nanos
isolate
nanos | isolate | |
---|---|---|
27 | 6 | |
2,468 | 895 | |
1.4% | 2.5% | |
9.2 | 6.7 | |
7 days ago | 12 days ago | |
C | C | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nanos
-
Nanos – A Unikernel
I am a bit confused, there are three sites:
* https://nanos.org/
* https://nanovms.com/
* https://ops.city/
And I am not sure what "thing" I am using. Is there some disambiguation? I know is OPS is the orchestration CLI, but I am confused at the difference between Nanos and NanoVMs. What should I call the section of my README that deals with this tech? Currently gone with Nanos/OPS but I am confused.
-
Kolibri OS: fits on a floppy disk, programmed using interrupts
I work with https://nanos.org && https://ops.city - we can run thousands of these on commodity hardware.
-
Mirage – A programming framework for building type-safe, modular systems
Unik was just a build tool that utilized other projects like Rump, Mirage, IncludeOS, etc. It's now dead since Solo pivoted a very long time ago to service mesh/api gateways.
The GoRump port they use was from us and then we realized we needed to code our own from the ground up for many reasons so we wrote https://nanos.org (runs as a go unikernel in GCP).
-
Building a unikernel that runs WebAssembly – part 1
A couple unikernel projects that caught my eye in the past may be of interest to you. I have no experience with them, so I can't speak to their quality though.
https://unikraft.org/
https://github.com/nanovms/nanos
- Build Your Own Docker with Linux Namespaces, Cgroups, and Chroot
-
Running Postgres as a Unikernel
Definitely agree with the top part, however, I should note that, ops, the tool's, whole existence is to create disk images and upload them to any cloud, any hypervisor.
In particular, both https://ops.city && https://nanos.org are Go unikernels running on GCP and their deploys take just a few seconds to push out. AWS can be even faster cause we skip the s3 upload part. We also have lots of people using Azure which would be utilizing vhdx.
- Ask HN: Resources for Building a Webserver in C?
- A kernel designed to run only one application in a virtualized environment
-
Applications available in unikernels?
I'm with that organization that works on https://nanos.org and https://ops.city . If you aren't a software engineer but still would like to use unikernels you're in luck - we also have a package repository at https://repo.ops.city/ (running as a go unikernel on GCP) that will allow you to run and deploy pre-made applications. If you don't see something that you'd like to us there's also a way of importing docker containers into unikernels via ops which works for most (but not all) applications.
-
Ask HN: Software with biggest potential for positive impact in 5 years?
I think Unikernels like NanoVMs (https://nanos.org/) will become more important. They are more efficient and more secure than than full operating systems. Right now, I think there are no good monitoring solutions available (or at least I am not aware of any). You can't just ssh to your server, so if something goes wrong, it can be hard to debug. And they are certainly not integrated into bigger monitoring solutions like Dynatrace. But once the infrastructure is available, I would expect a large percentage of Linux servers to be replaced with unikernels.
isolate
-
Nanos – A Unikernel
> I currently use isolate (https://github.com/ioi/isolate) which is just a wrapper around cgroups/namespaces, and it's been a lot faster.
Yes. This is the fastest you can get.
If you want safer, do pr_set_seccomp as well. but that would be a custom solution.
- IOI/isolate: Sandbox for securely executing untrusted programs
-
Help running dotnet CLI inside isolate cg-groups sandbox
I'm trying to run the dotnet CLI inside a sandbox (isolate, which is a Linux control-groups-based sandbox, to be more precise), but I can't get the dotnet program to run inside it; I only get this error message (which looks like the compiler itself is crashing?):
-
Released Activepieces v0.3.9 (open-source no-code business automation) and excited about our progress
A lightweight sandbox is created using (https://github.com/ioi/isolate), which basically uses Linux kernel namespaces. It takes around 20 ms to have flow json and the engine inside.
-
Auto Grading platform for assignments - Question
For example, it relies upon the isolate project to easily run untrusted code/untrusted executables in sandboxes. If your students already have their test cases written, then it's just a matter of running them, which isolate can help with.
What are some alternatives?
unikraft - A next-generation cloud native kernel designed to unlock best-in-class performance, security primitives and efficiency savings.
activepieces - Your friendliest open source all-in-one automation tool ✨ Workflow automation tool 100+ integration / Enterprise automation tool / Zapier Alternative
rusty-hermit - Hermit for Rust. [Moved to: https://github.com/hermit-os/hermit-rs]
OPS - ops - build and run nanos unikernels
linuxkit - A toolkit for building secure, portable and lean operating systems for containers
unik - The Unikernel & MicroVM Compilation and Deployment Platform
dark - Darklang main repo, including language, backend, and infra
engine - The Orchestration Engine To Deliver Self-Service Infrastructure Faster ⚡️
ferros - A Rust-based userland which also adds compile-time assurances to seL4 development.
Pulumi - Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀
Trusted-CGI - Lightweight runner for lambda functions/apps in CGI like mode
unikernels - State of the art for unikernels