[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: POSIX
|
From: |
Bas Wijnen |
|
Subject: |
Re: POSIX |
|
Date: |
Wed, 26 Oct 2005 11:06:45 +0200 |
|
User-agent: |
Mutt/1.5.11 |
On Tue, Oct 25, 2005 at 11:07:27PM +0200, address@hidden wrote:
> As for me, GNU on Linux falls so much short of a system I would consider
> good, this isn't even funny. (*Particularily* in terms of usability!)
I would agree with that, but for me this is mostly about security. It would
be nice to be able to run potentially hostile applications, but it takes a lot
of trouble, and then still you're not sure if it's ok. Like Marcus, I think
this cannot be fixed as long as POSIX is the foundation of the system.
> But POSIX is the center of the GNU universe. Some applications might
> stride quite far from it; but in any standard setup, POSIX definitely
> remains the heart of the system. This may change over time, but don't
> expect that to happen fast.
If you put POSIX in the center of the kernel, I don't think it can change over
time. You now say "because of all the existing applications, we must make
POSIX the
center of the new kernel". When that has been done, people will say "because
of the existing kernel, we must make POSIX the base of new applications". If
we agree that POSIX is something we want to get away from (not all of it of
course, but some fundamental parts at least), then I hope you will also agree
that that's not going to happen with this approach.
What we need is a system which is much better than POSIX, but still allow
POSIX applications to run on it without a problem. Technically, that may mean
they are second class citizens, but the user won't (and mustn't) notice that.
And actually, they aren't really second class. They will be running in a
confined box, which may seem very restrictive. However, it's no more
restrictive than what the native applications get.
> > What we have found out is that you can not extend POSIX in a perfectly
> > compatible way at the lowest level of the operating system, and still
> > fix its problems. The problems with POSIX are inherent in its design.
>
> We do not need perfect compatibility. And that gives us a lot of room
> for fundamental improvements under the hood.
We can have perfect compatibility and still have a good system core, if we
just don't put POSIX in there, but on top of it.
> If preservation order gives us just a little room, we can replace the
> foundation and the basement,
What? You want to replace the foundation of a skyscraper and you think that
can be done without making it collapse? Especially since the building is
known to be fragile already (only partly because of its foundation)?
The only sensible way to do that is to rebuild the building. We should make
the new building look like the old one, but it must be rebuilt, out of better
materials (which didn't exist at the time the old one was built). This is
exactly what we are proposing here: Rebuild the foundation of the system in a
better way, but don't really change the appearance.
> We know by now there are some fundamental problems with the original
> Hurd design. But what it proves impressively, is the possibility of
> creating a system that looks almost like POSIX, while improving on
> features, usability and architecture.
This is good, but it doesn't need POSIX to be in the center of it.
> Whatever the new Hurd design will look like, this is the one distinctive
> feature that absolutely MUST be preserved.
It is preserved, *as a feature*. What isn't preserved is where it is located.
> Both of your models miss the point IMHO. We do *not* want POSIX in a
> reservation and some completely different "native" interface as
> alternative.
No, not as alternative. Programs which need a POSIX box to run should still
be allowed to use all the cool Hurd features directly. Programs which don't
use any POSIX features (and if we port toolkits like Gtk, this probably is the
majority) can run without a POSIX box (and also use the cool Hurd features).
Nobody suggested that we should set up a virtual machine with GNU/Linux and an
_alternative_ where you can use cool features. The idea is to have the
features available to everyone, and provide an unprotected but confined
environment for POSIX applications.
Of course system administration cannot be done with POSIX tools then. But
that's the only class of applications I can think of which doesn't work
anymore (or in fact, they do work, but they don't handle the system as they
expect, so they are meaningless).
> I doubt it was ever intended to create a completely new interface for the
> Hurd. Forget it. It won't work. Hackers won't program for something
> completely new.
I sure will. But as I wrote above, it isn't needed. Changes to programs can
be made gradually, there is no sudden transition involved.
> Users won't use stuff that does not fit their world view.
Users will not notice the difference in general, except of course better
usability and security. The applications will not look completely different.
> What we need to do is refactor POSIX *from within*. With the right
> mechanisms, we have various possibilities to replace important system
> components by more secure and usable alternatives in unintrusive ways;
I guess putting a layer underneath it doesn't count? I can't imagine a better
way to do it.
> we have possibilities to introduce confinement of untrusted stuff
Everything should be considered untrusted, except the trusted code base, which
is needed to make that assumption work (the kernel, physmem, etc.) The TCB
should be as small as possible. It should definitely not include things
"because we want POSIX in the foundation".
We don't want POSIX in the foundation. We want it to be there for the user,
and we don't care how it's technically implemented. But we have other demands
about the foundation, which are incompatible with POSIX there. So POSIX
cannot be in the foundation.
> while still presenting something that to the user looks like a familiar
> POSIX system with some nice extensions. Moreover, we can do it gradually. It
> isn't all or nothing.
It is. The Hurd is taking awfully long to be released in a stable state. It
better be awfully good. If after so many years we come up with something
which isn't significantly better then POSIX, people will rightfully laugh at
us.
In 1991 a kernel which did POSIX was good enough. Now we need something
better.
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Re: Let's do some coding :-), (continued)
- Re: Let's do some coding :-), olafBuddenhagen, 2005/10/25
- Re: Let's do some coding :-), Marcus Brinkmann, 2005/10/26
- POSIX (was: Re: Let's do some coding :-) ), olafBuddenhagen, 2005/10/24
- Re: POSIX (was: Re: Let's do some coding :-) ), Alfred M\. Szmidt, 2005/10/25
- Re: POSIX (was: Re: Let's do some coding :-) ), Marcus Brinkmann, 2005/10/25
- Re: POSIX, olafBuddenhagen, 2005/10/25
- Re: POSIX, Marcus Brinkmann, 2005/10/26
- Re: POSIX,
Bas Wijnen <=
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/26