[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Challenge: Find potential use cases for non-trivial confinement

From: Bas Wijnen
Subject: Re: Challenge: Find potential use cases for non-trivial confinement
Date: Tue, 2 May 2006 21:08:42 +0200
User-agent: Mutt/1.5.11+cvs20060403

On Tue, May 02, 2006 at 12:10:18AM +0200, Pierre THIERRY wrote:
> > > For the same reason applied to the faculty or each student, the
> > > program cannot run as an advertised service with CPU quota given
> > > especially by the faculty or taken from the students collectively.
> > This situation needs better system administration, not non-trivial
> > confinement.
> First, stop rejecting answers so fast with so few argumentation. That's
> very annoying. If you know a precise better system administration scheme
> that would fit my requirements for the use case, please expose it.

I can see you are irritated.  I am sorry about this.  I just sent short
answers with things which seemed obviously wrong about the cases.  I may or
may not be correct about that.  I did not intend to suggest "You must be
stupid if you don't see the problem with this use case".  I'm sorry if it
appeared that way.

> And if we accept that better sysadmin is a solution here, it is not an
> ``equivalent, alternative mechanism''.

No, but it would IMO be a case that doesn't need fixing.  If the system
administration is so bad that it cannot respond to wishes from the people
they're supposed to help, then that's a problem that needs solving, but not in
software.  I know this is a real problem, it happens at my own university.
But I don't think it should be solved in the OS.  However, please read on.

> Please keep in mind my mail was an answer to a very specific challenge.
> Please answer only WRT the challenge.

You are correct that the challenge didn't specify that we can assume good
system administration.  Still I don't agree that this criticism was unfounded.

> > These extra requirements are not realistic. The owner of the computer
> > (the faculty) wants things to work. "We cannot touch the quota" is not
> > a valid argument.
> Using external CPU quotas here would be somewhat difficult[1], and
> unfair. You could add a specific quota for the course, and run the
> program as an advertised service on this quota. But if some students use
> the master program more intensively than others, they could harm each
> other. That would introduce a DoS vulnerability.

Now _that_ is a very good argument indeed.  I hadn't thought of this, and need
to think about it a bit more.


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]