return to table of content

OrbStack: The fast, light, and easy way to run Docker containers and Linux

jchw
31 replies
1d12h

I don't generally prefer to work on macOS, but if I wind up using macOS to do work, I often find myself working a lot on things in virtual machines and containers.

Using Docker Desktop to compile Envoy using the standard Docker build process took somewhere in the ball park of 3 to 4 hours depending on my luck. OrbStack, on the other hand, brought it down to a bit under an hour, much closer to inline with a fresh compilation natively. Needless to say, the kinds of performance benefits I was seeing with OrbStack were game changers, and absolutely justify the cost.

Even if Docker Desktop improves to match the performance, OrbStack brings basically the whole WSL2 + Docker experience to macOS, while Docker just brings the usual Docker experience. If you get the value of WSL2 on Windows, you'll probably understand the value of OrbStack on macOS.

Sure, macOS is a UNIX environment, so a lot of the same software as Linux does run natively. However, a lot of Linux technologies don't really map to Darwin, so if you're working on Linux stuff on your macOS machine, there are plenty of use cases for virtual machines (case in point, Docker itself) not to mention simply being able to test software and build processes on Linux. The tight integration that OrbStack gives you is far better than just using Parallels or VMware. I have licenses for both at varying versions, but they're largely collecting dust on macOS, as now I basically only ever use traditional virtual machine products on macOS for the purpose of running Windows VMs.

I'm sure some people don't have any use for this: their Docker performance is fine, they don't need Linux for anything else, etc. However, for me, it's one of those things that makes macOS much more usable for development work.

magnio
30 replies
1d12h

Funny how WSL2 makes Windows much more usable than macOS for development. None of the free options (colima, multipass, etc) I've tried on macOS are as smooth, though OrbStack might be it.

I have also moved towards using devcontainers for my projects whenever I can, so that I can spin up my environment on whatever machine I have, or connect to a remote one if the machine doesn't allow it.

pjmlp
18 replies
1d11h

Only because it is a Linux VM, and people insist on using Linux specific stuff instead of UNIX, to the point younger generations have no clue about the difference.

Even the BSDs and Solaris/Illumos have add to add Linux translation layers.

Sad state where POSIX hardly matters for portable UNIX code.

unilynx
8 replies
1d3h

To mirror the sibling comment, where's the POSIX container/zone/vm whatever specification? If the BSDs and Linux can agree on a meaningful subset, macOS might actually follow

pjmlp
7 replies
1d3h

There isn't any in POSIX, then again, it isn't as if we now need containers for every executable for any magical reason.

Also, just like in the good old days, it isn't hard to have something dealing with HP-UX Vaults, Aix logical partitions, Solaris/Ilumnos Zones, BSD jails, macOS Virtualiztion Framework,....

saagarjha
5 replies
1d3h

Just listing technologies that sound kind of similar isn’t enough to actually answer the problems people want solved. The “good old days” were basically just people crying about being unable to have any of the features we have now because they don’t match up or differ in subtly different ways.

pjmlp
4 replies
1d1h

Best way to solve problems is not to have them in first place, like getting a Linux laptop for doing Linux work.

saagarjha
1 replies
23h1m

I like my laptop though.

pjmlp
0 replies
22h12m

Then use it as Apple decides it is in our best interest to do so, :)

jchw
0 replies
17h14m

It's harder and harder to use Linux at work outside of bigger tech companies these days. Security standards like SOC2 seem fairly difficult to satisfy for Linux workstations without serious compromises. This is a damn shame because there are approaches to secure Linux workstations that seem pretty powerful but security standards now are prescriptive about what you must do to secure your systems, and for Linux that's going to mean paying for some subscription software that most likely only supports a couple of distros, and if you're lucky, they might support kernels from the _current_ decade.

I used Linux workstations for most of my entire career, at nearly every job. Seems like around 2018 something changed and now I'm going to have to fight to get a desktop that I feel vaguely productive under for every single job I get going forward.

FpUser
0 replies
1d

Words of wisdom. I do not really have any dev related problems with WSL2 either. Normally I develop and debug on Windows and deploy to Linux as my code compiles and works natively on both. It is mostly C++ backends lately so I suspect I am in tiny minority.

unilynx
0 replies
1d3h

I was responding to 'people insist on using Linux specific stuff instead of UNIX'. As far as I can tell there is no way to do containers without doing highly platform specific stuff. It would be very useful if the platforms worked towards a common 'more than chroot' thing.

As far as not really needing it, it's not like computers themselves are anywhere near the bottom of Maslow's pyramid, but that doesn't make them any less useful

AYBABTME
7 replies
1d6h

Can you make containers in Darwin?

pjmlp
5 replies
1d3h

Yes, the macOS way, with Virtualization Framework.

nyrikki
1 replies
23h46m

The insane stability of the Linux ABI is partially what makes containers useful.

The fact that containers can reliably depend on the ABI contract, thus placing almost any clib they wish they want inside the container is fairly unique.

That extreme stability of that contract is awesome for namespace decoupling. Unfortunately Apple and Microsoft do not have such stable interfaces.

Remember containers are just namespaces.

pjmlp
0 replies
22h14m

Only in the context of Linux containers, not in general, starting with HP-UX Vaults on UNIX land.

zamalek
0 replies
20h57m

Virtualization is not containerization. Linux has namespaces, BSD has jails, and even Windows has Windows containers (thought doubt anyone actually uses them). If that's the MacOS way, then the MacOS way must be incompetence.

saagarjha
0 replies
1d3h

(No.)

pxc
0 replies
23h29m

Besides the way Apple puts a hard limit on the number of those you can spin up, don't they also virtualize hardware and run their own kernels? That's just not the kind of virtualization that containers are.

talldayo
0 replies
1d2h

Sad state where POSIX hardly matters for portable UNIX code.

Given the current state of POSIX applications, I would actually argue that the BSD/Linux hegemony we enjoy is the best possible outcome. The only people that are mad are the people paying for UNIX and expecting to get something better for it. Those people should have learned their lesson in the 90s, I have no empathy for POSIX apologists in 2024.

The only "sad state" is one where everyday people don't have access to free software. Mac users have always paid a time premium and a performance premium for access to normal development features, this ignorance of MacOS is a pattern that persists since the 90s. Of course nobody is bending over backwards to test portability with a proprietary OS.

jchw
6 replies
1d12h

None of the free options (colima, multipass, etc) I've tried on macOS are as smooth, though OrbStack might be it.

Yes, I am generally not terribly impressed by colima. Of course, it's great to have as an option, but in practice I ran into issues trying to use it in various places. One issue that I am sure isn't a huge deal to most users is that as far as I could tell, colima did not support IPv6.

I didn't try multipass, but I did try Podman Desktop. It had its niceities but largely was behind even Docker Desktop.

If you really miss WSL2 on macOS, you might genuinely find OrbStack enticing. Then again, it's not free, and obviously, I don't want to give anyone false hope. For "home" use, I just run desktop Linux, using native containers and libvirt for everything. If I had to pay for a decent development experience on my personal machines, I would definitely struggle to justify a subscription charge even if it was good. On the flip side, it's easy to budget OrbStack into the equation for professional use. For your employer it's virtually a no-brainer.

gigatexal
3 replies
23h42m

Lima ssh and you have WSL more or less. What are people missing?

jchw
2 replies
23h11m

For me, the primary draw of OrbStack is that it is very fast, which matters for me, as I wind up doing a lot of compute-bound things in containers. The fact that it provides a great dev experience similar to WSL2 is just a bonus.

gigatexal
1 replies
22h28m

what's the magic sauce that makes it so fast? custom vm engine? using apple's HVF? firecracker vm from AWS?

jchw
0 replies
19h51m

I think the main bottleneck in most macOS virtualization solutions winds up being I/O related. Docker Desktop and OrbStack both have custom solutions for bidirectional filesystem bridging and network integration, but for me OrbStack is much faster. OrbStack also can choose between using Apple Rosetta and qemu usermode for running Intel software on Apple Silicon.

talldayo
1 replies
1d2h

Imagine paying a subscription service to use something slower than QEMU. Yikes...

jchw
0 replies
1d

OK, I'll try to imagine that.

majormajor
1 replies
1d1h

I've never found working on WSL2 to be quite as smooth as working on Ubuntu or Fedora directly. I don't really understand why I'd keep Windows in the loop there if I was on non-Mac hardward.

And I've also found WSL2 less smooth than just working on Mac natively w/o containers. Containers are a necessary evil for testing certain types of things locally, but even the free tools for working with them on Mac seem fine, though Orbstack's gui is very nice.

(Is there a similar GUI for Linux container management? I've just been running shell commands for years now...)

Instead of moving more towards containers I've just been moving towards simpler, easier-to-set-up-on-Linux-or-Mac toolchains. But I don't have Windows as a target anyway, so that removes one huge need for containers.

justin_oaks
0 replies
1d

I've used Portainer, which works ok. It's web-based and is easy enough to run as a container itself.

My preferred UI for managing containers is Lazydocker. It's a terminal UI, so I can run it on servers too.

For the most part I just use the command line on Linux, but when I need to go through a large list of containers, images, or volumes to clean up, lazydocker is much better than the command line.

madeofpalk
0 replies
20h49m

Funny how WSL2 makes Windows much more usable than macOS for development

As long as you use VS Code. Using another editor through the network share isnt great and runs into all sorts of other compatibility issues otherwise. I've also ran into a bunch of networking quirks with WSL2 + Docker that were frustrating to sort out.

WSL2 makes *nix development on Windows great, but I would still much prefer to just be in a native environment.

SambrownYC
0 replies
2h8m

The difference between darwin and macos environments really stands out with postgres stuff. Try installing WAL2json on macos postgres and you will feel my pain.

withinboredom
28 replies
1d13h

I love how there is absolutely no mention that it is mac-only (or even what versions of mac are supported), even on the download page.

saagarjha
12 replies
1d12h

Which other platform would you expect it to be for?

knallfrosch
9 replies
1d11h

Asked the other way around, why would anyone think a Docker container runner would be tied to MacOS?

saagarjha
8 replies
1d10h

Because Windows users are unlikely to care about Docker and Linux people don’t pay for stuff

vultour
3 replies
1d9h

This is hilarious and perfectly sums up my experience with Mac developers. Half of them have no idea Docker Desktop actually installs a Linux VM. They think how amazing their incredibly expensive system is, yet it's mostly a glorified text editor. The WSL experience on Windows convinced me buying a MacOS machine makes no sense.

saagarjha
0 replies
1d8h

Glad the humor landed

eropple
0 replies
1d4h

So I use WSL2 regularly on Windows, but I don't agree at all that buying a Mac doesn't make sense. WSL2 is great, and Windows 10/11 are fine after doing some cleanup...on a desktop. My experience with Windows on even modern laptops is pretty bad.

It's very hard to find something with the build quality and affordances of a Mac. Razer makes a good machine but tbh I'd be embarrassed to bring one to a meeting, and I don't like how newer Thinkpads feel and I don't trust Framework to exist in a few years. It's then complicated while seeking reasonably comparable specs--and I'm not a "oh Apple Silicon sounds warmer" sort of person, amd64 is just fine with me, but AMD's high-end IGPs generally keep pace with base-model Macbooks, and start to fall behind pretty significantly when you move up to a Pro or a Max. You can add a discrete GPU, but, me, I like battery life, and mobile dGPUs are a mess of compromises anyway.

Even if you get over that hurdle, I think Windows feels bad when you're using a touchpad. They haven't cracked that one despite how long they've had to work on it. I wouldn't want to work on a Windows laptop without an external trackball; I carry one with my Mac but rarely use it unless I'm going to be working for a pretty long stretch and I want to save my hands.

Windows is still generally my pick for desktops for a lot of reasons (I don't even dual-boot Linux right now!) but this kind of sneering is weird and uncalled-for.

baq
0 replies
1d2h

Macs have great hardware (as in, great display and a great touchpad - and the best thing is the computer wakes from sleep when you open the lid, every time; I don't particularly care about the M-series except that it runs super duper cool for how fast it is).

That said I've been tooting the horn that they are not good software development machines for about 2 years now (incidentally matches exactly with when I got a work macbook pro).

yunohn
2 replies
1d8h

The vast majority of devs use windows for dev, esp with Docker. Why wouldn’t they care about it?

charrondev
1 replies
16h55m

Because windows has WSL? You have a 1st party directly integrated Linux already. My work laptop is a MacBook Pro and we use Docker Desktop, but for my personal work I use a desktop and run WSL/Ubuntu.

All my GUI stuff and text editors are on the windows side and the actual software all runs in docker in the Ubuntu subsystem.

yunohn
0 replies
11h42m

Docker and WSL are complementary, and often used together. Otherwise why would anyone on Linux use Docker acc to you?

withinboredom
0 replies
1d10h

I work on Windows, but mostly just use it for windowing. Almost all my work is done in WSL2 and Docker. The only things running natively are my IDE, my web browser, and slack.

fulafel
1 replies
1d12h

It advertises as an alternative to Docker Desktop which is for Windows and Linux as well.

pxc
0 replies
13h17m

The thing Docker Desktop (and analogues like Podman Desktop, Rancher Desktop, etc.) is useful for (a) is setting up a Linux guest VM so that you can run Linux containers and (b) doing some socket forwarding magic so that when you run the `docker` CLI on the host operating system, it acts as a remote client for dockerd running on the guest.

There's little point in running Docker Desktop on Linux because you don't need either (a) or (b) on Linux (nor the equivalents for Podman or your favorite Kubernetes distribution). You get the overhead and annoyances of running all your containers under a second OS running under your first one for what— an Electron GUI? I guess it's something if you're really worried about container escapes during local development. But it doesn't generally seem worth it to me.

The other thing OrbStack integrates is letting you spin up many 'machines' that have fast startup and efficiently share resources with each other. But OrbStack achieves that by running long-lived system containers on a single guest VM. If you're on Linux, you can just do that directly, just like the Docker containers, using the same tools¹ OrbStack uses under the hood. The CLI for Incus (a descendant if lxd, associated with Linux containers and LXC) is really pretty nice, too.

OrbStack has a lot of polish and performance optimizations that make it really competitive against other tools like it. There's lots of thoughtful touches in it beyond the basic ideas outlined above. But I wouldn't recommend any tool in its class to someone running a Linux desktop/laptop/workstation who wants to use containers in development. Just use the real things directly and learn the normal, universal CLIs.

--

1: https://linuxcontainers.org/incus/

raffraffraff
4 replies
1d12h

Was just about to post this. Apple heads tend to think that Mac is the default. Funny when you realise that the problem OrbStack is trying to fix is that MacOS isn't Linux.

pjmlp
3 replies
1d3h

Rather people using a UNIX, that isn't GNU/Linux, instead of sponsoring Linux OEMs.

withinboredom
2 replies
1d3h

Pretty sure orbstack won't run on other unix systems.

pjmlp
1 replies
1d1h

Buying a Linux powered laptop would have sorted out the problem in first place.

withinboredom
0 replies
22h31m

Yeah, because it won't ever wake up from sleep. :p

Animats
4 replies
1d12h

Yes. I'd like to have something that runs Docker images on desktop but doesn't require a privileged daemon, users, groups, etc.

suprjami
1 replies
1d8h

Is Podman Desktop available on your platform?

Podman is rootless containers done correctly.

Animats
0 replies
23h13m

Thanks. I will try that.

(I want to run Open Drone Map on Ubuntu desktop. ODM is a collection of image processing software from OpenCV and similar sources loosely bolted together to merge aerial photos from drones into a 3D model. So it has the install from hell unless containerized. ODM had a snap version, but the snap maintainer left the project.)

PhilipRoman
1 replies
1d5h

Probably not what you're looking for but I just wanted to mention Apptainer (previously Singularity). I find that it is usually easier to integrate and doesn't rely on a daemon. You can still use docker images as base.

mrbluecoat
0 replies
1d4h

Agreed. Apptainer is great for this use case.

inopinatus
2 replies
1d9h

It's in the page title.

mkl
1 replies
1d9h

Conveniently left out of the HN link, and mentioned nowhere in the page body.

inopinatus
0 replies
16h30m

Complaining about one’s own failure to read the title of a document seems like an own goal.

It’s an obvious detail, and it’s right there in the header.

me551ah
0 replies
1d9h

Windows already has WSL2 and Docker would run natively on Linux anyway.

globular-toast
0 replies
1d1h

Yeah, I was quite confused, especially by the title "docker containers and Linux"? What does that mean? If you can run Linux you can run docker. I thought it might have been a batteries included Linux distro at first.

kdrag0n
17 replies
1d13h

Nice to see this here :)

I work on OrbStack. Happy to answer questions!

styfle
2 replies
1d6h

I have a machine with Colima and don’t want to bork it if I try Orbstack.

I think I used “brew install docker docker-compose colima” and then “colima start”.

Is “brew install orbstack” a drop in replacement for colima or does it install other things that might conflict?

kdrag0n
1 replies
1d6h

Drop-in: "orb" to start, stop it + uninstall + restart Colima to revert.

It can optionally install OrbStack's bundled `docker` and `docker compose` binaries, but you can also keep using the Homebrew ones.

_joel
0 replies
1d5h

use docker contexts, much easier :)

# Switch to OrbStack

docker context use orbstack

# Switch to Colima

docker context use colima

rfoo
2 replies
1d9h

Hi, is it possible to add a virtual machine mode to OrbStack? See https://news.ycombinator.com/item?id=41423667 for why. I'm okay with most (or all) nice integrations unavailable.

Basically I want a true UTM replacement, the one I can run my own kernel.

kdrag0n
1 replies
1d6h

Sorry, no plans for that. That vertical integration is a key part of OrbStack — it's not just for nice extras/integrations.

rfoo
0 replies
23h33m

Fair enough. Thanks for answering.

Well, as someone who still lives in stone age (I guess?) I always run headless Linux VM on Windows/macOS and have all my projects/files inside VM so I unfortunately don't use your Docker/Kubernetes features, and fast file sharing is a nice to have.

But, you and your team seems to really care about client virtualization on macOS, more so than Apple. So while being a niche, I sincerely hope you may consider this sometimes later.

nkmnz
2 replies
1d6h

One reason I'm still using docker desktop in my (small) company is that our production systems are using docker compose and the networking with domains does not translate 1:1 between orbstack locally and docker compose + nginx in production. Is there an easy way to solve this?

kdrag0n
1 replies
1d6h

OrbStack domains can be nice but you don't have to use them. It's fully compatible with Compose, so you can just run the same commands with no changes to your setup. Did that not work for you?

nkmnz
0 replies
6h25m

I don't fully remember the issues, but I think it was somehow necessary to run all apps on port 80 inside of the containers in order to make the OrbStack domains work properly.

weikju
1 replies
1d11h

Please keep in mind I’m asking with genuine interest as I am a happy OrbStack user otherwise, (for private use).

What is the reason Orbstack needs a connection to your license server for continued operation?

I was moving and during nearly a month there was no home internet. My server was happily chugging along on wifi though, but one day I connected to it and saw a message that OrbStack couldn’t contact the license server and soon stop functioning.

This put me off a bit and made me consider whether I want to run anything I depend on using this.

password4321
0 replies
1d5h

As you appear to be aware per the prefix to your question, this is the nature of all subscription software... what alternative would you choose if you were the author? Requiring the personal use edition to phone home once a month probably increases the potential sale price of the business by at least one order of magnitude.

It would be more interesting to know the plans for tracking down commercial users abusing the personal license, maybe Oracle VirtualBox Extension Pack reverse IP address lookup style. The ins and outs of software license enforcement doesn't play well on HN, though I'm guessing there are few complaints about OrbStack requiring a subscription because they offer a free personal use license and the entry level commercial use license is so cheap vs. the value provided.

It's actually exciting to see a dev tool where the developers have a sustainable business model, but this usually means there will be plenty of offers to cash out.

txdv
1 replies
1d12h

Is the underlying kernel emulated in QEMU?

kdrag0n
0 replies
1d12h

We use a custom virtualization stack instead of QEMU. It makes a lot of performance and stability improvements possible.

highwaylights
1 replies
1d11h

What’s the security model for OrbStack and its containers?

Is OrbStack rootless? Where is the security boundary for the containers? (Are they sandboxed completely from the host?)

How does the virtualisation work? (I’d assume Virtualization.framework, so I can run it without Rosetta if all containers will share host architecture?)

Does it support Docker-in-Docker and Docker-out-of-Docker? (M1 and M2 Mac’s don’t have hardware for nested virtualisation so I assume this also prevents DiD with OrbStack?)

Thanks in advance, eager to try it out.

kdrag0n
0 replies
1d11h

It's a shared VM and kernel, so the security boundary between containers is only as strong as typical Linux containers, and we don't really use the VM as a strong security boundary right now. The security model is similar to running Docker containers on a native Linux machine for development.

Admin privileges aren't required on the macOS side. You can optionally allow a privileged helper for some small niceties, but the VM process never runs as root.

The virtualization stack is custom, which allows for a lot of performance and stability improvements. It's not Virtualization.framework or QEMU.

Containers don't require virtualization, so Docker-in-Docker works. Not sure what you mean by Docker-out-of-Docker, but you can run Docker in OrbStack Linux machines, and you can use the managed engine from macOS.

saagarjha
0 replies
1d12h

What exactly is an Orb Stack

nrvn
0 replies
1d8h

I have been using colima as a lightweight alternative to docker desktop and the likes of it for almost two years. Looking at the comparison provided on the orbstack website (https://docs.orbstack.dev/compare/colima) it seems to be not very accurate or at least requires some explanations/clarifications.

For instance: Low power/CPU usage is advertised as non-existent in colima. This is simply not true. Based on my perception I can't tell whether colima VM is running or not. Unlike docker desktop, especially with kubernetes on. Does not drain my battery, does not bog my CPU down unless I intentionally spin up something resource hungry.

ease of use/performance: not everyone needs GUI. colima is fine UX/devex wise with fast startup times. What does "fast network" even mean?

Linux machines/distros: not a fair comparison. colima stands for "containers on Lima" where lima is "linux machines" on macos. I.e. if you want arbitrary vms, use lima directly. colima is specifically built to spin up docker/containerd/k3s vms.

containers/kubernetes networking: this is opinionated and depends on a specific use case. In general I prefer the idea when my local kubernetes setup looks like the end production setup in the sense that I cannot mess up much with networking, access clusterip services directly from localhost because clusterip services are supposed to be accessible from inside the cluster itself, not from outside. loadbalancer IP is accessible through NodePorts anyways.

containers file access: there are plenty of ways you can access files in containers and images. But again, probably there are people who like to browse the guts of a kubernetes node in MacOS Finder. When it comes to files and networking I want to be able to re-use my toolbox used for dealing with remote kubernetes clusters and docker/containerd instances to my local ones. Creating a special case with convenient but non-standard ways to access files as if they were part of my host filesystem may be good for someone, but wrong for someone else because at times when something goes wrong this special case will work as an excuse for "works on my machine".

Please take the above as my personal experience. And I am in the herd of those who tend to keep everything as minimal and bare as possible with as much standartization/ lack of deviations across different environments as possible. Came to colima after years of minikube just because minikube's experience was no longer good with apple silicon. And there must be a very strong reason to switch to something new when what you have already is good enough.

Also, when it comes to GUI, what about Rancher Desktop?

commandersaki
13 replies
1d11h

OrbStack is by far some of the best software I've encountered on Mac, but unfortunately I have difficulty convincing my employer to pay for a commercial license, and with my sparse Docker usage, I'm confined to using it only for personal/hobby usage.

What's amazing is it fixes an (almost) show stopper bug when using libuv (or software that uses it like CMake) with Rosetta 2 [1], with the bug present on all Docker/VMs I've tried except OrbStack. It just seems to get everything right.

[1]: https://github.com/libuv/libuv/issues/4279

cedws
9 replies
1d9h

Sorry to be blunt but your employer must be real penny pinchers, it’s not that expensive, and it’s a tool that would help you get the job done.

danmur
6 replies
1d8h

Spent all the budget on Apple hardware

nkmnz
5 replies
1d7h

MacBook Air M2 16gb ram leasing: 30€ per month

orbstack pro business license: 10€ per month

I don't think the hardware cost is prohibitive here. It's the death of a thousand paper cuts of a startup. I agree that orbstack would be a good investment, though.

danmur
2 replies
1d6h

My (somewhat sarcastic) comment was just that Apple hardware is more expensive than Linux/Windows hardware. If you use Linux then I would say the docker experience is quite good. I wonder if Linux hardware was an option; seems odd to require running stuff under docker but also force people to use macbooks...

_joel
1 replies
1d5h

Some places don't allow it due to MDM not being available/beta/untested for linux, althogh that has changed quite a bit over the past couple of years.

pxc
0 replies
13h8m

Ah yes, the ol'

Why don't we support Linux? Because we don't support Linux!

runaround. When a company that mandates MDM chooses to buy an MDM software that lacks Linux support, that choice is the choice not to support Linux on developer machines.

password4321
1 replies
1d5h

MacBook Air M2 16gb ram leasing: 30€ per month

How/where does one do this?

nkmnz
0 replies
21h56m

First hit on google for me: https://www.maclease.de/apple-macbook-air-m2-leasen-20211164...

It's a 5 year contract, but the now 4 year old M1 16gb ram is still perfectly capable of running regular containerized web dev workloads (e.g. running supabase + 4 node applications)

commandersaki
1 replies
1d8h

Fair criticism and I agree -- to that point, we're asked to bring our own devices to work without any compensation or the like (though it does have its advantages). I've considered paying out of my own pocket, but I just don't use Docker outside of work, and that's kind of where I draw the line at paying for software to do work.

DandyDev
0 replies
1d1h

You have to bring your own device? Do you have a major stake in the company you work for? Do you get an outrageously high salary? If the answer is no on both, you are taken major advantage of and you should quit asap

_joel
2 replies
1d5h

$8 a month/user for the speed and productivity improvement seems, err, shortsighted.

talldayo
1 replies
1d2h

On the flip side, I empathize with the employer wondering why their "developer laptop" needs a monthly subscription to do what their Production server does for free. Maybe they should just use UTM in the meantime.

_joel
0 replies
1d1h

I'm not sure what you mean by prod server in this context, we deploy to k8s. We use testcontainers[1] that run locally on the laptop via IntelliJ. There's a bunch of integration tests that take a good while to boot via docker-desktop. If these tests can be sped up significantly then it's worth that $8 a month. I'd like to remind you that technically docker desktop isn't free, either. Nor is pushing tests to run via CI/CD first. That iteration cycle would take even longer.

[1] https://testcontainers.com/

marvin-hansen
6 replies
1d11h

I switched to Orbstack about 2 weeks ago after having read about it here on HN.

I develop a cloud native system entirely writen in Rust. All my own containers are build without Docker thanks to rules oci in Bazel. However, for integration testing, I'm using internal tools that fire up, say a database container and run the tests all from within Bazel to leverage test caching and parallelization.

For a while, i was struggling to get around Dockers slow startup time on Mac. My CI server uses Firecracker VM's to isolate OCI containers so it's really only a docker on Mac issue.

My main take away:

- I am so close to delete Docker permanently. There is no comparison, not even close. All integration tests run so much faster.

- Especially parallel container starts a noticable faster.

- I've developed custom docker utils for testing and, believe me, the official Docker API is a humongous pile of garbage that I ended up re-implementing everything by wrapping the Docker command line. To nobody's surprise, even the custom docker utils work way faster and more reliable with OrbStack.

- Zero issues. I am still a little bit puzzled that OrbStack basically runs bug-free no matter what I throw at it. Take it as a compliment.

What I would like to see:

- A Ressource monitor or at least some graph that plots CPU and memory usage. In some rare cases the application in the container runs close to the limit probably because a query takes too long, a process got stuck or whatever. Stuff just happenens. Point is, having an eye on ressource usage helps to spot those corner cases early on.

For me, OrbStack is a clear win and a clear keeper. Well done Orb team and I wish you guys all the success in the world.

oarmstrong
2 replies
1d10h

My CI server uses Firecracker VM's to isolate OCI containers

Is this something you built yourself? I've been looking for a CI tool that uses Firecracker but never found anything, I started building something myself but it never really got finished. Would love to drop that project and use something off the shelf.

marvin-hansen
0 replies
1d4h

BuildBuddy. Google it.

It's totally next level. My build is 70 crates, hundreds of unit tests, integration tests, multi platform docker images for two platforms, and everything is done in under 2 minutes, if it's slow(!). If I hit only an incremental change, build is completed within 30 seconds.

The future is now!

aayushshah15
0 replies
1d5h

I'm obviously biased here but this is what we do at blacksmith dot sh. We run you GitHub Actions on consumer grade desktop CPUs with high single core performance, all inside ephemeral Firecracker VMs. Give us a shot!

totetsu
0 replies
1d9h

I did the same thing. Docker Desktop for Macos kept going into resource saving mode and then not responding to anything after some time, so I tried Orbstack after seeing it here.

rfoo
0 replies
1d9h

I'm in a similar position but I need to make sure I run distro kernel (because that's part of integration) instead of whatever OrbStack shipped.

In the end I just run a Linux VM and run everything inside. Zero issues by definition.

I'd actually love to use OrbStack Machines cause it feels much nicer than UTM, but, well, I can't run OrbStack's patched Linux kernel :(

princevegeta89
0 replies
1d7h

I've been using Colima which has been great, and much better than Docker Desktop which sucked ass for me.

With Colima, file mounting and sharing caused reliability and permission issues for me though I've applied some workarounds with success. To avoid this mess, I'd much rather move to a VM though. I used VMWare Fusion and UTM but I still had the struggles with file sharing between host and the guest.

So I took a lot of steps back and I'm currently running a Lima VM with headless Ubuntu and things are great so far. For Vscode we got the remote SSH plugin and then there is the Jetbrains Gateway as well.

I'm sharing my experiences for people in similar shoes to try these out, if that helps!

xyst
4 replies
1d12h

I’m curious how orbstack is able to achieve the performance they claim.

quantumwoke
0 replies
1d8h

This is pretty light on the details.

kdrag0n
0 replies
1d6h

The issue submitter just happened to be running LXD in their OrbStack machine.

rahen
4 replies
1d8h

I'm not sure I fully understand the technical differences between an OrbStack VM and a container, as both seem to use a shared kernel.

What would be the closest alternative on Linux? LXD? I've grown accustomed to the convenience of OrbStack.

suprjami
2 replies
1d8h

A Buildroot VM which runs just enough Linux to provide Docker and virtio file sharing?

You can achieve almost the same thing with Alpine Linux, that's how I run all my containers, one VM per container.

Edit: Further down the comments it says OrbStack is a single Linux VM running LXD containers. Oh well, I was close.

rahen
1 replies
1d7h

I currently use Vagrant on Linux, but it's slow and resource heavy.

With OrbStack, the ability to set up an Ubuntu or Fedora 'VM' in a few seconds, then install even complex SDN workloads inside is incredible.

Now I want something similar on Linux, especially once I switch to Asahi. I haven't tried LXD yet, but it seems to work similarly to OrbStack with the added benefit of having a full Linux kernel and the ability to modprobe modules and create snapshots, something that isn’t possible with OrbStack. I'll have to give it a try.

suprjami
0 replies
1d7h

LXD is a manager for LXC containers. I have the vague idea that it's like k8s for LXC but I don't really know either orchestration tools well enough to say.

LXC containers are like Docker/Podman containers except they usually run an init process, so you're not running just one binary inside the container.

You can make LXC "app containers" which just run one binary Docker/Podman containers.

rahen
0 replies
21h22m

Answering my own question for anyone else who might be curious: OrbStack is essentially LXD for macOS, so on Linux, LXD indeed provides an identical workflow.

In fact, LXD is a bit better. The command line is more powerful, it supports snapshots, the network configuration is more comprehensive, there's a direct access to the host kernel, and the web UI is a nice touch since it can work from a headless VM if needed.

This was one of the few things I was missing on Asahi and Linux in general. Feels good.

SEJeff
4 replies
1d13h

I love that you can simply type `orb` and get dropped into a Linux vm. Some of the cpu features are super weird (cat /proc/cpuinfo and it is unlike literally any x86 cpu I've seen before), but unless you happen to build stuff that depends on lots of specific cpu features like I do, it works well enough.

saagarjha
2 replies
1d12h

I assume it matches whatever Rosetta advertises?

kdrag0n
1 replies
1d11h

It's because Rosetta doesn't seem to emulate /proc/cpuinfo, so the contents reflect that of the arm64 host.

SEJeff
0 replies
1d5h

Yeah, it makes for VERY confused builds when you select on cpu features available.

KingMob
4 replies
1d8h

OrbStack is great in a lot of ways, and I universally prefer it over Docker for Mac.

That being said, it wasn't always been smooth sailing. Under the hood, OrbStack uses an 8TB sparse disk image, which doesn't play nice with most backup software.

https://github.com/orbstack/orbstack/issues/29

It caused me problems with Backblaze, but the Github issues for this show that it also breaks all sorts of backup software, including tarsnap, Druva inSync, Carbon Cloner, iDrive, Carbonite, and even Time Machine itself when formatted with HFS+, apparently.

The official position for a year was "won't fix", because it's an Apple technology, and backup software should support that. While technically correct, realistically, sparse image backup support was not very widespread at the time. (I have no idea about now, since I gave up trying to back up my Orbstack image with my whole disk backup.)

I like Orbstack, but I wish the devs had moved to exclude the disk image from backups immediately, instead of arguing with people about it for a year first.

All that being said, I do still like OrbStack a lot, and I hope to never see a repeat of this problem and how it was handled.

nwienert
1 replies
1d8h

The first reply on the issue you linked seems incredibly professional and well handled, and even recommends excluding the file from backups, I can't see a single issue there.

KingMob
0 replies
1d6h

Being polite is not quite the same thing as being handled professionally, and definitely not the same thing as handling it correctly.

Telling people to exclude the file from backup came too late for many. E.g., Time Machine users with older disks formatted with HFS+ would find their drives crashed/corrupted/wiped, and lost all their backups. Only afterwards would they start googling to see what happened. (Even now, the relevant FAQ still says "Time Machine supports them, so your backups will not be affected" which is not always correct.)

From the time the issue was opened, to the time they said they admitted they were wrong and excluded the Orbstack image from backups by default, was 13 months. Even if other solutions were on the table, the professional thing to do would have been to exclude the images ASAP, so customers weren't at risk of data loss, and then work on alternatives afterwards.

ignoramous
1 replies
1d5h

I like Orbstack, but I wish the devs...

devs? afaik, it is just one teenager, Danny Lin (he might be 20 by now, though).

kdrag0n
0 replies
1d3h

A small team now :)

(not back then though)

shepherdjerred
3 replies
1d3h

The absolute best feature that OrbStack has is debug shells. Essentially, it lets you attach to any container with all of your favorite tools already present, e.g. vim.

https://docs.orbstack.dev/features/debug

OrbStack is well worth the price IMO

hinkley
2 replies
1d2h

How the hell do they do that?

omnicognate
0 replies
1d2h

There's a "how it works" bit at https://orbstack.dev/blog/debug-shell

In particular, mount namespaces are what Docker and runc use to give each container its own image and view of the filesystem. But unlike chroot(2), you can copy an existing mount namespace into a new one. Debug Shell uses this to copy a container's namespace, creating a new view where we can inject things without them showing up in the original mount namespace or filesystem.
atombender
0 replies
1d

Linux, at the kernel level, doesn't have any concept of a "container". What you have instead are namespaces. File systems, process lists, networking etc. are all namespaced, and you can set these up "a la carte".

For example, you can create a new process that has as its file system root /home/blah. It will see every process in the system, it can do networking, etc. — but "ls" can only show the files under /home/blah, which appears as /. Inside this process, you can't see any files above this directory.

A Docker container is simply a process which has set all its namespaces in such a way as to isolate it from others.

"Entering" a Docker container is done by setting up your namespace to be the same as that of the container. For example, you can create a new process (a shell, for example) that is a normal process in every way — full access to the root file system and networking and so on — but has the process tree root as the container. The process will see only the processes inside the container.

You can do this on Linux today using the nsenter [1] tool. (This is also a way to create simple namespaced processes without Docker.) This allows a mix of namespaces; you can enter the container's namespaces but also retain the ability to run tools that aren't available inside the container.

In short, I assume the OrbStack debug command does the exact same thing. It's coincidentally the same concept as an ephemeral container on Kubernetes.

[1] https://man7.org/linux/man-pages/man1/nsenter.1.html

webprofusion
2 replies
1d11h

Err, you guys know that about 80% of desktops are Windows right? There's a bit of a myth that developers are all using macOS but in practice that's not really the case.

selcuka
0 replies
1d10h

I can't see how 80% of desktops being Windows is proof that most developers use macOS is a myth. Developers probably represent much less than 20% of all desktops, so it's a moot point.

EasyMark
0 replies
1d5h

Maybe they like developing for Mac and that’s their niche, at least to begin with? You have to start somewhere.

haberman
2 replies
1d12h

I have been happily using OrbStack for a while now, and I've had nothing but good experiences. The UI is polished and responsive, the containers have great performance and nice integration with the host, and overall the product seems to be constantly pushing itself to be even better.

I admit my greatest confusion about this software is how a product that appears to be a one-man show so quickly became more compelling than the well-funded incumbent (Docker Desktop). This is even more impressive considering that the developer appears to be a college student.

Hats off, this is amazing work.

saagarjha
0 replies
1d11h

I’ll let the actual developer respond but OrbStack has several people working on it now.

kdrag0n
0 replies
1d11h

Love to hear that. We're actually a small team at OrbStack now!

ta988
1 replies
1d13h

Also a bit more expensive than docker desktop for companies.

Dansvidania
0 replies
1d8h

perhaps, but much better in my experience.

novolunt
1 replies
1d12h

The problem with wsl2 is that it not only requires a virtual machine, but also uses the windows kernel, not the linux kernel

dwattttt
0 replies
1d10h

WSL2 doesn't run under the Windows kernel, it runs the Linux kernel under the Windows hypervisor, side-by-side with the Windows kernel (in another lightweight VM). Honestly it's kinda crazy that Windows natively now runs as a VM.

fnordlord
1 replies
1d5h

Does anyone know if you can run arm64 images on a x86 Linux machine? I'm currently doing it with Docker and QEMU but it is super slow.

_joel
0 replies
1d5h

Emulation will generally be pretty slow, much slower than native virtualisation (although Rosetta has tricks to make this quicker).

Ideally use multi-arch images or build your own.

zero0529
0 replies
22h34m

Wished they had a Nix package, but looks good I will check it out! (Request to devs please a nix package, nix-darwin is very good for defining work machines)

vinnymac
0 replies
1d5h

I have been using OrbStack for 8 months now for personal use. I haven’t experienced a single issue in that time, and use it daily.

Can’t say that for much software to be honest.

rudi_mk
0 replies
1d6h

OrbStack has been an absolute lifesaver. Rancher Desktop was great for running a quick K3s cluster locally, but OrbStack's VMs are just great. For someone who likes to run separate envs on Linux, Orb's VMs are great. Pretty performant on my older M1 MBP too.

renewiltord
0 replies
1d11h

Orbstack is great. I use it in order to build a library cross-platform (Linux/Mac amd64/aarch64 all combinations) and it's great how I can do it on my Mac. You can even run a quick shell in a VM that has all your stuff mounted. Perfect user experience.

pawelduda
0 replies
1d6h

OrbStack is great for me on MacOS and nothing else I tried comes close.

oars
0 replies
22h12m

Great alternative to Docker Desktop on MacOS.

mootpt
0 replies
1d2h

also supports ipv6.

mkermani144
0 replies
1d11h

It's not as battery-hungry as official Docker desktop. That's the main reason I switched to it. Now, I'm happier than before.

julian37
0 replies
1d3h

kdrag0n's first post about this on HN, afaict: https://news.ycombinator.com/item?id=34100779

Amazing how far they've got since, in just two years. As others have pointed out, it's already "boring" software in that it just works. And that's no small feat because this kind of tool requires all kinds of low-level hackery to make work, and make work fast. Hats off!

(Happy user here if you couldn't tell.)

fake-name
0 replies
1d7h

OrbStack: The fast, light, and easy way to run Docker containers and Linux*

* On MacOS Hosts only.

I feel like there should be a rule that if the submission is basically a "Show HN" style post (or a link to s piece of software), it should be mentioned in the title if its platform specific.

dmeijboom
0 replies
1d13h

Happy user since day one. Since adopting Orbstack most of our frustrations with Docker on Mac OS are gone.

cedws
0 replies
1d9h

Have been using OrbStack since beta and with a commercial license since February. I can’t praise it enough, it’s elegant, performant software that just works.

Quarrel
0 replies
1d6h

It would be handy if it mentioned somewhere near the top of the front page that OrbStack is a macOS utility.

So that Linux & Windows people know they can look away. (Looks like a cool tool though!)