SESSION + Live Q&A

Fine-Grained Sandboxing With V8 Isolates

Watch video with transcript

In an ideal world, code would always run as close as possible to the things with which it communicates -- end users, storage, external APIs, etc. However, most software stacks are only cost-effective if applications are long-running, handling many events in one place. We need a new approach that can efficiently load code to handle just one event, so that it can be executed wherever is best for that one event, across a distributed network.

 

Kenton Varda explains how Cloudflare solved this problem by building a compute platform using V8 isolates instead of containers or VMs, achieving 10x-100x faster cold starts and lower memory footprints. We'll go through technical details of embedding V8, distributing code, scheduling isolates, resource management, and security risks.

Speaker

Kenton Varda

Tech lead @Cloudflare Workers

Kenton is the architect of Cloudflare Workers, a "serverless" compute platform which distributes your code to 165+ locations globally so that it always runs as close to the client as possible. Prior to joining Cloudflare, Kenton created Sandstorm.io and Cap'n Proto. Further back, while at Google,...

Read more

Speaker

Kenton Varda
Kenton Varda

Tech lead @Cloudflare Workers

Location

Westminster, 4th flr.

Track

Modern Operating Systems

Topics

Interview AvailableOperating Systems

Share

Share Share

From the same track

SESSION + Live Q&A Interview Available

LinuxKit

Why aren't operating systems more like applications?We live in an era of application microservices, even nanoservices. Each application serves precisely its purpose, living for exactly how long it needs. When we need it to do something else, we either create a distinct service, or rebuild...

Avi Deitcher

Managing Consultant @Atomic Inc.

SESSION + Live Q&A eBPF

A Journey Into Intel’s SGX

This talk will give a deep dive into Intels SGX technology by way of a story. First, it will cover an overview of computer architecture as background. Following that, will be a walk through of one version of the hardware and it’s flaws, what changed in the next version... and it’s continued...

Jessie Frazelle

Engineer @github, Xoogler, Ex-Docker Core Maintainer

SESSION + Live Q&A Unikernel

Unikernels Aren’t Dead, They’re Just Not Containers

For years we’ve been observing the Unikernel concept gather and then lose steam. Unikernels where put forward as the next evolutionary step beyond containers. However, unikernels are fundamentally different beasts and they really have very little in common with containers. I’ll try to look...

Per Buer

CEO @IncludeOS

SESSION + Live Q&A Operating Systems

The Future of Operating Systems on RISC-V

RISC-V is a free and open instruction set architecture that is seeing frenzied development activity. It also represents a new development model for the hardware industry, enabling cross-industry collaboration on a common standard and spawning a range of open source implementations. This ability...

Alex Bradbury

Co-Founder and Director @lowRISC, LLVM hacker

PANEL DISCUSSION + Live Q&A Open Space

Panel: Secure Isolation of Applications

Applications have been isolated by lots of different means: processes, virtual machines, containers, and new methods are appearing such as SGX and in-process isolates. What is secure? Have Spectre and Meltdown changed the landscape? What should we use? Ask our expert panel.

Justin Cormack

Developer @Docker

Jessie Frazelle

Engineer @github, Xoogler, Ex-Docker Core Maintainer

Per Buer

CEO @IncludeOS

Allison Randall

Director at Eigenstate

Kenton Varda

Tech lead @Cloudflare Workers

View full Schedule