Ok, so IIUC, the main difference with firecracker versus docker is that processes are better separated from each other ("micro VM" instead of namespaces) and that one can run a customized kernel. But for e2e tests I've written, neither of these advantages mattered.
I do love the idea of taking a snapshot of a prebuilt database image and can see where this would really speed up the tests.
Oh yeah, man, FoxPro... for a year or so in 2008 I was responsible for a FoxPro database of music venues and artists for an agency. Felt really interesing to maintain a system that's older than me.
When we modernized all desktops in the office, I set up Win2k in Qemu on each of them, which loaded the FoxPro thing from a shared network mount. I'm just realizing 19-year-old me never checked if FoxPro supported simultaneous access. It surely did, at least I hope so :-)
edit: However, 19-year-old me was smart enough NOT to touch that Solaris or whatever-it-was server hosting the FoxPro thing.
According to the linked article there was no wait until about a month ago, except for a short blip at the end of 2019. But now the waiting list is growing rapidly and the wait is increasing by about three quarters of a day per day.
You've opened up a can of something. Check this out:
Zeke = 4 letters. Ezekiel, the long form = 7 letters (note this number, cos it will come up further down).
Cloak = 5 letters.
4 + 5 = 9.
9 is the number of spiritual adepts that govern the 7 Universes.
9 * 7 = 63.
Add those two digits, and you get 9, again.
See where this is headed?
No experience with Firecracker specifically, but if squashfs images are sufficient, one should be able to build a tar archive of the filesystem without root (where all the files have the correct owners, mode, etc.) and then convert it to squashfs using `tar2sqfs` in https://github.com/AgentD/squashfs-tools-ng, also without root - I've done something like this to create squashfs images in constrained build environments, which worked well.
I similarly have built bootable disk images with various tools including buildah and have never been able to fully get away from needing root for various chrooty/loopbacky parts of the process. In principle, it should be very possible to point grub at a filesystem-in-a-file and be like "install to that", but I could never make it happen; it always wanted to be trying to infer things about how to configure itself from examining the host system.
And yes, I've studied the OpenWRT build to no avail. I would be delighted for someone to dissect whatever it is that goes on in there and write it up.
Ignite looked intruiging when I checked it out recently - but I need to import rootfs tarballs directly, without going through any registries. Any helpful pointers are appreciated :)
I think performance is just a top priority as security, I remember how in their first whitepaper they already talked about how they batch up packets and stuff like that. Also the whole approach of kernelspace instead of userspace is just for performance.
Actually, I think in the beginning there was even a "marketing chart" with throughput numbers in addition to the chart with lines-of-code numbers?
Edit: performance being a top priority also makes sense strategically: if you want people to use secure software en-masse, then the experience needs to be stellar in UX and performance as well.
