AI tools right now remind me of the old days of single-user PC/Mac operating systems without protected memory or preemptive multitasking. You could read any file, write directly to video memory, load machine code into the heap and then jump to it, etc.
That’s a very accurate analogy.
What’s amazing is that during the last decade, containers and microvms have had huge impact on the ecosystem. Yet a huge amount of devs seem to just YOLO it and run agents in their host with full ambient capabilities.
Well said! We built in protections to multi-user and single user systems, but now we seem to be relearning them…your agent is not “you” and should probably not run as the same user with the same default permissions as “you”