A journey with unikernels in Cagliari

Here is the feedback of Pierre Alain, an Enssat teacher in computer science, who joined as a lecturer at the EDUC summer school at the University of Cagliari.

  

The title of this blog entry could have been "Pop an unikernel and innovate!" referring Rodney Mullen's Ted conference but I was afraid that would be insulting to the Ted conference.

Anyway, one of the key ideas was to try to share that spirit where everyone involved in building something can contribute. That was true in the late 80's for Rodney Mullen and the skateboarding scene, it was also true in computing science in the 70's and I think it's still possible now with unikernels.

Early September, I had the pleasure to give a lecture on a topic related to cybersecurity and labs at the EDUC Summer school of Cagliari University. 

Cagliari university.

Unikernels are not really a recent subject, the fondation principles were laid down at the beginning of the previous decade. As a core team member of the mirageOS library system (it is actually a unikernel which replies to you when you visit the mirageOS website), I was able to present the ecosystem to the students of the summer school.

Since 2013, there has been a whole eco-system of libraries to be built in order to communicate with TCP/UDP on the internet, to encrypt communications with TLS,  to receive or send emails, to access to git repositories, etc. It's really a stimulating and still under construction ecosystem but it also leaves a lot of room for inventiveness and innovation. This technology is still a little ahead of the current uses (containers or "legacy" virtual machines) in the industry, so it's exactly the right time to present it  to future engineers and computer scientists!

Course with the students

The beginning of the day was dedicated to the introduction of the unikernel concept but also to the support language for mirageOS. The whole system libraries are written (with rare low-level exceptions written in C language) with the Ocaml language. This functional language was for the majority of the group a discovery that had to be grasped before moving on to the labs part.

The link with cybersecurity is quite direct since the language gives security by design features (for example with the compiler's checks performed on the types of the various elements, or on the memory accesses performed). As an example and not in any case a proof of the strength of the network stack used by mirage, the bitcoin pinata project has posted a website offering 10BTC to the first person able to establish a SSL connection with the server (all of the source code for replicating the virtual machine "at home" was public) and nobody was able to take these bitcoins.

The practical part consisted in reusing and setting up a web site intended to be used as a blog, which accepts updates as a webhook github. Thus all the users who have writing rights on a github repository have the possibility to update the website served by the unikernel!

I found this experience very enriching with fruitful exchanges and I hope that the students are now as enthusiastic about this technology as I am!