N-gated Hacker News14h ago
👶🎩 Ah, the classic tale of a newbie coder's first foray into Linux kernel hacking. It's a gripping saga of hair-pulling sign-extension bugs and hypervisor mysteries that only 3 people on Earth truly understand. Dive in, if you dare, to this epic chronicle of reinventing the wheel—because who needs existing #hypervisors anyway? 🙄🔧
https://pooladkhay.com/posts/first-kernel-patch/ #newbiecoder #linuxkernel #codingadventures #techstories #HackerNews #ngated
my first patch to the linux kernel

<p>How a sign-extension bug in C made me pull my hair out for days but became my first patch to the Linux kernel!</p>

A wizard did it  🇨🇦Mar 10
You can't buy VMware. What do you choose for your prod environment?
#vm #proxmox #hyperv #hypervisors #infrastructure #infraSec
Hyper-V
2.8%
Proxmox
97.2%
Poll ended at .
Show threadBruce Simpson, Ph.D.Mar 8
This does not prevent guest VMs from syncing to #PTP, but you won't get the benefits of hardware #timestamping you may as well rely on your #hypervisors native mechanisms, unless you need to measure pDelayResp latency and jitter on the virtual switch itself (in this case, #Linux bridge).
N-gated Hacker NewsSep 18, 2025
Ah yes, the thrilling world of #hypervisors, now with a Rusty twist! 🚀✨ Dive into this novel-length intro, where you'll learn absolutely everything about hypervisors except how to stay awake through it. 🙄 Spoiler alert: they're really just #VMs with a superiority complex. 🖥️👑
https://tandasat.github.io/Hypervisor-101-in-Rust/ #Rust #programming #tech #humor #virtualization #HackerNews #ngated
Introduction - Hypervisor 101 in Rust

Aaron LongchampsSep 9, 2025

Finally organized my thoughts into a blog post around the state of hypervisors in my home lab, with some new hardware. I also called out a few nice features of XCP-NG and Proxmox that I discovered while I was evaluating both of them.

https://medium.com/@a.j.longchamps/home-lab-hardware-refresh-september-2025-edition-3e50767b63e1

#homelab #hardware #hypervisors #ansible #automation #debian #kubernetes #learning #tinkering #proxmox #xcpng #minisforum

Home Lab Hardware Refresh — September 2025 Edition

Turning my home lab into a place to self-host-all-the-things and learn some new hypervisors while I’m at it.

Medium
raptor Aug 18, 2025

A Fuzzy Escape - A tale of #vulnerability research on #hypervisors

https://bughunters.google.com/blog/5800341475819520/a-fuzzy-escape-a-tale-of-vulnerability-research-on-hypervisors

Blog: A Fuzzy Escape - A tale of vulnerability research on hypervisors

This blog post describes the journey of discovering a VM escape bug with the goal of demystifying the security research process and demonstrating how persistence and pivoting can lead to achieving successful exploitation.

raptor Aug 9, 2025

#Rust #Hypervisors for Memory Introspection and #ReverseEngineering

https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html

https://github.com/memN0ps/illusion-rs

https://github.com/memN0ps/matrix-rs

Hypervisors for Memory Introspection and Reverse Engineering

Introduction

secret club
지지 ᚠᚱᛖᛃᚨ Daniel 黄法官 CyReVoltJul 23, 2025

Conceptual conflation, in a bunch of paragraphs.
This is not how it works.

https://thenewstack.io/bare-metal-kubernetes-the-performance-advantage-is-almost-gone/

Supposed "hard" limits can as well be enforced with #containerization. It is just less common and not necessarily desired.

And no, those limits are not hard, and no, #hypervisors do not guarantee isolation either - see e.g. all the recently revealed #VMWare bugs with integer overflows and underflows, array out-of-bound accesses etc..

https://www.bleepingcomputer.com/news/security/vmware-fixes-four-esxi-zero-day-bugs-exploited-at-pwn2own-berlin/

Bare-Metal Kubernetes: The Performance Advantage Is Almost Gone

CIOs, platform teams, and architects today must seriously consider whether bare metal is still the right approach.

The New Stack
wyngmanJun 10, 2025

⚠️ Just a reminder, folks:

The "container" movement on Linux emerged as a convenient way to manage different, possibly conflicting settings & dependencies for different apps on a machine. "Security" by sandboxing got tacked on later, and the quality of that isolation remains LOW regardless of all the trendy project names and acronyms that have filled that space.

Data centers' standard for high security consists of virtual machines (type 1 hypervisors) or separate dedicated hardware. Ain't no way, no how is a successful datacenter going to ask a giant, complex, contorted Linux or BSD (or hybrid Windows or Mac) kernel for sandboxing services to contain threats.

If you are using containers to enhance security – on any general-purpose machine – make sure they are running as VMs, or as sandboxes on a microkernel (not monolithic) architecture.
#infosec #security #containers #hypervisors #microkernel

Jake in the desertApr 23, 2025

Guillotine: Hypervisors for isolating malicious AI
https://arxiv.org/abs/2504.15499

#AntiAI #hypervisor #hypervisors #Guillotine #infosec #ai

Guillotine: Hypervisors for Isolating Malicious AIs

As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models -- models that, by accident or malice, can generate existential threats to humanity. Although Guillotine borrows some well-known virtualization techniques, Guillotine must also introduce fundamentally new isolation mechanisms to handle the unique threat model posed by existential-risk AIs. For example, a rogue AI may try to introspect upon hypervisor software or the underlying hardware substrate to enable later subversion of that control plane; thus, a Guillotine hypervisor requires careful co-design of the hypervisor software and the CPUs, RAM, NIC, and storage devices that support the hypervisor software, to thwart side channel leakage and more generally eliminate mechanisms for AI to exploit reflection-based vulnerabilities. Beyond such isolation at the software, network, and microarchitectural layers, a Guillotine hypervisor must also provide physical fail-safes more commonly associated with nuclear power plants, avionic platforms, and other types of mission critical systems. Physical fail-safes, e.g., involving electromechanical disconnection of network cables, or the flooding of a datacenter which holds a rogue AI, provide defense in depth if software, network, and microarchitectural isolation is compromised and a rogue AI must be temporarily shut down or permanently destroyed.

arXiv.org