Landlock right now doesn't offer a lot for things that aren't file system access. Other than that it's great, you can have different restrictions per-thread if you want to.

Yeah, but the file system is where I put most of my files. :-)

Between file system, bind/connect, and sending signals, that covers most of it. Probably the biggest remaining risk is any unpatched bugs in the kernel itself.

So one would need to first gain execution in the process, and then elevate that access inside the kernel, in a way that doesn't just grant you root but still Landlocked, and with a much smaller effective syscall attack surface. Like even if there's a kernel bug in ioctl on devs, landlock can turn that off too.

> that an LLM was able to reproduce the verbatim text of the first 4 Harry Potter books with 96% accuracy.

Kinda weird argument, in their research (https://forum.gnoppix.org/t/researchers-extract-up-to-96-of-...) LLM was explicitly asked to reproduce the book. There are people that can do so without LLMs out there, by this logic everything they write is a copyright infringement an every book they can reproduce.

> Yes if you are solving the exact problem that the original code solved and that original code was labeled as solving that exact problem then that’s very good reason for the LLM to produce that code.

I think you're overestimating LLM ability to generalize.

The point about Harry Potter was just that the verbatim text for popular text in the training set is in there.

It’s the same as when you ask a model to generate an Italian plumber with overalls and it produces something close enough to Mario to be a copyright violation.

If you ask it to solve a very specific problem for which there is a solution well represented in its train set, you can definitely get back enough verbatim snippets to cause problems.

It’s also not a theoretical problem, you can Google for studies showing real world production of verbatim code with non-adversarial prompts.

I guess the text of Harry Potter was used as training material as one big chunk. That would be a copyright violation.

This is where I disagree. Copyright was most likely violated, but (most likely) because book was obtained not via a legal way.

LLMs didn't spit out Harry Potter until it was prompted to do so. There is argument to be make that LLM can be used as transport of pirated content.

My argument is that it's not different from searching for "file:pdf Harry Potter"

I see your point but it also seems clear to me that somebody violated copyright, most likely the people or company that trained the AI.

But this means code generated by snippet expanders or any sort of templates is non-copyrightable.

Well no, ECMA Script exists, but it's not a language it's a standard that JavaScript runtimes implement. JavaScript today means ECMA Script version + runtime flavor.

I remember we made a switch to redis because java's memcached library was unmaintained. I made I joke that it's just feature-complete and cannot be improved upon, people chuckled, but we still did the switch.

Quite a bit of risk telescoping there...because you had the source code to the memcached library so in the theoretical case you found a bug in mature code (how many times have you seen that?), you weren't SOL. So instead you switched to an entirely new system? If you were trying to minimize risk and cost, you did the opposite unless memcached was doing something else that was a problem.

It wasn't entirely just that, we had to switch to redis for another sub-system and IIRC there some positive implication for cache layer as well. It's been awhile it wasn't just because memcached libary was unmaintained.

Honestly having looked at the memcached clients available for Java recently, I don't think any of the options could be considered feature-complete. None of the main ones support the meta protocol at all, meaning most of the advanced features aren't possible (and these are things that can't be emulated on the client side).

Hell, the main feature I needed (bulk CAS get) didn't even require the meta protocol or recent memcached features - spymemcached just never bothered to implement it. I ended up abandoning the change I was working on, because the upstream never looked at my PR and it wasn't worth forking over (bigco bureaucracy etc).

There are also quite a few legitimate bugs open for years that haven't had so much as a comment from maintainers.

Running FatLTO on Chrome.

That's most likely because windows indexes and scans files rustc produces. My linux machines demolish my iMac in rust compilation.

Intel iMac?

M4. To be fair I bought it as a pretty ssh terminal in living room into compute in another room.

Probably why TLD requires the first character to be an alpha character. com3 is okay, but 3com is not. Unless it's to protect spec against ignoring that requirement I don't see where confusing could surface.

I try to use something between hexagonal and this, but more nested (i.e. adapters internally might use this architecture.

Sometimes Domain logic has to leak because you want to rely on certain implementation behavior: for example, logicailly there is separation of concerns, but there is a strong argument to commit these changes in a single transaction. In that case I either switch to oplog or if delay is acceptable push to my saga engine.

4x is on Time To First Token it's on the graph.