OT: Can We Make OSes Reliable and Secure

Robert Brockway rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Fri Jun 2 17:39:00 UTC 2006 

On Fri, 2 Jun 2006, Sy Ali wrote:

> Good article, but that is the uglyest URL I've ever seen.

Yes it is a good article.  I don't agree with everything he said.  For one 
thing I don't think that microkernels were dismissed as unacceptable at 
all (and it seems an odd thing for Mr Tannenbaum to say actually).

Microkernels have been relegated to the sidelines out of a desire for 
"more speed" "more speed".  Almost every research OS out there is based on 
a microkernel.

I've long disagreed with the notion that a microkernel has inherently 
harder to develop. Certainly more up front planning is required but with a 
well thought out and flexible structure and message passing mechanism 
development of the OS subsystems should actually move as quickly (if note 
more quickly) than in a monolithic kernel thanks in part to the well 
defined interfaces present.  Monolithic kernels are high susceptible to 
unintentional breakage.  How many times have we seen this on Linux[1].

Yes there is a performance hit.  Research consistently shows the 
performance hit to be <10% on a well built system.  Given the increased 
relibility (both in terms of the system staying up, and in terms of 
correctness of code) this is well worth it IMHO.

I for one would be very disapppointed if all of the OSes we use today were 
not relegated to history by 2025.  We know how to build better systems - 
we should go and do it.  Mind you there is no need to give up all our 
lovely applications.  A future microkernel can easily create an instance 
in which Linux apps can run at native speed.  Indeed such things exist now 
in terms of virtualisation and a POSIX interface is a required component 
of any serious microkernel system.

[1] Now was it 2.4.15 where a filesystem patch broke the buffer-cache 
resulting in filesystem corruption if you did not properly unmount before 
system halt?  Such a problem cannot occur between (for example) the 
filesystem code and buffer-cache in a microkernel any post than sshd can 
take down your web server now (ie, if it manages to do it, it is only 
because the system allowed the behaviour).

Rob

-- 
Robert Brockway B.Sc.        Phone:          +1-905-821-2327
Senior Technical Consultant  Urgent Support: +1-416-669-3073
OpenTrend Solutions Ltd      Email:          support-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
                              Web:            www.opentrend.net
We are open 24x365 for technical support.  Call us in a crisis.
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list