frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: Sub-millisecond VM sandboxes using CoW memory forking

https://github.com/adammiribyan/zeroboot
64•adammiribyan•13h ago
I wanted to see how fast an isolated code sandbox could start if I never had to boot a fresh VM.

So instead of launching a new microVM per execution, I boot Firecracker once with Python and numpy already loaded, then snapshot the full VM state. Every execution after that creates a new KVM VM backed by a `MAP_PRIVATE` mapping of the snapshot memory, so Linux gives me copy-on-write pages automatically.

That means each sandbox starts from an already-running Python process inside a real VM, runs the code, and exits.

These are real KVM VMs, not containers: separate guest kernel, separate guest memory, separate page tables. When a VM writes to memory, it gets a private copy of that page.

The hard part was not CoW itself. The hard part was resuming the snapshotted VM correctly.

Rust, Apache 2.0.

Comments

handfuloflight•2h ago
Can you run this in another sandbox? Not sure why you'd want to... but can you?
wmf•1h ago
It's pretty common to run VMs within containers so an attacker has to escape twice. You can probably disable 99% of system calls.
Teknoman117•1h ago
Nested page tables / nested virtualization made it to consumer CPUs about a decade ago, so yes :)
vmg12•1h ago
Does it only work with that specific version of firecracker and only with vms with 1 vcpu?

More than the sub ms startup time the 258kb of ram per VM is huge.

jauntywundrkind•1h ago
Mods: can we merge with https://news.ycombinator.com/item?id=47412812?
crawshaw•1h ago
Nice to see this work! I experimented with this for exe.dev before we launched. The VM itself worked really well, but there was a lot of setup to get the networking functioning. And in the end, our target are use cases that don't mind a ~1-second startup time, which meant doing a clean systemd start each time was easier.

That said, I have seen several use cases where people want a VM for something minimal, like a python interpreter, and this is absolutely the sort of approach they should be using. Lot of promise here, excited to see how far you can push it!

indigodaddy•53m ago
simonw seems like he's always wanting what you describe, maybe more for wasm though
diptanu•1h ago
The tricky part of doing this in production is cloning sandboxes across nodes. You would have to snapshot the resident memory, file system (or a CoW layer on top of the rootfs), move the data across nodes, etc.
indigodaddy•50m ago
Is this relevant?

https://codesandbox.io/blog/how-we-clone-a-running-vm-in-2-s...

buckle8017•56m ago
This is how android processes work, but it's a security problem breaking some ASLR type things.
indigodaddy•54m ago
Your write-up made me think of:

https://codesandbox.io/blog/how-we-clone-a-running-vm-in-2-s...

Are there parallels?

indigodaddy•51m ago
Does this need passthrough or might we be able to leverage PVM with it on a passthrough-less cloud VM/VPS?
cperciva•46m ago
Don't forget about entropy! You've just created two identical copies of all of your random number generators, which could be very very bad for security.

The firecracker team wrote a very good paper about addressing this when they added snapshot support.

latortuga•7m ago
Similar to sprites.dev?

A Decade of Slug

https://terathon.com/blog/decade-slug.html
451•mwkaufma•8h ago•40 comments

Python 3.15's JIT is now back on track

https://fidget-spinner.github.io/posts/jit-on-track.html
288•guidoiaquinti•8h ago•109 comments

Microsoft's 'unhackable' Xbox One has been hacked by 'Bliss'

https://www.tomshardware.com/video-games/console-gaming/microsofts-unhackable-xbox-one-has-been-h...
566•crtasm•11h ago•212 comments

Mistral AI Releases Forge

https://mistral.ai/news/forge
164•pember•5h ago•21 comments

Show HN: Sub-millisecond VM sandboxes using CoW memory forking

https://github.com/adammiribyan/zeroboot
65•adammiribyan•13h ago•14 comments

Get Shit Done: A Meta-Prompting, Context Engineering and Spec-Driven Dev System

https://github.com/gsd-build/get-shit-done
211•stefankuehnel•6h ago•123 comments

More than 135 open hardware devices flashable with your own firmware

https://openhardware.directory
28•iosifnicolae2•4d ago•3 comments

The Pleasures of Poor Product Design

https://www.inconspicuous.info/p/the-pleasures-of-poor-product-design
19•NaOH•1h ago•4 comments

Launch an autonomous AI agent with sandboxed execution in 2 lines of code

https://amaiya.github.io/onprem/examples_agent.html
12•wiseprobe•1h ago•2 comments

A tale about fixing eBPF spinlock issues in the Linux kernel

https://rovarma.com/articles/a-tale-about-fixing-ebpf-spinlock-issues-in-the-linux-kernel/
14•y1n0•2h ago•0 comments

Launch HN: Kita (YC W26) – Automate credit review in emerging markets

31•rheamalhotra1•7h ago•4 comments

It Took Me 30 Years to Solve This VFX Problem – Green Screen Problem [video]

https://www.youtube.com/watch?v=3Ploi723hg4
178•yincrash•4d ago•79 comments

Electron microscopy shows 'mouse bite' defects in semiconductors

https://news.cornell.edu/stories/2026/03/electron-microscopy-shows-mouse-bite-defects-semiconductors
28•hhs•4d ago•5 comments

Why AI systems don't learn – On autonomous learning from cognitive science

https://arxiv.org/abs/2603.15381
32•aanet•5h ago•10 comments

Unsloth Studio

https://unsloth.ai/docs/new/studio
188•brainless•11h ago•42 comments

Chrome extension adjusts video speed based on how fast the speaker is talking

https://github.com/ywong137/speech-speed
101•MrBuddyCasino•4d ago•29 comments

Honda is killing its EVs

https://techcrunch.com/2026/03/14/honda-is-killing-its-evs-and-any-chance-of-competing-in-the-fut...
213•sylvainkalache•2d ago•476 comments

Arno's Engram Keyboard Layouts

https://github.com/binarybottle/engram
5•so-cal-schemer•4d ago•1 comments

Ryugu asteroid samples contain all DNA and RNA building blocks

https://phys.org/news/2026-03-ryugu-asteroid-samples-dna-rna.html
195•bookofjoe•14h ago•101 comments

Edge.js: Run Node apps inside a WebAssembly sandbox

https://wasmer.io/posts/edgejs-safe-nodejs-using-wasm-sandbox
105•syrusakbary•8h ago•33 comments

Node.js needs a virtual file system

https://blog.platformatic.dev/why-nodejs-needs-a-virtual-file-system
231•voctor•12h ago•197 comments

Show HN: Fatal Core Dump – A debugging murder mystery played with GDB

https://www.robopenguins.com/fatal_core_dump/
33•axlan•4d ago•1 comments

Show HN: I built an interactive 3D three-body problem simulator in the browser

https://structuredlabs.github.io/threebodyproblem/
27•amrutha_•4d ago•12 comments

FAQs About the Public Debt

https://www.treasurydirect.gov/help-center/public-debt-faqs/
5•uticus•2h ago•0 comments

Kagi Small Web

https://kagi.com/smallweb/
712•trueduke•17h ago•197 comments

Spice Data (YC S19) Is Hiring a Product Specialist

https://www.ycombinator.com/companies/spice-data/jobs/P0e9MKz-product-specialist-new-grad
1•richard_pepper•9h ago

'The Secret Agent': Exploring a Vibrant, yet Violent Brazil (2025)

https://theasc.com/articles/the-secret-agent-cinematography
124•tambourine_man•11h ago•65 comments

OpenSUSE Kalpa

https://kalpadesktop.org/
178•ogogmad•13h ago•79 comments

Meta and TikTok let harmful content rise to drove engagement, say whistleblowers

https://www.bbc.com/news/articles/cqj9kgxqjwjo
222•1vuio0pswjnm7•6h ago•140 comments

Torturing Rustc by Emulating HKTs

https://www.harudagondi.space/blog/torturing-rustc-by-emulating-hkts/
51•g0xA52A2A•3d ago•6 comments