> violent religious fundamentalists firing ... cities because of religious hatred
Some tend to be more introspective:
Shahak's Jewish Fundamentalism in Israel picked up on the theme in explaining its pervasive, destructive influence in Israeli politics, the military and society. He noted that substituting German or Aryan for Jewish and non-Jews for Jews makes it easy to see how a superiority doctrine made an earlier genocide possible and is letting another happen now. Shahak called all forms of bigotry morally reprehensible and said: "Any form of racism, discrimination and xenophobia becomes more potent and politically influential if it is taken for granted by the society which indulges in it." For Israeli Jews, he believed, "The support of democracy and human rights is... meaningless or even harmful and deceitful when it does not begin with self-critique and with support of human rights when they are violated by one's own group. Any support of human rights for non-Jews whose rights are being violated by the 'Jewish state' is as deceitful as the support of human rights by a Stalinist..."
Kook was Israel's first chief rabbi. In his honour, and to continue his teachings, the extremist Merkaz Harav (the Rabbi's Centre) was founded in 1924 as a yeshiva or fundamentalist religious college. It teaches that, "non-Jews living under Jewish law in Eretz Yisrael (the Land of Israel) must either be enslaved as water carriers and wood hewers, or banished, or exterminated."
Chief military rabbi, Brigadier General Avichai Rontzki, called Operation Cast Lead a "religious war" in which it was "immoral" to show mercy to an enemy of "murderers". Many others feel the same way, prominently among them graduates of Hesder Yeshivat schools that combine extremist religious indoctrination with military service to defend the Jewish state.
Others in Israel teach the extremist notion that the 10 Commandments don't apply to non-Jews. So killing them in defending the homeland is acceptable, and according to Rabbi Dov Lior, chairman of the Jewish Rabbinic Council: "There is no such thing as enemy civilians in war time. The law of our Torah is to have mercy on our soldiers and to save them... A thousand non-Jewish lives are not worth a Jew's fingernail."
In June 2009, US Hasidic Rabbi Manis Friedman voiced a similar sentiment in calling on Israel to kill Palestinian "men, women and children". "I don't believe in Western morality, ie don't kill civilians or children, don't destroy holy sites, don't fight during the holiday seasons, don't bomb cemeteries, and don't shoot until they shoot first because it is immoral. The only way to fight a moral war is the Jewish way: destroy their holy sites. Kill men, women and children (and cattle)."
...
Though a minority, Israel's religious community wields considerable influence politically, in the military and society overall.
...
How the future balance of power shifts from one side to the other will greatly influence the makeup of future Israeli governments and determine whether peaceful co- existence can replace over six decades of conflict and repression. So far it hasn't, and nothing suggests it will any time soon; not while extremist Zionists run the government, serve prominently in the Israeli army, and -- according to critics -- are gaining more power incrementally.
I mean... let's not throw stones from an equally spectacular glass house.
Provided GrapheneOS is cleared by Google to launch it as an "Android" device. Given the kind of changes GrapheneOS packs, it may or may not meet Android's mandatory CCD (compatibility) requirements.
It's not their own phone. It's an OEM phone that will be supported by GrapheneOS by flashing it. Once you do it, there's no reason to believe it wont have the same play integrity issues that it currently has on pixel devices.
> Domain: I switched to Cloudflare Registrar recently because they offered a lower price ... I don't think Cloudflare really cares to make money on domain registration.
Well, they don't today.
Speaking of "control", it is bad form to keep both the nameservers and registrar with the same company (think takedown requests / account lockout / etc).
> That is why high security systems designed for multi-level security for shared tenants
When you say "high security" do you mean Confidential Computing workloads run by Trusty (Enclave) / Virtee (Realm) etc? If so, aren't these system limited in what they can do, as in, there usually is another full-blown OS that's running the user-facing bits?
> that need to protect against state actors
This is a very high bar for a software-only solution (like a microkernel) to meet? In my view, open hardware specification, like OpenTitan, in combination with small-ish software TCB, make it hard for state actors (even if not impossible).
No. I am talking about multi-level security [1] which allows a single piece of hardware to handle top secret and unclassified materials simultaneously via software protection. This protection is limited to software attempts to access top secret materials from the unclassified domain; hardware and physical attacks are out-of-scope.
There have been many such systems verified to be secure against state actors according to the TCSEC Orange Book Level A1 standard and the subsequent Common Criteria SKPP standard which requires both full formal proofs of security and explicitly requires the NSA to identify zero vulnerabilities during a multi-month penetration test before allowing usage in NSA and DoD systems.
Do you usually publish your hobby code publicly? If not, consider this an appeal to do so (:
> Modern NICs tend to be fairly similar in interface, so if the manufacturer provides documentation, it shouldn't take too long to add support at least once you've got one driver ... For storage, you can probably get by with two drivers
I take that there aren't any pluggable drivers for NICs like there's for nvme/sata disks?
> I take that there aren't any pluggable drivers for NICs like there's for nvme/sata disks?
I mean, there is NDIS / NDISWrapper. Or, I think it wouldn't be too hard to run netbsd drivers... but I'm crazy and want my drivers in userland, in Erlang, so none of that applies. :)
As a fair warning, there's some concurrency errors in the kernel which I haven't tracked down that results in sometimes getting stuck before the shell prompt comes up, the tcp stack is just ok enough to mostly work, and the dhcp client only works if everything goes right.
Erlang! Indeed a crazy idea (in a good way!), and while I'm not normally a big fan of unikernels, now you've got me seriously intrigued :)
I've been dabbling in Erlang and OS development myself, my biggest inspirations being Microsoft Singularity and QNX. The former is a C# lookalike of what you're making, or at least that's how it seems from my perspective.
The readme mentions a FreeBSD-like system call interface, but then the drivers and the network stack are written in Erlang, and, as you've mentioned, run in the user land. Is that actually a unikernel design with BEAM running in the kernel, or more of a microkernel hosting BEAM, with it providing device handling and the user space?
The original plan was BEAM on metal, but I had a hard time getting that started... so I pivoted to BEAM from pkg, running on a just enough kernel that exposes only the FreeBSD syscalls that actually get called.
Where that fits in the taxonomy of life, I'm not sure. There is a kernel/userspace boundary (and also a c-code/erlang code boundary in userspace), so it's not quite a unikernel. I wouldn't really call it a microkernel; there's none of the usual microkernel stuff... I just let userspace do i/o ports with the x86 task structure and do memory mapped i/o by letting it mmap anything (more or less). The kernel manages timers/timekeeping and interrupts, Erlang drivers open a socket to get notified when an interrupt fires --- level triggered interrupts would be an issue. Kernel also does thread spawning and mutex support, connects pipes, early/late console output, etc.
If I get through my roadmap (networked demo, uefi/amd64 support, maybe arm64 support, run the otp test suite), I might look again and see if I can eliminate the kernel/userspace divide now that I understand the underneath, but the minimal kernel approach lets me play around with the fun parts, so I'm pretty happy with it. I've got a slightly tweaked dist working and can hotload userspace Erlang code over the network, including the tcp stack, which was the itch I wanted to scratch... nevermind that the tcp stack isn't very good at the moment ;)
Really cool! Will definitely take a closer look in my spare time.
>I just let userspace do i/o ports [...] and do memory mapped i/o by letting it mmap anything (more or less). The kernel manages timers/timekeeping and interrupts [...]
This is how QNX does it too, allowing privileged processes to use MAP_PHYS and port I/O instructions on x86, and handle interrupts like they're POSIX signals. It all boils down to how you structure your design, but personally, I think that's not a bad approach at all. The cool thing about it is that, after the initial setup, you can drop the privileges for creating further mappings and handlers, reducing the attack surface.
Unless you're trying to absolutely minimize the cost and amount of context switches, I think moving BEAM into the kernel would be a downgrade, but again, I'm a big proponent of microkernels :)
> The kernel I'm involved with (Nanos) has other features such as 'exec protection' which prevents that app from exec-mapping anything not already explicitly mapped exec.
Does this mean JIT (and I guess most binary instrumentation (debuggers) / virtualization / translation tech) won't run as expected?
Reproducible can have a lot of meanings. Nix guarantees that your build environment + commands are the same. It still uses all the usual build tools and it would be trivial to create a non-reproducible binary (--impure).
Not really. Separation from (type 1) hypervisor (or rather distrust of the host [0]) requires hardware support; ex: ARM CCA / AMD SEV-SNP / Intel TDX.
For separation from the supervisor, Android developed a peculiar approach in "pKVM" for ARM where the host (supervisor) is partitioned away from the guest [1].
Both those "separations" is not something Toro provides on its own; the Toro unikernel would totally be under the control of the host, from what I can tell. That said, what Toro (or any unikernel, really) does is reduce the attack surface area, as the (guest) supervisor is pruned to run just one particular application (more code to partition things up will eliminate a class of attacks but may result in new attack vectors [2]).
> Both those "separations" is not something Toro provides on its own; the Toro unikernel would totally be under the control of the host, from what I can tell. That said, what Toro (or any unikernel, really) does is reduce the attack surface area, as the (guest) supervisor is pruned to run just one particular application (more code to partition things up will eliminate a class of attacks but may result in new attack vectors [2]).
Toro does not provides that separation. However, I was having some thoughs about running the user app in ring1 to provide some sort of separation whereas the kernel runs in ring0. However, in that case, we may end up in the current user/kernel level separation of general purpose OSs.
Some tend to be more introspective:
I mean... let's not throw stones from an equally spectacular glass house.reply