
ProcMon for Linux - lowleveldesign
https://github.com/microsoft/ProcMon-for-Linux
======
TimTheTinker
I'm just waiting for Microsoft to invert WSL into LSW.

Specifically, I hope they release their own branded Linux distro, built on
Ubuntu/Debian, with an optional KVM-hosted NT kernel for Windows syscall
support. Maybe call it Windows NC (for Next Century).

I'll probably leave MacOS behind at that point on my work machine, especially
if they create a display-PS compositing window manager that's anywhere as good
as MacOS's.

~~~
l0b0
First we'd need a FOSS window/desktop manager replicating the Windows
experience. It would gobble down the market share of existing FOSS WMs/DMs in
an instant. Basically _any_ decent Windows experience ­— 2000, XP, 7 or 10 —
would be far ahead of the current big players for the 99% use case. For
example, it's 2020 and I could list at least half a dozen graphics glitches
I've had on Ubuntu 20.04 so far. On recent Windows installations, no graphics
glitches I can think of, certainly none that persisted.

Second, MS would need to port some sort of compatibility layer, which would
probably be 10000 person-years to achieve anything like the backward
compatibility they currently support.

Third … well, that would be it. The vast majority of non-techies would be
ecstatic to find they can upgrade for free for ever, their software would just
keep running, and hardware would work basically from day one (because the
companies developing cutting edge hardware Windows would pivot their driver
development) until the end of time (because FOSS drivers, while slower to
appear for most hardware, are supported essentially forever).

~~~
skinkestek
> Basically any decent Windows experience — 2000, XP, 7 or 10 — would be far
> ahead of the current big players for the 99% use case.

I see more and more people - and not just hardcore devs - using Linux.

For me, Linux has been a better desktop experience since around 2005 sometime:
faster, easier to configure to my exact liking, easier to install, less hassle
to maintain. (Except the time when KDE 4 was new and Ubuntu changed to Unity.)

For a long time I even though it was just a matter of time before everyone
would realize but now I have realized that people are just different. Some
people actually like Mac and Windows. Some people are driven mad by
inconsistencies in my favorite DE (KDE) that I cannot even spot after someone
tried to point them out. I however can't stand CMD-tab on Mac but Mac users -
like me with the alignment issues on KDE - cannot see how it can be a problem.

Summary: it is not like any of them are way ahead in general. I see more and
more people using Linux and expect numbers to rise a few percentage points
more.

------
olafure
Does it have telemetry built in?

[https://github.com/microsoft/ProcMon-for-
Linux/search?q=tele...](https://github.com/microsoft/ProcMon-for-
Linux/search?q=telemetry&unscoped_q=telemetry)

~~~
GrayShade
I felt the same as you, but that doesn't look like "phoning home" telemetry,
but rather the events returned by the OS.

[https://github.com/microsoft/ProcMon-for-
Linux/blob/70d5196e...](https://github.com/microsoft/ProcMon-for-
Linux/blob/70d5196efce7e4e625912ceadccadbcc42f83af4/src/common/telemetry.h)

------
reacharavindh
Don’t we use Sysdig for this? (Watching system call activity on system or by
Pid)

Is there anything this gives us that sysdig doesn't?

------
drol3
I am continually impressed with the changes Microsoft has made since Satya
Nadella took over :)

------
boramalper
Looking forward to the first EEE comment. :)

~~~
verroq
That's literally what Windows Subsystem for Linux is. Trying to integrate
Linux into Windows.

~~~
maaarghk
Where's the extinguish? Get everyone so addicted to procmon for Linux that
they stop paying for strace?

~~~
diffeomorphism
Embrace linux by offering WSL.

Extend by offering stuff exclusive to WSL, e.g. their directX and cuda stuff.

Embrace by releasing procmon, powershell, ... . <\-- You are here.

Then offer nice additional features that happen to only be available on some
blessed config/integration with AD/...

~~~
pjmlp
Embrace linux by offering NDK

Extend by offering stuff exclusive to Android, e.g. their Java and NDK Native
APIs stuff.

Embrace by releasing Play Store only APIs, ... . <\-- You are here.

Then close down NDK to anything that isn't Android relevant.

~~~
diffeomorphism
So your argument is "but, but google is doing it, too!"?

... and that makes it better/worse/look a three-headed monkey is behind you?

~~~
pjmlp
Yes, because apparently for the MS hating crowd everything is fine when Google
and others are is doing it.

How are you enjoying the BSD upstream updates done by Sony?

~~~
diffeomorphism
So monkey and some "crowd" supposedly is doing something, okay.

~~~
pjmlp
Luckily I don't have a FOSS agenda that pretends that some corporations are
better than others with human characteristics.

The time of rainbow colours and cheerful music is long gone for me.

------
DevKoala
WSL is becoming more attractive as a development environment by the day. Maybe
my next computer in 4-5 years won’t be a Mac.

I miss having access to Windows games.

~~~
eknkc
Recently switched from mac to windows (wsl2). My previous attempts (switching
to linux or wsl1) all failed miserably but the wsl2 is pretty good.

And I could build a PC as I wish. Weird times.

~~~
diarrhea
What makes WSL2 work for you, where WSL1 failed?

~~~
eknkc
WSL1 had / has really bad filesystem performance. Git commands would take ages
on large repos as a example.

WSL2 has a linux fs which is fast and a bridge to windows fs which is still
slow but I just live on the linux fs. WSL2 also runs native docker (and
windows docker client and leverage the docker daemon in wsl).

It is not completely seamless but pretty good.

------
svntid
the error log after installing this "tool" pretty much sums it up for me

stopping now [-ferror-limit=] 20 errors generated.

------
kalium-xyz
Advanced tracing like BPF is amazing and the slow but steady adaption of these
tools in one form of another will bring us closer to a sane and comfortable
future of transparency and reduced complexity. Glad microsoft is also on the
train with WSL.

------
chrizyuen
need root permission. Can we have normal permission ProcMon with less feature?

~~~
Stratoscope
Great idea. I would start by filing an issue here:

[https://github.com/microsoft/ProcMon-for-
Linux/issues](https://github.com/microsoft/ProcMon-for-Linux/issues)

There would have to be some limitations when not running as root, but it would
still be useful for looking at your own processes. I always like it when an
app can be installed "per-user" as an alternative to a systemwide install.

------
miguelmota
This is pretty sweet. Hoping someone makes an Arch AUR package for it

------
zaggynl
Neat, I already use fatrace on Linux but hurray for more tools.

------
m0zg
In src/common/cancellable_queue.h

    
    
        std::size_t calculateBackpressure() 
        {
            return currentReadQueue->size() + currentWriteQueue->size();
        }
    

Not thread-safe. Shared queues are accessed without a lock. So this will
eventually blow up as the queues are swapped in a different thread, or due to
inconsistent reads on un-synchronized variables.

Recommendation to MS folks: find someone at MS who knows C++. Barring that, at
least run ASAN and TSAN on your stuff before you release it.

~~~
otterley
Have you considered posting an issue on GH? Bug reports like these are
unlikely to be seen here by the authors.

------
grugagag
I’ll laugh when they get to the third e. It’s the same tricks that they’ve
played before, but everyone is too young to remember it on their own skin and
the older ones who remember are ridiculed. They’re moving just like the frog
stays comfortable in the slowly boiling pot, with a slow and steady embrace.
Their target audience is unsuspecting as if Microsoft has become some kind of
altruistic force. But no monster of that size is altruistic, they’re hungry
for fresh souls:) And they’ll have ‘em it seems. It won’t hurt, the denial
will mitigate the pain.

~~~
bvelica
OK, I am one of the young ones :) What are you talking about ? Thank you!

~~~
dangravell
"Embrace and extend" I think - appear to adopt or support a technology only to
attempt to influence, limit and block later developments. Other examples: J#,
the Office XML standards etc etc

~~~
bvelica
Aaaa... yes I understand! Thank you

------
svntid
this headline is absolutely misleading and a lie - the tool does in fact not
run on linux

~~~
Legogris
Were you unable to get it to work? Looks like it should work fine with a
kernel >= 4.18

------
elitistphoenix
Umm... wut?!

------
piyush_soni
May be a side topic, but I always wonder even after so many decades why does
everything on Linux look so ugly?

~~~
CodeGlitch
I prefer the look of terminal applications. Additionally I get more control
over the fonts and colors. Unlike most Windows applications, which have no
customization (generally) and no consistency.

~~~
piyush_soni
Some would definitely like terminal applications more, but the fact that on
Linux by default it comes up to be terminal apps says a lot about the
platform. One can just go and compare the ProcMon on Linux and Windows.
Probably over the years people have figured out that there are so many hurdles
in making basic GUI applications work on it? Some random Linux distribution
would always complain about missing some random dependency, and the users
would get totally confused, so developers are like let's not even go that way.
Half the times Anti-aliasing wouldn't work on text fonts and mouse cursors and
what not.

I agree Windows applications don't have a lot of consistency as well, but it's
at least better than Linux where half are on terminal only, and half have some
kind of casually created GUI.

~~~
CodeGlitch
Terminal applications are more open to automation - something that Linux
excels in. GUI applications are far harder to automate. In the case of ProcMon
I'm not sure there's a case for automation, although happy to be proven wrong.

Agreed about the casually created GUIs on Linux, but I'm happy someone has put
the effort into them.

~~~
piyush_soni
Actually, our company's product supports both GUI and a text user interface so
everything can be automated as well as used via GUI (and that's on both
Windows and Linux versions). I'm not sure why more people don't do that.

~~~
rbanffy
Linux servers don't (and shouldn't) have GUI libraries installed. A procmon-
like tool would then be a server component, that'd be invoked over, maybe, a
ssh session, and a client component that'd expose that functionality over a
GUI or a web page.

That's a lot of work for a simple tool when a text-based terminal interface
solves the problem very neatly. Personally, I'd do it with strace, sysdig or
something else that would spit a long text file I could parse rather than
updating a terminal screen.

------
galacticaactual
Fantastic. This is going to completely overhaul how anomaly detection
engineering is done in Linux.

~~~
jrockway
This is just a UI. eBPF was the big innovation in Linux tracing and it's been
around for years.

------
unmole
This seems to use eBPF. As far as I know, WSL2 doesn't support eBPF. I don't
understand how this can be seen as the _Extend_ part of EEE. People really
need to calm down.

~~~
skissane
I don't understand why WSL2 wouldn't support eBPF. It is a mostly vanilla[1]
Linux kernel running under a hypervisor, so why couldn't a kernel with eBPF
support be used? Indeed, Microsoft's WSL2 kernel has eBPF JIT support turned
on – [https://github.com/microsoft/WSL2-Linux-
Kernel/blob/master/M...](https://github.com/microsoft/WSL2-Linux-
Kernel/blob/master/Microsoft/config-wsl#L1352)

WSL1 yes I agree, it is just a translation layer between Linux and NT
syscalls, and features such as eBPF would not be implemented in such a layer.

[1] there may at times be various enhancements to HyperV paravirt drivers that
haven't been upstreamed yet

~~~
unmole
I didn't realise WSL2 ran a real Linux kernel. TIL!

