Lately, I’ve been trying to integrate the huge advance of AI to help my day-to-day tasks. A big help would be a useful programming assistant. ChatGPT already is a big help ; integrating it more tightly into workflow would probably a bigger help. I don’t really care about things like Copilot, which are really “autocomplete on steroids” ; that’s just not how I use ChatGPT. I usually start by specifying what I want to do, ask ChatGPT to rephrase my specifications, clarify misunderstand...| Posts on sloonz's blog
Previously in this series, we discovered how to use bubblewrap to sandbox simple applications. Then, we moved on to more complex applications, and concluded that, while it works, the long command lines used were getting very unwieldy. I will now present you the script (unimaginatively called sandbox) I use to sandbox my applications. Its configuration file is located at ~/.config/sandbox.yml. It starts with resources : mostly path binds, but also environment variables and D-Bus services.| Posts on sloonz's blog
Last time, we discovered how to use bubblewrap to sandbox simple CLI applications. We will now try to sandbox desktop applications. Desktop applications want access to a lot of different resources: for example the Wayland (or X) server socket, sound server socket or D-Bus services. You could grant blanket access to all such resources for every application, but that increases the attack surface quite a lot. An alternative is to give access only to resources used by the application you’re try...| Posts on sloonz's blog
Last week I wanted to replace my OpenVPN setup with WireGuard. The basics were well-documented, going beyond the basics was a bit trickier. Let me teach you want I learned. The basics But first, let’s summarize the basics. I have a server with a hosting provider that I want to use as a VPN server. I won’t delve into details here, since there are so many great explanations on the web already (here, here, here or here), let’s just make a quick summary of a simple setup, as a base for disc...| sloonz.github.io