[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: My broken dream.

From: Alan Grimes
Subject: Re: My broken dream.
Date: Thu, 17 Sep 2009 21:39:04 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20090825 SeaMonkey/1.1.17

William Leslie wrote:
> 2009/9/18 Alan Grimes <address@hidden>:
>> William Leslie wrote:
>>> While it has always been easy for software on top of L4 to provide an
>>> equivalent operating environment, it was not at the time possible to
>>> /secure/ that operating environment (outside of implementing some form
>>> of interpreter that validates all operations). This was why there was
>>> so much discussion on securing L4 or choosing a new kernel.

>> I was not aware that L4 was insecure. Can you direct me to an article
>> about that?

> "The main reason for further development of L4, like the name of
> L4.sec suggest, was the lack of
> security. There was no fast way to implement information flow control
> and no way to manage the kernel memory a task consumes."

You know what?

I've been saving up to replace my six year old computer. But instead,
I'll gladly pay those $300 to you if you'll just give me a usable L4

People who write such complaints about L4 simply don't understand it. In
any event, nothing can be slower than my computer these days. Seamonkey
"pauses" all the time for no reason (any mouse or keyboard input of any
kind is sufficient to trigger such a "pause"). and consumes 100% CPU for
up to 30 seconds at a time, completely frozen up and then frequently
pops up script stalled warnings. (obviously a bug because I have two 1.2
ghz CPUs under the hood.) After my experience with seamonkey and kde4,
you could not pay me to give a flying #### about a few hundred
microseconds!!! =P

Just about everything in linux is slower by at least an order of
magnitude than it was in Windows 3.11 with a machine only a third as
powerful. Really... A well tuned windows 3.11 installation can operate
at subliminal speeds. My old machine could delete spam in a few
microseconds where it takes SEVERAL SECONDS to delete it with this "new
and improved" version. =(

Want a total brain ####? Consider this. This may seem absurd but I can
demonstrate it to you if you come over to my house. Simply listing the
contents of a directory. On DOS, it's virtually instantaneous, even for
very large directories on a very very old computer. On linux, even
listing the contents of a directory, takes about three seconds (all of
it disk bound), and this is a directory with only a few hundred files.

> - L4.sec Implementation, Kernel Memory Management, Bernhard Kauer

> Unfortunately this lists search index is not working for me, and
> google is not much better, but the l4.sec documentation would be a
> reasonable place to start.

> Implementing workable information flow control is a requirement for
> any secure system.

I think I found that documentation. It basically says "Since we don't
like Jochen's amazingly beautiful design, we've decided to #### it up."
It's only real complaint against L4 stock was that it was *slow*, and it
wanted to do away with L4's most brilliant feature, the clan and chief
system. =((((

Douglas Adams claimed that the least imaginative creature in the
universe is a Vogon. I can do him one better. There is something even
duller, an *Anti-imaginative* creature. That is the type of creature I
find writing things like process.c in Minix3 and L4.sec. This type of
creature can't imagine anything less imperfect than unix so, when
confronted with a GOOD OPERATING SYSTEM, he instantly directs *ALL* (not
some, but _ALL_) of his energies towards rendering it useless like the
unix he's familiar with so nobody gets the chance to actually express
themselves with their computers.

If you think that I shouldn't be allowed to own a computer WITHOUT
"information flow control" then I hate you. I simply hate you. I mean
there would be a new golden age of computing if the full power of L4
could be realized!!! BUT NOOOOOO asshats such as Mr. "Implementing
workable information flow control is a requirement for any secure
system." have to get in the way. =(((((((((((((((

>> In my experience, such claims about insecurity are vastly overblown or
>> artifacts of ancient unix-based prejudices that do not represent any
>> true limitations of the system. Furthermore, the existence of
>> exploitable security holes does not imply that the system can't
>> withstand normal bugs or is not marketable as a hugely successful
>> system. (naming examples of that would be redundant.)

>> Finally, my favorite OS, (DOS), does not have any noteworthy security
>> features but still, in terms of getting things done, never gets in the
>> user's way.

> When what we did with our computers didn't involve several programs
> running at once with varying implicit trust relationships, sure. If
> there was no market for compromised machines or exploits, it would
> make the life of anyone using a computer easier, but I don't see how
> that would be relevant to our discussion today.

It's relevant because the problem with HURD has always been that it's
allowed the perfect to get in the way of the good enough, or even the
Damn Good.

>> The one thing I don't understand is this "capabilities" bullshit.
>> Everybody seems to be all ga-ga about them to the point where they even
>> insist that they be stuffed into the narrow confines of the L4 kernel.
>> This makes me upset because as far as I'm concerned "capabilities" are
>> just a stupid fad/buzzword where L4 should only be about eternal,
>> concepts that *cannot possibly* go out of style. (My intuition strongly
>> indicates that capabilities will disappear into obscurity before I need
>> to care about them.)

> The problem was they weren't implementable in any sensible, performant
> way on L4 as it stood.

You know what? I DO NOT CARE. Since I don't want them, I don't care
whether they're fast or slow. As I indicated above, nothing could be
slower than my current linux machine. I did try windows 3.11 on my
current hardware. It flew. You can't tell me that it's my hardware's
fault. Can you comprehend what it means to have a 550mb/second memory
bus? It means that my desktop experience should be spectacular, that
nothing except large matrix computations should take more than a few
milliseconds. But nooooo, through a stunning display of gross
incompitence, most software on my machine consumes unbelievable
quantities of RAM (I could load both internet explorer and netscape in
windows 3.11 *AND* have enough room to run three concurrent copies of
the Seventh Guest in only 32 mb of ram...)

When I go to the computer store and try out even Vista, I'm shocked by
how fast 80% of the UI is compared to linux (which is supposedly the
more efficient OS).

> As to whether capabilities are a good way to build an operating
> system, surely that depends on what the goals are. If they involve
> fine-grained access control, I don't think there is any question.

> http://en.wikipedia.org/wiki/Confused_deputy_problem

I fail to see the relevance.
It either doesn't exist on my system or is of such negligable importance
that I really don't care.

I also read most of the article on capabilities and my stance against
them is only becoming more firm. =|

Give me an L4 without capabilities and keep the one with. Then see which
of us can do more cool things with it. =P

> I thought they were strange and over-engineered when I first read
> about them. For months they seemed completely pointless. But after
> reviewing the literature carefully... well, I'll use Shap's words
> (here about orthogonal persistance, but just as relevant):

mistakes that I would go insane if I couldn't discard them by closing
the window and restarting the application. That's not to say that I
haven't written and deployed applications that simulate an orthogonal
persistent interface but then I'm the one who gets to say what stays and
what goes. Again, I'll pay good money for an operating system without
orthagonal persistence!!! =|

> "It's like unlearning a bad behaviour. It's hard, it's discomforting,
> it takes time. You keep dropping back into old patterns. You might
> temporarily find some replacement bad behaviour. And eventually you
> wonder how you could ever not see it ;)"

Talk is cheap.
Do you actually have such a system or do you just like to fill up
academic journals masturbating over it?

I have a friend who uses a fucking dumb terminal? You hear me!!! A dumb
terminal and a 9600 baud modem (that is not a typo). He uses what's
essentially the same shell account that he got addicted to back in the


Want to know how to design an operating system that nobody will ever

The single most awesome thing about the original L4 was that it was A
*Natural* system. It's design was a natural and minimal reflection of
what the computer fundamentally is. It is incalculably better *WITHOUT*
capabilities, and *WITHOUT* "Information flow control". I mean when I
was reading that L4.sec document I was so furious that I wanted to rip
out my big 45 pound CRT and throw it out the window. Who the hell is
sitting on their high throne and telling me that I can't have a nice
simple L4 based operating system until it has been sufficiently
bastardized and otherwise fucked over to be useless for anything? =(((

>> (Linux has no useable IPC mechanisms.)

> I've no idea how you can come to that conclusion, sorry.



Actually, it might be too soon for me to laugh, but I think I've got you

Name and provide me a link to a complete and comprehensive programmer's
manual to an API supported on Linux that allows me to start a process
and then come back a few days later and start another process which will
then obtain the process ID of the first process (asking the user is
perfectly acceptable for this), send a message to that process, and get
a response back. To be considered usable, the documentation must mention
and explain all necessary API calls, Also, the entire protocol must not
require more than a few lines of code on either side. Finally, the
performance of this mechanism must not be more than ten times worse than
a similar example in L4. Furthermore, the server must not be required to
open any tcp/ip sockets. Unix sockets might be acceptable but every book
in my library only mentions them in passing and never explains how to
use them or even where to find an explanation of how to use them. Amazon
doesn't seem to have any books on unix socket programming either, all
the books there are sold as strictly TCP/IP ($50 books for chrissake!!!)
So I'll wait and see if you can find me documentation for even that.

(For the record, I attempted to prototype my OS idea on unix but failed
because I couldn't accomplish the above. -- how's that for usability!)

New president: Here we go again...
Chemistry.com: A total rip-off.
Powers are not rights.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]