocommit outside of that directory. Then you can yolo as much as you want.