Re: Software Design (was: Re: [tlug] Confessions of a closet OpenBSD user)

[Uva Coder <uvacoder@example.com>]

On Sat, Jun 29, 2002 at 10:41:21PM -0400, Viktor Pavlenko wrote:
> >>>>> "VT" == Uva Coder <uvacoder@example.com> writes:
> 
>     VT> It doesn't matter how elegant your (userland) code appears.
> 
> Most of the code is userland.

Hmmm, where to begin. For brevity I'll pass on that statement.
It will take me too long to reply; I have to go to the store
and buy beer and food before the final match tonight.
 
>     VT> If Linux's (and *BSD's) overall security model contains
>     VT> significant flaws in its design, then attempting to create the
>     VT> fix in the userland isn't the best answer. The answer lay with
>     VT> the kernel itself. Design, especially security, begins with
>     VT> the kernel.
> 
> True that security begins with the kernel but it doesn't end there.
> Kernel has to support many insecure operations to be usable.

Why does it have to be necessarily so? Because that's the way
you do it in Unix? Can you see the box that we've created? Are we
so afraid of Linux (or *BSD) not being unix-like and much rather live
with our problems rather than innovate? (These questions are not directed
at you directly Viktor, but rather just open to everyone for ponder.) 
From my understanding of the inner workings of Plan 9, Plan 9 has
overcome the insecure operations problem between the kernel and the
userland that you forementioned. 

I mention Plan 9 often because it is useful for comparison; not 
necessarily that it is the best general purpose OS.   
 
>     VT> Blaming sloppy userland development seems to me to be a red
>     VT> herring.
> 
> You can't even imagine how wrong you are.

No, it just takes a paradigm shift. I've been working with various
Unices for 12 years and I know where the Unices have been. But where
are they going? I question whether Unix in general has leaned its latter
against the wrong wall in relation to our present thought of kernel
design. I imagined that going against the status-quo would create a
reaction. No one likes changes to what they already know. I suppose it
will take the emergence of unix-like OS which has made the jump to awaken 
folks to the prospect that we need to rethink Unix; especially dealing
with security. To get a glimpse to what I'm talking about compare the
Linux kernel model to the Plan 9 kernel model. IMHO the folks at Bell 
Labs have a clue to what's coming next in OS design and have seriously 
thought out what it means to have a secure machine; they just lack a
good licence. 

>     VT> IMO what Linux, *BSD, and UNIX need are innovative ideas
>     VT> incorporated at the kernel level; not at the userland
>     VT> level. Plan 9's IL protocol is a good example of out of the
>     VT> box thinking.
> 
>     VT> I believe that if Linux fails as an OS, it will be due to too
>     VT> much "in-the-box" thinking; not from "sloppy" code.
> 
> If linux fails it will be because too many things will have been moved
> into the kernel.

I don't want too many things in the kernel either, but to challenge
our preconceived ideas about how things in unix should work should
be revisisted. I'm thinking of changes of a evolutionary scale, not
just let's throw in httpd in the kernel which has already been done.
I think khttpd in its current form is not a good idea by any means.
Consolidation, similiar to the idea behind the IL protocol that I 
mentioned before is more along my line of thought; but even IL is just
the tip of the iceberg. Unix, Linux, and the *BSDs need to evolve IMHO.

-- Uva Coder

Plan 9's homepage: http://plan9.bell-labs.com