CEO / Co-founder @zeropsio - a developer-first PaaS. 15 years of experience with development, UX and stuff. Angular enjoyer.
Joined April 2009
- Tweets 1,212
- Following 2,903
- Followers 516
- Likes 80,319
200 Photos and videos
I believe coding agents do not needs sandboxes, they need proper environments, just like human developers do (docs.zerops.io/features/codi…).
The reason this is hard to do is that you'd need to have a cloud platform for human developers before doing this. And we happen to have one that was created with this usecase in mind long before coding agents came around (@zeropsio).
May 22
There's no sane way to run agents outside the sandbox. Read/Write/Edit calls are not integrated with the sandbox. This seems so janky. The term sandbox does not have a clear definition.
4
240
Aleš retweeted
Jun 11
I built a multiplayer Figma -style mood- board and never touched a server 👇
Claude Code ran inside @zeropsio ZCP (an AI control-plane that lives in your project) and spun up everything:
✓ Postgres
✓ Valkey
✓ object storage
✓ a websocket server
✓ the Vue frontend
✓ a PNG-export worker
Then deployed & tested it live.
Two windows, live cursors, instant sync.
No local setup, no secrets.
Try it: webstage-252e.prg1.zerops.ap…
youtu.be/Bg6Bw2V9QAQ
11
1
34
3,866
I can confirm models can indeed do stuff.
But imagine a platform where you use real IDE, Claude Code, your subscription. A place where the main point is not to generate something with as few prompts as possible, but to build and maintain scalable production systems. 🤔
@zeropsio
Two prompts with Fable in @Lovable:
1/ "build a copy of Spore space-age part, where you can fly your spaceship between stars, zoom into planets and upgrade your ship etc."
2/ "Make it multiplayer."
3
4
161
Imagine this, but instead of a blackbox the output would be a production ready, transparent infrastructure using standard OSS for databases, queues, storage, search services, CI/CD, remote development environment where you can jump in at any point and code that sits in your GitHub repo. 🤔 👉 @zeropsio
Jun 2
We just launched Sites into Codex!
Software creation was always about more than writing code. Sites in Codex fundamentally gives the power of end-to-end software creation to every user, no matter their technical fluency.
These Sites are fully deployed to a URL, private to workspaces, come with authentication, can have static files, and can store dynamic data in databases.
It is in preview for business and enterprise teams and will be rolling out to all workspaces over the next day. Give it a try by typing @ Sites into Codex and ask it to build anything!
This project took a massive amount of effort across hundreds of people at OpenAI - proud that we were able to get this out and excited to see what you all build with it!
2
2
8
729
🙂.. but also the Hermes dashboard, accessible privately through the WireGuard VPN built into our CLI.. and SQLite databses backed up with Litestream, which is running as a second process (because we use system containers) @zeropsio
just a quick version (github.com/fxck/recipe-herme…), but no worries, things are coming together.. an official Hermes recipes and much more coming soon
Railway's built in SSH console 🤝 Hermes Agent by @NousResearch
Video tutorial dropping soon
1
9
312
The problem is that you can justify calling almost anything an agent sandbox (or hosting). I'd say there are like 8 agent-adjacent groups you need to make sense of on the market.
Imagine my frustration when I have to communicate our version of "agent sandbox/hosting" when it's a 9th segment on its own.
2
1
13
2,570
Google accidentally blocked Railway's account and some of their services went down for a couple of hours. The ugly messages they've been getting are not deserved, that's for sure.
I'd like to take a moment to explain what we are doing at @zeropsio to prevent something similar from happening to us. Railway started on top of hyperscalers first (afaik they are mostly migrated to their own metal now), which was the main cause of problems this time, we started on bare metal from the beginning, allowing us to create an independent system.
- we use high tier datacenters with N 1 redundancy on all critical systems
- once a project is deployed, it's fully independent from any global parts of Zerops, our API and dashboard might not be working, but your project will
- all parts of the project, both the "core" and user-facing ones like databases and runtime, can be made highly available, in which case the containers sit on different physical machines
- all services have health monitoring and failover mechanisms
It's an ongoing process, we are still not perfect in edge cases, but we are always working on increasing isolation, improving managed services and trying our best to keep your projects running no matter what. That said, shit sometimes just happens.
1
3
18
3,843
So out of curiosity, I put the same prompt into the AI integration we're working on at @zeropsio (called ZCP). Results are different, but also interesting - a fully working watch SVG, animation of watch layers, 3D animations. Still pretty good for a one-shot with no additional Lovable system prompt on top.
Now the biggest difference is that I'm left with the source and a fully working CDE environment with dev and stage. I can set up CI/CD to GitHub, I get to use either browser-based VSCode or Zerops CLI's VPN SSH to continue from my own terminal or my IDE, and the handoff between human developer and agent developer is absolutely seamless. On top of that, I'm logged into Claude Code running inside the ZCP Linux container with my subscription. Oh yeah, and I could've based it on any framework and it would do the same job. And I can easily add databases, search, storage. I could go on.
But that's fine. Lovable is building for the 99% that can't code; we're building for the 1% who can, and waiting for the 99% to graduate to us. :)
May 11
Is the era of ugly AI sites over? @Lovable Aesthetics says YES.
‼️ I built this whole site with one prompt ‼️
Check the comments for the exact wording).
This is the missing link vibecoding needed.
Proud to be an ambassador. ❤️
1
2
9
434
Another day, another vulnerability. Already mitigated on all @zeropsio nodes.
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
dirtyfrag.io
2
1
8
339
If you wonder how the embargoes work - x.com/i/status/2052622863736…
With news that the “Dirty Frag” Linux exploit embargo had been broken early — leading to all major Linux distros being unprotected from the exploit when it became public — many people are asking: “What is an embargo?”
Along with, “How is it possible to have an embargo on an Open Source vulnerability?”
Here’s the short-short version:
An embargo is, in essence, an agreement to not disclose something publicly until a set time (or until conditions are met).
Embargos are incredibly common among news outlets, and press relations teams. “Don’t publish the story until next Monday, after an announcement,” etc..
And they are a key part of how Open Source development handles exploit mitigation (for better or worse).
The process is roughly like this:
1) Someone discovers an exploit.
2) Once sufficient information about the exploit is gathered, a core group of developers (working at a range of companies, including Red Hat, SUSE, and others) are then notified.
3) An agreement on an embargo timeline is reached. This is usually simple: X days (or X weeks) until the details of the exploit are published for the public to see. How long the embargo lasts is typically decided by how long it will take the relevant teams to fix the issue, test the fix, and publish the fix… while taking the seriousness of the exploit into consideration.
The idea here is to keep details, on how to take advantage of the vulnerability, under wraps… until a fix is available.
In other words: minimize the damage an exploit might cause.
In the case of “Dirty Frag”, an embargo was decided upon… and that embargo was “broken” (meaning someone published the details) almost immediately.
3
72
Aleš retweeted
May 7
Yes, you can manage everything dynamically. I do it for my Agentic Engineering Platform (ai.bleeding.dev) and Zerops team is awesome and helpful! :)
1
4
63
I distinctly remember how 8 years ago, when laying down the concepts of @zeropsio, we talked about how to approach logs and statistics. As a developer and UX designer, my first thought was "yay, graphs and filters, I like doing those, a lot to tinker with" — but soon after, I realized we'd never have the capacity to build full-on observability directly into Zerops, nor should we. These are products in themselves.
So our approach has been: show basic logs and statistics in the app, and let users easily forward everything to proper observability tools. But at last, we've found a technology to build a dedicated logger service on top of (and soon a statistics service too), giving us the best of both worlds: @VictoriaMetrics.
Now Zerops has multiple layers of the onion — logs in the UI ➡️ embedded VictoriaLogs UI ➡️ forwarding to third-party dedicated software.
The dedicated logger service inside every Zerops project is now using VictoriaLogs.
- 100x more log retention
- 3x faster queries
- VictoriaLogs UI embedded into Zerops
- Already rolled out to every existing project
Full story below.
ALT Zerops blog cover image with the headline “From InfluxDB to SQLite to VictoriaLogs. How and why we rebuilt logging at Zerops.” The image shows the Zerops logo above a product screenshot featuring a logs browser interface and a dark-themed VictoriaLogs dashboard with charts and log entries.
1
12
332
One of the things people rarely consider when hosting their apps on a $5 VPS through Coolify or whatnot is that they're then responsible for updating kernels. And even when they do, unless they have multiple VPS instances, each on different server hardware, they'll get downtime. On Zerops, we handle kernel updates for you, and you have the option to use high availability for any of the services we offer.
Jan Skalla's write-up of last week's kernel CVE.
What algif_aead splice() actually does to the page cache and why it lands deterministically on every distro.
Our node-by-node rollout across two regions, including the call to deliberately slow it down mid-flight.
And why HA services rode through emergency kernel maintenance without a single alert, while non-HA took a brief blip.
Link below.
ALT Graphic with a quote about Zerops’ response to Copy Fail: “Tracking the mainline kernel isn’t a feature you’d put on a pricing page — until Copy Fail drops. Root on every Linux since 2017; the fix had quietly landed in mainline weeks earlier and shipped with our normal kernel updates. 23 hours to fully-patched US-east, zero downtime on HA services.” Below the text is a partial infrastructure diagram showing project networking, dedicated infrastructure core, routing and balancing, and user services.
1
9
288
Our load balancer doesn't have to handle more than 150 billion HTTP requests, because the infrastructure Zerops deploys for users' projects is independent from Zerops once running.
(and also because we don't have as many users as Render 😛 but come back in couple of years)
That being said, every part of Zerops from hardware up is written from scratch and in @golang.
Apr 16
1
4
8
582
We are looking for DevRels! And let me tell you, the things we are working on.. you definitely want to be part of this. ✌️
We are expanding the DevRel team at Zerops.
We are hiring for two critical roles to help us build infrastructure and community for the AI era.
- Technical DevRel Engineer
- Developer Advocate
Join our remote team.
Full descriptions are available at the link below.
ALT A promotional graphic from Zerops with the headline "We are Hiring!" in bright teal. Below it, two open positions are listed: "Technical DevRel Engineer" for Recipes and Infrastructure, and "Developer Advocate" for Community & Social. The Zerops logo is positioned at the bottom center against a faded background of a world map.
1
2
8
674