Our great sponsors
| gvisor | WSL | |
|---|---|---|
| 64 | 406 | |
| 15,066 | 16,635 | |
| 2.8% | 1.4% | |
| 9.9 | 8.3 | |
| 5 days ago | 6 days ago | |
| Go | PowerShell | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gvisor
-
Maestro: A Linux-compatible kernel in Rust
Isn't gVisor kind of this as well?
"gVisor is an application kernel for containers. It limits the host kernel surface accessible to the application while still giving the application access to all the features it expects. Unlike most kernels, gVisor does not assume or require a fixed set of physical resources; instead, it leverages existing host kernel functionality and runs as a normal process. In other words, gVisor implements Linux by way of Linux."
https://github.com/google/gvisor
- Google/Gvisor: Application Kernel for Containers
- GVisor: OCI Runtime with Application Kernel
- How to Escape a Container
-
Faster Filesystem Access with Directfs
This sort of feels like seeing someone riding a bike and saying: why don’t they just get a car? The simple fact is that containers and VMs are quite different. Whether something uses VMX and friends or not is also a red herring, as gVisor also “rolls it own VMM” [1].
[1] https://github.com/google/gvisor/tree/master/pkg/sentry/plat...
-
OS in Go? Why Not
There's two major production-ready Go-based operating system(-ish) projects:
- Google's gVisor[1] (a re-implementation of a significant subset of the Linux syscall ABI for isolation, also mentioned in the article)
- USBArmory's Tamago[2] (a single-threaded bare-metal Go runtime for SOCs)
Both of these are security-focused with a clear trade off: sacrifice some performance for memory safe and excellent readability (and auditability). I feel like that's the sweet spot for low-level Go - projects that need memory safety but would rather trade some performance for simplicity.
[1]: https://github.com/google/gvisor
[2]: https://github.com/usbarmory/tamago
-
Tunwg: Expose your Go HTTP servers online with end to end TLS
It uses gVisor to create a TCP/IP stack in userspace, and starts a wireguard interface on it, which the HTTP server from http.Serve listens on. The library will print a URL after startup, where you can access your server. You can create multiple listeners in one binary.
-
How does go playground work?
The playground compiles the program with GOOS=linux, GOARCH=amd64 and runs the program with gVisor. Detailed documentation is available at the gVisor site.
- Searchable Linux Syscall Table for x86 and x86_64
-
Multi-tenancy in Kubernetes
You could use a container sandbox like gVisor, light virtual machines as containers (Kata containers, firecracker + containerd) or full virtual machines (virtlet as a CRI).
WSL
-
GoboLinux
It absolutely 100% can be true.
As an example: Windows Services for Linux 2 used a special init daemon to interact with the host OS.
That meant no systemd. That meant that the `systemctl` program wasn't there.
This baffled legions, armies, of wannabe sysadmins.
https://stackoverflow.com/questions/55579342/why-systemd-is-...
https://superuser.com/questions/1785697/systemd-in-wsl-on-wi...
https://github.com/microsoft/WSL/issues/9477
https://askubuntu.com/questions/1132230/unable-to-run-any-sy...
People on the whole have no idea how this stuff works, and they just copy magic incantations from StackOverflow to get stuff to happen. If that doesn't work, then this OS is broken. The end.
For these guys, WSL was broken.
Result:
MS hired Lennart Poettering.
https://www.theregister.com/2022/07/07/lennart_poettering_re...
He "fixed" it. Systemd now works in WSL2. All those guides for noobs now work. Everyone is happy.
In a world where tools like Flatpak and Snap are proliferating and it's driving deep divisions between Linux distros, if you think the average person struggling with Linux is going to use `ldd` to work out where the dependencies for something live, I'm afraid you are a deep guru who lives on a different plane of existence.
We now have widely-used packaging systems which simply embed an apps entire dependency tree into a package to avoid people having to work out the difference between `apt` and `rpm`. Thousands of terabytes of disk are being burned to make this stuff go away.
Yes, this is too hard. Way too hard.
-
Why Linux utilities tend to run poorly on Windows
Better source: https://github.com/Microsoft/WSL/issues/873#issuecomment-425...
- Weird graphical glitch/problem in Ubuntu WSLg (OpenGL)
-
RamRamRamEveryoneSleepingOnDocker
One of the bugs where on the Docker side. As I have said, there have been several since release with a lot of impact period overlap. The latest and greatest is not resolved.
-
Laravel dev in Windows - Laragon vs Docker?
It's the issue of abysmal I/O performance in communication between the mounted WSL2 virtual hard disk and Windows mounts inside the WSL2 distro.
- WSL freeze seems fixed in 2.0.12
-
What's the right way to open files in the system's default program from Ubuntu 22.04 in WSL 2 please?
I found this github page and I was able to reproduce this from the answer
-
Ask HN: Best Docker open source alternative?
* Docker engine and not Docker Desktop in a VM. WSL2 works well after some configuration: https://github.com/microsoft/WSL/issues/6655#issuecomment-11...
-
Broadcom to Cut Almost 1,300 VMware Jobs in California After Takeover
Seems to more of a Defender issue than a WSL one, see https://github.com/microsoft/WSL/issues/8995
After adding exclusions for the fsnotifier-wsl process and and both variants of the WSL distro path my disk performance was improved.
Adding the idea64.exe process also helped since I was trying to run IntelliJ against projects inside WSL.
- Bricked WSL 2 after 2.0.9 / Windows 10
What are some alternatives?
firecracker - Secure and fast microVMs for serverless computing.
wslg - Enabling the Windows Subsystem for Linux to include support for Wayland and X server related scenarios
podman - Podman: A tool for managing OCI containers and pods.
genie - A quick way into a systemd "bottle" for WSL
wsl-vpnkit - Provides network connectivity to WSL 2 when blocked by VPN
Scoop - A command-line installer for Windows.
kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
Single-GPU-Passthrough
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
setup-msys2 - GitHub Action to setup MSYS2
containerd - An open and reliable container runtime
mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like.