Hi Norman and the whole Genode team,
First, I recognize the feeling that you are enthusiastic about your work and nobody seems to care. And how devastating that can feel.
I know that feeling from my attempt at designing and promoting my authentication protocol that (I believe) could decimate most phishing and identity theft attacks. I got so disappointed at the lack of response that I disabled web statistics so I didn't have to see how little visitors my site got. Now I've more or less given up on it.
Yet every time I see a news article about phishing or stolen (and abused) passwords I'm reminded that I came up with something that could have (helped to) prevent it.
Second, it's hard to create a new platform from scratch. As a rule of thumb, for any new invention it takes roughly 15 years from invention to market-readyness. So far, Genode Labs succeeded where others gave up. Thanks for not giving up.
Third, it's very hard to bring innovation into the IT-world. The IT community is very conservative.
Sandboxing to contain viruses is something that HP-Labs did 15 years ago for Windows XP [1]. Regrettably HP didn't succeed in selling it widely. Just last week, Microsoft has added a sandbox to Win10 in an attempt to contain malware.
An example of the conservatism: I explained some ideas of Genode (micro-kernel, sandboxing, separation, pola) to a 30yo manager of a software development company that advertised itself for writing secure software. He found the ideas interesting but did not want to spend time to research it. Not even reading on the topic. He said it was "academic stuff that eventually shows up in Linux". I couldn't convince him that it might be a good idea to be ahead of the curve. He was risk averse, as are most IT-people. Genode needs to find people willing to take a risk and reap the reward.
Every time I read about crypto malware holding a user or company hostage for ransom I'm reminded that had they used Genode it could have (helped to) prevent it.
I believe there is a huge market out there. The difficulty is getting there. I hope my answers to this mail give some ideas how to proceed.
Now about your goals and questions:
- Widening the audience of Sculpt OS
Consequently, we should improve its ease of use.
For me a 1000 times this.
To me, the learning curve of Genode is steep. The learning curve of (changing) Sculpt is steep too. Although I know most of the concepts of the platform, I find it still hard to develop in. Lately I went deep into changing the configuration of Virtualbox in Sculpt. What should be a few hours took me more than a week. And the result was still hacky :-(
Although there are many examples, I'd like to see them listed from simple to complex, each explaining a concept of Genode, builing on top of the previous ones. It could grow into a Genode for Dummies.
Other wish: please describe how I can enable all kinds of debugging modes. For example, when I make a XML syntax error in an init.config, the app doesn't start but the log remains quiet.
Other example, at one point I added printf-logging to init-components to trace the routing decisions so I could check that my config was correct. It would be great if there was a config option for that.
- Fostering the community spirit around our project
I think you have a nice (but small) community already, with your team ready to answer any question quicky. Just keep doing that.
You've seen my recent write-up on adding a raw partition to virtualbox in Sculpt. I thought of making it a blog so others can learn from it too. (I'm not sure if that example makes a nice showcase of the ease of Sculpt :-).
- Marketing of Genode-based products
I like the idea of cross-promotion between Genode and some companies that use it. Put some showcases on your site. Perhaps with a small testimonial from each company why they chose Genode.
Given the impossibility of convincing (conservative) people why Genode is better than their current system, don't focus on technical details. Instead focus on concrete benefits for (end) users: - safe by design; - protects privacy; - little errors do not become catastrophes; - robust against malware; - no need for regular updates; - updates don't break existing functionality; - easy to use, also for non-computer users (see my dream system below).
- What are your ambitions for 2019?
I still have my wish for running Genode on my server, running a webserver for static and dynamic content. I ran a static web site on Genode a few years ago. It lasted a week until it crashed due to a resource leak, (memory, VFS-file descriptors). I could not debug it, so the box runs Linux again.
I'd like to run a (small) dynamic web site on it. I.e. start with a blog and comments section and private messaging. For parsing I use the a composable parser generator such as the Hammer library [2] from the Langsec [3] community. I think Langsec and Genode complement each other nicely.
I know some hackers (professional pentesters) interested in the idea of a site that's very hard to hack, even if there are errors in my implementation. I'm curious to their findings.
My goal is to get Genode on a server with some VMs for things not yet ported. And get some hackers to pentest it.
- Which areas of Genode would you like to see improved? How would you possibly contribute to these improvements?
Documentation. (I'll tell you my struggles, you improve the docs).
- If you imagine a Genode-based system one year in the future, how would it look like?
My long term dream is Genode on a Desktop.
It has a desktop UI interface, double clicking opens an application in a sandbox. The application has only access to its dependencies and resources like fonts, etc.
However, the application does not have access to the user's files, email, etc., not even network access. It the user wants to open a file, the sandbox detects the application opening a file-browser and an attempt to read /home/<user> and opens a Powerbox. The powerbox is a trusted part of the OS that lets the user select one or more files. Only these are the files that the application can read. (The powerbox is described in HP-Labs paper [1] and other capability security papers on the net).
The user of this system is a non-technical user, say a clerk at city hall dealing with building permits. Their need is to approve or reject building plans. As they get data from the outside, it must be considered hostile. With current Linux, Mac and Windows systems, this clerk needs to make a decision whether to open a certain email or not. After all, it could be crypto-malware. So without opening the email, the clerk must make a value judgement on its contents. That's a mission impossible. Especially for a clerk without IT programming skills.
Genode can help here. Every parser (email, zip-files, photos, fonts, audio, video, etc) run in separated sandboxes, all the user's resources (files, emails, photos, address books, etc) are protected by powerboxes, so if an email contains malware, it can't sneakily encrypt anything. In fact, if the malware misbehaves, it probably triggers a powerbox for a file-open dialog that the clerk did not request. The clerk forwards the mail to the IT-department for analysis.
- Do you have further ideas that would help making Genode relevant at a larger scale than today?
Since you ask about my Santa list :-)
Make it easy (both in documenting) and code support to port exisiting Linux or Windows software to Genode. It could be a preconfigured Noux instance that provides just enough to start the application. It needs /usr, a bit of /etc, a private var and a powerbox to /home/<user>. It needs a NIC environment with a configurable ingress and egress firewall.
Make it easy for an end-user to create separate of these sandboxes for a single application, so the user can create separate mail-readers for private mail, office mail, etc.
It should be easy to port and effortless to upgrade. Upgrades should be build automatically by a build server so a small number of people can manage a large set of programs. I'm thinking user application such as libreoffice, gimp, photo, video, audio, bookkeeping. Software that doesn't need linux kernel access, drivers or distribution packaging specific things.
I love to run a mail-stack consisting of server programs such as postfix, dovecot, spamassissin, DNS-servers, DNSSEC signers, etc on Genode.
Best wishes for the holidays,
Guido.
1: http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html 2: https://github.com/UpstandingHackers/hammer 3: http://langsec.org/