MicroVMs - How to Safely Run Untrusted Code (Firecracker)
Автор: Kishore Newton
Загружено: 2026-02-21
Просмотров: 21
Описание:
You're building a platform where users submit code — a coding challenge, a CI pipeline, an AI agent. You can't trust what they send. This video shows what happens when malicious code runs on a bare host vs inside a Firecracker microVM.
What you'll see:
→ A real payload reading /etc/passwd, fingerprinting the system, and mapping the network
→ Running it directly on the host — real credentials exposed
→ Running the same payload inside a Firecracker microVM — completely isolated
→ The VM boots in milliseconds, runs the code, and is destroyed
What is a microVM?
→ A real virtual machine — its own kernel, its own memory
→ Stripped to the bare minimum — no graphics, no USB, just compute
→ Boots in ~125ms, uses as little as 5MB of memory
→ Isolation enforced by your CPU at the hardware level (KVM)
→ Restricted system calls, dropped privileges, no way out
Firecracker:
→ Written in Rust — 30K+ stars on GitHub
→ Each VM is a locked-down sandbox
→ Linux only — no macOS or Windows natively
Alternatives:
→ gVisor (Google) — user-space kernel, different tradeoffs
→ Kata Containers — OCI-compatible microVMs
Spin it up. Run the code. Burn it down.
🔗 GitHub: https://github.com/firecracker-microv...
🔗 gVisor: https://github.com/google/gvisor
🔗 Kata Containers: https://github.com/kata-containers/ka...
#firecracker #microvm #security #sandboxing #rust #aws #lambda #devops #programming #opensource #coding #virtualization #containers
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке: