NanoVMs
@nanovms.bsky.social
Run linux workloads faster and safer than linux using the https://nanos.org unikernel.
On the left - a normal t3-med on AWS - on the right a normal t3-med with NanoVMs Inception - for the first time running unikernels *on* ec2 instances instead of *as* ec2 instances. Oh yeh, you can now run firecracker on these too.
June 10, 2025 at 3:27 PM
On the left - a normal t3-med on AWS - on the right a normal t3-med with NanoVMs Inception - for the first time running unikernels *on* ec2 instances instead of *as* ec2 instances. Oh yeh, you can now run firecracker on these too.
So I guess we went ahead and started cutting a MCP integration for the swiss army knife of unikernels - ops - now your agents can spin up/down compute cross cloud in the most performant isolated manner.
May 29, 2025 at 3:04 PM
So I guess we went ahead and started cutting a MCP integration for the swiss army knife of unikernels - ops - now your agents can spin up/down compute cross cloud in the most performant isolated manner.
After almost 10 years k8s finally turns on user namespaces by default.
*golf clap*
Qualys published multiple bypasses not even a month ago.
Know what's better than a user namespace? Not having users in your image to begin with! You can deploy your software without users with nanos unikernels.
*golf clap*
Qualys published multiple bypasses not even a month ago.
Know what's better than a user namespace? Not having users in your image to begin with! You can deploy your software without users with nanos unikernels.
May 17, 2025 at 3:22 AM
After almost 10 years k8s finally turns on user namespaces by default.
*golf clap*
Qualys published multiple bypasses not even a month ago.
Know what's better than a user namespace? Not having users in your image to begin with! You can deploy your software without users with nanos unikernels.
*golf clap*
Qualys published multiple bypasses not even a month ago.
Know what's better than a user namespace? Not having users in your image to begin with! You can deploy your software without users with nanos unikernels.
Google, Microsoft and NPM don't give a rats ass about your software supply chain. Otherwise they would take down known malicious code such as pkg.go.dev/github.com/b... && npmjs.com/package/open...
Of course if you were using nanos unikernels you wouldn't need to think about this.
Of course if you were using nanos unikernels you wouldn't need to think about this.
February 5, 2025 at 12:09 AM
Google, Microsoft and NPM don't give a rats ass about your software supply chain. Otherwise they would take down known malicious code such as pkg.go.dev/github.com/b... && npmjs.com/package/open...
Of course if you were using nanos unikernels you wouldn't need to think about this.
Of course if you were using nanos unikernels you wouldn't need to think about this.
40M LOC - we're now calling it the Large Linux Model
January 30, 2025 at 6:09 AM
40M LOC - we're now calling it the Large Linux Model
when the fragments try to get at you - drop it like it's hot
while most of this should prob be done at the network level we've added more control to our fw klib to drop fragments at the unikernel instance level
while most of this should prob be done at the network level we've added more control to our fw klib to drop fragments at the unikernel instance level
January 18, 2025 at 4:11 PM
when the fragments try to get at you - drop it like it's hot
while most of this should prob be done at the network level we've added more control to our fw klib to drop fragments at the unikernel instance level
while most of this should prob be done at the network level we've added more control to our fw klib to drop fragments at the unikernel instance level
We've got heaps of heaps in nanos. We've got caching heaps, backed heaps, multi-cache heaps, object cache heaps and more. Now we have a new heap that uses a buddy allocator that reduces fragmentation, gets rid of linear search and massively helps balloon inflation.
December 13, 2024 at 12:13 AM
We've got heaps of heaps in nanos. We've got caching heaps, backed heaps, multi-cache heaps, object cache heaps and more. Now we have a new heap that uses a buddy allocator that reduces fragmentation, gets rid of linear search and massively helps balloon inflation.
While we've got plenty of users that don't even use packages - we're now crossing the 300 public unikernel package mark.
December 3, 2024 at 1:02 AM
While we've got plenty of users that don't even use packages - we're now crossing the 300 public unikernel package mark.
FIVE CVEs (CVE-2024-48990 CVE-2024-48991 CVE-2024-48992 CVE-2024-10224 CVE-2024-11003) in needrestart, installed by default on ubuntu servers - written in perl, ran as root and shells out to ruby and python - if you don't code in any of those languges why do you have them on prod? Get unikernels.
November 19, 2024 at 7:09 PM
FIVE CVEs (CVE-2024-48990 CVE-2024-48991 CVE-2024-48992 CVE-2024-10224 CVE-2024-11003) in needrestart, installed by default on ubuntu servers - written in perl, ran as root and shells out to ruby and python - if you don't code in any of those languges why do you have them on prod? Get unikernels.
We've had docker compose style support for running unikernels on mac for a while now - we've now got the same on linux allowing instant zero-config standup/teardown.
November 19, 2024 at 1:44 AM
We've had docker compose style support for running unikernels on mac for a while now - we've now got the same on linux allowing instant zero-config standup/teardown.
If you aren't hacking on the nanos unikernel you prob. don't know we have a ton of toggable logging facilities - mainly for nanos dev - for non-app (eg: syslog/elastic/etc.) related logs we've recently restructured this to be more accessible/adjustable by end-users.
November 16, 2024 at 4:08 PM
If you aren't hacking on the nanos unikernel you prob. don't know we have a ton of toggable logging facilities - mainly for nanos dev - for non-app (eg: syslog/elastic/etc.) related logs we've recently restructured this to be more accessible/adjustable by end-users.
databases are a great fit for unikernels and there is a whole universe of them you can run
October 31, 2024 at 1:44 AM
databases are a great fit for unikernels and there is a whole universe of them you can run