How I connect microvm.nix VMs to my home network VLANs.
VMs get deterministic MAC addresses derived from their hostname, so the router handles all DNS and IP assignment.
#MicroVM
AI 에이전트가 코드를 실행할 때: 컨테이너만으론 부족한 이유
AI 에이전트가 코드를 실행할 때 컨테이너만으로는 부족한 이유와 microVM, gVisor, Wasm 등 샌드박스 기술의 실전 선택 기준을 소개합니다.
#AIAnToan #Sandboxing #KhoaHocDuLieu #AIQuanLy
Giới hạn hành vi tự chủ của agent AI thông qua sandboxing – bài viết phân tích rủi ro từ truy cập tool không kiểm soát, lộ trình mạng/hệ thống, và các giải pháp như Docker, Firecracker, gVisor. Tìm hiểu cách tối ưu an toàn trong sản phẩm.
#AIUnsafe #AnToanCongNghe #QuanLyAI #Container #MicroVM #GVisor #DevOps #Cybersecurity
https://www.reddit.com/r/programming/comments/1po8ar9/sandboxing_ai_agents_practical_ways_to_limit/
The #nix #microvm project added #darwin support!
https://github.com/microvm-nix/microvm.nix/issues/154#event-21442108737
As you can see the build process is smooth, the execution is blazingly fast. What more could I ask for?
#programming #technology #BSD #netBSD #metaOS #microVM #networking #qemu #host #bmake #curl #sshd #Linux
The mighty world of BSD
Playing with again smolBSD, a fantastic metaOS system that I talked about a few weeks ago.
I'm a newbie, a greenhorn, when it comes to meta-operating systems built on top of NetBSD.
I am very eager to learn by doing, making mistakes in the process, correcting and feel the warmth of the BSD community, who is happy to correct, esp when I show that I read the docs after making the mistakes
The journey is fantastic, the learning process is fun. microVM's are amazing. I've registered 11ms boot times on this small machine with a few CPU cores (and 40GB RAM). The fun is endless
#programming #technology #BSD #netBSD #metaOS #microVM #networking #qemu #host #bmake #curl #sshd #Linux
![The image depicts a terminal window running a command line interface (CLI) environment. The background is a dark, blurred image of a tree with red and orange foliage. The terminal window is titled "smolBSD" in the top left corner, and the prompt displays "nbuser[@]nbakery" followed by the current directory and a bash prompt. Three separate windows are visible, each with a slightly different title and content.](https://files.mastodon.social/cache/media_attachments/files/115/658/860/330/473/438/original/598f8969990748f1.png)
🚀🔥 Oh joy, another tool claiming to simplify #Docker with a sprinkle of #microVM magic! Bottlefire: for those who think turning container images into cumbersome, zero-dependency Linux executables is the pinnacle of #innovation. 🐢⚙️ Because nothing screams 'progress' like shuffling dependencies into convoluted bash scripts.
https://bottlefire.dev/ #Simplification #ContainerTools #BashScripts #HackerNews #ngated
🤔 Ever wonder how to escape from a container? Or how security tools know what permissions they have from inside that same container? It's nice to have a great script for #enumeration ... but what does it check for and why does it matter?
Who am I? - Let’s get oriented and figure out what we have in our container. (https://some-natalie.dev/container-escapes-whoami/)
Our shared kernel - #Containers are processes that share a kernel. What can we see about our host? (https://some-natalie.dev/container-escapes-shared-kernel/)
Are we capable? - What sort of capabilities do we have? (https://some-natalie.dev/container-escapes-capabilities/)
Seccomp is your friend - #Seccomp filters what a container can do. Let’s learn what’s been set for us. (https://some-natalie.dev/container-escapes-seccomp/)
Are we in a microVM? - With #microVM runtimes gaining popularity, how do you know if you’re in a container? (https://some-natalie.dev/blog/microvm-or-container/)
(or, I did a little editing and put my workshop from @appsec_village at #DEFCON33 up) :heart_cybre:
🌘 Flintlock:基於 containerd 的 MicroVM 生命週期管理工具
➤ Lock, Stock, and Two Smoking MicroVMs:掌控您的 MicroVM 世界
✤ https://github.com/liquidmetal-dev/flintlock
Flintlock 是一款用於在主機上建立和管理微型虛擬機(MicroVM)生命週期的服務。它支援 Cloud Hypervisor 和 Firecracker 作為後端,並能透過 API 介面(gRPC 或 HTTP)進行操作,包括創建、刪除、啟動、停止和暫停 MicroVM,以及配置其元數據和使用 OCI 映像檔作為儲存、核心及 initrd。Flintlock 在 Liquid Metal 專案中扮演重要角色,但也適用於其他需要輕量級虛擬化的場景。
+ 這個工具聽起來很有潛力,尤其對於需要大量輕量級虛擬化資源的場景,像是 Kubernetes 節點。
#MicroVM #containerd #虛擬化 #Kubernetes #Cloud Hypervisor #Firecracker
Decided to blog what I learned about Ubuntu multipass MicroVMs. Enjoy.
https://blog.faucher.net/2025/08/ubuntu-multipass-microvms.html
Really fast boot. Not for me. I'll stick to containers and the odd KVM VM using virt-manager.
New Open-Source Tool Spotlight 🚨🚨🚨
Firecracker is a lightweight, production-focused virtual machine monitor designed for secure multi-tenant workloads. Its minimal overhead enables high density on bare-metal servers while emphasizing isolation through microVMs. Built by AWS, it's used in services like Lambda and Fargate. #Virtualization #MicroVM
🔗 Project link on #GitHub 👉 https://github.com/firecracker-microvm/firecracker/
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️
This is so damn cool. Relatively secure docker in docker with very an isolated docker daemon context and low overhead. A great alternative to MicroVM's like #Firecracker.
https://www.docker.com/resources/docker-in-docker-containerized-ci-workflows-dockercon-2023/
I love the presentation style too. I followed along in my terminal and everything worked. So much more helpful for me than "go to this website to learn more".
Le podcast 🎙 AWS ☁️ en 🇫🇷 parle de Firecracker aujourd'hui, la microVM qui fait tourner vos fonctions Lambda et Fargate.
Découvrez Quentin☕ Joly, un geek de 24 ans qui utilise FireCracker dans son lab à la maison.
My #NixOS 23.12 upgrade story for all the servers and VMs I manage:
Let's start with the terrible. Grafana crashed because it is missed a directory when using provisioned dashboards. Fix is in https://github.com/NixOS/nixpkgs/pull/272564
Then I searched an hour for a faulty change I did two days ago where I didn't think about split Portunus LDAP server and applications and needed to move a mkIf.
That's two #MicroVM|s done. The next two just worked without any changes and nothing broke (so far?).
🌘 ‘microvm’虛擬平臺(microvm)- QEMU 8.0.0文件
➤ 'microvm'虛擬平臺的支持設備和限制
✤ https://qemu.readthedocs.io/en/latest/system/i386/microvm.html
本文介紹了QEMU 8.0.0文件中的'microvm'虛擬平臺。該平臺是一種受Firecracker啟發並在其機器模型之後構建的機器類型,適用於短暫的客戶端。它還為優化QEMU和客戶操作系統提供了基準,因為它針對啟動時間和佔用空間進行了優化。該平臺支持多種設備,但也有一些限制。文章提供了使用'microvm'虛擬平臺運行虛擬機器的示例命令。
+ 這篇文章提供了很有用的信息,讓我更瞭解了'microvm'虛擬平臺的特點和用法。
+ 這篇文章的示例命令非常實用,讓我可以快速開始使用'microvm'虛擬平臺運行虛擬機器。
#QEMU #虛擬平臺 #microvm
This is a brief demonstration how to run a #MicroVM using my #Firecracker executor within Apache #Mesos.
#Nix #VirtualMachines
microvm.nix is a #Flake to run lightweight #NixOS virtual machines on #NixOS. Starting with the reasons why for the remainder of this chapter, this handbook guides you through the provisioning of #MicroVM-s on your #NixOS machine.https://astro.github.io/microvm.nix/intro.html
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst