Deploying QNX on the desktop

bridged with qnx.cafe
John Nagle

Deploying QNX on the desktop

Post by John Nagle » Wed May 19, 2004 6:00 pm

QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.

If OpenOffice were available on QNX, it would be a viable
system for business desktops.

John Nagle
Team Overbot

Pete DiMarco

Re: Deploying QNX on the desktop

Post by Pete DiMarco » Wed May 19, 2004 8:57 pm

Previously, John Nagle wrote in qnx.cafe:
QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.
[TEXT DELETED]
Linux is collapsing under its own weight? I thought this was
"the year of desktop Linux"...? :-)

Not that I have anything against QNX, but has it been subjected
to the same level of scrutiny as Linux with respect to buffer
overruns and other security weaknesses? That seems to be what
drives the creation of patches. Has QNX received a security rating
from the NSA (or maybe the RCMP would be more appropriate)?

- PDM

--
+----- Pete DiMarco ------+---------------------------------------+
| Staff Software Engineer | Web: www.ifspurity.com |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
+-------------------------+---------------------------------------+
<< Opinions expressed here are my own, not those of my employer. >>

John Nagle

Re: Deploying QNX on the desktop

Post by John Nagle » Thu May 20, 2004 3:18 am

Pete DiMarco wrote:
Not that I have anything against QNX, but has it been subjected
to the same level of scrutiny as Linux with respect to buffer
overruns and other security weaknesses? That seems to be what
drives the creation of patches. Has QNX received a security rating
from the NSA (or maybe the RCMP would be more appropriate)?

- PDM
It helps that the kernel doesn't handle text strings, although.
of course, "proc" does.

A more secure version of QNX would not be all that hard.
Basically, all message connection opens need to be routed
through a security monitor process that can say "no".
Once the connection is open, regular message passing applies.
This allows imposing other security policies, such as
mandatory security or "jailing" of processes.

This would all be outside the kernel, of course.

Maybe In-Q-Tel would fund something like this.

John Nagle

Bill Caroselli

Re: Deploying QNX on the desktop

Post by Bill Caroselli » Thu May 20, 2004 2:12 pm

Pete DiMarco <peted@ifspurity.com> wrote:
PD > Previously, John Nagle wrote in qnx.cafe:
QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.
[TEXT DELETED]
PD > Linux is collapsing under its own weight? I thought this was
PD > "the year of desktop Linux"...? :-)

PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?

PD > - PDM

Personally I'd love to see QNX replace Winblows altogether.

Maybe, just maybe, QNX needs to have it's security beefed up. Maybe not.

How many QNX viruses has you seen in the last year or two?

Miguel Simon

Re: Deploying QNX on the desktop

Post by Miguel Simon » Thu May 20, 2004 3:14 pm

Hi...

My experience is that QNX is vulnerable to hackers.

I had an embedded data collection system deployed at a remote location,
and a hacker did get access to my system. I could see the hacker's
frustration however. Since the hacker did not know the operating system,
all he could do was delete the bin directory (still damaging the
system). I redeployed the system, and the hacker never came back.


Regards...

Miguel.


John Nagle wrote:
Pete DiMarco wrote:

Not that I have anything against QNX, but has it been subjected
to the same level of scrutiny as Linux with respect to buffer overruns
and other security weaknesses? That seems to be what drives the
creation of patches. Has QNX received a security rating
from the NSA (or maybe the RCMP would be more appropriate)?

- PDM


It helps that the kernel doesn't handle text strings, although.
of course, "proc" does.

A more secure version of QNX would not be all that hard.
Basically, all message connection opens need to be routed
through a security monitor process that can say "no".
Once the connection is open, regular message passing applies.
This allows imposing other security policies, such as
mandatory security or "jailing" of processes.

This would all be outside the kernel, of course.

Maybe In-Q-Tel would fund something like this.

John Nagle

Pete DiMarco

Re: Deploying QNX on the desktop

Post by Pete DiMarco » Fri May 21, 2004 10:48 pm

Previously, Bill Caroselli wrote in qnx.cafe:
Pete DiMarco <peted@ifspurity.com> wrote:
PD > Previously, John Nagle wrote in qnx.cafe:
QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.
[TEXT DELETED]

PD > Linux is collapsing under its own weight? I thought this was
PD > "the year of desktop Linux"...? :-)

PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?

PD > - PDM

Personally I'd love to see QNX replace Winblows altogether.
I'd love to see *anything* replace Windoze... except maybe CP/M. ;-)
I'd almost be willing to see Larry Ellison's ego swell to critical mass
and crush the planet if it meant the end of Microsoft's monopoly. [I
wonder if MS has a department that tracks NG "trouble-makers"?]
Maybe, just maybe, QNX needs to have it's security beefed up. Maybe not.

How many QNX viruses has you seen in the last year or two?
Once a large enough number of people start to use it, black-hats will
take an interest. How many OSE, LynxOS, or TinyOS viruses have you
seen in the last year or two?

I'm not saying that QNX would be as hard to secure as a monolithic
kernel, just that security-through-obscurity doesn't work.

- PDM


PS- FWIW, QNX is my favorite RTOS.

--
+----- Pete DiMarco ------+---------------------------------------+
| Staff Software Engineer | Web: www.ifspurity.com |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
+-------------------------+---------------------------------------+
<< Opinions expressed here are my own, not those of my employer. >>

Robert Krten

Re: Deploying QNX on the desktop

Post by Robert Krten » Fri May 21, 2004 11:13 pm

Pete DiMarco <peted@ifspurity.com> wrote:
Previously, Bill Caroselli wrote in qnx.cafe:
Pete DiMarco <peted@ifspurity.com> wrote:
PD > Previously, John Nagle wrote in qnx.cafe:
QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.
[TEXT DELETED]

PD > Linux is collapsing under its own weight? I thought this was
PD > "the year of desktop Linux"...? :-)

PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?

PD > - PDM

Personally I'd love to see QNX replace Winblows altogether.

I'd love to see *anything* replace Windoze... except maybe CP/M. ;-)
I'd almost be willing to see Larry Ellison's ego swell to critical mass
and crush the planet if it meant the end of Microsoft's monopoly. [I
wonder if MS has a department that tracks NG "trouble-makers"?]

Maybe, just maybe, QNX needs to have it's security beefed up. Maybe not.

How many QNX viruses has you seen in the last year or two?

Once a large enough number of people start to use it, black-hats will
take an interest. How many OSE, LynxOS, or TinyOS viruses have you
seen in the last year or two?

I'm not saying that QNX would be as hard to secure as a monolithic
kernel, just that security-through-obscurity doesn't work.
Easier, in fact, according to Andy Tannenbaum:

http://www.cs.vu.nl/~ast/brown/

:-)

Cheers,
-RK
- PDM
PS- FWIW, QNX is my favorite RTOS.
Me too :-)
--
+----- Pete DiMarco ------+---------------------------------------+
| Staff Software Engineer | Web: www.ifspurity.com |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
+-------------------------+---------------------------------------+
Opinions expressed here are my own, not those of my employer.
--
[If replying via email, you'll need to click on the URL that's emailed to you
afterwards to forward the email to me -- spam filters and all that]
Robert Krten, PDP minicomputer collector http://www.parse.com/~pdp8/

John Nagle

Re: Deploying QNX on the desktop

Post by John Nagle » Fri May 21, 2004 11:45 pm

From a security standpoint, things could improve a bit.
It wouldn't be a huge job to fix this.

- Native networking is totally insecure, so more limits
on who you can talk to are necessary. Right now,
if you can get on the LAN, you can probably take over any
QNX machines on it. If there's a Windows machine
on the LAN, it could be taken over by any of the
usual methods, then used as a backdoor gateway for
QNX native networking. This is something to think
about for safety-critical systems that use QNX
for the safety-critical part but have Windows
machines on the net for non-safety-critical
functions.

- The "can't connect as root" feature in QNX native
networking doesn't seem to work right. It messes up
non-root connections, in our experience.
This is related to all those remote spawning bugs
we previously reported last year.

- The requirement
that resource managers have to run as root encourages
running stuff as root that doesn't need to run as root.
You should be allowed to run a resource manager and
take over some pathname space if the existing
resource managers don't object. For example, if you could
create a directory at some point in pathname space,
you should be allowed to start a resource manager
there. Of course, non-root resource managers
shouldn't be trusted, in the set-UID bit sense.

- Message connections put the burden of security
checking on the recipient. Anybody can initiate a
connection to anybody. That's a bit too open.
One solution would be to check all connection opens
in a security policy process that can say "no".
Small systems might have a trivial default process
that always says "yes", and more elaborate systems
would have a real security monitor that enforced
useful policies. This shouldn't hurt performance,
since it's a connection setup time only operation.

All this is fixable without major changes
to QNX.

John Nagle

Pete DiMarco wrote:
Previously, Bill Caroselli wrote in qnx.cafe:

Pete DiMarco <peted@ifspurity.com> wrote:
PD > Previously, John Nagle wrote in qnx.cafe:

QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.
[TEXT DELETED]

PD > Linux is collapsing under its own weight? I thought this was
PD > "the year of desktop Linux"...? :-)

PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?

PD > - PDM

Personally I'd love to see QNX replace Winblows altogether.


I'd love to see *anything* replace Windoze... except maybe CP/M. ;-)
I'd almost be willing to see Larry Ellison's ego swell to critical mass
and crush the planet if it meant the end of Microsoft's monopoly. [I
wonder if MS has a department that tracks NG "trouble-makers"?]


Maybe, just maybe, QNX needs to have it's security beefed up. Maybe not.

How many QNX viruses has you seen in the last year or two?


Once a large enough number of people start to use it, black-hats will
take an interest. How many OSE, LynxOS, or TinyOS viruses have you
seen in the last year or two?

I'm not saying that QNX would be as hard to secure as a monolithic
kernel, just that security-through-obscurity doesn't work.

- PDM


PS- FWIW, QNX is my favorite RTOS.

--
+----- Pete DiMarco ------+---------------------------------------+
| Staff Software Engineer | Web: www.ifspurity.com |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
+-------------------------+---------------------------------------+
Opinions expressed here are my own, not those of my employer.

Miguel Simon

Re: Deploying QNX on the desktop

Post by Miguel Simon » Sat May 22, 2004 6:19 am

Hi...

So, I have a question: who wrote the QNX kernel? Was it independently
developed?

May be I heard this before, but I do not recall exactly.

Regards...

Miguel.






Robert Krten wrote:
Pete DiMarco <peted@ifspurity.com> wrote:

Previously, Bill Caroselli wrote in qnx.cafe:

Pete DiMarco <peted@ifspurity.com> wrote:
PD > Previously, John Nagle wrote in qnx.cafe:

QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.
[TEXT DELETED]

PD > Linux is collapsing under its own weight? I thought this was
PD > "the year of desktop Linux"...? :-)

PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?

PD > - PDM

Personally I'd love to see QNX replace Winblows altogether.


I'd love to see *anything* replace Windoze... except maybe CP/M. ;-)
I'd almost be willing to see Larry Ellison's ego swell to critical mass
and crush the planet if it meant the end of Microsoft's monopoly. [I
wonder if MS has a department that tracks NG "trouble-makers"?]


Maybe, just maybe, QNX needs to have it's security beefed up. Maybe not.

How many QNX viruses has you seen in the last year or two?


Once a large enough number of people start to use it, black-hats will
take an interest. How many OSE, LynxOS, or TinyOS viruses have you
seen in the last year or two?


I'm not saying that QNX would be as hard to secure as a monolithic
kernel, just that security-through-obscurity doesn't work.


Easier, in fact, according to Andy Tannenbaum:

http://www.cs.vu.nl/~ast/brown/

:-)

Cheers,
-RK


- PDM



PS- FWIW, QNX is my favorite RTOS.


Me too :-)


--
+----- Pete DiMarco ------+---------------------------------------+
| Staff Software Engineer | Web: www.ifspurity.com |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
+-------------------------+---------------------------------------+
Opinions expressed here are my own, not those of my employer.


Chris McKillop

Re: Deploying QNX on the desktop

Post by Chris McKillop » Sat May 22, 2004 6:14 pm

Miguel Simon <simon@ou.edu> wrote:
Hi...

So, I have a question: who wrote the QNX kernel? Was it independently
developed?
Yes, it was written at QNX.

chris

--
Chris McKillop <cdm@qnx.com> "The faster I go, the behinder I get."
Software Engineer, QSSL -- Lewis Carroll --
http://qnx.wox.org/

Bill Caroselli

Re: Deploying QNX on the desktop

Post by Bill Caroselli » Mon May 24, 2004 1:10 pm

Miguel Simon <simon@ou.edu> wrote:
MS > Hi...

MS > So, I have a question: who wrote the QNX kernel? Was it independently
MS > developed?

MS > May be I heard this before, but I do not recall exactly.

MS > Regards...
MS > Miguel.

What do you think the Keebler Elves did befoer they made cookies?

Colin Burgess

Re: Deploying QNX on the desktop

Post by Colin Burgess » Tue May 25, 2004 8:48 pm

Personally I'd love to see QNX replace Winblows altogether.
I doubt that you would. It's like a member of the Ferrari
Owners club saying

"These cars are so much better than all the others. I wish that
EVERYBODY would just drive one!"

Your beloved RTOS would very rapidly be distorted beyond all
recognition, for the greater good...

Plus no-one would change the oil, and they would get the interior
carpets all muddy. :v(

--
cburgess@qnx.com

Mario Charest

Re: Deploying QNX on the desktop

Post by Mario Charest » Wed May 26, 2004 9:46 pm

"John Nagle" <nagle@downside.com> wrote in message
news:c8g40o$llu$1@inn.qnx.com...
QNX has potential as a desktop OS again,
You must be living in an alternate dimension.
now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.


If OpenOffice were available on QNX, it would be a viable
system for business desktops.
Are you on drugs?
John Nagle
Team Overbot

Bill Caroselli

Re: Deploying QNX on the desktop

Post by Bill Caroselli » Wed May 26, 2004 9:47 pm

Mario Charest <postmaster@127.0.0.1> wrote:

MC > "John Nagle" <nagle@downside.com> wrote in message
MC > news:c8g40o$llu$1@inn.qnx.com...
QNX has potential as a desktop OS again,
MC > You must be living in an alternate dimension.
now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.


If OpenOffice were available on QNX, it would be a viable
system for business desktops.
MC > Are you on drugs?
John Nagle
Team Overbot
Mario, your always the diplomat.

Mario Charest

Re: Deploying QNX on the desktop

Post by Mario Charest » Thu May 27, 2004 2:59 pm

"Bill Caroselli" <qtps@earthlink.net> wrote in message
news:c9339q$kgu$3@inn.qnx.com...
Mario Charest <postmaster@127.0.0.1> wrote:

MC > "John Nagle" <nagle@downside.com> wrote in message
MC > news:c8g40o$llu$1@inn.qnx.com...
QNX has potential as a desktop OS again,

MC > You must be living in an alternate dimension.

now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don't have to patch every week.


If OpenOffice were available on QNX, it would be a viable
system for business desktops.

MC > Are you on drugs?


John Nagle
Team Overbot

Mario, your always the diplomat.
LOL, seriously, am I coming out rude? Hum guess I am ;-(

Then it's time for some soul searching. Here goes; about 10-15 years ago I
shared John's enthousiasm, I though QNX was the answer to it all. That the
world needed QNX to solves all of its problem. EXperience showed me I was
completely wrong. Being pretty hard on myself I kind of blame myself for
even entertaining the though... I must have overimposed some of my own
self image over John as if I was talking to myself. As I felt kind of dump
to have think that QNX could become a good desktop.

Windows/Os X/Linux are YEARS ahead when it comes to desktop feature set, etc
compare to QNX.

John; it takes a LOT more then OpenOffice to be a good desktop business
solution.

As for the "don't have to patch QNX every week", the reason is simple there
is about 10% less code in QNX then in Wnidows. Still per line of code I
would verture to say there is less bug in Windows then in QNX.

If QSS company's behavior and pratice would be under the same gun as
Microsoft is, I beleive it would get a LOT more critisism then Microsoft
get. Most probably it would get it's fair share of hater as well.

Imagine this, Microsoft coming out and saying "We have stopped development
of our current OS and will be coming out with a new and improved operating
system that is 100% NOT binairy compatible". Imagine the Chaos. QSS did
this twice for the OS and once for the GUI. I don't recall any headlines in
the newspaper about it...

Post Reply

Return to “qnx.cafe”