'Unikernels will send us back to the DOS era' – DTrace guru Bryan Cantrill speaks out

Reaction to Docker biz gobble

Some heralded Docker's acquisition of UK-based Unikernel Systems last week as the golden dawn of a post-container era. Others showed healthy skepticism.

One person firmly in the latter camp is Bryan Cantrill, who typed up a long blog post on why he believes unikernels are "unfit" for production. Cantrill is chief technology officer of San Francisco-based Joyent, which builds software to manage containers across whole data centers.

You might think the post was a cheeky pop at a rival technology – a container wrangler shooting down a container challenger. But don't forget that Cantrill has been at the coalface of operating system development for decades: he was one of a trio of Sun engineers who created DTrace – the undisputed Rolls-Royce of real-time software debuggers – plus worked on Solaris and QNX.

"I think I’ve been accused of trying to kill off the unikernel," Cantrill told The Reg this week. "I don't have a problem with it per se if it’s an academic exercise or a hobbyist endeavor. They have a right to exist, and it's not that they aren’t fit for any purpose, they're just not fit for production."

Cantrill's main beef with the technology is really in three parts: the first is that unikernels merge the application and the underlying operating system into one entity that shares the same virtual address space. Device drivers become libraries that either call down to a hypervisor, which takes care of controlling the hardware, or interact with the bare metal. The resulting condensed unikernel package cooperates with other unikernels running on the host for resources and processor core time.

Operating systems these days split the applications into what's called user space, and the kernel part that controls the machine (or virtual machine) into kernel space. User space isn't allowed to interfere with kernel space, so misbehaving apps can be reined in, killed, or debugged, without trashing the system. Unikernels do away with this protective separation, meaning a bug in the app logic could blow away the whole package – or the whole device – forcing it to be restarted.

Cantrill likened this lack of privilege separation to the bad old days of microcomputers that ran simple operating systems that gave full control of the hardware to software programs.

"This separation is a fundamental principle, the hallmark of a reliable and secure operating system," he told us. "We've had this technology for three decades, and it seems some are willing to give that up and send us back to the DOS era.

"When we ran DOS on our computers, mysteries happened all the time – and it's because the programs misbehaved. Those of us who lived in that era don't want progress to run backwards."

His second main problem with unikernels is related to the above: the inability to easily debug broken code because of the primitive environment in which the software is running. Cantrill blogged:

From a debugging perspective, to say this is primitive understates it: this isn’t paleolithic — it is precambrian.

As one who has spent my career developing production systems and the tooling to debug them, I find the implicit denial of debugging production systems to be galling, and symptomatic of a deeper malaise among unikernel proponents: total lack of operational empathy.

His third main beef is the lack of classic Unix processes: unikernels follow a one process, one app model, so if your program expects to fork(), it'll have to fork off. Some unikernel implementations mitigate the aforementioned problems by requiring software to be written in type-safe languages like OCaml, Erlang or Haskell, which not everyone knows and certainly not every application is written in them.

"I'm of a generation that didn’t understand what a robust OS could be until I got to university," said Cantrill, explaining how he discovered Unix-flavored systems at college.

"That era of microcomputers was terrible. I fear we now have a generation romanticizing about that history or ignoring it, and not taking for granted the robustness they grew up on.

"My children's Chromebooks have Unix, they were born with Unix, I have Unix on my phone – and that’s amazing. It means if there's a bad application, its failures are contained, and the machine continues. I'm deeply disturbed that people are advocating discarding this protection."

The team at Unikernel Systems includes former Xen hypervisor engineers, who believe unikernels will provide fast-to-start lightweight secure services that can be managed efficiently using Docker-like tools. While welcoming Unikernel Systems to Docker, Mano Marks, director of developer relations at the container upstart, noted that "unikernels are an important part of the future of the container ecosystem." ®

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021