Foolproof Boundaries vs Unbounded Foolishness

• HN - For lightweight sandboxing on Linux you can use bubblewrap or firejail instead of Docker.
• TinyKVM: Fast sandbox that runs on top of Varnish
• Protecting your code from other people’s bugs / HN