A comprehensive guide to different sandboxing technologies for safely running untrusted AI code, covering containers, microVMs, gVisor, and WebAssembly.
A comprehensive guide exploring different sandboxing techniques for safely running untrusted AI code, including containers, microVMs, and WebAssembly.
Explores MicroQuickJS, a tiny JavaScript engine for embedded systems, as a potential sandbox for running untrusted code with strict resource limits.
Introducing ClientIsolationHost, a new component for the Isolator framework that enables executing sandboxed code plugins on remote machines over TCP/IP.
Explores the unique security risks of Agentic AI systems, focusing on the 'Lethal Trifecta' of vulnerabilities and proposed mitigation strategies.
A developer's status update covering their university dissertation on unprivileged FUSE mounting, pimsync bug fixes, and ongoing work on JMAP client support for calendars and contacts.
Introduces App Buddy, a macOS utility for managing settings, backups, and permissions for the developer's other applications.
Overview of new WKWebView features in iOS 14, including JavaScript sandboxing, async JS calls, text find, PDF creation, and zoom.
Explains how to handle macOS sandbox file permissions in AppKit, covering methods like NSOpenPanel and Full Disk Access for accessing folders outside an app's sandbox.
Explores the technical challenges and differences between traditional containers and true sandbox environments, focusing on user namespaces and privilege levels.
