It's a library that is linked to in place of an operating system - so whatever interface the OS provided (syscalls+ioctls, SMC methods, etc.) ends up linked / compiled into the application directly, and the "external interface" of the application becomes something different.
This is how most unikernels work; the "OS" is linked directly into the application's address space and the "external interface" becomes either hardware access or hypercalls.
Wine is also arguably a form of "library OS," for example (although it goes deeper than the most strict definition by also re-implementing a lot of the userland libraries).
So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox, and run it on SEV-SNP. Or take an OP-TEE TA, link it to LiteBox, and run it on Linux.
The notable thing here is that it tries to cut the interface in the middle down to an intermediate representation that's supposed to be sandbox-able - ie, instead of auditing and limiting hundreds of POSIX syscalls like you might with a traditional kernel capabilities system, you're supposed to be able to control access to just a few primitives that they're condensed down to in the middle.
> So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox
If you have to recompile, you might as well choose to recompile to WASM+WASI. The sandboxing story here is excellent due to its web origins. I thought the point of LiteBox is that recompilation isn’t needed.
Looking more closely, it looks like there are some "North" sides (platforms) with ABI shims (currently Linux and OP-TEE), but others (Windows, for example), would still require recompilation.
> If you have to recompile, you might as well choose to recompile to WASM+WASI.
I disagree here; this ignores the entire swath of functionality that an OS or runtime provides? Like, as just as an example, I can't "just recompile" my OP-TEE TA into WASM when it uses the KDF function from the OP-TEE runtime?
I had previous experience with WASM on TEE. Just use the foreign function interface. Remember WASM isn’t native code so you still need other native code to run WASM (such as wasmtime), and you can import other native functions into WASM through the runtime.
Any pure code (WASM or otherwise) that does not perform any input/output is by definition useless. It consumes electricity to do computation and there is no way to communicate its results.
The use case here was to use a KDF function from the TEE, and I assume it serves as an oracle where the actual key material cannot be revealed.
Turing machines have a well-defined input, and output if they halt.
So no, they are absolutely not useless, they are just "single-shot" models of computation. Certain software fit that model very nicely (e.g. compilers), others less so.
It's absolutely trivial to make a very strict sandbox - just a simple, mathematical Turing machine is 100% safe.
The hard part is having actual capabilities, and only WASI (which is much smaller than WASM) helps here, and it's not clear why would it be any better than other options, like LiteBox. Especially that wasm does have a small, but real overhead.
I think that's an OS in the form of a library, like Wine for example. From what I get from the description it allows you to run programs on your real OS and make it see a cut down API to your actual system to reduce the attack surface.
It was a time of post WWII boom and unrivalled economic prosperity. For the vast majority of human existence wealth like that was never offered to regular commoners.
Canada today might be expensive to rent in and buy in, but the quality of life in terms of safety, culture, political stability, nature, and medicine (minus the temporary shortage in health professionals) is still unmatched globally. Canadians who complain about Canada haven’t faced or lived life outside of Canada
> Don’t fall for the americanism of being blind to the rest of the world and thinking we’re the best.
That's not what the person was saying, though. They never implied that Canada is the best, they only said that Canada is a good place to live in, and that people who try to say otherwise (like the parent of this thread) lack perspective. Any Canadian that lived in other first-world countries (except maybe the US) will probably say that in many ways, the other countries can be better than us. We've got plenty of issues, but Canada's still up there. There's some things that are good here, some that need a lot of work - but on average, it's still really good by world standards. There's nothing wrong with saying that we need to improve in many critical areas, but there is in posting ragebait talking about 'true Canada' being long gone, Canada being a failed state and so on, like what you see above and across many parts of the internet.
I think that’s up to interpretation. They said Canada is “unmatched globally”, which I interpreted as a belief that Canada is the best country in the world.
Some of the HN community have lived in multiple places - look where they end up not where they go at the start of their career. Such people don't have to sweat families, health, ...
I find it very amusing the number of 'Canadians' in this thread saying how great a place it is after prefacing the comment explaining they now live in the USA.
Hard to know what accounts to bother responding to these days. This is likely one of them as it fails to offer any worthy substance beyond a barely whined grievance. But I have first hand experience that the things described in this post are absolutely not gone.
I suspect there are agents of lesser minds at work hoping to stir instability. We aren’t swindled as easily as other peoples.
Every province except Alberta is in dire financial states(Venezuela events will finish them off) . We have no gold reserves. In the next 5 years there will be a mortgage cliff for those who bought at the peak. Major Universities are about to be bankrupt.
Canada is going to get very poor soon. These social goods will be gone, and we will be worse for it.
They still have power, they still have food, they still have minerals and other stuff dug out of the ground. They still have water. Unless you think the world will cease being a consumer economy, they'll do ok. And Toronto and Vancouver can take all of the refugees from Silicon Valley when it implodes financially.
Keys are stored securely in a TPM in the sense that a random program has no access to it. They are not stored safely there in the sense that they couldn’t possibly get destroyed. TPM hardware, or the motherboard that hosts it, occasionally fails. Or you might want to migrate your physical hard drive to a different PC. That’s the purpose of backing up the keys to the cloud. Alternatively, you can write down a recovery key and put it in your safe. Personally, I put it in my password vault that also happens to be backed up to the cloud (though not Microsoft’s).
There's also no security in the communication between the CPU and the TPM, so you can plug in a chip that intercepts it and copies all the keys, or plug the TPM into a chip that pretends to be the CPU and derives identical keys.
The TPM on most computers these days is a sectioned off part of the CPU that only talks through channels on the package/die (fTPM). Good luck plugging something in on that.
* zrepl is a great tool, but I think it has a different focus and angle and serves different needs.
* In a nutshell, bzfs can operate at much larger scale than zrepl, at much lower latency, in a more flexible and straightforward way.
* Here are just a few points off the top of my head that bzfs does and zrepl doesn't:
* manage periodic ZFS snapshot creation, replication, pruning, and monitoring, across a fleet of N source hosts and M destination hosts, using the same single shared fleet-wide jobconfig script. Each of the M destination hosts receives replicas from (the same set of) N src hosts.
* Monitor if snapshots are successfully taken on schedule, successfully replicated on schedule, and successfully pruned on schedule, across the entire fleet.
* More powerful include/exclude filters for selecting what datasets and snapshots and properties to replicate.
* Can be strict or told to be tolerant of runtime errors.
* Has parametrizable retry logic
* Can be used not just for backup, but also for low latency replication use cases
* Other aspects:
* bzfs is actively maintained whereas zrepl seems mostly dormant.
* The zrepl codebase is vastly more complex and larger than bzfs; IMO, the designs and abstractions it introduces are more complex than they need to be. For example, building a home grown daemon and secure transport layer is more a liability than upside for a tool like this. Complexity has a prize.
* bzfs is easier to change, test and maintain because Python is more readable to contemporary engineers than Go and because the codebase is so much smaller and more straightforward than zrepl.
* These are just some points. Maybe the most important point is that zrepl is more a monolithic end user app than a building block. I believe it's good to have an rsync'ish CLI for ZFS replication that keeps simple things simple, and makes complex things possible, and enables higher level infra and various UIs to be built on top of that. bzfs aims to be that.
reply