warning icon QCon London 2021 has been canceled. See our current virtual and in-person events.
You are viewing content from a past/completed QCon

Track: Modern Operating Systems

Location: Mountbatten, 6th flr.

Day of week: Monday

Decompose the modern operating system, LinuxKit, Containers, Unikernals, eBPF, and more.

Track Host: Justin Cormack

Developer @Docker

Justin Cormack is a software engineer at Docker. He works on security, developer tooling and more. He is always interested in new programming language technology.

10:35am - 11:25am


Why aren't operating systems more like applications?
We live in an era of application microservices, even nanoservices. Each application serves precisely its purpose, living for exactly how long it needs. When we need it to do something else, we either create a distinct service, or rebuild and replace the existing one. Applications last seconds to minutes, at best hours.

What's good for the application goose, is great for the operating system gander.

Welcome to LinuxKit, a modern operating system composer. You compose precisely the components you need into a super-lightweight distribution, deploy it, and then throw it away when no longer needed.

In this talk, we will:

  1. Introduce LinuxKit, its history and purpose, and how it differs radically from the operating system distributions with which you likely are familiar.
  2. Delve into LinuxKit's design and architecture.
  3. Explore how LinuxKit offers new ways of operating, plugging operating systems as first-class citizens directly into our deployment pipelines.

And, of course, we will build and deploy immutable, bootable, purpose-built images in minutes live on-stage.

Avi Deitcher, Managing Consultant @Atomic Inc.

11:50am - 12:40pm

Panel: Secure Isolation of Applications

Applications have been isolated by lots of different means: processes, virtual machines, containers, and new methods are appearing such as SGX and in-process isolates. What is secure? Have Spectre and Meltdown changed the landscape? What should we use? Ask our expert panel.

Justin Cormack, Developer @Docker
Jessie Frazelle, Engineer @github, Xoogler, Ex-Docker Core Maintainer
Per Buer, CEO @IncludeOS
Allison Randall, Director at Eigenstate
Kenton Varda, Tech lead @Cloudflare Workers

1:40pm - 2:30pm

A Journey Into Intel’s SGX

This talk will give a deep dive into Intels SGX technology by way of a story. First, it will cover an overview of computer architecture as background. Following that, will be a walk through of one version of the hardware and it’s flaws, what changed in the next version... and it’s continued and escalated flaws as speculative execution attacks became center stage. The talk will go over the attacks mean as a threat and how they work. The part of the story that will truly be interesting though is not the very technical attacks and overview, shocker even though that is quite cool, BUT a very hidden and interesting detail in the way the technology is licensed and it’s effect. Come to the talk for the journey, stay for the laughs and horrors.

Jessie Frazelle, Engineer @github, Xoogler, Ex-Docker Core Maintainer

2:55pm - 3:45pm

Fine-Grained Sandboxing With V8 Isolates

In an ideal world, code would always run as close as possible to the things with which it communicates -- end users, storage, external APIs, etc. However, most software stacks are only cost-effective if applications are long-running, handling many events in one place. We need a new approach that can efficiently load code to handle just one event, so that it can be executed wherever is best for that one event, across a distributed network.


Kenton Varda explains how Cloudflare solved this problem by building a compute platform using V8 isolates instead of containers or VMs, achieving 10x-100x faster cold starts and lower memory footprints. We'll go through technical details of embedding V8, distributing code, scheduling isolates, resource management, and security risks.

Kenton Varda, Tech lead @Cloudflare Workers

4:10pm - 5:00pm

The Future of Operating Systems on RISC-V

RISC-V is a free and open instruction set architecture that is seeing frenzied development activity. It also represents a new development model for the hardware industry, enabling cross-industry collaboration on a common standard and spawning a range of open source implementations. This ability to influence its development and to produce new designs by modifying an open source base offers a range of opportunities for closer co-design of hardware and software. With a lower backwards compatibility burden, there is also the potential to break away from design decisions of the past.

This talk will give an overview of the status and development of RISC-V as it relates to modern operating systems, highlighting major research strands, controversies, and opportunities to get involved.

Alex Bradbury, Co-Founder and Director @lowRISC, LLVM hacker

5:25pm - 6:15pm

Unikernels Aren’t Dead, They’re Just Not Containers

For years we’ve been observing the Unikernel concept gather and then lose steam. Unikernels where put forward as the next evolutionary step beyond containers. However, unikernels are fundamentally different beasts and they really have very little in common with containers. I’ll try to look away from the hype and look at the fundamentals of unikernels, what are the principle differences between them and general purpose operating systems and what applications follow this. 

I’ll also look in depth at one of the IncludeOS application we’ve built, how we built it and how it has worked out in production.

Per Buer, CEO @IncludeOS

Last Year's Tracks