Exoplaneten: Suche nach außerirdischen Atmosphären verbessert
Wie die Atmosphären von Exoplaneten aufgebaut sind, lässt sich nun berechnen. Das eröffnet neue Möglichkeiten bei der Suche nach Leben. (Exoplanet, Nasa)
Quelle: Golem
Spaceshuttle: 40 Jahre Challenger-Katastrophe und der Tag davor
Vor 40 Jahren ereignete sich die erste Katastrophe des Spaceshuttle-Programms der Nasa. Ingenieure hatten die Raumfahrtbehörde damals vor dem Flug gewarnt. (Nasa, Raumfahrt)
Quelle: Golem
Die KI-Falle für Nachwuchs-Programmierer: Schneller coden, weniger verstehen
Eine neue Studie zeigt die Kehrseite von KI: Softwareentwickler arbeiten mit KI-Tools schneller, verstehen aber weniger von dem Code, den sie schreiben. (Anthropic, KI)
Quelle: Golem
Docker Sandboxes: Run Claude Code and Other Coding Agents Unsupervised (but Safely)
We introduced Docker Sandboxes in experimental preview a few months ago. Today, we’re launching the next evolution with microVM isolation, available now for macOS and Windows.
We started Docker Sandboxes to answer the question:
How do I run Claude Code or Gemini CLI safely?
Sandboxes provide disposable, isolated environments purpose-built for coding agents. Each agent runs in an isolated version of your development environment, so when it installs packages, modifies configurations, deletes files, or runs Docker containers, your host machine remains untouched.
This isolation lets you run agents like Claude Code, Codex CLI, Copilot CLI, Gemini CLI, and Kiro with autonomy. Since they can’t harm your computer, let them run free.
Since our first preview, Docker Sandboxes have evolved. They’re now more secure, easier to use, and more powerful.
Level 4 Coding Agent Autonomy
Claude Code and other coding agents fundamentally change how developers write and maintain code. But a practical question remains: how do you let an agent run unattended (without constant permission prompts), while still protecting your machine and data?
Most developers quickly run into the same set of problems trying to solve this:
OS-level sandboxing interrupts workflows and isn’t consistent across platforms
Containers seem like the obvious answer, until the agent needs to run Docker itself
Full VMs work, but are slow, manual, and hard to reuse across projects
We started building Docker Sandboxes specifically to fill this gap.
Docker Sandboxes: MicroVM-Based Isolation for Coding Agents
Defense-in-depth, isolation by default
Each agent runs inside a dedicated microVM
Only your project workspace is mounted into the sandbox
Hypervisor-based isolation significantly reduces host risk
A real development environment
Agents can install system packages, run services, and modify files
Workflows run unattended, without constant permission approvals
Safe Docker access for coding agents
Coding agents can build and run Docker containers inside the MicroVM
They have no access to the host Docker daemon
One sandbox, many coding agents
Use the same sandbox experience with Claude Code, Copilot CLI, Codex CLI, Gemini CLI, and Kiro
More to come (and we’re taking requests!)
Fast reset, no cleanup
If an agent goes off the rails, delete the sandbox and spin up a fresh one in seconds
What’s New Since the Preview and What’s Next
The experimental preview validated the core idea: coding agents need an execution environment with clear isolation boundaries, not a stream of permission prompts. The early focus was developer experience, making it easy to spin up an environment that felt natural and productive for real workflows.
As Matt Pocock put it, “Docker Sandboxes have the best DX of any local AI coding sandbox I’ve tried.”
With this release, we’re making Sandboxes more powerful and secure with no compromise on developer experience.
What’s New
MicroVM-based isolation Sandboxes now run on dedicated microVMs, adding a hard security boundary.
Network isolation with allow and deny listsControl over coding agent network access.
Secure Docker execution for agentsDocker Sandboxes are the only sandboxing solution we’re aware of that allows coding agents to build and run Docker containers while remaining isolated from the host system.
What’s Next
We’re continuing to expand Docker Sandboxes based on developer feedback:
Linux support
MCP Gateway support
Ability to expose ports to the host device and access host-exposed services
Support for additional coding agents
Docker Sandboxes were made for developers who want to run coding agents unattended, experiment freely, and recover instantly when something goes wrong. They extend the usability of containers’ isolation principles but with hard boundaries.
If you’ve been holding back on using agents because of permission prompts, system risk, or Docker-in-Docker limitations, Docker Sandboxes are built to remove those constraints.
We’re iterating quickly, and feedback from real-world usage will directly shape what comes next.
Quelle: https://blog.docker.com/feed/
Amazon ECS now publishes container health status as a CloudWatch metric
Amazon Elastic Container Service (Amazon ECS) now publishes container health status as a new metric in CloudWatch Container Insights with enhanced observability. Customers can now track the operational health of their containers through a dedicated CloudWatch metric and create alarms to respond proactively to unhealthy containers. When customers configure a container health check in the container definition of an ECS task definition, Container Insights now publishes the UnHealthyContainerHealthStatus metric in the ECS/ContainerInsights namespace. The metric reports 0 for HEALTHY and 1 for UNHEALTHY. Container health state information is also available in embedded metric format (EMF) logs, providing additional context while health checks are being evaluated during the UNKNOWN state. The metric is available across cluster, service, task, and container-level dimensions, enabling customers to monitor health at their preferred level of granularity. Customers can create CloudWatch alarms on the metric to receive notifications when containers become unhealthy, allowing teams to take immediate action and maintain application reliability. To get started, enable Container Insights with enhanced observability on your ECS cluster and configure a container health check in your task definition to start collecting the metric in CloudWatch. Container health metric is available in all AWS Regions where Amazon ECS Container Insights is supported. For more information, see the Amazon ECS container health checks documentation and the CloudWatch Container Insights documentation.
Quelle: aws.amazon.com
AWS Lambda launches enhanced observability for Kafka event source mappings
AWS Lambda launches enhanced observability for Kafka event source mappings (ESM) that provides Amazon CloudWatch Logs and metrics to monitor event polling setup, scaling, and processing state of Kafka events. This capability allows customers to quickly diagnose setup issues and take timely corrective actions to operate resilient data streaming workloads. This capability is available for both Amazon Managed Streaming for Apache Kafka (Amazon MSK) and self-managed Apache Kafka (SMK) event source mappings. Customers use Kafka event source mappings (ESM) with their Lambda functions to build mission-critical applications. However, the lack of visibility into event polling setup, scaling, and processing state for events slows down troubleshooting for issues resulting from faulty permissions, misconfiguration, or function errors, which increases mean time to resolution and adds operational overhead. With this launch, customers can enable CloudWatch Logs and metrics to monitor their Kafka polling setup, scaling, and event processing state. Customers can select from multiple log level options that provide logs ranging from warnings and errors to detailed information about event processing progress. Similarly, customers can enable one or more metrics groups—EventCount, ErrorCount, and KafkaMetrics—to monitor various aspects of event processing. Customers can view all their metrics and logs via a dedicated monitoring page on AWS Console for ESM. This capability allows customers to utilize their observability tooling to quickly diagnose setup issues and track performance metrics to meet their stringent business requirements. This feature is available in all AWS Commercial Regions where AWS Lambda’s Provisioned mode for Kafka ESM is available. You can enable ESM logs and metrics for your Kafka ESM using AWS Lambda’s Create and Update ESM APIs, AWS Console, AWS CLI, AWS SDK, AWS CloudFormation, and AWS SAM. To learn more about these capabilities, visit the Lambda Kafka ESM developer documentation. These logs and metrics are charged at standard CloudWatch pricing.
Quelle: aws.amazon.com
Amazon SageMaker Unified Studio now supports AWS PrivateLink
Today, Amazon SageMaker announced a new capability allowing you to establish connectivity between your Amazon Virtual Private Cloud (VPC) and Amazon SageMaker Unified Studio without customer data traffic going through the public internet. Customers needing to go beyond the standard data transfer protocol (HTTPS/TLS2) can choose to configure their VPC so data transfer stays within the AWS network. Through AWS PrivateLink, Network Administrators can now onboard AWS service endpoints to their VPC used by Amazon SageMaker Unified Studio. With the endpoints are onboarded, IAM policies used by Amazon SageMaker will enforce that customer data stay within the AWS network. Amazon SageMaker private access using AWS PrivateLink is available in all AWS Regions where Amazon SageMaker Unified Studio is supported, including: Asia Pacific (Tokyo), Europe (Ireland), US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), South America (São Paulo), Asia Pacific (Seoul), Europe (London), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), Asia Pacific (Mumbai), Europe (Paris), Europe (Stockholm) To learn more, visit Amazon SageMaker then get started with the network isolation documentation.
Quelle: aws.amazon.com
Amazon RDS now supports IPv6 for VPC endpoints of RDS Service APIs
Amazon RDS now supports Internet Protocol version 6 (IPv6) for VPC endpoints of RDS Service APIs, in addition to the existing IPv6 support for public endpoints. This allows you to configure dual-stack (IPv4 and IPv6) connectivity to access RDS Service APIs directly from within your VPC without internet traversal. IPv6 provides an expanded address space, enabling you to scale your application on AWS beyond the limitations of IPv4 addresses. With IPv6, you can assign easy to manage contiguous IP ranges to micro-services and can get virtually unlimited scale for your applications. Moreover, with support for both IPv4 and IPv6, you can gradually transition applications from IPv4 to IPv6, enabling safer migration. This feature is available in all commercial AWS regions and AWS GovCloud (US) regions. Get started with the RDS Service APIs here. To learn more about configuring your environment for IPv6, please refer to the IPv6 User Guide.
Quelle: aws.amazon.com
Zukunft ohne Windkraft: Kanzler Merz löst das weltweite Energieproblem
20 Jahre gibt Friedrich Merz der Windenergie noch. Das sind für Stromkunden, Windkraftindustrie und Handwerk schlechte Nachrichten. Ein IMHO von Mario Petzold (Windkraft, Wirtschaft)
Quelle: Golem
Altersvorsorge: Wie bei Betriebsrenten und Riester-Rente gekürzt wird
Versicherer haben bei Millionen Zusatzrentenverträgen die geplanten Auszahlungen gekürzt. Nun hat der BGH ein Machtwort gesprochen. Es geht um viel Geld. Ein Ratgebertext von Thomas Öchsner (Geld anlegen, Verbraucherschutz)
Quelle: Golem
