Posts
5785
Following
355
Followers
555
.
jarkko

Jarkko Sakkinen

Reply to @jarkko
@tris It addresses whole vector of race condition, which always exist for example in container creation. That small time window is unforgivable in the case of LLM.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @tris@chaos.social
@tris In the case of blocking agents tackling that outside of paths is the context here. All the bad stuff is always related to paths in security. Landlock does not work in that space so it can brickwall where agen process can move. Thus, it just ended up being the right block.
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
@tris for this project and many other i actually just browsed https://elixir.bootlin.com/linux/v7.0.12/source to look for what would fit and then browsed what landlock does and this how things connect.
1
0
1
jarkko

Jarkko Sakkinen

Reply to @jarkko
@tris so i don't really spend my time looking at tools. i have an idea and then i try see what fits to implement that idea
1
0
1
jarkko

Jarkko Sakkinen

Reply to @tris@chaos.social
@tris i don't know. i don't use landlock because of landlock but because it fits to the goals, which are readable from landstrip's man page. it also use seccomp.
1
0
0
jarkko

Jarkko Sakkinen

full pass :-)
1
0
1
jarkko

Jarkko Sakkinen

Reply to @jarkko
@linuscat async is exactly kind of feature that a web developer would think that would make sense for a systems language.
0
0
1
jarkko

Jarkko Sakkinen

Reply to @linuscat@infosec.exchange
@linuscat I think that async is the point when Rust went wrong.

I never use async or even bothered the learn it. As an alternative I design my own threading model that fits for that app. It's a language feature that embeds a policy, and thus not suitable for language like Rust.
2
0
1
jarkko

Jarkko Sakkinen

In the current state of Rust it has reached complexity of C++. It really does not have a winning ticket anymore on being lean. Instead it is enterprisy monster.
1
0
2
jarkko

Jarkko Sakkinen

This was exactly kind of tricky corner-case that would be very hard to rethink in a spec. The experimental plugin for Pi really helps finding out bugs like this.

https://github.com/jarkkojs/landstrip/commit/00635b63ef46b46fba2e4f04abb96c866217c68e

#landlock #landstrip #lsm
0
0
1
jarkko

Jarkko Sakkinen

Reply to @jarkko
Pre-AI if I had implemented a sandbox like ASR is implemented that would have most likely resulted some discussions with my manager because of unexpected low level of quality.
0
0
0
jarkko

Jarkko Sakkinen

Edited 4 days ago
Anyone who understands even the bare basics of numerical methods and optimization should know that agent loop with a spec does not produce necessarily the solution that would be the most plausible.

There is no real intelligence and the process converges to a product that is across the board less-than-median quality.

Anthropic has shown off how agents construct a compiler but more interesting example of their demos is Anthropic Sandbox Runtime. It clearly demonstrates what quality of result you get if you trust on a-spec-delivery process.
1
0
0
jarkko

Jarkko Sakkinen

I did not understand fully before why LSM stacking makes sense but with coding agents it is a dead obvious kernel feature to have. You cannot otherwise get any hold of those bastards.
0
0
1
jarkko

Jarkko Sakkinen

porn industry is probably the only industry who has made stedily money from Internet ecosystem from the get go. and technologies just pile up. first vr porn. then ai porn. then ai vr porn.
0
0
0
jarkko

Jarkko Sakkinen

haven't gone a lot to conferences in last few years but not likely that I will until their main topic stops being prompting lol :-) and goose
0
0
1
jarkko

Jarkko Sakkinen

somehow that Goosedump just fits to the theme :-)

Sandbox is marker for the pi-landstrip plugin.

Read tool call is overriden by pi-readseek, which my third plugin.

goosedump, landstrip, readseek are also independent programs and useful by themselves.

E.g., I plan to write vim-plugin vim-readseek for doing LSP type of stuff as I dislike LSP.
0
0
0
jarkko

Jarkko Sakkinen

the English word that I like least is "safe" ;-)
0
0
0
jarkko

Jarkko Sakkinen

ai psychosis is so weird:

"I made a language (possibly) faster than C, and safer.

I am going to pre-empt this by asking you not to automatically believe me, because I don't want my claims to go without scrutiny. As such, I will provide all the source files to back it up, and invite you to look at them:"

every other middle-manager has faster C.

and safer.
0
0
0
jarkko

Jarkko Sakkinen

Reply to @linuscat@infosec.exchange
@linuscat it's bad if windows dies, or degrades because competition is great... i hope that windows survives and fosters from this actually if i really think about it.
0
0
1
jarkko

Jarkko Sakkinen

I don't about year of desktop Linux but Copilot killed Windows.
2
0
1
Show older
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: