upvote

points

by hmokiguess3 hours ago |
comments
upvoteby beeflet3 minutes ago|
next
[-]
I like that these companies will name their products OpenShell or OpenVINO or whatever with the implication that anyone else will ever contribute to it beyond bugfixes. The message is "Come use and contribute to our OPEN ecosystem (that conspicuously only works on our hardware)! Definitely no vendor lock-in here!"

It's not something like Mesa. It's open source in the same way chromium or android is open source. A single company is the major contributor and decides the architecture and direction the whole ecosystem will go.

reply
upvoteby hardsnow2 hours ago|
prev|
[-]
OpenShell is the gem here indeed. A lot of good ideas like network sandbox that does TLS decryption and use of policy engine to set the rules. However:

> Credentials never leak into the sandbox filesystem; they are injected as environment variables at runtime.

If anyone from the team is reading - you should copy surrogate credentials approach from here to secure the credentials further: https://github.com/airutorg/airut/blob/main/doc/network-sand...

reply
upvoteby angry_octet1 hours ago|
parent|
[-]
The LLM will easily leak these credentials out. So the creds should be outside the sandbox, and the only thing the sandbox should see is a connection API that opens a socket/file handle.

Alternatively where is needs an API key, it should be one bound to the endpoint using it. E.g. a ticket granting ticket is used to create a bound ticket.

A copy on write filesystem would be an interesting way to sandbox writes, but there is difficulty in checking the diff.

reply