Hacker News: shayonj

Building a Tiny FUSE Filesystem

shayonj — Sun, 14 Jun 2026 16:37:31 +0000

Article URL: https://www.shayon.dev/post/2026/161/building-a-tiny-fuse-filesystem/

Comments URL: https://news.ycombinator.com/item?id=48529287

Points: 2

# Comments: 0

Exploring building a tiny FUSE filesystem

shayonj — Fri, 12 Jun 2026 16:38:10 +0000

Article URL: https://www.shayon.dev/post/2026/161/building-a-tiny-fuse-filesystem/

Comments URL: https://news.ycombinator.com/item?id=48506286

Points: 79

# Comments: 14

Building a Tiny FUSE Filesystem

shayonj — Thu, 11 Jun 2026 18:04:07 +0000

Article URL: https://www.shayon.dev/post/2026/161/building-a-tiny-fuse-filesystem/

Comments URL: https://news.ycombinator.com/item?id=48494100

Points: 2

# Comments: 0

I am not leaving GitHub any time soon

shayonj — Wed, 29 Apr 2026 15:16:46 +0000

Article URL: https://www.shayon.dev/post/2026/118/i-am-not-leaving-github-any-time-soon/

Comments URL: https://news.ycombinator.com/item?id=47949624

Points: 2

# Comments: 0

GitHub Down Again

shayonj — Mon, 27 Apr 2026 17:03:18 +0000

Article URL: https://www.githubstatus.com/incidents/ql942tw29yl6

Comments URL: https://news.ycombinator.com/item?id=47924260

Points: 14

# Comments: 2

Shipping Fast Requires a High Degree of Trust

shayonj — Sun, 12 Apr 2026 15:58:11 +0000

Article URL: https://www.shayon.dev/post/2024/7/shipping-fast-requires-a-high-degree-of-trust/

Comments URL: https://news.ycombinator.com/item?id=47741232

Points: 1

# Comments: 1

Fast sandboxed code execution with pre-warmed gVisor pools

shayonj — Tue, 31 Mar 2026 16:31:49 +0000

Article URL: https://github.com/shayonj/gvisord

Comments URL: https://news.ycombinator.com/item?id=47589885

Points: 2

# Comments: 0

Fast sandboxed code execution with pre-warmed gVisor pools

shayonj — Mon, 30 Mar 2026 12:53:12 +0000

Article URL: https://github.com/shayonj/gvisord

Comments URL: https://news.ycombinator.com/item?id=47573658

Points: 2

# Comments: 0

New comment by shayonj in "Linux Page Faults, MMAP, and userfaultfd for faster VM boots"

shayonj — Fri, 20 Mar 2026 11:29:14 +0000

that's very interesting! I was noticing page vault storm on live migrations as well and I wonder if that's what you were running into / mentioning here regarding the lock contention

New comment by shayonj in "Show HN: Sub-millisecond VM sandboxes using CoW memory forking"

shayonj — Wed, 18 Mar 2026 13:34:16 +0000

> you can do things that aren't practical with 100-200ms startup: speculative parallel execution (fork 10 VMs, try 10 approaches, keep the best), treating code execution like a function call instead of an infrastructure decision, etc.

i am not following, why isn't it practical?

New comment by shayonj in "Show HN: Sub-millisecond VM sandboxes using CoW memory forking"

shayonj — Wed, 18 Mar 2026 13:00:40 +0000

Cool project. +1 on userfaultfd for the multi-node path. Wrote about how uffd-based on-demand restore works wrt to my Cloud Hypervisor change [1] if you are curious.

I think the the main things to watch are fault storms at resume (all vCPUs hitting missing pages at once) and handler throughput if you're serving pages over the network instead of local mmap. I think its less likely to happen when you fork a brand new VM vs say a VM that has been doing things for 5 mins.

Also interestingly, Cloud Hypervisor couldn't use MAP_PRIVATE for this because it breaks VFIO/vhost-user bindings. Firecracker's simpler device model is nice for cases like this.

[1] https://www.shayon.dev/post/2026/65/linux-page-faults-mmap-a...

Linux Page Faults, MMAP, and userfaultfd for faster VM boots

shayonj — Wed, 18 Mar 2026 12:28:44 +0000

Article URL: https://www.shayon.dev/post/2026/65/linux-page-faults-mmap-and-userfaultfd/

Comments URL: https://news.ycombinator.com/item?id=47424881

Points: 59

# Comments: 3

Linux Page Faults, MMAP, and userfaultfd for faster VM restores

shayonj — Sat, 14 Mar 2026 17:57:24 +0000

Article URL: https://www.shayon.dev/post/2026/65/linux-page-faults-mmap-and-userfaultfd/

Comments URL: https://news.ycombinator.com/item?id=47379271

Points: 2

# Comments: 0

New comment by shayonj in "Linux Page Faults, MMAP, and userfaultfd for fast sandbox boot times"

shayonj — Thu, 12 Mar 2026 21:21:21 +0000

That's a good shout. I will update/port it back from here - https://github.com/cloud-hypervisor/cloud-hypervisor/pull/78..., but quite fast

Linux Page Faults, MMAP, and userfaultfd for fast sandbox boot times

shayonj — Thu, 12 Mar 2026 17:10:59 +0000

Article URL: https://www.shayon.dev/post/2026/65/linux-page-faults-mmap-and-userfaultfd/

Comments URL: https://news.ycombinator.com/item?id=47354060

Points: 16

# Comments: 3

Creating virtual block devices with ublk

shayonj — Thu, 12 Mar 2026 15:38:43 +0000

Article URL: https://jpospisil.com/posts/2026-01-13-creating-virtual-block-devices-with-ublk

Comments URL: https://news.ycombinator.com/item?id=47352371

Points: 2

# Comments: 0

A simple L7 proxy for vLLM that manages LoRA adapter storage via NVMes

shayonj — Sun, 08 Mar 2026 22:04:34 +0000

Article URL: https://github.com/shayonj/loraplex

Comments URL: https://news.ycombinator.com/item?id=47302057

Points: 2

# Comments: 0

New comment by shayonj in "Let's discuss sandbox isolation"

shayonj — Sat, 28 Feb 2026 14:08:38 +0000

This is going to be an interesting space to watch I think and big part of offering sandbox as a service basically for enterprise and saas needs.

New comment by shayonj in "Let's discuss sandbox isolation"

shayonj — Sat, 28 Feb 2026 11:09:54 +0000

Yeah, it's hard to hit the right balance with nuance around these and you're spot on. What I meant to get at was the specific difference in default modes where gVisor's systrap intercepts syscalls via seccomp traps and handles them entirely in a user-space Go kernel, so there's no hardware isolation boundary in the memory/execution sense. A microVM puts the guest in a VT-x/EPT-isolated address space, which is a qualitative difference in what enforces the boundary (perhaps?)

Whereas yeah, you can run gVisor in KVM mode where it does use hardware virtualization, and at that point the isolation boundary is much closer to a microVM's. I believe the real difference then becomes more about what's on either side of that boundary where gVisor gives you a memory-safe Go kernel making ~70 host syscalls, a microVM gives you a full guest Linux kernel behind a minimal VMM. So at least in my mind it comes down to a bit of around different trust chains, not necessarily one strictly stronger than the other.

New comment by shayonj in "Let's discuss sandbox isolation"

shayonj — Sat, 28 Feb 2026 11:01:32 +0000

Heya! nice to see you here. In retrospect it feels like CI companies and environments are very well suited for sandboxes since a lot of the problems overlap around ephemeral workloads, running untrusted code, fast cold starts, multi-tenancy isolation. Also, loved Buildkite at a past job! Looking forward to following cleanroom