Re: [9fans] Using the Acme Editor
On Wed, Aug 20, 2008 at 11:46 PM, Eris Discordia
[EMAIL PROTECTED] wrote:
Thank you, sqweek. The second golden Golden Apple with καλλιστι on it is
totally yours. The first one went to Russ Cox.
You don't care who mounts what where, because the rest of the system
doesn't notice the namespace change.
So essentially there shouldn't be a problem with mounting on a single
public namespace as long as there is one user on the system. mount
restriction in UNIX systems was put in place because multiple users exist
some of whom may be malicious. Virtualization and jailing will relax that
requirement.
Mount restrictions on unix are needed (among other reasons) because of
a broken security model (ie., suid).
Virtualization and jailing are hacks to work around the inherent
limitation that in unix resources can not be easily
abstracted/isolated and are plagued by the 'only root can do X'
restriction ('only root can become another user', hence su/sudo, only
root can open certain ports, etc.) which Plan 9 cleanly does away
with.
Linux could do many things plan9 can do, if it got rid of all suid
programs (by perhaps using the cap device implementation for the linux
kernel, if that is ever accepted in mainline linux), but until then...
Uh, what now? You either have an interesting definition of home
computer or some fucked up ideas about plan 9. You only need a cpu
server if you want to let other machines run processes on your
machine. You only need an auth server if you want to serve resources
to a remote machine.
Neither statement is true. On a home computer you certainly need a term.
You'll need a cpu for a number of tasks. And you'll need auth if there's
going to be more than one user on the system, or if you need a safe way of
authenticating yourself to your computer. A single glenda account doesn't
quite cut it. If you're going to access your storage you'll need some
fs('s), too.
The bottom line is: term is _certainly_ not enough for doing all the tasks a
*BSD does, and requiring a home computer to do all these tasks is far from
inconceivable. One *BSD system is almost functionally equivalent to a
combination of term, cpu, auth, and some fs('s).
A plan9 terminal can run programs, and can have a local storage file
system, with multiple users. As for authentication, in such use case
unix auth is little more than a farce of security theater which could
easily be implemented in plan9 (and I think some people has) if you
wanted to keep your three year old child from accessing your account
but is futile for much else.
incantation, that's beside the point. In 9p, the abstraction is a file
tree, and the interface is
auth/attach/open/read/write/clunk/walk/remove/stat.
ioctl and VFS are suspiciously similar even though they serve less generic
functions.
Try to do ioctl over the network.
network operations - everything is done via /net. Thanks to private
namespaces, you can transparently replace /net with some other crazy
[compatible] filesystem, which might load balance over multiple
How does that differ from presenting of a network interface by a block
device on UNIX? And why should avoiding system calls be considered an
advantage? Your VFS layer could do anything expected from /net provided that
file system abstraction for the resources represented under /net is viable
in the first place.
Here is a reason: Because Plan 9 has no network-related syscalls, and
applications contain no networking code (even when they are still
network transparent thanks to 9P), when ipv6 was added to plan9, no
changes were required to either any syscalls or any applications. On
the other hand on unix they are still to this day adding ipv6 support
to certain apps (and every app that needs to access remote resources
needs its own networking code that is aware of each protocol it wants
to support, etc).
When ipv6 needs to be replaced, the pain in the unix software
ecosystem will be even greater, while in plan9 it will be virtually
painless.
There are also the benefits of allowing different applications
(namespaces) use different network stacks without requiring full
virtualization of the whole OS (the few unix systems that have been
able to implement this functionality have done so after many years of
painful efforts and the result is incredibly clunky and complex), and
I don't think any unix systems allows a single application (or
namespace) to access *multiple* network stacks concurrently... and
remote network stacks? don't think so either.
implemented on any system, which is true [to an extent]. But it's
apparent than no others have the taste to do it as elegantly as plan 9 -
It's not a matter of taste. There are situations, many situations actually,
where the file system abstraction is plainly naive. Sticking with it for
every application verges on being an ideology.
The VFS approach is by no means inferior to Plan 9's everything-is-a-file,
but on UNIX systems it is limited to
[9fans] window behaviour
Hi 9fans, I dont think I am doing anything wrong here % window -f $font (this opens a window and closes it), however % window (this opens a window) /Prem
Re: [9fans] window behaviour
On Thu, Aug 21, 2008 at 10:05 AM, prem [EMAIL PROTECTED] wrote: % window -f $font (this opens a window and closes it), however % window (this opens a window) As far as I know, window doesn't take a -f option. So it's probably trying to run the command '-f /lib/font/...' in the new window, which fails, and since that's all you wanted it to do, the window closes again. Robby
Re: [9fans] Using the Acme Editor
So essentially there shouldn't be a problem with mounting on a single public namespace namespaces are not public in the sense that they are visible to all processes. as long as there is one user on the system. since this started out as a discussion of terminals, i should point out that terminals by definition have a single user at a time. This is classic. Complication is a sign of maturation. Plan 9 has evaded that by not maturing, by avoiding diversification. Before you get angry I must say that's my personal opinion. Nothing I'm going to force unto you. Nothing I _can_ force unto you. equally one could say complication is a sign that one's vision was lacking; a sign that one's system lacks generality. if you call the opposite of complication immaturity, i'll be proud to have an operating system that suffers from it. How does that differ from presenting of a network interface by a block device on UNIX? And why should avoiding system calls be considered an advantage? Your VFS layer could do anything expected from /net provided that file system abstraction for the resources represented under /net is viable in the first place. i'm not sure what passes for unix these days, but linux at least does not present network interfaces as block devices. there is no /dev/eth0. The VFS approach is by no means inferior to Plan 9's everything-is-a-file, what do you mean by this? the VFS is a kernel interface along the general lines of plan 9's devtab. everything-is-a-file[server] is a general principle. but on UNIX systems it is limited to resources that can be meaningfully represented as file systems. so why is the network hidden in side channels in adjunct namespaces? - erik
Re: [9fans] Using the Acme Editor
A plan9 terminal can run programs, and can have a local storage file system, with multiple users. i think this is misleading. while the fs running on the terminal can have multiple users, it is not true that you can have multiple users using the cpu resources of a terminal concurrently. you can have all that and auth if you run a single machine with a cpu kernel with the downside that if you use the console you must be eve. since it's easy to get small, cheep, low-power machines, i run a traditional terminal with a seperate auth and fs. - erik
Re: [9fans] Using the Acme Editor
On Thu, Aug 21, 2008 at 3:58 AM, erik quanstrom [EMAIL PROTECTED]wrote: A plan9 terminal can run programs, and can have a local storage file system, with multiple users. i think this is misleading. while the fs running on the terminal can have multiple users, it is not true that you can have multiple users using the cpu resources of a terminal concurrently. you can have all that and auth if you run a single machine with a cpu kernel with the downside that if you use the console you must be eve. since it's easy to get small, cheep, low-power machines, i run a traditional terminal with a seperate auth and fs. You can even run 9vx as a totally reasonable terminal now... On a system that needs not be dedicated to Plan 9, and still have your CPU/FS/AUTH elsewhere. (Thanks Russ!) I'm a big fan of this approach, if people find it difficult to justify a whole machine as a Plan 9 terminal. I think Inferno is somewhat usable for this purpose even too right? I've just never managed to get it going (or admittedly spent much time trying). Dave - erik
Re: [9fans] Acme without Flamage
On Thu, Aug 21, 2008 at 2:06 AM, Paul Donnelly [EMAIL PROTECTED]wrote: [EMAIL PROTECTED] (Gorka Guardiola) writes: On Wed, Aug 20, 2008 at 7:42 PM, David Leimbach [EMAIL PROTECTED] wrote: The only thing I'd miss in Acme vs emacs then, most likely, for lisp-like languages is paren-matching. And I'd miss it dearly. Double click on the paren selects the area enclosed by the matching paren. -- - curiosity sKilled the cat I don't know if posts to usenet (where I lurk this list) go through to the mailing list, but I've found Acme's paren matching to be sufficient. The bear is indentation, since to make it work out it's necessary to use a fixed-width font (something I'd rather not do) and adjust it by hand, which needs to happen more often and by greater degrees than in a language like C. The chief issues being: (list (list 'a 'b 'c) (list 1 2 3)) ; ^ ; These need to line up. ; These need to line up. ; V (let ((a 3) (b 4)) (+ a b)) ; ^ ; Should be two spaces or so. Yeah I guess I'm spoiled by the hotkey visual cues I get from Emacs when typing in code, that automatically show me the matching parens as I type. Perhaps I really don't *need* that. I'll try Plan 9 Port acme again for some Scheme Shell or something and see how it goes. (Emacs screws up Scheme Shell pretty badly, due to it's not accepting | characters in it's syntax definition, and as I said before, customizing emacs is not the same as me getting my work done) Dave
Re: [9fans] aquarela only uses /rc/bin/9fs?
The trick you want is in /rc/bin/service/startcifs - this may not be exactly
the code you want but it demonstrates the technique you need.
-Steve
startcifs didn't work quite like what I had in mind, so I ended up modifying
/rc/bin/9fs. The excerpt below gives me exactly what I wanted:
...
case wiki
srv -m 'net!plan9.bell-labs.com!wiki' wiki /mnt/wiki
case *
switch($#*){
case 1
# Help out auarela:
for(i in /usr/*) if($1=`{basename $i}){
bind -ac /usr/$1 /n/$1
exit
}
srv -m $1
case *
...
winmail.dat
Re: [9fans] Using the Acme Editor
Virtualization and jailing are hacks to work around the inherent
Virtualization is much more than that. It has a future and the future's
here. It also has a rather glorious past in IBM VM/CMS.
restriction ('only root can become another user', hence su/sudo, only
root can open certain ports, etc.) which Plan 9 cleanly does away
with.
By assuming _anyone_ at a terminal is root, while sometimes the terminal
is not a terminal at all. What happens when your home computer is
bootstrapped? Is there a thing glenda can't do? I mean, if someone other
than you turns your home computer on is it OK for them to be entitled to
the same privileges that you normally are? Assuming there's method of
stopping them from disconnecting the hard disk inside and/or from peeking
into the data on it (there are practical solutions for both of these
problems).
A plan9 terminal can run programs, and can have a local storage file
system, with multiple users. As for authentication, in such use case
unix auth is little more than a farce of security theater which could
easily be implemented in plan9 (and I think some people has) if you
wanted to keep your three year old child from accessing your account
but is futile for much else.
A terminal per se should be dumb. How come it can run programs? It seems
a Plan 9 term isn't exactly a terminal, not a dumb one for sure. If it can
run a program, any program, who's going to control what the program
accesses, especially when there are _multiple_ users some of whom may not
be exactly trustable and there's a local store of sensitive information?
Basically, a terminal should not hold _any_ information on its users. Where
does the security of not keeping authentication information on a so-called
terminal go when you _keep_ it on the terminal? But with multiple users
you're going to need authentication. Right?
My impression: the UNIX authentication farce happened because UNIX began
as a replacement to a time-sharing system for more or less physically
secure computers but then was downsized to an OS--many OS's, in fact--also
usable on personal computers, e.g. 386BSD. Personal computers aren't as
physically secure as the proverbial big computer in the basement, hence
the need for role-based security which was, incidentally, introduced in
386BSD. However, as long as the physical security problem persists the
farce goes on. Nothing wrong with UNIX. The twist is in the placement and
role of personal computers which can be flaky vessels for sensitive
information.
Plan 9 doesn't solve that problem for the most common form of computer,
i.e. the _home_ computer. Not even for the so-called workstation. It
solves the problem only for the corporate/university/organization access
point, if you know what I mean. Even then that isn't a _new_ solution--it
was there when the original time-sharing systems were in operation. Of
course, the Plan 9 solution costs--any solution does--and for the home
computer these costs aren't followed by gains.
The real problem: standalone terminal, also known as the home computer
The real solution: physical security for anything that may carry sensitive
information. Physical security must include software security against
physical threats as well, e.g. encryption.
As a side note, Rob Pike has been quoted--I take no responsibility for
authenticity--saying, a smart terminal is not a smart ass terminal, but
rather a terminal you can educate.
That's the root of the problem: underestimation of home computers. A home
computer is a smart terminal as well as a smart ass terminal and there's
nothing you can do about it.
Try to do ioctl over the network.
I think I said ioctl serves a less generic function.
Here is a reason: Because Plan 9 has no network-related syscalls, and
applications contain no networking code (even when they are still
network transparent thanks to 9P), when ipv6 was added to plan9, no
[...]
UNIX can accommodate this approach any minute now, figuratively speaking.
It has the infrastructure. Current networking traditions in UNIX aren't
inherent, they're circumstantial. Remember, the file system abstraction
began in UNIX--or even before UNIX?
I don't think any unix systems allows a single application (or
namespace) to access *multiple* network stacks concurrently... and
remote network stacks? don't think so either.
So, what exactly is happening when the same process is sending HTTP
requests to a server on the local 802.3 network, a second server on the
Internet accessible through my dial-up connection, and a third server on a
802.11 network? Aren't there _three_ network stacks beneath (or over? the
PPP, the Ethernet, the WiFi interfaces? To my meager knowledge, these are
distinct at least up to network layer, i.e. physical-to-host, medium access
(if present), and data link layers are different.
namespace) to access *multiple* network stacks concurrently... and
remote network stacks? don't
Re: [9fans] Using the Acme Editor
A correction: Mea culpa. UNIX systems apparently force processes to share a single network stack, but that can be changed: http://www.tel.fer.hr/zec/papers/zec-03.pdf A paper on virtualizing network stacks in FreeBSD kernel, 2003 USENIX.
Re: [9fans] Using the Acme Editor
On Thu, Aug 21, 2008 at 9:59 AM, Eris Discordia [EMAIL PROTECTED] wrote: A correction: Mea culpa. UNIX systems apparently force processes to share a single network stack, gee how about that? Isn't it nice to acquire knowledge and *then* post? but that can be changed: http://www.tel.fer.hr/zec/papers/zec-03.pdf A paper on virtualizing network stacks in FreeBSD kernel, 2003 USENIX. Similar work is being done in Linux. I talked to the guy who is doing it a year ago. Want to know what inspired it? Which OS? Wanna guess? And, they are putting other namespaces into Linux. Wonder where they got that idea and name? I know. Do you? yeeesh. ron
Re: [9fans] Using the Acme Editor
On Thu, Aug 21, 2008 at 9:39 AM, Eris Discordia [EMAIL PROTECTED] wrote: Basically, a terminal should not hold _any_ information on its users. Where does the security of not keeping authentication information on a so-called terminal go when you _keep_ it on the terminal? But with multiple users you're going to need authentication. Right? Eris, this is getting a little boring. Are you really this ignorant of what's going on? I don't mind ignorance per se but you keep wasting people's time as they try to explain CS 101 to you. Maybe you could start a blog and we could all ignore it -- it's much easier that way. My impression: the UNIX authentication farce happened because UNIX began as a replacement to a time-sharing system for more or less physically secure computers but then was downsized to an OS--many OS's, in fact--also usable on personal computers, e.g. 386BSD. Your impression? Well, that's one way to go at it.. Of course, there is the option of acquiring knowledge. It is more work however. If this is your picture of what happened then you need to go back and do some reading. You leave the impression, to me anyway, that you read a lot but I can not tell that you actually do much of anything. And, to top it off, you exist only as an imaginary wikipedia entry. List manager: can we *please* just boot this guy until he comes back as a real person? It's getting old. ron
Re: [9fans] Using the Acme Editor
namespaces are not public in the sense that they are visible to all processes. I was trying to compare UNIX to Plan 9. Apparently, UNIX processes share a single public namespace which therefore has to be protected by access privileges. since this started out as a discussion of terminals, i should point out that terminals by definition have a single user at a time. What about the so-called standalone terminals (~ home computers)? My intention was to equate a single user UNIX to a Plan 9 standalone terminal. It's the same difference, I suppose. i'm not sure what passes for unix these days, but linux at least does not present network interfaces as block devices. there is no /dev/eth0. The point is this can be done even if it hasn't been done. In case of FreeBSD, the network interfaces are represented under /dev/net. A sample installation shows this: crw--- 1 root wheel 0, 29 Aug 21 18:02 de0 crw--- 1 root wheel 0, 70 Aug 21 18:02 lo0 crw--- 1 root wheel 0, 35 Aug 21 18:02 plip0 Does it mean network interfaces are presented as _character_ devices? Doing cat foo de0 gives Operation not supported by device. what do you mean by this? the VFS is a kernel interface along the general lines of plan 9's devtab. everything-is-a-file[server] is a general principle. I mean VFS is an abstraction layer that presents a file system. What it represents as a file system is rather arbitrary. but on UNIX systems it is limited to resources that can be meaningfully represented as file systems. so why is the network hidden in side channels in adjunct namespaces? I don't understand this one. --On Thursday, August 21, 2008 6:36 AM -0400 erik quanstrom [EMAIL PROTECTED] wrote: So essentially there shouldn't be a problem with mounting on a single public namespace namespaces are not public in the sense that they are visible to all processes. as long as there is one user on the system. since this started out as a discussion of terminals, i should point out that terminals by definition have a single user at a time. This is classic. Complication is a sign of maturation. Plan 9 has evaded that by not maturing, by avoiding diversification. Before you get angry I must say that's my personal opinion. Nothing I'm going to force unto you. Nothing I _can_ force unto you. equally one could say complication is a sign that one's vision was lacking; a sign that one's system lacks generality. if you call the opposite of complication immaturity, i'll be proud to have an operating system that suffers from it. How does that differ from presenting of a network interface by a block device on UNIX? And why should avoiding system calls be considered an advantage? Your VFS layer could do anything expected from /net provided that file system abstraction for the resources represented under /net is viable in the first place. i'm not sure what passes for unix these days, but linux at least does not present network interfaces as block devices. there is no /dev/eth0. The VFS approach is by no means inferior to Plan 9's everything-is-a-file, what do you mean by this? the VFS is a kernel interface along the general lines of plan 9's devtab. everything-is-a-file[server] is a general principle. but on UNIX systems it is limited to resources that can be meaningfully represented as file systems. so why is the network hidden in side channels in adjunct namespaces? - erik
Re: [9fans] Using the Acme Editor
Skipping general offenses... List manager: can we *please* just boot this guy until he comes back as a real person? It's getting old. Is it _that_ annoying to you? I could just keep silent if it is so, no booting required. Though I have to say I don't understand how a handful of emails to a mailing list someone happens to read can irritate them to such extent. In passing, instead of a threat you could have simply let the first response be. Were it really a piece of useless text, it would rot on its own. --On Thursday, August 21, 2008 10:11 AM -0700 ron minnich [EMAIL PROTECTED] wrote: On Thu, Aug 21, 2008 at 9:39 AM, Eris Discordia [EMAIL PROTECTED] wrote: Basically, a terminal should not hold _any_ information on its users. Where does the security of not keeping authentication information on a so-called terminal go when you _keep_ it on the terminal? But with multiple users you're going to need authentication. Right? Eris, this is getting a little boring. Are you really this ignorant of what's going on? I don't mind ignorance per se but you keep wasting people's time as they try to explain CS 101 to you. Maybe you could start a blog and we could all ignore it -- it's much easier that way. My impression: the UNIX authentication farce happened because UNIX began as a replacement to a time-sharing system for more or less physically secure computers but then was downsized to an OS--many OS's, in fact--also usable on personal computers, e.g. 386BSD. Your impression? Well, that's one way to go at it.. Of course, there is the option of acquiring knowledge. It is more work however. If this is your picture of what happened then you need to go back and do some reading. You leave the impression, to me anyway, that you read a lot but I can not tell that you actually do much of anything. And, to top it off, you exist only as an imaginary wikipedia entry. List manager: can we *please* just boot this guy until he comes back as a real person? It's getting old. ron
Re: [9fans] Using the Acme Editor
On Thu, Aug 21, 2008 at 10:36 AM, Eris Discordia [EMAIL PROTECTED] wrote: Is it _that_ annoying to you? I could just keep silent if it is so, no booting required. goodness, it's not annoying. It's just a waste of breath, bandwidth, and bytes. Why not go do some reading and stop wasting all three? ron
Re: [9fans] Using the Acme Editor
goodness, it's not annoying. It's just a waste of breath, bandwidth, and bytes. Why not go do some reading and stop wasting all three? Breath I should rather save. Bandwidth I pay for. Bytes I push down the pipe. I admit it also costs 9fans.net a very very tiny amount. Anyway, you won't get any more of this. End of transmission. ␄ --On Thursday, August 21, 2008 1:39 PM -0700 ron minnich [EMAIL PROTECTED] wrote: On Thu, Aug 21, 2008 at 10:36 AM, Eris Discordia [EMAIL PROTECTED] wrote: Is it _that_ annoying to you? I could just keep silent if it is so, no booting required. goodness, it's not annoying. It's just a waste of breath, bandwidth, and bytes. Why not go do some reading and stop wasting all three? ron
Re: [9fans] tip9ug
Hi, I hadn't checked if the file server booted correctly after power maintenance. I rebooted everything and it's up and running now. Sorry for inconvenience. X-( -- On 8/18/08, Steve Simon [EMAIL PROTECTED] wrote: Hi, mordor.tip9ug.jp seems to have disappeared, as has www.tip9ug.jp - is this a temporary problem or has it been decomissioned? -Steve -- YAMANASHI Takeshi
Re: [9fans] tip9ug
thanks On Thu, Aug 21, 2008 at 11:00 PM, YAMANASHI Takeshi [EMAIL PROTECTED] wrote: Hi, I hadn't checked if the file server booted correctly after power maintenance. I rebooted everything and it's up and running now. Sorry for inconvenience. X-( -- On 8/18/08, Steve Simon [EMAIL PROTECTED] wrote: Hi, mordor.tip9ug.jp seems to have disappeared, as has www.tip9ug.jp - is this a temporary problem or has it been decomissioned? -Steve -- YAMANASHI Takeshi -- Federico G. Benavento
