Ubuntu as a SAFE OS (boot directly from SAFE)

I’m wondering about the value to SAFE Network of using Ubuntu as the basis of SAFE OS, or Snappy Ubuntu (see article) in devices such as ePlug.

http://www.forbes.com/sites/benkepes/2015/02/19/canonical-achieves-broad-industry-buy-in-for-snappy-ubuntu/

I’m not sure it’s the way to go, but interested because Ubuntu might gain widespread IoT adoption of Snappy, and how this might help SAFE.

5 Likes

This is really interesting, but I’m not sure how the OS would boot directly from SAFE. You talking about a network boot agent on the target machine that connects to an eplug or other IoT device running Subuntu (SAFE Ubuntu) to install the OS? Then the latest OS copy could download via the SAFE network, but what secures the trust between the IoT device and your machine?

3 Likes

The GUI layer is important for a practical SAFE OS. I think Node.js + HTML5 could be a good common GUI platform for SAFE. I know, JavaScript is considered an inferior language by many, but it actually has potential even for lower level heavy programming.

Interesting. I am keeping a keen eye on these next gen Linux distributions. CoreOS, Project Atom and Ubuntu Core seem to be on to something - a simple core system, taking atomic updates, with containers being central to application distribution.

Secure, isolated applications, which include a basic Linux OS in themselves is an interesting concept. Lighter weight than virtual machines, but far more secure than root installed packages, without messy dependencies - even on the choice of host OS - is attractive.

I suspect Ubuntu Core, Snappy and Touch will converge at some point. There are challenges for secure GUI apps in this environment, but maybe that is partly why Mir is being developed.

It is great to see innovation in this area and it is interesting that MS is even getting involved. Maybe this is a non-Windows play that they cannot ignore.

1 Like

I looked up Mir and it will be good with competition in SAFE platforms. But I think Node.js will be powerful as a high level SAFE OS. Node.js will be able to run on Linux including Ubuntu, Windows, OS X, iOS, Android and more. And on top of Node.js it’s easy to run standard Web technologies such as HTML5.

I think it will be key for SafeOS to allow any number of programming languages. However, I suspect the base operating system would need to be defined, as would the technology to isolate apps from one another.

Linux would seem highly likely as a base OS and containers would seem like a good way to isolate apps upon it. It may be that Ubuntu will be close to what is needed, with Safe net being plugged into it.

Ok, Linux would be good as a base OS. Many applications will run without any GUI at all such as devices for the Internet of Things. And for user applications layers can be added on top of it, including Node.js. I was thinking too high level probably.

1 Like

Nor do I, but essentially reduce the device (PC/mobile) to the minimum required to authenticate, access and boot, making it easier to secure the device. Booting from SAFE then makes it feasible, I hope, to prevent active malware from inserting itself into the boot process and becoming persistant.

3 Likes

I think this is more like net-booting a VM which is located on MaidSafe and then logging in with your MaidSafe creds.
That gets you a “clean” VM (after a 10 minute wait time?), but you’re still running a hypervisor and hardware that is implicitly trusted.
If one has to read a lot of his MaidSafe data, that could get slow. All changes would have to be committed safely, so orderly (and possibly long) shutdown time would probably be advised.

It’s probably easier to simply use a bootable USB stick partitioned in 2 (OS + /home, with manual rsync to one’s MaidSafe directory, if/when it is mounted).

In an environment where USB can’t be used, booting from MaidSafe network would be interesting for quick & simple tasks such as making online payments or checking Webmail, but personally I don’t feel comfortable keying in my passwords on other people’s h/w, so I probably wouldn’t want to use this approach for that.

You just need a way to network boot. Once you have established a network client connection to safe net, you can then download the rest of the SafeOS securely over safe net and continue the boot process. No VMs should be needed.

That’s certainly possible, but why would I want to boot every time from SAFE and then go through the OS update routine (to be on the safe side), and install all the packages that the boot image doesn’t have (or else, download a bloated 2 GB image with “everything”)?

I can do the same (but faster) by booting from a Live CD, or completely avoid that time-consuming activity by installing Ubuntu and encrypting my HDD (or the partition on which I install it).

It depends on your goals and your circumstances, I suppose.

The idea of booting directly and anonymously from a basic, clean image, from a cryptographically trusted source, with nothing more than a connected device is powerful.

Ofc, you may rather have a local version on whatever media you wish, but I think the long term vision is to make local storage redundant.

IMO, a hybrid between the two would be pretty handy to begin with. That us, you use your local disk for caching, particularly for the OS. This would also allow write access for updates/patches.

Also note that with the likes of Ubuntu Snappy and other core only OS architectures, the image is small. In addition, apps are stand alone containers which can just plug in without concern for dependencies or Linux flavour. In short, the OS becomes just a vessel for isolated containers.

As Ubuntu Touch seems to be pursuing something similar and Ubuntu Snappy is following on, I can see how this would be a good fit with Safe net. All that would need to change is the distribution channel - from the internet to safe net.

This is where I see the chicken and egg problem. To access the SAFE network it is necessary to be running a safe client. So connecting to the SAFE network to download the OS would be more than one step before the horse.

Of course, getting that image from a securely-connected SAFE
client would be better than on the net in general, if available.
This is why I see the usb boot as superior. I don’t see a certain way around getting the original boot image from somewhere other than the SAFE network.

1 Like

Creating a thin boot client which can communicate with the Safe network shouldn’t be beyond developers. Other protocols have been used in a similar way in the past (e.g. FTP booting).

1 Like

Yes, I see it that way: To connect to the safe network you need some kind of thin client, and it has to be on usb, ssd or a 3.5 inch floppy disc or whatever :wink: but all the other stuff that makes up an OS, like your apps that utilze the maidsafe network, and anything you need to use you hardware (drivers) and render the content (browser, player) can be loaded from the safe network. Of course you have to trust the party that stored them on the safe network, but this is the same when you download them to store locally…

p.s. I am aware that a 3.5 inch disc is not “floppy”, but what else would you call it?

A relic? :smiley:

A stiffy? :wink:

I used to have a boss who insisted they were called stiffies. She was from South Africa, which I assume didn’t give them the same cultural meaning!

Apparently, she once called our supplier and placed an order. I would have loved to hear that conversation! Lol!

2 Likes

Anyone here aware of the SystemD (SysD) versus SysVinit (SysV) debate?

long story short … SysD is the new kid on the block that integrates (read de-modularizes) linux core functionality. SysD is not easily edited/hacked/fixed. SysD is a red-hat product and red-hat has a lot of NSA ties. Some people think SysD is (or will be) a backdoor for NSA.

SysVinit is a more modular approach and is built on scripts that can be edited/fixed by the user. it has less features/integration, but is has a more flexible approach.

RedHat/Debian/Ubuntu/Mint all have moved or are moving to SysD. Modularity has historically been a key aspect of Linux philosophy, but this seems to be changing.

There is a fork of debian called Devuan [ https://devuan.org/ ], that has been created specifically to stick the the more modular approach of SysV [edited as I typed SysD instead of SysV !!, my bad.].

The sysD conspiracy: https://www.youtube.com/watch?v=GNUGjFzenq4

What do people think about all this with regard to a future SAFE-OS?

5 Likes

I haven’t looked at the video (yet) but as a long term Linux user it sounds like FUD to me.

As far as I know, SystemV is hopelessly outdated and tailored towards '90s style single core processors. Ubuntu gained welcome-to-the-21st-century style speed improvements by replacing SystemV with Upstart 10 years ago, which in turn got replaced with SystemD 3 years ago, simply because it was better.

There is a lot of criticism of SystemD for it not being portable enough, while proponents argue it’s tightly integrated with Linux to remove overhead. It’s a portability vs efficiency discussion. Personally I like efficient software, as long as someone else maintains it. :wink:

This is similar to Ubuntu replacing X with Wayland. It cuts away 30 years of accumulated features to heavily reduce overhead. Barely noticable on modern computers but greatly reducing latency on mobile devices.

Also see http://0pointer.de/blog/projects/the-biggest-myths.html

1 Like