When I cut my finger, white-blood cells rush in, seal the wound, and remember the invader for next time.
When my laptop is handed a shady file named free-movie.exe, nothing comparable happens unless a huge antivirus suite
is installed, updated, and awake.
Most of my little machines (a travel laptop, a Raspberry Pi on the roof, a test virtual-machine) are too poor or too isolated for heavyweight security software. They skate through life naked, protected only by luck.
That mismatch felt wrong.
So I asked a single, stubborn question:
How small can a digital immune cell be and still matter?
I wanted a defender that would fit in the corner of any computer and still do real work. For a first draft I set five strict rules:
- Tiny – a few hundred lines of C, not a multi-megabyte runtime.
- Self-aware – if even one byte of its code changes, it must refuse to run.
- Hard to kill – casual signals or a “Close” button should bounce off.
- Low noise – log only when something odd truly happens.
- Offline friendly – no cloud look-ups, no nightly downloads.
With those rules I copied ideas straight from biology:
| Human idea | Digital copy inside Sentinel-R1 |
|---|---|
| Skin | Mark its own code pages read-only. |
| DNA check | Compare its SHA-256 fingerprint to a baseline file at every start-up. |
| Pain sensor | Keep a secret block of memory; if it flips, heal it and log “something touched me.” |
| First responders | Scan running programs; if the name holds virus, crypt, or mal, kill the process. |
| Fever | Watch CPU load; shout if it burns above 90 % for three patrols. |
| Street sweeper | Watch /tmp; quarantine any freshly written file whose name smells bad. |
The result is a one file program that idles at roughly 1 MB of RAM, uses zero CPU when calm, and writes a neat line to sentinel.log only when it bites.
- Old or low-power boxes – A Pi collecting weather data can’t run a heavyweight scanner but can host a 1 MB guard.
- Offline machines – A laptop at a campsite can’t pull signature updates; Sentinel works with what it ships.
- Shared school PCs – Students drop “game-hack.exe” into
/tmp; Sentinel quietly moves it to quarantine. - Disposable test VMs – Spun up for ten minutes; Sentinel takes two seconds to compile and is on duty immediately.
- Teaching – Every defence layer is visible in a handful of lines; learners can break and extend it safely.
The current blueprint is only the innate layer. Future organs are already sketched:
- Seccomp skeleton – lock Sentinel itself to 20 harmless syscalls.
- Antibody library – load YARA rules so it recognises famous malware signatures.
- DNA backups – keep an encrypted twin copy in RAM; if the file is deleted, the twin revives it.
- Network complement – cut traffic to known bad servers with Netfilter.
- Learning brain – use a small eBPF model to learn what “normal” looks like and flag strange spikes.
- Signed vaccines – fetch new rule packs over HTTPS, accept only if cryptographically signed.
Each add-on is just another function block, easily audited and toggled—no hidden heaviness.
Seat belts cannot stop a train wreck, yet they prevent thousands of small tragedies every day with almost no cost.
Sentinel-R1 aims at the same sweet spot:
small effort, large everyday gain.
It will not beat a nation-state zero-day tomorrow, but it will knock out most of the lazy, noisy, common attacks that
ruin ordinary evenings—and it will do so on machines that bigger tools ignore.
A computer protected by Sentinel-R1 is like a body that finally grew its first layer of skin and a pocketful of white-blood cells. For many situations, that is the difference between a scratch and an infection.
That is why I built it, and why I believe every lone laptop, Pi, or field sensor deserves a tiny immune system of its own.