undefined | Better HN

0 pointssimonw3mo ago0 comments

Yeah, I failed completely to explain the context here.

I'm currently on a multi-year side-quest to find safe ways to execute untrusted user-provided code in my Python and web applications.

As such, I pay very close attention to any new language or library that looks like it might be able to provide a robust sandbox.

MicroQuickJS instantly struck me as a strong candidate for that, and initial protoyping has backed that up.

None of that was clear from my original comment.

0 comments

Imustaskforhelp3mo ago

I had been in a similar boat and here are some softwares that I recommend or would discuss with you

https://github.com/libriscv/libriscv (I talked with the author of this project, amazing author fwsgonzo is amazing) and they told me that this has the least latency out of any sandbox at only minor consequence of performance that they know of

Btw for sandboxing, kvm itself feels good too and I had discussed it with them in their discord server when they had mentioned that they were working on a minimal kvm server which has since been open sourced (https://github.com/varnish/tinykvm)

Honestly Simon, Deno hosting/the way deno works is another good interesting tidbit for sandboxing. I wish something like deno's sandboxing capabilities came to python perhaps since python fans can appreciate it.

I will try to look more into your github repository too once I get more free.

AtlasBarfed3mo ago

It is depressing the age of llm coding power came during python and JavaScript.

Unfortunately it means those languages will be the permanent coding platforms.

justatdotin3mo ago

> Unfortunately it means those languages will be the permanent coding platforms.

not really,

I suspect training volume has a role in debugging a certain class of errors, so there is an advantage to python/ts/sql in those circumstances: if, as an old boss once told me, you code by the bug method :)

The real problems I've had that hint at training data vs logic have been with poorly documented old versions of current languages.

To me, the most amazing capability is not the code they generate but the facility for natural language analysis.

my experience is that agent tools enable polyglot systems because we can now use the right tool for the job, not just the most familiar.

claar3mo ago

Ah, reading this comment makes your original post 10x more interesting. I guess this is "start with why" in action. :)

j / k navigate · click thread line to collapse