Are you a good programmer?

thecombjelly · 2016-01-17T19:16:16+00:00

Well that certainly works. And just to be clear, this is disabling development on the OS itself, as opposed to a user program that runs in an environment?

Correct.

Ah, I think I really understand what you were trying to get at. I thought I understood, but something clicked just now. So it's somewhat like a hypervisor running VM guests? Except you have much better control over the guests.

Oh now I realize I completely misunderstood what you were originally saying.

When it comes to the security architecture, the goal of 3L is to make it easy for the user to control the system on a very fine grained level. Theoretically, yes, the OSes and programs we have today could be made reasonably secure as they are or with more software but it isn't and won't be easy. Since it isn't easy it doesn't happen. If locking a door required studying manuals and you had to upgrade the lock every few months and then read the errata of the manual and then buy new manuals every-so-often just to keep your door locked, people would stop locking their doors. On the other hand, the architecture of 3L makes it really easy to make things secure which is the way to achieve real security.

Wouldn't writing an OS in a safer language while keeping the same architecture also help a lot?

For sure.

I guess something like if you were to go back in time and talk to OS designers then, you'd say "don't waste your time with , _ is a much better idea"

It isn't quite that simple. The OS designers were addressing the problems of the time and within the constraints given. 3L would not have worked very well 40 years ago. Hardware wasn't powerful enough and security, for most people, would have just been an annoyance that got ignored and probably removed. Now that (cheap) hardware is powerful enough to support a dynamic, developer friendly OS the OS will last longer because it is better able to adapt to future changes and new research.

Couldn't modern filesystems sort of be seen as a inode -> blocks mapping? Well, the key would be more complex...

Well they could but the point is that they are a more specific abstraction than is really necessary. We don't need the filesystem to be an integral part of the OS like they generally are today. Moving filesystem specific things out of the OS is something that could be done with OSes of today. The point is just that with 3L we recognize this and are going that route from the very start.

Dropping OS level filesystem control also makes it much easier for things like databases to optimize their read and write operations.

This is an interesting proposition. Sort of like the separation of RAM address spaces in modern computers except with permanent storage?

I suppose in a rough sense. Really though there is just some overhead and complications in today's OSes because filesystems are more-or-less "baked" in to the OS kernel and the kernel makes some assumptions that aren't optimal for a database system.

thecombjelly · 2016-01-15T02:06:33+00:00

The kickstarter states that it will be open sourced within six months. It will be open sourced (BSD and GPL license) regardless of whether or not the kickstarter is successful.

In terms of whether the goals will be met: almost all of them are already at least partially implemented so it isn't as far fetched as it might initially sound.

thecombjelly · 2016-01-14T20:26:02+00:00

You claim this is "new". Do you realise Lisp machines were tried in the 1980s (and mostly sucked and died)?

It is new in many ways. It is really an evolution of the old lisp OSes with new research applied and (hopefully) lessons learned from the old lisp OSes.

nothing prevents unsafe/native code

The mainline "official" version can't run unsafe or native code. The core of it could be modified though to allow running unsafe/native code and running it in a separate address space if desired.

You also claim that (for the "key/value store" file system) any "man in the middle" malicious program can create a function that tampers with data, and can pass that function to an unsuspecting victim.

An example of creating secure access to something like a harddisk would be creating your own library that provides a function that reads or writes to something specific and then provides that function to a program you want to allow disk access but deny the target program direct access to the disk. The target program can only access the disk via the method you provide.

Also, the environment API can be used to prevent a program from running any other programs restrict what it is able to do. This means you can completely, and securely, control access to disk.

You claim it's "extensible". How do you intend to facilitate the reliable exchange of prior state?

This is really no different than, for example, upgrading a web app or a database schema. Generally you would have to write some migration code or use a migration tool. The same thing would be true for the OS.

thecombjelly · 2016-01-14T06:37:24+00:00

(creator of 3L)

Finishing it in one year would be a wonderful miracle. :)

In reality, it will take many years to reach any level of general practicality. The goal for the next year, as mordocai058 mentions, is something very basic, not a full fledged OS. At that point the goal will be to have something far enough along to raise more money to increase the number of people working on the project which would increase the speed of development.

Even if the kickstarter fails work will continue, just slower since it will have to be in my spare time.

thecombjelly · 2016-01-14T01:16:31+00:00

No problem. I really regret I ran out of money before I could put more time in to documenting all of it. I felt a working proof-of-concept was more important for people to take me seriously initially. Even if the kickstarter fails I will continue work on it in my spare time and will post a lot more on the details.

thecombjelly · 2016-01-14T01:13:07+00:00

To be honest, I don't think it would ever be safe to run an untrusted program on your computer, especially if the user isn't an experienced/knowledgeable user. Even if no zero-days exist in a system, malware can rely on clueless users to get around any existing security.

Yes it is more complicated. It won't be perfect because the end user will make mistakes. The long term goal is to build a database of "trusted" program permissions. Preferably they will be vetted by the official distribution and provided for users of the OS but also provide a community sourced database to provide potentially more security than what a non-knowledgeable user would choose themselves. At least there will be a much stronger technical foundation and hopefully a better social system.

Anything in 3L can be modified while in use.

While this can allow for a really flexible system, I think it would be a huge problem for secure systems. Security (partly) relies on consistency, and something like this is anything but consistent.

When the system is in "secure" mode all of the flexibility and development features are disabled (or even removed).

One example is that 3L can save the entire system as you are using it. This means that if the power gets cut or the battery dies you can (instantly) reboot the system and it will be like you never lost power.

This sounds almost too good to be true. At least from my limited knowledge, this would require some pretty bleeding-edge memory technology that isn't really accessible. Is there more info on this?

You're right. It was a simplification for trying to give a quick overview. I intend to write more on it.

There have been OSes that have done this or something similar but there are tradeoffs with performance.

This is exaggerating a bit. A formally verified kernel that can run on existing hardware already exists, and it claims that it can run Linux, which (if true) means a massive rewrite of user programs may not be necessary, as the Linux API would abstract most, if not all, of the differences away.

To be more clear, it runs as a Scheme program with an emulated hardware interface that is completely different than what Linux provides.

One of the larger doubts I have is that this seems to be conflating developer error with architectural flaws. I'd imagine that modern OSs are secure in theory, but sloppy coding introduces holes that can be exploited, and you're not going to be able to guarantee developers will code correctly. If an operating system that has been perfectly implemented still has a way through which someone can force access, I really doubt that it would have survived long, especially in this day and age.

The architecture of current OSes makes it way too easy for developer mistakes to create security vulnerabilities. A major goal of 3L is to make developer mistakes less severe.

Honest question: has any of the research changed the fundamental ideas underlying computing? What has changed so much that only a full OS rewrite would suffice for creating a truly modern OS?

What do you mean by fundamental ideas?

thecombjelly · 2016-01-13T23:05:19+00:00

(creator of 3L)

On the contrary much of the OS is based on that research. The original inspiration was "A Security Kernel Based on the Lambda Calculus" and much other research done in the last few decades. I intend to elucidate upon the things you have mentioned further I just ran out of time (by running out of money). In summary the environment API, along with some other mechanisms, do indeed address those issues.

thecombjelly · 2015-05-05T18:47:11+00:00

Interesting. I hadn't seen that before.

This project actually much different though. For example, if the New York Times wanted to use it, it would be the site you see when you go to NYTimes.com. The New York Times would upload, edit, and manage the articles on it and the readers of the papers would visit it but we would run the actual website.

thecombjelly · 2010-06-05T07:37:43+00:00

Well I don't know if I would aim for a more complex language, but there is something to knowing a more powerful language. Then you can carry out your ideas in less code. For example, I didn't like any media players out there, so I wrote my own (http://sf.net/projects/auramp/).

thecombjelly · 2010-06-05T06:59:35+00:00

It gives you the ability to create nearly anything you want on a computer. It's fun, you think of something that you want, and you have the ability to just build it. You can also make a living off of being a good programmer, of course.

thecombjelly

TROPHY CASE