Hi, On Thu, Dec 18, 2008 at 04:03:39PM +0100, Michal Suchanek wrote: > 2008/12/18 <olafbuddenha...@gmx.net>:
> I find persistence and storage mechanism that works well with it quite > useful. Well, *we* don't find EROS-like persistence useful for our purpose. I never found it useful, as you might remember; and Marcus, who was advocating it for a while, finally came to the very same conclusion. (After stumbling over some site with various articles explaining the issues much better than I can.) I'm not sure about Neal's current stance. > I also do not see why do you want to throw away secure IPC We don't want to throw away secure IPC. EROS/Coyotos doesn't have a monopoly on secure IPC, though. Its fully synchronous IPC is not suitable for us -- even Shapiro admitted this; and while he backed out the changes from Coyotos again (don't know the specific reasons), Marcus and Neal still think that a partially asynchronous mechanism is more useful for us. > and resource management The main idea behind Neal's resource management work is that applications should be involved, which is in direct opposition to Shapiro's approach. > As I said numerous times hiding things from child process can be > turned into hiding things from parent process. No, you didn't -- at least not on-list. All you did so far was repeatedly asserting that any security automatically means being able to hide anything, without anything to back this assertion. > After all, your login shell is normally started by some other service > which has all the power to hide things from it. So? > The only difference we are discussing round and round is whether this > service is configured to possibly hide something from all shells or if > there is a 'root' shell that can access everything. No idea what you mean. All processes started by the user are descendants of the user's session, and thus the user has full control over them. Perhaps you mean that the implementation of the user session itself could be treacherous, which is of course true -- but again, this requires the admin to actively take part in the treachery. It's not something implicitely provided by the standard system mechanisms. > > Everything that was said about a POSIX layer for Coyotos (or a > > Coyotos-like ngHurd) implies a distinct POSIX environment, which > > allows running existing applications in some kind of jail, pretty > > much isolated from the "native" environment with new applications. > > This is not acceptable IMHO. The Hurd allows running traditional and > > new applications *in the same environment*. This is what makes it > > attractive to me. > > Since all applications would be run each in its own jail by default I > do not see anything wrong with that. Everything is wrong with that. I do not want a system which has one part that is essentially UNIX for "legacy" software, and another part that is something completely different for the Brave New World. What I want is a system with only one integral part -- being mostly UNIX-compatible and UNIX-like be default, and yet offering many new possibilities; more generally, giving the user much more control over the environment. This is what the Hurd provides. -antrik-
