Post
Isolation Is the New Runtime
Sandboxing is thirty years old and has barely changed. What changed is who's in the box: an agent that reads its next instruction off the open internet and can't tell a command from a trap, which is why the OS is reorganizing around it. A line from chroot in 1979 to Microsoft's MXC in 2026, and the trade we made along the way.