2 comments

[ 3.1 ms ] story [ 22.8 ms ] thread
I haven't read the whole article but what are your thoughts on using the recent AWS Lambda Microvm's which are stateful for sometime. I imagine that lambda might give some issues

> We deliberately traded features for properties we could verify: no egress, no dependencies, no credentials in v1. In exchange we got tenant isolation we didn't have to build and a runner whose stolen credentials open nothing. Most importantly, we got the feature into real users' hands quickly - and the feedback flowing.

This line and the no X, no Y, no Z sounds a bit too LLM-isy. Could you please answer if article was in any capacity generated with the use of LLMs?

Interesting approach. The Lambda cold-start tradeoff is real but for untrusted code isolation it is hard to beat the security boundary. One parallel: DMARC enforcement works similarly - it is a hard boundary at the DNS level rather than trying to inspect and filter, which tends to be more reliable than heuristic approaches.