I’ve been thinking about the complexity of modern technology stacks. See You probably like bad software from earlier this week.
Some of the interesting approaches to dealing with this eschew operating systems almost entirely.
Finding ways to reduce attack surfaces, create more maintainable systems in a world where the cost of hardware approaches zero is critical because we’re going to have a lot more of them.
Nobody (or company) is going to be able to effectively manage an infinite number of unix systems spread across dozens of devices indefinitely. I can barely maintain one unix server running this site and I have a computer science degree and two decades of experience running it.
Some interesting approaches / existing work –
UniK (pronounced you-neek) is a tool for compiling application sources into unikernels (lightweight bootable disk images) rather than binaries. UniK runs and manages instances of compiled images across a variety of cloud providers as well as locally on Virtualbox. UniK utilizes a simple docker-like command line interface, making building unikernels as easy as building containers.
Unikernels are interesting – throw out the OS and write monolithic kernels with a single application on top. Somewhere between “research concept” and “possibly a production-ready technology” but this toolkit makes testing and applying unikernels in various current forms pretty straightforward – I had some basic Go code running on a rump kernel very quickly.
Unikernels are specialised, single-address-space machine images constructed by using library operating systems. Unikernels shrink the attack surface and resource footprint of cloud services. They are built by compiling high-level languages directly into specialised machine images that run directly on a hypervisor, such as Xen, or on bare metal. Since hypervisors power most public cloud computing infrastructure such as Amazon EC2, this lets your services run more cheaply, more securely and with finer control than with a full software stack.
For a long time, we were unhappy with having to care about security issues and Linux distribution maintenance on our various Raspberry Pis. Then, we had a crazy idea: what if we got rid of memory-unsafe languages and all software we don’t strictly need?
MirageOS is a library operating system that constructs unikernels for secure, high-performance network applications across a variety of cloud computing and mobile platforms. Code can be developed on a normal OS such as Linux or MacOS X, and then compiled into a fully-standalone, specialised unikernel that runs under a Xen or KVM hypervisor.
Library OS in OCaml.
Rump kernels enable you to build the software stack you need without forcing you to reinvent the wheels. The key observation is that a software stack needs driver-like components which are conventionally tightly-knit into operating systems — even if you do not desire the limitations and infrastructure overhead of a given OS, you do need drivers.
Uses NetBSD drivers and enables a large amount of existing software to more or less “just work” as a unikernel – some example packages include mysql, nginx, leveldb, haproxy, rust, tor, zeromq.
· · ·
If you enjoyed this post, please join my mailing list