Planet Hypervisor

Unikernels at PolyConf!

Above are my slides from a talk at PolyConf this year. I was originally going to talk about the MISO tool stack and personal clouds (i.e. how we’ll build towards Nymote) but after some informal conversations with other speakers and attendees, I thought it would be way more useful to focus the talk on unikernels themselves — specifically, the ‘M’ in MISO. As a result, I ended up completely rewriting all my slides! Since I pushed this post just before my talk, I hope that I’m able to stick to the 30min time slot (I’ll find out very soon). In the slides I mention a...

Switching to Dashboard Spice Console in RDO Kilo on Fedora 22

************************* UPDATE 06/27/2015 ************************* # dnf install -y https://rdoproject.org/repos/rdo-release.rpm # dnf  install -y openstack-packstack   # dnf install fedora-repos-rawhide # dnf  –enablerepo=rawhide update openstack-packstack Fedora – Rawhide – Developmental packages for the next Fedora re 1.7 MB/s |  45 MB     00:27 Last metadata expiration check performed 0:00:39 ago on Sat Jun 27 13:23:03 2015. Dependencies […]

The Bare-Metal Hypervisor as a Platform for Innovation

In this industry, everyone seems to talk about innovation, but very few platforms exist which foster innovation.  More times than not, "innovation" is simply a buzzword used by some marketing campaign to hawk something about as novel as twenty-year-old accounting software. Innovation does occur, of course.  But often real innovation leverages what already exists to create something which doesn't yet exist.  It may borrow from the known, but it produces something previously unknown.  For example, the industry has been going wild over cloud computing in the past few years, but many of the core cloud computing concept are actually old mainframe...

Reviewing the Bitcoin Pinata

TL;DR: Nobody took our BTC. Random people from the Internet even donated into our BTC wallet. We showed the feasibility of a transparent self-service bounty. In the style of Dijkstra: security bounties can be a very effective way to show the presence of vulnerabilities, but they are hopelessly inadequate for showing their absence. What are you talking about? Earlier this year, we released a Bitcoin Piñata. The Piñata was a security bounty containing 10 BTC and it's been online since 10th February 2015. Upon successful mutual authentication, where the Piñata has only a single trust anchor, it sends the private key to the Bitcoin address. It...

Xen Orchestra 4.2

XO 4.2 brings performances to a new level! And start to shedule rolling snapshots now.

Project Raisin – Raise Xen!

It all started with pvgrub2: it was March 2015 and I wanted to add grub2 to the Xen build system. We were already building grub-legacy as part of the Xen build, so that we could produce a pvgrub binary to be used to boot PV guests. After Vladimir ‘phcoder‘ Serbinenko’s good work on grub2, the […]

MirageOS v2.5 with full TLS support

Today we're announcing the new release of MirageOS v2.5, which includes first-class support for SSL/TLS in the MirageOS configuration language. We introduced the pure OCaml implementation of transport layer security (TLS) last summer and have been working since then to improve the integration and create a robust framework. The recent releases allow developers to easily build and deploy secure unikernel services and we've also incorporated numerous bug-fixes and major stability improvements (especially in the network stack). The full list of changes is available on the releases page and the breaking API changes now have their own page. Over the coming week, we'll...

Why OCaml-TLS?

TLS implementations have a history of security flaws, which are often the result of implementation errors. These security flaws stem from the underlying challenges of interpreting ambiguous specifications, the complexities of large APIs and code bases, and the use of unsafe programming practices. Re-engineering security-critical software allows the opportunity to use modern approaches to prevent these recurring issues. Creating the TLS stack in OCaml offers a range of benefits, including: Robust memory safety: Lack of memory safety was the largest single source of vulnerabilities in various TLS stacks throughout 2014, including Heartbleed (CVE-2014-0160). OCaml-TLS avoids this class of issues entirely due to OCaml's automatic...

XenServer's LUN scalability

"How many VMs can coexist within a single LUN?" An important consideration when planning a deployment of VMs on XenServer is around the sizing of your storage repositories (SRs). The question above is one I often hear. Is the performance acceptable if you have more than a handful of VMs in a single SR? And will some VMs perform well while others suffer? In the past, XenServer's SRs didn't always scale too well, so it was not always advisable to cram too many VMs into a single LUN. But all that changed in XenServer 6.2, allowing excellent scalability up to very large...

Improving Xen Orchestra performances

Xen Orchestra is now going 250 times faster. Period.