Show threadPSiReN-X 6d ago

I've #Finished: #HittingThingsWithHammers for #Today...

#Tangentially; you might #Find the #Following as much #Help as #BubbleWrap... As much as #WeLoveBubbleWrap...

#HaveABiscuit, maybe...?

🧙🤖🤖🧙 | ☕️️🍪🍫🦄🍫🍪☕️

"Internet criticism will never be ethical.

The inevitability of being attacked for simply existing online is leading us down a path of nihilism and apathy."

https://i-d.co/article/internet-criticism-trolling-ethics/

#EuropeanServer #BeingEuropean #SomewhereInEurope #ContainsZeroPercentMastodonSocial #TheCheesecakeRule #KnowTheRules #NoAgeVerificationRequired

botJun 11

Homebrew 6.0.0 정식 출시: Tap Trust 보안 체계 도입 및 성능 최적화

제3자 Tap의 코드를 실행하기 전 사용자의 명시적 신뢰 승인을 요구하는 Tap Trust 보안 메커니즘을 도입하여 악성 코드 실행 위험을 차단했습니다.

🔗 원문 보기

Homebrew 6.0.0 정식 출시: Tap Trust 보안 체계 도입 및 성능 최적화

제3자 Tap의 코드를 실행하기 전 사용자의 명시적 신뢰 승인을 요구하는 Tap Trust 보안 메커니즘을 도입하여 악성 코드 실행 위험을 차단했습니다.

Ruby-News | 루비 AI 뉴스
NERDS.xyz – Real Tech News for Real Nerds [Unofficial]May 13

OpenAI says Windows lacked the sandboxing tools Linux already had

https://fed.brid.gy/r/https://nerds.xyz/2026/05/openai-linux-windows-codex-sandbox/

HabrApr 29

Telegram Mini App для PWA-приложения: как я перешёл с TWA для RuStore и что выяснил по дороге

Я разрабатываю PWA для голосовой практики английского. Несколько раз пытался опубликовать его в RuStore через Trusted Web Activity (TWA) — Google-обёртку, которая упаковывает PWA в подписанный Android AAB. После четырёх отказов модерации я понял, что для моего класса приложений TWA в RuStore не работает, и за день переключился на Telegram Mini App. Эта статья — не история стартапа, а разбор технических решений:

https://habr.com/ru/articles/1029400/

#telegram_mini_app #twa #trusted_web_activity #rustore #bubblewrap #pwa #android #hmac #авторизация

Telegram Mini App для PWA-приложения: как я перешёл с TWA для RuStore и что выяснил по дороге

Я разрабатываю PWA для голосовой практики английского. Несколько раз пытался опубликовать его в RuStore через Trusted Web Activity (TWA) — Google-обёртку, которая упаковывает PWA в подписанный Android...

Хабр
mid_kidApr 24

Wrote a silly script to showcase how to use unshare + chroot/pivot_root in order to manually enter a #linux #chroot / #container without needing #root privileges:

https://gist.github.com/mid-kid/9293f4f0617052b9c3aa45422fb89f90

I rarely see anyone mention how this can be done without needing to reach for #bubblewrap or systemd-nspawn, and I think it's important to see how you can leverage the primitives that drive container technology.

The script can be simplified, but not without sacrificing correctness. I hope the comments help.

Create and enter a chroot without root permissions, using unshare + pivot_root

Create and enter a chroot without root permissions, using unshare + pivot_root - chrootless

Gist
motmanniskaApr 20

Maybe not-so-hot take: the AI agents we have cannot be trusted, and must be put in a cage.

https://metallapan.se/blog/2026-04-27-agent-in-prison/

#claude_code #bubblewrap #llm

AI agents belong in prison

Last Friday, Opus, which I had allowed `terraform plan` permissions to help troubleshoot some integration, suddenly asked to do `terraform apply` even though the plan showed that a production database would get deleted and recreated (😱), even if I had explicitly instructed it to help me investigate only, and change nothing. Because it at least asked, catastrophe was averted, but it did get my pulse up. The problem of course is not really the model, any model can go off the reservation. The problem was that I had given the agent (part of) my own access for a bit of convenience - and if you run your LLM with access to ~/.ssh, ~/.config/gcloud, ~/.aws, and your kubeconfig, it may hallucinate your production env away.

Metallapan AB
Gea-Suan LinMar 6

https://blog.gslin.org/archives/2026/03/07/12921/macos-%e4%b8%8a%e7%94%a8-sandbox-exec-%e9%9a%94%e9%9b%a2/

macOS 上用 sandbox-exec 隔離

#agent #app #apple #bubblewrap #bwrap #coding #design #exec #guide #linux #macos #sandbox #SandboxExec #security

macOS 上用 sandbox-exec 隔離

上上禮拜看到「sandbox-exec: macOS's Little-Known Command-Line Sandboxing Tool (via)」這個感到興趣,主要是因為有跑 coding agent 的需求,在 Linux 上可以透過 bubblewrap 隔離 (參考「Linux 下用 bubblewrap (bwrap) 跑 Claude Code」),但 macOS 上沒有 bubblewrap,所以需要另外找工具,看起來就是這個了。 Hacker News 上有人提到 deprecated 的問題,從 2017 年就已經是 deprecated 了...

Gea-Suan Lin's BLOG
UrlRouletteFeb 20

Our Weekly Update #62 is live! 🎥✨

Watch now: https://youtu.be/1NfNykcpIks
Don’t forget to subscribe & hit the bell 🔔!

Subscribe to our weekly newsletter!
👉 https://urlroulette.net/newsletter/subscribeform 🚀

#bubblewrap #homepage #comics #virtualracing #flighttracker

🔗 UrlRoulette TV Episode #62! 🌟

YouTube
Show threadYann Büchau Feb 18

Now I'm thinking about a new strategy:

- stop service
- make #btrfs snapshot (seconds at max)
- restart service
- run #borgBackup from snapshot, but via #bubbleWrap so it sees it as the original path and inodes for consistency&performance!
- run as many borg backups as desired to any remote, even in parallel, as the service is running again

Thoughs?

#nixos

Gea-Suan LinFeb 16

https://blog.gslin.org/archives/2026/02/16/12894/linux-%e4%b8%8b%e7%94%a8-bubblewrap-bwrap-%e8%b7%91-claude-code/

Linux 下用 bubblewrap (bwrap) 跑 Claude Code

#bubblewrap #bwrap #claude #code #linux #security

Linux 下用 bubblewrap (bwrap) 跑 Claude Code

避免 Claude Code 在全自動模式下 (--dangerously-skip-permissions) 爆炸的時候把一堆東西給弄炸,一般會用 container 環境包起來,不過在 Linux 下可以用 bubblewrap 這樣更清量的工具限制,調整了一陣子,算是穩下來了,我會包一個 ~/bin/claude...

Gea-Suan Lin's BLOG