Lately, I have been trying to understand the security aspect of docker containers, and what I have realized is that all docker containers share the host's kernel. Any zero day vulneerability in the kernel can be used to gain access to the host os.

In order to deal with this, I did some research turns out Amazon has open sourced the core technology behind their serverless technology lambda. But in its current state its very hard to setup, let alone run anything securly. This technology is called firecracker microvm's

It started off as a go library, for creating process pools to just do a simple firecracker spawn, turned into a full fledged host side daemon.

deploying a microvm through an image is now as simple as running

`herd deploy --image postgres:latest -p 5432:5432 -e POSTGRES_PASSWORD=postgres`

with boot times ~500ms

That brings us to today. I am looking for people to test this out and provide some feedback, I have been warned/cautioned by a lot of friends that building in isolation is a recipe for disaster.

PS: it only works on linux, macos doesn't have the required isolation, and I stopped caring about winslop.