Published Sep 3, 2019

SE-Radio Episode 271: Idit Levine on Unikernelsl

Idit Levine delves into the transformative potential of unikernels, emphasizing their ability to outperform Docker containers through minimal resource usage and simplified deployment, while revolutionizing cloud computing by enhancing efficiency, security, and serverless applications.
Episode Highlights
Software Engineering Radio - the podcast for professional software developers logo

Popular Clips

Episode Highlights

  • Reducing Complexity

    Reducing complexity in operating systems is crucial for efficiency, especially in cloud environments. explains that traditional operating systems like Linux have accumulated unnecessary components over time, such as obsolete drivers, which add to their complexity 1. By stripping away these excess elements, unikernels focus on retaining only essential components, such as specific hardware drivers and application libraries, thus simplifying the system 2. This approach allows developers to tailor the operating system to the specific needs of their applications, enhancing performance and reducing maintenance overhead.

    The community of the operating system basically make a choice. And the choice that they make is that it's much more important to them to run, you know, to support all the old architecture probably because it's easier to make it adoptable that way than to actually start with a clean slate.

    ---

       

    Security

    Simplifying operating systems through unikernels can significantly enhance security by minimizing attack surfaces. highlights that the extensive functionality of the Linux kernel presents numerous vulnerabilities, making it susceptible to attacks 3. By reducing unnecessary components like SSH capabilities, unikernels limit potential entry points for attackers, akin to a room without doors or windows 4. Even if a unikernel is compromised, its isolated nature ensures that only the specific application is affected, simplifying recovery and reducing broader system risks 5.

    By stripping down the operating system and taking out stuff like SSH and so on capability, you're basically limiting the surface of attack.

    ---

Related Episodes