These are the slides from my talk at Craft Conf today. If you’re reading this at the conference now, please do follow the link at the end of my talk to rate it and give me feedback!
Some of the specific items I mention are below, with links to more detail. You can find more information and resources about unikernels over at unikernel.org.
I quickly showed people how to build and serve the MirageOS website from a container on my Mac. I used the Docker for Mac beta (beta 8) for this, together with a prepared Docker image. Bear in mind that things change across beta releases so if the following doesn’t work, please tweet me.
To follow my steps in the demo:
# On your terminal $ docker run -it -p 80:80 amirmc/demo-craft bash # Inside the container $ cd mirage-www/src $ mirage configure --unix --net socket $ make $ sudo ./mir-www
You should be able to see the site by pointing your browser to
Congrats, you just built MirageOS! You can read the hello world guide on the website to understand more about the configure flags we used.
The above image (
amirmc/demo-craft) is one I made just for the conference,
so that I didn’t have to wait for additional downloads. To do it ‘properly’,
it’s better to use the unikernel/mirage images, since those
are maintained. The
mirage tool within the container will then pull down
the required dependencies based on the
mirage configure step.
# Clone the repo on your machine $ git clone https://github.com/mirage/mirage-www.git $ cd mirage-www # Pull and run the maintained image, mount # the local directory, and set up the ports $ docker run -it -v `pwd`:/src -p 80:80 unikernel/mirage bash # Now that you're in the container $ cd src $ mirage configure --unix --net socket # installs packages $ make $ sudo ./mir-www
Then point your browser at
Using Docker for Mac makes all of the above much easier, especially if you don’t have (or don’t want) a local OCaml environment set up.
This is a unikernel, built using the TLS stack, which holds the private key to some bitcoin. If you manage to break in then you can simply transfer the bitcoin away. The model itself is a novel way to run a bounty programme, since a successful breach leads directly to the reward — though the main benefit is to stress-test the whole stack in the wild. In the talk, I describe how the unikernel is about 4% the size of its equivalent in a traditional OS and you can read the article for more detail about that (and much more).