Hacker News new | ask | show | jobs
by mavdol04 166 days ago
I see what you mean, but i think there is room for both approaches.

If we want to isolate untrusted code at a very fine-grained level (like just a specific function), VMs can feel a bit heavy due to the overhead, complexity etc
1 comments
quotemstr 166 days ago
What you really want to do is decouple the sandbox specification annotations from the sandbox implementation backend, yes?
link