I think it is a mistake to say "cargo build does not need to be sandboxed because cargo test is not". A very tricky part of sandboxing is sandboxing code you don't own. I own what code runs in tests, I do not own what code runs in cargo/ build scripts.

I can take responsibility for isolation in test/ci/prod. Those are tractable problems because I can design my tests/prod code to be friendly to sandboxing. I can not do that with build scripts or proc macros, I can't actually do much at all.

The solution for "sandbox cargo" ends up being "sandbox the entire dev environment", which is a very difficult problem to solve - you lose tons of performance, UX, and the security is lacking due to how much gets placed into the sandbox.

I strongly feel that cargo is in a much better position to help me out here. I can't even know if an update to a crate happened that suddenly added a build script without additional tooling.

As for typosquatting,

> If you think you can remember the URLs for each package you use, you’re probably wrong.

Most people aren't using urls so I don't get this. The issue is typing `cargo add reqwest`. Typosquatting algorithms solve this.

I did some math.

If crates.io had adopted a policy of "no crates within edit distance of one", 15% of crates would have been blocked across all time.

+Exception for same author: 14%

+Exclude <=4: 9%

+Swap from edit distance to actual typo detection algorithm: 5%

5% of crates would have needed a name change across all time. That number will likely decrease drastically as existing names are taken.

Yes, Rust needs radically more funding in these areas. Companies need to step up. Sandboxing, typo squatting, better auditing tools (ie: I need to know when `cargo udpate` adds a dep with a new build script, etc), TUF, etc, all need to be priorities.

cfn-lint is due for one of these rewrites, it's excruciating. I made some patches to experiment with it and it could be a lot faster.

> Money is not given to good ideas (though, it doesn’t hurt). Money is given to friends.

I have an obvious counter example. I'm sure money is invested for all sorts of reasons to all sorts of people. I'm also sure that money is not exclusively invested based on friendships, and I'm quite sure that money is at times invested based on the merits of an idea. Obviously those merits have to correspond to the ability to form the basis of a successful company, unless it's a philanthropic investment.

I probably would. You mentioned the linux kernel, which I think is a perfect example of software that has had a ridiculous, perhaps worst-in-class attitude towards security.

That's fine, I wouldn't argue against that. It doesn't really change things, right?

> From a marketing standpoint Anthropic is showing that they're able to direct 'compute' to find vulnerabilities where human time/cost is not efficient or effective.

Yes, they've demonstrated that.

> It is easy to turn this into a denial-of-service attack on the host, and conceivably could be used as part of an exploit chain.

So yeah, perhaps some evidence to what I'm getting at. Bug density is too low in that project, it's high enough in others. I'll be way way way more interested in that.

> But then, this thing is just.. I don't have a word for this. Just randomly read paragraphs from the post and it's like, what?

I read about 30% and got bored. I suppose I should have been clearer, but my impression was pretty quickly "cool" and "not worth reading today".

I'd love to see them go for a wasm interpreter escape, or a Firecracker escape, etc. They say that these aren't just "stack-smashing" but it's not like heap spray is a novel technique lol

> It autonomously obtained local privilege escalation exploits on Linux and other operating systems by exploiting subtle race conditions and KASLR-bypasses.

I think this sounds more impressive than it is, for example. KASLR has a terrible history for preventing an LPE, and LPE in Linux is incredibly common. Has anything changed here? I don't pay much attention but KASLR was considered basically useless for preventing LPE a few years ago.

> Because these codebases are so frequently audited, almost all trivial bugs have been found and patched. What’s left is, almost by definition, the kind of bug that is challenging to find. This makes finding these bugs a good test of capabilities.

This just isn't true. Humans find new bugs in all of this software constantly.

It's all very impressive that an agent can do this stuff, to be clear, but I guess I see this as an obvious implication of "agents can explore program states very well".

edit: To be clear, I stopped about 30% of the way through. Take that as you will.

Sure. I don't think that that implies we have the right system currently or that we can't come up with good definitions. And again, "informed" is almost definitely already an understood term in medicine since "informed consent" is already understood.

> they generally don't understand how these drugs work, what the risk profiles, are or how dosing should be managed.

That's fine. I don't think they have to understand how they work. They have to have the risks conveyed appropriately to them. They might make a call that's ultimately harmful. Adults can do that, they should be allowed to do that.

> "immiment" is a different word than "egregious" isn't it?

Well, yes. If I had defined "egregious" as the same word, that wouldn't be very helpful.

> Malnutrition, cancer, and death are pretty egregious as well, even if they occur maybe months or years in the future, aren't they?

Not really. Things that take years to happen are a lot less serious, especially as they can be monitored for. But again, this can all be explained to the patient. I'd say the bar for "egregious" should be very, very high. When in doubt, give patients the power to choose.

> Literally, enough people are fucking this stuff up that we have pop culture references to it: "ozempic face". Losing weight this rapidly is unsafe.

That isn't compelling. How many of those people are getting ozempic from a nurse practitioner at one of these compound pharmacies? If anything, I'd bet that doctors taking the time to ensure patients are informed would lead to a reduction here.