New Operating System Seeks To Replace Linux In the Cloud

New submitter urdak writes "At CloudOpen in New Orleans, KVM veterans Avi Kivity and Dor Laor revealed their latest venture, a new open-source (BSD license) operating system named OSv. OSv can run existing Linux programs and runtime environments such as a JVM, but unlike Linux, OSv was designed from the ground up to run efficiently on virtual machines. For example, OSv avoids the traditional (but slow) userspace-kernel isolation, as on the cloud VMs normally run a single application. OSv is also much smaller than Linux, and breaks away from tradition by being written in C++11 (the language choice is explained in in this post)."

So... no separation between system and userspace..

No security either.

GPL trumps BSD as a usable open source licence

[evanh]

If the BSD licence was as useful as GPL then Linux would never have grown in the first place.

Re:GPL trumps BSD as a usable open source licence

[meta-monkey]

Yes, but not in a way that promotes growth. The BSD license is a trap for the grumpy kids who don't want to share their toys at recess.

BSD: You can do whatever you want with your modifications to this code, including close them.
GPL: You can do whatever you want with your modifications to this code, except close them.

One of these creates a positive feedback loop in which small, incremental improvements from coders who share increase exponentially. The other creates a negative feedback loop in which the improvements from those who don't share are locked away and lost. I'll leave it to you to figure out which is which.

Re:GPL trumps BSD as a usable open source licence

One of these creates a positive feedback loop in which small, incremental improvements from coders who share increase exponentially. The other creates a negative feedback loop in which the improvements from those who don't share are locked away and lost. I'll leave it to you to figure out which is which.

The problem with this claim is that you're simply lying by omission. (Well, there's another problem: hyperbole. "Exponentially"? Hah.)

GPL: the positive feedback loop is damped by the unattractiveness of the license to many potential contributors, particularly GPLv3. Fewer participants equals less resources spent developing the project.

BSD: the claimed negative feedback loop almost doesn't exist. Many of the entities (the same ones who have issues with GPLv3) whom you GPL zealots assume would just take everything private actually tend not to. Why? Because the reason they're using open source in the first place is to reduce their own workload, and maintaining a private fork of a public codebase turns out to be a lot of work. If you want to take changes from the public version, you're in permanent merge hell (because nobody in the outside world knows or cares about your local changes). If you want to fully fork and ignore the public version, now you're responsible for maintaining everything on your own. In most cases it's substantially less work to contribute your changes back to the public version.

Basically the only time this actually happens in the BSD-licensed world is when someone decides "to hell with it, we don't care how much we have to spend, we're going to go all the way private".

(All of the above is equally true of GPL-licensed code. GPL zealots are only assuming that their preferred license is required to create sharing. In reality, productive sharing is always an outcome of shared interests between all the parties involved, not the license.)

Re:GPL trumps BSD as a usable open source licence

[Microlith]

And you've set your entire argument up in a biased fashion too.

GPL: the positive feedback loop is damped by the unattractiveness of the license to many potential contributors, particularly GPLv3. Fewer participants equals less resources spent developing the project.

A claim which is possible but largely lacking in evidence.

BSD: the claimed negative feedback loop almost doesn't exist.

Additionally unfounded. Given that BSD sources can be downloaded, modified, and their changes never see the light of day the loss of information is virtually guaranteed. Not to say it doesn't happen with the GPL, but it's actually a legal risk to allow it to happen.

Because the reason they're using open source in the first place is to reduce their own workload, and maintaining a private fork of a public codebase turns out to be a lot of work.

And yet there are plenty of vendors who would do just that if it suited their purposes. Your argument for staying upstream is entirely logical, but then, many corporations are not run in a logical fashion.

Basically the only time this actually happens in the BSD-licensed world is when someone decides

Would you ever know?

GPL zealots

Nothing worse than responding to a reasonable post with an invective.

In reality, productive sharing is always an outcome of shared interests between all the parties involved, not the license.)

But only so far as it suits their business interests. The GPLv3 was created to further advance its goals which have always been to ensure the software is free and that the recipient of the software is never encumbered by whomever they receive it from.

Re:So... no separation between system and userspac

[jedidiah]

It boggles the mind that anyone would suggest something like this and then use the excuse of "well we only run on app on a box". That's such amateur hour nonsense. It's like running your cloud apps on classic MacOS or an Amiga.

Just because you've only got "one app", it doesn't mean that you've only got one process.

It sounds like running your 2013 server apps on an OS from 1985 but "in the cloud".

[shake head]

a C++ kernel

[OrangeTide]

Another refreshing feature of OSv is that is written in C++.
It's been 40 years since Unix was (re)written in C, and the time has
come for something better.
C++ is not about writing super-complex type hierarchies (as some people
might have you believe). Rather, it allowed us to write shorter code
with less boiler-plate repetition and less chances for bugs. It allowed
us to more easily reuse quality code and data structures. And using
newly standardized C++11 features, we were able to write safe concurrent
code with standard language features instead of processor-specific
hacks. And all of this with zero performance overheads - most of C++'s
features, most notably templates, are compile-time features which result
in no run-time overhead compared to C code.

You end up taking the bad with the good. And some features in C++ are worth avoiding when you're outside of a nice big userspace runtime. Like exception handling, especially for classes that use multiple inheritance.

L4 is a microkernel and hypervisor designed specifically to run an OSlib in a virtual environment with very little overhead. It seems to me that some things about L4 are very compatible with visualization, being that most drivers in L4 operate as a virtualized environment rather than a process.

Re:a C++ kernel

[Stele]

Fortunately, with C++ you aren't required to use any particular feature, and don't pay a penalty for anything you don't use.

Furthermore, the alleged performance penalties that a lot of C programmers think exist in C++ actually don't.

Re:a C++ kernel

[bored]

Then explain why would you use C++ instead of C? If you are just going to cut it down to things C does? If you are going to do things C can't, then you will have the performance penalities. Your statments are not really valid.

Because there are cases where you are manually creating a construct in C, that is handled automatically by the compiler in C++.

Take virtual methods for example. The linux kernel is chuck full of structures filled with function pointers. That is a virtual method in C++, except in C++ you don't have to worry at runtime if the function your calling is NULL because the compiler assured that during compile time. This allows micro-optimization, and more natural error handling. Plus, the syntax is standard, so that every 3rd driver writer isn't creating their own version of the same thing.

Then there is generic data structure management. The kernel is full of macros for RB trees, linked lists/etc. Using templates for this allows better micro optimization without the programmer having to get involved.

There are a lot of reasons, and most of the negatives can be answered with, a the simple statement, don't use that feature.

Off the pig! Time to get rid of OSs on VMs.

[Animats]

This is a language-support library. It replaces the C runtime system, and the bottom levels of the Java runtime system. For environments where a virtual machine is running one program, or a family of tightly related programs, that's all you really need. The real operating system is the hypervisor underneath and the remote management tools that run the cluster.

Linux, with millions of lines of code, just isn't doing much inside a VM. It's not managing the memory. It's not handling real devices. It's not handling real interrupts. It may not even be managing any file systems - in cloud environments, those are usually out on some storage area network. It's just a big fat pig of an OS that needs to be fed patches and attention to keep it going, while not doing any useful work.

Within the virtual machine, there are no security boundaries. This may be a problem if more than one application is running in the VM. But if you only have one big program with many threads running, the OS isn't doing anything for you in security anyway.

Re:Off the pig! Time to get rid of OSs on VMs.

[TechyImmigrant]

So it's like DOS running on a VM. Yay!

Re:Off the pig! Time to get rid of OSs on VMs.

[tftp]

The thing they have "invented" is called RTOS. Typically, an RTOS is a simple kernel that is not using any memory protection features. That's how they started, at least - but over time some RTOS got separation between userspace and kernel space. VxWorks, for example, offered that option back in the year 2000.

Separation of one and the other is not just needed to protect from hackers. It creates a stable, reliable supervisor ring (hello, SVC command from IBM/360!) that can do whatever it wants to the userspace, whereas the userspace can't do anything to the supervisor. This allows the kernel to start, stop and monitor userspace applications, guaranteeing system integrity. If you don't have that, any bug, anywhere, can create unpredictable and undetectable faults within the system - and you will never know until the thing crashes horribly, which will eventually happen.

Re:It's just syntax.

[mark-t]

When a particular choice of programming language makes the resulting work easier for others to understand and maintain or modify, simply because things have been expressed in a manner that is more natural to understand with relation to what is actually being done, "just syntax" makes a HUGE difference.

Re:Cue Linus in 3..2..1

[mcl630]

Where are they "badmouthing" Linux? All they said was that Linux is over-kill for running a single application within a VM. Linux and OSv are different tools for different purposes.

Re:So... no separation between system and userspac

[Jherek+Carnelian]

Given that this is a special-purpose OS, intended for one-app per VM situations I think it is a perfectly reasonable assumption to make.

Re:Nah.

[Penguinisto]

I'll take my server OS tried-and-tested, thanks.

Even moreso - I prefer my server OSes to have that kernel/userspace separation. Sometimes that's the last line of defense against a fully-compromised system (see also, say, the typical crappily-coded PHP "application" that has the typical great big security hole (or four) in it...)

I get the drive for making the OS as thin as possible, but sometimes folks need to stop and think it through a little before they commit to doing it at all costs.

Re:So... no separation between system and userspac

[K.+S.+Kyosuke]

So now I need 12 vm's to perform the same tasks that one vm with 12 apps used to be able to perform? No thanks.

Isn't that what IBM has been doing with VM/CMS for decades? If you have deduplicated physical memory pages, what's the problem with that? (For that matter, am I the only one to whom this looks like a remake of VM/CMS?)

Re:Sorry, you're wrong.

[mark-t]

Implied ad-hominems aside, while I am "just a programmer", I did receive formal CS training. But that is neither here nor there.

I won't dispute that there is no one language that is going to be ideal for solving all problems, but it's entirely erroneous to presume that for certain types of problems, some languages are going to be better than others simply because the syntax of the language makes the solution more elegant to express and makes the resulting source code easer to understand.

This ease of understanding almost immediately translates to a faster development cycle, resulting in the end user receiving the product earlier, and in general will also mean that the software is less likely to contain unknown bugs (barring unknown bugs in the language implementation on the target architecture or bugs in the software development environment itself), so those choices can even impact the end user, even though they are unlikely to necessarily understand how, or even necessarily be aware of them.

Just because you *CAN* do the same thing in any imperative language that you can do in one particular one does not mean that they are all equally good choices, Choice of programming language should be less about making everything look like a nail because all you have is a hammer and more about picking the right tool for the right job.

Your prof was right... language choice is "just syntax"... but in the real world, "just syntax" makes a world of difference.

Re:Nah.

[shutdown+-p+now]

This is for the scenario where said last line of defense is meaningless. When your VM is, essentially, all about running a single process, like a webserver, the only thing that's behind the aforementioned last line is the kernel itself... and nothing else. In other words, there's no practical difference here between one particular userspace process being compromised, and the entire OS being compromised, since that process is the only thing that matters. It's also not a situation where you try to clean up the system if it has been compromised - you just scrap the VM and re-create it from a snapshot.

Re:So no benefits of C and all the bugs/problems C

You are holding your C++ "howto" book the wrong way. Of course you need to be highly educated to properly use C++.

But if you have reached that level, you can do things like generic container classes which have bounds-checking, for example. Or your own string class with similar properties. That will immediately kill about 30% of current exploits, as they depend on all the shitty aspects of *real-world* C software-engineering.

Security is by now the most important issue in applied computer science. C++ helps you towards that in a way C can never do.

Re:So... no separation between system and userspac

[PlusFiveTroll]

http://www.cvedetails.com/vulnerability-list/vendor_id-802/product_id-2219/Argosoft-Argosoft-Mail-Server.html

http://www.cvedetails.com/vulnerability-list/vendor_id-31/Sendmail.html

http://www.cvedetails.com/vulnerability-list/vendor_id-86/product_id-143/Dan-Bernstein-Qmail.html

http://www.cvedetails.com/vulnerability-list/vendor_id-1565/Mailenable.html

That's not including the anti-virus that commonly scans the email transversing the system.

Re:So... no separation between system and userspac

[znark]

It was also single-user, was it not?

That is correct. Single-user designs were the norm with personal computers of the era. There are some ways around this (, for example) but they're sort of limited.

The lack of memory protection is due to the first models being designed around the plain Motorola 68000 CPU, which lacks a memory-management unit (MMU). Later models were available with beefier and more feature-rich processors from the 680x0 series, some of the including an MMU. You could also buy add-on “turbo cards” (processor cards taking over the functions of the main CPU, effectively replacing it with a faster one.) But by then it was too late. The OS relies heavily on shared libraries and message passing in flat, shared, unprotected memory space.

Otherwise, the Amiga hardware platform and AmigaOS – the first model/version having been released in 1985 – included concepts such as preemptive multitasking, windowed GUI toolkit in the system ROM (no “text mode” at all), overlapping “screens” in different resolutions and bit depths, hardware blitter and DMA-based I/O (including multichannel sampled stereo sound), drivers for devices and filesystems, the “AutoConfig” system for add-on devices (fulfilling the same role as PnP did later in the Wintel world), 8-bit ISO Latin-1 character encoding as standard, windowed command-line shells, shell scripting, inter-process scripting (ARexx), an OS-provided framework of multimedia “datatypes” (handlers/decoders/players for common file types), scalable fonts, clipboard, speech synthesizer as a standard OS feature, etc.

Ignoring Linux and OS/2 for a moment, in some ways it felt the Wintel camp only caught up ten years later when Windows 95 was released to the masses, and at that point, both the OS and the “IBM-compatible” PC hardware platform were still missing some key features and novel ideas that made the AmigaOS so great and elegant in its day.