←back to thread

Show HN: Katakate – Dozens of VMs per node for safe code exec

(github.com)
120 points gbxk | 2 comments | 21 Oct 25 15:22 UTC | HN request time: 0s | source

I've built this to make it easy to host your own infra for lightweight VMs at large scale.

Intended for exec of AI-generated code, for CICD runners, or for off-chain AI DApps. Mainly to avoid Docker-in-Docker dangers and mess.

Super easy to use with CLI / Python SDK, friendly to AI engs who usually don't like to mess with VM orchestration and networking too much.

Defense-in-depth philosophy.

Would love to get feedback (and contributors: clear & exciting roadmap!), thx

Show context
mentalgear ◴[21 Oct 25 16:22 UTC] No.45657697[source]
I would really like to see a good local sandboxing solution in this space, something that is truly local-first. This is especially important since many coding models / agentic builders will eventually become lightweight enough to run them on-device instead of having to buy tokens and share user data with big LLM cloud providers.
replies(7): >>45658204 #>>45658498 #>>45659517 #>>45661176 #>>45662480 #>>45662484 #>>45666374 #
elric ◴[21 Oct 25 18:19 UTC] No.45659517[source]
Are there any such solutions that can adequately protect against side-channel attacks (à la rowhammer, meltdown, spectre, ...)? I mean protecting local file access and network access is pretty easy, but side-channels and VM escaping attacks seem like a bigger concern.
replies(2): >>45659610 #>>45659728 #
ATechGuy ◴[21 Oct 25 18:34 UTC] No.45659728[source]
Side-channel attacks apply to multi-tenant cloud environments, not local.
replies(1): >>45660139 #
1. elric ◴[21 Oct 25 19:03 UTC] No.45660139[source]
That seems like a naive take. If any of your local VMs are internet connected and are compromised, side channel attacks could be used to exfiltrate data from other VMs or the host.
replies(1): >>45660552 #
2. ATechGuy ◴[21 Oct 25 19:32 UTC] No.45660552[source]
Then why only apply to VMs, why not apps?