[Info-vax] Installing and using GNV - some feedback and questions

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Mon Oct 31 08:54:40 EDT 2016 

On 2016-10-28 01:23:33 +0000, Marty said:

> It struck me the other day that use of the LD disks is similar to how 
> "The New Kids" are using the concept of containers and Docker.  Put 
> everything you need to run an app, or a suite of apps, in an LD and you 
> should not have to worry about the underlying OS stuff (as much).

Ayup, but then it's missing the security and integrity and isolation 
mechanisms also inherently involved in that.  The implementation 
details that actually make those bundles practical and manageable and 
securable.    Whether bundles or LD or PCSI installations or whatever, 
that means automatic startups for the contents of the bundles. 
mechanisms to start and stop server processes, mechanisms to isolate 
lock domains and logical names and other shared resources to the 
bundles, and automatically generate facility prefixes and unique UICs 
(and preferably something far better than the far-too-limited UICs and 
identifiers), and mechanisms to grant the bundles "privileges" or 
resource identifiers or such, and mechanisms to isolate classes of 
system services and network access, and a cryptographic mechanism to 
authenticate and sign and track the activities for each of the bundles, 
either through a VSI channel or through certificates signed by VSI for 
specific developers and organizations.   That signing controls which 
activities the bundle can perform, which ports can be opened, and such. 
 Basically, each bundle gets the GUID equivalent of its own UIC group 
and GRPRV or such, or otherwise gets a jail/sandbox that allows the 
bundle to be the only application on the whole "operating system", It'd 
be nice to have a way for the bundles to upgrade from one to the next 
version without having bundle-specific cruft spread all over the place, 
without having to develop their own and product-unique frameworks and 
tools, and with automatic notifications of the availability of 
upgrades, and (opt in) software automatic upgrades, too.   All of this 
is available now on shipping products, BTW.   None of this is 
considered particularly advanced, either.


-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list