HackerTrans
トップ新着トレンドコメント過去質問紹介求人

mavdol04

no profile record

投稿

Show HN: Vpod – Tiny Linux sandbox running in WASM

github.com
12 ポイント·投稿者 mavdol04·25 日前·5 コメント

WASI 0.3

bytecodealliance.org
260 ポイント·投稿者 mavdol04·先月·98 コメント

Show HN: Capsule Bash – Sandboxed Bash for Agents

github.com
3 ポイント·投稿者 mavdol04·2 か月前·3 コメント

Reimagining Bash for Untrusted Contexts

capsulerun.github.io
2 ポイント·投稿者 mavdol04·2 か月前·0 コメント

One-time pad encryption with DNA (Paris to Tokyo)

arxiv.org
1 ポイント·投稿者 mavdol04·3 か月前·0 コメント

[untitled]

1 ポイント·投稿者 mavdol04·4 か月前·0 コメント

Show HN: Sandboxing untrusted code using WebAssembly

github.com
76 ポイント·投稿者 mavdol04·5 か月前·25 コメント

Sandboxing Untrusted Python

gist.github.com
68 ポイント·投稿者 mavdol04·6 か月前·52 コメント

[untitled]

1 ポイント·投稿者 mavdol04·7 か月前·0 コメント

[untitled]

1 ポイント·投稿者 mavdol04·7 か月前·0 コメント

Capsule: Fine-grained isolation for multi-agent systems using WASM

capsuleruntime.substack.com
1 ポイント·投稿者 mavdol04·7 か月前·1 コメント

Show HN: Neural emotion matrix for NPCs

github.com
48 ポイント·投稿者 mavdol04·10 か月前·19 コメント

コメント

mavdol04
·24 日前·議論
It doesn't have browser support yet because it's WASI-based, so there are a few more steps compared to Emscripten (two different ways to build for WebAssembly). But networking is supposed to work, did you have trouble with it?
mavdol04
·24 日前·議論
With RISC‑V emulation we get the virtual hardware components we need to boot Linux like MMU, registers etc. So a GCC WASM backend could definitely help, but I'm not sure it could replace the whole emulation layer.
mavdol04
·先月·議論
It's a bit of a cheat, but you can hit 0.00% every time. Just measure the bar length, then cross-multiply. :)

Example: bar is 1250px, max is 2100, number is 376 → (1250 × 376) / 2100 ≈ 223.8px from the start, that's the 0.00%.
mavdol04
·2 か月前·議論
Working on a RISC-V emulator targeting Wasm. Is RVV 1.0 stable enough to be worth implementing, or would Zve32f/Zve64d already cover most use cases ?
mavdol04
·2 か月前·議論
That's cool, i did exactly the same few years ago
mavdol04
·2 か月前·議論
Nice, what are you building exactly ?
mavdol04
·2 か月前·議論
I am in the EU timezone and had some minor issues recently with GitHub as well, but it never lasts very long.
mavdol04
·3 か月前·議論
The worst that could happen is having your credentials stolen. It’s an LLM architectural flaw, so it has to be at the tools level so the only way to prevent it is still sandboxing in my opinion. Or at least sandboxing the tools themselves
mavdol04
·4 か月前·議論
I think a shared array just avoids the copy, not the serialization which is the main problem as they showed with serde-wasm-bindgen test
mavdol04
·4 か月前·議論
Wait, you just invented a reverse CAPTCHA for AI agent
mavdol04
·4 か月前·議論
That’s great, but it can’t be used in production because it’s not available for Linux (so no AWS, no GCP, etc.) and requires Docker Desktop. Still nice for experimenting, though.
mavdol04
·4 か月前·議論
I mean standardizing on an x86 subset would replace wasm's native portability with a kind of 'emulated' compatibility, and this is one of wasm's strengths. If we do that, non-x86 hardware(mobile etc.) will pay the translation tax. So, keeping Wasm agnostic makes more sense anyway.
mavdol04
·5 か月前·議論
It actually works a bit differently. The eval is executed by the interpreter running inside the isolated wasm sandbox (StarlingMonkey). You can think of it as each sandbox having its own dedicated JavaScript engine.
mavdol04
·5 か月前·議論
Thanks! Not yet, but that's a great idea. I could definitely add it to the roadmap.
mavdol04
·5 か月前·議論
yeah, the previous example was quite basic. I will write a complete example for that, but here is how you can run dynamic code:

   import { task } from "@capsule-run/sdk";

   export default task({
     name: "main",
     compute: "HIGH",
   }, async () => {
     const untrustedCode = "const x = 10; x * 2 + 5;";
     const result = eval(untrustedCode);
     return result;
   });
Hope that helps!
mavdol04
·5 か月前·議論
I would love for the component model tooling to reach that level of maturity.

Since the runtime uses standard WASI and not Emscripten, we don't have that seamless dynamic linking yet. It will be interesting to see how the WASI path eventually converges with what Pyodide can do today regarding C-extensions.
mavdol04
·5 か月前·議論
Thanks for the feedback! What do you think about running the separate file directly from the decorator?
mavdol04
·5 か月前·議論
Thanks! Got it, I will add more examples for that. Currently you can do both: run dynamically untrusted code with eval, or run fully encapsulated logic (like in the existing examples).

I made a small example that might give you a better idea (it's not eval, but shows how to isolate a specific data processing task): https://github.com/mavdol/capsule/tree/main/examples/javascr...

And yes, you are spot on regarding LeetCode platforms. The resource limits are also designed for that kind of usage.
mavdol04
·5 か月前·議論
I understand your point. I added native Python support because C extensions will eventually become compatible. Also, we might see more libraries built with Rust extensions appearing, which will be much easier to port to Wasm.
mavdol04
·5 か月前·議論
I recreated many Node.js built-ins so compatibility is actually quite extended.

For Python, the main limitation is indeed C extensions. I'm looking for solutions. the move to WASI 0.3 will certainly help with that.