You are browsing as Guest
Click here for list of discussions
Click here to login
Augment the existing selection
Replace the existing selection
Discussion: AMPS
You have read-only access
You may need to scroll to the right ...
Click here to view in strict time order
Click here to view in neighbourhood mode.
%3
N_20210214175243a_ColinWright
By ColinWright
2021/02/14 @ 17:52:43a
--------------------------------
In the mid 1990s my
colleagues and I created
and used what was to us a
new style of programming.
(select only this node)
N_20210214175243b_ColinWright
By ColinWright
2021/02/14 @ 17:52:43b
--------------------------------
I'm sure it wasn't new, I'm
sure others will say: "Oh, it's
just XXXX" ... but to us it was
new, and powerful, and let us
do some difficult stuff easily.
(select only this node)
N_20210214175243a_ColinWright->N_20210214175243b_ColinWright
N_20210214175243c_ColinWright
By ColinWright
2021/02/14 @ 17:52:43c
--------------------------------
So I'm going to
describe the AMPS.
(select only this node)
N_20210214175243b_ColinWright->N_20210214175243c_ColinWright
N_20210214175634a_ColinWright
By ColinWright
2021/02/14 @ 17:56:34a
--------------------------------
We were implementing a large
and complex system with
lots of "moving parts".
(select only this node)
N_20210214175243c_ColinWright->N_20210214175634a_ColinWright
N_20210214183247a_ColinWright
By ColinWright
2021/02/14 @ 18:32:47a
--------------------------------
* [A] nonymous
* [M] essage
* [P] assing
* [S] ystem
(select only this node)
N_20210214175243c_ColinWright->N_20210214183247a_ColinWright
N_20210214224346a_ColinWright
By ColinWright
2021/02/14 @ 22:43:46a
--------------------------------
In the interests of
full-disclosure, some of what
follows is not true, because
there are some things I still
can't say about the system. So
bit of this are true, some bits
are not true, but the overall
message being given to you, the
reader, is accurate enough.
(select only this node)
N_20210214175243c_ColinWright->N_20210214224346a_ColinWright
N_20210214180557a_RDS
By RDS
2021/02/14 @ 18:05:57a
--------------------------------
The RDS
(select only this node)
N_20210214175634a_ColinWright->N_20210214180557a_RDS
N_20210214175634b_ColinWright
By ColinWright
2021/02/14 @ 17:56:34b
--------------------------------
Among the many challenges
was the fact that the system
as a whole would be running
across multiple machines on
multiple sites, connected
by different types of links
with different capacities.
(select only this node)
N_20210214175634a_ColinWright->N_20210214175634b_ColinWright
N_20210214175634d_ColinWright
By ColinWright
2021/02/14 @ 17:56:34d
--------------------------------
The system as implemented
wouldn't know at the time
of implementation where the
various components would
run ... that had to be
configurable and extensible.
(select only this node)
N_20210214175634b_ColinWright->N_20210214175634d_ColinWright
N_20210214175634c_ColinWright
By ColinWright
2021/02/14 @ 17:56:34c
--------------------------------
Some of the links would
be reliable, others
would be unreliable.
(select only this node)
N_20210214175634b_ColinWright->N_20210214175634c_ColinWright
N_20210214191013a_ColinWright
By ColinWright
2021/02/14 @ 19:10:13a
--------------------------------
Though mostly that would
be dealt with by the
nature of the traffic the
different links carry.
(select only this node)
N_20210214175634c_ColinWright->N_20210214191013a_ColinWright
N_20210214180557c_RDS
By RDS
2021/02/14 @ 18:05:57c
--------------------------------
Create the digital
data stream
(select only this node)
N_20210214180557d_RDS
By RDS
2021/02/14 @ 18:05:57d
--------------------------------
Filter the
digital stream
(select only this node)
N_20210214180557c_RDS->N_20210214180557d_RDS
N_20210214224854a_ColinWright
By ColinWright
2021/02/14 @ 22:48:54a
--------------------------------
Note also that I've not
bothered to make all the tenses
consistent. There are parts
in the past tense, and some
in the "historical present"
... this is a first-pass
brain dump, don't expect
consistency or wonderful prose.
(select only this node)
N_20210214233122c_ColinWright
By ColinWright
2021/02/14 @ 23:31:22c
--------------------------------
All the machines and networks
in this system were trusted
... we did a full security
audit of the threat models
and possible concerns. But
we didn't have to perform
authentication of any type.
(select only this node)
N_20210214233122d_ColinWright
By ColinWright
2021/02/14 @ 23:31:22d
--------------------------------
Having said that, designing
an equivalent system from the
ground up with modern crypto
and auth seems achievable.
(select only this node)
N_20210214233122c_ColinWright->N_20210214233122d_ColinWright
N_20210214204719a_ColinWright
By ColinWright
2021/02/14 @ 20:47:19a
--------------------------------
To describe the system,
let's start with a specific
module ... the control panel.
(select only this node)
N_20210214175634d_ColinWright->N_20210214204719a_ColinWright
N_20210214180557b_RDS
By RDS
2021/02/14 @ 18:05:57b
--------------------------------
Source of
analogue data
(select only this node)
N_20210214180557a_RDS->N_20210214180557b_RDS
N_20210214180557b_RDS->N_20210214180557c_RDS
N_20210214180557i_RDS
By RDS
2021/02/14 @ 18:05:57i
--------------------------------
Filter specific
to transmission
(select only this node)
N_20210214180557d_RDS->N_20210214180557i_RDS
N_20210214180557e_RDS
By RDS
2021/02/14 @ 18:05:57e
--------------------------------
Filter specific to
secondary processing
(select only this node)
N_20210214180557d_RDS->N_20210214180557e_RDS
N_20210214181738a_RDS
By RDS
2021/02/14 @ 18:17:38a
--------------------------------
Controls
(select only this node)
N_20210214180557d_RDS->N_20210214181738a_RDS
N_20210214180557f_RDS
By RDS
2021/02/14 @ 18:05:57f
--------------------------------
Create
secondary data
(select only this node)
N_20210214180557e_RDS->N_20210214180557f_RDS
N_20210214180557e_RDS->N_20210214181738a_RDS
N_20210214180557g_RDS
By RDS
2021/02/14 @ 18:05:57g
--------------------------------
Send to
correlation system
(select only this node)
N_20210214180557f_RDS->N_20210214180557g_RDS
N_20210214180557f_RDS->N_20210214181738a_RDS
N_20210214181946a_RDS
By RDS
2021/02/14 @ 18:19:46a
--------------------------------
Correlation system
(select only this node)
N_20210214180557g_RDS->N_20210214181946a_RDS
N_20210214180557h_RDS
By RDS
2021/02/14 @ 18:05:57h
--------------------------------
User console
(select only this node)
N_20210214180557j_RDS
By RDS
2021/02/14 @ 18:05:57j
--------------------------------
Compression
(select only this node)
N_20210214180557i_RDS->N_20210214180557j_RDS
N_20210214180557i_RDS->N_20210214181738a_RDS
N_20210214180557k_RDS
By RDS
2021/02/14 @ 18:05:57k
--------------------------------
Encoding
(select only this node)
N_20210214180557j_RDS->N_20210214180557k_RDS
N_20210214180557j_RDS->N_20210214181738a_RDS
N_20210214180557l_RDS
By RDS
2021/02/14 @ 18:05:57l
--------------------------------
Broadcast
to "Cloud"
(select only this node)
N_20210214180557k_RDS->N_20210214180557l_RDS
N_20210214180557k_RDS->N_20210214181738a_RDS
N_20210214180557m_RDS
By RDS
2021/02/14 @ 18:05:57m
--------------------------------
"Cloud"
(select only this node)
N_20210214180557l_RDS->N_20210214180557m_RDS
N_20210214180557n_RDS
By RDS
2021/02/14 @ 18:05:57n
--------------------------------
Listen to
"Cloud"
(select only this node)
N_20210214180557m_RDS->N_20210214180557n_RDS
N_20210214181738b_RDS
By RDS
2021/02/14 @ 18:17:38b
--------------------------------
(In truth these are
bi-directional links, with
control going one way and
values coming back for
display, but the control
structures aren't all being
shown here for simplicity.)
(select only this node)
N_20210214181738a_RDS->N_20210214181738b_RDS
N_20210214181946a_RDS->N_20210214180557h_RDS
N_20210214211826a_ColinWright
By ColinWright
2021/02/14 @ 21:18:26a
--------------------------------
But there's
an additional
bonus.
(select only this node)
N_20210214211826b_ColinWright
By ColinWright
2021/02/14 @ 21:18:26b
--------------------------------
We can write a program that has
input and output mailboxes,
but whose purpose is to tunnel
them to an equivalent bridging
program on another machine.
(select only this node)
N_20210214211826a_ColinWright->N_20210214211826b_ColinWright
N_20210214211826c_ColinWright
By ColinWright
2021/02/14 @ 21:18:26c
--------------------------------
So suddenly with almost no work
we can run our system seamlessly
across multiple machines.
(select only this node)
N_20210214223852a_ColinWright
By ColinWright
2021/02/14 @ 22:38:52a
--------------------------------
We could put cleavage planes
across the wiring diagram and
record entire sequences just by
inserting a recording process.
(select only this node)
N_20210214211826c_ColinWright->N_20210214223852a_ColinWright
N_20210214233122a_ColinWright
By ColinWright
2021/02/14 @ 23:31:22a
--------------------------------
It's worth
noting:
(select only this node)
N_20210214211826c_ColinWright->N_20210214233122a_ColinWright
N_20210214223553a_ColinWright
By ColinWright
2021/02/14 @ 22:35:53a
--------------------------------
The messages are a lot like
UDP packets. We don't say
anything about what's in them,
we rely on the programmer
sending and receiving the
right sort of format for each
defined output/input pair.
(select only this node)
N_20210214223553b_ColinWright
By ColinWright
2021/02/14 @ 22:35:53b
--------------------------------
This preceded JSON by half a
decade at least, so we invented
various formats for packets.
(select only this node)
N_20210214223553a_ColinWright->N_20210214223553b_ColinWright
N_20210214223553c_ColinWright
By ColinWright
2021/02/14 @ 22:35:53c
--------------------------------
Some links carried images,
but we actually allocated
memory for the image
and passed pointers ...
(select only this node)
N_20210214223553d_ColinWright
By ColinWright
2021/02/14 @ 22:35:53d
--------------------------------
... unless the receiving program
was on another machine. But
the AMPS handled that for us.
(select only this node)
N_20210214223553c_ColinWright->N_20210214223553d_ColinWright
N_20210214223553e_ColinWright
By ColinWright
2021/02/14 @ 22:35:53e
--------------------------------
Some programs sat waiting for
a message to process, and if
no messages with data came in
would do nothing. But they might
have background processing to
do, so the system could be
synchonised (where necessary)
by sending "Chronons".
(select only this node)
N_20210214223553e_ColinWright->N_20210214223852a_ColinWright
N_20210214223852b_ColinWright
By ColinWright
2021/02/14 @ 22:38:52b
--------------------------------
Then the second half could be
run again by replaying messages
from the recording process.
(select only this node)
N_20210214223852a_ColinWright->N_20210214223852b_ColinWright
N_20210214223852c_ColinWright
By ColinWright
2021/02/14 @ 22:38:52c
--------------------------------
We did implement snap-shotting
of processes and tied the
snapshots to chronons, and that
letus do a form of time-travel.
(select only this node)
N_20210214223852d_ColinWright
By ColinWright
2021/02/14 @ 22:38:52d
--------------------------------
It wasn't completely generic,
but it came almost for free.
(select only this node)
N_20210214223852c_ColinWright->N_20210214223852d_ColinWright
N_20210214224104a_ColinWright
By ColinWright
2021/02/14 @ 22:41:04a
--------------------------------
Many, but not all, of the
programs were designed to be
able to be started and connected
in at any time, so we could
hot-swap upgraded processes.
(select only this node)
N_20210214224104b_ColinWright
By ColinWright
2021/02/14 @ 22:41:04b
--------------------------------
The system was soft-realtime
safety critical, so that was
an especially useful feature.
(select only this node)
N_20210214224104a_ColinWright->N_20210214224104b_ColinWright
N_20210214224346a_ColinWright->N_20210214224854a_ColinWright
N_20210214233122b_ColinWright
By ColinWright
2021/02/14 @ 23:31:22b
--------------------------------
THERE WAS NO SECURITY
ON THIS SYSTEM!
(select only this node)
N_20210214233122a_ColinWright->N_20210214233122b_ColinWright
N_20210214180557n_RDS->N_20210214180557h_RDS
N_20210214191013b_ColinWright
By ColinWright
2021/02/14 @ 19:10:13b
--------------------------------
For some traffic we didn't mind
losing packets ... when we did
mind losing packets we used
reliable links ... obviously.
(select only this node)
N_20210214191013a_ColinWright->N_20210214191013b_ColinWright
N_20210214204719b_ColinWright
By ColinWright
2021/02/14 @ 20:47:19b
--------------------------------
A control panel has a set of
controls (obviously). Each
control receives the value the
user (who whoever) wants the
embodied quantity to take, and
periodically returns the value
the quantity currently has.
(select only this node)
N_20210214204719a_ColinWright->N_20210214204719b_ColinWright
N_20210214204719c_ColinWright
By ColinWright
2021/02/14 @ 20:47:19c
--------------------------------
Often these are immediately the
same, but in our context we
might want to tell the system a
target value, and then we get
reports on how it's getting on.
(select only this node)
N_20210214204719b_ColinWright->N_20210214204719c_ColinWright
N_20210214204719d_ColinWright
By ColinWright
2021/02/14 @ 20:47:19d
--------------------------------
So the control panel
sporadically receives a
value, and sends back
values on some schedule.
(select only this node)
N_20210214204719c_ColinWright->N_20210214204719d_ColinWright
N_20210214204719e_ColinWright
By ColinWright
2021/02/14 @ 20:47:19e
--------------------------------
But the control panel might
not (and in general will not)
be on the same machine as the
quantity being controlled.
(select only this node)
N_20210214204719d_ColinWright->N_20210214204719e_ColinWright
N_20210214204719f_ColinWright
By ColinWright
2021/02/14 @ 20:47:19f
--------------------------------
So we wrote a program that
opens a panel in the GUI and
displays a value, and has a
slider (or something). Then
it passes the setting from
the user to the AMPS, and
receives from the AMPS the
value of the remote quantity.
(select only this node)
N_20210214204719e_ColinWright->N_20210214204719f_ColinWright
N_20210214204719g_ColinWright
By ColinWright
2021/02/14 @ 20:47:19g
--------------------------------
This gives us the basic idea:
Each program has a collection
of output mailboxes on which
messages are sent, and a
collection of input mailboxes
where messages are received.
(select only this node)
N_20210214204719f_ColinWright->N_20210214204719g_ColinWright
N_20210214204719h_ColinWright
By ColinWright
2021/02/14 @ 20:47:19h
--------------------------------
This is not new, but we made
it absolutely explicit.
(select only this node)
N_20210214204719g_ColinWright->N_20210214204719h_ColinWright
N_20210214204719i_ColinWright
By ColinWright
2021/02/14 @ 20:47:19i
--------------------------------
A system consists of a
collection of programs
and a "Wiring Diagram".
(select only this node)
N_20210214204719h_ColinWright->N_20210214204719i_ColinWright
N_20210214204719j_ColinWright
By ColinWright
2021/02/14 @ 20:47:19j
--------------------------------
Each program has:
(select only this node)
N_20210214204719i_ColinWright->N_20210214204719j_ColinWright
N_20210214205138a_ColinWright
By ColinWright
2021/02/14 @ 20:51:38a
--------------------------------
The system is many-to-many
... each output can be
connected to any number of
receiving mailboxes, including
possibly none, and each input
mailbox can receive messages
from any number of sending
mailboxes, including none.
(select only this node)
N_20210214204719i_ColinWright->N_20210214205138a_ColinWright
N_20210214205637b_ColinWright
By ColinWright
2021/02/14 @ 20:56:37b
--------------------------------
In particular, each program
can have a mailbox for debug
messages. If we're not
debugging that output can
remain unconnected.
(select only this node)
N_20210214205637c_ColinWright
By ColinWright
2021/02/14 @ 20:56:37c
--------------------------------
Alternatively, we can have
a debug module that always
receives the messages, but
if we don't care then the
messages are discarded.
(select only this node)
N_20210214205637b_ColinWright->N_20210214205637c_ColinWright
N_20210214204719m_ColinWright
By ColinWright
2021/02/14 @ 20:47:19m
--------------------------------
The "Wiring Diagram"
says which output box is
attached to which input box.
(select only this node)
N_20210214204719m_ColinWright->N_20210214205138a_ColinWright
N_20210214205637a_ColinWright
By ColinWright
2021/02/14 @ 20:56:37a
--------------------------------
Suddenly the system breaks
naturally into separate pieces
that talk to each other. They
are connected via the AMPS,
with the programs each doing
one thing, and not caring
where the data comes from,
or where the answers go to.
(select only this node)
N_20210214205138a_ColinWright->N_20210214205637a_ColinWright
N_20210214210045a_ColinWright
By ColinWright
2021/02/14 @ 21:00:45a
--------------------------------
When we have process A sending
data to process C, we would have
A->B in the wiring diagram.
(select only this node)
N_20210214205637a_ColinWright->N_20210214210045a_ColinWright
N_20210214205637a_ColinWright->N_20210214211826a_ColinWright
N_20210214205637a_ColinWright->N_20210214223553a_ColinWright
N_20210214205637a_ColinWright->N_20210214205637b_ColinWright
N_20210214181738b_RDS->N_20210214180557h_RDS
N_20210214210045b_ColinWright
By ColinWright
2021/02/14 @ 21:00:45b
--------------------------------
Then if we want to filter that
data stream we can simply
re-wire to have A->X->B.
(select only this node)
N_20210214210045a_ColinWright->N_20210214210045b_ColinWright
N_20210214210045c_ColinWright
By ColinWright
2021/02/14 @ 21:00:45c
--------------------------------
We can swap out different
filters as required.
(select only this node)
N_20210214210045b_ColinWright->N_20210214210045c_ColinWright
N_20210214210045c_ColinWright->N_20210214224104a_ColinWright
N_20210214210045c_ColinWright->N_20210214211826a_ColinWright
N_20210215095938a_RDS
By RDS
2021/02/15 @ 09:59:38a
--------------------------------
This is an outline of the system
in question, with (roughly
speaking) a node here for
each process in the system.
(select only this node)
N_20210214220829a_RDS
By RDS
2021/02/14 @ 22:08:29a
--------------------------------
I can only describe this
in generalities ...
(select only this node)
N_20210215095938a_RDS->N_20210214220829a_RDS
N_20210214211826b_ColinWright->N_20210214211826c_ColinWright
N_20210214220829a_RDS->N_20210214180557a_RDS
N_20210214223553b_ColinWright->N_20210214223553c_ColinWright
N_20210214223553d_ColinWright->N_20210214223553e_ColinWright
N_20210214223852b_ColinWright->N_20210214223852c_ColinWright
N_20210214224104b_ColinWright->N_20210214233122a_ColinWright
N_20210214233122b_ColinWright->N_20210214233122c_ColinWright
N_20210214204719l_ColinWright
By ColinWright
2021/02/14 @ 20:47:19l
--------------------------------
A set of
input
mailboxes
(select only this node)
N_20210214204719j_ColinWright->N_20210214204719l_ColinWright
N_20210214204719k_ColinWright
By ColinWright
2021/02/14 @ 20:47:19k
--------------------------------
A set of
output
mailboxes
(select only this node)
N_20210214204719j_ColinWright->N_20210214204719k_ColinWright
N_20210214204719k_ColinWright->N_20210214204719m_ColinWright
N_20210214204719l_ColinWright->N_20210214204719m_ColinWright