-46
File Mutability and Why Unix-based systems are insecure (www.youtube.com)
submitted 5 months ago by InternetCitizen2@lemmy.world to c/linux@lemmy.ml
19 comments fedilink hide all child comments

Not my video. Just felt it fits here for more discussion. Personally I do like the idea of more/better sandboxing for apps.

top 19 comments
sorted by: hot top controversial new old
[-] atzanteol@sh.itjust.works 49 points 5 months ago* (last edited 5 months ago)

That is a collection of some of the stupidest ideas I've ever seen.

From his website:

As far as I can tell OS design for the past 40 years has been centered around drivers. This is what the micro-kernel/monolithic debate is all about. I do not believe in drivers. In the Serene future there will be no drivers. With this insight we can move on to real innovation in OS design.

What does that even mean? This has serious "quack" vibes.

Edit: I just watched his q&a video. He's reinvented DOS. He expects every program to just write their own hardware interface code. 🙄

[-] palordrolap@kbin.social 7 points 5 months ago

Sounds like a TempleOS advocate. Someone out of the 1980s where everything on a machine was integrated and standard across the line. If you stuck with a particular manufacturer. And didn't look too close.

[-] Ramin_HAL9001@lemmy.ml 45 points 5 months ago* (last edited 5 months ago)

I don't understand this guy's argument at all. First of all, he isn't using any shell that I know about, he seems to have invented his own, and the command line arguments he uses are specific to his own shell. He doesn't explain how these command line arguments work in terms of POSIX system calls, so I can't follow along with what he is actually doing. As far as I can tell, these are security issues with his own software, not with Unix or Linux.

If you are worried about file mutability, you can use ZFS or BTrFS or BCacheFS. All of these filesystems have a snapshot function, so if any changes (e.g. file encryption by ransomware attackers) are made you can reboot and roll back the changes, unless the attackers figure out a way to get root access and delete your snapshots. But if an attacker has gained root access to your computer, that is a much more serious issue and not really in the scope of filesystem security or file mutability.

The snapshot and rollback feature also exists in NixOS and GuixOS, where your operating system kernel and all software installed is part of a snapshot that can be rolled back, if the system becomes unbootable, you can rollback from within the GRUB boot loader. Again, all software installation is managed by a service that runs for you at root level so you never need sudo to install software, and the software you install never effects any other user or the operating system. So the only way to hack this is to gain root access and alter the content of the Guix or Nix "store" database with malicious code, but again, root access is a much bigger issue than what we are talking about.

So yeah, the argument stated in this video makes no sense to me.

[-] Lettuceeatlettuce@lemmy.ml 40 points 5 months ago

Yeah, watched a few vids with this guy...not interested. He doesn't believe in FOSS, he talks about Linux, MacOS, and Windows all being dumpster fires, but his solution is to build his own OS from scratch, using Latin...and run it on a Chinese RISC-V board that he is charging people $200 and doesn't open source the hardware or software.

Has hardcore TempleOS vibes, the difference is that this guy seems to take himself and his idea way too seriously. And his defense of why he thinks all modern mainstream OSes are doomed is...nothing. He doesn't give any. He literally says in his interview that, "it should be obvious, if you can't see it, you're just blind I guess." Slight paraphrase, but you get the gist. He backs that statement up by talking about how Discord screen share crashes a bunch on his Linux distro.

Joined his Discord, saw a several people talking about how great Latin is and had a bunch of weird Roman empire theming, idk, just not great vibes.

[-] InternetCitizen2@lemmy.world 2 points 5 months ago

Searched more and yeah its weird.

[-] ryannathans@aussie.zone 7 points 5 months ago

You don't even need to reboot to restore a snapshot on zfs, even on root

[-] InternetCitizen2@lemmy.world 2 points 5 months ago

So yeah, the argument stated in this video makes no sense to me.

I kind of took it that in traditional way of installing things apps can read/write pretty much anywhere in the users home. I also did not follow his shell example.

[-] gregorum@lemm.ee 9 points 5 months ago* (last edited 5 months ago)

OS X (now macOS) and iOS have had app-level sandboxing for the last 14 years, at least since 10.7 Lion/iOS 5.

Nowadays, Apple has even gone to some outrageous efforts to make the OS itself nearly inaccessible to edit without jumping through a bunch of hoops (which, for power users, are simply inconvenient), however there are a few security upshots to this, including keeping novice users from hosing their system by accident.

Edit: this would, of course, apply to any macOS derivative such as iOS, iPadOS, etc.

[-] jkrtn@lemmy.ml 7 points 5 months ago

Better sandboxing would be great. Wasn't there a story earlier in the week that a missing environment variable in a desktop theme erased someone's entire user directory? That shouldn't really be possible.

[-] DieserTypMatthias@lemmy.ml 4 points 5 months ago

Gives me madaidan vibes.

[-] PipedLinkBot@feddit.rocks 4 points 5 months ago

Here is an alternative Piped link(s):

https://piped.video/watch?v=M-HZk9fRnKA

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[-] electricprism@lemmy.ml 3 points 5 months ago

File Mutability and Why Unix-based systems are insecure

Implying that Linux is Unix...

[-] Aradia@lemmy.ml 5 points 5 months ago

He says it's based, not that is Unix.

[-] electricprism@lemmy.ml 3 points 5 months ago

It's not Unix-based either.

https://en.m.wikipedia.org/wiki/SCO%E2%80%93Linux_disputes

On August 10, 2007, a federal district court judge in SCO v. Novell ruled on summary judgment that Novell, not the SCO Group, was the rightful owner of the copyrights covering the Unix operating system. [...] After the ruling, Novell announced they had no interest in suing people over Unix and stated "We don't believe there is Unix in Linux"

https://en.m.wikipedia.org/wiki/Linux

Linux (/ˈlɪnʊks/ LIN-uuks)[11] is a family of open-source Unix-like operating systems based on the Linux kernel,[12] an operating system kernel first released on September 17, 1991, by Linus Torvalds.

[-] Aradia@lemmy.ml 6 points 5 months ago* (last edited 5 months ago)

But on the same links you sent are saying:

A Linux-based system is a modular Unix-like operating system, deriving much of its basic design from principles established in Unix during the 1970s and 1980s.

What difference are between "*-based" and "*-like"? If the meaning are the same then I'm right, if Unix-based means must be like a fork directly from Unix and not just a copy build from 0, then yeah, you are right. And I think based and like are the same meaning.

Edit:
I also found this image: https://en.m.wikipedia.org/wiki/File:Unix_timeline.en.svg

Unix timeline: Unix timeline where Linux is also present

Edit 2:

I just asked to ChatGPT and seems the AI can explain this:

"Unix-like" and "Unix-based" are terms used in the realm of operating systems, particularly in relation to the Unix operating system and its derivatives. While they may seem similar, they convey slightly different concepts:

Unix-like:
- "Unix-like" refers to operating systems that resemble Unix in terms of design, behavior, or functionality, but may not necessarily be directly derived from the original Unix codebase.
- These operating systems typically adhere to Unix-like principles and may incorporate similar features, commands, and programming interfaces.
- Examples of Unix-like operating systems include Linux, FreeBSD, OpenBSD, and macOS (which is based on a Unix-like kernel called Darwin).

Unix-based:
- "Unix-based" specifically indicates operating systems that have a direct lineage or heritage tracing back to the original Unix operating system developed at Bell Labs in the 1970s.
- These operating systems often have their roots in the Unix codebase, either through direct licensing agreements, re-implementations, or forks of the original Unix source code.
- Examples of Unix-based operating systems include various commercial Unix variants such as Solaris, AIX, and HP-UX, which have historical ties to the original Unix.

In essence, while both terms relate to systems that share similarities with Unix, "Unix-like" suggests a broader category of Unix-inspired operating systems, while "Unix-based" specifically denotes those with a direct lineage or relationship to the original Unix system.

So you are right, and they probably wanted to mean Unix-like. But we could still say based as both has some kind of relationship, and that's why Linux it's on Unix timeline from wiki.

[-] electricprism@lemmy.ml 3 points 5 months ago

So far my claims are:

  1. Linux is not Unix

  2. Linux is not "based" on Unix

I've proven both claims using respected sources.

From your reading, the missing clarification you are looking for is "POSIX". Most people don't know what POSIX is, that's why it reads "Unix-Like" for general audiences. If Unix didn't exist another synonym would supplement.

Back to my original point -- the OP, a layman, probably in good faith and though a honest misunderstanding, repeated a false claim that was resolved in a International 10+ year lawsuit in 2007.

It's literally mal-information. But hey in sure your elders think that a Xbox, PS5 and Computer are all "Nintendo's or whatever".

[-] Auli@lemmy.ca 1 points 5 months ago

Well doesn't they just mean there is no Unix code in Linux. It can behave the same without using any of their code.

[-] mvirts@lemmy.world 2 points 5 months ago

Terrible 🙃

Impressive, but terrible.

[-] duncesplayed@lemmy.one 1 points 5 months ago

Reminds me a little of the old Jonathan Shapiro research OSes (Coyotos, EROS, CapROS), though toned down a little bit. The EROS family was about eliminating the filesystem entirely at the OS level since you can simulate files with capabilities anyway. Serenum seems to be toning that down a little and effectively having file- or directory-level capabilities, which I think is sensible if you're going to have a capability-based OS, since they end up being a bit more user-visible as an OS.

He's got the same problem every research OS has: zero software. He's probably smart to ditch the idea of hardware entirely and just fix on one hardware platform.

I wish him luck selling his computer systems, but I doubt he's going to do very well. What would a customer do with one of these? Edit files? And then...edit them again? I guess you can show off how inconvenient it is to edit things due to its security.

I just mean it's a bit optimistic to try and fund this by selling it. I understand he doesn't have a research grant, but it's clearly just a research OS.

this post was submitted on 05 Apr 2024
-46 points (25.5% liked)

Linux

47290 readers
1056 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz