[cap-talk] Can We Make Operating Systems Reliable and Secure?

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Mon May 8 23:24:55 EDT 2006 

I wrote:
> There is a video where the main designers of Singularity basically say that they
> don't expect to produce a successful consumer OS; that it's all just blue sky
> research, from which various ideas may or may not be folded into Windows. I'll
> try to find the URL for it.

<http://channel9.msdn.com/ShowPost.aspx?PostID=68302>

Jim Larus (~ 9 min 50 sec):

"So, we have no illusions that we're building an operating system that Microsoft
 is ever going to ship as a product. That's not our goal. I mean, particularly
 we started with the idea of forgetting about compatibility with /any/ existing
 system, which means that almost nothing runs on this, because the interface is
 very different.
"You know, it has the disadvantage that it looks like DOS, and it's gonna look
 like DOS for a long time, and we're not going to have any really fancy applications
 that can show it off, so you don't want to put it on the screen. But it also has
 the advantage that we can really experiment with the structure of the system, and
 what an application actually looks like on the system, without worrying about,
 well, 'We can't do that because we wouldn't be able to have the Win32 or a similar
 interface if we did that.'
"We have been very much trying to make the code on the system much more self-
 contained and static. So Dylan mentioned that we don't allow dynamic code loading,
 so that when a process starts up, that's all the code that's ever going to be in
 that process' object space. That has a lot of advantages [...] But it also means
 that the programming model that everybody's familiar with, which is DLL or dynamic
 code loading, doesn't work on this system.
"So, you know, if you don't worry about compatibility, you can think up new
 solutions to that, which is really what we've been doing, saying 'If you want to
 do an extension to the system, if you want to do an extension to the application,
 start up one of these library processes and communicate with it over a channel.'
"The interesting thing is, we're actually using exactly the same model for the
 system, and for the applications, so device drivers run in these Software Isolated
 Processes, communicate over channels to the rest of the system. If you write
 an application on Singularity, you use exactly the same mechanism. That's one of
 the things we're able to do because we don't have to worry about backward
 compatibility with device drivers, or backward compatibility with application
 codes or APIs or anything like that.
"But you know, if you were actually going to build a product, these would be the
 wrong decisions."

Interviewer:
"Absolutely. [...]"

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>

More information about the cap-talk mailing list