The Design of a Reliable and Secure Operating System by Andrew Tanenbaum

Поділитися
Вставка
  • Опубліковано 18 вер 2024
  • Most computer users nowadays are nontechnical people who have a mental model of what they expect from a computer based on their experience with TV sets and stereos: you buy it, plug it in, and it works perfectly for the next 10 years. Computers aren't like that, which leads to frustration.
    Part of the problem is the operating system, which is often millions of lines of kernel code, each of which can potentially bring the system down. As long as we maintain the current structure of the operating system as a huge single monolithic program full of foreign code (device drivers) and running in kernel mode, the situation will not improve.
    In an attempt to provide better reliability and security, we have created a new multiserver operating system, MINIX 3, with only 15,000 lines in kernel and the rest of the operating system split up into small components each running as a separate user-mode processes. It is available for the x86 and ARM for embedded systems. The talk will discuss the design of the system and some of unique aspects, such as live update--the ability to replace the operating system with a new version while it is running without affecting running applications

КОМЕНТАРІ • 60

  • @pavloskairis9994
    @pavloskairis9994 2 місяці тому +2

    excellent presentation, thank you Dr. ast

  • @averri1
    @averri1 8 років тому +18

    Great Tanenbaum. I read almost all your books, and my preferred is Modern Operating Systems.

  • @googlr214
    @googlr214 4 роки тому +15

    I have Tannenbaum book on OS Design, just sitting in my library

    • @Waldemar_la_Tendresse
      @Waldemar_la_Tendresse Місяць тому

      Shame on you.
      Can I has it? 😁

    • @bmno.4565
      @bmno.4565 12 днів тому

      I have the pdf, planning on reading it, along with his book on networks.

  • @Maturion
    @Maturion 6 років тому +9

    A living legend.. I read several of his books at university. Tanenbaum is really an amazing guy.

  • @Waldemar_la_Tendresse
    @Waldemar_la_Tendresse Місяць тому +1

    What Andrew Tannenbaum says at the beginning of the lecture is such a profound truth, which we have unfortunately become all too used to, that it is no longer possible to fully imagine the implications of systems that simply work. Nowadays it is even common to sell self-sufficient musical devices (synthesizers) that simply do not work well.
    Can we as a human society finally get into the habit of handling these things differently and not wasting 90% of human working time on things that don't work? Just imagine the productivity gain and the resulting economic growth, or at least the resulting relaxation of the species.
    Manufacturers, you would like great, innovative advertising for your product, and at almost no cost? I give you one:
    "My product works as intended in 99.99% of all cases.", nothing more is necessary and no one who isn't absolutely crazy wants anything else.
    That is the reason, why printed books have been so populer for centuries, the just "work"!

  • @alialrahahleh676
    @alialrahahleh676 4 роки тому +4

    You are my role model. Respect

  • @dijikstra8
    @dijikstra8 5 років тому +11

    It's a very interesting architecture which makes a lot of sense!
    Though I do disagree with you on the licensing issue, being forced to release your improvements is the whole point of the GPL, if we just let corporations run amok their short term profit motive will motivate them to keep everything secret and eventually there will be dozens of proprietary mutually incompatible versions, essentially repeating the history of UNIX. There's a reason Linux became so successful, and it's largely because companies weren't allowed to make their own proprietary changes to the kernel or the basic userspace without contributing their changes back.

    • @fallsjd
      @fallsjd 4 роки тому +3

      And to your point, I think this talk was also before the revelation (which Tanenbaum was apparently unaware of) that Minix is secretly running inside basically every Intel chipset... See his open letter to Intel.

    • @nil0bject
      @nil0bject 9 місяців тому

      tldr; he writes and sells books about an open source project that he copied....

    • @Waldemar_la_Tendresse
      @Waldemar_la_Tendresse Місяць тому

      That is absolutely true. We urgently need an update to our economic system.

  • @jrgomez
    @jrgomez 6 років тому +4

    Great talk! Thanks!

  • @olexandrshamin7559
    @olexandrshamin7559 8 років тому +4

    I would like to write thesis in this area, but my master program is finishend! Thank you for great speech.

  • @psachin
    @psachin 8 років тому +21

    Raccoons are most likely to visit your house than penguins

  • @larryliang6748
    @larryliang6748 4 роки тому +8

    A perfect example of how a great mind thinks. he is precise, makes clear points, and with a sense of humour.

    • @xnoreq
      @xnoreq 3 роки тому

      No, just no. Have you followed Minix's history versus that of Linux? Is Linus a great mind? Why does he contradict many things that Tannenbaum says then?
      Also, are you aware that Minix, partly due to its license, is run as proprietary spyware on millions of Intel mainboards? And it's running at a lower level than your processor, and you cannot deactivate it?
      Also, the promised reliability is just marketing speak, it's not true. Restarting failed services or drivers does not result in reliability.
      If a hardware state results in a driver fault then restarting the driver won't make the system more reliable. It will fail again. And again. Over and over again.
      Think about it. It's like saying that when a certain condition leads to an immediate motor fault in your car then replacing the motor makes the car more reliable.

    • @xnoreq
      @xnoreq 3 роки тому

      @quebrada Yeah so in other words it's only reliable if there are no bugs. So the reliability argument for micro kernels is mostly marketing.
      And you will have more code in microkernel components and drivers, so according to Tannenbaum this means more bugs.

    • @xnoreq
      @xnoreq 3 роки тому

      @quebrada No, it cannot, for many classes of bugs.
      Consider a bug in the disk subsystem that crashes it and leads to data loss. Restarting the driver won't do any good. Actually, it's very bad because it could hide the data loss.
      Same for bugs in filesystems.
      A bug in the graphics driver that results in the same crash over and over again will result in an unusable system, regardless if you restart the driver or not.

    • @xnoreq
      @xnoreq 3 роки тому

      @quebrada The reliability argument is a theoretical one that only works out in very specific cases. The rest is marketing.
      This is offset by the huge increase in complexity for asynchronous communication and persistence and recovery of state, which ends up making the whole thing harder to develop, harder to debug, increase the LOC and probability of bugs, etc.

    • @xnoreq
      @xnoreq 3 роки тому +1

      @quebrada Yes, I listened to this talk quite some time ago, but I also used my brain.
      "various forms of redundancy", yeah, which is not micro-kernel specific at all, so you have no gains at all for the most COMMON cases.
      Quite the contrary, as explained before, you got extra complexity, especially due to the asynchronous messaging.
      And because of that, entire classes of easily debuggable and reproducible bugs on something like Linux become a nightmare to deal with on something like Minix.
      Also, I never talked about 100% reliability, that's your strawman argument. What I've argued against is the marketing claims about reliability. It's used as a major selling point in all of Tanenbaum's presentations / sales shows.
      The truth is that in practice and in common cases you get little to no improvement. And as explained there are several cons.

  • @ДмитрийВаськов-л7ь
    @ДмитрийВаськов-л7ь 2 роки тому +2

    Лютый дед. Таким дедам надо памятники чугунные на вокзалах ставить...

  • @JustmeAgainOk
    @JustmeAgainOk 2 роки тому

    Very insightful talk , less code less bugs.

    • @Waldemar_la_Tendresse
      @Waldemar_la_Tendresse Місяць тому

      Yes. Just stop writing code and using any computers and life is a dream. 😁

  • @RoDrop
    @RoDrop 8 років тому +1

    Excellent! Thanks for posting and sharing.

  • @Waldemar_la_Tendresse
    @Waldemar_la_Tendresse Місяць тому

    The only reason why the GPL has been a problem for companies so far is because our economic system has not yet been able to be transferred to an "open source/knowledge" version of itself.
    Open source/knowledge medicine is just one of the necessary milestones.

  • @Waldemar_la_Tendresse
    @Waldemar_la_Tendresse Місяць тому

    I love the almost incidental idea of ​​"garbage collecting" in C: swap the operating system for the same version via crontab once a day and a system can run for the aforementioned 50+ years.
    I AM HOOKED! And not just because of the racoon.

  • @zoranristov7349
    @zoranristov7349 6 років тому +3

    Why isn't this guy being taught at schools/unis? Yet they teach you about a freaking Steve Jobs my god the world we live in

    • @32gigs96
      @32gigs96 4 роки тому +2

      Zoran Ristov nigga he has wildly successful books on OS design and is the maintainer of the minix kernel which is used in schools to teach kernel dev...

  • @andy12829
    @andy12829 2 роки тому

    Legend 🙏

  • @yxyk-fr
    @yxyk-fr 9 місяців тому

    5:08 FALSE
    CDs use Reed-Solomon error-correcting codes that do not use 3/4th of the space to correcting errors, it's the reverse.
    CDs use interleaved, 2-level RS ECC with modest overheads each, so maybe 1/4th of the total data are error-correcting data.

  • @gackerman99
    @gackerman99 Рік тому

    this guy had me at bloated bootloaders. you wouldn't think to notice but some of them are obscenely complicated and it hurts us much more than it helps

  • @stevencripe3987
    @stevencripe3987 5 років тому +4

    Now, I'm no programmer, but one issue I notice with his claim about bugs per LoC is that a microkernel will have less bugs. Now, at face value this is true. However, moving code out of the kernel isn't actually reducing bugs, its just moving them around. You aren't solving the issue with a microkernel. I very much like the Linux method, to clarify.

    • @dijikstra8
      @dijikstra8 5 років тому +3

      The point is to keep bugs out of the kernel though, and only allow processes and drivers to do what they should. I like Linux, I run Linux on all my computers, but at least in theory the architecture of a microkernel is superior. The Hurd microkernel was in fact originally intended to be what Linux instead became by sheer coincidence of timing, the kernel of the GNU operating system.

    • @dint1911
      @dint1911 5 років тому +1

      @@dijikstra8 Actually linux will be always faster...

    • @whodaFru4551
      @whodaFru4551 5 років тому +3

      its not always about speed. Often a system is required that is reliable and secure. Thats what he talked about.

    • @DelgardAlven
      @DelgardAlven Рік тому

      ​@@dint1911 man, u walking down the street with a speed of light. why u need to be even faster, i have no idea.

  • @ronniemack2035
    @ronniemack2035 Місяць тому

    🔥🔥🔥

  • @pogda-ne3ne
    @pogda-ne3ne 6 років тому

    Is Andrews 5.1 compatible with Windows 7, as I need to run a program that needs to work on Windows 7, not 10.

  • @jtomae
    @jtomae 6 років тому

    at 24:20, can you prompt the user to switch clients? automatically try others?

  • @gaiuszeno1331
    @gaiuszeno1331 4 роки тому

    Does anyone know why he chose LLVM/Clang over The Amsterdam Compiler Kit?

  • @ipromiseolive6373
    @ipromiseolive6373 7 років тому

    hello sir please i need help i love designing computer operation system but not unix style operating deferent from that of mac i need a video tutorial on how to setup the cpu emulator on mac to start.

    • @Ra000leo
      @Ra000leo 7 років тому

      iPromise baba Are you asking Tenenbaum to help you?

    • @clovisbeveren4872
      @clovisbeveren4872 3 роки тому +1

      🤣🤣🤣

  • @jtomae
    @jtomae 6 років тому

    more like, store info to tell the user

  • @Waldemar_la_Tendresse
    @Waldemar_la_Tendresse Місяць тому

    (e)Links was perfect until they started to commercialize the web and posting pictures of cats.

  • @ximalas
    @ximalas 5 років тому

    Too much ok.

  • @lesliedellow1533
    @lesliedellow1533 7 років тому +2

    I think he should know that it is usually Linux which has me putting my fist through the screen.

  • @MarquisDeSang
    @MarquisDeSang 4 роки тому

    Huawai'OS -> Harmony OS is the microkernel OS that will destroy MS Windows, macOS, ioS, Android, Linux.

    • @DelgardAlven
      @DelgardAlven Рік тому +1

      so, how it is going, successfully destroyed?

  • @asagk
    @asagk 5 років тому

    Hmm ... nothing new really. Forking to get rid of memory leaks in long running processes is the very standard for unix demon implementation. To use this for drivers makes a good point, but doesn't make things become really better, when it comes to bugs/lines of code. I am missing the real innovation in all this somehow ...
    Perhaps one should rethink the hardware first, before adding the software to it. And the hardware is not what is reliable, safe und fault tollerant in the first place, especially when it comes to nosense like Trusted Platfrom Computing. I fear there is lots of work time wasted on the wrong platforms, but I also hope a platfrom will come some day, that is not intended on how to spy better on people, but on how computing can become more reliable, safe, power efficient and still acceptable in speed. My impression is, we should get to that point first, before wasting energy on another os being ported to one more of the many platforms in the market.

  • @DelgardAlven
    @DelgardAlven Рік тому

    Today bootloaders is unusable shit from user point of view in my opinion, u simply can't install and then boot diff OSes with no pain in the ass, i mean, even on arch-wiki it is recommended to consequentially install firstly windows, and only then any linux distro. For me that is just nonsense. I mean, why????? Isn't that something windows-specific in bare-fkin-metal, or it is windows doing things treaky to make the world just a mess? Anyway it is nonsense, just goddamned nonsense!
    In a world of maybe like 100 different OSes, half of which are just unstable - this simple feature is a must-have for any bootloader.
    Or yeah, anyone must use windows to the world's end. Sounds great and very sane.

  • @mahkhi7154
    @mahkhi7154 4 місяці тому

    Minix is a Brilliant Philosophy. Its Implementation is Sh1t. Its Just Too Slow. You Have to do the Philosophy at Speed.