Readit NewsWe generally found that this worked out fine. Customer-facing limits were numbers measured in hours or days; infra limits were measured in seconds or minutes.
Certainly you wouldn’t want to rely on a central db for infra-oriented rate limiting, in any case.
Famous HN "but": I find it baffling that by default we are shown this cutesy animation, that gets boring real fast, and actual measurement values in tiny font in the corner, which must be manually switched to for each sensor? Why not just show all sensor values in large font?
> and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible
"What explains these failings? There are a range of explanations, from lack of understanding and incompetence to snobbery, misogyny and fear of inflaming racial tensions....
"There is evidence that many officials feared being accused of racism. In 2004, a Channel 4 documentary about Asian men grooming girls in Bradford was postponed over fears that it could lead to race riots; Jay found that councillors had fretted that discussion of the issue could harm "community cohesion". Telford's inquiry also identified a "nervousness about race"."
https://theweek.com/crime/the-grooming-gangs-scandal-explain...
So I've been trying to figure out the best shape for running that. I think it comes down to running in a fresh container with source code that I don't mind being stolen (easy for me, most of my stuff is open source) and being very careful about exposing secrets to it.
I'm comfortable sharing a secret with a spending limit: an OpenAI token that can only spend up to $25 is something I'm willing risking to an insecured coding agent.
Likewise, for Fly.io experiments I created a dedicated scratchpad "Organization" with a spending limit - that way I can have Claude Code fire up Fly Machines to test out different configuration ideas without any risk of it spending money or damaging my production infrastructure.
The moment code theft genuinely matters things get a lot harder. OpenAI's hosted Codex product has a way to lock down internet access to just a specific list of domains to help avoid exfiltration which is sensible but somewhat risky (thanks to open proxy risks etc).
I'm taking the position that if we assume that malicious tokens can drive the coding agent to do anything, what's an environment we can run in where the damage is low enough that I don't mind the risk?
In what way do you think the risk is greater in no-approvals mode vs. when approvals are required? In other words, why do you believe that Claude Code can't bypass the approval logic?
I toggle between approvals and no-approvals based on the task that the agent is doing; sometimes I think it'll do a good job and let it run through for a while, and sometimes I think handholding will help. But I also assume that if an agent can do something malicious on-demand, then it can do the same thing on its own (and not even bother telling me) if it so desired.