Can the OG please get its own box please?
07.03.2026 17:58
👍 0
🔁 0
💬 0
📌 0
Can the OG please get its own box please?
agree, say it like it is (or spell it like you say it).
yml or yaml, was a winner ever established?
How the phantom token pattern works in practice: session-scoped token → localhost proxy → real credential injected outside the sandbox → forwarded over TLS. Scoped to one session. Expires on exit. #AISecurity #infosec
API keys in env vars. One prompt injection. One outbound HTTP call. Your key and everything it can touch is gone.
We built a phantom token pattern: a credential proxy that lives outside the sandbox, talking to agents only through a seccomp-restricted channel.
nono.sh/blog/blog-credential-injection
Gem, what is going on with you?
LOL - "Gemini is wrong again. The code compiles and runs - you demonstrated it. Gemini is hallucinating a v2/v3 API mashup"
Config + sandboxes + great DX - the current sweet spot
Its always nice to get a bit of love and appreciation as an OSS maintainer
Sorry, but I will never get the attraction with this thing (only using it to debug a user issue)
Loving the new nono claude demo video, so far the common ask has been 'Is that Sean Bean speaking"
www.youtube.com/watch?v=d6Y8...
nono.sh part two:
nono --net-block bash <(curl url):
curl downloads the script outside the sandbox, but bash executes it inside with network blocked. The malicious script can't exfiltrate or cause any damage, because the kernel denies all network syscalls with "Operation not permitted."
cool things you can do with nono.sh , part on:
nono'ception - aka nono spawns itself into a nono sandbox and then asks nono, why can I not access ~/.ssh/id_rsa
AI is 6 months away from being 6 months away
What is this bizarre reality we are in - utterly bonkers
Guest Blog on Spin Framework of how we use WebAssembly isolated tool execution for the training of agentic large language models spinframework.dev/blog/deepfab... - by @lukehinds.bsky.social
Just finished C.S. Lewis's The Great Divorce - a take on Heaven / Hell. Hell is quietly horrifying: a grey, endless suburb where you're trapped with petty, quarrelsome Karens. The more you insist on being understood, the more you cling to your own righteousness, the harder it becomes to leave.
How do you train an SEO-focused agent from scratch? Our co-founder Stephen Parkinson covers the full process - dataset generation, live tool execution setup, and more. Part two dropping soon. deepfabric.dev
This was a lot of fun and quite eye opening as to what is possible with open SLMs
My 12 and 15 yr old daughters Spotify end of year listening ages were 49 and 45 years old - all from listening to mostly nineties bands. The summary in their words: they don’t make good music anymore, no bands and a lot of AI slop. The youngest top artists of 2025: The Cure, The Smiths and Deftones.
Just in case you need a reminder - don't use GPG
How we trained a 4b SLM to outperform Claude Sonnet 2.5 and Gemini 2.5 pro at Tool Calling - run on a free T4 GPU on Google Colab:
colab.research.google.com/drive/1EG1V4...
DeepFabric now supports live tool execution during dataset generation, isolated within web-assembly components care of the @cncf.io spinframework- this produces training data with far less hallucinations and encourages more reactive learning patterns during SFT or RL based training.
Another week, another Agent foundation
Latest Blog on why relying on system prompts as guardrails could let you down www.alwaysfurther.ai/blog/system-...
Very excited to get this out of stealth - if you're keen to learn more , please do reach out
We're out of stealth!
Today we're announcing Always Further and our $1.8M pre-seed to deliver precise, secure and reliable open language models.
More soon. Let's build 🚀
www.alwaysfurther.ai/blog/announc...
I getting quite few pull requests where an issue gets picked up, a huge PR made, I use gemini reviews, it flags up lots of nits and flaws in the PR. The human then faced with having to understand the code, nopes out and closes the PR.
Claude Code really likes using python asserts outside of tests, which is proper insanity. When compiling to optimised byte code, python asserts are ignored. This will mean a lot of code running in production, where assert style logic will be completely removed from the code.
