
Netboot Linux over the internet - zitterbewegung
https://netboot.xyz
======
andrewstuart
I wrote Bootrino - an entire cross platform/cross cloud netboot over the
Internet desktop application that supports AWS, Google Cloud, Digital Ocean.
It did also support Rackspace but Rackspace is effectively dead as a cloud
hosting platform and Bootrino also supported SoftLayer but I found after alot
of work that SoftLayer is a very locked down environment that does not permit
total control over what you run on your VMs.

Kinda takes this core concept and pushes it alot further and lets you boot
from your own web servers - you just publish the (simple) bootrino config file
plus the OS image and off you go, bootrino configures the instance and builds
it from your own web infrastructure, be it internal or public.

You can see a demo of bootrino here:

[https://www.youtube.com/watch?v=zJhxmVlR46c](https://www.youtube.com/watch?v=zJhxmVlR46c)

The purpose of Bootrino is that it allows you to boot ANYTHING on the cloud -
i.e. Unikernels and a whole zoo of other tiny operating systems, run-in-RAM
operating systems, embedded operating systems etc. You are no longer
restricted to running only the operating systems permitted by the cloud
vendors.

Lets you do things like make RAM only Postgres databases servers, or run your
web server applications purely from RAM without any login, for speed and
security.

~~~
contingencies
_Rackspace is effectively dead as a cloud hosting platform_

Could you elaborate on this? I'm genuinely curious and didn't see anything
obvious to explain it in search results.

~~~
andrewstuart
Well it's my own personal judgement.

I did ALOT of work implementing support for six cloud computing platforms
(also MS Azure, which I did not mention above).

All of them provided me either with free or cheap access to their services - I
was building something for the platform after all.

Rackspace started out with a developer program, which they withdrew as my
project was coming to completion. I asked for more free/cheap developer access
and they said no - it was going to cost me several hundred dollars per month
(the base line cost for Rackspace) just to support their service. I thought
"no thanks". I also thought that any other cloud provider that actually cared
about getting people to use its platform would provide a free/cheap program
for developers to build tools around it and support it. What I saw was that
Rackspace just don't really care about its cloud platform any more.

How can a cloud hosting platform company take a cloud hosting product to
market whilst actively selling support for its just-the-same competitor (i.e.
AWS) and still be credible? Doesn't make sense.

I noticed at the same time that Rackspace shifted focus heavily towards
providing support for other cloud computing platforms like AWS and also
observed in the news some of their business challenges and came to my own
conclusion that they have been defeated in cloud computing but have not
declared defeat yet.

So it's just my opinion but I think Rackspace cloud is dead/defeated and will
meet its fate soon enough, maybe to be sold off or something. Just my opinion.

~~~
contingencies
Interesting. About 3 years ago I had a similar project - see
[http://stani.sh/walter/pfcts/original/](http://stani.sh/walter/pfcts/original/)
and [http://stani.sh/walter/cims/](http://stani.sh/walter/cims/) \- but ex-
employer decided they wanted to keep IP, so I haven't been able to open source
it.

~~~
nightcracker
Never sign IP clauses, they're criminally unfair.

------
andrewstuart
You can't do the stuff described at this site universally on any cloud due to
various technical restrictions. There's certainly no standard way to do it. I
even found it to be problematic on the cloud for which it was intended -
Rackspace.

HOWEVER - there IS a way to boot anything at all you want on any cloud.

It's a little bit tricky.

The solution depends on the fact that EVERY cloud runs just about exactly the
same version of Ubuntu. And every cloud provides a way to run Ubuntu with a
boot script. What this means is in effect that every cloud has a highly
standardised boot process.

So what you do, is boot Ubuntu with a script that drops the operating system,
formats the hard disk and installs a new OS, i.e. a Unikernel, Alpine Linux,
TinyCore Linux, Windows even, whatever you want.

I built Bootrino around this concept (see the other message in this thread
about Bootrino). Bootrino is essentially a front end that boots an instance,
passes in a boot script that it gets from your web server, the boot script
does the job of dropping the OS, reformatting and then reconfiguring it to be
whatever you want. It pulls in the OS files from any URL so it's super
flexible. True net boot for the cloud.

Sounds a bit odd but it is highly reliable and works very nicely. I got a
whole nunch of stuff running including Unikernels, Alpine Linux, TinyCore
Linux and a few even more tiny exotic operating systems.

There's some real challenges to do with the differing ways that the clouds
implement networking but I worked all that out with only just enough pain to
make me tear out my eyes.

~~~
voltagex_
How do you get to Windows in that case? AWS doesn't let you get to GRUB or
similar, does it? Chain loading NTLDR is a pain in the best circumstances.

------
Spivak
This is super cool. You could sell this as a service to IT departments. Give
each customer a subdomain, let them manage their own ISOs, maybe throw in
kick-start support, and you've got a real product.

Edit: and this would be a great way to build trust, your paying customers
would support the public service and distribution maintainers could get
official accounts on your service to distribute to their users.

~~~
laumars
I'd be wary about using this in a professional capacity without assurances of
the security of the images stored upstream and better support for SSL (this
last point is more an issue with PXE clients than with the hosts).

Really where this comes into its own is for personal builds. In those
situations the convenience of not having to download an ISO and burn it /
whatever is an arguable reasonable trade for the potential security hole it
creates. Where is in business security is more critical and builds are more
frequent so the effort of downloading the latest ISO is mitigated by the
frequency you may end up using it.

This last point is why many corporate networks will have their own internal
imaging servers.

------
jburgess777
This looks a lot like the old boot.kernel.org (BKO) site which was taken down
a while ago. I don't remember why it was taken down but you can still find
some references to it, e.g.

[https://www.howtoforge.com/boot-linux-over-http-with-
boot.ke...](https://www.howtoforge.com/boot-linux-over-http-with-
boot.kernel.org-bko)

[http://git.etherboot.org/people/pravin/BKO.git/blob_plain/e6...](http://git.etherboot.org/people/pravin/BKO.git/blob_plain/e6c51a0c7172f3c78c4a3cd59e348a2861eddcea:/index.html)

[https://events.linuxfoundation.org/images/stories/slides/lin...](https://events.linuxfoundation.org/images/stories/slides/linuxcon2009/hawley_linuxcon09.pdf)

------
lathiat
In true style, I've thought for over a year about creating something like
this.. turns out it already exists. Yes!

Side note, iPXE is awesome.. most recently I was using it to test a bug with
iBFT (how the BIOS describes an iSCSI root disk to the operating system)..
since iPXE lets you setup the appropriate stuff to do iBFT insteading of
needing the relevant network card. So many good things from iPXE

------
damm
Why should we trust you? Sure you set the mirror to rackspace but easily
things can go wrong and if your competent enough to get iPXE running you
should be doing the job your damn self.

~~~
posguy
In addition to the trust factor, what happens when this service dies?
Netboot.me offered essentially the same service years ago, but disappeared and
stopped working, with many guides written for and around their service.

~~~
devttyeu
I made an IPFS(the torrent+git+ thing) based fork of this because of these
reasons.

It uses IPFS gateway setup in local network, this enables: * Caching of
downloaded data (this is useful when using it to boot multiple computers in
one LAN) * More trust: boot menu is served from local IPFS gateway using
immutable hashes. It is also really easy to review it by hand. * It's a bit
more service-dies-scenario proof

Downsides include lack of better documentation and messy code in places - it's
a large scale refactor that changes the basics of how the tool works and isn't
quite polished. It lives at
[https://netboot.devtty.eu/](https://netboot.devtty.eu/). There is no set-up
instructions(tr;dr setup: run lan-open ipfs gateway, add A dns record
'ipfs.local' pointing at it in your lan DNS server, rest like netboot.xyz).

~~~
voltagex_
I'm pretty sure you're not supposed to use .local as a unicast domain name due
to its use in mDNS/Zeroconf

------
laumars
Weird to see this today because I was using netboot.xyz only yesterday to
install OpenBSD.

My only gripe with netboot.xyz is that it seems to be missing a few of the
less mainstream yet still platforms like NetBSD and Dragonfly. But I know from
my own experience writing something similar but not as good that the
maintenance of something like that is rather large. So I can't really
complain.

~~~
kevincox
I've seen discussions about getting new images and the maintainers are super
willing. It's most likely that no one has put the effort in yet, rather then
netboot.xyz saying no.

------
nikanj
Apparently boot.kernel.org is no more. Does anyone know what happened?

~~~
0x0
Wild guess - kernel.org was compromised some years ago, maybe they never
rebuilt that service. Also, consider what would have happened if
boot.kernel.org was compromised at the same time as kernel.org? :)

------
voltagex_
In this age of containers you can still do some pretty impressive things with
PXE. That doesn't make it a _good_ standard.

I first saw this trick using iPXE from boot.rackspace.com.

iPXE is also an amazing thing in itself. I would pay for a detailed writeup of
the CDROM emulator that does HTTP-range requests when the "device" is
accessed.

~~~
mareo
I'm an occasional iPXE contributor, I guess it's my time to shine!

Bootloaders are reading block of data from CR-ROM, disk, floppy or USB drive
by using int 13h[1] whose handler is set by the BIOS. A bootloader is only
asking the BIOS to read data for him and does not have to implement drivers.

iPXE replaces the int 13h handler in the interrupt vector table[2] by its own,
and when a read is issued by a bootloader, it performs it with an HTTP range
or iSCSI request.

It's actually really simple. :)

[1]
[https://en.wikipedia.org/wiki/INT_13H](https://en.wikipedia.org/wiki/INT_13H)

[2]
[https://en.wikipedia.org/wiki/Interrupt_vector_table](https://en.wikipedia.org/wiki/Interrupt_vector_table)

~~~
mbilker
How does iSCSI work for Windows then?

I setup iPXE to boot Windows 7 (Embedded Standard technically) to boot off an
iSCSI target and it shows up as a disk in Windows. Does Windows still allow
for int 13h handlers or is there some other special handling?

~~~
mareo
iPXE uses the iBFT[1] to pass this information to the OS.

ftp://ftp.software.ibm.com/systems/support/bladecenter/iscsi_boot_firmware_table_v1.03.pdf[1]

------
flyGuyOnTheSly
Is this similar to
[http://httpredir.debian.org/](http://httpredir.debian.org/) ?

I just created my first live debian chroot earlier today, and was amazed at
how it seemingly worked.

debootstrap downloaded everything required for a basic debian install in a few
minutes from [http://httpredir.debian.org/](http://httpredir.debian.org/) and
I was in and using the fresh system.

Is that what netboot.xyz is? The same thing but for multiple linux distros?

~~~
secure
FYI, [http://deb.debian.org/](http://deb.debian.org/) is preferred over the
httpredir these days. deb.debian.org is backed by multiple CDNs, whereas
httpredir is backed by the traditional mirror network. The latter does its
best to avoid redirecting to an unavailable/outdated mirror, but the former
typically works better.

~~~
flyGuyOnTheSly
Thanks for that, looks like I should try to update the official debian chroot
wiki page then! [0]

[0]
[https://wiki.debian.org/chroot#Basic_Installation](https://wiki.debian.org/chroot#Basic_Installation)

------
peterwwillis
It looks like this thing bundles ca.ipxe.org and ca.netboot.xyz certs. It also
makes a SHA256 checksum of each boot disk, and creates signed signatures for
all source files.

But it is not verifying signed checksums of the bootloaders themselves, which
you would expect to be probably the most important part of running an OS
downloaded over HTTP from random mirrors you don't know.

Also, thanks for giving us your encrypted secrets database, as well as your S3
secret access keys, author?

------
shmerl
A good example where gigabit connection makes it usable.

------
danfolkes
This is great! Especially for utility disks like gparted.

No longer needing to make 30 different bootable CDs or bootable USBs is nice.

~~~
askvictor
Indeed, although with modern laptops not having Ethernet ports, it would need
to be able to use wifi

~~~
voltagex_
IPXE only supports one WiFi chips and many laptops have a whitelist of USB
Ethernet adaptors they'll PXE boot from.

------
dveeden2
Reminds me of using wanboot with Solaris (boot over HTTP)
[http://www.bolthole.com/solaris/wanboot_tech.html](http://www.bolthole.com/solaris/wanboot_tech.html)

------
snvzz
Netboot, sure. But why Linux?

This isn't in any way Linux specific.

~~~
Gracana
The intro gif shows Linux, BSD, and Windows installer categories.

~~~
snvzz
Exactly. So why is the story titled "Netboot Linux over the internet"?

