FRESH

Hacker News

Home

Show HN: Witr – Explain why a process is running on your Linux system

489 points by pranshuparmar

by pranshuparmar

2 subcomments

A quick note on scope: this is not meant to replace existing monitoring or observability tools. It’s designed for those moments when you SSH into a box and need to quickly understand “why is this running” without digging through configs, cron jobs, or service trees manually.
Happy to answer questions or adjust direction based on feedback.

by mh-

6 subcomments

This is great. Small, trivial suggestion: the gif that loops in the README should pause on the screen w/ the output for a few seconds longer - it disappears (restarts) too quickly to take in all of the output.

by xk3

0 subcomment

Note that you can do a lot of this by just querying systemctl with the PID
```
    systemctl status 1
```
And there might be more than one process using a port
```
    sudo lsof +c 0 -i:22
```

by vzaliva

3 subcomments

Sounds like something I could use, but installing a binary via `curl` doesn't sit right with me. Next problem you have is "explain how this thing was installed on my system" followed "is it up to date (including security patches).
I hope they have deb package or snap some day.

by cedsam

1 subcomments

This is amazing and really useful to me. Great job.
However, I can’t use it in a production business environment for the same reasons other users mentioned earlier. A Debian or RPM package would be fantastic.

by be_erik

2 subcomments

If you're looking to build and install this from source, here's the incantation:
CGO_ENABLED=0 go build -ldflags "-X main.version=dev -X main.commit=$(git rev-parse --short HEAD) -X 'main.buildDate=$(date +%Y-%m-%d)'" -o witr ./cmd/witr
Call me old-fashioned, but if there's an install.sh, I would hope it would prefer the local src over binaries.
Very cool utility! Simple tools like these keep me glued to the terminal. Thank you!

by zenoprax

6 subcomments

> witr is successful if users trust it during incidents.
> This project was developed with assistance from AI/LLMs [...] supervised by a human who occasionally knew what he was doing.
This seems contradictory to me.

by pranshuparmar

0 subcomment

Quick update, witr now supports macOS as well. You can install it using brew - https://github.com/pranshuparmar/witr?tab=readme-ov-file#81-...

by DougN7

1 subcomments

What does this means for context: “Git repository name and branch” Does this mean it detects if something is running from within a git repository folder? Couldn’t find the code that checked this.

by TheCraiggers

3 subcomments

This is amazing. Thank you for sharing this.
Do you have any qualms about me making an entry in the AUR for this?

by scrame

0 subcomment

This is great. One of those things that just formats and does all the little niggling things you have to do sometimes. I like that it is simple, and doesn't (thank god) need npm or some other package manager.
to quote the top comment: just show a screenshot of its results, if its useful its fine, being fast is just gravy.

by tacone

0 subcomment

> This project was developed with assistance from AI/LLMs (including GitHub Copilot, ChatGPT, and related tools), supervised by a human who occasionally knew what he was doing.
That's the good part of AI. Lowers effort and knowledge barrier and makes things possible.

by techsystems

1 subcomments

I'm really loving this!
'Responsibility chain' will become a trendy phrase.

by epiccoleman

1 subcomments

Cool idea. Reminds me of my alias "whodis" which just lsofs a port to find out the pid who's got it open, but way more functional.

by 4ggr0

1 subcomments

i definitely see the use for it, lots of moments where i wonder how or why something was started.

by saidnooneever

1 subcomments

seems handy but mostly the ppid is outputted as the reason for starting. its 'who dun it', not really _why_ it was started. (service file, autorun, execve etc.)
i see you support multiple output format including json thats nice. id recommend to assume automation (ssh script/commands) and make the default output really easily greppable , or json (jq) since itll be more appealing to parse (shouldnt reduce readability, for the default output it looks like just removing some linebreaks to make it parse more consistently. (maybe the lines are wrapped tho? unclear from the img)

by gavinray

0 subcomment

The "htop" utility has a "Tree View" if you press F5 that is pretty handy for this, too.

by properbrew

1 subcomments

This is extremely useful, will be added to the toolbox. Thanks for sharing.

by q2dg

1 subcomments

pstree doesn't answer the why?

by tototrains

2 subcomments

Worth mentioning: I had claude code find a crypto miner on an infected system which had been running for ~5 months undetected. Up-to-date windows 10 machine. Single prompt saying "This PC is using too much power or fans, investigate". Took minutes, completely cleaned up the infection (I hope) and identified its source. Fantastic use-case.

by wyldfire

1 subcomments

`ps uaxf` gives me pretty similar output.

by ManuelKiessling

1 subcomments

I‘m SO going to steal your AI Assistance Disclaimer.

by fracus

1 subcomments

I really like this. Something like this should already exist, stock.

by jsomedon

1 subcomments

Brilliant stuff! Any plan to support macos?

by dxdm

0 subcomment

Very nice README, too.

by Saris

1 subcomments

This looks very handy to have around!

by dontdieych

1 subcomments

Nice and installed then starred.

by canxerian

1 subcomments

Great idea!

by pcdoodle

0 subcomment

[dead]