On Tue, Oct 25, 2005 at 11:07:27PM +0200, [EMAIL PROTECTED] wrote: > As for me, GNU on Linux falls so much short of a system I would consider > good, this isn't even funny. (*Particularily* in terms of usability!)
I would agree with that, but for me this is mostly about security. It would be nice to be able to run potentially hostile applications, but it takes a lot of trouble, and then still you're not sure if it's ok. Like Marcus, I think this cannot be fixed as long as POSIX is the foundation of the system. > But POSIX is the center of the GNU universe. Some applications might > stride quite far from it; but in any standard setup, POSIX definitely > remains the heart of the system. This may change over time, but don't > expect that to happen fast. If you put POSIX in the center of the kernel, I don't think it can change over time. You now say "because of all the existing applications, we must make POSIX the center of the new kernel". When that has been done, people will say "because of the existing kernel, we must make POSIX the base of new applications". If we agree that POSIX is something we want to get away from (not all of it of course, but some fundamental parts at least), then I hope you will also agree that that's not going to happen with this approach. What we need is a system which is much better than POSIX, but still allow POSIX applications to run on it without a problem. Technically, that may mean they are second class citizens, but the user won't (and mustn't) notice that. And actually, they aren't really second class. They will be running in a confined box, which may seem very restrictive. However, it's no more restrictive than what the native applications get. > > What we have found out is that you can not extend POSIX in a perfectly > > compatible way at the lowest level of the operating system, and still > > fix its problems. The problems with POSIX are inherent in its design. > > We do not need perfect compatibility. And that gives us a lot of room > for fundamental improvements under the hood. We can have perfect compatibility and still have a good system core, if we just don't put POSIX in there, but on top of it. > If preservation order gives us just a little room, we can replace the > foundation and the basement, What? You want to replace the foundation of a skyscraper and you think that can be done without making it collapse? Especially since the building is known to be fragile already (only partly because of its foundation)? The only sensible way to do that is to rebuild the building. We should make the new building look like the old one, but it must be rebuilt, out of better materials (which didn't exist at the time the old one was built). This is exactly what we are proposing here: Rebuild the foundation of the system in a better way, but don't really change the appearance. > We know by now there are some fundamental problems with the original > Hurd design. But what it proves impressively, is the possibility of > creating a system that looks almost like POSIX, while improving on > features, usability and architecture. This is good, but it doesn't need POSIX to be in the center of it. > Whatever the new Hurd design will look like, this is the one distinctive > feature that absolutely MUST be preserved. It is preserved, *as a feature*. What isn't preserved is where it is located. > Both of your models miss the point IMHO. We do *not* want POSIX in a > reservation and some completely different "native" interface as > alternative. No, not as alternative. Programs which need a POSIX box to run should still be allowed to use all the cool Hurd features directly. Programs which don't use any POSIX features (and if we port toolkits like Gtk, this probably is the majority) can run without a POSIX box (and also use the cool Hurd features). Nobody suggested that we should set up a virtual machine with GNU/Linux and an _alternative_ where you can use cool features. The idea is to have the features available to everyone, and provide an unprotected but confined environment for POSIX applications. Of course system administration cannot be done with POSIX tools then. But that's the only class of applications I can think of which doesn't work anymore (or in fact, they do work, but they don't handle the system as they expect, so they are meaningless). > I doubt it was ever intended to create a completely new interface for the > Hurd. Forget it. It won't work. Hackers won't program for something > completely new. I sure will. But as I wrote above, it isn't needed. Changes to programs can be made gradually, there is no sudden transition involved. > Users won't use stuff that does not fit their world view. Users will not notice the difference in general, except of course better usability and security. The applications will not look completely different. > What we need to do is refactor POSIX *from within*. With the right > mechanisms, we have various possibilities to replace important system > components by more secure and usable alternatives in unintrusive ways; I guess putting a layer underneath it doesn't count? I can't imagine a better way to do it. > we have possibilities to introduce confinement of untrusted stuff Everything should be considered untrusted, except the trusted code base, which is needed to make that assumption work (the kernel, physmem, etc.) The TCB should be as small as possible. It should definitely not include things "because we want POSIX in the foundation". We don't want POSIX in the foundation. We want it to be there for the user, and we don't care how it's technically implemented. But we have other demands about the foundation, which are incompatible with POSIX there. So POSIX cannot be in the foundation. > while still presenting something that to the user looks like a familiar > POSIX system with some nice extensions. Moreover, we can do it gradually. It > isn't all or nothing. It is. The Hurd is taking awfully long to be released in a stable state. It better be awfully good. If after so many years we come up with something which isn't significantly better then POSIX, people will rightfully laugh at us. In 1991 a kernel which did POSIX was good enough. Now we need something better. Thanks, Bas -- I encourage people to send encrypted e-mail (see http://www.gnupg.org). If you have problems reading my e-mail, use a better reader. Please send the central message of e-mails as plain text in the message body, not as HTML and definitely not as MS Word. Please do not use the MS Word format for attachments either. For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
