Company sells product for profit - they are liable for the product and all its subcomponents - there is nothing unfair about this - it doesn't matter if you found the components in a hole in the ground or on github - if you are selling a product based off it, you are liable.

For freelancers / oss companies - you can still sell services such as consulting or support - without selling your oss project - then its a service - not a product.

Uh, this looks very nice - reminds me of a TUI version of Canopy, if you are interested, We've (docker) been working on a separate agent sandbox runtime called SBX built around a MicroVM with a private docker daemon inside, maybe there's potential for a collaboration to add support for this runtime - feel free to ping me: per(dot)krogslund(at)docker .com

I sent you an email!

This article is from February - we have since shipped the microvm sandbox engine as a seperate binary: sbx - no docker desktop required, small 50mb binary.

https://docs.docker.com/ai/sandboxes/

Not sure how well their work maps to sbx, but there has been multiple releases with features and improvements since then

Interesting to see the adjective "small" used to describe a single binary in the same amount of space used by an entire embedded Linux-based operating system.

> sbx - no docker desktop required

I usually run OrbStack instead of Docker Desktop on my Mac (Docker Desktop is installed on my system, just not running) and when I tried running sbx, it ignored my OrbStack setup and auto-launched Docker Desktop's daemon instead.

If it's possible to bypass that and tell sbx to use OrbStack instead, I'd love to know how.

Is this a closed source product?

MicroVM based sandboxes for agents, with container support, in a small independent binary installable from brew/winget

Docker sandboxes uses a MicroVM as an additional isolation layer - its not just containers (as also mentioned in the nanoclaw post)

This still does not help with, you can call foo, but not bar. We have plenty of existing tooling for that too.

Outlining this as precision versus using 100s of thousands on chainguard, seems like 2 extremes pitted against eachother, when hardened images is largely free now: https://hub.docker.com/hardened-images/catalog

- Each agent runs in a dedicated microVM - agents can build and run Docker containers inside the MicroVM - no access to the host Docker daemon - network isolation with allow and deny lists - available for macOs and windows (linux support coming)

> no access to the host Docker daemon

I believe this is likely the only downside, but for good reasons!

I was not aware of this one but I am talking about running it on the cloud like making a direct competitor to modal

purely curious, but why did you go with ollama instead of the built in LLM runner in docker, since you are also using docker?

great idea! I went with Ollama because I found set up to be slightly easier. But technically both should offer the same experience and altogether - hosting both in Docker is very logical. That will be the next iteration of my write up!

Remember interviewing for a security role at Phillip Morris who owns the IQOS e-cigaret brand. They bragged about how the device phoned home every time it could get a bluetooth or wifi connection, to inform of consumption amount and patterns - so they could proactively send users more nicotine.

He dramatically revealed that they were no longer selling tobacco, but rather "Nicotine as a service"

Needless to say, I decided not to work for a merchant of death