Jarkko Sakkinen
jarkko
I have a program that reads old session contexts from various coding agents, and provides queries and summarizations and foresincs stuff. It is both digital foresincs tool and replacement for /compact in coding agents.
The only problem is that only names I can make up are not necessarily politically correct.
Would it be appropriate to call it "slopdb"?
The only problem is that only names I can make up are not necessarily politically correct.
Would it be appropriate to call it "slopdb"?
1
0
1
Jarkko Sakkinen
jarkko
Asterinas makes claims about being more secure than Linux. I missed how they measure security.
0
0
0
Jarkko Sakkinen
jarkko
Edited 6 days ago
Landstrip is sort of done or I don't know what to do with it further :-)
Fix bugs and improve output returned to coding agent or other host I guess.
I think the learning for me from this was that tool command would work pretty well in non-AI situations. E.g., it is great for executing external commands in a file manager.
And Anthropic's description of architecture is well-made and I get it. The problem is that neither them nor their world most dangrous AIs are great at writing code, so their implementation is a shadow of the spec. This is why never trust AI researchers when they say anything about code.
Fix bugs and improve output returned to coding agent or other host I guess.
I think the learning for me from this was that tool command would work pretty well in non-AI situations. E.g., it is great for executing external commands in a file manager.
And Anthropic's description of architecture is well-made and I get it. The problem is that neither them nor their world most dangrous AIs are great at writing code, so their implementation is a shadow of the spec. This is why never trust AI researchers when they say anything about code.
1
0
1
Jarkko Sakkinen
jarkko
Landstrip 0.9.6 implements the Unix domain socket policy for Linux with LANDLOCK_ACCESS_FS_RESOLVE_UNIX, and falls back on using seccomp policy if the interface is not available.
Unix domain socket Landlock LSM policies are an upcoming feature in Linux 7.1.
https://crates.io/crates/landstrip/0.9.6
https://lore.kernel.org/linux-security-module/20260327164838.38231-1-gnoack3000@gmail.com/
Unix domain socket Landlock LSM policies are an upcoming feature in Linux 7.1.
https://crates.io/crates/landstrip/0.9.6
https://lore.kernel.org/linux-security-module/20260327164838.38231-1-gnoack3000@gmail.com/
0
0
1
Jarkko Sakkinen
jarkko
i don't think i have any use for landstrip for the meant purpose but i think it is also useful just to limit "normal" scripts when doing unorthodox things. I can cause damage too :-) That's was actually my own use motivation. I don't have intended security scenario to deal with at home.
0
0
0
Jarkko Sakkinen
jarkko
It seems to a big thing that one needs to know what you want to develop.
The problem is that also "what" is delegated to an agent harness, which emits a markdown spec.
The problem is that also "what" is delegated to an agent harness, which emits a markdown spec.
0
0
0
Jarkko Sakkinen
jarkko
Some comparison:
1. Anthropic's Sandbox Runtime internals: 12,4 KSLOC.
2. My internals (patch to ASR + Landstrip): ~4 KSLOC.
It's a great reality vs demos comparison. It has nothing to do with my talent, anyone can do it. All you need is an idea or unsolved problem. Then you imagine how it should if it was already working.
Simply knowing that has already saved tokens worth of ridiculous sums of money. "What we should be actually doing?" There's no spec for that.
Taking time with implementation is when you retain the control. Not being left behind is in reality falling out of the wagon.
1. Anthropic's Sandbox Runtime internals: 12,4 KSLOC.
2. My internals (patch to ASR + Landstrip): ~4 KSLOC.
It's a great reality vs demos comparison. It has nothing to do with my talent, anyone can do it. All you need is an idea or unsolved problem. Then you imagine how it should if it was already working.
Simply knowing that has already saved tokens worth of ridiculous sums of money. "What we should be actually doing?" There's no spec for that.
Taking time with implementation is when you retain the control. Not being left behind is in reality falling out of the wagon.
0
0
0
Jarkko Sakkinen
jarkko
Edited 8 days ago
Specification driven agentic harnesses is like total lobotomy or k-hole of software development processes.
It's really hard to even begin describe how that is such a wrongful and invaid resolution.
It's like Putin playing ice hockey. That's the only short explanation I can formalize.
It's really hard to even begin describe how that is such a wrongful and invaid resolution.
It's like Putin playing ice hockey. That's the only short explanation I can formalize.
1
0
0
Jarkko Sakkinen
jarkko
A timebomb that is now building fast is how companies will evaluate their employees when LLMs are all over the place.
E.g. when incompetent person generates code that they cannot cope, we have a huge problem.
In the worst case scenario the use LLMs can lead even into misguided HR decisions where the talented leave the ship, and untalented stay.
For me it appears we are in a free fall and this will cause a lot of damage but I hope I am wrong.
E.g. when incompetent person generates code that they cannot cope, we have a huge problem.
In the worst case scenario the use LLMs can lead even into misguided HR decisions where the talented leave the ship, and untalented stay.
For me it appears we are in a free fall and this will cause a lot of damage but I hope I am wrong.
1
0
1
Jarkko Sakkinen
jarkko
If you look it from the correct perspective, improving agent sandboxing and building local interference appliance OS are actually making an argument for the importance of human talent when inventing new software products.
They the get attention of the right audience where the opinion should be appointed to.
They the get attention of the right audience where the opinion should be appointed to.
0
0
0
Jarkko Sakkinen
jarkko
430 additions & 12457 deletions:
https://github.com/jarkkojs/sandbox-runtime/tree/feat/landstrip
Reversing the slop.
https://github.com/jarkkojs/sandbox-runtime/tree/feat/landstrip
Reversing the slop.
0
0
0
Jarkko Sakkinen
jarkko
Filetype and network isolation principles in Landstrip map pretty much to:
https://www.anthropic.com/engineering/claude-code-sandboxing
Probably with some battle-testing and bug squashing it could replace all the shenanigans beyond a small shim in ASR.
I did not really check ASR implementation while doing this because there is nothing to learn from it (all garbage tbh) but this might even extend its capabilities given Windows support.
Cannot recall if it had Windows or not...
https://www.anthropic.com/engineering/claude-code-sandboxing
Probably with some battle-testing and bug squashing it could replace all the shenanigans beyond a small shim in ASR.
I did not really check ASR implementation while doing this because there is nothing to learn from it (all garbage tbh) but this might even extend its capabilities given Windows support.
Cannot recall if it had Windows or not...
0
0
0
Jarkko Sakkinen
jarkko
OpenCode plugin for Landstrip:
https://www.npmjs.com/package/opencode-landstrip
Early work. Can (and probably does) have bugs. Just ramping up to get things ongoing.
Some Pi/OpenCode plugin API differences remarked to README dot md.
https://www.npmjs.com/package/opencode-landstrip
Early work. Can (and probably does) have bugs. Just ramping up to get things ongoing.
Some Pi/OpenCode plugin API differences remarked to README dot md.
0
0
0
Jarkko Sakkinen
jarkko
Edited 9 days ago
Landstrip 0.8.2 creates sandbox from Anthropic Sandbox Runtime (ASR) compatible JSON policy.
Enabled platforms now include:
1. Linux (landlock with seccomp notifications)
2. macOS (Seatbelt FFI calls)
3. Windows (AppContainer profiles with ACLs)
It's a single-binary sandbox solution i.e., one which does not create confusing to audit topology for threat scenarios.
An additional (but easy to manage like e.g., Landstrip) binary is still required to have any kind of meaningful security, given that only correct topology can realize the coding agent and sandbox not sharing the attack surface.
They are BOTH disjoint executable files and process entities at run-time, which is highly important.
When we create operating systems, this topology allows e.g., to fine-tune process rights (could be for example SELinux profile) separately for coding agents and sandboxes.
Properly implemented sandbox provides the first encounter intrusion detection layer for malicious applications. This is why thinking the layers of defence in system and process level is a priority.
https://crates.io/crates/landstrip/0.8.2
#anthropic #sandbox #runtime
Enabled platforms now include:
1. Linux (landlock with seccomp notifications)
2. macOS (Seatbelt FFI calls)
3. Windows (AppContainer profiles with ACLs)
It's a single-binary sandbox solution i.e., one which does not create confusing to audit topology for threat scenarios.
An additional (but easy to manage like e.g., Landstrip) binary is still required to have any kind of meaningful security, given that only correct topology can realize the coding agent and sandbox not sharing the attack surface.
They are BOTH disjoint executable files and process entities at run-time, which is highly important.
When we create operating systems, this topology allows e.g., to fine-tune process rights (could be for example SELinux profile) separately for coding agents and sandboxes.
Properly implemented sandbox provides the first encounter intrusion detection layer for malicious applications. This is why thinking the layers of defence in system and process level is a priority.
https://crates.io/crates/landstrip/0.8.2
#anthropic #sandbox #runtime
2
1
1
Jarkko Sakkinen
jarkko
These older Joel's writeups are not really followed these days:
- https://www.joelonsoftware.com/2001/04/21/dont-let-architecture-astronauts-scare-you/
- https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/
It's like stuff was engineered to be so complex that nobody will want to touch it without agents, which would make agents "fake productive" development tool.
I believe that more be research what has happened, the more we will understand the net gain of agents, and this research should include metrics for system complexity.
All claims what have been done by ANYONE can be considered believes not knowledge, when it comes to productivity.
I believe that it is convenience when being serious at all about software. And I've never enable auto-complete in my text editor either because I need space to think - not shit to happen.
- https://www.joelonsoftware.com/2001/04/21/dont-let-architecture-astronauts-scare-you/
- https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/
It's like stuff was engineered to be so complex that nobody will want to touch it without agents, which would make agents "fake productive" development tool.
I believe that more be research what has happened, the more we will understand the net gain of agents, and this research should include metrics for system complexity.
All claims what have been done by ANYONE can be considered believes not knowledge, when it comes to productivity.
I believe that it is convenience when being serious at all about software. And I've never enable auto-complete in my text editor either because I need space to think - not shit to happen.
0
0
0
