I want AI agents controlling my laptop. And not only AI. There are lots of cool software programs I want on my laptop besides AI too. The problem is not AI, the problem is the awful security model that is the foundation of all modern operating systems.
yupyupyups · 3h ago
I think most people would find automatic feeding of arbitrary private information from their devices to an external server to be problematic.
If the AI is running offline and is non-destructive/safe then that's a different story.
spaceman_2020 · 3h ago
I don’t understand the author’s complaint - are the AI agents forcibly installing themselves on your computer? Are they shipping these agents without settings to change permission seeking behavior?
This is just a rant about something you absolutely don’t have to do
resonious · 3h ago
Windows is heading in that direction.
WD-42 · 2h ago
Yup and once it arrives there the MS fans will be in here telling everyone to “just use the server edition” like they do now to anyone who says they don’t like ads and spyware in their OS today.
theden · 3h ago
I must be out of the loop, I didn't know people were actually doing this in their workflow. When I do use LLMs, it's in a separate app, where I can cherry pick what I input and output at my own pace.
Maybe I'm naive, but the ever-increasing tradeoffs for even more velocity does not seem worth it.
WD-42 · 2h ago
Don’t worry, the only people that are doing this are creating absolute dumpster fires.
yeputons · 4h ago
> Sure, there are some protections like “you can’t record the screen without the user granting explicit permission”,
Are there? Any app on Windows screenshot and access camera, microphone, whatever. Aren't permissions for Windows Store-style apps only?
manofmanysmiles · 2h ago
What I've been doing is running an agent inside a locked down k8s environment. Agents are spun up by operator, and have access to a single namespace.
It's not perfect, as container escape is not entirely unlikely.
I am working in a future version where all agents run inside firecracker VMs, log all actions logged externally.
With Kubernetes it's like having a bunch of virtual employees making git commits, firing up name-spaced ephemeral resources and collaborating like "remote" employees. It's certainly fun, but I haven't quite polished it to the point where I recommend this architecture to anyone.
dankwizard · 3h ago
I do, it's called embracing the future - Either get with it or get out of the game. If you aren't giving your AI untethered sudo access then honestly its more of a reflection on you and your inability to accept change in the workplace.
grugagag · 3h ago
Yeah, relinquish all control because .. embracing the future.
throwmeaway222 · 3h ago
we already have - every time you get in a car you're elevating the chance of death considerably from before you hopped in. (seriously it's like 1000000x more dangerous than just sitting on a sofa)
Granted it's a low chance, but it's also similarly low that your bank account will be drained to zero because you codex --yolo'd it. If that DOES happen to someone then yeah, I'd consider changing my behavior.
For example there's no fucking way I would FSD in a Tesla.
LtWorf · 3h ago
I'm pretty sure he's sarcastic.
thomasdziedzic · 3h ago
What makes you pretty sure he's sarcastic?
saagarjha · 3h ago
I mean it's possibly Poe's Law but this is the amalgamated rhetoric of the most crazy people pushing this kind of thing
sys_64738 · 2h ago
Surely all your laptop's data should be in the cloud so giving AI access to that data is the way to go.
akomtu · 3h ago
I can imagine the same conversation 10 years later: "The productivity boost of AI implants is obvious by now, it gives at least +50 IQ points. Those stubborn employees should just yield and grant full control to their brains if they want to stay relevant."
pessimizer · 3h ago
It's even worse: it's a sign of insecurity and the lack of the ability to just trust and let go of control. Often related to malignant narcissism. I recommend SSRIs and inpatient therapy. You should probably give up custody of your children, too, unless you want them to grow up with the same weaknesses.
autoexec · 2h ago
Everyone should give up custody of their children to the state. Refusal to give your children to the state is a sign of insecurity and the lack of the ability to just trust and let go of control.
You should really just give up all of your freedom. Refusal to give up your freedom is a sign of insecurity and the lack of the ability to just trust and let go of control.
throwmeaway222 · 3h ago
I think we're at 3rd wave AI and it's got a RPM of maybe 20-40. In a year or two we'll be at 900 RPM and having the user give permissions won't really be feasible. So perhaps a secondary AI prompt will "validate" the request for you - we're only going in this direction.
Sure, comment on the time we're at, but it won't be relevant for a while.
cadamsdotcom · 3h ago
It's really a question of whether you want a deterministic machine or a probabilistic one.
Depends on the use case, really.
jckahn · 2h ago
What's the use case for a probabilistically controlled computer?
evgpbfhnr · 3h ago
bwrap.
I don't run AI, but anything I don't fully trust 200% runs without access to my home, and if it doesn't really need internet without internet either.
bwrap commands can be a mouthful so I suggest making a script for things you commonly do, e.g. "run with this directory as $HOME" or "run with empty home, keeping just this directory as is", with a couple of flags to enable networking or wayland/sound... Once you have this there really is no benefit to not sandboxing.
It's probably not as good as running in a full VM, but it's good enough for me.
hoppp · 3h ago
Me neither. I would maybe run them in a VM but don't use them at all right now
Would be cool to run them in freebsd jails
dr_win · 2h ago
What about buying a dedicated machine for running agents? One macbook for agents and one for personal/private work plus a good KVM switch maybe or remote desktop.
statguy · 2h ago
It doesn't work that way. The dedicated machine for running agents will have very limited utility because it will not have access to anything it needs like your credit card to automatically purchase stuff on your behalf etc.
tonypapousek · 2h ago
> credit card to automatically purchase stuff on your behalf
Why would anyone _want_ that?
Or, let’s pretend for a moment they did, wouldn’t it make more sense to grant access to a purchasing account (e.g. Amazon) with payment info pre-linked?
Especially given the “record absolutely everything for evidence” approach companies are taking, giving them auto access to payment info isn’t very smart.
wallopinski · 2h ago
2004 me and my friends: "I don't want all my public information online."
GenZ; publishes every possible detail on TikTok.
In 20 years we've done a cultural 180 on privacy.
I bet in 20 years Gen5 (three generations from now?) will be fine with AI agents running their lives.
Meanwhile I'll be 80 and still not on social media, just message boards like HN. Using new frequent accounts and changing my wirting style to defeat stylometrics (sorry dang).
autoexec · 2h ago
> GenZ; publishes every possible detail on TikTok. In 20 years we've done a cultural 180 on privacy.
the results of that has only proved you were right. I'll go on record now that the people who don't want corporate controlled AI in their personal lives today are also going to be proven right when the next generation of suckers comes along and gives up what they had because a corporation told them too.
jmclnx · 2h ago
>modern desktop operating systems are not really designed for strong security boundaries
I agree, I do not want AI anywhere near my Laptop. But there are Operating Systems that do not and probably never be controlled by "AI".
The quote above is curious, there are OSs with strong security. OpenBSD is touted as one, plus there is Linux and other BSDs, which can be configured to be far more secure than the operating systems the article is referring to.
If the AI is running offline and is non-destructive/safe then that's a different story.
This is just a rant about something you absolutely don’t have to do
Maybe I'm naive, but the ever-increasing tradeoffs for even more velocity does not seem worth it.
Are there? Any app on Windows screenshot and access camera, microphone, whatever. Aren't permissions for Windows Store-style apps only?
It's not perfect, as container escape is not entirely unlikely.
I am working in a future version where all agents run inside firecracker VMs, log all actions logged externally.
With Kubernetes it's like having a bunch of virtual employees making git commits, firing up name-spaced ephemeral resources and collaborating like "remote" employees. It's certainly fun, but I haven't quite polished it to the point where I recommend this architecture to anyone.
Granted it's a low chance, but it's also similarly low that your bank account will be drained to zero because you codex --yolo'd it. If that DOES happen to someone then yeah, I'd consider changing my behavior.
For example there's no fucking way I would FSD in a Tesla.
You should really just give up all of your freedom. Refusal to give up your freedom is a sign of insecurity and the lack of the ability to just trust and let go of control.
Sure, comment on the time we're at, but it won't be relevant for a while.
Depends on the use case, really.
I don't run AI, but anything I don't fully trust 200% runs without access to my home, and if it doesn't really need internet without internet either. bwrap commands can be a mouthful so I suggest making a script for things you commonly do, e.g. "run with this directory as $HOME" or "run with empty home, keeping just this directory as is", with a couple of flags to enable networking or wayland/sound... Once you have this there really is no benefit to not sandboxing. It's probably not as good as running in a full VM, but it's good enough for me.
Would be cool to run them in freebsd jails
Why would anyone _want_ that?
Or, let’s pretend for a moment they did, wouldn’t it make more sense to grant access to a purchasing account (e.g. Amazon) with payment info pre-linked?
Especially given the “record absolutely everything for evidence” approach companies are taking, giving them auto access to payment info isn’t very smart.
GenZ; publishes every possible detail on TikTok.
In 20 years we've done a cultural 180 on privacy.
I bet in 20 years Gen5 (three generations from now?) will be fine with AI agents running their lives.
Meanwhile I'll be 80 and still not on social media, just message boards like HN. Using new frequent accounts and changing my wirting style to defeat stylometrics (sorry dang).
the results of that has only proved you were right. I'll go on record now that the people who don't want corporate controlled AI in their personal lives today are also going to be proven right when the next generation of suckers comes along and gives up what they had because a corporation told them too.
I agree, I do not want AI anywhere near my Laptop. But there are Operating Systems that do not and probably never be controlled by "AI".
The quote above is curious, there are OSs with strong security. OpenBSD is touted as one, plus there is Linux and other BSDs, which can be configured to be far more secure than the operating systems the article is referring to.