[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Changing from L4 to something else...
From: |
Emmanuel Colbus |
Subject: |
Re: Changing from L4 to something else... |
Date: |
Sat, 29 Oct 2005 21:28:57 +0200 (CEST) |
> KeyKOS tried very hard to be "operatorless". There are certain things
> you need an administrator for: software install, drive upgrades, and
> initial account creation. Maybe some policy, but not much.
>
> It is not clear that there is any other necessary function for a system
> administrator. It *is* clear that anything which can be tuned or
> adjusted, will in practice be tuned or adjusted wrong most of the time.
I think some of the following tasks should also be taken into account :
- Account destruction (and software uninstall ;-) );
- Handle of hardware failures/problems, and everything made in order to remain
ready to handle them (I think notably, but not only, to saving data);
- Handle of some software failures, if the software securities appear
to be unable to handle it automatically (which appears to be often the
reality);
- Handle of security-related issues (if a daemon has a dangerous bug, it may
need
to be stopped, upgraded, downgraded, patched, or whatever else). Well, it
could
maybe be done at the "normal user" level most of the time, but what if the
bug
appears to be in a security-critical component?
- Recovery after his own errors (for example, if the users should never had
access to the system speaker, but nobody noticed it before, the administrator
has to modify the configuration, but also to stop the annoying sound. It is
not
realistic to believe that the administrators won't do any error);
- Security bypass (!). I personnally think one should sometimes be able to
do anything on the system, even to damage it if he explicitly wants it,
in order to handle _quickly_ any unexpected event. After all, the balance
between security and availability has to be set by the owner of the computer;
and he may not care really about security, but very much about availability.
On the other hand, one could argue that handling such cases doesn't belong
to the Hurd's objectives, so the last task won't be relevant.
What do you think about these points?
Emmanuel
- Re: Changing from L4 to something else..., (continued)
- Re: Changing from L4 to something else..., Jonathan Shapiro, 2005/10/28
- Re: Changing from L4 to something else..., Yoshinori K. Okuji, 2005/10/28
- Re: Changing from L4 to something else..., Bas Wijnen, 2005/10/30
- Re: Changing from L4 to something else..., Jonathan S. Shapiro, 2005/10/30
- Re: Changing from L4 to something else..., Neal H. Walfield, 2005/10/30
- Re: Changing from L4 to something else..., Bas Wijnen, 2005/10/30
- Re: Changing from L4 to something else..., Neal H. Walfield, 2005/10/30
- Re: Changing from L4 to something else..., Jonathan S. Shapiro, 2005/10/30
- Re: Changing from L4 to something else..., Bas Wijnen, 2005/10/31
- Re: Changing from L4 to something else..., Jonathan S. Shapiro, 2005/10/30
Re: Changing from L4 to something else...,
Emmanuel Colbus <=
RE: Changing from L4 to something else..., Christopher Nelson, 2005/10/31