Post by Nobody III
1. I would love to use Genode as my primary OS, but I have been unable
to make sufficient progress for any of my computers. The older ones
don't have AHCI support, Genode's hardware support for my custom desktop
computer is severely limited, and I don't even have any idea what's not
working on my laptop because I haven't been able to get AMT to work. If
you can add support for an alternative method of getting debugging
output (or somehow support my desktop computer's motherboard) then I
would happily try again to setup my own Turmvilla-like Genode system.

Post by Nobody III
4. I would love graphical configuration utilities, but I would consider
them a much lower priority than improved hardware support. I could make
my own utilities, but I would need a lot of help getting Genode to
support my hardware.

Post by Peter Lindener
* Norman wrote: " *Supplementing Genode with user-friendly means to
configure...**Right now, **I use Vim as configuration front end, which is
cool...*"
My thought: One can certainly get a lot of configuration usability out
of a basic, potentially colored, 2D ASCII text document. Not to mention how
much lighter and more portable the (potentially remote) terminal display
can be.
So while GUI tool kits are great for some things, I'd like it if little
headless nodes running Genode (Snickerdoodle <http://krtkl.com/>) would be
just as easy to re/configure. Thus I vote that Genode's next generation
of [ASCII] configuration files are both very easy to read, in addition to
edit with a (potentially augmented) terminal emulation program... i.e.
lets not prematurely jump on the GUI bandwagon, before Genode achieves a
similar ease of configuration using a significantly lighter level of
display / keyboard interaction...

Post by Peter Lindener
given the goal stated above, why not at the same time provide a very
nice set of terminal interaction API's within the Genode framework, that
one can count on as a lower level system resource, such that other light
weight apps that run on Genode can also count that this terminal
interaction API might be made available as shared resource.

Post by Emery Hemingway
For this next year I would personally like to see Genode host more
network services, so more library support, more configuration
idiom, and better support for virtual hosting environments. This is
because I would like to migrate a few services that I manage
myself, and to make Genode binary distribution self-hosted.
Competing with Linux and BSD on performance is quite literally an
uphill battle, but I feel there will be some great benefits hidden
in Genode's IP stack isolation.
On the subject of configuration, perhaps components could export an
XML description of their configuration options over a report
session, and then a generic Qt GUI could dynamicly generate a
configuration dialog? I am imagining that there could be a nice
library to handle both configuration declaration, documentation,
and retrieval.

Post by Emery Hemingway
I of course want to polish up Nix and make it a pratical tool for
other people to start using. My first priority is to modify the
Make build system to build arbitrary library targets and to link
components against external objects (actually just those library
targets, but at arbitrary locations). The second priority will be
to fetch binaries over the network. I am sort of working on the
second right now, and the second can supplant the first, but robust
self hosting is something that I want to be done by early next
year.

Post by Emery Hemingway
My only Linux experience has been with Gento and NixOS, and I
really don't want to accidentally create a distribution with
unwilling maintainers (like me), so as we go forward I want to do
my best to optimize for some sort of modular and anarchistic
distribution model.

Post by Emery Hemingway
If a Nix generated Genode system is going to be embeddable in
another OS, I would want to make the interface sharply defined and
not integrated, that is there would be minimal crosstalk between
the two. I don't know much about what is going on with
containerisation but I think want to try and make something that is
easy to wrap, not externally integrated, if that makes any sense.

Post by Guido Witmond
First, congrats on getting the Turmvilla scenario to work so well.
Please make that easy to repeat for others.
I'll also like to encourage the team to continue on the SeL4 kernel.
Although each of the other kernels, NOVA, Fiasco, etc are probably more
secure than any Linux or BSD ever can be, the fact that these are little
known doesn't offer the confidence that these are actually better
choice. Building on top of SeL4, that has that reputation, could boost
the perception of Genode being a viable alternative to Linux/BSD in the
minds of a larger public.
This year, I'll go forward in my quest to get a web server running on
Genode in production.
- better ways to debug the system;
- removal of the catchall's that hide information;
- insight into process' activities: * where's my CPU being
eaten;
* who's talking to whom, or who stopped talking;
- IPv6; what's a website without it these days;
When that works, I'll focus on getting my Go-lang programs running.
These programs manage private keys and certificates and maintain state
in a sqlite3 database.
With that, my year will be full :-)
In other thoughts, having a throwaway distro like Tails on top of Genode
is a great idea. It would certainly get Genode on the radar of
security-minded people.
However, as I see it, the kernel is the least of the worries. It's the
monolitic nature of Firefox that needs to be tamed. The real power of
Genode comes, imho, from splitting monolitic programs into separate
sandboxes.
The low hanging fruit: split off image parsing into a separate process.
This process receives a stream of data and returns a memory space with a
bit-blittable image that can be copied to the frame buffer.
More challenging would be to break Firefox into more and more smaller
parts with the ulimate goal: Every parser into its own sandbox.
I'd love to see Genode provide the mechanisms and support to make
breaking up monolitic programs easily. That's where it's power shines.
Or am I preaching to the choir?
Cheers, Guido.
------------------------------------------------------------------------------
_______________________________________________
genode-main mailing list
https://lists.sourceforge.net/lists/listinfo/genode-main

Post by Pontus Åström
Hi,
This is my first post on the list and I will try to substantiate some
of my ideas/wishes regarding the future of Genode as requested by Norman.
First, I must say that I still have some trouble understanding the use
case for Genode as a desktop OS. Not that I don't like the idea but I
think this is such an enormous undertaking that a believe might be
like aiming too far or maybe like missing lower hanging fruit. It
might be better to shorten the hops to the future in easier and faster
achievable milestones. Genode then gets truly usable faster, albeit
within a smaller community, but one that truly cares. It also gets
tried in production sooner, which is very important to gain stability
and real user feedback.
One such step might be to make Genode a viable and usable platform for
certain domains within embedded computing. This is a much easier
undertaking as embedded systems not have the same requirements
regarding ease of use and completeness regarding features. The GUI
subsystem goes away and hardware support need not be as broad as for
desktop OSes. I also think that Genode has several additional
properties that are highly sought after in various embedded domains
like responsiveness, stability and power efficiency. These
characteristics should be exploited together with the main benefit of
Genode as a secure and safe OS to gain maximum impact.
I am glad to see that you have found the state machine being a usable
pattern. I happen to believe that it would be very beneficial for
Genode to mostly switch to a fully asynchronous communication paradigm
based on independent cooperative state machines. Such a paradigm would
maybe need some enhancements to the asynchronous communication
protocol to be truly efficient. For instance I believe it might be
beneficial if parameters could be added to signals in a similar
fashion to that of RPCs. I have seen the motivation for not adding parameters
to signals, but I fail to see why the various components shouldn't be
able to donate dataspace for such storage like they may donate dataspace
for RPC call parameter storage.
I checked the loopback example you provided regarding a server
component written according to the state machine pattern. I find it
somewhat rudimentary and full of if then statements. Now the task at
hand is simple so a simple pattern makes sense. However for more
complex components the illustrated approach doesn't scale. I believe
that Genode would gain in efficiency and clarity by integrating a
solid state machine framework supporting UML statecharts to some
degree including hierarchical state machines, It turns out that it not
is very complicated and quite efficient to integrate such a framework
providing decent UML statecharts support. I wont go into details how
it is done, you can check [1] for an elaborate discussion of an
existing implementation of the state machine idiom. Basically a state
1) Abstractions for describing state machines
2) Event buffers for storing queued events
3) Runner executing state machines and forwarding events to the
individual state machine event queues
Neither of the parts is particularly difficult to design. Several
descriptions exists for 1) [1, 2, 3, 7]. Points 2) and 3) are well
described in [1] and should not be too difficult to
implement. According to my own analysis the complete framework QP from
[1] probably is quite easy to port to Genode. For third party
developers like me it makes sense as both Genode and QP are provided
under the same GPL license but possibly not for Genode Labs as they
would have to license QP. QP provides for most stuff required to execute UML
statecharts. In addition one gets a) QSPY, a very
elaborate debugging platform for inspecting system behavior (would
definitely fit well with Guido Witmonds debugging request) and b) a
graphical UML state machine designer which appeals to me as it makes
third party certification much easier due to the higher abstraction
level in a statechart compared to that of raw c++ code.
My recommendation now is that Norman and the Genodians take a deeper
look at the state of the art regarding state machine design and
consider if there is some merit in making use of some existing
frameworks or standards, most notably the UML statecharts standard. I
can of course implement the required functionality myself but I
believe that there is real benefit in having full integration into
Genode to ease integration with built in components. Having experts
taking a look at the various trade offs regarding state machine
framework integration into Genode within the areas of signaling,
execution, implementation patterns and so on also is of real benefit.
Some changes have been initiated to make Genode more secure and less
error prone. I think of the abolition of unnecessary pointers and the
planned removal of global state. These are standard recommendations in
a number of prominent style guides [4, 5]. I would like to see a more
systematic approach to the improvement of Genode. As Bruce Schneier
once stated; "Security is a process, not a product" [6]. With this I
mean that objectives first should be decided. Is security and
safety important? Is it important to gain the trust of people with
little knowledge of Genode internals? If yes to both questions Misra C++
compliance makes sense as it is the standard in the area. A subset of
Misra C++ should then be selected for implementation over time. Rules
not implemented should be motivated very well as to why they not pose
a security threat. Then the rules should be ordered in a list and
gradually implemented and thereafter checked for adherence by tools
like Flexelint. This is the process that some day might lead to Misra
C++ compliance. The same reasoning apply to the upcoming C++ core
guidelines or anything else worth adhering to.
Regarding the upcoming update of the book Genode Foundations. What I
miss in the book is a connection the real code and examples. I believe
that new readers much easier understand and remember how to use Genode
if the connection to code and the inner workings are made
clearer. Here I would take the opportunity to again recommend [1] as a
book that makes this connection very clear. OK, it is easier to describe state
machines but I still believe that Norman could find some inspiration in that
book for the upcoming release of Genode Foundations.
See you at FOSDEM,
Pontus
[1] Miro Samek, Practical UML Statecharts in C/C++, second ed., 2008
(google the title and youÂŽll find a pdf on the first search page)
[2] >
http://www.drdobbs.com/hierarchical-state-machine-design-in-c/184402040
[3] > http://accu.org/index.php/journals/252
[4] >
https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md
[5] > http://www.misra-cpp.com
[6] >
https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html
[7] > http://www.boost.org/doc/libs/1_60_0/libs/statechart/doc/index.html
On Tue, Dec 22, 2015 at 1:28 PM, Norman Feske
--
HÀlsningar,
Pontus
------------------------------------------------------------------------------
_______________________________________________
genode-main mailing list
https://lists.sourceforge.net/lists/listinfo/genode-main

Post by Pontus Åström
First, I must say that I still have some trouble understanding the use
case for Genode as a desktop OS. Not that I don't like the idea but I
think this is such an enormous undertaking that a believe might be
like aiming too far or maybe like missing lower hanging fruit.

Post by Pontus Åström
It
might be better to shorten the hops to the future in easier and faster
achievable milestones. Genode then gets truly usable faster, albeit
within a smaller community, but one that truly cares. It also gets
tried in production sooner, which is very important to gain stability
and real user feedback.

Post by Pontus Åström
One such step might be to make Genode a viable and usable platform for
certain domains within embedded computing. This is a much easier
undertaking as embedded systems not have the same requirements
regarding ease of use and completeness regarding features. The GUI
subsystem goes away and hardware support need not be as broad as for
desktop OSes. I also think that Genode has several additional
properties that are highly sought after in various embedded domains
like responsiveness, stability and power efficiency. These
characteristics should be exploited together with the main benefit of
Genode as a secure and safe OS to gain maximum impact.

Post by Pontus Åström
I am glad to see that you have found the state machine being a usable
pattern. I happen to believe that it would be very beneficial for
Genode to mostly switch to a fully asynchronous communication paradigm
based on independent cooperative state machines. Such a paradigm would
maybe need some enhancements to the asynchronous communication
protocol to be truly efficient. For instance I believe it might be
beneficial if parameters could be added to signals in a similar
fashion to that of RPCs. I have seen the motivation for not adding parameters
to signals, but I fail to see why the various components shouldn't be
able to donate dataspace for such storage like they may donate dataspace
for RPC call parameter storage.

Post by Pontus Åström
I checked the loopback example you provided regarding a server
component written according to the state machine pattern. I find it
somewhat rudimentary and full of if then statements. Now the task at
hand is simple so a simple pattern makes sense.
...
I believe
that Genode would gain in efficiency and clarity by integrating a
solid state machine framework supporting UML statecharts to some
degree including hierarchical state machines,
...

Post by Pontus Åström
My recommendation now is that Norman and the Genodians take a deeper
look at the state of the art regarding state machine design and
consider if there is some merit in making use of some existing
frameworks or standards, most notably the UML statecharts standard.I
can of course implement the required functionality myself but I
believe that there is real benefit in having full integration into
Genode to ease integration with built in components.

Post by Pontus Åström
Having experts
taking a look at the various trade offs regarding state machine
framework integration into Genode within the areas of signaling,
execution, implementation patterns and so on also is of real benefit.

Post by Pontus Åström
Some changes have been initiated to make Genode more secure and less
error prone. I think of the abolition of unnecessary pointers and the
planned removal of global state. These are standard recommendations in
a number of prominent style guides [4, 5].

Post by Pontus Åström
I would like to see a more
systematic approach to the improvement of Genode. As Bruce Schneier
once stated; "Security is a process, not a product" [6]. With this I
mean that objectives first should be decided. Is security and
safety important? Is it important to gain the trust of people with
little knowledge of Genode internals? If yes to both questions Misra C++
compliance makes sense as it is the standard in the area. A subset of
Misra C++ should then be selected for implementation over time. Rules
not implemented should be motivated very well as to why they not pose
a security threat. Then the rules should be ordered in a list and
gradually implemented and thereafter checked for adherence by tools
like Flexelint. This is the process that some day might lead to Misra
C++ compliance. The same reasoning apply to the upcoming C++ core
guidelines or anything else worth adhering to.

Post by Pontus Åström
Regarding the upcoming update of the book Genode Foundations. What I
miss in the book is a connection the real code and examples. I believe
that new readers much easier understand and remember how to use Genode
if the connection to code and the inner workings are made
clearer. Here I would take the opportunity to again recommend [1] as a
book that makes this connection very clear. OK, it is easier to describe state
machines but I still believe that Norman could find some inspiration in that
book for the upcoming release of Genode Foundations.

Post by Pontus Åström
See you at FOSDEM,

Post by Josef Söntgen
Hi everyone,
just before Norman finalizes the roadmap I want to make some remarks
myself. It is always easy to point out single features or even
applications that one might want to have in or use on Genode and those
differ between people. So rather than providing my personal wishlist
of features x y z I want to give some brief insight after using Genode
on a daily basis for a few months (referring to a *slightly* modified
It works incredibly well (stable and fast) for what it is configured,
as long as you do not try anything fancy. You can interactively start
and stop subsystems and change them at run-time. You can also change
the configuration of several components, which makes the whole system
usable and even quite fun to work with or rather on. But at its core,
the system configuration is still static. You have to know beforehand
which component provides which service and you have to route components
(e.g. which hard disk should be used etc) accordingly. By all means, in
some use cases that is a good thing but might be a limiting factor when
considering, e.g., desktop computing.
Ideally, it would be nice if most of the configuration but the essential
one could be done at run-time. Unfortunately, not all components in
question support reporting their state or allow configuration changes at
run-time — we definitely should improve that.
Therefore, identifying an essential core system configuration, that
provides enough functionality to bootstrap a subsequent system might be
reasonable. I know, such a configuration always depends on the use case
at hand but still. For debugging purposes we currently depend on some
kind of interface that provides us with the much needed LOG output. For
better or worse not all machines provide such an interface and that
might limit the application area of Genode — maybe we can come up with
some neat component/configuration that gets rid of this dependency?
Relating to some points discussed earlier in this thread, the lack of
hardware support is for me personally not such a big deal. At the end
of the day it is either the vesa_fb_drv, intel_fb_drv or maybe even a
mali_fb_drv that provides the Framebuffer service. What is more important
at the moment is how the components are linked together. Also, w/o the
help of the community focusing too much an supporting interesting
hardware platforms will probably draw manpower off from more pressing
tasks (I would love to ditch x86 for some “better” platform but I do
not see that happing any time soon). On that account, I also do not see
the current lack of appealing GUI agents as such an important site
— than again I fancy Plan 9 and should probably not raise my voice on
this topic anyway ;-)
So, in contrast to 2015 where among other things stability was the most
prominent field of activity, 2016 should probably be the year where we
try to make the most of the system, by providing means to ease the task
of configuring and integrating a Genode based system.
Regards
Josef
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
genode-main mailing list
https://lists.sourceforge.net/lists/listinfo/genode-main

Post by Reto Buerki
* Distributed Genode
Having a complete Genode system running in one Muen subject does not
bring much benefit as it does not leverage the isolation properties
provided by the SK. Therefore we intend to add support for executing
multiple Genode subjects as a distributed environment while providing
inter-subject communication channels. In order for the Genode instances
to exchange data, the concept of so-called Proxy components as suggested
by the Genode developers will be applied.
The proxy concept uses two components: a server and a client. Both of
them implement a specific Genode service interface and communicate using
a Virual Hardware (VHW) abstraction layer to create a bridge between the
separated components. The following diagram illustrates the concept for
log() -> Proxy:Client -> | VHW | -> Proxy:Server -> Log_Server
For Muen, we will implement the VHW functionality using shared memory
channels and events.

Post by Reto Buerki
Cheers
- reto

Post by Reto Buerki
* Distributed Genode
...
The proxy concept uses two components: a server and a client. Both of
them implement a specific Genode service interface and communicate using
a Virual Hardware (VHW) abstraction layer to create a bridge between the
separated components. The following diagram illustrates the concept for
log() -> Proxy:Client -> | VHW | -> Proxy:Server -> Log_Server

Post by Reto Buerki
For Muen, we will implement the VHW functionality using shared memory
channels and events.

Post by Reto Buerki
* Support for Ada
* Investigate Intel GVT on Genode