On Mon, Feb 08, 2021 at 12:11:08PM -0600, Will Senn wrote:
And a bonus question, why, oh why, can't we have
a contained kernel that
provides minimal functionality (dare I say microkernel), that is securable,
and layers above it that other stuff (everything else) can run on with
auditing and suchlike for traceability?
I can answer the microkernel question I think. It's discipline.
The only microkernel I ever liked was QNX and I liked it because it was
a MICROkernel. The entire kernel easily fit in a 4K instruction cache.
The only way that worked was discipline. There were 3 guys who could
touch the kernel, one of them, Dan Hildebrandt, was sort of a friend
of mine, we could, and did, have conversations about the benefits of a
monokernel vs a microkernel. He agreed with me that QNX only worked
because those 3 guys were really careful about what went into the
kernel. There was none of this "Oh, I measured performance and it is
only 1.5% slower now" nonsense, that's death by a hundred paper cuts.
Instead, every change came with before and after cache miss counts
under a benchmark. Stuff that increased the cache misses was heavily
frowned upon.
Most teams don't have that sort of discipline. They say they do,
they think they do, but when marketing says we have to do $WHATEVER,
it goes in.