OT: Can We Make OSes Reliable and Secure

Robert Brockway rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Mon Jun 12 03:36:45 UTC 2006 

On Sun, 11 Jun 2006, Christopher Browne wrote:

> There are others, but little that's not pretty much curiosity.

OS-9 and QNX certainly aren't curiosities.  There has definately been lack 
of movement in the microkernel world up to this point (at least as far as 
production ready OSes go).  I don't think it is a particularly good basis 
for assuming there will not be movement in the microkernel world in the 
future.

>> That's part of the conceptual side which many OSes have taken on board (as
>> per my earlier posts).
>> 
>> There is cruft in *nix userspace.  Why exactly is the command to send a
>> signal to a process called "kill"? The name is historical but is defined
>> in POSIX now.  This one was highlighted to me just recently when I was
>> providing training on the shell and command line tools.
>
> That "kill" is poorly named is in no way a meaningful argument in
> favor of using a microkernel.  Similarly, the fact that people get
> confused as to why Unix often uses such directories as /bin, /sbin
> /usr/sbin, /usr/bin, and /usr/ucb to store differing programs is not a
> reason for switching to a microkernel.

Not did I ever asser it was :)  The conversation had wandered by this 
point.  If you go back you'll see I was pointing out that many unix 
concepts have been taken into more recent apps but the cruft had been left 
out.  I was giving examples of the cruft.  This applies equally well to 
microkernels and monolithic kernels.

> In Hurd, the notion of having all sorts of services managed as daemons
> separate from any central "kernel" is certainly an interesting one.
> In principle, that ought to allow restarting all sorts of services
> without needing to reboot.
>
> Of course, in practice, the Linux NFS server moved from a separate
> server into the kernel because this made it significantly faster.

True, but both are available.  Not surprisingly I use the user space nfsd 
if I can.

>> A well defined MK system would probably even put constraints on how
>> rapidly messages could be sent over the protocol to prevent an internal
>> DoS.
>
> The Dragonfly BSD folk are trying to head down this sort of road,
> using message passing (with choice of async/sync approaches).  Again,
> this is a monolithic kernel; there is little that people consider
> doing on microkernels that don't seem to benefit monolithic kernels...

That makes sense - most of the concepts should transfer fairly well, 
especially among disciplined monolithic kernel developers.

Discipline is a bit part of the problem IMHO.  Undisciplined microkernel 
developers may well discover their new module simply doesn't work.

Undisciplined monolithic kernel developers can touch enough bits of the 
kernel to make it work.  Discipline in this context can be imposed from 
above.

I ran across a great example recently.  Desiring proper per-user resource 
limits in the kernel I was reading up on recent efforts in that area. 
One developer was complaining about kernel developers within the Linux 
kernel avoiding code reuse and taking key resource allocation algorithms 
and planting them right within their own code.  Sometimes they are changed 
a little.  Anyone wanting to do good per-user resource management must 
consider all of the areas where resources are being allocated rather than 
one tightly defined area.

I think the discussion is starting to around in circles (inevitable in any 
thread this long).  I've said my piece and predict microkernels will 
become main stream in the future as their advantages outweight their 
disadvantages.  Only time will really tell.

Cheers,

Rob

-- 
Robert Brockway B.Sc.        Phone:          +1-905-821-2327
Senior Technical Consultant  Urgent Support: +1-416-669-3073
OpenTrend Solutions Ltd      Email:          support-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
                              Web:            www.opentrend.net
We are open 24x365 for technical support.  Call us in a crisis.

If you are emailing regarding an open ticket please consider
mentioning the ticket ID as this will assist us in responding
as quickly as possible.
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list