QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
If OpenOffice were available on QNX, it would be a viable
system for business desktops.
John Nagle
Team Overbot
Previously, John Nagle wrote in qnx.cafe:
QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
[TEXT DELETED]
Linux is collapsing under its own weight? I thought this was
“the year of desktop Linux”…? 
Not that I have anything against QNX, but has it been subjected
to the same level of scrutiny as Linux with respect to buffer
overruns and other security weaknesses? That seems to be what
drives the creation of patches. Has QNX received a security rating
from the NSA (or maybe the RCMP would be more appropriate)?
–
±---- Pete DiMarco ------±--------------------------------------+
| Staff Software Engineer | Web: www.ifspurity.com |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
±------------------------±--------------------------------------+
<< Opinions expressed here are my own, not those of my employer. >>
Pete DiMarco wrote:
Not that I have anything against QNX, but has it been subjected
to the same level of scrutiny as Linux with respect to buffer
overruns and other security weaknesses? That seems to be what
drives the creation of patches. Has QNX received a security rating
from the NSA (or maybe the RCMP would be more appropriate)?
- PDM
It helps that the kernel doesn’t handle text strings, although.
of course, “proc” does.
A more secure version of QNX would not be all that hard.
Basically, all message connection opens need to be routed
through a security monitor process that can say “no”.
Once the connection is open, regular message passing applies.
This allows imposing other security policies, such as
mandatory security or “jailing” of processes.
This would all be outside the kernel, of course.
Maybe In-Q-Tel would fund something like this.
John Nagle
Pete DiMarco <peted@ifspurity.com> wrote:
PD > Previously, John Nagle wrote in qnx.cafe:
QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
[TEXT DELETED]
PD > Linux is collapsing under its own weight? I thought this was
PD > “the year of desktop Linux”…?
PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?
PD > - PDM
Personally I’d love to see QNX replace Winblows altogether.
Maybe, just maybe, QNX needs to have it’s security beefed up. Maybe not.
How many QNX viruses has you seen in the last year or two?
Hi…
My experience is that QNX is vulnerable to hackers.
I had an embedded data collection system deployed at a remote location,
and a hacker did get access to my system. I could see the hacker’s
frustration however. Since the hacker did not know the operating system,
all he could do was delete the bin directory (still damaging the
system). I redeployed the system, and the hacker never came back.
Regards…
Miguel.
John Nagle wrote:
Pete DiMarco wrote:
Not that I have anything against QNX, but has it been subjected
to the same level of scrutiny as Linux with respect to buffer overruns
and other security weaknesses? That seems to be what drives the
creation of patches. Has QNX received a security rating
from the NSA (or maybe the RCMP would be more appropriate)?
- PDM
It helps that the kernel doesn’t handle text strings, although.
of course, “proc” does.A more secure version of QNX would not be all that hard.
Basically, all message connection opens need to be routed
through a security monitor process that can say “no”.
Once the connection is open, regular message passing applies.
This allows imposing other security policies, such as
mandatory security or “jailing” of processes.This would all be outside the kernel, of course.
Maybe In-Q-Tel would fund something like this.
John Nagle
Previously, Bill Caroselli wrote in qnx.cafe:
Pete DiMarco <> peted@ifspurity.com> > wrote:
PD > Previously, John Nagle wrote in qnx.cafe:
QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
[TEXT DELETED]PD > Linux is collapsing under its own weight? I thought this was
PD > “the year of desktop Linux”…? >PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?PD > - PDM
Personally I’d love to see QNX replace Winblows altogether.
I’d love to see anything replace Windoze… except maybe CP/M. 
I’d almost be willing to see Larry Ellison’s ego swell to critical mass
and crush the planet if it meant the end of Microsoft’s monopoly. [I
wonder if MS has a department that tracks NG “trouble-makers”?]
Maybe, just maybe, QNX needs to have it’s security beefed up. Maybe not.
How many QNX viruses has you seen in the last year or two?
Once a large enough number of people start to use it, black-hats will
take an interest. How many OSE, LynxOS, or TinyOS viruses have you
seen in the last year or two?
I’m not saying that QNX would be as hard to secure as a monolithic
kernel, just that security-through-obscurity doesn’t work.
–
±---- Pete DiMarco ------±--------------------------------------+
| Staff Software Engineer | Web: www.ifspurity.com |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
±------------------------±--------------------------------------+
<< Opinions expressed here are my own, not those of my employer. >>
Pete DiMarco <peted@ifspurity.com> wrote:
Previously, Bill Caroselli wrote in qnx.cafe:
Pete DiMarco <> peted@ifspurity.com> > wrote:
PD > Previously, John Nagle wrote in qnx.cafe:
QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
[TEXT DELETED]PD > Linux is collapsing under its own weight? I thought this was
PD > “the year of desktop Linux”…? >PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?PD > - PDM
Personally I’d love to see QNX replace Winblows altogether.
I’d love to see anything replace Windoze… except maybe CP/M. >
I’d almost be willing to see Larry Ellison’s ego swell to critical mass
and crush the planet if it meant the end of Microsoft’s monopoly. [I wonder if MS has a department that tracks NG “trouble-makers”?]Maybe, just maybe, QNX needs to have it’s security beefed up. Maybe not.
How many QNX viruses has you seen in the last year or two?
Once a large enough number of people start to use it, black-hats will
take an interest. How many OSE, LynxOS, or TinyOS viruses have you
seen in the last year or two?I’m not saying that QNX would be as hard to secure as a monolithic
kernel, just that security-through-obscurity doesn’t work.
Easier, in fact, according to Andy Tannenbaum:
http://www.cs.vu.nl/~ast/brown/
Cheers,
-RK
- PDM
PS- FWIW, QNX is my favorite RTOS.
Me too
–
±---- Pete DiMarco ------±--------------------------------------+
| Staff Software Engineer | Web: > www.ifspurity.com > |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
±------------------------±--------------------------------------+
Opinions expressed here are my own, not those of my employer.
–
[If replying via email, you’ll need to click on the URL that’s emailed to you
afterwards to forward the email to me – spam filters and all that]
Robert Krten, PDP minicomputer collector http://www.parse.com/~pdp8/
From a security standpoint, things could improve a bit.
It wouldn’t be a huge job to fix this.
Native networking is totally insecure, so more limits
on who you can talk to are necessary. Right now,
if you can get on the LAN, you can probably take over any
QNX machines on it. If there’s a Windows machine
on the LAN, it could be taken over by any of the
usual methods, then used as a backdoor gateway for
QNX native networking. This is something to think
about for safety-critical systems that use QNX
for the safety-critical part but have Windows
machines on the net for non-safety-critical
functions.
The “can’t connect as root” feature in QNX native
networking doesn’t seem to work right. It messes up
non-root connections, in our experience.
This is related to all those remote spawning bugs
we previously reported last year.
The requirement
that resource managers have to run as root encourages
running stuff as root that doesn’t need to run as root.
You should be allowed to run a resource manager and
take over some pathname space if the existing
resource managers don’t object. For example, if you could
create a directory at some point in pathname space,
you should be allowed to start a resource manager
there. Of course, non-root resource managers
shouldn’t be trusted, in the set-UID bit sense.
Message connections put the burden of security
checking on the recipient. Anybody can initiate a
connection to anybody. That’s a bit too open.
One solution would be to check all connection opens
in a security policy process that can say “no”.
Small systems might have a trivial default process
that always says “yes”, and more elaborate systems
would have a real security monitor that enforced
useful policies. This shouldn’t hurt performance,
since it’s a connection setup time only operation.
All this is fixable without major changes
to QNX.
John Nagle
Pete DiMarco wrote:
Previously, Bill Caroselli wrote in qnx.cafe:
Pete DiMarco <> peted@ifspurity.com> > wrote:
PD > Previously, John Nagle wrote in qnx.cafe:QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
[TEXT DELETED]PD > Linux is collapsing under its own weight? I thought this was
PD > “the year of desktop Linux”…? >PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?PD > - PDM
Personally I’d love to see QNX replace Winblows altogether.
I’d love to see anything replace Windoze… except maybe CP/M. >
I’d almost be willing to see Larry Ellison’s ego swell to critical mass
and crush the planet if it meant the end of Microsoft’s monopoly. [I wonder if MS has a department that tracks NG “trouble-makers”?]
Maybe, just maybe, QNX needs to have it’s security beefed up. Maybe not.How many QNX viruses has you seen in the last year or two?
Once a large enough number of people start to use it, black-hats will
take an interest. How many OSE, LynxOS, or TinyOS viruses have you
seen in the last year or two?I’m not saying that QNX would be as hard to secure as a monolithic
kernel, just that security-through-obscurity doesn’t work.
- PDM
PS- FWIW, QNX is my favorite RTOS.–
±---- Pete DiMarco ------±--------------------------------------+
| Staff Software Engineer | Web: > www.ifspurity.com > |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
±------------------------±--------------------------------------+
Opinions expressed here are my own, not those of my employer.
Hi…
So, I have a question: who wrote the QNX kernel? Was it independently
developed?
May be I heard this before, but I do not recall exactly.
Regards…
Miguel.
Robert Krten wrote:
Pete DiMarco <> peted@ifspurity.com> > wrote:
Previously, Bill Caroselli wrote in qnx.cafe:
Pete DiMarco <> peted@ifspurity.com> > wrote:
PD > Previously, John Nagle wrote in qnx.cafe:QNX has potential as a desktop OS again, now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
[TEXT DELETED]PD > Linux is collapsing under its own weight? I thought this was
PD > “the year of desktop Linux”…? >PD > Not that I have anything against QNX, but has it been subjected
PD > to the same level of scrutiny as Linux with respect to buffer
PD > overruns and other security weaknesses? That seems to be what
PD > drives the creation of patches. Has QNX received a security rating
PD > from the NSA (or maybe the RCMP would be more appropriate)?PD > - PDM
Personally I’d love to see QNX replace Winblows altogether.
I’d love to see anything replace Windoze… except maybe CP/M. >
I’d almost be willing to see Larry Ellison’s ego swell to critical mass
and crush the planet if it meant the end of Microsoft’s monopoly. [I wonder if MS has a department that tracks NG “trouble-makers”?]
Maybe, just maybe, QNX needs to have it’s security beefed up. Maybe not.How many QNX viruses has you seen in the last year or two?
Once a large enough number of people start to use it, black-hats will
take an interest. How many OSE, LynxOS, or TinyOS viruses have you
seen in the last year or two?
I’m not saying that QNX would be as hard to secure as a monolithic
kernel, just that security-through-obscurity doesn’t work.
Easier, in fact, according to Andy Tannenbaum:http://www.cs.vu.nl/~ast/brown/
Cheers,
-RK
\
- PDM
PS- FWIW, QNX is my favorite RTOS.
Me too >
–
±---- Pete DiMarco ------±--------------------------------------+
| Staff Software Engineer | Web: > www.ifspurity.com > |
| Integrated Flow Systems | Email: peted [At] ifspurity [Dot] com |
±------------------------±--------------------------------------+
Opinions expressed here are my own, not those of my employer.
Miguel Simon <simon@ou.edu> wrote:
Hi…
So, I have a question: who wrote the QNX kernel? Was it independently
developed?
Yes, it was written at QNX.
chris
–
Chris McKillop <cdm@qnx.com> “The faster I go, the behinder I get.”
Software Engineer, QSSL – Lewis Carroll –
http://qnx.wox.org/
Miguel Simon <simon@ou.edu> wrote:
MS > Hi…
MS > So, I have a question: who wrote the QNX kernel? Was it independently
MS > developed?
MS > May be I heard this before, but I do not recall exactly.
MS > Regards…
MS > Miguel.
What do you think the Keebler Elves did befoer they made cookies?
Personally I’d love to see QNX replace Winblows altogether.
I doubt that you would. It’s like a member of the Ferrari
Owners club saying
“These cars are so much better than all the others. I wish that
EVERYBODY would just drive one!”
Your beloved RTOS would very rapidly be distorted beyond all
recognition, for the greater good…
Plus no-one would change the oil, and they would get the interior
carpets all muddy. :v(
“John Nagle” <nagle@downside.com> wrote in message
news:c8g40o$llu$1@inn.qnx.com…
QNX has potential as a desktop OS again,
You must be living in an alternate dimension.
now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
If OpenOffice were available on QNX, it would be a viable
system for business desktops.
Are you on drugs?
John Nagle
Team Overbot
Mario Charest postmaster@127.0.0.1 wrote:
MC > “John Nagle” <nagle@downside.com> wrote in message
MC > news:c8g40o$llu$1@inn.qnx.com…
QNX has potential as a desktop OS again,
MC > You must be living in an alternate dimension.
now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
If OpenOffice were available on QNX, it would be a viable
system for business desktops.
MC > Are you on drugs?
John Nagle
Team Overbot
Mario, your always the diplomat.
“Bill Caroselli” <qtps@earthlink.net> wrote in message
news:c9339q$kgu$3@inn.qnx.com…
Mario Charest postmaster@127.0.0.1 wrote:
MC > “John Nagle” <> nagle@downside.com> > wrote in message
MC > news:c8g40o$llu$> 1@inn.qnx.com> …
QNX has potential as a desktop OS again,MC > You must be living in an alternate dimension.
now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
If OpenOffice were available on QNX, it would be a viable
system for business desktops.MC > Are you on drugs?
John Nagle
Team OverbotMario, your always the diplomat.
LOL, seriously, am I coming out rude? Hum guess I am ;-(
Then it’s time for some soul searching. Here goes; about 10-15 years ago I
shared John’s enthousiasm, I though QNX was the answer to it all. That the
world needed QNX to solves all of its problem. EXperience showed me I was
completely wrong. Being pretty hard on myself I kind of blame myself for
even entertaining the though… I must have overimposed some of my own
self image over John as if I was talking to myself. As I felt kind of dump
to have think that QNX could become a good desktop.
Windows/Os X/Linux are YEARS ahead when it comes to desktop feature set, etc
compare to QNX.
John; it takes a LOT more then OpenOffice to be a good desktop business
solution.
As for the “don’t have to patch QNX every week”, the reason is simple there
is about 10% less code in QNX then in Wnidows. Still per line of code I
would verture to say there is less bug in Windows then in QNX.
If QSS company’s behavior and pratice would be under the same gun as
Microsoft is, I beleive it would get a LOT more critisism then Microsoft
get. Most probably it would get it’s fair share of hater as well.
Imagine this, Microsoft coming out and saying “We have stopped development
of our current OS and will be coming out with a new and improved operating
system that is 100% NOT binairy compatible”. Imagine the Chaos. QSS did
this twice for the OS and once for the GUI. I don’t recall any headlines in
the newspaper about it…
QNX used to have more of a presence in the retail industry,
for exactly those reasons.
For what reason isn’t there anymore. Rick from Astra posted an old copy of
QNX News and I was amazed to see the number of “business” application.
Today most of these companies are out of business or stop producing QNX
software
John Nagle
Team OverbotBill Caroselli wrote:
Mario Charest postmaster@127.0.0.1 wrote:MC > “John Nagle” <> nagle@downside.com> > wrote in message
MC > news:c8g40o$llu$> 1@inn.qnx.com> …QNX has potential as a desktop OS again,
MC > You must be living in an alternate dimension.
now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
If OpenOffice were available on QNX, it would be a viable
system for business desktops.
MC > Are you on drugs?
That was a bit much.
There are many PCs out there used by people who only run
a few applications. The ongoing hassles associated with Windows
run up the total cost of ownership for businesses which must
deploy large numbers of PCs.
A locked-down machine with a browser, OpenOffice, and a
Java environment for business applications is exactly
what you want for call centers and similar clerical jobs.
The opening for QNX is that Microsoft can’t resist dumping
the kitchen sink into their OS, making it vulnerable to attacks.
Total cost of ownership for big farms of dumb PCs is going
up because of Microsoft’s security problems. QNX offers
an escape from the endless patching of the Microsoft world.
QNX used to have more of a presence in the retail industry,
for exactly those reasons.
John Nagle
Team Overbot
Bill Caroselli wrote:
Mario Charest postmaster@127.0.0.1 wrote:
MC > “John Nagle” <> nagle@downside.com> > wrote in message
MC > news:c8g40o$llu$> 1@inn.qnx.com> …QNX has potential as a desktop OS again,
MC > You must be living in an alternate dimension.
now that the
Windows and Linux worlds are starting to collapse under their
own weight. The total cost of ownership argument starts
to look good for QNX when you don’t have to patch every week.
If OpenOffice were available on QNX, it would be a viable
system for business desktops.
MC > Are you on drugs?
John Nagle <nagle@downside.com> wrote:
JN > That was a bit much.
JN > There are many PCs out there used by people who only run
JN > a few applications. The ongoing hassles associated with Windows
JN > run up the total cost of ownership for businesses which must
JN > deploy large numbers of PCs.
JN > A locked-down machine with a browser, OpenOffice, and a
JN > Java environment for business applications is exactly
JN > what you want for call centers and similar clerical jobs.
JN > The opening for QNX is that Microsoft can’t resist dumping
JN > the kitchen sink into their OS, making it vulnerable to attacks.
JN > Total cost of ownership for big farms of dumb PCs is going
JN > up because of Microsoft’s security problems. QNX offers
JN > an escape from the endless patching of the Microsoft world.
JN > QNX used to have more of a presence in the retail industry,
JN > for exactly those reasons.
JN > John Nagle
JN > Team Overbot
I think you make a good point.
Mario Charest postmaster@127.0.0.1 wrote:
MC > LOL, seriously, am I coming out rude? Hum guess I am ;-(
MC > Then it’s time for some soul searching. Here goes; about 10-15 years ago I
MC > shared John’s enthousiasm, I though QNX was the answer to it all. That the
MC > world needed QNX to solves all of its problem. EXperience showed me I was
MC > completely wrong. Being pretty hard on myself I kind of blame myself for
MC > even entertaining the though… I must have overimposed some of my own
MC > self image over John as if I was talking to myself. As I felt kind of dump
MC > to have think that QNX could become a good desktop.
I also shared your enthousiasm about the future of QNX 15 years ago. I
still wish it were true. But alas, reality has sunk in. Still I have hope
that one day . . .
MC > As for the “don’t have to patch QNX every week”, the reason is simple there
MC > is about 10% less code in QNX then in Wnidows. Still per line of code I
MC > would verture to say there is less bug in Windows then in QNX.
I assume that was a typo and you meant 10% as much code.
MC > Imagine this, Microsoft coming out and saying “We have stopped development
MC > of our current OS and will be coming out with a new and improved operating
MC > system that is 100% NOT binairy compatible”. Imagine the Chaos. QSS did
MC > this twice for the OS and once for the GUI. I don’t recall any headlines in
MC > the newspaper about it…
As a software developer I have also occasionally come out with a new and
improved version of my software that was NOT compatable with the old. This
is the only way you can make those quantum leaps ahead. Sometimes you just
have to admit that old design was inferior.
OK, so for now maybe QNX isn’t the OS for everyone and every application.
It’s true there used to be many third party applications. There used to be
a multi-user real-time spread-sheet. (I never tried it though I wish I had.)
So many of the “applications” that there are for QNX were ported from other
worlds. They can’t take advantage of QNX like that. They need to be
written FOR QNX. Then you would start to see bug free applications, or
nearly so.
MC > As for the “don’t have to patch QNX every week”, the reason is simple
there
MC > is about 10% less code in QNX then in Wnidows. Still per line of
code I
MC > would verture to say there is less bug in Windows then in QNX.I assume that was a typo and you meant 10% as much code.
Yes I meant Windows has at LEAST 10 time the amount of code QNX has.
MC > Imagine this, Microsoft coming out and saying “We have stopped
development
MC > of our current OS and will be coming out with a new and improved
operating
MC > system that is 100% NOT binairy compatible”. Imagine the Chaos.
QSS did
MC > this twice for the OS and once for the GUI. I don’t recall any
headlines in
MC > the newspaper about it…As a software developer I have also occasionally come out with a new and
improved version of my software that was NOT compatable with the old.
This
is the only way you can make those quantum leaps ahead. Sometimes you
just
have to admit that old design was inferior.OK, so for now maybe QNX isn’t the OS for everyone and every application.
It’s true there used to be many third party applications. There used to
be
a multi-user real-time spread-sheet. (I never tried it though I wish I
had.)So many of the “applications” that there are for QNX were ported from
other
worlds. They can’t take advantage of QNX like that. They need to be
written FOR QNX. Then you would start to see bug free applications, or
nearly so.