New Operating System Seeks To Replace Linux In the Cloud

New submitter urdak writes "At CloudOpen in New Orleans, KVM veterans Avi Kivity and Dor Laor revealed their latest venture, a new open-source (BSD license) operating system named OSv. OSv can run existing Linux programs and runtime environments such as a JVM, but unlike Linux, OSv was designed from the ground up to run efficiently on virtual machines. For example, OSv avoids the traditional (but slow) userspace-kernel isolation, as on the cloud VMs normally run a single application. OSv is also much smaller than Linux, and breaks away from tradition by being written in C++11 (the language choice is explained in in this post)."

So... no separation between system and userspace..

[Anonymous Coward]

No security either.

GPL trumps BSD as a usable open source licence

[evanh]

If the BSD licence was as useful as GPL then Linux would never have grown in the first place.

Re:GPL trumps BSD as a usable open source licence

[geekoid]

They are different and for different purposes. There is no 'trumping' there is which one is right for your purpose.

Also, there are more BSD systems then GPL. Not that it matters, but I thought you should be aware of that. There are about a billion iOS devices alone.

Re:GPL trumps BSD as a usable open source licence

[jedidiah]

You're going to go with that lameness? Seriously? You are a couple years late for that since Android has popped that little bubble.

BSD is great for wannabe Robber Barons.

Everyone else can play nice with the rest of civilized society.

Even most of the wannabe Robber Barons can.

Off the pig! Time to get rid of OSs on VMs.

[Animats]

This is a language-support library. It replaces the C runtime system, and the bottom levels of the Java runtime system. For environments where a virtual machine is running one program, or a family of tightly related programs, that's all you really need. The real operating system is the hypervisor underneath and the remote management tools that run the cluster.

Linux, with millions of lines of code, just isn't doing much inside a VM. It's not managing the memory. It's not handling real devices. It's not handling real interrupts. It may not even be managing any file systems - in cloud environments, those are usually out on some storage area network. It's just a big fat pig of an OS that needs to be fed patches and attention to keep it going, while not doing any useful work.

Within the virtual machine, there are no security boundaries. This may be a problem if more than one application is running in the VM. But if you only have one big program with many threads running, the OS isn't doing anything for you in security anyway.

Re:It's just syntax.

[mark-t]

When a particular choice of programming language makes the resulting work easier for others to understand and maintain or modify, simply because things have been expressed in a manner that is more natural to understand with relation to what is actually being done, "just syntax" makes a HUGE difference.

Re:Off the pig! Time to get rid of OSs on VMs.

[TechyImmigrant]

So it's like DOS running on a VM. Yay!

Re:Nah.

[Penguinisto]

I'll take my server OS tried-and-tested, thanks.

Even moreso - I prefer my server OSes to have that kernel/userspace separation. Sometimes that's the last line of defense against a fully-compromised system (see also, say, the typical crappily-coded PHP "application" that has the typical great big security hole (or four) in it...)

I get the drive for making the OS as thin as possible, but sometimes folks need to stop and think it through a little before they commit to doing it at all costs.

Re:Off the pig! Time to get rid of OSs on VMs.

[tftp]

The thing they have "invented" is called RTOS. Typically, an RTOS is a simple kernel that is not using any memory protection features. That's how they started, at least - but over time some RTOS got separation between userspace and kernel space. VxWorks, for example, offered that option back in the year 2000.

Separation of one and the other is not just needed to protect from hackers. It creates a stable, reliable supervisor ring (hello, SVC command from IBM/360!) that can do whatever it wants to the userspace, whereas the userspace can't do anything to the supervisor. This allows the kernel to start, stop and monitor userspace applications, guaranteeing system integrity. If you don't have that, any bug, anywhere, can create unpredictable and undetectable faults within the system - and you will never know until the thing crashes horribly, which will eventually happen.

Re:a C++ kernel

[bored]

Then explain why would you use C++ instead of C? If you are just going to cut it down to things C does? If you are going to do things C can't, then you will have the performance penalities. Your statments are not really valid.

Because there are cases where you are manually creating a construct in C, that is handled automatically by the compiler in C++.

Take virtual methods for example. The linux kernel is chuck full of structures filled with function pointers. That is a virtual method in C++, except in C++ you don't have to worry at runtime if the function your calling is NULL because the compiler assured that during compile time. This allows micro-optimization, and more natural error handling. Plus, the syntax is standard, so that every 3rd driver writer isn't creating their own version of the same thing.

Then there is generic data structure management. The kernel is full of macros for RB trees, linked lists/etc. Using templates for this allows better micro optimization without the programmer having to get involved.

There are a lot of reasons, and most of the negatives can be answered with, a the simple statement, don't use that feature.

Re:Nah.

[shutdown -p now]

This is for the scenario where said last line of defense is meaningless. When your VM is, essentially, all about running a single process, like a webserver, the only thing that's behind the aforementioned last line is the kernel itself... and nothing else. In other words, there's no practical difference here between one particular userspace process being compromised, and the entire OS being compromised, since that process is the only thing that matters. It's also not a situation where you try to clean up the system if it has been compromised - you just scrap the VM and re-create it from a snapshot.

Re:GPL trumps BSD as a usable open source licence

[Microlith]

And you've set your entire argument up in a biased fashion too.

GPL: the positive feedback loop is damped by the unattractiveness of the license to many potential contributors, particularly GPLv3. Fewer participants equals less resources spent developing the project.

A claim which is possible but largely lacking in evidence.

BSD: the claimed negative feedback loop almost doesn't exist.

Additionally unfounded. Given that BSD sources can be downloaded, modified, and their changes never see the light of day the loss of information is virtually guaranteed. Not to say it doesn't happen with the GPL, but it's actually a legal risk to allow it to happen.

Because the reason they're using open source in the first place is to reduce their own workload, and maintaining a private fork of a public codebase turns out to be a lot of work.

And yet there are plenty of vendors who would do just that if it suited their purposes. Your argument for staying upstream is entirely logical, but then, many corporations are not run in a logical fashion.

Basically the only time this actually happens in the BSD-licensed world is when someone decides

Would you ever know?

GPL zealots

Nothing worse than responding to a reasonable post with an invective.

In reality, productive sharing is always an outcome of shared interests between all the parties involved, not the license.)

But only so far as it suits their business interests. The GPLv3 was created to further advance its goals which have always been to ensure the software is free and that the recipient of the software is never encumbered by whomever they receive it from.