I've seen claude get confused about what directory it's in. And of course I've seen claude run rm -rf *. Fortunately not both at the same time for me, but not hard to imagine. The claude sandbox is a good idea, but to be effective it would need to be implemented at a very low level and enforced on all programs that claude launches. Also, claude itself is an enormous program that is mostly developed by AI. So to have a small <3000-line human-implemented program as another layer of defense offers meaningful additional protection.
In my opinion Claude should be shipped by a custom implementation of "rm" that Anthropic can add guardrails to. Same with "find" surprised they don't just embed ripgrep (what VS Code does). It's really surprising they don't just tweak what Claude uses and lock it down to where it cannot be harmful. Ensure it only ever calls tooling Claude Code provides.
What we need is a capabilities based security system. It could write all the python, asm, whatever it wants and it wouldn't matter at all if it was never given a reference to use something it shouldn't.
Unix permissions is not a capability system though. Capabilities are more like "here is a file descriptor pointing to a directory, you are not capable of referring to anything outside it". So closer to chroot, except you can have several such directory references at the same time.
You can always narrow down a capability (get a new capability pointing to a subdirectory or file, or remove the writing capability so it is read only) but never make it more broad.
In a system designed for this it will be used for everything, not just file system. You might have capabilities related to network connections, or IPC to other processes, etc. The latter is especially attractive in microkernel based OSes. (Speaking of which, Redox OS seems to be experimenting with this, just saw an article today about that.)
I have been putting my agents on their own, restricted OS-level user accounts for a while. It works really well for everything I do.
Admittedly, there’s a little more friction and agent confusion sometimes with this setup, but it’s worth the benefit of having zero worries about permissions and security.
There exist restricted Shells. But honestly, I don't feel capable of assessing all attack vectors and security measures in sufficient detail. For example, do the rbash restrictions also apply when Python is called with it? Or can the agent somehow bypass rbash to call Python?
If you disallow it from just writing Python scripts to bypass its defined environment at its core system training why would this matter? I would lockdown its path anything that tries to call Python should require the end-user to approve and see the raw script before they do.
> a custom implementation of "rm" that Anthropic can add guardrails to
Wrong layer. You want the deletion to actually be impossible from a privilege perspective, not be made practically harder to the entity that shouldn't delete something.
> It's really surprising they don't just tweak what Claude uses and lock it down to where it cannot be harmful. Ensure it only ever calls tooling Claude Code provides.
Maybe Anthropic (or some collection of the large AI orgs, like OpenAI and Anthropic and Google coming together) should apply patches on top of (or fork altogether) the coreutils and whatever you normally get in a userland - a bit like what you get in Git Bash on Windows, just with:
1) more guardrails in place
2) maybe more useful error messages that would help LLMs
3) no friction with needing to get any patches upstreamed
External tool calling should still be an option ofc, but having utilities that are usable just like what's in the training data, but with more security guarantees and more useful output that makes what's going on immediately obvious would be great.
> So for me, it's really, really useful for Claude to be able to send Slack messages and emails or make pull requests.
Oh, I'm totally not arguing for cutting off other capabilities, I like tool use and find it to be as useful as the next person!
Just that the shell tools that will see A LOT of usage have additional guardrails added on top of them, because it's inevitable that sooner or later any given LLM will screw up and pipe the wrong thing in the wrong command - since you already hear horror stories about devs whose entire machines get wiped. Not everyone has proper backups (even though they totally should)!
You can define your own rm shell alias/function and it will use that. I also have cp/mv aliases that forces -i to avoid accidental clobbering and it confuses Claude to no end (it uses cp/mv rare enough—rarer than it should, really—that I don’t bother wasting memory tokens on it).
This is terrifying. I have not used agents because I do not have a sandbox machine I do not care about. Am I crazy to worry about a sandboxed agent running on my home network? Anyone experienced anything weird by doing that?
Yeah, I actually have both an alias for `rm` and a custom seatbelt sandbox which means the agent can only delete stuff within the directory it’s working in, so wasn’t an issue, was just fun to watch it say “hm, that doesn’t seem to work. Looks like the user has aliased rm. I’ll just go ahead and work around it”
> The claude sandbox is a good idea, but to be effective it would need to be implemented at a very low level and enforced on all programs that claude launches.
I feel like an integration with bubblewrap, the sandboxing tech behind Flatpak, could be useful here. Have all executed commands wrapped with a BW context to prevent and constrain access.
Bubblewrap is exactly what the Claude sandbox uses.
> These restrictions are enforced at the OS level (Seatbelt on macOS, bubblewrap on Linux), so they apply to all subprocess commands, including tools like kubectl, terraform, and npm, not just Claude’s file tools.
Oh wow I'd have expected them to vibe-code it themselves. Props to them, bubblewrap is really solid, despite all my issues with the things built on top of it, what, Flatpak with its infinite xdg portals, all for some reason built on D-Bus, which extremely unluckily became the primary (and only really viable) IPC protocol on Linux, bwrap still makes a great foundation, never had a problem with it in particular. I tend to use it a bunch with NixOS and I often see Steam invoking it to support all of its runtimes. It's containers but actually good.
We anthropomorphize these agents in every other way. Why aren't we using plain ol' unix user accounts to sandbox them?
They look a lot like daemons to me, they're a program that you want hanging around ready to respond, and maybe act autonomously through cron jobs are similar. You want to assign any number of permissions to them, you don't want them to have access to root or necessarily any of your personal files.
It seems like the permissions model broadly aligns with how we already handle a lot of server software (and potentially malicious people) on unix-based OSes. It is a battle-tested approach that the agent is unlikely to be able to "hack" its way out of. I mean we're not really seeing them go out onto the Internet and research new Linux CVEs.
Have them clone their own repos in their own home directory too, and let them party.
Openclaw almost gets there! It exposes a "gateway" which sure looks like a daemon to me. But then for some reason they want it to live under your user account with all your privileges and in a subfolder of your $HOME.
> for some reason they want it to live under your user account
The entire idea of Openclaw (i.e., the core point of what distinguishes it from agents like Claude Code) is to give it access to your personal data, so it can act as your assistant.
If you only need a coding agent, Openclaw is the completely wrong tool. (As a side note, after using it for a few weeks, I'm not convinced it's the right tool for anything, but that's a different story.)
I tried this with Claude code on macOS. I created a new agent user and a wrapper do run Claude has that user, along with some scripts to set permissions and ownership so that I could run simple allow/deny commands. The only problem was that the fancy oauth flow broke. I filed an issue with Anthropic and their ticket bot auto closed it “for lack of interest” or whatever.
I fiddled with transferring the saved token from my keychain to the agent user keychain but it was not straightforward.
If someone knows how to get a subscription to Claude to work on another user via command line I’d love to know about it.
Oh that’s an idea. I was going to argue that it’s a problem that you might want multiple instances in different contexts but sandboxing processes (possibly instanced) is exactly what systemd units are designed to deal with.
I've many times seen Claude try to execute a command that it's not supposed to, the harness prevents it, and then it writes and executes a python script to do it.
How much more? Depends on the system doesn't it? I don't know how many systems have proc mounted but don't you get it from /proc/self/root?
Anyway that's beside the point, which is that it doesn't have to "be malicious" to try to overcome what look like errors on its way to accomplishing the task you asked it to do.
Until it gets prompt injected. Are you reading every single file your agent reads as part of the tasks you give it, including content fetched from the web or third-party packages?
I added a hook to disable rm, find - delete, and a few of the other more obvious destructive ops. It sends Claude a strongly worded message: "STOP IMMEDIATELY. DO NOT TRY TO FIND WORKAROUNDS...".
It will mess up eventually. It always does. People need to stop thinking of this is a “security against malicious actor” thing… because thinking in that way blinds you to the actual threat… Claude being helpful and accidentally running a command it shouldn’t. It’s happened to me twice now where it will do something irreversible and also incorrect. It wasn’t a threat actor, it wasn’t a bad guy… it was a very eager, incredibly clever assistant fat fingering something and goofing up. The more power you let them wield, the more chance they’ll do accidents. But without lots of power, they don’t really do much useful…
It’s actually a hard problem. But it really isn’t “security” in the classic sense…
I added something similar. Claude eventually ran a `rm -rf *´ on my own project. When I asked why it did that, it recognized it messed up and offered a very bad “apology”: “the irony of not following your safety instructions isn’t lost on me”.
Nowadays I only run Claude in Plan mode, so it doesn’t ask me for permissions any more.
Are you confident it would still work against sophisticated prompt injection attacks that override your "strongly worded message"?
Strongly worded signs can be great for safety (actual mechanisms preventing undesirable actions from being taken are still much better), but are essentially meaningless for security.
Not sure about OPs impl, but the wording doesn’t matter. The hook prevents the use of whatever action you want. Eg it’s impossible for Claude to use Emojis for me. My hook doesn’t allow it.
So it’s deterministic based upon however the script it written
I mean, that's like saying are you sure that your antivirus would prevent every possible virus? Are you sure that you haven't made some mistake in your dev box setup that would allow a hacker to compromise it? What if a thief broke i to your house and stole your laptop? That's happened to me before, much more annoying to recover from that an accidental rm rf.
I do my best to keep off site back ups and don't worry about what I can't control.
> I mean, that's like saying are you sure that your antivirus would prevent every possible virus?
Yes, I'm saying it's pretty much as bad as antivirus software.
> Are you sure that you haven't made some mistake in your dev box setup that would allow a hacker to compromise it?
Different category of error: Heuristically derived deterministic protection vs. protection based on a stochastic process.
> much more annoying to recover from that an accidental rm rf.
My point is that it's a different category, not that one is on average worse than the other. You don't want your security to just stand against the median attacker.
> Working directory persists across commands. Set CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR=1 to reset to the project directory after each command.
It reduces one problem - getting lost - but it trades it off for more complex commands on average since it has to specify the full path and/or `cd &&` most of the time.
One could run a docker container with claude code, with a bind to the project directory. I do that but also run my docker daemon/container in a Linux VM.
That is exactly what it is. In the docs, it says that they use bubblewrap to run commands in a container that enforces file and network access at the system level.
I think the point would be that - some random upcoming revision of claude-code could remove or simply change the config name just as silently as it was introduced.
People might genuinely want some other software to do the sandboxing. Something other than the fox.
I've had issues with the sandbox feature, both on linux (archlinux) and two macos machines (tahoe). There is an open issue[1] on the claude-code issue tracker for it.
I'm not saying it is broken for everyone, but please do verify it does work before trusting it, by instructing Claude to attempt to read from somewhere it shouldn't be allowed to.
From my side, I confirmed both bubblewrap and seatbelt to work independently, but through claude-code they don't even though claude-code reports them to be active when debugging.
Battle hardened tools for this have existed for decades, we don't need new ones. Just run claude as a user without access to those directories, that way the containment is inherited by subprocesses.
You can do that, but you need root to set it up each time, and it's not super convenient--you need to decide in advance which user account you are going to work under, and you may end up with files you can read from your regular account. Think of jai strict mode as a slightly easier to use and more secure version of what you described. Using id-mapped mounts enables you and the unprivileged user account both to access the same directory with the same credentials, but you didn't need to decide in advance which directories you wanted to expose. Also, things like disabling setuid and using pid namespaces provide an additional measure of isolation beyond what you get from another account.
You're not wrong, but this will require file perms (like managing groups) and things, and new files created will by default be owned by the claude user instead of your regular user. I tried this early on and quickly decided it wasn't worth it (to me). Other mileage may vary of course.
True. I just maintain separate /home/claude/src/proj and /home/me/src/proj dirs so the human workspace and the robot workspaces stay separate. We then use git to collaborate.
By default it will automatically retry many tool calls that fail due to the sandbox with the sandbox disabled. In other words it can and will leave the sandbox.
For example:
Bash(swift build 2>&1 | tail -20)
⎿ warning:
/Users/enduser/Library/org.swift.swiftpm/configuration is not accessible or not writable, disabling user-level cache
features.
warning: /Users/enduser/Library/org.swift.swiftpm/security is not accessible or not writable, disabling user-level cache feat
… +26 lines (ctrl+o to expand)
Build hit sandbox restriction. Retrying outside sandbox.
What is even the point in that case? The behavior you describe is no better than if SELinux were to automatically re-execute a process with containment disabled.
The purpose of the sandbox is to reduce permission fatigue. If it fails to run a command in the sandbox and retries it outside the sandbox, the regular permission rules apply. You'll still be prompted for any non-sandboxed tool calls that you haven't allowed or denied via permission rules.
Configure Overrides:
1. Allow unsandboxed fallback
2. Strict sandbox mode (current)
Allow unsandboxed fallback: When a command fails due to sandbox restrictions, Claude can retry with dangerouslyDisableSandbox to run outside the sandbox (falling back to
default permissions).
Strict sandbox mode: All bash commands invoked by the model must run in the sandbox unless they are explicitly listed in excludedCommands.
https://code.claude.com/docs/en/sandboxing says they integrated bubblewrap (linux/windows), seatbelt (macos) and give an error if sandbox can't be supported so appears to be real.
Also, a lot of people use multiple harnesses. I'm often switching between claude, codex, and opencode. It's kind of nice to have the sandbox policy independent of the actual AI assistant you are running.
Interesting, thanks. I use remote ephemeral dev containers with isolated envs, so filesystem damage isn't really a concern as long as the PR looks good in review. Nice extra guardrail though, will add it to the project-level settings.
I’m surprised it works for you with such a simple config? I’m the one that added the allowRead option to Claude’s underlying sandbox [0] and had quite a job getting my toolchains and skills to work with it [1].
[0] Fun to see the confusing docs I wrote show up more or less verbatim on Claude’s docs.
The default: https://code.claude.com/docs/en/sandboxing#filesystem-isolat... already restricts writes to only the current folder. I can understand adding the "denyRead" for the home folder for additional security, but the other three seems redundant considering the default behavior.
> You can disable this escape hatch by setting "allowUnsandboxedCommands": false in your sandbox settings. When disabled, the dangerouslyDisableSandbox parameter is completely ignored and all commands must run sandboxed or be explicitly listed in excludedCommands.
(I have no idea why that isn't the default because otherwise the sandbox is nearly pointless and gives a false sense of security. In any case, I prefer to start Claude in a sandbox already than trust its implementation.)
And you'd trust that given CC is a vibe-coded mess?
Editing to go even further because, I gotta say, this is a low point for HN. Here's a post with a real security tool and the top comment is basically "nah, just trust the software to sandbox itself". I feel like IQ has taken a complete nosedive in the past year or so. I guess people are already forgetting how to think? Really sad to see.
Did you get this to work with docker where the agent/dev env would work on the host machine but the stack itself via docker compose?
Many of the projects I work on follow this pattern (and I’m not able to make bigger changes in them) and sanboxing breaks immediately when I need to docker compose run sometask.sh
So in some sense we start recreating an operating system, or at least the userspace, within the Claude code. There was some name for this pattern but I can’t recall
You do also have to worry about exec and other neat ways to probably get around stuff. You could also spin up YAD (yet another docker) and run Claude in there with your git cloned into it and beyond some state-level-actor escapes it should cover 99% of your most basic failures.
For some reason, this made everything worse for me. Now claude constantly tries to access my home folder instead of current directory. Obviously this is not still good enough. Also Claude keeps dismissing my instructions on not to read my home directory and use current directory. Weird.
The problem with all these LLM instructed security features is the `codeword` poison probability.
The way LLMs process instructions isn't intelligence as we humans know it, but as the probability that an instruction will lead to an output.
When you don't mention $HOME in the context, the probability that it will do anything with $HOME remains low. However, if you mention it in the context, the probability suddenly increases.
No amount of additional context will have the same probability of never having poisoned the context by mentioning it. Mentioning $HOME brings in a complete change in probabilities.
These coding harnesses aren't enough to secure a safe operating environment because they inject poison context that _NO_ amount of textual context can rewire.
It's common practice to ask the agent to refer to another project, in that case I guess the read should point to the root folder of the projects.
Also, any details on how is this enforced? because I notice that the claude in Windows don't respect plan mode always; It has edited files in plan mode; I never faced that issue in Linux though.
Interesting point. I've been running an autonomous multitalented AI agent (Aegis) on a $100 Samsung A04e. It manages 859 referring sites without touching the local filesystem much. Efficiency over hardware works."
I'm now considering installing QubesOS for all dev work to absolutely ensure all coding agents run in secure separate sandboxes together without any OS level exposure.
Codex uses and ships with bubblewrap on Linux and will attempt to use the version installed on the path before falling back to the shipped version with a warning message.
You should be able to configure the sandbox using https://developers.openai.com/codex/agent-approvals-security if you are a person who prefers the convenience of codex being able to open the sandbox over an externally enforced sandbox like jai.
That's entirely pragmatic in this data collecting age. Being silent and hanging up as soon as you hear the spam won't get you marked as a phone line that has a human on the other end nor do you risk your voice being recorded. If you're silly enough to say your name when answering you'll just end up with text and email that is now personalised with your name (it's much faster to identify and hang up when their best intro is to say "hello who am i speaking to?" on a single person line click).
I don't know anyone in my age bracket (45) who doesn't do this let alone those younger. It's entirely understood and expected. Fuck anyone who says it's rude and those of an age particularly prone to falling for scams (70+ and 15under) should be encouraged to do this. You should be telling your kids "never say anything on picking up, let the caller to your phone identify themselves! They could be scammers trying to get your details such as your name".
I feel all these "OMG the kids don't say hello anymore they have no etiquette!!!" statements are either from the clueless or from spammers frustrated that it's much harder to get through if you don't know their name.
I never answer my land line with "Hello", because predictive dialers recognize that as a go signal for telemarketers. I usually answer my land line with my name, business style. Cell phone is answered with "Hi, ... " depending on who's calling.
> You should be telling your kids "never say anything on picking up, let the caller to your phone identify themselves! They could be scammers trying to get your details such as your name".
How does saying "hello" give scammers your details such as your name?
I think the op was maybe on a bit of a tear and misspoke, but the sentiment is correct. These days even saying hello can be used to make a decent voice clone with some reasonable (say 50%) chance that it is you (your phone number is linked to a ton of information). I would personally try to minimize my exposure to this risk even if it is somewhat paranoid.
The 'bloop' is a beep for the other person being dumped onto the call. Typically in a call center/contact center system like this, the agent's headset is always live. When the 'bloop' comes in, it's an audible cue for the agent to actually pick up themselves as their ringtone on the line. At the end of the call they hit 'release' and wait for the next 'bloop' to go live again.
Can you imagine prices falling during an energy crisis, high inflation and datacenter build outs? Well it’s happening and pretty drastically in Australia.
Everyone should look at what's happening in Australia. Australia has 50% more solar per capita than China and utterly dwarfs the USA and Europe on a per capita basis. Because of this Australians have consistently falling power prices.
You'll note on that link in 1 year prices have gone from $87 to $50. Pretty much all attributable to the massive grid connected battery installations and renewable rollouts which had minimal subsidies. They were merely encouraged by policy which created a shorter time for grid price changes and arbitration allowing high response batteries to drive grid efficiencies. https://elements.visualcapitalist.com/top-20-countries-by-ba...
It's straightforward economics at this point. Want cheaper prices? Demand what Australia has.
I like to give Australia as the better example. Way ahead of everyone else on a per capita basis (50% more GW of solar installed per capita than China).
It's all based on governance led by research (in particular the CSIRO, the Australian government's politically isolated research department) where the CSIRO wrote a peer reviewed report mathematically demonstrating the cheapest way to improve grid reliability and lower prices. This indicated various ways to encourage solar and battery build outs. The Australian senate (https://en.wikipedia.org/wiki/Australian_Senate) which is made up of many many parties due to preferential voting passed laws enabling this and here we are.
I think that it's true that China's beating the USA in government competence but they are far far from the ideal. In fact China looks really bad compared to any competant government of the world. It just looks good compared to the USA.
Agreed. In fact this supports the GPs point about using the rawest form of GUI manipulation.
For years we loaded up libraries and abstractions to minimize boilerplate. These hid the actual underlying mechanisms and often made specific customisations harder to do since you were taken away from the raw functionality.
These days AI is extremely good at writing boilerplate and in my opinion explicitly typed out boilerplate code is much easier to reason about than a library that abstracts things away to a one line annotation or similar.
A good example is that i've recently been leaning back to the raw Android apis for things like recyclerviews etc. It used to be 10+ files to changed to create an efficient scrolling view on Android with various resources and adapters required. So a whole bunch of libraries came out to try to abstract the complexity away. You know what though? I don't care about that anymore. I'm going back to the raw GUI APIs where possible because it's so explicit and clear even if it's 10x more code.
> This seems to reveal previously-unknown range of Iranian ballistic missiles and, if true, could touch basically all of Europe
True but they have also literally launched multiple orbital satellites from iran on iranian rockets. Eg. The Noor 2 spy satellite and before that the Noor 1 series https://en.wikipedia.org/wiki/Noor_2_(satellite)
These are in orbit to this day. They regularly post images it takes of US military bases. Essentially it’s similar to how sputnik was a demonstration of icbm capability. Iran can launch a first generation ICBM right now. Pointless if they use a conventional payload (too small payload to be cost effective militarily) and a non manoeuvrable warhead (would just be intercepted) and so these aren’t used militarily but essentially everyone acting shocked they can hit 4000km range was not paying attention.
I think one of the problems we are having right now is that we have leaders who actively believed the downplaying of Irans military capabilities. It’s one thing for the common civilian to think the enemies missiles are made of cardboard and tanks of paper but it’s another when the leader of a nation believes it. Now here we are with a war that’s stalemated and no way out.
> we have leaders who actively believed the downplaying of Irans military capabilities
Iran has done precisely nothing unexpected in the entire course of this war. Closing Hormuz has been mooted since the 70s. And its IRBM stockpile has been known. This is more a case of something between political leaders and possibly the media being ignorant of even open-source intelligence.
I recall it was 12 days, or 4 weeks. Perhaps I missed an early prediction from the state that it could be 4 to 6 weeks.
The 12 days, and 2 weeks is what I recall most. But reality is what we want to see and hear. Some would say we are at week 4. Some that we are ending week 3.
Reason would be to accept we are taken for fools anyway. Or worse, run by fools.
The downplaying of Iran’s capabilities is a weird kind of racism IMHO. In the modern view, Iranians have been categorized as “brown” so people lump them together with Somalians and Afghans. But Iran is a technologically and politically sophisticated country. In terms of the Civ tech tree, it’s higher than any middle eastern country except Israel.
> The downplaying of Iran’s capabilities is a weird kind of racism IMHO.
Agreed, but it’s not at all surprising to me. Propaganda means that people will project fictitious motives and capabilities on their opponents, even if they are internally inconsistent (e.g. Iran must be attacked because they will threaten the USA mainland vs Iran’s missiles are very inaccurate and barely hit anything).
Leaving the 'aryan' and 'white' bit aside there are mountains of things that are common between Indians and Iranians -- the system of classical music, musical instruments, mythological characters, food, and of course language.
> is that we have leaders who actively believed the downplaying of Irans military capabilities
We've been hinting about these capabilities for decades [0]. A lot of what is being brought up now is stuff a number of us touched on during the Obama years.
None of this is really hidden either - it would be brought up in think tanks and even undergrad classes if you attended a target program.
Civilian leaders have always had a hands-off approach to Defense and NatSec policy - once you show them how close to a polycrisis everything is they quickly defer responsibility. It's actually pretty similar to working in a corporate environment - it's all about managing upwards.
It still does/is. Most of what I'm seeing with Iran is similar to what was discussed back in the early 2010s.
There hasn't been significant churn in the NatSec space aside from political appointees, and core policymakers like Doshi, Maestro, Allison, Colby, and even Hill have worked with administrations irrespective of party affiliation.
Not really. What we're seeing today is similar to what was being discussed in 2010 [0]. Heck, this failed missile attempt confirms capabilities that were being discussed in 2010 [1].
Probably by the Sea Viper system from a destroyer parked in the Dover Strait. Now, the UK probably doesn't have enough interceptors or destroyers carrying them to be confident they'll be able to stop a proper all out attack, but that seems to be a common problem with every Western country right now with a peacetime military budget in an increasingly unpeaceful time.
A missile would need to fly all the way over Europe before reaching London. It would be noticed, jets would be scrambled and it would be shot. Just like what happened here.
These were ballistic missiles. They are only vulnerable during the terminal phase, when they are moving at hypersonic speeds. Standard fighter jets aren't going to do it. It would take ground based THAAD, Patriot, or ship based Aegis systems. London might want to budget for that.
Why does it matter if they have some capabilities to hit whatever targets in Europe or America? They’re not crazy, it would still be suicide for them to do it. It would just give them leverage, which I can’t think of a fair reason to prevent them from having.
> It’s one thing for the common civilian to think the enemies missiles are made of cardboard and tanks of paper but it’s another when the leader of a nation believes it.
It's just another case of history - endlessly - repeating.
> Iran's missiles are used as a terror weapon against civilian population
Classic. An advanced tech US missile hits a school and kills 200 schoolgirls? "A tragic mistake, it happens in war". A much less advanced Iranian rocket hits a building? "Terrorists! They point their weapons at civilians!"
Since Iran was attacked and it has a right to defend itself, we should give it more precise weapons so it can hit directly the military headquarters in central Tel Aviv.
Intent is literally the difference in terrorism though. The US hitting 500 targets in Iran and one of them being a school is the exact opposite of a strategy of terrorism. With terrorism you explicitly target civilians to drive fear.
Trying to hit the Burj Khalifa without targeting any military or high political office is terrorism.
When Iran launched at military bases or tried to shoot at planes, it was not called terrorism.
Its a mystery how "the terrorists" have launched 1000's of missiles & drones, in 70+ (and counting) waves, across 3 weeks, spanning across the region, and yet they have ABJECTLY FAILED to:
* hit any hospital
* blow up any school
* nor murder any journalists.
Yet, despite this stunning lack of accuracy from ... "the terrorists", they have somehow managed to hit EVERYTHING ELSE they were aiming at.
On the other hand, the "West", who are absolutely NOT terrorists, have managed to blow up schools, slaughter hundreds and hundreds of school children, smash multiple hospitals, take out as many health workers & first responders as possible with double tap strikes ...
and let's not even mention the number of journalists deliberately targeted & killed, nor the families of journalists, deliberately targeted & killed
And to answer the "but they killed 25 million of their own civilians just weeks ago", it would be almost churlish to point out that the MASSIVE pro-Iran public sentiments expressed by ALL sectors of Iranian society would, to a logically thinking person, lead one to conclude that perhaps, just perhaps, the media campaign behind those riots was just pushing a complete LIE. Because those reports don't fit in a reality where, under direct bombardment and personal risk, those same civilians are supporting their state, their government & their leadership.
As always, the simplest explanations which fit observable facts are usually closest to the actual truth. And the simplest explanation is that the "definitely NOT terroristic" West has been lying about Iran, consistantly, for decades.
Either that, or the Mango Mussolini is the new Oracle of Delphi.
Iran literally hit a preschool in Israel today, with an MRV which is solely designed to terrorize the population (and is a war crime btw). Plus a 12 year old is in critical condition alongside 40 civilians from a single Iranian missile hitting a residential building later today. And in June Iran hit a hospital in Israel with a ballistic missile.
> Its a mystery...
Not a mystery, though, is it? Israel has excellent air defense which is why the damage isn't x10 worse. But Iran is definitely making a huge effort to hit the civilian population for maximum damage.
Unlike Iran which is literally aiming statistical weapons at population centers, the US has high accuracy weapons - the school was hit because intelligence wasn't up to date (it used be an IRGC building).
Your comment is absolutely misinformed, or worse, spreading disinformation on purpose.
No, everything I said was true. The entire world knows who deliberately targets and murders children, by the tens of thousands. "Disinformation" is one of the Zionist colony's biggest exports, but its effect (like all drugs) has waned over time.
People who have unyoked from Zionist mental-control have dozens, if not 100s of independent journalistic outlets, mostly online, where they can (and ARE) following to get some sense of what's really happening. Hence your frustration.
Its not for nothing that "every accusation is a confession" is now a phrase which has spread across the globe, in relation to the Zionist entity and its hasbara. So, your "spreading disinformation on purpose" accusation is really your confession.
What's tinfoil hat about it? The antisemitism card has been overused, it's a common tactic by the Israeli government and its agents. People who have been able to pull themselves out of being affected by these false claims can think more clearly on the matter.
Those were mostly UAVs, you can see the abysmal aiming ability in Israel, where they have largely stopped aiming at facilities and moved to cluster warheads to maximize civilian hit ratio in large metropolis
Hardly, after attacking all their friends in the region, which would leave them even more isolated after the war, I would not attribute careful strategic planning either
Their regime is made up of hardline Shia Twelvers that believe that if they kill enough people the Twelfth Imam will appear and lead them to global victory.
Only problem is the Twelfth Imam has been dead for a thousand years.
They may not be stupid, but they consistently act based on counterfactual beliefs.
> This wouldn't be another 9/11, it would be merely be retaliation
The Japanese and Al Qaeda framed their attacks defensively. An attack on the homeland is an attack on the homeland. I wouldn’t put it past Iran. But you’d rapidly see political consensus to ensure the regime is destroyed at all costs, including and up to leaving a power vacuum and humanitarian crisis.
the war is wildly unpopular in the US (rightfully so) - attacking US would rally the country (rightfully so) and regime would fall within a week (with significant casulties on our side)
It’s pretty fucking stupid. Convening the top brass above ground, failing to scatter the navy, bombing Azerbaijan and Qatar and Oman. I’m not saying the individual actors are dumb. But the result of the competing centers of power between the IRGC, military proper, clerical establishment and god knows who else produces a stupid strategy.
Broadly, taking American and Israeli threats seriously. And not overestimating how easily their neighbors would capitulate if bombed.
Tactically, this would mean not concentrating senior leadership above ground. Scattering their navies out of port. Targeting U.S. military bases and not the civilian infrastructure around them.
I disagree heavily with them too but that doesn't mean we should eradicate them. We can't expect the whole world population to be aligned.
But once we start shooting they will obviously shoot back and we're many steps further away from the desired "agree to disagree and live together anyway" outcome that is the only way to peace.
I mean the US tried this too with Afghanistan. Many lives lost, trillions of dollars wasted and everything was back to 'normal' in two weeks.
Change has to come from within and the thing is this was actually happening in Iran. Now with military law and the regime uniting people against a common enemy this is much further away.
first, what does it matter whether they are Muslims or not? second, what is the structure of reality?! you may have some notion you know what “reality” is given what your media allows you to think - the actual reality is vastly different than you think it is - that is a certainty
If you want to make synthetic fuels it’s similar effort and efficiency to make methane as it is to make hydrogen. In fact converting one to the other is trivial and the conversion from methane is how we actually make hydrogen today.
Hydrogen has a lot of issues. It’s a pain to store since it’s corrosive and does not liquify or stay liquified without cooling and extremely strong pressure vessels. Methan is already used pretty commonly. A lot of busses run on methane today.
So we’re taking methane, a fuel that’s used in transit already and that we gave a shortage if right now since it makes fertilizer and the hormuz straight is blocked. We’re taking that precious methane and converting it to hydrogen (not at all green to do this and the carbon goes into the air at this point) and then we’re awkwardly transporting this and storing it in cars with all the problems that has just to burn the hydrogen in the car pretending that we never released co2 in the process.
Now you might say ‘yeah but in theory you could use electricity to make hydrogen’ and I’ll point out that’s grossly inefficient to just using a battery electric vehicle and it’s not at all done at an industrial scale due to the reality that it was always just a way to sell fossil fuels with an obfuscation of where the release of carbon occurs and never intended an actual reasonable way to store electricity.
At this point i’ve witnessed over 30years of “stats about China aren’t real” type posts while they continue to demonstrate impressive economic and social results that i’m far more inclined to believe the potentially flawed Chinese data than posts that basically claim all data out of China is fake.
Isolated demands for rigor, really. China does have a lot of incentives to publish misleading statistics. Also, so does everyone else. In most places we bake skepticism of official lines from government and industry alike into our epistemic weights and move on, but when China does it we're supposed to treat it as a big deal. Propaganda at its finest
Can’t read all of this since it’s 424 pages but i want to point out that Australia is beating Europe on grid connected storage. Not on a per capita basis. It’s beating all of Europe combined outright https://www.visualcapitalist.com/top-20-countries-by-battery...
We did have many many problems previously. The state of South Australia went out for a couple of weeks at one point in similar cascading failures. This doesn’t happen anymore. In fact the price of electricity is falling and the grid is more stable now https://www.theguardian.com/australia-news/2026/mar/19/power...
This price drop is inline with the lowered usage of gas turbine peaker plants (isn’t that helpful right now? No need for blockaded gas for electricity).
A lot of people say it can’t be done. That you can’t have free power during the day (power is free on certain plans during daylight due to solar power inputs dropping wholesale prices to negative) and that you can’t build enough storage (still not there but the dent in gas turbine usage is clear).
It’s one of these cases where you’ve been lied to. Australia elected a government that listened to reports battery+solar is great for grid reliability and nuclear was always going to be more expensive.
> Can’t read all of this since it’s 424 pages but i want to point out that Australia is beating Europe on grid connected storage. Not on a per capita basis. It’s beating all of Europe combined outright
That makes no sense. Those are projections and for battery only. Europe today has around 100GW energy storage, Australia has around 6GW.
For the discussion of replacing gas peaker plants pumped hydro isn’t as useful as grid connected battery storage which is the focus of the above discussion.
You need grid connected storage where you have (unpredictable) renewables. That doesn't negate the benefits of Nuclear baseload power. In an ideal mix, you need both, and also Gas for emergencies. One is not better than the other, they have different roles in a balanced grid.
Nuclear has the same issue as (unpredictable) renewables, it is incapable of cost efficiently following the demand curve. As a result, just like renewables, it requires a form of dispatch-able power to complement it (gas, batteries, etc). Solar and nuclear fill the exact same role in a balanced grid - cheap non-dispatchable power.
Or at least nuclear would if it was cheap, but since its costs haven't fallen the same way that the costs of other energy did... well new nuclear buildout really doesn't have a good role at all right now, it's just throwing away money.
Solar and nuclear complement eachother fine - because their shortfalls (darkness for solar, high demand for nuclear) are mostly uncorrelated... a mix of non-dispatcahble power with uncorrelated shortfalls helps minimize the amount of dispatchable power you need... but batteries have made it cheap enough to transform non-dispatchable power to dispatchable power that nuclears high costs really aren't justifiable.
A case can be made that nuclear could potentially be cheaper than renewables plus batteries in Northern Europe when targeting 100% zero carbon electricity. (It seems unarguable that renewables can get to 80% zero carbon electricity more cheaply).
But they're not really complementary in that one can't fill in for the gaps in the other. So the case for new nuclear gets more and more uneconomic the more cheap renewables we deploy.
Nuclear has a hard time existing in a net with dominant renewables during most of the year. Down-regulating nuclear absolutely kills its profitability. What you want is power plants with low capex that can be profitable with just a few hundred hours at full capacity per year. For example you can burn hydrogen.
Plus, related (storage), you do not want to put hydroelectric in water reservoirs targeted to population consumption, as you could find out one summer that the reservoirs are empty, the result of such water being used with the intention of generate electricity, or even used as inertial stabilizer for renewables.
This is the moment were at the news you read "There's a drought because it isn't raining" and similar excuses, when in reality your five years of water's reservoirs become reduced to half -or one third- due they focused the electricity production over the population real water demand.
I mean, hydroelectric needs at least two level’s reservoirs, one to generate electricity (or even exclusive two level's reservoirs with water pumps for this), and the next one, absolutely untouchable by the electric companies, targeted as water storage for the population/agriculture, the classic more than five years reservoir, for real.
> Australia elected a government that listened to reports battery+solar is great for grid reliability and nuclear was always going to be more expensive
The report you mean (csiro) was wildly biased though. They based their nuclear power cost estimate on a nuclear reactor that was never deployed anywhere (Nuscale) instead of "normal" nuclear power plants that have been deployed for decades.
The NuScale cost was what the project itself announced. And they hadn’t even started building yet. The latest reports also include large scale nuclear power.
I find it funny when people get outraged because all CSIRO does is use real world construction costs easily proving how unfathomably expensive new built nuclear power is.
And people might not know what the CSIRO is. They are the Australian governments research body, separated from the current political party. They aren’t some private company or political group. I don’t think you could have a more neutral and unbiased viewpoint.
Exactly. And they have well established methodology publishing a consultation draft asking for review. Then following that review publish a final version half a year later.
Followed by updating the methods for the next iteration to cover any gaps discovered, like only including SMR and not large scale nuclear.
reply