What are the alternatives, in the *nix world? The BSDs are in much the same place as Linux on most of those specifics, or further behind, or heavily using the tech from the Solaris side.
HP-UX? AIX? What do you think is doing better than Solaris or Illumos on those things?
You don't do it in UNIX because UNIX is fundamentally broken. That's the point. You do it through specialist software that works around the various problems. A common approach (i.e. compromise) in high-assurance security was to split systems between an untrusted, UNIX VM and critical components running directly on a microkernel/hypervisor. The kernels themselves were built as robust as possible sometimes with every potential, control or error state known. The apps outside VM's often used Ada or Java runtimes whose assurance and features were customized for apps needs. Robust middleware handled mediation and sometimes recovery. Many systems like this survived strong pentesting and worked without reported failures the field (or only failed-safe).
Then, there's the shit most people are doing and that Bryan advocates with UNIX. I also called him out on it listing numerous counters... with references backing them... to his comment at vezzy-fnord above.
Secure UNIX had already been tried by geniuses for a decade or two with always same results: architecture, language, and TCB were inherently so complex and insecure that even smallest versions had many 0-days and dozens of covert channels. He didn't respond, likely since he uses assertions instead of evidence. And all published evidence that I've ever seen contradicts his view of UNIX model superiority in robustness of any kind, sometimes performance.
Now, he's making all kinds of assertions about unikernels, deliberately avoiding evidence on some (eg performance), praising UNIX model/tech, and ignoring faults in his own approach. Should we take his word this time given prior result? Definitely not.
I think we can say there is a kind of 'bulb user' in regards to OS, from those that only know UNIX and Windows.
That is why is so important to spread the word of old OS designs and welcome any attempts to move forward.
This is why I like the changes in mobile OSes architecture, pushing safer languages and with a stack where the kernel type is actually irrelevant to user applications.
I agree. Tannenbaum noticed this, too. He calls it the television model. Skip to 1:25 in the video below to watch him hilariously contrast the television and computing experience for the lay buyer:
Now, tablets and smartphones are closer to the television model. Mac OS X got fairly close to it for desktops. So, I know it can be done. There's just this willingness to... DO IT.
In parallel, we can do the Burrough's model for servers and the Genera model for hackers. Cuz seriously, what real hacker is using C on inefficient black boxes of black boxes? Do they know what they're missing?
Funky, the Lisp Machine uni-kernel OS was probably one of the most debuggable OS ever... with the most sophisticated error handling system, processes, backtraces, self-descriptive descriptive data-structures, full source code integration, seamless switching between compiled and interpreted code, run-time type checking, runtime bounds checking, inspectors, integrated IDE, ...
Did you see my list in reply to that comment? Genera and Oberon are on it. I'll consider Mesa/Ceder and Smalltalk. The former was in the Hansen overview I started with. Might deserve individual mention, might not. Throw in your opinion on why if so as I just can't recall its traits.
Smalltalk, too. Especially as the topic is stuff that's still better than UNIX in some attribute. I haven't studied it enough to know what you like about it past probably safety and great component, architecture.
I just didn't knew what comment was better to reply to.
As for Smalltalk, I loved its expressioness, specially since my experience with it was in the mid-90's with VisualWorks at the university, before Java was introduced to the world.
But back then one still needed to code the VM primitives in Assembly. Meanwhile with Pharo and Squeak it is turtles all the way down.
Ahh. I believe it was VisualWorks mentioned when I last looked at it. The impression I had from that description was that it was the ultimate, component language. They said you don't have a main function and directives like most languages. You really just have a pile of objects that you glue together with the glue being the main application. And that this was highly integrated into the IDE's to make that easy to manage.
Was that the experience you had?
re VM primitives in assembly
I'm actually fine with that. I'm not like other people that think language X's runtime must always be written in X. Maybe a version of that for testing and reference implementation. People can understand it. Yet, I'll throw the best ASM coder I can at a VM or even its critical paths if I have to get highest performance that way. Can't let C++ win so easily over the dynamic languages. ;)
I learned OOP with Turbo Pascal 5.5, and already used a few other versions up to Delphi 1.0, C++ and VB, before I got to use Smalltalk.
So I was already comfortable with the concepts as such.
But playing with one of the foundations of OOP concepts had some fun to it, the environment fully dynamic that you could explorer and change anything (better save the image before).
Also it was my first contact with FP, given the Lisp influence on Smalltalk blocks and collection methods. The original LINQ if you wish.
Then the mind blogging idea of meta-classes and the interesting things one could do with them.
Smalltalk given its Language OS didn't had any main as such, you were supposed to use the Transcript (REPL) or the class browser to launch applications.
As an IDE, you could prune the image and select a specific class as entry point to create a production executable.
But after that semester, I lost access to it, so eventually I spent more time reading those wonderful Xerox PARC books about Smalltalk-80 than using Visual Works.
As for the VM primitives in Assembly, I also liked it, but many people see that as a disadvantage, like you mention.
Thanks for the detailed reply. Yeah, that is interesting. Closer to the LISP machines than most development environments. Might make me revisit Smalltalk just because it's so hard to get people to try LISP.
Not organized to be able to just throw out a reference and many disappeared over time as old web faded. It's more something you see relative to other OS's than an absolute. I really need to try to integrate all the examples sometime. Here's a few, esp from past, that give you an idea.
Note: A number were concurrency safe, had a nucleus that preserved consistency, or were organized in layers that could be tested independently. UNIX's was actually a watered down MULTIC's & he's harsh on it there. I suggest you google it too.
Note: Capability architecture at HW level. Used intermediate code for future-proofing. OS mostly in high-level language. Integrated database functionality for OS & apps. Many companies I worked for had them and nobody can remember them getting repaired. :)
Note: Brilliance started in Lilith where two people in two years built HW, OS, and tooling with performance, safety, and consistency. Designed ideal assembly, safe system language (Modula-2), compiler, OS, and tied it all together. Kept it up as it evolved into Oberon, Active Oberon, etc. Now have a RISC processor ideal for it. Hansen did similar on very PDP-11 UNIX was invented on with Edison system, which had safety & Wirth-like simplicity.
Note: Individual systems with good security architecture & reliability. Clustering released in 80's with up to 90 nodes at hundreds of miles w/ uptime up to 17 years. Rolling upgrades, fault-tolerance, versioned filesystem using "records," integrated DB, clear commands, consistent design, and great cross-language support since all had to support calling convention and stuff. Used in mainframe-style apps, UNIX-style, real-time, and so on. Declined, pulled off market, and recently re-released.
Note: LISP was easy to parse, had REPL, supported all paradigms, macro's let you customize it, memory-safe, incremental compilation of functions, and even update apps while running. Genera was a machine/OS written in LISP specifically for hackers with lots of advanced functionality. Today's systems still can't replicate the flow and holistic experience of that. Wish they could, with or without LISP itself.
Note: Article lists plenty of benefits that I didn't have with alternatives for long time and still barely do. Mainly due to great concurrency model and primitives (eg "benaphors"). Skip ahead to 16:10 to be amazed at what load it handled on older hardware. Haiku is an OSS project to try to re-create it.
Note: Capability-secure OS that redid things like networking stacks and GUI for more trustworthyness. It was fast. Also had persistence where a failure could only loose so much of your running state. MINIX 3 and Genode-OS continue the microkernel tradition in a state where you can actually use them today. MINIX 3 has self-healing capabilities. QNX was first to pull it off with POSIX/UNIX compatibility, hard real-time, and great performance. INTEGRITY RTOS bulletproofs the architecture further with good design.
Note: Coded OS in safe Modula-3 language with additions for better concurrency and type-safe linking. Could isolate apps in user-mode then link performance-critical stuff directly into the kernel with language & type system adding safety. Like Wirth & Hansen, eliminates all the abstraction gaps & inconsistency in various layers on top of that.
JX OS
http://www4.cs.fau.de/Projects/JX/publications/jx-sec.pdf
Note: Builds on language-oriented approach. Puts drivers and trusted components in Java VM for safety. Microkernel outside it. Internal architecture builds security kernel/model on top of integrity model. Already doing well in tests. Open-source. High tech answer is probably Duffy's articles on Microsoft Midori.
So, there's a summary of OS architectures that did vastly better than UNIX in all kinds of ways. They range from 1961 mainframes to 1970-80's minicomputers to 1990's-2000's desktops. In many cases, aspects of their design could've been ported with effort but just weren't. UNIX retained unsafe language, root, setuid, discretionary controls, heavyweight components (apps + pipes), no robustness throughout, GUI issues and so on. Endless problems many others lacked by design.
Hope the list gives you stuff to think about or contribute to. :)
I believe that vezzy-fnord was saying that the unix world was not the ultimate in OS design. Therefore asking where in the unix world is better is missing the point.
Off topic: How do you get an asterisk in your comment without HN flipping it into italics?
Nowhere in my comment was I saying that the *Nix world is perfect and it needs no further improvement. I'm saying that attacking Cantrill on his thoughts on OS research is kind of disingenuous because Sun and the Illumos contributors are still on the cutting edge for a lot of features as far as widespread OS distributions go.
If you don't know the answer to that question, then you are in no position to draw sweeping false dichotomies and grand proclamations as you did above. I have no interest in being your history teacher. I've posted plenty of papers on here, as has nickpsecurity here in the comments, and the link in my parent post provides a decent academic summary by one of the greats in the field.
(I'm not even sure if illumos can be described as "widespread" in any fair sense. In any event, being better than some relative competitors doesn't give one the carte blanche to be a pseudohistorian and denialist.)
I haven't spent my entire time on HN reading over every single comment you've made or link you've posted, so I don't think it's particularly fair or productive to act as if it is my fault that I don't have knowledge from something you wrote on some undetermined other comment. I wouldn't expect you to know something I said in some other random place. If you are going to operate under the assumption that anyone you engage in discourse with is going to be familiar with the entire body of your comment history and blog posting work, I feel you're often going to be disappointed.
I'm trying to engage in some fairly civil discourse here, and I am coming into it with an open mind - I am not an academic. Nor am I a systems programmer. My frame of discussion is purely based on what I know, which is mainstream, or relatively mainstream, systems. I work with these systems on a (very) large scale. I know what frame of reference that gives me, and how that applies to me.
I've looked over the other links in these comments. As best I can tell, they deal with academic scenarios, or things that are no longer in widespread use. Cantrill's article is dealing with the here and now of today's production demands. As best I can tell, your argument is that there has been work outside of today's widespread deployments that may be superior than what is currently in it.
It's apparent I misunderstood your original comment to a large extent, and I apologize for that - but the argument I made was in good faith, and while I'm not expecting you to give me a history lesson, I don't think it's unfair to ask that if you are going to engage in online discourse, you be prepared to elaborate on your point if someone is trying to rationally discuss it with you.
I enjoy a lot of what vezzy-fnord has posted (e.g. discussions of init systems) when I see it, but I am also woefully behind on it. I'd love to put these links together in some way that's good for people to browse through and quickly get familiar with options for OS and plumbing design -- would you or vezzy-fnord be interested in helping out with such a website?
I'll warn you that I have a serious bias towards systems that are or could be in wide use, though I think part of helping systems get to wide use, or at least get to the point of informing current development, is making information on them easily accessible. I've discovered a few interesting OS projects in this thread alone.
Especially when you assert X, and someone asks for more information about X, mocking them for not knowing X and saying that you're not willing to be their teacher... that's just being highly rude. Even to say, "as I said, see [URL]" would be helpful, and would take no longer to write than what you [vezzy-fnord] wrote.
Mate, I have nothing but the greatest of respect for you as you know, but this comes off a bit... arrogant. I think I know you well enough now that you aren't, but it would be good to answer the question, even if it's to say "have a look at this resource here (insert URL)".
I'm definitely no fan on Bryan Cantrill, who I consider to be insufferably arrogant and hypocritical (he of the "have you ever kissed a girl", but would fire someone who he didn't employ over a personal pronoun...) but he does have a lot of experience and whilst his views are often controversial, it's probably better to counter them with information :-)
When I find myself in this sort of situation repeatedly, as it appears you do on this topic in this forum, my solution has generally been to assemble a blog post that covers not frequently asked questions but instead frequently delivered answers.
Then rather than getting aggravated at having to repeat myself I just hand them a link to said post and move on.
(and in case you're curious, yes I'm mst on IRC as well, though I think your network got disabled in the last or last but one config prune)
We could use ﹡these﹡ instead. U+FE61, small asterisk.
We could use ∗these∗ instead. U+2217, asterisk operator.
Interestingly, U+2731, heavy asterisk, is stripped by HN it seems.
But to be honest, none of them feel the same as the one true *. I looked at https://en.wikipedia.org/wiki/Unicode_subscripts_and_supersc... hoping there was a way to elevate and scale down a character by some special code to make it look like a regular asterisk but didn't see any. Also, with unusual code points, font support is generally lacking so to some readers of HN, the above mentioned variations will probably render as something such as just squares. Furthermore, one of those I used above mess with apparent line spacing for me.
Ha! I was looking for one of those in character map! Quit when one glitched me. The second one is pretty close. I agree that none look right compared to the real one.
"Furthermore, the ones I used above mess with apparent line spacing."
Yeah, yeah, that's the glitch I was talking about. Dropped 2-3 lines on me and I couldn't even see the character.
Note: We could use the second one in comments the way people use asterisks. Just to screw with people who will wonder why ours are showing. If they ask about it, just act like it looks fine on your end: all italics. Haha.
They look the best as you said and they are also the ones that ∗didn't∗ mess with apparent line spacing.
Regarding messing with people, use the browser dev tools to replace them with the italics open and end tags, then screenshot the result and say to people, "what are you talking about? looks fine to me" and link said screenshot. I'm affraid our scheme will soon be thwarted by other HNers though who will jump in to say "yeah, I see asterisk as well" and then someone else will say "they are using a different unicode character".
EDIT: Darn, I was almost sure the last one would activate one of pg's old routines here. Note that the asterisk disappeared when a backslash came first. Did get NIX italicized but couldn't get rid of the space. Let me try something...
EDIT 2: Didn't work. May not be possible due to formatting rule here. Be nice if they modified it to add an escape code or something to let us drop an arbitrary asterisk.
With a human computer, no less! Just one comment worth, though. No disruption. Guidelines didn't have a rule against it either. Hopefully in the clear. ;)
