Newsgroups: alt.os.multics,alt.folklore.computers From: Morten Reistad Subject: Eros [Was : Multics on emulated systems?] References: <20021208085018.26b45f11.thvv@multicians.org> X-Newsreader: trn 4.0-test76 (Apr 2, 2001) Originator: root@acer.reistad.priv.no (Charlie Root) Message-ID: Lines: 81 Date: Tue, 10 Dec 2002 17:30:01 GMT NNTP-Posting-Host: 212.186.246.195 X-Complaints-To: abuse@chello.no X-Trace: news01.chello.no 1039541401 212.186.246.195 (Tue, 10 Dec 2002 18:30:01 MET) NNTP-Posting-Date: Tue, 10 Dec 2002 18:30:01 MET Organization: chello broadband Norway X-Received-Date: Tue, 10 Dec 2002 18:30:01 MET (news01.chello.no) Path: chonsp.franklin.ch!pfaff.ethz.ch!news-zh.switch.ch!news-ge.switch.ch!news-fra1.dfn.de!eusc.inter.net!news.tele.dk!news.tele.dk!small.news.tele.dk!newsfeed1.e.nsc.no!nsc.no!nextra.com!news01.chello.no!not-for-mail Xref: chonsp.franklin.ch alt.folklore.computers:123781 According to Rupert Pigott : >"Christopher Browne" wrote in message >news:at3ac3$vb0u7$1@ID-125932.news.dfncis.de... >> Oops! "Rupert Pigott" was seen >spray-painting on a wall: >> > Talking of inspired by Multics systems I've found one that looks to be >> > what I was aiming at with my fumblings at writing an OS... EROS, it >> > does however lack one critical facility I want, but it looks like I can >> > bolt that on without too much faff. >> > >> > http://www.eros-os.org/ >> >> EROS is indeed interesting. I thought it was long before Eric Raymond >> suggested that it could be the >> "Linux successor." I was completely unaware of this. I have been reading papers for half a day here. I am amazaed that I managed to let this one slip by. >> Unfortunately, the proposals for actually making it /useful/ >> essentially amount to little more than bolting a "Unix personality" on >> top of it. That is the wrong way of attacking a migration. Rather think "unix fishbowl"; in the same mindset as mainframes use "guest operating systems". The fishbowl is just kept as an encapsulated box, jailing *nix inside it's security concept. All interactions have to be done on the terms of the secure, outer OS. Once this is done you ca use *nix to bootstrap secure ports much the same way minix helped in bootstrapping linux. >> On the one hand, that has the not insignificant merit that it allows a >> whole whack of designed-for-Unix software to run on it. Compilers, >> text editors, databases, all sorts of stuff. >> >> On the other hand, it seems to me that this would discard much of the >> would-be-advantage of the substantially different architecture of >> EROS. EROS is supposed to be greatly more secure, but if all you're >> using it for is to emulate Unix, you'll pretty much have the same >> "holes" you had with Unix. > >Agreed... I can't stand the idea of a POSIX layer on it, it would reduce >that brave effort to reinventing UNIX the hard way. :P Having C-libraries will be important; but for a real secure OS the line must be drawn somewhere. I distinctly remember the horrors of Eunice and Primix, that was bolted onto VMS and Primos respectively. Cygwin also suffers from a little "layer stretch"; as does the posix layer on QNX. So, I completely agree; having a POSIX layer kind of defeats the purpose. >Time that changed... /me rolls up his sleeves. I've downloaded the source >and I like it lots.. There is one small hitch, it doesn't build out of the >box >under OpenBSD... > >Not too sure where one would start with such a system... To be honest >getting it to replace my usual frivilous desktop functions would be a nice >start, such as playing audio CDs, using USENET, reading/writing email >etc... Personally I'm not *too* bothered about the self-hosting >development environment yet... A debugger is more important to me, >and that poses enough of a challenge in itself... ;) Please don't forget that we will have to think in a couple of new paradigms when we are to upgrade the security model. In particular, we will have to nuke the idea of the monolithic do-all application; that once compromised has the world at its feet. As a example, the monolithic news and mail reader/composer programs will have to have internal firewalling; and will need to be broken up into a set of clustered components. Even the C/C++/C-lib/socket programming model will need significant attention before embarking on such a project. -- Morten Reistad ###### From: "Rupert Pigott" Newsgroups: alt.os.multics,alt.folklore.computers Subject: Re: Eros [Was : Multics on emulated systems?] Date: Tue, 10 Dec 2002 20:11:19 -0000 Lines: 35 Message-ID: References: <20021208085018.26b45f11.thvv@multicians.org> NNTP-Posting-Host: darkboong.demon.co.uk X-Trace: news.demon.co.uk 1039551078 8335 80.177.7.220 (10 Dec 2002 20:11:18 GMT) X-Complaints-To: abuse@demon.net NNTP-Posting-Date: Tue, 10 Dec 2002 20:11:18 +0000 (UTC) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Priority: 3 X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MSMail-Priority: Normal Path: chonsp.franklin.ch!pfaff.ethz.ch!news-zh.switch.ch!news-ge.switch.ch!news.belwue.de!newsfeed01.sul.t-online.de!t-online.de!newspeer1-gui.server.ntli.net!ntli.net!kibo.news.demon.net!news.demon.co.uk!demon!not-for-mail Xref: chonsp.franklin.ch alt.folklore.computers:123782 "Morten Reistad" wrote in message news:au55ta.hv6.ln@via.reistad.priv.no... [SNIP] > The fishbowl is just kept as an encapsulated box, jailing *nix inside > it's security concept. All interactions have to be done on the terms of > the secure, outer OS. They have published some sketches on that side of things. From my point of view I think it would be most useful for hosting the cross- compiling environment, so you don't need two machines to develop. [SNIP] > As a example, the monolithic news and mail reader/composer programs > will have to have internal firewalling; and will need to be broken > up into a set of clustered components. Yep ! I'm turned on by that. I like the idea of lots of components that can be strung together to form an "application". From what I've seen the concepts behind EROS encourage and support component style apps. Monolithic apps just don't look like a good fit at all. > Even the C/C++/C-lib/socket programming model will need significant > attention before embarking on such a project. I know, exciting isn't it ? :) Back to groking the code. :) Cheers, Rupert ###### From: "Rupert Pigott" Newsgroups: alt.os.multics,alt.folklore.computers Subject: Re: Eros [Was : Multics on emulated systems?] Date: Tue, 10 Dec 2002 22:08:23 -0000 Lines: 34 Message-ID: References: <20021208085018.26b45f11.thvv@multicians.org> <3df65f87_1@news.iglou.com> NNTP-Posting-Host: darkboong.demon.co.uk X-Trace: news.demon.co.uk 1039558102 8814 80.177.7.220 (10 Dec 2002 22:08:22 GMT) X-Complaints-To: abuse@demon.net NNTP-Posting-Date: Tue, 10 Dec 2002 22:08:22 +0000 (UTC) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Priority: 3 X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MSMail-Priority: Normal Path: chonsp.franklin.ch!pfaff.ethz.ch!news-zh.switch.ch!news.imp.ch!news.imp.ch!fr.clara.net!heighliner.fr.clara.net!proxad.net!proxad.net!kibo.news.demon.net!news.demon.co.uk!demon!not-for-mail Xref: chonsp.franklin.ch alt.folklore.computers:123857 "Douglas H. Quebbeman" wrote in message news:3df65f87_1@news.iglou.com... [SNIP] > It's not well known or understood, but most Microsoft applications > are actually (supposed to be) mere containers for Active-X components > that have been slung together. The 'doze example makes me painfully aware of some fairly major pitfalls in this approach : 1) System management (those *^^%£! DLLs) 2) Performance 3) Complexity Like most pitfalls I think these are avoidable with a great deal of care. Perhaps those words should be my epitaph. :) Two common pitfalls I expect to trip over when hacking EROS : 1) Wrapping stuff up so you end up with a russian doll instead of a library... With all the hidden buglets and weirdnesses that flavour of bloat brings with it. 2) Splitting everything down into minute itty-bitty bits... The principle of least astonishment seems to be useful here, it's not one I've really actively thought about or used for reasoning about my design decisions... I imagine that peer-review would help a great deal with applying that principle... Cheers, Rupert