Smolvm made HN compare containers with microVMs again
Original: Show HN: Smol machines – subsecond coldstart, portable virtual machines View original →
smolvm is a CLI for shipping and running software with isolation by default. Its README says it can run custom Linux virtual machines locally with sub-second cold starts on macOS and Linux, then pack a stateful VM into a single .smolmachine file that can be rehydrated on a supported platform. That was enough for Hacker News to restart an old debate: when do containers stop being enough?
The project’s pitch is concrete. Network access is off by default, egress can be limited to specific hosts, host files and credentials sit outside the guest, and workloads run behind a hypervisor boundary. It can also consume OCI images from Docker Hub, ghcr.io, or other registries without a Docker daemon, and the README shows a Python 3.12 Alpine image being packed into a portable executable that boots in under 200ms.
In the HN thread, the creator described it as a Docker-container replacement that borrows from Firecracker without carrying all of Firecracker’s original AWS-specific shape. Commenters immediately tested the edges: signed .smolmachine files, custom image sources, WSL support, hot CPU and memory resizing, Docker-in-VM, and nested VM use cases.
The agent angle is why this felt timely. Coding agents, eval runners, package testers, and plugin sandboxes need to execute unfamiliar code quickly, but the security story around a shared kernel is uncomfortable. Traditional VMs give stronger isolation, yet they often cost too much latency and setup friction. smolvm is trying to make the VM feel closer to a container while keeping the isolation model easy to reason about.
The project is not finished. The README lists opt-in networking, directory-only volume mounts, macOS signing requirements, SSH-agent prerequisites, and GPU work still in progress. Even so, the HN reaction shows a real appetite for smaller isolation units as agent-driven development creates more reasons to run code you did not write.
Related Articles
GitHub says Copilot code review now uses CLI and SDK file-exploration tools such as grep, rg, glob, and view. The change has reduced review costs by about 20% while preserving review quality in offline and online evaluation.
GitHub Desktop 3.6 moves three agent-era Git chores into the client: worktrees, Copilot-written commits, and AI-assisted merge conflict review. The bigger shift is that Desktop now treats parallel branches and model choice as everyday developer controls.
A benchmark that Apple did not publish itself drew HN attention: SpeechAnalyzer posted lower word error rates than both the old SFSpeechRecognizer and Whisper Small on the same Apple hardware.