The browser is the sandbox

Posted by enos_feedler 1 day ago

The browser is the sandbox(simonwillison.net)

335 points | 175 commentspage 5

dekerklas 1 day ago|

[dead]

MOAAARRR 1 day ago||

[dead]

tdhz77 1 day ago||

[flagged]

rcarmo 1 day ago||

As someone who's been blogging since 2002, I can tell you first hand that you get a fair amount of outreach. But I even though I have had to put Simon's feed through a summarizer to be able to keep up, I don't see any bias there--just _a lot_ of writing about whatever he's interested in, and either our own perceptions of what is interesting and the law of averages inevitably kick in and there are a few duds here and there.

hantusk 1 day ago|||

Good opportunities arise for those who stick their neck out. Here's some inspiration for what to blog about: https://simonwillison.net/2022/Nov/6/what-to-blog-about/

It seems he started his blog in 2003: https://simonwillison.net/2003/Jun/12/oneYearOfBlogging/

rvz 22 hours ago||

And ever since Nov 2022 and beyond, his blog is now majority riddled with non-stop AI, LLMs, Chatbots and Agents slop which is what the parent comment is talking about.

As for the "browser is the sandbox" running untrusted code in the user's browser increases the risk of an unintended RCE via a sandbox escape which can be done in Chrome [0]. WASM is not going to save you either [1].

[0] https://www.ox.security/blog/the-aftermath-of-cve-2025-4609-...

[1] https://issues.chromium.org/issues/334120897

rzmmm 1 day ago|||

He is a familiar blogger for HN readers, has been for a long time. While I agree the posts are nowadays a bit repetitive, he has also very interesting non-AI content. Some people probably upvote because they like the author, not necessarily the content.

nextaccountic 1 day ago||

I don't understand this criticism. Most agents today are running with no sandboxing at all. Every person has to figure out how they will sandbox each agent (run under bubblewrap? container-use? what about random MCP servers, do they need to be sandboxed separately?) on an ad hoc basis. Most people don't bother with it.

And then you see the recent vulnerabilities in opencode for example. The current model is unsustainable

It would be great if desktop Linux adopted a better security model (maybe inspired by Android). So far we got this https://xkcd.com/1200/ and it's not sufficient

zkmon 1 day ago||

Coding agents may become trivial artifacts to be assembled by developers themselves from libraries, given the well-defined workflow. If it is a homegrown agent then you probably don't need a sandbox to run in.

apignotti 22 hours ago|

The browser is the most effective environment to distribute and isolate applications. We have built technologies for years to leverage these capabilities to run legacy Java (CheerpJ) and x86 binaries (Cheerpx / WebVM).

We are soon going to release a new technology, built on top of the same stack, to allow full-stack development completely in the browser. It's called BrowserPod and we think it will be a perfect fit for agents as well.

https://browserpod.io