Comment by eichin

Comment by eichin 19 hours ago

5 replies

View on Hacker News

Usually I watch your stuff very closely (and positively) because you're pushing the edges of how LLMs can be useful for code (and are a lot more honest/forthwright than most enthusiasts about it Going Horribly Wrong and how much work you need to do to keep on top of it.) This one... looks like a crossbar of random things that don't seem like things anyone would actually want to do? Mentioning the sandboxing bit in the first post would have helped a lot, or anything that said why that particular modes are interesting.

simonw 19 hours ago

Yeah, I failed completely to explain the context here.

I'm currently on a multi-year side-quest to find safe ways to execute untrusted user-provided code in my Python and web applications.

As such, I pay very close attention to any new language or library that looks like it might be able to provide a robust sandbox.

MicroQuickJS instantly struck me as a strong candidate for that, and initial protoyping has backed that up.

None of that was clear from my original comment.

Reply View 4 replies
  • Imustaskforhelp 19 hours ago

    I had been in a similar boat and here are some softwares that I recommend or would discuss with you

    https://github.com/libriscv/libriscv (I talked with the author of this project, amazing author fwsgonzo is amazing) and they told me that this has the least latency out of any sandbox at only minor consequence of performance that they know of

    Btw for sandboxing, kvm itself feels good too and I had discussed it with them in their discord server when they had mentioned that they were working on a minimal kvm server which has since been open sourced (https://github.com/varnish/tinykvm)

    Honestly Simon, Deno hosting/the way deno works is another good interesting tidbit for sandboxing. I wish something like deno's sandboxing capabilities came to python perhaps since python fans can appreciate it.

    I will try to look more into your github repository too once I get more free.

    Reply View 0 replies
  • claar 18 hours ago

    Ah, reading this comment makes your original post 10x more interesting. I guess this is "start with why" in action. :)

    Reply View 0 replies
  • AtlasBarfed 18 hours ago

    It is depressing the age of llm coding power came during python and JavaScript.

    Unfortunately it means those languages will be the permanent coding platforms.

    Reply View 1 reply
    • justatdotin 16 hours ago

      > Unfortunately it means those languages will be the permanent coding platforms.

      not really,

      I suspect training volume has a role in debugging a certain class of errors, so there is an advantage to python/ts/sql in those circumstances: if, as an old boss once told me, you code by the bug method :)

      The real problems I've had that hint at training data vs logic have been with poorly documented old versions of current languages.

      To me, the most amazing capability is not the code they generate but the facility for natural language analysis.

      my experience is that agent tools enable polyglot systems because we can now use the right tool for the job, not just the most familiar.

      Reply View 0 replies