[HN Gopher] Run a macOS VM on Apple Silicon from a double-click ... ___________________________________________________________________ Run a macOS VM on Apple Silicon from a double-click with Vimy Author : akyuu Score : 93 points Date : 2023-08-20 16:57 UTC (6 hours ago) (HTM) web link (eclecticlight.co) (TXT) w3m dump (eclecticlight.co) | ChrisMarshallNY wrote: | This looks very cool. | | Since it is Eclectic Light, shipping it, I will bet it's great. | [deleted] | bashinator wrote: | Any example use-cases? | throwaway-blaze wrote: | In theory running a different version of the OS for testing. Be | aware MacOS VMs cannot use iCloud services though, so if your | goal is CI/CD in the VM none of your tests for iCloud will | work. | userbinator wrote: | _Be aware MacOS VMs cannot use iCloud services though_ | | I believe it needs extra work but can be done. It's a | relatively common question in the Hackintosh community and | they've figured it out. | stuckkeys wrote: | It works. You just need a legit serial number from a | device. I have used one from my mac and it worked. | hanniabu wrote: | VirtualBuddy is my favorite mac vm thanks to their file sharing | folder | | https://github.com/insidegui/VirtualBuddy | Terretta wrote: | FTA, Vimy has _" folder sharing enabled, with the Custom shared | folder as the user's Home folder"_. | | So does big brother Viable: | | https://eclecticlight.co/virtualisation-on-apple-silicon/ | cj wrote: | Anyone have recommendations for devs looking to run a dev | environment on a Mac without installing a bunch of dev | dependencies on the local machine? | | My plan right now is to buy a 2nd mac and use VS Code remote | development over ssh. | yonatan8070 wrote: | Why not just have everything you need on your local machine? | | (I'm not a Mac user) | frizlab wrote: | I am a Mac user and I'm curious to know too | cj wrote: | Executing a bunch of npm modules locally, having a Mongo | and Redis database running 24/7. | | I don't have a great answer. One thing I've noticed on Mac | is that, using Activity Monitor, before installing all the | dev dependencies for local dev nearly all processes seem to | run under the local user's user space, but after installing | a bunch of stuff (with sudo) a ton of processes default to | running as "system" | | I haven't had time to research whether this actually has a | meaningful impact on security, but TLDR I trust Mac's out | of the box security, but I instantly stop trusting it the | moment I start installing a bunch of stuff via Homebrew and | NPM. | chrisweekly wrote: | Strong rec to avoid use of sudo for brew or (p)npm, not | sure why you'd want to do that. | newaccount74 wrote: | sudo or not makes very little difference, unless you | actually use multiple user accounts with different | privileges on your Mac. | comprev wrote: | nvm for Node + use containers for database services? | chrisweekly wrote: | tangent: fnm https://github.com/Schniz/fnm is faster than | nvm and much cleaner in its shell integration. | cj wrote: | nvm doesn't stop npm modules from installing locally. | many npm modules have pre/post install scripts that | execute binaries and such that I'd rather not execute | locally | | Docker for Redis/Mongo is reasonable, but npm | dependencies creeping into the system is something you | can't really easily undo other than a full wipe and | reinstall of the OS. Especially when certain modules | require sudo to install | [deleted] | newaccount74 wrote: | The nice thing about the Mac is that you can run a lot of | unix tools natively. | | But of course, anything that runs on your Mac is a | potential security hole. Obviously all 3rd party apps | that you use can compromise security. But it can also be | your own code: If eg. your rails app has a security | vulnerability, which is common during development, and | you run it with your local user, as is common during dev, | then that vulnerability can potentially compromise all | your data. | | So if you want to be safe, run all your dev stuff in VMs | or on a separate device, or in a container or something. | | Of course, that is cumbersome, and whether it is | necessary or not depends on what kind of threats you | expect... | eyelidlessness wrote: | You generally shouldn't ever use sudo with either | Homebrew or NPM. | | Homebrew is specifically designed to be used without | elevated privileges. This has the downside that packages | are owned by the user which first ran the install (which | might lead to those packages running with elevated | privileges after a sudo install as well? I don't know, | and I'm not eager to find out). | | NPM packages are typically either project local (and | these _definitely_ shouldn't be installed with sudo), or | "global" (which _should be_ global in the sense of being | installed on the user's PATH, and thus shouldn't require | sudo for any normal setup either). | | You're right to be cautious about the security | implications of this. | jfoutz wrote: | So, Mac doesn't come with a package manager. There are things | you can do with port and brew, to alleviate some pain. | | Me personally, I fool around with a lot of languages, and | sometimes I don't quite keep every project up to date with | the latest version. For work, the situation is even more | challenging, because I don't have the authority to go tell | teams to upgrade or not upgrade, but sometimes I need to | build their projects. | | None of this is really Mac specific. I used to use virtual | box for this, which worked pretty well. I could set up a | baseline environment and snapshot new boxes with new language | revs. | | Docker can kind of cover this, but I tend to over do it, | breaking things out into the one you build with, and the one | you run with, and it's fine, but it's a lot to keep in my | head. So, I'm kinda flakey about that. | | Now, I'm slowly building up some proficiency with nix. I | think this is what I really want, to swap out the whole chain | of system dependencies, and build docker containers or vms | out of that if I need them. | | Perhaps I'm a poor sysadmin. _everything_ locally installed | makes things real weird after a while (years). | jbverschoor wrote: | Use orbstack, install things in their own container, Mount | local volumes | cj wrote: | > Perhaps I'm a poor sysadmin. _everything_ locally | installed makes things real weird after a while (years). | | Same experience here (years). Because it's something that | creeps up over time, the problems aren't obvious overnight. | fsflover wrote: | This is one of the good reasons to use Qubes OS. | moojd wrote: | My path was vm -> containers -> nix. With nix flakes and | the direnv extension in vscode you can get a clean per- | project dev environment with zero docker overhead and | without dev tools cluttering up your global environment | and causing issues. | bonestamp2 wrote: | [delayed] | coffeeri wrote: | Depends on what you are trying to solve. If you don't like the | fragmentations of dependencies on your system, this won't go | away on a second machine. Also, I'd point you to hosted VS Code | environments such as GitHubs code spaces or Gitpod. | | You may use something that encapsulates your dev dependencies. | Some use containers like docker, others use Nix (can be run on | MacOS ). As Nix has quite a steep learning curve, there are | abstractions such as devenv or devbox, which I haven't used. | lostlogin wrote: | Would UTM be an option? | | https://mac.getutm.app/ | chaxor wrote: | Utm is just qemu, and qemu is actually open source. Utm hides | an enormous amount of what they do (just saying not open | source again in a different way), and that's definitely not | what you want in a base system. | | So it would likely be much better to simply install qemu | instead. | noodlesUK wrote: | UTM is open source (Apache2). You can also add any argument | supported by the bundled version of QEMU using the GUI. | | https://github.com/utmapp/UTM/blob/main/LICENSE | c-hendricks wrote: | UTM uses qemu or Apple's own virtualization framework, | which runs macOS. | navels wrote: | Current setup on my M1 for dev is to use docker with containers | for mysql, localstack, rabbitmq, redis, and ruby (debian | bullseye), all arm64 images, and then VS Code with the remote | container extension. Was pretty rough going when the M1 first | came out but is now flawless and lightning fast. Onboarding new | devs takes an hour instead of a day. | fredoliveira wrote: | I've tried a few things: | | - Docker, but the docker on mac experience has never been great | (even if Colima or Orbstack makes that much better) | | - A VM running on my mac where I install whatever I need. Tried | debian, silverblue, and used the opportunity to properly learn | Nix and use NixOS | | - My current setup, especially for hairy projects with | dependencies I dislike: an intel NUC running in my local | network that I set up with NixOS which runs everything I need. | Because I install Tailscale everywhere, I can use it even when | working from outside my home. | vorpalhex wrote: | Raspberry pi or other compact linux machine with code-server | running in docker. Gets you a web UI that works from anything | (ie iPad) and you can do docker-in-docker for other containers. | | SBCs have less horsepower but you can always run them from a | USB battery bank, letting you dev on the go. | syntaxing wrote: | Are you building apps for Mac/iOS? If not, I have a 12 core | Ryzen with a 3090 that was the same price as a higher ram Mac | mini ($1K). I recommend that over another Mac if you're ok | running *nix. | rafram wrote: | The OP is clearly asking about setting up a _Mac_ dev | environment, so suggesting that they buy a non-Mac machine is | not helpful. | smw wrote: | Does nix or devbox [1] do what you want? Technically installing | on the local machine, but not in any way that effects you | unless you ask for it? | | [1] https://www.jetpack.io/devbox | moondev wrote: | Is it possible to run asahi Linux inside this or any other | hypervisor on macos? | vbezhenar wrote: | Asahi linux made for apple hardware. For virtual hardware you | can run almost any popular distro like Ubuntu, Fedora. | pxc wrote: | I think you can still take advantage of paravirtualization | without running an OS built for Apple Silicon specifically. You | can emulate peripherals and the motherboard and stuff without | emulating the CPU, so you would probably do better just to run | the regular ARM variant of whatever distro. | | Both Arch and Fedora, which some releases of Asahi are based | on, have regular, shmegular ARM variants. | _joel wrote: | It's designed to make future linux easier to run out of the box | on Mac silicon, not really intended to be run as linux in a VM. | If you want vms, use UTM https://mac.getutm.app/ | pxc wrote: | Tart is also very cool. It's not F/OSS but it is source- | available and its license is liberal about non-commercial and | small-scale commercial use: | | https://github.com/cirruslabs/tart | | The very cool thing about Tart is how it uses OCI for OS | images, so you can use your existing image registry | infrastructure to host and pull down OS images. | | Cilicon is a compatible F/OSS clone that currently only | supports a subset of that functionality: | https://github.com/traderepublic/Cilicon | | These are more CI-oriented but I like how that makes it easy | to manage state with them. | | If you're _focused_ on Linux VMs and maybe not on GUI stuff | (although I 'm sure you can make that work), Lima seems to be | the go-to in the user 'community', as it were: | https://github.com/lima-vm/lima | | If you use ARM guests on Apple Silicon, you should get good | perf just like with stuff in the OP. (Like UTM, Lima is based | on QEMU.) | _joel wrote: | Yes, played with Tart, forgot about it actually until you | mentioned it again and not heard of the F/OSS one, so | thanks for that :) | chaxor wrote: | You mean qemu. | | Utm is qemu, but they just removed the open source part. So | it's just definitely worse. | _joel wrote: | You can use UTM with Apple's Virtualisation backend too, | have been for a while and works fine for me | https://docs.getutm.app/settings-apple/settings-apple/ | robin_reala wrote: | UTM is open source too though: | https://github.com/utmapp/UTM#license | syntaxing wrote: | This is absolutely awesome and something I always wanted (I'm in | a 8GB M1 though which I regret often not going to a 16GB). I just | want to sandbox some of the applications I need to use but don't | trust on my computer (looking at you Bambu studios). I tried | using the sandbox feature on macOS but it's unusable for me on | Ventura. ___________________________________________________________________ (page generated 2023-08-20 23:00 UTC)