> If you are thinking of AI fixing bugs is less expensive Because I don't think this. A rewrite is cheaper to me.
There are a million ways to load a kernel module from inside of a container into the host kernel (ie: to trigger a load), but seccomp/ linux caps will block the direct ways (as another commenter notes).
That's right. Docker still runs without user namespaces by default, which means that root is the same user inside and outside of the container. This does open up attack surface and configuration footguns. Confinement…
I don't think this would change anything even if it were true, which it is not. Running as root in a container opens up tons of footguns but it is not a path out of the container on its own.
They are a security boundary. The fact that you need a vulnerability to escape them is proof of that. They just don't have a particularly high cost of escape because reachable kernel vulnerabilities are so common.
My claim is that you can grep for memory safety bugs in rust and you can't in zig, therefor trading memory unsafe zig bugs for memory unsafe rust bugs is a good trade. This has been my claim, it continues to be my…
> Not these in particular. You are again ignoring the context. What context? I just said afterwards that aliasing is not one of those cases. > Undefined behavior are bugs by themselves. Let's check if you are holding…
> There are no such invariants in Zig. Zig does have invariants. It doesn't have an aliasing invariant like rust though, but it does have its own invariants, naturally. Zig is a memory unsafe language. > Broken…
You can grep for every memory safety violation in rust.
I've had zero issues with Codex. If it flags something it seems to have a slower "review before proceeding" phase but it does proceed.
This is going in circles. I think my point has been made. You can grep for every memory safety violation in Rust, that is a win. Pointer aliasing is apparently not UB in Zig, that's cool, assuming that's what you are…
> And they are actual bugs that I've take extra time to (statistically) verify. I'm confused. You said that you've just grepped and found some undefined behavior. What do you mean that you've statistically verified…
Given that Fable is so gutted and Anthropic added the absurd data retention policy for it, I'm going to advocate that we prioritize support for as many other models as we can at work.
I'm writing a programming language with a "capability security model". That's enough to trigger Fable, it won't work on the language. It's hilarious. The mere presence of the word "security" seems to be enough to trip…
I write rust and barely interact with the community. I used to. I spoke at the first rustconf, even. I don't really care to engage with the rust community anymore (I cut myself off entirely from most online communities…
> They are forbidden in Rust because of reference invariants that don't even exist in Zig, so correct code are made incorrect during the port. I'm not sure that this is true - who says that the same invariants weren't…
Our standards are different. I don't see any of that as a regression. You're pointing out potential problems that can be resolved, and specifically can be resolved because rust makes those problems grep'able.
So there were 128 known problems fixed and you've found 237 potential bugs that were greppable. And you think that's a regression?
As opposed to the known problems caused by using Zig?
I think that's an interesting point that the models wrote SAFETY comments that are so obviously not what SAFETY comments are for. A SAFETY comment can never be about callers, that's the whole point of `unsafe`.
These seem really easy to address. Any SAFETY comment that relies on the caller is something you can trivially find and fix.
This is just a hit piece and it's embarrassing to post it on your project's website. Could've been a tweet.
Why would I give a shit about this person's personal conversations being boring? Make new friends, idk. I don't talk about AI outside of technical forums where it's relevant or maybe work. > Just stop wanging on about…
Even if they end up with a "this dependency can execute arbitrary code" it'll be a huge win because that will be an explicit grant to that dependency. You'll be able to know "which of my dependencies execute arbitrary…
These are not mutually exclusive, and one makes the other better. "Whole process" sandboxing has always been far worse than native sandboxing because when the devs writing the software design the software to be…
> If you are thinking of AI fixing bugs is less expensive Because I don't think this. A rewrite is cheaper to me.
There are a million ways to load a kernel module from inside of a container into the host kernel (ie: to trigger a load), but seccomp/ linux caps will block the direct ways (as another commenter notes).
That's right. Docker still runs without user namespaces by default, which means that root is the same user inside and outside of the container. This does open up attack surface and configuration footguns. Confinement…
I don't think this would change anything even if it were true, which it is not. Running as root in a container opens up tons of footguns but it is not a path out of the container on its own.
They are a security boundary. The fact that you need a vulnerability to escape them is proof of that. They just don't have a particularly high cost of escape because reachable kernel vulnerabilities are so common.
My claim is that you can grep for memory safety bugs in rust and you can't in zig, therefor trading memory unsafe zig bugs for memory unsafe rust bugs is a good trade. This has been my claim, it continues to be my…
> Not these in particular. You are again ignoring the context. What context? I just said afterwards that aliasing is not one of those cases. > Undefined behavior are bugs by themselves. Let's check if you are holding…
> There are no such invariants in Zig. Zig does have invariants. It doesn't have an aliasing invariant like rust though, but it does have its own invariants, naturally. Zig is a memory unsafe language. > Broken…
You can grep for every memory safety violation in rust.
I've had zero issues with Codex. If it flags something it seems to have a slower "review before proceeding" phase but it does proceed.
This is going in circles. I think my point has been made. You can grep for every memory safety violation in Rust, that is a win. Pointer aliasing is apparently not UB in Zig, that's cool, assuming that's what you are…
> And they are actual bugs that I've take extra time to (statistically) verify. I'm confused. You said that you've just grepped and found some undefined behavior. What do you mean that you've statistically verified…
Given that Fable is so gutted and Anthropic added the absurd data retention policy for it, I'm going to advocate that we prioritize support for as many other models as we can at work.
I'm writing a programming language with a "capability security model". That's enough to trigger Fable, it won't work on the language. It's hilarious. The mere presence of the word "security" seems to be enough to trip…
I write rust and barely interact with the community. I used to. I spoke at the first rustconf, even. I don't really care to engage with the rust community anymore (I cut myself off entirely from most online communities…
> They are forbidden in Rust because of reference invariants that don't even exist in Zig, so correct code are made incorrect during the port. I'm not sure that this is true - who says that the same invariants weren't…
Our standards are different. I don't see any of that as a regression. You're pointing out potential problems that can be resolved, and specifically can be resolved because rust makes those problems grep'able.
So there were 128 known problems fixed and you've found 237 potential bugs that were greppable. And you think that's a regression?
As opposed to the known problems caused by using Zig?
I think that's an interesting point that the models wrote SAFETY comments that are so obviously not what SAFETY comments are for. A SAFETY comment can never be about callers, that's the whole point of `unsafe`.
These seem really easy to address. Any SAFETY comment that relies on the caller is something you can trivially find and fix.
This is just a hit piece and it's embarrassing to post it on your project's website. Could've been a tweet.
Why would I give a shit about this person's personal conversations being boring? Make new friends, idk. I don't talk about AI outside of technical forums where it's relevant or maybe work. > Just stop wanging on about…
Even if they end up with a "this dependency can execute arbitrary code" it'll be a huge win because that will be an explicit grant to that dependency. You'll be able to know "which of my dependencies execute arbitrary…
These are not mutually exclusive, and one makes the other better. "Whole process" sandboxing has always been far worse than native sandboxing because when the devs writing the software design the software to be…