So this seems to be M2M tokens - what about the, arguably more common, use case of creating a short lived or simply ephemeral token to allow an AI agent to use a service (e.g: GitHub) without the possibility to have it leak a valid upstream token in a commit message?
My solution to this particular problem is gh-proxy - but of course GitHub is only one of the 100s of services that one might want this for.
For AI Agents we have added token derivation to Ory Talos which allows you to exchange a static API key for a ephemeral, short lived, and restricted token. It can be both a JWT and a Macaroon (super interesting for caveats)!
However this would require GitHub to use Ory Talos and it‘s not a solution for third party credentials really.
So your project solves that need quite nicely, and I‘ll check it out in more detail today :)
I found it relevant and actually just the information I was looking for. Having a highly recommended model behind the tool makes it worth further investigation.
That shouldn't stop the regulation from existing, but yes, maybe another regulation in a similar way for forcing companies to open source drivers and bringup code after N years of the release?
Even when the drivers are open source, it's far from easy. I'm thinking about these old Linux 4.2 touch screen drivers, they are there, fully open-source and despite that, almost none of them are in modern mainline.
Not necessarily for the "without sharing" part, but to increase the reliability of the jailbreak. The same prompt isn't guaranteed to return the same result, but combining the internal thinking with the prompt might be a more effective way
Too bad the software is awful. Thankfully the Linux Surface community is pretty strong. Proprietary Microsoft drivers don't make it easy, but we're getting there...
I'll buy another one if there's some commitment from Microsoft to be more open source friendly, but since this will never happen, they can keep their HW.
Depending on how easy it is to run Linux on this as opposed to the new MacBooks may make this attractive for Linux users.
Anyway, the whole trend to change from x86 to Arm on laptops is bad news for compatibility. It might be that the era where you can download an iso and expect Linux to run on a random laptop is over, and Linux users will have to stick to only a couple of devices with well known support. Did Valve release a laptop yet?
One concern I've heard about the move to ARM cores is that it is done in order to lock down the devices more so they're more like a phone rather than a computer.
x86 Most random Linuix ISOs will boot on anything. I've seen software compiled before the hardware had finished being designed boot just fine. (in the latest case lstopo was very confused, but everything still worked!)
ARM, I go looking for a build for my chip/device in particular.
x86 I just buy hardware and it works, ARM I check for OS builds before buying, and wonder if the builds will continue to get updates.....
> Depending on how easy it is to run Linux on this as opposed to the new MacBooks may make this attractive for Linux users.
Why? Just to get ARM? Buy a brand that actually works with the kernel and distros to get their hardware working with linux. Get your money to the people that actually help the software ecosystem.
When you spent premium, put your money where it makes a difference.
I recently spent an equivalent of MacBook Air M4 price + import tax to get a linux laptop called Starlabs Horizon that advertises up to 14 hours of battery life. Maybe in a TTY it could do that, but in practice, I haven't yet seen any x86 laptops from any company, linux or not, to match even 50% of a macbook's battery. Realistically it's 4-5 hours like the rest of them. Not to mention that for that money I got a cpu that is a power equivalent of pre-M1 chip mac. Also they put speaker grills at the bottom (what were they thinking??)
For laptops, what I had in mind is excellent power management and efficiency, it seems to correlate with ARM but I think most people don’t really care for the details of architecture.
I really hope for competition’s sake that Microsoft makes some reforms and cleans up Windows.
Because us nerds like to say “the software is awful,” but really, the bones of Windows are not awful at all. It generally works well, it just takes a lot of work to get all of the BS out of your way.
If you’re looking for open source friendly, just buy a Framework 13 Pro and be done with it.
By the way, the other news from Computex is Dell and HP’s Macbook Neo competition, and they really look legit. So, Apple is waking up the PC industry a bit, showing them that they are endangered. Hopefully Microsoft gets the memo.
No, Windows is awful. Closed source , buggy and filled with performance bottlenecks. Let's not even talk about the whole requirement for a Microsoft account, TPM or the fact that it's basically a spyware with ads. Why the hell would I want a Candy Crush Soda ad in my OS?!!!
But that’s what I’m saying: don’t equate ads and other BS with the architectural basis of the OS. The ads and the junk can be removed and I’m hoping Microsoft decides to clean those types
of elements up as they face pressure from competitors.
Buggy and filled with performance bottlenecks? I don’t really agree with that. I would challenge a user in a blind test running full screen apps to tell the difference between the three major operating systems.
TPM isn’t something to get hung up on. I use it with Linux. Having some way to ensure system integrity is a feature of all major modern operating systems. The vast majority of people would never install an OS on their own, so this is an issue that doesn’t affect anyone relatively speaking. The average person only upgrades their Windows OS when they buy a new computer.
I get it’s not what you’re asking for, but WSL on windows is a lot more friendly than anything Apple has done in the last decade to assist in Linux support.
WSL is inside Windows. I haven't found the need for anything like this on macOS, as it's Unix and I can just install stuff with Homebrew. When the Unix version of some package didn't do what something else I was running expected, I was able to install coreutils in just a few seconds and carry on.
It seems the issue on Apple hardware is the fight to get Linux booting on bare metal with full support (what Apple supplied for Windows with Bootcamp when moving to Intel), which is the fight Asahi Linux is waging. Is WSL aiding in getting Linux booting from bare metal on proprietary hardware?
WSL for me was literally a gateway drug to switching fully to Linux. It did work, but took extra system memory, drained battery life, and caused intermittent suspend/resume issues. Just not worth dealing with compared to running native Linux.
WSL provides a seamless filesystem experience between windows and Linux which is more than I can say for MacOS. And it’s supported by MS, not a community add-on.
People downvoting me because Microsoft are just silly. It is literally undeniable that Microsoft has done more to provide Linux support in the windows ecosystem than Apple has with MacOS. The closest thing Apple has done to “support” Linux is add a hypervisor without a GUI that they’ll tolerate you using but don’t really support. Try opening up a case with Apple about a Linux issue running a hypervisor.framework Linux vm and let me know how it goes…
Microsoft will absolutely support issues you run into with WSl.
macOS and Linux are both POSIX-compatible operating systems. I guess I’m unclear on why you’d need to run a Linux VM with full filesystem access, when the tools can be installed on macOS itself the filesystem is just the filesystem. It seems like an unnecessary layer of complexity for most standard use cases.
WSL is 90% of a good product. They just quit improving it too early. Managing file permissions between Windows and WSL is a nightmare, it does horrific things to your filesystem if it ever runs out of memory, at least once every day a teammate is hitting a readonly filesystem issue. A team of some of the smartest people I know tried to smooth it over enough to be useful and we couldn’t do it.
At my bigco, we have all but given up on it and moved everyone to EC2 or Macs for non-Windows workloads.
No. I *don't want Windows*. WSL is not an option for me.
In fact, Linux is the only option, and it's what I chose.
Thankfully AI nowadays does an amazing job in issue diagnostic and resolution, and even patches the kernel to make stuff work, so this is the viable solution.
But what is the point of WSL if you can get run the real thing, without performance penalty, bloatware and spyware? WinBoat makes more sense if there is the odd program that does not have a substitute.
It's usually enough but not always. Sometimes it happened that my customers using MacOS or WSL were not able to pass some tests or reproduce some bugs. That was due to some differences between the userland of the Linux servers, which are our build and deployment targets, and what they have on their Macs. I work on a Debian laptop (it used to be Ubuntu) and I can always run on it whatever sw runs on the servers. The languages are Python and Ruby, some bash.
The developers on WSL (the Python project, Django) tend to have a simplified environment. For example they don't run Celery (I never investigated why) and run all the background jobs synchronously or they don't run those jobs at all.
The ones on Macs (the Ruby project, Rails) have the full environment but I remember that they skipped some integration tests because they always failed on their Macs (Capybara and Chromedriver, I don't remember the details.) I was the one running the full test suite. By the way: all the CI services I used in the last 10 years are particularly bad at running those kind of tests. Maybe it's the amount of memory or the timing of the operations and those CI VMs (or containers?) don't play well with the assumptions of the test frameworks. Any language, any framework.
Which doesn’t make it Linux, which is what op wants. It’s based on a BSD-based mach kernel. You might as well say someone asking for Linux should just run Irix, because hey, it’s UNIX!
Who cares about the kernel? That only matters for hardware support, which is going to be much better with macOS on mac hardware. Macs can easily run 99%+ of the software that people use linux for, because *nix. The only real reasons to require linux in this situation are ideological (free software/GPL vs proprietary Apple) and aesthetic (you're used to X/wayland/systemd/whatever system software and don't like Apple's solution). It would definitely be nice if Apple helped people out by documenting and releasing source for the bootloader and firmware to make it easier to install third-party OSes on their hardware... but they're not a hacker-hobbyist nonprofit doing it for the love, so why would they?
WSL is literally the Linux kernel running in a VM, so WSL is actually closer.
But you can have a Linux kernel running in a VM on macOS as well, and while it doesn't have something like WSL built-in, it provides enough foundation for others to build it: https://lima-vm.io/docs/
What are you talking about? The Mac platform is so much more friendly for doing Linux related work. First of all it’s Unix so most tooling has MacOS variants, and secondly you have a miriad way to install WSL like VMs with shared disk.
I swear, people just live in their echochambers these days. Win 11 pro + WSL2 is literally the best, do it all OS you can get these days.
Most peoples experience is with Windows home, which ironically is about as intrusive as Mac OS. When you get Windows Pro, you can disable all the annoying AI/Advertising shit that comes with Windows, and at that point, you get a system that is cleaner than Mac OS.
Then you install WSL2, which is a full linux environment down to being able to run graphical apps, use gpus natively, and even talk to usb ports.
Ive been on Win11 Pro for 4 years. The only major things that are installed under windows for me are VPN Software, Steam (with games), Ollama, and Browser. Everything else, I run under WSL2.
Well, they keep pushing the Creator Bundle when I open up the Numbers.app I bought bundled with the system. Perhaps they are implying creative bookkeeping?
They absolutely do. If you don't have a paid iCloud account, you get spammed urging you to upgrade for example. I really don't know why you feel so comfortable just blatanly lying when this is easily verifiable.
I agree. I'm running Windows 11 Arm on an Asus Zenbook A16 right now. Lighting fast. I'm typing this comment while I'm compiling code and having Claude analyze packets coming from Wireshark that's on this machine. It's got 18 cores and 48GB of integrated memory, great battery life, and an OLED screen for $1699
I run Linux in a VM and Docker on it, and WSL2. No problems with anything.
I don't see any ads. I turn a number of "intrusive" features off, but nothing is hacked; these are just settings you can switch off.
That's one of the laptops I've been sort of looking into.
Can you run stuff like hyprland, and the linux-version of ghostty on it? Not familiar with the state of WSL2.
I'm honestly happy just using linux, but that zenbook a16 is just better value than a panther lake or mac alternative with a similar spec (RAM and display quality mainly). So if WSL2 essentially lets me just treat it as a linux laptop, or a close enough approximation without any real downsides, then it might sway me.
I run Windows 11 Pro on it. I like it. I use WSL2 for command line/Docker stuff. If you're not insterested in using Windows 11 Pro as your main OS, I'd make sure someone's figured out how to run Linux native on it (and make sure all power management/audio/etc works!) before buying.
I doubt most of these "windows bad" regurgitators are being fair with their takes. Or they're gamers who don't even develop on their windows machines.
There is no way it's as bad as people are saying. If you really are able to use Win 11 pro and just run linux for 99% of your work, then that sounds pretty good to me.
Running Linux on Surface works. It's not perfect, but it solves the problem. Windows is gone from my Surface Pro X since roughly 2 months after buying it.
https://blog.denv.it/posts/i-was-likely-targeted-by-dprk-in-...
It was likely DPKR.
reply