HN Reader

A Nobel Prize winner decodes why people aren't having kids (washingtonpost.com)

1 points by keepamovin 36s ago 0 comments

A world where subscriptions don't suck (nuggetize.com)

1 points by mattvr 1m ago 0 comments

A Review of Aerospike Nozzles: Current Trends in Aerospace Applications (mdpi.com)

1 points by PaulHoule 2m ago 0 comments

FLUX.1 Kontext [Dev] – Open Weights for Image Editing (bfl.ai)

3 points by minimaxir 3m ago 0 comments

Cross-Compiling 10k Rust CLI Crates Statically (blog.pkgforge.dev)

2 points by todsacerdoti 4m ago 0 comments

Introduction to embedded development with Rust: Overview of the ecosystem (kerkour.com)

1 points by unsolved73 4m ago 0 comments

Field Guide to the North American Weigh Station (hackaday.com)

1 points by zdw 4m ago 0 comments

Log-Survival to Death Rate (entropicthoughts.com)

1 points by kqr 5m ago 0 comments

FLUX Kontext Dev Ultra Fast Live (huggingface.co)

1 points by chengzeyi 5m ago 1 comments

Show HN: Personal Branding Photos for Women in 10 mins (gostudio.ai)

2 points by gostudio_ai 9m ago 0 comments

Tennis Scorigami (tennis-scorigami.com)

2 points by jlarks32 9m ago 0 comments

Young People Face a Hiring Crisis. AI Is Making It Worse (derekthompson.substack.com)

3 points by herbertl 10m ago 0 comments

KDE Plasma 6.4 review – A worrying trend (dedoimedo.com)

1 points by jandeboevrie 11m ago 0 comments

Ask HN: How can I promote my Free Startup Mentoring?

1 points by riley-i 13m ago 2 comments

My favorite account is a library in Ohio (milkkarten.net)

2 points by herbertl 14m ago 0 comments

Context Engineering: A Primer (ai.intellectronica.net)

1 points by intellectronica 14m ago 2 comments

Lounge It (loungeit.carrd.co)

1 points by mcordova 14m ago 1 comments

Show HN: I built a UI to manage Claude Code worktrees (github.com)

3 points by jbentley1 15m ago 0 comments

Mysite.ai – your first AI employee that builds websites in under 2 minutes (mysite.ai)

1 points by codejetai 15m ago 2 comments

Convert Words to Time (wordstotime.com)

1 points by bookofjoe 15m ago 0 comments

Beyond the Buzz: How 'Deep Tech' Startups Are Changing the Game (fossforce.com)

1 points by dxs 18m ago 0 comments

ProductHunt Isn't the Place for Indie Devs Anymore (old.reddit.com)

2 points by vikingmute 25m ago 1 comments

Weird Expressions in Rust (wakunguma.com)

2 points by Bogdanp 26m ago 0 comments

Why Most SBOMs Fail and What to Do About It (ovalenzuela.com)

1 points by Tomte 26m ago 0 comments

Tech AI is doing 30%-50% of the work at Salesforce, CEO Marc Benioff says (cnbc.com)

5 points by kamaraju 26m ago 3 comments

LLM Code Review Maven Plugin (github.com)

1 points by romanta 26m ago 0 comments

The CrateDB MCP Server (community.cratedb.com)

1 points by kneth 28m ago 1 comments

Built a tool to help SaaS teams use their customer feedback (inov-ai.tech)

2 points by brightUiso 29m ago 1 comments

European Venture Prisoner's Dilemma (nodesventures.substack.com)

1 points by AnhTho_FR 30m ago 0 comments

Offerwall gives publishers more options to monetize content (blog.google)

1 points by xnx 30m ago 0 comments

Gridlocked: AI's power needs could short-circuit US infrastructure (theregister.com)

2 points by rntn 30m ago 0 comments

The cheat codes of technological progress (exponentialview.co)

1 points by surprisetalk 31m ago 0 comments

Show HN: An open-source app to query 10 AI models at once (github.com)

2 points by nexarithm 31m ago 0 comments

Modern Node.js Patterns for 2025 (kashw1n.com)

2 points by kashw1n 31m ago 0 comments

Gen4D: Synthesizing Humans and Scenes in the Wild (arxiv.org)

1 points by PaulHoule 36m ago 0 comments

Fiscal Year 2026 Budget Request (nasa.gov)

5 points by mclau157 36m ago 0 comments

Show HN: I built an AI dataset generator (github.com)

5 points by matthewhefferon 36m ago 1 comments

Most Influential Companies 2025 (time.com)

1 points by andsoitis 37m ago 0 comments

The Engineering Skill Points Game (mixpanel.substack.com)

5 points by tdumitrescu 38m ago 0 comments

Part 2: An AI swim coach that's building an iOS trainer in Swift (suthakamal.substack.com)

2 points by suthakamal 39m ago 1 comments

Using LLMs in CI/CD for semantic testing of web content (plo.ug)

3 points by pploug 39m ago 0 comments

CSS Functions and Mixins Module (w3.org)

2 points by smidgeon 40m ago 0 comments

Show HN: I made a Resume Generator – includes tailoring, scoring, and more (resumebuildai.com)

1 points by Amza 41m ago 0 comments

Weight loss jabs study begins after reports of pancreas issues (bbc.com)

2 points by blindriver 43m ago 0 comments

Do Stonks Go Up? (entropicthoughts.com)

2 points by kqr 43m ago 0 comments

Bring on the Stupid: When does it make sense to judge a something by its worst? (statmodeling.stat.columbia.edu)

2 points by nabla9 44m ago 0 comments

Top AI Tools for Business (aiex.me)

1 points by zack119 44m ago 0 comments

Lofi Byzantine Chant Radio (orthodox.cafe)

2 points by egglemonsoup 44m ago 0 comments

The Decline of Legacy Media, Rise of Vodcasters, and X's Staying Power (conspicuouscognition.com)

1 points by mpweiher 45m ago 0 comments

DockedUp: A Terminal Dashboard for Docker Containers (github.com)

2 points by thunderbong 47m ago 0 comments

Apptainer: Application Containers for Linux

88 cl3misch 51 6/26/2025, 9:45:21 AM apptainer.org ↗

Comments (51)

IshKebab · 4h ago
We tried to use this on our compute cluster for silicon design/verification. We gave up in the end and just went with the traditional TCL (now Lua) modules.

The problems are:

1. You can't have apptainers that use each other. The most common case was things like Make, GCC, Git etc. If Make is in a different apptainer to GCC then it won't work because as soon as you go into Make then it can't see GCC any more.

2. It doesn't work if any of your output artefacts depend on things inside the container. For example you use your GCC apptainer to compile a program. It appears to work, but when you run it you find it actually linked to something in the apptainer that isn't visible any more. This is also a problem for C headers.

3. We had constant issues with PATH getting messed up so you can't see things outside the apptainer that should have been available.

All in all it was a nice idea but ended up causing way more hassle than it was worth. It was much easier just to use an old OS (RHEL8) and get everything to work directly on that.

Fokamul · 1h ago
So you are using container app and your biggest problem with it is, that it's doing exactly as advertised -> containers :D
mbreese · 2h ago
I think of using Apptainer/Singularity as more like Docker than anything else (without the full networking configs). These are all issues with traditional Docker containers as well, so I’m not sure how you were using the containers or what you were expecting.

For my workflows on HPC, I use apptainers as basically drop-in replacements for Docker, and for that, they work quite well. These biggest benefit is that the containers are unprivileged. This means you can’t do a lot of things (in particular complex networking), but it also makes it much more secure for multi-tenant systems (like HPC).

(I know Docker and Apptainer are slightly different beasts, but I’m speaking in broad strokes in a general sense without extra permissions).

0xbadcafebee · 1h ago
You don't mix and match pieces of containers, just like you wouldn't mix and match binaries from different distributions of Linux.

You can use a container as a single environment in which to do development, and that works fine. But they are by definition an isolated environment with different dependencies than other containers. The result of compiling something in a container necessarily needs to end up in its own container.

...that said, you could use the exact same container base image, and make many different container images from it, and those files would be compatible (assuming you shipped all needed dependencies).

mrbluecoat · 1h ago
Great to see Apptainer getting some attention. It generally excels over other container options (like Docker and Podman) in these scenarios:

- Need to run more than one activity in a single container (this is an anti-pattern in other container technologies)

- HPC (and sometimes college) environments

- Want single-file distribution model (although doesn't support deltas)

- Cryptographically sign a SIF file without an external server

- Robust GPU support

kinow · 5h ago
Apptainer and singularity ce are quite common in HPC. While both implementations fork the old singularity project, they are not really identical.

We use singularity in the HPCs (like Leonardo, LUMI, Fugaku, NeSI NZ, Levante) but some devs and researchers have apptainer installed locally.

We found a timezone bug a few days ago in our Python code (matplotlib,xarray,etc.), but that didn't happen with apptainer.

As the code bases are still a bit similar, I could confirm apptainer fixed it but singularity ce was still affected by the bug -- singularity replaces the UTC timezone file by the user's timezone, Helsinki EEST in our case in LUMI HPC.

https://github.com/sylabs/singularity/issues/3686

throw0101c · 4h ago
> Apptainer and singularity ce are quite common in HPC. While both implementations fork the old singularity project, they are not really identical.

Apptainer is not a fork of the old Singularity project: Apptainer is the original project, but the community voted to change its name. It also came under the umbrella of the Linux Foundation:

* https://apptainer.org/news/community-announcement-20211130/

Sylabs (where the original Singularity author first worked) was the one that forked off the original project.

markus92 · 5h ago
Luckily they’re still compatible with each others containers. Can use Apptainer to build the container then run it on Singularity and vice-versa.
cs_throwaway · 3h ago
Funny this is here. Apptainer is Singularity, described here:

https://journals.plos.org/plosone/article?id=10.1371/journal...

If you ever use a shared cluster at a university or run by the government, Apptainer will be available, and Podman / Docker likely won't be.

In these environments, it is best not to use containers at all, and instead get to know your sysadmin and understand how he expects the cluster to be used.

shortrounddev2 · 2h ago
Why are docker/podman less common? And why do you say it's better not to use containers? Performance?
kgxohxkhclhc · 2h ago
docker and podman expect to extract images to disk, then use fancy features like overlayfs, which doesn't work on network filesystems -- and in hpc, most filesystems users can write to persistently are network filesystems.

apptainer images are straight filesystem images with no overlayfs or storage driver magic happening -- just a straight loop mount of a disk image.

this means your container images can now live on your network filesystem.

0xbadcafebee · 1h ago
Do the compute instances not have hard disks? Because it seems like whoever's running these systems doesn't understand Linux or containers all that well.

If there's a hard disk on the compute nodes, then you just run the container from the remote image registry, and it downloads and extracts it temporarily to disk. No need for a network filesystem.

If the containerized apps want to then work on common/shared files, they can still do that. You just mount the network filesystem on the host, then volume-mount that into the container's runtime. Now the containerized apps can access the network filesystem.

This is standard practice in AWS ECS, where you can mount an EFS filesystem inside your running containers in ECS. (EFS is just NFS, and ECS is just a wrapper around Docker)

NGRhodes · 21m ago
Scale of data we see on our HPC, it is way better performance per £/$ to use Lustre mounted over fast network. Would spend far too much time shifting data otherwise. Local storage should be used for tmp and scratch purposes.
jdjcdbxh · 39m ago
yes, nodes have local disks, but any local filesystem the user can write to is ofen wiped between jobs as the machines are shared resources.

there is also the problem of simply distributing the image and mounting it up. you don't want to waste cluster time at the start of your job pulling down an entire image to every node, then extract the layers -- it is way faster to put a filesystem image in your home directory, then loop mount that image.

harel · 2h ago
Not a constructive comment, but I find the name "Apptainer" doesn't really work. Rolls funny on the tongue and feels just "wrong" to me.
Simran-B · 5h ago
Flatpak considers to move from OSTree to containers, citing the well-maintained tooling as a major plus point. How would that differ from Apptainers?
Imustaskforhelp · 2h ago
Maybe the idea is that flatpak can have better sandbox control over applications running in flatpak using xdg-dbus ie. you can select the permissions that you want to give to a flatpak application and so sometimes it can act near native and not be completely isolated like containers.

Also I am not sure if apptainers are completely isolated.

Though I suppose through tools like https://containertoolbx.org/ such point also becomes moot & then I guess if they move to container, doesn't it sort of become like toolbx?

To be honest, I think a lot of tools can have a huge overlap b/w them and I guess that's okay too

evertheylen · 1h ago
If any developers are looking to isolate different dev projects from each other using containers, I wrote a tool for it (using podman), maybe someone finds it useful or can thrash its security.

Find the code on https://github.com/evertheylen/probox or read my blog post on https://evertheylen.eu/p/probox-intro/

maweki · 1h ago
Why didn't toolbox fit your needs? I found toolbox to be a very reasonable way to install development dependencies on a per project basis while not managing multiple hidden filesystems.
evertheylen · 56m ago
toolbx is not actually intended to provide any security or isolation, see e.g. https://github.com/containers/toolbox/issues/183
Tepix · 3h ago
I agree with Havoc, the message is unclear: Is Apptainer a replacement for Flatpack on the desktop, or is it targeting the server?
MillironX · 2h ago
Server - but this is kind of a wrong question. Apptainer is for running cli applications in immutable, rootless containers. The closest tool I can think of is Fedora Toolbx [1]. Apptainer is primarily used to distributing and reusing scientific computing tools b/c it doesn't allow root, doesn't allow for changes to the rootfs in each container, automatically mounts the working directory and works well with GPUs (that last point I can't personally attest to).

[1]: https://docs.fedoraproject.org/en-US/fedora-silverblue/toolb...

johnnyjeans · 26m ago
> Apptainer is for running cli applications in immutable, rootless containers.

What's the appeal of using this over unshare + chroot to a mounted tarball with a tmpfs union mount where needed? Saner default configuration? Saner interface to cgroups?

0xbadcafebee · 58m ago
Whoever made this is trying to sell something to people who don't know how containers work. The "encryptable" part is giving major snake oil vibes. Is there some clueless administrator somewhere demanding encryption, not really getting what it's for?
DrNosferatu · 3h ago
It is very handy in SLURM clusters and servers where you have no sudo.

Some attrition using it though: is there a good in-depth book about it?

floro · 1h ago
I used it on a SLURM cluster before. The documentation is done well and should be a good introduction. The only issue I had was that the cluster didn't have fakeroot or sudo, so I had to build the apptainer locally and transfer it to the server.
DrNosferatu · 1h ago
Exactly: in most HPC clusters / servers one has no sudo.
amelius · 3h ago
I have yet to see a container technology that doesn't break a myriad of things.
Hilift · 2h ago
I thought the "hardened images" were a step in the right direction. It's a pain to have to deal with vulnerabilities on ephemeral short-lived containers/instances. Having something hyper up to date is welcome.

https://www.docker.com/blog/introducing-docker-hardened-imag...

actinium226 · 2h ago
I tried looking into this, but I do development work on Mac, which is not supported, and so it became a non starter.
thm · 2h ago
https://orbstack.dev
mrweasel · 4h ago
To some extend I understand the problem that these solution are trying to address, I'm just not sure that simply stuff things into containers is really the right solution.

Perhaps the problems need to be addressed on a more fundamental level.

whatagreatboy · 4h ago
https://dl.acm.org/doi/10.1145/3126908.3126925

This paper might help

exabrial · 3h ago
Honestly switched to systemd isolation features (chroot, ro/rw mounts, etc) and never looked back.
aa-jv · 5h ago
Very interesting .. I was recently tasked with getting a bespoke AI/ML environment ready to ship/deploy to, what can only be considered, foreign environments .. and this has proven to be quite a hassle, because, of course: python.

So I guess Apptainer is the solution to this use case - anyone had any experience with using it to bundle up an AI/ML application for redistribution? Thoughts/tips?

SirHumphrey · 5h ago
I did start to use them for AI development on the HPC I have access to and it worked well (GPU pass-through basically automatically, the performace seemed basically the same) - but I mostly use them because I do not want to argue with administrators anymore that it's probably time they update Cuda 11.7 (as well as python 3.6) - the only version of Cuda currently installed on the cluster.
aa-jv · 4h ago
Ah, right. So, no matter what container comes along to solve this problem, there's still the BOFH factor to deal with ..

Curious though, how are you doing this work without admin privs?

SirHumphrey · 2h ago
It's a bit annoying, but you can install conda without admin privileges and apptainer was installed for compliance with some EuroHPC project and luckily made accessible to all users. The container allows me to have an environment where I have "root" access and can install software.

The most annoying thing is not the lack of privileges, but that the compute nodes do not have internet access (because "security") beside connecting to the headnode, so there is the whole song and dance of running the container (or installing conda packages) on the headnode so I can download everything I need, then saving the state and running them on the compute node.

ethan_smith · 4h ago
Apptainer excels for AI/ML distribution because it handles GPU access and MPI parallelization natively, with better performance than Docker in HPC environments. The --fakeroot feature lets you build containers without sudo, and the SIF file format makes distribution simpler than managing Docker layers.
Havoc · 5h ago
Wish these sort of projects would do a better job articulating what the value proposition is over leading existing ones.

Like why should I put time into learning this instead of rootless podman? Aside from this secret management thing it sounds like same feature set

kitd · 3h ago
From the Introduction [1]

    Many container platforms are available, but Apptainer is focused on:

    Verifiable reproducibility and security, using cryptographic signatures, an immutable container image format, and in-memory decryption.

    Integration over isolation by default. Easily make use of GPUs, high speed networks, parallel filesystems on a cluster or server by default.

    Mobility of compute. The single file SIF container format is easy to transport and share.

    A simple, effective security model. You are the same user inside a container as outside, and cannot gain additional privilege on the host system by default. Read more about Security in Apptainer.
[1] https://apptainer.org/docs/user/main/introduction.html
maxnoe · 4h ago
This project is way older than (rootless) podman.
Imustaskforhelp · 2h ago
But I guess aren't their premise just the same though? I wonder how different "learning" apptainer is compared to "learning" podman given atleast in podman with podman-compose and many other such things, podman just is really equivalent to docker in a lot of scenarios with a 1:1 bind mostly
v9v · 4h ago
You should put time into learning this if you are going to be running HPC jobs on clusters, because some HPC clusters support this for jobs and not much else.
tecleandor · 4h ago
So is this popular in science or data analysis / forecasting or something like that?

I'm not familiar with it (I don't know if it changed names or just didn't notice)

v9v · 1h ago
I don't think people use it for reproducible environments on their own machines the same way Docker is sometimes used, I've mostly encountered it in academic compute clusters as a way to install the libraries/languages you're using onto the cluster in an easy to remove way. So it's popular in HPC clusters specifically and not really tied to a field of research beyond that.
misnome · 3h ago
Used to be called “Singularity”
eraser215 · 5h ago
Isn't this another fork by the same douche who claims he created centos and started rocky? His track record as an open source person is pretty atrocious, contrary to popular belief.
eisbaw · 5h ago
Argh, yet another way to distribute userland images. AppImages does it right by including the run-time with the image itself - no prior installation needed.

More nix less containers, btw.

E.g. docker run -ti nixery.dev/shell/cowsay bash for on-the-fly containers based on Nix.

Imustaskforhelp · 2h ago
Of course we ignore the taking shots at a project just for its existence thing aside

I actually really like nixery.dev idea. Sounds kinda neat.

If I am being really honest, there are a lot of ways to go around tbh, there are ways to run nix inside of docker and docker inside of nix too.

There are ways to convert docker images into os too and there are tools like coreos.

There is nix-shell and someone on hackernews told me about comma and I am still figuring out comma (haha! Thanks to them!)

And if one just wants isolation, they can use bubblewrap or (pledge by jart) and I guess there is complete beauty and art in such container-esque space and I truly love this space a lot.

I am actually wondering right now that using traefik (as load balancer) + nats (for a modular monolith) + podman/coreos + (cloudflare tunnels?) + any vps and you can use nix to build those containers too or you can go the other way around by having a nixos on vps with traefik + nats can be a really good alternative to kubernetes.

I mean, There is docker swarm too if you don't want any of such complexity but people say that its less worked upon but still I guess there is a sort of fun in reinventing the wheel of kubernetes, but I guess I don't have tooo much problems with kubernetes I suppose because of the existence of helm charts (I haven't used kubernetes) but helm charts are written in go templates and I think they are a bit clunky but still I love golang and I feel like I would be okay with writing helm charts but I guess I am one of the people who just believes to scale horizontally first than vertically untill the economic scale gets broken and its more cheaper to use kubernetes / learn it than not.

_joel · 5h ago
fewer containers, surely :)