HackerLangs
TopNewTrendsCommentsPastAskShowJobs

Gerharddc

no profile record

Submissions

Litterbox: Somewhat Isolated Development Environments [video]

youtube.com
2 points·by Gerharddc·2 miesiące temu·1 comments

PyTorch on ROCm Inside a Litterbox

rustyelectrons.com
1 points·by Gerharddc·5 miesięcy temu·1 comments

Show HN: Litterbox – Defend Against Supply Chain Attacks

litterbox.work
1 points·by Gerharddc·7 miesięcy temu·0 comments

Show HN: Litterbox – Somewhat Isolated Development Environments

litterbox.work
2 points·by Gerharddc·8 miesięcy temu·0 comments

comments

Gerharddc
·11 dni temu·discuss
For sure, and I think most people would agree with this. However, I also think most people treat it differently when it is someone so high up because they have a lot of control and, more importantly, accumulate a large part of the profit.

I don't think you should not be allowed to have strong political opinions in such a position. I just think that in this case, it is very dangerous to express so much support for them in such a public way. I say this because (from my perspective at least) a large part of Mullvad's "competitive advantage" is their brand image, and it just feels that a link to controversial politics probably does more harm than good to this brand image.
Gerharddc
·15 dni temu·discuss
Really cool to see work progressing on this! It would be awesome to one day be able to use Zig for serious shader work
Gerharddc
·w zeszłym miesiącu·discuss
Fair enough. I was referring to the GUI framework space in general, not specifically for Zig
Gerharddc
·w zeszłym miesiącu·discuss
At first I was very excited about this project. After reading the comments, I'm now deeply saddened by it... Given how much competition there already is in the GUI framework space, it's very difficult to see why something hastily thrown together by AI would get much traction. To really make an impact in this space, I think we'll need to see something thoughtfully designed that really tries to innovate in some profound way rather than just being more of the same
Gerharddc
·w zeszłym miesiącu·discuss
Very interesting write-up, thank you! I never really considered that compilers can also use asserts to improve performance, but it does make sense.
Gerharddc
·w zeszłym miesiącu·discuss
This seems like a very positive move to me. It makes it clear what Zig days are about so people know what to expect. There are 1000s of other events for people who want to build with LLMs so it's nice to have some recourse for those who still want to code by hand
Gerharddc
·w zeszłym miesiącu·discuss
I'm very excited about the future of Zig! I really love the conservative and measured approach they are taking. Unlike many others these days, they appear to prioritise doing things right over simply going as fast as possible and trying to grab as much attention as possible.
Gerharddc
·2 miesiące temu·discuss
Thanks for sharing, it's very informative!
Gerharddc
·2 miesiące temu·discuss
Yeah it seems pretty insane to use a vibe-coded storage engine unless you had no other option
Gerharddc
·2 miesiące temu·discuss
Nice and clean, I like it!
Gerharddc
·2 miesiące temu·discuss
This talk introduces Litterbox. If you're developing on Linux and you're looking for some protection from supply chain attacks and/or rogue coding agents, this might be the solution you're looking for!
Gerharddc
·3 miesiące temu·discuss
Ah, I guess I should have seen this one coming :)
Gerharddc
·3 miesiące temu·discuss
Oh wow, this looks nicely done! It's also nice that it's cross platform. I've done something similar with https://github.com/Gerharddc/litterbox which takes things a bit further by allowing you to easily sandbox your entire development environment (i.e. IDE and everything) using containers. Unfortunately I have not gotten around to the network sandboxing part though, that seems very tricky to get useful without being too "annoying".
Gerharddc
·5 miesięcy temu·discuss
TL;DR: I'm using https://github.com/Gerharddc/litterbox to sandbox all my development these days and have now managed to get the ROCm variant of PyTorch running with GPU access inside a Litterbox. If you'd like to see the details of how to achieve that, this post is for you!
Gerharddc
·5 miesięcy temu·discuss
> Every render in this post was made that way. Claude generated the geometry with vcad, imported each STL/GLB into Blender via MCP, set up studio lighting, and rendered to PNG. No human touched Blender.

This seems a bit wasteful to me. Why do you need an LLM to do the part of controlling Blender? Can't normal code be used to automate this instead? And save a scary amount of electricity in the process...
Gerharddc
·6 miesięcy temu·discuss
Great writeup! An alternative I have explored (more for defense against supply-chain attacks than for agents admittedly) is to use rootless Podman to get a dev-container-like experience alongside sandboxing. To this end I have built https://github.com/Gerharddc/litterbox (https://litterbox.work/) which greatly simplifies container setup and integrates a special ssh-agent for sandboxing that always prompts the user before signing requests (as to keep your SSH keys safe).

Unfortunately Litterbox won't currently help much for specifically protecting .env files in a project folder though. I'd need to think if the design can be extended for this use-case now that I'm aware of the issue.
Gerharddc
·6 miesięcy temu·discuss
Unfortunately not since it is very much designed for Linux. I imagine it should work fine inside a Linux VM on Mac though.
Gerharddc
·6 miesięcy temu·discuss
The main reason is that in addition to sandboxing, I also wanted something similar to dev-containers where I can have a reproducible development environment. I guess that can also be achieved with Bubblewrap, but when you want to run containers anyway, it seems silly to not just use Podman.
Gerharddc
·6 miesięcy temu·discuss
Very nice! Quite a coincidence, but the NPM disaster also prompted me to build litterbox.work as a possible solution. It is a very different approach though.
Gerharddc
·6 miesięcy temu·discuss
Very interesting read, I had no idea agents already had so much sandboxing built in! It does seem like this is probably not enough though.

A few months ago I built https://github.com/Gerharddc/litterbox (https://litterbox.work/) primarily to shield my home directory from supply-chain attacks, but I imagine it could be very useful for defending against rogue agents too. Essentially it is a dev-container-like system for Linux built on rootless Podman with a strong focus on isolation and security.

A key difference to normal dev-containers is that it encourages placing your entire dev environment (i.e. also the editor etc.) inside the container so that you are even protected from exploits in editor extensions for instance. This also makes it safer to allow agents (or built tools) to for instance install packages on your system since this is not the "real" system, it is only a container.

Another important feature I added to Litterbox (and one I have not seen before) is a custom SSH agent which always prompts the user to confirm a signing operation through a pop-up. This means that things inside a Litterbox do not have unrestricted access to your normal SSH agent (something which could provide rogue actors access to your Github for instance).