TwistingTwists
diff --git a/‎ tailwind.config.js‎
Lines changed: 13 additions & 0 deletions b/‎ tailwind.config.js‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎blog/2025-03-01-forevervm-minimal.mdx‎
Lines changed: 198 additions & 0 deletions b/‎blog/2025-03-01-forevervm-minimal.mdx‎
Lines changed: 198 additions & 0 deletions
diff --git a/‎blog/2025-03-09-http-client-rust.mdx‎
Lines changed: 127 additions & 0 deletions b/‎blog/2025-03-09-http-client-rust.mdx‎
Lines changed: 127 additions & 0 deletions
diff --git a/‎blog/2025-03-13-connection-pooling.mdx‎
Lines changed: 55 additions & 0 deletions b/‎blog/2025-03-13-connection-pooling.mdx‎
Lines changed: 55 additions & 0 deletions
@@ -0,0 +1,13 @@
+// tailwind.config.js
+module.exports = {
+    content: ["./src/**/*.{js,jsx,ts,tsx}"],
+    theme: {
+      extend: {},
+    },
+    plugins: [],
+    corePlugins: {
+      preflight: false, // Prevents Tailwind from resetting Docusaurus styles
+    },
+    darkMode: ['class', '[data-theme="dark"]'], // Enables compatibility with Docusaurus dark mode
+  };
+  
@@ -0,0 +1,198 @@
+---
+slug: "forevervm-minimal"
+title: "Minimal example of ForeverVM"
+date: 2025-03-01T00:00:00+00:00
+draft: true
+authors: [abeeshake] 
+tags: [ python, gvisor ]
+---
+
+
+# Building ForeverVM
+
+## Introduction
+
+In the rapidly evolving landscape of Large Language Models (LLMs), one of the most powerful capabilities is code generation and execution. However, executing untrusted code generated by LLMs poses significant security risks. This blog post explores a solution: a gVisor-based Python REPL that provides a secure, isolated environment for executing untrusted code in LLM-based workflows.
+
+## The Challenge of Code Execution in LLM Applications
+
+LLMs like GPT-4, Claude, and others have demonstrated remarkable capabilities in generating functional code across various programming languages. This has led to the development of "agentic" applications where LLMs can:
+
+1. Generate code to solve specific problems
+2. Execute that code to obtain results
+3. Analyze the results and iterate on the solution
+4. Interact with external systems and APIs
+
+However, executing code generated by LLMs introduces several challenges:
+
+- **Security Risks**: LLM-generated code might contain vulnerabilities, either accidentally or through prompt injection attacks
+- **Resource Management**: Unconstrained execution could lead to resource exhaustion
+- **Stateful Execution**: Many tasks require maintaining state between multiple code executions
+- **Isolation**: Code execution needs to be isolated from the host system and other users' code
+
+## Introducing gVisor-based Python REPL
+
+Our solution addresses these challenges through a multi-layered security approach:
+
+1. **Docker Containerization**: Provides basic isolation from the host system
+2. **gVisor Sandbox**: Adds an additional security layer by intercepting and filtering system calls
+3. **TCP Interface**: Limits interaction to a simple TCP API, reducing attack surface
+4. **Session Management**: Maintains stateful execution while ensuring isolation between sessions
+
+### Architecture Overview
+
+The system consists of several key components:
+
+1. **TCP Server**: A Python TCP server that accepts code execution requests and maintains stateful sessions
+2. **Docker Container**: Provides containerization for the Python environment
+3. **gVisor Runtime**: Adds an additional layer of isolation by intercepting and filtering system calls
+
+### How It Works
+
+1. The server runs inside a Docker container with gVisor's runsc runtime
+2. Clients connect to the server via TCP and send Python code to execute
+3. The server executes the code in a session-specific environment
+4. Results are returned to the client
+5. Sessions persist between requests, allowing for stateful execution
+
+## Setting Up Your Own Secure Python REPL
+
+### Prerequisites
+
+- Docker
+- gVisor (runsc)
+
+### Installation Steps
+
+1. Install gVisor:
+   ```bash
+   sudo apt-get update && \
+   sudo apt-get install -y \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    gnupg
+
+   # Install runsc
+   curl -fsSL https://gvisor.dev/archive.key | sudo gpg --dearmor -o /usr/share/keyrings/gvisor-archive-keyring.gpg
+   echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases release main" | sudo tee /etc/apt/sources.list.d/gvisor.list > /dev/null
+   sudo apt-get update && sudo apt-get install -y runsc
+   ```
+
+2. Configure Docker to use gVisor:
+   ```bash
+   sudo runsc install
+   sudo systemctl restart docker
+   ```
+
+3. Clone the repository:
+   ```bash
+   git clone https://github.com/username/gvisor-based-python-repl.git
+   cd gvisor-based-python-repl
+   ```
+
+4. Run the server:
+   ```bash
+   ./run.sh
+   ```
+
+## Integrating with LLM Applications
+
+### Client-Side Integration
+
+To integrate this secure Python REPL with your LLM application, you'll need to:
+
+1. Establish a TCP connection to the server
+2. Send Python code generated by your LLM
+3. Receive and process the execution results
+4. Optionally maintain session state for multi-step workflows
+
+Here's a simple Python example:
+
+```python
+import socket
+import json
+
+def send_code_to_repl(code, session_id=None):
+    # Connect to the server
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.connect(("localhost", 8000))
+
+    # Skip initial greeting
+    length_bytes = sock.recv(4)
+    message_length = int.from_bytes(length_bytes, byteorder='big')
+    sock.recv(message_length)
+
+    # Prepare request
+    request = {
+        "code": code
+    }
+    if session_id:
+        request["session_id"] = session_id
+
+    # Send request
+    request_json = json.dumps(request)
+    request_bytes = request_json.encode('utf-8')
+    length = len(request_bytes)
+    sock.sendall(length.to_bytes(4, byteorder='big'))
+    sock.sendall(request_bytes)
+
+    # Receive response
+    length_bytes = sock.recv(4)
+    message_length = int.from_bytes(length_bytes, byteorder='big')
+    response_bytes = sock.recv(message_length)
+    response = json.loads(response_bytes.decode('utf-8'))
+
+    sock.close()
+    return response
+
+# Example usage
+response = send_code_to_repl("print('Hello, world!')")
+print(response["output"])
+
+# Use the session_id for subsequent requests
+session_id = response["session_id"]
+response = send_code_to_repl("x = 42\nprint(f'x = {x}')", session_id)
+print(response["output"])
+```
+
+### LLM Workflow Integration
+
+Here's how you might integrate this into an LLM-based workflow:
+
+1. User provides a problem description
+2. LLM generates Python code to solve the problem
+3. Your application sends the code to the secure REPL
+4. Execution results are returned to the LLM
+5. LLM analyzes the results and iterates if needed
+
+This approach allows for powerful agentic workflows while maintaining security.
+
+## Security Considerations
+
+While this system provides strong isolation, it's important to understand its limitations:
+
+- Side-channel attacks might still be possible
+- Resource exhaustion could affect container performance
+- New vulnerabilities in gVisor or Docker could compromise security
+
+Regular updates and security audits are recommended.
+
+## Use Cases
+
+This secure Python REPL is particularly useful for:
+
+1. **Educational Platforms**: Allow students to execute code safely
+2. **AI Coding Assistants**: Enable LLMs to execute and test generated code
+3. **Data Analysis Workflows**: Run data processing scripts in a secure environment
+4. **Automated Code Testing**: Test user-submitted code without security risks
+5. **Interactive Documentation**: Create interactive code examples that users can modify and run
+
+## Conclusion
+
+The gVisor-based Python REPL provides a secure foundation for executing untrusted code in LLM-based workflows. By combining Docker containerization with gVisor's sandboxing capabilities, it offers a robust solution to the security challenges of code execution in AI applications.
+
+As LLMs continue to evolve and become more integrated into software development workflows, tools like this will be essential for balancing the power of code generation with the necessary security constraints.
+
+Whether you're building an AI coding assistant, an educational platform, or any application that involves executing untrusted code, this approach provides a practical and secure solution.
+Footer
@@ -0,0 +1,127 @@
+---
+slug: "http-client-rust"
+title: "Versatile HTTP Client in Rust"
+date: 2025-03-09T00:00:00+00:00
+authors: [abeeshake] 
+tags: [ rust ]
+draft: true
+---
+
+
+
+- generate a summary of codebase
+- Generate title with framework (title, body summary, audience, rating, alex hormozi value framework)
+- 
+
+
+https://github.com/zed-industries/zed/blob/4846e6fb3ab046e3b746f442257adff6730a3187/crates/http_client/src/async_body.rs
+
+
+---- framework
+```
+title: "Sample Title"
+Body_summary: 
+ providing a generic HTTP client framework with features like redirects and proxy support.focuses on managing asynchronous request bodies for HTTP requests. It includes:Implementation of AsyncRead, ensuring the body can be read asynchronously, which is crucial for streaming data.
+Testing support with BlockedHttpClient, which always fails (useful for scenarios where network access is blocked), and FakeHttpClient, which allows mocking HTTP responses for testing purposes.
+
+
+audience: rust developers, curious engineers looking for leveling up the software skills
+
+
+When you generate the title for the blog, also analyse the value delivered using the following formula for value:
+
+Value = ( DreamOutcome x PerceivedLikelihood Of Achievement ) /  (time delay x effort and sacrifice)
+
+It consists of 4 variables.
+
+Value is directly proportional to  2 variables = DreamOutcome x PerceivedLikelihood Of Achievement.
+
+ANd Value is inversely proportional  to other two variables =  time delay x effort and sacrifice.
+
+Here is what those 4 variables in value equation mean.
+
+Dream outcome: What is the dream outcome that you want to achieve?
+
+Perceived likelihood of success: How likely do you think it is that you will achieve this outcome?
+
+Perceived time to success: How long do you think it will take to achieve this outcome?
+
+Perceived difficulty of success: How difficult do you think it will be to achieve this outcome?
+
+DO the value analysis of your title.
+
+For each of the variables above, generate a table with the following columns (and give numbers out of 5. larger  number indicates better outcome )
+dream outcome, Perceived likelihood of success, Perceived time to success, Perceived difficulty of success
+
+
+------
+this code compiles in baml. use it when you can.
+```ts
+
+class ContentAnalysis {
+  title string @description("Generated title for the content")
+  valueMetrics ValueAnalysis
+}
+
+class DreamClass {
+  score int @description("Score from 0-5")
+  reasoning string @description("Detailed explanation for the score")
+}
+
+class LikelihoodClass {
+  score int @description("Score from 0-5")
+  reasoning string @description("Supporting factors and explanation for confidence score")
+}
+
+class EffortClass {
+  score int @description("Score from 0-5")
+  reasoning string @description("Breakdown of effort requirements and justification")
+}
+
+class ValueAnalysis {
+  dreamOutcome DreamClass @description("Assessment of importance and benefit")
+  likelihood LikelihoodClass @description("Confidence assessment with reasoning")
+  timeDelay int @description("Estimated time required in days")
+  effort EffortClass @description("Effort level assessment with explanation")
+}
+
+function AnalyzeContentValue(content: string) -> ContentAnalysis[] {
+  client "openai/gpt-4o-mini"
+  prompt #"
+    You are an expert content strategist and business analyst. Analyze the given content to:
+    1. Generate an engaging, SEO-friendly title
+    2. Calculate the potential value using this formula:
+    Value = (DreamOutcome × Likelihood) / (TimeDelay × Effort)
+
+    Rate components on a scale of 0-5 (whole numbers only) except for timeDelay which is in days.
+    Consider audience impact, and increasing the value proposition in your analysis.
+
+    Give a list of 5 options for content and value proposition for each one in following format.
+    
+    {{ ctx.output_format }}
+
+    {{ _.role("user") }} {{ content }}
+  "#
+}
+
+test SimpleContent {
+  functions [AnalyzeContentValue]
+  args {
+    content "Building a new React component library with accessibility features and modern design patterns."
+  }
+}
+
+test TechnicalContent {
+  functions [AnalyzeContentValue]
+  args {
+    content #"
+      Building an HTTP client framework in Rust:
+      - Async request body handling
+      - Redirect and proxy support
+      - Test utilities including BlockedHttpClient and FakeHttpClient
+      Target audience: Rust developers and engineers interested in systems programming
+    "#
+  }
+}
+```
+```
@@ -0,0 +1,55 @@
+---
+slug: "connection-pooling-in-depth"
+title: "Connection Pooling - in Depth"
+date: 2025-03-13T00:00:00+00:00
+authors: [abeeshake] 
+tags: [ connection, database, network ]
+draft: false
+---
+
+Here’s a **Markdown table** that maps **real-life reverse proxy scenarios** to recommended **TCP tuning parameters** for optimal performance and security:
+
+---
+
+### ✅ **TCP Tuning Recommendations for Reverse Proxy - Real Life Scenarios**
+
+| **Scenario**                                  | **tcp_fin_timeout** | **tcp_keepalive_time** | **tcp_keepalive_intvl** | **tcp_keepalive_probes** | **tcp_retries2** | **Reasoning & Trade-offs**                                                                                   |
+|------------------------------------------------|---------------------|------------------------|-------------------------|--------------------------|------------------|--------------------------------------------------------------------------------------------------------------|
+| **Public API Gateway (high concurrent clients)** | `15`                | `30`                   | `10`                    | `3`                      | `5`              | Quick cleanup of dead/idle connections to save resources, while allowing short keep-alives for API clients.  |
+| **Internal microservices (low latency, stable network)** | `10`                | `60`                   | `20`                    | `3`                      | `3`              | Fast connection recycling, rare need for keep-alives due to low latency, prioritizing efficiency.             |
+| **Mobile-heavy client traffic (prone to network drops)** | `30`                | `120`                  | `20`                    | `5`                      | `7`              | More lenient timeouts to account for intermittent mobile network instability; avoid prematurely dropping clients. |
+| **WebSocket / long-lived connections (chat apps, gaming)** | `60`                | `300`                  | `60`                    | `5`                      | `8`              | Allow long idle connections; keep-alives to detect dead connections without cutting active clients abruptly.  |
+| **DDoS-prone public proxy (security-focused)**  | `5`                 | `30`                   | `5`                     | `2`                      | `3`              | Aggressive timeouts to prevent resource exhaustion; fast cleanup of potentially malicious connections.         |
+| **IoT Device Communication (sporadic, unstable)** | `30`                | `180`                  | `30`                    | `4`                      | `6`              | Longer keep-alives to maintain connection with low-power devices, balanced with cleanup to avoid idle hangs.  |
+| **Slow clients behind proxies (corporate clients, satellite)** | `20`                | `150`                  | `30`                    | `4`                      | `6`              | Moderate timeouts to handle slow networks without dropping legitimate users.                                  |
+
+---
+
+### ✅ **Legend (Quick Reference)**
+| **Parameter**                  | **Purpose**                                  |
+|-------------------------------|----------------------------------------------|
+| `tcp_fin_timeout`              | How long to keep closing connection in FIN state. |
+| `tcp_keepalive_time`           | Idle time before sending first keep-alive probe. |
+| `tcp_keepalive_intvl`          | Interval between successive keep-alive probes. |
+| `tcp_keepalive_probes`         | Number of probes before dropping connection.  |
+| `tcp_retries2`                 | Max TCP retransmissions before giving up.    |
+
+---
+
+### ⚙️ **Notes:**
+- **Lower timeouts**: Free up resources quickly, but risk dropping slow/legit connections.
+- **Higher timeouts**: Improve user experience over slow networks but consume more resources.
+- **Keep-alive settings**: Essential for long-lived or idle connections to detect dead peers.
+- **Retries**: Trade-off between network resilience and resource use.
+
+---
+
+If you want, I can prepare a **`sysctl.conf` file snippet** based on any of these scenarios for direct use. Let me know! 🚀
+
+
+
+----
+
+source: https://github.com/brettwooldridge/HikariCP/wiki/Down-the-Rabbit-Hole
+
+----