Operating systems cannot be hermetically sealed environments

May 9, 2014

There's an idea that you can find rattling around operating systems; the simplest way to describe it is that operating systems and their OS-supplied components should be seen as essentially a black box that's there to provide you certain basic services. In a Unix environment, this would be very little beyond a standard library, standard shell script pieces, and a few similar things. The operating system may have other components but they are for its internal use, not for the use of your programs and systems. In OmniOS this idea is known as 'keep your stuff to yourself' but it's by no means exclusive to OmniOS, partly because it's attractive to many people who want to build a minimal OS.

The problem with this is that like it or not, operating systems are not hermetically sealed environments with minimal and standardized interfaces (libc, basic shell utilities, etc). I don't mean this in the sense that people using an OS will inevitably find it convenient to use the OS's versions of things even though they're not supposed to (which they totally will, by the way). I mean this in the sense that such a minimal interface is too small to be practical.

We saw one point of friction with the mailer dependency issue. MTAs are generally one to a system so the interface to the MTA implicitly becomes an API that the OS both exposes and uses itself. Another example is how you hook yourself into whatever fault monitoring and management system the OS has. How the OS reports faults (and what faults it reports) forms at least an implicit API because you need this information to sanely manage your systems.

('We syslog kernel messages' or 'we write messages to a file' is still an implicit API.)

This is what I mean by the OS not being a hermetically sealed environment in practice. You cannot give people a simple black box OS and have it be useful. All of those implementation details of logging and fault management and mail and so on will inevitably leak outside of the box whether you officially document them or not, because this is what's needed to run real systems.

(I think that we often don't notice this because we take them as 'part of Unix, more or less', and they aren't standardized across Unixes.)

Sidebar: one diagnostic test of 'is something purely internal'

My test is 'could the basic OS remove this entirely without people exploding'. For things like Perl and Python (when you've been told to not use the OS's versions of them) the answer is theoretically yes. Now imagine a Unix OS that did not log anything at all via syslog (or just at all). Would you accept that or would you immediately rule it out?

(Yes, there are some environments where this wouldn't be a disqualification. I don't think there are very many.)

Written on 09 May 2014.
« The modern world of spliced together multi-layer DNS resolution
Some uses for Python's 'named' form of string formatting »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri May 9 01:59:07 2014
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.