picosnitch
QEMU
picosnitch | QEMU | |
---|---|---|
33 | 190 | |
591 | 9,313 | |
- | 1.7% | |
8.6 | 10.0 | |
4 months ago | 7 days ago | |
Python | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
picosnitch
-
Linux runtime security agent powered by eBPF
Yep, and from my experience too (made a tool that monitors network traffic with eBPF [1]) in addition to those issues there is also a sizable latency hit.
[1] https://github.com/elesiuta/picosnitch
-
Monitor bandwidth usage with bandwhich (and build a snap package of it)
Similar to bandwhich, I recently created a snap of my own bandwidth monitor, picosnitch [1]. However I was only able to get it working with classic confinement (so it can't be published on the store) due to there being no snap interfaces for fanotify or BPF kfuncs.
I already packaged it for nearly every distro, but unfortunately most don't have dash [2] in their repos so the user needs to install it separately, and I was hoping that snap would be an easier solution for that.
[1] https://github.com/elesiuta/picosnitch/blob/master/snap/snap...
[2] https://repology.org/project/python:dash/versions
-
What kind of applications are missing from the Linux ecosystem?
I created picosnitch which can do this
-
gnome-shell Runaway Bandwidth - More in Comments
If you're still having this issue, you can try picosnitch (I recently made it available in copr).
-
Help identifying which process is sending network requests
You can use picosnitch for this, I'm the developer and this is exactly the use case I had in mind when designing it (24/7 monitoring of traffic on a per executable basis, primarily in containerized environments).
-
Little Snitch Mini
I wrote picosnitch [1] which has the same notification and bandwidth monitoring features, however it doesn't block traffic for a couple reasons: avoiding scope creep so I can focus on more reliable detection and do things like hash every executable, which makes it harder to block traffic in a timely fashion.
https://github.com/elesiuta/picosnitch
-
System monitor that lists network usage for each process
I also wrote a program (picosnitch) which is newer than that list and has a bunch of features none of those other tools have, in case you're interested in checking it out!
-
linux security
which basically says launchpad builds the package directly from that repository, which states: This repository is an import of the Git repository at https://github.com/elesiuta/picosnitch.git.
-
Linux software list. Discussion and advice welcome!
picosnitch - monitors and hashes programs that connect to the internet, and can check them with VirusTotal.
-
What's your goto open source network & bandwidth monitors
For Linux, I created picosnitch which does exactly what you're looking for.
QEMU
-
QEMU Version 9.0.0 Released
My most-wanted QEMU feature: https://github.com/qemu/qemu/commit/a2260983c6553
Using `gic-version=3` on macOS you can now use more than 8 cores on ARM chips.
-
Autoconf makes me think we stopped evolving too soon
A better solution is just to write a plain ass shell script that tests if various C snippets compile.
https://github.com/oilshell/oil/blob/master/configure
https://github.com/oilshell/oil/blob/master/build/detect-pwe...
Not an unholy mix of m4, shell, and C, all in the same file.
---
These are the same style as a the configure scripts that Fabrice Bellard wrote for tcc and QEMU.
They are plain ass shell scripts, because he actually understands the code he writes.
https://github.com/qemu/qemu/blob/master/configure
https://github.com/TinyCC/tinycc/blob/mob/configure
OCaml’s configure script is also “normal”.
You don’t have to copy and paste thousands of lines of GNU stuff that you don’t understand.
(copy of lobste.rs comment)
-
WASM Instructions
Related:
A fast Pascal (Delphi) WebAssembly interpreter:
https://github.com/marat1961/wasm
WASM-4:
https://github.com/aduros/wasm4
Curated list of awesome things regarding WebAssembly (wasm) ecosystem:
https://github.com/mbasso/awesome-wasm
Also, it would be nice if there was a WASM (soft) CPU for QEMU, which (if it existed!) would go here:
https://github.com/qemu/qemu/tree/master/target
-
Revng translates (i386, x86-64, MIPS, ARM, AArch64, s390x) binaries to LLVM IR
> architectural registers are always updated
In tiny code, the guest registers (global TCG variables) are stored in the host's registers until you either call an helper which can access the CPU state or you return (`git grep la_global_sync`). This is the reason why QEMU is not so terribly slow.
But after a check, this also happens when you access the guest memory address space! https://github.com/qemu/qemu/blob/master/include/tcg/tcg-opc... (TCG_OPF_SIDE_EFFECTS is what matters)
But still, in the end, it's the same problem. What QEMU does, can be done in LLVM too. You could probably be more efficient in LLVM by using the exception handling mechanism (invoke and friends) to only serialize back to memory when there's an actual exception, at the cost of higher register pressure. More or less what we do here: https://rev.ng/downloads/bar-2019-paper.pdf
-
State of x86-64 emulation of non-MacOS binaries
Um, in case you don't know, UTM (based on QEMU) is out for quite a while.
-
Multipass: Ubuntu Virtual Machines Made Easy
Some of these tools include Oracle VM VirtualBox (that I've used since before the acquisition of Sun Microsystems by Oracle), VMWare Workstation Player, and QEMU, but last year, I found out about Multipass.
-
Libsodium: A modern, portable, easy to use crypto library
For C/C++ projects that use meson as the build system, there is an excellent way to manage dependencies:
https://mesonbuild.com/Wrapdb-projects.html
https://mesonbuild.com/Wrap-dependency-system-manual.html
meson will download and build the libraries automatically and give you a variable which you pass as a regular dependency into the built target:
https://github.com/qemu/qemu/tree/005ad32358f12fe9313a4a0191...
https://github.com/harfbuzz/harfbuzz/tree/main/subprojects
https://github.com/harfbuzz/harfbuzz/blob/37457412b3212463c5...
Or, if you're using proper operating systems, they're managed by the usual package manager, just like everything else.
-
Top 6 Virtual Machine Software in 2023
For all the users of the Linux platform, QEMU is the VM that you should go for. This software comes without any price tag and works as an emulator of various machines with utmost ease and completion; the software uses dynamic translations to emulate hardware peripherals and enhances its overall performance. If you are using QEMU as a virtualizer, then it will function exactly like the host system (provided you have the right set of hardware).
- Show HN: I'm 17 and wrote this guide on how CPUs run programs
-
UTM for Developers
In this tutorial, we set up macOS and Windows virtual machines on UTM, a macOS application that provides a GUI wrapper for QEMU, a powerful open-source emulator and virtualizer. UTM allows you to easily manage and run virtual machines without memorizing complex commands. It also has special handling for macOS, making it simpler to install compared to other virtual machine software.
What are some alternatives?
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
UTM - Virtual machines for iOS and macOS
goflow2 - High performance sFlow/IPFIX/NetFlow Collector
TermuxArch - Experience the pleasure of the Linux command prompt in Android, Chromebook, Fire OS and Windows on smartphone, smartTV, tablet and wearable https://termuxarch.github.io/TermuxArch/
ElastiFlow - Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
Unicorn Engine - Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
Vagrant - Vagrant is a tool for building and distributing development environments.
conntrack_exporter - Prometheus exporter for tracking network connections
xemu - Original Xbox Emulator for Windows, macOS, and Linux (Active Development)
nsntrace - Perform network trace of a single process by using network namespaces.
em-dosbox - An Emscripten port of DOSBox