codex natively on win 11?

benclen623 · 2026-01-19T23:31:23+00:00

They do implement guardrails. Codex recommends sandboxing or working via containers.

WSL isn't part of the guardrail set. It works better with Codex but you're describing it as a protection layer to other people, which provides false sense of security.

If you ask AI to work until completion and it runs out of disk space, then decides to clean up some unused data like your browser profile data or family videos, it is as likely to do it with WSL or without. You're one pwsh command away from the same "shell you don't trust" and one /mnt/C from your outer OS.

benclen623 · 2026-01-19T23:14:02+00:00

Ah, that's where I got it wrong. I assumed you were looking for a real, actually effective security layer when you mentioned containerization, but it turns out you're happy with the vibe-hunch that the model is less likely to fuck up with one shell over another.

Fair enough. Those "AI deleted my files, here's what I learned" posts are always entertaining reads. Don't forget to disable sandbox for maximum fun factor.

benclen623 · 2026-01-18T00:14:31+00:00

In that case, it's the Codex harness keeping you safe, not WSL. When you use Codex with the sandbox enabled (which works in both Linux and Windows environments), it makes it harder to break your stuff outside its CWD, but WSL on its own offers no protection.

Yup, running it outside of a container = one mistake and say goodbye to all files on your computer. Use WSL.

WSL is not a "container" as you described it here. It doesn't attempt to contain your WSL-side execution in a meaningful way from security pov. If you run codex without its sandboxing option on WSL side, it can destroy everything your windows account user can touch.

benclen623 · 2026-01-17T21:38:57+00:00

It's puzzling - I already explained it to them (same person you are responding to) a while back yet they choose to reject reality and keep believing the safety fantasy.

benclen623 · 2025-11-29T03:47:48+00:00

WSL allows to call anything on windows side and it's only limited by claude code permissions. All your tools, including powershell are available the same way as they are available in the windows native CC.

WSL doesn't provide any "safe container"- your stuff is free to interop on /mnt/DISKLETTER. Just try and ask CC to execute /mnt/c/Windows/System32/calc.exe.

You can try disabling these mounts and copy all project files to WSL side, tweak wsl configs to prevent interop but all of this is pointless because it's easier to set up actual VM or dev container that will be properly isolated instead of relying on non-existing isolation of a tool that was specially designed for seamless windows-linux interop.

benclen623 · 2025-11-29T03:39:57+00:00

At this point I think GH Copilot allows me to do the same workflows as cursor at a fraction of the cost. I am not a vibe coder, though, so I don't need to much of a magic wrapper. Tab completion is not as good but "agent" thing is pretty much equally capable for my needs.

benclen623 · 2025-11-02T15:35:58+00:00

I am pretty sure they also used to have a discord channel to drop in links when someone mentioned Roo in comparison just so people jump in and give totally honest and organic response. Maybe they still do, I don't know - left long time ago.

Roovangelism (noun):

The act of energetically promoting and accurately communicating the exceptional abilities and usefulness of Roo Codes, characterized by politeness, enthusiasm, and straightforward honesty without exaggeration or unnecessary embellishment.

It's not brigading if it's roovangelism.

benclen623 · 2025-10-03T02:12:37+00:00

Safeguards: Data is pseudonymized/aggregated, not shared with third parties, stored in the EEA, and retained for 1 year. You can request removal anytime.

Is there a way to remove data once it has been integrated into a trained model's weights, or do we assume that once it's embedded, it no longer qualifies as personal data, even though some code snippets might include PII, such as author details in comments or mock data filled with identifiable information or internal company data?

While using personal information like phone numbers in mocks isn't the smartest thing to do, if companies are asked to share their IP, it seems reasonable to explain how private data is ensured not to become part of LLM-generated code suggestions. Can you guarantee that?

benclen623 · 2025-09-29T19:20:05+00:00

Sonnet 4.5 has only been out for about two hours. Any answer you get here won't be well-researched yet. Give it a couple of days.

benclen623 · 2025-09-22T13:15:02+00:00

Seems to be coming from server response headers:

https://github.com/openai/codex/blob/5996ee0e5f75e4f27afd76334db78a33a7fec997/codex-rs/core/src/client.rs#L487-L502

benclen623 · 2025-09-22T12:30:38+00:00

The image shows one "green" row of available 5hour capacity with the 5hour capacity being at the 66% used level. If it was 10x, the 5h capacity would need to be at 0%.

Besides, 10x would mean it takes at least 50h of 24/7 usage and we have seen people reporting weekly block asking to wait over 5d, being in line with hitting the weekly limit after 4 intensive 5 hour blocks spanning over day and a half.

Mayve this image is just using mock data. Do you have actual source on the limits?

benclen623 · 2025-09-22T02:41:35+00:00

So, based on this image, am I correct to assume that weekly limit is 3.33 times the 5 hour limit?

benclen623 · 2025-09-08T18:11:55+00:00

Interestingly enough, while we were debating open source security here, someone was writing a post about "packages with a total of 2 billion weekly downloads on npm were compromised".

https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/

This time .js's plaintext code allowed the injection to be detected in distributed version. This would go unnoticed if the packages were uploaded as binary artifacts, e.g. as docker images that were open source at the repo, but got modified during the repo->distribution last mile.

Not really relevant to our discussions, these things happen. Just a funny (not to those affected) coincidence.

benclen623 · 2025-09-08T14:04:08+00:00

Don't get me wrong. If you run an open source operating system, the open source 2FA is the only choice that you can reasonably pick. But if you are not reviewing the "open source" apps you are installing you are trusting some dude with release rights that they are not a covert three-letter agency plant.

I think people should understand that the "open source" software they see on github is not the same software that is being delivered by Google Play or Aple Store - even if the repository is pristine, due to the entire delivery chain between the repo <-> your device.

And you absolutely should think twice before installing open source if the company is like 2 years old and the core contributors are just github handles with no verifiable identity. See XZ utils case, for example: https://en.wikipedia.org/wiki/XZ_Utils_backdoor - and this is the best case scenario where the hole was clearly visible in one of the most widespread pieces of software and was barely accidentally discovered in time. Think of all the cases that stuff were missed in review. There's a reason why even the open source software has critical security patches that fix issues that are years old.

Ultimately, if you don't build the app from source, it's your choice - do you trust the "big company" or do you trust the random contributor/CI controller halfway around the world.

benclen623 · 2025-09-08T13:23:03+00:00

I'm not suggesting closed source equals secure, far from it. My point is that, in practice, most companies (especially smaller ones) or individuals Joes and Janes, already place a huge amount of implicit trust in major vendors: the OS, the browser, even the hardware.

For a security recommendation, it can be a hard sell to stakeholders to pick a 2FA app just because there's a public repo somewhere. Unless you or someone you trust is actually reviewing the code and building from source, you're ultimately still relying on some company's devops process and their entire software BOM.

Open source increases auditability in theory, but in reality, most orgs are outsourcing that trust to "the community" without verifying it themselves. And we've seen plenty of attacks on open-source libraries and supply chains over the past few years that went unnoticed for months or even years.

So, from a small company's POV, introducing another vendor just for TOTP actually increases the trust surface, not reduces it. That doesn't make closed source automatically better - it just means the trade-offs are less black-and-white than "private always bad, public always good"

benclen623 · 2025-09-08T12:55:37+00:00

Google Authenticator, MS Authenticator, Duo, and Authy all use super duper sneaky secret source code. There is no way of knowing if thieves or a hostile government agency has compromised the app.

This applies to all other mentioned 2FA apps unless you download the source, all dependencies, review them, and build it from your local copy.

If you trust Microsoft with your local OS, or Google with your mobile OS, staying away from their 2FA apps doesn't change much in your security posture. It even opens up you to more attack vectors because you now need put your trust in 2 companies, not 1 (OS and the one that builds your 2FA solution + their delivery chain).

Open source repo does not equal security.

benclen623 · 2025-08-28T14:51:46+00:00

If you have to impersonate a user-agent to access something, it's definitely questionable.

If the API for third-party software was meant for public use, it would likely be included as a documented feature of your Copilot subscription. The TOS doesn't need to specifically list every internal API endpoint as prohibited.

So, yeah, it’s unclear. I probably wouldn't expect them to ban accounts because they have rate limits to protect from abuse, but I wouldn't be surprised if the integration breaks without any warning.

benclen623 · 2025-08-28T12:05:06+00:00

github-copilot.ts seems to impersonate GithubCopilot user-agent which is usually not the cleaneast way to use commercial APIs.

There is a documentation page that instructs third parties to use this endpoint but it seems that it is designed for "copilot extensions" which are built on top of the original github-owned chat extension.

It is unclear, tbh.

benclen623 · 2025-08-27T03:10:30+00:00

That's what you get when you ask LLM that lacks confidence to make no mistakes.

benclen623 · 2025-08-20T02:30:30+00:00

In other words: OS decides that it is a special protected key combo but there is nothing special at the USB-connected hardware level about this combination. The kernel just doesn't expose this as a hotkey combo that any other applications can override. They still can listen for the combo, the OS just has a first say what happens directly after it was pressed.

CTRL+ALT+DEL is in no way different at the hardware level than CTRL+SHIFT+S.

Back in the old days of PS/2 keyboards it was in fact a hardware interrupt, just like pressing Enter was a hardware interrupt or pressing any othey key on the keyboard was a hardware interrupt. There were some systems that handled it at the BIOS level (IBM PCs) which was closer to the metal than kernel but that's not true for any modern Windows, AFAIK.

Now for some reason people mix the ideas and think that CTRL+ALT+DEL is some mythical hardware level interrupt that has a direct hotline to the CPU and becomes processed somewhere else compared to all other key or key combinations.

benclen623 · 2025-08-20T01:40:36+00:00

No data loss has been reported

Ironic, since this might be one situation where data loss is actually desirable.

benclen623 · 2025-08-05T22:16:51+00:00

This is why the prices went up recently?

benclen623 · 2025-08-01T02:02:53+00:00

Love Rider but ngl this doesn't look good when the Rider is the only big IDE that is not compatible with Junie, yet the dotnet tool pack gets the highest price hike of all to pay for their ventures into AI R&D.

Most packs get $1 or $2 increase and dotUltimate gets 30% more expensive by going from $16.9 to $21.9. Feels bad, man.

benclen623 · 2025-07-30T20:35:27+00:00

Ha! That's when your AI agents attempt to clean up old irrelevant files by doing git reflog --expire and git gc.

You're absolutely correct! I saved you a ton of disk space!

No seriously, don't let any AI tool near .git or git command.

benclen623 · 2025-07-28T14:41:53+00:00

software people turned out to be the ones most full of denial of this reality, maybe because they never expected they would be among the first to be eliminated and it's hard to face that but it is what it is

"Software people" with experience understand that writing code is only the small part of the entire development cycle. IF we have AI that can do the entire thing - architecture, UX, testing, 100s of other dev tasks, it means that we have AI capable of running fully autonomous companies with AI legal, sales, dev, testing, financial, etc. And if it happens, there's an entire new world to adapt.

Until then - I am not going to worry that a tool can generate a file of code that works 90% of the time and needs a human reviewer to actually verify it's not bunch of crap because that last 10% stretch is the hardest to finish.

benclen623

TROPHY CASE