[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Niche for Hurd - discussion - take my environment with me

From: olafBuddenhagen
Subject: Re: Niche for Hurd - discussion - take my environment with me
Date: Sat, 8 Nov 2008 12:20:33 +0100
User-agent: Mutt/1.5.18 (2008-05-17)


On Wed, Oct 29, 2008 at 04:27:24PM +0100, Arne Babenhauserheide wrote:
> Am Mittwoch 29 Oktober 2008 12:16:58 schrieb olafBuddenhagen@gmx.net:

> > A precondition is that the same translators are available. This
> > could be incovenient, but shouldn't be a serious problem, as the
> > user can always compile them himself.
> And with lisp now available as language for translators, a standard
> Hurd installation just needs to provide the lisp bindings, and every
> user can take his/her lisp translators along on a USB stick and use
> them without compiling. 
> PyHurd goes into a similar direction. 

Indeed, interpreted or JIT-compiled languages are helpful here.

> Currently to offer CPU time to some program, I need to install a
> program from them, and they can then do only what that proram allows
> them to - which leads to reinventing a processing environment instead
> of just using the existing OS. 
> With the Hurd I could just create a user for them, give that user
> specific permissions (like "you're always lowest priority"), add the
> public ssh keys of the people I want to donate CPU cycles to, and they
> could just turn my computer into the environment they need for their
> specific computation, without compromising my system in any way. 

Well, creating an extra user for the "grid" stuff is possible on a
traditional system too -- but only by root, and with a fixed set of
possible restrictions.

When using subenvironments in Hurd, a normal user can do it, and it can
be customized to enforce any restrictions the user wishes :-)

> It's definitely far out, though. 

Not as far out as some of the other ideas discussed here... The
necessary stuff should be quite possible to implement in a couple of
months or even weeks I think. It requires a proxy for the proc server
for local UIDs, and probably a filesystem proxy that enforces subuser
permissions. Not sure what else is needed. (auth? passwd?)

The problem is of course that while we can provide the technical means
on the client side, we do not have the means to actually run a grid --
it would be possible to run grid clients elegantly, but nobody would do
it :-)

Subusers however are quite useful in general -- in fact, we already
discussed the possibility in a different context once. I would also use
it as a base for running dangerous applications in a secure manner for

I think this is actually quite a nice niche: It is a pretty obvious
feature. Once we have it implemented, we can advertize it directly. I
think people will see its usefulness themselfs -- no need to go hunting
for more specific use cases...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]