| ▲ | mikewarot a day ago |
| Why is it that every Capability based system seems to be a toolkit for running a single program instead of an OS ready for daily use? Is it just me? |
|
| ▲ | kragen a day ago | parent | next [-] |
| It's just you. seL4, CheriBSD, etc., do not fit your description. Neither did KeyKOS itself. You're presumably looking at research prototypes. |
| |
| ▲ | ratmice a day ago | parent [-] | | I'd also note capros doesn't fit that description either.
I don't know that there were examples that ran more than a single process. That's probably not true, for anything relying on drivers since user mode drivers are basically processes there... but in the way that people might think of a process. | | |
| ▲ | kragen a day ago | parent [-] | | I mean, there isn't exactly a thriving ecosystem of existing software built for CapROS. Right now I don't think anybody even has CapROS itself building. The problem has gotten a lot easier since the EROS days, thanks to Xen, QEMU, UEFI (?), and the explosion of cheap hardware, but it looks like maybe Charlie got sick or lost interest or something? | | |
| ▲ | ratmice a day ago | parent [-] | | Yeah, I did see a email on a capabilities list from him about him no longer working on it because of lack of feedback & wanting to just enjoy his retirement. That was the impression I got. When he had resumed his work on it, I personally had been going through a back injury. I still feel bad that I didn't get a chance to contribute any of the hardware ports and software I wrote for it. | | |
| ▲ | kragen a day ago | parent [-] | | Hmm, do you know when? | | |
| ▲ | ratmice a day ago | parent [-] | | I wasn't able to google it, or find a public link to the email (but it was posted on a public list) so here is some relevant snippets from it. Nov 20 2022 titled CapROS status "When I retired a year ago I hoped to correct some of those issues, but I want to enjoy retirement and not just have a full-time unpaid job.", ... "I am considering just abandoning CapROS. I believe there are some useful ideas in the system, but so far no one seems to have known or cared about them." | | |
|
|
|
|
|
|
| ▲ | wmf a day ago | parent | prev | next [-] |
| A lot of OS projects develop the kernel then run out of steam. It's especially hard for capabilities because there's no established standard like Unix/Posix to copy. Capability OSes are still a research topic. |
|
| ▲ | spencerflem a day ago | parent | prev | next [-] |
| Check out Genode Sculpt for a vision of a workable desktop ! It’s capable of dynamic flows, adding and removing programs, has ports of Chromium and Virtual Box. The devs daily drive it :) |
|
| ▲ | naasking 19 hours ago | parent | prev [-] |
| Capability-based operating systems are sufficiently dissimilar to standard ACL operating systems that ordinary software cannot be directly ported without losing some or many of the capability advantages. Furthermore, they are typically very security focused, and so they they've spent a lot of time researching security-focused interfaces and idioms for end users, rather than just re-implementing the hodge-podge of poorly thought out user interfaces that seem to reintroduce the same security vulnerabilities again and again, eg. CSRF is just the "confused deputy" attack known since the 1980s. I suggest reading some of their stuff [1], it's pretty interesting and accessible. [1] The EROS Trusted Window System, https://srl.cs.jhu.edu/pubs/SRL2003-05.pdf |
