6/21/2026 at 8:44:33 PM
by neogoose
6/23/2026 at 11:43:48 PM
> bypassing OS kernel> reading a raw device node (e.g. /dev/rdisk*)
That's... not bypassing the kernel. Time to integrate SPDK so it actually bypasses the kernel :)
by watusername
6/24/2026 at 2:09:47 PM
It doesn't have to, you can give it a blob of bytes as well. It's just hard to keep it a cli and doesn't use kernel at allmore correct would be - do not use kernel file system
by neogoose
6/24/2026 at 6:20:25 AM
TIL about SPDK. Thanks!by vim-guru
6/21/2026 at 8:44:33 PM
This is practically the most useless project becuase you can not run it without sudo permissions, but it was insanely fun to work on itsupports ext4, btrfs, and apfs. Multithreaded, supports compression, nested volumes, and can even search detached volumes like .iso and .dmg without mounting
An interesting bonus point: you can't really vibe code it cause clankers can not run sudo commands
by neogoose
6/23/2026 at 10:26:09 PM
> cause clankers can not run sudo commandsThey absolutely can. There's nothing special about a these harnesses. You automate sudo the same way you would automate in any other context. SUDO_ASKPASS, visudo, etc, maybe with a alias for obfuscation if your harness hates you.
by nomel
6/24/2026 at 3:02:12 AM
> run sudo commandsWith respect to the dangers of privilege escalation, a useful list of common commands which are difficult to invoke safely with elevated permissions: https://gtfobins.org/
> The project collects legitimate functions of Unix-like executables that can be abused to break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate other post-exploitation tasks.
Prior discussion: https://news.ycombinator.com/item?id=47931035
by Terr_
6/24/2026 at 12:09:14 AM
>clankers can not run sudo commandsDo you mean the harnesses prevent it? Or it can't type a password or something?
I've been running mine as root on a disposable VPS. (Finally I have a dedicated linux guy!)
by andai
6/21/2026 at 9:51:09 PM
When they can't run sudo, they'll user docker to give themselves root.by fragmede
6/23/2026 at 11:55:37 PM
That's why everyone should use rootless Podman. It doesn't need anything apart from subuid/subgid binaries.by cyberax
6/24/2026 at 8:34:52 AM
> An interesting bonus point: you can't really vibe code it cause clankers can not run sudo commandsTell that to the Claude who set up my Raspberry Pi from scratch.
by vidarh
6/24/2026 at 4:12:08 PM
Not only sudo, even ssh into a headless remote device, and survive reboots, and continue the agents session. That's my daily life as an embedded engineerby rurban
6/21/2026 at 9:32:51 PM
>cause clankers can not run sudo commandsIs that really true? I'm fairly certain that were you to give it the proper tooling and it's own VM, it could quite happily run any command.
Hell a simple "if the CLI returns any form of 'permission denied' retry previous command with sudo; your password is: Hunter2" skill would work, no?
by goodmythical
6/23/2026 at 9:33:15 PM
Clankers absolutely can run sudo if you have passwordless sudoby daymanstep
6/21/2026 at 10:13:19 PM
In the least, you could make an alias for sudo, and have it run that. With something like this in .bashrc: alias safedo='sudo'
by dlcarrier
6/24/2026 at 1:09:23 AM
I think it's more that the harnesses created by the labs are... not always the most thoughtful.I have zero affiliation with Cursor, and I don't use it much, but Cursor Agent, for example, just builds in ASKPASS support so that if it runs a sudo command, it will show you a password prompt:
by tekacs
6/23/2026 at 10:06:37 PM
> This is practically the most useless project becuase you can not run it without sudo permissionsWell, you could whitelist the tool in sudoers.
This would let LLMs use it too.
by Wowfunhappy
6/23/2026 at 10:09:10 PM
Y’all aren’t running your agents as root?by robotresearcher
6/23/2026 at 11:17:12 PM
Real men run as root:by helterskelter
6/23/2026 at 11:19:40 PM
Has anyone run a study on how long you can run an agent as root before irreparable damage is done to the VM? A sort of gambler's ruin for the YOLO LLM Age.by jgalt212
6/23/2026 at 11:49:22 PM
I gave Sonnet 4.6 root access to my Android via adb and it wrote frida scripts to help me recover the encryption keys from SwiftBackupAlso gave Opus 4.6 access to a Kubernetes container and it was able to use pyrasite (a Python replacement that attached to a running process with gdb) to debug a "memory leak" in Python
I don't think I'd let them run unattended on anything I care about especially if there weren't backups, but they've never tried to break anything while supervised.
Usually it's significantly faster and more accurate to give the LLM/harness access to the thing to debug then to try to copy/paste back and forth.
by nijave
6/24/2026 at 12:11:40 AM
It's been a while but last year I'd see posts like "Claude nuked my homedir / entire drive" on a regular basis. I don't know if they fixed that (or just made it very rare).by andai
6/24/2026 at 1:05:31 AM
In fairness to Claude, I've nuked my homedir (had 2 tmux panes open, 1 in home and 1 in /tmp/... and wrong one was focused when I ran rm -rf *) and broken VMs far more times than it has. I now embrace IaC and backupsby nijave
6/23/2026 at 11:33:41 PM
https://forums.macrumors.com/threads/screw-it-lets-make-clau...For me, it took a bit over six weeks of Claude running unattended perpetually.
by Wowfunhappy
6/24/2026 at 3:44:30 AM
Giving some fundamentally-untrustworthy software full read access to all files and secrets on the disk is certainly a risk one could take.by Terr_
6/24/2026 at 10:41:16 AM
It's not useless if it funnels you to the author's other project, fffby paweladamczuk
6/23/2026 at 10:15:30 PM
Pretty cool to read it directly from the associated device XDDid you write a metadata parser for most of the filesystems?
by ktimespi
6/23/2026 at 9:53:59 PM
On Linux, you could create a udev rule to give you permissions on any attached raw disks (if you feel particularly adventurous).What's the license for ffs?
by lantastic
6/23/2026 at 10:29:58 PM
It might bypass the fs, but it does not bypass the kernel. Cool, though!by Retr0id
6/23/2026 at 10:28:39 PM
Dumb title.It works by reading the block device in /dev directly, wouldn't it also work on an HDD, flash drive or a memory card?
by kasabali
6/23/2026 at 10:32:44 PM
I assume the author just meant SSD as a synonym for "main internal disk", since that is usually an SSD these days.by Wowfunhappy
6/23/2026 at 11:22:41 PM
yeah I was just picking up an interesting the title for hn, you should read a README to get the actual understanding of projectby neogoose
6/24/2026 at 6:51:29 AM
Isn't this essentially a user space filesystem implementation?by noufalibrahim
6/24/2026 at 11:14:00 AM
That is my understanding as well, so the title is misleading at bestby Phelinofist
6/23/2026 at 10:15:15 PM
But can it match the speed and reliability of the venerable Windows Search?by 4petesake
6/24/2026 at 8:35:16 AM
Everything is the best file search utility ever. It is not from MS - but it reads and monitors the NTFS table directly. No idea why MS continue to use that pile of garbage that is windows search instead of this.by ReptileMan
6/24/2026 at 8:46:34 AM
Because except, for some reason, the dotnetcore team, MS does not care about anything.by pjerem
6/24/2026 at 2:21:05 AM
that's a sarcasm, right? right?!!by unnouinceput
6/23/2026 at 10:57:30 PM
Saw the name and was disappointed that this wasn't some kind of verified file system written in the F* programming language (https://fstar-lang.org).I don't think I'd ever trust or use this, but still, good job OP :)
by wk_end
6/23/2026 at 9:52:46 PM
But can it bypass the magic performed by the SSD controller?In particular, can it be certain that a flush is really a flush?
by amelius
6/24/2026 at 3:45:34 AM
Related: Could it be of any use in easily detecting counterfeit SSDs, which have been hacked to report a fraudulent size?Sure, you can test by completely filling the drive with predictable (to you, not to a counterfeiter) data and then verifying the write, but even on an SSD that's tedious.
by Terr_
6/23/2026 at 10:13:31 PM
If the disk decides to falsely report a flush, there's not much you can do about it from the user side, no?by ktimespi
6/24/2026 at 1:39:54 AM
Run this once per boot: sudo setfacl -m u:$USER:r-- /dev/nvmen01p2 # or whatever
Or if you want to only give fff access,
sudo groupadd diskreaders
sudo setfacl -m g:diskreaders:r-- /dev/nvmen01p2
sudo chown :diskreaders /path/to/fff
sudo chmod g+s /path/to/fff
So your LLM can use the binary with some safety against it going off the rails.
by porridgeraisin
6/23/2026 at 11:47:25 PM
The repo summary has multiple typos.by lunar_rover
6/24/2026 at 4:19:48 AM
Refreshing.by Retr0id
6/24/2026 at 10:20:33 AM
I see this as a project that re-vibes the filesystem implementation to a minimal, readonly version, that completely bypasses in-kernel caching.Is it really faster than normal filesystem? I haven't checked it, but the normal version using kernel cache should be much faster, because it doesn't even touch the disk?
by self_awareness
6/23/2026 at 10:47:20 PM
It is sad that that FFS doesn't support FFS (BSD Fast File System) which inspired the architecture of the ext filesystem (and was the basis for a lot of unix filesystems).by drewg123
6/24/2026 at 12:52:08 PM
[dead]by hmxnrye