I think there's something to what the author says about the shift from mission-driven startups to naked greed, but I don't think I would have put it that way.

Over the last two decades the startup scene has gone from trying to improve nearly everybody's lives at very low cost to consumers (ad-supported services like maps and email) to trying to improve the lives of the upper middle class with debatable impacts on everyone else (gig economy stuff) to something whose most obvious application is destroying jobs (ai).

That's a pretty quick shift from utopian to dystopian rhetoric, and people who bought the line are right to find that jarring.

> to trying to improve the lives of the upper middle class with debatable impacts on everyone else (gig economy stuff) to something whose most obvious application is destroying jobs (ai).

Butter them up and then cut them off, they’ll be too fat to do anything about it.

> Democrats stuffing government bureaucracies with do-nothing jobs for their buddies

Ignoring the partisanship this argument doesn't make sense on its face: government jobs pay extremely poorly. You might say "well what if you hold more than one of them?", but you can't do that: a federal employee can be employed in two different roles, but their pay is capped at 40 hours a week across the federal government.

Anyone keen on that level of grift has vastly better options in the private sector.

No It's not.

The pay, job per job, is significantly lower across the public sector. You take a massive pay-cut. I don't know what lied to you and told you it's "cushy", but it's definitely not.

Also, you can absolutely be fired for performance. In fact, across the public sector probationary periods are typically longer than in the private sector. Meaning, it's actually easier for you to get fired.

These are the types of things people just sort of... make up... and then other people run with it because they like how it sounds and it reaffirms their ideology.

I've worked in government. Have you?

Interesting past tense. Why did you leave and does it involve getting paid more?

I've worked in government and it's just like the private sector. You have people that are there check in, make money, and go home, and you have people that care about their work. And I don't think there are any significant ratio differences between public and private in regards to that.

So? You're one of millions, and many people are ideologically opposed to the public sector. Obviously, I cannot trust you, so I won't.

What I've said isn't up for debate, it's just true. If you find yourself disagreeing, please feel free to look up salaries and probationary periods. You will see you are incorrect. From there, you can decide whether to change your mind or continue to believe in lies.

> for the non-HN crowd.

> But there are a ton of people along for the ride

For someone who claims to be not in the startup hustle world of Hacker News, you also don't understand that people "along for a stable ride" is how 98% of the world views employment.

> if the shares are truly worth X dollars they should buy them back from me

I always offer companies pushing equity hard to trade for cash at 10% of the highest number they try to get me to value it at. Nobody has ever taken me up on it, even when they really should have.

None of these snippets appear to involve eBPF at all?

Correct no eBPF-code is directly involved. As post explores eBPF-based tools for understanding user-space connection with container-runtime and enrichment of event once received from kernel-space.

Hi, this is a nonsensical reply, as the sentence is lacking a few words to be complete. Are you using some kind of AI to answer? If so, which one?

No A.I, just H.I (Human Intelligence) :).

> As post explores eBPF-based tool

What ebpf-based tool(s)? It looks like it's just sample code to open a socket to a CRI.

The snippets are taken from cilium/tetragon, aquasecurity/tracee and crictl as mentioned in the post.

The post doesn't covers these projects in depth, instead act as a quick reference to the parts, where connection with CRI is being made and used for enrichment.

I understand there are more better ways to do the thing.

P.S: Post is a collection of my memories, when I was implementing the functionality. So just wanted to share, in hope that, maybe it will help others as well. Thanks !

If you figure out how to do this I will invest in your fund.

Gotta figure out how to sell these guys shovels

If someone figured out how to provide a way to bet against startups… could we say they’re selling grave shovels?

A futures market for startup equity where you can short sell would be wild.

Otherwise when the big firms go public (A16Z etc.), options trading on their stock.

Seems like an interesting if maybe not practical protection to implement in eBPF for programs that never make a naked syscall.

Step one would be to ensure that every syscall has a wrapper. Place a uprobe at the start of that wrapper which, when hit, sets a per-thread permission bit and a per-thread-per-syscall permission bit in an eBPF map. Place a corresponding uretprobe that clears the per-thread-per-syscall bit. For each syscall place a kprobe which checks the per-thread table to make sure the thread is one which has enabled the feature, and which then checks to make sure the per-thread-per-syscall bit is set for that syscall. If not, sigkill.

Performance would probably suck but it seems like it would protect the syscall entrypoints enough to do some potentially interesting attack surface reduction. The question is really why you would do that there instead of by attaching to, say, the LSM hooks where you have stronger guarantees vis a vis userspace.

What’s the threat model this protects against?

"Attacker has ROP and shouldn't be able to make arbitrary syscalls".

Seems mildly useful if you have a really flexible syscall you can't forbid (ioctl, say) but which you only use for a specific narrow purpose.

If they can ROP they can jump to a syscall instruction with controlled arguments

The point of pinsyscall is that they have to jump to the single entry point for that syscall, rather than any of the ~200+ syscall instructions littering the address space. ALSR makes finding an entry point difficult, but that's easier if you only need to find any syscall instruction, rather than the specific one for the syscall you're invoking. The rationale is explained here: https://undeadly.org/cgi?action=article;sid=20230222064027

I’ve already expressed my opinion on this particular mitigation elsewhere and I’m pretty sure you’ve read it so I won’t go into it again here. I was more interested in the scheme that the other comment was constructing.

The point of what I spelled out above is that they can jump to the instruction but the kernel will kill the program if they don't go through the function up to that point. That allows you to restrict the arguments to the syscall at the point of call.

Ah, so it’s like a poor man’s BTI

I don't think anyone ever doubted that a C program could be memory safe. The problem is knowing without exhaustive work whether yours is one of them.

These aren't bad practices, but I don't think they satisfy that desire either.

I don't know if it was deliberate, but writing code that interfaces with GDB is unpleasant enough that I opted to build our debugger-like tooling in eBPF + pyelftools instead.

I really wanted to love this, but after setting up an older version and spending untold hours debugging it I just can't make myself believe anymore. I am glad to see them move to four cables though-- two + weights was a nice bit of math but not so great as physics.

If you're looking at this, think hard about whether it's possible to cut a router template for what you want to do on a normal sized 2.5D CNC router. It's what I do and is good enough to build a business around.

As someone with access to a big 5x10 CNC and a large laser, I much prefer the laser for making forms (acrylic or wood, then use jig saw plus trim router). CNCs are just a step up in terms of complexity for part time use. You have to consider feeds and speed, chip load etc, whereas a laser is much more forgiving. However, I realize accessibility for each tool isn't always easy.

What business did you build around it?

Custom forms for concrete pours. Also did a little bit of work making supports for plaster casting.

I was never really able to sell the advantages to artists, but got some good side gig money for landscaping stuff.

(Just to clarify: the business is wound down, but I personally still use the approach in art projects)

I wrote a tool a few years ago which automatically generated and inserted type-aware fuzzers for C APIs from DWARF info: https://github.com/intel/fffc

Generating headers and also mutators that you could then modify to meet type constraints was part of that.

Edit: just to add onto the LLM side, I can see this labelling anonymous structs or similar but I'm not sure that's a good idea. What might be interesting would be to try to get an LLM to verbalize/summarize known type constraints for documentation purposes.