What’s the OS in your mind? (內心的OS)

Only Taiwanese knows this joke

Operating Systems are everywhile in our life. But what is an OS?

An operating system (OS) is like the government of a computer. It manages the hardware resources: CPU time, memory, storage. OS must fairly allocate resources to programs, just like a government ensures water, electricity, and roads are shared between factories and citizens.

Our textbook, Operating Systems: Three Easy Pieces (OSTEP), explains that the OS has three fundamental tasks:

  1. Virtualization: the book asks us: we only have one CPU, how can we run four programs at the same time? The OS creates the illusion that everyone has its own private CPU. For DRAM, the OS creates an illusion that each program has its own private memory. Think about it: when you write a Python program, do you need to know how many other programs will be running in the computer you will run on? Your Python will run just fine whether there are two or twenty other programs running on the same computer, using the same CPU, using the same memory. But, that means, the OS must switch between these programs. But how does the OS switch among them without us noticing it? That’s the magic of virtualization.
  2. Concurrency: We often need to split a big job and run them in parallel on multiple CPUs. This will reduce the finishing time. But what happens when multiple programs running on different CPUs must touch the same data? It can conflict. The OS provides us tools to ensure that concurrent operations don’t lead to conflicts.
  3. Persistence: Your data needs to survive even when the power is turned off. The OS manages this through the file system. It provides a standard interface for programs to store and get data. You don’t need to know whether your data lives on a hard drive or an SSD.

OS Security

Why do you have to wait a few seconds after pressing the button on a YouBike before you can ride away? Because you’re waiting for a tiny computer to boot up its operating system, start the drivers for the 4G modem and the NFC card reader, and get ready to talk to the Youbike’s cloud server. Without those drivers, an user program cannot tell the 4G and NFC hardware to do things. The OS also makes sure if some kids try to misuse Youbike, they see something like this:

But what happens when there is bug or virus in the driver?

Funny news:

Do you know what operating system runs on the entertainment system on a typical airplane? Android! Most of the world’s in-flight entertainment systems are developed by a company called Panasonic Avionics. Yes, the same OS that might be on your phone. Some airplane lets the passenger online chats with each other, security researchers have found vulnerabilities in these systems that make it possible to do some funny things.

Funny things on airplane:

Nintendo doesn’t run Windows or Linux on the Switch. They build their own OS that is very tough to prevent hackers from pirating games.

Patch and update

OS has bugs, bugs are fixed by patch, patch is applied through security updates. Typically, OS has to be rebooted after a security update. This could be problematic in many situations. There are many systems that must run non-stop for years. For example, a nuclear plant can’t be shut down to apply OS security update to its software. Don’t be surprised if nuclear plant still run IBM mainframe from the 1980s.

2024 CrowdStrike Nightmare

8.5 million systems running Windows crash into blue screen on July 19, 2024 due to a security update.

Global damage: 5078 air flights, 4.6% of those scheduled that day, were cancelled.

Wikipedia:

On 19 July at 04:09 UTC, CrowdStrike distributed a faulty configuration update for its Falcon sensor software running on Windows PCs and servers. A modification to a configuration file which was responsible for screening named pipes, Channel File 291, caused an out-of-bounds memory read in the Windows sensor client that resulted in an invalid page fault. The update caused machines to either enter into a bootloop or boot into recovery mode.

Almost immediately, Windows virtual machines on the Microsoft Azure cloud platform began rebooting and crashing, and at 06:48 UTC, Google Compute Engine also reported the problem.

How to fix?

Affected machines could be restored by rebooting while connected to the network; ideally while connected to Ethernet, thus providing the opportunity to download the reverted channel file, with multiple reboots reportedly required.

Security v.s Availability

Availability measures how long a service remains functional. Availability is important for e-commerce platforms like PChome, which lose a lot of money if customers cannot access the website even for a few minutes. Major websites strive to keep their downtime within minutes per year (downtime status statistics)

Many companies accept delayed security updates to avoid risks like unexpected service disruptions. However, this trade-off can be dangerous. In 2017, the WannaCry attack caused chaos globally. In 2018, TSMC was attacked by WannaCry and lost billions of NTD. TSMC was attacked because it had not applied the security patches Microsoft released after the initial outbreak in 2017.

On Linux, we use “kernel panic” to refer to an OS crash. What is the manual fix most people use to fix a kernel panic? Press the button to reboot.

Why would a reboot usually fix everything??

iPhone Runs >5 OSs!

You think your iPhone runs just iOS? No. iOS talks to other OSs running in specialized chips in iPhone. Here are some of them:

  1. sepOS: Your Face ID and fingerprint data are not managed by iOS. They’re handled by a co-processor called the Secure Enclave, which runs its own microkernel OS based on L4. Its only job is to keep your secrets.
  2. Java Card OS: When you use Apple Pay, the transaction happens on a chip called the Secure Element (SE), which runs its own tiny, high-security OS. iOS just tells it when to wake up.
  3. QuRT: The cellular modem, the chip that connects you to the 4G network, runs its own OS. On recent iPhones with Qualcomm chips, it runs a real-time OS called QuRT. Airpods and Apple Pencil also run this OS.
  4. RTKit: The tiny, low-power “Always-On Processor” that listens for “Hey Siri” and tracks sensor data runs yet another real-time OS called RTKit.

Why does Apple split the iPhone into so many specialized operating systems instead of letting iOS handle everything?

From a security standpoint, each subsystem runs on its own tiny OS because if one part is hacked, another is still secure. Even if iOS gets hacked, your credit card is still safe.

From a power perspective, the processor that listens for “Hey Siri” needs to draw energy even if the phone is sleeping. Running a small OS means that iOS doesn’t need to stay awake, and your battery will last longer.

Many requirements

So, back to our Taiwanese saying: “what’s the OS in your mind?” What do you want from an OS? Can be many, and it depends.

  • Boot Time: An OS can boot up under 4 millisecond. The OS in your Airpod can boot up boot up under 1 second. But a server might take 10 minutes to boot, and that’s perfectly fine.
  • Uptime: You probably reboot your laptop every few days for an update. When I was a student admin for the NTU CS workstations, we had servers that ran continuously for months without stopping. There can be hundreds of students compiling code, and some would inevitably write programs that tried to eat all the memory. We couldn’t just reboot the machine. The OS must control the damage from a single user without affecting anyone else. You don’t need that on your PC.
  • Scale: Your laptop might have 8~16 CPU cores. A big server in Google’s data center can have over 200 cores and 2 Terabytes of RAM. Its CPUs even run at a slower clock speed than your laptop’s! Why? Because its OS is optimized for throughput (handling thousands of Google Colab users at once), not latency (making one user’s mouse feel quick).
  • Power: How does a Huawei GT Pro smartwatch last for two weeks without charging, while an Apple Watch lasts no more than one day? It has a lot to do with the OS.

The amazing thing is that the same Linux kernel can be configured to run in all these different scenarios. Huawei runs the same OS, HarmonyOS, in smartphone, in router, and in a car.

We’ll learn how the OS performs its magic tricks, from scheduling processes on the CPU to managing memory. Welcome to the world of Operating Systems.

Food for thought

  1. Your iPhone contains at least five different operating systems. Does this make the phone more secure or less secure? Why?
  2. OS design has many trade-offs (e.g., performance vs. power vs. security). If you were designing an OS for a self-driving car, how would you prioritize? What about for a social media app’s server?
  3. ATMs and metro systems often must operate for 30+ years. Many of them run on very old, unsupported operating systems. What does this tell us about the real-world challenges of security and system administration?
  4. If the OS is a “government,” what happens when different programs or users have conflicting needs? How can the OS be “fair” to everyone?

Get Familiarized with Linux

MIT offers an excellent course, The Missing Semester of Your CS Education, to familiarize you with the terminal interface. Please take the first course to play around with the shell. You’re encouraged to browse their other courses if time allows.

Use Github Codespace as a place to get a Linux environment without installing one.

  1. Create a Github Account if you don’t have
  2. Set a 10-minute timeout for Github Codespace. This prevents you from running out of your quota too soon.
  3. Click the button below and click “Create Codespace”. This will open a web-based VS Code devcontainer on Github.

open in GitHub Codespaces.

It might take a minute or two for the Codespace to build. Once you see a VS Code interface with a terminal at the bottom, you’re ready to go.

Back to top