Simon Willison’s Weblog

Subscribe

Monday, 22nd July 2024

Jiff (via) Andrew Gallant (aka BurntSushi) implemented regex for Rust and built the fabulous ripgrep, so it's worth paying attention to their new projects.

Jiff is a brand new datetime library for Rust which focuses on "providing high level datetime primitives that are difficult to misuse and have reasonable performance". The API design is heavily inspired by the Temporal proposal for JavaScript.

The core type provided by Jiff is Zoned, best imagine as a 96-bit integer nanosecond time since the Unix each combined with a geographic region timezone and a civil/local calendar date and clock time.

The documentation is comprehensive and a fascinating read if you're interested in API design and timezones.

# 4:48 am / api-design, timezones, rust, andrew-gallant

No More Blue Fridays (via) Brendan Gregg: "In the future, computers will not crash due to bad software updates, even those updates that involve kernel code. In the future, these updates will push eBPF code."

New-to-me things I picked up from this:

  1. eBPF - a technology I had thought was unique to the a Linux kernel - is coming Windows!
  2. A useful mental model to have for eBPF is that it provides a WebAssembly-style sandbox for kernel code.
  3. eBPF doesn't stand for "extended Berkeley Packet Filter" any more - that name greatly understates its capabilities and has been retired. More on that in the eBPF FAQ.
  4. From this Hacker News thread eBPF programs can be analyzed before running despite the halting problem because eBPF only allows verifiably-halting programs to run.

# 6:33 pm / linux, security, windows, webassembly, brendan-gregg

Breaking Instruction Hierarchy in OpenAI’s gpt-4o-mini. Johann Rehberger digs further into GPT-4o's "instruction hierarchy" protection and finds that it has little impact at all on common prompt injection approaches.

I spent some time this weekend to get a better intuition about gpt-4o-mini model and instruction hierarchy, and the conclusion is that system instructions are still not a security boundary.

From a security engineering perspective nothing has changed: Do not depend on system instructions alone to secure a system, protect data or control automatic invocation of sensitive tools.

# 7:51 pm / security, ai, openai, prompt-injection, generative-ai, llms, johann-rehberger