
Ask HN: Why unikernels are not more popular? - amirouche
I discovered MirageOS. I find the idea elegant.
It looks to me like a compiler of the whole Operating
System.<p>I wondering what are the pros and cons? How does they relate to micro kernels?
======
eyberg
The main reason I've found is that very few people/organizations have focused
on making it a first class citizen. A weekend hacker or two might work for a
new web framework but unikernels involve entire operating system development.
To compare - linux has been around for ~ 30 years.

This is something we are focused on at NanoVMs. (yes, I work there).

As for the other questions - unikernels descend from the microkernel family
tree and some implementations (ours included) blur that line considerably.
Andrew Tanenbaum was right. :)

Pros:

* many are _much_ faster than comparable linux applications for boot and runtime (NEC can boot theirs in 5ms - fork takes ~3ms, docker containers boot in ~200ms)

* many are dramatically more secure (ours has the same aslr/page protections as linux does yet also doesn't have the notion of a shell, users or the ability to run other processes)

* if you have your own infrastructure you can massively consolidate your vms (this is a big benefit but you won't get this on public cloud)

Cons:

* in the past you had to manually port your application (this was too much to ask a user for) -- this is changing in many different implementations

* there are some hard constraints (eg: single process) for a lot of implementations (for instance postgres would need to be re-written)

------
PaulHoule
It is hard to innovate in operating systems because people already have a lot
of software written for POSIX and POSIX-like systems and if you wanted to make
something entirely different people won't like it.

The Unikernel idea is one of the better ones. I've thought a lot about what an
async-first operating system would look like and it is hard to picture,
particularly when virtual memory is a fundamentally blocking abstraction.

------
billconan
[https://www.joyent.com/blog/unikernels-are-unfit-for-
product...](https://www.joyent.com/blog/unikernels-are-unfit-for-production)

[https://fourlightyears.blogspot.com/2018/08/what-i-could-
not...](https://fourlightyears.blogspot.com/2018/08/what-i-could-not-
undiscover-about.html)

~~~
eyberg
Just to point out for the first article (unikernels are undebuggable) -
there's been a lot of work done in the past few years that effectively
completely nullifies that argument:

[https://nanovms.com/blog/common-unikernel-debugging-myths-
de...](https://nanovms.com/blog/common-unikernel-debugging-myths-debunked)

[https://www.nccgroup.trust/us/about-us/newsroom-and-
events/b...](https://www.nccgroup.trust/us/about-us/newsroom-and-
events/blog/2019/january/xendbg-a-full-featured-debugger-for-the-xen-
hypervisor/)

[https://www.linux.com/blog/event/xen-
summit/2017/9/uniprof-t...](https://www.linux.com/blog/event/xen-
summit/2017/9/uniprof-transparent-unikernel-performance-profiling-and-
debugging)

[https://github.com/rumpkernel/wiki/wiki/Howto:-Debugging-
Rum...](https://github.com/rumpkernel/wiki/wiki/Howto:-Debugging-Rumprun-with-
gdb)

------
amirouche
An overview of unikernels
[https://github.com/cetic/unikernels](https://github.com/cetic/unikernels)

