Announcement

Collapse
No announcement yet.

Genode OS 20.08 Has Chromium Web Engine Running, Low-Level GUI Work

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by kravemir View Post
    Fair enough. From perspective of multi-user security Linux kernel lags a lot. The bigger threat are closed-source applications (well, businesses want them),
    not really, and what you quoted has nothing to do with what you are saying.
    Linux is perfectly capable of sandboxing applications with cgroups and SELinux and AppArmor frameworks. Look up FireJail for that, and KDE/GNOME are slowly adding functionality to themselves to be able to do this. Also Flatpak uses these limits for its own sandboxing.


    What you quoted is saying that there is so much stuff in Linux kernel that it can't be validated formally, and formal validation is crucial to ensure bugs are kept at a minimum. Sandboxing features mean nothing if the system is buggy and you can bypass the sandbox (especially a problem for Android, since forever) Yes they employ automated testing and a whole lot of stuff, but it's an "after-the-fact" thing, the kernel wasn't designed around this concept.

    It is also saying that there is A LOT of stuff that is running at kernel privilege and you don't want that for a secure system, with a decent microkernel you can even have binary drivers and it's still all perfectly secure and fine because the driver is running in userspace so it is still sandboxed and can't do anything the kernel does not allow. A Linux kernel driver can do whatever it wants because it's running with kernel privilege.
    Last edited by starshipeleven; 09-04-2020, 04:48 PM.

    Comment


    • #12
      Originally posted by starshipeleven View Post
      not really, and what you quoted has nothing to do with what you are saying.
      Linux is perfectly capable of sandboxing applications with cgroups and SELinux and AppArmor frameworks. Look up FireJail for that, and KDE/GNOME are slowly adding functionality to themselves to be able to do this. Also Flatpak uses these limits for its own sandboxing.
      What you quoted is saying that there is so much stuff in Linux kernel that it can't be validated formally, and formal validation is crucial to ensure bugs are kept at a minimum. Sandboxing features mean nothing if the system is buggy and you can bypass the sandbox (especially a problem for Android, since forever) Yes they employ automated testing and a whole lot of stuff, but it's an "after-the-fact" thing, the kernel wasn't designed around this concept.
      It is also saying that there is A LOT of stuff that is running at kernel privilege and you don't want that for a secure system, with a decent microkernel you can even have binary drivers and it's still all perfectly secure and fine because the driver is running in user space so it is still sandboxed and can't do anything the kernel does not allow. A Linux kernel driver can do whatever it wants because it's running with kernel privilege.
      Trying to understand this comment. Are you saying that the products of "The Linux Foundation" are ok? No need for BSD or other types of Unix derivatives?
      So many other Unix derivatives justify their existence, because Linux is so bad, in their opinion. The rest of us know how much time, money, resources & corporate support are behind Linux. If that was moved to Apple, BSD, Sony, Genode, etc ... could these also one day be better than Linux?
      At the moment Linux on the desktop & handheld is very far behind Microsoft, Apple & Android. Technically Linux seems ok. Applications for Linux are scarce, compared to the three other operating systems. Many people like myself are waiting for the time that we can stop using the Big 3 operating systems. In the meantime, Linux seems to be a loser.

      There is a recent video demo of this system.
      > "Genode on i.MX8", Sep 18, 2020, published by "genodedeveloper",
      > "The video shows several tech demos of Genode running on NXP i.MX 8MQuad Evaluation Kit (EVK).
      > "The demos comprise passthrough Android on Genode/hw hypervisor, full HD touch screen support, native Chromium-based Webbrowsing and Streaming Android to Genode.
      Last edited by gregzeng; 09-20-2020, 02:19 AM. Reason: Added further research.

      Comment


      • #13
        Originally posted by gregzeng View Post
        Trying to understand this comment. Are you saying that the products of "The Linux Foundation" are ok? No need for BSD or other types of Unix derivatives?
        BSD or other OSes of similar age are at best side grades (i.e. something is better, something is worse, they are not "just better"), and share many of the limitations or pitfalls also Linux has, plus the fact that they have much less development and corporate money behind them. For example, one of the most important features for Unix systems has been ZFS filesystem support, but over the span of less than a decade, the official ZFS upstream codebase was moved from Illumos (Unix) to ZoL (ZFS on Linux), because that's where most of the development happened. Now Unix systems will be taking their ZFS driver code from there.

        As I said, Linux (the kernel) supports the features you mention, and did it for a long while. They have not been used a lot in Linux Desktop OSes, but they are used in Linux Server OSes with containers like LXC and Docker.

        What Linux or BSD or other Unix-style OSes can't offer is a verifiable and certifiable kernel for safety-critical systems, and also are quite big and complex, therefore require constant updates to patch this or that vulnerability all the time.

        The rest of us know how much time, money, resources & corporate support are behind Linux. If that was moved to Apple, BSD, Sony, Genode, etc ... could these also one day be better than Linux?
        Yes and no. You can sure improve it an make it "better", but you cannot change fundamental design choices of the kernel.
        For example you won't solve the need to update the kernel relatively often to patch this or that vulnerability, because it is a monolithic kernel, so all drivers and support infrastructure is running together with kernel at the same privilege level, and that is a lot of code to check and validate.

        At the moment Linux on the desktop & handheld is very far behind Microsoft, Apple & Android.
        Android is using a Linux kernel, and all sandboxing offered by Android is in fact Linux's SELinux feature. So it's not "linux desktop" but that's still a Linux system.

        Applications for Linux are scarce, compared to the three other operating systems. Many people like myself are waiting for the time that we can stop using the Big 3 operating systems. In the meantime, Linux seems to be a loser.
        The only reason it is a loser is that there is no profit in making a Linux desktop OS and trying to compete with near-monopoly Windows. Canonical tried for more than 10 years with their Ubuntu and failed, then decided to focus more on server OS features because that's where they are actually getting most money from.
        Linux on servers is very common, even Microsoft support Linux servers in their Azure cloud service, and most consumer embedded devices (modems, routers, wifi access points, NAS, media centers) use it too, although it's not a Linux Desktop OS because of space limitations.

        There is a recent video demo of this system.
        > "Genode on i.MX8", Sep 18, 2020, published by "genodedeveloper",
        > "The video shows several tech demos of Genode running on NXP i.MX 8MQuad Evaluation Kit (EVK).
        > "The demos comprise passthrough Android on Genode/hw hypervisor, full HD touch screen support, native Chromium-based Webbrowsing and Streaming Android to Genode.
        "passthrough Android on Genode/hw hypervisor" means they are running Android as a virtual machine over a GenodeOS host, so that's still Android/Linux that does most of the work.
        " full HD touch screen support" as you see in the video that's the screen showing a rotating 3D shape, yes it means Genode can use a FullHD screen and register touch events on its own, but that's not much more than that.
        "native Chromium-based Webbrowsing" they are running Chromium inside Genode OS as a normal application. Genode wants to support normal applications, because that's what a normal OS does.
        "streaming Android to Genode." this is remote-desktop functionality, where you are streaming the screen of an Android device to a system running GenodeOS and sending back commands from the GenodeOS device to the Android device. This is similar to what Teamviewer or AnyDesk applications do.

        Also, assuming you are the same person that also commented in that video as you have the same name: The electronic board they used is a Development Kit or Evaluation Kit.
        It is built by the company that manufactures the CPUs to allow developers to experiment and test if their software can work correctly with the hardware. It is a device that exposes all ports and interfaces the CPU can have, and is usually much more expensive than a consumer product.
        This is the link to the manufacturer's page of the device they used https://www.nxp.com/design/developme...or:MCIMX8M-EVK

        The Development/Evaluation Kit devices are usually bought by a company that wants to make a new consumer device. Like a tablet, or a TV, or a NAS. The developers in that company will work and make sure their OS and software works correctly with this testing device, and if all is good, the company proceeds with a bulk order of many thousands of CPUs to solder on the consumer device they will manufacture.

        In the case of GenodeOS developers, they are just showing how their OS works well on this new open-source-friendly hardware, NXP provides a lot of documentation and supports their products with opensource drivers in Linux, so adding support for this in GenodeOS was possible.

        Comment

        Working...
        X