reword + shorten

Home

@@ -24,50 +24,28 @@ Critical security updates are rarely deployed on time, because they result in un
 devices are missing a secure update channel.
 
 ======
-Instead of trying to fix these decades-old operating systems, which were
-designed based on demands at that time (e.g. time-multiplexed multi-user
-computers), we build small services from scratch with security in mind.  Each
-service is run as a separate virtual machine on any hypervisor with only the
+We at robur are building minimal services, called *unikernels*, from scratch with security in mind,
+instead of trying to fix these decades-old software, which was
+designed based on demands from earlier days.
+Each
+service is executed as a virtual machine on any major hypervisor, and contains only the
 strictly necessary code.
+The number of lines and the binary size of a unikernel with HTTP 
+and TLS support is around 4% compared to a virtual machine using a conventional
+UNIX / Linux operating system.
+The security of a unikernel is improved by the reduction of the attack surface.
 
-This makes our virtual machines much smaller.  The binary size of an HTTP server
-with TLS support is around 4% compared to one using a conventional Linux
-operating system, making the attack surface much smaller.
+Our unikernels are implemented in a functional programming language with a static
+type system and automated memory management.
+Buffer overflows and double frees are no concern to us.
+A unikernel avoids these common attack vectors by the choice of the programming language.
 
-Additionally, we use a functional programming language with static
-types and automated memory management.  This
-reduces the attack vectors: temporal and spatial memory corruption are no
-concern anymore.  The declarative programming style makes it possible to
-formally verify the correctness of the entire virtual machine with a theorem
+We can prototype rapidly, because the type system detects errors early, and we don't need to manage memory by hand.
+Turning a prototype into production is usually a question of fine-tuning its performance.
+
+Our declarative programming style makes it even possible to
+formally verify an entire virtual machine using a theorem
 prover.
 
-One of our unikernels boots within milliseconds, and has a
-minimal memory footprint.  For client-side features that run in a webbrowser, we
-compile to JavaScript from the same codebase, to ensure consistency. The strong
-and static type system helps to detect errors early, and enables rapid
-prototyping.  For production use the prototype code can be further optimized for
-performance.
-
-## Conclusion
-
-MirageOS started as a research project, and has matured to a full suite for
-building secure operating systems, with libraries that work well in production
-and cover a variety of application needs.  MirageOS is a game changer for secure
-network services, since the attack surface is minimised to 1% of the size of
-other contemporary operating systems. In addition, common attack vectors are
-avoided by the usage of a programming language with memory safety.  A unikernel
-boots within tens of milliseconds, and services can be spawned on demand. When a
-request (e.g. a DNS request) for a unikernel comes in, the kernel boots up,
-handles the request, and is destroyed after an inactivity period. Only the
-necessary services need to run, and they can be short-lived to minimize state in
-the system.
-
-The choice of a high-level programming language also allows for rapid
-prototyping, new features can be developed quickly.  In contrast to scripting
-languages, the code does not need to be re-implemented for production use (but
-nevertheless can be fine-tuned for performance).
-
-
-WHY YOU NEED THIS!
-WHAT ERRORS WE CAN AVOID
-HOW WE CAN HELP
+The boot time of a unikernel can be measured in a few milliseconds, redeployment
+after updates is instantenous.  We can create unikernels on demand.