Firecracker runs a full Linux guest within KVM while TinyKVM runs just a single process within KVM and handles syscalls on the host by validating permissions then calling the host kernel syscall.
This minimises memory usage and lets us track file descriptors which lets us very quickly reset the guest process (under 100us for deno.)
TinyKVM is probably most similar to gVisor in KVM platform mode. TinyKVM implements a smaller number of sys calls and is focussed on making resets as fast as possible.
Running sys calls on the host means there is approximately 1µs overhead per syscall from exiting and entering KVM so I'm not sure how well that would work for GUI applications.
And we currently only have very rudimentary support for threads, enough for a server program with ancillary threads to boot up but the expectation is currently that the call into TinyKVM only runs a single thread and we fork multiple copies of the VM to handle requests in parallel.
> Running sys calls on the host means there is approximately 1µs overhead per syscall from exiting and entering KVM so I'm not sure how well that would work for GUI applications.
That made me rather curious how many syscalls a complex GUI application might issue. I wanted to see how many syscalls were happening across my entire system. Thanks to StackOverflow I have a snippet that seems correct[1]:
> perf stat -e raw_syscalls:sys_enter -a -I 1000 sleep 5
Using this, it seems that most programs (as you would probably guess) don't execute a whole lot of syscalls when they're idle. However, starting a complex GUI program definitely causes a pretty massive flurry of syscalls. Starting winecfg without an already-existing wineserver spews a lot of syscalls, somewhere in the neighborhood of 500,000. If we assume that each syscall takes on average around 2µs including the overhead and that they're all serial, I guess that would add up to about 1 second spent on syscalls. That's probably making way too many assumptions, but it does make me feel like it's not completely infeasible to run GUI applications inside of a sandbox like this, though it may very not be compelling when the overhead is factored in.
And of course, just because it could be done does not mean it should, anyway. Even if this is a good idea, I doubt it makes any sense for TinyKVM to be attempting to do it. What TinyKVM does do is already very interesting and probably a lot more practical anyways. It'd probably be better to fork off or build an entire purpose-built sandbox for GUI software, realistically.
Still, pretty interesting stuff to think about.
> And we currently only have very rudimentary support for threads, enough for a server program with ancillary threads to boot up but the expectation is currently that the call into TinyKVM only runs a single thread and we fork multiple copies of the VM to handle requests in parallel.
BTW, I think this design is really cool. This is something I have wanted to exist for a while, even though I don't practically need it.
I'm pretty hopeful that the combination of per-request isolation and the new snapshot functionality we're currently working on will be a big step forward for those running server-side JS at scale.
Having each request start from the exact same program state should make reproducing and fixing production issues easier. In a way it combines the predictability of the CGI programming model with the speed of a warmed modern JIT runtime.
> my React sentiments at the time seemed to be relatively common: React felt like a breath of fresh air.
This was exactly how I felt. I building a Backbone app around the time React was released. It was only around 2600 lines of JS at the time but event handling and state management already felt like a tangled mess.
Porting it to React was a huge improvement even at that scale and really paid off over the next 5 years of development.
Home solar makes perfect sense in Australia - a market with similar Labour costs to California - because they do it for 1/3rd of the cost.
It makes no sense in California when the subsidies alone are higher than the total costs for utility scale solar.
Each of my Audi A4 wagons has suffered catalytic converter failure around 200,000 miles / 350,000 km which has rendered them uneconomic to repair (at least in California.) But it's about the only wagon on sale in the US (SUVs do not fit in my garage) so I guess I am stuck with them. It seems more economic to buy a cheap one and drive it into the ground (one can buy two used Audis for the equivalent Toyota/Lexus.)
Much of this is a result of the way health insurance and spending is classified, with only 35% paid for by government in Switzerland rather than 80% in most other EU countries and 55% in the US.
Adjust for that and government spending would be around 39%, still low for a rich European country, but not so far off of somewhere like the Netherlands or UK (about 44%).
Sure, but there are private aspects to the system and if we are going to list everything that is strongly regulated by the government you likely get to a higher number. The Dutch, as far as I know, but not sure, also have some kind of private insurance system, so might get hard to compare.
Healthcare is such a large part of national expenditure that I think it is worth adjusting for it when comparing government expenditure shares of GDP. It is around 12% in Switzerland.
Many countries organise healthcare largely through non-government health insurers, but those still get counted as part of government expenditure in both Netherlands (69%) and Germany (80%), not much less than the UK's (83%) with a National Health Service. Switzerland on 35% is a huge outlier here.
In terms of administration the Swiss system seems not completely dissimilar to the German system in that coverage is mandatory and there are a range of non-profit providers to choose between. But the Swiss scheme is classified as private expenditure because its mandatory payments are made directly with income based subsidies rather than equivalent amounts being paid through the tax system.
That one simple accounting change lowers the government share of GDP by 5.4%.
I wonder to what extent that identity is more complex than just being Swiss though? The Geneva metro area sprawls across the border with large numbers of workers commuting in from France.
French and Flemish speaking Belgians would no doubt consider themselves more Belgian than French or Dutch but there are still substantial cultural differences within Belgium.
Just look at Swiss TV dramas. They are a unwatchable, even worse than those of their neighbors. So why is their TV so bad, when they do have much better authors than their neighbors? The movie films are a bit better, but only a bit.
I blame the TV producers, which sank into the social causes pudding. There cannot be any good art if everything is checked and balanced. Death by committee. In Germany they had similar problems but got out of this mess.
This minimises memory usage and lets us track file descriptors which lets us very quickly reset the guest process (under 100us for deno.)
reply