Hacker News new | comments | show | ask | jobs | submit login
Introducing Qubes OS (theinvisiblethings.blogspot.com)
37 points by Kototama 2727 days ago | hide | past | web | 20 comments | favorite

I think there will be more projects like this. Apps running in a sandbox, thinking they have the OS to themselves. The next logical step is to have all new apps written in managed code, and use virtualization for the "legacy" native code.

Come to think of it, isn't it supposed to be the purpose of an operating system: letting programs think they own the hardware? Now they can pretend to own the OS too :)

I think we'll get to microkernels, but through evolutionary steps like this rather than ground-up redesign.

Presumably that would mean that operating systems (at least for guests) could become a lot simpler as in most cases the guest is there for one specialized purpose and doesn't need most of the features usually found in an OS.

Could someone point me at a clear explanation of the difference between a micro-kernel and an hypervisor?

Maybe I need to see something like the Xen presentation at Fosdem again.

Edit: http://www.ok-labs.com/blog/entry/microkernels-vs-hypervisor... is quite ok.

The distinction has never been well-posed, in my opinion. I wrote about it (gulp) almost five years ago here:


Both present "virtual machines" to client code. For that matter, so does UNIX, although the UNIX virtual machine has some very complex virtual instructions, like fork(2), exec(2), dup(2), etc. You can crudely map most software platforms on a continuum of abstraction, with something like Python's implicit virtual machine (which is dynamically typed and bound late) at one extreme, and a bare-metal VMM whose interface is identical to that of the underlying hardware at the other.

Both paravirtual hypervisors and microkernels extend the underlying hardware, and they do so at a lower level of abstraction than what we call an OS. In practice, the hypervisors extensions feel more like hardware (they might include device models, virtual memory translation, and interrupt models), while the microkernel's would feel more like software (providing RPC mechanisms, security models, abstractions like "thread" and "process", etc.).

Even in practice the line is grey sometimes. L4 used to call itself a microkernel; now it calls itself a hypervisor.

Oh, I forgot to thank you, very interesting post.

I'm not an expert, but I'll give it a try.

A hypervisor runs multiple Operating Systems, having each one think that it has access to the whole of the hardware.

A microkernel is one way of writing the kernel of the Operating System, so that each part of it is a separate process, routing messages to each other in a safe manner to get things done, rather than doing direct calls to each others code.

With a hypervisor you wouldn't expect each of the OSes to have any communication with each other at all, whereas with a microkernel you'd expect the different processes to talk to each other a lot.

You can, apparently, repurpose a microkernel as a hypervisor, but I don't know anything about that at all. Presumably the infrastructure is quite similar.

An example for a microkernel running a Linux OS is L4Linux (http://os.inf.tu-dresden.de/L4/LinuxOnL4/overview.shtml).

There is a lot of controversy about the distinction between VMMs and microkernels. A view from the microkernel side is given in http://www.ertos.nicta.com.au/publications/papers/Heiser_UL_...

Yes, the Mach microkernel can host multiple OSs. In practice this is rarely done.

Similar work was done in the OpenTC project (http://www.opentc.net), i.e., running legacy OSs in isolated compartments and multiplex their visual interfaces using a "secure GUI", which labels the windows/interfaces according to certain properties. It also supported OpenGL in the "AppVMs", which is currently omitted in Qubes OS.

The isolation of drivers in separate VMs and enforced isolation using VT-d is definitely interesting. A paper on the disaggregation of dom0 for improved security is http://www.xen.org/files/xensummit_fall07/22_DerekMurray.pdf

"All problems in computer science can be solved by another level of indirection"

Except the problem of too many levels of indirection.

Actually, that one too. Just hide the levels of indirection. Now you have the problem of complex hidden levels of indirection. (Cheating with one's definition of "solved.")

Qubes implements Security by Isolation approach. To do this, Qubes utilizes virtualization technology, to be able to isolate various programs from each other, and even sandbox many system-level components, like networking or storage subsystem, so that their compromise don’t affect the integrity of the rest of the system.

Qubes GUI virtualization presents applications like if they were running locally

Site needs some editing.

:-) it seems there's a news story every day on HN about a new Linux based OS on the market. I do like this one much better than the North Korean one with the lockdown of user freedoms.

It's not exactly a new "Linux based OS", Joanna is a well known security hacker and so if you think about the reasons them you will see that what she's trying to do is a new security computing model for operating systems based on virtualization, just like Google Chrome was a new model for browser security[1].

Virtualization will be huge in the future, probably we will have common desktop hardware with bare metals hypervisors implemented directly on the hardware in the next 15 years or so, virtualization is already used in datacenters, network appliances and used extensively in the "cloud", how will we use it in the desktop is still open, but I do believe the first application will be running legacy application on modern operating systems and security.

[1]: http://communities.intel.com/community/openportit/vproexpert...

So "legacy" = implemented in the 60's and 70's but became widespread in the 90's. "Modern" = implemented in the 60's and 70's but became widespread after 2010.

upvoted that was a good one.

Is it just me or is that using the fedora symbol in the bottom right corner in some of the screenshots?

I hope their server isn't running on this OS because the performance is pathetic

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact