upskilling – Nathan Nasby

May 25, 2026 — Comments are off for this post.

Docker Sandboxes, running AI-Agents with MicroVM technology — Review for UX Designers in the Discovery Phase

As AI coding tools become more common in UX workflows, security and isolation concerns are becoming increasingly relevant during early experimentation. While experimenting with Docker’s new Sandboxes feature released in March 2026, I wanted to evaluate whether they address concerns I previously had around AI-assisted development. I discovered Docker Sandboxes while pausing at the instructions for installing Claude Code found in Anthropic’s free Claude Code 101 course. My security-first instinct was to find a way to containerize the install so it doesn’t touch the host OS.

Security considerations often receive less attention during early experimentation with AI workflows. It seems UX designers were eager to adopt these tools without established guidance from leadership on how to utilize the benefits of AI without compromising company infrastructure and security. Many of these concerns were also confirmed by the course material found in The Linux Foundation’s free Secure AI/ML-Driven Software Development course. I encourage all UX designers to take this free course, as it offers a developer’s perspective on the dangers of vibe-coding that will only help bring more security-minded thinking that UX design needs. My main concerns have been:

Execution of malicious code. This concern has been at the top of my list. Even with company policies and IT infrastructure in place, allowing a coding agent to install malicious dependencies on the host OS results in the host being compromised
Credential theft. Uncontainerized coding agents have access to the user’s ~/.ssh directory, opening the door for secret keys being exploited and shared with unauthorized sources
Unintended deletion of files and directories. AI coding agents can delete files and directories that should be kept

However, as the Linux Foundation’s course states, information regarding security and AI can change. Docker’s Sandboxes addresses these concerns with these features:

MicroVM Technology. Each sandbox runs with its own system kernel and Docker daemon, establishing stronger isolation from the host OS than currently available with regular Docker or Podman containers
Networking controls. Each sandbox has its own isolated networking controls: open, balanced, and locked-down. This allows for greater control over which domains the sandbox is allowed to interact with
Disposability. Sandboxes can be deleted without any lingering residue on the host OS

I would also strongly recommend reading Andrew Lock’s article on Docker Sandboxes from April 7, 2026. Lock’s blog post already goes into much greater detail into how the underlying technology works and an in-depth setup on running your first project. He mainly has great documentation on his journey with Microsoft’s ASP.NET core and other developer tools, so it’s why I trust his expertise.

I would argue this MicroVM technology is incredibly important for UX designers to understand and use. Sandboxes give designers more room to experiment and fail during the discovery phase. The discovery phase of the double diamond process can be very messy with total ambiguity, but allowing that ambiguity to pour into host systems can be a liability for a business.

Also, incorporating DevOps tools like this further strengthens trust with developers and engineers. 6sense has highlighted that Docker’s market share is 86% in the containerization market, so it goes a long way to show technical fluency with the use of this technology.

Below are a couple screenshots from my Ubuntu machine that gives some idea of how this would work for UX designers. We’re assuming we’ve already installed Docker Sandboxes on Windows, macOS, or Linux (I’m running this on Ubuntu) according to official docs. We are also assuming the Claude account is already connected to the agent within the sandbox. We’re already within the working /cybersecuritydashboard directory and we’ve launched the agent:

Limitations

While this is a huge step in the right direction, it needs to be said this approach has limitations for large-scale enterprise environments with established systems powered by older software platforms. MicroVM technology lacks the sophisticated hardware and peripheral emulation needed for testing designs for AI applications for these systems. This is worth noting because I’ve also been running experiments with Oracle Solaris and FreeBSD VMs powered by Vagrant + Virtualbox. That’s the biggest disadvantage right now for this technology. For large enterprises, migrating away from these established systems to newer systems in order to adopt Docker Sandboxes comes at a significant cost. Teams with this infrastructure need to further evaluate the cost + benefit of a large migration, and whether a migration will still comply with the organization’s regulations and administrative procedures.

It also needs to be emphasized that Docker Sandboxes is a commercial offering that is not under an open source license. If you are a business considering the adoption of this feature, you will need to take that into consideration. Holding a license for Docker features may lead to vendor lock-in with Docker along with feature bloat, where you can’t utilize Sandboxes without also having other features you may never use. Tracking licenses also increases administrative burden.

There is an open source project called Microsandbox on Github under the Apache 2.0 license, but lacks the commercial support and ease-of-use of Docker’s offering.

Conclusion

Limitations aside, Docker Sandboxes introduces security mechanisms that reduce several risks associated with AI-assisted coding workflows. For UX designers, this provides an easy way to vibe-code without putting data at risk.

My recommendation for UX designers working at emerging startups is to start playing with either Docker Sandboxes or Microsandbox now and see how it works within your discovery phase. Know that Docker Sandboxes is only free for personal use, so keep that in mind as you are working with this new tool.

For UX designers working with large-scale enterprise applications that rely on established systems, whether you should immediately adopt is dependent on the infrastructure and regulations of your organization. Strict administrative requirements may be a blocker to adoption.

For smoother buy-in from your UX org, it’s critical that security and isolation be emphasized over explaining the backend of the technology. The UX org may be puzzled as to why a designer is going to great lengths to adopt a DevOps technology for security when the main focus of design is process and research. The discovery phase is where this is the most necessary.

As AI tools evolve from assistants into agents capable of acting independently, designing the boundaries around those systems becomes as important as designing the systems themselves.

Published by nathan in Personal Projects

Tags: ai, Anthropic, claude code, Docker, process, security, upskilling, ux, vibe-coding

January 21, 2026 — Comments are off for this post.

On the Importance of Stress Testing — Bringing Clarity and Reducing Blockers for almalinux-deploy

Let me first talk about what inspired me to go through all of this testing in the first place: at the time, I had Red Hat Enterprise Linux 10 Developer Edition registered on my personal office PC (for RHCSA prep) and another on my theater machine alongside Ubuntu for my ZFS setup. I want to make it clear that I still believe RHEL is a great option for medium to large enterprises requiring robust technical support and maintenance. This is in no way an advertisement for everyone to migrate from RHEL or Oracle to AlmaLinux. However, the further I got into utilizing RHEL across my systems, the more I became “homesick” for the flexibility and easy access to the community that makes AlmaLinux the choice for my use cases.

Flexible file systems that allow for snapshots and easy rollbacks are essential for me. RHEL offers Stratis, but I believe it is in no way at the same level of maturity as ZFS or Btrfs. Throughout my life with Linux, I have made countless rookie mistakes that consistently required me to reinstall my system from scratch on traditional file systems. Btrfs or ZFS are great ways to prevent these kinds of issues from happening. Managing RHEL developer subscriptions also started to become an unnecessary hassle. So I used the almalinux-deploy script to migrate my RHEL 10 installs to AlmaLinux, which led to a rabbit hole of edge cases that were addressed through my contributions to the project.

Testing approach. Enterprise customers, unlike hobbyists such as myself, have specific processes that need to meet company policy. A simple process that works for an individual can break entire workflows, possibly costing a company millions in damages and tarnishing the reputations of the administrators involved. Before having any inclination to contribute, my first assumption was to test my proposed changes across multiple versions of RHEL, Oracle, and Rocky in virtual machines. My tests proved such contributions were necessary for IT professionals discussing system migrations with stakeholders from other Enterprise Linux distributions to AlmaLinux.

The following issues were discovered, along with their solutions:

Script failed on RHEL 10. The migration script consistently failed on RHEL 10 because the command used to deactivate RHEL was not compatible. Together with developer Yurik Kohut, we devised a solution that preserves the existing behavior for RHEL 8 and 9 while running a different process on 10. We cannot assume enterprises won’t decide to switch providers on a new version of Enterprise Linux.

GitHub pull request

Script stopped with a bootloader error. While the migration itself was successful after reboot, the script ended with a bootloader error due to a path that could not be found. This issue was also escalated to Oracle, as it is related to the GRUB package for both systems. On the AlmaLinux end, a new solution was merged that removes /root from the kernel path if EL10 is using the Btrfs file system and /boot is not a Btrfs subvolume. While I can’t assume how many enterprises utilize this kind of partitioning scheme, there are some out there, and this gap is now closed.

GitHub Bug Report, GitHub Pull Request

Lack of information about Btrfs compatibility. To increase confidence in the almalinux-deploy script, IT administrators need to know upfront that migration from Oracle Linux 8 and 9 with Btrfs is not possible. Adding this explicit detail to the README saves administrators from downloading the script only to find out at the moment of execution that migration cannot proceed in their environment. Btrfs support is now explicitly mentioned for Oracle Linux 10 with its custom kernel only.

EL10 is now listed as supported. The README has been updated to reflect compatibility with newer Enterprise Linux versions.

GitHub almalinux-deploy README

Results. With all issues solved through collaboration, we addressed critical gaps in support and edge cases that can prevent enterprises from considering a migration to AlmaLinux. Thinking within enterprise systems requires a broad range of established and experimental infrastructure to ensure proposed changes are justified, rather than based solely on personal experience.

Published by nathan in Personal Projects

Tags: it, linux, open source, process, upskilling

January 1, 2026 — Comments are off for this post.

Securing Windows 11 VM with Tor + VPN within Ubuntu Linux

Why Windows 11? Let me start by stating an opinion few people expect from an avid Linux user: I actually like Windows 11 as a desktop operating system.

While I have several issues with the OS, it also includes genuinely strong features such as File Explorer tabs, Focus Sessions, and Snap Layouts. These are areas where Linux desktop environments could reasonably take inspiration. This does not mean I am replacing my Linux desktops with Windows, but I am willing to acknowledge when a competing platform gets things right.

Additionally, as much as I value Linux and the open-source movement, many businesses still rely entirely on Microsoft-based infrastructure. It would be unrealistic to suggest a near future in which most home office systems run Linux instead of Windows.

With that context, this post briefly walks through my setup with screenshots: Windows 11 installed in a VMware Workstation Pro virtual machine, using the Tor Browser, with NordVPN enabled on the Ubuntu host during use. This is less of a tutorial and more of a show-and-tell.

Note that this setup does not eliminate all risks associated with downloading malicious software within the Windows 11 VM. It is intended solely for testing and never for illegal activity, which is why I use a legally licensed copy of Windows 11.

The architecture. Below is an overview of my Windows 11 setup on Ubuntu Linux:

Top layer. Non-admin user account on Ubuntu. This reduces risk by preventing the installation of updates, changes to network interfaces, or modifications to systemwide settings
Within the non-admin account. NordVPN enabled
Guest system. A local account on a legally licensed Windows 11 Pro installation, used exclusively with the Tor Browser while connected through the host OS network. The Tor Browser routes traffic at slower speeds to help obscure identity, while the host VPN encrypts the overall connection. This approach offers the best protection for my use cases

The goal. This setup offers two key benefits:

Stronger security for testing. I use this environment to test system configurations, observe website behavior, and evaluate PowerShell commands that could otherwise expose personal information
Compatibility with privacy. It allows me to run Windows applications that still do not function reliably under Wine, such as legally licensed copies of Affinity Photo and Affinity Designer 1 for private design work. These products are no longer available for purchase following Serif Ltd.’s acquisition by Canva Pty Ltd.

VM Specifications. These are the following specifications for VMWare Workstation Pro 25H2 for the best performance for my typical workflows:

7.8GB
4-core processor
80GB
NAT Network Adapter
Accelerated 3D Graphics Enabled
TPM enabled

Windows 11 loading screen within VMWare Workstation Pro.

Windows 11 desktop within virtual machine with VPN enabled.

Tor browser opened with onionized Brave search.

Affinity Designer 1 (discontinued) opened with new document, all without needing an online account so the designs are private.

Conclusion. This setup provides a safer playground for experimenting with, and occasionally breaking, Windows 11 while remaining completely separate from Ubuntu.

Published by nathan in Personal Projects

Tags: it, linux, process, security, upskilling, virtual machines, VMWare, windows, windows11, Workstation Pro

December 16, 2025 — Comments are off for this post.

Hosting ALL your AI locally…in Podman — Greater Security using Containers

Audience. This tutorial assumes you already have a basic understanding of Podman and its architecture, as well as basic networking. It also assumes Podman is already installed within Linux, on bare-metal (my setup), virtual machine, or via Windows Subsystem for Linux (W2L). It is also assumed you already acknowledge the system requirements, risks, and limitations of running AI on your local machine.

Since the release of NetworkChuck’s tutorial on May 3, 2024, Ollama for Windows is now available, but these steps are NOT compatible with Ollama for Windows.

Inspiration. In 2023, I was amazed by what could be created with ChatGPT. Being able to generate a 10-page research paper on Renaissance Art in 5 minutes was mindblowing. However, the real fun in ChatGPT came from entering prompts that generated more humorous but still company appropriate images of people who don’t exist.

Then I realized my curiosity was directing me to using AI in ways that would be incompatible with the policies of my former organization. Many organizations forbid the use of ChatGPT for personal uses, in addition to stating clearly that all data generated on company equipment automatically belongs to the company. I needed a new personal solution, completely disconnected from a professional context, that would both allow me to generate more experimental results without having any of this data be collected by either the employer or OpenAI.

So I was excited to find that NetworkChuck, a popular IT expert on YouTube, uploaded a tutorial on hosting All your AI locally. Even with making a couple tweaks to make it work on FreeBSD, it was exciting to be able to run local Large Language Models (LLMs) on my own PC under my control.

A year later, I took this basic local AI setup and built upon it, with enhanced security and minimized risk, using Podman. As someone just starting to utilize podman in my personal homelabs, I have put together this tutorial after teaching myself.

The goal. On Linux, we’re taking the Ollama + WebUI structure outlined by NetworkChuck and moving it into Podman containers hosted by a non-admin (non-root) user. Additionally, we’ll also have them run at boot as rootless Systemd services so they’re always running. This setup offers these key security advantages:

Daemonless. The absence of persistent background Daemons, performing tasks and services without user intervention, means no privileged process is running constantly, therefore less attack surface
Rootless. The Podman architecture is rootless by default, meaning impact of attack is decreased without root privileges. This means if an attacker happens to gain access to the non-admin account, it’s not as easy to take over vs a standard host Ollama + WebUI install
Control. The Podman setup allows for greater control over security measures with SELinux. Allowing for future hardening tweaks and techniques

With this setup, we avoid the potential security risks with a non-containerized Ollama installed with the official install.sh script from ollama.com.

Requirements. Many users have different preferences for what hardware is best for local AI. It depends on whether you want basic prompting, or advanced image generation with image diffusion. The minimum setup, based on my homelab, is at least 32GB of GDDR4 RAM, 12GB of GDDR6 VRAM, and 8-core x86 CPU.

Podman is a widely available container platform for most Linux distributions, including ones for W2L.

Step-By-Step Tutorial

Step 1, Ollama. Within our non-admin account, we’re going to pull the container image for Ollama and run it with this command. The structure for each command defines the name of the container, a flag that calls to replace an existing container with a new one, a flag that tells podman to restart the container if it exists, devices, tcp port to listen on, the container root, and the image:

For AMD:

podman run -d \
  --name ollama \
  --replace \
  --restart=always \
  --device /dev/kfd \
  --device /dev/dri \
  -p 11434:11434  \ 
  -v ollama:/root/.ollama \
  docker.io/ollama/ollama:rocm

For Nvidia:

podman run -d \
  --name ollama \
  --replace \
  --restart=always \
  --device nvidia.com/gpu=all \
  -p 11434:11434 \
  -v ollama:/root/.ollama \
  docker.io/ollama/ollama

For CPU-only:

podman run -d \
  --name ollama \
  --replace \
  --restart=always \
  -e OLLAMA_NO_CUDA=1 \
  -p 11434:11434 \
  -v ollama:/root/.ollama \
  docker.io/ollama/ollama

First, Now let’s verify that the Podman Ollama is working with curl localhost:11434

Should print “Ollama is running” in the console.

Or typing http://localhost:11434 in a web browser on your host machine should print the same message. If Ollama is not working, make sure the port is not being blocked by your firewall settings.

Now we can interact with our Podman Ollama with

podman exec -it ollama /bin/bash and interact as usual.

You will need to already have some LLMs downloaded for the next step to work.

Step 2, WebUI. Now for the easier part, let’s pull the container for WebUI that will automatically connect to the Ollama container. The --network=host flag tell us to run the container on localhost:


podman run -d \
  --name open-webui \
  --restart=always \
  --network=host \   
  -v open-webui:/app/backend/data \
  -e OLLAMA_BASE_URL=http://127.0.0.1:11434 \ 
  ghcr.io/open-webui/open-webui:main

Now curl localhost:8080 should print out the HTML code in the console, or typing the address in the browser should open WebUI!

Now verify that both ollama and open-webui containers are running with podman ps

We should now have the same working WebUI experience, but within pods. Follow the standard process for creating a new Admin account.

Step 3, Systemd. We now have our setup working, but let’s create Systemd services within our rootless account so both containers run at boot. Let’s make our directory:

mkdir -p ~/.config/systemd/user

Now we generate our service files:

podman generate systemd --new --name ollama --files
podman generate systemd --new --name open-webui --files

Now move systemd files to directory, still within our rootless account:

mv container-ollama.service ~/.config/systemd/user/
mv container-open-webui.service ~/.config/systemd/user/

Finally, enable the systemd services at boot so podman containers are always running:

systemctl --user enable container-ollama.service
systemctl --user enable container-open-webui.service
loginctl enable-linger [nonroot user]

Conclusion. We now have a basic setup with two containers running at boot and completely isolated from the main system. This is designed to only involve the basics of Podman, so this should be a great introductory guide to Podman + AI.

Screenshot showing WebUI homepage running on local Linux PC. — Screenshot showing WebUI homepage running on local Linux PC

Screenshot showing WebUI in action. — Screenshot showing WebUI in action

Published by nathan in Personal Projects

Tags: ai, it, linux, llm, open source, podman, process, tutorial, ui, upskilling