lovely.

hidekarma: hide accounts below certain karma threshold

hideage: hide accounts newer than 1 week/1 month/6 months

these should be opt-in. people that care can turn them on.

Why do you need things to do?

Meditate on this. Everything else is noise.

How much context is eaten up by skills that rehash what a SOTA model should already know?

Maybe token-wise, it's a wash: Elixir/OTP does a lot without third-party libs, which would require massive npm dependencies to achieve the same thing.

AI has made it possible for me to build several one-off personal tools in the matter of a couple of hours and has improved my non-tech life as a result. Before, I wouldn't even have considered such small projects because of the effort needed. It's been relieving not to have to even look at code, assuming you can describe your needs in a good prompt. On the other hand, I've seen vibe coded codebases with excessive layers of abstraction and performance issues that came from a possibly lax engineering culture of not doing enough design work upfront before jumping into implementation. It's a classic mistake, that is amplified by AI.

Yes, average code itself has become cheap, but good code still costs, and amazing code, well, you might still have an edge there for now, but eventually, accept that you will have to move up the abstraction stack to remain valuable when pitted against an AI.

What does this mean? Focus on core software engineering principles, design patterns, and understanding what computer is doing at a low level. Just because you're writing TypeScript doesn't mean you shouldn't know what's happening at the CPU level.

I predict the rise in AI slop cleanup consultancies, but they'll be competing with smarter AIs who will clean up after themselves.

While the microVM route is more secure, it's more complicated and ops are tricky, but you can do some cool things to optimize startup time like when I was working on a function as a service platform, and to reduce TTFB, I trapped the `listen()` call, sent a VSOCK message to the VMM to trigger a freeze, snapshot the VM and save it as a "template". Then for every request, the snapshot was cloned (with some file system tricks like CoW) and resumed to handle the request. It "just" worked, but the orchestration was kludgy.

In the second incarnation of this, I decided to use Linux containers with the gVisor sandbox. You can take a look at my project https://github.com/ammmir/sandboxer which uses Podman and gVisor underneath; it's good enough for a prototype. Later on, you can swap it out with Firecracker microVM, if necessary. In fact, I'm thinking of adding microVM support to sandboxer itself. If you wanted to do it yourself, swap out ContainerEngine() with a new implementation based on calling out to Firecracker. You'll need some way to do disk volume management (grow, clone, shared, cross-machine? good luck!), snapshots, etc.

Comments URL: https://news.ycombinator.com/item?id=45134411

Points: 3

# Comments: 0

Hi, I'm a seasoned software professional with 15+ years of experience across the stack, from low-level systems and protocols to web and mobile apps to DevOps CI/CD pipeline engineering to modern AI/LLM/agentic workflows. I like solving real business problems using stable and proven tools, as well as prototyping ideas, so whether you're looking to build a v1 of your product, a DevOps engineer, or looking for a CTO for a more established org, please reach out!

Technologies: TypeScript, Python, Go, JavaScript, Rust, Lua, Next.js, OpenResty, Nginx, PHP, Docker, Podman, CRIU, Linux namespaces, Firecracker, Express, Deno, Bun, Node.js, HTTP, X.509, TLS/SSL, SMTP, OAuth, OIDC, JWT, PostgreSQL, SQLite, Redis, MySQL, AI agents, LLM, RAG, vector databases, FastAPI, MCP, Streamlit, ELK, Terraform, OpenTelemetry

Résumé/CV: https://amirmalik.net/resume

Email: amir@amirmalik.net

Remote: Yes

Willing to relocate: No

Technologies: TypeScript, Python, Go, Rust, Lua, JavaScript, Next.js, OpenResty, Nginx, PHP, Docker, Podman, CRIU, Linux namespaces, Firecracker, Express, Deno, Bun, Node.js, HTTP, X.509, TLS/SSL, SMTP, OAuth, OIDC, JWT, PostgreSQL, SQLite, Redis, MySQL, AI agents, LLM, RAG, vector databases, FastAPI, MCP, Streamlit, ELK, Terraform, OpenTelemetry, DevOps

Résumé/CV: https://amirmalik.net/resume

Email: amir@amirmalik.net

Hey HN! I'm a seasoned software professional with 15+ years of experience across the stack, from low- level systems and protocols to web and mobile apps to modern AI/LLM/agentic workflows. I like solving real business problems using stable and proven tools, as well as prototyping ideas, so whether you're looking to build a v1 of your product or looking for a CTO for a more established org, please reach out!

P.S. If you want a taste of how I think/work, check out this blog post I wrote on building secure code sandboxes for LLM agents: https://amirmalik.net/2025/03/07/code-sandboxes-for-llm-ai-a... -- also, a I open-sourced a more advanced sandbox server: https://github.com/ammmir/sandboxer

The restore checkpoint/redo is too linear for my lizard brain. Am I wrong to want a tree-based agentic IDE? Why has nobody built it?

A novel concept that I haven't seen implemented properly yet, perhaps useful for AI coding agents, is that a sandbox can be forked at any point. Similar to how you can fork a PostgreSQL database, you can fork a sandbox, which creates an independent sandbox with all of the changes in it. Technically, I tried to implement this with checkpoint/restore using CRIU, but ran into some issues with nesting beyond 2 levels deep and custom user namespaces for security. And it was difficult to use get CRIU to work with Linux programs that use shared memory segments, and other Unixy things. I ended up switching to file system diffs and using reflinks on XFS to get some Copy-on-Write semantics.

Features:

* Automatic HTTPS with unique URL per sandbox (no need to deal with ingresses or exposing ports)

* Static token auth or GitHub app auth

* Built-in UI

* Multi-tenant ready: each user gets their own network

* List, download, and upload files into sandboxes

* Fork sandboxes to create arbitrary depths of clones

It's still in early stages, but it should be usable. I'd love your feedback and ideas on where to take this :) Personally, I want to use this as a code execution backend for local AI agents.

[1] https://amirmalik.net/2025/03/07/code-sandboxes-for-llm-ai-a...

Comments URL: https://news.ycombinator.com/item?id=43912645

Points: 1

# Comments: 1

Remote: Yes (unless local to BKK, or somewhere nearby like Singapore)

Willing to relocate: No

Technologies: TypeScript, Python, Go, Rust, Lua, JavaScript, Next.js, OpenResty, Nginx, PHP, Docker, Podman, CRIU, Linux namespaces, Firecracker, Express, Deno, Bun, Node.js, HTTP, X.509, TLS/SSL, SMTP, OAuth, OIDC, JWT, PostgreSQL, SQLite, Redis, MySQL, AI agents, LLM, RAG, vector databases, FastAPI, MCP, Streamlit, ELK, Terraform, OpenTelemetry, DevOps

Résumé/CV: https://amirmalik.net/resume

Email: amir@amirmalik.net

Hey HN! I'm a seasoned software professional with 15+ years of experience across the stack, from low-level systems and protocols to web and mobile apps to modern AI/LLM/agentic workflows. I like solving real business problems using the latest tools, without introducing too many shiny new toys.

If you want a taste of how I think and work, check out this blog post I wrote on building secure code sandboxes for LLM agents: https://amirmalik.net/2025/03/07/code-sandboxes-for-llm-ai-a... -- also, I'm building a self-hostable, open-source sandboxing server based: https://github.com/ammmir/sandboxer -- Show HN coming soon!

I'm looking for short-term consulting gigs (open to long-term), so whether you're looking to prototype something new in order to catch the AI hype train, or something more traditional, please reach out ASAP!

https://github.com/ammmir/sandboxer

It may not be useful, but it's been fun, and I've honed my gut-level experience in Docker, Podman, Linux namespaces, Checkpoint/Restore, CRIU, and more. The ultimate goal is to hand each AI agent iteration a sandbox of its own (forked from the previous iteration), and have it build apps in private sandboxes. You'll be able to view intermediate progress as the app is being built (or failed rabbit holes), since each sandbox gets a unique URL automatically. Like, imagine if each commit of your git repo had its own URL to preview the app!

[1] https://amirmalik.net/2025/03/07/code-sandboxes-for-llm-ai-a...

Regarding the verbosity, yeah, it's interesting how model providers make more money from more tokens used, and you/we end up paying for it somehow. When you're doing lots of tool calls, it adds up!

if they can polish up the public facing side of the project, it would instill more confidence.