New comment by willamhou in "I ported Mac OS X to the Nintendo Wii"

willamhou — Thu, 09 Apr 2026 01:46:01 +0000

Had a very similar issue porting a hypervisor to ARM S-EL2. Writes would succeed, there were no faults, and everything looked reasonable in GDB, but the other side never saw the data. The root cause was that Secure and Non-Secure physical address spaces were backed by different memory even at the same address, and a single PTE bit selected between them. That took me much longer to understand than I’d like to admit.

New comment by willamhou in "Project Glasswing: Securing critical software for the AI era"

willamhou — Wed, 08 Apr 2026 10:04:54 +0000

One thing I keep thinking about with AI security is that most of the focus is on model behavior — alignment, jailbreaks, guardrails. But once agents start calling tools, the attack surface shifts to the execution boundary. A request can be replayed, tampered with, or sent to the wrong target, and the server often has no way to distinguish that from a legitimate call.

Cryptographic attestation at the tool-call level (sign the request, verify before execution) would close a gap that behavioral controls alone can't cover. Curious whether Glasswing's threat model includes the agent-to-tool boundary or focuses primarily on the model layer.

Hacker News: willamhou

New comment by willamhou in "I ported Mac OS X to the Nintendo Wii"

New comment by willamhou in "Project Glasswing: Securing critical software for the AI era"