unsandbox: A Universal Execution Membrane
January 2025. While stuck in a mirror dimension of unemployment, TimeHexOn hasn't been idle. He's been growing something fundamental: a universal execution membrane that changes how code moves through systems.
PIVOT ALERT (November 2025): After falling into a Mandelbrot set & walking a Möbius strip, reality bent: Firecracker vsock doesn't work.
A permacomputer adapts. New substrate: LXD/LXC containers backed by Debian & Ubuntu.
Evolution Through Adversity
Original Prototype (Alpine Linux): 35 languages working & load tested
Ubuntu 24.04 Prototype: 42 languages attempted, glibc compatibility proven
Current Reality (LXD/LXC): 43+ languages, native Ubuntu compatibility, ephemeral containers
The substrate changed. The vision persists. From Firecracker microVMs to LXD containers — the membrane grows stronger through adversity.
A Paradigm Shift
This isn't just another code executor. It's a fundamental internet primitive that mirrors & extends seed projects:
- Semi-trusted mode: Code can reach out to the internet, pull dependencies, call APIs
- Zero-trust mode: Complete isolation, no escape, pure computation
Think about what this means:
GitLab Runner → But it can execute untrusted code safely
Ethereum Smart Contracts → But in any language, not just Solidity
AWS Lambda → But you control the infrastructure
Docker → But with real hardware isolation, not shared kernels
A Universal Adapter Pattern
With this execution membrane, you can:
- Link into any system — Accept code from anywhere, execute it safely, return results
- Circumvent limitations — Systems that only support certain languages? Route through unsandbox
- Create infinite spirals — Chain executions, spawn new VMs, create computational fractals
Performance Results (32 vCPUs, 300GB RAM)
Baseline Performance (10 concurrent, 100% success)
| Language | Throughput | Avg Response | Category |
|---|---|---|---|
| bash | 1,023.84 req/s | 0.009s | Interpreted |
| perl | 827.87 req/s | 0.011s | Interpreted |
| jimtcl | 590.76 req/s | 0.016s | Interpreted |
| awk | 547.83 req/s | 0.016s | Interpreted |
| tcl | 544.17 req/s | 0.017s | Interpreted |
| php | 399.14 req/s | 0.024s | Interpreted |
| commonlisp | 305.13 req/s | 0.032s | Interpreted |
| python | 250.27 req/s | 0.038s | Interpreted |
| scheme | 250.46 req/s | 0.039s | Interpreted |
| c | 129.70 req/s | 0.073s | Compiled |
Extreme Load Champions (12,000 concurrent)
AWK: 1,206 req/s sustained
Perl: 1,178 req/s sustained
Bash: 1,121 req/s sustained
PHP: 945 req/s sustained
Python: 565 req/s sustained
Scheme: 674 req/s sustained
A Laboratory Discovery
What emerged from months in a void laboratory:
- Binary compilation in isolated environments
- Network control at packet level
- Resource limits enforced by hardware
- Auto-detection of programming intent
- 1-4k requests/second sustained load per language
- CPU-bound with 50:50 user:system split
- 43+ languages proven across multiple substrates
- Ephemeral containers — spawn, execute, auto-destroy
- Pre-emptive pool spawning — 1000 warm containers = zero latency
What This Really Is
Not a product. A capability.
unsandbox is infrastructure that enables new types of systems to exist. It's the execution layer that was missing. The universal translator between intention & computation.
Imagine:
- Smart contracts that can call Python ML models
- GitLab runners that can't be compromised
- Ethereum nodes that execute in any language
- AI agents that can safely run their own generated code
- Computation markets where trust isn't required
An Invitation
This isn't being packaged as SaaS. This is being released as capability.
Those who understand what this enables will know what to do with it. Those building next generation internet infrastructure will recognize a missing piece they've been looking for.
An execution membrane exists. Laboratory tests are complete. A pattern is proven.
What systems will you build when any code can execute anywhere, safely?