←back to thread

AI models need a virtual machine

(blog.sigplan.org)
224 points azhenley | 3 comments | 30 Aug 25 13:25 UTC | HN request time: 0.764s | source
Show context
athrowaway3z ◴[30 Aug 25 18:11 UTC] No.45076822[source]
I don't see the case for, what IMO is, more complexity by creating a virtual machine.

We have user accounts, Read/Write/Exec for User/Groups. Read can grant access tokens which solves temporary+remote requirements. Every other capabilities model can be defined in those terms.

I'd much rather see a simplification of the tools already available, then re-inventing another abstract machine / protocol.

I hope we'll eventually get a fundamental shift in the approach to software as a whole. Currently, everybody is still experimenting with building more new stuff, but it is also a great opportunity to re-evaluate and, at acceptable cost, try to strip out all the cruft and reduce something to its simplest form.

For example - I found an MCP server I liked. Told Claude to remove all the mcp stuff and put it into a CLI. Now I can just call that tool (without paying the context cost). Took me 10 minutes. I doubt, Claude is smart enough to build it back in without heavy guidance.

replies(5): >>45076903 #>>45076940 #>>45077041 #>>45077538 #>>45077773 #
1. cosmic_cheese ◴[30 Aug 25 19:58 UTC] No.45077538[source]
In general the security model of desktop operating systems is woefully inadequate for the modern era. Given the sheer volume of software known to do things not in the user’s best interest it’s borderline insanity that we hand it the keys to the kingdom without so much as a second thought with such frequency.

Of course if the user truly desires a zero-guardrail experience they should be able to get that, but it probably shouldn’t be the default. Software should be on a very short leash until the user has indicated trust, and even then privileges should be granted only on a per-domain basis. A program designed to visually represent disk usage will need full filesystem access for example, but there’s no reason it should be able to sniff around on my local network (or on platforms where package managers handle updates, connect to the internet at all).

replies(1): >>45079485 #
2. valenterry ◴[31 Aug 25 01:21 UTC] No.45079485[source]
> In general the security model of desktop operating systems is woefully inadequate for the modern era. Given the sheer volume of software known to do things not in the user’s best interest it’s borderline insanity that we hand it the keys to the kingdom without so much as a second thought with such frequency.

This. It must be the problem of having grown up with it that makes people not realize it.

Software will need to operate like people in the real world. You can give your friend power of attorney, but usually you don't, you find a better way to get things done.

replies(1): >>45079525 #
3. cosmic_cheese ◴[31 Aug 25 01:29 UTC] No.45079525[source]
Exactly. It’s not so different from how popular desktop operating systems used to be single-user, which turned out to be a security nightmare, and so shifted to a multi-user design. It’s time for the next evolution.