from Hacker News

Mirage – A programming framework for building type-safe, modular systems

by jmngomes on 11/23/23, 10:48 AM with 88 comments

  • by v1ne on 11/24/23, 7:44 AM

    I'm really sold on the idea: Instead of a full-blown OS, you compile your application with a thin layer of support libraries that provide the OS features that your application needs (network, I/O) and that talks to a hypervisor.

    I mean, if your application runs in a virtualized environment, there's little need to SSH into the system in the first place (except for debugging purposes). Thus, why bother with a full-blown operating system? In the virtualized case, the true OS logic is in the host OS anyway, talking to the hardware. Cutting out all those superfluous layers in the app VM makes it small, start quickly, and gives less attack surface. Sounds like a win-win to me.

    In contrast, FreeBSD on Firecracker is a full-blown OS, but boots in 25 milliseconds on the Firecracker hypervisor.

  • by sprobertson on 11/24/23, 7:26 AM

    I'm intrigued but your site gives me little to go on, I feel like I'm missing a big "what this is" page

  • by 9dev on 11/24/23, 11:49 AM

    What is the benefit over using containers, as in Docker? Whether you use a container runtime or an actual hypervisor comes down to pretty much the same thing, operationally. Both keep your self-contained services alive and distributed. From the application perspective, a container also contains only those parts of an OS the app actually needs, and defers everything else to the host. The only caveat about MirageOS seems to be that your applications need to be written in OCaml, which is a neat language and all, but certainly not mainstream…

  • by pjmlp on 11/24/23, 6:58 AM

    Also with a bit living inside Docker.

    https://mirage.io/blog/2022-04-06.vpnkit

  • by goy on 11/24/23, 10:11 AM

    Another one is HalVM [0], for Haskell. Unfortunately it's not maintained anymore.

    [0] https://github.com/GaloisInc/HaLVM

  • by dinosaure on 11/24/23, 10:04 AM

    You can also have a few examples about unikernels here: https://builds.robur.coop/.

  • by skgough on 11/24/23, 6:59 AM

    The FAQ mentions that this can run in QEMU. Are there cloud providers that support hosting a custom ISO? I feel like that would be hard to secure.

  • by jezovuk on 11/24/23, 8:47 AM

    Is this (functionally) similar to CloudCaptain, ex-BoxFuse?

    https://cloudcaptain.sh/

  • by mkarliner on 11/24/23, 12:46 PM

    Does anyone know if there might be Arm support coming? This strikes me a a nice fit for some single board computers.

  • by xlii on 11/24/23, 8:21 AM

    Personal pet-peeve (from Requirements page):

    > (…) They should build on any modern UNIX (or macOS) system with OCaml and OPAM installed. (…)

    I just checked. MacOS Sonoma is STILL UNIX certified, and I get that wording “any modern UNIX” would not be clear this minor error annoys me.

    s/or MacOS/including MacOS/

  • by cmrdporcupine on 11/24/23, 2:11 PM

    The rough Rust of this is https://github.com/hermit-os/hermit-rs

    Though last I looked it wasn't nearly as mature as MirageOS.

  • by aerzen on 11/26/23, 12:39 AM

    How is this different than running a docker container based on scratch, containing a single statically linked binary?

  • by ekianjo on 11/24/23, 7:38 AM

    Is that similar to Firecracker?