Learning diary › Year 2025 › July, 2025 › 2025-07-06 [2025-07-06]

✍️source

#agent #docker #game #news #sec
- #env
    - 'It's too late': David Suzuki says the fight against climate change is lost (on HN)
- #sandbox
    - Basically Everyone Should Be Avoiding Docker (on HN)
    - What is gVisor? (on HN) (on lobste.rs)
        - gVisor is an abstraction on top of existing Linux Kernel and acts as a middleman between the container and the Kernel
        - The system calls are intercepted and handled by the a gVisor component called “Sentry”
        - gVisor is designed to minimize and restrict the types of system calls the Sentry makes to the host kernel.
        - Sandboxing and Workload Isolation · The Fly Blog
            - "The Linux kernel has almost 400 system calls. How many of them do we need to efficiently emulate the rest? gVisor needs less than 20. With those, gVisor implements basically all of Linux in userland. Processes. Devices. Tasks. Address spaces and page tables. Filesystems. TCP/IP; the entire IP network stack, all reimplemented, in Go, backended by native Linux userland."
    - Container Use for Locally Sandboxed, Background Agents in Zed #agent
- #agent
    - Building a Mac app with Claude code (on HN)
    - Claude Code Pro Limit? Hack It While You Sleep (on HN)
    - Optimizing Tool Selection for LLM Workflows with Differentiable Programming #dspy
- #os
    - GrapheneOS: the private and secure mobile OS
        - from Cops in [Spain] think everyone using a Google Pixel must be a drug dealer
        - related: GrapheneOS: Why I ditched Google for a privacy-focused Pixel ROM
    - Mkosi – Build Bespoke OS Images
        - osbuild/bootc-image-builder: A container for deploying bootable container images.
        - Debcraft – Easiest way to modify and build Debian packages (on HN)
- #game-dev
    - Two and a Half Years in GameDev (on HN)
    - List of open source game clones
    - Adding Planets to Celestia on macOS
    - Shrinkle – Shrink words, find hidden phrase