The great promise of Spritely Goblins is to make networking easier and safer. For the past few years, we've focused on developing a toolkit to facilitate this goal. Today, we're proud to announce an incredibly exciting project that will put this toolkit to the test in the largest real-world deployment of Spritely technology so far: a port of the GNU Shepherd system layer to Guile Goblins — the first step in making Guix the object-capability operating system!
The tale of the Shepherd
What is the Shepherd and what does it do?
The Shepherd is Guix's system layer. That's just jargon saying it both starts the system and manages daemons (background programs needed by the system itself) running on Guix system installations. It's also the first system layer ever, originally developed for the GNU Hurd as dmd, the daemon-managing daemon. You may have heard of systemd, which was inspired by Apple's launchd. These were preceded, and possibly inspired, by the Shepherd!
Over the next decade and change, the Shepherd languished with relatively little development, until it was picked up for Guix by Ludovic Courtès, the founder of the Guix project and the Shepherd's lead developer. Now, the Shepherd is rapidly catching up to its descendants in both functionality and reliability. This new initiative will empower the Shepherd with unique new abilities which no other system layers possess, returning this venerable daemon to the forefront of technological development at last.
Putting Goblins to the test
An ambitious demonstration of Goblins OCaps
At this point you might be thinking, "Okay Juli, that's cool and all, but what are you actually doing?" Great question. At the most minimal level, I will port the Shepherd to Goblins. Because the Shepherd is written in Guile and already uses the actor model internally — as does Goblins (we'll come back to this) — the port is a natural extension of the Shepherd's existing architecture.
Integrating Goblins and the Shepherd has been thrown around as an idea for a while within the Guix community for the last couple of years, and Ludovic has been doing work to convert Shepherd to an actor model implementation over time, making this proposal achieve feasibility. But just changing the internal details of the program isn't particularly interesting, and Goblins promises to let us do magic. So why not do some magic?
In addition to a basic port, this project will leverage Goblins to expose the system daemon to users without compromising security. Currently, user services require a separate Shepherd daemon to avoid giving unprivileged users access to system services.
Even more excitingly, we plan to implement a Unix domain socket netlayer in
Goblins and use it to facilitate distributed computing via the Shepherd by
enabling Shepherd daemons on different machines to talk to each other and
control each others' services. This new functionality will be further edified by
allowing services to pass service dependencies as capabilities, including
capabilities on remote services. Or to put it simply, users will be able to
connect multiple distinct machines together at the system layer to act as one
machine for some computing tasks. As an example, in combination with Guix's
deploy, this work will allow Guix to replace solutions like Kubernetes!
These new features will have an immediate positive impact on a large number of users. As mentioned, the Shepherd is the system layer for Guix, which has a substantial userbase; and there have been examples of running the Shepherd in user space on other distributions. In other words, the Shepherd is already widely deployed in many real-world contexts, including clustered computing contexts. With the integration of Goblins and the Unix domain socket netlayer into Shepherd, this project will constitute the single largest real-world deployment of Spritely code to date. We will be putting our tools into users' hands at an unprecedented scale, and we cannot wait to see them put to use!
No goblin is an island
Who else is joining us on this journey?
This work would not be possible without the generous support of the NLnet Foundation. In fact, this is not the only NLnet grant related to Spritely's work! We previously shared our work on bootstrapping OCapN, funded by the Foundation. Today, NLnet is funding two additional grants related to Spritely's work: Whippet and Pre-Scheme!
Whippet is a state-of-the-art, embeddable, plain-C garbage collector intended for inclusion in Guile being developed by Andy Wingo, one of Guile's maintainers and Hoot's lead engineer. It aims to improve the performance characteristics of Guile's garbage collection process, increasing the performance of both Guile itself and all programs written in it, such as Guile Goblins. For those interested in the gory details, Andy explains more in his 2023 FOSDEM talk. We can't wait for this work to land upstream, and congratulate Andy on his grant!
Just as Spritely is bringing past ideas to life in new ways, Andrew Whatson, a well-respected Scheme hacker and long-time member of the Spritely community, is working to port the venerable Pre-Scheme to Guile. This new Pre-Scheme will serve as a modern, statically-typed systems programming language in the Guile — and thus Spritely — ecosystem, a continuation of an idea our own Christine Lemmer-Webber proposed some time ago as "Guile Steele"!
Pre-Scheme and Pre-Spritely
Pre-Scheme is a statically-typed, compiled (Scheme-to-C) systems programming language related to Scheme which was used to implement the VM and garbage collector for Scheme48. Modernizing this proven systems language will strengthen the Scheme world with new tools to build amazing programs.
Additionally, Scheme48 is the language described in Jonathan Rees's "A Security Kernel Based on the Lambda-Calculus". The dissertation is based on the observation that object-capability security is a restricted form of the actor model. Scheme, the language family of which Guile is a member and from which Racket is descended, was initially formulated to implement and explore the actor model. This paper is why Spritely uses Scheme — Scheme already does much of the work needed for object-capability security.
All of these connections mean that we are also very excited for Andrew's work. If you're interested in the more technical aspects, he also gave a talk at FOSDEM 2023. Congratulations on your NLnet grant, Andrew!
Onward and outward
What all this means for the future
Alongside the Goblins 0.13 release and ongoing Hoot development development, these NLnet projects show that the future is bright for Spritely and our work.
The Shepherd port demonstrates that Spritely tech is ready to improve end-user computing security while enabling new kinds of connections. We delight that Goblins is mature enough to serve as the foundation for such interesting work. As we look toward tomorrow, we're excited to see what new paradigm shifts our work on the Shepherd, Andy's Whippet work, and Andrew's Pre-Scheme work will empower!
Be sure to subscribe to our RSS feed or check back here for progress on the Shepherd project and other updates in the Spritely space, and join us on our forum to discuss these exciting developments with the team and our wider community!