Neues in der Kategorie OS

Today I had to configure a MacBook Air.

What the FUCK are these MacBook Air laptops about? Why do people buy this crap? I mean, seriously - I do not like Macs, but at least normal Macs are real computers.

This MacBook Air does not have an ethernet port - what the fuck? Even the crappiest computers I know have one. And when trying to configure the Wireless, I had to notice that, with the newer version of OS X, the GUI for WiFi-Configuration has changed again - advising me to "ask my admin".

It also has no CD-Rom-Drive, you need the USB-Port for it - the only USB-Port it has! And that crappy default Apple USB CD-Rom-Drive does not work over (powered!) USB-Hubs - it only works when directly plugged in. This is a nightmare when trying to install Windows via BootCamp - you somehow want a real mouse for this.

Only few people are really willing to implement an own operating system, at least compared to the people willing to implement an own textadventure. But there are projects. Like MikeOS. A nice little OS with an elementary text editor, BASIC interpreter and an implementation of Hang Man.

Nothing special. But nice.

About half a year - that is the average amount of time I am currently using an actual operating system. And as this time is gone, I will finally switch to Windows again, from my Debian installation.

I had quite some problems with Debian, I already blogged about some of them, especially, I could not use the stable branch, which really annoyed me - the thrill at every system upgrade that could break my whole installation. Then the flash plugin failed constantly - I do not like flash, but there are times when it is basically needed, and it is still better than most of the other standards that still need to evolve.

On the other hand, Microsoft seems to have changed a lot of its policy meanwhile. I am sure soon or later they will open up Windows more and more. And especially, in my opinion, Windows is still a thousand times better than the new system that is currently spreading: Mac OS X.

Above that, when I use Windows, I usually get to know a lot of interesting new tools that make it easier to do stuff when communicating with Linux and other Unices - so when the time is near to switch to Linux (or maybe even something else, I always wanted to try some BSD) again, I will know a lot more tools which I can recommend to the people who still use Windows, to make it easier to work with them.

And, above all, playing games under Linux is still a mess, and I want to take more time playing games now, I have not played any newer game since a long time, and it is important to keep up with cultural goods.

Another really nice thing is that suspend and resume under Windows actually works - always. Well, certainly not always, but I had no crash when suspending the PC with Windows, I had multiple crashes when doing this with Linux. It is still some sort of black magic to suspend and resume with Linux.

On the other hand, when you want to share a network per wireless lan or make your computer a router, Windows can do that, but it is still a mess, without useful error messages.

After all, everything is software, and everything gets on my nerves.

Finally!

find . | grep -i ds_store | while read i; do rm "$i"; done

The rising of virtualization technology really had a boost recently, especially as a way of securing software. Put your browser into a virtual machine to secure it. Put your PDF reader into a sandbox to secure it.

         +-- VM 1 -- virtual kernel 1 -- PDF reader
         |
kernel --+-- VM 2 -- virtual kernel 2 -- web browser
         |
         +-- VM 3 -- virtual kernel 3 -- online banking

This architecture is comparably inefficient, due to the virtualized kernels. As we are using virtual machines, we can make the virtual hardware homogeneous, thus we can put the device management into the processes themselves directly, gaining a smaller memory footprint:

         +-- VM 1 -- PDF reader
         |
kernel --+-- VM 2 -- web browser
         |
         +-- VM 3 -- online banking

The problem is that also virtualizers sometimes have security holes, too. This problem can be adressed by stacking various kinds of them, so a hacker must find out the kind of virtual machine and then use the right exploit to break out.

         +-- VMa 1 -- VMb 1 -- VMc 1 -- PDF reader
         |
kernel --+-- VMa 2 -- VMb 2 -- VMc 2 -- web browser
         |
         +-- VMa 3 -- VMb 3 -- VMc 3 -- online banking

To gain a little more security, though not much, we can shuffle the kinds of VMs, so the hacker must determine the kind and choose the right exploits.

         +-- VMa 1 -- VMc 1 -- VMb 1 -- PDF reader
         |
kernel --+-- VMb 2 -- VMa 2 -- VMc 2 -- web browser
         |
         +-- VMc 3 -- VMb 3 -- VMa 3 -- online banking

Of course, this is still not satisfactory, it is plausible to assume that all sorts of virtualizers have exploits and hackers will actively use them. Using multiple exploits to punch multiple VM layers may be harder than just one sandbox, but not that much.

Usually, we assume that distinct virtual machines have distinct bugs - this is of course only plausible when they do not use the same backend. Now, during exploits, mostly some unusual things are done, and mostly the aftermath is completely different from what one would expect in a system without the exploited bug. So one approach of increasing the security is just running the same application in two virtual machines with the same input, and compare the output and the memory pages. As long as no exploit is used, they should remain equal, and as soon as they are not equal, something has gone wrong and we can freeze the machines immediately to prevent them from doing bad stuff.

Of course, to put an additional difficulty onto it, we try to make the VM graph look "random".

         +-- VMa 1 -- spawn -- VMb 1 -- PDF reader
         |              |                 |
         |              + ---- VMc 1 -----+
         |
         |     +--------- VMb 2 ---------+
         |     |                         |
kernel --+-- spawn -- VMa 2 -- VMc 2 -- web browser
         |
         +-- spawn --VMa 3 -- online banking
               |                    |  |
               +-- spawn -- VMb 3 --+  |
                     |                 |
                     +----- VMc 3 -----+

This way is already very secure, as you need to have a lot of knowledge to actually find your way to the kernel. However, we rather expect to be a few mostly equal virtualizers than many completely different ones. Which means that even this concept can be broken easily with a sufficient knowledge of the internals of all VMs.

The spawn nodes all use the innovative RPM™ (Reasoning Processing Module) technology. The crucial innovation of MazeVM™ is the Circular™ RPM™ introduced to it. It allows circular connections between virtual machines and even with the kernel itself.:

         +-- VMa 1 -- VMc 1 -- VMb 1 -- spawn -- PDF reader
         |              |                 |
         |              +------CRPM-------+
         |
kernel --+-- VMb 2 -- VMa 2 -- VMc 2 -- web browser
  |      |
  |      +-- spawn -- VMb 3 -- VMa 3 -- online banking
  |            |
  +--CRPM----VMc 3

The kernel itself can easily be tarned as an own virtual machine, and thus, we can build a complicated graph of virtual machines monitoring each other, a "maze", hence the name. In such a maze, it can be extremely hard to find a way to the actual kernel of the computer, especially if you do not see which of the many machines is not virtual - thus, in a sufficiently large MazeVM™ graph, an attacker has no chance to ever come to your actual machine and do any harm to you.

MazeVM™ is compatible with most of the modern virtualizers, including but not limited to JPC, NestedVM and JSx86. The preferred virtualizer is Parrot under Linux, and CygwinVZ under Windows.

Notice that CygwinVZ is, however, still under heavy development, and the upstream releases may not be ready for production use. MazeVM™'s version for windows therefore contains a patched, well-tested, own version of CygwinVZ.

Thinking of user accounts in unix-like systems, a lot can be done to secure the several users one from another:

• Limiting the network access
• Limiting the number of processes
• Limiting the amount of RAM
• Limiting the amount of disk space using quotas
• Limiting the access to files, especially device files
  

I can only speak of unix-like systems, but seems like the Windows-NT-Kernels have similar mechanisms, and therefore certainly similar problems.
Of course, from time to time there are privilege escalations, but bugs are not the major problem, in my humble opinion: There is quite a lot of software that breaks the barriers provided by the kernel. X11 would be an example of a possibility to break through this barrier: Let two X-Clients connect to the same X-Display, and they can send keystrokes, etc., and this is not limited to one machine either. On the other hand, of course, in the case of GUIs, there is no easy way to do it differently, if one wants to be able to take screenshots and send special events to other applications. And this is not limited to X11, as the Win-API gives a possibility to send keystrokes, take screenshots and even change some captions, and I think the Cocoa-API of OS/X allowes something similar. And while taking screenshots is hard to forbid, there are possibilities to create additional barriers, like Xnest in the case of X11.

On the other hand, there are things like DBus which form an RPC-Mechanism that also may break barriers between users. And of course, there are nice things like the setuid-bit.

Still, all of these mechanisms remain safe if used with caution. The worse thing comes from software that forces the user to remove barriers.

While it is generally a good thing to make user directories only readable, writable and executable by the current user, a common configuration of Apache, using mod-userdir, requires user directories to be +rx for at least the group, such that the user can put its content into a subdirectory www-public of his home directory. This setup is so annoying, especially in large computer pools where I do not want every other user to be able to read my local configuration. And it does something dangerous: It motivates users to be sloppy about access control. I would prefer a setup that has separated directories, maybe in /var/users, that can be symlinked into the user-directory (to make it easier for the users to handle), but are not read from there.

In general, when a user's access to system ressources is limited far enough, there should be no problem for him to run arbitrary executables, and in fact, the major problem mostly lies in the executables they want to run rather than the configuration. Thus, while I can remember that older hosting-providers gave user accounts, most modern providers give you a VPS. Ok, this is what the technical evolution brought us, and a VPS is easier to use and secure than multiple user accounts. It is simple to use multiple software distributions on the same machine, and have strong barriers between them. Often, technical progress evolves differently than intended at first.

The real question is whether the same will not happen to architectures with many virtual machines. A sufficiently cooperative operating system can already degenerate into a runtime library with the right virtualization environment. With the first companies giving up on securing their software and putting them in sandboxes, it might be just a matter of time until putting every larger application into a sandbox becomes common - which causes problems: Think of a webbrowser - with its own filesystem, you cannot easily download files and open them externally, without punching holes. But punching holes means breaking barriers, and breaking barriers usually means lowering security. The simplest configuration, and possibly the only one that unexpierienced users would accept, would be to give the virtual machine full access to your home directory (as far as I remember, that is what VMWare Fusion does, but VMWare Fusion is not meant to provide security) which makes the sandbox almost useless for security: The user will have most of his important files in his home directory.

I already wrote an article on that topic on my old blog (in German), which was, as I just noticed, inspired by an earlier article on Heise, about the same software as the one which inspired me to write this post.

I did not test the software yet: It needs at least 4 gig RAM, and it is not recommended to virtualize it -  I simply have no machine to run it currently. But I do not want to doubt the quality of this software, as it sounds like they knew what they did, and it also sounds useful, and using virtualization as one of many security precautions is ok.

I just do not like the idea of using virtual machines as a primary security precaution.

On The Old New Thing we are taught that Windows is not a .NET Framework delivery channel.
I have no problem with this, seems reasonable that the operating system is separated from the rest of the stuff, but in fact, this is nothing Windows is known for. In ancient times, Windows used to be just a graphical user interface, and even in the times of Windows 98 it is arguable whether it should really be considered as an operating system rather than as a desktop environment hooking on a DOS kernel. Even if one accepts that the strict separation of frontends and backends is something special to *n*x, while Windows is optimized for the stupid end user who is not interested in how his software works, still Windows 98 had the Internet Explorer and a JVM installed by default. And actually, that was one thing I liked, since I could write software for my friends without them having to install a lot of runtimes and stuff.

And at least under Windows, this has not really changed - when I write software for Windows, then I am trying to make it independent of as much as possible, or if I really have to add dependencies, I will try to make the software work inside Cygwin, which has a packaging system.

This is only true for Windows. In fact, for Linux, it is much easier, since most Linux distributions have a package manager for which I can simply supply a package that has the correct dependencies (as most larger environments are usually part of a distribution). Upgrades and version compatibility are managed automatically by the package manager.

On Windows, there seems to be a central package management (I think I have read about one in the past, but I cannot remember where), but I do not know whether it is only available to parts of the system, at least no other software I know uses it: Most software checks for updates when started. Some software even has background processes getting on my nerves (like the JVM).

Maybe that is due to the fact that commercial software likes message boxes blobbing onto your screen, telling you what software you use and why, even though that gets on your nerves - in the end, the user is there to pay money, his contentedness is just one way to make him do so, and advertising is another.

... can be found here.

I am currently using ext4+lvm, and it is ok so far. It works, is fast and can do everything I need.

I was using zfs-fuse for a long time, but it had major problems with file-locks and stuff (for example, man-db regularly freezed my system), which are, as far as I read, resolved meanwhile, but currently I do not have the time to set up a new system. However, I never had any data loss caused by zfs-fuse, no matter how often it crashed, after reboot everything worked again.

No comparism to btrfs which broke my partition and gave me data loss, after suspending and resuming (if it does not support suspending and resuming, then it should not allow the kernel to shut down - and zfs-fuse even crashed and did not damage anything, even though it is not even a kernel-module).

When seeing the list in that link, I wonder why there is still so much development done with btrfs: ZFS is only about one year older than Btrfs (according to Wikipedia), is stable, there are implementations for many OSes, there is a FUSE-Implementation, and its only problem is the license. ZFS and Btrfs belong to Oracle - why do they not just change the license of ZFS such that it can be added to the Linux-Kernel easily, and use the power of the Btrfs-Developers to enhance ZFS?