Yeah, when my company first forced Claude on everyone the head engineers managed to negotiate that Claude would only run in a WSL sandbox. But people were lazy, so they just gave that WSL as many permissions as possible (Mounting C directly to it, opening up all interfaces, popping in full-access git tokens etc.). Then management sent out an extremely biased “survey” that has the question “Is having Claude in the WSL inconvenient to you?” and all the lazy bastards said yes. So now management lifted the sandboxing requirement to make work “easier” for devs. In the meantime, the engineers arguing for proper sandboxing are already so worn out from telling people to not intentionally compromise their sandbox that they’ve kinda just given up. Not having a sandbox at all isn’t much more insecure than whatever people are already doing 🫠
Yeah, when my company first forced Claude on everyone the head engineers managed to negotiate that Claude would only run in a WSL sandbox. But people were lazy, so they just gave that WSL as many permissions as possible (Mounting C directly to it, opening up all interfaces, popping in full-access git tokens etc.). Then management sent out an extremely biased “survey” that has the question “Is having Claude in the WSL inconvenient to you?” and all the lazy bastards said yes. So now management lifted the sandboxing requirement to make work “easier” for devs. In the meantime, the engineers arguing for proper sandboxing are already so worn out from telling people to not intentionally compromise their sandbox that they’ve kinda just given up. Not having a sandbox at all isn’t much more insecure than whatever people are already doing 🫠
I hope they have a good backup and recovery solution
Of course they do. It’s even mounted rw at the root of the AI drive for ease of access in case something goes wrong.
I hope they dont so that it hurts and they maybe learn