Posts
5886
Following
357
Followers
555
.

Jarkko Sakkinen

I created a proof-of-concept fork of pi-hashline-readmap plugin, integrating sandbox to its compressed bash output pipeline:

https://github.com/jarkkojs/pi-hashline-readmap

It's a bit more non-trivial integration example because bash hook cannot just be repealed and replaced.

With a very thin and unintrusive layer that Landlock LSM provides and SECCOMP notifications further help to make more robust Landstrip provides very lean integration path for sandboxing coding agents in Linux. And yeah, stuff like below can be described with this.
1
0
2

Jarkko Sakkinen

ordered 4x NAS hard drives late March. expected delivery time is 16th of October :-) From Amazon. it was 16th from the get go. i'd guess (don't know) that is poor availability of chips...
0
0
1

Jarkko Sakkinen

it's good to show, not for show off, but just express that "hey i can still innovate in code too", like the small sandbox i did within last few days. it's important because specs are not at the core of that innovation at all, and never have been. and quantization that LLM represents is at the end of a day just a lost and forgotten snapshot of reality with an extremely bad quality and lossful compression. and only a tiny finite slice of what is outside of that spectrum...
1
0
0
I think logical next step is to make Pi-plugin for this.
0
0
0
I just realized how well Landlock correlates with Seatbelt.
1
0
1

Jarkko Sakkinen

This seems to work, so:

https://github.com/anthropic-experimental/sandbox-runtime/issues/291

I've written in detail why I feel like that to the issue.
1
0
0
@Flaky i wonder if mark's gravestone will have the subtitle "The Godfather of VR Porn" ;-) Just stating facts, I did not push him to porn business...
0
0
1

Jarkko Sakkinen

Edited 1 month ago
And I disagree on that insulting part :-) Just some minor different viewpoints on pretty much everything.
0
0
0
I think I should just mention in my CV that I don't have talent for prompting.
1
0
1

Jarkko Sakkinen

While working on my appliance OS build etc. I've let Hindsight to profile the sessions. There's one common theme and it is that in no time I'm in all caps :-) It's often that I write the code in other tmux pane with vim while complaining to prompt in other. So yeah, this is how long-term memories look like ATM.

With kernel code, it's a suicide mission. I don't get the "AI assisted" part in those. It's IMHO the hard way when it comes to Linux. Tried it couple of times and I'm happy that my laptop is still in one piece...

And yeah, whatever they say, I'm not sure how these long term memories are going to help :-)
1
0
0

Jarkko Sakkinen

When Oculus Rift came I thought that this is not probably not for me as I don't have interest for VR porn. It was a product where it the main use case was obvious when it appeared.

I don't know what Mark thought but I guess metaverse was not a porn site at least (so why go there).
1
0
1

Jarkko Sakkinen

Sloppy code going to production is one problem.

What I see a lot is to use let's say "weaker version of GPT to save resources" rather than designing algorithm.

The most common example of this sloppiness is so called compact action, which is across the board fed through inference for summarizing data.

I would assume that these companies, which are overloaded with PhDs, could design one algorithm but no. This summarizing problem I think is still a reachable goal for human civilization.

Maybe after we get quantum computers to production we can start tackling this challenging problem.
0
0
1
Just another piece that is also bad for security overall. I've posted a lot about AI but in order to build security that addresses agents I need to understand all the bad decisions AI industry has made :-) I think there should be a law for removing permit from AI researchers to write any software because they suck at it.
0
0
1

Jarkko Sakkinen

Edited 1 month ago
It's weird that MCP even has its own dev summits. I can almost objectively say that it is good for nothing standard...

It's the other thing that LF pulled to its umbrella together with amazing Goose.

MCP server is a daemon and what clients do is that they query MCPs and fill out automatically some markdown bloat to their context. This is usually about 10-20 KiB per server and describe IPC shim. Then the client sends IPC on a tool call, which MCP then interprets that and makes the real call. It's an achievement to make this sloppy pipeline for executing a single action.

I've always felt that MCP was invented by vibecoding. You don't get this bad ideas elsewhere. Or like business idiot + prompt must have been where this has blossomed most likely.
1
0
1
@jorge @tris and making everything from scratch is essential as how you build inference nodes as you want it go as near proximity of whole box doing OOM as possible to get as much juices as possible. adding weird mddileware has nothing to do reaching such goal...
0
0
0
@tris @jorge it's like offering photoshop as an option when you need a text editor. there is no connection here. they both start with word build yes but that's the end of commonalities.
1
0
0
@tris @jorge i don't have words to express how much i don't care about this
1
0
0
@jwz i think he is in one the phases of assholeness, in the loosing it phase. and if i had to guess superintelligence investments will be yet another example of this theme.
0
0
2

Jarkko Sakkinen

Edited 1 month ago
How I would recommend to host coding agents is:

1. Have something granular in detail but simple (e.g. like Landstrip or Anthropic's own sandbox runtime). This is for protecting files in your home directory for the most part.
2. Wrap that with a container with a disposable rootfs and passwordless sudo. This protects the system from damage that you statiscally will get when being ignorant. The statistics are not on your side in this over long period of time.

For the latter, using Google's gVisor is overall great and secure option. I made a example/reference of this container setup: https://github.com/puavo-org/container-agent
0
0
1

Jarkko Sakkinen

Landstrip 0.3.0 now fully implements Anthropic's file system policy with Landlock rules, and most of the network policy with Landock network rules and a simple seccomp broker that processes bind() and connect() system calls.

The only feature that is missing is allow and deny lists for domains.

I wanted to see where Landlock scales also in order to consider whether root namespace kernel patch set makes sense or not.

https://crates.io/crates/landstrip/

I already was a bit skeptic about rootns in Februrary but agent-as-an-adversary scenarios require more airtight security. It's not the smartness, which is worrying, it's the reaction time to the environment. Races cannot exist.
1
0
0
Show older