nanos
hardened_malloc
Our great sponsors
nanos | hardened_malloc | |
---|---|---|
27 | 652 | |
2,468 | 1,158 | |
12.9% | 2.9% | |
9.2 | 7.7 | |
1 day ago | 4 days ago | |
C | C | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nanos
-
Nanos – A Unikernel
I am a bit confused, there are three sites:
* https://nanos.org/
* https://nanovms.com/
* https://ops.city/
And I am not sure what "thing" I am using. Is there some disambiguation? I know is OPS is the orchestration CLI, but I am confused at the difference between Nanos and NanoVMs. What should I call the section of my README that deals with this tech? Currently gone with Nanos/OPS but I am confused.
-
Kolibri OS: fits on a floppy disk, programmed using interrupts
I work with https://nanos.org && https://ops.city - we can run thousands of these on commodity hardware.
-
Mirage – A programming framework for building type-safe, modular systems
Unik was just a build tool that utilized other projects like Rump, Mirage, IncludeOS, etc. It's now dead since Solo pivoted a very long time ago to service mesh/api gateways.
The GoRump port they use was from us and then we realized we needed to code our own from the ground up for many reasons so we wrote https://nanos.org (runs as a go unikernel in GCP).
-
Building a unikernel that runs WebAssembly – part 1
A couple unikernel projects that caught my eye in the past may be of interest to you. I have no experience with them, so I can't speak to their quality though.
https://unikraft.org/
https://github.com/nanovms/nanos
- Build Your Own Docker with Linux Namespaces, Cgroups, and Chroot
-
Running Postgres as a Unikernel
Definitely agree with the top part, however, I should note that, ops, the tool's, whole existence is to create disk images and upload them to any cloud, any hypervisor.
In particular, both https://ops.city && https://nanos.org are Go unikernels running on GCP and their deploys take just a few seconds to push out. AWS can be even faster cause we skip the s3 upload part. We also have lots of people using Azure which would be utilizing vhdx.
- Ask HN: Resources for Building a Webserver in C?
- A kernel designed to run only one application in a virtualized environment
-
Applications available in unikernels?
I'm with that organization that works on https://nanos.org and https://ops.city . If you aren't a software engineer but still would like to use unikernels you're in luck - we also have a package repository at https://repo.ops.city/ (running as a go unikernel on GCP) that will allow you to run and deploy pre-made applications. If you don't see something that you'd like to us there's also a way of importing docker containers into unikernels via ops which works for most (but not all) applications.
-
Ask HN: Software with biggest potential for positive impact in 5 years?
I think Unikernels like NanoVMs (https://nanos.org/) will become more important. They are more efficient and more secure than than full operating systems. Right now, I think there are no good monitoring solutions available (or at least I am not aware of any). You can't just ssh to your server, so if something goes wrong, it can be hard to debug. And they are certainly not integrated into bigger monitoring solutions like Dynatrace. But once the infrastructure is available, I would expect a large percentage of Linux servers to be replaced with unikernels.
hardened_malloc
- WhatsApp forces Pegasus spyware maker to share its secret code
- EncroChat
-
Popular XMPP App "Conversations" Removed from PlayStore by Google
Relevant copypasta:
Fellow humans, there are alternatives to Google and Apple! Your neck need not be under anyone's boot! You don't even need to give up any functionality:
Data service:
The simplest thing is to buy a prepaid SIM and top it off with cash. The lovely people over at /r/nocontract maintain a big spreadsheet so you can filter by various properties of the available contracts.
Another way to go is to pay for a postpaid plan with a virtual credit card (VCC) like at privacy.com. It won't be linked to your name at the telco, but of course privacy.com knows who you are. There is also Abine Blur, and some others.
Yet a third way to go, which is nascent, is buy an eSIM with crypto. You can also buy prepaid VCCs with crypto.
An interesting new choice is PGPP https://invisv.com/pgpp/ who rotate your IMSI and do some other cool stuff. It works by e-sims.
All these methods make you /pseudo/nymous, but obviously you're still identifiable by subscriber number and possibly IMEI, to put aside correlational things like your traffic profile. You can help this problem by routing everything through a VPN. Then you're pseudonymous but the cell carrier knows nothing about you other than that you use a VPN. Pay for the VPN with crypto. Of course now the VPN provider knows your traffic, but you're much more anonymous to them than you are to a telco. You make your choices. Defense in depth. Etc.
OS:
GrapheneOS: https://grapheneos.org/ Very much like Calyx, but extra-hardened and with no MicroG. No involvement with Google at all by default. You can make a secondary profile in which you install Google Play Services to set up an environment where you can run unprivileged Play services + whatever crapware you need that requires them. Unprivileged here means it's like any other app: if you don't give it access to your location, it won't know where you are. If you end the profile session when you leave, Play Services stops running and stops talking to Google.
CalyxOS: https://calyxos.org/ Privacy-respecting Android distribution that replaces Google spyware with MicroG, so you can have your cake and eat it too. Most everything will work as you're used to, but it does still talk to Google to make that happen.
LineageOS: https://lineageos.org/ The successor to CyanogenMod, will work with many different phones. More privacy and control than stock Android.
There are also many others: Sailfish, Replicant, e
Hardware:
CalyxOS and GrapheneOS run best on Pixels. The path of least resistance is to get one of these phones and run GrapheneOS with Google Services installed in one profile or other.
You could also buy a Librem 5 https://puri.sm/products/librem-5/ If privacy and security and hacking are really important to you.
Or a pinephone: https://www.pine64.org/pinephone/
Neither work very well by regular standards, but they're cool :-)
-
LineageOS is currently installed on 1.5M Android devices
It might be worth to switch to GrapheneOS if you have Pixel phones: https://grapheneos.org/
It is a more serious project than LineageOS in the sense that they take security very seriously and they take their development more professionally too. There are no disadvantages to using GrapheneOS compared to LineageOS.
You can see a comparison here: https://eylenburg.github.io/android_comparison.htm
- Apple Announces Changes to iOS, Safari, and the App Store in the European Union
- No new iPhone? No secure iOS: Looking at an unfixed iOS vulnerability
-
Recommendations for an Android repair shop?
If it still powers up but just won't boot you could try installing https://grapheneos.org/.
-
Iphone Vs Android
On 4thgen Pixels and up you can install GrapheneOS which is a security and privacy focused Android build. It does not come with any Google services pre-installed but you can put them on. https://grapheneos.org/
- Suche Handy empfehlung bis 250€ max.
-
Are you happy
yes... will also de-google it cuz we can install GrapheneOS and also close the bootloader
What are some alternatives?
unikraft - A next-generation cloud native kernel designed to unlock best-in-class performance, security primitives and efficiency savings.
Unihertz-Titan-lineageos-microg - Guide and files required to setup lineageos with microg on the Unihertz Titan
rusty-hermit - Hermit for Rust. [Moved to: https://github.com/hermit-os/hermit-rs]
ungoogled-chromium - Google Chromium, sans integration with Google
OPS - ops - build and run nanos unikernels
Magisk - The Magic Mask for Android
linuxkit - A toolkit for building secure, portable and lean operating systems for containers
Seedvault - A backup application for the Android Open Source Project.
unik - The Unikernel & MicroVM Compilation and Deployment Platform
plexus - Remove the fear of Android app compatibility on de-Googled devices.
dark - Darklang main repo, including language, backend, and infra
mimalloc - mimalloc is a compact general purpose allocator with excellent performance.