Linked by Thom Holwerda on Tue 30th Aug 2011 17:29 UTC, submitted by Dale Smoker
OSNews, Generic OSes "What would an operating system look like it if were redesigned with security in mind? Joanna Rutkowska thinks she has the answer with the development of Qubes OS. We sit down for an interview with Joanna to discuss the way Qubes OS augments security."
Thread beginning with comment 488231
To view parent comment, click here.
To read all comments associated with this story, please click here.
bannor99
Member since:
2005-09-15

QNX seems to have been able to build a true microkernel OS that performs very well - how did they do it?

Complexity may be the enemy of security but you cannot do away with it completely so you must have safe designs, tools, languages, etc.

I think we chose the wrong path decades ago and we may never fully switch. What i mean was that the monolithic design prevailed because of its performance and we had to live with the bugs, security risks, crashes and system restarts.
The $100 billion question - would we have been better of to go microkernel and try to mitigate the performance deficit ( which would improve quickly over time as hardware sped up by leaps and bounds every few years ) or did we do right by choosing performance and having to live with the downsides of the monolithic design?

Reply Parent Score: 2

Alfman Member since:
2011-01-28

bannor99,

"QNX seems to have been able to build a true microkernel OS that performs very well - how did they do it?"

I'm not very familiar with it at all, so I can't really say.


"Complexity may be the enemy of security but you cannot do away with it completely so you must have safe designs, tools, languages, etc."

Yea I know, but linux is an obvious example of where too much has gone into the kernel. Now every developer compiling the kernel has to weed through the most esoteric hardware in existence - and the self documentation doesn't even make clear who needs it - anyone who's compiled linux will recognize this problem.

They throw way too much into the kernel for the sake of it, not because of performance or because it makes any sense. Of course alot of this is Linus' fault for steadfastly refusing to adopt a steady ABI/API which would allow devs to compile/distribute drivers outside of the kernel (even when they get linked back in during run time).

"I think we chose the wrong path decades ago and we may never fully switch. ... The $100 billion question - would we have been better of to go microkernel and try to mitigate the performance deficit"

I concur. The inefficiencies of a microkernel approach would have been worked out in hardware, but the complexity/insecurity of a macrokernel cannot be.

Reply Parent Score: 2