Re: kernel programming isn't so hard [...]

Jurgen Botz (jurgen@botz.org)
Sat, 26 Jun 1999 11:21:33 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brandon S. Allbery KF8NH: "Re: VFS event hooks"
Previous message: Rolf Fokkens: "small scsi_scanorder patch (repost)"
In reply to: Theodore Y. Ts'o: "Re: kernel programming isn't so hard, but even so, reiserfs seems to be getting an "exokernel" imple"

"Theodore Y. Ts'o" wrote:
> And for some strange reason, application programmers are more likely to
> use SSL (and other technologies which don't require kernel mods) to
> ipsec (which does require kernel mods).

Although your point may be valid, IPsec doesn't seem like a valid example.
IPsec is a very complex system consisting of several components which
have been arriving at standardization in different stages and its usefulness
is highly correlated to interoperability between different implementations
which in turn just hasn't really arrived yet. The Linux implementation
was only /just/ released and isn't part of the standard kernel (and won't
be because of the export restrictions, yadda, yadda). IPsec is also
pretty difficult to configure (prohibitively so for most end-users at
this stage) and its full usefulness depends on related infrastructure
(such as keys in the DNS) which has not arrived yet either.

In other words, IPsec has a host of obstacles to its adoption which
wouldn't apply to filesystem code. Even so, I'd expect that in another
year we'll see a bigger percentage of Internet traffic IPsec encrypted
than SSL encrypted! This will be because SSL is only used for the
occasional "highly sensitive" application connection whereas IPsec
once adopted will simply encrypt everything. This will be A Good Thing
because by ubiquity it improves overall security.

And that goes back to Hans's argument... by adding some well-chosen
higher-level abstractions to the filesystem you make these abstractions
ubiquitous and therefor raise the level of functionality (and efficiency)
of the overall system. The result is that over time programs which need
this functionality become simpler (because it is now a primitive in the
underlying system) and programs which wouldn't otherwise have bothered
with this become better while remaining simple.

I have been watching Hans's work with great interest because I think his
ideas are very well-considered and compelling. What he is trying to
do certainly is not "Unix" anymore... and as Linux's Not Unix, it has
been and will continue to go beyond the traditional Unix abstractions.
We all want to keep to the spirit of one of Unix's greatest virtues;
namely that the system's primitives are a small set of well-chosen
abstractions from which we can build everything else. But I think
that Hans is right in saying that the Unix filesystem is semantically
impoverished, so it makes sense to focus some effort here, and I feel
that what he has come up with so far very much fits the imperative of
providing a small set of clean abstractions on which to build. How
well it will work is something we'll have to find out by trying it.

- Jürgen

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Brandon S. Allbery KF8NH: "Re: VFS event hooks"
Previous message: Rolf Fokkens: "small scsi_scanorder patch (repost)"
In reply to: Theodore Y. Ts'o: "Re: kernel programming isn't so hard, but even so, reiserfs seems to be getting an "exokernel" imple"