
Look Ma, no OS - lelf
http://slides.com/technolo-g/intro-to-unikernels-and-erlang-on-xen-ling-demo#/
======
monochromatic
"Two dimensional navigation for a slide deck would be really helpful,
discoverable, and useful."

\- no one ever

~~~
MCRed
For those who are confused: Hit the down arrow to go thru the slides, when you
get to the end of one, hit the right arrow to go to the next section, then
rinse and repeat.

Just hitting right will show the you the headers for each section. Right jumps
from section to section

Hitting down goes slide to slide.

~~~
itsbits
just use space for next slide, why all down, right arrows..??

------
zobzu
Unikernels are cool to play with. Erlang is cool too. But...

\- [name] is a kernel thread not a user space process.

\- its libssl, not "libopenss"

\- installing rpc, some obscure 55k listening port, and calling it bloated..
heh so cheap.

Once past all this FUD - what does a unikernel (basically the same as running
linux and your app as /sbin/init except it's in Erlang and not C here)?

\- its obscure. you get security mainly because nobody knows what you're
running.

\- its library based. like regular OSes.

\- it runs only one program. or a million of them, like a regular OS, but with
zero separation between them so compromise one means compromise all, actually.
Else you have to add the separation layer yourself by writing more apps per
"system" and make them communicate.

\- its undebuggable without a lot of knowledge

\- 'script kiddies' will run ./erlang-hack-for-x instead of ./rootshell.sh,
this changes nothing to that. Remember the XEN exploit a few month ago? That'd
still work and give access to all the Erlang instances. Its not that hard.

\- its not faster, its actually slower, when compared to C kernel+code.

\- it doesnt compile itself, you need a "regular OS" to deploy it

\- it uses the same memory space for mostly everything (regular OSes use
protected memory per process, its hardware enforced by the CPU)

\- namespaced linux boots in < 10ms already...

There are much better implementations of safer, faster, cleaner OSes with
better paradigms that also do away with backward compat and using modern,
memory safe languages
([http://en.wikipedia.org/wiki/Singularity_%28operating_system...](http://en.wikipedia.org/wiki/Singularity_%28operating_system%29)
for a well-known one). For the record MS also developed Drawbridge
(process+lib, so not exactly a unikernel) because they could not do away with
windows compatibility. So yeah.

If you have doubts, look at the example code at
[https://github.com/technolo-g/unikernel-
demo](https://github.com/technolo-g/unikernel-demo)

~~~
pjmlp
The problem with Mesa/Cedar, Modula-3/Spin, Modula-2/Lilith, Oberon/Native
Oberon, Oberon-2/AOS, Sing#/Singularity and many others is compatibility and
lack of buy-in from OS vendors.

Personally I see application compartments, wider adoption of Swift, Java, .NET
Native, OCaml, Haskell, Go, D, Rust, Erlang, ..., alongside unikernels as the
way forward to mainstream adoption.

One day we will get C free OS stacks.

~~~
vardump
C/C++ is the language you write the library in, so that it's callable from
every other language. Hopefully Rust, Nim (and Golang one day) will be able to
produce C-API compatible replacements. API can also be something better than
what .so and .dlls provide, as long as everyone is on board.

I guess Rust and Nim are the real contenders, as only a language with "zero
runtime" is going to cut it.

~~~
pjmlp
It is an historical accident that C == OS ABI, as mainstream OSes copied UNIX
model.

This wasn't true in other OSes.

Windows is currently moving to COM as the main OS ABI, specially with the
WinRT focus.

Android also has little support for C ABI, beyond wrapping .so in JNI
wrappers.

Another example are mainframe systems like OS/400, where the ABI is bytecode
based (TIMI).

------
MCRed
I have to say, this is one of the most exciting technologies I've seen in
awhile. It predates docker by a fair bit, and I would have hoped it would have
gotten more traction. So I'm very happy to see slides from a user group.

Alas, the brilliance of Erlang has not been sufficiently appreciated, so
hopefully Elixir -- aka: Erlang Returns -- might catch on and become a popular
hipster language.

With Docker you still have all the overhead of Linux, and personally, I'm
finding it a bit overwrought, and then on top of that more and more
infrastructure is being built. All well intentioned and I'm not saying it's
wrong-- but it's starting to feel like open stack.

One of the earlier demos of Erlang on Xen was a system where a VM was spawned
to handle each requests. EG: An HTTP request would come in, an entire VM would
be spawned, handle the request and go away. It was very fast.

I find that kinda astounding!

[http://erlangonxen.org/zerg](http://erlangonxen.org/zerg)

PS- Not intended to start a flame war, the dogmatic sounding parts of this
post are all tongue in cheek.

~~~
zalmoxes
> and then on top of that more and more infrastructure is being built.

I don't see how unikernels solve orchestration. You still need databases, load
balancing, service discovery and so on. Kubernetes or something like it would
still be a necessity.

~~~
MCRed
Good point. My feeling isn't so much that it exists, but that it's all new and
dockery-- and doesn't feel like it's gelled into something really useable yet.
And by usable, I mean "usable for non-ops people". I'm hoping managing
hypervisors will be more of a solved problem given more time in the market...
but I may well be wrong.

------
stonogo
The next logical step is to elide the virtualized network and disk interfaces,
and then we're back to shared hosting! See you again in twenty years.

~~~
xyzzy_plugh
Yep. I don't get the value in this, pushing the problem somewhere else just
creates new problems. Instead of being able to rely on distributions and
gargantuan open software, now we go off and roll it all ourselves?

This is a good path to job security, but I don't see what else.

~~~
MCRed
What's to roll yourselves? (Serious question, I might have missed it.) The
erlang platform provides a great deal of everything you need. And if it
doesn't, there's a library out there to do it.

Elixir is extremely active, growing and moving fast and even if you do have to
roll it yourself, it can still be a net win.

For instance, I found it was easier to integrate a mail sending library or
interface with mailgun than it was to get an STMP service working on linux.

But then, I'm a developer, not ops.

------
makmanalp
Also relevant: [http://openmirage.org](http://openmirage.org)

and
[https://www.youtube.com/watch?v=bYQ_lq5dcvM](https://www.youtube.com/watch?v=bYQ_lq5dcvM)

~~~
MCRed
Mirage supports Ocaml the video shows people making Python Unikernels.

This slide deck supports Elixir and Erlang languages.

(just adding details for people)

------
delinka
This has to be one of the worst UIs for a slide deck. "Why aren't these
questions being answered?" ... "Oh, the slide advance UI changes. Too
inconspicuous."

~~~
frou_dh
I'm shocked that the top two HN comments as of writing are bikeshedding the
submission's web design.

~~~
jacques_chester
This is "Why is the bike shed missing three walls and half the roof?"ing.

~~~
frou_dh
Chapters bother you that much huh?

~~~
jacques_chester
Not when they're arranged as a book, rather than a quilt disguised as a book.

------
yjh0502
I'm not sure Erlang with a immutable infrastructure concept is good idea.
Dynamic code reloading and upgrading without downtime is a key feature of
Erlang, and immutable infrastructure do not play well with these features. If
you make Erlang immutable, you should add another layer to ensure availability
like HAProxy, which adds management burden. If you use dynamic code reloading,
it is no longer 'immutable'.

~~~
kungfooguru
My thoughts as well. And if you one does accept the restrictions I'd hope they
remove the performance penalties associated with binding everything so late so
it can be swapped.

------
tilt_error
In theory it should be possible to run Erlang applications on OSv as well [0].
I saw some discussions around this earlier, but I am not sure what the current
status is.

[0] [https://github.com/cloudius-systems/osv-
apps/tree/master/erl...](https://github.com/cloudius-systems/osv-
apps/tree/master/erlang)

------
bcl
Russell Pavlicek had a pretty good high level talk on Unikernels at Linuxfest
Northwest this year -[http://linuxfestnorthwest.org/2015/sessions/next-
generation-...](http://linuxfestnorthwest.org/2015/sessions/next-generation-
cloud-unleashing-power-unikernel)

~~~
MCRed
Excellent abstract, but unable to view slides on a Mac. (ODP format not
supported by keynote?)

~~~
FraaJad
LibreOffice.

Edit: you should be able to import it into your google drive, and view it
there if you do not wish to install libreoffice.

------
technolo-g
Thanks for all the comments! Looking forward to reading them in depth and
tuning up the ole' preso :) \-- Matt

Twitter: @mattbajor

~~~
axelfontaine
Here is another one for your list: [https://boxfuse.com](https://boxfuse.com)

We launched Boxfuse last month with support for running JVM apps as unikernels
on VirtualBox and AWS.

Here is a blog article from last week about deploying Dropwizard unikernels to
EC2: [https://boxfuse.com/blog/dropwizard-
aws.html](https://boxfuse.com/blog/dropwizard-aws.html)

Disclaimer: I'm the founder.

~~~
justincormack
It is not a unikernel though, just a minimal Linux.

~~~
axelfontaine
Boxfuse falls squarely into the "generalized" unikernel type mentioned in the
presentation. You are only thinking of the "specialized" ones.

In a sense it follows the same principle as OSv, just with a proven Linux
kernel instead of a custom one.

Update: Why the downvote? If you disagree, feel free to say why.

~~~
justincormack
No it doesnt. And the presentation is not very accurate. Rump kernel is a
proper unikernel (based on the proven NetBSD kernel) but actually running as a
library operating system, in the same address space as the single application
it is linked to. You compile and link the kernel library and application into
a single elf file. OSv is a single address space too, it just tries to pretend
to look more like a normal OS. I think Drawbridge is a proper unikernel too.
So the examples in the slides are simply wrong.

PS no idea who downvoted you, there is really no point in mentioning it.

------
smegel
I thought Erlang relied heavily on threads...how does that even work without
as OS?

~~~
olalonde
I was curious as well and Googled it. Apparently, the Erlang Runtime runs
within a single OS thread and implements its own thread scheduler in user
space. [http://stackoverflow.com/questions/605183/how-if-at-all-
do-e...](http://stackoverflow.com/questions/605183/how-if-at-all-do-erlang-
processes-map-to-kernel-threads)

~~~
corysama
Unikernels are very able to schedule threads to CPUs. Often, that scheduling
is static. But, when your intent is to run a single process exclusively on the
virtual machine, static scheduling is actually preferable.

------
phrasz
Is it me or is the wrong word being used (0.o)? See --
[http://en.wikipedia.org/wiki/Microkernel](http://en.wikipedia.org/wiki/Microkernel)

~~~
zefei
It is you. See
[https://queue.acm.org/detail.cfm?id=2566628](https://queue.acm.org/detail.cfm?id=2566628)

------
istvan__
This is pretty amazing. I really like to idea of using more Erlang for my
projects and this would make the deployment to EC2 easier.

------
mbq
Possible next step in this direction is to get rid of both Xen and unikernel
by making a specified Java/Erlang VM that only has syscall-calling op-codes
for network traffic and virtual disk I/O, while uses hardware virt goodies to
secure execution of JITed code. (;

------
hobarrera
> Linux is a black box to a lot of devs.

That's not a problem you should get rid of, devs _need_ to understand the
underlying system.

> no shell == no shellshock

Only servers that needed the shell for some service exposed the issue, so this
point is irrelevant.

> no libopenss = no heartbleed

no libopenssl = no ssl either.

------
tylercubell
Sounds like unikernels are giving the traditional OS a lobotomy and leaving
only the brain stem to handle basic functions.

------
erikb
If you work on an unikernel how do you store data to disk? There is no
filesystem, right?

~~~
madez
GooFS is specifically mentioned.

------
EGreg
Can the same be done for Node.js? What about PHP?

~~~
justincormack
No one has tried Node.js yet as far as I know (possibly under OSv not sure).
PHP, yes, is running as a unikernel, using a rump kernel.

~~~
EGreg
Can you post some links?

~~~
justincormack
[https://github.com/mato/rump-php](https://github.com/mato/rump-php)

[http://rumpkernel.org/](http://rumpkernel.org/)

[https://github.com/rumpkernel/wiki/wiki/Info:-Community](https://github.com/rumpkernel/wiki/wiki/Info:-Community)

Ask on the mailing list/irc if you need help... its still under development so
not completetly obvious yet ;)

------
rdrey
Am I the only one who can't find Part 2?

~~~
mintplant
Part 2 was the live demo portion of the talk.

------
bsimpson
I wonder if this is how AppEngine was built.

------
christianbryant
[http://wiki.xenproject.org/wiki/Unikernels](http://wiki.xenproject.org/wiki/Unikernels)

'nuff said.

~~~
christianbryant
OK, maybe not 'nuff said; this is a great paper on unikernels from last year:

Unikernels: Rise of the Virtual Library Operating System
[https://queue.acm.org/detail.cfm?id=2566628](https://queue.acm.org/detail.cfm?id=2566628)

------
ak47surve
Off-topic: Anyone else found it difficult to navigate through the
presentation?

------
_RPM
This website must be broken. It broke my browser's back button.

------
fapjacks
I went in expecting to read a bit about unikernels. I got there and felt like
I was playing The Legend of Zelda for NES. You know, the one with the golden
cartridge.

