Slashdot Mirror

The paper from Dresden is available in English: https://tu-dresden.de/ing/masc... Of the chinese paper, I only know English reports of the abstract, such as from https://www.reddit.com/r/EmDri...

we will not replicate the mistakes made by others

Nope, you'll just [make] brand new mistakes of your own!

I have little doubt they will reinvent a lot of old mistakes too. They could do worse than starting with L4Linux but it does not appear like anything but full-scale failure would seem acceptable to them.

Microkernels are very complex by comparison, and it's turning out to not be a practical idea. If you want to try one out, go download GNU Hurd, it's a microkernel.

Why would you mess around with HURD when you can play with L4 or Minix 3 ?

You could also try NetBSD which is based on an "anykernel," using "rump kernels" to allow drivers to run in either kernel space OR user space.

All of these are more mature and stable than HURD.

The linked discussion includes some notes about things like graphics drivers on android (Linux) moving to user space. Apparently its not totally impossible. But yes, you are correct that there is generally overhead to having security in this case. However, if you want one example where the micro-kernel wins, I found one (I will not claim its typical, but its interesting). One except from The Performance of -Kernel-Based Systems section 6.1 "It is widely accepted than IPC can be implemented significantly faster in a micro-kernel environment than in classical monolithic systems. However, applications have to be rewritten to make use of it." While that seems like an grand claim, considering that almost the only thing microkernels do is IPC, maybe its well founded (I'd prefer if they had some citations for it though). In their data we can see their user space pipe implementation on top of the microkernel IPC being both lower latency and higher bandwidth than the Linux one. Of course the paper is 17 years old, it might not be a great source. KV-Cache: A Scalable High-Performance Web-Object Cache for Manycore shows a microkernel based design winning on performance over a linux based one, and its pretty new (2013). Looks like they managed to DMA network data into userspace directly. So now you can't say you have never seen any benchmarks where microkernels didn't do well. While they may not be the most fair benchmarks (it looks like they tuned the microkernel based systems pretty specially for them), if careful tuning can get gains much larger than the overhead when compared to existing linux systems, I don't think the overhead should be considered too bad. I don't know why /. is removing all my line breaks, oh well.

Sounds a lot like SRWare Iron* to me - that's a long existing Chromium-based fork altered for enhanced privacy.

At a first glance, I cannot make out any advantages of Epic over Iron. Aside from the removal of all user tracking which Chrome brings, they only provide a 1-click-proxy functionality. Which, if I used it, would leave me and my privacy at the mercy of an India based startup. Instead, I'd also rather suggest JAP** which is also long and well established.

So what am I missing that makes Epic Browser worth a Slashdot post?

[1] https://www.srware.net/en/software_srware_iron.php
[2] http://anon.inf.tu-dresden.de/

Actually, for my own curiosity I'd be interested in the recommendations for alternate search engines that slashdotters think are good one to use, other than google. (Probably this has been covered as a slashdot topic before; so a link would be ok.)

(I can already find this one http://en.wikipedia.org/wiki/List_of_search_engines thanks)

Starpage.com. No IP logging, no tracking cookies (there is a preference cookie), lets you search over HTTPS, compiles search data from All The Web, Ask, Bing, Cuil, Digg, EntireWeb, Gigablast, Open Directory, Qkport, Wikipedia, and Yahoo.

Overall it works pretty well, but sometimes I need Google's results. That's where Scroogle comes in handy. No cookies, no query logging, ip logs deleted after 48 hours.

Also, if you're using Firefox there are a few settings I highly recommend under Privacy. Set it to "Use custom settings for history", uncheck "Accept third-party cookies", and then change "Keep until" to "I close Firefox". Then use "Exceptions" to whitelist any sites you want to have persistent cookies.

I also tend to use Privoxy + JAP when doing casual browsing (ie, stuff where I don't log in).

There are apparently many different studies on the subject of panicky crowds. Here is a list of press reactions to the work of the Chair of Traffic Modelling and Econometrics at TU Dresden, Germany:

http://tu-dresden.de/die_tu_dresden/fakultaeten/vkw/iwv/tme/publications/media.html

Among the publications explicitly mentioning the helpful obstruction in front of an exit is this report (in German) from 2003:
http://www.vdi-nachrichten.com/vdi_nachrichten/aktuelle_ausgabe/akt_ausg_detail.asp?ID=11006

Oh, how wrong this is.

You should look into the L4 microkernel project some time, and its follow-ups (e.g. Pistachio, Fiasco)

In a nutshell: The reason most "microkernels" have bad performance is that they are not anywhere near "micro" enough.

JAP is a free java based anonymizer. It runs as a sort of "proxy" as in you route your internet traffic through a localhost port, but it sends out your data through two or more "mixes" which anonymize your connection. It successfully masks your IP, your location, and most importantly your identity. Its relatively fast for the obvious latency problems that are bound to happen.
JAP

This Paper discusses several ways to compromise your TPM. It also notes that secure boot infrastructure like Intel TXT and the AMD counterpart (when used with an appropriate boot loader) effectively prevents the attacks.

You lie, surely?

I heard that they were going to harmonise traffic across the EU, so the UK would eventually drive on the right, too. As I understand it, the new rules affect Heavy Goods Vehicles from 2011, with light vans and private cars having to move across by 2013.

This simulation is bread and butter work in the field of cellular automata, since donkey's years ago. There's a simulation here:

http://rcswww.urz.tu-dresden.de/~helbing/RoadApplet/

Or maybe there isn't, since I just installed Ubuntu, but there's a plugin download box that suggests there is.

I played with this a couple of years back:

http://vwisb7.vkw.tu-dresden.de/~treiber/MicroApplet/

shame this post is buried down deep :-(

Yea, I thought I'd seen this before here and other places including this simulation http://vwisb7.vkw.tu-dresden.de/~treiber/MicroApplet/ (java warning). A lot of the modeling is interesting because it simply captures a lot of the real behavior you see every day.

A couple of early posters are making jokes about faulty drivers and writing your own. But honestly, eliminating the human component from driving would significantly improve traffic flow across the board and would allow it to be optimizable. It's really just the problem of so many different drivers making such a system a complete failure - it's like General Motors and their 31 different models (gratuitous car analogy). But until people become less lawsuit happy and unless such a scheme can work with people that want to drive, I doubt that such a system could be implemented. It's far more likely that we'll see passive incremental improvements such as intelligent braking instead of more active disruptive improvements like auto-drive.

Maybe it could work, but Microsoft is a marketing-driven company and has failed to use good ideas their employees have had before. Similar ideas have been used in experimental operating systems before, such as L4 and Mungi. We do need innovation in operating systems, but unfortunately, Free and proprietary development seem equally slow to produce practical systems.

Here's an even better version of the same: http://vwisb7.vkw.tu-dresden.de/~treiber/MicroApplet/

The trick when driving to try and iron out these hold-ups is to keep the traffic moving, by slowing down well in advance and leaving a large gap. As soon as the impatient and selfish start driving inches behind the car in front the whole system grinds to a halt.

You might be interested in the L4 microkernel.

Well, Peacefire should meet your web based anonymizing needs. If you need more, that's what Tor and JAP are for.

You could do like I do.

1. Run Tor.
2. Access JAP through Tor.
3. Access proxy servers through the JAP over Tor connection.
4. ???
5. Profit!

Perhaps the inclusion of TPM in later OSes, chipsets and hard-drives will spur adoption of Linux (which presumably would just not enable such garbage).

Actually, most work on the TPM is being done on Linux. See Trousers, Trusted Grub, TPM Device Driver, Enforcer, OSLO, etc. Not to mention that open-source Xen supports virtualizing the TPM and is aiming at TPM-based trusted boot functionality.

Tor. JAP (www only). I2P.

I personally like JAP, though it only does WWW. The servers are in Germany, go to google.com and you get "Google Deutschland". It's the easiest of the three. Tor makes you set up something like Privoxy, not sure about I2P. For JAP, just start it (it's in Java and runs on Linux, OS X, and Windows) and point your browser's proxy settings to localhost:4001.

Tor has the advantage of letting you route anything through it. If you use it, don't be an asshole by using it for Bittorrent or anything else high bandwidth or illegal.

I personally like using JAP when at public access points, though for anything other than casual browsing I use OpenVPN and browse through my home network.

You could also use JAP. I use this fairly regularly.

What will it do in this room?

http://www.psychologie.tu-dresden.de/i1/kaw/divers es%20Material/www.illusionworks.com/html/ames_room .html

"Tuning" in general might be a good thing, but you need to base you optimization on something - why not math? The question is not moot at all...

What I'm actually trying to say is that I don't have any mod points right now but consider your post to be overrated ;)

Phukko here, sorry about the AC post, but y'all need to visit: http://vwisb7.vkw.tu-dresden.de/~treiber/MicroAppl et/ to see a most excellent set of simulations

That article is a must-read. Also interesting is this Java traffic simulator which demonstrates all the ways that traffic jams can form.

JAP - I use this at work. It's usually pretty fast and works well. The app is a single .jar so no installation is required.

Tor - I use this often, too, but it's much slower

Too bad nobody mentioned JAP yet. It's similar to TOR, except it uses pre-defined anonymizing proxies rather than random nodes (so you know exactly who you're trusting). It will also circumvent censorship, and it's pretty much unblockable. Every client has an option built in to share his bandwidth for people who are behind censoring firewalls, esentiallly becoming another public proxy. This means that if you need to get around censorship, you can have JAP (the client program) automatically supply you with a fresh, unblocked proxy address. Check it out at http://anon.inf.tu-dresden.de/index_en.html Psiphon gets publicity like crazy, but it actually doesn't do much besides being a simple proxy. Especially, it doesn't solve the main problem of how to find an unblocked IP to use. While JAP doesn't have slick marketing (new website coming soon, I hope), the technology is great, please take a moment to check it out. Elmar (Disclosure: I am currently one of developers of JAP, as part of my Master's thesis)

JAP :: http://anon.inf.tu-dresden.de/index_en.html

Encrypts traffic between the client & nodes; Utilizes Tor. Even works for companies that require an internal proxy.

No. X is still broken. However I understand there is a seperate project Nitpicker (part of TUD-OS)to solve that.

But it doesn't seem like it's on as deep a level as I'd like. It's better, but it still means that once I send a document to Firefox, I have no idea what Firefox will do with it. Still, that is a lot better.

I am not sure what you mean. It was the goal of the EROS-OS project to break software into tiny chunks and apply least priviledge to each. One could get even finer grain protection if writing with a safe language. Even so, if Firefox as a whole is malicious there is no way of stoping it misusing whatever rights you give it.

• Use different search engines--spread the love.
• Scrub the Google cookie, change IPs early and often if your ISP makes it easy.
• Use TOR or JAP when possible. (Don't forget, fresh cookie every time.) They're not perfect, but makes it less likely you'll be in the dragnet unless you're a specific person of interest--good intel isn't exposed chasing small fry.
• Don't vanity search or search on identifiers for people close to you on a machine you use regularly.
• Salt your searches with misinformation. Interested in motorcycles? Search for flower gardening. Arabic? Search for German. Search for random stuff now and then.
• Don't tip search engines off to your plans. Don't do searches containing the words "how" and "to" unless you're looking for HOWTOs. They're common words anyway, and don't really help.
• Don't use services like Gmail and search at the same time. (The wisdom of providing Gmail with personally identifying information and using it at is questionable given Google's aggressive data gathering.)

The problem with this statistic is that it's where microkernel advocates consistently lie (including, alas, AST). 4% DOING WHAT??.

Usually, that means it's 4% slower doing a single process test. Show me a test with dozens, if not hundreds of processes like you see on PRODUCTION servers, because that's where microkernels typically fall flat on their faces.

But even in the west I feel more comfortable using Tor, a (well, close enough) anonymizing proxy.

I used to use JAP (a similar project but the client was Java based and less transparent) but Tor is considerably faster. Throughput up to 60K/sec on a 512k/sec DSL line (as fast as it ever goes with no proxy) means that it's practical to use for all traffic and makes the needle much harder to find in the haystack.

While still in its early stages, wouldn't something like the JAP Anonymity project undermind the entire purpose and usability of data retention? http://anon.inf.tu-dresden.de/index_en.html

I agree with most of your points, and feel that there is a large amount of arbitrarity in the microkernel vs monolithic kernel debate. It IS indeed possible to design a monolithic kernel well (look at the BSD's, esp. DragonFly). It is also possible to design a monolitich kernel very poorly. It's possible to design a microkernel well and poorly (l4, qnx vs mach). What I disagree with are people who ignore Scientific evidence and replace it with religious dogma, apparent all over this thread.

So Mr. T says Microkernels are good. So what? Let him live in his world, develop his pet OS that will attempt to make a general purpose microkernel, and see if it works. Until it does or it doesn't, shut up about it! Don't assume it will be crap because your linux-guru friend that you look up to oh so much told you all microkerels are crap (No, i'm not referring to you, but the general sentiment on slashdot). If some dudes want to work on a microkernel, let them work on a microkernel. And in the meantime, read up on the RECENT research before sticking your neck out.

I also disagree with your characterization of Mr. T's comments towards slashdot. In my experience, most slashdotters have no idea what they're talking about. I happen to agree with his characterization of the slashdot response to the original article he got published in IEEE. Most of it was baseless, and the comments that had a base were mostly founded on old, irrelevant studies.

After posing a theory, the next scientific step is to find proof of the theory by observing/measuring.

Proof? No. Support. There is no such thing as "proof" in science, proof is an attempt to irrefutably reason using theory (ie, mathematical proofs, logical proofs, etc). They have no place in Science because science relies on refutable statements. Science, in practice, only refutes or supports. It does not prove.

Back to the issue at hand, if you want evidence of the utility of a general purpose microkernel check l4linux here and here with this one being the paper most relevant to the discussion.

They report less than a 5% slowdown on x86 kernels, which is below the realm of significance in science (10%+ is significant). If this is true, I doubt the user would even be able to percieve the difference. If you want details on their numbers, read the papers. As far as i'm concerned, the microkernel community HAS provided evidence to refute the claims that their architecture incurs an unacceptable performance hit. It just seems people either ignore the evidence, or are so stooped in their own dogma that they refuse to believe it. If you don't believe it, maybe you should give l4linux a try and see how general purpose a microkernel can actually be.

After posing a theory, the next scientific step is to find proof of the theory by observing/measuring.

Proof? No. Support. There is no such thing as "proof" in science, proof is an attempt to irrefutably reason using theory (ie, mathematical proofs, logical proofs, etc). They have no place in Science because science relies on refutable statements. Science, in practice, only refutes or supports. It does not prove.

Back to the issue at hand, if you want evidence of the utility of a general purpose microkernel check l4linux here and here with this one being the paper most relevant to the discussion.

They report less than a 5% slowdown on x86 kernels, which is below the realm of significance in science (10%+ is significant). If this is true, I doubt the user would even be able to percieve the difference. If you want details on their numbers, read the papers. As far as i'm concerned, the microkernel community HAS provided evidence to refute the claims that their architecture incurs an unacceptable performance hit. It just seems people either ignore the evidence, or are so stooped in their own dogma that they refuse to believe it. If you don't believe it, maybe you should give l4linux a try and see how general purpose a microkernel can actually be.

After posing a theory, the next scientific step is to find proof of the theory by observing/measuring.

Proof? No. Support. There is no such thing as "proof" in science, proof is an attempt to irrefutably reason using theory (ie, mathematical proofs, logical proofs, etc). They have no place in Science because science relies on refutable statements. Science, in practice, only refutes or supports. It does not prove.

Back to the issue at hand, if you want evidence of the utility of a general purpose microkernel check l4linux here and here with this one being the paper most relevant to the discussion.

They report less than a 5% slowdown on x86 kernels, which is below the realm of significance in science (10%+ is significant). If this is true, I doubt the user would even be able to percieve the difference. If you want details on their numbers, read the papers. As far as i'm concerned, the microkernel community HAS provided evidence to refute the claims that their architecture incurs an unacceptable performance hit. It just seems people either ignore the evidence, or are so stooped in their own dogma that they refuse to believe it. If you don't believe it, maybe you should give l4linux a try and see how general purpose a microkernel can actually be.

Furthermore, Richard Stallman still seems to take the microkernel seriously. Although Mach has fallen out of favor, the answer isn't to claim that Mach is all there is or could be to a microkernel and declare the concept an abject failure. RMS is moving on to greener pastures with L4. A bad implementation doesn't mean something is a bad idea.

For an even better example of what a microkernel can do, have a look at the L4 kernel: http://os.inf.tu-dresden.de/L4/LinuxOnL4/ where the kernel, designed in assembler + C++ has some decent performance stats run by IBM. The short version is that a linux personality on an L4 microkernel costs a 3.8% performance penalty. When you consider that this persnality that is being tested has in no particular way been tuned to fit the L4 kernel, this 3.8 percent penalty for another kernel under linux doesn't seem that bad. Infact, one wonders, if it were tuned, how much faster would it be?

A huge iceberg didn't spare the Titanic...
...and a nuclear strike wouldn't spare Rambo [*].

Because something isn't a "security-catch-all" it doesn't necessarily mean it's inherently bad. See safe belts in your car. They wouldn't save you from a frontal crash with a truck. I just will keep fastening them, thanks very much.

[*] Although, maybe Chuck Norris... okay, too frightening to consider.

I thought L4 proved microkernels could provide the same performance as large kernels? Read here:

http://en.wikipedia.org/wiki/L4_microkernel_family / and here http://os.inf.tu-dresden.de/L4/overview.html/

What am I missing? It seems the performance problem has been addressed. The other benefits listed in the article are well known it seems. I don't understand the criticism of microkernels in this context. Certainly you can just prefer to do thing monolithically, or some hybrid, but that doesn't imply the micro-kernel is wrong.

1. CapROS (successor to EROS)
2. L4Ka and Fiasco implementations of the L4 microkernel architecture

Egads! My education is useful!

We're discussing such issues in a class I'm taking on software fault tolerance. In discussing selective restarts and backup processes Apache is frequently cited as an example of how software should fail gracefully, consistently, and then handle that failure itself. The lecture slides can be found here: http://wwwse.inf.tu-dresden.de/index.php?language= English&site=courses&course=ss06vl02

Apache has some memory leaks in it. It is not bad, it happens, especially in a piece of software like that which is expected to run constantly and NEVER fail. So what the Apache software does is every so often, or when it detects that its memory usage is getting out of hand, it fires up a second copy of itself and then kills itself letting the new not-yet-leaky copy take over.

So to you (IT/admin) that daemon may run forever, but thats because my people (CS/developer) did our jobs (for once) and ensured that the application cleaned up its own messes.

> what the? L4Linux has to run on top another REAL kernel, usually Linux.

You're quite mistaken. L4Linux runs Linux in usermode on top of the L4 kernel.

http://os.inf.tu-dresden.de/L4/LinuxOnL4/

> I wish there was a way that I could view websites without giving any IP or client information.

Have a look at http://anon.inf.tu-dresden.de/ by the AN.ON project. They are running casades of mixes (based on the concepts by David Chaum, c.f. http://world.std.com/~franl/crypto/chaum-acm-1981. html) and are also supporting TOR in their latest versions.

The project receives consulting from the Independent Centre for Privacy Protection (ICPP, http://www.datenschutzzentrum.de/), a leading German institution in both legal privacy protection and privacy-enhancing technology design. They have already won some court cases against German Federal Police who wanted their anon service not that anonymous.

Here are some tools that allow you to combine interface declarations with the compiled code. Both tools automatically write the header and source files for a module given a single unified file.

Preprocess - http://os.inf.tu-dresden.de/~hohmuth/prj/preproces s/
Lzz - http://lazycplusplus.com/

Both tools are open sourced. Of the two, Lzz is quicker and has more backwards compatibility with existing C++ code.

I'm the "Anonymous Reader" who submitted this "article". I'm from Germany, so my command of the English language is limited at its best (it's impressive how many comments bitch about that billion/million typo ... my apologies to the /. editors).

My request was a serious one, answers as The Moon http://ask.slashdot.org/comments.pl?sid=171228&cid =14261341/ are funny to some extend, but not very helpful. Bugmaster asked http://ask.slashdot.org/comments.pl?sid=171228&cid =14262445/ which solutions there are. Moving out is one, keeping a low profile another, also encryption keeps bubbling up. Encryption is not much of a help if the connection data, who spoke to whom, is stored (but I use it anyway). On the other hand, I know about tools/services like the Freenet Project http://www.freenetproject.org/, TOR http://tor.eff.org/, JAP http://anon.inf.tu-dresden.de/index_en.html/ and GnuPG http://www.gnupg.org/ -- but most of my peers do not. If asked, their answer is similar to this one http://ask.slashdot.org/comments.pl?sid=171228&cid =14262263/, which, in my eyes, IS crazy. In addition, if more and more people start to use these services, any estimate much time it will take to outlaw encryption technologies as such?
So, keeping a low profile is sort of an option, but not calling grandma for her 90th anniversary is HARD to explain, don't you think?
Last solution, move along. As said, my request was serious, not intended as anti-european flamewar http://ask.slashdot.org/comments.pl?sid=171228&cid =14261813/, nor as troll http://ask.slashdot.org/comments.pl?sid=171228&cid =14261813/.

Somalia was mentioned http://ask.slashdot.org/comments.pl?sid=171228&cid =14261597/ ... to be honest, I prefer not to be shot. Then, New Zealand http://ask.slashdot.org/comments.pl?sid=171228&cid =14261456/ which seems to be sort of an option ... unfortunately this seems to be the one and only serious answer =(

One comment (sorry, no link) stated, that as long as one can purchase SIM cards without ID ... hey guy, here you can not! At least, neither in Germany nor in Switzerland ahref=http://www.heise.de/newsticker/meldung/35261 /rel=url2html-19262http://www.heise.de/newsticker/ meldung/35261/> (sorry, German only). Admitted, Switzerland is not a member of the EU and I don't know about all other members, but I assume that it is not possible to purchase a prepaid card anonymously anywhere on the continent -- and no, in my eyes, privacy is NOT a luxury http://ask.slashdot.org/comments.pl?sid=171228&cid =14261289/

Btw, I heavily agree with bmh129 ... how is this possible? http://ask.slashdot.org/comments.pl?sid=171228&cid =14262340/.

Regards