Microsoft open-sources LiteBox, a security-focused library OS

2026-02-0615:13390215github.com

A security-focused library OS supporting kernel- and user-mode execution - microsoft/litebox

Show article

A security-focused library OS

Note

This project is currently actively evolving and improving. While we are working toward a stable release, some APIs and interfaces may change as the design continues to mature. You are welcome to explore and experiment, but if you need long-term stability, it may be best to wait for a stable release, or be prepared to adapt to updates along the way.

LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.

LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.

Example use cases include:

Running unmodified Linux programs on Windows
Sandboxing Linux applications on Linux
Run programs on top of SEV SNP
Running OP-TEE programs on Linux
Running on LVBS

See the following files for details:

MIT License. See ./LICENSE for details.

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Read the original article

Comments

By aktau 2026-02-0615:134 reply

From the GitHub page:

LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.

Example use cases include:

  - Running unmodified Linux programs on Windows
  - Sandboxing Linux applications on Linux
  - Run programs on top of SEV SNP
  - Running OP-TEE programs on Linux
  - Running on LVBS

By aktau 2026-02-0615:152 reply

By xjamesmorris 2026-02-0616:501 reply

FYI, I am not the project lead for Litebox. It is led by Microsoft Research.

By aktau 2026-02-0911:04

Sorry about that, I can no longer edit my comment.

Do you have any relation with the project apart from working at the same company?

By rbanffy 2026-02-0714:232 reply

> - Running unmodified Linux programs on Windows

This might actually be my favourite use: I always thought WSL2 was a kludge, and WSL1 to be somewhat the fulfilment of the "personality modules" promise of Windows NT.

By dixie_land 2026-02-0716:07

Yup WSL feels closer to the Services for Unix which has been around since NT 4/5.

It was sad to see WSL2 taking the path of least resistance, that decision has always felt TPM driven ("we got unexpected success with WSL and people are asking for more, deliver xxx by Q4! No I don't care _how_ you do it!")

By unixhero 2026-02-0719:101 reply

Personality was an OS aphorism that went longer back than NT I believe. But my memory is fuzzy on this.

Edit! Memory unfuzzed: It was Workplace OS, https://en.wikipedia.org/wiki/Workplace_OS

By rbanffy 2026-02-0721:40

I know that, but Windows NT actually succeeded.

By a-dub 2026-02-0620:31

is this wslv1.2 (wslv1 redux) in now a more general cross-platform library firewall type thing?

By oofbey 2026-02-0716:12

The amount of techno jargon marketing speak in this readme is impressive. I’m pretty well versed in most things computers, but it took me a long time to figure out what the heck this thing is good for. Leave it to Microsoft to try to rename lots of existing ideas and try to claim they’ve invented something amazing when it’s IMHO not all that useful.

By CasualSuperman 2026-02-0616:009 reply

With how buggy their flagship OS has become, why would I trust anything else they release to be better? Or even if it does work well now, why should I expect it to stay that way? Microsoft has burned through all possible goodwill at this point, at least for me.

By simonw 2026-02-0618:229 reply

Microsoft employ over 100,000 engineers. I'd advise against assuming that everything produced by any of them is bad because of bugs in Windows.

By LatencyKills 2026-02-0713:53

I spent 15 years as a senior dev on the Visual Studio team followed by 5 years on the Xcode team at Apple.

Individual engineers can be talented, professional, and end-user focused. Most of that effort gets lost when PMs refuse to work with each other in a coherent manner. Most of the major issues we ran into weren’t engineering bugs per se, they were the result of management refusing to allow teams to communicate effectively.

When we were first building out the original C# functionality, the C# team refused to talk to the existing compiler teams. I spent more time acting as a go-between than I did solving actual technical problems.

Good people can produce crappy software in that environment.

By workfromspace 2026-02-0620:492 reply

Not op, and I generally agree with your assumption but not for Microsoft, as I don't think it's limited to Windows:

Teams, Office (especially online), One Drive, SharePoint, Azure, GitHub, LinkedIn, all became very shitty and partially unusable with increasing number of weird bugs or problems lately.

By ymck 2026-02-0717:161 reply

And it's not just Microsoft. Apple and other are having the same issue. Something fundamental seems to have happened post Covid but before AI.

WFH, flood of Dev hiring, increasingly hostile worker relations, a bunch of web 2.0 folks finally retiring, VC money drying up...

take your pick.

Software is just crappy these days.

By hulitu 2026-02-0812:06

> Something fundamental seems to have happened

It just became more visible: testing _is_ expensive and time consuming.

By zx8080 2026-02-074:42

But M$ share price goes up! Investors are smart as they are rich! And they do believe in this all!

/sarcasm

By replooda 2026-02-0619:183 reply

The criticism was directed at the company's product, not the employees...

By ray_v 2026-02-073:461 reply

I always wish that people would make this distinction more often ... the people=good, the product=bad ... people!=bad

By replooda 2026-02-0712:14

If product->quality_x, I'm okay with employee->?quality_x — but not with either employee->quality_x or employer->!quality_x. A better thing to remember is that people have themselves to feed. Of those 100k engineers, how many can say "no, you don't, Satya, ain't no besmirching my code with slop"?

By trimethylpurine 2026-02-0619:463 reply

The response appears to be pointing out that with so many employees (engineers), it's unlikely that they all work on Windows.

By replooda 2026-02-0623:371 reply

Maybe. But interpreting it thus requires too much charitableness for it not to have been uncharitable, whether intentionally or otherwise.

By trimethylpurine 2026-02-072:24

You mean interpreting it honestly. Yeah. I caught that.

By sharts 2026-02-071:525 reply

Don’t the best of the best typically work on OS fundamentals though?

By vlovich123 2026-02-074:38

OS is such a broad term, especially when applied to Windows which is closer to a Linux distro. Is it the kernel? Windows is fine there as by all accounts the issues are higher up. They’ve had some problems with their update process which is surprising - historically that team would have been populated by the better engineers. most of the other problems have been in the shell and UI where good engineering discipline is not to be quite as expected.

By mavhc 2026-02-0713:221 reply

Yes, but the OS fundamentals are for Azure first, Windows last.

Azure makes money, 50% of Windows computers are basically free and need to get you to sign up for a subscription some how. The other 50% are Windows Pro/Enterprise, but MS assumes they'll get that money forever so doesn't put any resources into that. In 10 years the kids switching to Linux on desktop today will be in charge of the business deals and switch corporations to linux because they're not scared of it like the current business IT leaders

By OtomotO 2026-02-0714:121 reply

They are not free. OEM costs money. Hence with every laptop with Windows preinstalled, you pay a fraction to Microsoft, even if you immediately uninstall and add Linux.

By mavhc 2026-02-0718:551 reply

But probably only $10

By OtomotO 2026-02-0720:54

I don't argue with that. But every cent paid to Microslop is a cent too much.

By bionsystem 2026-02-078:27

Maybe not, there are plenty of hard things to do at Microsoft scale, hypervisors (which I guess could count as "OS" but maybe not "Windows" in the consumer-product line sense), compilers, languages, hardware since Microsoft is doing that too, browsers (although the hard part is chrome-based, probably they contribute to it), databases, distributed systems for cloud products, etc. Plenty of hard things to do.

By wongarsu 2026-02-078:50

The windows kernel is great. It's the stuff built on top of that that sucks. I doubt MS puts the best of the best on coding the start menu

By trimethylpurine 2026-02-072:20

Which developer has the best of the best on operating systems?

By mcmcmc 2026-02-0621:203 reply

And yet they still work for a company that has shown it isn’t overly concerned about quality or reliability in its products.

By trimethylpurine 2026-02-072:411 reply

I don't think people typically have so much choice about it. Everyone is just trying to feed their families and enjoy their life. The job market is a little tough right now, I think, for software engineers. No?

I know a few personally that left their stable job to be hired and fired in the same month and remain unemployed six months later. Very sad.

By mcmcmc 2026-02-073:432 reply

What a ridiculous excuse. People who join ICE to brutalize minorities and protestors are just trying to feed their families too, then. No?

Working for Microsoft doesn’t make them bad engineers or bad people, but it does make them Microsoft employees. And they get to bear its reputation whether they want to or not. If it makes them uncomfortable then they should make a change or grow thicker skin.

Oversaturation of the labor supply for software engineers has been looming for a while now. Gen Z was sold on infinite growth in the ZIRP era which was never going to happen, but everyone still jumped in. What we’re seeing is structural unemployment. Not everyone’s gonna make it.

By trimethylpurine 2026-02-074:212 reply

Do you have kids? If not, I agree with you. Make the hard decision and take a loss. And thank you for your sacrifice.

If you do, I can't agree with you.

Also I wouldn't compare software development for a marketing company with a violent disagreeable effort. There's bad and there's worse, objectively.

Anyway, not saying you're wrong, but I'm not so quick to judge someone by a job that they probably hate.

Or to wrap 100,000 people in the same blanket. We're all individuals. No one should be judged by the actions of others.

By bionsystem 2026-02-078:30

There are companies I wouldn't candidate for, even with kids I think, although it's hard to say, I don't have kids, and apparently there is a mind-shift happening when you get one. Oracle, Palantir come to mind. But maybe not Microsoft, I don't know about that one. It's probably bad, but maybe not "I prefer to watch my kids starving" kind of bad.

By mcmcmc 2026-02-0720:092 reply

Having kids is also a bullshit excuse. Choosing comfort over conscience is your prerogative but you’re just teaching your kids the same values.

Yeah, tech monopolist that enables genocide to contemporary gestapo isn’t an equal comparison. But my point was that you can’t ignore the moral hazards of employment by handwaving “gotta eat somehow”. There are a million ways to feed your kids. Saying you have to work a high paid job to feed them non-GMO certified organic produce from Erewhon because that’s the only standard of living you can possibly survive with, that’s a choice.

I also want to reiterate that I’m not judging the people who choose to work there. I’m just saying that by signing the employment contract they accept the reasonable public perception that the products they work on are shit. And to some marginal degree, they are complicit in all their employer’s wrongdoings.

By trimethylpurine 2026-02-0723:301 reply

Your commentary doesn't come off as honorable or righteous in any way to me. It comes off as self centered and self righteous. As if we all owe it to you to put you before our children.

I don't know if that's your intention but that's what I'm reading.

I genuinely hope you don't agree with that reading, because I doubt you'd have a nice life with that outlook. You'd be very unlikable.

By mcmcmc 2026-02-081:011 reply

What I’d consider unlikable is implying that someone might have no choice but to work for Microsoft in order to provide for their family. It carries with it an air of privilege and condescension implying that working a lesser job or for lesser pay would be insufficient to provide for a family’s basic needs.

By trimethylpurine 2026-02-084:051 reply

What lesser job? People are unemployed after six months. Meanwhile MS hired other people for less to replace those that left. Nobody won here.

It's not about "lesser" jobs being actually lesser. The point is that you don't actually have a choice. Big companies that nobody likes are in control of the economy and you can't do anything except join the unemployed until you get rehired from the pool of desperate people willing to do their bidding.

(All of this with a grain of salt. Not literally everyone is in this situation, but there are certainly many who are.)

I'm just saying, maybe don't be so quick to judge.

By mcmcmc 2026-02-0816:371 reply

I’m not sure why you’re so set on taking away free will.

> you can't do anything except join the unemployed until you get rehired from the pool of desperate people willing to do their bidding.

So there is a choice then. Does unemployment kill you in some way? Is going to a food bank a death sentence? Can you not adjust your lifestyle spending to match a lower salary if it means getting a job sooner? Is there no way to save up for periods of unemployment so you can be choosy about your next job?

Everything you do in life is a choice.

By trimethylpurine 2026-02-0819:38

It's not a choice. Making kids eat from a food bank and sleep in a shelter is morally inferior to working at Microsoft. You're saying, repeatedly, that they should make your morally inferior choice and they deserve to be judged if they don't. Only a monster could call that a choice.

Look at yourself: >Having kids is also a bullshit excuse. Choosing comfort over conscience is your prerogative but you’re just teaching your kids the same values.

Your conscience tells you that children should be forced to sleep in shelters and eat from food banks just so that you won't have to see ads when you use Microsoft Windows.

Please DON'T teach anyone your values. Your moral compass points to the trash.

I'm out bro. Cheers.

By TacticalCoder 2026-02-075:435 reply

> People who join ICE to brutalize minorities and protestors are just trying to feed their families too, then.

1400 ISIS (the islamist state) terrorists who made their way to the US, identified by the DHS.

https://www.dhs.gov/wow

Look at the list here. 2084 pages already, 12 entries per page: that's 25 000 criminals. They're listing their crimes. 25 000 criminals already arrested is a huge lot.

Be honest with yourself and think about the victims.

I'd say a lot of the people joining ICE do believe the US has already enough criminals that are US citizens and want to help stop the insanity that is mass uncontrolled migration.

Out of 600 000 people arrested by ICE, as I understand it already 25 000 are violent criminals that we know of. That's more nearly 5% of all those arrested. 1 in 20 people.

Where do you draw the limit? You want full open borders, but at what cost?

I read a lot of "Arrested for: kidnapping, rape".

Is, say, 1 in 100 people coming in being a criminal OK?

Where do you draw the line?

Dems are literally fighting so that sanctuary cities do not hand over convicted criminals to ICE: so that one day they can be released in the streets.

Is this what you want to fight for?

Are you that convinced, from your moral high ground where you judge Microsoft employees and ICE agents, that you'll be on the right side of history?

By bionsystem 2026-02-078:362 reply

You are missing out the entire point. In a justice system, a single innocent in prison is a thousand times worse than a free criminal. This is where most people draw the line if they think about it. Because when you put innocents under arrest, suddenly you are no better than dictatorships and terrorist state.

The real justice is investing in a security system that tracks, investigates, and condemn actual criminals, in a targetted way, so that honest people can live securely and free. Believe it or not, plenty of countries manage to do that pretty well.

By tovlier 2026-02-0711:16

[dead]

By int_19h 2026-02-076:411 reply

> Are you that convinced, from your moral high ground where you judge Microsoft employees and ICE agents, that you'll be on the right side of history?

Yes.

It really isn't difficult to figure out who the bad guys are, at the moment.

By tovlier 2026-02-0711:16

[dead]

By biaachmonkie 2026-02-079:57

Well considering the administration has repeatedly called Alex Pretti and Renee Nicole Good "TERRORISTS", I would consider "1400 ISIS terrorists" a highly dubious statistic, in fact in a brief search for a reputable source of your claim of "1400 ISIS terrorists" I've not found any source for that, link???

You ask "Is, say, 1 in 100 people coming in being a criminal OK?"

Well considering that about 1.4% of the overall population is current incarcerated in our "Land of the Free", yeah 1 in 100 would be an improvement!

People are against ICE in growing numbers because of their tactics of run around hide their identities like bandits and gestapo thugs. Their ignoring of court orders, constant lies, constant blatant violations of the 1st, 2nd, 4th amendments constantly, and violations of rights of people such as immigrants following the processes of asylum, several citizens that have been arrested wrongly, and the terrible tortuous treatment an the joy and pride this corrupt disgusting administration takes in being cruel to people!

By fc417fc802 2026-02-081:00

If you were wrongfully arrested at a DUI checkpoint one night, but hey, 1 in 20 people arrested there are drunk drivers! Would you be okay with that? I certainly wouldn't.

If SWAT started driving around gunning people down in the street but every last "victim" turned out to be guilty of murder would that be okay? I certainly don't think so. There's a legal process that needs to be followed.

By ngcazz 2026-02-078:07

Blackshirt elegy over here folks.

By 1f60c 2026-02-0622:41

Thaaat's capitalism

By petterroea 2026-02-076:171 reply

Skilled engineers in an environment that doesn't care about quality may become dull, or simply be forced by the system they are in to not care. In practice they are just like us and so I assume they would find outlets in their free time.

I haven't spoken to a Microsoft developer in a while because there are few in the hacker communities I'm around (go figure?) so not entirely sure though. I want to understand.

By bonesss 2026-02-078:46

These giant firms aren’t uniform monoliths, especially MS.

Microsoft has some clear ‘A’ teams (compilers, industry leading languages, F*, pioneering web tech, OS innovations, etc), but also ‘B’, ‘C’ and ‘D’ teams, and MS is often reactively chasing industry trends. They’re industry leaders, but also victims of their Office, Windows, and Cloud teams pooping on one another at critical market junctures.

In .Net land we can inspect their library code. A number of these ‘Enterprise’ packages around their ‘Enterprise’ solutions are … just passable. Often something you’d write a proper version of to avoid clear issues. When our juniors are delivering better than their official offerings, in light of wizardry being displayed elsewhere, I think we are seeing systematic effects of corporate culture and customer base.

By ddtaylor 2026-02-0621:17

They seem to be alienating a lot of their users right now in a lot of different products. There's a significant surge in open source software right now and Linux and all the people that are coming over are a bit more than usual. Their customer base seems tired of the game.

By solarkraft 2026-02-0622:051 reply

This is not about individual employees. It’s in the nature of being an employee to be beholden to what’s incentivized by their company’s management and structure.

By sharts 2026-02-071:571 reply

Don’t employees have any say in some of the design , implementation, and quality bar? Management folks are employees as well. But perhaps they prefer the paycheck to voicing concerns around bad decisions. Nothing wrong with that but throwing all the blame on faceless management and structure seems not right since it evolves from collective activities.

By solarkraft 2026-02-072:45

“Show me the incentives and I’ll tell you the outcome” is exactly about this situation. People who do what they feel is right may be able to do so as long as it doesn’t conflict with company policy, but when it does (say you spend a little more time on perfecting a feature), it gets noticed and eventually corrected.

By dvfjsdhgfv 2026-02-0621:401 reply

The problems with Windows today have nothing to do with bugs but with the strategic vision of Nadella.

By jzb 2026-02-075:48

And it’s the employees that’ll be laid off if the strategy doesn’t succeed because they just didn’t copilot hard enough or something.

By lysace 2026-02-0618:55

This is also still small/unimportant enough not to be poisoned by their broken corporate culture.

By hudo 2026-02-0616:163 reply

UI of Windows is buggy and inconsistent. Kernel and low level stuff are actually very stable and good.

By joe_mamba 2026-02-0616:206 reply

>Kernel and low level stuff are actually very stable and good.

This. A while ago a build of Win 11 was shared/leaked that was tailored for the Chinese government called "Windows G" and it had all the ads, games, telemetry, anti-malware and other bullshit removed and it flew on 4GB RAM. So Microsoft CAN DO IT, if they actually want to, they just don't want to for users.

You can get something similar yourself at home running all the debloat tools out there but since they're not officially supported, either you'll break future windows updates, or the future windows updates will break your setup, so it's not worth it.

By bcraven 2026-02-0619:47

Something similar, or indeed, exactly the same:

https://www.windowscentral.com/software-apps/windows-11/leak...

By RajT88 2026-02-0617:352 reply

Talked about back in the Vista days publicly (I cannot find the articles now) - Microsoft has commitments to their hardware partners to help keep the hardware market from collapsing.

So they are not incentivized to keep Win32_Lean_N_Mean, but instead to put up artificial limits on how old of hardware can run W11.

I have no insider knowledge here, just this is a thing which get talked about around major Windows releases historically.

By necovek 2026-02-0619:121 reply

If anything, Microsoft has a lot of problems because they support a wide variety of crappy hardware and allow just about anyone to write kernel level sw (drivers). Not sure if this changed, but they used to run in the ring0 even.

This was most evident back in the 90s when they shipped NT4: extremely stable as opposed to Win95 which introduced the infamous BSOD. But it supported everything, and NT4 had HW support on par with Linux (i.e. almost nothing from the cheap vendors).

By mjevans 2026-02-075:201 reply

NT4 started with a kernel mode, user mode, security model and drivers had to be written and validated accordingly.

9x, me, and even compatibility parts of XP (up to some service patch IIRC? Might have been SP2) would still allow dos mode realtime BS for any driver that wanted.

I loath all the dang software modems too cheep to ship a decent device in a single unit and instead slice off the user's already constrained resources.

By necovek 2026-02-0712:28

Heh, who else remembers the golden benchmark, a US Robotics 56k hw modem (the only one I could find locally was an external one too) to get online in either NT4 or Linux. But when I finally did save for one, I could fully leave Windows behind in 1998.

By joe_mamba 2026-02-0618:153 reply

>Microsoft has commitments to their hardware partners to help keep the hardware market from collapsing.

Citation needed since that makes no logical sense. You want to sell your SW product to the most common denominator to increase your sales, not to a market of HW that people don't yet have. Sounds like FUD.

>but instead to put up artificial limits on how old of hardware can run W11

They're not artificial. POPCNT / SSE4.2 became a hard requirement starting with Windows 11 24H2 (2024) (but that's for older CPUs), and only intel 8th gen and up have well functioning support for Virtualization-Based Security (VBS), HVCI (Hypervisor-protected Code Integrity), and MBEC (Mode-Based Execution Control). That's besides the TPM 2.0 which isn't actually a hard requirement or feature used by everyone, the other ones are way more important.

So at which point do we consider HW-based security a necessity instead of an artificial limit? With the ever increase in vulnerabilities and attack vectors, you gotta rip the bandaid at some point.

By ssl-3 2026-02-0619:591 reply

Windows 11 is running on my ThinkPad T530. Its CPU is very nearly 14 years old.

What is missing here that was present when this same computer was running Windows 10?

By joe_mamba 2026-02-0620:161 reply

>Windows 11 is running on my ThinkPad T530. Its CPU is very nearly 14 years old.

Yes, you can bypass HW checks to install it on a pentium 4 if you want, nothing new here.

>What is missing here that was present when this same computer was running Windows 10?

All the security features I listed in the comment above.

By ssl-3 2026-02-0621:351 reply

So, if I'm hearing this right:

This computer had the security features that you listed while it was running Windows 10, and now that it is running Windows 11 it is lacking them?

(I'm not trying to be snarky. That's simply an astonishing concept to me.)

By 9dev 2026-02-0623:181 reply

It hadn’t. Windows 11 has them, due to support for new hardware mitigation features. What is it you don’t understand in particular?

By ssl-3 2026-02-0623:231 reply

There's a lot here that is hard to understand:

> > What is missing here that was present when this same computer was running Windows 10?

> All the security features I listed in the comment above.

By cgfjtynzdrfht 2026-02-071:24

[dead]

By magicalhippo 2026-02-071:42

> You want to sell your SW product to the most common denominator to increase your sales, not to a market of HW that people don't yet have.

A key difference between regular software and Windows is that almost nobody buys Windows, they get it pre-installed on a new PC. So a new PC purchase means a new Windows license.

By RajT88 2026-02-071:24

You are just arguing the requirements are the requirements.

Are they as important as stated? Microsoft says so. Everyone here loves and trusts them, right?

By TkTech 2026-02-0616:271 reply

Is this not just Windows LTSB/LTSC? Which has been a thing forever.

By joe_mamba 2026-02-0616:31

Maybe, could also be that for a 9 figure government contract they'll provide a custom LTSC branch just for you with only the features you want.

By workfromspace 2026-02-0620:511 reply

I geniunely wonder if Windows G's start menu also use React and if the start menu, right click or Windows Search still sucks in Windows G or not :)

By pjmlp 2026-02-0621:091 reply

React Native, halfway between Web and native.

By chris_wot 2026-02-073:22

No, he's talking about ReactOS.

By drnick1 2026-02-0620:27

Microsoft should just open source Windows at this point.

By hilti 2026-02-0617:472 reply

Never heard of Windows G .. that sounds exactly what I want for my older Thinkpads :-)

By qingcharles 2026-02-0620:03

I've been starting with Tiny11 and then running the debloat scripts against it. Reduces the memory footprint to about 2GB and have found zero compatibility problems with doing this. You just have to use curl or something to download a browser because you won't even have Edge.

By WarOnPrivacy 2026-02-0618:49

> Windows G .. sounds exactly what I want for my older Thinkpads

I'm running 11 IoT Ent LTSC on a some T420; it runs pretty okay.

By mananaysiempre 2026-02-0617:434 reply

> Kernel and low level stuff are actually very stable and good.

In their intended applications, which might or might not be the ones you need.

The slowness of the filesystem that necessitated a whole custom caching layer in Git for Windows, or the slowness of process creation that necessitated adding “picoprocesses” to the kernel so that WSL1 would perform acceptably and still wasn’t enough for it to survive, those are entirely due to the kernel’s archtecture.

It’s not necessarily a huge deal that NT makes a bad substrate for Unix, even if POSIX support has been in the product requirements since before Win32 was conceived. I agree with the MSR paper[1] on fork(), for instance. But for a Unix-head, the “good” in your statement comes with important caveats. The filesystem is in particular so slow that Windows users will unironically claim that Ripgrep is slow and build their own NTFS parsers to sell as the fix[2].

[1] https://lwn.net/Articles/785430/

[2] https://nitter.net/CharlieMQV/status/1972647630653227054

By dgxyz 2026-02-0617:571 reply

This is on the mark.

But there's another issue which is what cripples windows for dev! NTFS has a terrible design flaw which is the fact that small files, under 640 bytes, are stored in the MFT. The MFT ends up having serious lock contention so lots of small file changes are slow. This screws up anything Unixy and git horribly.

WSL1 was built on top of that problem which was one of the many reasons it was slow as molasses.

Also why ReFS and "dev drive" exist...

By mananaysiempre 2026-02-070:14

> NTFS has a terrible design flaw which is the fact that small files, under 640 bytes, are stored in the MFT.

Ext4 also stores small (~150B) files inside the inode[1], and so do a number of other filesystems[2]? NTFS was unusually early to the party, but if you’re right that it’s problematic there then something else must also be wrong (perhaps with the locking?) to make it so.

[1] https://www.kernel.org/doc/html/latest/filesystems/ext4/inli...

[2] https://en.wikipedia.org/wiki/Comparison_of_file_systems#All..., the “Inline data” column.

By jph00 2026-02-0617:513 reply

This is not due to slowness of the file system. Native ntfs tools are much faster than Unix ones in some situations. The issue is that running Unix software on windows will naturally have a performance impact. You see the same thing in reverse using Wine on Linux. Windows uses a different design for IO so requires software to be written with that design in mind.

By m132 2026-02-0619:21

> Native ntfs tools are much faster than Unix ones in some situations. The issue is that running Unix software on windows will naturally have a performance impact. You see the same thing in reverse using Wine on Linux.

Not true. There are increasingly more cases where Windows software, written with Windows in mind and only tested on Windows, performs better atop Wine.

Sure, there are interface incompatibilities that naturally create performance penalties, but a lot of stuff maps 1:1, and Windows was historically designed to support multiple user-space ABIs; Win32 calls are broken down into native kernel calls by kernel32, advapi32, etc., for example, similar to how libc works on Unix-like operating systems.

By MadnessASAP 2026-02-0618:591 reply

It's pretty typical these days for software, particularly games of the DX9-11 eras to perform better on Wine/Proton then they do under native Windows on the same hardware.

By jph00 2026-02-0920:57

They rarely are IO constrained.

By noumenon1111 2026-02-0618:05

[flagged]

By p_ing 2026-02-0618:011 reply

The file system isn't slow. The slowness will be present in any file system due to the file system filters that all file system calls pass though.

By mananaysiempre 2026-02-0619:241 reply

Right, by “file system” here I mean all of the layers between the application talking in terms of named files and whatever first starts talking in terms of block addresses.

Also, as far as my (very limited) understanding goes, there are more architectural performance problems than just filters (and, to me, filters don’t necessarily sound like performance bankruptcy, provided the filter in question isn’t mandatory, un-removable Microsoft Defender). I seem to remember that path parsing is accomplished in NT by each handler chopping off the initial portion that it understands and passing the remaining suffix to the next one as an uninterpreted string (cf. COM monikers), unlike Unix where the slash-separated list is baked into the architecture, and the former design makes it much harder to have (what Unix calls) a “dentry cache” that would allow the kernel to look up meanings of popular names without going through the filesystem(s).

By p_ing 2026-02-0623:302 reply

NTFS will perform directory B+-tree lookups (this is where it walks the path) until it finds the requested file. The Cache Manager caches these B+-trees.

From there, it hits the MFT, finds the specific record for the file, loads the MFT record, and ultimately returns the FILE_OBJECT to the I/O Manager and it bubbles up the chain back to (presumably) Win32. The MFT is just a linear array of records, which include file and directories (directory records are just a record with directory = true, essentially).

Obviously simplified. Windows Internals will be your friend, if you want to know more.

By mananaysiempre 2026-02-070:28

Thanks for the explanation! Linux, meanwhile, will[1] in the normal case walk a sequence[2] of hash tables (representing incomplete but up-to-date views of directories) before hitting the filesystem’s vtable or the block I/O layer at all, and on the fast path[3] taking no locks other than the RCU read lock.

[1] https://www.kernel.org/doc/html/latest/filesystems/path-look...

[2] I was under the impression that it could look up an entire path at once when I wrote my grandparent comment; it seems I was wrong, which on reflection makes sense given you can move directories.

[3] https://www.kernel.org/doc/html/latest/filesystems/path-look...

By Rapzid 2026-02-071:451 reply

Heh, first I've heard of Windows Internals. New friends for The Linux Programming Interface!

By p_ing 2026-02-0718:51

Yes, won't be that quite in depth given no source code, but you can easily look up the NT4 source code on GitHub if you want to dive that deep. I would assume much of that code should still be relevant today.

Also worth tracking down a copy of the NT OS/2 Design Workbook on the web (another leak).

And Inside the Windows NT File System by Helen Custer is a very short book but describes the very early state of NTFS capabilities/functions.

By BrouteMinou 2026-02-0620:46

The Windows filesystem isn't slow per se, it's a slowness caused by "a thousand cuts" type of problem.

https://github.com/Microsoft/WSL/issues/873#issuecomment-425...

By exceptione 2026-02-0617:251 reply

NTFS, not so great.

By p_ing 2026-02-0617:433 reply

NTFS is just fine. Stable, reliable, fast, plenty of features for a general purpose file system.

By exceptione 2026-02-0619:271 reply

Even with Defender etc off, it is not fun. Lots of small file IO brings it on its knees. Some wants to blame the Windows I/O system, I don't know, but what I do know is that when people choose NTFS it is because they haven't an alternative. Nobody chooses it based on its quality attributes. I dare to say there is no NTFS system that is faster than an EXT4 system.

If even MS internal teams rather want to avoid it, it seems like it isn't a great offering. https://news.ycombinator.com/item?id=41085376#41086062

By p_ing 2026-02-0622:321 reply

NTFS on Linux should be near-par with ext4 on Linux.

Remember, I said the _file system_ was just fine. It's that extensible architecture above all file systems on NT that causes grief.

The only method to 'turn off' Defender is to use DevDrive, which enforces ReFS, and even then you only get async Defender, it's not possible to completely disable.

By MatejKafka 2026-02-080:35

You can just turn off Defender using a group policy.

By sunaookami 2026-02-079:24

NTFS is infamous for being super slow. Even using EXT4 through WSL is faster.

By repelsteeltje 2026-02-0617:531 reply

...But no way can you wrap it into something that looks posix-y from the inside

By p_ing 2026-02-0618:001 reply

Why would you want to?

By repelsteeltje 2026-02-0618:141 reply

From the article, first use case:

> Example use cases include:

> * Running unmodified Linux programs on Windows

> * ...

That won't work if the unplugged Linux program assumes that mv replaces a file atomically; ntfs can't offer that.

By p_ing 2026-02-0622:30

NTFS uses atomic transactions, that's the only way it has the ability to recover after a fault.

You can read more if you wish in 'Inside the Windows NT File System' by Helen Custer, page 15.

By rafram 2026-02-0616:122 reply

This isn't supposed to replace Windows, and it isn't a GUI desktop operating system at all. I doubt anyone working on this has anything to do with the modern Windows desktop UX.

By dspillett 2026-02-0618:031 reply

> This isn't supposed to replace Windows,

OP wasn't suggesting it was, just that the lack of quality in one significant area of the company's output leads to a lack of confidence in other products that they release.

By viraptor 2026-02-075:331 reply

Given anything the size of Microsoft, it's not a good assumption. MS has large research teams that produce really interesting things. Their output is unrelated to released products.

By dspillett 2026-02-0820:39

Companies want us to trust their things based on positive experiences with their other things, and that works both ways.

By Reddit_MLP2 2026-02-0618:101 reply

but if the host OS is already comprised, what is the point of sandbox inside of it?

By necovek 2026-02-0619:03

Maybe we need secure attestation for sandbox to be protected against compromised host :)

It does sound hard, and might need to employ homomorphic encryption with hw help for any memory access after code has been also verifiably unaltered through (uncompromised) hw attestation.

By lemonish97 2026-02-071:532 reply

I know windows 11 is super buggy and riddled with issues (and the copilot mess), but I'm starting to feel there's a weird echo chamber around these forums that don't even bother looking at what the product or repository is, and automatically assume it's bad 'cause it's from Microsoft.

By zelphirkalt 2026-02-079:26

Once the amount of bad software coming out of a shop rises over 50% this becomes a sane assumption, since it is more likely than not, that it is trash coming out of that shop. So in case of MS it does seem a reasonable assumption to make.

By Peanuts99 2026-02-079:45

I use Windows 11 all day and can't agree it's buggy at all, compared to Windows of the past it's very reliable. The worst I can say is they've made some poor decisions about the defaults around ads in the UI. But all of that is easy to turn off.

By necovek 2026-02-0619:15

Windows is ultimately a lot more complex, and not open source. This also builds on the Linux ecosystem, so even if it comes from Microsoft, I imagine engineering culture is different from that on Windows and especially their online platforms (that's even worse than Windows if you ask me!).

By dooglius 2026-02-0619:21

MSR is a somewhat independent org; you should be making predictions based on other MSR projects

By b00ty4breakfast 2026-02-0622:01

I'm not defending MS in any capacity, but this library is open for viewing if you were so inclined.

By autoexec 2026-02-0617:201 reply

Microsoft doesn't have a very good track record with security or privacy. Maybe it works, but yeah you'll probably get screwed over at some point.

Still, the fact that it's open source is a good thing. People can now take that code and make something better (ripping out the AI for example) or just use bits and pieces for their own totally unrelated projects. I can't see that as anything but a win. I have no problem giving shitty companies credit where its due and they've done a good thing here.

By MatejKafka 2026-02-080:41

> Microsoft doesn't have a very good track record with security or privacy.

That's a very unfair assessment. In many areas, Microsoft services and Windows are better protected than most alternatives (e.g., disk encryption, virtualization-based isolation,...), and security is taken pretty seriously for new products.

By BrouteMinou 2026-02-0620:421 reply

Microsoft US a massive corporation with so many people, business units, departments.

A comment like yours is just like saying: "I know a buggy open-source software, why would I trust that other open-source project? The open-source community burned all possible goodwill".

By CodeMage 2026-02-0623:16

Except that a company, no matter how heterogenous, has an overarching organization, whereas the open-source community doesn't.

There is no CEO of open source, there are no open-source shareholders, there are no open-source quarterly earnings reports, there are no open-source P&G policies (with or without stack ranking), and so on.

By ementally 2026-02-0617:083 reply

Copilot

https://github.com/microsoft/litebox/blob/main/.github/copil...

By pjmlp 2026-02-0617:192 reply

To be expected, given how many organisations now require employees to use AI if they want to meet their OKRs, especially all that sell AI tools.

By outofpaper 2026-02-0618:202 reply

What's dumb, on top of everything, is needing to store non special standard operating procedures in specific AI folders and files when wanting to work with AI tooling.

By WorldMaker 2026-02-0622:121 reply

Copilot today supports the top-level AGENTS.md approach as well, which seems to be the cross-tool "standard".

By int_19h 2026-02-076:391 reply

It is a standard in a sense that they will all read it (although last I checked you still need to adjust the default config with Gemini). But feature support varies between different tooling. For example, only Claude supports @including other files.

By WorldMaker 2026-02-077:121 reply

The "standard" AGENTS.md suggestion for that is [regular markdown links](./like-this.md)

By int_19h 2026-02-081:03

The problem is that it doesn't actually include the referenced file in the context. The model will only see what's in it if it deigns to read it, but that's not a given in all circumstances where it might need to.

I use this feature often in Claude to bring specific files so that they are in context at all times. E.g. when working on a parser, I will often put the grammar to be always in context. Or if working on a web app, all the model types.

By AlfeG 2026-02-0716:47

Like needing to store IDE specific files?

By andai 2026-02-0617:471 reply

[flagged]

By UqWBcuFx6NV4r 2026-02-0618:341 reply

[flagged]

By llama052 2026-02-0618:48

Both can be true.

By viraptor 2026-02-075:30

It doesn't say much really. At this point we can assume almost every project has some generated code in it. Unless you're sure that every single author hates the idea and there are no external contributions. Agent configuration just makes it clear.

By embedding-shape 2026-02-0618:352 reply

> Extremely simple changes do not require explicit unit tests.

I haven't used Copilot much, because people keep saying how bad it is, but generally if you add escape hatches like this without hard requirements of when the LLM can take them, they won't follow that rule in a intuitive way most of the time.

By pjmlp 2026-02-0621:081 reply

It is kind of alright, I use mostly on VS when coding C# or C++, for code completions, error analysis, check code quality and such.

As agent, or writing everything for me, not yet.

By bwat49 2026-02-0621:17

the $10 plan makes a great backup to claude or codex and the inline completions are nice

By sandos 2026-02-0620:02

Yeah, I tried various very sane-looking instrucions file when starting to use copilot 6 months ago. Turned out it was not really useful. It mostly follows the rules anyway, but it also often forgot to. So turns out, especially with the fast turnaround with models today, it was better to just forego these instructions files.