Jarkko Sakkinen
jarkko
Oops, I typoed Landstrip as Landslop. Not a slopcopy tho, as very few really even use Landlock for anything. So yeah, it is my own dumb idea with a seal :-)
0
0
1
Jarkko Sakkinen
jarkko3800 SLOC in some days for Landstrip.
With this productivity I still have work to do on reaching the gstack levels :-)
0
0
0
Jarkko Sakkinen
jarkko
I created a proof-of-concept fork of pi-hashline-readmap plugin, integrating sandbox to its compressed bash output pipeline:
https://github.com/jarkkojs/pi-hashline-readmap
It's a bit more non-trivial integration example because bash hook cannot just be repealed and replaced.
With a very thin and unintrusive layer that Landlock LSM provides and SECCOMP notifications further help to make more robust Landstrip provides very lean integration path for sandboxing coding agents in Linux. And yeah, stuff like below can be described with this.
https://github.com/jarkkojs/pi-hashline-readmap
It's a bit more non-trivial integration example because bash hook cannot just be repealed and replaced.
With a very thin and unintrusive layer that Landlock LSM provides and SECCOMP notifications further help to make more robust Landstrip provides very lean integration path for sandboxing coding agents in Linux. And yeah, stuff like below can be described with this.
1
0
2
Jarkko Sakkinen
jarkko
ordered 4x NAS hard drives late March. expected delivery time is 16th of October :-) From Amazon. it was 16th from the get go. i'd guess (don't know) that is poor availability of chips...
0
0
1
Jarkko Sakkinen
jarkko
it's good to show, not for show off, but just express that "hey i can still innovate in code too", like the small sandbox i did within last few days. it's important because specs are not at the core of that innovation at all, and never have been. and quantization that LLM represents is at the end of a day just a lost and forgotten snapshot of reality with an extremely bad quality and lossful compression. and only a tiny finite slice of what is outside of that spectrum...
1
0
1
Jarkko Sakkinen
jarkko
This seems to work, so:
https://github.com/anthropic-experimental/sandbox-runtime/issues/291
I've written in detail why I feel like that to the issue.
https://github.com/anthropic-experimental/sandbox-runtime/issues/291
I've written in detail why I feel like that to the issue.
1
0
0
Jarkko Sakkinen
jarkko
While working on my appliance OS build etc. I've let Hindsight to profile the sessions. There's one common theme and it is that in no time I'm in all caps :-) It's often that I write the code in other tmux pane with vim while complaining to prompt in other. So yeah, this is how long-term memories look like ATM.
With kernel code, it's a suicide mission. I don't get the "AI assisted" part in those. It's IMHO the hard way when it comes to Linux. Tried it couple of times and I'm happy that my laptop is still in one piece...
And yeah, whatever they say, I'm not sure how these long term memories are going to help :-)
With kernel code, it's a suicide mission. I don't get the "AI assisted" part in those. It's IMHO the hard way when it comes to Linux. Tried it couple of times and I'm happy that my laptop is still in one piece...
And yeah, whatever they say, I'm not sure how these long term memories are going to help :-)
1
0
0
Jarkko Sakkinen
jarkko
When Oculus Rift came I thought that this is not probably not for me as I don't have interest for VR porn. It was a product where it the main use case was obvious when it appeared.
I don't know what Mark thought but I guess metaverse was not a porn site at least (so why go there).
I don't know what Mark thought but I guess metaverse was not a porn site at least (so why go there).
1
0
1
Jarkko Sakkinen
jarkko
Sloppy code going to production is one problem.
What I see a lot is to use let's say "weaker version of GPT to save resources" rather than designing algorithm.
The most common example of this sloppiness is so called compact action, which is across the board fed through inference for summarizing data.
I would assume that these companies, which are overloaded with PhDs, could design one algorithm but no. This summarizing problem I think is still a reachable goal for human civilization.
Maybe after we get quantum computers to production we can start tackling this challenging problem.
What I see a lot is to use let's say "weaker version of GPT to save resources" rather than designing algorithm.
The most common example of this sloppiness is so called compact action, which is across the board fed through inference for summarizing data.
I would assume that these companies, which are overloaded with PhDs, could design one algorithm but no. This summarizing problem I think is still a reachable goal for human civilization.
Maybe after we get quantum computers to production we can start tackling this challenging problem.
0
0
1
Jarkko Sakkinen
jarkko
Edited 15 days ago
It's weird that MCP even has its own dev summits. I can almost objectively say that it is good for nothing standard...
It's the other thing that LF pulled to its umbrella together with amazing Goose.
MCP server is a daemon and what clients do is that they query MCPs and fill out automatically some markdown bloat to their context. This is usually about 10-20 KiB per server and describe IPC shim. Then the client sends IPC on a tool call, which MCP then interprets that and makes the real call. It's an achievement to make this sloppy pipeline for executing a single action.
I've always felt that MCP was invented by vibecoding. You don't get this bad ideas elsewhere. Or like business idiot + prompt must have been where this has blossomed most likely.
It's the other thing that LF pulled to its umbrella together with amazing Goose.
MCP server is a daemon and what clients do is that they query MCPs and fill out automatically some markdown bloat to their context. This is usually about 10-20 KiB per server and describe IPC shim. Then the client sends IPC on a tool call, which MCP then interprets that and makes the real call. It's an achievement to make this sloppy pipeline for executing a single action.
I've always felt that MCP was invented by vibecoding. You don't get this bad ideas elsewhere. Or like business idiot + prompt must have been where this has blossomed most likely.
1
0
1
Jarkko Sakkinen
jarkko
Landstrip 0.3.0 now fully implements Anthropic's file system policy with Landlock rules, and most of the network policy with Landock network rules and a simple seccomp broker that processes bind() and connect() system calls.
The only feature that is missing is allow and deny lists for domains.
I wanted to see where Landlock scales also in order to consider whether root namespace kernel patch set makes sense or not.
https://crates.io/crates/landstrip/
I already was a bit skeptic about rootns in Februrary but agent-as-an-adversary scenarios require more airtight security. It's not the smartness, which is worrying, it's the reaction time to the environment. Races cannot exist.
The only feature that is missing is allow and deny lists for domains.
I wanted to see where Landlock scales also in order to consider whether root namespace kernel patch set makes sense or not.
https://crates.io/crates/landstrip/
I already was a bit skeptic about rootns in Februrary but agent-as-an-adversary scenarios require more airtight security. It's not the smartness, which is worrying, it's the reaction time to the environment. Races cannot exist.
1
0
0
Jarkko Sakkinen
jarkko
Edited 15 days ago
Building GNOME was already hard but creating installer is exceptionally hard :-) And to make sure vanilla state with the build, each trial requires 2h of wait.
I use Python and https://textual.textualize.io/, which I found and seems to do its job.
Installation works like that the live version copies its live bootc image to the target system i.e., it literally duplicates. Based on composefs and ostree.
For hardware capabilities I have detection and capabilty tags consumed by k3s, which uses them to configure Helm threads correctly. It gives quite robust and easy way to run local vLLM payloads without extra configuration.
I have both discrete and unified memory hardware available to make sure things are not overall wrong. I have enabled e.g., also NVLink and ConnectX but all of this is untested given lack of gear basically.
Relevant repositories for this Buildroot fork (technically not, it's in-fact br2-external) will eventually be:
1. https://codeberg.org/puu/puu
2. https://quay.io/puu/puu
Really don't know yet when as this last 1% takes its time :-) Puu literally can turn a gaming PC a dedicated local LLM appliance with gotcha that it uses "dedicated/appliance" approach. I think it is important to make things better and less harmful. This is from my side more like harm reduction than promoting the technology itself.
I use Python and https://textual.textualize.io/, which I found and seems to do its job.
Installation works like that the live version copies its live bootc image to the target system i.e., it literally duplicates. Based on composefs and ostree.
For hardware capabilities I have detection and capabilty tags consumed by k3s, which uses them to configure Helm threads correctly. It gives quite robust and easy way to run local vLLM payloads without extra configuration.
I have both discrete and unified memory hardware available to make sure things are not overall wrong. I have enabled e.g., also NVLink and ConnectX but all of this is untested given lack of gear basically.
Relevant repositories for this Buildroot fork (technically not, it's in-fact br2-external) will eventually be:
1. https://codeberg.org/puu/puu
2. https://quay.io/puu/puu
Really don't know yet when as this last 1% takes its time :-) Puu literally can turn a gaming PC a dedicated local LLM appliance with gotcha that it uses "dedicated/appliance" approach. I think it is important to make things better and less harmful. This is from my side more like harm reduction than promoting the technology itself.
1
0
0
Jarkko Sakkinen
jarkko
Edited 15 days ago
The DGX Spark that I have in my use to develop an operating system (my employers property) has raised value circa ~1000 since purchase.
0
0
1
Jarkko Sakkinen
jarkko
Edited 15 days ago
Free or overly subsidized subscriptions means always some way of sucking value from the customers.
This is has how world has always worked, and I have doubts that anything would have changed.
This is why I e.g., pay money for my email account.
This is has how world has always worked, and I have doubts that anything would have changed.
This is why I e.g., pay money for my email account.
1
0
2
Jarkko Sakkinen
jarkko
I have to say that the thing that Arjan vibecoded appeals me: https://github.com/fenrus75/turbostar2
It also shows the difference of someone actually having the deep understanding of software and hardware using these tools :-) I don't have to browse many files to see that the code has nice and lean structure, and feels right overall.
It also shows the difference of someone actually having the deep understanding of software and hardware using these tools :-) I don't have to browse many files to see that the code has nice and lean structure, and feels right overall.
0
0
2