Theoretically it is possible to exploit a hardware (or maybe even a very big software) bug inside the JavaScript engine, to execute code as root.
See also this real world example hardware exploit that gives somewhat arbitrary ram read/write access to an attacking website with zero clicks that can grant you root.
Kernel Protection hadn’t helped here though, hardware bugs aren’t an easy fix.
A bit late but: The Linux kernel can prevent unsigned code from being inserted into it, the signing key is generated by the one building the kernel image and automatically signs all modules that are build with the kernel.
This only happens if lockdown is enabled, which happens automatically if you use secure boot. The distros I use also support secure boot so I have it for example.
See https://www.man7.org/linux/man-pages/man7/kernel_lockdown.7.html for more info
On a different note, selinux enabled desktop systems (like Fedora linux for example) do limit the root user depending on context (services and so on)
I have rss feeds for my main service updates so I know what new features I have, the services mostly run in podman containers and update automatically each Monday. I also have daily backups (timed to run just before the update on monday) in case anything does break.
If it breaks I fix it depending on how much I want/need it, mostly it’s a matter of half an hour to fix it and with my current NixOS/Podman system I haven’t yet needed to fix anything this year so it breaks infrequently.
Also why are you using Kubernetes on a single host if you want minimal maintenance? XD
My recommendation is to switch to just managing containers, you should just be able to export the volumes out of kubernetes and import them as normal volumes, as long as they’re mounted in the right place you keep your data and if it doesn’t work just try again. Not like you need to destroy the current system to slowly replace it.
Edit: I also recommend to update and reboot frequently, this stops updates and unstable configurations from piling up.
Even Linus Trovald writes kernel code that Linus Trovald doesn’t like.
“Made you look”
No, they can quit whenever they want, they just don’t want to.
But it’s past me, I swear. Reckless acts of a younger man.
Yeah, it’s crazy how much a person can change in 20 minutes.
Isn’t lsposed dead?
You are about to do something potentially harmful. To continue type in the phrase ‘Yes, do as I say!’
That sounds like admitting defeat “you don’t care about any arguments I could make”
So not a fallacy?
And so, the problem wasn’t the ai/llm, it was the person who said “looks good” without even looking at the generated code, and then the person who read that pull request and said, again without reading the code, “lgtm”.
If you have good policies then it doesn’t matter how many bad practice’s are used, it still won’t be merged.
The only overhead is that you have to read all the requests but if it’s an internal project then telling everyone to read and understand their code shouldn’t be the issue.
Now upscale it back to the original size using ai
One thing that makes a project good is knowing what it does, I’ve seen quite a few projects where they talk about all the features and technology and how to configure it but not a word about what it actually does, what problems it solves and so on.
I won’t self host your program if you don’t even tell me what it does, don’t make me search and clue together large parts of the documentation just to find if I want it. A simple explanation is enough but somehow I’ve seen quite a few programs that don’t have it.
I agree, I hope it just dies off like most of googles projects and leaves the space for better alternatives.
SystemG sadly doesn’t exist
The one I forgot, obviously.
Assuming they are work related tasks.
Larme