Diskless infrastructure in beta (System Transparency: stboot) (2022) (opens in new tab)

I love the concept. I created and ran a PXE/netbooted full OS on ramdisk[1] for my old companies servers for years. We were in the high performance computing and storage space. Stateless machines have so many advantages over stateful.

That said, solving a trusted boot problem was not something I could tackle alone. I didn't have a sense for how much/little I could trust the machine/bios/firmware. None of the tooling I considered (hashing firmware/boot data/etc.) seemed secure without a whole additional infrastructure.

I'm thrilled to see this implemented though.

[1] modern version here: https://github.com/joelandman/nyble

Absolutely this! Great service, alongside technical solutions, on the part of Mullvad.

Thanks!

> Wow, I had no idea "diskless infrastructure" was even a thing.

OVPN[1] (Swedish jurisdiction) have been diskless[2] since day one, and this has been tested and proven in court[3]:

"To summarize the verdict, the Rights Alliance and their security experts have not been able prove any weaknesses in OVPN's systems that could mean that logs are stored. OVPN therefore wins the information injunction as our statements and evidence regarding our no log VPN policy have not been disproven. The movie companies also need to pay OVPN's legal fees which amounts to 108 000 SEK (roughly $12300 at current exchange rate)."

[1]https://www.ovpn.com [2]https://www.ovpn.com/en/security [3]https://www.ovpn.com/en/blog/ovpn-wins-court-order

Netbooted machines were not that uncommon in the past. I implemented and ran a large scale nfsroot build farm around 2010. The company was in the business of high end NFS storage so maximum dogfooding was a part of the goal. Prior to that at another company we had most of the infra (including stuff like corporate email and web servers) and also all the engineering user desktops on nfsroot. Seems a bit crazy in a hindsight but it got the company through the startup years and shipping several generations of products.

It used to be pretty common (in the late 1980s) to run Sun workstations without hard disks, all booting off an NFS server. But then disks got cheap... I always set up a boot server hosting a bunch of BSD/Linux images so I could install an OS remotely (to a local disk) without running around with a CD or USB stick.

Been a thing for a long time. I first ran into it back in the Novell days with RPL netbooting, and it's moved through BOOTP to PXE booting. Biggest benefits pitched are usually "lower cost" and "centralized management".

As an example, X Terminals all worked this way. Much of the old Sun Microsystems "The Network Is The Computer" pitch was having low-end, diskless SPARC machines (e.g. SLC, ELC) netbooting and mounting disk and doing heavy lift compute via NFS & X11 from large SPARC servers and storage arrays.

You can look at the Linux Terminal Server Project (ltsp.org) for some reasonably current ideas of what someone might do with this.

Various flavours of diskless booting have been there since decades.

Simple example - thin client that boots off readonly NFS and just mounts user dir when they log in. Or one step further and have image with remote desktop software and nothing else.

More complex one - storage server that boots over network so you don't have to manage any OS install on disks and can use full capacity of drives for storage

I was maintaining a few public terminals for Internet access in local hackerspace many moons ago - back when the cheap broadband and wifi at every corner weren't at all common. Terminals were diskless Pentium 100 (or even slower) PCs that PXE booted off the terminal server Xen VM running Xfce via Xvfb. Terminals were basically oversized I/O controllers taking care of keyboard/mouse inputs and driving video output.

Nowadays you could use similar approach to run cluster for in-memory compute tasks or similar. PXE boot identical OS to bunch of servers and have them compute sth. If you need to repurpose them for something else - reboot them into a different PXE boot image. In case of VPN providers the motivation is probably to prevent (permanent) logging of sensitive information.

GCE has been offering diskless instances since always, even if customers did not realize it. They explicitly describe some instance types as "diskless" these days.

Talos Linux is a Linux designed for Kubernetes which runs from memory. I'm not sure if it could run diskless, because I expect kubernetes workloads to require some local disk.

Thanks - we've changed the URL to the article they link to about that.

Submitted URL was https://mullvad.net/en/blog/2022/12/30/review-of-2022/, which is a list, and that item looks like the most interesting thing on this list. (see https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor... for why we do this sometimes)

Is that caused or exacerbated by being diskless, though? Or is it just inevitable that 12k+ machines are going to have a certain rate of memory errors regardless?

> It provides so many benefits and eases the server management greatly.

Can you elaborate on this? I would have thought that needing local storage cache and the potential for network latency would make PXE untenable.

Added now.

They do provide a nominal discount if you pay with Bitcoin, though I assumed that had something to do with the lack of payment processor fees so it doesn't necessarily explain why the Amazon prices are different.

They don't have any other rate for you and me as individuals, but I'm sure they offer them slightly cheaper for resellers like Mozilla and Malwarebytes.

Those resellers then charge about the same price as Mullvad, but get to keep a piece of that as profit.

Probably bought with stolen credit cards and being resold.