By: dmcq (dmcq.delete@this.fano.co.uk), March 17, 2021 11:15 am
Room: Moderated Discussions
Linus Torvalds (torvalds.delete@this.linux-foundation.org) on March 16, 2021 7:25 pm wrote:
> anon2 (anon.delete@this.anon.com) on March 16, 2021 5:53 pm wrote:
> >
> > I see. So at least it tries to get away from the RPC proxying as much as possible.
>
> This whole thread has been inane.
>
> Absolutely nobody sane disputes that the IPC overhead is a big and very real deal.
> Even the people who seem to be arguing for microkernels seem to be admitting it.
>
> It's something to generally be avoided, but sometimes you can't (or you don't care
> about the downsides, and have a load where it works for you). So if your sandboxing
> capabilities can't do it any other way, you fall back to some kind of IPC model.
>
> Which just brings us back to the original issue: designing your whole
> kernel around something that people know is bad is a bad idea.
>
> That sounds pretty simple, doesn't it?
>
> And it really is that simple.
Nope, it is not that simple. Lets stick in a couple of changes
Absolutely nobody sane disputes that the IPC overhead is currently a big and very real deal.
...
Which just brings us back to the original issue: designing your whole kernel around something that people know will be bad is a bad idea.
So the question becomes - can the performance of IPC be dramatically improved? If not then I'd agree that microkernels don't have a future for general use, and if they aren't used generally they probably shouldn't even be used in general for secure projects as there is an awful lot to be said for the security gained by having the code looked at and used by large numbers of people.
A problem is very often an opportunity and I certainly don't see this as an 'insuperable opportunity' ;-) As to whether it is worth it - well basically I see current operating systems as like the personal computers of 40 years ago able to overwrite anything and doing cooperative multitasking to get a decent interface. The security was fine for the time as the machines weren't shared and there was no internet. And they passed around data easily just like a current OS does internally. Nowadays the OS provides a virtual machine to the user level, the OS still has the flexibility but denies it to the user level. The business of sending data between tasks has been made more difficult and expensive. And for good reason. There probably isn't a way to do it well with the current hardware architecture. And meanwhile the operating system grows larger and larger and people stick in things like a system manager or trusted compute to avoid the very real possibility of dangers from problems in it.
We are currently at the start of computing and becoming dependant on it. In the future it will be ubiquitous, and there will still be trolls and other psycho nutters who aren't satisfied to just steal money but want to cause destruction and misery. With all of them spending countless hours doing that we should be trying to have better security so access to one part of the system doesn't 'root' it.
As I say in another bit of this thread I think capabilities have the potential to drastically improve the speed of IPC type transfers and so enable a microkernel type operating system to become competitive for general use. And provide a way to support things like sandboxes better. The idea of capabilities has ben around for a while but we're only now able to easily afford the extra hardware and need the facilities they promise. In the past one couldn't even afford an on chip MMU.
> anon2 (anon.delete@this.anon.com) on March 16, 2021 5:53 pm wrote:
> >
> > I see. So at least it tries to get away from the RPC proxying as much as possible.
>
> This whole thread has been inane.
>
> Absolutely nobody sane disputes that the IPC overhead is a big and very real deal.
> Even the people who seem to be arguing for microkernels seem to be admitting it.
>
> It's something to generally be avoided, but sometimes you can't (or you don't care
> about the downsides, and have a load where it works for you). So if your sandboxing
> capabilities can't do it any other way, you fall back to some kind of IPC model.
>
> Which just brings us back to the original issue: designing your whole
> kernel around something that people know is bad is a bad idea.
>
> That sounds pretty simple, doesn't it?
>
> And it really is that simple.
Nope, it is not that simple. Lets stick in a couple of changes
Absolutely nobody sane disputes that the IPC overhead is currently a big and very real deal.
...
Which just brings us back to the original issue: designing your whole kernel around something that people know will be bad is a bad idea.
So the question becomes - can the performance of IPC be dramatically improved? If not then I'd agree that microkernels don't have a future for general use, and if they aren't used generally they probably shouldn't even be used in general for secure projects as there is an awful lot to be said for the security gained by having the code looked at and used by large numbers of people.
A problem is very often an opportunity and I certainly don't see this as an 'insuperable opportunity' ;-) As to whether it is worth it - well basically I see current operating systems as like the personal computers of 40 years ago able to overwrite anything and doing cooperative multitasking to get a decent interface. The security was fine for the time as the machines weren't shared and there was no internet. And they passed around data easily just like a current OS does internally. Nowadays the OS provides a virtual machine to the user level, the OS still has the flexibility but denies it to the user level. The business of sending data between tasks has been made more difficult and expensive. And for good reason. There probably isn't a way to do it well with the current hardware architecture. And meanwhile the operating system grows larger and larger and people stick in things like a system manager or trusted compute to avoid the very real possibility of dangers from problems in it.
We are currently at the start of computing and becoming dependant on it. In the future it will be ubiquitous, and there will still be trolls and other psycho nutters who aren't satisfied to just steal money but want to cause destruction and misery. With all of them spending countless hours doing that we should be trying to have better security so access to one part of the system doesn't 'root' it.
As I say in another bit of this thread I think capabilities have the potential to drastically improve the speed of IPC type transfers and so enable a microkernel type operating system to become competitive for general use. And provide a way to support things like sandboxes better. The idea of capabilities has ben around for a while but we're only now able to easily afford the extra hardware and need the facilities they promise. In the past one couldn't even afford an on chip MMU.
| Topic | Posted By | Date |
|---|---|---|
| x86 - why unite when you can fragment? | anonymou5 | 2021/03/12 06:16 PM |
| x86 - why unite when you can fragment? | Linus Torvalds | 2021/03/13 01:18 PM |
| x86 - why unite when you can fragment? | Jon Masters | 2021/03/13 07:25 PM |
| x86 - why unite when you can fragment? | Jon Masters | 2021/03/13 07:44 PM |
| x86 - why unite when you can fragment? | Yuhong Bao | 2021/03/13 08:49 PM |
| x86 - why unite when you can fragment? | tt | 2021/03/20 09:30 AM |
| x86 - why unite when you can fragment? | Andrey | 2021/03/14 04:15 PM |
| x86 - why unite when you can fragment? | Linus Torvalds | 2021/03/14 04:58 PM |
| x86 - why unite when you can fragment? | anonymou5 | 2021/03/14 05:31 PM |
| x86 - why unite when you can fragment? | anon2 | 2021/03/14 08:07 PM |
| Microkernel? | Anon | 2021/03/14 11:49 PM |
| Microkernel? | none | 2021/03/15 12:37 AM |
| Microkernel? | Anon | 2021/03/15 01:56 AM |
| Microkernel? | anon2 | 2021/03/15 01:58 AM |
| Microkernel? | Simon Farnsworth | 2021/03/15 03:12 AM |
| Microkernel? | anon2 | 2021/03/15 04:53 AM |
| Microkernel? | Simon Farnsworth | 2021/03/15 06:56 AM |
| Microkernel? | iz | 2021/03/15 08:10 AM |
| Microkernel? | Anon | 2021/03/15 09:05 AM |
| Microkernel? | iz | 2021/03/16 01:25 AM |
| Microkernel? | Andrey | 2021/03/16 02:54 AM |
| Microkernel? | iz | 2021/03/16 08:36 AM |
| Microkernel? | Andrey | 2021/03/16 10:06 AM |
| Microkernel? | anonymou5 | 2021/03/16 11:44 AM |
| Microkernel? | iz | 2021/03/21 02:58 AM |
| Microkernel? | Andrey | 2021/03/21 09:34 AM |
| Microkernel? | anon2 | 2021/03/15 08:31 AM |
| Microkernel? | Simon Farnsworth | 2021/03/16 04:42 AM |
| Microkernel? | Gabriele Svelto | 2021/03/15 03:21 AM |
| Microkernel? | anon2 | 2021/03/15 04:56 AM |
| Microkernel? | Gabriele Svelto | 2021/03/15 10:41 AM |
| Microkernel? | anon2 | 2021/03/15 08:00 PM |
| Microkernel? | Gabriele Svelto | 2021/03/16 07:23 AM |
| Microkernel? | anon2 | 2021/03/16 05:13 PM |
| Microkernel? | anon2 | 2021/03/16 05:16 PM |
| Microkernel? | Gian-Carlo Pascutto | 2021/03/16 01:40 PM |
| Microkernel? | anon2 | 2021/03/16 05:53 PM |
| Microkernel? | Linus Torvalds | 2021/03/16 07:25 PM |
| Microkernel? | Doug S | 2021/03/17 09:30 AM |
| Microkernel? | Linus Torvalds | 2021/03/17 10:30 AM |
| Microkernel? | Brendan | 2021/03/17 10:56 PM |
| Microkernel? | Michael S | 2021/03/18 03:47 AM |
| Microkernel? | Brendan | 2021/03/18 09:07 AM |
| Microkernel? | Jose | 2021/03/18 09:35 AM |
| Microkernel? | zArchJon | 2021/03/18 05:42 PM |
| Transputer | RichardC | 2021/03/17 09:47 AM |
| Microkernel? | dmcq | 2021/03/17 11:15 AM |
| Microkernel? | Linus Torvalds | 2021/03/17 11:59 AM |
| Microkernel? | dmcq | 2021/03/17 12:38 PM |
| Microkernel? | Adrian | 2021/03/17 01:00 PM |
| Microkernel? | Ana R. Riano | 2021/03/18 04:33 AM |
| Microkernel? | ⚛ | 2021/04/30 04:52 PM |
| Microkernel? | NvaxPlus | 2021/03/17 11:48 AM |
| Microkernel? | Michael S | 2021/03/18 03:32 AM |
| Microkernel? | Adrian | 2021/03/18 04:12 AM |
| Microkernel? | dmcq | 2021/03/18 06:30 AM |
| Microkernel? | dmcq | 2021/03/18 06:55 AM |
| Microkernel? | Adrian | 2021/03/18 08:35 AM |
| Microkernel? | --- | 2021/03/18 09:49 AM |
| Microkernel? | dmcq | 2021/03/18 10:59 AM |
| Microkernel? | dmcq | 2021/03/18 04:09 PM |
| Microkernel? | --- | 2021/03/18 09:27 AM |
| Microkernel? | Kalle A. Sandström | 2021/03/20 06:34 AM |
| Microkernel? | --- | 2021/03/20 08:35 AM |
| Microkernel? | anon2 | 2021/03/21 05:29 PM |
| Microkernel? | dmcq | 2021/03/15 04:06 AM |
| Microkernel? | anon2 | 2021/03/15 04:59 AM |
| Microkernel? | dmcq | 2021/03/15 11:51 AM |
| Microkernel? | anon2 | 2021/03/15 08:31 PM |
| Microkernel? | dmcq | 2021/03/16 09:17 AM |
| Microkernel? | Jukka Larja | 2021/03/16 11:22 AM |
| Microkernel? | dmcq | 2021/03/16 04:06 PM |
| Microkernel? | Jukka Larja | 2021/03/17 03:42 AM |
| Microkernel? | dmcq | 2021/03/17 07:00 AM |
| Microkernel? | anon2 | 2021/03/16 05:26 PM |
| Microkernel? | --- | 2021/03/16 10:07 AM |
| Microkernel? | -.- | 2021/03/15 08:15 PM |
| Microkernel? | anon2 | 2021/03/15 09:18 PM |
| Microkernel? | Foo_ | 2021/03/16 03:37 AM |
| Read the thread (NT) | anon2 | 2021/03/16 05:27 PM |
| Already did (NT) | Foo_ | 2021/03/17 02:55 AM |
| Already did | anon2 | 2021/03/17 03:46 AM |
| Already did | Etienne Lorrain | 2021/03/18 02:31 AM |
| Microkernel? | -.- | 2021/03/17 05:04 AM |
| Microkernel? | Gabriele Svelto | 2021/03/17 08:53 AM |
| Microkernel? | -.- | 2021/03/17 02:43 PM |
| Microkernel? | dmcq | 2021/03/16 08:40 AM |
| x86 - why unite when you can fragment? | Konrad Schwarz | 2021/03/17 10:19 AM |
| x86 - why unite when you can fragment? | anonon | 2021/03/15 07:37 AM |