New Operating System Seeks To Replace Linux In the Cloud

New submitter urdak writes "At CloudOpen in New Orleans, KVM veterans Avi Kivity and Dor Laor revealed their latest venture, a new open-source (BSD license) operating system named OSv. OSv can run existing Linux programs and runtime environments such as a JVM, but unlike Linux, OSv was designed from the ground up to run efficiently on virtual machines. For example, OSv avoids the traditional (but slow) userspace-kernel isolation, as on the cloud VMs normally run a single application. OSv is also much smaller than Linux, and breaks away from tradition by being written in C++11 (the language choice is explained in in this post)."

Nah.

I'll take my server OS tried-and-tested, thanks.

Re:Nah.

And nothing has never been more tested (for holes) than Windows.

Re:Nah.

Looking for holes in windows is like looking for saltwater in the pacific ocean.

Re:Nah.

[Penguinisto]

I'll take my server OS tried-and-tested, thanks.

Even moreso - I prefer my server OSes to have that kernel/userspace separation. Sometimes that's the last line of defense against a fully-compromised system (see also, say, the typical crappily-coded PHP "application" that has the typical great big security hole (or four) in it...)

I get the drive for making the OS as thin as possible, but sometimes folks need to stop and think it through a little before they commit to doing it at all costs.

Re:Nah.

[pipatron]

I'm not so sure about this. If an important userspace application, or actually any application, has been hacked, I consider the machine tainted for all future. I'm not going to patch the holes up and keep running, because any file could have been modified and finding out which ones is just much more work than to fire up a new clean machine. If you're running a webserver and it's broken, you have in fact a fully compromised system since the only thing running on that virtual machine is the webserver.

I can see many reasons not to run this OS, but the kernel/userspace separation is not necessarily the big deal.

Re:Nah.

[cheater512]

I get the sense that there isn't much of a system to compromise with this since it is only running a single process.

Re:Nah.

[shutdown+-p+now]

This is for the scenario where said last line of defense is meaningless. When your VM is, essentially, all about running a single process, like a webserver, the only thing that's behind the aforementioned last line is the kernel itself... and nothing else. In other words, there's no practical difference here between one particular userspace process being compromised, and the entire OS being compromised, since that process is the only thing that matters. It's also not a situation where you try to clean up the system if it has been compromised - you just scrap the VM and re-create it from a snapshot.

Re:Nah.

Looking for virgins amongst Linux users is like looking for nitrogen in the atmosphere.

Re:Nah.

To immature trolls who take interest in my sex life: there is fresh air outside your basement.

Re:Nah.

[postbigbang]

It's a very good idea, with more finite applications in the real world. Think about it:

1) low, low, low attack profile
2) your kernel and outside perimeter better be perfect, but this is true in the real world anyway
3) less fuss and muss
4) low, low overhead instead of having to strip out init.d junk and daemons-without-a-cause
5) nice paravirtualization instead of sloggy driver emulation
6) modifiable kernel that can be altered so that memory entrance points can be scrambled up easily to prevent addressing hijacks.

So put your favorite httpd on it and run it more as an app virtualization rather than a whole freaking OS/app instance virtualization.

Re:Nah.

[mcgrew]

Wow, two AC FPs in one day that were not only ontopic but good comments!

A glitch in the matrix?

Re:Nah.

Not quite.

There are plenty of applications: Webserver and database, sshd master and sshd worker, authentication user and authentication service, that use privilege separation. I have a client facing web server, which runs presentation software for read-only views into some of my database, if the web server gets hacked, it can initiate a complete dump of the exposed view of the database, but it still can't change the database or access the non-exposed data.

I still feel this is a step in the right direction, as most of the POSIXy cruft in Linux is of no value to any real application, particularly the hyper-flawed unix security model. I think they should add process separation and RBAC if they don't already have it, as some ability to isolate components of an application is helpful.

Re:Nah.

No you dumb virgin, there is dirt outside my basement.

OMG!! You don't even know what a basement is!!

Re:Nah.

Wow, two AC FPs in one day that were not only ontopic but good comments!

A glitch in the matrix?

--
"The tyrant fears the laugh more than the assassin's bullet." Heinlein, Our Fair City

Re:Nah.

[shutdown+-p+now]

There are plenty of applications: Webserver and database, sshd master and sshd worker, authentication user and authentication service, that use privilege separation.

Why would you run all these on a single VM?

Re:Nah.

[Bonobo_Unknown]

Well you have to leave the basement to fully appreciate where the basement is located. Otherwise it is just the all providing womb.

Re:Nah.

[scottbomb]

Apparently a small network, at least I hope for his sake.

Re:Nah.

[l3v1]

"Why would you run all these on a single VM?"

Because you live in the real world?

Re:Nah.

Yeah, that's what AIX and other older Unix gurus said when Linux was emerging.

Re:Nah.

[CBravo]

Why would you want a VM with only a single process?

Re:Nah.

[shutdown+-p+now]

To provide as much isolation as possible from all the other stuff (a kernel is still more likely to be vulnerable than a hypervisor).

Either way, that's what people already do - today - and they do it with Linux as a guest. These guys are just rightly pointing out that this doesn't make much sense to run an OS that heavyweight for that purpose.

Re:Nah.

[shutdown+-p+now]

In the real world, people are doing what these guys do already, except they use Linux as a guest OS as well. That's why the project got started in the first place - to improve efficiency of a very real use case that's already there.

Re:Nah.

Sure it can be running just a single application.. But the thing is that a system usually interconnects with other systems so if a system gets fully compromised then it can be used to gain access to more systems...

There is a big difference between getting a single process exploited (maybe just one of the httpd workers) and having a full system-breach.....

With the former they can do some limited things like reading random files, sniffing traffic going to that specific instance etc. With the latter they can, during a limited period, sniff all traffic to the system, getting access to any and all authentication information to other connected systems etc..

Ie... If a "normal" system gets breached then it usually stays within that system and the attack can be mitigated. If a system like this would be breached then the attack can escalate into all connected systems very fast..

Re:Nah.

[shutdown+-p+now]

Sure it can be running just a single application.. But the thing is that a system usually interconnects with other systems so if a system gets fully compromised then it can be used to gain access to more systems...

If the only thing that system is running is a single process, then the only interconnects with other systems that one has are the ones used by that process. So if you can break into the process, you can already sniff and control any of that - authentication information, etc. The worst case here is that an attacker can take down / take over several worker processes rather than just one; but from a security standpoint it matters little since they are all on the same privilege level. And if you're doing that kind of thing in the first place - spinning up servers on a hypervisor in the cloud - then you probably have more than a few of them, so compromising just one isolated VM is not much of a DoS.

Anyway, the whole point of isolating VMs like that is so that even taking full control of one of them is not going to give you anything interesting. That's how you're supposed to set them up in the first place.

Re:Nah.

[davester666]

Come down here and make me, dad.

Re:Nah.

[mwvdlee]

Because there are plenty of applications that can run webserver, database and everything elso on the cheapest available VM and still don't come near to 100% resource utilization.

In short, unless you have a company large enough to manage it's own cloud infrastructure, more VM's == more expenses.

Re:Nah.

[shutdown+-p+now]

Note that this is a product that is specifically targeting the "large enough" market that uses cloud VMs as a cheap yet highly scalable approach.

Re:Nah.

[smash]

Or they use a FreeBSD jail.

Re:Nah.

[shutdown+-p+now]

Jails are vulnerable to kernel exploits (assuming that everything is configured right otherwise). VM isolation is only vulnerable to hypervisor exploits. Hypervisors are generally much simpler than full-fledged kernels and have less attack surface, and so they are less likely to be successfully attacked.

Re:Nah.

[TheRaven64]

There is a big difference between getting a single process exploited (maybe just one of the httpd workers) and having a full system-breach.....

There really isn't on most cloud systems. You compromise the web server, and now you've got the credentials to access the db server. That's far more important than anything on the local filesystem. Sniffing all traffic going to the system? There isn't any traffic going to anything other than the (single) running app. And even with a compromised kernel, you can't put the interface in promiscuous mode because the paravirtualised device doesn't support it.

So the question is whether you'd rather have a slimmed-down FreeBSD kernel in your TCB or a full-featured Linux kernel and GNU userland. If you have an OS where you can spin up new instances in a second, that makes it possible to compartmentalise your system much more than if starting up a new VM takes a minute. It also makes scaling easier.

Re:Nah.

[FireFury03]

This is for the scenario where said last line of defense is meaningless. When your VM is, essentially, all about running a single process, like a webserver

If you're running a single process, you're probably doing things very wrong... Your VM may well be running a single *type* of process (e.g. a web server), but usually there are multiple instances of it running at once. And there is a lot to be said for keeping those instances protected from each other, so if one blows up it doesn't take out everything else on the VM.

I'd also want stuff like the filesystem driver to be protected from userland applications - its one thing for an application to screw up/get compromised and trash a load of files, its quite another for it to cause the filesystem driver to trash the entire FS... There's also a lot to be said for hardening systems by restricting the application from doing things it never needs to do (this is the point of SELinux) - does your web service need to be able to send mail or connect to port 22 on random machines on the internet? No? Then restrict it from doing so (and send warnings to the sysadmin if it tries) and you prevent your web server becoming a spambot/ssh scanner if it gets compromised.

Re:Nah.

No you dumb virgin, there is dirt outside my basement.

OMG!! You don't even know what a basement is!!

You're confusing basement with cellar. OMG!!! You don't even know the difference between basement (windowless or windows) and cellar (windowless).

Re:Nah.

[azrael29a]

Hypervisors are generally much simpler than full-fledged kernels and have less attack surface, and so they are less likely to be successfully attacked.

Yeah, just like VMware! It's a full-blown Linux OS with additional vmkernel module that takes over control as the hypervisor. Oh, wait...

Re:Nah.

[azrael29a]

Why would you want a VM with only a single process?

Exactly. There is no point in running a full blown OS just to virtualize a single app or process. Linux has an option for that, and it's called LXC (Linux Containers). Old Unices have that too: Solaris - Zone/Container AIX - WPAR HP-UX - vPar

Re:Nah.

[azrael29a]

Linux Containers are matching all your points except 6.

Re:Nah.

[postbigbang]

Except that your hypervisor could be Xen, Citrix Xen, virt, vbox (just tried it and it's ugly but works), they say, soon: VMware. Haven't tried it on EC2, but containers is a concept that now bothers me because of its SunOS origins, just like SELinux bothers me because the NSA had tried to develop and evolve it.

Linus would be wise to consider a kernel fork that squeezed all the barnacles out of his triumphant OS and was lean and mean and rocked on small substrates where an #ifdef IBM_on_Power doesn't mean anything. Ye gawds how fat that kernel is getting.

Ok, GodWin by NSA trump card. Sorry.

Re:Nah.

[shutdown+-p+now]

If you mean ESX, then they use Linux as a bootloader, much like Windows 9x used DOS. Once it loads vmkernel, that takes over - your exact words, and correct ones at that - and relegates the original Linux environment to be one of the hosts, effectively isolating it. So the only attack vector from one of the other VMs is the hypervisor, and not the Linux system that was used to boot it.

So, yeah. Just like VMware!

Re:Nah.

There's nothing heavyweight about Linux. Learn to configure your kernel yourself and use a distribution that doesn't have massive cobwebs of dependencies (e.g. any compile-from-source distribution), or hire someone (like me) to do your IT work for you, since you're a clueless fool.

Re:Nah.

[shutdown+-p+now]

If you're running a single process, you're probably doing things very wrong... Your VM may well be running a single *type* of process (e.g. a web server), but usually there are multiple instances of it running at once. And there is a lot to be said for keeping those instances protected from each other, so if one blows up it doesn't take out everything else on the VM.

In a scenario where such setup makes sense in the first place, you're usually running more than one VM - in fact, probably, way more than one. So taking out a single VM may be a more efficient form of DoS than taking out a single worker process, but really not by much.

I'd also want stuff like the filesystem driver to be protected from userland applications - its one thing for an application to screw up/get compromised and trash a load of files, its quite another for it to cause the filesystem driver to trash the entire FS...

What would be the difference in this case? Either way, the VM is hosed (in a sense of not being able to do the function it is intended to do), and the recovery process would be to kill it and recreate from scratch (or rather, from a preconfigured image). The data it works on should not be local - it's on a separate VM that runs the database, and that is isolated from public networks.

There's also a lot to be said for hardening systems by restricting the application from doing things it never needs to do (this is the point of SELinux) - does your web service need to be able to send mail or connect to port 22 on random machines on the internet? No? Then restrict it from doing so (and send warnings to the sysadmin if it tries) and you prevent your web server becoming a spambot/ssh scanner if it gets compromised.

Or just firewall it. The advantage here is that you only need a single firewall for the entire cluster.

The point of SELinux, OTOH, is to sandbox apps on a system which has something else important/valuable on it that can get hosed or compromised. When you can make the physical machine boundary your isolation boundary, things are much simpler.

Re:Nah.

[shutdown+-p+now]

Oh, I'm sorry, I didn't realize I was talking to an "expert" here. Do you even know what the cost of a kernel call is? Or, say, the cost of process isolation and memory protection? Or did you think that all these are free?

Re:Nah.

[DuckDodgers]

So you can modify it while it's live?

I'm not sure what I think about this single use VM concept. I think it has a lot of advantages. But one benefit of running a full operating system (Linux, Windows, FreeBSD, or otherwise) in your virtual machine is that you can modify it while it's live. Unless I missed something, this one-application-per-vm model assumes you set it up and run it, and then when you want to make a change you create a new vm, kill the old one, and put the new one in its place.

Maybe kill-and-replace trumps modify-in-place in most circumstances.

Re:Nah.

[DuckDodgers]

Okay, I'll bite. What's hyper-flawed about the unix security model? What do you want in its place, ACLs? Something else?

Re:Nah.

[shutdown+-p+now]

Unless I missed something, this one-application-per-vm model assumes you set it up and run it, and then when you want to make a change you create a new vm, kill the old one, and put the new one in its place.

Yes, pretty much. Of course, it implies that you don't develop (or otherwise experiment) on production environment. You will probably develop on a machine which has all those components set up on a single box for convenience, so that you can fiddle with them (but still assume that they will be separate when deployed). And before you deploy to production, you try it on a staging environment where you replicate the production environment as close as possible, including split VMs; if that works, then you replicate the result to production. Of course, if you find some issues at the staging part, then you will need to fiddle around with VMs.

The main advantage of this approach is how easy it is to scale. Once you have VMs set up for your various roles, you can image them and replicate them as much as needed. E.g. if you need to bring a couple more web servers online, it's literally two clicks away, since you just spin up a new VM and tell it to use your preconfigured web server image; and when you don't need them anymore, you get rid of them with no worries. In fact, doing this kind of thing if you only have a single VM as a web worker probably doesn't make sense (not to say that you don't want to split roles across machines even then, but you might not be as strict about it) - hence why they're talking about cloud farms here.

Re:Nah.

[DuckDodgers]

I haven't done the cloudy cloud cloud cloud thing. I'm familiar with virtualization though - isn't it a bit more than two clicks, because you have to change the network address of each VM as it spins up? Or are you assuming that they use DHCP and you run a proxy server on the internet-facing side that figures out which VMs receive the external traffic?

But it also seems to me that killing a VM and replacing it only works if you have no state to preserve between the old VM and the new one (e.g. session attributes, etc...) That's the ideal way to architect a colossal web application, but I don't know common it is in real world scenarios.

Re:Nah.

[shutdown+-p+now]

I haven't done the cloudy cloud cloud cloud thing. I'm familiar with virtualization though - isn't it a bit more than two clicks, because you have to change the network address of each VM as it spins up? Or are you assuming that they use DHCP and you run a proxy server on the internet-facing side that figures out which VMs receive the external traffic?

I don't know how exactly it is implemented in detail, but yes, for cloud there's a load balancer that makes sure that requests are distributed between VMs (and only go to live VMs). That's pretty much necessary for the stereotypical cloud scenario where you scale up and down easily by buying more resources for a short period of time when they are needed.

But it also seems to me that killing a VM and replacing it only works if you have no state to preserve between the old VM and the new one (e.g. session attributes, etc...) That's the ideal way to architect a colossal web application, but I don't know common it is in real world scenarios.

Yes, it would have to be stateless (or rather, any state would have to be of a transient nature). At the same time, how common would it be for the web app to actually try to persist any data locally, or even store it in the process between requests? Pretty much everything I've read on app design lists this as a bad thing to do very early on, and all frameworks that I've seen seem to follow that guideline, and stick everything into a DB. Again, this is something that you pretty much need if you have more than one web app server with a load balancer (which is very common even outside cloud stuff), since a single user can easily land on one and then on the other with two consequent requests.

Re: Nah.

[ShadowFoxx]

It's not that hard if you have a decent IDS that does file/directory hashing. There are open source ones too that do this like OSsec that can run as server client model or stand alone. The bussiness cost bennifit is not there with money lost in downtime when you can effectively irradiate threat. That's why we do risk analysis in the field.

Re:Nah.

[DuckDodgers]

I think you're right. I'm thinking too much about small scale deployments - because that's what I know.

So... no separation between system and userspace..

No security either.

Where is the JVM source code

They claim it runs a JVM, but the source code of this JVM is nowhere to be found. Where is it?

Re:Where is the JVM source code

[urdak]

They claim it runs a JVM, but the source code of this JVM is nowhere to be found. Where is it?

It runs any unmodified Linux JVM. You don't need any special JVM source code - just take OpenJDK from any Linux distribution, or Oracle's JVM, and run it inside OSv.

Re:Where is the JVM source code

That is impressive. This page talks about the benefits that could be gained if they modified the JVM:
http://www.osv.io/devel-menu
But they haven't yet and are already 1% faster than a comparable linux guest VM running the same unmodified JVM.

On the other hand, is 1% really worth it given their guest is so much more limited (you cannot exec or fork, meaning they couldn't even run all the specjvm benchmarks)?

Re:Where is the JVM source code

[K.+S.+Kyosuke]

I guess you'd probably want to run an MVM/multi-tasking JVM anyway.

Re: Where is the JVM source code

Ever try calling fork/exec from a JVM? It's a mess...

Re:Where is the JVM source code

[TheRaven64]

It's using a (heavily modified) FreeBSD kernel with the Linux compat layer, so it's not surprising. And the 1% speedup isn't the real win. The benefit is that you can make a very small VM image that can spool up new instances in about a second. It isn't that you can run a single instance 1% faster, it's that when you get load spikes you can start up 1000 new instances in between getting the SYN and sending the ACK...

A new OS in the Cloud?

Sure, we trust it!

Let's all store our credit card numbers, addresses, social security numbers, and everything else there.

Perfectly safe.

Re:A new OS in the Cloud?

Of course we trust the latest version of NSAOS.
- No need for userspace separation because we're alrea ... it's already handled for you.
- Crypto, shmypto, it's safe!
- You can't spell No Source Available without NSA!
- Trust us! (you really have no choice)

Re:A new OS in the Cloud?

It is worth mentioning that it is an Israeli-developed system (even if you didn't read the article, the names as noted in the summary are a dead giveaway), and we all know how chummy the Israelis are with the NSA. Of course there's a goddamn backdoor in it!

-- Ethanol-fueled

Whats the point?

In No-Security-Allowed America

Your Operating Systems are bullshit.

Your Hardware are bullshit.

Your Internets are bullshit.

Your laws are bullshit.

Your Encryption is bullshit.

Your Cell phones are bullshit.

Your NEWS is bullshit.

Re:Whats the point?

[ArcadeMan]

You're getting old.

Re:Whats the point?

What about my male cow excrement? Is that ok?

Re:Whats the point?

Does it have an American mini, or American micro Penis?

GPL trumps BSD as a usable open source licence

[evanh]

If the BSD licence was as useful as GPL then Linux would never have grown in the first place.

Re:GPL trumps BSD as a usable open source licence

100% true, and 100% flamebait.

Re:GPL trumps BSD as a usable open source licence

[geekoid]

They are different and for different purposes. There is no 'trumping' there is which one is right for your purpose.

Also, there are more BSD systems then GPL. Not that it matters, but I thought you should be aware of that. There are about a billion iOS devices alone.

Re:GPL trumps BSD as a usable open source licence

[jedidiah]

Many true things upset people. Political correctness is a curse that corrodes democracy.

It's much more damaging than Trolls.

Re:GPL trumps BSD as a usable open source licence

[jedidiah]

You're going to go with that lameness? Seriously? You are a couple years late for that since Android has popped that little bubble.

BSD is great for wannabe Robber Barons.

Everyone else can play nice with the rest of civilized society.

Even most of the wannabe Robber Barons can.

Re:GPL trumps BSD as a usable open source licence

[mcl630]

Correct me if I'm wrong, but isn't BSD more permissive than GPL?

Re:GPL trumps BSD as a usable open source licence

Many things are off topic, and the circuses that creates also corrodes democracy.

It's much more damaging than the faux-enlightened.

Re:GPL trumps BSD as a usable open source licence

[slashdime]

iOS devices are BSD?

iOS is released under a copyleft license that allows one to modify, rename and resell it?

Did noone think to tell Apple about this?

iOS is NOT BSD.

BSD allows anyone to take something that is BSD and turn it into NOTBSD, at which point, it is.... dun dun dun... NOT BSD.

Re:GPL trumps BSD as a usable open source licence

[meta-monkey]

You're going to go with that lameness? Seriously? You are a couple years late for that since Android has popped that little bubble.

He's still waiting for confirmation from netcraft.

Re:GPL trumps BSD as a usable open source licence

It wasn't the BSD license that held BSD back, it was AT&T sueing BSDi that did. When the case settled Linux had already started making traction.

Re:GPL trumps BSD as a usable open source licence

[meta-monkey]

Yes, but not in a way that promotes growth. The BSD license is a trap for the grumpy kids who don't want to share their toys at recess.

BSD: You can do whatever you want with your modifications to this code, including close them.
GPL: You can do whatever you want with your modifications to this code, except close them.

One of these creates a positive feedback loop in which small, incremental improvements from coders who share increase exponentially. The other creates a negative feedback loop in which the improvements from those who don't share are locked away and lost. I'll leave it to you to figure out which is which.

Re:GPL trumps BSD as a usable open source licence

Also, there are more BSD systems then GPL. Not that it matters, but I thought you should be aware of that. There are about a billion iOS devices alone.

Are you forgetting that Android runs a GPL'ed kernel? There were 300 million activated Android devices at the beginning of 2012, increasing by almost 1 million a day, and that's not counting the myriad of unactivated (i.e. no Play store access) tablets and phones. Or all of the routers, Tivos, and toasters that run Linux.

Re:GPL trumps BSD as a usable open source licence

[suutar]

it is. In particular it permits the user to use the open BSD-licensed code in non-open products. Folks who prefer the GPL over BSD (including me) do so because of moral beliefs. Therefore I would rephrase grandparent as "if BSD's permissions were as popular among the share-and-share-alike crowd as the GPL's permissions..."

Re:GPL trumps BSD as a usable open source licence

Android is a win in the Linux and BSD camps because they use a linux kernel and parts of the userland come from BSD.

iOS is also a win in the BSD camp. Thus, we have most of the smart phone market.

Re:GPL trumps BSD as a usable open source licence

Err... Only the kernel of Android is GPL. The libc, Bionic, is BSD - as is toolbox, the standard, typical userspace. The preferred license for the rest of userspace is ASL 2.0.

Re: GPL trumps BSD as a usable open source licence

iOS is based on BSD. Get over it.

Re:GPL trumps BSD as a usable open source licence

BSD allows anyone to take something that is BSD and turn it into NOTBSD, at which point, it is.... dun dun dun... NOT BSD.

Uh.... No. You can't take something that is BSD and turn it into not BSD - anymore than you can take GPL and turn it into not GPL.

Even if you add GPL to BSD code, you still have to keep the BSD license. It's still BSD. (But also GPL)

Re:GPL trumps BSD as a usable open source licence

One of these creates a positive feedback loop in which small, incremental improvements from coders who share increase exponentially. The other creates a negative feedback loop in which the improvements from those who don't share are locked away and lost. I'll leave it to you to figure out which is which.

The problem with this claim is that you're simply lying by omission. (Well, there's another problem: hyperbole. "Exponentially"? Hah.)

GPL: the positive feedback loop is damped by the unattractiveness of the license to many potential contributors, particularly GPLv3. Fewer participants equals less resources spent developing the project.

BSD: the claimed negative feedback loop almost doesn't exist. Many of the entities (the same ones who have issues with GPLv3) whom you GPL zealots assume would just take everything private actually tend not to. Why? Because the reason they're using open source in the first place is to reduce their own workload, and maintaining a private fork of a public codebase turns out to be a lot of work. If you want to take changes from the public version, you're in permanent merge hell (because nobody in the outside world knows or cares about your local changes). If you want to fully fork and ignore the public version, now you're responsible for maintaining everything on your own. In most cases it's substantially less work to contribute your changes back to the public version.

Basically the only time this actually happens in the BSD-licensed world is when someone decides "to hell with it, we don't care how much we have to spend, we're going to go all the way private".

(All of the above is equally true of GPL-licensed code. GPL zealots are only assuming that their preferred license is required to create sharing. In reality, productive sharing is always an outcome of shared interests between all the parties involved, not the license.)

Re:GPL trumps BSD as a usable open source licence

[slashdime]

iOS is released under a Proprietary EULA license.

Re: GPL trumps BSD as a usable open source licence

[slashdime]

Get over what? The fact that iOS is based on BSD? I'm over it. That fact was never in dispute.

Just because it was based on BSD does not make it BSD. BSD is the freedom the license gives, which iOS does NOT give.

Re:GPL trumps BSD as a usable open source licence

GPL: You can do whatever you want with your modifications to this code, except close them.

I don't think you intended to, but your oversimplification is the route of much confusing about GPL being "viral". I can modify GPL code all I want and never share my modifications, if I never distribute the program in question.

Re:GPL trumps BSD as a usable open source licence

GPL absolutely allows modifying the code and closing it, you just can't sell the resultant product. Big deal, some of the largest companies in the world don't sell the resultant code, they sell a service that runs on their closed code. Case in point - Google.

The GPL license is the kid claiming he's some sort of saint because he's giving you this code "for free". And by giving it to you "for free", he means he's only giving it to you because he knows you're going to have to give hime something back in the future. The BSD license is TRUE freedom. Here's the code - take it and do as you please, no strings attached. Want to make money and keep it for yourself? Good on you.

Re:GPL trumps BSD as a usable open source licence

You're either a liar or you don't understand the licenses you're talking about here. But don't let that stand in the way of spouting this shit, Slashdot mods are all GPL goose steppers. If you're not they have a way of dealing with you.
 
Fuck the facts. Hail GPL!

Re:GPL trumps BSD as a usable open source licence

[shutdown+-p+now]

And how much of Android code is GPL-licensed? The kernel, yes. But even their libc (Bionic) is BSD already.

Re:GPL trumps BSD as a usable open source licence

[Microlith]

An example that is mostly immaterial given that the biggest driver of Android adoption has been the fact that Google has been behind the effort.

Re:GPL trumps BSD as a usable open source licence

[Microlith]

And you've set your entire argument up in a biased fashion too.

GPL: the positive feedback loop is damped by the unattractiveness of the license to many potential contributors, particularly GPLv3. Fewer participants equals less resources spent developing the project.

A claim which is possible but largely lacking in evidence.

BSD: the claimed negative feedback loop almost doesn't exist.

Additionally unfounded. Given that BSD sources can be downloaded, modified, and their changes never see the light of day the loss of information is virtually guaranteed. Not to say it doesn't happen with the GPL, but it's actually a legal risk to allow it to happen.

Because the reason they're using open source in the first place is to reduce their own workload, and maintaining a private fork of a public codebase turns out to be a lot of work.

And yet there are plenty of vendors who would do just that if it suited their purposes. Your argument for staying upstream is entirely logical, but then, many corporations are not run in a logical fashion.

Basically the only time this actually happens in the BSD-licensed world is when someone decides

Would you ever know?

GPL zealots

Nothing worse than responding to a reasonable post with an invective.

In reality, productive sharing is always an outcome of shared interests between all the parties involved, not the license.)

But only so far as it suits their business interests. The GPLv3 was created to further advance its goals which have always been to ensure the software is free and that the recipient of the software is never encumbered by whomever they receive it from.

Re:GPL trumps BSD as a usable open source licence

GPL makes you share all your code. If I want to use one small bit of GPL code or link against a single library, I have to share my entire codebase. Luckily there is LGPL for that though.

Re:GPL trumps BSD as a usable open source licence

[interval1066]

The BSD license is not much better than toilet paper, so where's the flambait here?

Re:GPL trumps BSD as a usable open source licence

[interval1066]

A billion wrong moves is still a billion wrong moves too many.

Re:GPL trumps BSD as a usable open source licence

well history shows BSD is a healthy active system that promotes sharing. While GPL is an exclusive hostile environment that tends to alienate people through its restrictions. So I am going to say BSD is the one with the positive feedback loop, while GPL is extremely negative.

Re:GPL trumps BSD as a usable open source licence

Linux is like Windows, popular because of lemmings. Look, I can do what you just did. :-)

Re:GPL trumps BSD as a usable open source licence

[Brian+Feldman]

Oh, the irony. Let's conveniently ignore the fact that OSv is based on FreeBSD.

Re:GPL trumps BSD as a usable open source licence

GPL creates a feedback loop like a microphone near a speaker. Moar crappy code!

At least Linus is around to backhand programmers who should know better, but most other GPL programs seem to have a "Who needs to design stuff, lets just start programming and wing it!"

Re:GPL trumps BSD as a usable open source licence

[shutdown+-p+now]

Yes - and I think it's rather telling that for those parts of the system that Google wrote themselves, they used BSD, and not GPL.

In fact, is there anything in AOSP that is GPL-licensed aside from the kernel?

Re:GPL trumps BSD as a usable open source licence

Interesting opinion :), why do you think they want to make another Linux? Looks like it will be a very specialized OS, nobody is going to fork it. And for them it is more important to make it business friendly (I agree with this) then to please GNU fans who will insist in calling it GNU/OSv :-\. BTW, you can add GPL applications on top of BSD OS, but making it otherwise can be problematic. Patent trolls aren't the only troll species in existence. ;)

Re:GPL trumps BSD as a usable open source licence

[lister+king+of+smeg]

One of these creates a positive feedback loop in which small, incremental improvements from coders who share increase exponentially. The other creates a negative feedback loop in which the improvements from those who don't share are locked away and lost. I'll leave it to you to figure out which is which.

The problem with this claim is that you're simply lying by omission. (Well, there's another problem: hyperbole. "Exponentially"? Hah.)
GPL: the positive feedback loop is damped by the unattractiveness of the license to many potential contributors, particularly GPLv3. Fewer participants equals less resources spent developing the project.
BSD: the claimed negative feedback loop almost doesn't exist. Many of the entities (the same ones who have issues with GPLv3) whom you GPL zealots assume would just take everything private actually tend not to. Why? Because the reason they're using open source in the first place is to reduce their own workload, and maintaining a private fork of a public codebase turns out to be a lot of work. If you want to take changes from the public version, you're in permanent merge hell (because nobody in the outside world knows or cares about your local changes). If you want to fully fork and ignore the public version, now you're responsible for maintaining everything on your own. In most cases it's substantially less work to contribute your changes back to the public version.
Basically the only time this actually happens in the BSD-licensed world is when someone decides "to hell with it, we don't care how much we have to spend, we're going to go all the way private".
(All of the above is equally true of GPL-licensed code. GPL zealots are only assuming that their preferred license is required to create sharing. In reality, productive sharing is always an outcome of shared interests between all the parties involved, not the license.)

The same people that won't use software under the gpl because it requires them to contribute there changes back to the project won't give them to BSD licensed projects either. Microsoft took their TCP IP stack from BSD have they contributed back to BSD?

Re:GPL trumps BSD as a usable open source licence

[Anonymous+Brave+Guy]

BSD is great for wannabe Robber Barons.

Indeed. The idea that someone would write some good code and then voluntarily just give it away to anyone who wants it is silly. If you want to get contributions back in return for your freely available code, GPL is the only viable strategy. That's why no-one ever gifted their code to others before the GPL was published, why there is no code out there today that uses dumb licences like BSD and there won't be tomorrow either, and why even if there were it would all come from single individual contributors without any kind of collaboration.

(And yes, the above is 100% sarcasm, so sorry if that offends anyone. I couldn't think of a serious way to respond to the absurd implication that the only people who use BSD are freeloaders who never contribute back.)

Re:GPL trumps BSD as a usable open source licence

Yeah, I've been telling the Fandroids that for a couple years now.

Re:GPL trumps BSD as a usable open source licence

I'm not sure if I envy you in having a life so free of worry that you can get worked up so greatly about a software license, or if I pity you in having a life so empty that a software license is all you have to get so worked up about.

Re:GPL trumps BSD as a usable open source licence

Microsoft has released really large amounts of code under the Apache v2 license, yes, which is based on BSD and just as permissive as the BSD license in not requiring release of derivative works. None of which they had any legal requirement to release. I'm talking entire projects like IronPython and IronRuby. Perhaps you should have checked that before typing.

Re:GPL trumps BSD as a usable open source licence

[SpaceLifeForm]

Not accurate. You can do whatever you want with GPL code, and you can keep your mods closed, as long as you do not distribute your 'closed mods'. If you distribute binary, you must provide the source.

Re:GPL trumps BSD as a usable open source licence

It depends on your point of view, I guess.

GPL is a hassle. I'm a developer, not a lawyer. I don't want to have to care about what's written in your license.

I really wouldn't care one way or another if my code is open or not. If you asked for the source to one of my private projects, I'd give it to you with the condition "if it breaks and kills someone, that's entirely your problem".

Basically, I'd rather not have to put a license on it at all. Sadly, we live in a silly world of software patents and bizarre liability handballs, so I have to use some kind of license to protect my own arse from someone elses misuse. The BSD license is simply easier then the GPL license, because it doesn't put any conditions on me.

The result is that I will never contribute to or use any GPL licensed stuff in a serious context, because it increases my non-development workload, and there's nothing I hate more then having to spend time dealing with legal crap.

Re: GPL trumps BSD as a usable open source licence

[cant_get_a_good_nick]

Linux "beat BSD" for a few reasons.

First, BSD had to fight a huge lawsuit against AT&T to even exist. You should thank them, because without them winning Linux's future would be in doubt.

Next, they picked a bad development model. Linus was much more open, and the code moved faster. The BSD folks were more insular (read: snobby) and it cost them. this has nothing to do with license issues.

BSD stumbled a bit around BSD 5, adding a (more complicated than needed) complicated scheduler. In doing so, they lost one of their best coders. Imagine if Linux lost Alan Cox right when 2.0 was about to roll out, and forecast they'd still be as popular.

The license thing probably didn't help either, but you can debate that a bit - name me a GPL web server as popular as apache? Perl is more BSDish. Python is some hybrid. Mozilla, etc. there's popular BSDish licensed code.

My theory is license matters, but less than management. The GPL magic dust didn't help GCC from being essentially abandoned around 2.7-2.8 days, and picked up by an outside group (egcs). It didn't make emacs better than xemacs. Thank Linus for transitioning from a curious college dude to a pretty good steward of the software that drives billions in revenue.

All those together made huge first mover advantage for Linux. Either you say a good chunk of Linux's growth was due to early adopter advantage and network effects, or you need to also say that Windows succeeded because of quality.

Re:GPL trumps BSD as a usable open source licence

[Burz]

It has nothing to do with PC--which is just a way to extend "good old fashioned" respect beyond sectarian lines-- because no one is born with a Linux or BSD logo on their skin or written on their birth certificate.

Hopefully you have less of a problem judging people by their character as individuals than you do confusing flesh-and-blood human beings with software.

Re:GPL trumps BSD as a usable open source licence

It has nothing to do with PC--which is just a way to extend "good old fashioned" respect beyond sectarian lines

yeah, extend that "good old fashioned" respect into muzzling what they feel because they fear getting mobbed by the volunteer thought police. It's just another way to enforce group-think.

Re:GPL trumps BSD as a usable open source licence

[cas2000]

GPL: the positive feedback loop is damped by the unattractiveness of the license to many potential contributors, particularly GPLv3.

it's only unattractive to those who want to re-use free code while restricting the freedoms of downstream users.

fuck 'em. parasites don't add any value to anyone.

Re:GPL trumps BSD as a usable open source licence

[cas2000]

I worry that licensing issues may result in me being fucked over because of my own ignorance and laziness so my solution is to pre-emptively fuck myself over.

my face didn't really need that nose anyway.

Re:GPL trumps BSD as a usable open source licence

[sonamchauhan]

Well, if BSD wasn't around maybe OSX wouldn't be a viable Windows competitor. Maybe we'd still be using a successor of Trumpet WinSock to connect Windows PCs to the Internet. Maybe LLVM and gcc wouldn't be used to create widely-used mobile and desktop consumer applications (i.e. OSX application, using XCode). Maybe mobile applications would still be built mostly using Visual C++ to Windows Phone apps.

Re:GPL trumps BSD as a usable open source licence

[StripedCow]

A claim which is possible but largely lacking in evidence.

You act as if the statements being made here are scientific. But science requires experiments to be done, and you simply cannot do an experiment using two open source projects with different licenses and say meaningful things, when all you have is a lab that is essentially one complex economy that nobody can understand.

Not to say it doesn't happen with the GPL, but it's actually a legal risk to allow it to happen.

Vague. Doesn't say much about the actual difference of "power" between BSD and GPL.

If you publish your open source project using GPL, you actually run the risk that your project will one day be superseded by a project which uses a more permissive license and may actually be more popular because the license attracts companies and hence money.

I'd say GPL spreads like a religion. Don't use condoms, multiply and spread the holy word!

Re:GPL trumps BSD as a usable open source licence

At this early stage that's great, it's further down the line if/when OSv enjoys more widespread adoption that the overly liberal license may cause unforseen fragmentation and a slew of incompatible proprietary twists on the original design, of course it being such a simple OS maybe that will never be an issue, but don't pretend there's been any chance for irony at this stage of the game. Permissively licensed f/oss projects are generally more prone to forks, non-free or otherwise, and unnecessarily divided effort, even if the core project lives on, than their GPL counterparts.

Re:GPL trumps BSD as a usable open source licence

[martyros]

Additionally unfounded. Given that BSD sources can be downloaded, modified, and their changes never see the light of day the loss of information is virtually guaranteed. Not to say it doesn't happen with the GPL, but it's actually a legal risk to allow it to happen.

In practice, the vast majority of the time GPL and BSD are functionally equivalent. The reason is this: if a company takes a GPL project, makes changes, but doesn't do the work to upsteam them, and then just publishes their changes as patches on their own website, there is a very low probability that those patches will ever make it either upstream, or into a competitor's product. Publishing the patches on your website is not considered "contributing to the community"; actually doing the work of upstreaming is. A company that doesn't upstream anything but only publishes patches on their website is considered a "taker" by the community. The major things driving contributions to upstream are the pain of having to rebase local modifications in order to pull new code from upstream, and the benefits of being seen to "give back" to the community. These both would work the same for a BSD project.

However, just like any time you're working with other people, "what happens in the worst case" is important, and has a material impact on how you relate when there are disadgreements. If the situation becomes tense with your wife, you'll act differently if you know that in the event of a divorce she'll get half of your considerable property than if you know she can't touch a dime. Similarly, the fact that I could take those published patches and upstream them myself is important to me. And although companies like BSD when they're the only one contributing to a project, it seems to me that GPL provides a much better "worst case scenario" for you if you're working with a competitor.

Re:GPL trumps BSD as a usable open source licence

[TheRaven64]

Additionally unfounded. Given that BSD sources can be downloaded, modified, and their changes never see the light of day the loss of information is virtually guaranteed. Not to say it doesn't happen with the GPL, but it's actually a legal risk to allow it to happen.

Take a look at the donors list to the FreeBSD Foundation and see how many of them are big companies (e.g. NetApp, Juniper) that ship proprietary products built on FreeBSD, yet still contribute back changes. And then look at companies like Google, which build their infrastructure on Linux but keep a lot of changes public. The GPL doesn't force them to give anything back unless they distribute the modified version, and they don't distribute the modified Linux that they run on their servers. It's only a legal risk if you are distributing the software, but given that 90% of all developers are working on in-house software that is never intended for distribution then that means that the GPL only ever forces the 10% of potential developers who are working on commodity off-the-shelf software to release code, and they are the ones who are least likely to touch the GPL in the first place.

Over the years, I've worked with companies that have maintained private forks of GPL'd projects, because they don't want the potential liability of distributing things under the GPL. When they take some of our BSDL code, however, they'll push back patches because there's no possible legal obligation arising from their doing so, and it's cheaper to have all of their changes upstream than maintain a private fork. I've also worked with companies that have done a clean-room reimplementation of a project rather than touch the GPL (in many cases, it's remained private, in some they've released it under a permissive license).

Re:GPL trumps BSD as a usable open source licence

This sounds like it's for you http://www.wtfpl.net/

Re:GPL trumps BSD as a usable open source licence

Unix and BSD literally died because of the BSD or BSD like license. How you can sit there and deny history is just idiotic.

Re:GPL trumps BSD as a usable open source licence

I see absolutely no problem with the terms "GPL zealot" and "BSD zealot" being used when appropriate - that is to say, when either camp is reducing a complex problem to something crude, stupid, unfounded and oversimplified to push an agenda.

The one thing I am goddamn sick of seeing from both groups is blind zealotry that glosses over the details. Both camps, in their arrogance, think they own the definition of "freedom" and butt heads without ever acknowledging the critical semantic problems underlying their debate. But on the other hand, do you know what I never see? Statistics of any kind that back up the dramatic claims people make about the effectiveness of these licences.

Re:GPL trumps BSD as a usable open source licence

A claim which is possible but largely lacking in evidence.

Apple dumped gcc to develop clang, Valve is working on a replacement for gdb just to name two on the top of my head. Thank god the linux kernel is stuck with GPLv2 (and a lot of "the GPL does not apply to this interface" handwaving) instead of GPLv3.

Not to say it doesn't happen with the GPL, but it's actually a legal risk to allow it to happen.

It is not, there is no requirement to release modified GPL source unless you publish the binary in a form described by the GPL. There are a lot of "internal use" scenarios where modifications will never be published. The legal risk itself is suspect even when it applies, how much in damages will you get in case you successfully sue BIG_CORP? 2 million times the price per copy $0 == $0, you might get them to release the source after a 10 year court battle.

Re:GPL trumps BSD as a usable open source licence

[GlobalEcho]

there is no requirement to release modified GPL source unless you publish the binary in a form described by the GPL. There are a lot of "internal use" scenarios where modifications will never be published.

Indeed -- every place I've worked in the last 20 years has modified GPL code, and used the modified versions internally, while only rarely publishing those modifications externally. Declining to publish those changes is perfectly legal, and matches Stallman's original intent of the GPL as well -- namely that users have access to the source code of programs they are running.

Over time, many people have come to believe that modifiers of GPL should always publish their modifications. (Some sloppy license readers even believe they must). There's certainly a moral argument there somewhere. But in practice, more modifications are kept quiet than most people realize. In these situations, GPL and BSD are equivalent.

Re:GPL trumps BSD as a usable open source licence

[Ash-Fox]

Uh.... No. You can't take something that is BSD and turn it into not BSD - anymore than you can take GPL and turn it into not GPL.

Clearly you never heard of Wine.

Re:GPL trumps BSD as a usable open source licence

I can take a BSD licensed program and sell it sans code as a proprietary program.

Re:GPL trumps BSD as a usable open source licence

[vilanye]

GPL does not force you to share your code.

The reciprocity in the GPL only triggers when you distribute code.

There is a ton of in-house code linked to GPL code that never get seen outside of that company.

Re: GPL trumps BSD as a usable open source licence

[Cramer]

BSD is the freedom the license gives

That's EXACTLY why people like the BSD license: take BSD licensed code and sell it within their product -- with or without modification, as they aren't publishing code, no one will know what they've done to it. It's what almost everybody does with BSD.

(That's why I call it the "take my code and sell it" license.)

Re:GPL trumps BSD as a usable open source licence

[Burz]

No one's holding a gun to your head, Poindexter. Go ahead and ruin your reputation if you feel its that important to show disrespect to people born into a different background or situation than you.

Cue Linus in 3..2..1

Linus is going to kick these C++ monkeys badmouthing Linux square in the teeth.

Re:Cue Linus in 3..2..1

[mcl630]

Where are they "badmouthing" Linux? All they said was that Linux is over-kill for running a single application within a VM. Linux and OSv are different tools for different purposes.

Re:Cue Linus in 3..2..1

Don't you mean Linux 3.2.1?

Re:Cue Linus in 3..2..1

[0123456]

Where are they "badmouthing" Linux? All they said was that Linux is over-kill for running a single application within a VM.

Considering we used to run Linux and our applications in 32MB of RAM and 64MB of Flash in embedded systems, I have a hard time seeing Linux as over-kill for running anything in a VM. The application will probably require more RAM and CPU than the kernel.

Re:Cue Linus in 3..2..1

[drinkypoo]

Considering we used to run Linux and our applications in 32MB of RAM and 64MB of Flash in embedded systems,

Tee hee. My first Linux box was a 386DX25 with 8MB of DIP DRAM and a 1MB Trident ISA VGA card. I did have a whoppin' 120MB of HDD, though. I have run GPE on iPaq (Familiar) but I've got a 128MB+WiFi CF plus the SD slot.

Re:Cue Linus in 3..2..1

Considering we used to run Linux and our applications in 32MB of RAM and 64MB of Flash in embedded systems,

Tee hee. My first Linux box was a 386DX25 with 8MB of DIP DRAM and a 1MB Trident ISA VGA card. I did have a whoppin' 120MB of HDD, though. I have run GPE on iPaq (Familiar) but I've got a 128MB+WiFi CF plus the SD slot.

Reminds me of my favourite kernel panic message (obviously wasn't my favourite at the time it happened!!)

"NMI received.
Dazed and confused, but trying to continue "

Caused by bad RAM chip.

Re:Cue Linus in 3..2..1

So, now they have a hypervisor, running a bunch of VMs, and they want to make the VM OS thinner, because it's a waste. So once they make the guest OS thin, it wall just basically be a hypervisor, running thin OS which is basically running a single thing.

So, why don't they just run, you know, Linux? What exactly is wrong with Unix processes? Is that not "thin" enough? This "thin VM guest OS thing" strikes me as transparently full-circle. Can someone please explain the motivation behind running a VM hypervisor provisioning all these guest OS's, rather than running a Unix root provisioning a bunch of userspace processes?

Re:Cue Linus in 3..2..1

[martyros]

Where are they "badmouthing" Linux? All they said was that Linux is over-kill for running a single application within a VM. Linux and OSv are different tools for different purposes.

Especially since Linux was the first hypervisor they ported to, and has the best support at the moment.

Re:Cue Linus in 3..2..1

[swillden]

Where are they "badmouthing" Linux? All they said was that Linux is over-kill for running a single application within a VM.

Considering we used to run Linux and our applications in 32MB of RAM and 64MB of Flash in embedded systems, I have a hard time seeing Linux as over-kill for running anything in a VM. The application will probably require more RAM and CPU than the kernel.

We used to run Linux on a hell of a lot less than that. But that was a different Linux.

Zing

[abies]

I wonder how well it will fare against Zing (http://www.azulsystems.com/products/zing/faq)
Azul decided to go with route of extending vanilla linux with some kernel modules to provide extensions for most critical things, rather then replacing entire system and making custom jvm to utilize these extensions. I have a feeling that it is a lot better approach than using custom OS with plain jvm which is not aware of extra capabilities (if there are any...).

Re:Zing

Given the amount of trouble Azul seems to have had selling their earlier offerings (HW and VM shim under JVM) I think the answer is: Poorly.

Running jails/containers/zones

[stox]

pretty much accomplishes the same thing with even less overhead and without adding yet another layer of software.

This is just...

[John+Allsup]

an MS-DOS-alike with an alternative API and support libraries.

Re:So... no separation between system and userspac

[jedidiah]

It boggles the mind that anyone would suggest something like this and then use the excuse of "well we only run on app on a box". That's such amateur hour nonsense. It's like running your cloud apps on classic MacOS or an Amiga.

Just because you've only got "one app", it doesn't mean that you've only got one process.

It sounds like running your 2013 server apps on an OS from 1985 but "in the cloud".

[shake head]

Re:So... no separation between system and userspac

Isn't the point that the VM itself already does the separation?

a C++ kernel

[OrangeTide]

Another refreshing feature of OSv is that is written in C++.
It's been 40 years since Unix was (re)written in C, and the time has
come for something better.
C++ is not about writing super-complex type hierarchies (as some people
might have you believe). Rather, it allowed us to write shorter code
with less boiler-plate repetition and less chances for bugs. It allowed
us to more easily reuse quality code and data structures. And using
newly standardized C++11 features, we were able to write safe concurrent
code with standard language features instead of processor-specific
hacks. And all of this with zero performance overheads - most of C++'s
features, most notably templates, are compile-time features which result
in no run-time overhead compared to C code.

You end up taking the bad with the good. And some features in C++ are worth avoiding when you're outside of a nice big userspace runtime. Like exception handling, especially for classes that use multiple inheritance.

L4 is a microkernel and hypervisor designed specifically to run an OSlib in a virtual environment with very little overhead. It seems to me that some things about L4 are very compatible with visualization, being that most drivers in L4 operate as a virtualized environment rather than a process.

Re:a C++ kernel

[Stele]

Fortunately, with C++ you aren't required to use any particular feature, and don't pay a penalty for anything you don't use.

Furthermore, the alleged performance penalties that a lot of C programmers think exist in C++ actually don't.

Re:a C++ kernel

Then explain why would you use C++ instead of C? If you are just going to cut it down to things C does? If you are going to do things C can't, then you will have the performance penalities. Your statments are not really valid.

I prefer programming in C++, I've also tried kernel programming. Read Linus's comments about C++, they speificily apply to kernels and they are 100% correct. I belive his comments are not valid when doing GUI programming, but he was talking about kernel programming when he wrote them.

Re:a C++ kernel

This:

>Fortunately, with C++ you aren't required to use any particular feature, and don't pay a penalty for anything you don't use.

Does not imply:

>If you are just going to cut it down to things C does?

>Your statments are not really valid.

True, assuming his comments were run through the ridiculous-extrapolation filter that you seem to be running.

Re:a C++ kernel

[bored]

Then explain why would you use C++ instead of C? If you are just going to cut it down to things C does? If you are going to do things C can't, then you will have the performance penalities. Your statments are not really valid.

Because there are cases where you are manually creating a construct in C, that is handled automatically by the compiler in C++.

Take virtual methods for example. The linux kernel is chuck full of structures filled with function pointers. That is a virtual method in C++, except in C++ you don't have to worry at runtime if the function your calling is NULL because the compiler assured that during compile time. This allows micro-optimization, and more natural error handling. Plus, the syntax is standard, so that every 3rd driver writer isn't creating their own version of the same thing.

Then there is generic data structure management. The kernel is full of macros for RB trees, linked lists/etc. Using templates for this allows better micro optimization without the programmer having to get involved.

There are a lot of reasons, and most of the negatives can be answered with, a the simple statement, don't use that feature.

Re:a C++ kernel

> If you are going to do things C can't, then you will have the performance penal[i]ties.

How do you figure that?
C++ has some nice syntax features that the compiler can directly translate into the C equivalent.

Re:a C++ kernel

On the other hand C99 has some really nice features like designated initializers not available in C++11 (especially for low-level programming, where the C++ workaround of "use constructors" simply does not work, since you can't be sure it will end up in .rodata).

Re:a C++ kernel

MINIX is also a microkernel which could be used to be lean with a minimal amount of source code and a BSD license. L4's various implementations have now become commercial with restrictive licenses, limiting its usage by other companies.

Re:a C++ kernel

Take virtual methods for example. The linux kernel is chuck full of structures filled with function pointers. That is a virtual method in C++, except in C++ you don't have to worry at runtime if the function your calling is NULL because the compiler assured that during compile time.

Please explain this and why I can get "pure virtual function called errors in C++. According to you it should be impossible, yet I can find hundreds of pages explaing it and I have done it a few times myself.

The kernel is not full of macros for RB trees, linked lists/etc. Those are libraries that use malloc and dealloc, which when doing kernal programming you really can't use. You will have to write those out specifically using your own memory handler, which means anyone else's library is not valid.

Like I said before, if you can't use C++ features without incurring massive performance penalities that you don't want, so you limit it to what C can do, why use C++. Bonus problem. Write "hello world" in C with stdout, and again in C++ with cout. Now tell me how many orders of magnitue the binary for C++ is larger than C. If you use ANY C++ feature you include the entire C++ library, which you have to rewrite for your kernel to use, while writing libc is trivial in comparison.

Please don't respond with guesses about how things work if you've never done kernel programming and don't understand the difference between that and normal programming. Its fine to want to use C++ for kernel development, but making the claim that its "just as good as C" is an outright lie.

Re:a C++ kernel

Game engines are normally in C++ these days (the core at least; some use a script runtime for game logic), and most I've worked with have exception handling and RTTI disabled.

Re:a C++ kernel

> It seems to me that some things about L4 are very compatible with visualization

Citation? What about this no security, single process model lends itself to doing visualization any differently from the traditional way?

Re:a C++ kernel

There are people who like writing virtual functions tables manually, they are more flexible, you know :).

What are you trying to do, convert C developer to C++? The more he is uses C the harder it is to start using C++ effectively. It's a different philosophy and way of thinking. The same with other languages. For example I don't understand why someone would want to use Lisp...

Re:a C++ kernel

Oh, no doubt c++ lets you f@$k up pretty bad

But in 99% of cases the compiler/linker catches the problem.

And for my experience, my first linux patches were in the '90s, I have code in the kernel of an enterprise unix, drivers running on two more + windows, and I am the author of an embedded RTOS for ARM written in C++.

My day job involves extensive kernel and userspace work, of which a big chunk is C++....

So, I've got a fair amount of experience.

Re:a C++ kernel

wake me when c++ has a reliable standardised abi. i dislike far more of c++ than just that, but that's the killer.

Re:a C++ kernel

You forgot the most important: RAII.
Eliminates tons and tons of goto code or if-then constructs.

Re:a C++ kernel

That is a virtual method in C++, except in C++ you don't have to worry at runtime if the function your calling is NULL because the compiler assured that during compile time.

The kernel is full of structures that have function pointers set to NULL.

Re:a C++ kernel

I wish to point out that virtual functions use a vtable and thus have at least one indirection whereas function pointers can be used as-is.

Re:a C++ kernel

[TheRaven64]

C++ has had a reliable standardised ABI for years. It's supported everywhere except Windows...

Re:a C++ kernel

[swillden]

Please explain this [artima.com] and why I can get "pure virtual function called errors in C++.

Because you were an idiot and called a virtual function from a constructor, which can work, sort of, sometimes, but is always a bad idea.

The kernel is not full of macros for RB trees, linked lists/etc. Those are libraries that use malloc and dealloc, which when doing kernal programming you really can't use.

Huh? The Linux kernel has lots of such libraries, for all kinds of useful data structures which use dynamic memory allocation, though they don't use libc's malloc, obviously. They use kmem_cache_alloc and kmem_cache_free, mostly. And some of them have extensive macro wrappers to make them more or less typesafe, like templates. Take a look at include/linux/btree-type.h for one example. The GP may have overstated his case a bit, but you're just wrong.

Re:a C++ kernel

nd I am the author of an embedded RTOS for ARM written in C++.

My day job involves extensive kernel and userspace work, of which a big chunk is C++....

Poor you!

Re:a C++ kernel

Implementation dependent, but yes.

But it really doesn't matter unless its creating a lot of cache misses. The alternatives (putting the function pointers in the objects directly like is normal practice for C) can also cause excessive misses if there are a lot of instances/structures. So, which one wins tends to be specific to the use case.

The real problem is the branch prediction for indirect calls, which is mostly non-existant and that hits both vtable and direct function pointer implementations.

Re:a C++ kernel

[OrangeTide]

You are required to use C++'s type system, which is different than C's. So what you say isn't strictly true.

Re:a C++ kernel

[OrangeTide]

I can use malloc and free in a kernel. once I've booted up to a certain point. Not a big deal at all.

If I were using C++, I can supply my own new/delete operators. I can even pass parameters to 'new' to set up special attributes.

Now I would never use C++ for a kernel, but memory allocation is not the reason why.

Re:a C++ kernel

There are numerous L4 implementations. Notice that the papers on L4 are more of a guide on how to implement an L4 rather than a manual for a particular implementation. And the licenses cover the complete spectrum (BSD 2-clause to Sleepycat to GPLv3 to commercial)

Re:a C++ kernel

Game developers are a joke.

Re:a C++ kernel

My biggest problem is that it automatically locks you into a particular compiler. Name mangling of functions is not standardized and is allowed to change with different compilers or even different versions of the same compiler.

C++ templates can contribute to bloat by autogenerating code repeatedly. You may wind up with several libraries/modules implementing the same template internally. It may also generate speciailized code (short, int, long) when a generic code (long) would have sufficed. For multi-parameter functions, this can become extensive.

Re:a C++ kernel

[OrangeTide]

virtualization.

It's just syntax.

I followed the link for why they chose C++11.

That's great and everything but it's of no use for the user. C++ is about making things easier for the programmer. ALL languages eventually break down into machine code and you are then at the mercy of the compiler designer as far as performance and efficiency goes.

Rather, it allowed us to write shorter code
with less boiler-plate repetition and less chances for bugs.

No, that's not true. I've seen too many times where folks don't quite understand the C++ feature they're implementing do some really stupid or crazy shit.

Folks, programming languages are just syntax - that's all. Sure, I'd write an OS with C/C++ and NOT with COBOL or Javascript (and some engineers I know think assembly is the ONLY way to go!) but if I'm implementing some high level algorithm, I'm gonna go with a language that I'm most comfortable with because they are all interchangeable at a certain level.

Programming is NOT carpentry where "when you got a hammer, everything looks like a nail".

We have screws and nails and hammers and screwdrivers. Take your pick for how you want to drive it.

Whatever you can do in Perl, I can do Python, C, C++, COBOL, JavaScript, etc ...

Granted, until they put a COBOL interpreter in a browser, I'm stuck with JavaScript for client side web processing, but I think you guys get the drift.

tl;dr: Programming languages are just syntax.- none are really better than another. CS 101.

Re:It's just syntax.

[mark-t]

When a particular choice of programming language makes the resulting work easier for others to understand and maintain or modify, simply because things have been expressed in a manner that is more natural to understand with relation to what is actually being done, "just syntax" makes a HUGE difference.

Re:It's just syntax.

tl;dr: Programming languages are just syntax.- none are really better than another. CS 101.

You can't have certain compile-time safety checks in C. It's not "just syntax" it's also semantics that may prevent you from implementing many bugs.

Re:It's just syntax.

Sounds like someone didn't pay attention in CS 101.

BSD!

BSD is what OSX and thus OS9 Classic is based on! Virtual all old devices and OS's ever (thus software)!

Re: BSD!

where can I download the BSD licensed source code to iOS or osx? please don't post a link to "Darwin" because whatever that is, it isn't osx or iOS since it cannot run iOS or osx apps.

Re: BSD!

Same cmd-line or X11 applications run on both Mac OS X and Darwin. So yeah, same OS. OS X just comes with 'some' extra libraries/applications.

Re:BSD!

[pipatron]

Not sure what you mean by this. OS9 and anything previous to that has nothing to do with BSD.

OSX was a completely new start. "Virtually all old devices and OS's ever" is most definitely not BSD.

fallacy

Ad Populum or Appeal to common practice, with a little bit of Post Hoc thrown in.

Off the pig! Time to get rid of OSs on VMs.

[Animats]

This is a language-support library. It replaces the C runtime system, and the bottom levels of the Java runtime system. For environments where a virtual machine is running one program, or a family of tightly related programs, that's all you really need. The real operating system is the hypervisor underneath and the remote management tools that run the cluster.

Linux, with millions of lines of code, just isn't doing much inside a VM. It's not managing the memory. It's not handling real devices. It's not handling real interrupts. It may not even be managing any file systems - in cloud environments, those are usually out on some storage area network. It's just a big fat pig of an OS that needs to be fed patches and attention to keep it going, while not doing any useful work.

Within the virtual machine, there are no security boundaries. This may be a problem if more than one application is running in the VM. But if you only have one big program with many threads running, the OS isn't doing anything for you in security anyway.

Re:Off the pig! Time to get rid of OSs on VMs.

[TechyImmigrant]

So it's like DOS running on a VM. Yay!

Re:Off the pig! Time to get rid of OSs on VMs.

There's something to be said for that level of simplicity, so long as it has a "responsible parent" around to keep it in line. Which is the hypervisor's job.

Re:Off the pig! Time to get rid of OSs on VMs.

[H0p313ss]

But it's "in the cloud"!

"I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror, and were suddenly silenced. I fear something terrible has happened."

Re:Off the pig! Time to get rid of OSs on VMs.

[Dimwit]

A very large number of cloud servers out there are running a bunch of Java applications inside a single application server inside a single JVM. The entire Linux kernel, virtual filesystem, daemons, user commands, etc, are just along for the ride. Having a barebones operating system that is just enough to run a JVM application server would fill a need for a lot of people. It's not a panacea and it's not the right choice for most virtual servers out there, but for some it makes a whole lot of sense.

I find it funny that some people just *hate it* when new things come out that do something in ways different from how they've done them in the past. In the thread on GNOME and Wayland below, some people just can't understand why we shouldn't continue to use X11 for the rest of eternity since it works now. Some people in this thread don't understand that even though Linux works well for virtual servers, sometimes for some applications, this might work better -- and that it's okay that that's how things are!

Re:Off the pig! Time to get rid of OSs on VMs.

So get rid of the VM and use a real OS instead.

Re:Off the pig! Time to get rid of OSs on VMs.

[tftp]

The thing they have "invented" is called RTOS. Typically, an RTOS is a simple kernel that is not using any memory protection features. That's how they started, at least - but over time some RTOS got separation between userspace and kernel space. VxWorks, for example, offered that option back in the year 2000.

Separation of one and the other is not just needed to protect from hackers. It creates a stable, reliable supervisor ring (hello, SVC command from IBM/360!) that can do whatever it wants to the userspace, whereas the userspace can't do anything to the supervisor. This allows the kernel to start, stop and monitor userspace applications, guaranteeing system integrity. If you don't have that, any bug, anywhere, can create unpredictable and undetectable faults within the system - and you will never know until the thing crashes horribly, which will eventually happen.

Re:Off the pig! Time to get rid of OSs on VMs.

[sourcerror]

Except it's multitasking, and can handle more than 640kB of memory without arcane magic.

Re:Off the pig! Time to get rid of OSs on VMs.

I find it funny that some people just *hate it* when new things come out that do something in ways different from how they've done them in the past.

New? Check out this small startup company then: IBM.

Re:Off the pig! Time to get rid of OSs on VMs.

They have 'invented' no such thing, unless on bare hardware their operating system is capable of hard or soft-real-time commitments.

RTOS doesn't mean what you think it means.

Re:Off the pig! Time to get rid of OSs on VMs.

Linux, with millions of lines of code, just isn't doing much inside a VM. It's not managing the memory. It's not handling real devices. It's not handling real interrupts. It may not even be managing any file systems - in cloud environments, those are usually out on some storage area network. It's just a big fat pig of an OS that needs to be fed patches and attention to keep it going, while not doing any useful work.

Yeah!! If only they'd taken a modular approach so you could leave out the modules that you don't use!
Oh wait a minute...

Re:Off the pig! Time to get rid of OSs on VMs.

[tftp]

I think I have a good idea what an RTOS is, having worked with them for about 15 years by now. I understand what you are saying; however it's backward. An RTOS, even on as simple as FreeRTOS, will do just fine to run "an application" in a VM. The fact that an RTOS usually comes equipped with real-time capabilities will not hurt anyone.

So, in other words, you are right - they may have not invented an RTOS - they haven't gotten that good yet :-)

Re:Off the pig! Time to get rid of OSs on VMs.

Not the first and not the last project like this. To mention just 2:
HaLVM
Mirage

Re:Off the pig! Time to get rid of OSs on VMs.

[TopSpin]

The entire Linux kernel, virtual filesystem, daemons, user commands, etc, are just along for the ride.

A JVM relies heavily on a kernel for scheduling, storage (journalling, RAID, LVM, etc.,) network stack (IP stack, filtering, bridging, etc.) and virtual memory management, at least. All of those capabilities must exist; they weren't created because someone was naive. Either they land in some library used by the guest JVM or they land in the hypervisor.

This isn't to say the now 40 year old IBM LPAR model is wrong. It clearly works, and VMWare is independently evolving into the same thing. But there are some exaggerated claims of simplicity being offered here.

The fact is recent x86 CPUs and chipsets have gained powerful virtualization capabilities, including hardware accelerated IO, MMU and interrupt virtualization. This stuff only began to appear in x86 hardware in late 2005 with important new capabilities such as VMCS Shadowing appearing as recently as Haswell (circa June, this year.)

It isn't surprising that people are creating hypervisors to leverage this power. When hardware manufacturers give you a powerful virtualization platform the question is do you use a legacy OS retrofitted to utilize it[1] or adopt something supposedly better by virtue of being built with hardware virtualization as a given.

Stay tuned.

[1] FreeBSD 10 offers the bhyve type 2 hypervisor the relies on VT-x + EPT. It can virtualize x86, like VMWare could do in the late 90's, but FreeBSD hasn't had to synthesize a virtual sandbox from scratch because the hardware provides the hard parts, and the end result is superior.

Re:Off the pig! Time to get rid of OSs on VMs.

Has been since VM/360 and DOS/VSE.

Re:Off the pig! Time to get rid of OSs on VMs.

Start thinking about the VM as a whole as a single process, if that single process (VM) crashes then a new one is spun up by the process that is watching these VM's come and go. Instead of spinning up a single VM to run 10 processes that all need to be watched and can possibly cause each other harm you spin up 10 VM's, now you watch those, and since they are isolated from each other they can't interfere with other running VM's (processes).

If a fault simply causes a single process to go away, it doesn't matter it can get restarted. So your hypervisor is the supervisor, it is the supervisor ring.

Re:Off the pig! Time to get rid of OSs on VMs.

[tftp]

Unfortunately, the VM cannot monitor what's happening inside. It is happy to execute NOPs from here and forever. A kernel, however, with even the most primitive MMU, can detect the crash. If there is no crash, the kernel can run another process - in isolation from the main one - that would be monitoring the main process through some IPC.

In other words, there is a reason why Windows 95 is no longer popular.

Re:Off the pig! Time to get rid of OSs on VMs.

But this is cooler because its written in modern C++! And who cares if theres a difference between a kernel and a hypervisor... it runs on the Cloud! ...

Re:Off the pig! Time to get rid of OSs on VMs.

[TheRaven64]

No, what they've 'invented' is called a LibOS, and in combination with the hypervisor is called either a separation kernel or an exokernel, depending on which community you're in. And they aren't claiming to have invented it - academic literature is full of them - they're claiming to have implemented one that is BSD licensed, available now, and runs existing Linux binaries.

Re:Off the pig! Time to get rid of OSs on VMs.

[childproof]

That was the first post on topic down the list.
Thanks.

Re:Off the pig! Time to get rid of OSs on VMs.

[MiSaunaSnob]

But I have a ring of arcane magic.

Re:Running jails/containers/zones

[Mysticalfruit]

I was just thinking the same thing... If you're running linux with KVM as your hypervisor... Why is this better than Red Hat's Open Shift? That way you get your cake and you get to eat it too.

It was only a mater of time..

With virtualization becoming pervasive I wondered how long it would be until people started looking at the bits of an OS that were rendered legacy because they were required for running on "bare metal". When you think about it, visualization really is a bit of a hack. You're faking computer hardware so you can segment systems for all sorts of useful reasons.

Of course, parts of that are slow so we optimize the OS so it behaves better as a guest, invent technologies like paravirtualization that shunt data past slower virtualized, emulated, and translated mechanisms.. And now we have an OS that's exclusively designed to be a single purpose guest OS and not run on bare metal at all.

If we continue down this path, and continue to shed redundant OS-isms, won't VMs just become self contained jailed applications running on a host OS? Then you have to wonder if they'll start hosting common resources on the host system (Like a networking stack). Just like applications on a traditional OS :p

Re:It was only a mater of time..

[ebno-10db]

With virtualization becoming pervasive I wondered how long it would be until people started looking at the bits of an OS that were rendered legacy because they were required for running on "bare metal".

About 41 years ago: http://en.wikipedia.org/wiki/VM/CMS

Re:So... no separation between system and userspac

[bagboy]

So now I need 12 vm's to perform the same tasks that one vm with 12 apps used to be able to perform? No thanks.

say... WHAT?

[wierd_w]

Did they really just say that they removed the insolation between kernel and user spaces?

(Re-reads. Yup. That's what they said!)

Oh dear gawds. Do they not realize that this makes their processes naked little unprotected things in a dimly lit room, that are going to be savagely raped and abused by the first rogue process that comes along?

Do they have no conception of why the two spaces are kept apart!?

No thank you, I will refuse to conduct business with any agency that uses this platform, thanks. We have a big enough problem with identity theft and wire fraud as is. I don't want to encourage such a horrifically stupid idea by giving some dumbass led company my business.

Re:say... WHAT?

[phantomfive]

In this scenario, processes are kept apart by VMs. They are basically trusting VM security instead of Linux Kernel security (or rather, instead of two layers of Linux Kernel security).

Re:say... WHAT?

But there's still isolation between the VM and the hypervisor, and between VMs. If you run one app per VM, that's enough.

Re:say... WHAT?

[0123456]

Indeed. They've basically re-implemented the amazing idea of running multiple applications on one machine with a security layer to stop them from interfering with each other.

If they don't have any real security inside the VM, they might as well just get rid of it. The underlying OS will probably be Linux anyway, so they're trusting Linux security in the first place.

Re:say... WHAT?

Did they really just say that they removed the insolation between kernel and user spaces?

(Re-reads. Yup. That's what they said!)

Oh dear gawds. Do they not realize that this makes their processes naked little unprotected things in a dimly lit room, that are going to be savagely raped and abused by the first rogue process that comes along?

Yes they do. That's why their system monitor includes the 'Oneway Glass' hyper-viewer for when you want to watch.

Re:say... WHAT?

[wierd_w]

A single process can contain multiple threads. Without some level of protection there, this kind of thing could be more vulnerable to code injection attacks, allowing a perp to own the whole VM. If they do this without upsetting the process in any visible way, they can now just soak up all the data that the VM is having shoveled through it.

Without a kernel space inside the VM looking for untoward behavior from the threads in userspace, and enforcing restrictions on who owns what resources, this is a recipe for trouble. The compromised thread can walk all over the vm's memory, and report whatever it wants to the hypervisor. In this case, the goal isn't to escallate, the goal is to compromise the vm and lay dormant. An actual, real VM with a seperate kernel space keeps important parts of memory secure. Like the data reporting and monitoring threads.

They just removed a whole layer of security. It may well be mostly redundant, but given the stakes involved, redundant security features can actually pay off.

The honor system doesn't work when the threads stop being honorable.

Re:say... WHAT?

[Narcocide]

Shh!!! You're foiling the NSA's plan!

Re:say... WHAT?

[shutdown+-p+now]

A single process can contain multiple threads. Without some level of protection there,

I hate to break it for you, but there's no level of protection between threads in a single process, on Linux or any other mainstream OS. Threads are, by definition, sharing the address space, so any thread can crap over any other thread.

Re:say... WHAT?

how did you get modded up. there is no protection between threads in a process. It is all shared address space. If you were deluded into thinking there was some security layer there then I hope to hell you are neither a programmer or an administrator setting systems up.

Re:say... WHAT?

javascript... ???

chuckle

Re:say... WHAT?

[TheRaven64]

The main advantage of VMs over processes is that they have a much smaller amount of OS state. In a VM, almost all of the state is within the VM. There's a tiny amount for the PV devices, but that's it. In a POSIX OS, even the state associated with the file descriptor table is huge and then there are things like locks that are blocking in the kernel and all of the state that is associated with the scheduler and so on. If you want to move a process from one host to another, it's decidedly nontrivial, especially if it has open files and sockets. Hypervisors, however, are designed to suspend, resume, clone, and migrate VMs.

XKCD is relevant...

[MetricT]

http://xkcd.com/927/

Re:XKCD is relevant...

[H0p313ss]

"Those who don't understand Unix are condemned to reinvent it, poorly." – Henry Spencer

Re:XKCD is relevant...

They're not trying to reinvent Unix, they're trying to increase performance by nearly removing context switching and TLB cache page misses. The assumption they make is that it requires a JVM, but their targets all use JVM. It's a JVM accelerator that makes it easy to manage hundreds of thousands of computers as a single resource pool.

Re:XKCD is relevant...

[rachit]

I was thinking more on the lines of:

http://xkcd.com/1200/

more cool technology from Israel

OSv, Intel Core i7, ICQ, the cherry tomato, more Nobel laureates than anyone else, the list goes on and on. They even invented a truck that lets soldiers spray foul smelling liquid on Palestinian homes just by pressing a button from inside the confines of an armored cab. Previously, solders had to risk their lives to break down doors and personally defecate on the floors.

Re:So... no separation between system and userspac

[Jherek+Carnelian]

Given that this is a special-purpose OS, intended for one-app per VM situations I think it is a perfectly reasonable assumption to make.

Re:So... no separation between system and userspac

[gl4ss]

well only that app's should be accessible from outside.. if you're worried about breaking out from that app, what are you going to get into that you wouldn't get into in linux? unlimited access to /dev/? who cares when it's sandboxed? I mean, I don't see any need to run anything else on it - it could _really_ be running just one app, if you had your email inbox in there you would be doing it wrong. to get something you wouldn't get on a normal linux box you would need to break out of the vm, no? and that sounds like a bigger barrier than elevating your user on a normal linux installation..

Linux in the Cloud is being replaced?

So let me get this straight: There is a "Linux in the Cloud" and somebody wants to replace it with something else?

DO NOT TRUST THE CLOUD!!!

[FudRucker]

since the NSA is so good at cracking encryption and likes to spy on everybody and the US Govt is fascist in nature that means all the good ideas for new products will be stolen and given to government cronies in the private sector

Re:Running jails/containers/zones

[Aguazul2]

With a container you still have the kernel-user boundary to cross on each syscall. I guess with OSv you could potentially optimise the whole OS, libc and application down into a single binary. Yes, it's interesting how this is developing -- Docker as well. Having lightweight containers or OSes like this is really taking off. I guess there may also be a bit more guaranteed isolation running it with OSv, less risk of a kernel bug leaving an exploit path, i.e. the isolation is at a different layer.

Good luck!

Hey, good luck with that kids. Linux continually replaces itself on a regular basis. Its closest competitor in terms of pace of advance is FreeBSD. Various commercial entities have tried and failed to keep this pace. The landscape of Big Data is littered with GPL-violating Linux rip-offs in development stages ranging from Neglected to Fossilized.

A better investment is to bribe Linus Torvalds to rename his kernel to "OSv".

Re:Good luck!

[Brian+Feldman]

OSv certainly appears to be a derivative of FreeBSD (see https://github.com/cloudius-systems/osv/tree/master/bsd).

Wow, LOTS of Haters

No surprise, this is /., but have any of you who commented on how shitty this OS is actually looked at it and asked the developers questions before running your know-it-all mouths? This place has really degraded to a shitfest with monkeys flinging feces on any and everything. These guys clearly worked their asses off and produced something novel, yet the small-minded know-it-alls here declare it worthless without even spending any time to look at what was done. You fucks make me sick.

Re:Wow, LOTS of Haters

No WiFi, less space than a Nomad, lame.

Re: Wow, LOTS of Haters

This.

Re:So... no separation between system and userspac

[vidnet]

Just because you've only got "one app", it doesn't mean that you've only got one process.

If you have multiple, semi-related tools, you currently wouldn't run them as different threads in the same process. Why put all your eggs in one basket, having to restart them all at once, letting one rewrite the memory of another, when starting a new process is so cheap?

Now, if you have multiple, semi-related tools, you wouldn't run them as different processes in the same VM. Why put all your eggs in one basket, having to schedule them all on the same hardware, letting one misbehaving VM affect all of them at once, when starting a new VM is so cheap?

We don't use separate processes because it's the best imaginable model of systems design. We use it because it's been the best compromise between separation and efficiency.

Re:So... no separation between system and userspac

[K.+S.+Kyosuke]

So now I need 12 vm's to perform the same tasks that one vm with 12 apps used to be able to perform? No thanks.

Isn't that what IBM has been doing with VM/CMS for decades? If you have deduplicated physical memory pages, what's the problem with that? (For that matter, am I the only one to whom this looks like a remake of VM/CMS?)

Re:So... no separation between system and userspac

You get access to the configuration which can then relay any incoming data to some outside target.

There is also no controls to restrict what that application can do - how would you like it if it was replaced with a shadow server giving out child porn...

You would be liable, and with no mitigating capabilities.

Sorry, you're wrong.

When a particular choice of programming language makes the resulting work easier for others to understand and maintain or modify, simply because things have been expressed in a manner that is more natural to understand with relation to what is actually being done, "just syntax" makes a HUGE difference.

You are a hiring manager or HR person, aren't you. Someone who's clueless about how to really do things - or just a programmer and not someone who was trained in Computer Science or Engineering.

Then you are working with 'tradesman" and not trained computer scientists.

Someone who is skilled in C can pick up Perl and C++ quite quickly, Someone who's skilled in C++ can pick up Java, JavaScript and C# overnight. It all comes down to just syntax and it doesn't make anything easier or harder.

I find it funny that I mention say "It's just syntax" when that was exactly what was drilled into my head in college by me CS professors.

Hug, I see all of this CS is NOT IT or programming here on Slashdot and yet, I see the parent and GP modd'ed as if it were.

Algorithms are what's important.

Re:Sorry, you're wrong.

[mark-t]

Implied ad-hominems aside, while I am "just a programmer", I did receive formal CS training. But that is neither here nor there.

I won't dispute that there is no one language that is going to be ideal for solving all problems, but it's entirely erroneous to presume that for certain types of problems, some languages are going to be better than others simply because the syntax of the language makes the solution more elegant to express and makes the resulting source code easer to understand.

This ease of understanding almost immediately translates to a faster development cycle, resulting in the end user receiving the product earlier, and in general will also mean that the software is less likely to contain unknown bugs (barring unknown bugs in the language implementation on the target architecture or bugs in the software development environment itself), so those choices can even impact the end user, even though they are unlikely to necessarily understand how, or even necessarily be aware of them.

Just because you *CAN* do the same thing in any imperative language that you can do in one particular one does not mean that they are all equally good choices, Choice of programming language should be less about making everything look like a nail because all you have is a hammer and more about picking the right tool for the right job.

Your prof was right... language choice is "just syntax"... but in the real world, "just syntax" makes a world of difference.

Re:Sorry, you're wrong.

Algorithms are what's important.

Yes, but that's not where the rubber meets the code. It's faster to get good, working code out the door with C++ than C. If you don't ship, it doesn't matter what language you would have used.

Re:Sorry, you're wrong.

[bored]

Someone who is skilled in C can pick up Perl and C++ quite quickly

Spoken like someone who hasn't actually programmed in C++. I was very good in object pascal, C, and quite a number of other languages when I first started programming in C++.

Lets just say that "quickly" isn't a description I would have for myself or anyone I've ever met when it comes to how long it takes to "pick up C++". Sure, you might be able to write some code in C++ after a couple days, but that code probably isn't worth the price of the storage your using for it. I would guess it takes upwards of 3 or 4 years before a C++ programer is good enough not to be making absolutely stupid mistakes on a daily basis. This is especially true for Java programmers who waltz in and think they know how to program in C++ because the syntax is so similar. The results are usually buggy garbage that compiles but won't run for long.

Heck, after nearly 20 years, I still look at code I write on a daily basis and go WTF was I thinking yesterday when I decided to do that! Or my co workers do it for me during code reviews.

Re:Sorry, you're wrong.

[Vlijmen+Fileer]

"Computer Science or Engineering". When do programmer boys -also the "professor" ones forever walking the halls of "computer science" "universities" finally get it: /Nothing/ in or around computers is science. It's just and only a craft.

Your text is misleading; the difference is only between worse and better craftsmen.

Re:Sorry, you're wrong.

C++ allows for much better modularity and for programming on a higher semantic level than C. This boosts security, productivity, correctness and sometimes even performance. But yeah, you need to know algorithms and complexity, you need to know how the machine will implement your stuff, you need to know the machine itself and its performance characteristics. C++ does not magically improve the efficiency of an idiot. But the same experienced guy doing C and then C++ will be significantly more productive in C++, there is little doubt.

Re:Sorry, you're wrong.

[mark-t]

Just because it's a craft doesn't mean it's not a science. In fact, many things that are commonly more strongly associated with being art have an amazing amount of science behind them... music being the most notable that I can think of right off the top of my head.

Re:Sorry, you're wrong.

Correct assessment. If you are not coached by an experienced, skilled C++ engineer, you will easily take 10 years to become a skilled C++ development engineer. But there are lots of books and courses about "proper C++", and "C++ dos and don'ts". There are people who solely specialize in this C++ training activity.

High performance requires extensive training. Very much like a medical doctor or a fighter pilot.

Re:Sorry, you're wrong.

You know when you're competent at C++ when you'd shoot yourself on the foot rather than use it voluntarily.

Re:Sorry, you're wrong.

It all comes down to just syntax and it doesn't make anything easier or harder.

Wow, that is the most naive and ignorant statements on programming languages I've ever read. Have you actually ever programmed a non-trivial piece of software? I mean, something other than:

std::cout "Hello, World!" std::endl;

Re:Sorry, you're wrong.

Right. After a day, all you have picked up on are the syntax differences. If that's all that a person thinks that programming is, then that person should perhaps avoid deriding others' skill and wit. Well written examples of JS and C++ code should not be similar.

Re:So... no separation between system and userspac

[Penguinisto]

That's well and good, until you realize that a typical email server usually has an MTA (postfix, courier, sendmail, whatever), some sort of spam trap/filter (in addition to external ones), maybe a means to more efficiently handle distie lists, SASL auth (postfix typically handles that nowadays, but...), and probably some sort of webmail thingy. That's way more than "one app".

Same with Apache/Tomcat/Whatever - you've got the web engine underneath, the Perl/PHP/Ruby/Python/Java/JavaScript based "app" (or, multiple apps, if you're using some generic CMS as a framework base), the interpreters to handle them all, the DB (or some client-ish means to reach one, such as MQ, ODBC, whatever), openSSL (or some means of handling certs and encryption)... again, way more than just "one app."

Also, speaking of databases, if I can compromise the kernel on the server running that "one app", I can crawl through that "one app", get kernelspace, pop in a shadow app to do whatever I want (and bury it nice and deep - go ahead and sort it from all the other kernelspace files in there w/o a decent IDS)... and long story short, you'd never know I did it unless you paid very close attention to your monthly bandwidth bill.

At least with some separation, a compromised userspace-only "app" is as far as you get. You can pop PHP but not apache (on a properly-built box)... oh well - just have to fix/replace the content. Without that separation, a violated box may well have a keylogger (or similar stdio-copying setup) installed for the express purpose of capturing what you do when you do realize that box is compromised (or even if it you don't...)

Re:So... no separation between system and userspac

As a developer one could also worry about stability. If a stray pointer can mess with the TCP stack and other essential sytem services running without memory protection, this sounds like a huge step backwards in productivity. Or do they assume, that programs are developed and debugged in real operating systems and only then deployed into the "cloud" when they are bug free?

Re:So... no separation between system and userspac

John C. Dvorak stated in 1996: "The AmigaOS remains one of the great operating systems of the past 20 years, incorporating a small kernel and tremendous multitasking capabilities the likes of which have only recently been developed in OS/2 and Windows NT."

So be careful when linking Amiga with classic Mac...

BEA did it !

[ze_jua]

In 2006 BEA had this kind of bad idea, with a VMware based hypervisor hosting a JVM/OS hybrid to run Weblogic processes.

Original article found: there

Re:So... no separation between system and userspac

Maybe you want to be able to control whatever is running in the VM.
How do you propose to do that if you don't have sshd or something similar running inside it?

If you're just going to spawn a new VM for every single program you might as well just run all those programs on the physical machine.

So no benefits of C and all the bugs/problems C++

So this has none of the benefits of C, and all the bugs and problems of C++. C++ forces people away from clean procedural programming, and toward 'computer do it for me" and "I guess it will be ok" highly abstract object oriented rubbish. I would rather tell the computer "do this, then this, then this", rather than "one of these things but hopefully the first, then the second, then the third, other wise bad things happen if you guess incorrectly". Watching a destructor function unravel a stack for example. You can write something that happens to work in C++ if you want, I would prefer something that *absolutely works for sure* in C.

Re:So... no separation between system and userspac

[bws111]

Nope, you're not the only one. That's exactly what I thought too.

Re:So... no separation between system and userspac

You are criticizing a hammer for not being a very good nail file.

What kind cloud platform gives any single VM any kind of privileged access? You need to take a second look at your cloud platform if its that big of a pile of shit. If you have that problem then you're already up shit creek regardless of what OS you're running inside the VM. If the cloud platform sufficiently isolates the VMs then problem solved at a different level. True, you don't get user space isolation within each VM, but there are lots of systems that don't need it because the architecture is designed with the assumption that the VM is the unit of isolation. If it is designed that way, then it doesn't benefit from user space isolation, and thus it is just a performance black hole.

If you instead, took this OS and tried to run umpteen different things on it, then you sir are an idiot because it was not designed for such a purpose. Sometimes you need a hammer, sometimes you are an idiot trying to use a hammer for something it wasn't intended.

Re:So... no separation between system and userspac

"just have to fix/replace the content": You wouldn't typically deploy PHP in this way to a cloud architecture. If you're going into individual VMs and messing around with files then your wasting your time and someone else's money. You should be able to kill VMs and spawn new ones without any concern for the contents of those VMs. You should NOT be building VMs in the same way you would build a dedicated server.

Re:So... no separation between system and userspac

[pipatron]

The important thing that the Amiga OS lacked, when compared to a more "modern" operating system was memory protection. Simply because it lacked the necessary hardware to enforce it.

Sadly, there was no provision for implementing any separation even when the necessary hardware was available, which it was on some of the later/high-end models.

Re:So... no separation between system and userspac

So now I need 12 vm's to perform the same tasks that one vm with 12 apps used to be able to perform? No thanks.

Why not? Maintaining a hundred VMs is easier than maintaining a server OS safely running ten unrelated apps under one roof.

Do you run each application with it's own UID? How do you keep one from hogging all the memory? Network IO? Disk IO?
Is each running on its own disk partition? Do you configure disk quotas for your apps? Do you allocate a unique service IP to each app?
How do you manage a cluster of such multipurpose systems? Can you move an application from one node to another easily?
I won't even ask if you can do that without interruption...

Running 12 unrelated apps on one system is almost pointless these days, because server operating systems have stagnated to a point where it's best to just ignore them, popping them out of cookie cutter build servers - one per app, and let the VM software handle isolation and resource sharing.

We really need something like Android or iOS for servers. Low overhead, easy to attach to a configuration management system, and interchangeable. It's not rocket science... operating systems need to present a hardware layer to the application layer and get out of our way. Currently they really fail doing at that.

- Puppet & MCollective admin

Born from Linux

It was compiled in Linux,
but it's not linux,
isn't that weird?

Why use Java?

[seyfarth]

If you're having performance issues, then C++ would offer a more efficient solution. Why jump through all these hoops to boost Java performance? Just use C++ and get twice the performance instantly with Linux. I tend to agree with the AC that the language issue is overblown. With practice programming is about the same level of difficulty with most languages. C++ does a pretty good job at compile time checking, interfaces directly with the system calls and offers nearly all the performance you can get from the computer. (AVX instructions can be done quite well in assembly, but most cloud apps would not benefit from using AVX.)

Unless you have substantial computation or disk I/O, I would expect the bottleneck to be the network. With compute bound apps the OS is irrelevant. Likewise with I/O devices the time spent in system calls is dwarfed by the disk speed.

Re:Why use Java?

[shutdown+-p+now]

If you go around telling your clients that they are idiots for using Java and should just switch to C++, you'll be out of business pretty quickly, regardless of whether it's true or not.

As to why they would want to use Java... it's because there are far more reasonably god Java developers out there, and they are cheaper, too.

Re:Why use Java?

[radish]

If you're having performance issues, then C++ would offer a more efficient solution. Why jump through all these hoops to boost Java performance? Just use C++ and get twice the performance instantly with Linux.

That isn't true (in the general case) and it hasn't been for many, many years - can't tell if you're trolling or just ignorant. There are plenty of operations for which a JVM is actually faster than a C process (for example, Java new() is faster than malloc()), and Hotspot runtime optimization has access to a lot more information about how code is actually being used than static compile time optimization - the difference that makes can be remarkable.

Java isn't the right tool for every job, but neither is any language, and there are a great many applications out there for which converting to C++ (for example) would not give any kind of performance boost (and may even be slower).

Re:Why use Java?

[VortexCortex]

Java new() is faster than malloc because it's caching memory. C obcache is faster than Java new() and if you extend C or C++ with garbage collection / memory caching instead of making slow kernel calls to allocate more memory then C and C++ win over Java. You picked the WORST possible speed comparison.

Further, Runtime Optimization DOES NOT have more information about how the code will be used. Many hosting environments have GCC (even crappy shared hosts), with which you can build your program --MARCH=native to take full advantage of the specific hardware opcodes, spend a good long time crunching the code once, then just pre-fork or VM pre-image if you're at that layer... What more can you know about the environment than the architecture and source code?

Even still taking advantages of those opcodes is a marginal benefit at best. Just In Time / lazy compilation has to be FAST it can't consider all that data it supposedly has access to -- Even if the compiler were SENTIENT and creating ASM "by hand", it would still be bound by the processor time it must spend before the code is executed. So, to optimize this, what do Enterprise VMs do? PRE COMPILE the code STATICALLY...

Here's one for you: The insane emulated floating point numbers as integers in Java. Java makes ridiculous garauntees about the behavior of floating point numbers -- The hardware may actually have 160 bits or 80 bits or 40 bits backing the 128 or 64 or 32 bit floats, yielding higher precision than the strict power of two bitwidth, and offer floating point calculations in a single clock cycle vs Java's emulated multiple integer compare and shifting and what not. It's fine to have a way to garauntee the accuracy of some floats, but that's what bignum libs are for. In Java I'm prevented access to the high performance FPU and not everything is a damn financial calculation requiring high precision or exact repeatable results on different hardware. JNI? Oh, well, yeah, of course, I can just write the whole thing in C then, eh?

Don't get me wrong, if you have to integrate code with existing Java, then Java is the right tool for the job... However, I'd put you to task to find any other job that C or C++ would be slower at. Keep in mind that I have a garbage collection and collections libs (including hash map) for both C and C++. When you get up beyond the low level stuff where C and C++ can kick Java's, hands down (because at the end of the day it's just machine code, which C/C++ compiles to) then the choice of algorithm is where the performance gains are found.

Java wins in portability, for when you want to re-use software on various platforms and the vendor is so much of a dick that they won't give you the sources... It's also a language encumbered by Oracle and trademark BS. In my world, where the source runs freely, the dark side of bytecode can go fuck itself.

Re:Why use Java?

[ebno-10db]

Why jump through all these hoops to boost Java performance?

Because Sun's marketing department was better than AT&T's marketing department.

Re:Why use Java?

[ebno-10db]

There are plenty of operations for which a JVM is actually faster than a C process ... and Hotspot runtime optimization has access to a lot more information about how code is actually being used than static compile time optimization - the difference that makes can be remarkable.

Very interesting, and oft cited as a defense of Java's speed. Now show me the benchmarks.

there are a great many applications out there for which converting to C++ (for example) would not give any kind of performance boost (and may even be slower)

Actual experiments and measurements?

Re:So... no separation between system and userspac

[drinkypoo]

It boggles the mind that anyone would suggest something like this and then use the excuse of "well we only run on app on a box". That's such amateur hour nonsense. It's like running your cloud apps on classic MacOS or an Amiga.

Their premise is that you'll write your app as a series of separate servers. Then you'll deal with inter-server security instead of inter-process security. If two processes are basically parts of the same program anyway, you can run them on the same server so they can share memory.

I think it's a silly idea, but it's not an inherently bad one. It might well make sense for some kinds of workloads. Until we get back single system image clustering on Linux (there was OpenMOSIX) this might help some people.

Re:So... no separation between system and userspac

[cheater512]

How the hell are you running a remotely exploitable email server?
Since this OS is designed to only run one program there is nothing else to exploit.

D'OH hit submit too soon!

[mark-t]

I'm missing a very important 'not' in the second sentence of the second paragraph there... between the words "are" and "going"

Re:Running jails/containers/zones

pretty much accomplishes the same thing with even less overhead and without adding yet another layer of software.

They are on the right track, but it's hard to compare managing jails/containers/zones to managing a VMware environment, for example.

The reason VMware exists at all is because server operating systems have been lagging so far behind what people need. It certainly didn't get to where it is from people needing two run DIFFERENT operating systems on the same hardware, it's because whichever system you use can't do what VMware does as easy as it does it.

What other OS quickly installs to an integrated shared filesystem, does cluster-wide isolation/sharing/balancing of most major system resources, and can move running applications from one node to another in a cluster with almost no impact?

You can't just strap two Solaris, RHEL or Windows hosts together like you can some ESX hosts.. think about it.

Re:So no benefits of C and all the bugs/problems C

You are holding your C++ "howto" book the wrong way. Of course you need to be highly educated to properly use C++.

But if you have reached that level, you can do things like generic container classes which have bounds-checking, for example. Or your own string class with similar properties. That will immediately kill about 30% of current exploits, as they depend on all the shitty aspects of *real-world* C software-engineering.

Security is by now the most important issue in applied computer science. C++ helps you towards that in a way C can never do.

Well it's about time!

I'm glad these guys figured out what was holding back people from embracing The Cloud and came up with a solution...
It was the goddamn latency from the userland-kernel isolation and all that pesky C and Assembly code in the kernel!
Good work fellas! I can't wait to experience these amazing performance increases over my dial-up connection! ;)

Re:So... no separation between system and userspac

[MightyYar]

You get access to the configuration which can then relay any incoming data to some outside target.

IANASA (systems administrator)... but why would this matter? Presumably the host OS would restrict the ports this thing can use. A compromised app on Linux with access to the world on some port could relay any incoming data to an outside target as well... right?

VMware is for pussies

People who do real computing dont need/use VMs. Why? Because the performance is shit. The whole VM/cloud business is complete garbage IMO and the omly people its going to be useful to are shitty little webapps that arent big enough to be considered useful or important. The business is based on hype and youre all drinking the cool-aid.

Regards
Linus

Re:VMware is for pussies

[ebno-10db]

Regards
Linus

Linus actually stating a firm opinion? How unusual.

Re:So... no separation between system and userspac

[Nyder]

It boggles the mind that anyone would suggest something like this and then use the excuse of "well we only run on app on a box". That's such amateur hour nonsense. It's like running your cloud apps on classic MacOS or an Amiga.

Just because you've only got "one app", it doesn't mean that you've only got one process.

It sounds like running your 2013 server apps on an OS from 1985 but "in the cloud".

[shake head]

http://jsmess.textfiles.com/

That emulates a bunch of old computers, even 1985 ones. Runs on the cloud. Just need some server apps for any of them now...

Re:So... no separation between system and userspac

[MightyYar]

It was also single-user, was it not?

cgroups?

[blackiner]

Couldn't you get the same effect by running multiple processes in different cgroups? Sounds like that is really all this is, since the host OS is probably still linux...

Re: cgroups?

[childproof]

This is one possible solution but you have to convince your it department, who is in love with VM's to accept that.
I don't have a solution for that.

Re:So... no separation between system and userspac

More like: How to manage 10,000,000 VMs over 100,000 servers in a sane way.

Once you have that many machines, you don't micromanage anything.

Re:So... no separation between system and userspac

[kko]

LOL! That JS emulator is awesome! But an Osborne with no MSBASIC is no fun!

Re:So... no separation between system and userspac

I'm not a kernel hacker, but I have the impression that "this" is to Linux as MS-DOS is to (the various) nt-kenel operating systems.

Any thoughts?

Re:So... no separation between system and userspac

[vidnet]

Maybe you want to be able to control whatever is running in the VM. How do you propose to do that [...]?

The deployment system should be responsible for the configuration. The hypervisor should be responsible for starting and stopping VMs when the monitoring system determines that they're misbehaving.

SSHing in and changing config files, killing process and deleting unused logfiles or whatever is not a scalable solution.

If you're just going to spawn a new VM for every single program you might as well just run all those programs on the physical machine.

"The" physical machine? You mean the ten thousand machines across half a dozen data centers where jobs from a thousand different entities are constantly being spun up and shut down in response to load and hardware changes?

Yes, you could do that. This is just an easier way of doing it quickly, transparently and securely.

Re:Running jails/containers/zones

[stox]

"What other OS quickly installs to an integrated shared filesystem, does cluster-wide isolation/sharing/balancing of most major system resources, and can move running applications from one node to another in a cluster with almost no impact?"

Sounds like you are describing VMS. VMware moves operating system instances, not applications.

Re:So... no separation between system and userspac

[js_sebastian]

How the hell are you running a remotely exploitable email server? Since this OS is designed to only run one program there is nothing else to exploit.

Hmm email server has to handle... emails, duh! Emails are untrusted data coming from untrusted sources, and your mail server is doing complex processing of those emails. So, yes, it is potentially remotely exploitable.

Re:Running jails/containers/zones

[gunzy83]

When I read this I instantly thought of Docker. Wonder what the advantages of this are over Docker...

Re:Running jails/containers/zones

The JVM is the OS which sites on top of a hardware HyperVisor. Very low overhead. Context switching between user mode apps does not actually require a context switch.

Re:So... no separation between system and userspac

[cheater512]

I can hack your server just by sending a email? Cool!

Seriously though, please find a single case of that occurring with any major mail program.

OSes are dying

[CyberSnyder]

This or something like this will be huge. I remember arguing against linux. Why would anyone want to install that? It's crap written by some college kid. I was extremely wrong, but I learned quickly after Solaris kept getting crappier and crappier.

Re:So... no separation between system and userspac

[Imagix]

Those who forget history are doomed to repeat it. See: the Morris Worm. Spread through sendmail (and other vectors).

Re:So... no separation between system and userspac

[PlusFiveTroll]

http://www.cvedetails.com/vulnerability-list/vendor_id-802/product_id-2219/Argosoft-Argosoft-Mail-Server.html

http://www.cvedetails.com/vulnerability-list/vendor_id-31/Sendmail.html

http://www.cvedetails.com/vulnerability-list/vendor_id-86/product_id-143/Dan-Bernstein-Qmail.html

http://www.cvedetails.com/vulnerability-list/vendor_id-1565/Mailenable.html

That's not including the anti-virus that commonly scans the email transversing the system.

VMs or BS

[Ice+Station+Zebra]

What we need is better application isolation on bare metal and not emulation layers.

Re:So... no separation between system and userspac

[znark]

It was also single-user, was it not?

That is correct. Single-user designs were the norm with personal computers of the era. There are some ways around this (, for example) but they're sort of limited.

The lack of memory protection is due to the first models being designed around the plain Motorola 68000 CPU, which lacks a memory-management unit (MMU). Later models were available with beefier and more feature-rich processors from the 680x0 series, some of the including an MMU. You could also buy add-on “turbo cards” (processor cards taking over the functions of the main CPU, effectively replacing it with a faster one.) But by then it was too late. The OS relies heavily on shared libraries and message passing in flat, shared, unprotected memory space.

Otherwise, the Amiga hardware platform and AmigaOS – the first model/version having been released in 1985 – included concepts such as preemptive multitasking, windowed GUI toolkit in the system ROM (no “text mode” at all), overlapping “screens” in different resolutions and bit depths, hardware blitter and DMA-based I/O (including multichannel sampled stereo sound), drivers for devices and filesystems, the “AutoConfig” system for add-on devices (fulfilling the same role as PnP did later in the Wintel world), 8-bit ISO Latin-1 character encoding as standard, windowed command-line shells, shell scripting, inter-process scripting (ARexx), an OS-provided framework of multimedia “datatypes” (handlers/decoders/players for common file types), scalable fonts, clipboard, speech synthesizer as a standard OS feature, etc.

Ignoring Linux and OS/2 for a moment, in some ways it felt the Wintel camp only caught up ten years later when Windows 95 was released to the masses, and at that point, both the OS and the “IBM-compatible” PC hardware platform were still missing some key features and novel ideas that made the AmigaOS so great and elegant in its day.

Re:So... no separation between system and userspac

[msobkow]

One "app" is rarely "one program."

Take web services, for example. The web server ends up launching PHP or Java interpreters, which in turn launch shell commands and access databases. Or do you think you're going to get good performance firing IP messages all over the place to access your databases instead of staying within a single VM instance?

While the concept of this OS fits for something like timed, it falls down badly on the security front for real workloads.

but...

does it run Linux?

Re:So... no separation between system and userspac

[Jherek+Carnelian]

it falls down badly on the security front for real workloads.

One "app" is rarely "one program."

Take web services, for example.

Not seeing how security is an issue in your example. Presumably they all run as the same userid anyway.

Re:So... no separation between system and userspac

[bws111]

Why would you have to 'fire IP messages all over the place'? Any hypervisor worth a damn is going to have a high-performance method of passing messages between VMs without using IP or some such nonsense. There is no reason why a web server VM sending a message to a database VM is going to have any worse performance than a web server process sending a message to a database server process.

Breaks down on the security front? How so, exactly? Every message passed between VMs would have the ID of the originator added to the message somewhere, and that ID would be provided by the hypervisor, not the application. Additionally, security is improved because EVERYTHING runs in user space, and nothing runs as 'root'. You want a network connection? You have a network VM, which does nothing but process TCP/IP packets. Even if there is a flaw in the TCP/IP stack you can't do a privilege escalation because the network VM has no special privileges.

Fails for real workloads? Not really, it's been in use on 'real workloads' for more than 40 years on mainframes.

Re:So... no separation between system and userspac

[msobkow]

Because there is no userland, all the applications are running with kernel priveleges. That means a flaw in any of those programs can interfere with the whole software stack, whereas with userland protection the individual processes are isolated from each other by the OS.

Perhaps I'm misunderstanding, but it sounds to me much like AmigaDOS was -- there were hooks for security enforcement calls, but none of them were implemented so any program could stomp on any other program. Sure it was fast, but it sure wasn't secure.

Re:So... no separation between system and userspac

[bws111]

You have it backwards. There is no kernel (other than the hypervisor), everything is in userland. Each element of the software stack (network, web server, database, whatever) is a separate VM, completely isolated from the other services. A flaw in any service, no matter what 'privilege level' that service is running at, can not spread past what that service can do. Even if the services are running as 'root' they don't have access to any other service's data or whatever because they are in different VMs.

Re:So... no separation between system and userspac

[drkstr1]

You get access to the configuration which can then relay any incoming data to some outside target.

IANASA (systems administrator)... but why would this matter? Presumably the host OS would restrict the ports this thing can use. A compromised app on Linux with access to the world on some port could relay any incoming data to an outside target as well... right?

True, but it seems like Linux would have a better separation between the running process and a usable system environment, making that kind of attack more difficult. I'm sure these guys would have thought of that though. It really all just depends what is accessible from the root process. Sounds like fun.

Re:So... no separation between system and userspac

[msobkow]

I can't see that being feasible. That would mean launching each process as a new VM. The overhead would be insane.

Re:So... no separation between system and userspac

[Jherek+Carnelian]

Because there is no userland, all the applications are running with kernel priveleges. That means a flaw in any of those programs can interfere with the whole software stack, whereas with userland protection the individual processes are isolated from each other by the OS.

You are not talking about security, you are talking about memory protection. The thing is - a process that stomps on another processes memory in this model would get a memory fault and die under the normal model. The end result is the same either way.

Re:So... no separation between system and userspac

[bws111]

As has been pointed out elsewhere, this is what IBM's VM/CMS system has been doing for more than 40 years. You certainly don't launch a new VM every time you would create a process. You create a VM for, for instance, managing a database. That VM uses what amounts to a high-performance socket interface to listen for work requests from other VMs. The database VM is started when the hypervisor is started, and continues running until it dies or is shut down. If it dies, it can't take anything else with it because it is it's own VM. It can't have any IPC resources tied up, etc, because there aren't any. The only thing that would happen is any other VM with an active connection to the database VM would be notified that the connection terminated.

Internal to each VM the application can do whatever it wants. If it wants to have some sort of process control it can do that, as it is a virtual machine and can run anything it wants.

NSA access all-ready built in?

[MonsterMasher]

NSA access all-ready built in?

What a f-ing mess we (USA) always manage to do.

Re:So... no separation between system and userspac

[mendax]

It's the same thing for the most part. The big difference though is that it doesn't require an IBM z-series mainframe to run. I'm not bad-mouthing IBM mainframes. The beasts IBM sells today are rather small, very fast, very flexible, and rock solid reliable. But they use an instruction set that is backwards compatible with that of the IBM 360 series mainframes of the 1960's and their successors, not the x86 instruction set that the rest of the world is using for servers. IBM's VM/CMS has been around for decades and is proven. This new OS has yet to prove itself.

Re:So... no separation between system and userspac

[msobkow]

Sure, if you're going to architect your code that way. But the benefit of "running Linux applications" would be to use existing application code under this OS. And as I mentioned, a lot of such application code spins processes like a fiend.

Now mind you, one could (at least theoretically) use this OS for the server processes like databases, and a "normal" Linux process for the web server. But then you get into the issue of having to maintain a variety of VM definitions within one cluster, which kind of negates the point of having standard images that are used by multiple customers. It also means that customers are expected to run multiple VMs by default.

I could see providers that charge by the VM rather liking that, though. Soak that there customer. Open your wallet wide. :P

Re:So... no separation between system and userspac

[msobkow]

Process isolation is one part of security.

Thank god!

[formfeed]

For a moment I thought they were to replace "Linus in the cloud"

Linus in the sky with diamonds has always been my favo(u)rite.

Re:Running jails/containers/zones

[gmuslera]

Probably a lot of the ones that know about Docker asked themselves the same. I can install a JVM in a Docker container, install even the java app on it, and run it directly, no extra overhead, no messing with a shared filesystem with other apps. Is not that in practice what they are proposing to do? If you want a barebones Linux to run all of this, you can use CoreOS as a minimal Linux system to run docker containers.

And over that, you can in that way more things than just run java apps.

Re:Running jails/containers/zones

[gmuslera]

If its only needed to run JVM, then no matter what OS runs it, it could be the same version of Linux. The main thing that you don't have (yet) with Docker regarding this is live migration of running containers between servers, as you have with VMWare/KVM/Xen VMs or (not so lightweight) OpenVZ containers.

Re:So... no separation between system and userspac

[l3v1]

"I can hack your server just by sending a email? Cool!
Seriously though, please find a single case of that occurring with any major mail program."

People, wake up, this is not some "cloud utopia". If it runs an email server, it can be hacked, it made lots of us learn our sh*t the hard way. And even it is the only thing running in the VM, it can still give someone usable data.

The only thing this whole shebang is good for is that it makes it virtually - hehh - impossible to get to one service by exploiting the weaknesses of another one running on the same server (which in this case shouldn't happen). That's it, nothing more. No silver bullet, just a different way of trying to solve the issue.

Its Turtles All The Way Down!

Hypervisor is the OS, OS is an application wrapper.

What have we gained, now?

Re:So... no separation between system and userspac

[nukem996]

If you read through the slides the core OS is only capable of running a single thread. What this looks like to me is a highly specialized OS that relies entirely on the hypervisor to do everything for it. Its basically a specialized version of Java with enough glue and support to run on a bare hypervisor. They started with Java and just implemented everything it needs to run on a hypervisor. Assuming the JVM is fully implemented it should greatly increase a Java apps performance because its gotten rid of all the extra OS overhead. Because of that you would have to exploit the JVM and be limited to what you can do in Java. At that point you could fully read the file system but on this system the only files on this system would be for that one application. The only password file on the system would be the one for this application which if exploited on a normal system would be all the attacker would have access too.

Re:So... no separation between system and userspac

The 68000 has a pin FC2 that signals if the current memory cycle is priviliged. An external MPU can use this to deny access by pulling /BERR low.

Re:So... no separation between system and userspac

[Alioth]

The very first piece of internet malware was a worm that exploited sendmail on several operating systems, way back in the late 1980s and spread without user interaction (it wasn't an MUA worm like pretty much all of the email worms since, but a worm that really did exploit bugs in the MTA).

See: http://en.wikipedia.org/wiki/Morris_worm

Unvirtualization

[Ivan+Stepaniuk]

If you don't need a n extra full fledged OS to run your JVM, maybe you shouldn't have virtualized it in the first place.

Wouldn't make sense to have a tool to manage and deploy self-contained packages that can run the JVM (or whatever) in an isolated way, with the Linux kernel alone?

Vagrant

Where's the vagrant file?

Advocating getting rid of VMs

[dutchwhizzman]

The exact same arguments you are giving can also be used to advocate getting rid of VMs. Why construct an entire VM if you're only going to run one application on it? You can just as easily run it on the bare metal and put the redundancy and failover and all that on the application layer. You don't need an entire virtual machine to just run one application in a single security context. VMs are useful because they allow you to be flexible in where and how you run your applications and operating systems. If you get rigid and only allow a single security context to exist on a VM, you are taking away the flexibility and therefore it's usefulness. People want the extra clutter, since it's easier and thus cheaper to use it this way.

Re:So... no separation between system and userspac

[smash]

Sure. But the original amiga hardware as a 68000 with no MMU.

Re:So... no separation between system and userspac

[TheRaven64]

That's well and good, until you realize that a typical email server usually has an MTA (postfix, courier, sendmail, whatever), some sort of spam trap/filter (in addition to external ones), maybe a means to more efficiently handle distie lists, SASL auth (postfix typically handles that nowadays, but...), and probably some sort of webmail thingy. That's way more than "one app".

And in the deployment scenarios that this is intended for, each one of those would be running in a separate VM. If you have lots more incoming mail, you might spin up more spam filter instances dynamically. You'd probably only have a single persistent VM for the storage, but everything else would be scaled dynamically.

Re:So... no separation between system and userspac

[TheRaven64]

You don't have 12 VMs. You have 12 kinds of VM. You have tens to thousands of instances of those VMs, depending on your load.

Makes sense

One of the premises of multi-user Operating Systems was the ability to run applications from multiple users on a single system, shielding them from each other. If that had really worked, virtualization wouldn't have been such a big thing right now. But it is, so clearly the multi-user capabilities at OS level are not at the right level. And when we move that to a separate hypervisor layer, it makes sense to remove it from the OS layer. That's just the UNIX philosophy extended: each component should do one thing, and do it well.

Re:So... no separation between system and userspac

That is exactly the point. The problem they are solving is that all current OS's have abysmal isolation between the different programs in userspace so people end up putting different services in different virtual machines anyway. The problem is that you still get the entire ecosystem for a full user OS for every service.

What people are doing to solve the horrible isolation problem that pretty much every OS have is to place a virtual machine (There are other benefits to.) between the OS and the service. The VM essentially works as a firewall between the service and the OS.
The problem with that is that you run yet another OS in every VM and this adds some overhead. (A modern VM by itself adds almost no overhead.)
This operating system adds a solution to that problem by providing a slimmed down OS for that middle layer.

Re:So... no separation between system and userspac

[icebraining]

Hum, in most large deployments, the databases are not even in the same machine, let alone VM, as the web server. This is the only way to ensure you can scale (adding more web servers dynamically) and optimize the systems for their workloads.

For example, see the Stack Overflow architecture: http://blog.serverfault.com/2011/09/

Frankly, if you're running the RDBMS on the same server as the web service, you're - like me - running a toy database.

Single process?

[Raedwald]

it offers features (such as multi-user and multi-process) which are today made redundant by the hypervisor

I can't see that working well, unless they mean no heavy-weight processes, which have their own address space.

Nice rant, pity about the evidence

[SmallFurryCreature]

You rant a nice rant but which license is the most widely adopted and whose code is the mode widely used again?

It ain't BSD powering Android.

The BSD advocates are all "Our license encourages sharing, ignore the fact nobody uses it and nobody shares it, waah why is Linux so much more popular!". BSD is a good license for example and throwaway code but for code you value and for which you want people to continute back their chances, for a community effort, the GPL is the license to choose.

And so far, historic evidence, the examples of who likes BSD (MS and Apple) and who like GPL (everyone else) shows me exactly what each license achieves in the real world.

Application virtualization

Since this is basically talking about running one app per vm, why wouldn't you use/improve one of the many *application* virtualization products out there? There would be less overhead, you would get the base operating system's user separations, and you would get the enhanced virtualization separations.

Re:So... no separation between system and userspac

Funny. Apple only caught up in 2001.

Re:So... no separation between system and userspac

[rjstanford]

Take web services, for example. The web server ends up launching PHP or Java interpreters, which in turn launch shell commands and access databases.

Wow... really? I supposed that's one way of doing it. Most Java webservice providers just listen for network connections and do everything themselves rather than spawning new executables, but if you're truly nostalgic for old-school CGI I guess you could spin everything up and down all the time.

Re:So... no separation between system and userspac

[Ash-Fox]

Note: I am not the original poster.

Using some mail servers I setup as an example, it is built up of numerous separate programs and offers access through a lot of different protocols.

Only service that is separate from the servers is LDAP authentication, but there is also numerous on-system intrusion detection services (as well as external) which wouldn't work without being on the same server.

Do you run each application with it's own UID?

Yes.

How do you keep one from hogging all the memory?

/etc/security/limits.conf

Network IO?

iptables with QoS

Disk IO?

/etc/security/limits.conf

Is each running on its own disk partition?

No, because they all share data between each other.

Do you configure disk quotas for your apps?

No, just users for their e-mail quotas.

Do you allocate a unique service IP to each app?

No, because IPs are expensive and some places won't even allocate you more external ones anymore. Nor is it necessary.

How do you manage a cluster of such multipurpose systems?

The command line (monitoring is separate issue all together).

Can you move an application from one node to another easily?

No, but I can create a new server instance and have it begin clustering within a few minutes (most of that time is spent waiting on the VPS provider).

I won't even ask if you can do that without interruption...

I could do that without interruption because of fail over.

Running 12 unrelated apps on one system is almost pointless these days, because server operating systems have stagnated to a point where it's best to just ignore them, popping them out of cookie cutter build servers - one per app, and let the VM software handle isolation and resource sharing.

In theory, almost every single process could run on their own VM, but I get the impression it wouldn't be cost effective and I am not convinced VM software can do resource sharing more gracefully?

As an example of resource sharing, Storage Area Networks as a prime example become more of a headache (they slow down and become more of a performance bottleneck) when they require atomic synching of events (which is a good thing for most application uses), which is less of an issue when there are fewer virtual servers accessing the SAN filesystem as a whole.

The only thing I can think of that would meet this criteria of usefulness is a TeamSpeak server I am running on a crash report processing server. The crash report processing system has several different applications for processing reports, while TeamSpeak is just there because buying another VM is pointlessly costly for the purpose of just TeamSpeak.

Re:So... no separation between system and userspac

I can hack your server just by sending a email? Cool!

Seriously though, please find a single case of that occurring with any major mail program.

Uh, dude if apps were always secure then you wouldn't need to worry about OS security to start with.

bootable applications ?

Light weight, integrated with the app in the form of a VM... who needs a big OS just to install the app? The app is the OS and only needs to deploy when needed... I run multiple linux VM's on Citrix xenserver as game, file storage, and application servers... where the underlying OS runs 100% of the time. Bring on this new OS... This play baby wants to experiment!

Re:So... no separation between system and userspac

It sounds like running your 2013 server apps on an OS from 1985 but "in my butt".

I don't get why we need OSv...

[apexwm]

We don't need to reinvent the wheel here. I don't see why there are claims that Linux can't be scaled, because it CAN. Recompile the kernel to suit your needs. If it's for virtualisation, then do so.

Re:I don't get why we need OSv...

[unixisc]

Essentially, what would be adequate would be a single tasking or a co-operatively multitasking environment, thereby eliminating the need for things like schedulers, protected memory and the like from the VM: while the original OS may have it, it is redundant for a VM, since the hypervisor simply hosts multiple VMs for each use. In other words, what's needed of an OS is just the userspace - no system space is needed, just an allocation of virtual system resources from the hypervisor. So from GNU/Linux, the Linux wouldn't be needed - just the GNU would be. The hypervisor would provide it with whatever services it needs to run.

In this case, the hypervisor itself is a FreeBSD hypervisor. Although I wonder how a microkernel based hypervisor, such as Minix, would have fared.

Re:So... no separation between system and userspac

[unixisc]

well only that app's should be accessible from outside.. if you're worried about breaking out from that app, what are you going to get into that you wouldn't get into in linux? unlimited access to /dev/? who cares when it's sandboxed? I mean, I don't see any need to run anything else on it - it could _really_ be running just one app, if you had your email inbox in there you would be doing it wrong. to get something you wouldn't get on a normal linux box you would need to break out of the vm, no? and that sounds like a bigger barrier than elevating your user on a normal linux installation..

Not only that, at a very basic level, you already have a kernel - the hypervisor - acting as a kernel. So on top of that kernel, you have another kernel running, and on top of that user space, it doesn't seem to make much sense. Rather, running a barebones monolithic OS, w/ the hypervisor providing all its services, sounds like a good way to go on the cloud.

Of course, one could then say that running Windows 3.11 would then be fine, and depending on the application, it might. Actually, if someone wrote a 32-bit version of Windows 3.11 - something that could run all win32 apps - and then released it, it would be ideal to run on VMware, VirtualPC, HyperV and so on. No need of multitasking - just run one app in every VM that is created, and you'll get good isolation. Such an app would just run on a single core all the time, leaving other cores available for other sessions

Re:So... no separation between system and userspac

[unixisc]

Okay, how does this work with, say, a program like Firefox that has mutiple tabs? Since each tab is treated as a separate process, as opposed to a thread, would a misbehaving tab then bring down the entire VM?

Much of the security comments are off target

You run only one application on the box, so you don't need security. If the application you chose to run on the box does bad things then it isn't appropriate for this kind of operating system. How is this hard to understand. This is made to run big GPL'ed tools like Hadoop, MongoDB, tomcat, VMWare or etc. So your single purpose machine doesn't have to share resources with anything else on the box, because you only want your box running this one piece of software. This is a great thing.

If you have a data center running 100's of Linux boxes which run only part of a Hadoop cluster, then this operating system is for you. Your Hadoop cluster will be faster and easier to maintain.

Re:So... no separation between system and userspac

[Jherek+Carnelian]

Only in a system with different users.

Tried and tested

Hitler was also tried and tested

Again and Again and Agaiin....

An *other* unix baed OS. .....ho hum.. Those who can't read are doomed to repeat history

Re:So... no separation between system and userspac

[mkilpatric]

If you recall, that was the model that VMware originally used as well (the VM/CMS model). But, essentially, yes, you are right. I'm wondering why they went with the single threaded process, and would like more information from them outside what is in the slide deck..

The Lament of Smaller and Simpler Systems

[tjstork]

The thing is, this new operating system will evolve like just about every other "we'll make it smaller and simpler" systems. If they are the next big thing, then sooner or later they'll go down the path of adding everything into their system that they ripped the other guys for having, then act like they invented it.

Re:So... no separation between system and userspac

[AJodock]

Many VMs run one application, but they typically run many processes. For instance OpenSSH. Say a hacker breaks into your application and has some abilities in the userspace. Now with your reduced separation between the kernelspace and userspace it is presumably easier to exploit the kernel. Once you have your way into the kernel you have the run of the place so you have root access to modify all of the other processes running on the machine.

If you are using a password to login to your system the attacker can get into the OpenSSH service and wait for you to login (giving them your cleartext password). OpenSSH uses a tunnel to encrypt your password from the outside world but it is a tunneled clear text password so once the service itself is exploited you end up just handing it to the hackers. Or on second thought just break your way into PAM and then all applications on the machine start feeding the hacker passwords. Once they have your password they can start to use it elsewhere on your network to see what else they can get into.

External facing machines are often just the start of a hackers goals, and making those external facing machines any easier to compromise for the sake of efficiency is a bad idea.