Re: POSIX

[olafBuddenhagen]

Hi,

> > Mind to point me to those? The best I know are GNU/Linux and some
> > BSD variants. Quite frankly, they all suck.
> 
> Just for the record, I don't agree.  GNU/Linux works very, very, VERY
> well in many contexts.  We can start nitpicking, but we should not
> forget that in terms of usability, it offers quite a lot.

Well, it's lucky for you if you are so easily satisfied; but it's
unlucky for the Hurd project...

As for me, GNU on Linux falls so much short of a system I would consider
good, this isn't even funny. (*Particularily* in terms of usability!)

No wonder this project isn't going anywhere, with the core developers
lacking a vision of what the Hurd has to offer. I really wish you would
come to my presentation; maybe I could give you at least a slight idea
of what vast possiblities I see in the Hurd design, why I'm interested
in it in the first place.

Mind you, all of them fit perfectly well in Hurd's POSIX++ approach.

> If all I get is POSIX, I am quite happy with GNU/Linux,
> thankyouverymuch.

POSIX is not all you get. You get a great wealth of stuff beyond that,
and you know it.

But POSIX is the center of the GNU universe. Some applications might
stride quite far from it; but in any standard setup, POSIX definitely
remains the heart of the system. This may change over time, but don't
expect that to happen fast.

> What we have found out is that you can not extend POSIX in a perfectly
> compatible way at the lowest level of the operating system, and still
> fix its problems.  The problems with POSIX are inherent in its design.

We do not need perfect compatibility. And that gives us a lot of room
for fundamental improvements under the hood.

> Note that even the Hurd on Mach agrees with this goal: It has a native
> system (Mach, and the Hurd servers) and then a compatibility layer on
> top of it (the Hurd servers and glibc).  It's just that the "native
> system" we have on Mach sucks vehemently.

What you are missing here is that there is really no "native system" in
Hurd on Mach. There is only a very small system core that is completely
independant of POSIX. There is no "compatibility layer" on top of some
other complete system; the compatibility is built *right into* it!

If preservation order gives us just a little room, we can replace the
foundation and the basement, build new rooms and passways and walls and
pillars; but in the renovated building, POSIX will still be the entry
end the heart; containing the living room and the bedroom and the
kitchen. The more adventurous will happily explore all the new parts of
the building; but those who do not want to, should still feel
comfortable.

We know by now there are some fundamental problems with the original
Hurd design. But what it proves impressively, is the possibility of
creating a system that looks almost like POSIX, while improving on
features, usability and architecture.

Whatever the new Hurd design will look like, this is the one distinctive
feature that absolutely MUST be preserved.

> There are basically two models I have in mind.  I think both models
> can be supported by the same implementation.
> 
> The first model is a POSIX server per POSIX process.  This would mean
> rather tight integration.  For example, you could run one POSIX
> process on your desktop, among other native applications. The POSIX
> process gets certain capabilities, and is hopefully confined.
> 
> The second model is a POSIX server for several users.  This would
> basically emulate a complete Unix environment.  In this environment
> you could configure multiple users.  You would have a system
> administrator and individual users.  You could install a complete
> operating system like Debian (with a bit of effort).  The whole system
> would be confined.

Both of your models miss the point IMHO. We do *not* want POSIX in a
reservation and some completely different "native" interface as
alternative. I doubt it was ever intended to create a completely new
interface for the Hurd. Forget it. It won't work. Hackers won't program
for something completely new. Users won't use stuff that does not fit
their world view.

What we need to do is refactor POSIX *from within*. With the right
mechanisms, we have various possibilities to replace important system
components by more secure and usable alternatives in unintrusive ways;
we have possibilities to introduce confinement of untrusted stuff while
still presenting something that to the user looks like a familiar POSIX
system with some nice extensions. Moreover, we can do it gradually. It
isn't all or nothing.

-antrik-