Hacker News new | ask | show | jobs
by abecedarius 3741 days ago
> Is this notion of merging memory and storage an attractive prospect or a nightmare? I’m not sure. There are some huge potential problems. For safety and sanity we generally want to limit which programs can alter which documents. Those rules are enforced by the file system, and they would have to be re-engineered to work in the memory-mapped environment.

This was done back in the 80s in http://www.cis.upenn.edu/~KeyKOS/ . A favorite demo reportedly was to pull the plug on a running computer then start up again. They took the need to redesign security as an opportunity to make it better.
2 comments
hga 3741 days ago
First done as far as I can remember with Multics in the 1960s. The people who worked on IBM's canceled successor to the System/360 used it for System/38 in 1979, with capabilities, a feature which was dropped for the successor AS/400/iSeries/System i.
link
capitalsigma 3741 days ago
I'm not sure his idea about "merging memory and storage" really makes sense. He says that he wants load instructions to be able to hit the disk in order to avoid "calls to input/output routines in the operating system." But you can't avoid the input/output routines --- he's effectively saying that we should hardcode our filesystems into a single machine instruction and let the processor figure it out. If anything, we're moving farther from this model, since VMs give us virtual address spaces inside virtual address spaces.

I don't think this is just a security issue; it really breaks all of the assumptions that we like to make in modern programming languages.

link
abecedarius 3741 days ago
saying that we should hardcode our filesystems into a single machine instruction and let the processor figure it out

I think he was rather saying that the OS could do it: persistent virtual memory as the primary abstraction. In Unix, files and processes are different kinds of things; in KeyKOS there were only processes; RAM was effectively a cache. As Unix directories have links to files, KeyKOS processes could be given capabilities to invoke other processes (passing capabilities and data as arguments). The different security model makes this analogy misleading, but you can see how you could emulate a filesystem.

What assumptions do you mean?

link