Stop Running Agents in Containers. Run Them in MicroVMs with Docker sbx

Containers share your host kernel. A container escape gives root on your machine. MicroVMs don't. They give each agent its own kernel, enforced by hardware. Docker sbx is how you run Claude Code, Codex, or any coding agent with full autonomy and zero host risk. Here's exactly how it works.

NVIDIA DGX Spark vs Jetson AGX Thor: Which one should you buy?

Two NVIDIA Blackwell machines. Both fit on your desk. Prices within a few hundred dollars of each other. And yet buying the wrong one is a $3,500 mistake you'll feel every day.

docker dhi Cheatsheet: Every Command You Need to Manage Docker Hardened Images

Docker Hardened Images (DHI) are minimal, secure, and production-ready container images maintained by Docker. They're designed to reduce vulnerabilities, simplify compliance, and integrate seamlessly into your existing Docker-based workflows. With the release of Docker Desktop 4.65.0, the docker dhi CLI plugin ships built-in, no manual installation

How I Turned My NVIDIA NemoClaw Exploration Into a Docker Labspace

NemoClaw is a show-don't-tell technology. Labspaces are show-don't-tell teaching. After running NVIDIA's new enterprise AI agent platform on Jetson AGX Thor and Apple Silicon, I turned the whole experience into a guided, browser-based lab — every command, every error, every policy hash.

Can I run NVIDIA NemoClaw on Apple Silicon?

TL;DR: The short answer is yes. Here's exactly what works, what doesn't, and why.

Jensen Huang's GTC 2026 Keynote: The $1 Trillion Infrastructure Era and Agentic AI

The GTC conference often dubbed the "Woodstock of AI"  returned to the SAP Center in San Jose on March 16, 2026, and Jensen Huang did not disappoint. In a two-hour keynote packed with product launches, philosophical framing, and an Olaf robot from Frozen, the NVIDIA CEO laid out

Getting Started with NVIDIA NemoClaw on Jetson AGX Thor

NVIDIA just dropped NemoClaw at GTC 2026 and the actual sandbox code is already live on GitHub. I dug into the source: binary-scoped network enforcement, a live policy proxy that lets you change security rules without rebuilding the image. Here's how to run it on Jetson AGX Thor. 🦞

NVIDIA Agentic AI Solutions for Healthcare and Finance

Agentic AI is moving fast and two of the most exciting frontiers are healthcare and finance. On March 21st, we're bringing together surgeons, dental AI builders, edge computing practitioners, and fintech innovators in a single invite-only session. Come curious. Leave with answers.

How I Built an Auto-Curator Agent That Uses Nemotron to Manage Its Own Awesome List

💡"The model is so capable, we use it to maintain the very repository that tracks its own ecosystem." I maintain awesome-nvidia-nemotron ~ a curated list of everything in the NVIDIA Nemotron ecosystem: models, papers, tutorials, tools, companies, videos, and more. Keeping it fresh is a full-time job by itself.

The One Toolset That Makes Docker Agent (cagent) Actually Work: todo

Your Docker Agent agents describe instead of execute? Add todo to every agent's toolset. This one change made 5 GPT-4o agents build a weather dashboard - real code, real tests, real Docker image without a single line written by a human.

Ghost SDLC

Ghost SDLC is software delivered without a human accountability chain. Agents produce, metrics look great, PRs get merged, dashboards stay green. But when something breaks at 2am, the answer to "who owns this?" is a ghost.

Docker Sandboxes: Containers vs MicroVMs - When to Use What?

Docker Sandboxes have moved from containers to microVMs & this changes everything about how AI coding agents interact with your system. In this hands-on guide, I break down the architecture differences, test the isolation boundaries, & help you decide when to use containers vs microVMs.