3/28/2025 at 6:34:16 PM
That's the system I work on! Please feel free to ask any questions. All opinions are my own and do not represent those of my employer.by topsycatt
3/28/2025 at 10:25:11 PM
I imagine you need to make and destroy sandboxed environments quite often. How fast does your code create a sandboxed environment?Do you make the environments on demand or do you make them preemptively so that one is ready to go the moment that it is needed?
If you make them on demand, have you tested ZFS snapshots to see if it can be done even faster using zfs clone?
by ryao
4/1/2025 at 2:26:49 PM
Sorry for the delay in replying!We actually use gVisor (as stated in the article) and it has a very nifty feature called checkpoint_restore (https://gvisor.dev/docs/user_guide/checkpoint_restore/) which lets us start up sandboxes extremely efficiently. Then the filesystem is just a CoW overlay.
by topsycatt
4/2/2025 at 5:11:47 AM
Thanks for the response. I had misread the article’s description of gVisor and mistook it as something meant to protect the rest of the system rather than something that handled the filesystem part of the sandbox. It is an interesting tool.by ryao
3/29/2025 at 2:43:24 PM
What’s ZFS? That doesn’t sound like a Google internal tool I’ve ever heard of.by dullcrisp
3/29/2025 at 3:08:09 PM
https://en.wikipedia.org/wiki/ZFSIt's a filesystem, to put it simply.
by x-complexity
3/29/2025 at 2:46:52 PM
Oh boy. Get ready for the zealotsby 2OEH8eoCRo0
3/29/2025 at 10:27:57 AM
Seconding this. Also curious if this is done with microkernels (I put Unikraft high on the list of tech I'd use for this kind of problem, or possibly the still-in-beta CodeSandbox SDK – and maybe E2B or Fly but didn't have as good experiences with those).by blixt
3/29/2025 at 9:02:34 AM
I use ZFS, but isn't the situation the sandbox is in totally different? Why would it be optimal?by luke-stanley
3/29/2025 at 5:25:37 PM
If you are making sandboxes, you need to put the files in place each time. With ZFS clones, you can keep referencing the same files repeatedly, so the amount of changes to memory needed to create an environment are minimized. Let’s say the sandbox is 1GB and each clone operation does less than 1MB of memory writes. Then you have a >1000x reduction in writing needed to make the environment.Furthermore, ZFS ARC should treat each read operation of the same files as reading the same thing, while a sandbox made the traditional way would treat the files as unique, since they would be full copies of each other rather than references. ZFS on the other hand should only need to keep a single copy of the files cached for all environments. This reduces memory requirements dramatically. Unfortunately, the driver has double caching on mmap()’ed reads, but the duplication will only be on the actual files accessed and the copies will be from memory rather than disk. A modified driver (e.g. OSv style) would be able to eliminate the double caching for mmap’ed reads, but that is a future enhancement.
In any case, ZFS clones should have clear advantages over the more obvious way of extracting a tarball every time you need to make a new sandbox for a Python execution environment.
by ryao
3/29/2025 at 5:39:36 PM
It's worth noting that if you go down a layer, LVM snapshots are filesystem-independent.by o11c
3/29/2025 at 6:06:57 PM
You need to preallocate space on LVM2 for storing changes and if it fills, bad things happen. You have write amplification of 4MB per write by default on LVM2, while ZFS just writes what is needed, since LVM2 isn't aware of the filesystem structures. All of the advantages WRT cache are gone if you use LVM2 too. Correct me if I am wrong.That said, if you really want to use block devices, you could use zvols to get something similar to LVM2 out of ZFS, but it is not as good as using snapshots on ZFS' filesystems. The write amplification would be lower by default (8KB versus 4MB). The page cache would still duplicate data, but the buffer cache duplication should be bypassed if I recall correctly.
by ryao
3/29/2025 at 4:13:44 PM
I believe they were referring to the use of ZFS snapshots for a Copy-on-Write type setupby RunningDroid
3/28/2025 at 6:50:30 PM
Is the interactive python sandbox incompatible with thinking models? It seems like I can only get the interactive sandbox by using 2.0 flash, not 2.0 flash thinking or 2.5 pro.by hnuser123456
3/28/2025 at 6:53:11 PM
That's a good question! It's not incompatible, it's just a matter of getting the flow right. I can't comment too much on that process but I'm excited for the possibilities there.by topsycatt
3/28/2025 at 7:00:32 PM
Oh, I see Gemini can run code as part of the thinking process. I suppose the sandbox that happens in was the target of this research, while code editing in Gemini Canvas just has a button to export to Colab for running. The screenshots in the research show a "run" button for generated code in the chat, but I'm not seeing that exact interface.In any case, I share your excitement.
by hnuser123456
3/28/2025 at 7:14:40 PM
Canvas actually has a mix of this sandbox (with a different container) and fully client-side.The "run" option for generated code was removed due to underutilization, but the sandbox is still used for things like the data analysis workflow and running extensions amongst other things. It's really just a general purpose sandbox for running untrusted code server-side.
by topsycatt
3/29/2025 at 4:24:05 AM
Is there a way for you to campaign to return the run button for common queries for code examples? It's probably the most powerful educational tool ever invented, to be able to see how the human language description turns into strange computer code which turns into resulting output. If you guys can get it secure enough, it's a killer feature.by hnuser123456
3/29/2025 at 8:22:42 AM
+1 vote hereby sans_souse
3/29/2025 at 8:22:12 AM
Talk about indirect gas-lighting, I can never find info on deprecated functions like this one, to the point I convinced myself I imagined it. I guess now I know who to askby sans_souse
3/29/2025 at 5:23:13 AM
Have you by chance read this paper: https://agent-gen.github.io/by TechDebtDevin
4/1/2025 at 2:27:55 PM
I have not. I'll take a look, thanks!by topsycatt
3/28/2025 at 10:29:22 PM
That's cool. I did something similar in the early days with Google Bard when data visualization was added, which I believe was when the ability to run code got introduced.One question I always had was what the user "grte" stands for...
Btw. here the tricks I used back then to scrape the file system:
https://embracethered.com/blog/posts/2024/exploring-google-b...
by wunderwuzzi23
3/29/2025 at 12:59:18 AM
The "runtime" is a google internal distribution of libc + binutils that is used for linking binaries within the monolithic repo, "google3".This decoupling of system libraries from the OS itself is necessary because it otherwise becomes unmanageable to ensure "google3 binaries" remain runnable on both workstations and production servers. Workstations and servers each have their own Linux distributions, and each also needs to change over time.
by waych
3/29/2025 at 7:56:30 AM
Of course, this meant that some tools got stuck on some old glibc from like 2007.by saagarjha
4/1/2025 at 12:36:30 AM
IIRC Google has a policy whereby all google3 binaries must be rebuilt within a 6-month window. This allows teams to age-out support for old versions of things, including glibc. grte supports having multiple multiple versions of itself installed side-by-side to allow for transition periods ("v5" in the article).by waych
4/1/2025 at 9:15:08 AM
Sure, I'm talking about things linked against grtev4by saagarjha
3/28/2025 at 11:09:08 PM
It says in the article - Google Runtime Environmentby flawn
3/28/2025 at 10:57:32 PM
grte is probably "google runtime environment", I would imagine.by jemfinch
3/28/2025 at 6:53:09 PM
Do you think "hacked Gemini and leaked its source code" is an accurate representation of what happened here?by fragmede
3/28/2025 at 6:54:33 PM
I'm on the Google side of the equation. I think the title is a bit sensationalized, but that's the author's prerogative.by topsycatt
3/28/2025 at 7:07:08 PM
When are we going to be able to run sandboxed php code?by devdudect
3/28/2025 at 8:02:45 PM
You can run PHP in ChatGPT Code Interpreter today if you upload the right binary (also Deno and Lua and more): https://til.simonwillison.net/llms/code-interpreter-expansio...by simonw
3/28/2025 at 7:20:55 PM
We could, it's just not high up on the priority list. Any particular reason you want php?by topsycatt
3/28/2025 at 7:38:19 PM
Possibly they are mildly insaneby alienbaby
3/28/2025 at 10:44:42 PM
>75% of the web's server-side code is php. most of that is WordPress, but lots of people customize it, and being able to write your own themes, plugins, etc is a big dealby 0xbadcafebee
3/28/2025 at 8:16:55 PM
Next step is gemini hosting Personal Home Pages.by egeozcan
3/29/2025 at 2:36:07 AM
Why would you want to run anything else?by ipaddr
3/28/2025 at 7:16:33 PM
> but that's the author's prerogativeYou submitted this.
by koakuma-chan
3/28/2025 at 7:19:06 PM
I submitted this HN link with a title that exactly matches the one on the article, but I didn't write the title on the article. AFAIK HN posts should match the title of the article they link to.by topsycatt
3/28/2025 at 7:29:48 PM
Actually the rule is designed to let you correct misleading titles:"Please use the original title, unless it is misleading or linkbait; don't editorialize." - https://news.ycombinator.com/newsguidelines.html
I've done that now (https://news.ycombinator.com/item?id=43509103).
I appreciate your scruples though! Because even though you would have been on the right side of HN's rules to correct a misleading (and/or linkbait) title, the fact that you work for Google would have opened you to the usual gotcha attacks about conflict of interest. This way we avoided all of that, and it's still a good submission and thread!
by dang
3/28/2025 at 7:38:00 PM
Thank you very much dang!by topsycatt
3/29/2025 at 12:09:38 PM
Can you run the country too?by gorlilla
3/29/2025 at 4:29:48 AM
Dang, you are cool. :)by bitexploder
3/28/2025 at 7:29:09 PM
> AFAIK HN posts should match the title of the article they link to.I am not aware of such rule's existence.
Also "should" not "must."
To be clear: I don't have a problem with you submitting this, but the title appears to be completely false.
by koakuma-chan
3/28/2025 at 7:29:08 PM
From the HN guidelines:> Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize.
Arguably this is misleading or clickbait, but safer to err on the side of using the original title.
by marcellus23
3/28/2025 at 7:23:35 PM
Even better, OP shared something OP didn’t write but thought it was interesting.by wil421
3/28/2025 at 7:46:54 PM
Have you contemplated running the python code in a virtual environment in the browser?by enoughalready
3/28/2025 at 6:52:54 PM
you re the hacker or the google?by seydor
3/28/2025 at 6:53:26 PM
The googleby topsycatt
3/28/2025 at 10:57:30 PM
"im the google" is definitely a top 3 chart synthpop song by ladytron .)by larodi
3/29/2025 at 8:24:13 AM
Can a Mod please change thread title to I'm The Google. AMA.by sans_souse
3/28/2025 at 6:55:58 PM
[flagged]by lugao
3/28/2025 at 9:08:19 PM
Question: how does it feel inside google in terms of losing their lunch to OpenAi? Losing here is very loose, I don’t think OpenAI won yet but seems to have made a leap ahead of google in terms of marker share and we know google was sitting on tons of breakthroughs and research. Any panicking or internal discontent at google’s product policies? No need to answer if you’re uncomforable that your employer may hold you responsible for what you write here.by onemoresoop
3/28/2025 at 10:15:35 PM
This is an unusual opinion in industry, although common with consumers.Currently, Google has the most cost effective model (Flash 2) for tons of corporate work (OCR, classifiers, etc).
They just announced likely the most capable model currently in the market with Gemini 2.5.
Their small open source models (Gemma 3) are very good.
It is true that they've struggled to execute on product, but the actual technology is very good and getting substantial adoption in industry. Personally I've moved quite a few workloads to Google from OpenAI and Anthropic.
My main complaint is that they often release impressive models, but gimp them in experimental mode for too long, without fully releasing them (2.5 is currently in this category).
by mediaman
3/28/2025 at 10:31:34 PM
How does Flash compare to Nova Lite? The latter looks less expensive. I haven’t really used either (used Nova Pro and it was good)by snoman
3/28/2025 at 9:51:15 PM
From my perspective (talking very generally about the mood and environment here), it’s important to remember that Google is a very, very big company with many products and activities outside of AI.As far as I can see, there is a mix of frustration at the slowness of launching, optimism/excitement that there are some really awesome things cooking, and indifference from a lot of people who think AI/LLMs as a product category are quite overhyped.
by MyelinatedT
3/29/2025 at 3:27:25 AM
Idk, I used to want to work for Google but I'm not so sure anymore. They built an awesome landscaper next to my office in London.But the UX and general functionality of their apps and services has been in steep decline for a long time now, imo. There are thousands of examples of the most basic and obvious mistakes and completely uninspired, sloppy software and service design.
by fennecbutt
3/29/2025 at 7:31:01 AM
> obvious mistakes and completely uninspired, sloppy software and service design.That's something you can work on to improve.
A few years back I wanted to work for FAANG big company. Now I don't after working for smaller but with 'big' management. There are rats races, dirty tricks. And engineers don't have much control on what and how they are doing. Many things decided by incompetent managers. Architect position is actually a manager's title, no brain or skills required.
Today I rather go to a small company or startup where the results are visible and appreciated.
by MoonGhost
4/1/2025 at 8:14:22 PM
Well exactly. Sure I could try hard to pass some Google interview with silly exercises and be lucky and get selected most likely by some interviewer who isn't one of the devs but works in HR.But why? When they have so much management now and have just gotten so big that it'd probably be impossible to get anything done.
by fennecbutt
3/28/2025 at 11:35:08 PM
> Google is a very, very big company with many products and activities outside of AI.Profit is what matters though, not number of products. The consumer perception is that Search rakes in the largest profits, so if they lose that, it doesn't matter what else is there. Thoughts?
by dataflow
3/28/2025 at 9:54:58 PM
Nobody serious believes this. OpenAI may be eating up consumer mindshare - but Google are providing some of the most capable, best, cheapest and fastest models for dev integration.by nikcub
3/29/2025 at 4:28:27 AM
As the hype dies down, Goliath shakes off the competition. AI models are now a game of inches and those inches cost billions every inch, but it matters in the long run.by bitexploder
3/29/2025 at 9:41:29 PM
I’m honestly shocked to hear anyone defend gemini, respectfully :)What casts it as most capable?
by lanyard-textile
3/29/2025 at 9:29:06 AM
They just released a SOTA model (Gemini 2.5 Pro) that beats all models on most benchmarks, it's a great comeback from the model side but IMO they are less strong on the product side, they pioneered the sticky ecosystem of web app products model, though kinda like the Microsoft Office suite that (originally) had to be downloaded, ironically building on XML HTTP request support the IE5 introduced for Outlook.by luke-stanley
3/28/2025 at 6:49:21 PM
Does anyone at Google care that you're trying to replace Assistant with this in the next few months and it can't set a timer yet?(I mean it will tell you it's set a timer but it doesn't talk to the native clock app so nothing ever goes off if you navigate away from the window.)
by Mindwipe
3/28/2025 at 6:53:29 PM
I doubt the guy working on the code sandbox can do anything about the overall resource allocation towards ensuring all legacy assistant features still work as well as they used to. That being said, I was trying to navigate out of an unexpected construction zone and asked google to navigate me home, and it repeatedly tried to open the map on my watch and lock my phone screen. I had to pull over and use my thumbs to start navigation the old fashioned way.by hnuser123456
3/28/2025 at 7:06:51 PM
I keep reading people complaining about this but I can't understand why. Gemini can 100% set timers and with much more subtle hints than assistant ever could. It just works. I don't get why people say it can't.It can also play music or turn on my smart lamps, change their colors etc. I can't remember doing any special configuration for it to do that either.
Pixel 9 pro
by iury-sza
3/29/2025 at 12:19:20 AM
I certainly can't get it to reliably play music on my Pixel 8. Mostly it summons YT Music, only occasionally do I get my music player, and sometimes I merely get "I'm an LLM, I can't help you with that."And you used to be able to say "Find my phone" and it would chime and max screen brightness until found. Tried that with Gemini once, and it went on with very detailed instructions on using Google or Apple's Find My Device website (depending on what type of phone I owned), maybe calling it from another device if it's not silenced, or perhaps accepting that my device was lost or stolen if none of the above worked. Did find it during that lengthy attempt at being helpful though.
Another fun example, weather. When Gemini's in control, "What's the weather like tonight?" gets a short ramble about how weather depends on climate, with some examples of what the weather might be like broadly in Canada, Japan, or the United States at night.
Unlike Assistant where you could learn to adapt to its unique phrasing preferences, you just flat out can never reliably predict what Gemini's going to do. In exchange for higher peak performance, the floor dropped out the bottom.
by jdiff
3/28/2025 at 9:50:04 PM
I dislike Google's (mis)management of Assistant as much as the next guy, but this just has not been my experience. I can tell Gemini on my phone to set timers and it works just fine.by dgunay
3/28/2025 at 10:00:42 PM
I have a rooted pixel with a flashed custom android ROM, which should be a nightmare scenario for gemini, and it can set timers just fine (and the timers show up in the native clock app)by ChadNauseam
3/28/2025 at 6:57:45 PM
The Assistant can't reliably set timers either, though I guess 80% is considerably better than 0. Still, I think it used to be better back before Google caught a glimpse of a different squirrel to chase.by arebop
3/28/2025 at 7:06:07 PM
It can't do shit, especially in some EU countries, where it can do even less shit.Setting timers reminders, calendar events. Nothing. If they kill the assistant, I'll go Apple, no matter how much I hate it.
by 7bit
3/30/2025 at 10:57:04 AM
Just tested, you need to enable "Gemini Apps", but they remember your interactions for 3, 18 or 36 months instead of 3 days.by GrayShade
3/30/2025 at 11:00:47 AM
Yeah, I disabled that when I tested it. No go for me, but thanks for informing me!by 7bit
4/2/2025 at 1:06:21 PM
Gemini Apps doesn't offer the ability to talk to the clock app on Samsung devices.by Mindwipe
3/28/2025 at 11:57:43 PM
I just want the assistant voice. I hate the Gemini ones.by nosrepa
3/29/2025 at 6:05:33 AM
I'm with you on that. I prefer a human trying to sound like a robot instead of a robot trying to sound human.by whatevertrevor
3/29/2025 at 4:16:59 AM
Is there any reason it's not documented?by jwlake
3/29/2025 at 9:16:33 AM
This is why hacker news is so coolby ed_elliott_asc
3/28/2025 at 7:56:59 PM
Can you get someone to fix the CSS crap on the website? When I have it open it uses 40-50% of my GPU (normally ~5% in most usage)...and when I try to scroll, the scrolling is jerky mess?by KennyBlanken