Hacker News new | past | comments | ask | show | jobs | submit login
We clone a running VM in 2 seconds (codesandbox.io)
23 points by yla92 on Dec 16, 2023 | hide | past | favorite | 10 comments



Firecracker is the same VM technology used by Fly.io although they don’t have memory cloning as seen here. A VM can be cloned and the clone started in seconds though this heavily depends on image / rootfs size so it’s likely more in the order of 30 seconds or so (number pulled out of thin air).


Can't you use CoW to make the clone essentially instant? (I thought BTRFS supported it, but I'm not sure)

Edit: Okay, I did a bit of searching and if the image is a file (qcow2, say) I'm pretty sure you could just `cp --reflink=always old.qcow2 new.qcow2` and it would take way less than 30 seconds. (Again, assuming BTRFS; I guess ex. XFS has some sort of reflink support these days but I don't know)


This isn’t about cloning an image, it’s the full running VM state, including memory.


? I was responding to

> A VM can be cloned and the clone started in seconds though this heavily depends on image / rootfs size so it’s likely more in the order of 30 seconds or so (number pulled out of thin air).

which is specifically about the disk side.


Super cool technology, but when cloning entire VMs, one needs to be very careful to not accidentally leak crypto material.

The Minecraft example provided would leak the servers private key used to secure sessions [0] and enable practical MitM attacks. If you run server A, give me the copy Server B of it and Alice logs into B, I could log into Server A as Alice. Same thing if we both run copies of the same original VM.

[0] https://wiki.vg/Protocol_Encryption


Very cool. Seems like this could also be great for an integration test runner when the test environment requires a lot of setup.

I thought this might use some of the underlying page tracking support for live network migration [0] that nearly every hypervisor has now, but it doesn't seem like they needed it!

[0] https://en.wikipedia.org/wiki/Live_migration


> Firecracker spawns a MicroVM instead of a VM. MicroVMs are more lightweight.

Somehow that conveys little

Can you run a Minecraft server in a MicroVM? If so, what are the drawbacks?


Crashes several browsers on iOS, therefore

https://archive.is/kac3q


Those are not VM.


Why do you think it's not a VM? They're using firecracker, which is a KVM-backed VM manager.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: