You'd let the pro blackhat loose in your VM on your own system?
No because it's a dumb question and you don't want any stranger inside your home network regardless of firewall.
The comparison you get to make is in terms of the _extra_ security this project buys you.
Might I remind you of two things:
- You're advocating for installing random (?kernel) level software from the internet. That by itself is a real and larger treat than any potentially insecure things my `llm` user _might_ do in the future.
- User accounts security was the goto method for security for a long time. Further isolation was developed to accommodate: 'root' access for tenants, and finer resource limits controls. Neither I care to give an LLM.
So we only have build in firewall and sandbox duplication as the real feature. For the latter, my experience is that it's useless on a personal device, and slows down building or requires too much cache config. I'm not installing random crap, so i can live with the risk of lan exposure.
I'm happy with the maintenance/complexity/threat matrix of useradd.
You'd let the pro blackhat loose in your VM on your own system?
No because it's a dumb question and you don't want any stranger inside your home network regardless of firewall.
The comparison you get to make is in terms of the _extra_ security this project buys you.
Might I remind you of two things:
- You're advocating for installing random (?kernel) level software from the internet. That by itself is a real and larger treat than any potentially insecure things my `llm` user _might_ do in the future.
- User accounts security was the goto method for security for a long time. Further isolation was developed to accommodate: 'root' access for tenants, and finer resource limits controls. Neither I care to give an LLM.
So we only have build in firewall and sandbox duplication as the real feature. For the latter, my experience is that it's useless on a personal device, and slows down building or requires too much cache config. I'm not installing random crap, so i can live with the risk of lan exposure.
I'm happy with the maintenance/complexity/threat matrix of useradd.
> You'd let the pro blackhat loose in your VM on your own system?
AWS/GCP/Azure allow that all day every day.
Until you are (or if the agent runs) one privilege escalation away from the whole system being taken over.
So useradd isn't enough.