[TUHS] ATC/OSDI'21 joint keynote: It's Time for Operating Systems to Rediscover Hardware (Timothy Roscoe)
rminnich at gmail.com
Sat Sep 18 04:24:42 AEST 2021
As a student weekend operator at Dupont, I saw the last 2 weeks of the
705 vacuum tube machine that ran payroll and then, over two years: the
7080 that ran the 705 in emulation; the 360 that ran the 7080 that ran
the 705; the 370 that ran the 360 that ran the 7800 that ran the 705.
The 370 sacrificed ASCII support so it could emulate a 360 (IBM ran
out of bits in the PSW, so ASCII had to go).
The Blue Gene compute node kernel (CNK) started out supporting the
"most commonly used" 80 or so linux system calls; that grew by about 1
system call a month. As CNK became asymptotic to Linux, some sites
threw in the towel and ran linux. Frequently, emulation is not enough.
Linux itself supported SCO for a time; freebsd has a good linux
subsystem; one could argue that Linux emulates Linux, given its binary
Unix had a JCL command through v5 and still has a GECOS field in the password.
The x86 allocates 1/256 of its gigantic opcode space to the DAA
instruction nobody uses. A multi-hundred core server can still boot
CP/M and DOS 1.0
RISC-V started as clean-ish break with the past, and has followed the
standard evilutionary path to x86-inspired 4k page sizes; big-endian
support; and runtime BIOS.
Successful systems rarely come as a complete break with the past.
People frequently expect that the Unix "clean break" experience can be
repeated, but. if anything, the history of Unix shows why that
experience is unlikely to be repeated.
But if you're going to do a new kernel, and you want broad usage,
you're going to provide a VM to run Linux or something like it, or
you're going to fail.
Or target something invisible, like a security token, then you are
free to do what you will -- the Google Open Titan security token runs
a kernel written in Rust. Nobody knows about it so nobody cares.
p.s. I remember the person who finally ported payroll from the 705
binary. "There's a bug in there, maybe, but i can't find it" -- 2
weeks later, in a not-to-be-repeated occurence, the paycheck of all us
weekend students was 2x normal. We couldn't figure out who to report
it to so we let it slide.
p.p.s. The 7080 was the last mainframe I worked with that smelled of
On Fri, Sep 17, 2021 at 8:57 AM Bakul Shah <bakul at iitbombay.org> wrote:
> On Sep 16, 2021, at 12:34 PM, Jon Steinhart <jon at fourwinds.com> wrote:
> > It's my opinion that the whole container thing sort of started as a "we
> > can't secure the underlying system so we'll build something secure on top"
> > combined with "it's no fun to fix the unnecessary incompatible mess among
> > virtually identical systems that we've made so we'll build a new fix-it
> > layer" ideologies. How long until problems are found with containers
> > it's decided that the way to fix it is to build "safe deposit boxes" that
> > run in container? Is there ever an end in sight?
> Recall that previously sysadmins used programs such as ghost to image a
> system. A completely operational system with all the required software
> could be created fairly quickly with minimum configuration. If your
> h/w crashed, you can get up and running fairly quickly on a new machine
> (provided your unique bits were backed up & restored). The same thing
> could be done for server machines. By minimizing differences you can
> apply security patches or put new machines in service quickly. A server
> machine needs much more than the main service program before it can
> be put in real service but machines providing the same service need
> pretty much the same things.
> When VMs and containers started getting used, the same model could
> be used for provisioning them. The docker folks simplified this
> further. Now you can spin up new servers almost trivially (even if
> later tooling via Kubernetes and such got quite complicated). Seems
> to me, this provisioning of whole systems is what users of technologies
> such as jail never quite got it.
> A couple of points on this: 1) I think this can be simplified even
> further if one can rely on a fast control plane connection by basically
> lazily pulling in the contents of each container. 2) If the underlying
> system provides a capability architecture, you can probably achieve the
> exact same functionality without containers as the required "many worlds"
> functionality is already built in.
> -- Bakul
More information about the TUHS