Weekly Edition
Return to the Press page
| |||||||||||||
Europe Funds Secure Operating System Research (PCWorld)
PCWorld is reporting that funding for Minix research has been extended for five more years through a grant from the European Research Council. "The €2.5 million (US$3.3 million) grant will fund three researchers and two programmers, said Andrew S. Tanenbaum, a computer science professor at Vrije Universiteit in the Netherlands.
[...]
Tanenbaum developed Minix, an operating system based somewhat on Unix that has a small code base and implements strong security controls."
(Log in to post comments)
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 27, 2009 21:23 UTC (Mon) by kragil (subscriber, #34373) [Link]
Not a lot of Fins in Brussels ;) Sponsoring microkernels .. pfft.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 27, 2009 21:24 UTC (Mon) by clugstj (subscriber, #4020) [Link]
Wow, he's still milking that thing!
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 27, 2009 22:02 UTC (Mon) by epa (subscriber, #39769) [Link]
Minix 3 is quite different from Minix 2 (which I remember hacking on for a university project)... check the website. And yes, it is free software.
Minix 3 - the Raccoon is on the loose Posted Apr 28, 2009 1:16 UTC (Tue) by pr1268 (subscriber, #24648) [Link] Yes, it's free, albeit a BSD-style license. Yet, I gather (from interviews, the Minix 3 Web page, and such) that Minix is still geared more for academic purposes and less for Andrew Tanenbaum's commercial gain1. Not that I'm complaining, though; I like to think that Linux would not exist if it weren't for Minix and AST's scholarly OS texts. 1 Er, Minix 3 appears substantially more commercial distribution-friendly than its predecessors, according to the FAQ page.
Minix 3 - the Raccoon is on the loose Posted Apr 28, 2009 1:51 UTC (Tue) by einstein (subscriber, #2052) [Link]
> I like to think that Linux would not exist if it weren't for Minix and AST's scholarly OS texts.
Linux would in all likelihood be fine, much as it is today, because the fundamental design of linux was not taken from Tannenbaum, but from Maurice J Bach in "The design of the Unix Operating System" -
Minix 3 - the Raccoon is on the loose Posted Apr 28, 2009 3:27 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246) [Link]
It may have come along later, though. As I recall, Linus bootstrapped his system from Minix (ie. cross-compiling, etc.), and even used Minix's filesystem as Linux's filesystem at first.
Had their been no Minix, he would have needed to start from a different base OS. 386BSD (which later evolved into the FreeBSD/NetBSD/OpenBSD we know today) was also just getting started in that timeframe. Maybe he could have cross compiled with DJGPP or someting, but... ew?
I guess in any case he still had a GNU userland, so who knows, it may not have been much of a setback. Linux was self hosting pretty quick as I recall.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 16:44 UTC (Tue) by bandan (subscriber, #35763) [Link]
It is free but not quite open. I wrote a simple IPSec suite for Minix3 around a year back as part of my school project. The Linux bug made me want to contribute back this code to Minix3. What happened later was a series of emails to people and to the googe groups mailing list with no replies. No one has any idea who is working on what. Finally, I got a reply from Andy stating they were making big changes to the core network code and I should wait a while. I waited a while and then lost interest.
Yes, it's a good research OS though.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 27, 2009 21:35 UTC (Mon) by cma (subscriber, #49905) [Link] Too bad...I think they should be funding something open-source projects like open-office, etc. Something that is being a real-world experiment like linux kernel...
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 27, 2009 22:36 UTC (Mon) by marcH (subscriber, #57642) [Link]
> Too bad...I think they should be funding something open-source projects like open-office, etc. Something that is being a real-world experiment like linux kernel...
"Research" grants are geared towards long term projects fundamentally departing from existing solutions. Some research projects can be based on "real-world" software like Linux; but some others simply cannot.
I wish my taxes also fund development of non-research, shorter term free software. Ideally both have their place.
And by the way: http://www.cs.vu.nl/~ast/reliable-os/
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 27, 2009 23:23 UTC (Mon) by jordanb (guest, #45668) [Link]
Interestingly those devices (at least Cars) already have sophisticated but very robust software in them, including RTOSes, using things like Ada and MISRA-C.
I'm tangentially interested in High Integrity software and I don't recall seeing Dr Tannenbaum's name come up. I'm also not sure that's really a ripe area for "blue sky" research, particularly when talking about operating systems. The real areas of research focus in High Integrity software has to do with better ways to annotate and statically check (and prove) code, both to be more reliable and reduce the cost of of the verification process.
And they are factually wrong Posted Apr 28, 2009 5:48 UTC (Tue) by khim (subscriber, #9252) [Link] TVs don't have reset buttons Yes, they do. Cars don't have reset buttons. They don't but then they have no need: you can just disconned the battery. I've certainly seen this often enough. Cars often have several systems - they are physically disconnected. One if used to drive the engine, another - to show the map to driver and do gazzilion things. First one is quite reliable (it must be certified, etc), the second one... may be Linux-class. Sometimes even WindowsCE is used! Steroes are too simple to have as OS...
And they are factually wrong Posted Apr 28, 2009 11:38 UTC (Tue) by tnoo (subscriber, #20427) [Link]
>> TVs don't have reset buttons
> Yes, they do.
The Volkswagen beetle can be reset by locking/unlocking the doors with the
And they are factually wrong Posted Apr 28, 2009 12:25 UTC (Tue) by efexis (guest, #26355) [Link] "Cars don't have reset buttons"And don't we know it! My parents car crashed once, that was annoying. They couldn't unlock the doors (central locking), open windows (electric), start the engine etc. Think they had to climb out through the back or something (people carrier rather than car, so wasn't too tough). They had to disconnect the battery to reset the system, then take it to the garage to get the logs looked at and the system patched. They were fortunate it didn't happen on motorway or something! Was still a pain though.
And they are factually wrong Posted Apr 28, 2009 13:11 UTC (Tue) by mrshiny (subscriber, #4266) [Link] My parents car crahsed once Unfortunate choice of words :) I had to read the entire post to figure out that you weren't being facetious
And they are factually wrong Posted May 3, 2009 4:10 UTC (Sun) by efexis (guest, #26355) [Link] "Unfortunate choice of words"Haha no quite deliberate :-)
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 14:05 UTC (Tue) by cma (subscriber, #49905) [Link] >>I wish my taxes also fund development of non-research, shorter term free software. Ideally both have their place. >And by the way: http://www.cs.vu.nl/~ast/reliable-os/ Sure, as well other people want their taxes to fund other projects... That discussion about micro-kernel vs monolithic-kernel will end when MINIX or other micro-kernel based ends up in large production environments in real world, besides that, is just theory. Tell this why Google is using Linux kernel for it's android backend or Nokia investing on Linux or even Alcatel on their network products where not too far ago, they were using micro-kernel based backends... IMHO, I think, based on today's perspective about how hard is to earn money, they should invest on *practical* and real *free/libre* production environments. - cma
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 18:24 UTC (Tue) by man_ls (subscriber, #15091) [Link] TVs don't have reset buttons. Stereos don't have reset buttons. Cars don't have reset buttons.Not a very good argument IMHO. Mobile phones don't have reset buttons, and yet they hang all the time -- turning them on and off again (in true computer fashion) fails too often, to the point where the battery has to be taken off. Reset buttons are good, people! Taking a machine back to a known, predictable state is a computer advantage.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 30, 2009 10:07 UTC (Thu) by marcH (subscriber, #57642) [Link]
[Two answers in one]
> That discussion about micro-kernel vs monolithic-kernel will end when MINIX or other micro-kernel based ends up in large production environments in real world, besides that, is just theory.
It is for real, please read references.
> > TVs don't have reset buttons. Stereos don't have reset buttons. Cars don't have reset buttons.
These were good examples before unreliable computers pervade formerly reliable devices. This pervasion is happening probably because in many cases people prefer a lot of features with a big reset button rather than few features without one.
This research is basically about having one independent reset button per feature. But maybe consumers are not interested/pushing enough for this to ever happen in non-professional products? Or maybe at least for cars? ("your CD player broke, please pull over immediately"...)
Many reset buttons? Posted Apr 30, 2009 18:50 UTC (Thu) by man_ls (subscriber, #15091) [Link] This research is basically about having one independent reset button per feature.From a previous Tanenbaum article, I thought that it was about the operating system automatically restarting those features which are malfunctioning? Otherwise I don't really see the usefulness... Your typical admin cannot be monitoring every feature on the server to restart those that fail, and if the system knows they are failing why not restart them itself?
Many reset buttons? Posted May 1, 2009 9:06 UTC (Fri) by socket (guest, #43) [Link] ...and if the system knows they are failing...
Many reset buttons? Posted May 1, 2009 10:41 UTC (Fri) by man_ls (subscriber, #15091) [Link] I was thinking more along the lines of an oops or a crash. But infinite loops are another interesting case. Unless you are using Linux (which, as we all know, does infinite loops in under 5 seconds) then it cannot be mathematically proven whether a loop is infinite. Fine. Still, you can use heuristics to infer if a system is working properly. E.g. unless the braking subsystem in the car is responding in under 10 ms then we are in trouble -- and it should be restarted. Real-time systems make that kind of guarantees, so they would not be out of line for a critical system.
Many reset buttons? Posted May 1, 2009 19:16 UTC (Fri) by marcH (subscriber, #57642) [Link]
Automatically restarting sounds like the cherry on top of the cake. But even before automated restarts you have to make the fine-grained reset buttons available in the first place. The automation needs something to press on.
Moreover I see value in manual fine-grained restarts for consumer (sysadmin-less) devices.
Many reset buttons indeed Posted May 1, 2009 20:33 UTC (Fri) by man_ls (subscriber, #15091) [Link] Sounds quite reasonable. Sorry if I misunderstood you.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 12:41 UTC (Tue) by clugstj (subscriber, #4020) [Link]
Linus (and Linux) will never be the recipient of a grant like this for at least these three reasons:
1) He doesn't have a Dr. in front of his name
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 15:28 UTC (Tue) by trasz (guest, #45786) [Link]
4) There is no point to talk about security in case of a kernel that has about as many kernel holes as
Windows, and it cannot really be fixed due to organisational and architectural reasons.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 15:31 UTC (Tue) by leoc (subscriber, #39773) [Link] Linux already has been a recipient of EU money for research. And that's just from a 1 minute google search.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 27, 2009 22:36 UTC (Mon) by jd (guest, #26381) [Link]
I'm not entirely sure what needs researching, so if someone could enlighten me, I'd be truly grateful.
We already know that security kernels (kernels within the OS kernel that do nothing but security) are fundamental to being able to achieve verifiable security.
We also know, from current experience with Linux and everything learned from the era of B-class Orange Book OS' like Trusted Solaris and Trusted Irix, the drawbacks and benefits of a fairly wide range of security models at the host level. Ok, not every possible model, and there is probably some excellent work yet to be done there, but I don't see it being five years worth.
Finally, we know from the current experience with OpenBSD, what can be realistically achieved through software audits alone.
Ok, yes, there's not a lot of work in secure clustered OS' and the migration of security labels across, say, MOSIX- or Beowulf-type clusters, but Minix would not seem to fit into that arena at this time, as best as I can understand it. So what is being researched?
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 27, 2009 23:06 UTC (Mon) by tialaramex (subscriber, #21167) [Link]
I think this work is centred on what you'd perhaps call "reliability" or even "availability" rather than "security". Not everyone when using the word security, thinks of Orange Book and guys in black hats.
But it has security (in the sense you mean) implications too. My front door lock doesn't have a reset button either.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 0:19 UTC (Tue) by MisterIO (guest, #36192) [Link]
I guess the main point of Minix is that most of the system is implemented through separate processes, which, in case of malfunction, can be restarted by the controller process. Now maybe the point is : If something is known to be malfunctioning, is it really a good idea to restart it? Or is it better to signal the malfunction(OOPS) and stop working(or going on if it's not serious)? In the end, even if you center your point of view on reliability, the main technical point remain : Microkernel or Not?
Anyway, I don't know of any real world example where Minix3 was chosen instead of Linux.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 3:10 UTC (Tue) by JoeBuck (subscriber, #2330) [Link] You're on a space station, and the life support system detects a malfunction in itself. Saying "OOPS", crashing, and waiting for the sysadmin to fix the problem might not be the best solution when the sysadmin is passing out for lack of oxygen.On the other hand, having a system that's already corrupted to try to heal itself could be tricky and risky. Perhaps we should invest a bit in researching this problem.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 6:49 UTC (Tue) by NAR (subscriber, #1313) [Link]
Well, Erlang already does this for about 15 years, probably in a telephony exchange system near to you. It's not an operating system, but it doesn't really use the operating system underneath for stability.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 13:56 UTC (Tue) by donwaugaman (subscriber, #4214) [Link]
But if the OS that your Erlang system is running on is unstable, your Erlang system, no matter how well engineered for reliability, is hosed.
Or does Erlang manage to run even if the kernel panics? That would be an interesting trick. :-)
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 20:51 UTC (Tue) by drag (subscriber, #31333) [Link]
Redundancy, redundancy, redundancy.
Depending on the task at hand it's often quite possible spread tasks across multiple computers or at least design your application for failover modes across multiple machines.
I'll take a Linux cluster running on multiple commodity-based machines over a single machine running the best academic microkernel with the highest quality hardware any day of the week.
If it's in a space station I'd like to see how Minix handles having a small asteriod punching a neat hole through the middle of the computer's mainboard. I don't want crash-proof.. I want shotgun-proof. :)
-----------
But I wish Minix all the success in the world. Maybe some of the stuff that gets discovered with this grant will end up helping out in systems that people will actually use someday.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 3:34 UTC (Tue) by SEJeff (subscriber, #51588) [Link]
Agreed, in a microkernel based OS, if the thread writing dirty pages to disk (like pdflush in linux) dies and has to be restarted chances are there will still be data loss. A microkernel just makes it more complex to implement and troubleshoot if anything.
Also, with FUSE, CUSE, and libusb, many things in linux are starting to be abstracted out of the Linux kernel and more into userspace. The sweetspot (IMO) is a mix between a traditionally micro and monolithic kernel. That is where linux is heading.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 7:30 UTC (Tue) by michaeljt (subscriber, #39183) [Link]
Hear hear. Things like microkernel research are nice for, well, research pusposes in order too test out all the implications of an idea (although QNX, my first encounter with microkernels, is very nice for other purposes too), but in the end, pragmatism is nice in the real world, rather than trying to push a single idea to its extreme.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 14:32 UTC (Tue) by tjc (subscriber, #137) [Link] I'm not entirely sure what needs researching, so if someone could enlighten me, I'd be truly grateful.These are all PDF files: Construction of a Highly Dependable Operating System Reorganizing UNIX for Reliability MINIX 3: A Highly Reliable, Self-Repairing Operating System A Lightweight Method for Building Reliable Operating Systems Despite Unreliable Device Drivers
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 5:03 UTC (Tue) by Nick (guest, #15060) [Link]
Hmm, US$ 3.3m for 5 people for 5 years? I'm working on the wrong kernel :)
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 10:18 UTC (Tue) by emk (guest, #1128) [Link]
That's $130,000 per person per year, before subtracting university overhead, benefits, office space, and so on. In the US, a good rule of thumb is to divide by 2, giving $65,000 per person per year in salary. Probably more for the PI (Tanenbaum), and less for the research staff.
I'm reasonably certain that most full-time, corporate-sponsored Linux kernel hackers make more than this.
(Things might be slightly better at university with razor-thin overhead, but that's pretty rare.)
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 20:08 UTC (Tue) by JoeBuck (subscriber, #2330) [Link] I doubt if there'd be enough money to pay people that well. Don't know about the Dutch system, but at UC Berkeley university overhead was 40%, meaning that the university skimmed that much off the top before anything else. The remaining money would have to buy any needed equipment, travel expenses to conferences, benefits, insurance costs, the employers' share of taxes and so forth. By the time you start figuring out salaries you're down to about 1/3 of the money.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 21:23 UTC (Tue) by jordanb (guest, #45668) [Link]
Yeah and "salary" is nearly always the professor "buying back" his time from the University.
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 28, 2009 23:39 UTC (Tue) by drag (subscriber, #31333) [Link]
In the private sector, at least in the USA.. employees end up costing about 2x maybe even 3x as much as their real wages due to taxes, business overhead, benefits, and things like that.
Humans are not cheap...
Europe Funds Secure Operating System Research (PCWorld) Posted Apr 29, 2009 22:46 UTC (Wed) by plougher (subscriber, #21620) [Link]
It's 40% at UK universities too (or at least it was 13+ years ago when I was doing research at a UK university).
|
|||||||||||||