* * * * *
                                        
             So where are the fault-tolerant Unix systems of today?
                                        
> … and by October of 1990 a complete nanokernel was running on the Omron
> Luna/88K. The current nanokernel contains approximately 20,000 lines of C
> code and less than 2,000 lines of assembler code….
> 
> In addition, the ability to recover all run-time kernel data from
> checkpointed state means that an interruption of power does not disrupt
> running programs. Typically, the system loses only the last few seconds of
> keyboard input. At UNIFORUM '90, Key Logic pulled the plug on our UNIX
> system on demand. Within 30 seconds of power restoration, the system had
> resumed processing, complete with all windows and state that had previously
> been on the display. We are aware of no other UNIX implementation with this
> feature today….
> 
> The paging system is tied to the checkpoint mechanism, and is discussed in
> the section on checkpointing, below. Persistence extends across system
> shutdown and power failure. Several IBM 4341 systems ran for more than
> three years across power failures without a logical interruption of
> service.
> 

KeyKOS Nanokernel Architecture [1]

Accordingly, KeyKOS also received a B3 security rating, and it's a
multitasking, **multiuser** system. At best, Unix can get a C2, and Windows
NT can get that if it's networking is removed. I don't think it's generally
available, but one that is based upon KeyKOS, EROS, [2] is available, and
GPLed.

[1] http://www.cis.upenn.edu/~KeyKOS/NanoKernel/NanoKernel.html
[2] http://www.eros-os.org/

Email Sean Conner at sean@conman.org

.