I'll add this: Containers aren't as strong of a security boundary as VMs however this means that a successful attack now requires infection of the container AND a concurrent container-escape vulnerability. That's a really high bar, someone would need to burn a 0-day on that.
The bar right now is really, really low - blocking post-install scripts seems to be treated as "good enough" by most. Using a container-based sandbox is going to be infinitely better than not using one at all, and container-based solutions have a much easier time integrating with other tools and IDEs which is important for adoption. The usability and resource consumption trade-off that comes with VMs is pretty bad.
Just don't commit any mortal sins of container misconfigurations - don't mount the Docker socket inside the container (tempting when you're trying to build container images inside a container!), don't use --privileged, don't mount any host paths other than the project folder.
I don't think it's crazy to imagine a misconfigured production environment. I always see these same examples of how "containers aren't really secure" and they're very amateur sins to commit though, as you mention.
AFAIK a comprehensive SELinux policy (like Red Hat ships) set to enforce will also prevent quite a few file accesses or modifications from escapes.
Confusingly, Docker now has a product called "Docker Sandboxes" [1] which claims to use "microVMs" for sandboxing (separate VM per "agent"), so it's unclear to me if those rely on the same trust boundaries that traditional docker containers do (namespaces, seccomp, capabilities, etc), or if they expect the VM to be the trust boundary.
"Yes, Kimi K2.5 is an open source AI model. Developers and researchers can explore its architecture, build new solutions, and experiment openly. Model weights and code are publicly available on Hugging Face and the official GitHub repository."
Our only modification part is that, if the Software (or any derivative works
thereof) is used for any of your commercial products or services that have
more than 100 million monthly active users, or more than 20 million US dollars
(or equivalent in other currencies) in monthly revenue, you shall prominently
display "Kimi K2.5" on the user interface of such product or service.
Correct. (and I know you already know this but just for the record: (Nearly?) Everybody abuses the term "open source" when it comes to models. OSI have a post about it: https://opensource.org/ai/open-weights
Although it is not OSI approved, the license theoretically didn't add any more restrictions beyond attribution, which stays in line with The Open Source Definition.
Correct again -- CC- applies to data, not code -- weights are data, open weights suggests a creative commons approach …
“
CC-BY 4.0
Creative Commons Attribution 4.0 International
This license requires that reusers give credit to the creator. It allows reusers to distribute, remix, adapt, and build upon the material in any medium or format, even for commercial purposes.
BY
Credit must be given to you, the creator.
”
it's annoying the open source term is being cargo-culted around and I hate to say it but that ship looks like it has sailed.
funny that free software people were infuriated by the open source term and now the open source term is being completely misused in another context
Their definition matters more than most, I mean, anyone can define anything however they like. Hell, Windows is open-source, because I said so.
Also, even if it were not for the OSI, this still wouldn't be open source. Because there's no source code available. It's open-weight, which is a different thing. The models weights are, essentially, the "compiled" output. The input and algorithms, we don't know.
Cursor have said they are using Composer through their inference provider (Fireworks). Presumably the MIT is not viral like the GPL, so Cursor, and companies that use Cursor do not need to display Kimi attribution on their products.
It's definitely not what Kimi wanted, but it sounds like this is what is written.
Unironically this is probably the future of the web. The Ryanairs of the world get to inject their ads/upsells into the MCP response. The AI corps don't have their agents banned for scraping.
> And over that time I've worked in many places around the world, developing countries, tropical islands, small huts on remote mountains. And I've lost maybe a day of work because of connectivity issues. I've been deep in a rainforest during a monsoon and still had 4g connection.
If it's any consolation, Bavaria is a beautiful part of the world that's up there with any tropical island or rainforest. I hope to visit again sometime.
https://cloud.google.com/blog/products/gcp/exploring-contain...
reply