New Operating System Seeks To Replace Linux In the Cloud 335
New submitter urdak writes "At CloudOpen in New Orleans, KVM veterans Avi Kivity and Dor Laor revealed their latest venture, a new open-source (BSD license) operating system named OSv. OSv can run existing Linux programs and runtime environments such as a JVM, but unlike Linux, OSv was designed from the ground up to run efficiently on virtual machines. For example, OSv avoids the traditional (but slow) userspace-kernel isolation, as on the cloud VMs normally run a single application. OSv is also much smaller than Linux, and breaks away from tradition by being written in C++11 (the language choice is explained in in this post)."
So... no separation between system and userspace.. (Score:4, Insightful)
No security either.
Re:So... no separation between system and userspac (Score:5, Interesting)
It boggles the mind that anyone would suggest something like this and then use the excuse of "well we only run on app on a box". That's such amateur hour nonsense. It's like running your cloud apps on classic MacOS or an Amiga.
Just because you've only got "one app", it doesn't mean that you've only got one process.
It sounds like running your 2013 server apps on an OS from 1985 but "in the cloud".
[shake head]
Re: (Score:2)
well only that app's should be accessible from outside.. if you're worried about breaking out from that app, what are you going to get into that you wouldn't get into in linux? unlimited access to /dev/? who cares when it's sandboxed? I mean, I don't see any need to run anything else on it - it could _really_ be running just one app, if you had your email inbox in there you would be doing it wrong. to get something you wouldn't get on a normal linux box you would need to break out of the vm, no? and that so
Re: (Score:3)
That's well and good, until you realize that a typical email server usually has an MTA (postfix, courier, sendmail, whatever), some sort of spam trap/filter (in addition to external ones), maybe a means to more efficiently handle distie lists, SASL auth (postfix typically handles that nowadays, but...), and probably some sort of webmail thingy. That's way more than "one app".
Same with Apache/Tomcat/Whatever - you've got the web engine underneath, the Perl/PHP/Ruby/Python/Java/JavaScript based "app" (or, mul
Re: (Score:2)
How the hell are you running a remotely exploitable email server?
Since this OS is designed to only run one program there is nothing else to exploit.
Re: (Score:2)
How the hell are you running a remotely exploitable email server? Since this OS is designed to only run one program there is nothing else to exploit.
Hmm email server has to handle... emails, duh! Emails are untrusted data coming from untrusted sources, and your mail server is doing complex processing of those emails. So, yes, it is potentially remotely exploitable.
Re: (Score:3)
I can hack your server just by sending a email? Cool!
Seriously though, please find a single case of that occurring with any major mail program.
Re: (Score:2)
Re:So... no separation between system and userspac (Score:5, Informative)
http://www.cvedetails.com/vulnerability-list/vendor_id-802/product_id-2219/Argosoft-Argosoft-Mail-Server.html [cvedetails.com]
http://www.cvedetails.com/vulnerability-list/vendor_id-31/Sendmail.html [cvedetails.com]
http://www.cvedetails.com/vulnerability-list/vendor_id-86/product_id-143/Dan-Bernstein-Qmail.html [cvedetails.com]
http://www.cvedetails.com/vulnerability-list/vendor_id-1565/Mailenable.html [cvedetails.com]
That's not including the anti-virus that commonly scans the email transversing the system.
Re: (Score:2)
You get access to the configuration which can then relay any incoming data to some outside target.
IANASA (systems administrator)... but why would this matter? Presumably the host OS would restrict the ports this thing can use. A compromised app on Linux with access to the world on some port could relay any incoming data to an outside target as well... right?
Re: (Score:2)
If you have multiple, semi-related tools, you currently wouldn't run them as different threads in the same process. Why put all your eggs in one basket, having to restart them all at once, letting one rewrite the memory of another, when starting a new process is so cheap?
Now, if you have multiple, semi-related tools, you wouldn't run them as different processes in the same VM. Why put all your eggs in one basket, having
Re: (Score:3)
The deployment system should be responsible for the configuration. The hypervisor should be responsible for starting and stopping VMs when the monitoring system determines that they're misbehaving.
SSHing in and changing config files, killing process and deleting unused logfiles or whatever is not a scalable solution.
Re: (Score:2, Informative)
John C. Dvorak stated in 1996: "The AmigaOS remains one of the great operating systems of the past 20 years, incorporating a small kernel and tremendous multitasking capabilities the likes of which have only recently been developed in OS/2 and Windows NT."
So be careful when linking Amiga with classic Mac...
Re: (Score:3)
The important thing that the Amiga OS lacked, when compared to a more "modern" operating system was memory protection. Simply because it lacked the necessary hardware to enforce it.
Sadly, there was no provision for implementing any separation even when the necessary hardware was available, which it was on some of the later/high-end models.
Re: (Score:2)
It was also single-user, was it not?
Re:So... no separation between system and userspac (Score:5, Informative)
It was also single-user, was it not?
That is correct. Single-user designs were the norm with personal computers of the era. There are some ways around this (, for example) but they're sort of limited. [cs.tut.fi]
The lack of memory protection is due to the first models being designed around the plain Motorola 68000 CPU, which lacks a memory-management unit (MMU). Later models were available with beefier and more feature-rich processors from the 680x0 series, some of the including an MMU. You could also buy add-on “turbo cards” (processor cards taking over the functions of the main CPU, effectively replacing it with a faster one.) But by then it was too late. The OS relies heavily on shared libraries and message passing in flat, shared, unprotected memory space.
Otherwise, the Amiga hardware platform and AmigaOS – the first model/version having been released in 1985 – included concepts such as preemptive multitasking, windowed GUI toolkit in the system ROM (no “text mode” at all), overlapping “screens” in different resolutions and bit depths, hardware blitter and DMA-based I/O (including multichannel sampled stereo sound), drivers for devices and filesystems, the “AutoConfig” system for add-on devices (fulfilling the same role as PnP did later in the Wintel world), 8-bit ISO Latin-1 character encoding as standard, windowed command-line shells, shell scripting, inter-process scripting (ARexx), an OS-provided framework of multimedia “datatypes” (handlers/decoders/players for common file types), scalable fonts, clipboard, speech synthesizer as a standard OS feature, etc.
Ignoring Linux and OS/2 for a moment, in some ways it felt the Wintel camp only caught up ten years later when Windows 95 was released to the masses, and at that point, both the OS and the “IBM-compatible” PC hardware platform were still missing some key features and novel ideas that made the AmigaOS so great and elegant in its day.
Re: (Score:3)
It boggles the mind that anyone would suggest something like this and then use the excuse of "well we only run on app on a box". That's such amateur hour nonsense. It's like running your cloud apps on classic MacOS or an Amiga.
Their premise is that you'll write your app as a series of separate servers. Then you'll deal with inter-server security instead of inter-process security. If two processes are basically parts of the same program anyway, you can run them on the same server so they can share memory.
I think it's a silly idea, but it's not an inherently bad one. It might well make sense for some kinds of workloads. Until we get back single system image clustering on Linux (there was OpenMOSIX) this might help some people.
Re: (Score:2)
It boggles the mind that anyone would suggest something like this and then use the excuse of "well we only run on app on a box". That's such amateur hour nonsense. It's like running your cloud apps on classic MacOS or an Amiga.
Just because you've only got "one app", it doesn't mean that you've only got one process.
It sounds like running your 2013 server apps on an OS from 1985 but "in the cloud".
[shake head]
http://jsmess.textfiles.com/ [textfiles.com]
That emulates a bunch of old computers, even 1985 ones. Runs on the cloud. Just need some server apps for any of them now...
Re: (Score:3)
Re: (Score:3)
Re:So... no separation between system and userspac (Score:5, Informative)
Given that this is a special-purpose OS, intended for one-app per VM situations I think it is a perfectly reasonable assumption to make.
Re: (Score:3)
Take web services, for example. The web server ends up launching PHP or Java interpreters, which in turn launch shell commands and access databases.
Wow... really? I supposed that's one way of doing it. Most Java webservice providers just listen for network connections and do everything themselves rather than spawning new executables, but if you're truly nostalgic for old-school CGI I guess you could spin everything up and down all the time.
Re:So... no separation between system and userspac (Score:4)
So now I need 12 vm's to perform the same tasks that one vm with 12 apps used to be able to perform? No thanks.
Isn't that what IBM has been doing with VM/CMS for decades? If you have deduplicated physical memory pages, what's the problem with that? (For that matter, am I the only one to whom this looks like a remake of VM/CMS?)
Re: (Score:2)
Nope, you're not the only one. That's exactly what I thought too.
Re: (Score:3)
It's the same thing for the most part. The big difference though is that it doesn't require an IBM z-series mainframe to run. I'm not bad-mouthing IBM mainframes. The beasts IBM sells today are rather small, very fast, very flexible, and rock solid reliable. But they use an instruction set that is backwards compatible with that of the IBM 360 series mainframes of the 1960's and their successors, not the x86 instruction set that the rest of the world is using for servers. IBM's VM/CMS has been around fo
GPL trumps BSD as a usable open source licence (Score:3, Insightful)
If the BSD licence was as useful as GPL then Linux would never have grown in the first place.
Re: (Score:3)
Correct me if I'm wrong, but isn't BSD more permissive than GPL?
Re:GPL trumps BSD as a usable open source licence (Score:5, Informative)
Yes, but not in a way that promotes growth. The BSD license is a trap for the grumpy kids who don't want to share their toys at recess.
BSD: You can do whatever you want with your modifications to this code, including close them.
GPL: You can do whatever you want with your modifications to this code, except close them.
One of these creates a positive feedback loop in which small, incremental improvements from coders who share increase exponentially. The other creates a negative feedback loop in which the improvements from those who don't share are locked away and lost. I'll leave it to you to figure out which is which.
Re:GPL trumps BSD as a usable open source licence (Score:5, Informative)
One of these creates a positive feedback loop in which small, incremental improvements from coders who share increase exponentially. The other creates a negative feedback loop in which the improvements from those who don't share are locked away and lost. I'll leave it to you to figure out which is which.
The problem with this claim is that you're simply lying by omission. (Well, there's another problem: hyperbole. "Exponentially"? Hah.)
GPL: the positive feedback loop is damped by the unattractiveness of the license to many potential contributors, particularly GPLv3. Fewer participants equals less resources spent developing the project.
BSD: the claimed negative feedback loop almost doesn't exist. Many of the entities (the same ones who have issues with GPLv3) whom you GPL zealots assume would just take everything private actually tend not to. Why? Because the reason they're using open source in the first place is to reduce their own workload, and maintaining a private fork of a public codebase turns out to be a lot of work. If you want to take changes from the public version, you're in permanent merge hell (because nobody in the outside world knows or cares about your local changes). If you want to fully fork and ignore the public version, now you're responsible for maintaining everything on your own. In most cases it's substantially less work to contribute your changes back to the public version.
Basically the only time this actually happens in the BSD-licensed world is when someone decides "to hell with it, we don't care how much we have to spend, we're going to go all the way private".
(All of the above is equally true of GPL-licensed code. GPL zealots are only assuming that their preferred license is required to create sharing. In reality, productive sharing is always an outcome of shared interests between all the parties involved, not the license.)
Re:GPL trumps BSD as a usable open source licence (Score:5, Insightful)
And you've set your entire argument up in a biased fashion too.
A claim which is possible but largely lacking in evidence.
Additionally unfounded. Given that BSD sources can be downloaded, modified, and their changes never see the light of day the loss of information is virtually guaranteed. Not to say it doesn't happen with the GPL, but it's actually a legal risk to allow it to happen.
And yet there are plenty of vendors who would do just that if it suited their purposes. Your argument for staying upstream is entirely logical, but then, many corporations are not run in a logical fashion.
Would you ever know?
Nothing worse than responding to a reasonable post with an invective.
But only so far as it suits their business interests. The GPLv3 was created to further advance its goals which have always been to ensure the software is free and that the recipient of the software is never encumbered by whomever they receive it from.
Re: (Score:3)
there is no requirement to release modified GPL source unless you publish the binary in a form described by the GPL. There are a lot of "internal use" scenarios where modifications will never be published.
Indeed -- every place I've worked in the last 20 years has modified GPL code, and used the modified versions internally, while only rarely publishing those modifications externally. Declining to publish those changes is perfectly legal, and matches Stallman's original intent of the GPL as well -- namely that users have access to the source code of programs they are running.
Over time, many people have come to believe that modifiers of GPL should always publish their modifications. (Some sloppy license read
Re: (Score:2)
Oh, the irony. Let's conveniently ignore the fact that OSv is based on FreeBSD.
Re: (Score:3)
Re: (Score:2)
Many true things upset people. Political correctness is a curse that corrodes democracy.
It's much more damaging than Trolls.
Re: (Score:2)
Re: (Score:2)
iOS is released under a copyleft license that allows one to modify, rename and resell it?
Did noone think to tell Apple about this?
iOS is NOT BSD.
BSD allows anyone to take something that is BSD and turn it into NOTBSD, at which point, it is.... dun dun dun... NOT BSD.
Re: (Score:2)
Just because it was based on BSD does not make it BSD. BSD is the freedom the license gives, which iOS does NOT give.
Re: (Score:2)
Re: (Score:2)
You're going to go with that lameness? Seriously? You are a couple years late for that since Android has popped that little bubble.
He's still waiting for confirmation from netcraft.
Re: (Score:2)
And how much of Android code is GPL-licensed? The kernel, yes. But even their libc (Bionic) is BSD already.
Re: (Score:2)
An example that is mostly immaterial given that the biggest driver of Android adoption has been the fact that Google has been behind the effort.
Re: (Score:2)
Yes - and I think it's rather telling that for those parts of the system that Google wrote themselves, they used BSD, and not GPL.
In fact, is there anything in AOSP that is GPL-licensed aside from the kernel?
Re: (Score:2)
BSD is great for wannabe Robber Barons.
Indeed. The idea that someone would write some good code and then voluntarily just give it away to anyone who wants it is silly. If you want to get contributions back in return for your freely available code, GPL is the only viable strategy. That's why no-one ever gifted their code to others before the GPL was published, why there is no code out there today that uses dumb licences like BSD and there won't be tomorrow either, and why even if there were it would all come from single individual contributors wi
Zing (Score:3, Interesting)
I wonder how well it will fare against Zing (http://www.azulsystems.com/products/zing/faq)
Azul decided to go with route of extending vanilla linux with some kernel modules to provide extensions for most critical things, rather then replacing entire system and making custom jvm to utilize these extensions. I have a feeling that it is a lot better approach than using custom OS with plain jvm which is not aware of extra capabilities (if there are any...).
Running jails/containers/zones (Score:3, Informative)
pretty much accomplishes the same thing with even less overhead and without adding yet another layer of software.
Re: (Score:3)
Re: (Score:2)
With a container you still have the kernel-user boundary to cross on each syscall. I guess with OSv you could potentially optimise the whole OS, libc and application down into a single binary. Yes, it's interesting how this is developing -- Docker as well. Having lightweight containers or OSes like this is really taking off. I guess there may also be a bit more guaranteed isolation running it with OSv, less risk of a kernel bug leaving an exploit path, i.e. the isolation is at a different layer.
Re: (Score:2)
"What other OS quickly installs to an integrated shared filesystem, does cluster-wide isolation/sharing/balancing of most major system resources, and can move running applications from one node to another in a cluster with almost no impact?"
Sounds like you are describing VMS. VMware moves operating system instances, not applications.
a C++ kernel (Score:4, Interesting)
Another refreshing feature of OSv is that is written in C++.
It's been 40 years since Unix was (re)written in C, and the time has
come for something better.
C++ is not about writing super-complex type hierarchies (as some people
might have you believe). Rather, it allowed us to write shorter code
with less boiler-plate repetition and less chances for bugs. It allowed
us to more easily reuse quality code and data structures. And using
newly standardized C++11 features, we were able to write safe concurrent
code with standard language features instead of processor-specific
hacks. And all of this with zero performance overheads - most of C++'s
features, most notably templates, are compile-time features which result
in no run-time overhead compared to C code.
You end up taking the bad with the good. And some features in C++ are worth avoiding when you're outside of a nice big userspace runtime. Like exception handling, especially for classes that use multiple inheritance.
L4 is a microkernel and hypervisor designed specifically to run an OSlib in a virtual environment with very little overhead. It seems to me that some things about L4 are very compatible with visualization, being that most drivers in L4 operate as a virtualized environment rather than a process.
Re:a C++ kernel (Score:5, Interesting)
Fortunately, with C++ you aren't required to use any particular feature, and don't pay a penalty for anything you don't use.
Furthermore, the alleged performance penalties that a lot of C programmers think exist in C++ actually don't.
Re:a C++ kernel (Score:5, Insightful)
Then explain why would you use C++ instead of C? If you are just going to cut it down to things C does? If you are going to do things C can't, then you will have the performance penalities. Your statments are not really valid.
Because there are cases where you are manually creating a construct in C, that is handled automatically by the compiler in C++.
Take virtual methods for example. The linux kernel is chuck full of structures filled with function pointers. That is a virtual method in C++, except in C++ you don't have to worry at runtime if the function your calling is NULL because the compiler assured that during compile time. This allows micro-optimization, and more natural error handling. Plus, the syntax is standard, so that every 3rd driver writer isn't creating their own version of the same thing.
Then there is generic data structure management. The kernel is full of macros for RB trees, linked lists/etc. Using templates for this allows better micro optimization without the programmer having to get involved.
There are a lot of reasons, and most of the negatives can be answered with, a the simple statement, don't use that feature.
Off the pig! Time to get rid of OSs on VMs. (Score:5, Insightful)
This is a language-support library. It replaces the C runtime system, and the bottom levels of the Java runtime system. For environments where a virtual machine is running one program, or a family of tightly related programs, that's all you really need. The real operating system is the hypervisor underneath and the remote management tools that run the cluster.
Linux, with millions of lines of code, just isn't doing much inside a VM. It's not managing the memory. It's not handling real devices. It's not handling real interrupts. It may not even be managing any file systems - in cloud environments, those are usually out on some storage area network. It's just a big fat pig of an OS that needs to be fed patches and attention to keep it going, while not doing any useful work.
Within the virtual machine, there are no security boundaries. This may be a problem if more than one application is running in the VM. But if you only have one big program with many threads running, the OS isn't doing anything for you in security anyway.
Re:Off the pig! Time to get rid of OSs on VMs. (Score:4, Insightful)
So it's like DOS running on a VM. Yay!
Re: (Score:2)
But it's "in the cloud"!
"I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror, and were suddenly silenced. I fear something terrible has happened."
Re: (Score:2)
Except it's multitasking, and can handle more than 640kB of memory without arcane magic.
Re: (Score:3)
A very large number of cloud servers out there are running a bunch of Java applications inside a single application server inside a single JVM. The entire Linux kernel, virtual filesystem, daemons, user commands, etc, are just along for the ride. Having a barebones operating system that is just enough to run a JVM application server would fill a need for a lot of people. It's not a panacea and it's not the right choice for most virtual servers out there, but for some it makes a whole lot of sense.
I find it
Re: (Score:2)
The entire Linux kernel, virtual filesystem, daemons, user commands, etc, are just along for the ride.
A JVM relies heavily on a kernel for scheduling, storage (journalling, RAID, LVM, etc.,) network stack (IP stack, filtering, bridging, etc.) and virtual memory management, at least. All of those capabilities must exist; they weren't created because someone was naive. Either they land in some library used by the guest JVM or they land in the hypervisor.
This isn't to say the now 40 year old IBM LPAR model is wrong. It clearly works, and VMWare is independently evolving into the same thing. But there are
Re:Off the pig! Time to get rid of OSs on VMs. (Score:5, Insightful)
The thing they have "invented" is called RTOS. Typically, an RTOS is a simple kernel that is not using any memory protection features. That's how they started, at least - but over time some RTOS got separation between userspace and kernel space. VxWorks, for example, offered that option back in the year 2000.
Separation of one and the other is not just needed to protect from hackers. It creates a stable, reliable supervisor ring (hello, SVC command from IBM/360!) that can do whatever it wants to the userspace, whereas the userspace can't do anything to the supervisor. This allows the kernel to start, stop and monitor userspace applications, guaranteeing system integrity. If you don't have that, any bug, anywhere, can create unpredictable and undetectable faults within the system - and you will never know until the thing crashes horribly, which will eventually happen.
Re: (Score:2)
I think I have a good idea what an RTOS is, having worked with them for about 15 years by now. I understand what you are saying; however it's backward. An RTOS, even on as simple as FreeRTOS, will do just fine to run "an application" in a VM. The fact that an RTOS usually comes equipped with real-time capabilities will not hurt anyone.
So, in other words, you are right - they may have not invented an RTOS - they haven't gotten that good yet :-)
XKCD is relevant... (Score:3)
http://xkcd.com/927/ [xkcd.com]
Re: (Score:2)
"Those who don't understand Unix are condemned to reinvent it, poorly." – Henry Spencer
DO NOT TRUST THE CLOUD!!! (Score:2)
Why use Java? (Score:2)
If you're having performance issues, then C++ would offer a more efficient solution. Why jump through all these hoops to boost Java performance? Just use C++ and get twice the performance instantly with Linux. I tend to agree with the AC that the language issue is overblown. With practice programming is about the same level of difficulty with most languages. C++ does a pretty good job at compile time checking, interfaces directly with the system calls and offers nearly all the performance you can get f
Re: (Score:2)
If you go around telling your clients that they are idiots for using Java and should just switch to C++, you'll be out of business pretty quickly, regardless of whether it's true or not.
As to why they would want to use Java... it's because there are far more reasonably god Java developers out there, and they are cheaper, too.
Re: (Score:2)
That isn't true (in the general case) and it hasn't been for many, many years - can't tell if you're trolling or just ignorant. There are plenty of operations for which a JVM is actually faster than a C process (for example, Java new() is faster than malloc() [ibm.com]), and Hotspot runtime optimization has acce
Re: (Score:2)
Java new() is faster than malloc because it's caching memory. C obcache is faster than Java new() and if you extend C or C++ with garbage collection / memory caching instead of making slow kernel calls to allocate more memory then C and C++ win over Java. You picked the WORST possible speed comparison.
Further, Runtime Optimization DOES NOT have more information about how the code will be used. Many hosting environments have GCC (even crappy shared hosts), with which you can build your program --MARCH=
Re: (Score:3)
There are plenty of operations for which a JVM is actually faster than a C process ... and Hotspot runtime optimization has access to a lot more information about how code is actually being used than static compile time optimization - the difference that makes can be remarkable.
Very interesting, and oft cited as a defense of Java's speed. Now show me the benchmarks.
there are a great many applications out there for which converting to C++ (for example) would not give any kind of performance boost (and may even be slower)
Actual experiments and measurements?
Re: (Score:3)
Why jump through all these hoops to boost Java performance?
Because Sun's marketing department was better than AT&T's marketing department.
OSes are dying (Score:2)
This or something like this will be huge. I remember arguing against linux. Why would anyone want to install that? It's crap written by some college kid. I was extremely wrong, but I learned quickly after Solaris kept getting crappier and crappier.
Re:Nah. (Score:5, Insightful)
I'll take my server OS tried-and-tested, thanks.
Even moreso - I prefer my server OSes to have that kernel/userspace separation. Sometimes that's the last line of defense against a fully-compromised system (see also, say, the typical crappily-coded PHP "application" that has the typical great big security hole (or four) in it...)
I get the drive for making the OS as thin as possible, but sometimes folks need to stop and think it through a little before they commit to doing it at all costs.
Re: (Score:2)
I'm not so sure about this. If an important userspace application, or actually any application, has been hacked, I consider the machine tainted for all future. I'm not going to patch the holes up and keep running, because any file could have been modified and finding out which ones is just much more work than to fire up a new clean machine. If you're running a webserver and it's broken, you have in fact a fully compromised system since the only thing running on that virtual machine is the webserver.
I can s
Re: (Score:3)
It's a very good idea, with more finite applications in the real world. Think about it:
1) low, low, low attack profile
2) your kernel and outside perimeter better be perfect, but this is true in the real world anyway
3) less fuss and muss
4) low, low overhead instead of having to strip out init.d junk and daemons-without-a-cause
5) nice paravirtualization instead of sloggy driver emulation
6) modifiable kernel that can be altered so that memory entrance points can be scrambled up easily to prevent addressing hij
Re: (Score:2)
I get the sense that there isn't much of a system to compromise with this since it is only running a single process.
Re:Nah. (Score:4, Insightful)
This is for the scenario where said last line of defense is meaningless. When your VM is, essentially, all about running a single process, like a webserver, the only thing that's behind the aforementioned last line is the kernel itself... and nothing else. In other words, there's no practical difference here between one particular userspace process being compromised, and the entire OS being compromised, since that process is the only thing that matters. It's also not a situation where you try to clean up the system if it has been compromised - you just scrap the VM and re-create it from a snapshot.
Re: (Score:3)
In the real world, people are doing what these guys do already, except they use Linux as a guest OS as well. That's why the project got started in the first place - to improve efficiency of a very real use case that's already there.
Re: (Score:3)
Sure it can be running just a single application.. But the thing is that a system usually interconnects with other systems so if a system gets fully compromised then it can be used to gain access to more systems...
If the only thing that system is running is a single process, then the only interconnects with other systems that one has are the ones used by that process. So if you can break into the process, you can already sniff and control any of that - authentication information, etc. The worst case here is that an attacker can take down / take over several worker processes rather than just one; but from a security standpoint it matters little since they are all on the same privilege level. And if you're doing that k
Re: (Score:2)
Wow, two AC FPs in one day that were not only ontopic but good comments!
A glitch in the matrix?
Re: (Score:2, Funny)
Looking for holes in windows is like looking for saltwater in the pacific ocean.
Re: (Score:2)
They claim it runs a JVM, but the source code of this JVM is nowhere to be found. Where is it?
It runs any unmodified Linux JVM. You don't need any special JVM source code - just take OpenJDK from any Linux distribution, or Oracle's JVM, and run it inside OSv.
Re: (Score:2)
Re:It's just syntax. (Score:5, Insightful)
Re:Sorry, you're wrong. (Score:4, Interesting)
Implied ad-hominems aside, while I am "just a programmer", I did receive formal CS training. But that is neither here nor there.
I won't dispute that there is no one language that is going to be ideal for solving all problems, but it's entirely erroneous to presume that for certain types of problems, some languages are going to be better than others simply because the syntax of the language makes the solution more elegant to express and makes the resulting source code easer to understand.
This ease of understanding almost immediately translates to a faster development cycle, resulting in the end user receiving the product earlier, and in general will also mean that the software is less likely to contain unknown bugs (barring unknown bugs in the language implementation on the target architecture or bugs in the software development environment itself), so those choices can even impact the end user, even though they are unlikely to necessarily understand how, or even necessarily be aware of them.
Just because you *CAN* do the same thing in any imperative language that you can do in one particular one does not mean that they are all equally good choices, Choice of programming language should be less about making everything look like a nail because all you have is a hammer and more about picking the right tool for the right job.
Your prof was right... language choice is "just syntax"... but in the real world, "just syntax" makes a world of difference.
D'OH hit submit too soon! (Score:3)
Re: (Score:2)
Someone who is skilled in C can pick up Perl and C++ quite quickly
Spoken like someone who hasn't actually programmed in C++. I was very good in object pascal, C, and quite a number of other languages when I first started programming in C++.
Lets just say that "quickly" isn't a description I would have for myself or anyone I've ever met when it comes to how long it takes to "pick up C++". Sure, you might be able to write some code in C++ after a couple days, but that code probably isn't worth the price of the
Re: (Score:2, Informative)
C++ allows for much better modularity and for programming on a higher semantic level than C. This boosts security, productivity, correctness and sometimes even performance. But yeah, you need to know algorithms and complexity, you need to know how the machine will implement your stuff, you need to know the machine itself and its performance characteristics. C++ does not magically improve the efficiency of an idiot. But the same experienced guy doing C and then C++ will be significantly more productive in C+
Re: (Score:2)
Re:Cue Linus in 3..2..1 (Score:5, Informative)
Where are they "badmouthing" Linux? All they said was that Linux is over-kill for running a single application within a VM. Linux and OSv are different tools for different purposes.
Re: (Score:2)
Where are they "badmouthing" Linux? All they said was that Linux is over-kill for running a single application within a VM.
Considering we used to run Linux and our applications in 32MB of RAM and 64MB of Flash in embedded systems, I have a hard time seeing Linux as over-kill for running anything in a VM. The application will probably require more RAM and CPU than the kernel.
Re: (Score:2)
Considering we used to run Linux and our applications in 32MB of RAM and 64MB of Flash in embedded systems,
Tee hee. My first Linux box was a 386DX25 with 8MB of DIP DRAM and a 1MB Trident ISA VGA card. I did have a whoppin' 120MB of HDD, though. I have run GPE on iPaq (Familiar) but I've got a 128MB+WiFi CF plus the SD slot.
Re: (Score:3)
Where are they "badmouthing" Linux? All they said was that Linux is over-kill for running a single application within a VM.
Considering we used to run Linux and our applications in 32MB of RAM and 64MB of Flash in embedded systems, I have a hard time seeing Linux as over-kill for running anything in a VM. The application will probably require more RAM and CPU than the kernel.
We used to run Linux on a hell of a lot less than that. But that was a different Linux.
Re: (Score:2)
You're getting old [wikipedia.org].
Re: (Score:3)
Re: (Score:2)
Indeed. They've basically re-implemented the amazing idea of running multiple applications on one machine with a security layer to stop them from interfering with each other.
If they don't have any real security inside the VM, they might as well just get rid of it. The underlying OS will probably be Linux anyway, so they're trusting Linux security in the first place.
Re: (Score:3)
A single process can contain multiple threads. Without some level of protection there, this kind of thing could be more vulnerable to code injection attacks, allowing a perp to own the whole VM. If they do this without upsetting the process in any visible way, they can now just soak up all the data that the VM is having shoveled through it.
Without a kernel space inside the VM looking for untoward behavior from the threads in userspace, and enforcing restrictions on who owns what resources, this is a recipe
Re: (Score:3)
A single process can contain multiple threads. Without some level of protection there,
I hate to break it for you, but there's no level of protection between threads in a single process, on Linux or any other mainstream OS. Threads are, by definition, sharing the address space, so any thread can crap over any other thread.
Re: (Score:2, Interesting)
It is worth mentioning that it is an Israeli-developed system (even if you didn't read the article, the names as noted in the summary are a dead giveaway), and we all know how chummy the Israelis are with the NSA. Of course there's a goddamn backdoor in it!
-- Ethanol-fueled
Re: (Score:2)
Not sure what you mean by this. OS9 and anything previous to that has nothing to do with BSD.
OSX was a completely new start. "Virtually all old devices and OS's ever" is most definitely not BSD.
Re: (Score:3, Interesting)
You are holding your C++ "howto" book the wrong way. Of course you need to be highly educated to properly use C++.
But if you have reached that level, you can do things like generic container classes which have bounds-checking, for example. Or your own string class with similar properties. That will immediately kill about 30% of current exploits, as they depend on all the shitty aspects of *real-world* C software-engineering.
Security is by now the most important issue in applied computer science. C++ helps y
Re: (Score:2)
OSv certainly appears to be a derivative of FreeBSD (see https://github.com/cloudius-systems/osv/tree/master/bsd [github.com]).
Re: (Score:3)
With virtualization becoming pervasive I wondered how long it would be until people started looking at the bits of an OS that were rendered legacy because they were required for running on "bare metal".
About 41 years ago: http://en.wikipedia.org/wiki/VM/CMS [wikipedia.org]