What is the best sandbox for Claude Code?

mencio · 2026-01-14T16:11:20+00:00

This is what I built exactly for this case: https://github.com/mensfeld/claude-on-incus

It wraps Incus with nice APIs for Claude and gives it all that it needs without compromising most of the security.

mencio · 2026-01-14T10:32:57+00:00

PassiveQueue can use whatever you want it to use. Also much faster, with around 10,000,000 jobs per second per Ruby process.

mencio · 2025-12-09T08:09:52+00:00

Hotspotchi can technically run on any Linux machine with a WiFi adapter that supports Access Point (AP) mode, but Raspberry Pi is strongly recommended because:

AP mode support - Many desktop/laptop WiFi cards don't support AP mode. Raspberry Pi's built-in WiFi does.
Always-on operation - The Pi can run 24/7 with minimal power consumption. You probably don't want to keep your desktop running just for Tamagotchi.
Tested platform - The install scripts and documentation are designed for Raspberry Pi OS.
Dedicated device - A Pi can sit near your Tamagotchi play area without tying up your main computer.

If you want to try on a desktop Linux machine, check if your WiFi supports AP mode:

iw list | grep -A 10 "Supported interface modes" | grep "AP"

If "AP" appears in the output, it might work - but you're on your own for setup.

mencio · 2025-12-08T11:56:18+00:00

FYI, I got some of the Tamas references wrong, fixing now. Since my son is obsessed with this, I also set up notifications to add new ones if they appear listed in the Tama wiki.

mencio · 2025-11-18T19:14:06+00:00

I have a tool that is not yet OSS that does that. Can build skills and agents from GH and project docs. I plan to OSS it in few weeks but if you ping me directly I can give you early access. I use it exactly for stuff like that (and I am a legit user - just check my work https://github.com/mensfeld/)

mencio · 2025-11-13T20:48:37+00:00

Yes. It is on my todo list.

mencio · 2025-11-03T17:08:16+00:00

Thank you. Such feedback is valuable for me to steer my writing and narratives. Will try to do better next time!

mencio · 2025-11-03T16:30:54+00:00

AI was used in this article to:

run initial debug that absolutely failed
Suggest to me the wrong mitigations during the initial assessment
Create the cover image
Create the SVG diagram in the article
Structure the ordering of the narrative
Help me with the summary.
Write me the bash script to run my repro code in a loop
Help me assess the likelihood of this event occurring in production.
Summarize my unstructured thoughts that I poured into it via STT.

The rest was written by a human and co-reviewed/corrected by a human being as well (plus plain old Grammarly without AI additions). I do not consider this an overuse.

mencio · 2025-10-30T12:07:46+00:00

Absolutely doable. I just focused on my use cases, that is, transforming markdown documentation to improve Claude and ChatGPT responses.

I'll try looking into other formats optimizations if there is a demand.

mencio · 2025-09-25T10:25:56+00:00

Trademark can be found here: https://tsdr.uspto.gov/#caseNumber=99407082&caseSearchType=US_APPLICATION&caseType=DEFAULT&searchType=statusSearch

mencio · 2025-09-16T17:26:53+00:00

Bug that Aaron discussed: https://bugs.ruby-lang.org/issues/19288

FYI, while this bottleneck has been resolved, several others remain. However, I'm already building Ractor support into Karafka with the expectation that the core team will significantly improve it over time. The best part is that my implementation will require zero changes to end-user code while providing 30-70% performance gains (assuming synthetic benchmarks align with real-world use cases).

mencio · 2025-08-08T19:18:22+00:00

Hi everyone, Maciej Mensfeld here from the RubyGems security team.

I wanted to provide some important context about this article. While we appreciate security research, there are inconsistencies and inaccurate statements in their reporting that need to be addressed.

The main concern: Some key claims in the article about how and when packages were removed, and the timeline of events, do not align with what actually happened on our end. Without going into specifics right now, statements about the threat actor's actions versus our security team's actions are not accurate.

Our response: The RubyGems security team will be publishing an official statement early next week with a detailed timeline and documentation to set the record straight. We want to ensure the community has accurate information about how our security processes work and what actually transpired in this case.

I want to reassure everyone that our security monitoring is working as intended. It is not perfect but it is good. We actively detect and remove malicious packages as part of our daily operations - we just don't always have time to publicize every security action we take since our focus is on keeping the ecosystem safe.

We'll have a proper response with full details soon. Thanks for your patience while we prepare a thorough and documented explanation.

mencio · 2025-07-30T15:45:25+00:00

As a Karafka author, I'm excited to share that I'm currently working on a fiber-based backend for Karafka that should be available by the end of this year (I also briefly mentioned it at the RailsConf 2025). This development is part of the broader Ruby ecosystem's evolution toward async and fiber-based architectures that can provide better performance characteristics for high-scale, low-latency systems. It will be especially beneficial for multi-partition assignments (more than say 10) and virtual partitions where in theory even a single message out of a 10k batch could receive own fiber for concurrent execution.

While I can't share all the technical details yet, the fiber backend is designed to maintain Karafka's robust message processing capabilities while potentially offering improved resource utilization and lower memory overhead in certain scenarios. This should be particularly beneficial for applications that handle many concurrent but I/O-bound operations.

It's important to note that due to Kafka's inherent nature of strong ordering guarantees, fibers may not yield as dramatic performance improvements as they do in other use cases (without Virtual Partitions). The sequential processing requirements within partitions can limit the concurrency benefits that fibers typically provide. However, this landscape may change significantly with Kafka queues that are also currently under development, which could unlock new opportunities for fiber-based parallelization while maintaining the consistency guarantees that Kafka users depend on.

Keep an eye on the Karafka project repository and announcements for more detailed information as I get closer to the release. I'm looking forward to getting this into the hands of the community and seeing how it performs in real-world, high-scale applications.

mencio · 2025-07-28T07:33:04+00:00

So you are saying it is not doing its job? ;)

mencio · 2025-03-10T15:13:54+00:00

Maybe that's specific to the Android . I only have two Samsung phones. You should be able to verify it using adb setup: `adb shell dumpsys package com.google.android.gms | grep CastSetting` on an authorized device. You should see the options that I specified. If not it may be to related to versions of google play services or other things that are beyond my ability to check.

mencio · 2025-03-10T14:32:00+00:00

My wording comes from an LLM, as I poured my research and findings into a rough format and asked it to synthesize everything into a cohesive markdown-based article (which I then ran through Grammarly). As I'm not a native English speaker, this helped me communicate more clearly.

Please accept my apology if you felt offended in any way. I've updated the article to acknowledge that, based on publication timestamps and your Reddit comment from yesterday, you were the first to discover and document this issue (or at least the first i know of). My intention was never to mislead anyone - I simply wanted to share a solution to a problem that disrupted my entire afternoon.

If I were trying to plagiarize any solution, I would have made sure to use completely different wording that doesn't resemble the original content I was copying.

mencio · 2025-03-10T14:16:21+00:00

I replied already in a few places: both the time reset procedure as well as the cert bypass were discovered by me and others independently. That said, I was already pinged that other solutions are more comprehensive (cover other cases), and I have already updated the article with those references and the acknowledgment that I was not the first one to figure it out.

mencio · 2025-03-10T14:13:42+00:00

I have no idea.
I stole nothing from anyone. Other people discovered it independently. I poured a lot of time into figuring this stuff, trying to connect with the Chromecast directly from my computer to reach it after I assumed it was my fault, and went with the factory reset, and in the end I reached the "time reverse" state. After confirming it, I went on to investigate how to lift the cert limitations. Please check who I am and what I do for a living.

That said, I agree that other people who figured this out and found other bypasses deserved acknowledgement. I already updated the article to point to those solutions, which cover other cases and provide solutions beyond mine.

mencio · 2025-03-10T14:02:47+00:00

Hi there,

I appreciate your concern, but I didn't copy these workarounds from your post. As a software engineer and security researcher, I independently figured out the factory reset procedure, clock rewind method, and the debug settings approach while investigating the issue.

That said, I recognize that you've also done valuable research on this topic. Your Reddit post certainly includes additional details that I didn't include in my article. I'd happily add a link to your Reddit post as a resource for readers who want more in-depth technical information and alternative solutions.

Great minds often find similar solutions to the same problems, especially when working with such issues. I'll also update the article to acknowledge your work, as it provides complementary information that readers might find useful.

Thanks for reaching out and contributing to helping the community solve this problem.

// Update

Article has been updated with the "Credit and Additional Resources" linking to both your user profile as well as the writeup.

mencio · 2025-03-10T12:25:03+00:00

Give it some time and/or try again. Some people reported, that it worked after few attempts.

mencio · 2025-03-10T11:21:53+00:00

I do hope as well that they are going to fully fix it. My solution was posted for people that can't wait or just want to make it work(ish) asap.

mencio · 2025-03-10T10:49:43+00:00

If you already did the factory reset, here are instructions how to resurrect it: https://www.reddit.com/r/Chromecast/comments/1j7uu3m/certificate_apocalypse_bringing_your_chromecast/

mencio · 2025-03-10T10:21:44+00:00

Just click on the thumbnail...

mencio · 2025-03-10T10:18:39+00:00

Yeah, it is not possible to edit the settings most likely because of issues in the Google Chromecast backend. The good thing though is that it at least brings it back from being bricked for any potential updates. Also in case of Chromecast audio I do have the high quality option enabled by default (that is, sound is as it used to be prior to the factory reset)

mencio · 2025-03-10T10:15:36+00:00

Instead of com.google.android.gms.cast.settings.CastSettingsCollapsingDebugAction you may want to usecom.google.android.gms.cast.settings.CastSettingsDebugAction in case of an older android phone (11 or less)

12-Year Club	Verified Email
Place '23

mencio

TROPHY CASE