Jarkko Sakkinen
jarkko
Edited 10 days ago
Specification driven agentic harnesses is like total lobotomy or k-hole of software development processes.
It's really hard to even begin describe how that is such a wrongful and invaid resolution.
It's like Putin playing ice hockey. That's the only short explanation I can formalize.
It's really hard to even begin describe how that is such a wrongful and invaid resolution.
It's like Putin playing ice hockey. That's the only short explanation I can formalize.
1
0
0
Jarkko Sakkinen
jarkko
@barthalion @staticnoisexyz thanks, good to hear. seems that it's a good basis for what i'm doing after all :-)
have not seen anything this unprofessional for some time and that's why i fell for it, duh. lessons learned. i'll check the facts properly next time.
have not seen anything this unprofessional for some time and that's why i fell for it, duh. lessons learned. i'll check the facts properly next time.
0
0
0
If I was working in such environment where I was enforced to improve my productivity with agents, I would never had free space e.g., to invent this sandboxing stuff. It gives space look at things from outside and with a critical eye. I've never been a person "who ships" but instead more like person "who invents" (not saying I'm great at it but that is what I enjoy anyway), and thus my "shipping volumes" are always low in terms on SLOC.
0
0
0
Jarkko Sakkinen
jarkko
@oleksandr Yeah, I mean it does not help somelike me uses this type of stuff with extreme caution and consideration :D It actually might make me fired in some other company in the worst case.
1
0
0
Jarkko Sakkinen
jarkko
A timebomb that is now building fast is how companies will evaluate their employees when LLMs are all over the place.
E.g. when incompetent person generates code that they cannot cope, we have a huge problem.
In the worst case scenario the use LLMs can lead even into misguided HR decisions where the talented leave the ship, and untalented stay.
For me it appears we are in a free fall and this will cause a lot of damage but I hope I am wrong.
E.g. when incompetent person generates code that they cannot cope, we have a huge problem.
In the worst case scenario the use LLMs can lead even into misguided HR decisions where the talented leave the ship, and untalented stay.
For me it appears we are in a free fall and this will cause a lot of damage but I hope I am wrong.
1
0
1
Jarkko Sakkinen
jarkko
If you look it from the correct perspective, improving agent sandboxing and building local interference appliance OS are actually making an argument for the importance of human talent when inventing new software products.
They the get attention of the right audience where the opinion should be appointed to.
They the get attention of the right audience where the opinion should be appointed to.
0
0
0
Jarkko Sakkinen
jarkko
430 additions & 12457 deletions:
https://github.com/jarkkojs/sandbox-runtime/tree/feat/landstrip
Reversing the slop.
https://github.com/jarkkojs/sandbox-runtime/tree/feat/landstrip
Reversing the slop.
0
0
0
Jarkko Sakkinen
jarkko
Filetype and network isolation principles in Landstrip map pretty much to:
https://www.anthropic.com/engineering/claude-code-sandboxing
Probably with some battle-testing and bug squashing it could replace all the shenanigans beyond a small shim in ASR.
I did not really check ASR implementation while doing this because there is nothing to learn from it (all garbage tbh) but this might even extend its capabilities given Windows support.
Cannot recall if it had Windows or not...
https://www.anthropic.com/engineering/claude-code-sandboxing
Probably with some battle-testing and bug squashing it could replace all the shenanigans beyond a small shim in ASR.
I did not really check ASR implementation while doing this because there is nothing to learn from it (all garbage tbh) but this might even extend its capabilities given Windows support.
Cannot recall if it had Windows or not...
0
0
0
Jarkko Sakkinen
jarkko
OpenCode plugin for Landstrip:
https://www.npmjs.com/package/opencode-landstrip
Early work. Can (and probably does) have bugs. Just ramping up to get things ongoing.
Some Pi/OpenCode plugin API differences remarked to README dot md.
https://www.npmjs.com/package/opencode-landstrip
Early work. Can (and probably does) have bugs. Just ramping up to get things ongoing.
Some Pi/OpenCode plugin API differences remarked to README dot md.
0
0
0
Jarkko Sakkinen
jarkko
@staticnoisexyz It was here in Mastodon: https://hachyderm.io/@jorge/116607961190448307
I'm not familiar with app ecosystem in general or what cncf does actually.
I'm not familiar with app ecosystem in general or what cncf does actually.
1
0
0
@Aissen Anthropic is an evil actor in security. Their software is bad and also they use offensive social engineering as marketing strategy i.e., I consider that company as a blackhat actor despite having legal business activities.
I don't like to use their stuff. Still, this makes sense to me :-)
I don't like to use their stuff. Still, this makes sense to me :-)
1
0
0
@Aissen I try to interrept same way as Seatbelt does in Anthtropic Sandbox Runtime, which Anthropic itself does not properly do in Linux. My choice is based on spread instead of looking perfect model for policy. Overall it's not too bad. E.g. network limitations do make sense to me.
This article explains quite well the concepts of filesystem and network isolation:
https://www.anthropic.com/engineering/claude-code-sandboxing
The difference is that I take only concept and Landstrip realizes that as an implementation of a sandbox.
This article explains quite well the concepts of filesystem and network isolation:
https://www.anthropic.com/engineering/claude-code-sandboxing
The difference is that I take only concept and Landstrip realizes that as an implementation of a sandbox.
1
0
1
Jarkko Sakkinen
jarkko
@Aissen E.g.,
❯ landstrip cargo test
{
"filesystem": {
"allowWrite": [".", "~/.cargo"],
"denyWrite": [".git/hooks"],
"denyRead": ["~/.ssh"],
"allowRead": ["~/.ssh/config"]
},
"network": {
"httpProxyPort": 8080,
"socksProxyPort": 8081,
"allowLocalBinding": false,
"allowUnixSockets": ["/run/user/1000/agent.sock"],
"allowAllUnixSockets": false
}
}
Finished `test` profile [unoptimized + debuginfo] target(s) in 0.03s
Running unittests src/main.rs (target/debug/deps/landstrip-5467b4d0d80bb461)
running 0 tests
test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
I had to fix couple of bugs to response (stdin fallback) so I guess it was a valid question :-) This should have tests yes but I don't like to add them while ramping up a structure because they tend to sometimes do unfavor to architecture.
It's better to do first maybe a bit unstable but architecturally sustainable :-) I'll release 0.8.3.
❯ landstrip cargo test
{
"filesystem": {
"allowWrite": [".", "~/.cargo"],
"denyWrite": [".git/hooks"],
"denyRead": ["~/.ssh"],
"allowRead": ["~/.ssh/config"]
},
"network": {
"httpProxyPort": 8080,
"socksProxyPort": 8081,
"allowLocalBinding": false,
"allowUnixSockets": ["/run/user/1000/agent.sock"],
"allowAllUnixSockets": false
}
}
Finished `test` profile [unoptimized + debuginfo] target(s) in 0.03s
Running unittests src/main.rs (target/debug/deps/landstrip-5467b4d0d80bb461)
running 0 tests
test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
I had to fix couple of bugs to response (stdin fallback) so I guess it was a valid question :-) This should have tests yes but I don't like to add them while ramping up a structure because they tend to sometimes do unfavor to architecture.
It's better to do first maybe a bit unstable but architecturally sustainable :-) I'll release 0.8.3.
1
0
0
Jarkko Sakkinen
jarkko
Edited 11 days ago
Landstrip 0.8.2 creates sandbox from Anthropic Sandbox Runtime (ASR) compatible JSON policy.
Enabled platforms now include:
1. Linux (landlock with seccomp notifications)
2. macOS (Seatbelt FFI calls)
3. Windows (AppContainer profiles with ACLs)
It's a single-binary sandbox solution i.e., one which does not create confusing to audit topology for threat scenarios.
An additional (but easy to manage like e.g., Landstrip) binary is still required to have any kind of meaningful security, given that only correct topology can realize the coding agent and sandbox not sharing the attack surface.
They are BOTH disjoint executable files and process entities at run-time, which is highly important.
When we create operating systems, this topology allows e.g., to fine-tune process rights (could be for example SELinux profile) separately for coding agents and sandboxes.
Properly implemented sandbox provides the first encounter intrusion detection layer for malicious applications. This is why thinking the layers of defence in system and process level is a priority.
https://crates.io/crates/landstrip/0.8.2
#anthropic #sandbox #runtime
Enabled platforms now include:
1. Linux (landlock with seccomp notifications)
2. macOS (Seatbelt FFI calls)
3. Windows (AppContainer profiles with ACLs)
It's a single-binary sandbox solution i.e., one which does not create confusing to audit topology for threat scenarios.
An additional (but easy to manage like e.g., Landstrip) binary is still required to have any kind of meaningful security, given that only correct topology can realize the coding agent and sandbox not sharing the attack surface.
They are BOTH disjoint executable files and process entities at run-time, which is highly important.
When we create operating systems, this topology allows e.g., to fine-tune process rights (could be for example SELinux profile) separately for coding agents and sandboxes.
Properly implemented sandbox provides the first encounter intrusion detection layer for malicious applications. This is why thinking the layers of defence in system and process level is a priority.
https://crates.io/crates/landstrip/0.8.2
#anthropic #sandbox #runtime
2
1
1
Jarkko Sakkinen
jarkko
@2something @Flaky @kayttaja I'm happy to be corrected and truly sorry that I fell for it :-)
I've also spent countless hours to enable Flatpak to my Buildroot build so kind of was sensitive topic. I'll continue using it and see what happens.
The way I approach GNOME is:
1. Minimal Buildroot packaging.
2. Pre-seed majority of GNOME stock from Flatpak.
It does this use case pretty well.
I've also spent countless hours to enable Flatpak to my Buildroot build so kind of was sensitive topic. I'll continue using it and see what happens.
The way I approach GNOME is:
1. Minimal Buildroot packaging.
2. Pre-seed majority of GNOME stock from Flatpak.
It does this use case pretty well.
1
1
1