Hacker Newsnew | past | comments | ask | show | jobs | submit | cdmckay's commentslogin

I would’ve thought this was the default.

I assume you’re talking about Slow Watches? I actually have one and while I love the simplicity of it, it turns out the minute hand is actually the more useful hand. Trying to figure out if you have 10 or 20 minutes until your next appointment on a Slow Watch is extremely painful, so much so that I only wear it if I don’t think I’ll need to know the time behind if it’s “roughly between 1 and 2 pm”.

Really? I use Firefox as my personal browser and everything works fine, including Google sites. Very rarely there’s a government site that needs Chrome, but I definitely wouldn’t say it’s “many” sites.

So you’re cool with letting anyone walk your DNS?

The problem here is that computing three 3 NSEC3 records as you might need to return an NXDOMAIN was considered too expensive. It's just a choice to reduce their costs while increasing complexity for everyone else.

After Docker Desktop randomly started consuming insane amounts of memory again we switched to Podman and it was literally as easy as installing it and pointing it at our docker-compose.yml.

Zero changes needed and now I don’t need to keep a daemon running.

Great software.


I liked Orbstack better than colima which was better than Docker Desktop. Then I found https://smolmachines.com's smolvm microvms.


thanks!

Since I came across orbstack that's the only one I use for docker on macOS

been using orbstack but this smol stuff is interesting

is this firecracker or total rewrite


author of smol machines here, it has no relation to firecracker.

It runs ontop of the libkrun vmm forked with optimizations, which is the underlying lib powering podman as well.

open source, will contribute upstream when possible: https://github.com/smol-machines/libkrun


Upthread the implication seems to be that smolmachines would be in some way a replacement for orbstack to run docker containers

But it seems more like a completely different way to run isolated workloads?


smol machines is a virtual machine, akin to firecracker but designed to run locally as well

It also has container-inages support built-in with crun so you can create a VM with a container running by default.

You can also just... run docker inside of it.


good stuff man i just installed it and its super fast im just not sure is this really secure to run untrusted code i can't find any white papers

the underlying vmm is libkrun: https://github.com/libkrun/libkrun is battle tested and used for podman.

It provides kernel isolation for running untrusted code which is a security boundary that traditional containers can't guarantee.

I'm engaged with a third party security penetration company for their review, and will be happy to share it publicly when it is available.


thank you. definitely enjoying smol. this is a very nice alternative to docker, orbstack even firecracker

Can smolmachines run devcontainers? K3d?

yes to both, here's the example for running docker(indirectly, devcontainers) inside smolvm:

https://github.com/smol-machines/smolvm/blob/main/examples/d...


This is very cool. The example is thorough and well documented.

I am trying smolmachines this weekend.

Thanks.


don't forget `alias docker='podman'` for muscle memory

It's been a couple months so I forget what problems I ran into, but Docker's AI bullshit pushed me over the edge and I tried switching to Podman. I ran into some compatibility issues. Alas I don't recall the details.

So I tried Rancher Desktop and other than I keep forgetting its name it just worked.

It's another simple option for those who need it.


> Windows Lite is a stripped down version of Windows. No telemetry, no spying, no ads, no AI, no .NET, nothing. Windows Lite is just win32 with a lightweight shell and graphics drivers.

So, basically Linux with Wine/Proton?

Isn’t this basically what SteamOS does?


Last time I tried, a lot of CAD/CAE packages still won't operate under WINE, at least not out of the box.


You can make it so you need a YubiKey to login to 1Password the first time on a new device

So just waiting for the password won’t be enough


The hackers will literally have access to _your_ device though. If your device is already trusted, I doubt that setting will do you any good.


I think that’s the point of the OP. Git is great at certain things but is not a one size fits all.


In the article they call out that MARKETING can be date based


We could make it so profit wasn’t the prime motivator, instead it’s main motive would be to provide a public good. We would call it a public utility.


Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: