Hacker News
Latest
Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild
2026-03-18 @ 14:28:40Points: 78Comments: 58
Federal Cyber Experts Called Microsoft's Cloud "A Pile of Shit", yet Approved It
2026-03-18 @ 14:14:02Points: 201Comments: 86
A ngrok-style secure tunnel server written in Rust and Open Source
2026-03-18 @ 14:00:43Points: 32Comments: 10
FDA links raw cheese to outbreak; Makers "100% disagree," refuse recall
2026-03-18 @ 13:32:48Points: 40Comments: 63
Tech hobbyist makes shoulder-mounted guided missile prototype with $96 in parts
2026-03-18 @ 13:04:15Points: 154Comments: 113
Rob Pike's 5 Rules of Programming
2026-03-18 @ 09:59:54Points: 553Comments: 305
Nightingale – open-source karaoke app that works with any song on your computer
2026-03-18 @ 08:06:24Points: 364Comments: 85
Ndea (YC W26) is hiring a symbolic RL search guidance lead
2026-03-18 @ 07:00:13Points: 1
Celebrating Tony Hoare's mark on computer science
2026-03-18 @ 06:31:14Points: 93Comments: 26
Have a fucking website
2026-03-18 @ 03:53:42Points: 742Comments: 428
The pleasures of poor product design
2026-03-18 @ 01:00:45Points: 208Comments: 70
A tale about fixing eBPF spinlock issues in the Linux kernel
2026-03-18 @ 00:53:10Points: 143Comments: 13
Mistral AI Releases Forge
2026-03-17 @ 21:04:26Points: 657Comments: 165
Get Shit Done: A meta-prompting, context engineering and spec-driven dev system
2026-03-17 @ 20:23:39Points: 403Comments: 222
A Decade of Slug
2026-03-17 @ 18:59:50Points: 700Comments: 68
Python 3.15's JIT is now back on track
2026-03-17 @ 18:37:27Points: 451Comments: 267
A Fuzzer for the Toy Optimizer
2026-03-17 @ 15:32:11Points: 7Comments: 1
Unsloth Studio
2026-03-17 @ 15:26:32Points: 366Comments: 70
Microsoft's 'unhackable' Xbox One has been hacked by 'Bliss'
2026-03-17 @ 15:16:29Points: 757Comments: 285
Show HN: Sub-millisecond VM sandboxes using CoW memory forking
2026-03-17 @ 13:43:44Points: 251Comments: 62
So instead of launching a new microVM per execution, I boot Firecracker once with Python and numpy already loaded, then snapshot the full VM state. Every execution after that creates a new KVM VM backed by a `MAP_PRIVATE` mapping of the snapshot memory, so Linux gives me copy-on-write pages automatically.
That means each sandbox starts from an already-running Python process inside a real VM, runs the code, and exits.
These are real KVM VMs, not containers: separate guest kernel, separate guest memory, separate page tables. When a VM writes to memory, it gets a private copy of that page.
The hard part was not CoW itself. The hard part was resuming the snapshotted VM correctly.
Rust, Apache 2.0.