Should be easy enough. But, the problem is the scale. I work at a privacy conscious EU based startup and we used to use quad9 for our infra. Shortly after we started using, we started to hit scalability issues. When the whole eu traffic was hot, our DNS query latency would also go up. To be able to keep up, we had to switch back to CF and Google. Hope there is a really good alternative one day.
Sure thing, but essentially it would be another thing that we have to make sure that it is protected and performant. At the time of building a startup, that’s still an item we are leaving someone else to manage.
Thanks. Architecturally, beside the unmodified Minecraft and LWJGL jars, this demo uses the original JNI code from LWJGL, compiled from C++ to WebAssembly.
I love this... but I've grown disappointed by these technically impressive demos, now that older Minecraft running in WASM is no longer novel ever since Eaglercraft came out. As per the readme:
> The latest version of Minecraft. Newer releases of Minecraft use a newer version of Java and OpenGL which we currently do not support. [...] This demo demonstrate these capabilities by running an older version (1.2.5) of Minecraft and LWJGL entirely in the browser.
Sadly, no one seems to be able to get past Minecraft 1.5, which was released in 2013 :(
Edit: Hmm... not sure when this happened, but Eaglercraft supports 1.12 (2017) now. Neat! Might be hard to go further than that, since modern Minecraft uses Java 21 / OpenGL 3.2, and LWJGL itself has evolved significantly in its platform APIs.
You might want to look into .nspawn files instead. Then you can also manage your nspawn-containers with the machinectl command.
See man 5 systemd.nspawn
And many command like systemctl and journalctl accept the -M parameter, which allows you to query systemd units inside your nspawn-containers from the host.
edit: The article actually explains all of these things in more detail.
I used to use qemu-user-static to run ARM Linux distros like Buildroot, Yocto, and Raspbian on x88_64. It worked surprisingly well! Outside of some minor bugs here and there, it was perfect for local development, emulating an embedded system I was working on.
If file system level isolation is enough for you, take a loot at schroot (https://linux.die.net/man/1/schroot) which allows root-less chroot. You can use something like debootstrap to get a complete userland into a user controlled directory and use schroot to chroot into it without root level access.
> it seems that for creating a chroot you still require root.
You actually don't as long as you have user namespaces.
One thing I am working on I use chroot (rather unshare --root=) to minimally sandbox a subprocess. At the beginning of the script I have this little snippet:
if [ "$(id --user)" -ne 0 ]; then
exec unshare --map-root-user --mount -- "$0" "$@"
fi
Though you can probably just do something roughtly as `unshare --map-root-user --root=<PATH>`.
Do note that the current support is limited to signed disk images, while it was recently (still not in a release) gained the ability to use any directory that resides inside a signed disk image (instead of just the entire disk image).
There's also https://github.com/termux/proot-distro which may or may not count as containers depending on how you define the word but I think it does count
you can theoretically run a virtual machine like libriscv5 which doesn't require root.
or qemu doesn't require root as well. But qemu is blocked for my usecase. There is flatpak theoretically as well
https://en.wikipedia.org/wiki/Root_name_server
To be honest, setting up a DNS4EU replica would just be a simple unbound