LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
- Running unmodified Linux programs on Windows
- Sandboxing Linux applications on Linux
- Run programs on top of SEV SNP
- Running OP-TEE programs on Linux
- Running on LVBS
What's dumb, on top of everything, is needing to store non special standard operating procedures in specific AI folders and files when wanting to work with AI tooling.
> Extremely simple changes do not require explicit unit tests.
I haven't used Copilot much, because people keep saying how bad it is, but generally if you add escape hatches like this without hard requirements of when the LLM can take them, they won't follow that rule in a intuitive way most of the time.
Yeah, I tried various very sane-looking instrucions file when starting to use copilot 6 months ago. Turned out it was not really useful. It mostly follows the rules anyway, but it also often forgot to. So turns out, especially with the fast turnaround with models today, it was better to just forego these instructions files.
With how buggy their flagship OS has become, why would I trust anything else they release to be better? Or even if it does work well now, why should I expect it to stay that way? Microsoft has burned through all possible goodwill at this point, at least for me.
They seem to be alienating a lot of their users right now in a lot of different products. There's a significant surge in open source software right now and Linux and all the people that are coming over are a bit more than usual. Their customer base seems tired of the game.
Not op, and I generally agree with your assumption but not for Microsoft, as I don't think it's limited to Windows:
Teams, Office (especially online), One Drive, SharePoint, Azure, GitHub, LinkedIn, all became very shitty and partially unusable with increasing number of weird bugs or problems lately.
This isn't supposed to replace Windows, and it isn't a GUI desktop operating system at all. I doubt anyone working on this has anything to do with the modern Windows desktop UX.
OP wasn't suggesting it was, just that the lack of quality in one significant area of the company's output leads to a lack of confidence in other products that they release.
>Kernel and low level stuff are actually very stable and good.
This. A while ago a build of Win 11 was shared/leaked that was tailored for the Chinese government called "Windows G" and it had all the ads, games, telemetry, anti-malware and other bullshit removed and it flew on 4GB RAM. So Microsoft CAN DO IT, if they actually want to, they just don't want to for users.
You can get something similar yourself at home running all the debloat tools out there but since they're not officially supported, either you'll break future windows updates, or the future windows updates will break your setup, so it's not worth it.
> Kernel and low level stuff are actually very stable and good.
In their intended applications, which might or might not be the ones you need.
The slowness of the filesystem that necessitated a whole custom caching layer in Git for Windows, or the slowness of process creation that necessitated adding “picoprocesses” to the kernel so that WSL1 would perform acceptably and still wasn’t enough for it to survive, those are entirely due to the kernel’s archtecture.
It’s not necessarily a huge deal that NT makes a bad substrate for Unix, even if POSIX support has been in the product requirements since before Win32 was conceived. I agree with the MSR paper[1] on fork(), for instance. But for a Unix-head, the “good” in your statement comes with important caveats. The filesystem is in particular so slow that Windows users will unironically claim that Ripgrep is slow and build their own NTFS parsers to sell as the fix[2].
Microsoft US a massive corporation with so many people, business units, departments.
A comment like yours is just like saying: "I know a buggy open-source software, why would I trust that other open-source project? The open-source community burned all possible goodwill".
Windows is ultimately a lot more complex, and not open source. This also builds on the Linux ecosystem, so even if it comes from Microsoft, I imagine engineering culture is different from that on Windows and especially their online platforms (that's even worse than Windows if you ask me!).
Microsoft doesn't have a very good track record with security or privacy. Maybe it works, but yeah you'll probably get screwed over at some point.
Still, the fact that it's open source is a good thing. People can now take that code and make something better (ripping out the AI for example) or just use bits and pieces for their own totally unrelated projects. I can't see that as anything but a win. I have no problem giving shitty companies credit where its due and they've done a good thing here.
Library Operating System (LibOS) is a type of operating system that runs in the address space of applications, allowing for a small, fixed set of abstractions to connect the library OS to the host OS kernel. This approach offers the promise of better system security and more rapid independent evolution of OS components. LibOS can run significant applications, such as Microsoft Excel, PowerPoint, and Internet Explorer, with significantly lower overhead than a full VM. It can also address many of the current uses of hardware virtual machines at a fraction of the overheads.
1
LibOS is lightweight, with extremely short startup time, and can be used to run Linux programs, making it a versatile option for various applications. It is designed to provide compatibility and sandboxing without the need for VMs, making it a lightweight alternative to containers and VMs.
1
The Library Operating System for Linux was announced on the Linux kernel mailing list, indicating its official recognition and support within the Linux community.
It's a library that is linked to in place of an operating system - so whatever interface the OS provided (syscalls+ioctls, SMC methods, etc.) ends up linked / compiled into the application directly, and the "external interface" of the application becomes something different.
This is how most unikernels work; the "OS" is linked directly into the application's address space and the "external interface" becomes either hardware access or hypercalls.
Wine is also arguably a form of "library OS," for example (although it goes deeper than the most strict definition by also re-implementing a lot of the userland libraries).
So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox, and run it on SEV-SNP. Or take an OP-TEE TA, link it to LiteBox, and run it on Linux.
The notable thing here is that it tries to cut the interface in the middle down to an intermediate representation that's supposed to be sandbox-able - ie, instead of auditing and limiting hundreds of POSIX syscalls like you might with a traditional kernel capabilities system, you're supposed to be able to control access to just a few primitives that they're condensed down to in the middle.
> So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox
If you have to recompile, you might as well choose to recompile to WASM+WASI. The sandboxing story here is excellent due to its web origins. I thought the point of LiteBox is that recompilation isn’t needed.
I think that's an OS in the form of a library, like Wine for example. From what I get from the description it allows you to run programs on your real OS and make it see a cut down API to your actual system to reduce the attack surface.
I think parent poster was referring to an actual library, i.e. where you would borrow books.
That's also what I thought this was, and came to the comments expecting to see something neat about why libraries might need bespoke operating systems.
yeah, same here, I was like "wow what an interesting side to their business, a whole operating system intended to serve public and academic libraries!"
A library OS is an OS that is linked directly to your program instead of being a separate program accessed through a syscall to kernel mode. About the same as a “unikernel”, but a more recent term.
Basically it lets your program run directly on a hypervisor VM, though this one will also run as a Linux/Windows/BSD process.
My understanding of this is that it is a sandbox. Providing a common interface like if it was an OS for the program to run inside, but avoiding the program to use the OS directly.
What is unclear is if it uses its own common ABI or if you use the one of the host os.
I don't know why but from the project description I have a little bit of feeling that this is another vibe coded project.
No mention of starting with a design specification & then tied to formal verification the whole way?
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
The lack of integrated sandboxing in windows compared to android/iphone is still frankly unacceptable. I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better) and yet Apple and Google seem to be far, far ahead in user permissions (especially with GrapheneOS, god bless that team) and isolation of processes.
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
The sandboxing on mobile platforms puts the OS vendor in a special position to enforce a monopoly on apps and features. Apple enforces it aggressively, while Google only reluctantly so far. It also prevents the user from exerting full control of the system. Apple does it by locking things down directly, while Google punishes you for owning your devices with attestation.
There has to be a better way. I think Linux's flatpak is a reasonable approach here, although the execution might be rather poor. I want a basic set of trusted tool that I can do anything with, and run less trusted tools like GUI programs in sandboxes with limited filesystem access.
Those are policy decisions not really connected to the sandboxing technology. They control what sort of signing the system will accept and make it so that it only runs things they approve, and they only approve things that are sandboxed a certain way. The exact same sandboxing could be used with a system where an admin user can decide what gets to run and what kind of sandboxing is required for each thing.
> I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better)
Linux excels over Windows in the area of security by a wide margin, I have no qualms about running an app on Linux versus Windows, any day of the week.
> Linux excels over Windows in the area of security by a wide margin
No, this is wrong but might be true if you are talking about Linux package manager vs. Random Windows .exe on internet. But if you are talking about Secure Boot, encrypted disk, sudo etc. Windows is more secure but it looks like https://amutable.com/ will make Linux more secure like Windows.
Edit: Some insecure things on Linux: Dbus (kwallet etc.), sudo, fprint, "secure boot".
IIUC, if you have the source you can recompile said Windows app with LiteBox to statically link in the Windows OS kernel dependencies, so it'll run on any compatible processor regardless of OS (since it won't be making syscalls anymore). It's a unikernel basically.
That's the theory, but I don't know how far LiteBox is along to supporting that workflow.
> It focuses on easy interop of various "North" shims and "South" platforms.
For replacing wine on Linux the "North" would be kernel32 API or similar, the "South" would be Linux sys all API.
However this is meant as a library, thus require linking the Windows program to it and eine is more than the system interface, it has all the GUI parts etc of win32 API
A library os to me would typically mean it's aimed at hosting a single user program on bare hardware. I don't see that here, but maybe I'm just confused
It's both; it's aimed at hosting a single user program on another userspace, but also seems to have its own kernel as well?
The "North" part seems to be what I think you'd traditionally think of as a library OS, and then the "South" part seems to be shims to use various userlands and TEEs as the host (rather than the bare hardware in your example).
I'm really confused by the complete lack of documentation and examples, though. I think the "runners" are the closest thing there is.
I know we're not supposed to complain about comment quality, but -- I came here to look for interesting technical analysis but instead it's Slashdot level snipes about Microsoft the company. And yes, I also dislike Windows and Microsoft generally but this looks like a very interesting project and I'm frankly frustrated at the level of discussion here, it's juvenile. This has nothing to do with Windows, and it looks like most people didn't even read past the title.
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.
I am with you on that. HN is becoming a "14 years old edgy mini-tech" Facebook.
"Microsoft bad, Linux good" kind of comments are all over the place. There is no more in depth discussions about projects anymore. Add the people linking their blogs only to sell you thier services for an imaginary problem, and you get HN 2026.
It's maybe the time to find another tech media. If you know one, I would be glad to know.
I read this type of (sour) comment more and more on this forum. To me it reads very cynical and I wonder what the author is trying to say with this. Are you perhaps negatively impacted by automatic coding?
I'm not sure whether Microsoft, the makers of Windows 95 (after which I stopped taking them seriously), are the sharpest tool in the box when it comes to security.
From the GitHub page:
LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
More links with discussion:
Reddit discussion: https://www.reddit.com/r/linux/comments/1qw4r71/microsofts_n...
Project lead James Morris announcing it on social.kernel.org: https://social.kernel.org/notice/B2xBkzWsBX0NerohSC
FYI, I am not the project lead for Litebox. It is led by Microsoft Research.
is this wslv1.2 (wslv1 redux) in now a more general cross-platform library firewall type thing?
Copilot
https://github.com/microsoft/litebox/blob/main/.github/copil...
To be expected, given how many organisations now require employees to use AI if they want to meet their OKRs, especially all that sell AI tools.
What's dumb, on top of everything, is needing to store non special standard operating procedures in specific AI folders and files when wanting to work with AI tooling.
[flagged]
2 replies →
> Extremely simple changes do not require explicit unit tests.
I haven't used Copilot much, because people keep saying how bad it is, but generally if you add escape hatches like this without hard requirements of when the LLM can take them, they won't follow that rule in a intuitive way most of the time.
It is kind of alright, I use mostly on VS when coding C# or C++, for code completions, error analysis, check code quality and such.
As agent, or writing everything for me, not yet.
1 reply →
Yeah, I tried various very sane-looking instrucions file when starting to use copilot 6 months ago. Turned out it was not really useful. It mostly follows the rules anyway, but it also often forgot to. So turns out, especially with the fast turnaround with models today, it was better to just forego these instructions files.
With how buggy their flagship OS has become, why would I trust anything else they release to be better? Or even if it does work well now, why should I expect it to stay that way? Microsoft has burned through all possible goodwill at this point, at least for me.
Microsoft employ over 100,000 engineers. I'd advise against assuming that everything produced by any of them is bad because of bugs in Windows.
They seem to be alienating a lot of their users right now in a lot of different products. There's a significant surge in open source software right now and Linux and all the people that are coming over are a bit more than usual. Their customer base seems tired of the game.
The criticism was directed at the company's product, not the employees...
3 replies →
Not op, and I generally agree with your assumption but not for Microsoft, as I don't think it's limited to Windows:
Teams, Office (especially online), One Drive, SharePoint, Azure, GitHub, LinkedIn, all became very shitty and partially unusable with increasing number of weird bugs or problems lately.
This is also still small/unimportant enough not to be poisoned by their broken corporate culture.
This isn't supposed to replace Windows, and it isn't a GUI desktop operating system at all. I doubt anyone working on this has anything to do with the modern Windows desktop UX.
> This isn't supposed to replace Windows,
OP wasn't suggesting it was, just that the lack of quality in one significant area of the company's output leads to a lack of confidence in other products that they release.
but if the host OS is already comprised, what is the point of sandbox inside of it?
1 reply →
UI of Windows is buggy and inconsistent. Kernel and low level stuff are actually very stable and good.
>Kernel and low level stuff are actually very stable and good.
This. A while ago a build of Win 11 was shared/leaked that was tailored for the Chinese government called "Windows G" and it had all the ads, games, telemetry, anti-malware and other bullshit removed and it flew on 4GB RAM. So Microsoft CAN DO IT, if they actually want to, they just don't want to for users.
You can get something similar yourself at home running all the debloat tools out there but since they're not officially supported, either you'll break future windows updates, or the future windows updates will break your setup, so it's not worth it.
15 replies →
> Kernel and low level stuff are actually very stable and good.
In their intended applications, which might or might not be the ones you need.
The slowness of the filesystem that necessitated a whole custom caching layer in Git for Windows, or the slowness of process creation that necessitated adding “picoprocesses” to the kernel so that WSL1 would perform acceptably and still wasn’t enough for it to survive, those are entirely due to the kernel’s archtecture.
It’s not necessarily a huge deal that NT makes a bad substrate for Unix, even if POSIX support has been in the product requirements since before Win32 was conceived. I agree with the MSR paper[1] on fork(), for instance. But for a Unix-head, the “good” in your statement comes with important caveats. The filesystem is in particular so slow that Windows users will unironically claim that Ripgrep is slow and build their own NTFS parsers to sell as the fix[2].
[1] https://lwn.net/Articles/785430/
[2] https://nitter.net/CharlieMQV/status/1972647630653227054
8 replies →
NTFS, not so great.
5 replies →
Microsoft US a massive corporation with so many people, business units, departments.
A comment like yours is just like saying: "I know a buggy open-source software, why would I trust that other open-source project? The open-source community burned all possible goodwill".
Windows is ultimately a lot more complex, and not open source. This also builds on the Linux ecosystem, so even if it comes from Microsoft, I imagine engineering culture is different from that on Windows and especially their online platforms (that's even worse than Windows if you ask me!).
MSR is a somewhat independent org; you should be making predictions based on other MSR projects
Microsoft doesn't have a very good track record with security or privacy. Maybe it works, but yeah you'll probably get screwed over at some point.
Still, the fact that it's open source is a good thing. People can now take that code and make something better (ripping out the AI for example) or just use bits and pieces for their own totally unrelated projects. I can't see that as anything but a win. I have no problem giving shitty companies credit where its due and they've done a good thing here.
Library Operating System (LibOS) is a type of operating system that runs in the address space of applications, allowing for a small, fixed set of abstractions to connect the library OS to the host OS kernel. This approach offers the promise of better system security and more rapid independent evolution of OS components. LibOS can run significant applications, such as Microsoft Excel, PowerPoint, and Internet Explorer, with significantly lower overhead than a full VM. It can also address many of the current uses of hardware virtual machines at a fraction of the overheads. 1
LibOS is lightweight, with extremely short startup time, and can be used to run Linux programs, making it a versatile option for various applications. It is designed to provide compatibility and sandboxing without the need for VMs, making it a lightweight alternative to containers and VMs. 1
The Library Operating System for Linux was announced on the Linux kernel mailing list, indicating its official recognition and support within the Linux community.
Thanks, ChatGPT.
The GPT found this and thought it was relevant: "an introduction of library operating system for Linux" - https://lwn.net/Articles/637658/
It runs linux programs, not PowerPoint or Excel.
What is a 'library OS'?
It's a library that is linked to in place of an operating system - so whatever interface the OS provided (syscalls+ioctls, SMC methods, etc.) ends up linked / compiled into the application directly, and the "external interface" of the application becomes something different.
This is how most unikernels work; the "OS" is linked directly into the application's address space and the "external interface" becomes either hardware access or hypercalls.
Wine is also arguably a form of "library OS," for example (although it goes deeper than the most strict definition by also re-implementing a lot of the userland libraries).
So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox, and run it on SEV-SNP. Or take an OP-TEE TA, link it to LiteBox, and run it on Linux.
The notable thing here is that it tries to cut the interface in the middle down to an intermediate representation that's supposed to be sandbox-able - ie, instead of auditing and limiting hundreds of POSIX syscalls like you might with a traditional kernel capabilities system, you're supposed to be able to control access to just a few primitives that they're condensed down to in the middle.
> So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox
If you have to recompile, you might as well choose to recompile to WASM+WASI. The sandboxing story here is excellent due to its web origins. I thought the point of LiteBox is that recompilation isn’t needed.
2 replies →
I think that's an OS in the form of a library, like Wine for example. From what I get from the description it allows you to run programs on your real OS and make it see a cut down API to your actual system to reduce the attack surface.
https://en.wikipedia.org/wiki/Operating_system#Library
at first I thought library OS might have meant an OS meant for use at a library.
Honestly far less interesting to know I was wrong.
Is it not? You link the "library os" and you no longer need an os (when running in a supervisor) IIUC.
I think parent poster was referring to an actual library, i.e. where you would borrow books.
That's also what I thought this was, and came to the comments expecting to see something neat about why libraries might need bespoke operating systems.
Me too. Honestly I was vibing on nostalgia for this: https://en.wikipedia.org/wiki/Dynix_(software)
yeah, same here, I was like "wow what an interesting side to their business, a whole operating system intended to serve public and academic libraries!"
I’m not sure I understand what a library OS is; can someone here elaborate?
A library OS is an OS that is linked directly to your program instead of being a separate program accessed through a syscall to kernel mode. About the same as a “unikernel”, but a more recent term.
Basically it lets your program run directly on a hypervisor VM, though this one will also run as a Linux/Windows/BSD process.
My understanding of this is that it is a sandbox. Providing a common interface like if it was an OS for the program to run inside, but avoiding the program to use the OS directly.
What is unclear is if it uses its own common ABI or if you use the one of the host os. I don't know why but from the project description I have a little bit of feeling that this is another vibe coded project.
Microsoft gonna release a windows flavored Linux Distro soon ;)
Would be nice to see an OCI runtime and if it can give high-performant I/O as opposed to other we have today (eg. Gvisor).
No mention of starting with a design specification & then tied to formal verification the whole way?
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
People seem to believe writing things in rust means it's correct.
The cargo.lock file is 2200+ lines long. Did they spend a reasonable amount of time auditing these dependencies?
That's 238 dependencies (counting multiple versions of the same crate).
* Many of them are part of families of crates maintained by the same people (e.g. rust-crypto, windows, rand or regex).
* Most of them are popular crates I'm familiar with.
* Several are only needed to support old compiler versions and can be removed once the MSRV is raised
So it's not as bad as it looks at first glance.
What would be a reasonable amount of time to audit the dependencies?
I would let them decide based on their security policy.
If Microsoft states that they don't have any for a project like this, I would be wary of taking it too seriously.
They ran it through Copilot which gave it the all-clear.
[flagged]
1 reply →
edit:
I've always done 'sort | uniq'. Never bothered to check for the the unique flag to sort. Although 'uniq -c' is quite nice to have.
2 replies →
Given, you know, Microsoft, I'd demand proof even if they said they did.
For others as lost as I am and want the tl;dr:
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
The lack of integrated sandboxing in windows compared to android/iphone is still frankly unacceptable. I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better) and yet Apple and Google seem to be far, far ahead in user permissions (especially with GrapheneOS, god bless that team) and isolation of processes.
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
The sandboxing on mobile platforms puts the OS vendor in a special position to enforce a monopoly on apps and features. Apple enforces it aggressively, while Google only reluctantly so far. It also prevents the user from exerting full control of the system. Apple does it by locking things down directly, while Google punishes you for owning your devices with attestation.
There has to be a better way. I think Linux's flatpak is a reasonable approach here, although the execution might be rather poor. I want a basic set of trusted tool that I can do anything with, and run less trusted tools like GUI programs in sandboxes with limited filesystem access.
Those are policy decisions not really connected to the sandboxing technology. They control what sort of signing the system will accept and make it so that it only runs things they approve, and they only approve things that are sandboxed a certain way. The exact same sandboxing could be used with a system where an admin user can decide what gets to run and what kind of sandboxing is required for each thing.
There are containers, and one of their users is the Windows Sandbox - https://learn.microsoft.com/en-us/windows/security/applicati...
UWP, and MSIX on Win32 via Appstore.
There is also sandboxing configuration via Intune for enterprises.
> I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better)
Linux excels over Windows in the area of security by a wide margin, I have no qualms about running an app on Linux versus Windows, any day of the week.
> Linux excels over Windows in the area of security by a wide margin
No, this is wrong but might be true if you are talking about Linux package manager vs. Random Windows .exe on internet. But if you are talking about Secure Boot, encrypted disk, sudo etc. Windows is more secure but it looks like https://amutable.com/ will make Linux more secure like Windows.
Edit: Some insecure things on Linux: Dbus (kwallet etc.), sudo, fprint, "secure boot".
Hmmm. Another, admittedly interesting, step towards the complete digital lockdown. Isolate and virtualize everything, now also governed by AI!
I wonder if they, the industry as a whole, eventually will make being able to freely use a PC a subscription, bastardizing "freedom" completely.
No deployment instructions?
"We did not find any viable commercial use for it, but maybe you will."
Can it replace Wine to run Windows apps on Linux?
IIUC, if you have the source you can recompile said Windows app with LiteBox to statically link in the Windows OS kernel dependencies, so it'll run on any compatible processor regardless of OS (since it won't be making syscalls anymore). It's a unikernel basically.
That's the theory, but I don't know how far LiteBox is along to supporting that workflow.
They say
> It focuses on easy interop of various "North" shims and "South" platforms.
For replacing wine on Linux the "North" would be kernel32 API or similar, the "South" would be Linux sys all API.
However this is meant as a library, thus require linking the Windows program to it and eine is more than the system interface, it has all the GUI parts etc of win32 API
Another layer (ouch) to abstract away Windows (ouch * ouch).
Use Linux or BSD and ignore that approach for Vendor Lock-in* into their “library OS”.
A library os to me would typically mean it's aimed at hosting a single user program on bare hardware. I don't see that here, but maybe I'm just confused
It's both; it's aimed at hosting a single user program on another userspace, but also seems to have its own kernel as well?
The "North" part seems to be what I think you'd traditionally think of as a library OS, and then the "South" part seems to be shims to use various userlands and TEEs as the host (rather than the bare hardware in your example).
I'm really confused by the complete lack of documentation and examples, though. I think the "runners" are the closest thing there is.
The reddit conversation seems to allude to you being correct.
I know we're not supposed to complain about comment quality, but -- I came here to look for interesting technical analysis but instead it's Slashdot level snipes about Microsoft the company. And yes, I also dislike Windows and Microsoft generally but this looks like a very interesting project and I'm frankly frustrated at the level of discussion here, it's juvenile. This has nothing to do with Windows, and it looks like most people didn't even read past the title.
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.
I am with you on that. HN is becoming a "14 years old edgy mini-tech" Facebook.
"Microsoft bad, Linux good" kind of comments are all over the place. There is no more in depth discussions about projects anymore. Add the people linking their blogs only to sell you thier services for an imaginary problem, and you get HN 2026.
It's maybe the time to find another tech media. If you know one, I would be glad to know.
Cool
[dead]
[flagged]
Stop spamming.
https://news.ycombinator.com/item?id=45077654 - "Generated comments and bots have never been allowed on HN"
Dont spam.
Baaah! Microsoft, security-focused in a single sentence!
What % of it is vibe-coded in copilot ?
Just assume the only thing a human did was name write the initial prompt.
I read this type of (sour) comment more and more on this forum. To me it reads very cynical and I wonder what the author is trying to say with this. Are you perhaps negatively impacted by automatic coding?
3 replies →
I'm not sure whether Microsoft, the makers of Windows 95 (after which I stopped taking them seriously), are the sharpest tool in the box when it comes to security.