Crush/BRiX: An Experimental Language/OS Pair

An anonymous reader writes: "Brand Huntsman (the creator of the Bochs Front-End, among other obscure things) has been developing an integrated language/operating system for the past few years now. The Operating System is called BRiX, and it uses a language called Crush, which is woven tightly into the core of the OS. On his project web page he has posted the source code to his preliminary compiler, which runs in Linux and outputs optimized assembly from Crush source code. The Crush language itself is heavily influenced by Forth, LISP, and Ada, and provides strong typing and extensive namespace security." Update: 08/19 00:03 GMT by T : Note, the project page URL has been updated, hope it now works for everyone :)

Forth

[applejacks]

I remember reading where Starflight was susposidly written partly in Forth.

l8r

Re:Forth

It was. Only a very compact, extensible compiler like Forth could have pulled off Starflight on the computers of the day.

For those unfamiliar with Forth, the "inspiration" BRiX/Crush seems to have taken from it involves the idea of building upon a core in a single address space. But whereas Crush is designed as a safe language, Forth is anything but; like C, you're free to clobber anything you can touch. Unlike C or Crush or most modern languages, Forth doesn't much concern itself with data types; that thing on the top of the stack could be a signed integer, an unsigned integer, part of a float, or the address of a string; hey, you put it there, it's your responsibility to use it correctly.

That horrifies most kids with their CS degrees, but in smallish, one-man apps --- particularly in embedded systems which may not have an underlying OS --- it's very workable. I have ROMs in the field that have been running rock-solid in industrial apps 24/7 for more than a decade.

Forth isn't the right tool for every job, of course, but I haven't yet seen a language that is.

Project homepage at sourceforge

[jukal]

As the project homepage linked from the article seems slashdotted already, you might want to browse to the homepage at sourceforge:

"BRiX, like many other operating systems, provides features such as SMP, preemptive multithreading, virtual memory, a secure multiuser environment and an easy to use graphical interface. How it does this and the end result make it very much unlike any existing operating systems. BRiX is a computing environment and not an operating system. It is a combination of operating system and applications all-in-one. "

Re:Project homepage at sourceforge

Did anyone read the info page?

BRiX, unlike other modern operating systems, does not use hardware to isolate and protect applications from each other. Instead, it uses a single address space and relies on a safe-language to generate code that will not access memory for which it does not own. This language also handles many checks at compile-time that would be performed at run-time in other operating systems. ... bounds checks can be disabled for stable critical system components. Only untrusted user code is slowed down by the bounds checks.

While I congradualate Mr. Huntsman on his attempted elevation of computer security now that Dijkstra is long gone, I must take the above claims with extreme skeptism. Such double-talk as "untrusted user code" reminds one of none other than Microsoft Palladium Trusted Computing Platform Alliance. The truth is, designating certain combinations of codes trusted will only provide to dilute computer security further moving us back to the stone age. Trusting kernel code to be flawless and lacking buffer overflows so common on all stack-based architectures will only open the Internet up to larger magnitudes of terrorism. GOBBLES, anyone?

Re:Project homepage at sourceforge

[Pilferer]

You *know* this is gonna be a slick OS when the webpage has a "brightness adjuster".

Re:Project homepage at sourceforge

[kingkade]

"Untrusted code" in this case refers to user-level programs that are not allowed to write outside of their virtual address space, which is done by Brix as opposed to by actual paging hardware on modern systems. I guess that internally, a badly designed user program can still be vulnerable to stack-smashing efforts.

Palladium is a whole other high-level of control over users themselves, not just their programs ;-)

Re:Project homepage at sourceforge

Yes, I know what virtual hardware paging is. I was objecting to trusted code. No code should be trusted. Kernels have bugs. I didn't quite understand the article as it claimed BRiX has no kernel, but I'm sure there is something replacing the kernel which runs as trusted code.

Case in point. I remember a while back when in my days of DOS, I unintentionally overwrote my BIOS CMOS while attempting to upgrade by EPoX motherboard. Needless to say, EPoX refused to honor my RMA and I was left with a BRiX instead of an XBoX.

Re:Project homepage at sourceforge

[kingkade]

Yes, I know what virtual hardware paging is. I was objecting to trusted code

Well, you mentioned it somehow reminded you of palladium, thats what flagged your comment as apples vs. oranges to me :P

Re:Project homepage at sourceforge

[real+gumby]

You *know* this is gonna be a slick OS when the webpage has a "brightness adjuster".

This applies to the _reader_ of the page!

Re:Project homepage at sourceforge

It'd be even cooler if they could get Crush/BRiX to run on Mindstorms...

Re:Project homepage at sourceforge

[sg_oneill]

You *know* this is gonna be a slick OS when the webpage has a "brightness adjuster".

Dude! Now you've just doubled that slashdotting effect with everyone jumpin' over there to check out the brightness adjuster widget.

Re:Project homepage at sourceforge

[Tablizer]

You *know* this is gonna be a slick OS when the webpage has a "brightness adjuster".

It doesn't work that well either. I had to click around on it about 10 times before it finally changed the page. It is too much like dating.

Re:Project homepage at sourceforge

[munch117]

You *know* this is gonna be a slick OS when the webpage has a "brightness adjuster".

You *know* it's technology for technology's sake and a complete waste of your time when the webpage needs a "brightness adjuster".

/A

language/os pair, where have i heard that before..

Ah yes, Smalltalk, LISP machine, Java...

Next "innovation" please.

automatic obfuscation?

[Inominate]

Is this an attempt to create the most unreadable source code possible?

Re:automatic obfuscation?

Although you've lost me at is, I would like to point out that BRiX prohibits and forbids creation of ones own compiler.

The main disadvantage of the language is that there can be only one. To alleviate this problem Crush uses filters that translate other languages into Crush code. These filters only translate some of the syntax and can't be used to port code. The C filter will allow one to write code that resembles C but it will be using names of BRiX functions instead of the functions one would find in the C libraries. The filters are meant to ease the transition to BRiX programming and offer a choice of syntax, not to reproduce the language environment.

Essentially, you are held back to the limits of Crush unless you decide to reverse-engineer BRiX which is illegal under the DMCA act. Filters may be able to transform Python to Perl but can they port the most important applications on the Internet, sendmail and BIND? Until then, BRiX will be limited to niche areas of deployment. But of course that is not to say the Crush/BRiX duo is useless, merely limited in use.

Re:automatic obfuscation?

[sketerpot]

Essentially, you are held back to the limits of Crush unless you decide to reverse-engineer BRiX which is illegal under the DMCA act.

I don't think it's illegal to just go in the source (under Artistic Licence) and do all the reverse-engineering you want. Perhaps you are getting this confused with proprietary software.

Re:automatic obfuscation?

[flatus]

Assuming that crush is a complete language, it can emulate any other language. Thus there is nothing to keep users from writing the standard c libs, by calling the crush libs (just as we call the unix kernel to build c libs now). Now, since unix is written in c, it follows, that there is nothing that unix can do (sendmail, bind, . . . ) that brix can not.

Namespace security is imperative

I didn't read the article, but I definitely am setting a few kilobucks aside of Crush/BRiX goes public. It appears that BRiX's namespaces delve deeper than traditionally as in C++ or Java, where a malicious programmer can get around the namespace compartmentation via direct addressing. A particular nasty example of this was recently reported on BugTraq, where filesystem access logs could be circumvented by creating a hard link to an arbitrary file, accessing the file through the hard link, and deleting the hard link. File access would not be logged, and past logs would be compromised. Although this is only tangential to namespace security in programming, I find it quite reassuring Mr. Huntsman is taking the initiative to push forward computer science and information technology security. Hopefully, the ideas presented by Crush will be widely adopted by commonplace languages such as Perl and Logo in years to come.

Re:Namespace security is imperative

I didn't read the article... It appears that BRiX's namespaces delve deeper than traditionally as in C++ or Java

May I ask, did you just pull that from your arse good sir?

the ideas presented by Crush will be widely adopted by commonplace languages such as Perl and Logo

Oh I see, your just a horrible attempt at a troll

not even a good one, sorry

(aol voice) Good Bye.

Re:Namespace security is imperative

My apologies, to my profession as a junior high school computer teacher, Logo is a common language.

We might as well teach the next generation good programming practices or be faced with another wave of insecure products such as those from Microsoft.

Re:Namespace security is imperative

"malicious programmer"?

WTF does security has to do with namespaces?

This is just braindead. I refuse to discuss this any more. Sorry. Call me a troll, but this sucks.

Re:Namespace security is imperative

lies, lies, lies

> A particular nasty example of this was recently reported on BugTraq, where filesystem access logs could be circumvented by creating a hard link to an arbitrary file, accessing the file through the hard link, and deleting the hard link

WTF does this has to do with namespaces?????????

A library provides a call to create a hard link. Ok. I understand that. It's part of the library according to posix. This is what the library was supposed to do.

WTF? If they didn't want to provide create_hard_link() public, they might as well did not. WTF?

This is getting tedious. I'm really tired. I come here to read "news for nerds" and I end up thinking who to correct the horrible misinformation that people pull outof their arse. SHUT UP! WTF? This site is getting paranoid or is it just me?

God help us Rob.

Re:Namespace security is imperative

You gotta be careful in this place. The police of Paris has pass-par-toutes that open all the doors of the daedalean and unbelievably complex subsewer system underneath the city.

Re:Namespace security is imperative

For all the answers find room 112. This is where it all started.

Re:Namespace security is imperative

Thanks. Here are $0.25 cents.

Re:Namespace security is imperative

To be honest MS's biggest security problem is they offer anyone with a 4pt and a decent SAT score from one of the top 20 CS school in the nation a internship/job with real responsibilities as a Jr coder (except you won't start as Jr if you have a 4pt).

Both me and my good friend have goten offers to be a core developer for thier next flight sim, we are currently *sophmores* in college, and they expect us to make real decisions about the program, thats not a sound way to end up with good security. To be quite honest I told the headhunter I refuse to work for doomed software (if they were going to give me a higher ranking position, I cant imagine what my jr coders would have been..). Perhaps if they started hiring more solid workers instead of exploiting the latest fresh out of college crew they would improve thier security model overnight.

Re:Namespace security is imperative

He didn't mean `namespace,' he meant `namespace paradigm.' In that context, his comment makes more sense. Think before you bitch... please.

Already done

This is the future of computing, but is already done: http://www.squeak.org

Re:Already done

Hopefully, the UI is not as garish and baroque as Squeak.

Slasdotted

[AdamInParadise]

Use the SourceForge page instead http://brix-os.sourceforge.net/

Wouldn't microsoft say that's what Windows is?

[ColGraff]

They always claim IE and other applications are tightly integrated into the OS. Heck, you could argue any OS which ships as anything more than a kernal is a "combination of operating system and applications all-in-one".

That said, someone please tell me if I'm wrong, and how.

Re:Wouldn't microsoft say that's what Windows is?

[dj28]

Because Slashdot doesn't like Microsoft, and they'll be damned if they let pesky facts get in the way of their bash-fest.

With that said, I think the difference with the slashdotters is the open source aspect of the OS. Since Windows isn't opensource, they aren't allowed to do the same thing that open source OSes do, like embedding applications/languages. One could also use the arguement that Microsoft is a monopoly and monopolies aren't allowed to "abuse" their status. Although, since open source operationg systems do the exact same thing, I don't quite understand what all the fuss is about.

Anyways, don't ask an interesting question like that. In the end, you'll get modded down and then flamed by the enraged linux zealots that try to dismember the interesting parallel you just made.

Re:Wouldn't microsoft say that's what Windows is?

[benwb]

There's a lot of knee jerk reaction that goes along those lines, but there are some very good reasons for it. There can be some really stellar advantages to integrating applications into the os (Look how fast word and ie open, vs say staroffice and mozilla on the same machine) The problem is that when microsoft does it it's impossible to swap out the application and replace it with something else. There's no real reason that someone if supplied with the right amount of documentation couldn't completely replace the Microsoft HTML rendering components with gecko. Practically it's impossible, because the only way to achieve that level of integration is with access to the source. (I guess if you had really, really good documentation you could do it too)

Re:Wouldn't microsoft say that's what Windows is?

You're wrong. And how!

Re:Wouldn't microsoft say that's what Windows is?

Your Logic is flawed for the following reasons:

1) While as linux distributions consist of a variety of seperate peices of software, modern Windows consists of a variety of software tied together of which the integration cannot be reversed, that software being far more than what is considered to be an operating system (I.E. Media Centre etc)

2) Linux distributions are sold as a collection of software, Windows is sold as an operating system, if windows was sold as a collection of software maybe like "Microsoft Windows Collection 2002", it would not be as misleading. "Microsoft Windows Operating system" on its own suggests a Windowing based operating environment, nothing more.

Of course none of it really would be a problem if Microsoft didn't already have a Monopoly on Desktop operating systems...

Re:Wouldn't microsoft say that's what Windows is?

[rapidweather]

As many do, I run a Windows partition or two on the same machine that I have a couple of Linux distributions. So, I have Windows 98, 3.11, Redhat 7.1 and Mandrake 8.0. The box has a 200 mhz processor, and 128 mb ram. I have a hard time, just running the various modern os's (ex 3.11) determining the difference between the speed of them. For instance, Opera and Mozilla run about the same on Mandrake 8.0 as it does on Windows 98. However, I have an old PS/1 with an Evergreen 586, and 32 mb ram, and tests between Windows 98 and Redhat 6.1 proved Windows to be faster, much faster. (Redhat 7.1 won't install on the non-pentium motherboard). I mainly prefer Redhat 7.1 to maintain web pages, but that is a toss up between Mandrake and Redhat. Programs I use to create and maintain the web site are gnotepad and gftp, gimp, also Opera. Redhat installs with more control, Mandrake installs what it wants to, and I find that undesirable.

Re:Wouldn't microsoft say that's what Windows is?

[Hast]

Yes they could, and they do. But for most definitions of "Operating System" it's incorrect.

Usually OS is used to refer to the kernel and central libraries. The OS takes care of the low level stuff and adds hooks so you can run programs.

IE is not part of the OS for Win32 any more than eg Windows Media Payer. "Explorer" however is, this is easily witnessed when your file browser crashes and takes the GUI with it. ;-)

BTW the system in the article does in fact tightly integrate things. It seems like most of the kernel is in fact in the libraries. Also the language handle a lot of kernel/OS stuff at compile time. (Like memory management.)

Other examples of OS which tightly integrate applications and OS are "exo-kernels". These basically tack a small kernel onto an application and let them run as one. (But it's not as useful for multitasking.)

The HURD is also an example of an OS which makes the distinction between OS and user application less obvious.

Basically, claiming that IE is tightly integrated into Win32 only makes sense if you define OS as "The stuff you get when you buy the box". This is not the definition most by people "In the know".

Re:Wouldn't microsoft say that's what Windows is?

[King+of+the+World]

Look, it's quite simple, and abstract, and you obviously don't understand monopoly law or the basics of the Microsoft Antitrust case.

When you are a monopoly you gain certain abilities that The Law says you can't use. You wouldn't have these abilities if you had to compete in the market. A monopoly has to pretend as if it still has competition, even though it doesn't. If you get nothing else out of my post get that it's about forcing the public's concepts of a free market onto a market that is no longer a free market.

A hungry young company wouldn't be able to tie all its products together and then raise prices 80% . People would go elsewhere. A monpoly can, so a monopoly can't do that.

Now the American justice system has done an awful job of protecting the market from Microsoft. Ignore open source for the moment and consider the bloated boring industry that computers have become. Whatever microsoft brings out becomes semi-popular through interia, not innovation (and I hear microsoft say that a lot, but I don't think they know what it means - what microsoft have going for them is inertia).

and it's a popular opinion

Isnt' that what people said when linux was in dev?

[BoomerSooner]

Just a thought.

Realistically if you think it's not necessary don't use it.

For example you might think, `Hmmmm.... why would anyone want more than Swank and Penthouse, I mean come on Big Mamas on Roids is too much`, however the big mamas mag may be just what you were looking for (theoretically only).

zerg

[Lord+Omlette]

How long until we get Crush.NET? ::runs::

Re:zerg

[Daath]

How fast can you code? ;)

Re:zerg

[smaug195]

I can already see the commercials.
Crush.NET
Code to CRUSH

yikes

[r00tarded]

im not sure about those metaphors. i wouldnt like my language to crush my brix!

The Antiportable language

[xee]

Because what kind of loser would want to write software that can run on any operating system? And what idiot end user would want an OS that could run software written in any language?

Platform independence is overrated anyway. Proprietary is the way to go!!!

Re:The Antiportable language

[kasperd]

I don't understand why that posting got rated Troll, except from the slightly offensive language it is a very insightful comment.

By placing the security model in the language rather than the OS design you will get some disadvantages. You will either have to limit yourself to applications written in this single language or loose the security. Of course some kinds of frontends can get other languages compiled into something running on the system. But this is likely to give you some penalty in performance and perhaps other areas as well.

The language is probably usable on other OSes as well, if anybody care to write the necessary compiler and libraries. But you might not get the full benefits from the language.

However the main idea isn't new. Some people seriously believe JavaOS has a future. Generally you get a uniform security model all the way from OS core through library layers all the way up to the applications. You get runtime typechecking, boundary checking, and garbage collection. You prevent half of the possible security problems. And people believe that good JIT compilers can be faster than compiled C code in some areas where runtime code analysis can be used to do optimizations not possible at compile time.

Re:The Antiportable language

[xee]

I thought it'd get a +1, Funny if anything at all. I think the moderator who gave it a -1, Troll didn't know enough about OSes and Languages to get my joke. Oh well. And I appologize if the language offended you or anyone else. I hoped my choice words [sic] would be a dead givaway that i meant it jovially.

Re:The Antiportable language

> Platform independence is overrated anyway. Proprietary is the way to go!!!

I must admit that my first thought was "How is this different from integrating a Browser and an OS together?" Then I saw the word Linux and realised that in this case it must be a cool and acceptable thing to do.

Is there a word similar to Racist which means "Discriminates based on OS?"

Re:The Antiportable language

PS: I was fully aware of the sarcasm in the original post (before anyone comments)... I support there view fully. Unfortunately!

Re:The Antiportable language

[kasperd]

The moderation of the comment has changed, now it got:
Moderation Totals: Troll=1, Insightful=1, Funny=1, Overrated=1, Underrated=1, Total=5.

And BTW I didn't get offended, it takes more to offend me.

Probably have good fonts before Linux will

Linux will still be arguing and this OS will have livable fonts too.

So much for linux!

Sounds like the same mistakes as lisp...

[Ungrounded+Lightning]

The Operating System is called BRiX, and it uses a language called Crush, which is woven tightly into the core of the OS.

And thus is the same class of mistake as were made in lisp, mad, smalltalk, fortran, forth, and a number of others made once more.

Integrating the language and the OS kills portability, robustness, and security. Integrating the development enviornment with the software under development risks breaking the environment as you develop your target application and sucking the whole environment, bugs and all, into the target.

The languages I named had one or both of those problems. Sometimes it was useful, or "elegant". But always it was an albatross around the neck. I don't know if this new pair has the environment/target confusion. But the anonymous poster brags about combining the OS and language. So (if he's not just mischaracterizing an interpreter/P-code compiler) it certainly has that problem.

The key to successful programming is isolation. Single-mindedly chopping the problem into tiny pieces and walling them off from each other, then putting a few tiny holes in their individual prisons to let in and out ONLY the things they need to know and manipulate.

"Modularity". "Data Hiding". "Strong type-checking". "Interface Abstraction". The list of buzzwords is long. But the battle is constant. The number of interactions goes up with the FACTORIAL of the number of pieces interacting, while a programmer can only keep track of about six things at a time. The more connected the compiler, OS, and target program, the bigger the ball of hair a programmer has to unsnarl to get the program working. One of the things that was key to the success of the C language was the isolation of the runtime environment behind the subroutine interface.

Let us hope it's the characterization, and not the implementation, which has the problem.

Re:Sounds like the same mistakes as lisp...

[Fizzol]

>he Operating System is called BRiX, and it uses a language called Crush, which is woven tightly into the core of the OS. Hmmm . . . That's exactly what I had back in 1980 with Radio Shack Color Basic.

Re:Sounds like the same mistakes as lisp...

I beg to differ. Personally, I have zero experience with Lisp but in my limited intercourse with Squeak, I was not only shocked at Schemes apparent elegance, but misconstrued by its promisciousity. How does one expect to get anything done when upon every reboot, eth0 loudly and wantonly proclaims it is in heat and needs Squeaky cheesecurds badly? Anyways who cares, I just suppose its best to return to Wisconsin where cheese makers and fudge packers are real cheese makers and fudge packers, instead of here in California where Kraft Foods markets its own cheese food alongside EasyMac in the Post foods aisle. Is that why they call duck butter a duckbutter workalike? Accept no imitations.

Oh sorry, I almost lost my train of thought. As I was saying, I completely agree with your thoughts and opinions on tight-woven spandex on Natalie Portman. Glad we settled our differences.

Re:Sounds like the same mistakes as lisp...

Integrating the language and the OS kills portability, robustness, and security. Integrating the development enviornment with the software under development risks breaking the environment as you develop your target application and sucking the whole environment, bugs and all, into the target.

The languages I named had one or both of those problems.

How has lisp done either of these? In support of your assertion, please don't make the beginner's mistake of confusing a lisp distro with ansi lisp. (E.g., don't just say harlequin sucks, and that's proof of lisp's failure.)

I'm curious how, in that swirl of rhetoric, you've come to such a confused understanding of these languages.

Ah, I see. You closing comments praising C. I see where you are coming from now....

Re:Sounds like the same mistakes as lisp...

[Papineau]

May I ask you how FORTRAN is a) integrated with it's OS (whatever that really means in the case of FORTRAN), or b) integrating the development environment with the software under development?

Re:Sounds like the same mistakes as lisp...

Hey, and your TRS-80 was strongly-typed, too, wasn't it? Can't mix string variables and numeric variables!

Re:Sounds like the same mistakes as lisp...

[mypalmike]

Recall that car and cdr are the names of hardware registers of the first lisp machines...

Re:Sounds like the same mistakes as lisp...

And thus is the same class of mistake as were made in lisp, mad, smalltalk, fortran, forth, and a number of others made once more.

I don't know about mad, but none of those others "made that mistake." Forth lends itself to being used as an OS (or a bootloader) due to incredible speed and compactness. I've never used a system where Lisp was the OS. I don't even know how you got fortran into there, but I've only been programming since '79, so I probably missed something. Smalltalk started off as an OS/programming environment but hasn't been that for years.

You'll have to clarify yourself to make me think you have a point, 'cuz I've been using nearly all of those languages (except fortran) for a pretty long time now on a wad of OSes for decidedly non-system tasks.

Dave

Re:Sounds like the same mistakes as lisp...

[Ian+Bicking]

Integrating the language and the OS kills portability, robustness, and security.

I think you need to do more to explain this particular argument. First, what kind of portability? I.e., portability with respect to what? CPU, programming language, programming paradigms, spoken language...? Really, I don't see any portability issue except with respect to programming language.

And why security? There's been a lot of work, and only moderate success, in creating secure computing environments. Java seems to do alright, but its security model also often cripples the program -- and it also introduces an environment that subsumes the OS... in the end, we have what is a sort of OS ontop of a OS in Java (ditto Smalltalk, and now dot-NET).

Robustness... well, I don't know. The cooperative multitasking that Smalltalk used was mostly for performance reasons. I imagine a number of other systems made similar compromises. I don't know to what degree that's a result of the language-OS tie... except that the tie seems to be made most often in situations where the original programmers have great faith in themselves and their mindfulness, which is not necessarily an appropriate faith when the system gets used by others. C also has very serious problems with robustness -- but because that language is so bad, an OS tries to make up for it by placing limits on the process. This only goes so far... sure, you can't ruin someone else's memory space, but you can introduce security holes, suck up unnecessary resources, etc. And when hardware doesn't have safe interfaces (e.g., through X), it's not that difficult to bring parts of the machine down.

Re:Sounds like the same mistakes as lisp...

[Sunnan]

". . That's exactly what I had back in 1980 with Radio Shack Color Basic." ...and the bad part is...?

Re:Sounds like the same mistakes as lisp...

[Tony-A]

FORTRAN, at least on early IBM OS/360 didn't like the IO in the OS and did their own thing. Didn't exactly help matters.

Re:Sounds like the same mistakes as lisp...

[voodoo1man]

"Integrating the language and the OS kills portability, robustness, and security."

Care to give any specific examples as to how it does so with Lisp, Smalltalk or Forth?

Exactly whose portability does the integration kill - the language's or the OS's? If the language needs OS functionality, then you need to write some form of a VM for it to run on other platforms anyway (as is the case with most Common Lisp and Smalltalk-80 implementations.) If you want to run foreign languages on the OS, you'll have to write a VM subset for them.

If the language provides adequate security concepts, and the underlying OS/VM is reliable, then the OS+programming language approach actually increases security.

Tell me, how would you go around circumventing lexical closures on a Lisp machine if you couldn't run microcode? Or generally, reference memory directly in any GCed/memory managed environment? The only things that kill security in open, multiuser systems are poor implementations (either of the OS, language, or user program) and manual memory management - something that C applications suffer plenty from, and BRiX (reputedly) and the languages you mentioned tend for the most part to avoid.

BRiX doesn't claim to be an integrated application development/delivery environment, and your statement doesn't make sense for Lisp and Smalltalk, on current architectures. Every Lisp and Smalltalk application has to be integrated with an "environment" on today's hardware - all memory managed, dynamically typed systems do! It doesn't matter whether it's at the OS or the VM level. As for broken VM implementations, the negative effect would be equivalent to a broken OS running a C program - except in the VM's case (if it's running on an OS with adequate protection), the damage is localized to its own memory space, instead of the entire machine.

I don't see how the abstraction you speak of can't be implemented in the languages you mentioned or BRiX. By most of the code I've seen, Lisp and Smalltalk are more modularized than C, because the languages encourage that type of abstraction. If they are run in a bug-free environment, there is no safety difference from bug-free C code.

Your claim of a compiler/OS/target program "hair ball" is complete BS, on the other hand. Maybe if the particular combination is very poorly implemented, but I've yet to run across such a thing. Lisp and Smalltalk have been designed and have evolved around the principle of abstracting the environment details from the application programmer. All the CL and Scheme "VMs" I've worked with provide a level of architecture, OS, compiler and environment (EMACS is king) abstraction that C programmers can only dream about.

Maybe you should at try the languages you're criticizing before doing so; you might be surprised.

The BRiX system, if properly implemented, can be a very safe, robust environment. Since Crush avoids automatic memory management, it should also be pretty fast. The database-file system also sounds like a neat idea.

I don't particularly like the fact that it can't run other languages natively, but keeping C compatibility would kill most of the system's goals and improvements.

Re:Sounds like the same mistakes as lisp...

[jbolden]

I don't agree with the original poster's point about integration of OSes and languages; but back in the early-mid 1970's there were quite a lot of machines that implemented LISP in hardware. RMS was a huge fan of this design and (AFAIK) still prefers it to Unix.

Forth BTW also had hardware implementations around the same time as LISP.

Re:Sounds like the same mistakes as lisp...

[sg_oneill]

Yeah? But unlike brix The Radio Shack didn't have a brightness knob embedded in it's web page. Only in the monitor. ;)

Re:Sounds like the same mistakes as lisp...

[Lisias]

Integrating the language and the OS kills portability, robustness, and security.

You can't be more wrong.

There's no relation between Integreation and the issues you enumerated. What kills portability, robustness and security is bad design.

I think there's no integration between C/C++ and Windows, and I don't see portability, robustness and security here neither.

As a example, I want to mention Oberon.

Portability? You got it. All you need to recode is the compiler code generator and some system especific modules. All the rest is automatic.

Robustnes??? Almost the same from Ada or Modula-3 (but I think the language is a little minimalist).

Security? ZERO. Oberon was conceived to be used on a Single, trusted, User enviroment, there's no protections between processes. This is a flaw on DESIGN, the language integration plays no role on this.

Re:Sounds like the same mistakes as lisp...

[Lisias]

Yap. And all that firmware was written in BASIC too... 8-)

Jokes apart, I agree with you. It's old ideas being reimplemented in new ways.

Not a bad thing anyway.

Re:Sounds like the same mistakes as lisp...

[Blackheart2]

Integrating the language and the OS kills portability, robustness, and security.

If the language is well designed, it will have just the opposite effect. A good language can enforce program portability by abstracting away from low-level architectural details; it can increase robustness and security by statically detecting and rejecting programs that may crash or clobber each other's stores. OS performance can be expected to improve as well, since the OS need not dynamically check for (trap) such error conditions, so figures like context-switch frequency will plummet.

All the languages you mentioned (except Fortran, which afaik was never integrated with an OS, and mad, which I've never heard of) are dynamically typed languages which perform only trivial static analyses, so there is not much advantage in integrating them with the OS.

Unsafe languages like C can still be run on such an OS simply by executing them in a runtime environment which performs exactly the sort of trapping and fault-checking that a conventional OS does. Certainly their programs would run slower than those of the native language, which, by design, require less monitoring by the system, but there is no reason to expect they would run any slower than they would on a conventional OS.

Re:Sounds like the same mistakes as lisp...

[Ungrounded+Lightning]

May I ask you how FORTRAN is a) integrated with it's OS (whatever that really means in the case of FORTRAN), or b) integrating the development environment with the software under development?

Actually, Fortran's version of the problem is too-close integration with hardware features of the 70x/70xx instruction set. The three-way branch is a prime example. The restrictions on arithmetic in subscripts and iteration variables (corresponding to the index-register operations) through at least Fortran II is another. Fortran managed to abstract this away and carry on after the life of the platform. But it did this largely on the legacy of its codebase, accumulated since the time it was the first (and thus the only) compiler-level language. Fortran started to show its age during the "structured programming" flap of the late '60s and early '70s, (though standards orginizations were still kicking it around into the '90s.)

Interestingly, Lisp's CAR and CDR are also a legacy of that instruction set. There were about a dozen index register instructions that contained two address-sized fields, along with convenient instructions for modifying just those fields while operating on the instruction as a data element. Lisp used these "address" and "decrement" fields (the A and D of CAR and CDR) and their manipulation instructions as a convenient way to build compact data structures. But the two-pointer abstraction was sufficiently removed from its implementation that it wasn't a barrier to portability.

That same instruction set dependence was what killed MAD. The Fortran calling convention was to use a TSX (Transfer and Set Index) instruction to jump and save the return address in an index register, followed by a NOP for each argument with the argument's address in the NOP's address field. Return was to the first NOP. MAD substituted one of the index-register operations for the NOP (several of them became two-address NOPs if no index register was selected). The argument's address was in the address field as usual, but the decrement field was often used also - pointing to the "dope vector" describing the geometry of matricies, the other end of a "block argument" (a through b, expressed as "a...b") and so on. So MAD could take advantage of the copious Fortran libraries as well as its own native code, while Fortran could call MAD subroutines that didn't use the extensions in the argument-passing convention.

But when IBM end-of-lifed the 70x and replaced it with the 360, the new Fortran calling convention didn't have a convenient slot for a hidden second address. And the second address was necessary for several of MAD's key features.

Meanwhile IBM's TSS time-sharing system project had hit a snag, and the University of Michigan was committed to supporting its own MTS - a grad-student's hack that had grown into the Computing Center's core infrastructure while they were waiting. The Comp Center's budget wasn't up to supporting MTS AND porting MAD AND porting and supporting a native equivalent of the whole Fortran subroutine legacy - while still supporting Fortran so the engineering students could find work. So MAD was allowed to die.

Re:Sounds like the same mistakes as lisp...

[Papineau]

Thanks for the info! My involvement with FORTRAN is too young (only a few years ago, while maintaining some code on a Windows platform) to know all those details.

Re:Sounds like the same mistakes as lisp...

And? They just mean "first" and "rest" of a list (actually, first and last of a cons), they linked to any implementation technique, other than building up trees and lists from conses. All of which are rather abstract concepts.

The real reason car and cdr are kept around is so that people can write "(cadar ...)" and "(cdaadr ...)" and so on as shorthand for "the first of the rest of the first of ..." and " the rest of the first of the first of the rest of ... " and so on - very useful for dealing with complicated tree structures encountered in AI research.

Re:Sounds like the same mistakes as lisp...

[Ungrounded+Lightning]

Integrating the language and the OS kills portability, robustness, and security. Integrating the development enviornment with the software under development risks breaking the environment as you develop your target application and sucking the whole environment, bugs and all, into the target.

How has lisp done either of these?

Lisp integrates the application with the development environment.

Re:Sounds like the same mistakes as lisp...

[Ungrounded+Lightning]

Integrating the language and the OS kills portability, robustness, and security.

If the language is well designed, it will have just the opposite effect. A good language can enforce program portability by abstracting away from low-level architectural details; it can increase robustness and security by statically detecting and rejecting programs that may crash or clobber each other's stores. OS performance can be expected to improve as well, since the OS need not dynamically check for (trap) such error conditions, so figures like context-switch frequency will plummet. [etc.]

Hear hear. Such a language/OS integration can indeed have the advantages you describe, and I'm all for it if/when it arrives.

It's just that I've never seen it successfully executed.

By the way: I notice your examples don't address the issue of porting FROM the integrated language/OS TO another platform - say the same language running on a foreign platform and thus WITHOUT the OS integration.

You also don't address integration with legacy code - in other languages or binary-only - within a single application. (See my story about the death of MAD near the end of this posting.) Looks to me like using foreign-language inclusions would require turning on the protection even for the compiler-vetted object code and thus sacrificing much of the advantage.

Re:Sounds like the same mistakes as lisp...

[Blackheart2]

I notice your examples don't address the issue of porting FROM the integrated language/OS TO another platform - say the same language running on a foreign platform and thus WITHOUT the OS integration.

If the language ensures that programs are safe, then it doesn't hurt to run them on an OS which performs redundant dynamic checks. They will run a bit slower, of course, but no slower than programs of an unsafe language.

In my view, OS integration with a language should not restrict portability of programs; it should only take advantage of the guarantees provided by language compiler.

You also don't address integration with legacy code - in other languages or binary-only - within a single application. (See my story about the death of MAD near the end of this posting.)

Yes, I agree this is a hairy issue.

Looks to me like using foreign-language inclusions would require turning on the protection even for the compiler-vetted object code and thus sacrificing much of the advantage.

One can imagine the compiler marking calls to unsafe procedures which enable an OS mode which performs dynamic checks for the duration of the procedure call, but that is only a partial solution since it doesn't address many subtler issues such as the integrity of data passed between safe and unsafe portions of the code. To be honest, I doubt there is a good solution.

But, I think it is worth rewriting some legacy code in better languages:

• When you do so, you are not just translating or reinventing the wheel, because you are writing what amounts to a constructive proof that the program fulfills certain desirable properties, such as safety from crashes. For the original program there are no such guarantees.
• Of course, better languages should also reduce the time needed to write code, so it is less of a burden the second time around.
• Better languages have better facilities for abstraction, so you can expect the new code to be more modular and more reusable.
• As I pointed out, the code will run faster on our hypothetical OS.
• Finally, the trend these days is away from monolithic applications and towards components, so the need for statically linking unsafe code with safe code is decreasing.

Re:Sounds like the same mistakes as lisp...

[srussell]

Care to give any specific examples as to how it does so with Lisp, Smalltalk or Forth?

I can't speak for Smalltalk or Forth, but Lisp (the original poster's example) -- which dates back to about 1975 -- was tied heavily to ITS on the PDP-10, which was "killed" by Unix. Unix was much more portable than ITS. While C didn't kill Lisp, it took most of the wind out of its sails, despite being less elegant -- Lisp is unarguably a second-class citizen in the modern computing world. C was also designed for portability.

So, I can see the correlation the original poster was making between Crush and Lisp.

I have a feeling that Crush will be a limitation to BRiX. By limiting the programming languages for BRiX, Brand is de facto alienating a huge group of people who probably won't like Crush for whatever reason. It is going to be difficult enough to gain sufficient momentum without limiting your contributor domain.

Re:Sounds like the same mistakes as lisp...

[Sunnan]

Actually, Lisp dates back to the fifties.

What !? No befunge support?

[malraid]

Ok...

The idea seems very interesting, although I would say that for the project to have any appeal outside of academic or research circles, it would need to based around something MUCH more popular than ADA, FORTH or LISP. Sure...ADA is good...well at least better than a $1,500 US NAVY hammer. Many he is paving the way to something like an OS built directly over C#? (Not C#.Net by the way) That might be a real leap forward.

Re:What !? No befunge support?

and Ada 95 is even better.

You can get a Ada 95 compiler for FREE!

www.adapower.com

Security

[morn]

Everything in BRiX runs in a single adderss space. It's stated that the (mandatory, for programming BRiX applications) Crush language enforces application address space encapsulation, so this doesn't matter from a security point of view, but what heppens when a third party writes something in straight assembly, or writes a compiler for another language, like C?

It seems to me that any applications written in assembly of using this hypothetical compiler would look like any other BRiX application to the user, but would have access to the address space of the whole system! Surely not a good thing.

Re:Security

The C compiler itself would be writen in crush, which would be similar to making a Intercal compiler in Intercal (I suffer from foot in mouth disease often).

Re:Security

[RGRistroph]

Why would the C compiler be written in crush ? No platform is an island, you don't have to write it in crush just to get it on there in the first place. It sounds like you are visualizing the Brix/crush as the only system out there, and think this restriction on address access can be permanently wired in so it replicates itself in every new version.

The world doesn't work that way. If the OS itself doesn't prevent applications from accessing any address, then someone will write the exploit by hand in assembly; if it's big, they will work on a Linux machine with gcc and put a new backend on gcc to produce code that will run on Brix. After all, if they were simply porting gcc then that's what they would do, until they had a gcc good enough to compile itself for Brix, and then move over to Brix for development and keep progressing.

Re:Security

[Kragg]

You're missing the much-stated (perhaps 5 times on 5 different pages) condition that code to be executed on a given machine has to be compiled on that machine.
Which will certainly lead to a hell of a long install for the office suite...

Re:Security

if i don't write code for brix
<larne> in this language
<larne> i can access the address space of any program?
<larne> and this isn't considered a problem?
<air> tell him that brix does not allow u to write code in another language
--> larne (ejb@ipng-uk-gw1-gif1-int.ipv6.hades.skumler.net) has joined #brix
<larne> air: so, it is not possible to run arbitrary binaries?
<air> larne: nope

Re:Security

But what if you can only execute stuff through crush? The whole point is that there is no assembly, no object files. Each program that is executed is compiled from bytecode (like JIT). There is no other compiler (for C). Eventually there is a parser that translates C into bytecode which is the compiled by the one and only.
The guy actually has a point.

Re:Security

[jimm]

The creator writes in What about hacking binaries? that "All code MUST be compiled on the user's machine, no binary distribution. If the user wants to hack herself then so be it."

Re:Security

[Carl+Drougge]

"Don't forget that in OS/400, the compiler is trusted." I don't remember where I read it, but the idea seems to have been done before. I don't remember anyone complaining about the lack of security on OS/400..

Re:Security

[John+Allsup]

The idea (neither new nor common) is that binary code cannot be executed in any way by the system until it has been verified to be safe for the system to execute. Effectively, user-writable areas of memory are partitioned from machine-execuable areas of memory, and only trusted bits of code can write data into the machine-executable area.

Re:Security

[scrytch]

> but what heppens when a third party writes something in straight assembly, or writes a compiler for another language, like C?

The compiler has to compile down to crush, which doesn't give you access to arbitrary address spaces. If you try to feed it straight machine code, you'll have no facility to load it. Still, I'm not too much a fan of the idea that with no address space protection whatsoever, tricking brix into branching into an arbitrary address space would cause it to execute with full permissions over the rest of the system. It seems that it's more ideal for running on either virtualized hardware (e.g. vmware), or in dedicated application spaces (embedded, consoles)

Eros on the other hand is also orthogonally persistent, but uses machine address space protection for its security on a per-object level. Despite this, it manages to be reasonably fast regardless.

Hmm...

[xagon7]

Bochs, Brix Crush.... Hulk code too!

Similarities to another architecture...

[jpmorgan]

I'm probably going to get moderated down for this, but I couldn't help but notice the similarities between Crush/BRiX and Microsoft's .NET framework.

Crush doesn't use protected memory to protect applications from each other, but instead relies on the language, Crush, to ensure programmatically that it is impossible for programs to interfere with each other. This is almost exactly the same as a .NET application domain (ASPX or IE would be a single application domain); there isn't any enforced seperation of processes or security features running in an application domain - the CLR instead formally proves that the applications running don't violate the security boundaries it's supposed to conform to.

I'm wondering if this is an idea whose time has come, particularly in the field of low-cost embedded development. Instead of including costly hardware and OS support to provide these features, you use software development tools to create software which renders them unnecessary. Or am I just smoking crack?

Re:Similarities to another architecture...

[AdamInParadise]

Why do you think Java is such a big hit in (future) consumer embedded devices ?

Re:Similarities to another architecture...

[glenebob]

"Instead of including costly hardware and OS support to provide these features"...

Said hardware won't be expensive for long. And the OS support for such things is well understood these days anyway, so it's not much of an issue.

That said, I find the idea of application domains somewhat interesting from a programmer's point of view, I just don't see it as a proper way to decrease software footprint.

Re:Similarities to another architecture...

[ashultz]

Smoking crack, man.

Just because the development tool you're using doesn't let you mess with the OS doesn't prove anything about the development tool some virus writer is using.

Re:Similarities to another architecture...

[jpmorgan]

Well, in this kind of situation the development tool is the OS, so the virus writer doesn't have much of a choice.

Re:Similarities to another architecture...

[AndWat]

No, you're not smoking crack. Its called Jbed, and its one of the best and biggest embeded system platforms out there.

http://www.esmertec.com

Unfortunately,its throroughly commercial. If I had a dream open-source project, it would be to get something like JBed working and put a decent GUI on top of it as a desktop platform (hahahaha - got a spare eon?). Then we might actually have a competitor for unix.

Re:Similarities to another architecture...

[fireboy1919]

Which ones are those? All the ones I keep seeing that are used a lot are more similar to handheld devices - they use a C or C++ compiler, and don't have something super-expensive (in terms of memory and still allowing real-time OS functionality) embedded into them like a JVM.

Wait...your argument doesn't even seem to follow from the previous post. What are you talking about?

Re:Similarities to another architecture...

You make a good point. Shit is tightly integrated into ones rectum, but it's still poo, no matter how well the scat is woven into the folds of the anus.

Re:Similarities to another architecture...

[aminorex]

Well, it will *always* cost more for a 32-bit chip
with MMU than for an 8-bit chip without. I mean,
we're talking about an order of magnitude increase
in wafer share per unit. Pin count likewise.
Once mask costs are amortized and economy of scale
kicks in, that translates pretty directly into
$$. Just slightly sublinearly.

Re:Similarities to another architecture...

You mean costly hardware as in Intel processors? MIPS doesn't have the costly hardware and it runs fine.

Lambda

[DrPascal]

Perusing the compiler source... "lambda."

Quoting one of the greatest movies of all time: "You keep using that word. I dunna think it means-ah what you think it means."

Re:Lambda

I donna think you know what the lambda calculus is.

Buzzwords

[Macrobat]

I agree with what you say, but I have to point out a couple of things about how you said it.

"Modularity". "Data Hiding". "Strong type-checking". "Interface Abstraction". The list of buzzwords is long.

"Buzzwords" has the connotation of empty talk, but the concepts behind these terms are very strong. In fact, you yourself argue for them in the preceding paragraph:

The key to successful programming is isolation. Single-mindedly chopping the problem into tiny pieces and walling them off from each other, then putting a few tiny holes in their individual prisons to let in and out ONLY the things they need to know and manipulate.

You've just succinctly described "modularity", "data hiding," and "interface abstraction." It appears as though you're trying to diss these concepts at the same time you're defending them.

Re:Buzzwords

[Tony-A]

"Buzzwords" has the connotation of empty talk, but the concepts behind these terms are very strong.
He's giving you an idea of how strong.
Take a large complex problem. Chop it up into isolated almost non-interacting pieces. Use the worst possible language for each piece. Watch it outperform and be more robust than any single language. Such is the power of the factorial.
I suspect he's right about factorial. Exponential is too much. Square or cube is too little.
You never get rid of all the bugs. Single bugs often can't even show themselves. But watch out for when the bugs get together and breed.

Re:Buzzwords

"Buzzwords" has the connotation of empty talk,

FWIW, "buzzword" has no such connotation to me, and I hope I'm not alone. Otherwise, we'd need to invent another word to denote a word commonly observed being used to propagate some concept (hence the "buzz".) If we assume that it implies vacuous propagation, we're left without a value-neutral token for that meme.

Re:Buzzwords

[Sunthalazar]

Just a little thing to point out:
Factorial is faster than exponential because it acts like exponential (each step introduces a new multiplication), but each time the base gets bigger.

For example:
2^5 = 2*2*2*2*2 = 32
while
5! = 5*4*3*2*1 = 120

The only time exponential is bigger is when the base is larger than the exponent
(100^99 > 99!, but 100^102 is probably less than 102!)

Re:Buzzwords

[shibboleth]

I suspect he's right about factorial.

Nope, I calculate it at n(n-1). Which is equal to n^2 - n.

If you have 8 interactors, and assume each can interact with the others (7), that's 7 interactions per interactor. 8 * 7 gives your total interactions. I.e., n(n-1) where n is the number of interactors.

Re:Buzzwords

[Tablizer]

(* "Buzzwords" has the connotation of empty talk, but the concepts behind these terms are very strong. *)

What do you mean by "strong"? Whether "strong typing" is "better" turns into long drawout debates. I have never seen a clear victory from either side. Strong typing and "dynamic typing" both have their pluses and minuses. I suggest you don't start such a battle here, for it will last forever and it reignites and rages every year on many newsgroups.

Re:Buzzwords

[jbolden]

The classic estimate is
n! ~ sqrt(2\pi n) * [(n/e)^n]

Re:Buzzwords

[Macrobat]

Yeah, I was thinking more about the modularity and data hiding than that one, though.

Re:Buzzwords

[aminorex]

You keep using that word. I do not think it means
what you think it means.

Being a topic of controversy would not make it a
buzzword, but a bone of contention. But static
vs dynamic or inferred vs explicit typing are not
particularly controversial, except in the minds of
persons habituated by the media to a worldview in
which all issues resolve in to false dichotomies
which represent equally valid viewpoints held
by mutually antipathetic parties. Attributing
controversy to these or related dichotomies is
akin to attributing controversy to wave-particle
duality. or the Ext domain wave equation vs the
MxP domain wave equation.

Re:Buzzwords

[Ungrounded+Lightning]

I suspect he's right about factorial.

Nope, I calculate it at n(n-1). Which is equal to n^2 - n.

Two-way interactions go with n(n-1)/2, order N squared.

N-way interactions go with N!.

(Either one is too big if you can avoid it. B-) )

Re:Buzzwords

[Ungrounded+Lightning]

Buzzwords" has the connotation of empty talk,

FWIW, "buzzword" has no such connotation to me, and I hope I'm not alone.

You called it. That's exactly how I meant it. There are many buzzwords, common terms-of-art, referring to differrent applications of the same basic principle.

Buzzwords CAN be used to snow the uninitated. But they became buzzwords because they were actually used for something important enough to talk about a lot in serious discussion. So behind every buzzword is a concept, sometimes a lump of bogus hype but much more often a key piece of understanding.

Re:Buzzwords

[shibboleth]

Gotchya, thx.

I believe this accounts for the factorial:

If you have N elements and want to count the number of possible interactions between them, then one can represent this as a binary number, where each digit represents the presence of an element. Then the # of interactions is 2^N (minus the N+1 cases where an element is alone or all are missing). Then, if each of these interactions can itself be considered to create a compound element able to interaction with other simple or compound elements, you a number on the order of N!.

Re:Buzzwords

[Tablizer]

But static vs dynamic or inferred vs explicit typing are not particularly controversial, except in the minds of persons habituated by the media to a worldview in which all issues resolve in to false dichotomies which represent equally valid viewpoints held by mutually antipathetic parties.

If it is a false dichotomy, then there must be examples of something that is *both* static typing and dynamic typing (or type-free, in the case of my pet language).

The arguments tend to boil down to static typing (ST) requiring "more code", and "more code means more things to go wrong", while fans of ST say it provides an extra layer of protection. The dynamic crowd also suggests that ST makes it harder to use modules/classes from diverse systems not raised on the same "type tree".

Re:Buzzwords

Common Lisp is well known to be both dynamically and statically typed - the usual development cycle is prototype without type declarations, then stick the type declarations in so the compiler can optimise.

Re:Buzzwords

[Tablizer]

(* Common Lisp is well known to be both dynamically and statically typed - the usual development cycle is prototype without type declarations, then stick the type declarations in so the compiler can optimise. *)

Not quite what I meant.

Anyhow, is the reason the typing is put in here for *speed* only? What about software engineering concerns? That is the usual issue: whether static typing improves software engineering (future-proofing) or hinders it.

Re:Buzzwords

I find static typing hinders it - making novel uses of old routines harder. My preferred model is strong dynamic typing, as Lisp, Javascript, etc. have demonstrated to good effect. (I HATE weak dynamic typing, like Perl 5.x)

Re:Buzzwords

[Tablizer]

(* I find static typing hinders it - making novel uses of old routines harder. My preferred model is.... *)

That is the thing: everybody has a different answer. It appears to be a subjective thing. But, some people insist that one approach is objectively better and want to force others to do the same. Let's go slap them all.

Re:Buzzwords

[castlan]

A previous post said
FWIW, "buzzword" has no such connotation {of empty talk} to me, and I hope I'm not alone. Otherwise, we'd need to invent another word to denote a word commonly observed being used to propagate some concept (hence the "buzz".) If we assume that it implies vacuous propagation, we're left without a value-neutral token for that meme.

It seems the value-neutral word has already been invented: "meme"

You called it. That's exactly how I meant it. There are many buzzwords, common terms-of-art, referring to differrent applications of the same basic principle.

I beleive the term you are looking for is "jargon" which is significantly different from a "buzzword" which is only negative depending on the perspective of the beholder. Many examples of jargon are concepts which might not seem strange to the lay person were it not for it's relatively esoteric context, just like many industries or arts have different words which describe the same principles when applied to their respective industries. Consider "cosmonaut" versus "astronaut" as the jargon which may have developed in different (instances of the same) industries.

Perhaps "Object-oriented" was once used as jargon, to convey a concept which might not seem so strange to the uninitiated were it not for the esoteric context. Somehow, the phrase leaked into a marketing department somewhere, and the concept became superfluous to the important discussion - so the word eventually mutated (I want to say devolvled) into it's current form. Now the term is a widely used adjective which one would be hard pressed to find a relevant definition for. The propogation of this particular hyphenate can be imagined as creating a buzzing sound instead of a resounding conceptual tone.

Buzzwords CAN be used to snow the uninitated. But they became buzzwords because they were actually used for something important enough to talk about a lot in serious discussion. So behind every buzzword is a concept, sometimes a lump of bogus hype but much more often a key piece of understanding.

You are likely right about the concept behind every buzzword. Therein lies the trouble; buzzwords have become detached from their originating concept, so that the concept becomes a vestige, a dead limb. The trouble with abstract ideas is that a word can never convey understanding, the understanding must come first. Jargon then becomes a reference word for the uninitiated, a tool of convenience to facilitate serious discussion. When the jargon precedes the understanding, it becomes a buzzword, a marketing tool, "snow" for the uninitiated.

hmm not much info

[johnjones]

not all that much written up anyway

he says that you translate c to crush if you want to

he says it has no kernel just a lib
(depends how you name things, a kernel is just a lib in the sense that after all you make calls to it )

but what he seems to be doing is a Virtual machine with bounds checking and such but it does not say what type of virtual machine

stack or register ?

overall I would have to see the code before I judge

to be quite honest I dont want to learn crush what I want is open source core java libs and virtual machine (but thats just my pet hate at the moment) this would mean a good set of proven techniques to be able to use in any project I like without haveing to go crawling to sun about it (java Micro edition would be great)

regards

John Jones

Re:hmm not much info

[aminorex]

gcj has substantially more functionality than JME.
You should check out gcc 3.2. It has the advantage
of being able to do ahead-of-time compilation.
While the optimizations have not matured to the
degree of the IBM JDK JIT, for example, they are
progressing in fits and starts.

Reminds me of the Tao of Programming

7.3

The Magician of the Ivory Tower brought his latest invention for the master programmer to examine. The magician wheeled a large black box into the master's office while the master waited in silence.

"This is an integrated, distributed, general-purpose workstation," began the magician, "ergonomically designed with a proprietary operating system, sixth generation languages, and multiple state of the art user interfaces. It took my assistants several hundred man years to construct. Is it not amazing?"

The master raised his eyebrows slightly. "It is indeed amazing," he said.

"Corporate Headquarters has commanded," continued the magician, "that everyone use this workstation as a platform for new programs. Do you agree to this?"

"Certainly," replied the master, "I will have it transported to the data center immediately!" And the magician returned to his tower, well pleased.

Several days later, a novice wandered into the office of the master programmer and said, "I cannot find the listing for my new program. Do you know where it might be?"

"Yes," replied the master, "the listings are stacked on the platform in the data center."

What goes around comes back again....

This approach has numerous predecessors,
not the least of which is Oberon, Lillith, Mesa, the Perq, and on back to the Burroughs B5500. Admittedly
the Burroughs machine had hardware segmentation support, but it had no notion of "privileged state" - the Algol compiler wouldn't produce code that could do "bad things". about a decade ago the hot topic in OS Research papers was all about how to use huge address spaces and the one-address-space model was resurrected again, with and without various hardware support for compartmentalization.

If you believe a compiler will never generate erroneous code, you'll sleep just fine with this model. On the other hand, if you've debugged a system compromise caused by a compiler bug, you might feel otherwise.

pleasant dreams

Mmmmm Tasty

[cca93014]

"Forth, LISP, and Ada"

Where do I sign up?

Language influences

[Sneakums]

The Crush language itself is heavily influenced by Forth, LISP, and Ada, and provides strong typing and extensive namespace security.

LISP has neither strong typing nor namespaces. Forth doesn't have much of anything, bar stacks. Do we really need an Ada clone?

Re:Language influences

LISP has neither strong typing nor namespaces. LISP has quite strong typing. It simply happens to be dynamically typed instead of statically typed.

Re:Language influences

> LISP has neither strong typing nor namespaces.

It has both. Lisp has been strongly typed forever, and Common Lisp's package system provides namespaces.

Re:Language influences

[jaoswald]

What do you mean by Lisp not having namespaces?

Common Lisp has several namespaces, including the containing of groups of "symbols" (names, crudely speaking) in "packages." The notation for this is

package-name::symbol-name

(C++ package notation looks suspicously similar. Hmmmmm.)

Scheme (which I don't call Lisp, but rather a dialect of Lisp) doesn't have standard packages, and combines the namespaces of variables and functions, which allows for notational elegance at the expense of limiting variable names.

Re:Language influences

[aminorex]

Lisp also has strong typing, if you choose.

Re:Language influences

Argh that's just plain wrong. Lisp is VERY strongly typed - you need to use conversion functions to switch between most non-numeric types, and you can't just decide a number is a cons cell, say. Lisp is dynamically, strongly typed. C is statically,weakly typed. (actually, common lisp can use static typing too, but it's mainly considered a compiler optimisation hint)

Common Lisp also has a package system, effectively namespaces.

Re:Language influences

[scrytch]

> LISP has neither strong typing nor namespaces.

I used to believe this too. Since it's hard to get actual examples of its use, here's the hyperspec.

http://www.franz.com/support/documentation/6.2/a ns icl/dictentr/type.htm

Take a look at the list of types elsewhere in the hyperspec, and C looks untyped by comparison (though I still prefer the ML family with its inferred types).

I'll admit though, the lineage of Crush doesn't exactly look terribly inspired...

Language Specific OS's , Bah

[EvilTwinSkippy]

Man, you have a few winning seasons with the [Li]|[U]nix and everybody thinks they can code a language/os hybrid.

Explaination of the punchline:
Unix and the C programming language were mutually developed for each other by Bell Labs.

Re:Language Specific OS's , Bah

[Higher+Authority]

So, you've tried it? Btw, you can highlight and delete [Li], since Linux has absolutely nothing to do with Unix and C being developed for each other.

This is very like a Symbolics Lisp Machine

[Animats]

We've seen this before, and it's called a Symbolics Lisp Machine, the ultimate programmer's toy of the early 1980s.

• "The Symbolics-Lisp system software constitutes a large-scale programming environment, with over a half-million lines of system code accessible to the user. Object-oriented programming techniques are used throughout the Symbolics-Lisp system to provide a reliable and extensible integrated environment without the usual division between an operating system and programming languages. All of the system software is written in Symbolics-Lisp."

There you see the basic concepts of Brix and Crush. Symbolics had that in 1984. One of the Symbolics people wrote a post-mortem,"The Lisp Machine: Noble Experiment or Fabulous Failure?", which explains what's wrong with this concept better than I could.

Re:This is very like a Symbolics Lisp Machine

The article you reference is quite interesting. The idea of tagged data is indeed a useful one; I doubt it would surprise anyone to know that all of the latest video cards do a sort of data tagging to determine where they should allocate vertex buffers, textures, etc., to optimize for rendering speed. That the idea of data tagging is used by CPUs is not unsurprising in the slightest, either; even the basic knowledge of whether an address it holds is a pointer or an actual value can be of great use to a caching system.

Personally, I think this OS sounds interesting. It would make an interesting toy for a budding computer programmer, if one had an old computer lying. But beyond the fun of figuring out and playing with yet another language..

Re:This is very like a Symbolics Lisp Machine

[jaoswald]

I have no personal experience with Lisp machines, but Lisp machines didn't have much in the way of protection or "sandbox" type security.

The beauty of the Lisp machine was that even the assembly language in the kernel was expressed in Lisp. There was no real separation between the lower-level services of the operating system and the upper-level programming facilities, and all of it was exposed transparently (and with introspection) to the programmer's tools. Another important feature was the integration of the VM with the garbage collection.

(As an aside, it was possible to program in Fortran, etc., on Lisp machines. But much nicer in Lisp).

The reason this is a mixed bag is that a programmer could basically redefine any part of the system he wanted. You could cause serious confusion by redefining the wrong thing. (A simple example, which might be inaccurate: setting the value of nil to be something other than nil (i.e. a value other than false) would cause all sorts of bizzareness, because almost every element of the system depends on the value of nil to test false.)

Lisp machines were virtually ideal (some would claim still unsurpassed) as developer workstations. Not so ideal for deployment as enterprise servers.

Re:This is very like a Symbolics Lisp Machine

[Animats]

• I have no personal experience with Lisp machines, but Lisp machines didn't have much in the way of protection or "sandbox" type security.

  I did use a Symbolics 3600, the personal computer the size of a refrigerator. Since it was a single-user development system, it didn't need much security. Symbolics never really got the concept that someday, the application might actually run in production.

• The beauty of the Lisp machine was that even the assembly language in the kernel was expressed in Lisp. There was no real separation between the lower-level services of the operating system and the upper-level programming facilities, and all of it was exposed transparently (and with introspection) to the programmer's tools.

  Yup. You could go into the OS with the debugger while running. In fact, you were always in the debugger. If anything went wrong, there you were in the debugger. Usually from within EMACS.

• Another important feature was the integration of the VM with the garbage collection.

  Well, no. Actually, the big problem with early Symbolics software was the lack of integration of the VM with the garbage collection. GC could take 45 minutes of disk thrashing. It was common to reboot rather than let GC run. Eventually, Symbolics fixed this, but it was too late by then.

• Lisp machines were virtually ideal (some would claim still unsurpassed) as developer workstations.

  Not really. They were more like a LISP hacker's wet dream than a useful tool. We got a lot more work done, even in LISP, on Sun workstations and VAXen. The Symbolics environment encouraged endless tweaking, not the writing of solid code.

Re:This is very like a Symbolics Lisp Machine

[AndWat]

There's another place we've seen it before - the original unix. Unix worked because of the tight integration between the operating system kernel, the C language, the development environment (the command line and shell scripts ), fileing structure, and the data format ( line delimeted text files ).

When all the parts of a system work together like this, is becomes easy to do stuff - there is no 'impedance mismatch'. That's how this whole *nix deal got started in the first place.

Of course, this is no longer really true of unix, which supports an unholy hodge-podge of tools, data formats etc etc. What makes unix worth spending time on these days is simply the incomparably vast weight of working code that is out there for it - so much that dealing with the vast steaming pile of bullsh*t that you have to do to get anything to work is still worth it.

The question is not whether unix is currently the best - perhaps the only - serious platform for development now, and that the open-source community needs to continue to work with it. The question is whether we need to give projects like BRiX some space, time and support on the sidelines, so that 5-10 years down the track - when unix is really starting to crack at the seams, and commercial products built on exactly these lines ( like JBed http://www.esmertec.com ) are shooting past it - we don't have to start all over again, 10 years off the pace like Linus did.

So don't knock this guy - even if he is hopelessly naive - he is on the right track. And don't knock integrated systems, because your favourite OS got to where it is precisely because it was one, once upon a time...

...and the same mistakes as C, too

[Pseudonym]

I hate to break this to you, but C is just as tightly woven into Unix, as anyone who has tried to implement a compiler for a higher-level language will tell you.

For example: Suppose your language wants to manage a stack differently than C does. Suppose, for example, you want to perform some optimisation where the stack pointer does not point to the true end of the stack (say, in a leaf call). Under Unix, too bad. You need to maintain a true C stack pointer otherwise signals won't be delivered properly.

Unix is just as much a C virtual machine as the Symbolics devices were Lisp virtual machines.

Re:...and the same mistakes as C, too

[aminorex]

I'm not buying this. I've used -fomit-frame-pointer
with signals and setjmp/longjmp more times than I've
gotten laid since I was married, and never seen a
blip. In fact, I've seen compilers for C (slightly
modified versions of C, but the modifications were
not relevant to this discussion) which used heap
allocations exclusively, but fully supported signals
and setjmp/longjmp (even call/cc!), so you're going
to have to explain your view in greater depth to
gain credibility against such apparent counter-evidence.

Re:...and the same mistakes as C, too

A simpler example: all system interfaces in unix are defined in C, in terms of C data types.

Lisp, SmallTalk, ML, Haskell...NO ONE CARES

Yes these languages are cool. Yes we can theorize about how the world would be a better place if everyone adopted them. But guess what, if programmers adopted the languages en masse, they'd find annoying issues that bothered them, and they'd be bitching about these issues the same way they bitch about C pointers or Java verbosity.

Its easy to say SmallTalk (or any of the other no-chance languages) will solve the world's problems when you know damn well it will never be put to the test.

Hey! My car would whoop your's in a quarter mile, but I don't drag 'er....lucky fer you!

Not lisp machines

[voodoo1man]

Car and cdr originate from the IBM 704 family of computers' address handling.

Crush example program?

I could not find any examples on his site or in the Crush download.

Crush/BriX - what a joke

The BRiX download has only the generated assembler files!!!!
He does not even have a single example of Crush source code.
I could not even find a Crush grammar.
You have to guess the syntax from looking at the compiler source code.
The 'portable' Crush compiler has hard coded generation of x86 nasm (assembler) files.

Nothing to see here. Please move along.

Re:Isnt' that what people said when linux was in d

Yes! This is what slashdot needs! I'm tired of car/computer analogies. We need more porn magazine metaphors! Yippee!

No! Look at AS/400

[Oestergaard]

AS/400 (with OS/400) runs all code in a virtual machine, and it relies on a number of compile-time checks (in combination with some run-time checks) to ensure reliable operation, like BRiX. There's no hardware support for memory protection needed, all in all it seems that the BRiX model is heavily inspired by AS/400.

The even cooler thing is, that since all 3rd party programs for AS/400 are distributed in byte-code (the only kind of code you can run on this system), to be run by the OS/400 virtual machine, the AS/400 product line has changed processors over time without needing any re-writes or even re-compilations of 3rd party products.

It seems that BRiX applications are machine-code - this kills off some of the coolness found in AS/400, unfortunately. It should get them some of the performance AS/400 cannot have, though.

Back in the good ol' days, AS/400 hardware did not have the support needed to perform memory access control in hardware - today they run on Power3 CPUs which has the support, but none of this matters for 3rd party products. All they do is run in the virtual machine, that's all they need to know.

However, porting apps from other OS'es is of course going to be a complete PITA. Not just porting to a completely different environment, but changing language at the same time. I guess that was what you meant when you said portability, and I completely agree there.

Anyway, just wanted to point out that there is at least one successful platform out there, built in a way similar to that of BRiX.

Re:No! Look at AS/400

[Nutello]

No hardware support for memory protection needed?!?

System/38-AS/400 have always relied on custom hardware to prevent pointers from being forged. This is done with a so-called tag bit, which is stored in memory along with error correction bits. OS/400 doesn't run on just any POWER or PowerPC chip, it requires one which supports the AS extensions to run in tags-active mode (you could say that it makes them 65bit CPUs). Such extensions are used to set/check the tag (a privileged operation) or to collect/restore the tags from/to a page all at once - to speed up things when swapping the page to or from disk.

Not the same thing

[Pseudonym]

The -fomit-frame-pointer merely converts frame-pointer-relative addressing into stack-pointer-relative addressing, thus saving a register. What I'm talking about is the kind of optimisation which stores live data above the stack pointer.

Consider, for example, the following code:

long foo(float p_y) { return (long)p_y; }

At -O8 -march=pentiumpro I get:

pushl %ebp
movl %esp,%ebp
subl $24,%esp
... stuff which uses %ebp ...
movl %ebp,%esp
popl %ebp
ret

Adding -fomit-frame-pointer I get:

subl $28,%esp
...stuff which uses %esp ...
addl $28,%esp
ret

It successfully eliminated %ebp, but did not eliminate the sub %esp/add %esp pair even though there are no calls in the intervening code. The reason for this is that if a signal is delivered to the current thread, it will happen by making a C call frame at the current %esp, so if there's live data above the top of the stack, it will be clobbered.

This may not seem too bad a price to pay, but many nonprocedural languages (mostly functional and logic languages) do not use a conventional "call stack" in the same way that C does, and so could use the built-in stack (or the built-in stack pointer) for other purposes. No such luck under Unix, because signal delivery is by C callback, so you need a valid C stack.

Re:Not the same thing

[be-fan]

That's more that the x86 has certain demands of the stack rather than C.

Re:Not the same thing

[Pseudonym]

How do you figure that?

Assuming you're running in a different protection ring than your interrupt handlers, and assuming you don't want to use explicit push and pop instructions, I can't think of any reason why %esp need be the barrier between live data and garbage.

I might be wrong. I probably am, in fact. (I haven't finished my first caffeine of the day, which is my standard excuse for these sorts of situations.) Still, I'm curious as to what these demands are.

Type system terminology

Actually, a type system can be both "strong" and "dynamic" at the same time.

• Strong typing means that it is not possible to write code which is not type safe. E.g. C does not have strong typing, since it is possible to say things like printf("%s", 5); and compile and run the code with undefined results.
• Dynamic typing means that type checking is done at run time. For example, lisp dialects such as Scheme have dynamic typing.
  
• Static typing means that type checking is done at compile time. C has static typing.
  

So, C has a weak static type system. Scheme has a strong dynamic type system. Java has a strong type system, which is partly static, partly dynamic (e.g. the compiler sees that 5 * "foo" has a type error, but typecasts can be checked only dynamically).

In my opinion, strong typing is never bad per se, except that it may result in slightly slower execution because for most languages strong typing means that some level of run-time check need to be done. The checks can be inserted automatically by the compiler, or the compiler may require the programmer to add them but nevertheless check need to be added somewhere.

I also believe that static typing is nothing but good. The compiler is most likely more complicated, but for the programmer static checking makes things a lot easier.

Re:Type system terminology

Well, then use Common Lisp: strong, dynamic typing, optional, but powerful, static typing.

Re:Type system terminology

[Ungrounded+Lightning]

Strong typing means that it is not possible to write code which is not type safe. E.g. C does not have strong typing, since it is possible to say things like printf("%s", 5); and compile and run the code with undefined results.

While K&R C didn't have strong typing, ANSI C does. (ANSI cloned it from C++.) It isn't strong enough to meet the strict definiton you gave because it's static (i.e. no run-time checking) and the language allows the author to violate type-safety - mainly by explicitly declaring he wishes to do so (with "void" and typecasts).

In my opinion, strong typing is never bad per se, except that it may result in slightly slower execution because for most languages strong typing means that some level of run-time check need to be done.

Actually compilers can do a good enough job of type-checking statically to catch the bulk of the problems.

The advantage of strong and/or static typing is that it lets the compiler assist you in finding errors. Some people claim that the reduced flexibility impeeds them. But I've found that I can generally express my desires without interference from the language (at least in C and C++), while the people running into trouble were generally not giving adequate attention to their interface definitions. The compiler was just warning them about their confusion or their failure to specify what they wanted to do.

Re:Type system terminology

[Tablizer]

(* Well, then use Common Lisp: strong, dynamic typing, optional, but powerful, static typing. *)

Kudos to languages that allow one to take either approach. VB was heading in this direction also (although in a kludgey kind of way), but MS seems to now be "de-scripting" it after doing the opposite to compete with Perl for a while.

Allowing both approaches means that you don't have to succumb to one person's programming philosophy. Until approach X is shown to be objectively better than Y, please don't shove X down my throat.

There are enough dictators in the world who think they know more than others (or know more about others) and deserve the right to shove their truth down other's throats.

Re:Type system terminology

ANSI C does not have strong typing. You can write code which crashes because of type errors.
That is, by definition, a weak type system.

Language proliferation

[Pendant]

I find it ironic that at a time when natural human languages are disappearing fast the number of programming languages and variants just continues to increase.

I dispair of constantly being obliged to re-learn how to do the same old things using the latest syntax.

Is the human race ever going to wake up to the fact that we could communicate far more effectively if there were only one computer programming language?

Re:Language proliferation

[aes12]

Perhaps we could all communicate better with each other, but the point of computer languages is to communicate with the computer. Perhaps I just need to look around more, but I have yet to find a language that is as fast as C, yet has all the fancy-schmancy features of more recently developed PLs.
I too am tired of relearning syntax, but I find that every time I do, I learn something new, and usually that more than makes up for the annoyance of relearning 'Hello World'.

Security nightmare

[Ranx]

From "About":

"As the core components of BRiX mature the bounds checks will be removed giving it back the speed it had lost."

Mature means "no bugs" here. When are you sure your software has no bugs? Practice says you never can.

So you trade a small speed decrease for a security nightmare.

Give me an OS with bounds checking. If I want a faster OS, I'll buy a new, faster CPU.

Modesty?

[ZigMonty]

From the faq:

What is the target audience?
Everyone. It is easier than MacOS or Windows and more powerful than Unix. Both games and network servers will run faster than on any other OS. It can also be used in embedded computers.

Wow, that's very humble of them. I'm very interested to see how this turns out, it has some interesting concepts, but I think this answer is a bit far fetched on almost all counts.

This is just MS-DOS for the 21st century

Plenty of others have commented on how this system
is badly flawed in the authors presumed assumption
that he can ever have a completely bug free compiler
and run time system and somehow prevent rogue
assembly code being used so that applications wont
intefere with each other.
However , I can see this becoming a niche product
for situations where only 1 app needs to run on the
machine and it needs as much CPU time as it can
get. Games for example. Other than that I don't
think Brix will stand a chance. Try persuading a
bank to run its overnight batch processing system
on an OS which might go belly up if some other
minor process goes wrong because of an unforseen
bug in the compiler. Good luck....

Female sexist language?

On the Brix page, everywhere you look it is "compiled for her" and "she can". There are absolutely no male or gender neutral pronouns or adjectives.

Does this mean that this OS/language is for women only? Or is this one of those incredibly stupid men that desperately wants women to think he isn't the sexist he is?

Whatever the reason, I won't be trying this OS as whether a man or a woman, the author comes across on the page as a clueless moron, and what's worse, a clueless moron that doesn't even realize he or she (whichever the author is) IS a moron.

Re:Female sexist language?

You get plenty of this positive discimination crap
these days. Its usually stuff written by puny
little wimps who desperaely want to be liked by
women by being oh so politically correct whereas
actually it just makes them look pathetic.

Watch things implode.

[shess]

heavily influenced by Forth,

Crush is dead on arrival.

LISP,

OK, Crush is dead before leaving.

and Ada

I'm surprised it hasn't imploded, creating a black hole to suck enthusiasts in.

[I dearly loved both forth and LISP (and Modula-2). They changed the way I program. Doesn't really make them successful languages, though.]

Re:Watch things implode.

So popularity is the gauge of success for a programming language? Hell, I guess we all better start programming in Visual Basic, none of these other languages are successful...

Re:Watch things implode.

If ADA causes things to implode, I wonder what that means for America's new Joint Strike fighter?

Re:Watch things implode.

Because there's so much more Visual BASIC than C.

What's the strategy then?

[TopherC]

I didn't see anything on the web page explaining what the author's goals for the language was. If it's going to be popular, it will need to allow for easy porting of existing software into BRiX.

I assume that it's more of a proof-of-principle kind of thing, meant to push the envelope of OS design but without any realistic hopes of being popular. But it's gone farther than a simple proof-of-principle would require. So, I'm curious what the strategy and goals of BRiX are.

My other complaint is that Brand's new "for dummies" text is not helpful, just arrogant.

A bit more Re:Buzzwords

[Ungrounded+Lightning]

... behind every buzzword is a concept, sometimes a lump of bogus hype but much more often a key piece of understanding.

And when a whole flock of buzzwords describe different useful techniques that are similar in style but different in form, the underlying concept, if you can discover it and apply it generally, is likely to be EXTREMELY important.

Brix security vs http://www.eros-os.org

I do not belive this OS play in the same league as a secure OS like EROS OS. Security is a complex issue.

http://brix-os.sourceforge.net/?p0=info - "* For Dummies: BRiX is more secure than anything you've used. And yes, it really is. "

Have a look at EROS for a real secure GPLed OS.
EROS URL: http://www.eros-os.org

US DOD - COMPUTER SECURITY REQUIREMENTS:
http://www.radium.ncsc.mil/tpep/lib rary/rainbow/CS C-STD-004-85.html
"Class A1: Verified Design.- The distinguishing feature of systems in this class is the analysis derived from formal design specification and verification techniques and the resulting high degree of assurance that the TCB is correctly implemented. This assurance is developmental in nature starting with a formal model of security policy and a formal top-level specification (FTLS) of the design."

Have a look at the verification proof for the EROS OS: http://www.eros-os.org/devel/00Devel.html

What about the "Object Store"?

[jordanlev]

All the discussion here seems to be focused on the underlying workings of the OS, memory spaces, and the Crush language.
But to me the coolest thing was the Object Store: "...All file information (metadata) is stored in a database file and accessed with a search engine..."
Whoah! How awesome is that?! Is this something that is implemented in any other OS's/File Browsers?
There is so much talk all the time of how the "desktop metaphor is outdated and we need something new, but...what?"
Well in my eyes, here is the ideal replacement for the files/folders/hierarchy/etc.
I work with a LOT of computer-illiterate people, and it is very hard for them to find files on the computer (especially with a few network drives also available to them). They usually don't remember where they saved the file to in the first place! But with a system like this, where files are not arranged in a hierarchy, but rather you query for them much like a database, they can just pull up files that have attributes relevant to what they remember about it.
I think this would be fantastic, and I wish I could figure out how to get this Brix-OS running so I could see the implememntation of this feature(!)

Re:What about the "Object Store"?

[cifey]

I don't know the details of the brix file browser, however I think it would be a good default to list all the files by the most recent usage.(ie the Documents tab in windows). You can do this with a search in most file browsers, but it brings up all the cookies and trash as well.

Crush/BRiX boxes

Imagine a Beowolf Cluster of THESE!!!

Re:first p0st

[butternutz]

right on next time try to ge the 3rd p0st that is harder....

Explorer == OS component

[oliverthered]

I don't think so,
the gui isn't tied to explorer .
Nost of explorers functionality comes from a library shell32.dll this could be considered in part an os component.

In a simila fassion a lot of IE is in wininet.dll is this part of the OS?

Re:Explorer == OS component

[Hast]

That's just my experience. If the file browser goes down it takes the task bar and all that with it. In WinXP this service is restarted after a short time, but it still goes down for a few seconds.

Naturally this doesn't have to mean that the file browser is a central part of the OS, but it sure as hell has some ties pretty far down the system. In any case the behaviour is inexusable.

Re:Explorer == OS component

[oliverthered]

That's because the task bar is explorer (they run in the same process).

If it was part of the OS you wouldn't be able to get the file-browser or task bar up again, and everything else would probably crash.

I normally take OS to be things that run at ring 0 + ring1
Applications (like explorer) run in ring 3.
(at least that's what i remember from my dos days!)
Quick guide to protected mode

Re:Explorer == OS component

[Hast]

Yeeeeeeees. I know that from my OS classes as well.

And you would say that having the GUI and a file browser running as the same task would be a good idea? Probably not. Anyways the only thing you need for it to not crash is to have a small program which makes sure that services (such as GUI) are running. If they are not they are restarted. These have been available as 3rd party stuff for older Win32 versions. I guess the problem was now recognised as a big one and the "feature" was included in the OS.

Nevertheless, a crashing file browser shouldn't bring down the GUI. That's just bad design. And it just shows that my point is made, the explorer is thightly integrated in the OS. (Which iexplorer isn't. Well, not /as/ integrated anyways.)