https://en.wikipedia.org/wiki/Darwin_(operating_system)
https://github.com/PureDarwin/PureDarwin
https://www.reddit.com/r/MacOS/comments/1b75xlv/why_is_darwi...
If they were to support darwin containers, what would be the point? Literally nobody would build to it, Linux won.
because nobody does ci/cd against macOS or iOS apps right?
There aren’t any app developers avoiding the Apple ecosystem because there aren’t Darwin containers. They don’t sell server hardware and by all accounts have no intention of ever reentering that space. So they’d spend a bunch of developer cycles to reduce their own revenue stream with no apparent upside beyond “goodwill” which they’ve never been overly concerned about.
Why would any serious developer use closed-source code they can't debug and modify? Especially for a production server?
It's the same reason no serious developers or hackers use macOS, like part of the point of being a developer is being able to dig into the code at any layer and debug and fix things.
I know I'm basically taking the bait, but I guess I've not been "seriously" developing stuff for the past decade or two, which is news to me!
That being said, my point isn't that Apple should absolutely focus on making a server OS again. It just saddens me how far behind macOS has fallen as they stopped caring about the fundamentals; back in the day, it would be Linux trailing behind macOS. Nowadays, you can't even have multiple routing tables on the latter, the firewall code was probably last updated in Snow Leopard, and what Apple happily shows off on WWDC is a wrapper around Linux. Something functionally equal can be cobbled up together by anyone sufficiently experienced in minutes, using just Bash, OpenSSH, and QEMU.
I really wish macOS would let me have a similar level of control over applications as Linux with namespaces, without me having to do all the heavy lifting.
Apple uses OpenBSD's Packet Filter [1]; I doubt multiple routing tables are a problem. Back in the Snow Leopard days, it was FreeBSD's IPFW, which is also no slouch.
Whatever a firewall can do, PF can do it.
You can also get a nice GUI for PF [2].
"Exploring Darwin and PureDarwin: The Open-Source Foundation of Apple's Operating Systems" - https://machaddr.substack.com/p/exploring-darwin-and-puredar...
Even Microsoft gave up on Windows and just runs Linux most things except niche cases. Heck, even SQL Server which is expensive piece of machinery got ported to Linux and that's the default target now in their docs.
With that said, one can't deny Apple's success on the b2c side of things so it feels wrong to call their strategy a failure.
[1] https://cheatsheetseries.owasp.org/cheatsheets/Docker_Securi...
This was due to implicitly granting the LLM access to the host docker daemon, which has superuser privileges, not due to a "container breakout". That's arguably a very different scenario, but of course both are worth considering.
> So if you want to use containers for anything but easier development, you need to be much more proficient than the average user already.
I'd disagree. Containers, at least without granting them additional privileges such as CAP_NET_ADMIN and without write-bind-mounting sensitive host directories into the container, offer a reasonable security boundary compared to the counterfactual, despite their bad reputation.
There's much more to it than that if you check out the link above. Misconfiguring a container is the 2026 version of misconfiguring FTP and MYSQL in the 90s. I.e. most users don't even know how they are asking to get rooted.
But yeah, I guess my use case is not the main use of such tools or their purpose in general. Thanks for the link, I‘ll take a look at it.
I guess my use case is not that important for the main user of these tools.
i'd still use less permissive containers for things i don't feel comfortable installing on the host, e.g. npm.
And I think I would caution Apple to consider the lessons of WSL; having shared access to the filesystem is just the bare minimum. Next is networking (and god is this a rabbit hole with WSL), people will want to access their USB devices, X forwarding, GPU passthrough..
If we wanted access to all interfaces, we'd just run it locally.
We want the container as a closed box, "wasting power doing math", i.e. processing what we actually passed to it.
Blog post soon
* need a usb sdcard reader for macbook pro cause the builtin is not usb)
Basically: they’ve moved on.
Apple has never been about supporting legacy platforms with new features. And with over a quarter of revenue and two fifths of Apple's gross profits coming from services, one could argue the incentives run either way.
Enterprise ARM servers are still a niche product, and so are the ARM developer machines running Linux or Windows. Until this significantly changes, Apple will have to provide good x86 interop - or lose the developer market entirely.
Forcing people towards Apple silicon is of course an attractive approach when targeting the large portion of the market using their MacBooks as Facebook browsing machines, but (especially with the new MacBook Neo) what's going to happen when a large portion of the market for high-end MBPs disappears because it turned from the default no-brainer into a liability?
Nobody is coming to save us. But I think that with AI, we have an opportunity to create a zero-cost runtime layer that provides something like Wine or SDL on all platforms. It could/should be the intersection of all mainstream OS features (a bit like the web), with the option to drop down to native components like how Cordova works.
I've been out of the game too long to know if something like this already exists, but would love to contribute.
Note that the thing to get to the thing is runway. With our currently broken open source software (OSS) funding model, we don't have a way to pay developers a stipend of perhaps $24-48k per year (minimum) for their OSS efforts. So they have to work pro bono. That leads to design-by-committee thinking that stands in the way of getting real work done.
So unfortunately we have to pick ourselves up by our bootstraps. I hope to see the creation of a maker's guild someday, where membership provides the stipend, with proceeds coming from the 1 in 10 or 1 in 100 apps that generate a return on investment, to cover the commercial failures. Like Humble Bundle on steroids.
- digression -
Imagine a corporate model, but without gatekeeping, minimum hours or profit. A pure meritocracy working to manifest a gift economy for all.
I'm not aware of an automation-based (instead of artificial-scarcity-based) economic model like this. Solarpunk is more of a cultural revolution, but comes close. Some examples of how it might work:
- Abandoning patents, copyrights and other intellectual property rights in favor of a commons owned by everyone
- Funding drug research but giving away the resulting medication for the cost of production or free
- Universal Basic Income (UBI) or its cousin Universal Basic Capital (UBC) that provides the resources for labor to participate in the exponential gains of capitalism (the missing ladder that the wealthy currently pull up behind them)
China is well on its way to achieving these goals and more by 2049 under its Second Centenary Goal. Meaning that the US is/has been left behind. You can feel it in every way: widespread underemployment, the collapse of our social safety nets, the return of prejudice, our national debt higher than our GDP, CEOs getting compensated hundreds of times more than workers, the upcoming crowning of the first trillionaire. Times 1000 other injustices.
Solving the thing that gets to the thing is akin to solving all things.
Edit: I was wrong about intellectual property (IP) in China. It sounds like they will instead pursue high-value IP to fund their economy, a bit like the UBI funding model. I don't think that's an equitable path, so am suggesting something above and beyond what they're attempting.
Proton is based on Wine which translates Windows instructions to Linux.
Besides there's already Wine for mac.
But I would love to be wrong here.
Edit: It's a VM per container. https://github.com/apple/container/blob/main/docs/technical-...
I usually run like a db, redis, maybe something like rabbitmq/zeromq and have a app that uses these services (makefile/docker-compose).
I would love to switch if this in fact is a lightweight replacement.
Doesn’t seem to have Compose support though, but it’s probably not impossible to build upon.
And of course, it also uses VMs, though unlike Docker, it’s one (micro-?) VM per container: https://github.com/apple/container/blob/main/docs/technical-...
https://github.com/darwin-containers
However it requires disabling SIP, so that's unfortunately a non-starter for anything serious today.
