HackerTrans
TopNewTrendsCommentsPastAskShowJobs

igorbark

no profile record

comments

igorbark
·há 11 dias·discuss
im not sure that there is a plug n play set up that will work for everyone, because as with any security boundary, each layer of hardening has a usability trade-off. i definitely feel you about the uncertainty of it all, how do you actually know everything is tight?

personally, i think either a VM or microVM is the way to go. these things are actually designed as security boundaries, as opposed to containers. and as compared to bubblewrap, you can just give the agent a whole FS to work with and run it in yolo mode, whereas with bubblewrap you have to manually bootstrap the availability of each individual dev tool and make sure its config dirs and package caches and etc are mounted in a secure way and still will probably hit perm errors all the time. and there's just way less isolation.

also, something that has limited support in harnesses but IMO would make a lot of sense is running the harness process in the host, but having all the tool calls and file system interactions delegated to the VM. that way you keep all your session data and auth keys on the main machine where it can never get into context. otoh it makes your harness part of the security boundary, so that's the trade-off.

there's also all the usability questions around how to actually get data in/out of the VM. i have a script which can push local git repos into the VM and then pull from them as a remote, so the VM can't initiate any connection with the host doesn't need to hold git credentials. but ig for someone who wants their agent to push straight to GitHub that's a waste of effort.

options i've tried or seen for the VM itself: - qemu + libvirt: takes some doing to wrangle it together, but very battle tested and configurable - crun-vm is a PoC of higher level integration layer between podman and qemu, which is a really cool way to go about it. seems maybe abandoned but i just think it's neat and very existing tools/standards oriented rather than starting a new project and brand so i mention - libkrun is a newer entrant, and several ppl have built wrappers around it: - microsandbox - smolvm (posted/discussed on here recently) - krunvm

this is all Linux oriented, it's all i know.
igorbark
·há 2 meses·discuss
this logic does not hold up if the reason that labor is more expensive than parts is that the labor involved in creating those parts has been outsourced to a "shithole country"
igorbark
·há 3 meses·discuss
if we're going to plug random puzzle games on this thread, IMO the most underdiscussed puzzle game of all time is Recursed, the only game i've played which properly explores recursion as a mechanic, and (MINOR SPOILER) the only game i've played which detects when you have created logical contradictions, and for each contradiction you achieve rewards you with a secret bonus level.
igorbark
·ano passado·discuss
i definitely agree that it would've been nice to have images in the book as it was hard to get a sense of exactly how well Boquila was mimicking neighbouring plants!

but in reference to the linked article, i will say that the researchers interviewed in the book (and i got that sense for Zoe as well) were in agreement with you that the research didn't support a vision-based mechanism. but everyone agrees that the imitation is going on. the researchers in the book suggest a gene transfer-based mechanism instead! (mentioned briefly in your linked article)
igorbark
·ano passado·discuss
not sure if you will still see this 7 days later, but the claim "we work more hours than medieval peasants did" jumped out at me so i looked into a bit and am curious if you have more thoughts on it!

i found this lively criticism of the video on reddit: https://old.reddit.com/r/badhistory/comments/16y233q/histori....

my brief takeaway was that the claim might be true if "work" means "working for an employer for wages", but not if "work" includes "necessary labor for shelter, food, clothing, survival".

but it's an interesting thought though so i'm curious if you have other related resources to dig into.
igorbark
·ano passado·discuss
i enjoy that i cannot tell whether this is written by an AI, or by a human pretending to be an AI. my guess is human pretender!
igorbark
·ano passado·discuss
the biggest headache i had in particular was different ways of handling environment variables, but the different adapters at OpenNext have had a rolling list of caveats/unsupported features for as long as i've been following the project so i didn't want to outright say "full". hopefully the effort on Next's side to build a standardized adapter API will help with this!
igorbark
·ano passado·discuss
that's great to hear, thank you for the update :)
igorbark
·ano passado·discuss
I too have had to use Next but didn't want to feel locked into Vercel.

this is the biggest effort I'm aware to run Next with a full-ish feature set outside of Vercel: https://opennext.js.org/. Supports AWS, Cloudflare, and Netlify. You can also run Next as a normal node webserver. I've only used the Cloudflare integration and it was a bit janky but worked (and seems to be entering 1.0 soon so may be less janky).

AFAIK this is completely unsupported by the Next team, but would love to be proven wrong!
igorbark
·ano passado·discuss
you don't need to send 100kb+ of JS over the wire to build a static site in react: for example https://vike.dev supports static HTML-only output for a site built with React.

as for "why React", speaking just for myself it's really nice to just have one tool that can do everything (static HTML-only, static with JS, SPA, SSR) and not have to context switch or potentially even have to split my site into two projects just because I want to hop between one or the other approach. and React has the biggest mindshare and ecosystem.
igorbark
·ano passado·discuss
probably adding a confirmation message the first time the alias is used for each command would be good, it would be nice to know when i'm invoking git and when i'm invoking a third party binary regardless of any exploit attempts!