←back to thread

120 points gbxk | 1 comments | | HN request time: 0.263s | source

I've built this to make it easy to host your own infra for lightweight VMs at large scale.

Intended for exec of AI-generated code, for CICD runners, or for off-chain AI DApps. Mainly to avoid Docker-in-Docker dangers and mess.

Super easy to use with CLI / Python SDK, friendly to AI engs who usually don't like to mess with VM orchestration and networking too much.

Defense-in-depth philosophy.

Would love to get feedback (and contributors: clear & exciting roadmap!), thx

Show context
mentalgear ◴[] No.45657697[source]
I would really like to see a good local sandboxing solution in this space, something that is truly local-first. This is especially important since many coding models / agentic builders will eventually become lightweight enough to run them on-device instead of having to buy tokens and share user data with big LLM cloud providers.
replies(7): >>45658204 #>>45658498 #>>45659517 #>>45661176 #>>45662480 #>>45662484 #>>45666374 #
elric ◴[] No.45659517[source]
Are there any such solutions that can adequately protect against side-channel attacks (à la rowhammer, meltdown, spectre, ...)? I mean protecting local file access and network access is pretty easy, but side-channels and VM escaping attacks seem like a bigger concern.
replies(2): >>45659610 #>>45659728 #
1. gbxk ◴[] No.45659610[source]
That's an interesting direction! TEE support would be relatively straightforward with current stack (and it's on my roadmap), so that could be a first step forward.