Hacker News: ushakov

New comment by ushakov in "Ggml.ai joins Hugging Face to ensure the long-term progress of Local AI"

ushakov — Fri, 20 Feb 2026 20:16:55 +0000

the code is not public, so we can't know. i think it's much more nuanced and certain users' comments might get a preferential treatment, based on factors other than the upvote count - which itself is hidden from us.

New comment by ushakov in "Ggml.ai joins Hugging Face to ensure the long-term progress of Local AI"

ushakov — Fri, 20 Feb 2026 18:18:41 +0000

of course your comment attracts more upvotes - it's at the top.

New comment by ushakov in "Ggml.ai joins Hugging Face to ensure the long-term progress of Local AI"

ushakov — Fri, 20 Feb 2026 18:10:30 +0000

i don't doubt this. i just find it questionable that one particular poster always gets in the spotlight when AI is the topic - while other conversations in my opinion offer more interesting angles.

New comment by ushakov in "Ggml.ai joins Hugging Face to ensure the long-term progress of Local AI"

ushakov — Fri, 20 Feb 2026 17:58:16 +0000

i am curious, why are your comments always pinned to the top?

New comment by ushakov in "AWS Adds support for nested virtualization"

ushakov — Fri, 13 Feb 2026 15:37:39 +0000

We are running Sandboxes for AI Agents using Firecracker microVMS @ E2B

New comment by ushakov in "Ex-GitHub CEO launches a new developer platform for AI agents"

ushakov — Tue, 10 Feb 2026 23:57:28 +0000

$1.5M seed bets, maybe. not $60M though

New comment by ushakov in "Matchlock – Secures AI agent workloads with a Linux-based sandbox"

ushakov — Sun, 08 Feb 2026 13:29:53 +0000

just from looking at it

on Linux it runs Firecracker: https://github.com/jingkaihe/matchlock/blob/main/pkg/vm/linu...

on macOS uses the Apple's Virtualization.Framework Go wrapper: https://github.com/jingkaihe/matchlock/blob/main/pkg/vm/darw...

Almostnode – Node.js in the Browser

ushakov — Sun, 08 Feb 2026 13:23:43 +0000

Article URL: https://github.com/macaly/almostnode

Comments URL: https://news.ycombinator.com/item?id=46933982

Points: 1

# Comments: 0

New comment by ushakov in "Matchlock – Secures AI agent workloads with a Linux-based sandbox"

ushakov — Sun, 08 Feb 2026 12:08:32 +0000

very cool, if you want cross-platform microvms, there's an interesting project called libkrun that powers projects like Podman and Colima.

here's a Go binding: https://github.com/mishushakov/libkrun-go

demo (on Mac): https://x.com/mishushakov/status/2020236380572643720

New comment by ushakov in "Monty: A minimal, secure Python interpreter written in Rust for use by AI"

ushakov — Sat, 07 Feb 2026 01:48:33 +0000

i think there’s a confusion around what use-case Monty is solving (i was confused as well). this seems to isolate in a scope of execution like function calls, not entire Python applications

New comment by ushakov in "Monty: A minimal, secure Python interpreter written in Rust for use by AI"

ushakov — Sat, 07 Feb 2026 01:46:16 +0000

we’re not disagreeing here - i meant for general use-case VMs are better, for some application-specific calls Monty this might suffice.

although you’d still need another boundary to run your app in to prevent breaking out to other tenants.

New comment by ushakov in "Monty: A minimal, secure Python interpreter written in Rust for use by AI"

ushakov — Sat, 07 Feb 2026 01:32:46 +0000

agree. you still need a secure boundary like VM to isolate the tenants in case the model breaks out of the sandbox.

everything that you don’t want your agent to access should live outside of the sandbox.

New comment by ushakov in "Monty: A minimal, secure Python interpreter written in Rust for use by AI"

ushakov — Sat, 07 Feb 2026 01:23:01 +0000

best answer is probably to have a layered approach - use this to limit what the generated code can do, wrap it in a secure VM to prevent leaking out to other tenants.

New comment by ushakov in "Monty: A minimal, secure Python interpreter written in Rust for use by AI"

ushakov — Sat, 07 Feb 2026 01:19:51 +0000

there’s no way around VMs for secure, untrusted workloads. everything else, like Monty has too many tradeoffs that makes it non-viable for any real workloads

disclaimer: i work at E2B, opinions my own

New comment by ushakov in "Deno Sandbox"

ushakov — Tue, 03 Feb 2026 22:21:58 +0000

Factory, Nvidia, Perplexity and Manus are using E2B in production - we ran more than 200 million Sandboxes for our customers

New comment by ushakov in "Sandboxing AI Agents in Linux"

ushakov — Tue, 03 Feb 2026 21:46:37 +0000

for personal use, many ways: Vargant, Docker Sandbox, NixOS VMs, Lima, OrbStack.

if you want multi-tenant: E2B (open-source, self-hosted)

New comment by ushakov in "Deno Sandbox"

ushakov — Tue, 03 Feb 2026 21:30:01 +0000

we aren’t worried about that.

when we were starting out we figured there was no solution that would satisfy our requirements for running untrusted code. so we had to build our own.

the reason we open-sourced this is because we want everyone to be able to run our Sandboxes - in contrast to the majority of our competitors who’s goal is to lock you in to their offering.

with open-source you have the choice, and luckily Manus, Perplexity, Nvidia choose us for their workloads.

(opinions my own)

New comment by ushakov in "Deno Sandbox"

ushakov — Tue, 03 Feb 2026 20:56:41 +0000

we offer secure cloud VMs that scale up to 100k concurrent instances or more.

the value we sell with our cloud is scale, while our Sandboxes are a commodity that we have proudly open-sourced

New comment by ushakov in "Sandboxing AI Agents in Linux"

ushakov — Tue, 03 Feb 2026 20:51:28 +0000

both Docker and bubblewrap are not secure sandboxes. the only way to have actually isolated sandboxes is by using VMs

disclaimer: i work on secure sandboxes at E2B

New comment by ushakov in "Deno Sandbox"

ushakov — Tue, 03 Feb 2026 20:39:16 +0000

10 seconds is actually not that impressive. we spin up Sandboxes around 50-200ms at E2B