nanos VS isolate

I am a bit confused, there are three sites:

* https://nanos.org/

* https://nanovms.com/

* https://ops.city/

And I am not sure what "thing" I am using. Is there some disambiguation? I know is OPS is the orchestration CLI, but I am confused at the difference between Nanos and NanoVMs. What should I call the section of my README that deals with this tech? Currently gone with Nanos/OPS but I am confused.

I work with https://nanos.org && https://ops.city - we can run thousands of these on commodity hardware.

Unik was just a build tool that utilized other projects like Rump, Mirage, IncludeOS, etc. It's now dead since Solo pivoted a very long time ago to service mesh/api gateways.

The GoRump port they use was from us and then we realized we needed to code our own from the ground up for many reasons so we wrote https://nanos.org (runs as a go unikernel in GCP).

A couple unikernel projects that caught my eye in the past may be of interest to you. I have no experience with them, so I can't speak to their quality though.

https://unikraft.org/

https://github.com/nanovms/nanos

Definitely agree with the top part, however, I should note that, ops, the tool's, whole existence is to create disk images and upload them to any cloud, any hypervisor.

In particular, both https://ops.city && https://nanos.org are Go unikernels running on GCP and their deploys take just a few seconds to push out. AWS can be even faster cause we skip the s3 upload part. We also have lots of people using Azure which would be utilizing vhdx.

I'm with that organization that works on https://nanos.org and https://ops.city . If you aren't a software engineer but still would like to use unikernels you're in luck - we also have a package repository at https://repo.ops.city/ (running as a go unikernel on GCP) that will allow you to run and deploy pre-made applications. If you don't see something that you'd like to us there's also a way of importing docker containers into unikernels via ops which works for most (but not all) applications.

I think Unikernels like NanoVMs (https://nanos.org/) will become more important. They are more efficient and more secure than than full operating systems. Right now, I think there are no good monitoring solutions available (or at least I am not aware of any). You can't just ssh to your server, so if something goes wrong, it can be hard to debug. And they are certainly not integrated into bigger monitoring solutions like Dynatrace. But once the infrastructure is available, I would expect a large percentage of Linux servers to be replaced with unikernels.

> I currently use isolate (https://github.com/ioi/isolate) which is just a wrapper around cgroups/namespaces, and it's been a lot faster.

Yes. This is the fastest you can get.

If you want safer, do pr_set_seccomp as well. but that would be a custom solution.

I'm trying to run the dotnet CLI inside a sandbox (isolate, which is a Linux control-groups-based sandbox, to be more precise), but I can't get the dotnet program to run inside it; I only get this error message (which looks like the compiler itself is crashing?):

A lightweight sandbox is created using (https://github.com/ioi/isolate), which basically uses Linux kernel namespaces. It takes around 20 ms to have flow json and the engine inside.

For example, it relies upon the isolate project to easily run untrusted code/untrusted executables in sandboxes. If your students already have their test cases written, then it's just a matter of running them, which isolate can help with.