This is an awesome idea. Every now and then a revolutionary concept comes along that points the way to all future computing. This is the future of any public facing computer. You must understand the concepts here if you are involved with web development at any level. If you haven't yet wrapped your head around this, then you should.<p>The key concept here is about security.<p>Imagine you could compile your web application/website into an application that has nothing else but the required network drivers and minimal hardware drivers needed to execute. That is (as far as I can tell from a brief look) what Mirage does. Using such an approach there's nothing for hackers to log in to - no shell to use, no other insecure cruft on the system potentially leaving holes. The attack surface of such a system is extremely low relative to putting fully powered and configurable interactive operating systems onto the Internet.<p>Hackers are showing that almost everything is hackable without expensive, constant, expert attention to security of every aspect of your systems. Even then zero day exploits expose systems within seconds or minutes of the exploit becoming known.<p>This is not to say that such systems cannot be hacked, but rather to say that in such an approach the attack surface is dramatically lower than in current approaches to deployment.<p>Perhaps more likely to change the way that people think about the concept of web application development in the longer term is that the application/server allows for the possibility of "high resolution server instances" in which a virtual machine can be started in milliseconds, perhaps to service only one query, and then vanish again. Instead of renting your instance from Amazon that runs per hour and does nothing most of the time, your infrastructure will be truly scalable with nothing running at all until its needed and then precisely as much computing power will be used as is required to meet the inbound demand. No longer will you need to "start a web server" which then chugs and rumbles into existence as all its various unneeded-at-most-times processes start. Instead, connect your application/server AMI to the Amazon spot instance marketplace.
For people interested in this I recommend the ACM article on Unikernels [1]. It's a good overview of the approach and the benefits/trade-offs. Then take a look at <a href="http://nymote.org" rel="nofollow">http://nymote.org</a> to see the kind of things we want to start building with this approach.<p>[1] <a href="http://queue.acm.org/detail.cfm?id=2566628" rel="nofollow">http://queue.acm.org/detail.cfm?id=2566628</a>
I don't work in a sphere that would make this relevant to me, but I think this paradigm is probably the future! "General purpose operating systems are dead!", proclaimed bjackman.<p>Anyway, also see: OSv: <a href="http://osv.io/" rel="nofollow">http://osv.io/</a> similar idea but with the JVM. I believe some pretty well known Clever People are working on it - can't remember who, though.. anyone know?
There was already a "MirageOS", for TI calculators:<p><a href="http://www.ticalc.org/archives/files/fileinfo/139/13949.html" rel="nofollow">http://www.ticalc.org/archives/files/fileinfo/139/13949.html</a>
I understand how using type-safety and streamlined modular systems might be good for security, but I fail to see the point in letting developers be closer to the bare metal. All the security abstractions built into traditional OSes are not there for no reason. Why should I trust the OCaml stack more than the alternatives?<p>This looks like something a really educated/disciplined company could use for creating some crazy cool infrastructure. It's hard to see it taking off for the average Joe.
There's only room for one MirageOS in my heart, and it runs on the TI-83+ <a href="http://www.detachedsolutions.com/mirageos/" rel="nofollow">http://www.detachedsolutions.com/mirageos/</a>
Tried to read the paper mentionned on the website, and wondered : does "libOS" /unikernel concept means that the application is built as a kernel extension, and thus runs in kernel land ( so no context switching occures) ?
Is this an explanation for the performance gains ?