this week on the unikernel application spotlight we check out astra - the blazingly fast web server runtime, written in rust, for lua, luajit, and luau via @aryanpur_elham

Return of the Shai-Hulud

this week on the unikernel application spotlight we get modular on the JVM with @TryBoxLang

containers are totally broken and unfit for production use - good news is that you can have the same cloud run exp by shipping unikernels instead

AWS is promoting rust on lambda to GA https://t.co/LUwSIued8G , but it's too little too late - you can easily run rust unikernels for far less $$, way faster performance, less cloud lock-in and a lot more security

this week on the unikernel application spotlight we drop dropbox and store our files in the OpenCloud.

The OWASP Top 10 was originally released around 2003 and there is a question of whether it is relevant anymore. Let us take a look at how unikernels fit into the new OWASP Top 10 2025 list. https://t.co/QkkgP6KTjI

it shouldn't come as surprise to anyone that nation states collect 0days in open source - the question really is - how do you go about defending knowing some of the "contributors" are actively trying to root your boxen

the rust rewrite of sudo has 2 new cves, one with auth bypass - doesn't matter if you're camp rewrite all the things or camp status quo - use nanos unikernels and you don't have to deal with this at all CVE-2025-64170

new npm worm - who dis? breki

Opensource abandonware is a real problem. Just take a look at CVE-2025-12735 - I mean NPM's expr-eval. No update in 6 yrs, 800k dls last wk. Unikernels obv. prevent the more severe exec abuse shown here but can also use nanos' pledge/unveil support to further lock things down.

this week on the unikernel application spotlight we selfhost our own twitter using fx

3 new container breakouts in runc CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 - containers don't contain! containers are a security dumpsterfire

as more IaC tools arise like @plateng_labs formae, which uses Pkl, we'll support shipping unikernels through them - https://t.co/C89hpXmXgy

https://t.co/FtN9ADGv0V

you can do all this stupid shit and still get owned because you're using an operating system made for a 386 based on an even older one made for the pdp-7 run unikernels

made a slight change to accommodate for diff loaders (ld-yolo-x86_64 symlink to libyoloc) fil-c enabled guests are up && running cc @filpizlo

this week on the unikernel application spotight we go streaming with @in_aanand with unisondb https://t.co/ZjGFT9ejwY

frauds

why use lambda? you can deploy a @bunjavascript unikernel on a normal ec2 instance for less money; better performance; vastly better security