今日の資料です (時間オーバーして申し訳ありませんでした...) speakerdeck.com/orimanabu/podm… #container_runtime

さきほどの自分の『コンテナセキュリティのためのLandlock入門』発表資料です speakerdeck.com/nullpo_head/ko… #container_runtime

gomodjail: jail for Go modules (restricts opening files, executing commands, etc.) github.com/AkihiroSuda/go… Two steps to get started: 1. Add `// gomodjail:confined` to `go.mod` 2. Run a binary with `gomodjail run --go-mod=go.mod` (Caveat: not applicable to `unsafe` pkgs)

The Fosdem Wasm dev room is here with a shiny lineup of speakers! Dan Phillips Edoardo Vacchi Ron Evans Artem Kobzar 🇺🇦 Come join this Sunday! fosdem.org/2025/schedule/…

Thanks for attending my talk "Running QEMU Inside Browser" at FOSDEM @[email protected] 2025. Slides: fosdem.org/2025/schedule/…

Created "lima-actions" for GitHub Actions github.com/lima-vm/lima-a… ``` steps: - uses: lima-vm/lima-actions/setup@v1 - run: limactl start template://fedora ``` Useful for: - Running commands on non-Ubuntu distros (e.g., Fedora, AlmaLinux 8) - Emulating multiple hosts

🍺 Alcoholless: lightweight security sandbox for Homebrew github.com/AkihiroSuda/al… ``` cd ~/SOME_DIRECTORY alcless brew install xz alcless xz SOME_FILE ``` `xz` works as a separate user with an access to the working directory, but with no access to other private directories.

NTT研究所冬期インターンシップのテーマ「Linux/ELF を WebAssembly に変換するバイナリトランスレータの実装と評価」の実施報告です． medium.com/nttlabs/%E3%82…

昨年9月の講演「なぜオープンソースソフトウェアにコントリビュートすべきなのか」を、今更ですがブログにまとめました #wakate2024 medium.com/nttlabs/why-yo…

I wrote a blog post about performance improvements for the binary translator (ELF -> WebAssembly). In our benchmark test, the Wasm converted from ELF/AArch64 in LINPACK now runs at roughly "60–80%" of the performance of Wasm generated from source code. medium.com/nttlabs/some-p…

"My 10-year Journey with Containers and the Future" is featured on the web site of Open Source Initiative @[email protected] opensource.org/maintainers/ak…

gosocialcheck: social reputation checker for Go modules. Checks whether a Go module is already adopted by a trustworthy project (e.g., CNCF Graduated project). github.com/AkihiroSuda/go…

Wrote a blog: containerd v2.1, nerdctl v2.1, and Lima v1.1 medium.com/nttlabs/contai…

Japan Community Day at KubeCon+CloudNativeConでお話したPodmanとCRI-Oの資料です speakerdeck.com/orimanabu/what… #CNCJ

My #KubeCon talk today: "VexLLM: Silence Negligible CVE Alerts Using LLM" 14:59 Pegasus A-B1 sched.co/1x70c

☺ 話しました！立ち見でて質問たくさんもらえてよかったです。 --- Thank you to everyone who listened, and we look forward to your feedback on sched. kccncjpn2025.sched.com/event/1x708

My #KubeCon sessions today: - 10:05: Keynote panel, with inductor / Kohei Ota , Yuiko Mori, and Naoki Oguchi - 16:30: containerd update and deep dive, with Kohei Tokunaga , Akhil Mohan , and Kirtana Ashok sched.co/1x6zq

エッジ向けの効率的なコンテナイメージ更新手法の論文誌が出版されました。修論版から実装を作り直して、マルチスレッド化や差分アルゴリズムのプラグイン化をした結果が反映されています。(やりたいことを全部やってみたとも言う) globals.ieice.org/en_transaction…

RFC: the standard API for sandboxing shell commands and file I/O in AI agents. I submitted my proposal to Gemini CLI to see if they have interest, but ideally this should be part of Model Context Protocol (MCP) or maybe OCI ? github.com/google-gemini/…

Alcoholless: A Lightweight Security Sandbox for macOS Programs (Homebrew, AI Agents, etc.) medium.com/nttlabs/alcoho… ``` cd ~/PROJECT alcless brew install gemini-cli alcless gemini ```