i
i'm going to do talk about ten bucks application for gonna i did pretty much
the same talk already you know major safety of the pen and that one
that's the other talk which might be more interesting
and that's panel with this but anyway we have made little bit of the resistance
gonna major so that's and you stuff
sandbox applications for brno
so let me first introduce a we are
so i'm gonna paddling and i one of the guys to behind system the project
and actually have to more people that that's kind of us and that you cut
and if of course everybody here actually we're pretty much and we all work together
and system you project system the is a little bit like it used to be
just a minute system but grew a little bit and that's perspective what supposed to
be a nowadays this little bit like the basic building block to build an operating
system problem so brings a lot of components are probably not too interesting for deaf
a test on france but it does cover lot of ground that is relevant for
the desktop then
going back to the actual topic this is about the actual applications we think
linux needs a strong way how we can do access
and we believe that much of how that's implementing needs to live in the lower
levels of the stack because we believe that the concepts the basic building blocks but
use there should be kernel things rather than just something that is created user space
right so the isa nation for example for the extra sent boxing part is something
we believe is to be in the lowest level which kernel object and not just
something that is boulder to boulder top and not part of the actual
so only general goal of the system the project it that we want
you know or in the more general case linux do we the modern general-purpose alas
we believe that acts on absolutely crucial part of it i mean nobody use an
operating system for the purpose of using an operating system people use an operating system
because they have to do to achieve something that actually interesting for them so how
do you choose that because you run some apps the do what you want on
the rating system and hands operating system is just the thing that should be there
and work for the apps and the apps environment is actually the most important thing
we probably have enough
so if i talk about by the way i know is be very far to
give any is just with that is sure not that's the down if you have
any questions totally interrupt me right away i would tell you prefer this becomes more
of a discussion and just me talking stuff so you have any questions totally drop
me i love that
so we are talking about apps what actually a wraps so from our perspective from
the coming from the lower levels of the stack apps or sandbox use applications ship
in a single file crap no privileges for execution which table a P R S
and reliability reliable testability so
take this apart sandbox to use application so this is about use applications first of
all so it's not about i don't know running apache on my server because that
a service that will really only talking here in the centre that's of use application
meeting firefox mean game all these
sent boxed mean that there is isolation
of the have towards operating system so that
what we have does cannot be exploited and the attack as cannot get access to
the rest of the operating systems of
so that nothing from the operating system leaks into the apple in the other way
around to that nothing from the apply to the right
ship in a single file or at the something then we are really interested in
so that it becomes easy handling apps because right now on linux have so usually
ship in our P M or something like that and they distribute file all over
the place in the file system
this is not the i don't think that particular useful or friendly way to do
what we want is that people can considered have
and something like and could attach to it to tell you know right so that's
just one file and that's all you need and we'll just work
other operating systems that's have little bit something like that for example macros you have
these you have folders and that case that's or would you feels a little bit
like a file isn't but we actually wanna go for one
at
in one
no privileges articulation which is very important after all this is about user stuff right
so users stuff should not require privileges of all of the operating system to run
this is systematically different from anything like R P M that existed before because and
R P and to install an R P and you need system privileges and in
because R P M's also powerful you can like there's no way to distinguish and
an R P M
well them and package for the matter that interferes was the closest with the operating
system and are him that actually really just a matter
so it is absolutely crucial event no privileges for the installation for the activation
and then the next thing is stable at arts which i think is probably the
most complex thing of them all we in linux are keeping stable at arts i
mean there are different
api surround and some of better than others like for example currently you know it's
usually pretty good it's not perfect but it's pretty like you have a chance of
being able to run stuff that was written against the currently pi for from the
nineties and will still work on the current linux kernels not everything will the best
channel
gonna has not been as good with that like i don't know a can on
one applications don't work on three that a lot of reasons for the for that
and i think it's a good thing that is that way that we can make
a T I but it is a substantial problem for sub pop members if they
if they wanna one right that application they don't wanna constantly be caught in that
cycle that we have that is really fast and updating right
so we need some say it to do need to do something about that
and reliable testability means them
well let's darla most a stable areas for us it also means that
the differences between the best distribution or minimise
because currently the distributions all to in mass of ways for example
one of them my favourite examples this is there's on the door and row systems
insist directly called use a lib X like which is something where you're supposed to
put internal binaries
at least that's how most people understand it and this directory only exists like that
of the door and row and nowhere else
what is that
well a to make there's a lot of things but they with it know what
do use all the mug like that i mean all the make and stuff like
mark home and things like that like the com the and things like that i
wouldn't blame all make for that i do planned route for that right at that
i mean we don't follow the gonna world all anyway
i mean if we did than everything would and then use the local right
i don't know it is i think because this is recorded we probably should if
we have discussions to that with the with the
anyway i think it's a i personally blame more room for door and browse that
it's in the fedora packaging policy that should be you right also it i mean
it that's kind of cool about this thing out because then we are to blame
we as the door but other than everybody else
but anyway this is that's a speciality we got this house came into existence at
the speciality of the door and well and it makes things difficult because depending on
how which operating system you compiled stuff for sixty to be light out that way
and this gets worse and worse and worse i mean for example some them distributions
you system the others use up and it's kind of things many of this we
will never be able to do however we need to think more about unifying the
A B A V I you're operating system and we need to make sure that
we somehow even with we are incapable of all with guaranteeing our
main supportive at i am to be stable we need to stop somehow make it
possible to relatively easily run all that with the labia
reliable testability that means
what is absolutely i'm horrible for third party application mentors who want to write software
for linux is that's because there are so many distributions and because there are so
many different ways to run them because they you always have a different set of
our cans and so on it is incredibly difficult to actually systematically test a software
against that right because i mean linux kind of provide the same at eyes and
all the distribution regardless of you run then you know if you run ribbon to
if you run so door organ two whatnot they don't have the same at the
eyes however if you actually want to test against that and it's not sufficient that
they provide the same in the eyes you need to also know that the work
exactly the same and it is it like a test metric explodes by if you
multiply that by the and different distributions and the different versions of the distributions and
the different architectures and things like that which is like for project like firefox they
can still do that for a couple of distributions but as soon as us you
only all this little application developer and you wanna know that your stuff works
how you should you ever i mean it would basically require you to install any
fedora version you wanna test again with many every woodworking and then you testing
yourself so we need to do something that
to make testability easy a
like reducing variables and the whole equation
so
this of course
means we need to ask yourself what the purpose of R P M's and that's
and well we wanna cheap all that
rbms and that is already mentioned that something is installed only by road
eleven a common name space mentor at have
i can have access to all kinds of mentor at art because they're basically unrestricted
and they have this huge task metrics
so
we don't wanna get rid of our cans adapts or anything like that right we
saying they're really useful things but then not useful for actually packaging set up use
that because they have way too much power so what the way we see it
is rbm that's fine that's how you build you operating system but it's not what
you actually then run on top of that operating system that's a different for one
that does not have to deal with all the problems about that's that
so
so
our teams that's a primarily focused around distributions a single provide able to test out
of programs this is something about
but then strands they can R P M's because they have so many so many
i'm dependency specifications for example would you expect that the name space of the dependencies
expressed in the R P M's or something all of the unified name space right
like if somebody depends on a library by the name look for something then you
need to maybe make sure knock in that this lip foo mead exactly one library
not another one however lip food that is very generic name so everybody might a
have something different that even if they have the same like the end of the
name they might have it in the different avi
so are can that's a fine but the and apply that that's only one when
they're in and how to manage the and i a name space and provide every
single R P M with you as soon as you depart from that and you
have multiple but then as in the game not everything coming from for door and
then our peons at the and that's a really
strange things because the name space clashes
so that's on the other hand should be the opposite of that right
we want people to have many sources on the and we want to make sure
that you know there can be multiple providers of that people can compile there and
just provide them on their website things like that and we want to allow them
that this can be untrusted code because this is like the next thing if you
have a distribution the makes then
you do trust the distribution to a certain level and then expect from the distribution
that it will actually take the code from the various applications look at them figure
out that they're the codas okay didn't do anything evil will package it from you
so that you don't have to trust every single act developer and you can instead
of just trust the distribution of the whole as soon as we go to the
apps model where we wanna have lots of energy and this becomes much more of
a problem because suddenly if you get everything directly from them and that you have
to press every single one of them and that's a lot of cost now so
this is a problem but it's a problem then we can deal with technical solutions
by making sure as mentioned with the sandbox thing that even if you don't trust
that and then are so much that whatever you can do with the system isn't
too bad actually break
so apps
and the key feature that they have isolated from the surrounding those west and are
and you the private data for security reasons for a pi stability reasons testability reasons
building we
and that's an exception with extensions
so the isolation from surrounding los it's like the key thing here we want to
make sure that if you install again that game does not can access the address
book
and if you install i don't know
it what rather it should not get access to your friends list on the on
the with pitch and these things like that this it's like this is something that
we did not have a it never had on a non unix it's isolation all
the ads between them that you run on the same user id on unix classically
access control is
exclusively a user right as soon as you have some code that runs it as
you use the get access to everything you have and that it's just i mean
is a little bit of a
so it's about that the reason for that is a security reasons but also as
mentioned we wanna isolating from the from them
so running O S what api stability reasons right because i'm currently if you have
packages software you see the and I P R A S R P M's if
you if you see the entirety are operating system and that is a bad thing
right you need to make sure that that's the at actually only see that was
a P R is the jeans table
and the and then supportable but do not see anything else and do not end
up pulling in blinds dependencies that you cannot see like for example this the problem
think about G stream alright this tree might has a stable api if you application
pulled that in that's totally fine but you create a lot of problems but because
i just you meant based around a plug ins
so these individual plug-ins are content like eyes of G stream of so you would
think that wouldn't mind and that wouldn't be a problem however ultimately these plug ins
will pull in other libraries and those i and we have position that they do
not have any stable that yet very frequently like for example i usually
so anyway this means we need to somehow isolate the operating system so that the
not some dirty code running on the operating system can you can to the at
and not some stuff you don't want from the at and you get to the
house
the colours thank X exceptions for that
which are extensions like stuff that really extends existing software for example can i'm shelley
have javascript extend for that is very different thing because it will actually it must
a be able to run in the same sandbox and same context as gonna shell
itself so which means securities is very important but there are some exceptions where we
actually kind of
take benefit all that secure
so i already mentioned that we want on level oscillation we want this isolation that
we need for reasons of api stability testability and am security we want that on
the kernel that
why do we want to work on level first and foremost for the security reasons
because
decreases a complex thing where there's so many different things like ice a linux and
capabilities and blah it stuff that people shouldn't think about it stuff that
i guess leaks into quite a few so subsystems i don't know it's a lot
this process man was use them and all these kind of things if we ever
do isolation excuse them in user space and have user base components to this then
there's no way how this can be integrated with all that stuff that we really
don't wanna care about but need to have
so for us it's really important that everything that is enforced is kernel estimation
and this is all the something we one was no apps solution we want something
that is three is community based so we want something but is not bound to
one single at store but it's something that people can set up their own after
this that want to and is men diagnostic so that not only i don't know
it it's not supposed to be something that where at had set up a naps
don't nobody else can take benefit of that it's supposed to be something where everybody
can send a napster and people can even
i have not around so it's supposed to be something that truly free and the
way how linux itself
so
this is so for a little bit about this other do one and recharge about
security about them free nice about a couple of other things the next part of
the slide focuses mostly on how we think we can get that we have been
working on a couple of things already we group everything that we wanna do than
nine steps it's a lot of work is likely to happen tomorrow or something like
that but we have a lot of things already encode another couple of things we
have like sort about and have plans about but until we have the full thing
the egg
how
but
we think is actually necessary to make linux i'm strive as an echo system because
quite frankly it's and
possibly hard to write good at the linux simply because you can distribute them
so any questions to this point you got to thirty drop me if you have
questions
that's question
the microphone
mike
i don't know it's like it's casey and maybe it is
if i have like one machine shower by Q people
so like it would be very nice or write it installs it's a two people
in the same itching would i just all insane a like a right so i
mean it is our mission and like a part of our mission statement is that
use like a should be able to install these apps without requiring privileges but that
does not mean that that's the only way how outside still so far example administrator
could just drop something into the system and every user
so it's just about that we want to allow users to do this with our
break fine
from that minutes
but administrative
if you any application use just the single file what about shared libraries
that's a good question will probably come to that later though that is available
no anyway i mean so far it's just about the mission statement why we believe
this is necessary and how what we think that's all should be providing the nine
steps a bit about the technical implementation of things but anyway i don't see any
for the question so let's just proceed with the technical stuff there is one way
okay
minimal mobile applications come in a client server the version of all the usually internally
and the just is a is a gift that scene out so we stopped things
or what we only focusing on
single a single focus
so this is explicitly about use that's right use that's meaning apps of the use
themselves like the end user himself plays around was it's not about so i think
much of that stuff that we had designing here will ultimately be useful on the
service well but this clearly out of focus for the stuff that we collapse here
okay thank you
okay
but nine steps
that's all the questions right now right okay so the first one that we currently
working on this is make E D that's work i can us is approach that
is kind i have been working on together with donny american great crop couple of
other it's a
the part of the class people system for this it to the crown the us
i hope you all know is like this i can see this really basics thing
how process can talk to each other since this is about processes talking to each
other we believe it is absolutely essential that this core component is aware of sent
boxing meaning that because we need to limit what apps can talk to we need
to have the send boxing right in the i see so for us because we
again want all these things to be enforced by the kernel it is absolutely essential
that we make at once where
katie was work where the other thing is because we believe that the katie basically
was in general is like a really nice way how communication out and of the
sandbox can work
so it is far as important that's if we want to
it katie less or do that's to be do single i'm interface in and out
of the sandbox you need to be capable of actually exchanging large amounts of data
with that because i mean it suppose with the one and only thing i don't
know that sandbox the need to be really good and cover all use cases that
we need from the now he was classically is not useful for exchanging
substantial data it's focused and that is in the resume some statement only in control
data right short message call which will parameters
if we wanna make it like the single thing then we should be able you
do also use it for exchanging things like J peg file document file or anything
else
so for us this meant if we wanna have to be device the central i
think we need to get sex sixty thing first that sent boxing things like that
the current state of katie that's is that we have a lot of carrot and
it kind of works but we have not like it's part of the system you
project like the user space part of the system the kernel space part is kind
in a repository
we're not far from actually making a work altogether what basically the last missing made
a missing sync for us this is that we actually port system the in its
entirety to the U I P i just that katie bells and that's this but
and provide which is basically i mean it that something so difficult it's just a
lot of work like moving from one like that
we hope that this that we have something really presentable like putting up an entire
system was and look at less and by the end of the year you have
submitted to talk to linux company you about katie us so and i better have
something presentable by then so that's my way to get
push on that so that we actually have something
so much about katie but it's a huge project it's going to be awesome because
it's we finally get a really good i can see you know linux that is
far that is provide everything we ever wanted from sent boxing to the broadcasting to
activation
that was step one step two is we want this accent porpoise build only next
negative second see goods become abilities
so i depending in like if you if you ever that was the lower levels
of stacking them that
then the next name is basis second see good together but it is something you
might have run into suffice to say these are very generic tool that the kernel
it provides for isolating and then men do like that bows than any kind of
what the what them a certain set of programs can see but also in what
they can do
and well these are completely generic we need to make them very specific for somewhere
for the axes case just like that if you use linux the name space second
figured it abilities you can build anything out of it you can secure service and
whatnot but to actually match the don't absent boxes and we need to use it
one very special way of course name spaces and stuff like that
this also like to look at that stuff which where they name spacing is built
in from day one right now
couple of things about this i'm really interesting like for example was a single stuff
we want that every act runs inside of a C group so that it we
can put results limits on them so that know how can bring down the system
but this has a lot of interesting effects of beyond that as well because it
suddenly allows us to manage runtime apps in a way that only androids and mitra
when these kind of things could for example and that we give the foreground at
the boost in terms of us if you know and we can even like the
background have gets them like a medals for time accuracy and we could even freeze
the background apps this has been done in minutes before for things like memo had
something like that but with this model if we if we have the definition of
apps and we suddenly have all these options open where we can make use of
define some things the net effect of all of that is a separate it that's
a little bit more robust but primarily about them how management
so and in the field little bit nice of the foreground up gets more secure
right
so second per se M sandbox as we have the
part of this is actually
is something that john
cost
in the past we've for those two but you a little bit disappointed with the
results we believe what is essential for this actually that we get a strict a
file reich specification for this
i mentioned this before was a lib X thing if we want to make this
happen that these send boxes can work on every machine then we need to make
sure that the decision machines do not
no and all sorts things and different directories all the time but we also need
to kind of give the and developer and idea how he himself was supposed to
places data so that it does not clash with his operating system or any other
operating system that followed these guidelines this is a complex thing because there's already and
then F H S round which is tries to standardise how the entirety of unix
works for this at stuff we probably need to reinvest get that you get that
and that topic and focus exclusively on what acts use that sun lit apps what
they need
this is not a job for necessary so much from brno and sell but it
is actually job for the entirety of the minutes well that they actually accept that
the differences on minimised and that
fedora stops doing that something's we got back second and some
yep
and that this is something very important that we currently all distributions actually take you
know and acted differently right if you if you have a you know money want
to and will not use the backs of if you have the same good on
for dora it will use look back second that's a big problem because it's on
the average thing is looks differently so while i sing that them the distributions need
to fix the issue it is there's also something for can on to do like
you know the release team or somewhere like that have to define exactly how the
finals all located i have placed how the avionics look on the a different operating
system is going to be top of course we don't have anything like a certification
system where you could actually for these kind of things but it's still it's of
major importance that this is clearly community can communicated to the to the distributions that
they stopped doing that and saying if they wanna have something that is compatible what
is with you know right you know needs to document this is how you package
it and you don't targeted anyway else and if you don't acted that way then
you out of the game and you have no compatibility with what we that so
it's something to fix for the distributions but they need to do it according to
the recommendations and then top language that you know needs to use the whole thing
by the way if you have any further questions that question
but that's the mikes coming
but
once we and needs basis and this E groups a would it be possible to
enforce and find a higher he by and my name spaces
so when i speak of nice basis you this usually applies to filesystem name spaces
but name space design and they sent to isolate sings big thing they cannot be
used in for anything right and also it's a different thing like for example what
the apple inside of the container does is relatively relevant like they have more freedom
than operating system has because the apps are not at i operating system however is
so it's them we will not be able to enforce much i mean i'm sure
that the operating board of going home could supply tool that can linda the operating
system make sure that a big part of the right up writing i am the
bright if you guys could even and provided tool that you can run on a
nap to make sure that at does not put something in a place where would
clash with what operating system with like
but some boxes not really to for
there is the question
chance
use
sorry i didn't get the question i was wondering what usable at a distribution not
just to do knowledge
well might make sense but i don't think that really matters too much for the
F stuff because
i
in the libraries all the it's a good question actually but
well you do you do read the file see
but i mean it's a so what kind of thing is that is that there
that this is about using traps right and i highlighted the cover that once already
so it is not essential like that the stuff that is required only prudent stuff
reason why the old distribution still have that split off
it's not necessarily navy either the apps need so it's not of that but maybe
there's a little bit of chicken we hope you have to the some of tools
could
probably simply we need
we don't is late
to
absolutely and stuff
yep
okay so i think it's a problem but i don't think it that
okay any best
i'm assuming that the new strict fell hard specifications something that we all want but
has there just be not planner just get everybody like at ian X F C
E in a moment at the end and so you say all together and to
say okay let's came out the specs here "'cause" it seems like it sort of
a pipe dream we don't have a plan about where to go with it i
just get everybody on the same page you know you know what they say about
committees and standards i'm not sure that will work that way i don't know we
should get the right people involved absolutely i don't think we should get everybody involved
because then you get all should i mean if you as soon as he'd like
for example if you if you include on the but are people they will fight
for the backside anything to the other with hated so
actually a lot
i got like ten minutes of the right
okay so let's you we can have discussions about all this later on so let
me i'm still it but that step to let that go for the other seven
steps in the next ten minutes
the next thing is that it but we want something called portals and portal to
something that the time or something we came up with a to access than and
brussels early this year it's supposed to be something how apps can interface with each
other without having to know about each other it's a something that's probably going to
maybe based on top of katie but it's a very interesting technology so it's basically
something that is focus it that is based on an idea from android where they
call that
a what
intense of course intense and what windows called contract right and these things are these
i think the really interesting things and because they basically or a way how you
can isolate apps from
from the rest of the operating system without having that concept of security isolation you
can be visible that's so to give an example what a portal i'm should be
doing that say you have an act and that have like it's an e-mail have
any and you want to be able to send a picture that you just took
over to another machine on traditional linux this would mean that this email i would
have to have access to the camera device and then would take picture from the
camera device and attach it to the email and centre the way our that's a
big a big but quite a bit of a security problem because you don't really
want to give access to the camera to email program so the idea of portals
and intense on and right is to always have that's related to different send boxes
and require interactivity between those two things
so the idea in that case is that if you have an e-mail application you
wanna send a date pick picture over what happened is that the email a program
goes to systems as i would like to have a picture here please help me
this system and says okay then goes and she's checks which programs could actually provide
a picture it could be like the gallery you have thing of could be actually
the camera to
then the camera tool would be activated or the gal review and you would select
you take a picture that i see interactivity which has this nice effect that ultimately
the you was the didn't wanna now that you would say why do my camera
application actually get started there was no reason for the simple press can't one okay
so in a way
there's a security question hidden behind this interactivity so that you only grant access to
the camera indirectly and always hasn't activity but use that so that if that action
was not supposed to take place you will say can so maybe a little bit
confused but not allow
it is wonderful technology because it's one way about integration of that's right because if
you sent an email and you get the camera application running you get the same
everywhere you can replicate running is always but it's also the security technology saying that
that's also the security technologies like a something about their other cases for portals for
example just think about open office currently open office needs to be able to access
your home directory and all other directory so that you can open a file at
any one of them but it really sucks because open offices a gigantic piece of
code and you don't really wanna give it access to everything that could ever like
you and we spoke like you private banking data like you firefox cash and whatnot
so ways portal to console the problem again because the open office would just tell
the operating system haiti so i'm living the sandbox and i would like to have
a file please give me one and then the application in the operating system would
again interactively you something out of the sandbox look for the file and we try
to back to sandbox and the sample together but it would only get access to
that specific file would not have seen any other file of the operating system so
it's the portal some things about be very generic how the security transition there is
hidden each wine between behind user interactivity instead of having questions like last week it
usually ask them like should this ad get access to this device you just do
the action but because requirement activity the usable make the decision just at the side
of it without actually
so
so the portal select or something that you know i'm really to care about of
that's nothing something not nothing the castle come from system decided things from the lower
level this can happen basic you know
number for a i mean just as compressed file system with multiple petitions will back
file so the idea for us as we wanted to have this after one image
at all but also wanna have a only but we want to make sure that
everything's on the kernel levels idea then is that applications are actually shipped and in
a single file that is look back mounted with a couple of petitions in them
that will include everything like and real files that the application means that money applications
executed will be merged according to very specific rules with the A P I file
that the and the at shell be able to access and so that it basically
the nazis a real operating system that is a real filesystem rightly that is emerge
version of what it it's itself ship
plus everything that has been white listed as a and system if you are from
outside
so i'm going through the little bit five because they're like less than five minute
left
number five as an extended search five logic and you live in friends this is
something and we really need if you if we have these apps and the contents
of the apps are not a viable in the normal system and study you get
this problems that let's say gonna know shall should be able to enumerate all the
apps that are installed at means that needs to look for the best of files
then something you have the problem well it's not sufficient anymore to look into user
share applications for the best of file because suddenly that's not well all the and
that's the file will be they will be inside of these a single file look
back mounted simple filesystem thank you so the net result of that is
we really would like to see the search pathologic extended so that do that is
capable of automatically finding these things also in the apps instead of just use okay
this applies not only to finding after the price to quite a few other things
like looking for i can looking for music files using for whatever scenes and this
kind of thing
then the next thing is a sample to where display manager this is real important
us because X eleven this is this gigantic saying if you as soon as you
get access to X eleven to the so that you can do anything with that
you can talk to read applications fake input other picketing the kind of thing if
we wanna have sandbox applications this means that second really be acts that is in
the makes that the good thing is whale and has been designed already in a
way so that applications can never ever access the input and output of other applications
that always you only that and by for nothing else
so that is point six point seven the something we still need to discuss was
ryan it's D com means need like the considerations needs to be and be able
to understand send boxing
meaning that it needs to be able to access control on the napkin and you
get access to the keys it should get to and nothing else
number eight it system for building apps
and profile is the that's kind of related that's a simple building out of course
is not sufficient to justifying this we also need to be P getting a tools
to develop is to actually make building these apps easily i think ultimately with system
that we defined it's relatively easy to do minimal ports of existing have like open
office into the scheme because inside of the name space container that i mentioned earlier
everything looks like a real operating system except one that is very minimal so they
do not have to make many changes they only have to make many changes in
of that's about security and portal something like that you
anyway
how we think that the that the compatibility situation should be handled is with these
called profiles profile to basically something if you have to dora it would implement i
profile called you know and maybe one profile called L is be and that's about
it and application would specify exactly one profile that's developed for the profile would basically
a superset of libraries or D bus interfaces and about a couple of other things
that need to exist
so the idea spending that if somebody writes an application you can pick one of
these profiles and has freedom i they can chase a okay i wanna focus on
the gnomes we don't be or that's a relatively you then he has to deal
with the fact that you has to rely on the gnomes capabilities to make stable
api some kittens and this table and or you can say i don't care about
them gonna i care about that is be only i don't trust again about because
the break api all the time then you can do that of course you will
not be able to get access to the economic the eyes that way but you
can still include them in as an image because after all the image includes pretty
much something that looks like a real operating system
so this gives basically developers the option like how much do they trust upstream how
often do they expect that they want to update application and the deal is basically
it's like firefox they're constantly updated they would like i mean and five releases and
you really is every three months or so if i correctly on so there could
but basically say we always check the news you know and always we can use
gonna profile and then they do than everything will work on the other hands i
have no time anymore but there is games and stuff like that games usually of
written once released immediately then there's maybe one update and that's it so they would
focus on a different profile like that'd be profile they would get less integration would
have to rely less on the on the stability guarantees by the operating system winner
but we get something out of the door there's my last slide have stores this
completely out of for before system the we have stores of course as soon as
we have that of course the last
they have between all these nine step there's lot of other things this box just
supposed to give you a little bit of an overview what we working on as
mentioned we're kind of it was a katie that stuff and we work was see
group of things like that and try to make session system you working which will
give us a definition of the but this is still a lot of stuff and
i have to do anyways thank you very much for your time if you have
any further questions maybe we have time for one question
no
so or one of his like you can ask one question otherwise that's
do something outside
so you are lucky one so she studies
i'm sorry she or one liabilities into supplements that's a good a question shepherds is
bundle libraries the distribution people they tape on the libraries for those it and don't
know the details about this is basically firefox and all these things they tend to
ship as shed light like a couple of shared libraries that we otherwise a part
of the operating system was there i'm application and distribution people to be hide that
application developers always do that but is think they're absolutely rights i think that actually
are and we need to technically solve the problem so i think ultimately this means
we need to support bundled libraries however we need to deal with the fact that
they saw they suck for security reasons
but i saying that the best way to deal with security series that by security
technology so that's again something where the send boxing is relevant right if you want
to allow firefox to ship is own S L library and you need to make
sure that whatever happens and inside of firefox now we can get out of the
and you need to be tightly sandbox
right but i think ultimately there is really strong we my firefox doesn't model things
it's a testability thing it's about they want exactly that version that they know with
the A P I and the bug fixes i know instead of something that is
it's about that somebody else but i don't know which is the up and
so this idea this is that stuff as opposed to provide support about the libraries
and i don't think there's any way around that how much is bundled and how
much assisted by the operating system is something you decide what profiles if you think
i was be profile with very low level and you have to should and problem
or if you pick we can own profile you have to ship but alas but
i don't think that's the way around hunting at least the
the middle ground a framework it's
well timers a profile so you're supposed to promote
but i don't know if you if you wanna new version of G stream or
you have to bundle
everything that's not products operating system profile and you have more about
there is no possibility that you know if an operating system doesn't have some very
popular third party like you've been everybody has to bundle their own copy of that
we pretty like green instead of using show and then they should talk to the
operating system vendor maybe ship the library
okay anyway this was already one question more than i promise so anyway single but
i'm if you i