Comment by simonw

Comment by simonw 18 hours ago

17 replies

View on Hacker News

Forget about the AI bit. Do you think it's interesting that MicroQuickJS can be used from Python via FFI or as a compiled module, and can also be compiled to WebAssembly and called from Node.js and Deno and from Pyodide running in a browser?

... and that it provides a useful sandbox in that you can robustly limit both the memory and time allowed, including limiting expensive regular expression evaluation?

I included the AI bit because it would have been dishonest not to disclose how I used AI to figure this all out.

alabhyajindal 18 hours ago

It's interesting but I don't think it belongs as a comment under this post. I can use LLMs to create something tangential for each project posted on HN, and so can everyone else. If we all started doing this then the comment section will quickly become useless and not on point.

Reply View 9 replies
  • TheTaytay 7 hours ago

    Tangential would be “I wrote a Fibonacci function in this and it worked, just like it said on the tin!”

    Compiling this to wasm and calling it from python as a sandboxed runtime isn’t tangential. I wouldn’t have know from reading the project’s readme that this was possible, and it’s a really interesting use case. We might as well get mad at simonw for using an IDE while he explored the limits of a new library.

    Reply View 0 replies
  • rpdillon 16 hours ago

    Software system is released, comments talk about how to integrate it with other software systems. Seems on-topic.

    Reply View 0 replies
  • keeganpoppen 17 hours ago

    but there is signal in what people are inspired to do upon seeing a new project-- why not simply evaluate the interestingness level of these sorts of mashups on their own terms? it actually feels very "hacker"-y to go out and show people possibilities like this. i have no particular comment on how "interesting" the derivative projects are in this case, but i have a feeling if his original post had been framed more like "i think it's super interesting how easy it is to use via FFI on various runtimes X & Y (oh btw in the spirit of full transparency: i used ai to help me. and you can see more details at <link>). especially because i think everyone who peruses HN with some regularity is likely to know of simon's work in at least some capacity, and i am-- speaking only for myself-- essentially always interested in any sort of project he embarks on, especially his llm-assisted experiments and stuff. but hey-- at the end of the day, all of this value judgment is realized as plainly as possible with +1 / -1 (up- and down-vote) and i guess it just is what it is. if number bad, HN no like. shrug.

    Reply View 2 replies
    • alabhyajindal 17 hours ago

      I agree that there is signal, and that phrasing his original post as you pointed out would have been better.

      My issue is that the cost, in terms of time, for these experiments have really gone down with LLMs. Earlier, if someone played around with the posted project, we knew they spent a reasonable amount of time on it, and thus care about the subject. With LLMs, this is not the case.

      Reply View 1 reply
      • TheTaytay 7 hours ago

        That’s true - the assumed time is different now. We have to judge it on the content/findings of the experiment, rather than the fact that someone experimented with it. I share your frustration with random GitHub repos though. Used to, if someone could create a new GitHub repository with a few commits, there was likely to be some intelligence or quality behind it, but I commonly stumble across vibe coded slop with AI-slop READMEs. So maybe you are describing a similar reaction here in HN posts.

        Reply View 0 replies
  • Imustaskforhelp 17 hours ago

    Offtopic but I went to your website and saw that you created hackernews-mute and recently I was commenting about how one must have created such an extension and ranted about it. So kudos for you to have created it earlier on.

    Maybe we HN users have minds in sync :)

    https://news.ycombinator.com/item?id=46359396#46359695

    Have a nice day! Awesome stuff, would keep an eye on your blog, Does your blog/website use mataroa by any chance as there are some similarities even if they are both minimalist but overall nice!

    Reply View 3 replies
    • alabhyajindal 17 hours ago

      Thank you! I don't use Mataroa but I can see the similarities. My current blog setup is a Python script that parses content written in markdown and emits HTML. The CSS is inspired by the other minimal blogs I see here.

      Thanks a lot for checking out my blog/project. Have a great day!

      Reply View 0 replies
eichin 18 hours ago

Usually I watch your stuff very closely (and positively) because you're pushing the edges of how LLMs can be useful for code (and are a lot more honest/forthwright than most enthusiasts about it Going Horribly Wrong and how much work you need to do to keep on top of it.) This one... looks like a crossbar of random things that don't seem like things anyone would actually want to do? Mentioning the sandboxing bit in the first post would have helped a lot, or anything that said why that particular modes are interesting.

Reply View 5 replies
  • simonw 17 hours ago

    Yeah, I failed completely to explain the context here.

    I'm currently on a multi-year side-quest to find safe ways to execute untrusted user-provided code in my Python and web applications.

    As such, I pay very close attention to any new language or library that looks like it might be able to provide a robust sandbox.

    MicroQuickJS instantly struck me as a strong candidate for that, and initial protoyping has backed that up.

    None of that was clear from my original comment.

    Reply View 4 replies
    • Imustaskforhelp 17 hours ago

      I had been in a similar boat and here are some softwares that I recommend or would discuss with you

      https://github.com/libriscv/libriscv (I talked with the author of this project, amazing author fwsgonzo is amazing) and they told me that this has the least latency out of any sandbox at only minor consequence of performance that they know of

      Btw for sandboxing, kvm itself feels good too and I had discussed it with them in their discord server when they had mentioned that they were working on a minimal kvm server which has since been open sourced (https://github.com/varnish/tinykvm)

      Honestly Simon, Deno hosting/the way deno works is another good interesting tidbit for sandboxing. I wish something like deno's sandboxing capabilities came to python perhaps since python fans can appreciate it.

      I will try to look more into your github repository too once I get more free.

      Reply View 0 replies
    • claar 17 hours ago

      Ah, reading this comment makes your original post 10x more interesting. I guess this is "start with why" in action. :)

      Reply View 0 replies
    • AtlasBarfed 16 hours ago

      It is depressing the age of llm coding power came during python and JavaScript.

      Unfortunately it means those languages will be the permanent coding platforms.

      Reply View 1 reply
      • justatdotin 15 hours ago

        > Unfortunately it means those languages will be the permanent coding platforms.

        not really,

        I suspect training volume has a role in debugging a certain class of errors, so there is an advantage to python/ts/sql in those circumstances: if, as an old boss once told me, you code by the bug method :)

        The real problems I've had that hint at training data vs logic have been with poorly documented old versions of current languages.

        To me, the most amazing capability is not the code they generate but the facility for natural language analysis.

        my experience is that agent tools enable polyglot systems because we can now use the right tool for the job, not just the most familiar.

        Reply View 0 replies
Imustaskforhelp 17 hours ago

Simon although I find it interesting. And I respect you in this field. I still feel like the reason people call out AI usage or downvote in this case is that in my honest opinion, it would be also more interesting to see people actually write the code and more so (maintain) it as well and create a whole community/github project around microquickjs wasm itself

I read this post of yours https://simonwillison.net/2025/Dec/18/code-proven-to-work/ and although there is a point that can be made that what you are doing isn't a job and I myself create prototypes of code using AI, long term (in my opinion) what really matters are the maintainance and claim (like your article says in a way, that I can pin point a person whose responsible for code to work)

If I find any bug right now, I wouldn't blame it on you but AI and I have varying amount of trust on it

My opinion on the matter is that for prototyping AI can be considered good use but long term it definitely isn't and I am sure that you share a similar viewpoint.

I think that AI is so contrasting that there stops existing any nuance. Read my recent comment (although warning, its long) (https://news.ycombinator.com/item?id=46359684)

Perhaps you can build a blog post about the nuance of AI? I imagine that a lot of people might share a similar aspect of AI policy where its okay to tinker with it. I am part of the new generation and trust be told I don't think that there becomes much incentives long term unless someone realizes things of not using AI because using AI just feels so lucrative for especially the youngsters.

I am 17 years old and I am going to go into a decent college with (might I add immense competition to begin with) when I have passion about such topics but only to get dissuaded because the benchmark of solving assignments etc. are done by AI and the signal ratio of universities themselves are reducing but they haven't reduced to the point that they are irrelevant but rather that you need to have a university to try to get a job but companies have either freezed hiring which some point out with LLM's

If you ask me, Long term to me it feels like more people might associate themselves with hobbyist computing and even using AI (to be honest sort of like pewdiepie) without being in the industry.

I am not sure what the future holds for me (or for any of us as a matter of fact) but I guess the point I am trying to state is that there is nuance to the discussion from both sides

Have a nice day!

Reply View 0 replies