Today I learned about Landlock, another sandboxing API in the Linux kernel https://docs.kernel.org/userspace-api/landlock.html sandboxes resources instead of syscalls like seccomp. It's getting attention since a developer released the `Landrun` tool, which that uses Landlock to sandbox programs, and it made it to the front page of...uh, Slashdot https://linux.slashdot.org/story/25/04/05/217212/landrun-lightweight-linux-sandboxing-with-landlock-no-root-required (I found out about it via https://blog.isosceles.com/openssh-backdoors/, which mentioned Landlock)

<p>Been reading Lutnick quotes the past few days. He knows any on-shored job will be automated. So he thinks the entire workforce is going to be working on robots that do the automating, and has drunk some kind of AI KoolAid on the side. It is truly difficult to understand his mind.</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> clangd works until you include vulkan.hpp and then all it takes is one wrong click that takes you to the header and that&#39;s the end of clangd.</p>

<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@pagangod" class="u-url mention">@<span>pagangod</span></a></span> you seem to be making a lot of unfounded assumptions about me in service of making yourself feel good about your own consumer choices. it makes me content to know you&#39;ll be doing that somewhere i can&#39;t hear it</p>

<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@pagangod" class="u-url mention">@<span>pagangod</span></a></span> hm. go fuck yourself</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> *points to <a href="https://github.com/whitequark/unfork" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="">github.com/whitequark/unfork</span><span class="invisible"></span></a> * No, but so what?</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@ronya" class="u-url mention">@<span>ronya</span></a></span> That is wild because the whole reason for that separate parser is to be able to reindex individual files without paying attention to the <a href="https://mastodon.social/tags/include" class="mention hashtag" rel="tag">#<span>include</span></a> graph or anything.</p><p>It doesn&#39;t do this for me, but that&#39;s using &quot;full&quot; VS, which shares the parser(s) but not the layer that orchestrates them. (But also both VS and Code are prone to behaving in similarly broken ways.)</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> a public ledger recording every penis-involving sex ever made, call that a cockchain</p>

<p>if you&#39;ve been using yaqwsx&#39;s JLCPCB parametric search tool (or have been stuck using JLC&#39;s regular parts search page) I can highly recommend checking out this forked version: <a href="https://dougy83.github.io/jlcparts/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="">dougy83.github.io/jlcparts/</span><span class="invisible"></span></a></p><p>it uses a new database storage approach which makes component updates orders of magnitude faster, and it comes with some additional quality of life features too. I&#39;ve also got an open PR on it to significantly improve the coverage of parametric data extraction.</p><p><a href="https://chaos.social/tags/electronics" class="mention hashtag" rel="tag">#<span>electronics</span></a></p>