Jonathan Walther
On Sun, 20 Jun 1999, Eric S. Raymond wrote:
> (Please copy any replies to me explicitly, as I'm not presently subscribed
> to the linux-kernel list -- it's not practical when I'm spending so
> much time on the road.)
>
> Gents and ladies, I believe I have may have seen what comes after
> Unix. Not a half-step like Plan 9, but an advance in OS architecture
> as fundamental at Multics or Unix was in its day.
>
> As an old Unix hand myself, I don't make this claim lightly; I've
> been wrestling with it for a couple of weeks now. Nor am I suggesting
> we ought to drop what we're doing and hare off in a new direction.
> What I am suggesting is that Linus and the other kernel architects
> should be taking a hard look at this stuff and thinking about it. It
> may take a while for all the implications to sink in. They're huge.
>
> What comes after Unix will, I now believe, probably resemble at least
> in concept an experimental operating system called EROS. Full details
> are available at <http://www.eros-os.org/>, but for the impatient I'll
> review the high points here.
>
> EROS is built around two fundamental and intertwined ideas. One is
> that all data and code persistence is handled directly by the OS.
> There is no file system. Yes, I said *no file system*. Instead,
> everything is structures built in virtual memory and checkpointed out
> to disk every so often (every five minutes in EROS). Want something?
> Chase a pointer to it; EROS memory management does the rest.
>
> The second fundamental idea is that of a pure capability architecture
> with provably correct security. This is something like ACLs, except
> that an OS with ACLs on a file system has a hole in it; programs can
> communicate (in ways intended or unintended) through the file system
> that everybody shares access to.
>
> Capabilities plus checkpointing is a combination that turns out to
> have huge synergies. Obviously programming is a lot simpler -- no
> more hours and hours spent writing persistence/pickling/marshalling
> code. The OS kernel is a lot simpler too; I can't find the figure to
> be sure, but I believe EROS's is supposed to clock in at about 50K of code.
>
> Here's another: All disk I/O is huge sequential BLTs done as part of
> checkpoint operations. You can actually use close to 100% of your
> controller's bandwidth, as opposed to the 30%-50% typical for
> explicit-I/O operating systems that are doing seeks a lot of the time.
> This means the maximum I/O throughput the OS can handle effectively
> more than doubles. With simpler code. You could even afford the time
> to verify each checkpoint write...
>
> Here's a third: Had a crash or power-out? On reboot, the system
> simply picks up pointers to the last checkpointed state. Your OS, and
> all your applications, are back in thirty seconds. No fscks, ever
> again!
>
> And I haven't even talked about the advantages of capabilities over
> userids yet. I would, but I just realized I'm running out of time --
> gotta get ready to fly to Seattle tomorrow to upset some stomachs
> at Microsoft.
>
> www.eros-os.org. Eric sez check it out. Mind-blowing stuff once
> you've had a few days to digest it.
> --
> <a href="http://www.tuxedo.org/~esr">Eric S. Raymond</a>
>
> The Bible is not my book, and Christianity is not my religion. I could never
> give assent to the long, complicated statements of Christian dogma.
> -- Abraham Lincoln
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/