hurd_eng

--- Topic for #linux is Next talk: "The Hurd: a GNU approach to OS design Friday Dec 13, at 21:00 GMT Wolfgang Jaehrling | Comments #qc; Spanish #redes; Dutch #taee sarnold wolfgang is going to be giving his presentation about GNU HURD; he first discoveredthe HURD in 1999 and has given several talks on it since then sarnold please direct your questions to #qc, and find dutch translation in #taee; maybe spanish in #redes sarnold thanks wolfgang may i? :) wolfgang i am going to talk about the Hurd, and will explain why GNU develops it, even if we already have a very mature and popular kernel for the GNU system, which of course is Linux wolfgang the Hurd, however, is not a kernel. together with the GNU C library (glibc) and the GNU Mach microkernel, it provides the functionality that traditionally is provided by a Unix kernel. wolfgang these three components together with the rest of the GNU system (which includes gcc, GNOME, etc. and even non-GNU software like X11) they provide a POSIX-conformant operating system. wolfgang at this point, a few notes on terminology: wolfgang the GNU Hurd (or simply the Hurd) is the name for one part of the system. GNU/Hurd is the name for the whole system. you can think of "GNU/Hurd" as "The Hurd-based GNU-system" --> Luiso42 (Luis@199.243.77.79) has joined #linux wolfgang basically, this system works as follows: <-- E0x has quit (Ping timeout for E0x[182stb59.codetel.net.do]) --> manaha (manaha@213.37.56.168) has joined #linux wolfgang applications from the Unix-world (i will call them POSIX-applications) use functions in the C library where they would use Unix kernel-calls on a traditional Unix. these are basic functions like read(), write(), fork() etc. <-- MiTo has quit (Ping timeout for MiTo[cm074-pop12.bbt.net.ar]) wolfgang the C library communicates with the Hurd-servers to implement these functions <-- Telemako (jpardo@231-CORU-X6.libre.retevision.es) has left #linux --> kheb (kheb@200.78.66.187) has joined #linux wolfgang but the Hurd-servers are not special in any way, they are just normal programs. so they can also use the C-library. wolfgang you can think of these Hurd-servers as Daemons. wolfgang we have a server that implements the ext2 file system --> _bvc (~b@M465P001.adsl.highway.telekom.at) has joined #linux wolfgang another one implements the TCP/IP protocol wolfgang we even have a server that just implements /dev/null wolfgang a short note about POSIX conformance: wolfgang some people think that even Windows NT is POSIX conformant. wolfgang that isn't really the case. it only implements some _very_ basic parts of POSIX wolfgang where GNU/Hurd is completely POSIX-conforming. well, module bugs of course :) wolfgang this is a very important point: we are still compatible, so you can use all the free programs you like on GNU/Hurd. at least if they are written somewhat portably wolfgang so, GNU/Hurd is a combination of complete compatiblity and new concepts wolfgang but know about the new concepts: wolfgang oh, wait i skipped something ;) wolfgang i skipped a lot. i first wanted to talk about the history and motivation behind the Hurd wolfgang as you will probably know, Richard Matthew Stallman started to develop the GNU system in 1984 wolfgang the primary goal was to be free; to be superior to proprietary systems morally, socially and ethically wolfgang but it was also a goal to be technically better wolfgang if you compare GNU software with Unix software, you are likely to notice that. Unix software often has arbitrary limits. for example, in many Unix tools, input lines longer than 1024 characters are silently truncated. wolfgang ok, we have a question here: <riel> how about running non-free software on the hurd ? wolfgang it is possible to run non-free software on GNU/Hurd, but i hope nobody actually wants that. wolfgang we are not completely binary-compatble with GNU/Linux, so you cannot use most non-free programs currently. there are some technical reasons why it might be problematic to be ABI (Application Binary Interface)-compatible with it, i can say more about that later if there is interest in it. wolfgang we have another question: <sarnold> well, being able to, and being legally allowed to, are different things.. is the lgpl-ness of glibc sufficient to shield all programs from GPL's "linking" clause (for using the hurd servers)? wolfgang yes, it is enough. you can even communicate with the Hurd servers directly, since you use Remote Procedure Calls to communicate wit them. so there is no linking involved. wolfgang ok, back to the original topic: the arbitrary limitations of Unix programs and how GNU wants to do better wolfgang in fact, the whole design of the Hurd is based on the idea of not imposing arbitrary limitations on users wolfgang so if you have an ISO-image of a cd-rom, you can "loopback-mount" the cd as the user without needing special permission. that is no problem, since the iso9660fs-server will run with your user-id. it is just a program that you started. wolfgang but you can do far more than just that. wolfgang in fact, you can change all aspects of the system as you like. you can create your own world, using POSIX-components where you like and your own components otherwise. wolfgang we have a question: <sarnold> are there security problems with allowing users to modify the filesystem namespace? or is the user performing the mount the only user who can see the newly added filesystem mount? wolfgang there is a lot i could say about that :) wolfgang and he goes on: <sarnold> if so, what happens if two users both try to mount to the same mount-point? (well, that sounds like trouble anyway...) wolfgang i will answer the second question first, as that is easier :) wolfgang you can only "mount" something on a node that you own. so two users trying to use the same node is impossible wolfgang that partially answers the first question even. wolfgang you can only use that in your home directory (or in places like /tmp or /var/tmp of course). but that is not a restriction, since you can also start your own copy of the complete Hurd, so you have your own root file system (which others would not see) which you can modify as you like wolfgang we've got a short interruption here: <Arador> and can you mount something (a iso image in loop device for example) for N users? wolfgang i am not aware of any simple way to do that currently. conceptionally, it is definitely possible if you setup your own authentication server. but that is some work. but it is possible. wolfgang simplifying everything that anyone might ever want to do is a task we will start to work on at some point in the future ;) wolfgang back to the question about security issues. wolfgang since you can put arbitrary stuff in the part of the file system that you own, you might be able to get someone into a trap if he accesses your part of the file system. for example, if you put a file system in your homedir that is purely virtual (think of /proc on GNU/Linux) and creates an endless directory tree dynamically, it might be hard for the admin to remove your home diretory when he deletes your account. ;) wolfgang so he would have to remove all your own file systems first. wolfgang if he does that, all is fine. wolfgang that is a simple fact that you have to pay when you allow users to change their environment. people just need to be aware of the fact that it is possible to change the environment. wolfgang but i guess a person who does not such a basic thing about the system better should not administrate a server with multiple users anyway. :) wolfgang a question: <sarnold> is there an easy way for the sysadmin to prevent users from mounting new filesystems, to prevent someone from doing while true ; do mount ; done ? wolfgang if you start a file system server, it runs as a process of you. so this question is basically the same as "can the admin stop the users from starting a lot of processes". and of course that is possible. it is even possible on Unix to do that. i am not sure inhowfar it is implemented on GNU/Hurd yet, though. wolfgang if want to _generally_ prevent your users from using their own servers, that is very easy. wolfgang use a file system for /home that does not support this. you can create such a file system very easiely. in fact, some people do so by accident when installing Debian GNU/Hurd and then wonder why some stuff does not work ;) wolfgang so, GNU/Hurd tries to not impose limits on the user if that can be avoided. it is worse enough that the hardware is limited, why should we add additional restrictions in the software? :) wolfgang (except for the cases where we _want_ to limit things on purpose for security reasons) wolfgang and there is another very cute aspect of the system: the Unix philosophy says that one should write small and simple programs which can be combines flexibly. that is how it was done in the Hurd; the Unix kernel in fact violates this principle, as it does scheduling, hardware support, file systems, network protocols and lots of other stuff wolfgang that does not mean that the designers of Unix were stupid, of course :) they were actually very clever wolfgang they had to design Unix for computers that were less powerful than a typical calculator is today. so it was simply necessary to do it that way wolfgang in the Hurd, we think that now it is time to rethink these old decisions, since so much has changed since then. wolfgang back than, user-defined file systems were not feasable at all, so nobody asked for it. but today, everywone wants them, and their are various approaches to providing them. wolfgang the GNOME-vfs is one example. KDE's ioslaves are another. libferris is yet another wolfgang all these have something in common: they are doing things in a way that limits their usefulness: you have to write your programs to make use of them. existing programs won't benefit wolfgang and that is the major advantage of the Hurd: we do it at the file system level, so you do not need to modify any POSIX application to enable it to benefit from the features of the Hurd! * wolfgang finds this so exciting wolfgang ok, now some more concrete examples wolfgang sure, we do have file systems like ext2fs, ufs and fatfs. wolfgang and additionally to these stored file systems, we also have network file systems like nfs and ftpfs wolfgang the latter is very nice. you can just do "tail -n 2 /ftp/ftp.debian.org/pub/welcome.msg" and stuff like that. wolfgang some people seem to object to that, arguing "some operations like appending to a file will be terribly inefficient over ftp". that is true, but if you consider that a problem, don't use this feature. :) often, it is useful to have it, though. wolfgang we have a question: <Arador> how does ftpfs handles things such as "password incorrect" or "timeout" to the POSIX applications? wolfgang well, additionally to these file systems, we can also have virtual ones like GNU/Linux has /proc and devfs wolfgang but there is far more than that. wolfgang a server can provide just a single node, like /dev/null or /dev/random. wolfgang and we even have one particular cute one: the "run" translator. (oh, i almost forgot to mention that servers that reside in the file system are also called translators) wolfgang when starting "run", you provide it with a shell command. whenever you open the file where "run" is sitting, it will execute that command, and when you then read from it you will get the output of that command. wolfgang so you can tell it to execute "fortune", every "cat foo" will display a new fortune cookie. wolfgang (that can be used to generate random signatures for emails - or for whatever you can think of.) wolfgang <vegai> wolfgang: in that example, 'foo' is a translator, right? <vegai> the run-translator, that is wolfgang yes, it is the node where the run translator sits, i.e. the "mountpoint" wolfgang all that may be nice, but there are still far more possibilities! wolfgang a translator does not need to implement the file system protocol. it can implement any protocol. wolfgang for example, the IP stack implements the socket interface, obviously wolfgang <sarnold> does the translator run with the privs of whoever ran "run" or whoever performs the read(2)? wolfgang a translator always runs with the priviledges of the owner of the node which it translates (the "mountpoint") wolfgang so the permissions need to be right, as always. wolfgang there is a simple reason for that. wolfgang if iso9660fs translates /cdrom (or /mnt/cdrom if you prefer), then it needs to access /dev/cd0. same for any other file system: if you have an ext2fs on /var, that server needs to be able to write to e.g. /dev/hd0s3. and of course users should not be able to use this directly. wolfgang ok, the last thing i mentioned was the IP stack, which provides the socket interface (and is available at /servers/socket/inet and - if you want to go by protocol number instead of name - /servers/socket/2). wolfgang of course you are not limited to the interfaces that the Hurd uses. you can use your own interfaces, and just use the file system as namespace for the initial handshake between a server and its users. wolfgang just think for yourself a bit about what you can do with all that. i am sure you will be able come up with some nifty ideas. no matter whether they are virtual file systems, single nodes or something completely different wolfgang a question: <vegai> what about language independence? Is C the only choice for coding translators? wolfgang long ago, someone has written a module for writing translators in perl (and implemented one with it). later, i wrote a module that enables you to write translators in Ruby (and i implemented a translator with it, but not a useful one ;-)). wolfgang but in general, a lot of work is still needed to make it convenient to write arbitrary translators in any language. wolfgang i am very interested in that myself, but currently other things are certainly more urgent by far wolfgang so if anyone is interested in working on that, don't hesitate to contact me. wolfgang <sarnold> if you don't mind (heh heh, you must be tired of me :) what tops the list of what needs doing? wolfgang i am not sure if that list fits into memory :) wolfgang well, i think we have some lists online even, wait a second wolfgang a few very urgent things are listed at http://hurd.gnufans.org/bin/view/Hurd/GNUHurdStatus wolfgang we have here a very interesting question: <mentor> AFAI can see: essentially HURD translators/servers provide a service in a different context (processor context, security context, and any other contexts the microkernel maintains); would it ever be considered useful to implement services in such a way that specfic contexts can be chosen for segregation? wolfgang well, translators are far more than that :) then enable you to change your environment as you like (and experienced users usually want to change their working environment to fit their needs better), but sure, the seperation certainly is also a point. however, i am not sure a) how would you propose could be implemented at all, no matter whether in the Hurd or elsewhere, and b) what would be the advantage of that approach. wolfgang ok, then i will just give on more example of a cool feature. and a very new feature in fact wolfgang the new console implementation wolfgang now, we have a console server (a translator) that provides a directory for every virtual console. wolfgang you can attach a console client to it which sends input to the "input" file in the directory of a virtual console, and gets the contents of the display from the file "display" in the same directory wolfgang the client does not need to poll the data from the display: it just requests change notifications, a feature that is provided also by normal stored file systems like ext2fs. that might be quite interesting for implementing an Intrusion Detection System, BTW. wolfgang the nice thing about this console implementation is that you can attack multiple clients to the same server wolfgang so you can work at a computer, then go to another computer, ssh over the network to the first one and be able get your original consoles back - all of them. wolfgang i don't think i need to mention that the console supports unicode everywhere etc. wolfgang i think that the new console is a very nice example for how the Hurd design can be used to implement new powerful stuff. wolfgang ok, now i will conclude by referring to http://hurd.gnu.org/ , http://www.debian.org/ports/hurd , http://hurd.gnufans.org/ and of course http://hurd.es.gnu.org/ for further information. any more questions? * wolfgang could keep talking about the Hurd for several days :) wolfgang <vegai> I'm under the impression, that the current microkernel is limited in several ways, and it's being replaced by L4. What will this cause to the current Hurd? wolfgang Mach was a first-generation microkernel, so it is certainly not perfect. wolfgang indeed, there are plans to switch to L4 at some point in the future, but we are far away from that. the Hurd is cutting-edge even when running on Mach ;) wolfgang for the Hurd, it will mean that it will become better, hopefully. and we will have to change some Mach-specific parts. fortunatly, we depend on Mach-semantics in very few places. * jmgv thinks wolfgang need a breathle ;-) bunny so... bunny GNU/Hurd be part of it ;) bunny #hurd the channel, #hurd-bunny the underground channel ;) sarnold ok, i think it is probably time to move onto our next speaker, xtingray, who will talk about php and flash :) sarnold I'd like to thank wolfgang for his extreme patience in answering my questions :) bunny and me for bringin him here ;D wolfgang we're used to being patient in the Hurd =) jmgv so we will consider this talk finish sarnold I'd also like to that tiri, garoeda, and arador, for trnaslating this talk into dutch and spanish :) jmgv clap clap clap clap clap jmgv clap clap clap clap clap wolfgang :) bunny and me? bunny =( sarnold bunny: yes, thanks to you too :) jmgv plas clap plas clap plas clap wolfgang bunny: thank you for bringing me here Generated by irclog2html.pl 2.1 by Jeff Waugh - find it at freshmeat.net!

`--- Topic for #linux is Next talk: "The Hurd: a GNU approach to OS design Friday Dec 13, at 21:00 GMT Wolfgang Jaehrling \| Comments #qc; Spanish #redes; Dutch #taee`
`sarnold`	`wolfgang is going to be giving his presentation about GNU HURD; he first discoveredthe HURD in 1999 and has given several talks on it since then`
`sarnold`	`please direct your questions to #qc, and find dutch translation in #taee; maybe spanish in #redes`
`sarnold`	`thanks`
`wolfgang`	`may i? :)`
`wolfgang`	`i am going to talk about the Hurd, and will explain why GNU develops it, even if we already have a very mature and popular kernel for the GNU system, which of course is Linux`
`wolfgang`	`the Hurd, however, is not a kernel. together with the GNU C library (glibc) and the GNU Mach microkernel, it provides the functionality that traditionally is provided by a Unix kernel.`
`wolfgang`	`these three components together with the rest of the GNU system (which includes gcc, GNOME, etc. and even non-GNU software like X11) they provide a POSIX-conformant operating system.`
`wolfgang`	`at this point, a few notes on terminology:`
`wolfgang`	`the GNU Hurd (or simply the Hurd) is the name for one part of the system. GNU/Hurd is the name for the whole system. you can think of "GNU/Hurd" as "The Hurd-based GNU-system"`
`--> Luiso42 (Luis@199.243.77.79) has joined #linux`
`wolfgang`	`basically, this system works as follows:`
`<-- E0x has quit (Ping timeout for E0x[182stb59.codetel.net.do])`
`--> manaha (manaha@213.37.56.168) has joined #linux`
`wolfgang`	`applications from the Unix-world (i will call them POSIX-applications) use functions in the C library where they would use Unix kernel-calls on a traditional Unix. these are basic functions like read(), write(), fork() etc.`
`<-- MiTo has quit (Ping timeout for MiTo[cm074-pop12.bbt.net.ar])`
`wolfgang`	`the C library communicates with the Hurd-servers to implement these functions`
`<-- Telemako (jpardo@231-CORU-X6.libre.retevision.es) has left #linux`
`--> kheb (kheb@200.78.66.187) has joined #linux`
`wolfgang`	`but the Hurd-servers are not special in any way, they are just normal programs. so they can also use the C-library.`
`wolfgang`	`you can think of these Hurd-servers as Daemons.`
`wolfgang`	`we have a server that implements the ext2 file system`
`--> _bvc (~b@M465P001.adsl.highway.telekom.at) has joined #linux`
`wolfgang`	`another one implements the TCP/IP protocol`
`wolfgang`	`we even have a server that just implements /dev/null`
`wolfgang`	`a short note about POSIX conformance:`
`wolfgang`	`some people think that even Windows NT is POSIX conformant.`
`wolfgang`	`that isn't really the case. it only implements some _very_ basic parts of POSIX`
`wolfgang`	`where GNU/Hurd is completely POSIX-conforming. well, module bugs of course :)`
`wolfgang`	`this is a very important point: we are still compatible, so you can use all the free programs you like on GNU/Hurd. at least if they are written somewhat portably`
`wolfgang`	`so, GNU/Hurd is a combination of complete compatiblity and new concepts`
`wolfgang`	`but know about the new concepts:`
`wolfgang`	`oh, wait i skipped something ;)`
`wolfgang`	`i skipped a lot. i first wanted to talk about the history and motivation behind the Hurd`
`wolfgang`	`as you will probably know, Richard Matthew Stallman started to develop the GNU system in 1984`
`wolfgang`	`the primary goal was to be free; to be superior to proprietary systems morally, socially and ethically`
`wolfgang`	`but it was also a goal to be technically better`
`wolfgang`	`if you compare GNU software with Unix software, you are likely to notice that. Unix software often has arbitrary limits. for example, in many Unix tools, input lines longer than 1024 characters are silently truncated.`
`wolfgang`	`ok, we have a question here: <riel> how about running non-free software on the hurd ?`
`wolfgang`	`it is possible to run non-free software on GNU/Hurd, but i hope nobody actually wants that.`
`wolfgang`	`we are not completely binary-compatble with GNU/Linux, so you cannot use most non-free programs currently. there are some technical reasons why it might be problematic to be ABI (Application Binary Interface)-compatible with it, i can say more about that later if there is interest in it.`
`wolfgang`	`we have another question: <sarnold> well, being able to, and being legally allowed to, are different things.. is the lgpl-ness of glibc sufficient to shield all programs from GPL's "linking" clause (for using the hurd servers)?`
`wolfgang`	`yes, it is enough. you can even communicate with the Hurd servers directly, since you use Remote Procedure Calls to communicate wit them. so there is no linking involved.`
`wolfgang`	`ok, back to the original topic: the arbitrary limitations of Unix programs and how GNU wants to do better`
`wolfgang`	`in fact, the whole design of the Hurd is based on the idea of not imposing arbitrary limitations on users`
`wolfgang`	`so if you have an ISO-image of a cd-rom, you can "loopback-mount" the cd as the user without needing special permission. that is no problem, since the iso9660fs-server will run with your user-id. it is just a program that you started.`
`wolfgang`	`but you can do far more than just that.`
`wolfgang`	`in fact, you can change all aspects of the system as you like. you can create your own world, using POSIX-components where you like and your own components otherwise.`
`wolfgang`	`we have a question: <sarnold> are there security problems with allowing users to modify the filesystem namespace? or is the user performing the mount the only user who can see the newly added filesystem mount?`
`wolfgang`	`there is a lot i could say about that :)`
`wolfgang`	`and he goes on: <sarnold> if so, what happens if two users both try to mount to the same mount-point? (well, that sounds like trouble anyway...)`
`wolfgang`	`i will answer the second question first, as that is easier :)`
`wolfgang`	`you can only "mount" something on a node that you own. so two users trying to use the same node is impossible`
`wolfgang`	`that partially answers the first question even.`
`wolfgang`	`you can only use that in your home directory (or in places like /tmp or /var/tmp of course). but that is not a restriction, since you can also start your own copy of the complete Hurd, so you have your own root file system (which others would not see) which you can modify as you like`
`wolfgang`	`we've got a short interruption here: <Arador> and can you mount something (a iso image in loop device for example) for N users?`
`wolfgang`	`i am not aware of any simple way to do that currently. conceptionally, it is definitely possible if you setup your own authentication server. but that is some work. but it is possible.`
`wolfgang`	`simplifying everything that anyone might ever want to do is a task we will start to work on at some point in the future ;)`
`wolfgang`	`back to the question about security issues.`
`wolfgang`	`since you can put arbitrary stuff in the part of the file system that you own, you might be able to get someone into a trap if he accesses your part of the file system. for example, if you put a file system in your homedir that is purely virtual (think of /proc on GNU/Linux) and creates an endless directory tree dynamically, it might be hard for the admin to remove your home diretory when he deletes your account. ;)`
`wolfgang`	`so he would have to remove all your own file systems first.`
`wolfgang`	`if he does that, all is fine.`
`wolfgang`	`that is a simple fact that you have to pay when you allow users to change their environment. people just need to be aware of the fact that it is possible to change the environment.`
`wolfgang`	`but i guess a person who does not such a basic thing about the system better should not administrate a server with multiple users anyway. :)`
`wolfgang`	`a question: <sarnold> is there an easy way for the sysadmin to prevent users from mounting new filesystems, to prevent someone from doing while true ; do mount ; done ?`
`wolfgang`	`if you start a file system server, it runs as a process of you. so this question is basically the same as "can the admin stop the users from starting a lot of processes". and of course that is possible. it is even possible on Unix to do that. i am not sure inhowfar it is implemented on GNU/Hurd yet, though.`
`wolfgang`	`if want to _generally_ prevent your users from using their own servers, that is very easy.`
`wolfgang`	`use a file system for /home that does not support this. you can create such a file system very easiely. in fact, some people do so by accident when installing Debian GNU/Hurd and then wonder why some stuff does not work ;)`
`wolfgang`	`so, GNU/Hurd tries to not impose limits on the user if that can be avoided. it is worse enough that the hardware is limited, why should we add additional restrictions in the software? :)`
`wolfgang`	`(except for the cases where we _want_ to limit things on purpose for security reasons)`
`wolfgang`	`and there is another very cute aspect of the system: the Unix philosophy says that one should write small and simple programs which can be combines flexibly. that is how it was done in the Hurd; the Unix kernel in fact violates this principle, as it does scheduling, hardware support, file systems, network protocols and lots of other stuff`
`wolfgang`	`that does not mean that the designers of Unix were stupid, of course :) they were actually very clever`
`wolfgang`	`they had to design Unix for computers that were less powerful than a typical calculator is today. so it was simply necessary to do it that way`
`wolfgang`	`in the Hurd, we think that now it is time to rethink these old decisions, since so much has changed since then.`
`wolfgang`	`back than, user-defined file systems were not feasable at all, so nobody asked for it. but today, everywone wants them, and their are various approaches to providing them.`
`wolfgang`	`the GNOME-vfs is one example. KDE's ioslaves are another. libferris is yet another`
`wolfgang`	`all these have something in common: they are doing things in a way that limits their usefulness: you have to write your programs to make use of them. existing programs won't benefit`
`wolfgang`	`and that is the major advantage of the Hurd: we do it at the file system level, so you do not need to modify any POSIX application to enable it to benefit from the features of the Hurd!`
`* wolfgang finds this so exciting`
`wolfgang`	`ok, now some more concrete examples`
`wolfgang`	`sure, we do have file systems like ext2fs, ufs and fatfs.`
`wolfgang`	`and additionally to these stored file systems, we also have network file systems like nfs and ftpfs`
`wolfgang`	`the latter is very nice. you can just do "tail -n 2 /ftp/ftp.debian.org/pub/welcome.msg" and stuff like that.`
`wolfgang`	`some people seem to object to that, arguing "some operations like appending to a file will be terribly inefficient over ftp". that is true, but if you consider that a problem, don't use this feature. :) often, it is useful to have it, though.`
`wolfgang`	`we have a question: <Arador> how does ftpfs handles things such as "password incorrect" or "timeout" to the POSIX applications?`
`wolfgang`	`well, additionally to these file systems, we can also have virtual ones like GNU/Linux has /proc and devfs`
`wolfgang`	`but there is far more than that.`
`wolfgang`	`a server can provide just a single node, like /dev/null or /dev/random.`
`wolfgang`	`and we even have one particular cute one: the "run" translator. (oh, i almost forgot to mention that servers that reside in the file system are also called translators)`
`wolfgang`	`when starting "run", you provide it with a shell command. whenever you open the file where "run" is sitting, it will execute that command, and when you then read from it you will get the output of that command.`
`wolfgang`	`so you can tell it to execute "fortune", every "cat foo" will display a new fortune cookie.`
`wolfgang`	`(that can be used to generate random signatures for emails - or for whatever you can think of.)`
`wolfgang`	`<vegai> wolfgang: in that example, 'foo' is a translator, right? <vegai> the run-translator, that is`
`wolfgang`	`yes, it is the node where the run translator sits, i.e. the "mountpoint"`
`wolfgang`	`all that may be nice, but there are still far more possibilities!`
`wolfgang`	`a translator does not need to implement the file system protocol. it can implement any protocol.`
`wolfgang`	`for example, the IP stack implements the socket interface, obviously`
`wolfgang`	`<sarnold> does the translator run with the privs of whoever ran "run" or whoever performs the read(2)?`
`wolfgang`	`a translator always runs with the priviledges of the owner of the node which it translates (the "mountpoint")`
`wolfgang`	`so the permissions need to be right, as always.`
`wolfgang`	`there is a simple reason for that.`
`wolfgang`	`if iso9660fs translates /cdrom (or /mnt/cdrom if you prefer), then it needs to access /dev/cd0. same for any other file system: if you have an ext2fs on /var, that server needs to be able to write to e.g. /dev/hd0s3. and of course users should not be able to use this directly.`
`wolfgang`	`ok, the last thing i mentioned was the IP stack, which provides the socket interface (and is available at /servers/socket/inet and - if you want to go by protocol number instead of name - /servers/socket/2).`
`wolfgang`	`of course you are not limited to the interfaces that the Hurd uses. you can use your own interfaces, and just use the file system as namespace for the initial handshake between a server and its users.`
`wolfgang`	`just think for yourself a bit about what you can do with all that. i am sure you will be able come up with some nifty ideas. no matter whether they are virtual file systems, single nodes or something completely different`
`wolfgang`	`a question: <vegai> what about language independence? Is C the only choice for coding translators?`
`wolfgang`	`long ago, someone has written a module for writing translators in perl (and implemented one with it). later, i wrote a module that enables you to write translators in Ruby (and i implemented a translator with it, but not a useful one ;-)).`
`wolfgang`	`but in general, a lot of work is still needed to make it convenient to write arbitrary translators in any language.`
`wolfgang`	`i am very interested in that myself, but currently other things are certainly more urgent by far`
`wolfgang`	`so if anyone is interested in working on that, don't hesitate to contact me.`
`wolfgang`	`<sarnold> if you don't mind (heh heh, you must be tired of me :) what tops the list of what needs doing?`
`wolfgang`	`i am not sure if that list fits into memory :)`
`wolfgang`	`well, i think we have some lists online even, wait a second`
`wolfgang`	`a few very urgent things are listed at http://hurd.gnufans.org/bin/view/Hurd/GNUHurdStatus`
`wolfgang`	`we have here a very interesting question: <mentor> AFAI can see: essentially HURD translators/servers provide a service in a different context (processor context, security context, and any other contexts the microkernel maintains); would it ever be considered useful to implement services in such a way that specfic contexts can be chosen for segregation?`
`wolfgang`	`well, translators are far more than that :) then enable you to change your environment as you like (and experienced users usually want to change their working environment to fit their needs better), but sure, the seperation certainly is also a point. however, i am not sure a) how would you propose could be implemented at all, no matter whether in the Hurd or elsewhere, and b) what would be the advantage of that approach.`
`wolfgang`	`ok, then i will just give on more example of a cool feature. and a very new feature in fact`
`wolfgang`	`the new console implementation`
`wolfgang`	`now, we have a console server (a translator) that provides a directory for every virtual console.`
`wolfgang`	`you can attach a console client to it which sends input to the "input" file in the directory of a virtual console, and gets the contents of the display from the file "display" in the same directory`
`wolfgang`	`the client does not need to poll the data from the display: it just requests change notifications, a feature that is provided also by normal stored file systems like ext2fs. that might be quite interesting for implementing an Intrusion Detection System, BTW.`
`wolfgang`	`the nice thing about this console implementation is that you can attack multiple clients to the same server`
`wolfgang`	`so you can work at a computer, then go to another computer, ssh over the network to the first one and be able get your original consoles back - all of them.`
`wolfgang`	`i don't think i need to mention that the console supports unicode everywhere etc.`
`wolfgang`	`i think that the new console is a very nice example for how the Hurd design can be used to implement new powerful stuff.`
`wolfgang`	`ok, now i will conclude by referring to http://hurd.gnu.org/ , http://www.debian.org/ports/hurd , http://hurd.gnufans.org/ and of course http://hurd.es.gnu.org/ for further information. any more questions?`
`* wolfgang could keep talking about the Hurd for several days :)`
`wolfgang`	`<vegai> I'm under the impression, that the current microkernel is limited in several ways, and it's being replaced by L4. What will this cause to the current Hurd?`
`wolfgang`	`Mach was a first-generation microkernel, so it is certainly not perfect.`
`wolfgang`	`indeed, there are plans to switch to L4 at some point in the future, but we are far away from that. the Hurd is cutting-edge even when running on Mach ;)`
`wolfgang`	`for the Hurd, it will mean that it will become better, hopefully. and we will have to change some Mach-specific parts. fortunatly, we depend on Mach-semantics in very few places.`
`* jmgv thinks wolfgang need a breathle ;-)`
`bunny`	`so...`
`bunny`	`GNU/Hurd be part of it ;)`
`bunny`	`#hurd the channel, #hurd-bunny the underground channel ;)`
`sarnold`	`ok, i think it is probably time to move onto our next speaker, xtingray, who will talk about php and flash :)`
`sarnold`	`I'd like to thank wolfgang for his extreme patience in answering my questions :)`
`bunny`	`and me for bringin him here ;D`
`wolfgang`	`we're used to being patient in the Hurd =)`
`jmgv`	`so we will consider this talk finish`
`sarnold`	`I'd also like to that tiri, garoeda, and arador, for trnaslating this talk into dutch and spanish :)`
`jmgv`	`clap clap clap clap clap`
`jmgv`	`clap clap clap clap clap`
`wolfgang`	`:)`
`bunny`	`and me?`
`bunny`	`=(`
`sarnold`	`bunny: yes, thanks to you too :)`
`jmgv`	`plas clap plas clap plas clap`
`wolfgang`	`bunny: thank you for bringing me here`