Linked by David Adams on Wed 13th Aug 2008 16:57 UTC, submitted by irbis
"I recently had the opportunity to interview Andrew S. Tanenbaum, creator of the extremely secure Unix-like operating sytem MINIX 3. Andrew is also the author of Operating Systems Design and Implementation, the must-have book on programming and designing operating systems, and the man whose work inspired Linus Torvalds to create Linux. He has published over 120 works on computers (that's including manuals, second and third editions, and translations), and his works are known all over the world, being translated into a variety of different languages for educational use universally. He is currently a professor of computer science at Vrije University in Amsterdam, the Netherlands."
Permalink for comment 326881
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-06
It's funny. Even after all this time (eighteen years after Torvalds's and Tanenbaum's e-mail exchange) people just don't get that IPC in a kernel is colossally expensive. Until we get hardware that has unlimited resources and where there is no cost in increasing the layers in a system, microkernels are a total waste of time in all but a very small context of uses, and their use is even debatable there. Embedded devices with limited resources, such as Tanenbaum's TV example in the argument, is even funnier. It still matters, and will matter for a very, very long time.
IPC and distributed system are also unbelievably complex to get right as anyone knows, which means I have always laughed at the simplicity arguments of microkernel proponents. You also have to do lots of ludicrously expensive things such as copy data. There are lots of implications involved.
Think about this: the reason why people talk about microkernels as great is because they are assuming that they'll fail, and assuming failure, before a single line of code is written and assuming that everything will be fine because they have a microkernel. Kernels are a unique piece of software (it's where everything starts, obviously) where that kind of attitude is a tad dangerous. It's really a self-fulfilling prophecy.
I have never seen one piece of evidence that shows me that in all the uses that kernels have in the world, microkernels make an appreciable positive difference in reliability, especially versus more immediate performance concerns.
That really strikes at the heart of the matter - there is no evidence that microkernels actually matter or make a difference in pretty much all the uses out there. The part of the article where we get to see that Tanenbaum still has no practical sense whatsoever is where he talks about using a microkernel to keep a TV running. It's one of those hypothetical, academic things of no practical use. Well, people have been doing that for a long time now, and what they generally do is cut down a kernel (usually Linux these days) to the bare minimum to run on hardware that has a limited set of uses - which is how QNX is used anyway. If we saw a microkernel run on systems that do many different things, then we'd see how reliable it really is - but we don't.
Certainly in a device like a TV, of more paramount importance is the general responsiveness of the system, and the failure of a TV set is almost always a result of the software running on top (or the hardware), not the kernel, and that's the part with all the functionality. Even then though, if one part of your kernel fails it is still a failure (it's a kernel!) which usually takes down most of the system regardless, and this is what Andrew still fails to get conceptually about them. You just end up going round in large circles of complexity looking for mythical holy grails of simplicity, reliability and security.
I actually feel pretty sad for him that he still thinks that way after all this time, and sad for most microkernel components who haven't paid attention to practice rather than academic theory.