I guess that could be useful. I don't have many standalone python scripts, and those that I do have are very basic. It would be really nice if that header could include sandboxing!
So much this! I've been bugging Astral about addressing the sandboxing challenge for a while, I wonder if that might take more priority now they're at OpenAI?
The overlap between the target audience for openclaw in spite of its attack surface, and the audience that considers a mac mini to be a sandbox while handing over the keys to their digital life is a Venn Eclipse.
Because the bit thats import is your context (ie email, credit card, privileged data), not the place where you do the execution.
Having a separate machine thats isolated is all well and good, but that doesn't protect you from someone convincing your openclaw to give them your credit card.
It doesn’t have to have a credit card number to be useful. I don’t need it to purchase anything. Mine has its own icloud and google account. I can share calendars to it. You can donate same with email or shared lists. There are ways of using openclaw without yolo’ing all your secrets.
But it does need to know personal info to be useful as an agent (calendars, email). The danger is that it’s a hassle to vet every bit of data, and to be useful it needs to know a lot, leading to oversharing, and if you use it long enough you will leak secrets that you didn’t want to leak.
I like the possibilities this opens up but I'm struggling to understand how wasm is involved. I had the impression it doesn't have a user interface, but it's called by javascript instead.
I argue that developers enable the egregious behaviour by supporting safari in the first place. Just as IE was called out and shunned for its shenanigans, before they started behaving better, so too does safari need to be treated. However, it does also feel too late, they have crippled other browsers too with their platform abuse masquerading as requirements while we celebrated it.
Is it really egregious that Apple doesn’t support everything Google decides to push? Most of these are features I don’t care about, or in some cases actively do not want.
I’m also not sure how accurate this page is. They claim Chrome on Android supports registerProtocolHandler while MDN says it’s not supported there.
I will give them this one benefit of the doubt. The tone in the blog post is a straightforward one that is rare to see in such communications, without fluff or marketing speak. It's a rare acknowledgment of going a bit nuts with the copilot integrations. It did look like they were trying to see what sticks and presumably the answer is, we can't figure out what did.
Personal computing is a rare niche these days thanks to the majority who have chosen to give over the personal aspect to the privacy hostile duopoly of MS and Apple (while celebrating doing so) who hold the leash.
Ask about backpressure first. You can dump events into a channel all day, but when sessions spike and the reciever falls behind, you get the boring failure modes nobody mentions: queues swell, latency climbs, and memory bloat or dropped messages show up before anyone notices. The "nothing should be above criticism" line is fine, but if every design choice is open season nothing concrete gets built and the thread turns into process theater.
I'm not in agreement with most of you, hn. They've found a decent compromise that works for power users and the general population. Your status as a power user does not invalidate the need to help the more vulnerable.
Having to wait a day for a one off isn't a big deal, if they kept it looser then you'd be shouting about the amount of scams that propagate on the platform.
Why would I pay Google after this? I have gotten rid of Xiaomi a long time ago.
For now, I am rolling with my OnePlus 7 with LineageOS, till I find a phone that's not completely locked down. Yes, it's old, but it gets my job done. Once I am off all of Google's services, I'll probably get rid of Google in most part of my life.
As, someone who is a user from invite only Gmail, it's difficult, but necessary.
So like a Motorola, Sony, Fairphone, Shiftphone, Jolla... none of these are 'completely locked down' (though besides Jolla, they're all a little: they don't come as "yours" by default because of the contract with Google to be allowed to ship Play/Maps/etc.)
This helping the vulnerable framing is naive at best. This is about an American ad company consolidating their power over what people can do with devices they bought and are reliant on daily.
Helping the vulnerable should not involve that. If your only idea on how to help the vulnerable involves that, think of better ideas.
At some point we need to start wondering if it's not just naivete but intellectual dishonesty. The same American corporations that claim to be imposing draconian control measures to "protect the vulnerable" are, at the same time, exploiting those very same vulnerable people to the best of their ability. Take Google, they have no problem showing ads for scams in Youtube and Google Ads. There is mounting evidence that their recommendation algorithms for Youtube, shorts, etc. negatively affect mental health, especially youngest ones. But it makes them money, and they've zero interest in preventing that or changing it.
And it's not just Google, it's the m.o. of all large corporations. Another example is Epic Games, they advertise how they will fight in court against big companies like Google and Apple to defend their users. Yet they've gotten fined repeatedly for amounts in the millions, for predatory micro-transactions, and misleading minors into spending money without the consent of their parents.
Time and time again it is proven that everything these companies do, it's always for the benefit of their bottom line, and consideration for their users does not even factor into their considerations. This is no different, they want to push it because it will give them more control or make them money, and it either won't protect anyone, or that's just an unintended side effect but a good way to market it.
Sure, I believe that the likes of Meta, Google, and god damn Microsoft who enabled mass brutal persecution of millions of people for money (engaged in recording and analysis of phone calls of Palestinians), care about vulnerable individuals, and not just about stuffing their pockets with more and more money by the means of increased control over "their" platforms.
My personal hard line is having to ask Google for permission to sideload. Even if it's free and no personal info is exchanged.
This new process is annoying but I can see it helping prevent scams.
Scammers can coerce people into ignoring warnings if they convince them their entire life savings are on the line. It's hard to do if you need to wait 24 hours before the setting unlocks.
Scammers can also convince people to give them their home's keys. Does not allow you to keep me from opening my door without the door maker's permission.
As a non American, losing my ability to run software even if google decides that software can't enter their store feels much higher a risk.
i would say its actually very easy. if someone doesnt have the smarts to know they are being scammed in the first place then not much is going to change in 24 hours when the scammers call back. the only hope is that this person mentions the call to someone else in the meantime
They will just call you the next days lmfao. There are countless news in my country that scammers hanging around on phone with the victims for some days before they do the deed. They are just switching from 1 long call to multiple reasonable calls because people naturally become more trusting the ones they talk more frequently and the scammers succeed more. That's exactly the words of a scammer when the police interrogating him at my place.
https://docs.astral.sh/uv/guides/scripts/#declaring-script-d...
reply