A prompt injection doesn’t have to act to be dangerous. It can hide, copy itself, and spread agent to agent. Why AI security is an epidemiology problem, and how to respond.
The Prompt Injection That Copies Itself
A prompt injection doesn’t have to act to be dangerous. It can hide, copy itself, and spread agent to agent. Why AI security is an epidemiology problem, and how to respond.
MCP-Airlock is becoming Trentina — named after the 1377 quarantine system from Ragusa that inspired its architecture. Same three-layer defense, same gateway, better name.
Continue Reading “MCP-Airlock Is Now Trentina: The 1377 Quarantine That Inspired Our Rename”
Six years ago, I wrote about the good, better, best approach to Linux quality when evaluating container images. The same framework applies to desktop Linux distributions – maybe even more so, because desktops have a GUI that’s notoriously hard to test automatically. Here’s what I wrote: Good: Use a bug tracker and collect problems as
Continue Reading “Project Bluefin is Helping Prove That Dark Factories Work for Operating Systems”
I’ve loved Tron since I was a kid. When I was about seven or eight years old (early 1980s!!!), my Mom took me to see Walt Disney’s Magic Kingdom on Ice at the Richfield Coliseum, which was this massive arena between Cleveland and Akron (sadly, torn down in 1999). The show had a Tron segment,
Continue Reading “Put The Tron Ares Album On and Build Something at Midnight”
I’ve been running Claude Code on my RHEL 10 workstation for a few months now, and I have to admit, with some embarrassment, I often run it with the ominous –dangerously-skip-permissions option. It reads and writes files, executes shell commands, installs packages, modifies system configs, all without asking permission first. I’ve been letting an AI
Continue Reading “image mode Gave Me the Confidence to Go Fully Agentic”
I’ve been running RHEL 10 image mode on my laptop since a few days before Red Hat Summit in May 2025, and I recently deployed it on a Linode VPS on March 4th. The whole experience has taught me something about how people actually adopt this technology, because I think the journey looks a lot
Continue Reading “The Image Mode Journey: From Your Laptop to Production”
Update (June 2026): MCP-Airlock has been renamed to Trentina. The project has grown from a web content sanitizer into a full MCP gateway with per-consumer profiles, tool allowlists, and parameter-level access controls. The new name reflects that expanded scope — and avoids a naming collision with another MCP gateway project. The architecture described in this
Continue Reading “MCP-Airlock: An Open Source Defense Against Prompt Injection in AI Agents”
I’ve been following the conversation around Jef Spaleta’s Fedora Sandbox proposal with a lot of interest, and I think it’s worth sharing some perspective from someone who lived through exactly the kind of situation this framework is designed for. When Podman was getting started, we didn’t have anything like a structured lifecycle process in Fedora,
Continue Reading “Why the Fedora Sandbox Would Have Helped Podman Survive Its Early Days”
My print screen key on my external keyboard stopped working. Not the one built into the laptop, that was working fine. The one on my external keyboard. It had worked fine, and then it randomly stopped working! Why? I have no idea. This kind of thing isn’t supposed to happen in computers, but we all
Cloudflare announced Markdown for Agents on February 12th, and it’s one of those features that makes you stop and think about how fundamentally the web is changing. The idea is simple: when an AI agent requests your content, Cloudflare converts the HTML to clean Markdown at the edge before serving it. The result is an
Continue Reading “Your Blog Needs an AI-Friendly Front Door”