<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: benldrmn</title><link>https://news.ycombinator.com/user?id=benldrmn</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Sat, 04 Jul 2026 10:55:17 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=benldrmn" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by benldrmn in "Self-hosted dev sandboxes with preview URLs (Docker, Go, no K8s)"]]></title><description><![CDATA[
<p>I am working on <a href="https://github.com/isola-run/isola" rel="nofollow">https://github.com/isola-run/isola</a> which uses gVisor (not firecracker) on k8s (or something like kind, locally). Includes snapshotting, network controls and everything. Hope you could find this useful</p>
]]></description><pubDate>Thu, 04 Jun 2026 08:32:15 +0000</pubDate><link>https://news.ycombinator.com/item?id=48395836</link><dc:creator>benldrmn</dc:creator><comments>https://news.ycombinator.com/item?id=48395836</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48395836</guid></item><item><title><![CDATA[New comment by benldrmn in "Ask HN: What are you working on? (May 2026)"]]></title><description><![CDATA[
<p>I'm working on Isola (<a href="https://github.com/isola-run/isola" rel="nofollow">https://github.com/isola-run/isola</a>), a passion project of mine. It allows you to easily create and control sandboxes for executing untrusted code on any Kubernetes cluster (one helm install). To support some features I wanted (like on demand snapshotting of specific containers' filesystem in a sandbox pod or limiting egress rate from the sandbox I am working on now) I contributed some changes to gVisor. Happy to chat about the design and implementation of such a project if anyone interested!</p>
]]></description><pubDate>Sun, 10 May 2026 20:09:35 +0000</pubDate><link>https://news.ycombinator.com/item?id=48087413</link><dc:creator>benldrmn</dc:creator><comments>https://news.ycombinator.com/item?id=48087413</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48087413</guid></item><item><title><![CDATA[Show HN: Isola – Open-source sandboxing on Kubernetes]]></title><description><![CDATA[
<p>Hi HN, I am excited to share with you something I have been working on for the past 6 months or so.<p>Isola is an open-source sandbox platform for running untrusted code in your own Kubernetes cluster with gVisor.<p>It took me quite a few iterations to get the api just right. Some design choices:<p>* REST and streaming APIs (building SDKs on top) - executing commands, transferring files, etc<p>* flexible network policies, tailored for untrusted workloads<p>* operational simplicity: one Helm install, no external database / Redis / queues etc<p>One example of a feature I like is the ability to snapshot the root filesystem, storing it in some bucket for later restore (exposing the snapshots via a NFS on each cluster node). Useful for initializing a sandbox once and reusing many times, or checkpointing between interactions.<p>It strives to give you a strong platform to develop on, while keeping your data within your network, with your existing observability tools, cloud resources and in-cluster latency.<p>Happy to get your thoughts, answer questions or talk more about the design and implementation of Isola.</p>
<hr>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47848439">https://news.ycombinator.com/item?id=47848439</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Tue, 21 Apr 2026 13:21:02 +0000</pubDate><link>https://github.com/isola-run/isola</link><dc:creator>benldrmn</dc:creator><comments>https://news.ycombinator.com/item?id=47848439</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47848439</guid></item><item><title><![CDATA[New comment by benldrmn in "AI Usage Policy"]]></title><description><![CDATA[
<p>Funny, I had a similar experience TAing “Intro to CS” (first semester C programming course). The student was certain he encountered a compiler bug (pushing back on my assumption there was something wrong with their code, since while compilers do have bugs, they are probably not in the code generation of a nested for loop). After spending a few minutes parsing their totally unindented code, the off-by-one error revealed itself</p>
]]></description><pubDate>Fri, 23 Jan 2026 14:31:15 +0000</pubDate><link>https://news.ycombinator.com/item?id=46732913</link><dc:creator>benldrmn</dc:creator><comments>https://news.ycombinator.com/item?id=46732913</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46732913</guid></item><item><title><![CDATA[Verify enclave counterparties with reproducible builds and remote attestation]]></title><description><![CDATA[
<p>Article URL: <a href="https://aws.amazon.com/blogs/web3/verify-enclave-counterparties-with-reproducible-builds-and-cryptographic-attestation-using-aws-nitro-enclaves/">https://aws.amazon.com/blogs/web3/verify-enclave-counterparties-with-reproducible-builds-and-cryptographic-attestation-using-aws-nitro-enclaves/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=45606390">https://news.ycombinator.com/item?id=45606390</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Thu, 16 Oct 2025 15:12:01 +0000</pubDate><link>https://aws.amazon.com/blogs/web3/verify-enclave-counterparties-with-reproducible-builds-and-cryptographic-attestation-using-aws-nitro-enclaves/</link><dc:creator>benldrmn</dc:creator><comments>https://news.ycombinator.com/item?id=45606390</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45606390</guid></item><item><title><![CDATA[Establishing verifiable security: Reproducible builds and AWS Nitro Enclaves]]></title><description><![CDATA[
<p>Article URL: <a href="https://aws.amazon.com/blogs/web3/establishing-verifiable-security-reproducible-builds-and-aws-nitro-enclaves/">https://aws.amazon.com/blogs/web3/establishing-verifiable-security-reproducible-builds-and-aws-nitro-enclaves/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=44858546">https://news.ycombinator.com/item?id=44858546</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Sun, 10 Aug 2025 21:39:58 +0000</pubDate><link>https://aws.amazon.com/blogs/web3/establishing-verifiable-security-reproducible-builds-and-aws-nitro-enclaves/</link><dc:creator>benldrmn</dc:creator><comments>https://news.ycombinator.com/item?id=44858546</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44858546</guid></item><item><title><![CDATA[Build secure multi-party computation (MPC) wallets using AWS Nitro Enclaves]]></title><description><![CDATA[
<p>Article URL: <a href="https://aws.amazon.com/blogs/web3/build-secure-multi-party-computation-mpc-wallets-using-aws-nitro-enclaves/">https://aws.amazon.com/blogs/web3/build-secure-multi-party-computation-mpc-wallets-using-aws-nitro-enclaves/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=43082457">https://news.ycombinator.com/item?id=43082457</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Mon, 17 Feb 2025 19:28:01 +0000</pubDate><link>https://aws.amazon.com/blogs/web3/build-secure-multi-party-computation-mpc-wallets-using-aws-nitro-enclaves/</link><dc:creator>benldrmn</dc:creator><comments>https://news.ycombinator.com/item?id=43082457</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43082457</guid></item></channel></rss>