top | item 47184064

(no title)

It's really not that hard to run them in docker. Can give them a nestybox (with a little work) sidecar so they can run docker-in-docker. As far as permissions, the only mental model that makes sense to me is treating them like actual people. Bound their permissions in the other systems not on their own machines, basically zero trust. For instance for email, most mail apps have had delegated permissions for a while, executives use it to have their assistants read and write their mail. That's what is needed with these too.

discuss

eli|2 days ago

You still have to trust your executive assistant. I would never give someone I don't trust the ability to read and write emails for me.

mr_mitm|2 days ago

If this takes off, I wonder if platforms will start providing API tokens scoped for assistants. They have permissions for non destructive actions like reading mails, flagging important mails, creating drafts, moving to trash, but not more.

ackdesha|2 days ago

Yes. It’s kind of like giving power of attorney to Jeffery Epstein.