begin quoting Tracy R Reed as of Thu, Jan 27, 2005 at 02:54:02PM -0800: > I don't know if this will catch on or not but it is a very interesting > project. The goal is to make an extremely reliable and provably secure > operating system. I have not yet downloaded and played with it yet but > they seem to have a very good start. The OS started out as KeyKOS: [snip] > 3. KeyKOS and EROS were "persistant" operating systems. They have removed > this feature from Coyote but I am hoping they put it back. This means that
Ooooh, I really don't like that. I really don't *want* my system to "come back up just the way I left it", I want it to "come up in a known good state", which is something quite different. Sun had a scheme a few years ago where the essential bits about your system were saved on a smart-card -- what applications were running, what pages you were viewing in your browser, and suchlike. All you needed to do was to put your smart-card in the slot, and there your system was. Pull the card out at any time, and the machine would shut down (to a sleep state...), and you could then put your card in to any other machine in that area. "What happens if you have a program in a spinloop? Or a rogue javascript program doing bad things with your browser?" All I got was a blank look. "Don't let that happen." was the eventual reply. > memory is really just a cache for disk and the whole thing is treated as > one big address space which has synchronization points and a form of > journalling. They also don't like filesystems or files. (Which is fair -- I don't like image-based systems, so it works out.) > This means the entire state of the system is regularly saved > to disk and if the system crashes you can resume from where you left off. Useful as a per-process service, I suppose, so long as it's _optional_. But if the system saves state after it's buggered itself but before it locks up, bringing back up the box just leads to rebooting into a wedged state. > It is similar to hibernation for laptops except it is happening all the > time so if you just pull the power or the system crashes you don't lose > all of your work. You could theoretically save the system, pull the drive, > put it into a different (perhaps upgraded or repaired or backup system) > and pick up where you left off. People did like that about CORE memory. :) But it's not much use looking at source to check for malicious code if what I'm shipping around in a running image. [snip] Finally... what use is fine-grain access control when the program can simply demand total access and refuse to do anything until it gets it? -Stewart "I suppose it's one step towards an application sandbox" Stremler -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
