6 comments

[ 4.6 ms ] story [ 16.7 ms ] thread
The seccomp-BPF rules seem almost unusably strict. What is this even designed to be used to run?
Setting aside that this seems to be pure slop, what’s with all the empty commits?
I don't think I'm ready to trust very security sensitive functions to pure vibe-coded software, and that's what this seems to be? Certainly the README is authored by an LLM, and there's a gazillion empty commits and other weirdness that indicates no human is in the loop. It looks like a loop engineered this software.

Models have gotten good, but c'mon. Good idea, maybe even a good implementation, but I don't have confidence in it, and you've got to have confidence in a project that claims to provide security.

Also, even the best models still regularly write C security bugs. It doesn't make sense to have a model write C code when having it write in a memory safe language is only slightly more effort/cost.

Who the F* runs a minimizer on friggin C sources? And it's inconsistent too.

Security-related code should be readable and auditable.