This is relevant to what I have been learning about recently!
I'm getting ready to launch an online game and I'm dealing with "how do I just run my game server on dozens of boxes without dealing with linux stuff".
I don't really have an answer yet (leaning into "just get one really powerful box" lol), but my investigation into the problem so far has been pretty interesting.
You can conceptualize the "my program + the OS" as a single program. It's not a pretty picture. Lots of global mutable state. (Also it randomly modifies itself??)
The whole point of Docker appears to be "I just want to run my program", in the least painful way possible. Immutable Linux extends the "lean in the direction of sanity" idea. (The programming and OS worlds seem to be learning the same lessons, from different angles.)
And then there's "it turns out the OS solves problems I don't have, while creating many new problems", which leads to Unikernels. Fun stuff ;)
In a perfect world, I wouldn't need the OS at all. Docker gives me two Linuxes to worry about! The number of operating systems I want to worry about is zero!
Which brings us to Unikernels! Just ditch the OS! Technically the right answer, except... now I'm a kernel developer? Maybe that's the least bad option, long term.
As long as there is software, you cannot shortcut the need for maintenance. Nothing is bug free, and telling people they will never need to upgrade/patch/maintain a system is a well-paved path to compromised systems.
> Nothing is bug free, and telling people they will never need to upgrade/patch/maintain a system is a well-paved path to compromised systems.
Of course nothing is. But there's a reason projects like "Talos" do exist: no terminal, no SSH, no package manager (how do we like package managers like NPM lately btw?), read-only filesystem, definitely no systemd, etc.
And then a minimal number of executables.
This does, definitely, reduce the attack surface.
I'm not speaking about this Show HN's project but there are such things as systems both more secure and requiring less maintenance than others.
Throwing in the towel and saying: "nothing can ever be 100% secure so we'll always need to patch so we may as well YOLO by accepting npm packages modified 3 minutes ago" is not the way to go forward either.
I'm a novice in this space I think. I've self-hosted for over a decade and around 2019 I moved over to Unraid, which is generally pretty visual (web portal or configuring and doing maintenance). I find the web portal very easy. How does one interact with your home server OS? I assume it's all via terminal because there are no pictures on the website?
I like the idea of something like this for swarm mode clusters; not sure if you’re focused on the home server aspect exclusively, but I’ll be following along.
Thanks!
I'm only announcing it for home servers because that's where most people are willing to try it out. But Lightwhale is already running in production, and it makes an excellent Swarm cluster.
can't imagine a world in which I'd download a little known distro to put on my home network and use as a server. also, doesn't fedora already have something like this already?
So I’ve just set up my home server with Ubuntu server, installed docker with one line and I’m off to the races. What’s different/ exactly the value prop of this? You mention maintenance, of what exactly? Is your server a slimmed down version to run on less powerful hardware? Genuinely curious as I’m new to setting up a home server so seeing how this would benefit me.
I do the same thing. Being immutable is supposed to be great for updates. New image version and if there's a problem you can boot back to the last version no problem.
But functionally, like you I find Ubuntu server fine. I run apt update and upgrade a couple times a year and its local only with tailscale access.
I find these immutable OS's really nice on laptop or desktop. The home directory is the only thing that can be written to so the OS is supposed to be more stable and can't break easily
I'm getting ready to launch an online game and I'm dealing with "how do I just run my game server on dozens of boxes without dealing with linux stuff".
I don't really have an answer yet (leaning into "just get one really powerful box" lol), but my investigation into the problem so far has been pretty interesting.
You can conceptualize the "my program + the OS" as a single program. It's not a pretty picture. Lots of global mutable state. (Also it randomly modifies itself??)
The whole point of Docker appears to be "I just want to run my program", in the least painful way possible. Immutable Linux extends the "lean in the direction of sanity" idea. (The programming and OS worlds seem to be learning the same lessons, from different angles.)
And then there's "it turns out the OS solves problems I don't have, while creating many new problems", which leads to Unikernels. Fun stuff ;)
In a perfect world, I wouldn't need the OS at all. Docker gives me two Linuxes to worry about! The number of operating systems I want to worry about is zero!
Which brings us to Unikernels! Just ditch the OS! Technically the right answer, except... now I'm a kernel developer? Maybe that's the least bad option, long term.
first read looks good, excited to try.
Of course nothing is. But there's a reason projects like "Talos" do exist: no terminal, no SSH, no package manager (how do we like package managers like NPM lately btw?), read-only filesystem, definitely no systemd, etc.
And then a minimal number of executables.
This does, definitely, reduce the attack surface.
I'm not speaking about this Show HN's project but there are such things as systems both more secure and requiring less maintenance than others.
Throwing in the towel and saying: "nothing can ever be 100% secure so we'll always need to patch so we may as well YOLO by accepting npm packages modified 3 minutes ago" is not the way to go forward either.
I've long since thrown everything with a user count > 1 out.
Kudos to the great project!
But functionally, like you I find Ubuntu server fine. I run apt update and upgrade a couple times a year and its local only with tailscale access.
I find these immutable OS's really nice on laptop or desktop. The home directory is the only thing that can be written to so the OS is supposed to be more stable and can't break easily
> Can you please add wget, nano, $my_fav_app_omg_i_love_it to the root filesystem?
> No, not likely.
I am guessing the way to use software not already in the image is to use `docker run`.